April 4, 2023 • 68 mins
This week we sit and talk with Pat's co-worker Chris, who is a SOC Engineer at Customers Bank. We chat about how he got into cybersecurity, some SOC everyday tools, phishing attacks, and even some future SOC visions with ChatGPT. Join us!
Connect with Chris on Linkedin - https://www.linkedin.com/in/christopherwojtowicz/
Like us? Give us a review on Podchaser or Apple Podcasts to let us know!
Follow Breaking Down the Bytes!
Linkedin | Twitter | Facebook | Discord
Want to give feedback? Fill out our survey
Email us! - breakingbytespod@gmail.com
Follow Pat and Kyle!
Twitter:
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Pat (00:04):
Hey everybody.
Welcome back to this week'sedition of Breaking Down the
Bites.
As usual, we are back this week.
I'm your host, pat.
You can find me on Twitter atlayer eight packet.
That's the number eight.
Kyle, he's not here this week,but you can find him on Twitter
as well.
He's at Dan, that's 2 56.
Alex, you're not on social mediaat all, so you can get the show
on Twitter at Breaking Bitespod.
(00:26):
If you wanna talk to Alexspecifically, just hit us up
there and he'll get the message.
We're pretty active on Twitter,so come say hello.
If you like the show, don'tforget to subscribe on your
platform of choice.
Alex, what's up man?
How you doing?
Alex (00:41):
Well, outside of patiently waiting to see if I make the
Disney layoff cuts.
I mean, outside of that I'm
Chris (00:48):
Oh boy.
Pat (00:49):
Yeah, buddy.
Yeah, a couple tense momentsthere.
So you're everything else goingwell, but it's It's a tense
time.
I actually saw an April Fool'sjoke the other day that Bob Ier
laid himself off, which we allknow is not true.
He's like in the event ofcutting cost, I'm gonna cut
myself out at 25 million orwhatever the hell he's making.
So yeah, that was pretty funny.
Alex (01:10):
I like that.
Yeah.
Next big thing is tomorrowthere's a, an investor's call,
so be interested to see what hehas to stay there.
Pat (01:19):
Yeah.
See what happens there.
So we're all pulling for you.
Definitely let us know how thatgoes and next couple of weeks.
So, yeah, we're all good here.
I will say just a couple ofhousekeeping notes.
My March Madness bracket for anyof those that you follow from
college basketball, completelybusted.
There is no hope for my bracketanymore.
It is completely gone.
I didn't even make, like, Idon't think I had one team make
(01:42):
it to the final four.
It was just, it was crazy thisyear.
So March Madness for sure.
All my brackets are busted.
Good thing I didn't actually beton any of them, cuz I would've
been out quite a few bucks.
So I was terrible at it thisyear.
So, other than that, let's getinto the guest.
We have a guest this week withus Ladies and Germs mr.
Chris, and I'm not gonna butcheryour last name, Chris, I'll let
you pronounce it yourself.
(02:03):
But Chris, you and I worktogether at the bank.
You are on our soc team in ourIS department.
So, Chris, the floor is yours.
Why don't you get the people whoyou are and where you're coming
from and where you're at.
So, floor is yours, my man.
Chris (02:15):
Thanks guys.
Yeah, it's Chris Voy Taitz,pronounced with a V,
Pat (02:20):
See, look at that.
Chris (02:21):
but not spelled like that.
Spelled with a w.
Yeah.
Hey, thanks for having me on,guys.
No, I've been a I've been a SOCengineer now for about six
years.
I am kind of an older guy, so, Ihave kind of a, an IT background
before that graduated fromtemple University here in the
Philly area, and in the ninetiesbecame a network consultant
(02:42):
right away.
Worked on the old Nobel Networkplatform, which,
Pat (02:46):
Nice.
Chris (02:47):
yeah I'm going back ways guys, but I the best thing I can
say about that is, is novelinvented active directory before
Microsoft appropriated it.
Pat (02:58):
Stole it.
Chris (02:59):
before they, yeah, exactly.
I don't know how much you guys,Microsoft bash here, but
Pat (03:04):
We bash it all.
There's no safe space here.
Chris (03:06):
Cool.
Pat (03:07):
we call it like we see it, so it's all good.
Chris (03:09):
No,
Alex (03:09):
we're still, pat and I aren't the youngest.
I mean, we go back a little bit,
Chris (03:13):
cool.
Pat (03:14):
yeah.
Alex (03:15):
like I consider getting a cna.
So I mean,
Chris (03:19):
Oh, there you go.
Certified network administrator,
Alex (03:22):
been in
Pat (03:22):
There you go.
Yeah.
Right, right.
Yep.
Chris (03:27):
got a CNA in version three.
I think, as I remember, that Ithink three point 11 was the big
one in the late nineties.
But I'll never forget in theearly two thousands when I moved
more into a Microsoft area Ikept hearing about this active
directory and I'm like, thisRemi, this forest and trees
thing this reminds me of Novell,so, kind of funny.
But then I went to work for alarge pharmaceutical company and
(03:50):
I was there for about 15 yearsand did all types of IT
infrastructure roles.
Really good job.
Kept moving around softwaredeployment email team.
Actually the email team was,when I first started doing kind
of security work, cybersecurityinvestigations.
It was actually internalemployee investigations.
(04:11):
And you knows some of the thingsthese employees were doing are
just you're doing that at workanything you can imagine, and,
they'd come to
Alex (04:19):
I have a terrible imagination.
So what are some of the worstthat are still PG enough to say
on a podcast?
Chris (04:26):
one employee was storing explosives underneath his desk.
Yeah.
And and they want their mailboxand you know what, all the proof
that led up to this and.
Everything like that.
A very common one was a marriedmanager with a married
subordinate.
And a mix of males and females,doesn't matter.
(04:46):
And it was funny, they wouldcome to me and say, give me
these two people's mailboxes fortwo weeks.
And and I would just do thatand, my job was done.
Alex (04:56):
Oh yeah, that's enough to start the rumor mill for
Pat (04:58):
Yeah, buddy.
Yeah.
Chris (05:02):
But actually that kind of, I found that kind of stuff
interesting.
It's kind of like being adetective and that's what the
core of why I enjoycybersecurity today.
But after that the speaking oflayoffs, Alex I was part of a
two 300 IT person layoff.
About eight years ago, nineyears ago from this
pharmaceutical company.
(05:23):
And it was the old they'reopening up an offshore center
that replaced all of our jobs.
I don't know if that theme isstill common today.
It's it's cheaper for a Europeancall center than here in the us
and then they kept people on totrain those folks, so,
Pat (05:38):
Sure.
Chris (05:40):
but this is the way large companies act.
But so I moved on from that andI did a couple contract works.
I really decided at the time I Ireally liked Cisco Network
Engineering.
So I got my C ccna it was aboutseven years ago, and.
As I was working in that, Istarted getting more interested
in cyber.
(06:00):
Personally I would be readingcybersecurity books.
A big original author of minewas Kevin Mitnick who's one of
the, he's an og hacker from longtime ago.
He works for uh, no before rightnow, which is a phishing email
company.
And he wrote a series ofexcellent books, like The Art of
Invisibility, the Art ofdeception, and all types of
(06:21):
things.
So, I really started gettinginterested in that and I think
one of my contracts ended andthen a banking cybersecurity
position came up not with mycurrent bank.
And they needed some temporaryhelp a guy there was out for
several months.
So, they took me on for sixmonths.
I loved it.
I was kind of a raw, you come tocybersecurity with an it
(06:43):
approach and you kind of have toforget that it approach a little
bit and just think more ofsecurity and cyber.
So, after I learned about scenetools and all incident response
and investigations anddocumenting stuff and log review
and all the stuff that cyberfolks do.
And then that contracted and Iwas immediately picked up by
(07:04):
customers bank luckily as adirect employee and in instead
of the contractor.
They're really a contractorthese days.
I, pat, I know, what I'm talkingabout here,
Pat (07:14):
Yep.
Yep, for sure.
Chris (07:16):
they, they want to try people out as contractors first.
Y
Pat (07:20):
try before you buy.
Oh Yeah,
Chris (07:24):
But no.
I've been there for about four,four or five years now, and it's
been fantastic.
It's like a daily challenge.
I've been a SOC engineer usingabout 15 or 20 different tools
and it's it's really the whatI've really learned it's a wide
breadth of the position.
A lot of it folks justspecialize in, they're the ad
(07:46):
guy or they're the Cisco guy.
But cyber people have to knowlike every single tool, every
single subnet how applicationswork, what APIs cloud
everything.
And that's been a realchallenge.
It's it's certainly somethingwhere you deal with several
emergencies every day and youkind of have to work through
them.
You get help if you need it.
(08:07):
And then, management comes inwith some customer requests and
it's it's certainly alwaysinteresting.
Definitely.
Alex (08:15):
For sure.
Pat (08:17):
you.
Alex (08:18):
Yeah.
And.
I'll be honest, when someonesays they're part of a soc
security Operations center, Iguess the first thing in my mind
I think about is just firewalls.
But I guess there's just so muchmore to it.
And I guess, can you kinda giveus a quick rundown of what a
(08:40):
day-to-day would look like?
Maybe that's tough to do, maybelike a normal week.
What are some of the devicestools that you're touching on a
weekly basis?
The most common things?
Chris (08:51):
Actually that, that was at what I was originally hired
for because I had a, a Ciscofirewall knowledge.
And that's when I came on and Iexpanded into network security a
little bit, but honestly, I'vehandled all types of different
pieces of a sock.
Obviously a lot of it isincident.
And using all your tools tocorrelate problems and put put
(09:14):
different pieces together of anincident and detect incidents.
I've I've worked on a wholebunch of incidents and stuff
that I've found.
I've worked on malware infecteddesktops and laptops, and I just
worked on all types of crazyproblems.
But there are different, I wasgonna talk to this.
There are lots of differentroles in a soc.
(09:36):
One very important one isvulnerability management.
Tools like Tenable neis coli.
There's other scanning toolslike that.
That's a very important part ofsoc is again, a soc is a lot of
monitoring.
First off besides the actualincident response and
vulnerability management is,you're detecting something
(09:56):
unpatched in the wild malware inthe wild, and they, and their
advice is have this Microsoftpatch six point x or higher.
And you check we, we check ourcurrent version levels and
we're, some of'em are at fivepoint x and we're like all
right,
Pat (10:11):
Yep.
Chris (10:12):
drop everything in patch there.
So, yeah, vulnerability.
In fact vulnerability managementis like a full-time job in
itself.
And I in, various job reviewsI've done in over the years I've
seen dedicated vulnerabilitymanagement positions and cause,
cause that's very important justto make sure.
All of the software, all of theinfrastructure is not is
(10:35):
software patched?
Alex (10:36):
And at least with your role, once you identify these
vulnerabilities, are you the onethat has to ultimately patch
them or you're having to trackdown the groups and kinda hound
them until it's done?
Chris (10:50):
It's well, a lot of companies are set up where the
cybersecurity is monitoring, andthen the actual IT group are the
ones that actually apply thepatches.
I don't know, Alex if that's theway it is at Disney or that, the
cyber group is strictly formonitoring and they don't have
global admin access at all.
(11:10):
So they just makerecommendations and that the IT
group has to follow,
Alex (11:17):
So you could be the most hated group in the entire
company, at least when it comesto it.
You make every other team's life
Chris (11:25):
my God.
You're exactly right.
You're exactly right, Alex.
Oh my God.
No,
Alex (11:30):
got project they're celebrating cuz everything went
in without a hitch.
And then they're told like 24hours later that it's got, 237
vulnerabilities.
Oh.
Chris (11:43):
e exactly.
And the unfortunate position isbecause ASOC is so much
monitoring, it's, we give it anda lot other groups work to do.
And, sometimes we get requestsback to us and, projects and
stuff.
That's another thing that makesthe job fun.
We work on projects and softwareanalysis and development.
(12:04):
But no it's, we're always comingaround asking it to do
something, and that I'm surethat gets old for them very
quickly.
Pat (12:13):
Well, Chris, it was good to talk to you.
We gotta get outta here now.
No, I'm just kidding.
Chris (12:16):
hello.
Hello.
Pat (12:18):
yeah, exactly.
You're also the department of NoI've heard the security
departments are also thedepartment of No.
It's like, oh, can I do this?
Could I install this program?
Everybody's like, no.
It's like a, like you just walkaround with a big stamp just
going no.
Just denying everybody.
Chris (12:31):
Oh yeah and that, that goes across the board with
software, risky software andwebsites that employees want to
visit that are not that aremalicious or
Pat (12:42):
Yeah.
Right.
Not a business need.
Yeah.
Chris (12:45):
yeah.
E exactly.
We've gotten some crazy oneswith, firearm sites and, stuff
like that.
It's like there's no businessreason for this.
Pat (12:55):
Be.
Chris (12:56):
Yeah.
But I hope that answers yourquestion, Alex.
Pat (13:00):
Yeah.
Alex (13:01):
so do teams often come to you or ever come to you before
they do a big project to kind ofget cyber securities blessing
before they go about a largeproject?
Chris (13:12):
Yes.
Yes, they do.
Especially if the projectinvolves brand new software to
the bank.
And our team has a kind of asoftware ana, a new vendor
software analysis process isvery detailed.
Even the history of this newvendor, if they've ever been
involved in any cyber incidentsor anything like that.
