Shows
Purple Squad SecuritySpecial Episode - EliteCast Episode 1Episode Notes
Here's the first episode of my new podcast, EliteCast! This is intended to be a less technical podcast aimed at business leaders and decision-makers to help explain the importance of information security (or cybersecurity as it's normally called by the target audience). I'm a bit rusty, but I'll get there. Apparently, a 9-month hiatus does that to a man.
I hope you enjoy it and you choose to subscribe. It should be live on the usual podcast sites, but if you want the RSS link, check out:
https://pinecast.com/feed...2021-01-0523 min
Purple Squad SecurityEpisode 71 - A Casual Conversation with The Cyber MentorHeath "The Cyber Mentor" Adams stops by to have a nice casual chat about how he got into infosec, what he's currently working on, and how he's giving back to the community in a rather novel way. Definitely someone I respect as a great up-and-comer in the industry, this was a fantastic discussion for sure.
Some links of interest:
Website - https://www.thecybermentor.com/
Company - https://tcm-sec.com/
Discord - https://discord.gg/REfpPJB
Twitter - https://twitter.com/thecybermentor
YouTube - https://www.youtube.com/c/thecybermentor
Twitch - https://www.twitch.tv...2020-03-0842 min
Purple Squad SecurityEpisode 70 - Mul-Tea-Factor with Kat SweetKat Sweet (@TheSweetKat) sits down to chat about incident response and security operations, all while sipping tea with me.
Some links of interest:
Kat's Twitter - @TheSweetKat
Kat's Blog - thesweetkat.com
Want to reach out to the show? There's a few ways to get in touch!
Purple Squad Security's Twitter: @PurpleSquadSec
John's Twitter: @JohnsNotHere
John's Mastodon: https://infosec.exchange/@JohnsNotHere
Podcast Website: purplesquadsec.com
Podcast Store: https://purplesquadsec.com/store
Sign-Up for our Slack community: https://signup.purplesquadsec.com
Thanks for listening, and as always, I will talk with you all again ne...2020-02-2342 min
Purple Squad SecurityEpisode 69 - 2020 Show UpdateJohn sits down to talk solo about the show and what's in store for 2020.
Some links of interest:
EliteSec Website - https://elitesec.io
EliteSec Twitter - @EliteSec_io
Want to reach out to the show? There's a few ways to get in touch!
Purple Squad Security's Twitter: @PurpleSquadSec
John's Twitter: @JohnsNotHere
John's Mastodon: https://infosec.exchange/@JohnsNotHere
Podcast Website: purplesquadsec.com
Podcast Store: https://purplesquadsec.com/store
Sign-Up for our Slack community: https://signup.purplesquadsec.com
Thanks for listening, and as always, I will talk with you all again next time.
...2020-02-0931 min
Purple Squad SecurityEpisode 68 - All About The Diana Initiative with Circuit SwanCircuit Swan stops by the show to talk all things Diana Initiative. If you're going to Hacker Summer Camp 2020, you may want to consider adding the Diana Initiative to your list of cons to attend.
Some links of interest:
Circuit Swan's Twitter: @CircuitSwan
Diana Initiative Twitter: @DianaInitiative
Website - https://www.dianainitiative.org
Want to reach out to the show? There's a few ways to get in touch!
Purple Squad Security's Twitter: @PurpleSquadSec
John's Twitter: @JohnsNotHere
John's Mastodon: https://infosec.exchange/@JohnsNotHere
Podcast Website: purplesquadsec.com
Podcast Store: https://purplesquadsec.com/store
Sign-Up for ou...2020-01-2040 min
Purple Squad SecurityEpisode 67 - A casual conversation with SnowSnow stops by during the winter months to share with us the true origin of her hacker handle, stories from some physical penetration testing, a quick note on her Kringlecon talk, and so much more! A great way to round out the year!
Some links of interest:
Snow's Twitter: @_sn0ww
Want to reach out to the show? There's a few ways to get in touch!
Purple Squad Security's Twitter: @PurpleSquadSec
John's Twitter: @JohnsNotHere
John's Mastodon: https://infosec.exchange/@JohnsNotHere
Podcast Website: purplesquadsec.com
Podcast Store: https://purplesquadsec.com/store
Sign-Up for our Slack co...2019-12-1548 min
Purple Squad SecurityEpisode 66 - Fireside Chat with Adrian CheekAdrian Cheek stops by the show this week to have a nice fireside chat with me. We talk about passive DNS, which Adrian first introduced to me a few years ago, and then move on to threat hunting. Adrian has a very interesting history and it was a joy to speak with him.
Some links of interest:
Adrian's Twitter: @Outkast_TI
Farsight Passive DNS - https://www.farsightsecurity.com/solutions/dnsdb/
Want to reach out to the show? There's a few ways to get in touch!
Purple Squad Security's Twitter: @PurpleSquadSec
John's Twitter: @JohnsNotHere
J...2019-12-0142 min
Purple Squad SecurityEpisode 65 - Fireside Chat with The GibsonI'm trying a slightly different format for the next few episodes, and I'd appreciate any feedback you may have.
In this episode I sit down with The Gibson, mayor of hackers.town, to talk about a variety of things from the Fediverse, working with the under-serviced SMB market, old school technologies, and the Infosec community as a whole. We're all over the place, but it's a good thing. Just a nice casual conversation talking about things that interest us.
Some links of interest:
Gibson's Mastodon: @TheGibson@hackers.town
Hacker's Town: https://hackers.town
Gibson's...2019-11-1752 min
Purple Squad SecurityEpisode 64 - Fireside Chat with Tanya JancaI'm trying a slightly different format for the next few episodes, and I'd appreciate any feedback you may have.
In this episode I sit down with the amazing Tanya Janca for a fireside chat about her new company, Security Sidekick. They seem to have some pretty ambitious goals, and I couldn't think of anyone better to help make those a reality.
Some links of interest:
For Tanya:
Tanya's Twitter: https://twitter.com/shehackspurple
Tanya's Dev.to Profile: https://dev.to/shehackspurple
Tanya's Blog: https://medium.com/@shehackspurple
Tanya's YouTube Profile: https://www...2019-11-0350 min
Purple Squad SecurityEpisode 63 - Backdoors & Breaches with John StrandOh what I treat I have for you today! John Strand, former SANS instructor, long time co-host on Enterprise Security Weekly, Founder of Black Hills Information Security, and a whole lot more has taken time out of his busy schedule to stop by and talk about Backdoors & Breaches, the new IR card game from BHIS. Naturally we talk about more than just the game, but it was all as amazing as I had hoped. I trust you will enjoy listening to this one about as much as I enjoyed recording it.
Some links of interest:
Backdoors...2019-10-2042 min
Purple Squad SecurityEpisode 62 - #ginfosec with InfoSecSherpa - Empathy as a ServiceIt's been long enough, and it's time for Tracy "InfoSecSherpa" to return for another #ginfosec episode! This time around we're going to talk about Empathy as a Service, a talk that she recently did at DerbyCon. Soft skills will get you everywhere, and Tracy has some great advice to share about a topic she's very passionate about.
