tag:blogger.com,1999:blog-40645753094221846052026-03-26T20:35:37.468-04:00Unknownnoreply@blogger.comBlogger26125tag:blogger.com,1999:blog-4064575309422184605.post-12368648272915069752021-09-07T12:49:00.007-04:002021-09-20T18:44:39.927-04:00

     via https://twitter.com/mindseyeccfTalk slides here: Recordings:Video Coming Soon!Further Reading:https://sixthirty-ventures.medium.com/why-we-invested-neosec-1a01d44b12e2https://www.wsj.com/articles/wells-fargo-embraces-multicloud-with-microsoft-google-deals-11631717100Tools:Coming Soon!Related Talks:Coming Soon!For more information or to set up a consultation

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-21437150767340333282020-05-08T12:09:00.002-04:002021-07-02T18:01:35.039-04:00

Further reading: DevSecOps - http://iotiran.com/media/k2/attachments/devopssec.pdf Encapsulation - https://tools.ietf.org/html/rfc7348 https://en.wikipedia.org/wiki/Virtual_Extensible_LAN Software Defined Networking (SDN) https://www.cisco.com/c/en/us/solutions/software-defined-networking/overview.html Software Defined - Wide Access Networking (SD-WAN) https://www.cisco.com/c/en/us/

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-20449268347441271882019-10-24T15:22:00.004-04:002019-10-24T15:22:55.427-04:00

They say all good things must come to an end. If my talk Sky-high IR: IR at Cloud Scale has been a good thing (and I think it has for many) the saying applies here too. Triangle InfoSeCon tomorrow will be the last time I will be giving this one, at least for a while.

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-27199212316928382772018-11-30T19:04:00.002-05:002018-11-30T19:04:46.925-05:00

I am very excited to announce I completed my Graduate Certificate Studies in Penetration Testing and Ethical Hacking (GC-PT/EH) through the SANS Technology Institute (STI) this Month!  "The SANS Technology Institute's post-baccalaureate certificate program in Penetration Testing & Ethical Hacking is based entirely upon four courses already available as an elective path through its

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-4064575309422184605.post-35098563354404979382018-10-19T14:30:00.000-04:002018-10-19T19:19:42.740-04:00

Talk slides here: Recording here: https://www.youtube.com/watch?v=Q8hfcBJVKq8&t=15s Big "Thanks!" to BsidesRDU.org and Adrian Crenshaw (@irongeek_adc) Data costs: https://azure.microsoft.com/en-us/pricing/details/bandwidth/ https://aws.amazon.com/blogs/aws/estimate-your-c/ Tools: SIFT Workstation Getting Data from S3 via Python AWS Montoring and Alerting 3-rd party tools:

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-64635619209823004872018-09-09T16:06:00.000-04:002018-09-13T16:52:52.261-04:00

I have shared with some of you that I am continuing my graduate studies, which I began in the Graduate Certificate Program in Penetration Testing and Ethical Hacking, in the Masters of Science in Information Security Engineering. This is a transition I have been planning for a couple years and I'm excited to get started. For the time, money, and effort I invest in this degree program I expect

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-56817577674522916522018-08-20T16:29:00.000-04:002018-09-13T16:30:27.321-04:00

Maybe you've always dreamt of getting into the InfoSec field, and have been thinking about getting into information security for a while, or it's just coming to mind now. Regardless of where you are in your journey, welcome to the InfoSec community! In the words of the great Kung Fu Master, Shifu, “There is no level zero.” If you’ve seen Kung Fu Panda, you may recall that Po is a panda who eats

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-10006770830176234642018-07-15T20:48:00.000-04:002018-09-13T15:59:17.984-04:00

       Over the years I have had the privilege of being a member of many organizations that put a great emphasis on leadership. From those experiences, both educational and military, I have grown to appreciate several characteristics of a leader, whom I prefer to define as someone who uses influence to bring people together and contribute to a common goal. I have seen that

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-83732164974317421132018-06-16T17:00:00.000-04:002018-08-07T20:54:24.190-04:00

Quick, think of a word that describes a combination of letters and numbers that can be used to login to your system... What came to mind? Was it "password"? One of the greatest problems in our industry may be the use of the word "password." The origination and proliferation of this word has led us to believe that we must construct this security device using such things as words rather than

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-6771844526222460702018-04-16T10:00:00.000-04:002018-08-07T20:38:39.153-04:00

This week many people are at RSAC for the week gaining knowledge and a ton of vendor swag. Believe me when I say I am not bitter about not being there. But watching from the sidelines got me thinking...    What if we took all the time and resources we spend on conferences and put them into security improvements?  What would that look like? Well, surely you've been to working

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-52908216580648020222017-11-15T00:05:00.001-05:002017-12-10T19:07:28.242-05:00

Millennials are the generation born from 1980 to 2000. Do you work with or lead millennials? The answer is likely yes. This group encompasses all workers between 18 and 37 years old! Would you approach a problem in your job the same no matter the requirements, challenges or other considerations? Would you try to secure a cloud infrastructure the same way you would an on-premise

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-45852995476292443372017-02-01T18:05:00.000-05:002017-12-10T18:15:41.449-05:00

How many of your candidates have consistently received user awareness training in phishing, information security and operational security annually for the past 3 or more years? I am guessing not many, which is precisely why military members are among the most well-trained candidates you will see. Military members receive world-class user awareness training that's application focused. Like

