41 min
Complex System Security: a CISO Perspective with Emilio Escobar AppSec Builders
-
- Technology
In this episode of AppSec Builders, I'm joined by DataDog CISO, Emilio Escobar. Emilio's extensive experience at Hulu and Sony Interactive and his contributions to Ettercap all provide a unique perspective on team maturity, managing complex systems across enterprise, leadership insights, security ownership, and becoming the CISO of a public company.
Follow Emilio on Twitter and Linkedin at the below links:
https://twitter.com/eaescob?lang=en (https://twitter.com/eaescob?lang=en)
https://www.linkedin.com/in/emilioesc/ (https://www.linkedin.com/in/emilioesc/)
Resources
Ettercap:
https://www.ettercap-project.org/ (https://www.ettercap-project.org/)
https://github.com/Ettercap/ettercap (https://github.com/Ettercap/ettercap)
Book Recs:
https://www.amazon.com/Grit-Passion-Perseverance-Angela-Duckworth/dp/1501111108 (Grit: the Power of Passion and Perseverance)
https://www.amazon.com/How-Finance-Works-Thinking-Numbers/dp/1633696707/ref=sr_1_1?dchild=1andkeywords=How+Finance+Worksandqid=1608083849ands=booksandsr=1-1 (How Finance Works)
https://www.amazon.com/How-Win-Friends-Influence-People/dp/0671027034/ref=sr_1_1?crid=2WZVVXH0Z3IRQanddchild=1andkeywords=how+to+win+friends+and+influence+peopleandqid=1608083908ands=booksandsprefix=how+to+wi%2Cstripbooks%2C192andsr=1-1 (How to Win Friends and Influence People)
Episode 3 Transcript
Jb: [00:00:02] Welcome to AppSec Builders, the podcast for Practitioners Building Modern AppSec hosted by JB Aviat.
Jb: [00:00:14] Welcome to the third episode of AppSec Builders today I'm proud to receive Emilio Escobar, who's CISO at DataDog. Welcome and good morning, Emilio.
Emilio: [00:00:24] Good morning. Excited to be here. Thanks for having me.
Jb: [00:00:24] Thanks lot for joining us. So you recently joined DataDog as a CISO, but you have a broad experience as a security leader, at DataDog today. But before that, Hulu, Sony, and I think you are also the maintainer of a famous tool for security geeks like this, which is Ettercap, right?
Emilio: [00:00:48] Yeah, that is correct. I'm one of the three main maintainers of it, and we've been doing it for about nine years already.
Jb: [00:00:56] Do you want to share a bit what Ettercap is about? I used it regularly into pentests'. That's an amazing tool.
Emilio: [00:01:02] Sure. Ettercap has been around for a long, long time, I think, since 2006, and it had slowly died down in around like maybe two thousand eight, two thousand nine. But it is a man in the middle attack tool. It's leveraged by a lot of pentesters for doing man in the middle attack to their customers and trying to obtain credentials for for services like SSH Telnet and what have you. How I got started with it was that when I worked at Accuvant Labs, I was a pentester, one of my colleagues was using it or trying to use it for an engagement that he was working on. And he was running into some, some bugs. And he reached out to me and asked me if I knew how to code in C. I said yes. And he's like, I'll give you five hundred dollars for if you solve these two for each of these two bugs that, that I'm running into. So looking at the code, I was able to fix the issues that he was running into. I never got that thousand dollars back. But what that started was the conversation between him and I. This is Eric Meilin, who I believe is that BlackBerry now about like, hey, should we actually resume the support for Ettercap? We wanted it to work well in MacOS. We wanted IPv6 support. We wanted all these new features that it wasn't supporting. And we reach out to ALoR and NaGA the original authors and they were gracious enough to allow us to to run with it as long as we kept it open source. Right. And that was the commitment that we gave them. So fast forward nine years. We've we've added a few versions. Now, I'm less involved in the coding because I really don't just don't have the time for it, but surrounded by two people who are active. So feel free to check it...
