16 episodes

Exploring the defensive side of cybersecurity through the eyes and experts.and innovators in the space. Exploring topics such as threat intelligence, threat hunting, security operations and more.

Hacker Valley Blue Hacker Valley Media

    • Technology

Exploring the defensive side of cybersecurity through the eyes and experts.and innovators in the space. Exploring topics such as threat intelligence, threat hunting, security operations and more.

    Hacker Valley Blue: Know Thyself Finale

    Hacker Valley Blue: Know Thyself Finale

    This is the finale of Know Thyself. What an incredible journey, we feel like this entire experience flew by so fast, we got to talk to so many incredible people about knowing yourself, knowing your team, knowing your tech stack, knowing your environment, and even knowing your story.


    Make your organization better make your security posture better, strive for impact, what are the most high leverage things that you can do today to make everybody's lives easier, or more safe, and then yield the feedback, there might be some things that you might be missing, you might need to ask questions, ask for feedback, get some information from your stakeholders, what what are you thinking about that I might not be thinking about? asking these different things is how you know thyself. And this is how you get to know the people that are around you, your peers, your stakeholders, the more knowledge you have got started with that Sun Tzu quote, in the very beginning of the podcast, if you know yourself and you know your enemy, you need not fear the results of 100 battles. So if you really understand yourself, and you have good threat intelligence, understanding the externals, you have good vulnerability management that understands the externals and the internals, if you mash all that information together, I think you'll be able to do great things with your cybersecurity program.


     


    Key Takeaways


    0:02 Introduction to the show


    0:49 Our Sponsor, Axonius 


    2:09 Welcome back


    2:31 Reflecting on Know Thyself


    3:17 Recap This Seasons Guest


    3:22 Marcus Carey


    4:17 John Strand


    5:05 Aaron Reinhart & Jamie Dixon


    5:54 Chaos Engineering


    7:12 Lenny Zeltser, asset inventory


    7:54 Kevin Allison, Storytelling is a soft skill


    10:19 John Strand


    12:13 Can we do better?


    13:54 What kind of leader are you?


    14:26 Do you have unsupported devices?


    17:34 Ask yourself these questions


    13:33 Go back to the EASY Framework


    21:50 Learning


    23:29 Exploration


    24:00 Immersion


    27:28 Reach Hacker Valley


     


    Learn more about Hacker Valley Studio


    Support Hacker Valley Studio on Patreon


    Follow Hacker Valley Studio on Twitter


    Follow Ron Eddings on Twitter


    Follow Chris Cochran on Twitter


    Supported by Axonius


     

    • 28 min
    Understanding Your Story with Kevin Allison

    Understanding Your Story with Kevin Allison

    In this masterclass of HVB season 2 we brought in a master story teller in Kevin Allison. The biggest thing is to get a person to understand, don't just summarize, don't just walk us through a Wikipedia like where you're just giving us a broad overview. And you're explaining; it’s important to remember sensory details that will help us see almost like movie scenes, what was happening between people. That is what brings the story alive. So that's a good case right there where the bones of the story were incredible. Like that's just on paper and an incredible overview of a story, but it's not going to work unless you can fill in all those sensory details that bring it alive and make it emotional for us.


    Storytelling is a soft skill that offers the ability to contextualize cybersecurity in a manner that any organization can understand to allow their business to stay safe.


     


    Key Takeaways:


     


    0:00 Previously on the show


    2:37 Kevin introduction


    3:20 Episode begins


    3:39 Where Kevin is today


    7:58 Kevin’s origin story


    12:04 Cybersecurity is performing


    17:08 Storytelling for business


    21:00 Engineering a story


    26:12 Authentic storytelling


    34:54 Speaking isn’t perfect


    41:02 Where to find Kevin


     


    The Story Studio


    RISK!: True Stories People Never Thought They’d Dare To Share


    RISK! Podcast


    Twitter


    Facebook


    Instagram


    Risk Show Podcast


    Learn more about Hacker Valley Studio


    Support Hacker Valley Studio on Patreon


    Follow Hacker Valley Studio on Twitter


    Follow Ron Eddings on Twitter


    Follow Chris Cochran on Twitter


    Sponsored by Axonius

    • 42 min
    Understanding Where You Are with John Strand

    Understanding Where You Are with John Strand

    If want to get into computer security, you're going to learn to love it, you're going to have to be successful, because a lot of computer security isn't just about bits and bytes, it's really about effectively communicating what needs to be done to the right people.


