April 19, 2021 • 24 mins
Welcome to Security Chipmunks podcast where we talk about the development of cybersecurity skills. To stay up to date in today's world you need to be resilient, that’s why as Advanced Persistent Chipmunks we keep chipping away at it
Today we are joined by special guest Patrick Lowther.
News
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Conferences
https://www.tmhcisolationcon.com/
https://forum.defcon.org/node/236655
Learning
https://www.linkedin.com/learning/me?u=2045532
https://www.pluralsight.com/
https://www.udemy.com/user/jason-dion/
LSASS.exe
https://twitter.com/shad0wbits/status/1379857605779132416
https://medium.com/@markmotig/some-ways-to-dump-lsass-exe-c4a75fdc49bf
https://www.microsoft.com/security/blog/2019/05/09/detecting-credential-theft-through-memory-access-modelling-with-microsoft-defender-atp/
Contact
https://twitter.com/securitymuncher
Socials
- Join our Chipmunk community Discord server: https://discord.gg/9yfWP6evYQ
- Follow us on Twitter: https://twitter.com/SecChipmunk
- You can find us online at: https://securitychipmunks.com
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
UNKNOWN (00:00):
Thank you.
SPEAKER_02 (00:10):
security chipmunk podcast where we talk about the
development of cybersecurityskills.
To stay up to date in today'sworld, you need to be resilient.
That's why as advancedpersistent chipmunks, we keep
chipping away at it.
My name is Edna Johnson.
I'm here with my co-host NeilSmalley.
And today we are joined by ourspecial guest, Patrick Lowther.
(00:32):
Patrick, nice to have you heretoday.
SPEAKER_00 (00:34):
Thanks for having
SPEAKER_02 (00:38):
me, guys.
It's a start us off with somenews?
SPEAKER_01 (00:41):
So unless you've been completely cut off from
news the last few weeks, thereis yet another exchange
vulnerability out there.
So make sure you are updatingand patching your exchange
servers.
If not, the FBI might be doingit for you as the department
approved them going in andremoving web shells off of
(01:05):
exchange servers.
SPEAKER_02 (01:06):
Yeah, and that's pretty serious.
The FBI has come and to do itfor you.
You better get to work on that.
All right.
So for our conferences, we havetwo conferences that we wanted
to mention today.
There is...
So
SPEAKER_01 (01:20):
one conference here in April we have is the Many
Hats Club Isolation Con 2, whichis coming on April 24th through
the 25th, which is streamed onTwitch.
And there's also a CTF you canparticipate in as well.
SPEAKER_02 (01:36):
There's also another one coming up in June.
I know This one is not free.
This one does have a cost.
Right now, early bird ticketsare$50, but that is Circle City
Con 8.0.
They are virtual this year, andthey are known as the Happy
Little Con.
So, DEFCON, that was justreleased, that DEFCON is going
(01:57):
to be in person.
What are your thoughts on that?
It's going to be hyper,actually, both in person and
online.
SPEAKER_01 (02:03):
I'll let our guest go first here.
Will we see you at DEFCON thisyear?
SPEAKER_00 (02:09):
Perhaps.
So I do have both my rounds ofvaccine shots.
So I'll meet those criteria.
Just really comes down to if Iwant to be in Nevada in August.
SPEAKER_02 (02:23):
So it's the heat that's keeping you away.
SPEAKER_00 (02:26):
Yeah.
Yeah.
Well, I mean, heat and pastcouple of years, DEF CON has
been like pretty, pretty big.
And so with it being a hybrid,I'm hoping if they limit the
number of people, I think itwill probably make for a better
in-person con.
So it gets back to kind of thesmaller feel that they've had
for a while.
So if I can get a pre-register,sure, I'll go.
SPEAKER_02 (02:48):
All right.
SPEAKER_01 (02:49):
Very
SPEAKER_02 (02:49):
nice.
SPEAKER_01 (02:49):
You want to introduce yourself a little bit
and tell us what you do?
Sure.
SPEAKER_00 (02:54):
My name's Patrick.
