28 episodes

Exploring the defensive side of cybersecurity through the eyes and experts.and innovators in the space. Exploring topics such as threat intelligence, threat hunting, security operations and more.

Hacker Valley Blue Hacker Valley Media

    • Technology
    • 5.0 • 2 Ratings

Exploring the defensive side of cybersecurity through the eyes and experts.and innovators in the space. Exploring topics such as threat intelligence, threat hunting, security operations and more.

    Pentesting for a Better Purple Team with Plextrac’s Nick Popovich

    Pentesting for a Better Purple Team with Plextrac’s Nick Popovich

    Nick Popovich, Hacker in Residence at PlexTrac, drops by to say hi to the Hacker Valley crew and give some insight into PlexTrac’s purple teaming services. Starting his career in offensive security as a pen tester, Nick gained great insight into purple teaming at companies like Optiv before he joined PLexTrac’s team of hackers. This week, Nick talks about PlexTrac’s unique software integrations, practical purple team collaboration, and differentiating between his experiences in red teaming and pen testing in offensive cyber.
     
    Timecoded Guide:
    [00:00] Getting involved in tech through the Army & continuing as a civilian 
    [07:02] Transitioning from security analyst into pen testing & offensive security
    [14:41] Explaining the difference between red teaming & pen testing
    [36:11] Collaborating red & blue to make the perfect purple team
    [43:16] Using PlexTrac for purple team engagements 
    [50:07] Avoiding burnout & disengaging from hacking after work
     
    Sponsor Links:
    Thank you to our friends at Axonius and PlexTrac for sponsoring this episode!
    The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
    PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley
     
    What was that transition like for you from security analyst to pen tester?
    Nick describes his transition from being a security analyst who looked at pen testing reports to becoming a pen tester as nothing short of fascinating. After struggling to re-engineer the reports he was seeing at work as an analyst, Nick took his chances on becoming a practitioner through getting certified, expanding his education, and working for a small pen testing consulting company. Working in that boutique environment gave him an overall appreciation for the nuance and knowledge needed to be a successful pen tester. 
    “I've gotten lucky to see both sides of the coin, meaning that raw boutique with six folks where you're the entire pen testing practice. And also, I've been in a pen testing practice with dozens upon dozens of team members supporting me.”
     
    People misunderstand purple teaming. Can you talk about what purple team collaboration really looks like?
    Many perceive purple teaming as the red team and the blue team just working together. In reality, Nick explains that an actual purple team requires a lot more than occasional proximity and communication— it requires strategy, established procedures, and set goals and outcomes. Instead of forcing proximity without the proper leadership or planning, a program like PlexTrac needs to be in place to further facilitate and create that complete purple team integration.  
    “Folks still have their day job. During a purple team engagement, the blue team still has to protect the fidelity of the environment, they have a day job they're doing. So, establish rules, establish a procedure, and then, really come up with outcomes that you want to see.”
     
    How does red vs blue team collaboration translate into PlexTac’s application?
    Purple team collaboration starts with having a clear plan and communication strategy. Enter PlexTrac, a program designed to be a place for collaboration. The best part of PlexTrac in Nick’s opinion? They’re the pane of glass to look through, not the replacement for other programs. Being able to integrate programs like SCYTHE into PlexTrac not only maximizes collaboration opportunities, but also avoids issues of conflicting technology. 
    “It's a place for collaboration. It's a place where the data lives and you work on it together. Whether you're starting your purple team journey, or you have an established purple team and you want to derive more value, a platform like PlexTrac can go a lon

    • 55 min
    Bridging Generation Gaps in the Cyber Workplace with Alexia Crumpton

    Bridging Generation Gaps in the Cyber Workplace with Alexia Crumpton

    Alexia Crumpton, Lead Cybersecurity Engineer at MITRE, joins the pod this week to cover leaving the old ways of cybersecurity behind to embrace the new generation. As both an engineer with MITRE and an educator for future cybersecurity practitioners, Alexia understands the complexity of new and emerging concepts in modern day cybersecurity— and she sees the confusion our current training methods are creating. Alexia helps us answer: How can we teach the purple team perspective to the next generation?
     
    Timecoded Guide:
    [00:00] Gaming MMOs & becoming a cybersecurity engineer for MITRE
    [08:36] Knowing defensive & offensive cyber to sharpen any practitioner’s skills
    [23:04] Teaching the new generation of cybersecurity & changing the old ways
    [32:13] Using Fortnite gaming to accessibly teach cyber skills
    [42:09] Learning cyber skills & being patient with the cybersecurity salary
     
    Sponsor Links:
    Thank you to our friends at Axonius and PlexTrac for sponsoring this episode!
    The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
    PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley
     
    Do you think knowing both the red and blue sides sharpens whatever side you're working on?
    Alexia describes defensive and offensive knowledge like a marriage— both have to not only coexist, but also work together. Having both defensive and offensive skills under your belt gives you, as a cyber practitioner, an overwhelming advantage in your ability to work efficiently. Instead of having to wait for someone to explain or struggle through systems you don’t understand, you can rest assured nothing is missed and everything is understood.
    “When I first got into the defensive side, the way the SOC was moving, the way the blue team analysts were moving, I was like, ‘You guys are missing a lot of things that I had to develop to bypass all of the things that you're looking for.’”
     