Some links of interest:
Tracy's Talk - https://www.youtube.com/watch?v=KILlp4KMIPA
Tracy's OSINT-y Goodness Blog - medium.com/@InfoSecSherpa
Tracy's Twitter - https://twitter.com/InfoSecSherpa
Want to reach out to the show? There's a...2019-10-061h 01
Purple Squad SecurityEpisode 61 – Anniversaries and UpdatesAh, I love anniversaries. This is an anniversary episode celebrating 2 years of Purple Squad Security! Just a few personal rants and discussions for those interested in a bit of a behind the scenes view of things here at the show. No guests, just me blathering on about stuff. Enjoy!
Some links of interest:
Cyber City
Website
Twitter
Podcast Store: https://purplesquadsec.com/store
Want to reach out to the show? There's a few ways to get in touch!
Purple Squad Security's Twitter: @PurpleSquadSec
John's Twitter: @JohnsNotHere
John's Mastodon: https://infosec.exchange/@JohnsNotHere
Podcast Website: pu...2019-09-2237 min
Purple Squad SecurityEpisode 60 – Tabletop D&D with Ken Johnson & Seth Law from Absolute AppSecThe hiatus is over! Welcome back everyone to the latest episode of the Purple Squad Security podcast! In this episode we have Ken Johnson and Seth Law from the Absolute AppSec Podcast joining me for the latest session of Tabletop D&D. Enjoy!
Some links of interest:
Absolute AppSec
Website
Twitter
Seth's Twitter Account: @sethlaw
Ken's Twitter Account: @cktricky
Want to hear about a new Infosec con? If you're in and around the Waterloo region area in October, why not check out Cyber City! This is Waterloo region's premier information security conference. Tickets are on sal...2019-09-011h 08
The PIT Show: Reflections and Interviews in the Tech WorldJohn Svazic Helps Keep Orcs Out of the Server RoomCheck Out John’s PodcastPurple Squad SecurityHire John for Your Next Tabletop Event https://elitesec.ioFollow John@JohnsNotHere - Twitter@PurpSquadSec - TwitterKeep Up With Productivity in TechIf you have a Podcast, Youtube or Twitch Channel and need help:Getting Things off the groundEditing, Transcriptions, or HostingNewsletter or Social Media ManagementWe are accepting new clients. Visit Productivity in Tech.com for more inf...2019-07-0939 min
The (Bonus) PIT Show - Interviews and AftershowsJohn Svazic2019-07-071h 08
Purple Squad SecurityEpisode 58 – Malware Analysis with Kyle AndrusOften times in information security, we look upon penetration testing and red teaming with awe and view those professions as the "sexy" side of security. Truth be told, the defensive side has a lot of exciting opportunities as well! Kyle Andrus joins me this week to talk about malware analysis, which I think is definitely one of the sexier sides of defense. Some links of interest:
Practical Malware Analysis Book - https://nostarch.com/malware
Cuckoo Sandbox - https://cuckoosandbox.org/
CyberChef - https://gchq.github.io/CyberChef/
Leny Zeltser's Blog...2019-06-2343 minPurple Squad SecurityEpisode 57 – Tinker After Dark – Tinker Tales by the FireThere were more than a few of you who were anxiously awaiting his return, and he's back! Tinker joins me once again to share some stories from his adventures in hackerland. In addition, I have given Tinker free reign to speak as he chooses, and naturally I participate as well. Fair warning, this is not safe for work or sensitive ears. I do ask that you try not to be offended, as his stories and reflections on those events makes for one excellent episode.
Some links of interest:
Tinker's Fediverse Account: @tinker@infosec.exchange
Ti...2019-06-091h 20Purple Squad SecurityEpisode 56 – John Reads: Choose Your Own Red Team AdventureA few weeks ago, Sam King on Twitter mentioned me in a tweet that included a link to a Medium post, but not just any Medium post. Tim MalcomVetter had posted up an "Choose Your Own Red Team Adventure", which I thought was just amazing! I used to read a lot of choose your own adventure books as a kid, so I was naturally excited! For this episode, I will be going through the story the first time, reading aloud as I try my hand at red teaming against a customer. I hope you enjoy!
Some links of i...2019-05-2632 minPurple Squad SecurityEpisode 55 – Talking Privacy with Matt BelandCORRECTION: Early in this episode I mentioned that Amazon would ask for your email password when signing up for a new account. I meant to say Facebook, not Amazon. The practice has since been discontinued, but I wanted to make it clear that this was a Facebook practice, not Amazon. Amazon has not, to the best of my knowledge, ever done something like this. Sorry for the mixup.
For most security professionals, we view the CIA triad as our grail. No, not the US government agency that works around the world doing a lot of questionable things, but r...2019-05-1249 minPurple Squad SecurityEpisode 54 – Tribe of Hackers with Marcus J. CareyTribe of Hackers is a recently released book by Marcus Carey and Jennifer Jin that is a collection of stories from member of our community, or tribe as Marcus describes it. This was a great and insightful interview, and definitely one you will want to listen to if you haven't read the book yet. Some links of interest:
Tribe of Hackers: https://www.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189/
Tribe of Mentors (inspiration for Tribe of Hackers): https://www.amazon.com/Tribe-Mentors-Short-Advice-World/dp/1328994961/
The 4 Agreements - https://www.amazon.com/Four-Agreements-Practical-Personal-Freedom/dp/1878424319/
Marcus's T...2019-04-2829 minPurple Squad SecurityEpisode 53 – #Ginfosec with @InfoSecSherpa – All About Cons!Once again I am pleased to share a #ginfosec episode with the woman who helps guide others through the mountains of infosec, Tracy InfoSecSherpa Maleeff! In this extended episode Tracy and I speak about conferences from the attendee point of view; what to expect, what to bring, how to go, and what you should aim to get from the con. Enjoy! Some links of interest:
Tracy's Twitter: @InfoSecSherpa
Sign up for Tracy's Nuzzle Newsletter: https://nuzzel.com/InfoSecSherpa
Study on different note taking techniques: https://www.scientificamerican.com/article/a-learning-secret-don-t-take-notes-with-a-laptop/
Tracy's Un...2019-04-141h 37Purple Squad SecurityEpisode 52 – John The GeneralistThis week John goes solo and decides to talk about a recent threat he spun up about on Twitter, naming himself as a generalist within Information Security and discussing what that means to him. Some links of interest:
John's Twitter Thread
We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:
https://purplesquadsec.com/store
Want to reach out to the show? There's a few ways to...2019-03-3137 minPurple Squad SecurityEpisode 51 – Fireside Chat with Chris FoulonChris Foulon stops by for a fireside chat to talk about breaking into Infosec. For those unfamiliar with the fireside chat series, this is where we come in with a topic but no other real agenda. It's a casual conversation where I just have a casual conversation with my guest, similar to what would happen in hallway con. I hope you enjoy! Some links of interest:
Chris' LinkedIn: https://www.linkedin.com/in/christophefoulon/
Chris' Twitter: @chris_foulon
We have a new store! Come check out the various Purple Squad Security goods you can...2019-03-1039 minPurple Squad SecurityEpisode 50 – Tabletop D&D with Tim De Block, Ed Rojas, Daniel Ebbutt, and Kyle AndrusIt's that time again! Yes, another Tabletop D&D episode is upon us! This time I asked Timothy de Block from the Exploring Information Security podcast to join me, along with a few interesting characters. Let's just say this particular episode is not for the faint of heart, and we have a few swears thrown in to keep with the atmosphere. Enjoy! Some links of interest:
Exploring Information Security Podcast: https://www.timothydeblock.com/eis/
Tactical Edge: https://tacticaledge.co/index_en.html
Tactical Edge Twitter: @Tactical3dge
Kyle's Twitter: @chaoticflaws
2019-02-171h 29Purple Squad SecurityEpisode 49 – The Red Team Life with Curtis BrazzellWhat is a red team? How does it differ from a penetration tester's day-to-day? How do red teams stay sharp? How do they stay motivated? These are a few of the questions I seek to have answered by Curtis Brazzell, a managing Security Consultant at Pondurance. It's a great interview and sheds light on the difference between red teaming and penetration testing.