I like long walks on the beach.
No, I'm kidding.
I'm currently a Microsoftconsultant working on behalf of
Microsoft to help implementtheir security technologies,
both in cloud and on premise.
And what that will do is coverAzure Active Directory and
(03:17):
everything that's associatedwith that.
Parts of the MicrosoftInformation Protection Suite as
well, which is their dataprotection and DLP solutions.
The identity management,managing the identity of both
users and devices.
And so with that, that'sportions of what's called Intune
(03:38):
and also system center or systemcenter endpoint management.
Lots of fun stuff doing thingslike that.
So helping large companies andsome small companies leverage
the most out of their Microsoftbenefits and get them into a
better security posture.
So that's what I do on aday-to-day basis.
Sounds like
SPEAKER_01 (03:57):
a lot of fun, a lot of variety.
SPEAKER_02 (03:59):
Yeah, that's very neat.
So what is the most fun part foryou of your work?
SPEAKER_00 (04:04):
So one of the things I really enjoy about what I do
in the security field isBasically, we go to a client and
they have a puzzle that theyneed help solving.
And so I get to leverage mytraining, my information that I
know about, my varioustechniques, some of the best
(04:26):
practices in the industry andbest practices from Microsoft.
I take all this knowledge, kindof jumble it all together,
create a design, create animplementation plan for it and
start about doing it for theseclients.
So that's probably my veryfavorite thing to do.
And the best part about doingthat is I still get to be hands
(04:49):
on and actually, you know,implement that stuff.
So that's really fulfilling, beable to see like a project go
from, you know, cradle toimplementation, and then hand it
off and do like a educationaldump on the people who will be
administering
SPEAKER_02 (05:07):
it.
Wow, that's really cool.
So what is the biggest biggestchallenge facing you right now?
SPEAKER_00 (05:12):
The biggest challenge that professionally
we're seeing is these companiesas they adapt to the newer new
is the reaction to COVID-19 andhow they can still secure their
data that they're generating,secure the data on devices that
(05:35):
may not be coming into theoffice or they may not have a
VPN connection back andeverything like that.
So a lot of the challenge isputting together plans to make
sure that these devices stayupdated from a security posture
and also to make sure that thatdata that's created on those
(05:57):
devices is stored in a protectedmanner.
So no matter if you go and get adocument off the shelf or not
document, a laptop or somethingoff the shelf from like Best Buy
or any of the places like, youknow, have a drop ship from UEG
or anything like that.
The challenge is to how to takethis device from a zero
(06:19):
configuration point of view,bring it into your cloud
presence and then secure thedata that's generated by the
user on there.
So that's like the number onechallenge that we've been seeing
going forth since COVID started.
So it's a fun challenge andevery environment is always kind
(06:41):
of unique, but also always kindof the
SPEAKER_02 (06:44):
same.
All right.
Yeah, so that's got to be a lotof things to consider when
you're trying to make sure thoseare secure and probably that
people aren't puttingapplications that you don't want
them to have on their machinesas well.
SPEAKER_00 (06:59):
Right, right.
Yeah.
Well, I mean, if you think aboutit, like if you go to Best Buy
and just pick up a laptop,right, think of just how much
junk and garbage is on thatlaptop.
Now, if you expand thatsolution, when you go to Best
Buy and buy 500, 600, maybe1,000 laptops because of your
(07:22):
supply chain, you can't getenough laptops through Dell or
HP or any of your normalprovisioning channels.
That's a solution that needs tobe brought into the fold.
It's pretty interesting how tosolve those issues.
SPEAKER_01 (07:38):
So, you're also a student as well how do you
juggle your work and yourstudying
SPEAKER_00 (07:45):
yeah so you know typically I have anywhere
between like 50 hours a weekwith work and then as I go about
studying various classes throughWGU and everything like that you
know that's probably another 20on top and I like to do it's
kind of a method that I findworks best for me so I'm kind of
(08:09):
like like an ADHD person.
So like I have real hyper focuson something and I like to get
really deep into it.
