Created with Sketch.
Cyber Security Grey Beard®
29 minutes | Nov 9, 2022
S4S3 State of Ransomware in Cyber Security - Interview by AlgoSec
Discussion with AlgoSec around ransomware based off of the Extrahop Cyber Confidence Index 2022. I cover numerous questions about what organizations are doing today and what they should change to improve cyber defenses. The crux of this study shows the cognitive dissonance of cyber security leaders and IT decision makers. They believe one thing whereas the evidence completely contradicts what they say.
16 minutes | Sep 21, 2022
S4E10 Cyber Security Attacks in the News Summer 2022
In this episode I discuss cyber-attacks in the Summer of 2022. I’ll review who was attacked, its impact, and the aftermath. While I would love to go into the technical details about the attacks, that data becomes harder and harder to find with each breach and news release. Victims are tight lipped and apparently being told more and more to not share technical details. We know that both China and Russia have increased cyber-attacks due to global tension in Taiwan (Chinese Taipei) and Ukraine. I am certain there have been many, many, more that we are not hearing about for internal security reasons as well as not “tipping our hand” that we know what’s happening or who we believe is doing the attacks. Attribution for attacks is extremely difficult as mentioned previously with the swatting incident on an American federal representative. Sign up for NewsBits from SANSSign up for the OUCH! Newsletter at SANS; (Scroll down and signup in the lower right)PWC Cyber SurveyExtrahop SurveySecurity Magazine offers solid contentMore Information about the Hive RaaS Organization: Hive Targets Costa RicaLAUSD AttackNorth Korea, US Feds, Ransomware and Healthcare OrganizationsNorth Korea Crypto HeistOSC/Key Bank Attack
18 minutes | Sep 14, 2022
S4E9 Online Cyber Security Tools and Building Lab Environments
This episode covers online tools and lab environments that cyber security students and early professionals can use to learn and increase technical skills. While these environments are usually meant for those that want to get very deep with the technical side of cyber security, non-technical folks can certainly use these as well. The tools/trainings go as deep as the user wants. I also go over building a lab at home using Virtual Box or VMWare. I also provide insight and recommendations for building a Cloud based lab environment in Azure or AWS. This episode came out of comments made by Adrianus Warmenhove in S4E8 around VPN's and NordVPN.Send comments, questions, and episode ideas to: email@example.com RangeforceHack The BoxInfosec Institute SkillsHacker Rank for DevelopersHacktory.aiAzureAWSCloud ComparisonsMITRE ATT&CKKali.org Downloads (Then select “Virtual Machines)Sourceforge Comparison Page For those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.
31 minutes | Sep 7, 2022
S4E8 Interview with Adrianus Warmenhoven - Cyber Security and NordVPN
In this episode I spend 30-minutes talking with Adrianus Warmenhoven, Defensive Strategist at Nordvpn. We dove into virtual private networks (VPN) and networking. Hear how VPN's work, when to use them and why. We discuss real-world examples and talk security stories as well as some cyber security history.Send comments, questions, and episode ideas to: firstname.lastname@example.org NordVPNRFC1918Tim Berners-LeeOSINT Tools – Open-Source Intelligence ToolingFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.
25 minutes | Aug 31, 2022
S4E7 Red Team, Blue Team, Purple Team in the Cyber Security Realm
Here I talk about different avenues within cyber security. We use terms such as red team, blue team, and purple team when discussing offense, defense, and a merger of the two. I’ll go over different technologies, teams that cover each of these areas and jobs that involve each team. We have these teams and terms due to the size and complexity of the overall cyber security profession. This episode provides a lot of insight on technologies and jobs to help listeners better focus on their cyber security journey.Send comments, questions, and episode ideas to: email@example.com RedscanRed Team Tools by Goran JevticMedium Article by Anil YelkenCrowdstrike CTIHalborn exploit development by Rob BehnkeFRSecureNodeZeroCyber RangesCISA Tabletop exercise packages For those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.