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-44157414014838534942016-12-01T17:05:00.000-05:002017-12-10T18:03:22.375-05:00

Hello! My name is social engineer. I like to use any and all information about you to gain access to your money, healthcare records and personal identity. It’s Halloween and it can be a scary time. Sometimes I’m scared by the amount of info people share about themselves and their loved-ones online. A great way to wrap-up National Cyber Security Awareness Month is to limit the amount of

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-82361387704569633672016-10-31T11:27:00.001-04:002016-11-07T09:56:13.169-05:00

I have seen a lot of talk lately about Cyber Security training for Vets. So in observance of this upcoming Veterans Day I am publishing this list of free and reduced resources. Unlike a google search, I am sorting these by my percieved training value from a hiring manager's perspective as a seasoned InfoSec Practitioner. But first an overview, employers are looking for people to work in InfoSec

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-15113529133739586422016-10-20T22:00:00.000-04:002016-10-28T11:43:27.413-04:00

Some resources for CryptoMalware Detection, Prevention, and Remediation Presy Slides (updated periodically): http://www.slideshare.net/AaronLancaster3/why-are-you-still-getting-cryptolocker ISSA Journal April 2016 Feature Article - CryptoLocker by Carl Saiyed http://c.ymcdn.com/sites/www.issa.org/resource/resmgr/JournalPDFs/feature0416.pdf Prevention J. Wolfgang Goerlich

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-50138147122820039842016-09-20T10:35:00.000-04:002016-09-20T10:39:09.209-04:00

There's a long-standing synicism around development not taking security into account and security picking up the pieces. In fact it's lead to memes like this: Author Unknown For many this cynicism may be hard to take seriously but in light of recent research below it takes on a different real-world perspective. Security is serious business and has serious real-world implications in safety,

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-44334031192217222282016-09-15T16:30:00.000-04:002016-09-20T12:25:47.830-04:00

In an FBI Public Service Announcement published today the Bureau is requesting that vicitims of ransomware report what hit them, the rootcause and even what they paid out in ransom. NOTE: Please be advised that the FBI is not duty bound to protect your information and you should consider the effects to your company should the FBI choose to make that info public. From the FBI PSA: What to

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-47061522775745016142016-08-31T17:38:00.000-04:002019-12-23T17:41:11.658-05:00

A while back I participated in a Cyber panel with the Nashville Business Journal. Read the article here.

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-27799372200229365642016-07-29T10:34:00.000-04:002016-08-24T11:18:15.606-04:00

July was an interesting month from a threat landscape perspective. We saw android security bulletins for RCE bugs as well as high-severity flaws, and the Jigsaw ransomware decrypted yet again. Perhaps the most dis-concerting is the newly reported use of Conficker in attacks against IoT devices.

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-86303995122096479232016-06-30T14:24:00.000-04:002016-08-24T10:30:07.209-04:00

Lately, I've been hearing of more and more companies "reigning-in" their Cyber Security professionals. At first impression this may seem like a no-brainer. But may be more backlash against the casual and laze faire behavior of a small group of abusive remote workers than anything. This begs several questions: 1. Is it more efficient? 2. Are workers (especially of certain generations) more

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-6483031676478837672016-05-31T16:18:00.000-04:002016-08-24T10:30:58.448-04:00

Had a great time presenting at BSides Knoxville 2016: CryptoMalware: The persistent, ubiquitious threat: *update* ICYMI: Watch the YouTube video of my presentation: https://www.youtube.com/watch?v=6dP5Zt49uA8 I'm greatly looking forward to next year!

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-40516247141827390662016-05-18T13:49:00.002-04:002016-08-24T10:30:54.178-04:00

One of the trends I have observed on the Cyber Security threat landscape is the movement from "Ransonware" like CyrptoLocker, TeslaCrypt and CryptoWall to a new category of malware I am calling "LeakWare." This is a distinct category of malware that needs its own category, defenses and and special attention. Simply defined, we can expect LeakWare will hold a user or company's data for ransom (

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-89959616239562044852016-03-31T10:28:00.000-04:002016-08-24T10:33:21.225-04:00

The hearing listens like a user awareness training session boadcast via C-SPAN. This is a classic case of sacrificing the greater good for the emotional satisfaction (revenge?) of the few. It's cirtical during times like these when emotions run high to remember that two wrongs don't make a right. Obviously, this wrong choice won't make those crimes right either. Congress, Please don't do this

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-84874766926117225742016-02-29T09:45:00.000-05:002016-08-24T10:30:58.453-04:00

I've heard a lot of talk lately about why a federal agency would bother with a hardware and software vendor in the course of obtaining a known terrorists associates. Here's my analysis FWIW... If you follow DOJ cases you'll notice a trend of late where in the course of establishing an air tight case judges are requesting very intimate details of how the FBI and others have come by their

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4064575309422184605.post-86481218195833921162015-05-18T00:00:00.000-04:002015-12-30T02:22:16.646-05:00

The Threat That Tech Can’t Stop… Your phone rings at work. The caller says he is from your IT helpdesk, and they need some information from you to wrap up a project that affects you. He asks for some information, and it seems legitimate enough, so you give it to him. Believe it or not, you’ve just fallen victim to a type of cybercrime called social engineering, also known as the “low-tech

Unknownnoreply@blogger.com