Security by Default

Joseph Carson

0.0(0개의 평가)
과학 기술
격주 업데이트

Security by Default is a cybersecurity podcast hosted by Joseph Carson, a renowned ethical hacker and security expert. Each episode dives into the latest security trends, real-world threats, and practical advice for staying safe in the digital world. With insightful interviews and clear explanations, Joseph makes complex topics accessible for both IT professionals and curious listeners alike.

5일 전

The Power of OSINT, Data, and Differentiation in Cybersecurity with Zaira Pirzada

The Power of OSINT, Data, and Differentiation in Cybersecurity with Zaira Pirzada Learning, Listening, and Leading in Cybersecurity In this episode of the Security by Default podcast, host Joe Carson speaks with Zaira Pirzada, managing partner of Infinitus Management Consulting. They discuss Zaira's journey into cybersecurity, the importance of open source intelligence, and the lessons learned from her time at Gartner. Together, they delve into the intricate world of cybersecurity marketing, exploring the unique challenges faced by CMOs in this dynamic industry. From the perception of marketing as a cost center to the complexities of standing out in a crowded market, Zaira shares her insights on navigating these hurdles. Tune in to discover how effective storytelling, data-driven strategies, and a deep understanding of market dynamics can transform cybersecurity marketing efforts. The conversation also covers the significance of unique value propositions, and the evolving landscape of cybersecurity vendors. Zaira emphasizes the role of data in decision-making and the need for continuous learning in a rapidly changing field. #Cybersecurity #MarketingChallenges #Podcast Takeaways Zaira Pirzada's journey into cybersecurity was unintentional but evolved into a passion.Open source intelligence (OSINT) played a crucial role in Zaira's early career.Listening and learning from others is vital in the cybersecurity industry.The transition from analyst to CMO involves understanding market dynamics and customer needs.Unique value propositions are essential for startups to stand out in a crowded market.Data is a key asset in cybersecurity, influencing decision-making and strategy.Building trust and reliability is crucial in cybersecurity communications.Negotiation in cybersecurity is evolving with the introduction of AI and data valuation.Education and knowledge sharing are fundamental to success in the cybersecurity community.Continuous learning is necessary to keep up with the fast-paced changes in the industry. Chapters 00:00 Introduction to Cybersecurity Journeys02:58 The Path to Cybersecurity: Education and Early Experiences06:04 The Role of Open Source Intelligence in Cybersecurity09:09 The Evolution of Cybersecurity Careers11:59 Lessons from Gartner: Listening and Learning14:44 The Transition to CMO: Marketing in Cybersecurity17:48 The Importance of Unique Value Propositions20:51 Navigating the Cybersecurity Vendor Landscape23:59 The Role of Data in Cybersecurity26:50 Staying Updated in a Rapidly Changing Field29:41 Conclusion and Future Directions

51분
8월 27일

From Chaos to Clarity: A Cybersecurity Journey with Secretary Harry Coker Jr.

In this episode of the Security by Default podcast, host Joe Carson speaks with Secretary Harry Coker Jr. about his journey into cybersecurity, the importance of mentorship, and the challenges faced in leadership roles. They discuss the evolving role of AI in government and cybersecurity, the significance of resilience in the face of failures, and personal interests that help them unplug from their busy lives. The conversation emphasizes the need for clarity in chaos and the importance of learning from every experience. Takeaways Bringing clarity to chaos is essential for success.Mentorship plays a crucial role in career development.Every day in leadership presents new challenges and opportunities.Learning from both successes and failures is vital.Trust but verify is a key principle in leadership.AI is transforming government operations and cybersecurity.Cyber resilience is becoming more important than ever.Personal interests help leaders to unplug and recharge.Success is often shared, while failure is solitary.The human element must remain in AI decision-making. Chapters 00:00 Introduction to Cybersecurity and Personal Journeys 06:05 The Importance of Mentorship and Teamwork 11:48 A Day in the Life of a Cybersecurity Leader 17:51 Lessons Learned from Challenges and Failures 21:53 The Impact of AI on Cybersecurity and Governance 29:42 Personal Interests and Unplugging from Work Resources The following books and resources were mentioned: "Character" by retired U.S. Army General Stan McChrystal - Harry Coker mentioned he started reading this book and found it insightful, particularly about self-awareness and challenging oneself."The Power of Now" - Joseph Carson mentioned this book as one he was recommended to read and was working towards.