    In this episode we have the incredible John Strand. Organizations need to become more proactive, and see where those weak spots are to protect themselves from something like ransomware. You need to run a pen test because you can have somebody literally launch those attacks, and identify those weaknesses in those vulnerabilities before the bad people do.


    What's the gap that we can all learn from? It's passwords. By and large for most users, passphrases are the way to go. And, multi-factor authentication is actually a very sound strategy.


    If you look at one key tenant of computer security, complexity is the enemy of computer security. And security is constantly trying to catch up and protect against yesterday's attacks. So, the future is more connected, it's more complicated. And the problem is, we still have people that use weak passwords, we still have people that click on links from strangers. And ultimately, when we're looking at that future, you're going to see the exact same problems that we've always had complicated on a much, much, much, much, much larger scale. As things get more and more pushed to the cloud. There'll be no shelter here, the front line is everywhere. World of computer security. 


     


    Key Takeaways:


    0:00 Previously on the show
    2:02 John introduction
    2:44 Episode begins
    2:47 What John is doing today
    3:45 John’s core tenets
    5:51 How pen testing is “Blue”
    6:17 Why understanding fundamentals matters
    8:55 Ransomware
    10:41 Organizations need to be prepared
    11:58 Password gap
    13:37 Password philosophy
    17:07 Multi-factor authentication
    21:40 What to do today
    24:24 New problems
    26:44 Learn your own network
    28:26 Where to find John


     


    John Strand on Twitter


    John Strand on LinkedIn


    Black Hills Information Security


    Learn more about Hacker Valley Studio


    Support Hacker Valley Studio on Patreon


    Follow Hacker Valley Studio on Twitter


    Follow Ron Eddings on Twitter


    Follow Chris Cochran on Twitter


    Sponsored by Axonius

    • 29 min
    Learning Through Chaos Engineering with Aaron and Jamie

    Learning Through Chaos Engineering with Aaron and Jamie

    In this episode, we brought in two exceptional guests that are no stranger to chaos. In fact, they've identified ways to engineer for chaos. In the studio, we have Aaron Rinehart, CTO, and founder at Verica. We also have Jamie Dicken, former manager of applied security at Cardinal Health and current director at Resilience. These two are also authors of Security Chaos Engineering. If you haven't read that book it's already out, you should check it out. 


    Chaos engineering is the technique of introducing turbulent conditions into a distributed system to try to determine the conditions that cause it to fail before it actually fails. So they simplify it. What we do with chaos engineering is learn about the system without experiencing the pain of an outage or an incident. You learn to trust your gear by testing.


    The biggest impact really came once we understood how security chaos engineering fits into the bigger security picture. It's not about just being a part of the latest and greatest techniques and having the excitement of doing something that's cutting edge, but security chaos engineering at the end of the day. It's useless unless what you've learned drives change. 


     


    Key Takeaways:


    0:00 Previously on the show


    1:40 Aaron Rinehart and Jamie Dixon introduction 


    2:08 Episode begins


    2:59 What Jamie and Aaron are doing today


    3:13 What Jamie is doing


    4:13 What Aaron is doing


    5:00 Discuss chaos engineering


    9:26 Importance of chaos engineering


    10:16 Myths of chaos engineering


    12:55 Chaos engineering customer impacts


    17:34 Learning to trust the test and end result


    19:03 Reader and customer feedback


    22:21 Chaos engineering gone wrong


    27:39 Implementing change in cybersecurity


    28:11 Building a team of experts


    39:08 Getting involved in chaos engineering 


    41:09 Tools for listeners


    43:25 Keeping up with Aaron and Jamie


     


