28 avsnitt • Längd: 35 min • Oregelbundet
Joe Stocker, CEO of a Microsoft Cybersecurity consulting company, mentors his friend Larry on his journey to a career in Cybersecurity. Larry is a 49 year-old warehouse manager who has always wanted to get into the field of cybersecurity, but never had anyone to teach him the ropes. Larry asks tons of questions as Joe patiently explains key concepts and tells stories about his 20 year career in information technology.
The podcast Cybersecurity 101 with Joe and Larry is created by Joe Stocker. The podcast and the artwork on this page are embedded on this page using the public podcast feed (RSS).
00:00 – 00:22 – Welcome Back
Larry and Joe return for another engaging episode of Cybersecurity 101.
00:23 – 03:56 – AI and Voice Cloning Scams
The hosts discuss the growing threat of AI-powered voice cloning scams targeting the elderly and provide practical tips for avoiding them.
03:57 – 06:08 – Modern Antivirus Solutions
Joe explains why built-in tools like Windows Defender outperform legacy products like Norton and McAfee, saving users money and offering superior protection.
Source: https://www.av-test.org/en/antivirus/home-windows/
06:09 – 08:45 – Freezing Your Credit
Joe highlights the importance of freezing credit with major bureaus to protect against identity theft, explaining how it eliminates the need for costly services like LifeLock.
https://en.wikipedia.org/wiki/Credit_freeze
08:46 – 12:38 – Public Wi-Fi and VPNs
A deep dive into the risks of using public Wi-Fi and the scenarios where VPNs can add an extra layer of protection, especially against hotspot impersonation attacks.
12:39 – 15:45 – Mentoring Future Cybersecurity Professionals
Larry shares his experience mentoring newcomers to the field, emphasizing the importance of understanding networking basics and applying real-world skills.
15:46 – 18:45 – SOC Workflow and Tiered Roles
Joe and Larry break down the structure of a Security Operations Center (SOC), explaining the roles of Tier 1 analysts, Tier 2 shift leaders, and Tier 3 specialists like threat hunters and detection engineers.
18:46 – 22:06 – Responding to Incidents
Larry details a recent SOC case involving unusual sign-ins and blocked countries, showcasing the process of verifying legitimate activity.
22:07 – 28:06 – Human Insight vs. AI in Cybersecurity
The hosts explore why human instincts remain irreplaceable in handling complex cybersecurity cases, even with advancements in AI.
28:07 – 30:56 – Planning a SOC Lab
Joe and Larry brainstorm ideas for a future podcast episode, including building a lab to simulate incidents and share hands-on cybersecurity insights with listeners.
30:57 – Looking Ahead
The hosts reflect on their cybersecurity journey and tease upcoming content, including mock incident labs and tutorials to show listeners the day-to-day realities of working in a SOC.
0:06 – 0:22 – Welcome Back!
Larry and Joe kick off the latest episode of their podcast with excitement, diving straight into the cybersecurity topics of the day.
0:56 – 3:56 – The Mobile Carrier Breach
Joe breaks down the recent breach involving major telecom carriers (AT&T, Verizon, T-Mobile), discussing how hackers exploited outdated Cisco routers to access sensitive wiretap systems and target political figures.
https://techcrunch.com/2024/11/14/us-confirms-china-backed-hackers-breached-telecom-providers-to-steal-wiretap-data/
3:56 – 4:33 – Implications for Everyday Users
Joe explains the importance of encrypted communication apps like iMessage, WhatsApp, and Signal, highlighting vulnerabilities in text messaging protocols between iPhone and Android users.
4:33 – 6:09 – Best Practices for 2FA
The hosts emphasize moving away from SMS-based two-factor authentication and adopting authenticator apps or phishing-resistant methods like hardware keys.
https://techcommunity.microsoft.com/blog/identity/its-time-to-hang-up-on-phone-transports-for-authentication/1751752
6:25 – 8:55 – Protecting Personal Accounts
Larry and Joe discuss practical ways for regular users to improve password security, including using randomized passwords, password managers, and even a physical password vault.
9:04 – 10:29 – The Pros and Cons of Password Managers
Joe explores the trade-offs between web-based solutions like LastPass and local password safes https://pwsafe.org/ secured with hardware keys from Yubico https://www.yubico.com/product/yubikey-5-series/yubikey-5c-nfc/, offering insights into selecting the right solution for your needs.
10:30 – 12:38 – VPNs and DNS Privacy
Joe delves into VPNs, DNS encryption, and how they protect user privacy, while explaining why these measures are essential for blocking ISPs from selling your data to advertisers.
https://en.wikipedia.org/wiki/DNS_over_HTTPS
12:39 – 14:54 – Guarding Against Scams
Larry shares personal stories of family members targeted by scams, prompting tips from Joe on spotting phishing attempts, verifying suspicious emails, and avoiding QR code traps.