Some links of interest:
Curtis' Twitter: https://twitter.com/CurtBraz
Curtis' LinkedIn Profile: https://www.linkedin.com/in/curtisbrazzell/
Pondurance Website - https://www.pondurance.com/
We have a n...2019-02-0334 minPurple Squad SecurityEpisode 48 – All About Magecart with Yonathan KlijnsmaMagecart - a web-based credit card skimming kit used by various groups to grab ahold of online shoppers credit cards. Interesting? You bet! On this episode of the Purple Squad Security podcast I have Yonathan Klijnsma, Head Researcher at RiskIQ, joining me to discuss their research on Magecart.
Some links of interest:
Inside Magecart Report - https://cdn.riskiq.com/wp-content/uploads/2018/11/RiskIQ-Flashpoint-Inside-MageCart-Report.pdf
Ticketmaster breach - https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/
British Airways breach - https://www.riskiq.com/blog/labs/magecart-british-airways-breach/
Newegg breach - https://www.riski...2019-01-2051 minPurple Squad SecurityEpisode 47 – Happy New Year! Show Updates and Other NewsWelcome to 2019! John goes solo in this episode and talks about his personal goals for 2019, plus some updates for the show that should make things a bit more structured and hopefully more interesting for the listeners.
Some links of interest:
EliteSec Website: https://elitesec.io/
Want to reach out to the show? There's a few ways to get in touch!
Purple Squad Security's Twitter: @PurpleSquadSec
John's Twitter: @JohnsNotHere
John's Mastodon: https://infosec.exchange/@JohnsNotHere
Podcast Website: purplesquadsec.com
Patreon - https://www.patreon.com/purplesquadsec
...2019-01-0632 minPurple Squad SecurityEpisode 46 – Holiday Special – Storytime with Jayson E. StreetContinuing our storytime theme for the holidays, on this week's show we have a special guest, Jayson E. Street! For those who follow Jayson online, his hacker adventures bring him to all sorts of interesting places. Jayson shares a story of one of those places, in which he robs the wrong bank. Some of you may know this story, but he also provides us with an epilogue to this story that few have heard! Thanks Jayson!
Some links of interest:
Jayson's Website: http://jaysonestreet.com/
Jayson's Twitter: @jaysonstreet
Want to reach out t...2018-12-1633 minPurple Squad SecurityEpisode 45.1 – Holiday Special – Storytime with Tinker – NO MUSIC!!!Hey everyone, this is a re-release of episode 45 with Tinker, but this one is WITHOUT the background music. I hope this makes up for the snafu in an otherwise great interview!
Happy December everyone! Whatever holiday you may be celebrating this season, may it be enjoyable. I've decided for the month of December to treat myself, by having a bunch of people I hold in high regard to join me in sharing of their tales, similar to the fireside chats I've had in the past. We have no set agenda, we have no set time, but we do p...2018-12-131h 06Purple Squad SecurityEpisode 44 – SANS Holiday Hack Challenge with Ed SkoudisSo, a very popular season is coming up shortly. I'm not talking about Thanksgiving (for my US listeners) and I'm not talking about Christmas for my Christian listeners. No, I'm talking about the season that all good little hackers look forward to - the time when the SANS Holiday Hack Challenge is released!
This is probably one of the most ambitious CTFs I have ever known about, and I am lucky enough to get one of the main drivers behind it to join me for today's episode! Ed Skoudis joins me to talk all about the SANS Hol...2018-11-1850 minPurple Squad SecurityEpisode 43 – Not all vulnerabilities are created equal with Tanya JancaVulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you're on. For some, it's a thing of pride, and hopefully a monetary reward! For others, it's a punch to the gut, fear inducing, "Oh crap!" moment because someone has shown you a flaw you weren't aware of.
But what if the disclosure isn't actually a valid vulnerability? That's the topic for this episode discussion, and thankfully I have someone who knows about exactly that! Tanya Janca joins me to discuss when a v...2018-11-0455 minPurple Squad SecurityEpisode 42 – CyberZoology with Patrick KelleyDefending is hard. The adage of "an attacker only has to be right once" is a bit played out, but it does have a hint of truth in that trying to defend everything is a monumental task. Defenders are often short on budgets, short on time, and short on patience for silly sayings like these.
This week I'm happy to have Patrick Kelley on to talk about some very interesting work he has done on coming up with defensive techniques for freight trains using a Raspberry Pi! If you want to hear about unique ways to defend uni...2018-10-2156 minPurple Squad SecurityEpisode 41 – Cyber Security Awareness Month with Tracy MaleeffOctober is Cyber Security Awareness Month, and with that who better to help share some ideas on how to give back to the community than our own InfoSecSherpa! Tracy Maleeff joins me to talk about Cyber Security Awareness Month, #ginfosec and #inforum. This will be one of the most relaxed Infosec podcasts you'll hear this year.... Some links of interest:
GetCyberSafe (Canada) - https://www.getcybersafe.gc.ca/cnt/rsrcs/csam/thms-en.aspx
StaySafeOnline (US) - https://staysafeonline.org/ncsam/themes/
Tracy's Twitter - https://twitter.com/InfoSecSherpa
Infosec Mastodon - https...2018-10-071h 04Purple Squad SecurityEpisode 40 – Tabletop D&D With Rally SecurityIt's that time again! With milestone episode 40, we have another Tabletop D&D episode for you to enjoy! This time around we are joined by a few members of the Rally Security podcast to face some scenarios and see how they fare. Let's just say this was a rather impressive episode for a number of reasons. Some links of interest:
Rally Security Homepage - http://rallysecurity.com/
Rally Security Twitch - https://www.twitch.tv/rallysecurity
Rally Security Twitter - https://twitter.com/RallySecurity
Ben's Twitter - https://twitter.com/benheise
2018-09-231h 19Purple Squad SecurityEpisode 39 – John’s OSCP JourneyOver the past few months, John has been working on obtaining his OSCP certification. Recently he attempted and successfully passed the exam! In this episode he goes over his journey, what he learned as well as a few tips to help those attempting this rather difficult certification.