So that they really have to havea a set stamp of approval.
(13:37):
Now that might be more financialcompany specific.
Cause, we go through audits forfederal and state and,
everything has to be kind ofcertified and approved by audit
and audit department.
Alex (13:50):
Gotcha.
Yeah, that makes sense.
All right, well, I have onequestion that I definitely want
to touch on before the end ofthis conversation, but it is on
a completely different,Wavelength.
So I'll let Pat suggest anyfollow up questions before I do
it.
Pat (14:07):
Now I'm just trying to think of, so, so typically, and
I guess this depends on the sizeof your company, but what's a
typical size of soc?
Is it, is there a steadfastnumber?
Is it, is it 10, is it 20?
Is it 50?
Whatever.
Now, obviously that's gonnadepend on size, but you know,
what's a good average as far aslike, how many bodies do you
have to what, the ratio bodiesto what you're monitoring or how
(14:30):
many endpoints?
Chris (14:31):
I'd say for most smaller to medium size companies, it's
about five to 10 people.
A mix of analysts and engineersand the vulnerability management
person, as I mentioned.
There's other people too who aremore threat intel, threat feed.
They go out and they they goonto the dark web and see if our
(14:52):
company's been mentioned or not,and, take actions from there.
And I think Telegram is one.
I think that's one of those glsomething like sp Skype that is
used a lot by malicious folks.
And so we have people monitoringthat.
And so, and that, that goes intodomain typo squatting as well
(15:12):
where they change your domain alittle bit and then they send
email, phishing emails and otherstuff from that.
There, there's so many examplesof it.
But so we our team tries to beinvestigate things before they
they hit us, but but yeah.
But you know, with largercompanies, pat they have like a
vulnerability managementdepartment and then they have.
(15:35):
And an incident responseinvestigation department.
So they, they have like five to10 people in each of those
departments cuz you know, it'sa, usually a global scope.
Pat (15:45):
Sure.
Sure.
And then you said some of thetools and whatnot.
Right?
So, a lot of ESUs or Tenable orQualis is another one that I've
had, I've worked at a coupleplaces.
They do callus, internalscanning and all that kind of
stuff and whatnot.
So, any others that you can kindof think that are sort of the
forefront of somebody that a,somebody in a sock that would
use
Chris (16:04):
Definitely.
Well, the, well the really thecore of a SOC team is the seam
tool, s i e M which is securityincident, event monitor.
A lot of those tools are likeSplunk.
Splunk is kind of the industryleader
Pat (16:19):
The big boy in the room?
Yeah.
Chris (16:21):
Yeah.
There's other ones likelogarithm and several others.
Competitors, oh.
Microsoft has Sentinel One se ifyou've ever heard of.
That's their scene tool.
And all that is, is just a hugedata gatherer from mult, from
tons of different sources.
And it all kind of crystallizesit in new one searchable I'm not
(16:45):
gonna say database, but onesearchable location in there.
There's queries and dashboardsand reporting that you create
from the same tool, which youcan practically do anything and
anything custom to frequentlymanagement will have, what about
this tool and who did, who gotinto this for during this custom
timeframe?
And, there's a there's a querylanguage in, in all scene tools.
(17:09):
That you can just punch upcustom scripts and pull in
anything custom.
But most times it's just usedfor monitoring and reporting and
definitely alerting.
You can there's a ton ofdifferent alerts and detections
that you have in your seam tooland we have an on-call rotation,
which monitors all of us.
(17:29):
And most of the alerts do comefrom a seam tool.
Pat (17:33):
Okay.
Chris (17:33):
There, there's other tools like, monitoring your
network infrastructure as patmanaging alerting on your
firewalls or if anything's downor if anything is being DDOSed.
That's a big thing.
There's WAFs web applicationfirewalls like, Imperva and
CloudFlare.
We have to monitor those twothose mainly stop besides,
(17:54):
filtering web traffic.
They're, they mainly defendagainst DDoS attacks, volume
attacks, trying to shut down awebsite.
Pat (18:01):
Sure.
If I could just back up for aminute just to the fishing
attempts and the domainsquatting and things of that
nature.
Truth be told, when I was at acompany couple years back, and
they used they used KevinMitnicks, same thing that know
before that training that hedoes or that company that he
owns whatnot.
And they basically just, it's aninternal, cyberware kind of
thing, blah, blah, blah.
And they would send like testphishing emails to, to places
(18:25):
and see who they actually catch,like internal employees.
And I was there like a couple ofweeks and they had this thing,
they had this thing which wasactually kind of cool, like
they.
It was I forget what the heckthey called it.
Kago or Ka Joe, something likethat.
Basically it was like a kudosthing.
Like, Hey, Chris, Chris, youhelped me out the other week.
Wait, way to go.
Nice job, blah, blah, blah.
(18:45):
And then you, so basically youaccrued so many of them and then
they threw you like an Amazongift card or something,
something of value and that kindof thing.
And so, so, they sent me a Phishattack and it said, Hey, your
boss sent you a kudos.
Click on this link to, to seeit.
And I clicked the link and
Chris (19:05):
And
Pat (19:05):
says, oh yeah, you need to log into your oh 365 to see the
blah, blah, blah.
And I did.
And it was like, oh, you've beencaught.
This is a fishing attempt.
I'm like, oh, no.
Like, I was like, my ego got inthe way.
I was like, wait, I'm gettingkudos out the way.
Let me get that thing.
It was,
Chris (19:20):
Yeah.
Pat (19:21):
I was like, everybody move out.
That kinda thing.
And it was a fishing attempt,and I was like, oh, you idiot.
I was like, sure.
The senior network engineer'sbeen here like a couple of
months, is, the first fishingattempt that's thrown out there.
He gets caught in the hook.
I'm like, it looks great,
Chris (19:34):
oh boy.
Yeah.
And and that's, You just namedit Pat, that's the most common
type of attempt in a phishingemail is credential harvesting.
Pat (19:43):
I was so mad.
I was like, oh, this, I'm suchan idiot.
That kind of thing.
But it was an internal test.
And we get them now where we areat at the bank, and I have not
failed one yet.
So knock on wood.
Chris (19:53):
You, learn your
Pat (19:54):
a thousand so far.
Yeah.
Like, Hey Chris, open this link.
This actually fish.
You were there.
Chris (19:59):
Yeah.
No.
A lot of different companies useproducts like Node before for
monthly campaigns, and our teamhas some fun with that, with
developing what's the latestcampaign that we can test the
employees with?
Know before is cool becausethen, if your employee fails the
phishing email test you can geta training assigned to you
(20:22):
again,
Pat (20:22):
And we all love that, right?
Extra work, extra training.
Chris (20:25):
some of those fishing tools don't offer training, but
I mean, they say, your employeesare your best defense here not
to fall for stuff, so, someemployees go through that
training several times and,
Pat (20:38):
Yeah,
Chris (20:39):
trying to get it through their
Pat (20:40):
Yeah.
Knocking in the old head.
Yeah.
No, I hear you.
I hear you.
No, I hear you.
Alex, do you have anything?
You have any questions there?
Alex (20:47):
Well, it's funny that you went back to that topic because
I was, I wanted to interject andask about phishing email
specifically, and I was curiousif they've been doing that
themselves.
Like if you within the bank havebeen sending out phishing emails
just to see who could, who falseprey to that.
Pat (21:06):
Yep.
Alex (21:07):
I didn't know about your story, pat.
Shame on you.
Pat (21:09):
I know.
Shame on me.
I know.
Oh, no.
Oh, like hanging my head.
Chris (21:14):
Can see it worked.
He's never phoned for anotherone ever again.
How long ago was that?
Pat (21:19):
This is like, like two years ago, something like that.
Like it
Alex (21:22):
and he is no longer with that company, so it definitely
Pat (21:24):
No longer with him yet.
Yeah.
Yeah.
Like how you failed the firsttime.
Get outta here, you bumped,kinda thing.
But no it's very easy.
And actually I'll mentionsomething.
I won't mention his name, but heis on my team now.
Well, my first couple of weekson the job.
And he actually fell for one.
It was disguised as a WebEx.
(21:45):
WebEx meet, and it came throughand it was, it came from our
boss, that kind of thing.
And he clicked it, and it was afishing one.
He got mad.
He was so mad at himself.
Like, if he listens to this, heknows who he is.
That kinda thing.
But, oh man, it was, oh, he wasso mad at himself.
He's like, oh, that reallylooked legit.
But like, he took screenshotsand sent it to everybody.
(22:05):
Like, look at this link.
Look at this email.
It looks so legit.
That kinda thing.
He was, oh, he was mad.
But it happens, man.
It happens easy.
It's quick.
Alex (22:13):
Yeah.
Chris (22:13):
power of a no before, where they can customize it.
They can personalize it to you.
Not just with, like my bosssending me something, but that
they can even, really apply tolike a project you're working
on.
Or a another common thing withfishing campaigns are anything
topical.
Like, you were mentioning yourMarch madness thing.
(22:34):
And we've done that one beforein previous years where right
before March Madness, when it'sall in the news, we'll send
something and, we, we get peoplelike that, cause you're, you
immediately associate, well,I've been hearing about March
Madness and here's an emailabout it.
You,
Pat (22:50):
sure.
Bunch of snakes.
Lemme tell you.
Jesus.
Chris (22:54):
Social engineering,
Alex (22:55):
Disney VP sent out an email recently to several of us
asking about filling out a MarchMadness bracket, and my very
first thought was, this is aPhish email.
I later found out that itwasn't, but that was my
immediate
Chris (23:09):
Oh,
Alex (23:09):
like, wait a second.
Pat (23:10):
Oh, that's,
Chris (23:13):
crazy, huh?
Alex (23:15):
So, yeah, and I feel like maybe they should have different
tiers of like phishing emaillevels if they're gonna do it
internally, like the people whofall for the really good ones
and then the other people thatfall for an email sent from your
domain that is just so radicallywrong.
So like,
Chris (23:34):
It all depends on the recipient's knowledge, right?
Pat (23:38):
that's pretty much it.
I'll tell you, I, I bet a lot ofpeople fall for it.
I really do.
Like, I'm so gung-ho on it now.
I report fishing.
Almost like anything that's evenremotely questionable and people
are probably like, that's not afish, that was just a spam or
that was just a, you knowsomebody, because I get hit so
often from salespeople like thatjust land in my work email
account, trying to sell mesomething.
(23:59):
I'm just like fish.
I don't
Alex (24:00):
next project you don't feel like doing.
Just tag it as a fishing
Pat (24:03):
Oh,
Chris (24:04):
yeah.
There you go.
Pat (24:05):
Yeah.
Would you like to look at our Daacp offering Phish Fish?
Yeah, go there.
How do you, yeah.
What's your iPad look like?
Phish.
Get outta here.
I don't want to hear this.
Yeah.
Oh yeah.
That's crazy.
Chris, have you done anythingwith like, like a red team, blue
team, like active hacking oranything?
(24:25):
Anything like that?
Or has it just been more on themonitoring side or,
Chris (24:28):
Yes, I have I'll speak kind of generally to that, but
you know, the role I play isalways the blue team.
we we actually have and had somered team folks on our team, and
we've also employed pen testersfrom various vendors.
And they've done the same thing.
And we've done testing on that.
(24:51):
And and that's one thing I'veworked on for years is pen test
findings.
Y and fix this and tighten upthat.
And but red team is prettyinteresting.
I probably have a note on thatwhere it's funny I I've worked
with it a lot.
I've worked with red TeamersGuys who have been hackers for
years.
And sometimes the they've hadcontact with the government if
(25:12):
you know what I mean, because oftheir actions.
Pat (25:15):
Sure.
Chris (25:15):
But one thing when when I meet newbies or people who want
to get into cybersecurity, theyall want to be a pen tester, and
like a red teamer, cuz
Pat (25:24):
Yeah.
That's the sexy side,
Chris (25:26):
Yeah, I was gonna use that word pat.
The sexiest.
Yeah, yeah, But I kind of haveto be patient with them and say,
you, you have to be an expert.
It knowledge expert coder,scriptor y you have to have a
deep knowledge to be aneffective pen tester because
I've seen before where pentesters break something.
(25:47):
In, in, in a client's network,and that's that's like a big
no-no.
But no, it's, uh, I guess
Alex (25:52):
them doing their job.
See,
Chris (25:54):
yeah,
Alex (25:55):
you guys
Pat (25:56):
See guys are all busted.
Chris (25:59):
I guess the pen can say that.
Well, look see what I did, youknow?
Pat (26:03):
Yeah.
You're lucky.
It was just me and not somereally bad
Chris (26:07):
Yeah,
Alex (26:07):
I literally clicked your website's URL Q times pretty
quickly.
Chris (26:12):
Yeah.
But I guess the point there isthat you have to have a couple
years of red team experience toreally be a good pen tester and,
these folks just wanna comeright in and be a pen tester
right away.
I don't know, just kind ofunrealistic,
Pat (26:26):
yeah,
Alex (26:26):
that might be a good segue into talking about how does
someone actually get intocybersecurity.
It seems like, pat, maybe you'regetting ready to ask a question,
so if you, before we go on toanother topic, see if there was
something you wanted to say.
Pat (26:39):
No, I just wanted to say from an internal perspective
too, and I'll give a, I'll givea a little blurb here from an
internal perspective too.
