Brakeing Down Security Podcast

Brakeing Down Security Podcast A podcast all about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today’s workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

  • 2021-037-Tony Robinson, leveraging your home lab for job success – Part2
    by Tony Robinson, Bryan Brake, and Brian Boettcher on October 17, 2021 at 10:48 pm

    Tony Robinson (@da_667) Thought we’d put in a little news to round out the show https://www.bbc.com/news/world-us-canada-58863678 – nuclear secrets hidden in a peanut butter sandwich https://www.theregister.com/2018/04/20/rsa_security_conference_insecure_mobile_app/ https://www.vice.com/en/article/jg8w9b/the-twitch-hack-is-worse-for-streamers-than-for-twitch https://nakedsecurity.sophos.com/2021/10/08/apache-patch-proves-patchy-now-you-need-to-patch-the-patch/ https://www.securityweek.com/fontonlake-linux-malware-used-targeted-attacks https://securityaffairs.co/wordpress/123182/breaking-news/medtronic-recalled-insulin-pumps-controllers.html Similar device on ebay: https://www.ebay.com/itm/324762812721   https://www.zdnet.com/article/brewdog-exposed-data-of-200000-shareholders-for-over-a-year/   https://tpetersonkth.github.io/cve/2021/10/02/Analysis-of-CVE-2019-9053.html   https://0xdf.gitlab.io/ www.leanpub.com/avatar2  MSRP = $30 USD Book changes   What is the end goal?  Upskill? Independent consultant? Promotion? Bug bounties? Lab setup –    Lab setup types   Cloud based –  Desktop/laptop/NUC –  Server –    Good VMs to   https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ – 90 day WIndows machines   What other home lab equipment have would be helpful?Testing IoT/embedded devices? Car hacking? Malware analysis? https://bazaar.abuse.ch/ Virus Total Intelligence Honeypots @malware_traffic – https://twitter.com/malware_traffic/status/1446627364147023877 Analyzing binaries? Patch analysis (patch tuesday, print nightmare, etc)? https://wumb0.in/extracting-and-diffing-ms-patches-in-2020.html https://www.netresec.com/?page=networkminer   Soldering? Oscillators for voltage checks? Wireless? Old cellphones (mobile apps, don’t need cellular) Personal assistant devices (used IoT devices?) Accessing data stored on devices   Specific software licenses?  Burp? If I’m trying to break into infosec, how do I use my lab to sell myself to an employer? Does the employer care?  How can someone show what they’ve learned in a way that shows the value?

  • 2021-036-Tony Robinson, twtich breach, @da_667 lab setup new book edition! -part1
    by Tony Robinson, Bryan Brake, and Brian Boettcher on October 14, 2021 at 2:23 am

    Tony Robinson (@da_667) Thought we’d put in a little news to round out the show https://www.bbc.com/news/world-us-canada-58863678 – nuclear secrets hidden in a peanut butter sandwich https://www.theregister.com/2018/04/20/rsa_security_conference_insecure_mobile_app/ https://www.vice.com/en/article/jg8w9b/the-twitch-hack-is-worse-for-streamers-than-for-twitch https://nakedsecurity.sophos.com/2021/10/08/apache-patch-proves-patchy-now-you-need-to-patch-the-patch/ https://www.securityweek.com/fontonlake-linux-malware-used-targeted-attacks https://securityaffairs.co/wordpress/123182/breaking-news/medtronic-recalled-insulin-pumps-controllers.html Similar device on ebay: https://www.ebay.com/itm/324762812721 https://www.zdnet.com/article/brewdog-exposed-data-of-200000-shareholders-for-over-a-year/ https://tpetersonkth.github.io/cve/2021/10/02/Analysis-of-CVE-2019-9053.html https://0xdf.gitlab.io/   www.leanpub.com/avatar2  MSRP = $30 USD Book changes   What is the end goal?  Upskill? Independent consultant? Promotion? Bug bounties? Lab setup –  Lab setup types Cloud based –  Desktop/laptop/NUC –  Server –    Good VMs to   https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ – 90 day WIndows machines   What other home lab equipment have would be helpful?Testing IoT/embedded devices? Car hacking? Malware analysis? https://bazaar.abuse.ch/ Virus Total Intelligence Honeypots @malware_traffic – https://twitter.com/malware_traffic/status/1446627364147023877 Analyzing binaries? Patch analysis (patch tuesday, print nightmare, etc)? https://wumb0.in/extracting-and-diffing-ms-patches-in-2020.html https://www.netresec.com/?page=networkminer   Soldering? Oscillators for voltage checks? Wireless? Old cellphones (mobile apps, don’t need cellular) Personal assistant devices (used IoT devices?) Accessing data stored on devices   Specific software licenses?  Burp? If I’m trying to break into infosec, how do I use my lab to sell myself to an employer? Does the employer care?  How can someone show what they’ve learned in a way that shows the value?