So I like to do almost likesprints for studying and
learning where I spend 25minutes doing a study on
something.
And then I have a reminder thatpops up and then I take five
(08:30):
minute breaks.
So with that, you know, it'susually in the evenings after
work and after we've put thekids to bed and everything like
that.
So it's, It's a process thatworks for me.
Sometimes, you know, I'll set agoal, may not hit that goal.
But, you know, depending on theschools that you go to, you
know, I'm currently a WGUstudent.
(08:52):
And so their flexibility allowsme to have that in my schedule.
So that's what I like to do.
Is
SPEAKER_01 (08:59):
there any resources that have helped you along the
way or things you go to whenyou're trying to figure
something out, just startingout?
SPEAKER_00 (09:07):
Yeah.
So like going through, you know,Some of the class works.
It's always good to read throughthe syllabus.
I like to leverage, like if it'sa technical class, a lot of the
times it would be throughUCertify, the technical
learning.
As far as secondary learningresources, I like to leverage
LinkedIn Learning, which is freewith your WGU account.
(09:30):
There's also Pluralsight Access,which is another great way to
have videos to help kind ofexplain that.
And I'm also a fan of some Udemyteachers and professors.
Classes like, you know, JasonDion really kind of helped get
you in the right mindset forwhat will be on like a
(09:51):
certificate exam or to kind ofhelp solve that, you know, issue
that you may have a mental blockwith.
So like subnetting, you know,like Jason Dion's video on
subnetting, it's absolutelygreat.
He does this corny thing withthese gloves and like, you know,
counts down from 256 to 128 andeverything like that, and then
(10:14):
goes the other way fordetermining the number of IPs,
et cetera, in that subnet.
But it's a great way to be ableto look at it and remember how
to do it based on what's on yourhands.
So there's some of my resources.
And then as I'm learning newtechnologies in the field
itself, since I'm mostlyMicrosoft-focused, I like to
(10:39):
leverage, learn, dot Microsoftdot com or like Microsoft Docs
on new things.
There's also certain Yammergroups that you can join part of
the public to be able to getlike the new customer focused
deployment and the techcommunity with Microsoft on
that.
So those are all good resources.
SPEAKER_01 (10:59):
Speaking of learning new things, I was doing some
learning this week.
I saw a poll on Twitter whereShadowBits asked, should a
decent sock detect using taskmanager dump lsass.exe so i was
somewhat familiar with likeusing things like mimi cats to
dump your memory but i didn'twasn't aware that you could use
(11:22):
task manager to dump out the thememory is my understanding
SPEAKER_00 (11:26):
yeah um it's kind of neat so you can use task manager
and if you're looking from likea sock point of view to detect
that some tools that you canleverage that are sysmon sysmon
being the tool from markrasanovic who is part of
Sysinternals.
He is one of the best things tohave happened to Microsoft with
(11:49):
his tool sets in a long time.
The next steps that you can dois, so if you're talking about
LSAS, which is the localsecurity authority server
service, that's actually foldedup onto what's called the LSA.
And the LSA is responsible foryou know, any type of
(12:11):
authentication of users andremote sign-ins and like
enforcing your security policieson that machine, right?
So that's what the LSA does.
And so you can actually set upmonitoring inside of there, like
monitoring the LSA to pick upmini cats and to pick up those
(12:32):
dumps and everything like thatas well.
SPEAKER_01 (12:34):
Sounds like a lot of fun to set up in a lab
environment and play with.
Or you can do it in prod.
SPEAKER_02 (12:39):
I wouldn't want to dare do that, but maybe
SPEAKER_01 (12:49):
you do.
I think the point is that a goodproduction environment should
have that kind of monitoring.
And I also noticed some of thereplies on the thread is that
you can use things likeMicrosoft Defender ATP to do
some pretty fancy detection aswell.
SPEAKER_00 (13:04):
Yep.
Yeah.
SPEAKER_02 (13:06):
So I was wondering who has been your biggest
supporter or maybe your mentoror a role model or the course of
your career?