There's just as much I shouldsay information security, lease
privilege, that sort of thingfrom an internal inside the
company as it is trying to get,outsiders to come in, right?
That kind of thing.
So you have to wrap yoursecurity from both angles,
(27:02):
right?
From an outside in perspectiveand from an inside to inside
perspective as well as I willmention these are not any of the
companies I've worked at.
I know someone that actuallyworks at a healthcare facility
that they stumbled upon people'ssalaries in a shared drive.
In a shared drive.
It was literally on a shareddrive for everyone to see, and
(27:25):
she's she stumbled upon it.
It was there on a Excelspreadsheet.
It was her and her team and whatthey all make, and it's just
like, oh, my that kind of thing.
Like, so there's more there'sthat as well as far as like
keeping all that stuff and,under locking key from an
internal perspective, let alone,worried about the outside guys,
beating on the firewall andeventually breaking it down too.
(27:47):
So there's, there's two sides ofthat coin.
I would suspect you, you havethe same ideology there, Chris,
as well as, least privilege.
People only get access what theya absolutely need to do, their
jobs and, no more, no less kindof thing.
Right?
Chris (27:59):
Yeah.
And that's kind of anotherbuzzword, pat, in recent years
zero Trust,
Pat (28:04):
Zero trust.
Sure.
Chris (28:05):
and we kind of laugh at vendors because they call up and
they say I have zero trustsoftware for you.
Pat (28:11):
Yeah.
Chris (28:11):
No, zero
Pat (28:12):
that's a marketing term,
Chris (28:14):
it's a framework.
Pat (28:15):
Right.
Chris (28:16):
software,
Pat (28:16):
Right?
Yeah.
Zero Trust is basically amarketing term at this point in
the game.
It's just you have to decidewhat kind of zero trust you
actually need and then go fromthere,
Chris (28:26):
Exactly, but
Pat (28:27):
go ahead, Chris.
Chris (28:28):
Answer your question a good amount of the people I work
with are ex IT people.
They I followed that track and alot of my coworkers did.
Some people came in without anyIT experience and they're very
good cyber people on our teamnow.
And but I was gonna share thatshare a a good cyber career
(28:48):
tracker site if this applieshere,
Pat (28:51):
it at me.
Chris (28:52):
I just chatted it up.
It's cyber seek.org and, Thatshows various sub careers in
cybersecurity and how you startwith them and what certs you
should get.
If that URL is good,
Pat (29:05):
Yep, it is.
I'm looking at it now.
Yeah.
Chris (29:08):
Yeah.
It shows really key jobs withincybersecurity, common transition
opportunities even like salaryinformation, which is kind of,
kind of interesting and skillsets.
But yeah, most people start withan IT knowledge and like, even
help desk folks can transitioninto a SOC with some with
several months of training andexperience.
(29:29):
And of course the certificationsalways help the comp TIA certs
network Plus and SEC plus CISSPsmore for like a management and
an overall type of cybersecurityperson.
But there's a ton of certs outthere, as you guys know.
Pat (29:44):
sure.
Yeah, that was sort of myquestion too, like from a cert
perspective, if somebody's gotnothing.
And then basically you'relooking to get into the, because
you're right, right from the, onthe it side of things,
cybersecurity is the, is thesexier role, right?
That kind of thing.
They wanna go in there and cuzthey, they watch the Matrix a
couple times, it's like, ah, Iwanna do that.
That's pretty cool.
Yeah.
Chris (30:02):
Yeah.
Pat (30:04):
But and no, I totally get it.
And rightfully so.
But it just feels like, so froma knowledge perspective, I would
think this is just mepersonally, I would think that
they would need some sort ofnetwork background or at least a
general network idea, right?
Cuz you can't secure the networkif you don't know how it works.
Right?
How does the packet get from Ato B?
(30:25):
Right?
I would also say, Obviously thesecurity plus, right?
We're all big fans of CompTIAhere and what they offer and
that sort of thing.
So net plus sec plus, I wouldeven say probably a little bit
of Linux as well from learning,learn the Linux side of things,
cuz literally half the world,almost three quarters of the
world and the internet runs offof Linux on the backend.
(30:46):
So, you're gonna need some sortof Linux or at least enough to
get around the command shell,right?
The command line and the shellwhat, you know, depending on
what you're using.
So those would be the big threefor me as far as like, okay,
look, I wanna get tocybersecurity.
Well, like you said, there'svarious roles inside that
cybersecurity pen test,vulnerability management.
So forth and so forth.
So, but I would think they wouldneed all, they would all of them
(31:06):
would need some sort of networkbasis.
Sec plus to wrap your headsaround the types of attacks and
threat actors and things of thatnature.
And then the Linux side toactually, sit there and bash in
the command line.
So, I don't know your thoughtson that.
Does that sound about right?
Chris (31:21):
I would totally agree, pat and when I've advised newer
people in this field before Iwould always say take net plus
first that certification, learnyour subnets and your site range
and firewalls and et cetera.
And then when you go into SECplus, you'll have that pretty
much sealed up there.
It's almost like a a net plus isa prep for SEC plus but yeah,
(31:45):
totally agree.
Pat (31:46):
Makes sense.
Chris (31:46):
To be a good cyber person, like I said earlier, you
have to know the wholeenvironment, you know,
Pat (31:51):
Yep.
Chris (31:52):
It's more of a wide breadth of knowledge than being
an expert.
Like, I would love to be adeeper Splunk expert.
I'm working on that, but youhave to know so mu, so many wide
range of tools to do your jobwell.
Pat (32:07):
Yeah I would agree.
I don't know.
Alex, you wanna jump in?
You got anything based off ofthat?
Alex (32:11):
Well, I was gonna ask a similar question about Yeah.
Certs.
One thing that you mentioned, Idid wanna highlight that cuz I
you mentioned the C I S P.
I think that's a cert that a lotof people might have heard of.
But you're saying that cert ismore tailored towards management
and maybe just like audits andlike certifications, like, by
(32:31):
certifications I mean more like,
Pat (32:33):
Like iso, that kind thing.
Alex (32:35):
soc to
Pat (32:36):
Yeah.
Pci.
Yeah.
Alex (32:38):
things like that.
That's more that role
Chris (32:41):
Yeah.
Um, I'm probably, I'm.
I'm probably limiting I'mprobably not describing it as
wide as it is.
Alex (32:48):
We just lost all our C I S P followers.
Chris (32:52):
Yeah.
Sorry guys.
No.
I think, I've known severalpeople who've gotten that cert.
I have not.
But you don't really need anexpert technical knowledge to
get a C I S P certification.
Um, it's like I said it, ittests on a wide breadth of, oh
(33:13):
my God 12 different chaptersdifferent can't come up with the
word, but it's a, it's more of awide cyber knowledge than,
Pat (33:20):
Then deep.
Yeah,
Chris (33:22):
Then rather then you know how to set firewall rules for
better security.
It's not really that
Alex (33:27):
Master of none.
Pat (33:29):
yeah.
Right.
Chris (33:31):
almost like that.
Pat (33:32):
Yeah.
Chris (33:33):
But, CISs are really in demand.
That's a popular one.
Pat (33:36):
Yeah, it's popular.
Shout out to my buddy Kevin, whohas the C I S P a few years
back, and dude's killing it overat I forgot where he is at now,
but yeah, he's just absolutelymurdering the scene.
It's just like, it's just, it'scrazy.
So shout out to him if he'slistening.
so
Alex (33:51):
we mention Certified Ethical Hacker yet?
Pat (33:54):
C e h no, I don't think we have.
Alex (33:57):
That was, that's still one that it seemed like it.
It sounds so cool.
So I think it's one that mightinterest people just based on
the name of it, but is that onethat you've seen come up in your
team or one that you've kind oflooked at the itinerary and
thought that might be useful?
Chris (34:13):
I haven't, I don't think I've met someone who's been a C
E H.
And I have worked with some redteamers and some vendor red
teamers too.
But not too much.
I've heard about it, that, forthose newbies who want to be pen
testers or red teamers, hey,work on that c e
Alex (34:30):
what I was thinking because I think it's kind of,
it's meant to be about as introas you can, like as about, as
beginner as you possibly can inthis field.
It seems like c e H is just, ifyou have never, worked in this
field before at, you still havean opportunity to study for c h
(34:51):
and pass it, at least from myinitial understanding.
So I could see that
Chris (34:55):
I would agree.
Alex (34:57):
okay.
All right.
Yeah.
Well, I think that's all I havethen on the cert topic.
Pat (35:03):
Yeah that's interesting.
Cuz from what I understand fromthe c e h part of it and if
there's anybody out there that,that knows a little bit more,
feel free to hit us up.
Cuz I, I'm I'll be completelyhonest, I'm not super, super
aware or in that space enough toreally kind of thing.
But it seems to me like a coupleyears ago, The c e h kind of
took a hit from a reputationperspective.
Cause the EC council is thegoverning body of the c e h.
(35:27):
They were kind of, they kind oflost some street cred, if you
will.
And it was kind of the c e hwent downhill with it or
something of that nature.
So I, and I don't know if thatmay have rebounded in the last
couple years, but there was sometalks out there that really, the
EC council was doing some shadystuff or I don't know if that's
the right word, but it would, itdefinitely lost some street
creds.
So I don't know if that's stillthe case or whatnot, but it
(35:49):
sounds
Alex (35:50):
followers.
Pat (35:51):
I know.
Yeah,
Chris (35:52):
Yeah.
Pat (35:52):
it does sound cool.
I'll tell you that the c justcertified ethical hacker, that
does sound pretty, pretty sexy,so I ain't gonna lie.
So I don't know if you haveknowledge about that, let us
know.
Cause that's kind of what Iheard, but I really wasn't.
Super close to it.
So that may have just be me justmisinterpreting, but it's an
interesting interesting topicand interesting cert for sure.
So I'm curious to see if anybodyelse has any thoughts on that.
(36:15):
So kind of pivoting to that orpivoting on that, Chris.
I see like cybersecurity isabsolutely white hot, and I
don't see it slowing downanytime soon as far as trying to
get qualified bodies to fillthese spots that are out there
that.
Like I said is teams andsecurity teams are just blowing
up at the seams.
(36:35):
They're just, they just can'tseem to hire enough people.
But these places, I should say,these spots go vastly unfired,
but it's so hard to break intocyber.
I don't know if that's just likea, if that industry has like a
gatekeeping issue or what they,or like they, everyone needs an
expert and they don't have timefor the rookies to kind of break
(36:55):
in and get their feet wet.
I mean, and I guess you couldsay that about any sort of spot,
but in cyber it seems to reallykind of, Be, I don't wanna say
bad, but it's got an issuewhere, they don't have, these
places don't have time to, teachthe rookies and kind of bring'em
along.
But, but normally most of thetime, right, like, no, most of
the time your security teamblows up after you've had an
issue, right?
And then they say, oh, we needto hire all these smart people.
(37:18):
We need to have'em hit theground running.
That sort of thing.
And truths be told, juniors justdon't have that hit the ground
running mentality.
Cause that's just not wherethey're at in their career.
So I guess I get your thoughtson some of that gatekeeping or
what they can, what folks cankind of do to, kind of break
down some of those walls or atleast give themselves a fighting
chance in the big world of cyberout there.
Alex (37:39):
And maybe even a another way to word it would be, at
least with your team, do youfeel like you ha you would ever
hire a junior level person thatjust is fresh outta school?
Or are you already ex Oh, youwould, okay.
Chris (37:53):
y yeah.
And we have, and we've I guesswe have the time to train them
in the last few years.
And mainly because I could saythat there's a large grunt work.
Of being in cyber log review,generating reports.
So, a lot of people getting intocyber don't realize that there's
(38:14):
certainly a grunt work part ofit that's really needed.
And the more experienced peoplewant to bring in the new
analysts to take that on y sothey can move to the more
interesting stuff.
Alex (38:26):
So maybe it's low retention rate cuz people go
into it and go, oh, this is notnearly as cool as the Matrix.
And I'm gonna go back to
Chris (38:34):
unfortunately that's the total reality, Alex.
Yeah.
But no boy, that's well, I knowone thing is one thing that
really helps new people is tohave a really healthy curiosity
about cybersecurity and alwaysask questions and follow a bunch
of feeds various cyber websites.
That's one good thing online isthat there's a ton of cyber
(38:56):
resources that you can, andtraining that you can take even
in LinkedIn learning.
There's a whole, I mean, you cancertainly learn a lot.
So that's what I would advise.
I think even, they used to say,set up a test lab at home, but I
think that's even kind of, that,that's good.
And, these days they have onlinetest labs.
You can have at homecloud-based, but No I, I'll go
(39:19):
back to just have a reallyhealthy curiosity about what
you're getting into and ask alot of questions.
Cyber management folks reallylike that.
That, shows you're into it andyou wanna learn more and take on
different tasks and duties.
So, if you're just getting intoit just to, hang out and not
really be interested in cyberthat's not so great.
I've
Alex (39:38):
it's a promotion over, help desk or, they're like,
yeah, not the way to do it.
Okay.
And then do the skills that youlearn.
We'll just use customer bank asan example.
Cuz I'm coming from a networkingbackground, so I kind of think
to myself there's like threevendors that kind of run the
show.