37분
8월 14일

Special Episode with Mikko Hyppönen: From Malware to Drones – A Black Hat Farewell

In this special edition episode of the Security by Default podcast, Mikko discusses his extensive career in cybersecurity, his transition to a new role in drone defense, and the innovative Museum of Malware that showcases the intersection of art and cybersecurity. He reflects on his journey, memorable experiences, and the importance of storytelling in engaging audiences Takeaways Mikko's alternative career choice was journalism.He started in programming and transitioned to cybersecurity.Keynote speaking at Black Hat involves storytelling.Experience reduces anxiety in public speaking.The Omega virus was Mikko's first memorable malware.The Museum of Malware archives the history of cyber threats.The museum features art inspired by malware and cyberattacks.Mikko is transitioning to a drone defense company.He sees parallels between cybersecurity and drone defense.Mikko expresses gratitude for his 34 years in the cybersecurity industry. Resources: https://www.withsecure.com/en/experiences/museum-of-malware-art

10분
8월 13일

Exploring Machine Identities in Cybersecurity with Evandro

In this episode of the Security by Default podcast, Joseph Carson and Evandro Goncalves discuss the critical topic of machine identities also known as non-human identities (NHI), exploring their definitions, challenges, and best practices for management. They delve into the complexities of managing non-human identities in cybersecurity, emphasizing the importance of visibility, risk management, and the principle of least privilege. The conversation also highlights experiences from the NATO Lock Shield event, showcasing the real-world implications of identity security. Evandro shares insights on staying updated in the cybersecurity field and the importance of hands-on learning. Takeaways The podcast aims to make security accessible to everyone.Machine identities are non-interactive identities used in IT environments.Organizations may have up to 80 machine identities for every human identity.Visibility and management of machine identities are significant challenges.Over-privileged accounts are a common issue in organizations.Applying the principle of least privilege is crucial for security.Communication and coordination are vital during cybersecurity events.Hands-on experience and laboratories are effective for learning new technologies.Staying updated with threat reports is essential for cybersecurity professionals.Networking through platforms like LinkedIn is beneficial for knowledge sharing. Keywords machine identities, cybersecurity, identity security, non-human identities, security management, best practices, NATO Lock Shield, visibility, risk management, zero trust

40분
7월 30일

From Hacker to Hero: Hieu Minh Ngo's Journey

In this episode of the Security by Default podcast, host Joe Carson interviews Hieu Minh Ngo, a former cyber-criminal turned cybersecurity advocate. Hieu shares his journey from a curious teenager in Vietnam to a successful hacker, his time in prison, and his eventual redemption as he now works to help others avoid the pitfalls he faced. He discusses the importance of honesty, mentorship, and using one's skills for good, emphasizing the need for awareness in cybersecurity and the potential for change in the lives of young hackers. Takeaways Hieu Minh Ngo transitioned from a cyber-criminal to a cybersecurity advocate.His journey began with curiosity about computers and the internet.He faced severe consequences for his hacking activities, including imprisonment.Prison became a time for self-reflection and personal growth for Hieu.He emphasizes the importance of being honest with oneself.After prison, he was recruited by the Vietnamese government for cybersecurity work.Hieu now mentor’s young hackers to use their skills for good.He believes in the power of community and positive influences.Hieu encourages young hackers to participate in bug bounty programs.He stresses that good things will happen when you do the right thing. Chapters 00:00 Introduction to Cybercrime and Transformation11:56 The Journey from Hacking to Cybersecurity23:48 The Dark Web and Identity Theft29:46 Finding Purpose in Prison31:41 The Journey to Redemption35:59 Consequences and Redemption37:27 Life After Prison: A New Beginning42:31 Using Skills for Good49:23 Awards and Recognition51:22 Future Aspirations and Mentorship

49분
7월 16일

Understanding Identity Threats in Cybersecurity with Filipi Pires

In this episode of the Security by Default podcast, host Joe Carson speaks with Filipi Pires, a cybersecurity expert with a diverse background in both technical and sales roles. They discuss Filipi's journey into cybersecurity, the importance of identity in security, and the challenges organizations face with misconfiguration. The conversation also covers tools and techniques used in cybersecurity research, the significance of observability, and the need for continuous learning in the field. Filipi shares insights on community engagement and the importance of respecting the journey in one's cybersecurity career. Takeaways Identity is a central theme in cybersecurity.Misconfiguration is a leading cause of security issues.Continuous learning is essential in the cybersecurity field.Tools should be used to understand techniques, not just for their own sake.Community engagement is vital for knowledge sharing.Phishing remains a simple yet effective attack method. Legacy software poses significant risks to organizations.Observability is crucial for effective security management.Respecting the journey in cybersecurity is important for growth. Chapters 00:00 Introduction to Cybersecurity Journey02:49 Exploring Cybersecurity Research and Trends05:32 Tools and Techniques in Cybersecurity Research08:34 Learning Through Capture The Flag Events11:28 Identity Threats and Misconfigurations14:16 Legacy Systems and Their Impact on Security25:40 Understanding Use Cases in Security Permissions27:36 The Principle of Least Privilege29:31 The Complexity of Identity Management30:28 Challenges in Observability and Access Control32:16 Navigating Multi-Cloud Permissions34:07 Tools for Enhancing Security Visibility 36:14 Continuous Learning in Cybersecurity 41:53 Community Engagement and Knowledge Sharing45:32 Respecting the Journey in Cybersecurity