26 minutes | Aug 24, 2022
S4E6 Getting More from Your Cyber Security Employer
This episodes has me talking about how employees can get enhanced benefits from their employer. Most people figure salary is the only thing that matters from when it comes to the benefits of working. This is a major mistake. Healthcare alone can potentially bring thousands of dollars per year in additional compensation and companies vary greatly in this area. 401(k) programs have the potential of financially beating healthcare benefits depending on your salary, contribution, and company match program. Does your employer treat you right with travel arrangements and expenses? How about gym memberships or mass transit reimbursements? Listen on and find ways to make hundreds or even thousands of dollars more from your employers existing benefits.Send comments, questions and episode ideas to: firstname.lastname@example.orgFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.
31 minutes | Aug 17, 2022
S4E5 Interview with Perry carpenter of KnowBe4 - Cyber Security Awareness Training
Conversation with Perry Carpenter, C | CISO, MSIA, who currently serves as chief evangelist and strategy officer for KnowBe4, the world’s most popular security awareness and simulated phishing platform. Perry and I talked about the history of KnowBe4, his journey in cyber security, what students and early professionals can study to succeed in social engineering among other topics. Perry talks about his background and how he took his Arts and Science education to become an extremely successful cyber security professional. Perry gives advice on what he looks for in hiring early professionals.Please make sure to send questions, comments, and episode recommendations to email@example.comFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.Perry is A recognized thought leader on security awareness and the human factors of security, he’s provided security consulting and advisory services for the world’s best-known brands. His previous book, Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, quickly gained a reputation as the go-to guide for security awareness professionals worldwide, and, in 2021, he was inducted into the Cybersecurity Canon Hall of Fame. He’s the creator and host of the popular 8th Layer Insights podcast and co-author of the new book The Security Culture Playbook: An Executive Guide to Reducing Risk and Developing Your Human Defense Layer (Wiley; April 19, 2022). Learn more at SecurityCultureBook.com. KnowBe4The Art of Deception by Kevin MitnickThe Art of Invisibility by Kevin Mitnick
20 minutes | Aug 10, 2022
S4S2 AlgoSec Interview: Aplication Security for Cyber Security Professionals
Podcast sponsored by AlgoSec where I discuss how applications impact network and security engineers. This was a 1:1 conversation between me as an SME with a marketing leader at AlgoSec. You can find the full video interview here. This topic provides detail on challenges experienced by network and security engineers related to applications and application security. We talk about a business focus and the need for network and security engineers to know and focus on more than packets and protocols.For those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.
19 minutes | Aug 3, 2022
S4E4 Getting Deep with Cyber Security Applications
In this episode, I discuss the detail and complexity inherent with software solutions including specific jobs that relate to cyber security applications. Many of us tend to think that software is only skin deep. In reality, applications go from involved to intricate to MASSIVELY COMPLEX. Too often I’ve engaged with projects where I figure, oh, it’s a software program, no big deal. Then I get surprised by the depth, detail, and breadth of the product. Listen in and hear about all of the jobs tied to cyber security applications and the ancillary components related to them. Cyber security is not just for the technical professionals. Dive in and understand what's out there for non-technical professionals as well as lots of opportunities for keyboard beaters. Make sure to send your questions, comments, and episode recommendations to firstname.lastname@example.orgFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.
28 minutes | Jul 27, 2022
S4E3 Interview with W. Curtis Preston aka Mr. Backup - Backups, HA/DR and Cyber Security
In this episode I step away from my normal monologue style to interview a renowned guest, W. Curtis Preston. Curtis, the Chief Technical Evangalist at Druva, is also known as Mr. Backup. Curtis runs his own website, Backup Central dot com with his own Podcast called Restore It All. He also participates in the No Hardware Required Podcast for Druva. Curtis and I discuss the relationship between backups and cyber security. He also shares his professional journey and offers advice to students and early professionals related to their professional future. Please make sure to send questions, comments, and episode recommendations to email@example.comModern Data Protection by W. Curtis PrestonSnorkel42 Reddit Security CadenceNo Hardware Required PodcastRestore it all PodcastBackup Central WebsiteOVH Cloud Provider FireConte Ransomware GroupFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.HA/DR - High Availability and Disaster RecoveryRPO/RTO – Recovery Point Objective/Recovery Time ObjectiveMFA – Multi-Factor Authentication: What we know, what we have, who we are
18 minutes | Jul 20, 2022
S4E2 Cyber Security Con Game - Online Scam
This episode goes into great detail about a timeshare scam that directly targeted me. I tell the story along with detailed steps the con artists took to try and make me their victim. I provide steps taken to PROVE they were liars and thieves. I conclude with 12 critical steps everyone should implement that will protect them from online scams. We are all at risk to con artists through phone, text, and email. Knowledge is power and this episode empowers my listeners with critical data required to protect themselves and their loved ones.For those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.
