Brakeing Down Security Podcast
A podcast all about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.
Episodes
Dan Borges - Author @1njection
?
?
https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply...
Dan Borges - Author @1njection
https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-suppl...
Ms. Berlin’s conference report WWFH (reno, NV)
Her next appearances will be at Defcon 2021 and BlueTeam Con 2021!
https://www.infosecurity-magazine.com/news/amazon-prime-day-phishing-deluge/
https://www.ehackingnews.com/2021/06/threat-actors-use-google-drives-and.html
https://www.kennasecurity.com/blog/vulnerability-score-on-its-own-is-useless/
https://portswigger.net/daily-swig/nist-charts-course-towards-more-secure-supply-cha...
EO from President Biden asked for a plan to create Zerotrust implementation in the next 90 days (well, 70ish days now… as of 23 May)
https://twitter.com/SecuritySphynx/status/1390475868032618496
@securitySphynx
“CIO: Zero Trust is the way…”
What is the optimal configuration (read: easiest) zero trust config?
Are there different ways to implement Zero Trust?`
https://solutions.pyramidci.com/blog/posts/2021/february/the-swi...
Full show notes are available here: https://docs.google.com/document/d/14dCpXeQ520IcZC3m007zVPhlIPXKgfv0LkqVnbDx0fc/edit?usp=sharing
EO from President Biden asked for a plan to create Zerotrust implementation in the next 90 days (well, 70ish days now… as of 23 May)
https://twitter.com/SecuritySphynx/status/1390475868032618496
@securitySphynx
“CIO: Zero Trust is the way…”
What is the optimal configuration (read: easie...
part 2:
CTF OSINT discussion
How people will give additional information, even if they aren't receiving points for it.
Gamifying and motivating people to 'do the right thing', like offering a chance to win a lottery for a covid vaccine, or free sports tickets to get a shot, or gift cards when reporting phishes.
Joe Gray @C_3PJoe
OSINTION
New book… ship date? How to get it?
Elizabeth Wharton: @lawyerliz on Twitter
Executive Order: (https://www.americanbar.org/groups/public_education/publications/teaching-legal-docs/what-is-an-executive-order-/)
“An executive order is a signed, written, and published directive from the President of the United States that manages operations of the federal government. They are numbered consecutively, so executive orders may be referenced by their assigned number, or ...
Joe Gray @C_3PJoe
OSINTION
New book… ship date? How to get it?
https://www.amazon.com/Practical-Social-Engineering-Joe-Gray/dp/171850098X/
https://nostarch.com/practical-social-engineering
"Gray provides a very accessible look at social engineering that should be essential reading for pentesters and ethical hackers."
— Ian Barker, BetaNews
Story (Bryan: found my shipmate from the Navy)
...Updates to the Linux kernel controversy: https://lwn.net/SubscriberLink/854645/334317047842b6c3/
@pageinSec on Twitter
Dan Kaminsky obit: https://www.theregister.com/2021/04/25/dan_kaminsky_obituary/
Spencer Geitzen: http://brakeingsecurity.com/2018-024-pacu-a-tool-for-pentesting-aws-environments
https://en.wikipedia.org/wiki/Milgram_experiment
https://lore.kernel.org/lkml/20210421130105.1226686-1-gregkh@linuxf...
@pageinSec on Twitter
?
Dan Kaminsky obit: https://www.theregister.com/2021/04/25/dan_kaminsky_obituary/
?
Spencer Geitzen: http://brakeingsecurity.com/2018-024-pacu-a-tool-for-pentesting-aws-environments
?
https://en.wikipedia.org/wiki/Milgram_experiment
?
https://lore.kernel.org/lkml/20210421130105.1226686-1-gregkh@linuxfoundation.org/
?
https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021
Reparations.tech
*Public Safety Coordinators
-Field Operations (Road Incidents)
-Specialized Buildings (The Library, Medical Facilities, CCR)
*Public Safety Officers
A. Discuss Training
-SOP Creation
*SOPs are very custom and dependent on the organization. There are no “NIST” standards.
[IN CYBER: Frameworks for Physical Security ---> ]
*Think on your feet, many plans often get thrown out the window.
*Creating policies due to u...
Bios for guests
Reparations.tech
*Public Safety Coordinators
-Field Operations (Road Incidents)
-Specialized Buildings (The Library, Medical Facilities, CCR)
*Public Safety Officers
A. Discuss Training
-SOP Creation
*SOPs are very custom and dependent on the organization. There are no “NIST” standards.
[IN CYBER: Frameworks for Physical Security ---> ]
*Think on your feet, many plans often get thrown out the window.
*C...
In this episode:
knowing your audience - discussing the IR impact
how did this happen? how deep do you want to tailor your potential discussion?
Every level must be asking "what, when, why, how?", not just those in the trenches
does the level of incident mean that communication scales accordingly?
And much more!
Dr. Catherine J. Ullman (@investigatorchi)
Incident Response communications
Reminders:
Patreon Jeff T. just...
Dr. Catherine J. Ullman (@investigatorchi)
Incident Response communications
Reminders:
Patreon Jeff T. just became a $2 patron!
Accepted to CircleCityCon on IR communications!
Bsides Rochester Security B-Sides Rochester
Spoke at SeaSec meetups:
Qualys Update on Accellion FTA Security Incident | Qualys Security Blog
Security Advisory | SolarWinds
Family Educational Rights and Privacy Act (FERPA)
It’s importa...
@thefluffy007
A Bay Area Native (Berkeley)
I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this)
Was a bad student in my ninth grade year - almost kicked out of high school due to cutting. Had a 1.7 GPA. After my summer internship turned it around to a 4.0.
Once I graduated from high school, I knew I wanted to continue on the path of computers. Majored ...
@thefluffy007
A Bay Area Native (Berkeley)
I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this)
Was a bad student in my ninth grade year - almost kicked out of high school due to cutting. Had a 1.7 GPA. After my summer internship turned it around to a 4.0.
Once I graduated from high school, I knew I wanted to continue on the path of computers. Majored ...
2021-007-News-Google asking for OSS to embrace standards, insider threat at Yandex, Vectr Discussion
Ronnie Watson (@secopsgeek)
Youtube: watson infosec - YouTube
watsoninfosec (Watsoninfosec) · GitHub
Feel free to add anything you like
Wazuh - fork of OSSEC (Migrating from OSSEC · Wazuh · The Open Source Security Platform)
Popular Podcasts
If you can never get enough true crime... Congratulations, you’ve found your people.
We’re at our most vulnerable when we go to our doctors. We trust the person at the other end of that scalpel. We trust the hospital. We trust the system. Christopher Duntsch was a neurosurgeon who radiated confidence. He claimed he was the best in Dallas. If you had back pain, and had tried everything else, Dr. Duntsch could give you the spine surgery that would take your pain away. But soon his patients started to experience complications, and the system failed to protect them. Which begs the question: who - or what - is that system meant to protect? From Wondery, the network behind the hit podcast Dirty John, DR. DEATH is a story about a charming surgeon, 33 patients and a spineless system. Reported and hosted by Laura Beil.
This is what the news should sound like. The biggest stories of our time, told by the best journalists in the world. Hosted by Michael Barbaro. Twenty minutes a day, five days a week, ready by 6 a.m.
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks then look no further. Josh and Chuck have you covered.