     


    Aaron Rinehart on Twitter


    aaron@verica.io


    Jamie Dicken on Twitter


    Verica on LinkedIn


    Verica Free Book 


    Learn more about Hacker Valley Studio


    Support Hacker Valley Studio on Patreon


    Follow Hacker Valley Studio on Twitter


    Follow Ron Eddings on Twitter


    Follow Chris Cochran on Twitter


    Sponsored by Axonius

    • 44 min
    Mastering the Fundamentals with Lenny Zeltser

    Mastering the Fundamentals with Lenny Zeltser

    In this episode, we brought back our good friend Lenny Zeltser.  Lenny is Chief Information Security Officer at Axonius.  He's developed a mindset of looking at security components as building blocks to create a holistic security environment. To this day, even while operating as an executive, he has wisdom that anyone can learn from.


    Quite often, the less sexy aspects of information security are ignored, when in reality, you need to understand what resources you're supposed to protect, which assets are compromised, and the infrastructure for your organization.  People jump right into fighting the big fires, and as you know, there is a reason why there are so many day-to-day urgent activities. 


    To start moving in a positive direction, Lenny shares this advice, “Understand what the major data sources you can tap into rather than thinking ‘let me create this one new way of serving everything I have are.’”  The information is there. Think about three sources of information that might get you the biggest bang for the buck!


     


    Key Takeaways:


     


    0:00 Previously on the show


    1:40 Lenny introduction


    2:05 Episode begins


    3:10 What Lenny is doing today


    5:35 The evolution of Lenny’s career


    8:30 Parallels between beginning and now


    10:38 Journey and growth of REMnux


    13:00 Challenges Lenny has faced


    15:21 Collaboration surprises


    17:18 Horror stories


    20:18 Enforcing policies


    23:34 Asset management


    26:08 New tech and trends


    28:45 Biggest discovery about self


    32:38 Advice for others


    34:24 Keeping up with Lenny


     


     


    Links:


    What Lenny Does


    Lenny on the Web


    Follow Lenny on Twitter


    Lenny on LinkedIn


    Learn more about Hacker Valley Studio


    Support Hacker Valley Studio on Patreon


    Follow Hacker Valley Studio on Twitter


    Follow Ron Eddings on Twitter


    Follow Chris Cochran on Twitter


    Sponsored by Axonius

    • 35 min
    Essentials for Cybersecurity with Chani Simms

    Essentials for Cybersecurity with Chani Simms

    In this episode of Hacker Valley Blue, we brought in a guest who has been on a journey of transformation of self and technology.  Our guest is Chani Simms, managing director of Meta Defence Labs.  We talk about what is essential for cybersecurity.  If there was a magic box that could solve an issue, what problem would Chani want solved? “People!”  They need to be trained, and care, and have buy in.  They must be devoted to what they’re doing.  They need cultural awareness and support – it isn’t easy and the hardest job.  


    When it comes to leadership, organizations need to use people already in the organization.  It is important to know what they’re trying to do.  You have to use security as an enabler.  Leadership is responsible for communicating objectives and goals.  


     


    Key Takeaways


    0:00 Previously on Hacker Valley Blue


    1:36 In this episode


    3:10 Background and day job


    5:37 Cyber essentials


    13:46 Keeping up to date


    15:26 Access control


    17:07 Security hygiene


    19:48 Magic box


    21:32 Leadership fundamentals


    26:22 Formula 1 analogy


    28: 46 Wrap up


     


    Links:


    Chani on LinkedIn


    Chani on Twitter


    Email: info@metadefencelabs.com


    Sponsored by Axonius


    Hacker Valley Studio


    Chris Cochran on LinkedIn


    Ron Eddings on LinkedIn

    • 29 min

Top Podcasts In Technology