Some links of interest:
Penetration Testing - A Hands On Introduction to Hacking - https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
Web Application Hacker's Handbook 2nd Edition - https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
OSCP Prep:
https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
https://github.com/burntm...2018-09-1658 minPurple Squad SecurityEpisode 38 – Discussing the Cyber Kill Chain with Amanda BerlinThe cyber kill chain. For some, it's a nice framework to help build your defenses and help during an incident. For others, it is an over hyped and rigid list that no real attacker follows anymore. However you view the cyber kill chain, it is a strong pillar within Infosec, especially when it comes to defending your network. Amanda Berlin joins me today to talk about the cyber kill chain, what it is and how to disrupt attacks using it! Some links of interest:
Amanda's Disrupting The Kill Chain Training - https://www.youtube.com/playlist?list=PL-giMT...2018-08-2649 minPurple Squad SecurityEpisode 37 – Bring Your Own Land with Nathan KirkLiving off the land is a term well understood by both offensive and defensive teams. For offensive teams, it's meant by using the technologies already present on the system, such as Powershell, Python, and even Perl for those who like a challenge (or are facing an older Unix system). On the defensive side, enhanced logging and locked down configurations are put in place to detect and prevent the use of these tools by malicious actors to either catch or prevent these actors from doing harm. Nathan Kirk (@sekirkity) joins me this week to talk about the concept behind "Bring Your...2018-08-1231 minPurple Squad SecurityEpisode 36 – The Joy of CTFs with Derek RookCapture The Flag games, or CTFs, are a popular way for infosec pros to brush up on the offensive skills. From VulnHub to HackTheBox, there are a few different ways to quote "get your hack on"! Derek Rook (@_r00k_) joins me today to talk about CTFs and how they can assist in your Infosec journey, regardless of your role. Some links of interest:
Derek's YouTube Channel - https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA
Derek's Twitch Stream - https://www.twitch.tv/r00k_infosec
ippsec's YouTube Channel - https://www.yo...2018-07-2945 minPurple Squad SecurityEpisode 35 – Container Security with Jay BealeFrom jails to virtual machines, process isolation is the "holy grail" of security. Lately, containers have been the go-to for modern organizations in order to scale and implement things like microservices. Jay Beale of InGuardians fame joins me to talk all about container security! Some links of interest:
Securing Applications with Linux Containers (Webinar by Jay Beale)
Docker security - Using containers safely in production (Article by Adrian Mouat)
Clair (Container Scanner) - https://github.com/coreos/clair
InGuardians Website - https://www.inguardians.com/
InGuardians Blog - https://www.in...2018-07-1553 minPurple Squad SecurityEpisode 34 – Exploring Powershell with Mick DouglasLiving off the land is pretty standard fare for pen testers. On Linux systems, the go-to is usually Python, but on Windows it's all about Powershell. This week I'm fortunate enough to sit down with Mick Douglas to talk all things Powershell! Some links of interest:
Powercat - https://github.com/besimorhino/powercat
Mick wants to give a special shout out to Luke Baggett for all the great work he's done on this project!
Kansa - Dave Hall was the original author - https://github.com/davehull/Kansa
Mick's Public Projects - https://githu...2018-07-0153 min
Down the Security Rabbithole Podcast (DtSR)DtSR Episode 302 - InfoSec Superhero SyndromeSend the hosts a message - try it now!This week, as DtSR rolls on to Episode 302, we talk with John Svazic who is a Cloud Security Architect for a day job and runs the Purple Squad Security Podcast in his spare time. His perspective on the idea of an "infosec army of one" is one that many of us share, and it needs to be solved. Highlights from this week's show include... Trying to solve everything, on our own... burn out or flame on Working as a lone wolf can be detrimental to y...2018-06-2638 minPurple Squad SecurityEpisode 33 – 3 Pillars for Starting a Security ProgramIn this episode John goes at it alone and discusses his own experiences with starting up a security program at different organizations by focusing in on what he views are the 3 key pillars for a new security program. Some links of interest:
CIS Critical Security Controls - https://www.cisecurity.org/controls/
Malware Archeology - Logging Cheat Sheets - https://www.malwarearchaeology.com/cheat-sheets/
Linux Security Incident Log Review Checklist - https://zeltser.com/security-incident-log-review-checklist/
SANS Log Management In-Depth - https://www.sans.org/brochure/course/log-management-in-depth/6
OWASP Logging Che...2018-06-1743 minPurple Squad SecurityEpisode 32 – Fireside Chat with Deviant OllamContinuing on with my fireside chat series, where I bring on a guest to just have a casual chat and see where the conversation takes us, my guest this time is Deviant Ollam. Well known for his work with TOOOL and the locksport community, we take a different path and talk about physical penetration testing as well as hear some great stories from the road.
Some links of interest:
Deviant's Twitter: @deviantollam
The CORE Group: https://enterthecore.net/
And for fun:
Check Box Secure: http://www.checkboxsecure.com/
Want to reach out...2018-06-0357 minPurple Squad SecurityEpisode 31 – Killing the Pen Test with Adrian SanabriaThe penetration test, or pen test as it's commonly referred to, is one of the great necessary evils in Infosec today. My guest for this episode is Adrian Sanabria, who has an interesting thought - let's kill the pen test! Adrian has been in the industry for quite some time in quite a variety of roles, so he has some great experience and insights to share. Let's see what his replacement for a pen test entitles! Some links of interest:
Adrian's Twitter: @sawaba
Savage Security: https://www.savagesec.com/
BSides Knoxville: https://bsidesknoxville.com/2018-05-2049 minPurple Squad SecurityEpisode 30 – Infosec D&D Tabletop with Jerry Bell and Andrew Kalat from Defensive SecurityIt's that time again! We're doing another Infosec tabletop in a D&D style, this time with the fine gentlemen from the Defensive Security podcast! Jerry and Andrew join me for another infosec tabletop with all new scenarios, pitfalls, and approaches. Special thanks to Ryan McGeehan and his Tabletop Scenarios twitter account for providing the ideas behind this episodes "challenges". Some links of interest:
The Defensive Security Podcast: https://defensivesecurity.org/
Jerry's Twitter: @maliciouslink
Andrew's Twitter: @lerg
Tabletop Scenarios Twitter: @badthingsdaily
Want to reach out to the show? There's a few...2018-05-0655 minPurple Squad SecurityEpisode 29 – The Importance of Community in Infosec w/ Cheryl “3ncr1pt3d” BiswasThe idea of "community" is an important one, especially if you talk about a group of people who want to help improve their skills by sharing their ideas, experiences, etc, with like minded individuals. The Infosec community is no exception to this. In fact I would argue that it is one of the strongest communities I have encountered yet! Joining me this week is Cheryl "3ncr1pt3d" Biswas to talk about the Infosec community, what makes it special, and the importance of it. In addition we will be talking about one of Cheryl's many contributions to the community in...2018-04-2946 minPurple Squad SecurityEpisode 28 – John’s Weird Path To #Infosec And Other RamblingsWith no guest this week, John decides to share his own story about how he got into #infosec and some other thoughts he's had about the journey and why it's a never ending adventure to learn new things. Some links of interest:
MeetUp.com
OSSEC
Wazuh (OSSEC Alternative)
Want to reach out to the show? There's a few ways to get in touch!