14:54 – 16:37 – The Wild West of the Internet
The conversation turns philosophical as the hosts discuss the current state of online security and the challenges of protecting vulnerable users, including the elderly, from relentless cybercriminals. Reminds me of "The Beekeeper" movie
https://www.imdb.com/title/tt15314262/
16:37 – 17:55 – QR Code Scams in the Real World
Joe uncovers the risks of QR code fraud, including fake stickers in restaurants or parking meters and malicious links sent in packages, and how to avoid falling victim to these scams.
https://www.instagram.com/cybersecuritygirl/reel/DCaetPtuBIw/
18:17 – 20:33 – Simple Security Steps for Everyone
Larry asks Joe for his top advice for everyday users, resulting in actionable steps like maintaining unique passwords for every account and writing them down in a secure password book.
20:33 – 21:50 – Credential Stuffing Explained
Joe explains the mechanics of credential stuffing, how hackers automate attacks, and why using different passwords for every account is critical.
https://en.wikipedia.org/wiki/Credential_stuffing
21:50 – 22:09 – Planning for the Future
Joe reflects on how maintaining a secure and accessible password book can help families manage accounts after a loved one’s passing, underscoring the value of preparedness.
- Joe and Larry discuss the episode's focus and introduce Dan Pestolesi.
- Danny talks about his casual streaming experience (0:52)
- Story about Danny's dad streaming volleyball matches (1:25)
- Danny's double major in Cinema and Computer Science (3:37)
- Transition from film to computer science and cybersecurity (6:39)
- Importance of sports in Danny's development (12:05)
- Comparing sports and cybersecurity teamwork (13:30)
- Initial struggles and career decisions post-graduation (16:10)
- Moving from corporate sales to school district IT (17:22)
- Starting a part-time IT business (18:28)
- Developing interest through classes and projects (19:15)
- Fascination with the Stuxnet virus (21:21)
- Explanation of MPI Angels and Devils project (24:21)
- Importance of multithreaded processing and game theory (25:02)
- Value of Network+ and Security+ certifications (27:16)
- Future plans for certifications (28:08)
- Experience with a 2.5-hour interview (28:25)
- Importance of cultural fit and team dynamics (30:05)
- Larry's educational background in networking (36:08)
- Real-world application of networking skills (37:00)
- Story about identifying a malicious IP address (38:47)
- Importance of collaboration in cybersecurity (39:13)
- Skills that helped Larry transition into cybersecurity (42:08)
- Recommendations for learning and certifications (42:26)
- Using resources like TryHackMe and Udemy (42:48)
- Importance of taking notes and reading manuals (48:44)
- Using AI tools to assist with learning (46:19)
- Final thoughts and encouragement for listeners
- Invitation to connect and learn more about the field
Call to Action:
- Join the cybersecurity field! Get started for free at https://KC7cyber.com
- Connect with the KC7 community on Discord!
Episode Highlights:
Introductions (0:00)
Simeon Kakpovi’s background (0:52)
Gregory Schloemer’s background (3:01)
Larry's Journey to Cybersecurity (5:20)
Transition from sports and coaching to cybersecurity
Role of faith and mentorship
Meeting and Partnership (7:08)
How Joe and Larry met
Similar missions and goals
KC7 Overview (8:10)
Introduction to KC7 and its impact
Simeon’s story and vision for KC7 (9:22)
Development of KC7 (11:38)
Greg’s involvement and development process
Challenges and successes in creating KC7
KC7 in Action (12:57)
Demonstration of KC7 platform and features
Tips and tricks for using KC7 effectively (16:46)
Expansion and future goals for KC7 (18:14)
KC7 Summer Camp (19:24)
Overview of the summer camp for students
Success stories and impact on students
Generating Realistic Data for KC7 (22:30)
Techniques for creating realistic cybersecurity data
Use of AI in data generation (23:26)
Interactive Demo: Creating a Scenario (26:40)
Step-by-step demo of generating a threat scenario with AI
Explanation of threat actor behaviors and data patterns (31:01)
Future of KC7 and AI Integration (33:46)
Plans for scaling and improving KC7 with AI
Vision for automating question generation (34:03)
Community and Feedback (36:04)
Importance of community support and feedback
Success stories from KC7 users (38:32)
Conclusion (39:48)
Final thoughts and appreciation
Invitation to join the KC7 community https://kc7cyber.com/ and connect on Discord https://discord.com/invite/TmgCUnrArT
Episode Highlights:
- Hosts: Joe Stocker and Larry Lishey
- Larry's new role as a SOC Analyst
- Transition from warehouse management to cybersecurity
- Motivations and inspirations (1:06)
- Role of formal education and certifications (4:22)
- Key learning experiences and helpful resources
- Typical daily tasks and responsibilities
- Working with Microsoft Sentinel and other security tools (3:23)