(39:58):
And then the skillset that youlearn at any company using those
three skillsets are easilytransferable to any other
company that might be usingthose three vendors and even the
three vendors are reallysimilar.
So do you kind of feel like theknowledge that you're using
right here at customer bank andthe rest of your team that's
easily transferable or is youget to the position this type of
(40:21):
position?
Is it are the, because you haveto cover so many different
things, do you somehow feel likethe skillset that you learn
right here is just so tailormade for this network that right
now that it's not quite as easyto transition to somewhere else?
Maybe, you know, not quite likea networking person would be
able to.
Chris (40:39):
Right.
I'd say yes to both of yourpoints.
Well, yes, that what istransferrable is using common
cyber tools, like a scene toollike Splunk and there there's
Splunk jobs out there that, youcan transition to.
But your second point is rightas well.
I mean, even if you're the mostsenior guy, you come into an
environment you really have tospend a couple months learning
(41:02):
that environment and hoping thatit's well documented hoping that
their asset inventory isaccurate and up to date that
their C M D B things of thattype.
So it's I would say it's bothreally out.
Alex (41:14):
All right.
And then I'll ask another kindof follow up question around the
the same means, so, Say forwhatever reason there is a
senior level principal levelposition opened up on your team,
what are the skills that you'reexpecting for that type of
level?
Are you going to make sure thatthey are just using the exact
(41:36):
same tools that you're usingright now?
Cause that's the only waysomeone can come into your
environment as a principal, orare there just very specific
skill sets or just knowledgethat they have to have at that
level?
Chris (41:49):
I think a good technical knowledge is definitely
something that we look for.
And some of the interviews we'vedone, folks don't have cyber
experience yet.
But but no, a good technicalknowledge and a good curiosity
always helps.
Alex (42:04):
Some go-to interview questions.
So if you're hiring a seniorlevel guy, you got one.
You got like two or three thatcome into your mind right away.
Chris (42:12):
Oh man.
Yeah.
Alex (42:14):
I wanna know what I, if I wanna transition into this,
Chris (42:18):
oh, well, a very common, basic one is what is the CIA
triad, which is confidentialconfidentiality.
God, am I gonna get it wrongnow?
Alex (42:29):
oh, man.
I hope it's not common.
Chris (42:30):
Yeah.
But yeah there's a lot of cyberquestions you can ask like, like
the difference between a threatand and various other type of
risky.
Behavior that you're seeing oh,a difference between a threat, a
vulnerability, that was a goodone.
And then you're really testingthem to see if they understand
(42:51):
those things.
And generally what they've doneon their last job, and whether
that's really led up to whatwe're looking for.
Alex (42:58):
Okay.
All right.
And seems like you struggled alittle bit on that.
So it may go back to what Ithink where it, maybe it's it's
just cybersecurity is adifficult a difficult field to
have a perfect skillset just topick up and move from company to
company.
But yeah, interesting to knoweither way.
Chris (43:20):
I would say so.
I mean, I guess your best hopeis that, you you've used the
same cyber tools that the new
Alex (43:26):
All right.
Okay.
Chris (43:27):
Looking for.
Yeah.
Another common question is thedifference between an I D S
versus an I P S, intrusiondetection system versus an
intrusion prevention system.
And it get, it gets prettygranular.
But there, there's a whole bunchof questions out there.
Alex (43:42):
Okay.
All right.
Well, I guess we'll pun it overto Pat again.
I know we're getting prettyclose here, and I like to end
conversations talking about kindof the future of the topic that
we're talking about.
But before we get to that, isthere anything else that you
wanted to cover, pat?
Pat (43:57):
No, that was pretty much it for me.
That was that's all I kind ofhad.
I definitely wanted to touch onthe the rookies coming in and
kind of gave them some somegeneral talking points and some
direction.
But no, that's all I really had.
So, if you got any futuristicquestions, have at it.
Alex (44:11):
Okay, well, I guess, we
Chris (44:12):
G
Alex (44:13):
will start
Chris (44:13):
P t, possibly chat,
Alex (44:14):
y Well, I was try I try every topic we talk about, I
figure, like, how can I talkabout Chatt b t?
So does CHATT in your mind, andmaybe the, you haven't come
across it yet because in the ITfield, I mean, people know about
it, but I still don't feel likeit's being used very heavily
from the average end user.
But do you have any fears aboutchat T P T fundamentally
(44:37):
changing your job?
Is it going to make thingsharder, easier?
Is it going to give people theability to do things that they
couldn't do before that's gonnamake your life harder?
Chris (44:49):
I know that gosh, it just feels like it came around like
three months ago, right?
I mean, it's like, it's crazy.
But no I just heard recentlythat a cybersecurity department
blended that in as anotherresource into all of their cyber
teams.
But and also we've talked aboutit on our team and how it can
benefit us and.
One thing people have said is,they've tried to use chat g p t
(45:13):
to write malware,
Alex (45:15):
Right.
And that's what I was thinking,like there, there's two sides of
it.
How can you use it to help with,you're doing, like chat G P T
how should I be, design thisnetwork or design this.
But yeah, on the flip side, youhave the exact same thing where
people who may have a backgroundin it now, are they, do they
have a gateway now to get themover the hump of writing really
(45:36):
malicious stuff?
Before, because they knew aboutit, but not enough to write the
code.
And now it's just like,
Chris (45:42):
Well, one of my coworkers tested that a lot and he said it
was writing terrible malware.
Alex (45:49):
it's not there yet.
Chat, G P T, version five.
Chris (45:52):
yeah.
Yeah.
It that the malware wasn'treally working, so,
Pat (45:55):
next week.
Chris (45:56):
Yeah, I know.
Good God.
The next version.
But no just as an, a resource, Iwould say I'd really I think one
thing I'd like to delve into itmyself is how, what's its advice
on incident response.
Because there's so manydifferent steps to investigating
an incident and correlatingevents and, I'd really like to,
(46:18):
and I would see that would be inuse in a sock where, chat G p t
I've detected an incident andI've done four of the 10 steps
that chat G p t recommended.
I could see that as a situation,and just to be extra thorough,
so.
Alex (46:35):
like chat g b t.
If you were to position whereyou haven't slept much, it's two
in the morning and this alertcomes in, would you get up and
fix the problem or leave it tilltomorrow morning
Chris (46:46):
Yeah.
Well that's a great point, Alex.
I mean, what's the severity?
Determine the severity for me.
Alex (46:54):
and then chap, G B T goes
Pat (46:55):
Sev one.
Alex (46:56):
If you're bored and you can't sleep, I would get up and
look at it otherwise.
Pat (47:02):
How neurotic is your boss?
Will he care
Chris (47:04):
yeah.
Pat (47:05):
If he really cares?
Get up right now.
If not.
Alex (47:08):
and that's another thing with chat gbt I read about it
every day.
It's hard not to, if you're init.
And that's another thing thatI've seen people say is a better
way to use chat GBT is to giveit more and more.
Additional information to answeryour question.
So rather than just say, is thisa valid threat, you can say, is
this a valid threat for thistype of business?
(47:30):
And these are your end users.
And so you can give it so muchmore details for it to end up
figuring out what it thinks isthe best course of action.
Chris (47:40):
Alex would you consider it true AI though?
Or is it just something thatjust cranks out a bunch of
scripted answers and it's notreally ai, I don't
Alex (47:50):
world's best Googler at this
Chris (47:52):
Yeah,
Alex (47:52):
is a very good school, a very good skill.
An incredible skill.
I mean, before the person thatwrote the best essays was
probably the person who could,go through the library and get
to the stuff they needed.
Then it just turned into, whocan Google things the best and.
Yeah.
Now you just have a program thatcan google better than any
(48:14):
person in the world can
Chris (48:16):
Right.
Alex (48:17):
because it can't, it doesn't know anything that isn't
already out there on theinternet.
It just can
Chris (48:21):
a really powerful, is it really just a much a souped up
Google search or is it seemslike it is more than that cuz it
is interactive and you can buildon questions like you said,
Alex (48:33):
Yeah.
It's the next evolution of Idon't want of a search, I don't
wanna say of a search engine,but what the search engine gave
people and that's, this is thenext evolution in just
information gathering where justnow you got something they can
do it even better is,
Chris (48:49):
Yeah.
Alex (48:51):
so, okay.
Well, I mean that's the chat G BT stuff.
Outside of just chat, G p T isthere anything else that you can
kind of think of as the futureof cybersecurity?
Is there something that'skeeping you up at.
That's interesting.
Chris (49:03):
I would say I gotta bring up cloud because I'm an old
on-prem data center guy, and,and in fact, I think there was a
there was a Cisco protocol atwork recently which I had never
heard of, and I looked it up andit was a SaaS it was a SaaS
offering.
So I'm like, okay I gotta getthe cloud knowledge up to date
here.
But I mean, on a general levelit's a lot more harder defending
(49:27):
cloud where you have all pointsof entry instead of actually
having a perimeter firewall thatyou would defend against.
So, you know that, I guessthat's another advice for
newbies as well learn.
Learn Azure or AWS and how todefend that y but I would say
cloud cloud defense is a bigone.
Alex (49:48):
Does that ever make you concerned that cybersecurity
roles might get limited?
Cuz people might just rely onthe baked in security that goes
with being an AWS or in theseclouds, because I'm sure they're
gonna have their own offeringsand people say, Hey, there's the
check bar
Chris (50:05):
Yeah.
Alex (50:06):
AWS says, I'm secured.
Chris (50:08):
I, would say so.
Yeah.
There, there's always have to bepeople setting that up, but that
could be it people, but but yeahI would agree with that.
Yeah.
I don't know how the, honestly,I don't know how cyber there a
lot.
It'll be a lot more of a cloudemphasis, as I said.
But I don't know how the roleswill change.
You'll still need analysts andengineers and other roles like
(50:29):
that in the whole thing.
But should be interesting.
Alex (50:35):
All right.
All right.
How about you, pat?
You got any follow up questionsfor the future of cybersecurity?
Pat (50:40):
No, that was it.
The chat, g p t, we alwaysseemed to talk about that.
So that
Alex (50:44):
We might as well just put that's gonna be a topic going
forward, the future of topic X,Y, Z, and chat, G P T.
Pat (50:51):
That's it.
Chris (50:52):
will this podcast devote parts one, two, and three?
Pat to chat.
G p t.
Pat (51:01):
Oh, I've dabbled with it for this show, but nothing
really nothing really toactually use yet.
Yeah.
Kind of thing, so I don't know.
So, we'll see what happens, butit does seem to be a
Alex (51:09):
plugin chat, G p t and pleasing it once it goes
sentient and can start sendingpeople over here
Pat (51:17):
Some Sky net.
Yeah, some Skynet shit going onright now with, I'm just gonna
unplug this real quick.
This is really weird, that kindathing.
Yeah, we're right around thathour mark.
That's it.
We just we like to keep itsomewhere around the hour and
make sure everybody'severybody's still with us and
hasn't turned us off yet, so weappreciate that.
So,
Chris (51:35):
it was interesting.
Pat (51:37):
Chris, do you wanna plug your LinkedIn?
How can people find you?
Chris (51:41):
It's Voz is not a common name, but I'm easily found on
LinkedIn.
If anybody wants to reach outwith any questions or anything
it'll be a nice change from theusual vendor pile on
Pat (51:51):
There you go.
Chris (51:52):
LinkedIn people get
Pat (51:53):
it's so bad.
Actually I'll I'll put Chris'sLinkedIn link in the show notes,
so if family wants to talk tohim, hit our show notes up and
his LinkedIn profile will bethere and you can chat to your
little heart's content onanything sock related.
So,
Chris (52:10):
Thanks for having me on, guys.
It was a
Pat (52:12):
Yeah, man, this is great.
Like I said, we're right aroundthe hour mark.
We want to keep it nice andshort and get everybody all in
their way.
So we appreciate everybodyjoining this week on this
episode of Breaking Down ToBites.
Visit our website, breakingBites pod.io where you can
subscribe to the show on applePodcasts or Spotify, Google
Podcast, Stitcher.
Or if you just need an RSS feedthat's there as well.
(52:34):
So you never miss a show.
Throw us a rating on the ApplePodcast and that's where a lot
of our listeners come from cuzthat's what our stats tell us.
So you're already there.
You might as well throw us arating and leave us a review
that fools with the algorithmsand the the sky net of the world
that are.
That are out there, that helpshelps with the the show and get
more, get in front of morepeople, more years, right?
That's the that's the idea ofthe show here.
(52:55):
So, if you could do that'd begreat.
Tell a friend as well.
Word of mouth is just as goodthese days, right?
Sometimes I think it's even alittle more effective.
Then just letting something pickout a, Hey, you might like this
show.
If you hear from somebody youtrust and it's reliable, then I
think that carries a little morewater.
So, go tell your friends aboutus.
So that'd be awesome.
Follow us on LinkedIn Twitter.
There's a Facebook out there,discord server.
(53:15):
Our survey is still out there,so if you like what you hear or
if you want to hear somethingdifferent let us know.
There's a survey out there foryou.
I think it's like nine or 10questions.
We don't know who you are.
It's completely anonymous.
It just aggregates topics for itactually just aggregates answers
for us, I should say.
And it just helps us tune theshow to what people want to hear
and keeps us going.
So, nobody's told us to stopyet, so we're gonna keep going
(53:36):
until somebody does.
