Cybersecurity 101 with Joe and Larry
Larry and Joe speak with Duane Dunston, an Associate Professor of Cybersecurity at Champlain College
https://www.champlain.edu/academics/our-faculty/dunston-duane
Duane just celebrated 24 years in Cybersecurity. He is currently working towards his EdD in Education. Larry and I learned how incredible Duane is! Among his many accomplishments, he volunteers as a security consultant with International Association of Human Traffickers and Investigators. He's working with Champlain students to develop technologies to facilitate the identification of trafficked victims. Duane is currently working on a cross-platform and mobile app to help identify victims of human trafficking. You can buy Duane a cup of coffee here: https://www.buymeacoffee.com/thedunston
And
00:00 Larry and Joe listen to Duane's story of how he got into Cybersecurity, after growing up in a Group Home, he earned a college degree, and then got into tinkering with Log Analysis and worked his way through Graduate school as a janitor. He helped maintain the computers and shortly after became a Unix administrator. He didn't have an easy road, but he is perhaps the best example of what the Information Security community stands for.
4:50 Wireguard VPN and Duane's contribution with Nowire
check out his NoWire Github repo here: https://github.com/thedunston/nowire
11:15 Is Internet Privacy Possible?
19:53 Duane’s presentation at GrimmCon: “Cognitive Science Aproach To Teaching Cybersecurity Education”
20:15 Should Veterans spend their GI Bill on College Degrees or Certs to get their first job in Cyber?
Duane recommends Security+ Certs and to supplement it with the TryHackMe platform.
It requires no home lab equipment so it helps those that have financial constraints.
22:30 Can someone go right into Pentesting?
Duane says you must have a base level of understanding of Networking, Windows and Linux administration.
23:00 eLearnSecurity Junior Penetration Tester (eJPT)
https://elearnsecurity.com/product/ejpt-certification/
23:50 Duane discusses how the OSCP Cert from Offensive Security is more difficult for people who struggle with self learning.
https://www.offensive-security.com/pwk-oscp/
26:00 Duane explains why he does not subscribe to the fatalistic “everyone will be hacked” mindset, and how SolarWinds is the worst case scenario of a Supply Chain compromise.
30:50 Why it is so difficult to detect cobalt strike beacons
32:45 Duane says the fundamentals are necessary: anti-malware, anti-phishing, and application control (allow-listing).
34:00 Web Browser sandboxing with Application Guard
35:15 Weakness of application control is when exclusions are set, malware an remain undetected when hiding in those exclusions
36:50 Host level detection is important because network traffic is encrypted in SSL
37:40 Philosophical Discussion on why Ransomware attacks are on the rise
39:00 Duane discusses his volunteer work with 1) using Augmented Reality to help train people in construction and 2) helping with the problem of human trafficking
44:35 Larry asks Duane a tough question: What is your driving motivation? You keep learning even after being in 24 years in Cybersecurity (Duane just got his MITRE Attack certification).
Duane's Ted Talk can be viewed here: https://www.ted.com/talks/duane_dunston_the_answer_to_cybersecurity_threats_middle_high_schoolers
Duane spoke at The Diana Initiative 2021; a two-day conference to elevate, inspire, and support women/non-binaries of all races, cultures, and backgrounds through every stage of their information security career with education, collaboration, and resources. https://hopin.com/explore/speakers/IEfWTII6uHHgNc1ctq047ro2S
51:00 Duane looks to the future - helping improve training providers. He would like to consult with a think tank on cybersecurity education or technology education or education policy. He can be reached on twitter at @GnuGro
52:37 Duane weighs in on the recent Infosec Bikini Controversy on twitter. Read more about the controversy here: https://www.infosecurity-magazine.com/news/infosec-community-bikini-pics/