Show's Twitter: @PurpleSquadSec
John's Twitter: @JohnsNotHere
Podcast Website: purplesquadsec.com
Sign-Up for our Slack community: https://signup.purplesquadsec.com
2018-04-2242 minPurple Squad SecurityEpisode 27 – Infosec and Mental Health with Danny AkackiStress. Depression. Anxiety. Fear. Uncertainty. Doubt. All of these symptoms and conditions are well known to anyone who has spent a few years in security. This can be a heavy topic, but it's one that we should discuss openly and often. Danny Akacki joins me on this episode to talk about his own mental health, what are some of the things that has helped him, and he also gives us some insight on his contributions back to the community through the creation of infosanity.org, a website dedicated to helping those in the hacking community who may be struggling and are...2018-04-1547 minPurple Squad SecurityEpisode 26 – DFIR in the Cloud with Jonathon PolingFrom the crowd to the cloud, we shift focus this episode to a topic that may be holding back some infosec professionals from embracing the cloud - namely what to do when you're attacked? Digital Forensics and Incident Response (DFIR) is a topic we've covered in the past, but that was from a more traditional view. I'm fortunate enough to have Jonathon Poling (@JPoForenso) join me again to revisit DFIR, but this time from a cloud perspective. What's easier, what's harder, and what's different? Have a listen to find out! Some links of interest:
Margarita Shotgun
AW...2018-04-0849 minPurple Squad SecurityEpisode 25 – Securing The Crowd with Nicolas ValcarcelThe crowd. Recently gaining attention again due to some news events that were much ado about nothing, there is still a bit of a mystery with crowdsourcing and how best to secure it. Organizations like Bug Crowd and HackerOne have shown it can be used for specific security tasks, but what about in general? Nicolas Valcarcel joins me on this episode to share his thoughts and experience with security the crowd and what organizations should be aware of when considering using the crowd for their own purposes. Some links of interest:
Crowd Security Whitepaper - https://github.com...2018-03-2554 minPurple Squad SecurityEpisode 24 – Fireside Chat with Joe GrayIn the first of a new format, I sit down with Joe Gray with only a handful of questions and just chat. We cover things from Through The Hacking Glass, upcoming talks that Joe will be doing, to the various conferences that Joe will be attending. Lots of great information and stories were shared, and if you'd like to provide feedback, please reach out and let me know! Also, make sure you listen for a special easter egg that Joe has for those who are in the Atlanta area in September for entry to a conference at no cost! Som...2018-03-1854 minPurple Squad SecurityEpisode 23 – Speaking to Developers with James JardineContinuing with the theme of soft skills that any infosec professional should have, this episode will focus on developers. I sit down with James Jardine from the DevelopSec podcast to talk about how best to communicate with developers. Just like executives, developers have a different language and approach that is needed in order to communicate effectively. Trying to avoid the all-to-common animosity between developers and security, James and I discuss some strategies to help build bridges between the groups and not burn them to the ground. Some links of interest:
www.jardinesoftware.com
www.developsec.com...2018-03-111h 11Purple Squad SecurityEpisode 22 – Open Source Intelligence Techniques with Michael BazzellNothing helps out security more than information. Heck, it's the first part of our professions name! In Infosec, knowledge is key and sometimes we need to roll up our sleeves to get the information we need from various open source outlets. I'm fortunate to have as a guest on this episode the man who literally wrote the book on OSINT techniques, Michael Bazzell. We discuss OSINT techniques as well as his recently updated book. Have yourself a listen and hear the advice Michael has for starting your own OSINT adventures. Some links of interest:
https://inteltechniques.com/
...2018-03-0433 minPurple Squad SecurityEpisode 21 – The Myth of the Purple Teamer with Haydn JohnsonI love purple teams. Purple teaming is something that I was hoping to share with more people and more organizations! It's part of the reason I named this podcast after them. So why don't I think that a purple teamer exists? It's an interesting stance, but it's one that makes sense. Joining me this week is Haydn "Doctor Purple" Johnson to discuss all things purple. Some links of interest:
Red Teamers Can Learn Secrets by Purple Teaming
Purple Teaming: Red & Blue Living Together, Mass Hysteria
Red Team v. Blue Team? They Are In Fact...2018-02-2547 minPurple Squad SecurityEpisode 20 – Physical Penetration Testing with Jek HydeNot all penetration testing is done in a virtual setting or even through a phone call. Sometimes you need to get down and dirty and actually interact with people. In this very special episode I sit down and speak with the great Jek Hyde about physical penetration testing and everything that it entitles. It's a fascinating talk for sure, and one you don't want to miss. Some links of interest:
Jek's Motherboard Article
IntelTechniques.com
Open Source Intelligence Techniques (Book)
Google Hacking Database (Google Dorks)
redteamtools.com
@Hyd...2018-02-1853 minPurple Squad SecurityEpisode 19 – Speaking to Executives with Tracy MaleeffHave you heard the term, managing up? It's and old expression used when you need to make sure that your boss has his or her expectations met so that you can focus on your own job. Information security is really no different, and in a lot of ways it's also more important to get right. We are an industry of social introverts and generally prefer the warm embrace of an IRC screen, Twitter feed or Slack channel for our communications. It's taken me many years to get comfortable with speaking with other humans, but more than that I have lear...2018-02-111h 10Purple Squad SecurityEpisode 18 – Threat Hunting with Will HarmonTake a pinch of blue, a dash of red, plus some good old fashioned investigative intuition and you get Threat Hunting! Well, not exactly but it's a start! This week Will Harmon from Trustwave's Spider Labs comes on the show to explain what Threat Hunting is, why it's important and how people can get started into this exciting infosec field! Some links of interest:
Trustwave Global Security Report - 2017
threathunting.org
threathunting.net
SANS Reading Room for Threat Hunting
eLearningSecurity - Threat Hunting Professional
cybrary.it - In...2018-01-2834 minPurple Squad SecurityEpisode 17 – A Look At The Treacherous Twelve From The CSAThe Cloud Security Alliance (CSA) has long been known to be the source of cloud security discussions. From the CCSK to the partnership with ISC(2) to bring us the CCSP, they are definitely a group to pay attention to. This week I focus on their "Treacherous Twelve", a list of 12 security concerns for any organization moving to the cloud. Some links of interest:
CCM - https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1/