21 minutes | Jul 13, 2022
S4E1 Starting a New Cyber Security Job
In this episode I discuss how to start a new cyber security job. I talk about emotions associated with starting over, fear, stress, anxiety, excitement, and joy, among others. I touch on topics around people, processes and technology at the company. This episode discusses change and how to deal with it. Starting a new job happens to nearly every employee and it is important to know you are not alone and that the challenges with starting over are universal. Herein I discuss what to focus on, what to look for, and what to look out for.For those interested in donating to Josh, my mentee looking to relocate to Canada where he will study cyber security, please visit GiveSendGo.
33 minutes | Jun 15, 2022
S4S1 MSS Forum Phoenix - Understanding Today’s Network Security Challenges
Brief introduction to Season 4 - July 2022-Sept 2022 and then the full session I presented at for the MSS Forum in Phoenix on May 12, 2022. The topic covers today's cyber security networking challenges. I offer recommendations for solutions and provide advice on where security professionals can focus. If you want a copy of the deck I used, send an email to firstname.lastname@example.org.Please donate to my Cyber Security mentee, Josh GbemisolaThe Cuckoo's EggThe Phoenix ProjectIBM Cost of a Data BreachMSS Forum PhoenixAlgoSec
11 minutes | Nov 18, 2021
S3S4 A Job is Just a Job - The Vaccine Mandate
Many people are threatened with losing their jobs or violating their conscience. This episode talks about how you are not alone. I talk about standing up for what you believe in. Swim upstream if that's for you. Do not "go along to get along" if that does not comport with your values. Stand up. Be strong. Leave your employer if they force you to violate your beliefs. Do not feel the need to justify yourself. An employer is an employer, nothing more. There are firms out there that align with your beliefs and moral fortitude, find them if that's in your best interest.
36 minutes | Nov 10, 2021
S3S3 Infosec Inspire Conference: Working with HR, L&D to drive training results
Fireside chat with Garrettson Blight, Principal at Booz Allen Hamilton led by Kate Rodgers, Director of Brand at Infosec virtually on October 19, 2021. We discussed learning and development opportunities in our organizations and how important it is for employees. Salary is only a single benefit to employment. Learning and development along with healthcare comes in second for many professionals. We discuss how employees can take advantage of training in the workplace. "We need to appeal to the staffs, they have lot of other options." - Garrettson Blight, Principal, Booz Allen Hamilton.