So we can't help that.
So again, thanks Chris.
It's been awesome, man.
Really good time.
Appreciate you hanging for acouple of minutes and talking
some nerdy socks stuff.
So, that's it.
Alex, you good man.
We're outta here and we'll seeeverybody again next week.
Thanks, everybody.
See you next time.
Chris (53:55):
Bye-bye.
Hey everybody.
Welcome back to this week'sedition of Breaking Down the
Bites.
As usual, we are back this week.
I'm your host, pat.
You can find me on Twitter atlayer eight packet.
That's the number eight.
Kyle, he's not here this week,but you can find him on Twitter
as well.
He's at Dan, that's 2 56.
Alex, you're not on social mediaat all, so you can get the show
on Twitter at Breaking Bitespod.
(00:26):
If you wanna talk to Alexspecifically, just hit us up
there and he'll get the message.
We're pretty active on Twitter,so come say hello.
If you like the show, don'tforget to subscribe on your
platform of choice.
Alex, what's up man?
How you doing?
Alex (00:41):
Well, outside of patiently waiting to see if I make the
Disney layoff cuts.
I mean, outside of that I'm
Chris (00:48):
Oh boy.
Pat (00:49):
Yeah, buddy.
Yeah, a couple tense momentsthere.
So you're everything else goingwell, but it's It's a tense
time.
I actually saw an April Fool'sjoke the other day that Bob Ier
laid himself off, which we allknow is not true.
He's like in the event ofcutting cost, I'm gonna cut
myself out at 25 million orwhatever the hell he's making.
So yeah, that was pretty funny.
Alex (01:10):
I like that.
Yeah.
Next big thing is tomorrowthere's a, an investor's call,
so be interested to see what hehas to stay there.
Pat (01:19):
Yeah.
See what happens there.
So we're all pulling for you.
Definitely let us know how thatgoes and next couple of weeks.
So, yeah, we're all good here.
I will say just a couple ofhousekeeping notes.
My March Madness bracket for anyof those that you follow from
college basketball, completelybusted.
There is no hope for my bracketanymore.
It is completely gone.
I didn't even make, like, Idon't think I had one team make
(01:42):
it to the final four.
It was just, it was crazy thisyear.
So March Madness for sure.
All my brackets are busted.
Good thing I didn't actually beton any of them, cuz I would've
been out quite a few bucks.
So I was terrible at it thisyear.
So, other than that, let's getinto the guest.
We have a guest this week withus Ladies and Germs mr.
Chris, and I'm not gonna butcheryour last name, Chris, I'll let
you pronounce it yourself.
(02:03):
But Chris, you and I worktogether at the bank.
You are on our soc team in ourIS department.
So, Chris, the floor is yours.
Why don't you get the people whoyou are and where you're coming
from and where you're at.
So, floor is yours, my man.
Chris (02:15):
Thanks guys.
Yeah, it's Chris Voy Taitz,pronounced with a V,
Pat (02:20):
See, look at that.
Chris (02:21):
but not spelled like that.
Spelled with a w.
Yeah.
Hey, thanks for having me on,guys.
No, I've been a I've been a SOCengineer now for about six
years.
I am kind of an older guy, so, Ihave kind of a, an IT background
before that graduated fromtemple University here in the
Philly area, and in the ninetiesbecame a network consultant
(02:42):
right away.
Worked on the old Nobel Networkplatform, which,
Pat (02:46):
Nice.
Chris (02:47):
yeah I'm going back ways guys, but I the best thing I can
say about that is, is novelinvented active directory before
Microsoft appropriated it.
Pat (02:58):
Stole it.
Chris (02:59):
before they, yeah, exactly.
I don't know how much you guys,Microsoft bash here, but
Pat (03:04):
We bash it all.
There's no safe space here.
Chris (03:06):
Cool.
Pat (03:07):
we call it like we see it, so it's all good.
Chris (03:09):
No,
Alex (03:09):
we're still, pat and I aren't the youngest.
I mean, we go back a little bit,
Chris (03:13):
cool.
Pat (03:14):
yeah.
Alex (03:15):
like I consider getting a cna.
So I mean,
Chris (03:19):
Oh, there you go.
Certified network administrator,
Alex (03:22):
been in
Pat (03:22):
There you go.
Yeah.
Right, right.
Yep.
Chris (03:27):
got a CNA in version three.
I think, as I remember, that Ithink three point 11 was the big
one in the late nineties.
But I'll never forget in theearly two thousands when I moved
more into a Microsoft area Ikept hearing about this active
directory and I'm like, thisRemi, this forest and trees
thing this reminds me of Novell,so, kind of funny.
But then I went to work for alarge pharmaceutical company and
(03:50):
I was there for about 15 yearsand did all types of IT
infrastructure roles.
Really good job.
Kept moving around softwaredeployment email team.
Actually the email team was,when I first started doing kind
of security work, cybersecurityinvestigations.
It was actually internalemployee investigations.
(04:11):
And you knows some of the thingsthese employees were doing are
just you're doing that at workanything you can imagine, and,
they'd come to
Alex (04:19):
I have a terrible imagination.
So what are some of the worstthat are still PG enough to say
on a podcast?
Chris (04:26):
one employee was storing explosives underneath his desk.
Yeah.
And and they want their mailboxand you know what, all the proof
that led up to this and.
Everything like that.
A very common one was a marriedmanager with a married
subordinate.
And a mix of males and females,doesn't matter.
(04:46):
And it was funny, they wouldcome to me and say, give me
these two people's mailboxes fortwo weeks.
And and I would just do thatand, my job was done.
Alex (04:56):
Oh yeah, that's enough to start the rumor mill for
Pat (04:58):
Yeah, buddy.
Yeah.
Chris (05:02):
But actually that kind of, I found that kind of stuff
interesting.
It's kind of like being adetective and that's what the
core of why I enjoycybersecurity today.
But after that the speaking oflayoffs, Alex I was part of a
two 300 IT person layoff.
About eight years ago, nineyears ago from this
pharmaceutical company.
(05:23):
And it was the old they'reopening up an offshore center
that replaced all of our jobs.
I don't know if that theme isstill common today.
It's it's cheaper for a Europeancall center than here in the us
and then they kept people on totrain those folks, so,
Pat (05:38):
Sure.
Chris (05:40):
but this is the way large companies act.
But so I moved on from that andI did a couple contract works.
I really decided at the time I Ireally liked Cisco Network
Engineering.
So I got my C ccna it was aboutseven years ago, and.
As I was working in that, Istarted getting more interested
in cyber.
(06:00):
Personally I would be readingcybersecurity books.
A big original author of minewas Kevin Mitnick who's one of
the, he's an og hacker from longtime ago.
He works for uh, no before rightnow, which is a phishing email
company.
And he wrote a series ofexcellent books, like The Art of
Invisibility, the Art ofdeception, and all types of
(06:21):
things.
So, I really started gettinginterested in that and I think
one of my contracts ended andthen a banking cybersecurity
position came up not with mycurrent bank.
And they needed some temporaryhelp a guy there was out for
several months.
So, they took me on for sixmonths.
I loved it.
I was kind of a raw, you come tocybersecurity with an it
(06:43):
approach and you kind of have toforget that it approach a little
bit and just think more ofsecurity and cyber.
So, after I learned about scenetools and all incident response
and investigations anddocumenting stuff and log review
and all the stuff that cyberfolks do.
And then that contracted and Iwas immediately picked up by
(07:04):
customers bank luckily as adirect employee and in instead
of the contractor.
They're really a contractorthese days.
I, pat, I know, what I'm talkingabout here,
Pat (07:14):
Yep.
Yep, for sure.
Chris (07:16):
they, they want to try people out as contractors first.
Y
Pat (07:20):
try before you buy.
Oh Yeah,
Chris (07:24):
But no.
I've been there for about four,four or five years now, and it's
been fantastic.
It's like a daily challenge.
I've been a SOC engineer usingabout 15 or 20 different tools
and it's it's really the whatI've really learned it's a wide
breadth of the position.
A lot of it folks justspecialize in, they're the ad
(07:46):
guy or they're the Cisco guy.
But cyber people have to knowlike every single tool, every
single subnet how applicationswork, what APIs cloud
everything.
And that's been a realchallenge.
It's it's certainly somethingwhere you deal with several
emergencies every day and youkind of have to work through
them.
You get help if you need it.
(08:07):
And then, management comes inwith some customer requests and
it's it's certainly alwaysinteresting.
Definitely.
Alex (08:15):
For sure.
Pat (08:17):
you.
Alex (08:18):
Yeah.
And.
I'll be honest, when someonesays they're part of a soc
security Operations center, Iguess the first thing in my mind
I think about is just firewalls.
But I guess there's just so muchmore to it.
And I guess, can you kinda giveus a quick rundown of what a
(08:40):
day-to-day would look like?
Maybe that's tough to do, maybelike a normal week.
What are some of the devicestools that you're touching on a
weekly basis?
The most common things?
Chris (08:51):
Actually that, that was at what I was originally hired
for because I had a, a Ciscofirewall knowledge.
And that's when I came on and Iexpanded into network security a
little bit, but honestly, I'vehandled all types of different
pieces of a sock.
Obviously a lot of it isincident.
And using all your tools tocorrelate problems and put put
(09:14):
different pieces together of anincident and detect incidents.
I've I've worked on a wholebunch of incidents and stuff
that I've found.
I've worked on malware infecteddesktops and laptops, and I just
worked on all types of crazyproblems.
But there are different, I wasgonna talk to this.
There are lots of differentroles in a soc.
(09:36):
One very important one isvulnerability management.
Tools like Tenable neis coli.
There's other scanning toolslike that.
That's a very important part ofsoc is again, a soc is a lot of
monitoring.
First off besides the actualincident response and
vulnerability management is,you're detecting something
(09:56):
unpatched in the wild malware inthe wild, and they, and their
advice is have this Microsoftpatch six point x or higher.
And you check we, we check ourcurrent version levels and
we're, some of'em are at fivepoint x and we're like all
right,
Pat (10:11):
Yep.
Chris (10:12):
drop everything in patch there.
So, yeah, vulnerability.
In fact vulnerability managementis like a full-time job in
itself.
And I in, various job reviewsI've done in over the years I've
seen dedicated vulnerabilitymanagement positions and cause,
cause that's very important justto make sure.
All of the software, all of theinfrastructure is not is
(10:35):
software patched?
Alex (10:36):
And at least with your role, once you identify these
vulnerabilities, are you the onethat has to ultimately patch
them or you're having to trackdown the groups and kinda hound
them until it's done?
Chris (10:50):
It's well, a lot of companies are set up where the
cybersecurity is monitoring, andthen the actual IT group are the
ones that actually apply thepatches.
I don't know, Alex if that's theway it is at Disney or that, the
cyber group is strictly formonitoring and they don't have
global admin access at all.
(11:10):
So they just makerecommendations and that the IT
group has to follow,
Alex (11:17):
So you could be the most hated group in the entire
company, at least when it comesto it.
You make every other team's life
Chris (11:25):
my God.
You're exactly right.
You're exactly right, Alex.
Oh my God.
No,
Alex (11:30):
got project they're celebrating cuz everything went
in without a hitch.
And then they're told like 24hours later that it's got, 237
vulnerabilities.
Oh.
Chris (11:43):
e exactly.
And the unfortunate position isbecause ASOC is so much
monitoring, it's, we give it anda lot other groups work to do.
And, sometimes we get requestsback to us and, projects and
stuff.
That's another thing that makesthe job fun.
We work on projects and softwareanalysis and development.
(12:04):
But no it's, we're always comingaround asking it to do
something, and that I'm surethat gets old for them very
quickly.
Pat (12:13):
Well, Chris, it was good to talk to you.
We gotta get outta here now.
No, I'm just kidding.
Chris (12:16):
hello.
Hello.
Pat (12:18):
yeah, exactly.
You're also the department of NoI've heard the security
departments are also thedepartment of No.
It's like, oh, can I do this?
Could I install this program?
Everybody's like, no.
It's like a, like you just walkaround with a big stamp just
going no.
Just denying everybody.
Chris (12:31):
Oh yeah and that, that goes across the board with
software, risky software andwebsites that employees want to
visit that are not that aremalicious or
Pat (12:42):
Yeah.
Right.
Not a business need.
Yeah.
Chris (12:45):
yeah.
E exactly.
We've gotten some crazy oneswith, firearm sites and, stuff
like that.
It's like there's no businessreason for this.
Pat (12:55):
Be.
Chris (12:56):
Yeah.
But I hope that answers yourquestion, Alex.
Pat (13:00):
Yeah.
Alex (13:01):
so do teams often come to you or ever come to you before
they do a big project to kind ofget cyber securities blessing
before they go about a largeproject?
Chris (13:12):
Yes.
Yes, they do.
Especially if the projectinvolves brand new software to
the bank.
And our team has a kind of asoftware ana, a new vendor
software analysis process isvery detailed.
Even the history of this newvendor, if they've ever been
involved in any cyber incidentsor anything like that.
So that they really have to havea a set stamp of approval.
(13:37):
Now that might be more financialcompany specific.
Cause, we go through audits forfederal and state and,
everything has to be kind ofcertified and approved by audit
and audit department.
Alex (13:50):
Gotcha.
Yeah, that makes sense.