CSA Top Threats To Cloud Computing Plus: Industry Insights - https://cloudsecurityalliance.org/download/top-threats-cloud-computing-plus-industry-insights/
Want to reach out to the show...2018-01-2138 minPurple Squad SecurityEpisode 16 – OSINT with Joe Gray from Advanced Persistent SecurityThis week Joe Gray, host of the Advanced Persistent Security podcast, that friend you didn't recognize but added to Facebook anyway, and security researcher joins me to talk about OSINT. This is a packed episode full of security goodness and definitely not one you want to miss! Some links of interest:
Advanced Persistent Security - https://advancedpersistentsecurity.net/
@c_3pjoe
Through The Hacking Glass
@hackingglass
@rainmain_a
Peerlyst
OSINT Tools
Recon-NG
OSINT Framework
Maltego
Hunch.ly
Other Sites
Indeed.com
haveibeenpwned.com
Innocent Lives Foundation
Want to reach out to...2018-01-141h 00Purple Squad SecurityEpisode 15 – Infosec Tabletop D&D with Brakeing Down SecurityThe first of a series, I sit down with Bryan and Brian of Brakeing Down Security fame to have a fun take on a classic tabletop scenario with a D&D feel. Please hold the hate, I haven't played D&D in many years and I know it's not "classic", but it's fun and lighthearted. We go through a few different scenarios with you all in the hopes you find it enjoyable, entertaining, and educational. If you enjoyed this episode, please let me know! I'd like to make this a recurring theme every 12-15 episodes with different podcasters if the...2017-12-2453 min
BrakeSec Education Podcast2017-SPECIAL005-End of year Podcast with podcastersAs is tradition (or becoming around here) we like to get a bunch of podcasters together and just talk about our year. No prognostications, a bit of silliness, and we still manage to get in some great infosec content. Please enjoy! And please seek out these podcasts and have a listen! Slight warning: some rough language People and podcasts in attendance: Tracy Maleef (@infosecSherpa) Purple Squad Security Podcast (@purpleSquadSec) - John Svazic (@JohnsNotHere) Advanced Persistent Security (@advpersistsec) - Joe Gray (@C_3PJoe) Danny...2017-12-231h 25Purple Squad Security2017 Holiday Special – Podcast of PodcastersI feel truly touched to be included in this year's tradition of the podcast of podcasters, hosted by Bryan Brake of Brakeing Down Security. This is the audio that you will hear from the various other podcasts that were on the episode with me. I was a bit star-struck, but it was a great time all around. Enjoy! Podcasts and Podcasters represented on the show:
Brakeing Down Security
@brakesec
@bryanbrake
@InfoSystir
Advanced Persistent Security
@advpersistsec
@C_3PJoe
Rally Security
@RallySecurity
@Dakacki
twitch.tv/rallysecurity
youtube.com/rallysecurity
Iron Sysadmin
@IronSysadmin
@gan...2017-12-221h 25Purple Squad SecurityEpisode 14 – OWASP Top 10 2017 – A6 Through A10In the completion of our look at the OWASP Top 10 for 2017, this episode will cover the final 5 items on the list, from A6 (Security Misconfiguration) through A10 (Insufficient Logging & Monitoring). Some links of interest:
OWASP Top 10 - https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
OWASP XSS Filter Evasion Cheat Sheet - https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
OWASP XSS Prevention Cheat Sheet - https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
OWASP DOM-based XSS Prevention Cheat Sheet - h...2017-12-1039 minPurple Squad SecurityEpisode 013 – OWASP Top 10 2017 – A1 Through A5The Open Web Application Security Project (OWASP) group has created a Top 10 web applications vulnerability list since 2003. Normally the list gets updated every 3 years or so, with the previous release being 2013. Now with the 2017 list being finalized, I felt it was appropriate for us to go through it and look at it from a red and blue team perspective. This episode will cover the first 5 items on the list, from A1 (Injection) through to A5 (Broken Access Control). Some links of interest:
OWASP Top 10 - https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
S...2017-12-0334 minPurple Squad SecurityEpisode 012 – InfoSec Certifications with Kim CrawleyCertifications. We either love them or hate them, but we cannot deny that they are needed. Either to prove a set of skills, prove the ability to memorize facts and take tests, or to prove that our egos are bigger than our peers, there are lots of opinions on certifications. This week Kim Crawley joins me to talk about a recent article she has written for Cylance, Security Certifications You Should Consider Getting. We discuss what certifications are good for, our opinions on them, HR managers, and where you can find resources to help you study. Some links of inter...2017-11-2648 minPurple Squad SecurityEpisode 011 – Security Scenario Generator with Dr. Z. Cliffe SchreudersAs security professionals, we often try to keep our skills sharp. We normally do this by going to training, reading books, or participating in CTFs. There are Webgoat and Juice Shop from OWASP; sites like HackTheBox, OverTheWire, and SmashTheStack which are often mentioned when people are looking for websites to practice on. This week I speak with Dr. Z. Cliffe Schreuders about the Security Scenario Generator, a rather ambitious project that may scratch that vulnerable VM itch you've had for a while. Some links of interest:
Security Scenario Generator: https://github.com/cliffe/SecGen
Dr. Z...2017-11-1940 minPurple Squad SecurityEpisode 010 – Crowdsourced Pen Testing w/ Jason Haddix of BugcrowdPenetration testing. If you're in the information security field, you have run into your fair share of them. Now there seems to be a trend with penetration testing moving to a crowdsourcing model. This week I speak with Jason Haddix of Bugcrowd to explore why that is, what's the draw and how are companies like Bugcrowd helping build the infosec community. Some links of interest:
Bugcrowd: https://www.bugcrowd.com/
HackerOne: https://www.hackerone.com/
HackTheBox: https://www.hackthebox.eu/
Bugcrowd Report: The 2017 State of Bug Bounty
