• S4S3 State of Ransomware in Cyber Security - Interview by AlgoSec
    Nov 9 2022

    Discussion with AlgoSec around ransomware based off of the Extrahop Cyber Confidence Index 2022.  I cover numerous questions about what organizations are doing today and what they should change to improve cyber defenses.  The crux of this study shows the cognitive dissonance of cyber security leaders and IT decision makers.  They believe one thing whereas the evidence completely contradicts what they say.
    Visit this link to learn more about Network Security in Cloud, Cloud Application Networks, and Application Network Security.
    Visit this link to learn more about Firewall Management tooling, Firewall Management Policy, and Firewall Management Services.
    Visit this link to learn more about Application Security, Network and Application Security, and Network policy management.

    Support the show
    Show More Show Less
    29 mins
  • S4E10 Cyber Security Attacks in the News Summer 2022
    Sep 21 2022

    In this episode I discuss cyber-attacks in the Summer of 2022.  I’ll review who was attacked, its impact, and the aftermath.  While I would love to go into the technical details about the attacks, that data becomes harder and harder to find with each breach and news release.  Victims are tight lipped and apparently being told more and more to not share technical details.  

     We know that both China and Russia have increased cyber-attacks due to global tension in Taiwan (Chinese Taipei) and Ukraine.  I am certain there have been many, many, more that we are not hearing about for internal security reasons as well as not “tipping our hand” that we know what’s happening or who we believe is doing the attacks.  Attribution for attacks is extremely difficult as mentioned previously with the swatting incident on an American federal representative. 

    Sign up for NewsBits from SANS
    Sign up for the OUCH! Newsletter at SANS; (Scroll down and signup in the lower right)
    PWC Cyber Survey
    Extrahop Survey
    Security Magazine offers solid content
    More Information about the Hive RaaS Organization: Hive Targets Costa Rica
    LAUSD Attack
    North Korea, US Feds, Ransomware and Healthcare Organizations
    North Korea Crypto Heist
    OSC/Key Bank Attack

    Support the show
    Show More Show Less
    16 mins
  • S4E9 Online Cyber Security Tools and Building Lab Environments
    Sep 14 2022

    This episode covers online tools and lab environments that cyber security students and early professionals can use to learn and increase technical skills.  While these environments are usually meant for those that want to get very deep with the technical side of cyber security, non-technical folks can certainly use these as well.  The tools/trainings go as deep as the user wants.  I also go over building a lab at home using Virtual Box or VMWare.  I also provide insight and recommendations for building a Cloud based lab environment in Azure or AWS.  This episode came out of comments made by Adrianus Warmenhove in S4E8 around VPN's and NordVPN.

    Send comments, questions, and episode ideas to: cybergreybeard@gmail.com 

    Rangeforce
    Hack The Box
    Infosec Institute Skills
    Hacker Rank for Developers
    Hacktory.ai
    Azure
    AWS
    Cloud Comparisons
    MITRE ATT&CK
    Kali.org Downloads (Then select “Virtual Machines)
    Sourceforge Comparison Page
    Network Security Management Companies
    Network Security Management Comparison

    Support the show
    Show More Show Less
    18 mins
  • S4E8 Interview with Adrianus Warmenhoven - Cyber Security and NordVPN
    Sep 7 2022

    In this episode I spend 30-minutes talking with Adrianus Warmenhoven, Defensive Strategist at Nordvpn.   We dove into virtual private networks (VPN) and networking.  Hear how VPN's work, when to use them and why.  We discuss real-world examples and talk security stories as well as some cyber security history.

    Send comments, questions, and episode ideas to: cybergreybeard@gmail.com 

    NordVPN
    RFC1918
    Tim Berners-Lee
    OSINT Tools – Open-Source Intelligence Tooling
    For those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo. 

    Support the show
    Show More Show Less
    31 mins
  • S4E7 Red Team, Blue Team, Purple Team in the Cyber Security Realm
    Aug 31 2022

    Here I talk about different avenues within cyber security.  We use terms such as red team, blue team, and purple team when discussing offense, defense, and a merger of the two.  I’ll go over different technologies, teams that cover each of these areas and jobs that involve each team.  We have these teams and terms due to the size and complexity of the overall cyber security profession.   This episode provides a lot of insight on technologies and jobs to help listeners better focus on their cyber security journey.

    Send comments, questions, and episode ideas to: cybergreybeard@gmail.com 

    Redscan
    Red Team Tools by Goran Jevtic
    Medium Article by Anil Yelken
    Crowdstrike CTI
    Halborn exploit development by Rob Behnke
    FRSecure
    NodeZero
    Cyber Ranges
    CISA Tabletop exercise packages

    For those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.

    Support the show
    Show More Show Less
    25 mins
  • S4E6 Getting More from Your Cyber Security Employer
    Aug 24 2022

    This episodes has me  talking about how employees can get enhanced benefits from their employer.  Most people figure salary is the only thing that matters from when it comes to the benefits of working.  This is a major mistake.  Healthcare alone can potentially bring thousands of dollars per year in additional compensation and companies vary greatly in this area.  401(k) programs have the potential of financially beating healthcare benefits depending on your salary, contribution, and company match program.   Does your employer treat you right with travel arrangements and expenses?  How about gym memberships or mass transit reimbursements?  Listen on and find ways to make hundreds or even thousands of dollars more from your employers existing benefits.

    Send comments, questions and episode ideas to: cybergreybeard@gmail.com

    For those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.

    Support the show
    Show More Show Less
    26 mins
  • S4E5 Interview with Perry Carpenter of KnowBe4 - Cyber Security Awareness Training
    Aug 17 2022

    Conversation with Perry Carpenter, C | CISO, MSIA, who currently serves as chief evangelist and strategy officer for KnowBe4, the world’s most popular security awareness and simulated phishing platform.   Perry and I talked about the history of KnowBe4, his journey in cyber security, what students and early professionals can study to succeed in social engineering among other topics.  Perry talks about his background and how he took his Arts and Science education to become an extremely successful cyber security professional.  Perry gives advice on what he looks for in hiring early professionals.

    Please make sure to send questions, comments, and episode recommendations to cybergreybeard@gmail.com

    For those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.

    Perry is A recognized thought leader on security awareness and the human factors of security, he’s provided security consulting and advisory services for the world’s best-known brands. His previous book, Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, quickly gained a reputation as the go-to guide for security awareness professionals worldwide, and, in 2021, he was inducted into the Cybersecurity Canon Hall of Fame.  He’s the creator and host of the popular 8th Layer Insights podcast and co-author of the new book The Security Culture Playbook: An Executive Guide to Reducing Risk and Developing Your Human Defense Layer (Wiley; April 19, 2022). Learn more at SecurityCultureBook.com.

    KnowBe4
    The Art of Deception by Kevin Mitnick
    The Art of Invisibility by Kevin Mitnick

    Support the show
    Show More Show Less
    31 mins
  • S4S2 AlgoSec Interview: Aplication Security for Cyber Security Professionals
    Aug 10 2022

    Podcast sponsored by AlgoSec where I discuss how applications impact network and security engineers.  This was a 1:1 conversation between me as an SME with a marketing leader  at AlgoSec.  You can find the full video interview here.  This topic provides detail on challenges experienced by network and security engineers related to applications and application security.  We talk about a business focus and the need for network and security engineers to know and focus on more than packets and protocols. 

    Visit this link for a blog post associated with this discussion. 
    Visit this link to learn more about application security and application management.


    Support the show
    Show More Show Less
    20 mins