    What would you say is the biggest challenge with trying to build that cohesive purple team mentality? 
    In Alexia’s opinion, two challenges hold back companies from being able to build a cohesive purple team: communication and training. Without proper communication protocols between team members, everyone fends for themselves and neither red nor blue team practitioners can fully understand each other. Without proper training and knowledge, teams are stuck arguing between the old ways of past technology and the new ways of present day programs.
    “If I know what you know and you know what I know, we can work together as two brains to create something that is innovative and better for the cybersecurity community as a whole. Us working as a team is better in the fight against adversaries than me working by myself.”
     
    How do we get corporations to embrace creating content developed around bringing people in, teaching them, and most importantly, investing in their talent? 28:51
    Unfortunately for many new practitioners entering the industry, a large majority of cybersecurity companies still rely on the “old” way of doing many tasks and working with a lot of modern day tools. In Alexia’s perspective, this “old” way of thinking creates a massive gap between new employees and experienced professionals where confusion and dissatisfaction thrive. If they embraced the new way and asked new professionals how they learn best, many companies would find talent more willing to learn and stay in cyber roles at their organization. 
    “I think it’s about working with a new generation, just asking them: How do you learn? How do you retain information? What do you want to know? What are you interested in? So that we're giving information that he

    • 46 min
    Villages, Unicorns, & the Not-So-Mythical Purple Team with SCYTHE’s Bryson Bort

    Villages, Unicorns, & the Not-So-Mythical Purple Team with SCYTHE’s Bryson Bort

    Bryson Bort, CEO and Founder of SCYTHE, dons his unicorn getup and joins the pod this week to talk about purple teaming and building businesses with community in mind. After founding GRIMM, his first company, Bryson wanted to carve a path of purple team innovation in cyber and created SCYTHE to do just that. Along the way, Bryson saw a need to further engage the cyber community in education and accessibility, and co-founded the ICS Village to encourage training opportunities and bridge industry skill gaps.
     
    Timecoded Guide:
    [00:00] Transitioning from army intelligence into founding GRIMM & SCYTHE
    [11:38] Education, certifications, & training efforts with GRIMM & ICS Village
    [23:53] Data driven security efforts vs compliance checklists 
    [32:32] Combining Plex Trac with SCYTHE & MITRE ATT&CK
    [41:34] OT vs IT environments & the key to understanding risks for both
    [50:50] Cooking up community philanthropy as the Unicorn Chef
     
    Sponsor Links:
    Thank you to our friends at Axonius and PlexTrac for sponsoring this episode!
    Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask adaptive athlete Amy Bream. Want to learn more about how Amy controls complexity? Watch her video at axonius.com/amy 
    PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley 
     
    How was the transition from Army intelligence into the world of commercial cybersecurity? 
    Before attending West Point, Bryson had his own cybersecurity experience hacking small devices like calculators as a curious kid. He credits this early curiosity as a foundational knowledge that led him not only to a career in intelligence, but later becoming a founder of cybersecurity companies. Transitioning away from working for the government allowed Bryson to achieve a level of freedom with consulting opportunities that he previous didn’t have.
    “From a discipline side, it's a unique experience. I couldn't get it anywhere else. That being said, working with government is working with government. I had fun with the missions, but it was time to go. I wanted to do cyber more on my own terms, which is why I founded GRIMM.”
     
    GRIMM and other projects you’ve worked on seem to see staff training as a priority. Why is that?
    As skills gaps widen and employee shortages continue, Bryson explains that companies that don’t provide training opportunities for staff stand out as major barriers to entry in cyber. Bryson’s previous company, GRIMM, and his current one, SCYTHE, both offer mentorship and training opportunities for team members. Expecting to hire someone with all the skills is unrealistic, Bryson explains, and training is necessary for security to manage threats.
    “There's more work and need than there are people, which means we need to invest in folks. Most jobs really don't come through cold calls or the web. Most jobs come through relationships. If you know somebody who's interested, help them get into your company.”
     
    Why is that “blue team vs red team” mindset so hard for security practitioners to break out of? 
    Bryson explains that the error of security practitioners’ ways lies in not seeing security as process improvement. Unfortunately, cybersecurity is still overrun by egotistical employees, relying on whiteness or masculinity to inflate their intelligence and self importance. This only succeeds in creating tension-filled environments where there is no comprehensive assurance of security. Blue teams end up overwhelmed and red teams end up frustrated.
    “We don't need the pen tester or the red team to just win. Sure, that feels good, but that's not the point. We cannot be ego driven, we can't be win driven, and we can't continue to just create work that we're throwing on top of people when they already have a day job.”
     
    How do we get more companies to embrace the “purple team” mindset as more th

    • 59 min
    Bridging the Gap: Purple is the Future of Cybersecurity

    Bridging the Gap: Purple is the Future of Cybersecurity

    In this episode, we’re joined by Maril Vernon. Maril is a purple team lead and co-host of the Cyber Queens Podcast. From a background in marketing, Maril’s natural curiosity and determination lead her to a new career in cybersecurity with the Air National Guard and beyond. She discovered that there isn't one job in the field, but many types to choose from. She landed her first job in cyber security by applying her soft skills and tenacity. Maril says never to be afraid to ask “stupid” questions. 
     