SPEAKER_00 (13:16):
Oh, my biggest supporter is definitely by far
my wife.
Um, it's true.
Um, you know, my, uh, so like mybackstory is I've, I got into
the tech field when I was 19.
I had just found out, uh, that Iwas going to be having my first
(13:37):
child and I was just kind of awandering around aimlessly
through life, you know?
And so when I, when I found thatout, I decided I had to get like
a real job instead of likewashing dishes and being like a
line cook and that fun stuff.
So I had my first job as adial-up tech for a local ISP.
(14:00):
And so I did dial-up phonesupport for a year and a half
before moving on.
But that was pretty interestingbecause so my wife, she's
probably the best thing to everhappen to me because her family
has been super supportive.
Her dad was always supportive ofme.
(14:23):
You know, you figure like twoteenage kids, you know, the dad
may not like the guy, but he wasalways very loving and
welcoming.
And, you know, he had a way ofphrasing things to really sell
it to you.
Not really sell it, but to helpsee how a third party may view
(14:47):
it and kind of get that sense offocus on things.
So with that, I'd say my wife,her father, and as I go through
my career, I always findmentorship through trying to not
(15:10):
be the smartest guy in the room.
And I say that because if I'mthe smartest guy in the room, we
have issues.
I always like to surround myselfwith smarter people or people
who think differently so I cansee things from a different
(15:30):
perspective to maybe solveanswers from a different point
of view.
So that's kind of how I go aboutdoing it and finding mentorship.
And you may not be looking for amentor at the time, but you may
find a friend and then thatfriend turns into being a really
good mentor.
So I've had that happen quite afew times to me so
SPEAKER_02 (15:51):
yeah that's good to know and it's a good point with
being you have your familysupporting you in your endeavors
and in your career and whatyou're trying to accomplish and
that's really important havingthat support system at home yeah
that's great I'm glad you havethat
SPEAKER_00 (16:15):
yeah thank you
SPEAKER_02 (16:17):
so what is your dream job If you could work
anywhere, do anything, whatwould you be doing?
SPEAKER_00 (16:24):
You know, that's really, it's kind of a hard
question to answer because aslong as a job isn't boring to
me, like as long as it doesn'tbecome like mundane and routine
for everything like that, I'mhappy.
And, you know, I could be doingthings that I don't really
(16:47):
enjoy, but it, Like a dream jobto me, it doesn't really matter
what work I'm doing.
It's the team supporting thework that you're doing.
And I say that because a lot oftimes people will say, oh, you
know, I can't do this job for solong because it's so boring.
But as long as you have a goodsupporting team and that team
(17:09):
pulls together to get the jobdone, to me, that's what really
makes a good dream job, a dreamjob.
You know, being able to go intowork and enjoy doing Like
whatever you're doing, becauselet's be honest, sometimes blue
team defense is not the greatestor sexiest thing in the world at
all.
(17:29):
You know, it's a lot of, uh, uh,black guys, a lot of, you know,
getting beat up by the redteamers or even like threat
actors, because when you look atit, they only have to find one
chink in the armor to get in.
And then, then you're kind ofSOL, you know?
And so from a blue team'sperspective, if you're not
(17:53):
constantly going throughrigorous checks or implementing
things in a set manner, whichcan be boring to some, it can be
pretty boring.
But like dream job, dream job, Idon't really have one.
I have a list of companies thatI think would be fun to work
for.
I'm currently working for one ofthem.
(18:14):
So when it becomes not as fun iswhen I'll start looking around
for another position.
All
SPEAKER_02 (18:22):
right.
So Microsoft has to keep you onyour toes.
Right.
Yeah.
Yeah, that's good points toconsider.
It's not just the job, it's whatyou're doing.
So that's great.
SPEAKER_01 (18:38):
So are there any common myths or misconceptions
about your profession or fieldthat you might want to debunk?
SPEAKER_00 (18:45):
So since I'm in the security security side of
things, you know, and I dodabble in like, uh, red team
activities to keep my skillssharp.
