Brakeing Down Security Podcast-logo

Brakeing Down Security Podcast

Technology Podcasts

A podcast all about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

A podcast all about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

Location:

United States

Description:

A podcast all about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

Twitter:

@brakesec

Language:

English

Contact:

6199810347


Episodes

2020-044-Marcello Salvati (@byt3bl33d3r), porchetta industries, supporting opensource tool creators, sponsorship model

12/1/2020
https://www.hak4kidz.com/activities/cdcedu.html Online CTF training using Cisco’s Workshop platform. They did something similar in Spring of 2020. There will be an online panel where kids can ask questions about information security. Occurs on December 12th. Check out the link for more info. Robert M. for upping his patreon to $5 Top 25 Data Security Podcasts You Must Follow in 2020 (feedspot.com) @byt3bl33d3r (Marcello Salvati) @porchetta_ind (porchetta...

Duration:00:29:16

2020-043-Software_Defined_Radio-Sebastien_dudek-RF-attacks- IoT and car RF attacks

11/23/2020
Sébastien Dudek - @FlUxIuS @penthertz Why we are here today? Software Defined Radio (sdr-radio.com) What kind of hardware or software do you need? Why would a security professional want to know how to use SDR tools and attacks? What other kinds of attacks can be launched? (I mean, other than replay type attacks) Door systems (badge systems) NFC? Contactless credit card attacks Smart building/home control systems Bluetooth attacks Point Of Sale systems Cellular radio...

Duration:00:48:39

SPONSORED Podcast: Katey Wood from Illumio on deployment and using WIndows Filtering Platform

11/17/2020
**Apologies on the Zoom issues** This is the 2nd of 3 sponsored podcast interviews with Illumio about Their zero trust product. Katey Wood is the Director of Product Marketing at Illumio. https://www.linkedin.com/in/kateywood/ Topic: Conversation on segmentation and ransomware Topic Background: The attack surface and vulnerabilities are on the rise, along with cyber attacks Why? Remote everything - cloud collaboration (including processing PII) is the new normal and that means the...

Duration:00:42:51

2020-042-Kim Crawley and Phillip Wylie discuss "Pentester Blueprint", moving into pentesting career

11/15/2020
Phillip Wylie @philipwylie and kim Crawley @kim_crawley Amazon: The Pentester BluePrint: Your Guide to Being a Pentester: 9781119684305: Computer Science Books @ AmazonSmile November 24th for paper copy Steven levy: Hackers: Heroes of the Computer Revolution: Steven Levy: 9781449388393: Amazon.com: Books Why did you write the book? What is a pentester? Skills needed Education of hacker Building a lab Kali linux Pentester Framework Docker OWASP Juice...

Duration:01:10:38

2020-041- Conor Sherman, IR stories, cost of not prepping for an incident

11/9/2020
“Between stimulus and response there is a space. In that space is our power to choose our response. In our response lies our growth and our freedom. --Victor Frankl https://smile.amazon.com/Mans-Search-for-Meaning-audiobook/dp/B0006IU470 https://twitter.com/conordsherman Conor Sherman - IR stories and more Security Strategy and Incident Response, eZCater Confident Defense Podcast - https://www.confidentdefense.com/podcast https://www.linkedin.com/in/conordsherman/ Agenda: Bio...

Duration:01:17:46

2020-040- Jeremy Mio, State of Ohio Election Security

11/2/2020
Previous Election Security podcast: https://brakeingsecurity.com/2018-042-election-security-processes-in-the-state-of-ohio Jeremy Mio (@cyborg00101) https://itsecurity.cuyahogacounty.us/ Ohio Counties Meet LaRose's Deadline to Strengthen Election Security - Ohio Secretary of State (ohiosos.gov) (added cybersecurity Directives during 2018 last podcast -jmio) Directive 2018-15(6/21/18) - Cybersecurity EI-ISAC Membership, DHS Services, IDS (Albert) Monitoring,Elections...

Duration:01:03:34

2020-039-Philip Beyer-leadership- making an impact

10/27/2020
Phil Beyer - Bio (CISO at Etsy) Importance on books about behavioral science. “Thinking Fast and Slow”: https://smile.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555 “Predictably irrational”: https://smile.amazon.com/Predictably-Irrational-Revised-Expanded-Decisions/dp/0061353248/ http://humanhow.com/list-of-cognitive-biases-with-examples/ Influence: the Psychology of Persuasion: https://smile.amazon.com/Influence-Psychology-Persuasion-Robert-Cialdini/dp/006124189X Brain...