- The importance of thorough incident investigation
- Initial challenges and overcoming nerves
- The pressure and importance of accurate incident triage (11:06)
- Rewarding aspects: customer satisfaction and team support (21:26)
- The role of mentors in Larry's growth
- Advice for new SOC analysts: ask questions, find a mentor
- Team structure and dynamics within the SOC (19:08)
- Key skills and knowledge areas developed over 12 months
- Specific incident analysis and forensics experiences (14:32)
- Learning and growth through practical experiences and mentorship
- Life changes from the career transition
- Balancing work and personal life, including gym routines (29:55)
- Benefits of remote work and its dynamics
- Notable guests and influential conversations (31:57)
- Favorite moments and topics covered (32:57)
- Future aspirations for the podcast: more day-to-day SOC operations, specific scenarios
- Joe's thoughts on AI's impact on cybersecurity
- Microsoft's Copilot for Security (34:56)
- Broader societal implications of AI, including deep fakes and cybercrime
- Final thoughts and encouragement for listeners
- Invitation to connect and learn more about the field
Resources:
- KC7 Cybersecurity Game: https://kc7cyber.com/
- Education and certification programs https://www.mycomputercareer.edu/
- Connect with Larry on LinkedIn https://www.linkedin.com/in/lawrence-lishey-30942020/
This is a pretty big deal! After 3 years of studying, Larry is now a SOC Analyst for Joe's company, Patriot Consulting. Joe recently launched a service for medium sized organizations that monitors for security alerts.
In this episode, Larry shares his experience thus far and gives some tips for those just beginning the journey.
In the final episode of this series, Joe and Larry discuss their new YouTube channel where all future episodes will be hosted. Please subscribe and follow us there!
https://www.youtube.com/channel/UCJsqpIC4GSpNwIWTvbSt2rQ
The advantage of moving to YouTube is that Joe will be able to share his computer screen with Larry to help him gain additional hands on training.
In this episode, Joe talks to former police officer Doug Roberts. Like Larry, Doug is currently working in Information Technology but seeking a full time position as a Security Operations Center (SOC) Analyst.
Doug has three college degrees including an associates degree in networking, a bachelor's degree, and a master's degree in Cybersecurity. Additionally, Doug has several cybersecurity certifications (Security+, CySA+, CSAP) and he is working towards the CISSP. Despite 6 years of IT experience, degrees and certifications, Doug has found it difficult to land his dream job in cybersecurity. Let's help him out!! If you know a hiring manager or a company that may be hiring, Doug can be reached on LinkedIN (here).
Larry completes the "Certified Ethical Hacker" course and then Larry asks Joe about the new book he published "Securing Microsoft 365" available on Amazon https://www.amazon.com/Securing-Microsoft-365-Joe-Stocker/dp/1956630015/ref=sr_1_1?crid=1U874UDJKI0A3&keywords=securing+microsoft+365&qid=1653877474&sprefix=securing+micro%2Caps%2C125&sr=8-1
In this episode we discuss the 25th anniversary of the first DDoS (Distributed Denial of Service) and why this cybersecurity threat is a tricky one to solve.
00:00 to 2:00 Intro to Pankaj Gupta (@PankajOnCloud,CITRIX)
Pankaj leads product and solutions marketing and go to market strategy for cloud, application delivery and security solutions at Citrix. He advises CIOs and business leaders for technology and business model transitions. In prior roles at Cisco, he led networking, cybersecurity and software solution marketing.
2:20 The 25th anniversary of the first Denial of Service attack against Panix, an Internet Service Provider (1996) (https://en.wikipedia.org/wiki/Denial-of-service_attack#Distributed_attack)
25 years later, the largest DDoS attack ever recorded targeted Russian ISP Yandex (https://www.cpomagazine.com/cyber-security/russian-internet-giant-yandex-wards-off-the-largest-botnet-ddos-attack-in-history/). Pankaj notes how this was exactly 25 years later to the month.
3:15 What is a DDoS Attack? 1) Connection overload 2) Volumetric like ICMP flood 3) Application Layer
5:20 Coinminer as an example of Denial of Service when CPU is exhausted
6:00 Why are we still talking about DDoS 25 years later? Pankaj states that they are now easier than ever to perform.
7:00 Larry asks about the connection between ransomware and DDoS
9:00 Pankaj describes how the motivation for DDoS has shifted from hacktivism to financial motivation
9:30 Joe asks how much it costs for an attacker to operate
10:00 Pankaj explains that unskilled attackers with access to the Dark web can orchestrate attacks
11:45 Joe discusses how many attackers target healthcare despite how this hurts people
12:45 Pankaj discusses that while federal laws exist, very few are prosecuted for DDoS attacks.