21 minutes | Oct 6, 2021
S3E10 Cyber Security Attacks in the News
In this episode I talk about high profile cyber-attacks in the Spring and Summer of 2021. I’ll review who was attacked, what the attack involved, it’s impact, the aftermath, and how it affected the economy. Sign up for NewsBits from SANS at https://www.sans.org/newsletters/newsbites/ Review Security Intelligence periodically: https://securityintelligence.com/Security Magazine offers solid content: https://www.securitymagazine.com/Executive Order 14208: https://www.cisa.gov/executive-order-improving-nations-cybersecurityWe are at War, Cyber War: https://www.securitymagazine.com/articles/96125-we-are-at-war-a-cyber-war16 Sectors off limits: https://www.itsecurityguru.org/2021/06/17/biden-says-16-sectors-should-be-off-limits-to-attack/Arctic Wolf Survey: https://arcticwolf.com/resources/press-releases/arctic-wolf-global-survey-reveals-lack-of-confidence-in-cybersecurity-defenses-and-government-action-amid-fears-of-state-sponsored-attacksInsurance and Ransomware: https://www.barrons.com/articles/ransomware-attack-cyber-insurance-industry-51633075202Infant death tied to ransomware 2019: https://threatpost.com/babys-death-linked-ransomware/175232/Colonial Pipeline:https://www.securezoo.com/2021/05/pipeline-ransomware-attack-shuts-down-for-45-of-east-coasts-fuel-us-passes-emergency-waiver https://medium.com/cloud-security/colonial-pipeline-hack-4486d16f2957JBS Breach: https://minnesota.cbslocal.com/2021/06/01/meat-producer-jbs-hit-by-cyberattack-worthington-plant-closes-for-the-day/ https://www.bloomberg.com/news/articles/2021-05-31/meat-is-latest-cyber-victim-as-hackers-hit-top-supplier-jbsIowa Co-Op Links: https://www.foxbusiness.com/technology/ransomware-attack-new-cooperative-agriculture-grain-pork-chicken-supplyhttps://www.securezoo.com/2021/09/iowa-based-farm-service-provider-new-cooperative-hit-by-blackmatter-ransomware-attack/Minnesota Attackhttps://www.reuters.com/technology/minnesota-grain-handler-targeted-ransomware-attack-2021-09-23/ https://www.cybersecuritydive.com/news/agriculture-food-ransomware-coop/607080/
22 minutes | Sep 29, 2021
S3E9 Cyber Security Incident Response Planning
In this episode I talk about incident response plans, what they are, why they are important and how to create one. NIST, the National Institute of Standards and Technology has a fabulous document entitled Computer Security Incident Handling Guide, Special Publication 800-61 Rev. 2. This document prescribes key data for incident response plans. In this episode I’ll review key components of this document and how and why these components play a key role in cyber security incident response planning. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
23 minutes | Sep 22, 2021
S3E8 Cyber Security Stories - Real World Examples
In this episode I talk about real situations I’ve experienced. I won’t name companies, only industry and relative geography so as not to expose any entities. Some of these are more egregious than others, all are good learning experiences, for early as well as experienced professionals. Many look to join Cyber Security and wonder what it’s really like out there, these tales should provide some insight to that curiosity. I encourage each of you to think of solutions to these problems. While I give some throughout the episode, there are many ways to solve problems. Don’t just think about technical solutions. What processes or procedures could these organizations implement? How about training, not just their IT and security staff but their end users as well. Spending money may solve a problem; however, if the product or service is not installed or utilized properly, will money really make it better? Use these stories to grow yourself and help you understand what the real world of cyber security, on the ground, really looks like.
25 minutes | Sep 15, 2021
S3E7 Interviewing and Presenting as a Cyber Security Professional
While this podcast focuses on cyber security professionals, this episode provides general and wide-ranging interviewing and presentation tips. The discussion goes into detail about how and why we communicate and then provides examples and performance tips. Later there are examples, and recommendations for how to interview, present, and speak publicly overall. I give suggested questions to ask interviewers and provide information on delivering more engaging and successful presentations. I also give a handful of tips on speaking and presenting virtually including how to handle the camera, backgrounds, and suggestions for dress. This episode delivers real world tips for elevating professionals interviewing skill and presentation ability.
40 minutes | Sep 8, 2021
S3S2 Business and Emotional Skills for Tomorrow's CISO - Live at the MSS LA 2021
Audio recording of session at MSS Forum LA on June 30th, 2021. Group discussion lead by Phelim Rowe of CTG Intelligence. We review the top "post holder" and go into depth around who has responsibility for cyber security in an organization. I was pleased to join Richard Staynings, Shawn Kohrman, Ashwin Krishnan, and Louis Arul-Doss on this round table discussion.You can watch the Zoom recording on YouTube at https://www.youtube.com/watch?v=uvvqbOMiTmELook out for an MSS Forum in your area. I've spoken at L.A., Denver, and Phoenix and look forward to participating at future conferences.
Terms of Service
Your Privacy Choices
© Stitcher 2023