In this episode of AppSec Builders, I'm joined by DataDog CISO, Emilio Escobar. Emilio's extensive experience at Hulu and Sony Interactive and his contributions to Ettercap all provide a unique perspective on team maturity, managing complex systems across enterprise, leadership insights, security ownership, and becoming the CISO of a public company.
Follow Emilio on Twitter and Linkedin at the below links:
https://twitter.com/eaescob?lang=en (https://twitter.com/eaescob?lang=en)
https://www.linkedin.com/in/emilioesc/ (https://www.linkedin.com/in/emilioesc/)
Resources
Ettercap:
https://www.ettercap-project.org/ (https://www.ettercap-project.org/)
https://github.com/Ettercap/ettercap (https://github.com/Ettercap/ettercap)
Book Recs:
https://www.amazon.com/Grit-Passion-Perseverance-Angela-Duckworth/dp/1501111108 (Grit: the Power of Passion and Perseverance)
https://www.amazon.com/How-Finance-Works-Thinking-Numbers/dp/1633696707/ref=sr_1_1?dchild=1andkeywords=How+Finance+Worksandqid=1608083849ands=booksandsr=1-1 (How Finance Works)
https://www.amazon.com/How-Win-Friends-Influence-People/dp/0671027034/ref=sr_1_1?crid=2WZVVXH0Z3IRQanddchild=1andkeywords=how+to+win+friends+and+influence+peopleandqid=1608083908ands=booksandsprefix=how+to+wi%2Cstripbooks%2C192andsr=1-1 (How to Win Friends and Influence People)
Episode 3 Transcript
Jb: [00:00:02] Welcome to AppSec Builders, the podcast for Practitioners Building Modern AppSec hosted by JB Aviat.
Jb: [00:00:14] Welcome to the third episode of AppSec Builders today I'm proud to receive Emilio Escobar, who's CISO at DataDog. Welcome and good morning, Emilio.
Emilio: [00:00:24] Good morning. Excited to be here. Thanks for having me.
Jb: [00:00:24] Thanks lot for joining us. So you recently joined DataDog as a CISO, but you have a broad experience as a security leader, at DataDog today. But before that, Hulu, Sony, and I think you are also the maintainer of a famous tool for security geeks like this, which is Ettercap, right?
Emilio: [00:00:48] Yeah, that is correct. I'm one of the three main maintainers of it, and we've been doing it for about nine years already.
Jb: [00:00:56] Do you want to share a bit what Ettercap is about? I used it regularly into pentests'. That's an amazing tool.
Emilio: [00:01:02] Sure. Ettercap has been around for a long, long time, I think, since 2006, and it had slowly died down in around like maybe two thousand eight, two thousand nine. But it is a man in the middle attack tool. It's leveraged by a lot of pentesters for doing man in the middle attack to their customers and trying to obtain credentials for for services like SSH Telnet and what have you. How I got started with it was that when I worked at Accuvant Labs, I was a pentester, one of my colleagues was using it or trying to use it for an engagement that he was working on. And he was running into some, some bugs. And he reached out to me and asked me if I knew how to code in C. I said yes. And he's like, I'll give you five hundred dollars for if you solve these two for each of these two bugs that, that I'm running into. So looking at the code, I was able to fix the issues that he was running into. I never got that thousand dollars back. But what that started was the conversation between him and I. This is Eric Meilin, who I believe is that BlackBerry now about like, hey, should we actually resume the support for Ettercap? We wanted it to work well in MacOS. We wanted IPv6 support. We wanted all these new features that it wasn't supporting. And we reach out to ALoR and NaGA the original authors and they were gracious enough to allow us to to run with it as long as we kept it open source. Right. And that was the commitment that we gave them. So fast forward nine years. We've we've added a few versions. Now, I'm less involved in the coding because I really don't just don't have the time for it, but surrounded by two people who are active. So feel free to check it...
41 min