13:50 Larry asks whether businesses are paying the ransom
14:15 Pankaj says paying the ransom is never recommended. Instead, Pankaj recommends investing in DDoS protection solutions
15:25 Joe asks whether tools exist to quantify costs for downtime to justify the expense of DDoS prevention solutions.
16:30 Pankaj explains how it is not just the economic impact of downtime that is to be factored into the equation but also the damage to reputation by losing customer’s trust.
17:30 Pankaj describes three trends that will cause DDoS attacks to increase in the future (things will get worse rather than better). This is due to increased bandwidth for 5G, exponential growth of IoT devices, and the improved computation power.
18:30 What is IoT? (Internet of Things). This is any device that has an internet connection such as a Nanny Camera, home router, or NEST Thermostat. Bad actors exploits vulnerabilities to transform these devices into a “BOT Network” that the attackers can then use in mass quantity against a single target. This forms the source for the DDoS attacks. All of these devices combined will send packets to the victim website.
20:50 What solutions exist for DDoS? Joe explains how he has solved DDoS historically using services from CloudFlare.
22:00 Joe explains how he configured DDoS protection by configuring DNS, and the weakness when attackers discover the direct IP using OSINT
23:15 Joe asks Pankaj how does Citrix compare with competitors
23:35 Pankaj describes four key criteria when selecting a DDoS solution. 1) The solution should protect against a variety of types of DDoS attacks 2) Can the solution scale? As DDoS attacks increase in size 20% Year over Year (it’s expected to be 3 terabits). 3) The advantage of a cloud-based solution is that it can auto-scale in bandwidth whereas an on-premises DDoS solution cannot guard against bandwidth saturation.
25:50 Joe asks Pankaj if Citrix uses its own data centers (does it have exposures if data centers like Google, Amazon or Microsoft). Pankaj describes the Citrix solution as having the scale to handle 12 terabits of scrubbing across multiple points of presence (pop).
29:00 Pankaj describes two types of DDoS solutions, Always-ON, or On-Demand. If you are an e-commerce website then Always-on may make more sense even though it costs more than on-demand because every minute that you cannot sell your products will lose money.
31:00 DDoS attacks can be a diversion tactic to distract IT and SECOPS teams so that the attackers can perform other types of attacks such as financial fraud (Wire Fraud, SWIFT, etc)
32:40 Larry asks: What is the difference between a buffer overflow and DDoS? Pankaj explains that a buffer overflow could be used as a type of DDoS since it could impact the availability of the service.
34:00 Joe describes how DDoS strikes at the heart of one of the three components of the CIA Triad “Confidentiality, Integrity, and Availability.”
35:00 For businesses interested in learning more about Citrix solutions, Pankaj recommends using this contact form on the Citrix website: https://www.citrix.com/contact/form/inquiry/
36:30 Joe asks what market is Citrix chasing: Small Business, Mid-Market or Enterprise? Pankaj responds that all businesses need DDoS protection, and how cloud-based solutions are easier to implement.
DISCLAIMER: Larry and Joe received no compensation in any form from anyone for our Podcast. This is a "hobby" podcast - we don't even have advertisements!
In Episode 19, Joe introduces Larry to Terence Jackson, and they discuss their common faith in Jesus Christ, and how anyone who freely chooses can also become a Christian.
00:00 Larry announces that he is getting married in two weeks! Larry talks about his plans to take the CEH and CYSA Certifications
1:30 Joe introduces Larry to Terence Jackson, a former CISO from Thycotic. Terence was named top 10 CISO.
3:15 Terence has 26 technical certifications and is pursuing graduate studies from Albany Law School
5:30 Terence describes how he developed a friendship with the CEO of a company as they shared a common faith
6:00 Joe asks Terence about how faith in God
6:45 Terence describes his faith journey, from being the child of a Minister - growing up “at church” without being “in church” and the period of his life where he wandered away, to returning back to his faith in God
8:30 Joe says if we only talk about career accomplishments, it’s an incomplete picture of who we really are.
Pastor Bobby Schuller from Shepherd's Grove Church (https://www.sgp.church/) developed this creed:
Try saying this out loud, and pause after each line:
“I’m not what I do.
I’m not what I have.
I’m not what people say about me.
I am the beloved of God.
It’s who I am.
No one can take it from me.
I don’t have to hurry.
I don’t have to worry.
I can trust my Friend, Jesus, and share His love with the world.”
Say that out loud - and note how you feel after saying it.
9:30 Joe describes what it means to have integrity
10:15 Joe describes how faith grounds us.
11:00 God loves you!