48분
7월 2일

HackTricks AI - The Ethical Cybersecurity AI Assistant with Carlos Polop

In this episode of the Security by Default podcast, host Joe Carson welcomes back cybersecurity expert Carlos Polop. They discuss Carlos's journey into the cybersecurity field, the creation and impact of HackTricks, and the role of AI in cybersecurity. Carlos shares insights on using large language models for hacking, the future of AI, and upcoming training courses. The conversation emphasizes the importance of ethical hacking and the need for continuous learning in the rapidly evolving tech landscape. Key Takeaways HackTricks was created as a personal resource for learning and sharing knowledge.The community has greatly benefited from HackTricks in their learning journeys.AI is revolutionizing the field of cybersecurity and coding.Large language models can assist in finding vulnerabilities and automating tasks.It's important to ask the right questions when using AI tools.Carlos is developing new training courses focused on cloud security and privilege escalation.Hacktricks AI is designed to help users with specific cybersecurity queries.The future of AI in cybersecurity is promising but requires ethical considerations.Continuous learning and adaptation are crucial in the cybersecurity field. Chapters: 00:00 Introduction to Cybersecurity and Hacktricks02:54 The Journey into Hacking and OSCP05:54 The Impact of Hacktricks on the Community08:58 Recent Projects and Innovations in Cybersecurity12:00 The Role of AI in Cybersecurity14:57 Automating Code Creation with AI18:01 Future of Hacktricks and Upcoming Courses20:53 Final Thoughts on AI and Cybersecurity Resources: https://book.hacktricks.wiki/en/index.html https://training.hacktricks.xyz/ https://www.hacktricks.ai/ https://github.com/peass-ng/PEASS-ng

29분
6월 18일

Evolution of Identity Governance in Modern Organizations with Martin Sandren

In this conversation, Joseph Carson and Martin Sandren delve into the evolving landscape of Identity Governance and Access Management (IGA). They discuss the significance of IGA in modern organizations, the challenges faced, and the impact of cloud solutions and AI on identity management. The conversation highlights the need for contextual and adaptive policies, the importance of interoperability, and the role of community engagement through conferences to stay updated in this rapidly changing field. Key Takeaways IGA is essential for managing access and compliance in organizations.The shift to cloud-based IGA solutions has transformed the landscape.Contextual and adaptive policies are becoming the norm in identity management.AI is playing a crucial role in enhancing identity governance.Interoperability between systems is a significant challenge.Phishing attacks are increasingly sophisticated due to AI advancements.Zero trust principles emphasize reducing friction in access management.Shadow IT and shadow AI pose risks to organizational security.The signal-to-noise ratio in ITDR systems is a major concern.Engagement in conferences and communities is vital for professional growth in IGA. Chapters 00:00 Introduction to Identity Governance and Administration01:43 Understanding IGA vs. IAM04:02 Challenges and Shortcomings of IGA10:05 The Role of IGA in Modern Organizations17:20 Modernizing IGA: Cloud Solutions and Innovations19:07 The Acceleration of Cloud Adoption21:01 Evolving Identity Management Landscape22:53 AI's Role in Identity Governance24:41 Managing Non-Human Identities26:05 The Rise of Shadow IT and AI28:37 Future of AI in Identity Management30:35 Staying Updated in a Rapidly Changing Field Resources: Join an IdentiBeer meetup near you https://identi.beer/

