Saturday, December 5, 2020
Home Podcasts Brakeing Down Security

Brakeing Down Security

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today’s workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

2020-044-Marcello Salvati (@byt3bl33d3r), porchetta industries, supporting opensource tool creators, sponsorship model

https://www.hak4kidz.com/activities/cdcedu.html Online CTF training using Cisco’s Workshop platform. They did something similar in Spring of 2020. There will be an online panel where kids can ask questions about information security. Occurs on December 12th. Check out the link for...

2020-043-Software_Defined_Radio-Sebastien_dudek-RF-attacks- IoT and car RF attacks

Sébastien Dudek -  @FlUxIuS @penthertz Why we are here today? Software Defined Radio (sdr-radio.com) What kind of hardware or software do you need? Why would a security professional want to know how to use SDR tools and attacks? What...

SPONSORED Podcast: Katey Wood from Illumio on deployment and

**Apologies on the Zoom issues** This is the 2nd of 3 sponsored podcast interviews with Illumio about Their zero trust product.  Katey Wood is the Director of Product Marketing at Illumio. https://www.linkedin.com/in/kateywood/ Topic: Conversation on segmentation and ransomware Topic...

2020-042-Kim Crawley and Phillip Wylie discuss "Pentester Blueprint", moving into pentesting career

Phillip Wylie @philipwylie  and kim Crawley @kim_crawley Amazon: The Pentester BluePrint: Your Guide to Being a Pentester: 9781119684305: Computer Science Books @ AmazonSmile November 24th for paper copy Steven levy: Hackers: Heroes of the Computer Revolution: Steven...

2020-041- Conor Sherman, IR stories, cost of not prepping for an incident

“Between stimulus and response there is a space. In that space is our power to choose our response. In our response lies our growth and our freedom. --Victor Frankl https://smile.amazon.com/Mans-Search-for-Meaning-audiobook/dp/B0006IU470   https://twitter.com/conordsherman   Conor Sherman - IR stories...

2020-040- Jeremy Mio, State of Ohio Election Security

Previous Election Security podcast: https://brakeingsecurity.com/2018-042-election-security-processes-in-the-state-of-ohio    Jeremy Mio (@cyborg00101)   https://itsecurity.cuyahogacounty.us/   Ohio Counties Meet LaRose's Deadline to Strengthen Election Security - Ohio Secretary of State (ohiosos.gov)  (added cybersecurity Directives during 2018 last podcast -jmio) ...

2020-039-Philip Beyer-leadership- making an impact

Phil Beyer -  Bio (CISO at Etsy) Importance on books about behavioral science. “Thinking Fast and Slow”: https://smile.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555  “Predictably irrational”: https://smile.amazon.com/Predictably-Irrational-Revised-Expanded-Decisions/dp/0061353248/ http://humanhow.com/list-of-cognitive-biases-with-examples/ Influence: the Psychology of Persuasion: https://smile.amazon.com/Influence-Psychology-Persuasion-Robert-Cialdini/dp/006124189X Brain at Work: https://smile.amazon.com/Your-Brain-Work-Revised-Updated/dp/0063003155/ Atomic habits: https://smile.amazon.com/Atomic-Habits-Proven-Build-Break/dp/0735211299/ Tiny habits: https://smile.amazon.com/Tiny-Habits-Changes-Change-Everything/dp/0358003326/  New leaders 100 day action...

SPONSORED PODCAST: Neil Patel, Illumio on Microsegmentation, and adopting the Zero Trust philosophy

Spokesperson: Neil Patel (Sr. Technical Marketing Engineer)  Topic: Zero trust and segmentation market   http://brakeingsecurity.com/2020-023-jame-nelson-from-illumio-cyber-resilence-business-continuity   What is Zero Trust and why should companies adopt a Zero Trust philosophy?   Amanda: What are one of the...

2020-038-Phil_Beyer-etsy-CISO-leadership-making-an-impact

Phil Beyer -  Bio (CISO at Etsy) Importance on books about behavioral science. “Thinking Fast and Slow”: https://smile.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555  “Predictably irrational”: https://smile.amazon.com/Predictably-Irrational-Revised-Expanded-Decisions/dp/0061353248/ http://humanhow.com/list-of-cognitive-biases-with-examples/ Influence: the Psychology of Persuasion: https://smile.amazon.com/Influence-Psychology-Persuasion-Robert-Cialdini/dp/006124189X Brain at Work: https://smile.amazon.com/Your-Brain-Work-Revised-Updated/dp/0063003155/ Atomic habits:...