All right, well, I have onequestion that I definitely want
to touch on before the end ofthis conversation, but it is on
a completely different,Wavelength.
So I'll let Pat suggest anyfollow up questions before I do
it.
Pat (14:07):
Now I'm just trying to think of, so, so typically, and
I guess this depends on the sizeof your company, but what's a
typical size of soc?
Is it, is there a steadfastnumber?
Is it, is it 10, is it 20?
Is it 50?
Whatever.
Now, obviously that's gonnadepend on size, but you know,
what's a good average as far aslike, how many bodies do you
have to what, the ratio bodiesto what you're monitoring or how
(14:30):
many endpoints?
Chris (14:31):
I'd say for most smaller to medium size companies, it's
about five to 10 people.
A mix of analysts and engineersand the vulnerability management
person, as I mentioned.
There's other people too who aremore threat intel, threat feed.
They go out and they they goonto the dark web and see if our
(14:52):
company's been mentioned or not,and, take actions from there.
And I think Telegram is one.
I think that's one of those glsomething like sp Skype that is
used a lot by malicious folks.
And so we have people monitoringthat.
And so, and that, that goes intodomain typo squatting as well
(15:12):
where they change your domain alittle bit and then they send
email, phishing emails and otherstuff from that.
There, there's so many examplesof it.
But so we our team tries to beinvestigate things before they
they hit us, but but yeah.
But you know, with largercompanies, pat they have like a
vulnerability managementdepartment and then they have.
(15:35):
And an incident responseinvestigation department.
So they, they have like five to10 people in each of those
departments cuz you know, it'sa, usually a global scope.
Pat (15:45):
Sure.
Sure.
And then you said some of thetools and whatnot.
Right?
So, a lot of ESUs or Tenable orQualis is another one that I've
had, I've worked at a coupleplaces.
They do callus, internalscanning and all that kind of
stuff and whatnot.
So, any others that you can kindof think that are sort of the
forefront of somebody that a,somebody in a sock that would
use
Chris (16:04):
Definitely.
Well, the, well the really thecore of a SOC team is the seam
tool, s i e M which is securityincident, event monitor.
A lot of those tools are likeSplunk.
Splunk is kind of the industryleader
Pat (16:19):
The big boy in the room?
Yeah.
Chris (16:21):
Yeah.
There's other ones likelogarithm and several others.
Competitors, oh.
Microsoft has Sentinel One se ifyou've ever heard of.
That's their scene tool.
And all that is, is just a hugedata gatherer from mult, from
tons of different sources.
And it all kind of crystallizesit in new one searchable I'm not
(16:45):
gonna say database, but onesearchable location in there.
There's queries and dashboardsand reporting that you create
from the same tool, which youcan practically do anything and
anything custom to frequentlymanagement will have, what about
this tool and who did, who gotinto this for during this custom
timeframe?
And, there's a there's a querylanguage in, in all scene tools.
(17:09):
That you can just punch upcustom scripts and pull in
anything custom.
But most times it's just usedfor monitoring and reporting and
definitely alerting.
You can there's a ton ofdifferent alerts and detections
that you have in your seam tooland we have an on-call rotation,
which monitors all of us.
(17:29):
And most of the alerts do comefrom a seam tool.
Pat (17:33):
Okay.
Chris (17:33):
There, there's other tools like, monitoring your
network infrastructure as patmanaging alerting on your
firewalls or if anything's downor if anything is being DDOSed.
That's a big thing.
There's WAFs web applicationfirewalls like, Imperva and
CloudFlare.
We have to monitor those twothose mainly stop besides,
(17:54):
filtering web traffic.
They're, they mainly defendagainst DDoS attacks, volume
attacks, trying to shut down awebsite.
Pat (18:01):
Sure.
If I could just back up for aminute just to the fishing
attempts and the domainsquatting and things of that
nature.
Truth be told, when I was at acompany couple years back, and
they used they used KevinMitnicks, same thing that know
before that training that hedoes or that company that he
owns whatnot.
And they basically just, it's aninternal, cyberware kind of
thing, blah, blah, blah.
And they would send like testphishing emails to, to places
(18:25):
and see who they actually catch,like internal employees.
And I was there like a couple ofweeks and they had this thing,
they had this thing which wasactually kind of cool, like
they.
It was I forget what the heckthey called it.
Kago or Ka Joe, something likethat.
Basically it was like a kudosthing.
Like, Hey, Chris, Chris, youhelped me out the other week.
Wait, way to go.
Nice job, blah, blah, blah.
(18:45):
And then you, so basically youaccrued so many of them and then
they threw you like an Amazongift card or something,
something of value and that kindof thing.
And so, so, they sent me a Phishattack and it said, Hey, your
boss sent you a kudos.
Click on this link to, to seeit.
And I clicked the link and
Chris (19:05):
And
Pat (19:05):
says, oh yeah, you need to log into your oh 365 to see the
blah, blah, blah.
And I did.
And it was like, oh, you've beencaught.
This is a fishing attempt.
I'm like, oh, no.
Like, I was like, my ego got inthe way.
I was like, wait, I'm gettingkudos out the way.
Let me get that thing.
It was,
Chris (19:20):
Yeah.
Pat (19:21):
I was like, everybody move out.
That kinda thing.
And it was a fishing attempt,and I was like, oh, you idiot.
I was like, sure.
The senior network engineer'sbeen here like a couple of
months, is, the first fishingattempt that's thrown out there.
He gets caught in the hook.
I'm like, it looks great,
Chris (19:34):
oh boy.
Yeah.
And and that's, You just namedit Pat, that's the most common
type of attempt in a phishingemail is credential harvesting.
Pat (19:43):
I was so mad.
I was like, oh, this, I'm suchan idiot.
That kind of thing.
But it was an internal test.
And we get them now where we areat at the bank, and I have not
failed one yet.
So knock on wood.
Chris (19:53):
You, learn your
Pat (19:54):
a thousand so far.
Yeah.
Like, Hey Chris, open this link.
This actually fish.
You were there.
Chris (19:59):
Yeah.
No.
A lot of different companies useproducts like Node before for
monthly campaigns, and our teamhas some fun with that, with
developing what's the latestcampaign that we can test the
employees with?
Know before is cool becausethen, if your employee fails the
phishing email test you can geta training assigned to you
(20:22):
again,
Pat (20:22):
And we all love that, right?
Extra work, extra training.
Chris (20:25):
some of those fishing tools don't offer training, but
I mean, they say, your employeesare your best defense here not
to fall for stuff, so, someemployees go through that
training several times and,
Pat (20:38):
Yeah,
Chris (20:39):
trying to get it through their
Pat (20:40):
Yeah.
Knocking in the old head.
Yeah.
No, I hear you.
I hear you.
No, I hear you.
Alex, do you have anything?
You have any questions there?
Alex (20:47):
Well, it's funny that you went back to that topic because
I was, I wanted to interject andask about phishing email
specifically, and I was curiousif they've been doing that
themselves.
Like if you within the bank havebeen sending out phishing emails
just to see who could, who falseprey to that.
Pat (21:06):
Yep.
Alex (21:07):
I didn't know about your story, pat.
Shame on you.
Pat (21:09):
I know.
Shame on me.
I know.
Oh, no.
Oh, like hanging my head.
Chris (21:14):
Can see it worked.
He's never phoned for anotherone ever again.
How long ago was that?
Pat (21:19):
This is like, like two years ago, something like that.
Like it
Alex (21:22):
and he is no longer with that company, so it definitely
Pat (21:24):
No longer with him yet.
Yeah.
Yeah.
Like how you failed the firsttime.
Get outta here, you bumped,kinda thing.
But no it's very easy.
And actually I'll mentionsomething.
I won't mention his name, but heis on my team now.
Well, my first couple of weekson the job.
And he actually fell for one.
It was disguised as a WebEx.
(21:45):
WebEx meet, and it came throughand it was, it came from our
boss, that kind of thing.
And he clicked it, and it was afishing one.
He got mad.
He was so mad at himself.
Like, if he listens to this, heknows who he is.
That kinda thing.
But, oh man, it was, oh, he wasso mad at himself.
He's like, oh, that reallylooked legit.
But like, he took screenshotsand sent it to everybody.
(22:05):
Like, look at this link.
Look at this email.
It looks so legit.
That kinda thing.
He was, oh, he was mad.
But it happens, man.
It happens easy.
It's quick.
Alex (22:13):
Yeah.
Chris (22:13):
power of a no before, where they can customize it.
They can personalize it to you.
Not just with, like my bosssending me something, but that
they can even, really apply tolike a project you're working
on.
Or a another common thing withfishing campaigns are anything
topical.
Like, you were mentioning yourMarch madness thing.
(22:34):
And we've done that one beforein previous years where right
before March Madness, when it'sall in the news, we'll send
something and, we, we get peoplelike that, cause you're, you
immediately associate, well,I've been hearing about March
Madness and here's an emailabout it.
You,
Pat (22:50):
sure.
Bunch of snakes.
Lemme tell you.
Jesus.
Chris (22:54):
Social engineering,
Alex (22:55):
Disney VP sent out an email recently to several of us
asking about filling out a MarchMadness bracket, and my very
first thought was, this is aPhish email.
I later found out that itwasn't, but that was my
immediate
Chris (23:09):
Oh,
Alex (23:09):
like, wait a second.
Pat (23:10):
Oh, that's,
Chris (23:13):
crazy, huh?
Alex (23:15):
So, yeah, and I feel like maybe they should have different
tiers of like phishing emaillevels if they're gonna do it
internally, like the people whofall for the really good ones
and then the other people thatfall for an email sent from your
domain that is just so radicallywrong.
So like,
Chris (23:34):
It all depends on the recipient's knowledge, right?
Pat (23:38):
that's pretty much it.
I'll tell you, I, I bet a lot ofpeople fall for it.
I really do.
Like, I'm so gung-ho on it now.
I report fishing.
Almost like anything that's evenremotely questionable and people
are probably like, that's not afish, that was just a spam or
that was just a, you knowsomebody, because I get hit so
often from salespeople like thatjust land in my work email
account, trying to sell mesomething.
(23:59):
I'm just like fish.
I don't
Alex (24:00):
next project you don't feel like doing.
Just tag it as a fishing
Pat (24:03):
Oh,
Chris (24:04):
yeah.
There you go.
Pat (24:05):
Yeah.
Would you like to look at our Daacp offering Phish Fish?
Yeah, go there.
How do you, yeah.
What's your iPad look like?
Phish.
Get outta here.
I don't want to hear this.
Yeah.
Oh yeah.
That's crazy.
Chris, have you done anythingwith like, like a red team, blue
team, like active hacking oranything?
(24:25):
Anything like that?
Or has it just been more on themonitoring side or,
Chris (24:28):
Yes, I have I'll speak kind of generally to that, but
you know, the role I play isalways the blue team.
we we actually have and had somered team folks on our team, and
we've also employed pen testersfrom various vendors.
And they've done the same thing.
And we've done testing on that.
(24:51):
And and that's one thing I'veworked on for years is pen test
findings.
Y and fix this and tighten upthat.
And but red team is prettyinteresting.
I probably have a note on thatwhere it's funny I I've worked
with it a lot.
I've worked with red TeamersGuys who have been hackers for
years.
And sometimes the they've hadcontact with the government if
(25:12):
you know what I mean, because oftheir actions.
Pat (25:15):
Sure.
Chris (25:15):
But one thing when when I meet newbies or people who want
to get into cybersecurity, theyall want to be a pen tester, and
like a red teamer, cuz
Pat (25:24):
Yeah.
That's the sexy side,
Chris (25:26):
Yeah, I was gonna use that word pat.
The sexiest.
Yeah, yeah, But I kind of haveto be patient with them and say,
you, you have to be an expert.
It knowledge expert coder,scriptor y you have to have a
deep knowledge to be aneffective pen tester because
I've seen before where pentesters break something.
(25:47):
In, in, in a client's network,and that's that's like a big
no-no.
But no, it's, uh, I guess
Alex (25:52):
them doing their job.
See,
Chris (25:54):
yeah,
Alex (25:55):
you guys
Pat (25:56):
See guys are all busted.
Chris (25:59):
I guess the pen can say that.
Well, look see what I did, youknow?
Pat (26:03):
Yeah.
You're lucky.
It was just me and not somereally bad
Chris (26:07):
Yeah,
Alex (26:07):
I literally clicked your website's URL Q times pretty
quickly.
Chris (26:12):
Yeah.
But I guess the point there isthat you have to have a couple
years of red team experience toreally be a good pen tester and,
these folks just wanna comeright in and be a pen tester
right away.
I don't know, just kind ofunrealistic,
Pat (26:26):
yeah,
Alex (26:26):
that might be a good segue into talking about how does
someone actually get intocybersecurity.
It seems like, pat, maybe you'regetting ready to ask a question,
so if you, before we go on toanother topic, see if there was
something you wanted to say.
Pat (26:39):
No, I just wanted to say from an internal perspective
too, and I'll give a, I'll givea a little blurb here from an
internal perspective too.
There's just as much I shouldsay information security, lease
privilege, that sort of thingfrom an internal inside the
company as it is trying to get,outsiders to come in, right?
That kind of thing.
So you have to wrap yoursecurity from both angles,
(27:02):
right?
From an outside in perspectiveand from an inside to inside
perspective as well as I willmention these are not any of the
companies I've worked at.