11:30 Terence says the secret to success is putting God first. Faith is like a muscle, you have to continue working on it and build it up. It’s important to have community.
12:40 God is Good!
1:00 Does faith without works result in automatic blessing or do you have to put effort into life to have success?
13:41 Proverbs 22:29
15:30 Terence shares how he has found fulfillment in Jesus Christ, and how it has helped him
15:54 Joe and Terence discuss how the death of Jesus Christ allowed for a personal relationship with God
22:40 How can faith help you with the desire to enter a career in cybersecurity
24:40 Terence worked his way up from the bottom (pulling cables and terminating wires) to becoming an executive at Microsoft
25:00 to 31:40 Joe and Terence bring the conversation back to Faith in God
31:40 Larry tries to bring the conversation back to Cybersecurity
33:30 Terence tells a story of hiring a math teach who had no background in cybersecurity, got certifications, Terence takes a chance hiring her, and she is now running cyber for a top 5 bank.
36:00 Terence describes what he looks for in job candidates: curiosity, self starter, and willingness to learn. Thirst. Drive.
37:00 Not all jobs in cybersecurity are hands-on-keyboard
40:00 Joe asks Terence about working for one of the top tech companies in the world
40:20 Your network is just as important as your skill set
41:00 What does Terence do in his day to day work?
TL;DR - God Loves you and while cybersecurity is cool, Faith in God gives meaning to life, hope in the future, and is a sure foundation for when life doesn't go our way.
Why are these men so outspoken about their faith? Shouldn't they keep it quiet and to themselves?
The Holy Bible says we should not be ashamed of having faith, because it is so cherished and important. The Apostle Paul wrote “For I am not ashamed of the gospel of Christ, for it is the power of God to salvation for everyone who believes, for the Jew first and also for the Greek.” Romans 1:16
Jesus said “Whoever is ashamed of me and my words, the Son of Man will be ashamed of them when he comes in his glory and in the glory of the Father and of the holy angels” Luke 9:26
To learn more about how to have a personal relationship with God, check out this website developed by the late evangelist Billy Graham https://peacewithgod.net/
Brett's Story.
Brett spent 24 years in prison, and was recently released. But how Brett spent his time will inspire you. Take the time to listen to Brett and get to know how he invested his time wisely. He has a lot to teach us on so many levels.
Brett took advantage of every education opportunity available, earned a bachelor's degree in Liberal Arts and taught himself to advanced math and physics, all without access to the Internet. But his life really changed when his friends invited him to the Last Mile program (www.TheLastMile.org). He wrote about his journey on his blog article here: The Crucible: Learning How to Code in Prison | by Brett Buskirk | Medium
The Last Mile is a truly amazing program. It gives prisoners an opportunity to learn full stack programming in a simulated web environment. Brett excelled and showed initiative during COVID when the program was suspended, he hand-wrote lesson plans that were distributed to multiple prisons that participated in the Last Mile program. Upon his release from prison, he was hired as an Instructor by Last Mile so he now gets to teach others.
Brett’s story reminds me of Kevin Mitnick. Upon being released from prison, Kevin started the company KnowBe4 which has become one of the fastest growing cybersecurity companies in history. I can say from personal experience that the majority of my corporate customers are now KnowBe4 customers. This is a great example of where as a society we have given returning citizens like Kevin, and now Brett a chance to bless all of us with their valuable skills they have to offer us.
I firmly believe that Brett has a bright career ahead of him - and there are no limits to what Brett can achieve, because his mind is so incredibly sharp and he has gotten to know himself and his self worth. Brett has found joy and purpose in coding and now he is now gaining an interest in Cybersecurity, which is how he found out about this show - one day he searched "Cybersecurity" on Spotify and found our show! He reached out to Larry and we both immediately knew we wanted others to hear his incredible story. The world needs bright minds like Brett to help all of us, because we are in the middle of a cyber war, where dangerous nation state actors and cyber gangs are destroying American businesses. In my opinion, Congress should set aside a gazillion dollars to help prisoners find hope like what Brett has found. Opportunities are all around us if we seek them with all our might - I believe God puts them there for us.
Highlights from the show:
6:55 Brett came to a belief of not accepting Limits of Learning.
Meshack Mortiz immigrated with his family from the Philippines when he was 13 years old. His family had plans for him to go to college and become a Nurse, or learn medicine through the US Air Force. But Meshack found a special camaraderie among the US Marine recruits that persuaded him to join the most elite fighting force on earth.
Learn about his journey from being an Engineer Equipment Operator (MOS 1345) to becoming a SOC analyst for a top US Government space agency, and then his most recent transition to the private sector as an Incident Response Analyst. Meshack shares tips and tricks that helped him along each stage of the journey that began with the Microsoft Software and Systems Academy (MSSA) https://military.microsoft.com/programs/microsoft-software-systems-academy/ and how he prepared for his interviews, built a home lab, and sought out mentors.