2020-037-Katie Moussouris, Implementing VCMM, diversity in job descriptions – Part 2

Introduce Katie (bio) (@k8em0) CEO and Owner, LutaSecurity The scope of the VCMM (what is it?) VCMM - Vulnerability Coordination Maturity Model  https://www.lutasecurity.com/vcmm Just covers the internal process? To ready an org for a bug bounty program or to...

2020-036-Katie Moussouris, Vulnerability Coordination Maturity Model, when are you ready for a bug bounty – Part 1

Introduce Katie (bio) (@k8em0) CEO and Owner, LutaSecurity The scope of the VCMM (what is it?) VCMM - Vulnerability Coordination Maturity Model  https://www.lutasecurity.com/vcmm Just covers the internal process? To ready an org for a bug bounty program or to...

2020-035-ransomware death in Germany, Zerologon woes, drovorub, and corp data on personal devices

FIND US NOW ON AMAZON MUSIC! https://music.amazon.com/podcasts/51b7da82-c223-4de4-8fc1-d1c3dd61984a/Brakeing-Down-Security-Podcast Shout to the organizers of Bsides Edmonton, Alberta, Canada for a great conference! Amanda’s social media take over this week Bryan's plumbing story (A tale of 3 toilets) https://www.infosecurity-magazine.com/news/corporate-data-on-personal-devices/ ...

2020-034-Fortnite account selling, process change agility, IRS wanting to track the ‘untrackable’

https://www.kitploit.com/2020/05/web-hackers-weapons-collection-of-cool.html   https://www.ehackingnews.com/2020/09/hackers-attack-gaming-industry-sell.html   https://www.secjuice.com/windows-10-penetration-testing-os/ Nice to see stories about using Win10 as a pentest platform. Was always a PITA to update Kali or whatever. @secjuice One reason I enjoyed Dave Kennedy’s ‘pentester framework’ --brbr  ...

2020-033-garmin hack, Tesla employee thwarted IP espionage, Slack RCE payout, and more!

WWFH Class: (Ms. Berlin) “Breaching the Cloud” @dafthack   https://www.blackhillsinfosec.com/breaching-the-cloud-perimeter-w-beau-bullock/   https://wildwesthackinfest.com/wwhf-at-secure-wv/   IWCE 2020 panel: “Being a thought leader”   ADKAR class Book Club: 03 September 2020 7pm: https://smile.amazon.com/ADKAR-Change-Business-Government-Community/dp/1930885504/ref=sr_1_1?dchild=1&keywords=ADKAR&qid=1598543747&sr=8-1 TLS cert life is 13...

2020-032-Dr. Allan Friedman, SBOM, Software Transparency, and how the sausage is made – Part 2

Ms. Berlin: Tabletop D&D exercise     Blumira is hiring https://www.blumira.com/career/lead-backend-engineer/  Allan Friedman - Director of Cybersecurity Initiatives, NTIA, US Department of Commerce   NTIA.gov - National Telecommunications and Information Administration   https://www.ntia.gov/sbom  SBOM guidance  ...

2018-020: NIST’s new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords

https://nostarch.com/packetanalysis3  -- Excellent Book! You must buy it.   DetSEC mention   ShowMe Con panel and keynote   SeaSec East standing room only. Crispin gave a great toalk about running as Standard user   Bsides Cleveland -   ...

2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs

https://darknetdiaries.com/   Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when...

BDIR-001: Credential stealing emails, How do you protect against it?

BDIR Episode - 001 Our guests will be: Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry Topic of the Day: CREDENTIAL STEALING EMAILS WHAT CAN YOU DO   Join us for Episode-001,...

Top 20 Predictions Of How AI Is Going To Improve Cybersecurity In 2021

What 20 Leading Cybersecurity Experts Are Predicting For 2021
SecurityWeek

Italy Says Two Arrested for Defense Data Theft

Two people have been arrested for stealing defense data from the Italian aerospace and electronics group Leonardo, the interior ministry said on Saturday. The company has a wide range of activities from naval electronics, network and protection systems, electronic warfare...

The US Used the Patriot Act to Justify Logging Website Users

Plus: Better Twitter two-factor, a Spotify hack, and more of the week’s top security news.
ZDNet

Ransomware hits helicopter maker Kopter

Data from Kopter's internal network has been published on the LockBit gang's blog, hosted on the dark web.
ZDNet

Ransomware gangs are now cold-calling victims if they restore from backups without paying

Tactic used since August by ransomware gangs like Sekhmet, Maze, Conti, and Ryuk.