Episode 3: Data Breaches Special guest Todd Beski

February 9, 2017

Security Jabber, Episode 3

Security Jabber - Episode 3

Guest: Todd Beski

“There are only two types of companies in the world today. Those that have been breached and those that don’t know they’ve been breached.” ~ Generic Security Expert

We’ve heard that line a million different ways in the InfoSec industry but it still remains true, breaches are a problem. In this week’s episode or “breachisode” as Dave put it, we covered all things breach related. The show started with a disclaimer and a dive in to the Dark Web. We then talked about the recent arrest of Kaspersky employees being arrested for treason.

The bulk of the podcast was spent talking about breaches and all the steps you need to take to protect yourself. We covered recent stats, stories like David Beckham being extorted, and the infamous RSA breach. The team also covered the top 5 data breach predictions for 2017, the conversation may surprise you. In the last segment we discussed what to do if there’s been a breach whether you’re a private citizen or a CISO at a company.

Oh, and we added a new member to the Security Jabber team, Todd Beski!

Links from this week’s stories

Comment

Episode 2: Interview of Steve Barone, CBI CEO

January 25, 2017

Security Jabber, Episode 2

Security Jabber - Episode 2

Guest: Steve Barone, CEO, CBI

Well, the Security Jabber crew beat the spread and made it to episode 2. This week, we had Steve Barone on as our special guest. There was quite a bit ground covered this week from cows, to 2 factor authentication, and all the way back to our favorite memories of our first computers. We even touched on critical infrastructure again and the likelihood of a massive failure in the near future, spoiler alert it was decided we will be doing a special episode dedicated to prepping. Until next time, here’s some links to keep you busy and don’t forget to visit us on Facebook, LinkedIn and Twitter.

Links from this week’s stories

Comment

Hackers Hack a Major Dealer of Hacking Tools (Cellebrite)

January 16, 2017

http://motherboard.vice.com/read/hacker-steals-900-gb-of-cellebrite-data

"The hackers have been hacked. Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products."

Comment

Episode 1: Red Team Leader, A Day In The Life

January 11, 2017

Hi everyone, it's our first episode! A special thank you to our friends at PodcastDetroit & ITinTheD.

Security Jabber debuts

https://soundcloud.com/podcastdetroit/security-jabber-debuts

Guest: Shaun Bertrand, Red Team Lead from CBI

What a cool conversation with a group of people that like hanging out together. We talked about the growing concerns around the Internet of Things (IoT) which are very real concerns around real-world attacks taking advantage of existing vulnerabilities on home appliances, car, drop cams, etc. It's not just an invasion of privacy, it can lead to an increased level of personal vulnerability, identity theft, financial loss, etc.

Autonomous assistants such as Alexa & Siri (used for simple, common, and published voice commands) could possibly be used to access and exfiltrate personal, financial data. It's been proven that services provided by Amazon store recorded video/audio when the device is active and sometimes when it's not. Mainstream media might have you believe that it's being used to drive marketing research but what about the huge holes this opens up, enabling the bad-guys to collect intel on highly valued targets?

Shaun Bertrand leads the Red Team practice for Cyber Security consulting company "CBI". He's always been curious, but his passion regarding cyber security started when he was 13 yrs old, "dabbling a little bit with a computer". Shaun started off with a 9600 baud modem and moved up to using a port scanner while his friends were "chatting" on AIM & ICQ, he was "scanning and finding open telnet all over the place".

Shaun said, "It showed me how easy it was to get anywhere I wanted to". He slowly started attending 2600 meetings and the rest, as they say, is history. Quickly he escalated into going out to Defcon and winning a "shootout" contest, experimenting with throwing wireless signals long distance with custom wireless antennas (pictures to come). Shaun also started doing pen-testing before most people knew what it was and developed a passion for recognizing the impacts of these new identified vulnerabilities. He now starts off his day by thinking "who has been breached today" and begins by researching recent breaches, understanding how they are carried out then contacts his clients letting them know how to improve their defenses against them.

We asked what type of education someone should to get started in this industry. Shaun's advice, have an intimate knowledge of the technical mechanics and modeling that drives IT security. Routing, spoofing, etc... other tips included:

1. Learn the fundamentals

2. Lean a small bit about coding (bash scripting, PERL, etc.)

3. Identify a mentor

4. Most of all, keep learning

Comment

cyber Security Training Resource

January 11, 2017

I found this site today, thanks to a solid LinkedIn friend, pretty cool resource for information security training... For free! What kind of training do you use to keep up on current skills?

http://www.tomsitpro.com/articles/free-infosec-training-for-it-pros,1-2707.html

Comment

News & Info

Episode 3: Data Breaches Special guest Todd Beski

Security Jabber - Episode 3

Episode 2: Interview of Steve Barone, CBI CEO

Security Jabber - Episode 2

Guest: Steve Barone, CEO, CBI

Hackers Hack a Major Dealer of Hacking Tools (Cellebrite)

Episode 1: Red Team Leader, A Day In The Life

cyber Security Training Resource