249 episodes

A podcast all about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

Brakeing Down Security Podcast Bryan Brake, Amanda Berlin, Brian Boettcher

    • Education
    • 4.7 • 97 Ratings

A podcast all about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

    Amanda's Sysmon Talk -p1

    Amanda's Sysmon Talk -p1

    This week Amanda, Brian, and Bryan discuss sysmon, how it works to detect IOCs in your org, and how it extends beyond regular Windows event monitoring.
     
    oh... and it's available for Linux too!



    BrakeSec is:
    Amanda Berlin @infosystir
    Brian Boettcher @boettcherpwned
    Bryan Brake @bryanbrake



    https://www.brakeingsecurity.com
     
    Our #twitch stream can be found at:

    Https://twitch.tv/brakesec (subscription is req'd to see full videos)

    • 37 min
    Tanya Janca, Securing APIs, finding Security Champions, and accepting Risk

    Tanya Janca, Securing APIs, finding Security Champions, and accepting Risk

    Tanya Janca, also known as @SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.
    https://wehackpurple.com
     
    BrakeSec is:
    Amanda Berlin @infosystir
    Brian Boettcher @boettcherpwned
    Bryan Brake @bryanbrake



    www.brakeingsecurity.com
    https://twitch.tv/brakesec
     

    • 41 min
    Tanya Janca on secure coding practices, Swagger docs, and why documentation matters

    Tanya Janca on secure coding practices, Swagger docs, and why documentation matters

    Tanya Janca, also known as @SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.
     
    https://shehackspurple.ca/
     
    BrakeSec is:
    Amanda Berlin @infosystir
    Brian Boettcher @boettcherpwned
    Bryan Brake @bryanbrake



    www.brakeingsecurity.com

    • 39 min
    PYPI enables 2FA, some devs have a problem with this

    PYPI enables 2FA, some devs have a problem with this

    Full #twitch VOD here (prime sub or paid sub required):  https://www.twitch.tv/videos/1528342722

    https://github.com/untitaker/python-atomicwrites
    https://thehackernews.com/2022/07/pypi-repository-makes-2af-security.html
    Twitch streams (175+ hours of content!):
    Https://twitch.tv/brakesec
    www.brakeingsecurity.com
    Twitter:
    @infosystir
    @boettcherpwned
    @brakesec
    @bryanbrake

    • 56 min
    JW Goerlich on Training, phishing exercises, security metrics,getting the most from user training

    JW Goerlich on Training, phishing exercises, security metrics,getting the most from user training

    JW Goerlich - 
    “Wolfgang is a cyber security strategist and an active part of the Michigan security community. He co-founded the OWASP Detroit chapter and organizes the annual Converge and BSides Detroit conferences. Wolfgang has held roles such as the Vice President of Consulting, Security Officer, and Vice President of Technology Services. He regularly advises clients on topics ranging from risk management, incident response, business continuity, secure development life cycles, and more.”
     
    https://jwgoerlich.com/
     
    RSA talks and discussion





    Phishing tests - 
    https://www.securityweek.com/research-simulated-phishing-tests-make-organizations-less-secure
    https://hbr.org/2021/04/phishing-tests-are-necessary-but-they-dont-need-to-be-evil




    What are the goal of these tests?
        That someone will click and activate (is that not a given?)
    What made them popular in the first place?
    Is this an example of management not taking security seriously, so we needed proof?
     
    https://www.csoonline.com/article/3619610/best-practices-for-conducting-ethical-and-effective-phishing-tests.html
    FTA: “This will only undermine the efforts of cybersecurity teams as a whole, alienating the very people they aim to engage with, Barker adds. “People generally don’t like to be tricked, and they don’t usually trust the people who trick them. One counterargument I often hear is that criminals use emotive lures in a phish, so why shouldn’t we? Well, criminals also cause physical damage to property, take systems offline, and disrupt services, but physical social engineers and pen-testers don’t—for good reason. Simulations should not cause active harm.””
     
    Is this part of a larger issue? Why do we treat these tests the way we do?
    Typical scenario?
    Mgmt does not believe or trust their internal people to tell them what is wrong, and takes a 3rd party source/product to tell them the same thing.
        Are these stories Apocryphal? Or just my experience?

    • 41 min
    RSA conference, Zero Trust, SSO, 2FA, and multi-cloud tenancy with J Goerlich

    RSA conference, Zero Trust, SSO, 2FA, and multi-cloud tenancy with J Goerlich

    • 34 min

Customer Reviews

4.7 out of 5
97 Ratings

97 Ratings

JoshCrist ,

Empowering, insightful and actionable! 🙌

Whether you’re well established as an innovator in infosec, or just getting started in the industry - this is a must-listen podcast for you! Bryan and the BDS team do an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of navigating the shifting landscape of data security - with leaders who’ve actually experienced success themselves. Highly recommend listening and subscribing!

The name iz already taken ,

Spelling

Braking*

bb7151 ,

Good team!

Topics are practical and varied. I also appreciate the fact that they are all involved in the security community which adds weight to their discussions.

Top Podcasts In Education

Jordan Harbinger
Dr. Jordan B. Peterson
Jennette McCurdy
Rich Roll
TED
Motiversity

You Might Also Like

Jerry Bell and Andrew Kalat
Johannes B. Ullrich
CyberWire, Inc.
Graham Cluley & Carole Theriault
CISO Series
Cybereason