Timeline00:00 Introduction to Meeshack, a heavy equipment operator in the United States Marine Corp
4:30 Meshack explains the mindset it requires to have a successful career transition into Cybersecurity
"You have to enjoy it."
5:30 Meshack explains how he prepared to get into cybersecurity, through certifications, in particular the Security+ exam.
8:00 Meshack shares how he got his first job in cybersecurity by using OSINT skills to research Social Media
He looked at job postings to see what employers were looking for, then he worked backwards from there.
11:00 Meshack shares his elevator pitch that he used to get people to respond to him on LinkedIN. He got a great response rate!
14:00 Meshack shares his interview strategy: 50% likability and 50% technical skill
16:00 Meshack describes his first home lab setup involved a Raspberry Pi DNS Sinkhole
and pulled everything into the free edition of Splunk
Joe also had given him guidance on using host based IDS such as SNORT
19:30 Interview technique: explain what you have done in your home lab before they start asking you technical questions, especially when you have no prior job experience
31:34 Meeshack shares how his family immigrated to the United States when he was 13 and his family wanted him to become a nurse but he shocked them when he enlisted in the United States Marine Corp.
39:00 For those who want to get into Cybersecurity, Meshack recommends A+, Network+ then Security +. He also recommends CompTIA Cybersecurity Analyst (CySA+)
For those who are already in Cyber SOC positions, Meshack recommends SANS GIAC Certified Incident Handler (GCIH)
Larry and Joe speak with Duane Dunston, an Associate Professor of Cybersecurity at Champlain College
https://www.champlain.edu/academics/our-faculty/dunston-duane
Duane just celebrated 24 years in Cybersecurity. He is currently working towards his EdD in Education. Larry and I learned how incredible Duane is! Among his many accomplishments, he volunteers as a security consultant with International Association of Human Traffickers and Investigators. He's working with Champlain students to develop technologies to facilitate the identification of trafficked victims. Duane is currently working on a cross-platform and mobile app to help identify victims of human trafficking. You can buy Duane a cup of coffee here: https://www.buymeacoffee.com/thedunston
And
00:00 Larry and Joe listen to Duane's story of how he got into Cybersecurity, after growing up in a Group Home, he earned a college degree, and then got into tinkering with Log Analysis and worked his way through Graduate school as a janitor. He helped maintain the computers and shortly after became a Unix administrator. He didn't have an easy road, but he is perhaps the best example of what the Information Security community stands for.
4:50 Wireguard VPN and Duane's contribution with Nowire
check out his NoWire Github repo here: https://github.com/thedunston/nowire
11:15 Is Internet Privacy Possible?
19:53 Duane’s presentation at GrimmCon: “Cognitive Science Aproach To Teaching Cybersecurity Education”
20:15 Should Veterans spend their GI Bill on College Degrees or Certs to get their first job in Cyber?
Duane recommends Security+ Certs and to supplement it with the TryHackMe platform.
It requires no home lab equipment so it helps those that have financial constraints.
22:30 Can someone go right into Pentesting?
Duane says you must have a base level of understanding of Networking, Windows and Linux administration.
23:00 eLearnSecurity Junior Penetration Tester (eJPT)
https://elearnsecurity.com/product/ejpt-certification/
23:50 Duane discusses how the OSCP Cert from Offensive Security is more difficult for people who struggle with self learning.
https://www.offensive-security.com/pwk-oscp/
26:00 Duane explains why he does not subscribe to the fatalistic “everyone will be hacked” mindset, and how SolarWinds is the worst case scenario of a Supply Chain compromise.
30:50 Why it is so difficult to detect cobalt strike beacons
32:45 Duane says the fundamentals are necessary: anti-malware, anti-phishing, and application control (allow-listing).
34:00 Web Browser sandboxing with Application Guard
35:15 Weakness of application control is when exclusions are set, malware an remain undetected when hiding in those exclusions
36:50 Host level detection is important because network traffic is encrypted in SSL
37:40 Philosophical Discussion on why Ransomware attacks are on the rise
39:00 Duane discusses his volunteer work with 1) using Augmented Reality to help train people in construction and 2) helping with the problem of human trafficking
44:35 Larry asks Duane a tough question: What is your driving motivation? You keep learning even after being in 24 years in Cybersecurity (Duane just got his MITRE Attack certification).