I know someone that actuallyworks at a healthcare facility
that they stumbled upon people'ssalaries in a shared drive.
In a shared drive.
It was literally on a shareddrive for everyone to see, and
(27:25):
she's she stumbled upon it.
It was there on a Excelspreadsheet.
It was her and her team and whatthey all make, and it's just
like, oh, my that kind of thing.
Like, so there's more there'sthat as well as far as like
keeping all that stuff and,under locking key from an
internal perspective, let alone,worried about the outside guys,
beating on the firewall andeventually breaking it down too.
(27:47):
So there's, there's two sides ofthat coin.
I would suspect you, you havethe same ideology there, Chris,
as well as, least privilege.
People only get access what theya absolutely need to do, their
jobs and, no more, no less kindof thing.
Right?
Chris (27:59):
Yeah.
And that's kind of anotherbuzzword, pat, in recent years
zero Trust,
Pat (28:04):
Zero trust.
Sure.
Chris (28:05):
and we kind of laugh at vendors because they call up and
they say I have zero trustsoftware for you.
Pat (28:11):
Yeah.
Chris (28:11):
No, zero
Pat (28:12):
that's a marketing term,
Chris (28:14):
it's a framework.
Pat (28:15):
Right.
Chris (28:16):
software,
Pat (28:16):
Right?
Yeah.
Zero Trust is basically amarketing term at this point in
the game.
It's just you have to decidewhat kind of zero trust you
actually need and then go fromthere,
Chris (28:26):
Exactly, but
Pat (28:27):
go ahead, Chris.
Chris (28:28):
Answer your question a good amount of the people I work
with are ex IT people.
They I followed that track and alot of my coworkers did.
Some people came in without anyIT experience and they're very
good cyber people on our teamnow.
And but I was gonna share thatshare a a good cyber career
(28:48):
tracker site if this applieshere,
Pat (28:51):
it at me.
Chris (28:52):
I just chatted it up.
It's cyber seek.org and, Thatshows various sub careers in
cybersecurity and how you startwith them and what certs you
should get.
If that URL is good,
Pat (29:05):
Yep, it is.
I'm looking at it now.
Yeah.
Chris (29:08):
Yeah.
It shows really key jobs withincybersecurity, common transition
opportunities even like salaryinformation, which is kind of,
kind of interesting and skillsets.
But yeah, most people start withan IT knowledge and like, even
help desk folks can transitioninto a SOC with some with
several months of training andexperience.
(29:29):
And of course the certificationsalways help the comp TIA certs
network Plus and SEC plus CISSPsmore for like a management and
an overall type of cybersecurityperson.
But there's a ton of certs outthere, as you guys know.
Pat (29:44):
sure.
Yeah, that was sort of myquestion too, like from a cert
perspective, if somebody's gotnothing.
And then basically you'relooking to get into the, because
you're right, right from the, onthe it side of things,
cybersecurity is the, is thesexier role, right?
That kind of thing.
They wanna go in there and cuzthey, they watch the Matrix a
couple times, it's like, ah, Iwanna do that.
That's pretty cool.
Yeah.
Chris (30:02):
Yeah.
Pat (30:04):
But and no, I totally get it.
And rightfully so.
But it just feels like, so froma knowledge perspective, I would
think this is just mepersonally, I would think that
they would need some sort ofnetwork background or at least a
general network idea, right?
Cuz you can't secure the networkif you don't know how it works.
Right?
How does the packet get from Ato B?
(30:25):
Right?
I would also say, Obviously thesecurity plus, right?
We're all big fans of CompTIAhere and what they offer and
that sort of thing.
So net plus sec plus, I wouldeven say probably a little bit
of Linux as well from learning,learn the Linux side of things,
cuz literally half the world,almost three quarters of the
world and the internet runs offof Linux on the backend.
(30:46):
So, you're gonna need some sortof Linux or at least enough to
get around the command shell,right?
The command line and the shellwhat, you know, depending on
what you're using.
So those would be the big threefor me as far as like, okay,
look, I wanna get tocybersecurity.
Well, like you said, there'svarious roles inside that
cybersecurity pen test,vulnerability management.
So forth and so forth.
So, but I would think they wouldneed all, they would all of them
(31:06):
would need some sort of networkbasis.
Sec plus to wrap your headsaround the types of attacks and
threat actors and things of thatnature.
And then the Linux side toactually, sit there and bash in
the command line.
So, I don't know your thoughtson that.
Does that sound about right?
Chris (31:21):
I would totally agree, pat and when I've advised newer
people in this field before Iwould always say take net plus
first that certification, learnyour subnets and your site range
and firewalls and et cetera.
And then when you go into SECplus, you'll have that pretty
much sealed up there.
It's almost like a a net plus isa prep for SEC plus but yeah,
(31:45):
totally agree.
Pat (31:46):
Makes sense.
Chris (31:46):
To be a good cyber person, like I said earlier, you
have to know the wholeenvironment, you know,
Pat (31:51):
Yep.
Chris (31:52):
It's more of a wide breadth of knowledge than being
an expert.
Like, I would love to be adeeper Splunk expert.
I'm working on that, but youhave to know so mu, so many wide
range of tools to do your jobwell.
Pat (32:07):
Yeah I would agree.
I don't know.
Alex, you wanna jump in?
You got anything based off ofthat?
Alex (32:11):
Well, I was gonna ask a similar question about Yeah.
Certs.
One thing that you mentioned, Idid wanna highlight that cuz I
you mentioned the C I S P.
I think that's a cert that a lotof people might have heard of.
But you're saying that cert ismore tailored towards management
and maybe just like audits andlike certifications, like, by
(32:31):
certifications I mean more like,
Pat (32:33):
Like iso, that kind thing.
Alex (32:35):
soc to
Pat (32:36):
Yeah.
Pci.
Yeah.
Alex (32:38):
things like that.
That's more that role
Chris (32:41):
Yeah.
Um, I'm probably, I'm.
I'm probably limiting I'mprobably not describing it as
wide as it is.
Alex (32:48):
We just lost all our C I S P followers.
Chris (32:52):
Yeah.
Sorry guys.
No.
I think, I've known severalpeople who've gotten that cert.
I have not.
But you don't really need anexpert technical knowledge to
get a C I S P certification.
Um, it's like I said it, ittests on a wide breadth of, oh
(33:13):
my God 12 different chaptersdifferent can't come up with the
word, but it's a, it's more of awide cyber knowledge than,
Pat (33:20):
Then deep.
Yeah,
Chris (33:22):
Then rather then you know how to set firewall rules for
better security.
It's not really that
Alex (33:27):
Master of none.
Pat (33:29):
yeah.
Right.
Chris (33:31):
almost like that.
Pat (33:32):
Yeah.
Chris (33:33):
But, CISs are really in demand.
That's a popular one.
Pat (33:36):
Yeah, it's popular.
Shout out to my buddy Kevin, whohas the C I S P a few years
back, and dude's killing it overat I forgot where he is at now,
but yeah, he's just absolutelymurdering the scene.
It's just like, it's just, it'scrazy.
So shout out to him if he'slistening.
so
Alex (33:51):
we mention Certified Ethical Hacker yet?
Pat (33:54):
C e h no, I don't think we have.
Alex (33:57):
That was, that's still one that it seemed like it.
It sounds so cool.
So I think it's one that mightinterest people just based on
the name of it, but is that onethat you've seen come up in your
team or one that you've kind oflooked at the itinerary and
thought that might be useful?
Chris (34:13):
I haven't, I don't think I've met someone who's been a C
E H.
And I have worked with some redteamers and some vendor red
teamers too.
But not too much.
I've heard about it, that, forthose newbies who want to be pen
testers or red teamers, hey,work on that c e
Alex (34:30):
what I was thinking because I think it's kind of,
it's meant to be about as introas you can, like as about, as
beginner as you possibly can inthis field.
It seems like c e H is just, ifyou have never, worked in this
field before at, you still havean opportunity to study for c h
(34:51):
and pass it, at least from myinitial understanding.
So I could see that
Chris (34:55):
I would agree.
Alex (34:57):
okay.
All right.
Yeah.
Well, I think that's all I havethen on the cert topic.
Pat (35:03):
Yeah that's interesting.
Cuz from what I understand fromthe c e h part of it and if
there's anybody out there that,that knows a little bit more,
feel free to hit us up.
Cuz I, I'm I'll be completelyhonest, I'm not super, super
aware or in that space enough toreally kind of thing.
But it seems to me like a coupleyears ago, The c e h kind of
took a hit from a reputationperspective.
Cause the EC council is thegoverning body of the c e h.
(35:27):
They were kind of, they kind oflost some street cred, if you
will.
And it was kind of the c e hwent downhill with it or
something of that nature.
So I, and I don't know if thatmay have rebounded in the last
couple years, but there was sometalks out there that really, the
EC council was doing some shadystuff or I don't know if that's
the right word, but it would, itdefinitely lost some street
creds.
So I don't know if that's stillthe case or whatnot, but it
(35:49):
sounds
Alex (35:50):
followers.
Pat (35:51):
I know.
Yeah,
Chris (35:52):
Yeah.
Pat (35:52):
it does sound cool.
I'll tell you that the c justcertified ethical hacker, that
does sound pretty, pretty sexy,so I ain't gonna lie.
So I don't know if you haveknowledge about that, let us
know.
Cause that's kind of what Iheard, but I really wasn't.
Super close to it.
So that may have just be me justmisinterpreting, but it's an
interesting interesting topicand interesting cert for sure.
So I'm curious to see if anybodyelse has any thoughts on that.
(36:15):
So kind of pivoting to that orpivoting on that, Chris.
I see like cybersecurity isabsolutely white hot, and I
don't see it slowing downanytime soon as far as trying to
get qualified bodies to fillthese spots that are out there
that.
Like I said is teams andsecurity teams are just blowing
up at the seams.
(36:35):
They're just, they just can'tseem to hire enough people.
But these places, I should say,these spots go vastly unfired,
but it's so hard to break intocyber.
I don't know if that's just likea, if that industry has like a
gatekeeping issue or what they,or like they, everyone needs an
expert and they don't have timefor the rookies to kind of break
(36:55):
in and get their feet wet.
I mean, and I guess you couldsay that about any sort of spot,
but in cyber it seems to reallykind of, Be, I don't wanna say
bad, but it's got an issuewhere, they don't have, these
places don't have time to, teachthe rookies and kind of bring'em
along.
But, but normally most of thetime, right, like, no, most of
the time your security teamblows up after you've had an
issue, right?
And then they say, oh, we needto hire all these smart people.
(37:18):
We need to have'em hit theground running.
That sort of thing.
And truths be told, juniors justdon't have that hit the ground
running mentality.
Cause that's just not wherethey're at in their career.
So I guess I get your thoughtson some of that gatekeeping or
what they can, what folks cankind of do to, kind of break
down some of those walls or atleast give themselves a fighting
chance in the big world of cyberout there.
Alex (37:39):
And maybe even a another way to word it would be, at
least with your team, do youfeel like you ha you would ever
hire a junior level person thatjust is fresh outta school?
Or are you already ex Oh, youwould, okay.
Chris (37:53):
y yeah.
And we have, and we've I guesswe have the time to train them
in the last few years.
And mainly because I could saythat there's a large grunt work.
Of being in cyber log review,generating reports.
So, a lot of people getting intocyber don't realize that there's
(38:14):
certainly a grunt work part ofit that's really needed.
And the more experienced peoplewant to bring in the new
analysts to take that on y sothey can move to the more
interesting stuff.
Alex (38:26):
So maybe it's low retention rate cuz people go
into it and go, oh, this is notnearly as cool as the Matrix.
And I'm gonna go back to
Chris (38:34):
unfortunately that's the total reality, Alex.
Yeah.
But no boy, that's well, I knowone thing is one thing that
really helps new people is tohave a really healthy curiosity
about cybersecurity and alwaysask questions and follow a bunch
of feeds various cyber websites.
That's one good thing online isthat there's a ton of cyber
(38:56):
resources that you can, andtraining that you can take even
in LinkedIn learning.
There's a whole, I mean, you cancertainly learn a lot.
So that's what I would advise.
I think even, they used to say,set up a test lab at home, but I
think that's even kind of, that,that's good.
And, these days they have onlinetest labs.
You can have at homecloud-based, but No I, I'll go
(39:19):
back to just have a reallyhealthy curiosity about what
you're getting into and ask alot of questions.
Cyber management folks reallylike that.
That, shows you're into it andyou wanna learn more and take on
different tasks and duties.
So, if you're just getting intoit just to, hang out and not
really be interested in cyberthat's not so great.
I've
Alex (39:38):
it's a promotion over, help desk or, they're like,
yeah, not the way to do it.
Okay.
And then do the skills that youlearn.
We'll just use customer bank asan example.
Cuz I'm coming from a networkingbackground, so I kind of think
to myself there's like threevendors that kind of run the
show.
(39:58):
And then the skillset that youlearn at any company using those
three skillsets are easilytransferable to any other
company that might be usingthose three vendors and even the
three vendors are reallysimilar.
So do you kind of feel like theknowledge that you're using
right here at customer bank andthe rest of your team that's
easily transferable or is youget to the position this type of
(40:21):
position?