Duration:00:56:38

SPONSORED PODCAST: Neil Patel, Illumio on Microsegmentation, and adopting the Zero Trust philosophy

10/23/2020
Spokesperson: Neil Patel (Sr. Technical Marketing Engineer) Topic: Zero trust and segmentation market http://brakeingsecurity.com/2020-023-jame-nelson-from-illumio-cyber-resilence-business-continuity What is Zero Trust and why should companies adopt a Zero Trust philosophy? Amanda: What are one of the more important steps someone should take when looking to implement zero trust? How does segmentation fit in a Zero Trust model? What are some of the challenges and benefits that...

Duration:00:33:17

2020-038-Phil_Beyer-etsy-CISO-leadership-making-an-impact

10/20/2020
Phil Beyer - Bio (CISO at Etsy) Importance on books about behavioral science. “Thinking Fast and Slow”: https://smile.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555 “Predictably irrational”: https://smile.amazon.com/Predictably-Irrational-Revised-Expanded-Decisions/dp/0061353248/ http://humanhow.com/list-of-cognitive-biases-with-examples/ Influence: the Psychology of Persuasion: ...

Duration:00:41:44

2020-037-Katie Moussouris, Implementing VCMM, diversity in job descriptions - Part 2

10/11/2020
Introduce Katie (bio) (@k8em0) CEO and Owner, LutaSecurity The scope of the VCMM (what is it?) VCMM - Vulnerability Coordination Maturity Model https://www.lutasecurity.com/vcmm Just covers the internal process? To ready an org for a bug bounty program or to accept vulns from security researchers? You mentioned not playing whack-a-mole, when it comes to responding at the beginning of a vuln disclosure program. Is the directing of different categories of bugs one of the things that goes...

Duration:00:39:17

2020-036-Katie Moussouris, Vulnerability Coordination Maturity Model, when are you ready for a bug bounty - Part 1

10/5/2020
Introduce Katie (bio) (@k8em0) CEO and Owner, LutaSecurity The scope of the VCMM (what is it?) VCMM - Vulnerability Coordination Maturity Model https://www.lutasecurity.com/vcmm Just covers the internal process? To ready an org for a bug bounty program or to accept vulns from security researchers? You mentioned not playing whack-a-mole, when it comes to responding at the beginning of a vuln disclosure program. Is the directing of different categories of bugs one of the things that goes...

Duration:00:37:06

2020-035-ransomware death in Germany, Zerologon woes, drovorub, and corp data on personal devices

9/28/2020
FIND US NOW ON AMAZON MUSIC! https://music.amazon.com/podcasts/51b7da82-c223-4de4-8fc1-d1c3dd61984a/Brakeing-Down-Security-Podcast Shout to the organizers of Bsides Edmonton, Alberta, Canada for a great conference! Amanda’s social media take over this week Bryan's plumbing story (A tale of 3...

Duration:01:09:09

2020-034-Fortnite account selling, process change agility, IRS wanting to track the 'untrackable'

9/14/2020
https://www.kitploit.com/2020/05/web-hackers-weapons-collection-of-cool.html https://www.ehackingnews.com/2020/09/hackers-attack-gaming-industry-sell.html https://www.secjuice.com/windows-10-penetration-testing-os/ Nice to see stories about using Win10 as a pentest platform. Was always a PITA to update Kali or whatever. @secjuice One reason I enjoyed Dave Kennedy’s ‘pentester framework’...

Duration:00:53:32

2020-033-garmin hack, Tesla employee thwarted IP espionage, Slack RCE payout, and more!

8/31/2020
WWFH Class: (Ms. Berlin) “Breaching the Cloud” @dafthack https://www.blackhillsinfosec.com/breaching-the-cloud-perimeter-w-beau-bullock/ https://wildwesthackinfest.com/wwhf-at-secure-wv/ IWCE 2020 panel: “Being a thought leader” ADKAR class Book Club: 03 September 2020 7pm: https://smile.amazon.com/ADKAR-Change-Business-Government-Community/dp/1930885504/ref=sr_1_1?dchild=1&keywords=ADKAR&qid=1598543747&sr=8-1 TLS cert life is 13 months now (397 day) than...