  • 2021-035-GRC selection discussion, TechSecChix, and the ‘job description problem’
    by Bryan Brake, Amanda Berlin, Brian Boettcher on September 29, 2021 at 3:55 pm

    GRC tools  (Governance Risk and Compliance)   @ki_twyce_   @TechSecChix   INfosec unplugged   Security Happy Hour   Eric’s cyberpoppa show   Cyber Insight show – cohost   Blumira is hiring https://www.blumira.com/careers/  https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html   https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html   https://www.oxial.com/all/how-to-go-about-choosing-your-grc-solution/   Why do we need a GRC tool? https://resilience.acoss.org.au/the-six-steps/managing-your-risks/risk-register   What are our business goals? (to make money… 😀 ) Are we mature enough to be measuring ourselves? How can we use this to be more efficient?   https://www.standardfusion.com/blog/the-future-of-grc-7-things-to-look-out-for/   Centralized Controls. … Support for Future Standards. … Automation Integrations (my add… helpdesk integrations,  3rd party) Scalability. … Customizable Reporting. … Flexibility. … Task Delegation   GRC tool use in other areas   IT – makes more informed budget decisions, determines directions in business goals, asset mgmt Finance – Make better financial decisions, profitability Infosec-  vuln mgmt,  Compliance HR – determine hiring requirements Legal – ensures ethical management of the organization, reduces breach,    How do you implement GRC? https://www.crowe.com/insights/6-steps-for-a-successful-grc-implementation Step 0: everyone’s input and use cases  Determine the total value gained by using a centralized GRC platform Missing data  Duplicate processes Duplicate data Manual steps that can be removed or automated Workflows to assist heavily manual areas such as communications, emails, approvals, and reporting Identify operational gaps to prioritize the areas you need to improve. Get your team on board with an effectively communicated plan. Build a strong foundation to support your GRC program Deploy a standardized GRC implementation across the board. Let the GRC framework evolve and grow after it’s implemented.  

  • 2021-034-Khalilah Scott, good GRC tool practices – part1
    by Khalilah Scott, Amanda Berlin, Bryan Brake, and Brian Boettcher on September 29, 2021 at 4:47 am

    GRC tools  (Governance Risk and Compliance)   @ki_twyce_   @TechSecChix   INfosec unplugged   Security Happy Hour   Eric’s cyberpoppa show   Cyber Insight show – cohost   Blumira is hiring https://www.blumira.com/careers/  https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html   https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html   https://www.oxial.com/all/how-to-go-about-choosing-your-grc-solution/   Why do we need a GRC tool? https://resilience.acoss.org.au/the-six-steps/managing-your-risks/risk-register   What are our business goals? (to make money… 😀 ) Are we mature enough to be measuring ourselves? How can we use this to be more efficient?   https://www.standardfusion.com/blog/the-future-of-grc-7-things-to-look-out-for/   Centralized Controls. … Support for Future Standards. … Automation Integrations (my add… helpdesk integrations,  3rd party) Scalability. … Customizable Reporting. … Flexibility. … Task Delegation   GRC tool use in other areas   IT – makes more informed budget decisions, determines directions in business goals, asset mgmt Finance – Make better financial decisions, profitability Infosec-  vuln mgmt,  Compliance HR – determine hiring requirements Legal – ensures ethical management of the organization, reduces breach,    How do you implement GRC? https://www.crowe.com/insights/6-steps-for-a-successful-grc-implementation Step 0: everyone’s input and use cases  Determine the total value gained by using a centralized GRC platform Missing data  Duplicate processes Duplicate data Manual steps that can be removed or automated Workflows to assist heavily manual areas such as communications, emails, approvals, and reporting Identify operational gaps to prioritize the areas you need to improve. Get your team on board with an effectively communicated plan. Build a strong foundation to support your GRC program Deploy a standardized GRC implementation across the board. Let the GRC framework evolve and grow after it’s implemented.      

  • 2021-033-Kim_Crawley, 8 steps to better security-Part2
    by Bryan Brake, Amanda Berlin, Brian Boettcher on September 20, 2021 at 12:56 am

      8 Steps to Better Security: A Simple Cyber Resilience Guide to Business is done all final editing and will be published by @WileyTech on October 5th.    Pre-orders are available now via Amazon, Barnes & Noble, and other retailers.   Sponsored Link: https://amzn.to/3k3pDAN   Amazon teaser: “Harden your business against internal and external cybersecurity threats with a single accessible resource.  In 8 Steps to Better Security: A Simple Cyber Resilience Guide for Business, cybersecurity researcher and writer Kim Crawley delivers a grounded and practical roadmap to cyber resilience in any organization. Offering you the lessons she learned while working for major tech companies like Sophos, AT&T, BlackBerry Cylance, Tripwire, and Venafi, Crawley condenses the essence of business cybersecurity into eight steps.   Written to be accessible to non-technical businesspeople as well as security professionals, and with insights from other security industry leaders, this important book will walk you through how to:  Foster a strong security culture that extends from the custodial team to the C-suite  Build an effective security team, regardless of the size or nature of your business  Comply with regulatory requirements, including general data privacy rules and industry-specific legislation  Test your cybersecurity, including third-party penetration testing and internal red team specialists  Perfect for CISOs, security leaders, non-technical businesspeople, and managers at any level, 8 Steps to Better Security is also a must-have resource for companies of all sizes, and in all industries.  “

Share This Information.

Leave a Reply

Your email address will not be published. Required fields are marked *