Is it are the, because you haveto cover so many different
things, do you somehow feel likethe skillset that you learn
right here is just so tailormade for this network that right
now that it's not quite as easyto transition to somewhere else?
Maybe, you know, not quite likea networking person would be
able to.
Chris (40:39):
Right.
I'd say yes to both of yourpoints.
Well, yes, that what istransferrable is using common
cyber tools, like a scene toollike Splunk and there there's
Splunk jobs out there that, youcan transition to.
But your second point is rightas well.
I mean, even if you're the mostsenior guy, you come into an
environment you really have tospend a couple months learning
(41:02):
that environment and hoping thatit's well documented hoping that
their asset inventory isaccurate and up to date that
their C M D B things of thattype.
So it's I would say it's bothreally out.
Alex (41:14):
All right.
And then I'll ask another kindof follow up question around the
the same means, so, Say forwhatever reason there is a
senior level principal levelposition opened up on your team,
what are the skills that you'reexpecting for that type of
level?
Are you going to make sure thatthey are just using the exact
(41:36):
same tools that you're usingright now?
Cause that's the only waysomeone can come into your
environment as a principal, orare there just very specific
skill sets or just knowledgethat they have to have at that
level?
Chris (41:49):
I think a good technical knowledge is definitely
something that we look for.
And some of the interviews we'vedone, folks don't have cyber
experience yet.
But but no, a good technicalknowledge and a good curiosity
always helps.
Alex (42:04):
Some go-to interview questions.
So if you're hiring a seniorlevel guy, you got one.
You got like two or three thatcome into your mind right away.
Chris (42:12):
Oh man.
Yeah.
Alex (42:14):
I wanna know what I, if I wanna transition into this,
Chris (42:18):
oh, well, a very common, basic one is what is the CIA
triad, which is confidentialconfidentiality.
God, am I gonna get it wrongnow?
Alex (42:29):
oh, man.
I hope it's not common.
Chris (42:30):
Yeah.
But yeah there's a lot of cyberquestions you can ask like, like
the difference between a threatand and various other type of
risky.
Behavior that you're seeing oh,a difference between a threat, a
vulnerability, that was a goodone.
And then you're really testingthem to see if they understand
(42:51):
those things.
And generally what they've doneon their last job, and whether
that's really led up to whatwe're looking for.
Alex (42:58):
Okay.
All right.
And seems like you struggled alittle bit on that.
So it may go back to what Ithink where it, maybe it's it's
just cybersecurity is adifficult a difficult field to
have a perfect skillset just topick up and move from company to
company.
But yeah, interesting to knoweither way.
Chris (43:20):
I would say so.
I mean, I guess your best hopeis that, you you've used the
same cyber tools that the new
Alex (43:26):
All right.
Okay.
Chris (43:27):
Looking for.
Yeah.
Another common question is thedifference between an I D S
versus an I P S, intrusiondetection system versus an
intrusion prevention system.
And it get, it gets prettygranular.
But there, there's a whole bunchof questions out there.
Alex (43:42):
Okay.
All right.
Well, I guess we'll pun it overto Pat again.
I know we're getting prettyclose here, and I like to end
conversations talking about kindof the future of the topic that
we're talking about.
But before we get to that, isthere anything else that you
wanted to cover, pat?
Pat (43:57):
No, that was pretty much it for me.
That was that's all I kind ofhad.
I definitely wanted to touch onthe the rookies coming in and
kind of gave them some somegeneral talking points and some
direction.
But no, that's all I really had.
So, if you got any futuristicquestions, have at it.
Alex (44:11):
Okay, well, I guess, we
Chris (44:12):
G
Alex (44:13):
will start
Chris (44:13):
P t, possibly chat,
Alex (44:14):
y Well, I was try I try every topic we talk about, I
figure, like, how can I talkabout Chatt b t?
So does CHATT in your mind, andmaybe the, you haven't come
across it yet because in the ITfield, I mean, people know about
it, but I still don't feel likeit's being used very heavily
from the average end user.
But do you have any fears aboutchat T P T fundamentally
(44:37):
changing your job?
Is it going to make thingsharder, easier?
Is it going to give people theability to do things that they
couldn't do before that's gonnamake your life harder?
Chris (44:49):
I know that gosh, it just feels like it came around like
three months ago, right?
I mean, it's like, it's crazy.
But no I just heard recentlythat a cybersecurity department
blended that in as anotherresource into all of their cyber
teams.
But and also we've talked aboutit on our team and how it can
benefit us and.
One thing people have said is,they've tried to use chat g p t
(45:13):
to write malware,
Alex (45:15):
Right.
And that's what I was thinking,like there, there's two sides of
it.
How can you use it to help with,you're doing, like chat G P T
how should I be, design thisnetwork or design this.
But yeah, on the flip side, youhave the exact same thing where
people who may have a backgroundin it now, are they, do they
have a gateway now to get themover the hump of writing really
(45:36):
malicious stuff?
Before, because they knew aboutit, but not enough to write the
code.
And now it's just like,
Chris (45:42):
Well, one of my coworkers tested that a lot and he said it
was writing terrible malware.
Alex (45:49):
it's not there yet.
Chat, G P T, version five.
Chris (45:52):
yeah.
Yeah.
It that the malware wasn'treally working, so,
Pat (45:55):
next week.
Chris (45:56):
Yeah, I know.
Good God.
The next version.
But no just as an, a resource, Iwould say I'd really I think one
thing I'd like to delve into itmyself is how, what's its advice
on incident response.
Because there's so manydifferent steps to investigating
an incident and correlatingevents and, I'd really like to,
(46:18):
and I would see that would be inuse in a sock where, chat G p t
I've detected an incident andI've done four of the 10 steps
that chat G p t recommended.
I could see that as a situation,and just to be extra thorough,
so.
Alex (46:35):
like chat g b t.
If you were to position whereyou haven't slept much, it's two
in the morning and this alertcomes in, would you get up and
fix the problem or leave it tilltomorrow morning
Chris (46:46):
Yeah.
Well that's a great point, Alex.
I mean, what's the severity?
Determine the severity for me.
Alex (46:54):
and then chap, G B T goes
Pat (46:55):
Sev one.
Alex (46:56):
If you're bored and you can't sleep, I would get up and
look at it otherwise.
Pat (47:02):
How neurotic is your boss?
Will he care
Chris (47:04):
yeah.
Pat (47:05):
If he really cares?
Get up right now.
If not.
Alex (47:08):
and that's another thing with chat gbt I read about it
every day.
It's hard not to, if you're init.
And that's another thing thatI've seen people say is a better
way to use chat GBT is to giveit more and more.
Additional information to answeryour question.
So rather than just say, is thisa valid threat, you can say, is
this a valid threat for thistype of business?
(47:30):
And these are your end users.
And so you can give it so muchmore details for it to end up
figuring out what it thinks isthe best course of action.
Chris (47:40):
Alex would you consider it true AI though?
Or is it just something thatjust cranks out a bunch of
scripted answers and it's notreally ai, I don't
Alex (47:50):
world's best Googler at this
Chris (47:52):
Yeah,
Alex (47:52):
is a very good school, a very good skill.
An incredible skill.
I mean, before the person thatwrote the best essays was
probably the person who could,go through the library and get
to the stuff they needed.
Then it just turned into, whocan Google things the best and.
Yeah.
Now you just have a program thatcan google better than any
(48:14):
person in the world can
Chris (48:16):
Right.
Alex (48:17):
because it can't, it doesn't know anything that isn't
already out there on theinternet.
It just can
Chris (48:21):
a really powerful, is it really just a much a souped up
Google search or is it seemslike it is more than that cuz it
is interactive and you can buildon questions like you said,
Alex (48:33):
Yeah.
It's the next evolution of Idon't want of a search, I don't
wanna say of a search engine,but what the search engine gave
people and that's, this is thenext evolution in just
information gathering where justnow you got something they can
do it even better is,
Chris (48:49):
Yeah.
Alex (48:51):
so, okay.
Well, I mean that's the chat G BT stuff.
Outside of just chat, G p T isthere anything else that you can
kind of think of as the futureof cybersecurity?
Is there something that'skeeping you up at.
That's interesting.
Chris (49:03):
I would say I gotta bring up cloud because I'm an old
on-prem data center guy, and,and in fact, I think there was a
there was a Cisco protocol atwork recently which I had never
heard of, and I looked it up andit was a SaaS it was a SaaS
offering.
So I'm like, okay I gotta getthe cloud knowledge up to date
here.
But I mean, on a general levelit's a lot more harder defending
(49:27):
cloud where you have all pointsof entry instead of actually
having a perimeter firewall thatyou would defend against.
So, you know that, I guessthat's another advice for
newbies as well learn.
Learn Azure or AWS and how todefend that y but I would say
cloud cloud defense is a bigone.
Alex (49:48):
Does that ever make you concerned that cybersecurity
roles might get limited?
Cuz people might just rely onthe baked in security that goes
with being an AWS or in theseclouds, because I'm sure they're
gonna have their own offeringsand people say, Hey, there's the
check bar
Chris (50:05):
Yeah.
Alex (50:06):
AWS says, I'm secured.
Chris (50:08):
I, would say so.
Yeah.
There, there's always have to bepeople setting that up, but that
could be it people, but but yeahI would agree with that.
Yeah.
I don't know how the, honestly,I don't know how cyber there a
lot.
It'll be a lot more of a cloudemphasis, as I said.
But I don't know how the roleswill change.
You'll still need analysts andengineers and other roles like
(50:29):
that in the whole thing.
But should be interesting.
Alex (50:35):
All right.
All right.
How about you, pat?
You got any follow up questionsfor the future of cybersecurity?
Pat (50:40):
No, that was it.
The chat, g p t, we alwaysseemed to talk about that.
So that
Alex (50:44):
We might as well just put that's gonna be a topic going
forward, the future of topic X,Y, Z, and chat, G P T.
Pat (50:51):
That's it.
Chris (50:52):
will this podcast devote parts one, two, and three?
Pat to chat.
G p t.
Pat (51:01):
Oh, I've dabbled with it for this show, but nothing
really nothing really toactually use yet.
Yeah.
Kind of thing, so I don't know.
So, we'll see what happens, butit does seem to be a
Alex (51:09):
plugin chat, G p t and pleasing it once it goes
sentient and can start sendingpeople over here
Pat (51:17):
Some Sky net.
Yeah, some Skynet shit going onright now with, I'm just gonna
unplug this real quick.
This is really weird, that kindathing.
Yeah, we're right around thathour mark.
That's it.
We just we like to keep itsomewhere around the hour and
make sure everybody'severybody's still with us and
hasn't turned us off yet, so weappreciate that.
So,
Chris (51:35):
it was interesting.
Pat (51:37):
Chris, do you wanna plug your LinkedIn?
How can people find you?
Chris (51:41):
It's Voz is not a common name, but I'm easily found on
LinkedIn.
If anybody wants to reach outwith any questions or anything
it'll be a nice change from theusual vendor pile on
Pat (51:51):
There you go.
Chris (51:52):
LinkedIn people get
Pat (51:53):
it's so bad.
Actually I'll I'll put Chris'sLinkedIn link in the show notes,
so if family wants to talk tohim, hit our show notes up and
his LinkedIn profile will bethere and you can chat to your
little heart's content onanything sock related.
So,
Chris (52:10):
Thanks for having me on, guys.
It was a
Pat (52:12):
Yeah, man, this is great.
Like I said, we're right aroundthe hour mark.
We want to keep it nice andshort and get everybody all in
their way.
So we appreciate everybodyjoining this week on this
episode of Breaking Down ToBites.
Visit our website, breakingBites pod.io where you can
subscribe to the show on applePodcasts or Spotify, Google
Podcast, Stitcher.
Or if you just need an RSS feedthat's there as well.
(52:34):
So you never miss a show.
Throw us a rating on the ApplePodcast and that's where a lot
of our listeners come from cuzthat's what our stats tell us.
So you're already there.
You might as well throw us arating and leave us a review
that fools with the algorithmsand the the sky net of the world
that are.
That are out there, that helpshelps with the the show and get
more, get in front of morepeople, more years, right?
That's the that's the idea ofthe show here.
(52:55):
So, if you could do that'd begreat.
Tell a friend as well.
Word of mouth is just as goodthese days, right?
Sometimes I think it's even alittle more effective.
Then just letting something pickout a, Hey, you might like this
show.
If you hear from somebody youtrust and it's reliable, then I
think that carries a little morewater.
So, go tell your friends aboutus.
So that'd be awesome.
Follow us on LinkedIn Twitter.
There's a Facebook out there,discord server.
(53:15):
Our survey is still out there,so if you like what you hear or
if you want to hear somethingdifferent let us know.
There's a survey out there foryou.
I think it's like nine or 10questions.
We don't know who you are.
It's completely anonymous.
It just aggregates topics for itactually just aggregates answers
for us, I should say.
And it just helps us tune theshow to what people want to hear
and keeps us going.
So, nobody's told us to stopyet, so we're gonna keep going
(53:36):
until somebody does.
So we can't help that.
So again, thanks Chris.
It's been awesome, man.
Really good time.
Appreciate you hanging for acouple of minutes and talking
some nerdy socks stuff.
So, that's it.
Alex, you good man.
We're outta here and we'll seeeverybody again next week.
Thanks, everybody.
See you next time.
Chris (53:55):
Bye-bye.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.