Duration:01:13:07

2020-032-Dr. Allan Friedman, SBOM, Software Transparency, and how the sausage is made - Part 2

8/24/2020
Ms. Berlin: Tabletop D&D exercise Blumira is hiring https://www.blumira.com/career/lead-backend-engineer/ Allan Friedman - Director of Cybersecurity Initiatives, NTIA, US Department of Commerce NTIA.gov - National Telecommunications and Information Administration https://www.ntia.gov/sbom SBOM guidance Healthcare SBOM PoC - https://www.ntia.gov/files/ntia/publications/ntia_sbom_healthcare_poc_report_2019_1001.pdf Allan’s talk at Bsides San Francisco:...

Duration:00:59:08

2020-031-Allan Friedman, SBOM, software transparency, and knowing how the sausage is made

8/18/2020
Ms. Berlin: Tabletop D&D exercise Blumira is hiring https://www.blumira.com/career/lead-backend-engineer/ Allan Friedman - Director of Cybersecurity Initiatives, NTIA, US Department of Commerce NTIA.gov - National Telecommunications and Information Administration https://www.ntia.gov/sbom SBOM guidance Healthcare SBOM PoC - https://www.ntia.gov/files/ntia/publications/ntia_sbom_healthcare_poc_report_2019_1001.pdf Allan’s talk at Bsides San Francisco:...

Duration:00:44:49

2020-030- Mick Douglas, Defenses against powercat, offsec tool release, SRUM logs, and more!

8/9/2020
WISP.org donation page: https://wisporg.z2systems.com/np/clients/wisporg/donation.jsp Mick Douglas (@bettersafetynet on Twitter) Powercat: https://github.com/besimorhino/powercat Netcat in a powershell environment https://blog.rapid7.com/2018/09/27/the-powershell-boogeyman-how-to-defend-against-malicious-powershell-attacks/ https://www.hackingarticles.in/powercat-a-powershell-netcat/ Defenses against powercat? LolBins: ...

Duration:01:23:11

2020-029- Brad Spengler, Linux kernel security in the past 10 years, software dev practices in Linux, WISP.org PSA

7/31/2020
WISP.org PSA at 35m56s - 37m 19s Agenda: Bio/background Why are you here (topic discussion) What is the Linux Security Summit North America https://grsecurity.net/ Questions from the meeting invite: This only affects people who want to use a custom kernel, correct? This doesn’t affect you if you are running bog-standard linux (debian, gentoo, Ubuntu) right? What options do people have in cloud environments? Does the use of microservices make grsecurity less...

Duration:01:05:33

2020-028-Shlomi Oberman, RIPPLE20, supply chain security discussion, software bill of materials

7/23/2020
Whitepaper: https://www.jsof-tech.com/ripple20/ [blog] Build your own custom TCP/IP stack: https://www.saminiir.com/lets-code-tcp-ip-stack-1-ethernet-arp/ Another custom TCP/IP stack: https://github.com/tass-belgium/picotcp RIPPLE 20 Whitepaper: https://drive.google.com/file/d/1d3NNVCRPVFk0-V0HUO5CxWWVn9pYIvmF/view?usp=sharing Agenda: Part 1: Background on the report Why is it called RIPPLE20? What’s the RIPPLE about? Communications with Treck (and it’s Japanese counterpart) Were...

Duration:00:59:33

2020-027-RIPPLE20 Report, supply chain security, responsible disclosure, software development, and vendor care.

7/15/2020
Whitepaper: https://www.jsof-tech.com/ripple20/ [blog] Build your own custom TCP/IP stack: https://www.saminiir.com/lets-code-tcp-ip-stack-1-ethernet-arp/ Another custom TCP/IP stack: https://github.com/tass-belgium/picotcp RIPPLE 20 Whitepaper: https://drive.google.com/file/d/1d3NNVCRPVFk0-V0HUO5CxWWVn9pYIvmF/view?usp=sharing Agenda: Part 1: Background on the report Why is it called RIPPLE20? What’s the RIPPLE about? Communications with Treck (and it’s Japanese counterpart) Were...

Duration:00:48:33