Um, sometimes people be like,Oh, you're in security, you
know, and to them, what thatmeans is you're, you can like
(19:06):
hack into computers or anythinglike that.
Right.
And so a lot of times, if you'rejust talking to like the average
lay person, they'll be like,Hey, what about this thing on
Facebook?
And you're like no man I'm notgoing to hack Facebook for you
to you know find something orlike to you know change
(19:27):
somebody's Facebook status pageor anything like that or you
know just some of that stuffwhen people say they're in
security just don't assume thatbecause security is a broad
field where you have red teampurple team blue team you know
reverse engineers where theytake the malware and reverse
(19:49):
engineer, find out how it goes.
And then, you know, then you cangain control of it.
And then there's also likethreat hunters who go through or
like instant response people whogo through and help, you know,
companies deal with everything.
You know, it's a wide gamut oftechnology.
(20:10):
And a lot of people think justbecause they're good with
computers, they'll be good insecurity.
And that's another myth that'snot true to be successful in
security you need to always belearning you need to be not
afraid of taking on newchallenges even though you have
no idea about it you know youneed to be able to take that and
(20:33):
start from somewhere at leastand then work your way and
problem solve but like to getinto security you need good
fundamentals for your networkinglanguage Linux.
It sounds funny coming from aguy who deals solely in
Microsoft technology, but if youdon't have a good grasp of Linux
(20:57):
or anything like that, you'regoing to be in for a world of
hurt.
Of course, understand Microsofttechnology, but more
specifically, skills that dotransfer well are system
administrators and systemengineers.
With that knowledge, you cantake that and be kind of dropped
in no matter where you're at andlook leverage that skill set
(21:19):
that you have built and bepretty successful so
SPEAKER_02 (21:23):
all right that's good to know
SPEAKER_01 (21:25):
out of everything we've been talking about like
what would be your number onetakeaway you'd want to leave our
listeners with
SPEAKER_00 (21:32):
probably uh there's no real set path to get into
security and if you'reinterested in getting into
security just make sure thatyou're the type of person who
likes to learn likes to kind ofconstantly learn because if
you're not constantly learning,like I said before, you're,
you're going to be, you know, infor a bad time and just always
(21:58):
be curious about things.
So because those other skillsthat I mentioned previously can
be learned, you know, you canread about them and then you can
implement them in a lab, buthaving like a natural curiosity
and a natural desire to alwayscontinually to be improving and
trying to be better, that's andwhat you were before.
(22:20):
And it's about comparingyourself to where you're at, not
comparing yourself to somebodyelse and where they're at.
Because everybody's always on adifferent journey in life.
And if you compared yourself tome, I mean, it's hard.
I mean, you don't want tocompare yourself to others just
(22:40):
because somebody else's journeyisn't so easy.
Or maybe it may seem easy fromthe outside going in, but you
don't actually know what thatperson has gone through to do
things.
So, yeah.
And learn how to be empatheticto people.
Having empathy when you're inthe security field can be a very
(23:02):
valuable tool set to have.
SPEAKER_01 (23:06):
So, is there any place listeners can connect with
you online, follow your work?
SPEAKER_00 (23:12):
Catch me on Twitter at SecurityMuncher.
SPEAKER_02 (23:14):
Thanks for listening to the Security Chipmunks.
And remember, if it seemsoverwhelming, just keep chipping
away at it.
He edits out, like I make these,I can't do it on command, but I
(23:36):
make these little coughingnoises and he edits them out.
He makes me sound so good.
I
SPEAKER_00 (23:40):
appreciate
SPEAKER_02 (23:43):
you, Neil.
SPEAKER_00 (23:44):
You should do like a, in the blooper, do like a
cough reel.
UNKNOWN (23:49):
Oh, God.
SPEAKER_01 (23:51):
Oh, no.
Did I tell you how we got thename Security Chipmunks?
SPEAKER_00 (23:56):
No, go ahead.
Tell me.
SPEAKER_01 (23:58):
So the first time I'm editing, and I don't want to
listen to the whole thing normalspeed, right?
So I crank it up to severaltimes speed, but in Audacity, it
turns you into Chipmunks.