Bugcrowd's Twitter: https...2017-11-1242 minPurple Squad SecurityEpisode 009 – Detecting Intruders on AWS with Scott PiperThe old saying of a defender has to be right 100% of the time while an attacker only has to be right once is growing a bit tired. Now blue team members should be measured not by keeping the attackers out, but by how quickly they can find out that they're on your network. Scott Piper joins me this week to discuss how we can detect intruders in your AWS cloud infrastructure. We cover a lot of different tools and techniques that you can use to help detect intruders, and some mitigation strategies to help reduce the risk when an at...2017-10-2942 minPurple Squad SecurityEpisode 008 – IAM Securing AWS with J Cole MorrisonThe cloud. The final frontier. Well, not exactly but it is a pretty important topic in today's IT environment. Unfortunately 2017 has been the year of leaks, hacks, and misconfigurations when it comes to the cloud. Amazon Web Services (AWS) is the cloud provider with the most market share, but its security configuration can leave a bit to be desired. J Cole Morrison joins me this week to discuss IAM policies in AWS, what they are and why they are important. Cole has written about IAM policies on his blog (link below), which I encourage everyone to read. Some links of in...2017-10-2232 minPurple Squad SecurityEpisode 007 – Securing Linux in Hostile NetworksLinux is often the operating system of choice for server deployments due to its stability and security posturing, right out of the box. Unfortunately not everything is "production ready" right after an install. Throughout the internet, there are a lot of Linux hardening and security guides on the internet but most are outdated and provide instructions that are no longer applicable. Kyle Rankin joins me this week to discuss his latest book, Linux Hardening in Hostile Networks: Server Security from TLS to Tor. This really is a great book and one I would recommend any InfoSec professional pick up to r...2017-10-1540 minPurple Squad SecurityEpisode 006 – What up BropyWhen people think of an open source IDS, they usually think of Snort. Bro is another open source IDS that is more than just an IDS. It is a Network Security Monitor that does so much more. Matt Domko joins me this week to talk about Bropy, a tool he built that works with Bro to help perform anomaly detection. This is definitely a tool you will want to have in your bag of tricks. Some links of interest:
Bro Homepage: https://www.bro.org/
Bropy: https://github.com/hashtagcyber/bropy
Matt's Twitter: @Hashtag...2017-10-0835 minPurple Squad SecurityEpisode 005 – #DFIR to Someone ElseDigital Forensics and Incident Response - DFIR. The mere mention of the acronym brings forth memories of CSI, plastic bags and agents in suits coming to collect all manner of evidence. In this episode I speak with Jonathon Poling, a DFIR expert who has graciously agreed to talk DFIR with me! Another great listen, Jonathon has a lot of great experience in the field and much to share. Have yourself a listen! Some links of interest:
Jonathon's Blog: http://ponderthebits.com/
Jonathon's Twitter: @JPoForenso
Slack Sign-Up Link: https://signup.purplesquadsec.com
Want t...2017-10-011h 03Purple Squad SecurityEpisode 004 – A Day In The Life Of A Red Teamer With Mark KiktaRed Teams. For some, it's the "frenemy". For others, it's the greener grass on the other side of the defence wall. In this episode I spend some time speaking with security consultant Mark Kikta about Red Teaming. Mark has been a Red Teamer for a while and has a lot of experience to share. We talk about a number of different things, share some laughs and try to shed some light on an often misunderstood group. Mark has also graciously offered to hang out in our Slack channel! Just message @mark to get in touch with him if you have q...2017-09-2450 minPurple Squad SecurityEpisode 003 – Just the Equifax ma’amEquifax had the largest data breach this year, possibly ever! How could I possibly pass up this opportunity to discuss what happened? How did it happen and what lessons could we learn from it? Equifax did a lot of things wrong for sure, but that doesn't mean that we should throw stones. Especially given how many of us live in glass houses. Have a listen as I explore the Equifax breach from another perspective, in the hopes of salvaging something of use for others in the infosec community. Some links of interest:
https://www.equifaxsecurity2017.com/
Eq...2017-09-1745 minPurple Squad SecurityEpisode 002 – Threat Modeling with Archie Agarwal – Part 2This is the conclusion of my two part series on threat modeling with Archie Agarwal. In this episode we go into some benefits on threat modeling, how it can be used beyond the early stages of development and how it can help red teams carry out a more in-depth test against targets! Some links of interest:
Offensive Threat Modeling for Pen Testers and Red Teams
How to Threat Model a Microservice Architecture
Anyone can Threat Model a Commute to Work
Archie's Email
ThreatModeler Company Website
Want to r...2017-09-1029 minPurple Squad SecurityEpisode 001 – Threat Modeling with Archie Agarwal – Part 1Welcome to episode 1! In this first part of a two part series, I sit down with Archie Agarwal to discuss threat modeling, what it is, why we need it and how it can help with improving your security posture early in your development cycle. Some links of interest:
Offensive Threat Modeling for Pen Testers and Red Teams
How to Threat Model a Microservice Architecture
Anyone can Threat Model a Commute to Work
Archie's Email
ThreatModeler Company Website
Want to reach out to the show? There's a few wa...2017-09-0349 min
Head In The CloudGoodnight, Goodbye, and Good LuckIt's the final episode of Head In The Cloud, but it's not the end of one of your favourite security podcasters! Listen up to hear what's in store for the podcast and why I'm shutting down Head In The Cloud.
Some links:
Purple Squad Security
Purple Squad Security Slack Signup Bot
Head In The Cloud was proud to be a part of the GonnaGeek Podcast Network!
Thanks for listening, and have a great week!2017-08-1316 minPurple Squad SecurityEpisode 000 – Welcome to the Podcast!Welcome to the first episode of the podcast! In this episode, I talk about the podcast, what it's about, what I'm hoping to cover, who the podcast is for, and generally just ramble on. Regardless, welcome to Purple Squad Security! I hope you enjoy your stay and come back for more.
Website: purplesquadsec.com
Show Twitter: @PurpleSquadSec
John's Twitter: @JohnsNotHere
John's Peerlyst: https://www.peerlyst.com/users/john-svazic
Thanks for listening!
Find out more at http://purplesquadsec.com2017-08-0809 minHead In The CloudAWS, Breaches, Chihuahuas, and more with Corey QuinnI speak with Corey Quinn about AWS and their recent news headlines related to various breaches amongst other things...
Corey Quinn joins me on today's podcast to talk about AWS and how they've been in the news lately for all the wrong reasons. We talk about the shared security model, things we like and may not like so much about AWS, as well as ... chihuahuas? You'll need to listen to get the full story.
Some links:
Last Week In AWS (Corey's Newsletter)
Verizon Data Leak
WWE Data Leak
2017-07-3045 minHead In The CloudDisaster Recovery In The CloudA brief look at disaster recovery and how it applies to the cloud.
Disaster recovery is an important part of any security plan you have for your organization. Disaster recovery in the cloud is equally important but is often overlooked. In this episode I take a look at different levels of disaster recover, how to apply them to the cloud and some ideas for defining your own disaster recovery plan.
Some links:
Compare Azure and AWS Service Offerings
Compare Google Cloud Platform and AWS Service Offerings
Gitlab Outage Post...2017-07-2347 minHead In The CloudUncovering flAWS In Your AWS Cloud EnvironmentScott Piper (@0xdabbad00) joins me to talk about flAWS, a website he created that is part capture the flag (CTF), red/blue team training, AWS security guide and honeypot!
Lots of interesting topics of discussion in this episode you definitely don't want to miss!