Duane's Ted Talk can be viewed here: https://www.ted.com/talks/duane_dunston_the_answer_to_cybersecurity_threats_middle_high_schoolers
Duane spoke at The Diana Initiative 2021; a two-day conference to elevate, inspire, and support women/non-binaries of all races, cultures, and backgrounds through every stage of their information security career with education, collaboration, and resources. https://hopin.com/explore/speakers/IEfWTII6uHHgNc1ctq047ro2S
51:00 Duane looks to the future - helping improve training providers. He would like to consult with a think tank on cybersecurity education or technology education or education policy. He can be reached on twitter at @GnuGro
52:37 Duane weighs in on the recent Infosec Bikini Controversy on twitter. Read more about the controversy here: https://www.infosecurity-magazine.com/news/infosec-community-bikini-pics/
Dr. Cody Buntain (@codybuntain) is an Asst. prof in the Informatics Department at New Jersey Institute of Technology. He researches how people engage politically online, especially during disasters and times of social unrest, and how coordinating actors behave and information flows across multiple platforms. He has a Postdoctoral Fellowship for the US Office of the Director of National Intelligence (2016-2018), and a former research scientist for Raytheon. Learn more about Dr. Buntain here: http://cody.bunta.in/
#crisis informatics #online political engagement #disinformation #information quality #real-time summarization #weak supervision #text mining #machine learning
1:45 Larry asks Dr. Buntain: How can a person get into cybersecurity when they don't have prior job experience?
3:00 to 10:00 Tough Cybersecurity Interview Questions
11:00 Why humans are still the weak link in cybersecurity
12:30 Cybersafety
16:20 Is there enough incentives for large private companies to secure against breaches, when insurance companies cover their losses, and breaches are not mandatory to disclose?
19:30 Tesla employee bribed with a million dollars to plant ransomware by a Russian
https://www.wired.com/story/tesla-ransomware-insider-hack-attempt/
21:00 Insider Risk
24:15 Discussion on Supply Chain Attacks- like Kaseya
27:00 The supply chain risk is not new - example from the cold war. Conclusion: It comes down to trust, which is a decision of weighing risks.
28:15 Is Nationalism inevitable to avoid supply chain compromise?
29:00 Dr. Buntain discusses the #1 problem in cybersecurity today: Phishing and Humans being the weak link. It's about persuading employees with the "why" not just the policy enforcement.
[Update 7/6/21: Daniel has accepted a job in cybersecurity! Congrats Daniel!!]
Larry and Joe invite special guest Daniel Rose on the show to discuss his efforts to obtain a position in cybersecurity. Daniel grew up placing Ice Hockey and served his country in the US Navy, and served his community in law enforcement before transitioning to IT for the past six years. He has Linux and Security+ certifications and is open to full time employment offers now. Listen to the show to learn more about Daniel's background.
00:00-02:15 Special guest Daniel Rose shares his experience encountering crazy job descriptions like this entry level position: "Must have 5 years experience and former CISO preferred?!" Larry and Daniel discuss how these “unicorn employee” job postings can be frustrating for people looking to break into the cybersecurity field.
02:15-3:15 Larry recalls a conversation he had with an IT Architect who told him having passion for cybersecurity is the most important thing
03:15-05:00 Daniel shares about when he first transitioned from a career in law enforcement to IT. It all started when he took a digital forensics workshop. He then found a computer hardware position and then web/software development.
05:00-08:00 Daniel shares stories about how his passion and drive has helped him overcome challenges in life, including an inspiring story when he served in the US Navy. If you really want to do something - stick to it!
08:00-12:00 Daniel shares tips with Larry on studying for the Pentest+ and Security+ Exam.
12:00-13:30 Daniel explains what TryHackMe.com is all about.
13:30-14:45 Daniel explains what it takes to get a new account in https://HackTheBox.com
14:45-15:30 Daniel talks about https://CodeAcademy.com
15:30-16:05 Daniel recommends that Larry get into Python as his first cybersecurity programming language
16:05-18:43 Daniel recommends https://RangeForce.com and talks about how it helped him gain hands-on experience with PowerShell, Intrusion Detection Systems,
18:43 Daniel talks about https://CyberDefenders.org ; a blue team training course to learn Splunk and reverse engineering malware
20:45 Joe talks about how Marcus Hutchins used his malware analysis skills to find the kill switch that stopped WannaCry ransomware from spreading worldwide in 2017. Learn about Marcus's story here: https://en.wikipedia.org/wiki/Marcus_Hutchins
22:20 Larry talks about the Microsoft MSSA Academy https://military.microsoft.com/programs/microsoft-software-systems-academy/
26:10 Daniel talks about his experience using EDR to investigate ransomware and how he created a watchlist of task scheduler changes to hunt for Indicators of Compromise (IOC)
29:00 Larry ties together how incident response requires skills with forensics
30:00 Daniel talks about how he used the Jason Dion Udemy course to prepare for the LPI Linux course https://www.udemy.com/user/jason-dion/
31:50 Daniel shares his tips with Larry on studying for Security+
35:00 Larry shares an update on his career search
It has been about five months since we last checked in with Larry's progress in school, so in this episode he has a big announcement to share.