35분
6월 4일

The Journey of a Hardware Hacker with Joe Grand

In this episode, Joe Carson interviews Joe Grand, a renowned hardware hacker and educator. They discuss Joe Grand's journey into hacking, the importance of community and collaboration in the field, and the evolution of technology and security challenges over the years. Joe shares his early experiences with computers, his transition from engineering to hardware hacking, and the pivotal role of the Loft in shaping his career. The conversation also touches on the founding of @Stake (ATstake, Inc.) and the challenges of balancing passion with corporate expectations in the cybersecurity industry. In this conversation, Joe Grand discusses his journey in the hacking community, including his experiences designing badges for Defcon, the importance of artistic engineering, and the impact of live hacking events. He shares insights on parenting in the digital age, the significance of legacy software security, and the challenges of vendor communication. Joe also highlights his current projects, the learning process through failure, and resources for aspiring hackers, culminating in a discussion about his involvement in a film related to cryptocurrency. TakeawaysCommunity and collaboration are vital in the hacking world.Hacking is a continuous learning process; you never know everything.Early experiences with computers often start with games and curiosity.The Loft provided a transformative experience for Joe Grand.Transitioning from engineering to hacking can be a natural progression.AtStake was a significant step in Joe's career, merging hacking with business.Finding purpose in teaching others about hardware hacking is fulfilling.The importance of viewing security from an adversarial perspective.Hacking and engineering can complement each other in unique ways. Joe Grand returned to design the Defcon badge after years away.He emphasizes the blend of art and engineering in hacking.Live events showcase the real-time problem-solving process in hacking.Parenting involves guiding children through the digital landscape.Not all hacks need to be groundbreaking to be significant.Legacy software security remains a critical issue.Effective communication between vendors and hackers is essential.Current projects focus on refining fault injection techniques.Learning through failure is a vital part of the hacking process.Documentation is crucial for replicating and building on work. Chapters00:00 Introduction to the Podcast and Guest01:43 The Journey of a Hardware Hacker05:16 The Importance of Community in Hacking09:50 Early Experiences and Hacker Origins14:41 Transitioning from Engineering to Hardware Hacking18:16 The Loft: A Transformational Experience23:51 From Passion to Career: The AtStake Journey30:56 Finding Purpose in Teaching and Hacking33:21 Reviving the Defcon Badge Design34:47 Exploring Artistic Engineering in Hacking35:44 The Impact of Live Hacking Events37:33 Parenting in the Digital Age39:28 Lessons from Hacking Time42:48 The Importance of Legacy Software Security46:37 Vendor Communication and Security48:58 Current Projects and Future Directions51:51 Learning Through Failure54:54 Resources for Aspiring Hackers58:56 The Intersection of Hacking and Film Additional Resources:https://grandideastudio.com/ https://www.youtube.com/watch?v=o5IySpAkThg https://www.imdb.com/title/tt27307826/

55분
5월 21일

Shadow AI and AI's Impact on Cybersecurity Strategies with Terence Jackson

In this episode of the Security by Default podcast, host Joseph Carson speaks with cybersecurity expert Terence Jackson about the evolving landscape of cybersecurity, the challenges faced by CISOs, and the importance of data security and governance. They discuss the impact of AI on security practices, the role of the CISO as a risk manager, and the need for organizations to prioritize foundational security measures in a rapidly changing technological environment. In this conversation, Terence Jackson and Joseph discuss the evolving landscape of cybersecurity, emphasizing the importance of asset management, the role of AI in business intelligence, and the need for a balance between security and user experience. They explore the future of CISOs in a world increasingly governed by digital intelligence and the necessity of continuous learning and community engagement in the cybersecurity field. Key Takeaways The cybersecurity landscape is constantly evolving, with new challenges emerging.AI is transforming both the attack and defense sides of cybersecurity.Data security remains a critical concern for organizations.CISOs are increasingly seen as risk managers rather than just security officers.Governance and compliance are essential for effective data management.Organizations must prioritize identity and access management.The role of the CISO has become more strategic and board-level.Understanding data exposure risks is crucial for compliance.Foundational security practices are necessary for effective defense.Continuous learning and adaptation are vital in the fast-paced tech world. AI will play a crucial role in enhancing business intelligence.Effective asset management is foundational for organizational security.Zero trust must be balanced with zero friction for user experience.Creating a positive security culture is essential for engagement.CISOs will increasingly focus on data governance and business risks.The proliferation of AI agents presents new security challenges.Security should be integrated seamlessly into user workflows.Continuous learning is vital in the rapidly changing cybersecurity landscape.Community engagement fosters knowledge sharing and support.Focusing on the basics is key to effective cybersecurity. Chapters 00:00 Introduction to Cybersecurity Journeys02:17 Challenges in Cybersecurity Today06:43 The Evolving Role of the CISO11:06 Governance, Compliance, and Data Security14:56 Prioritizing Security in a Fast-Paced World19:39 The Role of AI in Business Intelligence20:02 Importance of Asset Management21:52 Zero Trust and Zero Friction Security23:38 Creating a Positive Security Culture24:27 The Future of CISOs and Digital Intelligence29:32 Continuous Learning and Community Engagement Additional Resources: Connect with Terence: https://www.linkedin.com/in/terencejackson/ https://www.terencedjackson.com/

35분

10개의 에피소드

Security by Default is a cybersecurity podcast hosted by Joseph Carson, a renowned ethical hacker and security expert. Each episode dives into the latest security trends, real-world threats, and practical advice for staying safe in the digital world. With insightful interviews and clear explanations, Joseph makes complex topics accessible for both IT professionals and curious listeners alike.

제작진

Joseph Carson
방송 연도

2025년
에피소드

10
등급

전체 연령 사용가
저작권

© Copyright 2025 Joseph Carson
웹사이트 보기

Security by Default