And so I'm like, this is thebest thing ever.
We need to just do the podcastand just do Chipmunks the whole
time.
I wasn't able to sell it on thatpart of concept, but at least
(24:22):
got the name.
Thank you.
SPEAKER_02 (00:10):
security chipmunk podcast where we talk about the
development of cybersecurityskills.
To stay up to date in today'sworld, you need to be resilient.
That's why as advancedpersistent chipmunks, we keep
chipping away at it.
My name is Edna Johnson.
I'm here with my co-host NeilSmalley.
And today we are joined by ourspecial guest, Patrick Lowther.
(00:32):
Patrick, nice to have you heretoday.
SPEAKER_00 (00:34):
Thanks for having
SPEAKER_02 (00:38):
me, guys.
It's a start us off with somenews?
SPEAKER_01 (00:41):
So unless you've been completely cut off from
news the last few weeks, thereis yet another exchange
vulnerability out there.
So make sure you are updatingand patching your exchange
servers.
If not, the FBI might be doingit for you as the department
approved them going in andremoving web shells off of
(01:05):
exchange servers.
SPEAKER_02 (01:06):
Yeah, and that's pretty serious.
The FBI has come and to do itfor you.
You better get to work on that.
All right.
So for our conferences, we havetwo conferences that we wanted
to mention today.
There is...
So
SPEAKER_01 (01:20):
one conference here in April we have is the Many
Hats Club Isolation Con 2, whichis coming on April 24th through
the 25th, which is streamed onTwitch.
And there's also a CTF you canparticipate in as well.
SPEAKER_02 (01:36):
There's also another one coming up in June.
I know This one is not free.
This one does have a cost.
Right now, early bird ticketsare$50, but that is Circle City
Con 8.0.
They are virtual this year, andthey are known as the Happy
Little Con.
So, DEFCON, that was justreleased, that DEFCON is going
(01:57):
to be in person.
What are your thoughts on that?
It's going to be hyper,actually, both in person and
online.
SPEAKER_01 (02:03):
I'll let our guest go first here.
Will we see you at DEFCON thisyear?
SPEAKER_00 (02:09):
Perhaps.
So I do have both my rounds ofvaccine shots.
So I'll meet those criteria.
Just really comes down to if Iwant to be in Nevada in August.
SPEAKER_02 (02:23):
So it's the heat that's keeping you away.
SPEAKER_00 (02:26):
Yeah.
Yeah.
Well, I mean, heat and pastcouple of years, DEF CON has
been like pretty, pretty big.
And so with it being a hybrid,I'm hoping if they limit the
number of people, I think itwill probably make for a better
in-person con.
So it gets back to kind of thesmaller feel that they've had
for a while.
So if I can get a pre-register,sure, I'll go.
SPEAKER_02 (02:48):
All right.
SPEAKER_01 (02:49):
Very
SPEAKER_02 (02:49):
nice.
SPEAKER_01 (02:49):
You want to introduce yourself a little bit
and tell us what you do?
Sure.
SPEAKER_00 (02:54):
My name's Patrick.
I like long walks on the beach.
No, I'm kidding.
I'm currently a Microsoftconsultant working on behalf of
Microsoft to help implementtheir security technologies,
both in cloud and on premise.
And what that will do is coverAzure Active Directory and
(03:17):
everything that's associatedwith that.
Parts of the MicrosoftInformation Protection Suite as
well, which is their dataprotection and DLP solutions.
The identity management,managing the identity of both
users and devices.
And so with that, that'sportions of what's called Intune
(03:38):
and also system center or systemcenter endpoint management.
Lots of fun stuff doing thingslike that.
So helping large companies andsome small companies leverage
the most out of their Microsoftbenefits and get them into a
better security posture.
So that's what I do on aday-to-day basis.
Sounds like
SPEAKER_01 (03:57):
a lot of fun, a lot of variety.
SPEAKER_02 (03:59):
Yeah, that's very neat.
So what is the most fun part foryou of your work?