Joe then recaps what has been happening in the world of cyber warfare including SolarWinds, Microsoft Exchange Ransomware #DearCry, and the F5 pre-authentication RCE.
People are asking how Larry is doing, so this episode is focused on catching up with Larry and his journey towards a career in Cybersecurity.
TL;DR As of 10/25/2020, Larry has 12 weeks left in school and he is open to immediate placement for an entry level cybersecurity or help desk role. He lives in south Orange County, California and can work remotely as well. Connect with Larry on LinkedIN (Click here to Connect with Larry).
Larry is attending an online school called MyComputerCareer where he is studying for the following Certification exams:
Larry also recommends:
Podcast Timeline:
00:00 Catching up with Larry
5:25: MyComputerCareer offers Job Placement after 6 months. Out of his class of 113 students, half of them have already been placed in jobs!
8:24: Joe gave Larry "The Hacker Playbook" by Peter Kim, because it uses analogies from football (Larry was a professional football coach)
10:43 Joe talks about the pivotal moment in his life that caused him to attend a computer school at night while he earned a college degree during the day
13:13 why is technology interesting to Joe, and how he needs a challenge. Joe would be too bored in a routine and competitive job.
17:16 how hackers can target you individually to your phone
19:40 to 22:00 Larry shares a story about how 80% of people don’t update their phones because it is a hassle.
23:24 to: 26:00 Two major motivations hackers have for targeting individuals
26:00 Instagram Cloning
30:00 Larry’s plan: 12 weeks left in school, then find a company who is willing to give him a shot. His goal is to be a penetration tester or digital forensics.
Kris went from making burritos in an American chain of fast casual restaurants to become a general manager by age 19 before giving it all up and starting a new career in Cybersecurity, where he is now guarding against cyberattacks for NASA. It all started the day Kris took a 10 minute break before starting a 12-hour shift at a fast food restaurant. He had just worked 200 hours over the previous two weeks! During the break, he stumbled on this Reddit thread about the Stuxnet worm which sparked his interest in cybersecurity.
Soon after he witnessed one of his managers achieve their dreams after attending Year Up, a non-profit offering one-year intensive training program. Kris joined the cybersecurity program and we discuss his transition from that training to his current role as a cybersecurity analyst at NASA.
Here are the resources that have helped Kris:
1. Lesley Carhart's blog post on how to start an infosec career 2. Productivity timer 3. "Atomic Habits" by James Clear 4. Dare to Lead by Brené Brown 5. Terminus 6. OverTheWire War Gaming 7. Certification Overview Graphic 8. Cybersecurity Overview Mind Map
In this episode, Joe and Larry interview Dmitri Thorpe, who served honorably in the United States Marine Corps Recon for 12 years before transitioning to a successful career in Information Technology. Dmitri shares that it would be his dream to work for Microsoft, and why it is essential to be a Tinkerer if you want to get ahead in IT. You can connect with Dmitri on LinkedIN here https://www.linkedin.com/in/dmitri-t-2a78175/
Special Guest Bob Schlotfelt is interviewed by Joe and Larry. Bob has over 20 years experience in Information Security, and has held senior leadership roles in multi-billion dollar organizations. His industry experience spans multiple fields such as Healthcare, Financial Services, Retail, Biotech, and more. You can connect to Bob on LinkedIN here https://www.linkedin.com/in/bschlotfelt/
In this episode, Joe visits Larry's house to help him build a cybersecurity lab.
In this episode, Larry asks "Why is Linux the operating system of choice for Hackers?" and "is it true that the more money you spend, the better security you will have?" Larry also admits that the photos on his Android phone are not backed up, and Joe explains that there is such a thing as ransomware that targets mobile operating systems, so Larry needs to backup his photos to the cloud.
Cybersecurity 101 Podcast Episode 6 features Zach Moore, Marine Veteran and Sr. Cyber Security Solutions Architect. Zach shares how he got his start in Cybersecurity and answers Larry’s questions about which certifications were most helpful for him. Zach also credits the Microsoft Software & Systems Academy (MSSA) for providing him the professional development and leadership skills for his first civilian position out of the military.
Larry and Joe discuss how to setup a cybersecurity lab so that Larry can get hands on experience.
In this episode, Larry starts by asking about how secure Apple iCloud is. Joe breaks it down.
In this episode, we learn about how Joe got started in cybersecurity
In this episode, Larry asks about various positions in cybersecurity
We learn about Larry's background and why he is interested in transitioning into a Cybersecurity Career.
En liten tjänst av I'm With Friends. Finns även på engelska.