    Timecode Guide: 
    [3:21] Maril’s origin story
    [7:27] Beating imposter syndrome
     [12:33] Curiosity of a pentester
    [16:47] Red Vs Blue
    [21:24] Purple works together
    [41:46] Invest in people
    [45:44] Maril’s hobbies
    [52:10] Cyber Queens Podcast
    [58:12] A piece of advice
    [59:56] Where to find Maril
     
    Sponsor Links: 
    Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! 
    Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone 
    PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley 
     
    Give the Rookie a Chance 
    Maril explains that entry-level employees aren’t given the trust or space to grow. These employees are the future of the industry, and frankly, the older employees are burned out. When given the proper training and investment they can share the load and lift companies to higher places.
    “I leaned in hard to those soft skills that I knew that I brought with me, in lieu of the technical skills I did not have. And for that company, that was enough, that got my foot in the door.”
     
    Red and Blue are Fighting the Same Enemies
    Red and Blue teams are often pitted against each other, but in reality, they are fighting the same war. Maril believes you should make small talk before you talk shop. Rapport, discourse, and transparency are key to creating workplace communication. 
    Davin and Maril explore the relationship between Red teams and Blue teams, how they differ, and what possibilities happen when they work together as a purple team.
    “One of the things purple teams are able to do is on the tangible side, it’s to definitively demonstrate proactive and reactive cyber resilience. If it's done properly you can actually say this is our quantified ability to sport and attack proactively or to reactively.”
    ------
    Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter. 
    Follow Maril on Twitter and LinkedIn. Listen to Cyber Queens Podcast.
    Follow Davin on LinkedIn.
    Continue the conversation by joining our Discord.

    • 1 hr 1 min
    First ATT&CK, Now MITRE D3FEND With Tyson Supasatit

    First ATT&CK, Now MITRE D3FEND With Tyson Supasatit

    In this episode, host Davin is joined by Tyson Supasatit, the Director of Product Marketing at Uptycs, to discuss how Upytcs is leveraging the MITRE D3FEND framework to further build upon their defensive capabilities. Tyson shares how Uptycs utilizes their robust use case library to demonstrate and provide creative solutions to their customers, compares the ATT&CK and D3FEND frameworks, and explores how Uptycs is leveraging the D3FEND framework to better implement defensive countermeasures. Lastly, Tyson gives his advice to folks looking to break into cybersecurity. 
    Guest Bio: 
    Tyson Supasatit is the Director of Product Marketing at Uptycs. He's been in the infosec space for over 10 years and has been fascinated with cyber defense for longer than he can remember. In his spare time, Tyson raises chickens, along with two children and various other pets.
    Links: 
    Thank you to our friends at Axonius and Uptycs for sponsoring this episode!
    Learn more about the MITRE ATT&CK and MITRE D3FEND frameworks
    Stay in touch with Tyson Supasatit on LinkedIn and Twitter
    Connect with Davin Jackson on LinkedIn and Twitter
    Watch the live recording of this show on our YouTube
    Continue the conversation by joining our Discord
    Hear more from  Hacker Valley Media and Hacker Valley Blue
     

    • 41 min
    Human-centric Security With McKenna Yeakey

    Human-centric Security With McKenna Yeakey

    In this episode of Hacker Valley Blue, host Davin is joined by McKenna Yeakey, a Corporate Security Engineer at Plaid, to discuss the importance of human-centric security. Mckenna explores the “human” aspects of her job and why end user impact plays such a major role in her decision making. She shares how she leverages her natural curiosity and problem solving skills to perform the ins and outs of threat intel as well as her thoughts on The Great Resignation and skill gaps in cybersecurity. Lastly, McKenna expresses her passion for mentoring the next generation of cyber professionals and her tips for newcomers in the field. 
     
    Guest Bio: 
    Mckenna Yeakey is a Corporate Security Engineer in the FINTECH industry. She leverages her technical skills and domain knowledge to bring value to the organization and the cybersecurity community. She is also a very active member of the Women’s Society of Cyberjutsu, Cybersecurity Gatebreakers Foundation, and an SME for CompTIA.
     
    Links: 
    Thank you to our friends at Axonius and Uptycs for sponsoring this episode!
    Stay in touch with Mckenna Yeakey on LinkedIn and Twitter
    Connect with Davin Jackson on LinkedIn and Twitter
    Watch the live recording of this show on our YouTube
    Continue the conversation by joining our Discord
    Check out  Hacker Valley Media and Hacker Valley Blue
     

    • 48 min

Customer Reviews

5.0 out of 5
2 Ratings

2 Ratings

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
NPR
Cal Newport
The New York Times
Chris Tarbell & Hector Monsegur

You Might Also Like

Hacker Valley Media
Phillip Wylie, ITSPmagazine
Black Hills Information Security
CyberWire, Inc.
The Record by Recorded Future
Cybereason