Some links:
flAWS
SummitRoute
Downclimb
Blog Article - Free Tools for Auditing The Security of an AWS Account
Email Scott
Twitter: @0xdabbad00
Head In The Cloud is proud to be part of the GonnaGeek Podcast Network!
2017-07-1641 minHead In The CloudIaaS, PaaS, and SaaS – Oh My!Looking at the different *aaS solutions, what they are and what the security concerns around them are.
The big three! The "ah-s" or "as-s" if you will. I discuss what IaaS, PaaS, and SaaS are, what they stand for and what security related concerns you should have regarding each one.
Some links:
CIS Hardening Benchmarks
Proud to be part of the GonnaGeek Podcast Network!
Want to get in touch? Feel free to reach out!
Website: https://myheadinthe.cloud
Twitter: @JohnsNotHere
Peerlyst: https://www.peerlyst.com...2017-07-0948 minHead In The CloudMalware – What Can We Do About It?I talk about Malware and some protections we can take in preventing its spread.
Today's episode is all about Malware - what can we do to protect ourselves, what are some best practices we can follow, etc. I'm a firm believer that Malware is something we can help curtail if we all do our part in protecting ourselves. The fewer systems there are to infect, the less common it will be.
Some links:
SANS Incident Handling for Small and Medium Businesses Whitepaper
Cisco's Talos Intelligence Blog
SANS Internet Storm...2017-07-0239 minHead In The CloudDevSecOps and Rugged DevOps with Anurag “Archie” AgarwalI speak with Anurag “Archie” Agarwal from ThreadModeler about DevSecOps, Rugged DevOps, their differences and a bit about threat modeling.
In this episode I speak with "Archie" Agarwal about DevSecOps and Rugged DevOps before venturing off to some other topics. Great interview, Archie is very knowledgable and a great guest! Have a listen and make sure to look up his company if you're in the market for threat modeling to increase your security posturing.
Contact info for Archie:
Email: archie@threatmodeler.com
Website: threatmodeler.com
Happy to be part of t...2017-06-2531 minHead In The CloudThe Different Colours of SecurityIn this episode, I take a look at the different colours that often come up in security discussions, such as black, white, red, blue, gray, and purple! Looking at each one in turn as well as figuring out what they mean is the purpose of this episode. And people thought InfoSec was boring...
Happy to be part of the GonnaGeek Podcast Network!
Want to get in touch? Feel free to reach out!
Website: https://myheadinthe.cloud
Twitter: @JohnsNotHere
Peerlyst: https://www.peerlyst.com/users/john-svazic
Thanks for...2017-06-1843 minHead In The CloudLet’s Talk About IDSs!Taking a look at IDSs, what they are, how they work and how they relate to cloud security.
In this week's podcast I take a look at Intrusion Detection Systems (IDSs), what they are, what they do, how they work and how they fit into a cloud security model. I went a bit long on this one but I think it's necessary given the breadth of this topic.
Some useful links from this podcast:
Snort
Bro
Suricata
OSSEC
Samhain
Wazuh
Tripwire2017-06-1153 minHead In The CloudData Residency and Privacy with Ishay TentserI speak with Ishay Tentser, CEO of IniTech-Digital Products & Innovation, about Data Residency and Privacy.
In this week's podcast I welcome Ishay Tentser to discuss data residency, privacy and law. This is an important topic that can get overlooked as you focus on security, but with a global economy, it's important to keep it at the forefront. Ishay is the CEO of IniTech-Digital Products & Innovation and was kind enough to join me from Jerusalem, Israel to discuss this important topic. Definitely not one you want to miss! You can reach Ishay via his email address, ishay@initech...2017-06-0438 minHead In The CloudRelationships and Soft SkillsAre you a security dictator or a respected colleague? Soft skills and relationship building are on the menu for this episode!
Taking a bit of a different turn in this episode. I will be looking at relationship building, whom to start with and who may require a softer touch. Do you want to be the security dictator or someone who is viewed as a peer? Fears or respected? Have a listen!
Want to get in touch? Feel free to reach out!
Website: https://myheadinthe.cloud
Twitter: @JohnsNotHere
Peerlyst: https...2017-05-2945 minHead In The CloudA high level overview of DevOps and Related ToolsIn today's podcast I take a look at system provisioning and the tools your DevOps team may want to look into, and how these tools can help increase your security stance in the cloud!
Back from a mini-break for Mother's Day, in today's podcast I take a look at system provisioning and the tools your DevOps team may want to look into, and how these tools can help increase your security stance in the cloud! Tools like Chef, Puppet, Terraform and Cloudformation are on the agenda and can be invaluable for success in your adventures in the...2017-05-2152 minHead In The CloudInterview with Loïc Simon about Scout2I interview Loïc Simon about Scout2, a great tool to help assess your security posturing on AWS!
In this episode I speak with Loïc Simon, the author of Scout2, a great tool to assess your security posture on AWS. We cover what Scout2 is, why it came about and how it differs from other tools like AWS Trusted Advisor. It's a great interview with an author of a great tool, so definitely check it out! You can reach Loic on Twitter (links below).
Some links:
Scout2
Loïc's Twitter
...2017-05-0737 minHead In The CloudCIS AWS Foundations Benchmark – Sections 2-4Completing our review of the CIS AWS Foundations Benchmark, sections 2 through 4.
In this episode we will finish off the remaining sections of the CIS AWS Foundations Benchmark, looking at sections 2 through 4. Lots of good stuff in here, including a number of things you may not have considered if you're new to AWS, so it's definitely worth a listen!
Some links:
Center for Internet Security AWS Foundations Benchmark v1.1.0
Want to get in touch? Feel free to reach out!
Website: https://myheadinthe.cloud
Twitter: @JohnsNotHere
Peerlyst: https://www...2017-05-0143 minHead In The CloudCIS AWS Foundations Benchmark – Section 1In this, my second episode, I look at the first section of the CIS AWS Foundations Benchmark and answer the question, what should you do first to lock down your cloud systems?
In the second episode of the podcast I take a look at some first steps in securing your AWS account by looking at the Center for Internet Security's AWS Foundations Benchmark! Since this is a long benchmark, we will be focusing on Section 1 in this podcast, with the remaining sections in a follow-up podcast.
Some links:
Center for Internet Security AWS...2017-04-2428 minHead In The Cloud5 Cloud Security MisconceptionsMeet the host and hear about 5 common cloud security misconceptions and why you should ignore them.
In this first podcast I introduce myself and then cover 5 common security misconceptions related to cloud computing, in no particular order. Still getting my bearings, so please bear with me.
Some links:
Synergy Research Group Cloud Provider Market Share Report
Want to get in touch? Feel free to reach out!
Website: https://myheadinthe.cloud
Twitter: @JohnsNotHere
Peerlyst: https://www.peerlyst.com/users/john-svazic
Thanks for listening!2017-04-1734 min