SPEAKER_00 (04:04):
So one of the things I really enjoy about what I do
in the security field isBasically, we go to a client and
they have a puzzle that theyneed help solving.
And so I get to leverage mytraining, my information that I
know about, my varioustechniques, some of the best
(04:26):
practices in the industry andbest practices from Microsoft.
I take all this knowledge, kindof jumble it all together,
create a design, create animplementation plan for it and
start about doing it for theseclients.
So that's probably my veryfavorite thing to do.
And the best part about doingthat is I still get to be hands
(04:49):
on and actually, you know,implement that stuff.
So that's really fulfilling, beable to see like a project go
from, you know, cradle toimplementation, and then hand it
off and do like a educationaldump on the people who will be
administering
SPEAKER_02 (05:07):
it.
Wow, that's really cool.
So what is the biggest biggestchallenge facing you right now?
SPEAKER_00 (05:12):
The biggest challenge that professionally
we're seeing is these companiesas they adapt to the newer new
is the reaction to COVID-19 andhow they can still secure their
data that they're generating,secure the data on devices that
(05:35):
may not be coming into theoffice or they may not have a
VPN connection back andeverything like that.
So a lot of the challenge isputting together plans to make
sure that these devices stayupdated from a security posture
and also to make sure that thatdata that's created on those
(05:57):
devices is stored in a protectedmanner.
So no matter if you go and get adocument off the shelf or not
document, a laptop or somethingoff the shelf from like Best Buy
or any of the places like, youknow, have a drop ship from UEG
or anything like that.
The challenge is to how to takethis device from a zero
(06:19):
configuration point of view,bring it into your cloud
presence and then secure thedata that's generated by the
user on there.
So that's like the number onechallenge that we've been seeing
going forth since COVID started.
So it's a fun challenge andevery environment is always kind
(06:41):
of unique, but also always kindof the
SPEAKER_02 (06:44):
same.
All right.
Yeah, so that's got to be a lotof things to consider when
you're trying to make sure thoseare secure and probably that
people aren't puttingapplications that you don't want
them to have on their machinesas well.
SPEAKER_00 (06:59):
Right, right.
Yeah.
Well, I mean, if you think aboutit, like if you go to Best Buy
and just pick up a laptop,right, think of just how much
junk and garbage is on thatlaptop.
Now, if you expand thatsolution, when you go to Best
Buy and buy 500, 600, maybe1,000 laptops because of your
(07:22):
supply chain, you can't getenough laptops through Dell or
HP or any of your normalprovisioning channels.
That's a solution that needs tobe brought into the fold.
It's pretty interesting how tosolve those issues.
SPEAKER_01 (07:38):
So, you're also a student as well how do you
juggle your work and yourstudying
SPEAKER_00 (07:45):
yeah so you know typically I have anywhere
between like 50 hours a weekwith work and then as I go about
studying various classes throughWGU and everything like that you
know that's probably another 20on top and I like to do it's
kind of a method that I findworks best for me so I'm kind of
(08:09):
like like an ADHD person.
So like I have real hyper focuson something and I like to get
really deep into it.
So I like to do almost likesprints for studying and
learning where I spend 25minutes doing a study on
something.
And then I have a reminder thatpops up and then I take five
(08:30):
minute breaks.
So with that, you know, it'susually in the evenings after
work and after we've put thekids to bed and everything like
that.
So it's, It's a process thatworks for me.
Sometimes, you know, I'll set agoal, may not hit that goal.
But, you know, depending on theschools that you go to, you
know, I'm currently a WGUstudent.
(08:52):
And so their flexibility allowsme to have that in my schedule.
So that's what I like to do.
Is
SPEAKER_01 (08:59):
there any resources that have helped you along the
way or things you go to whenyou're trying to figure
something out, just startingout?
SPEAKER_00 (09:07):
Yeah.
So like going through, you know,Some of the class works.
It's always good to read throughthe syllabus.
I like to leverage, like if it'sa technical class, a lot of the
times it would be throughUCertify, the technical
learning.
As far as secondary learningresources, I like to leverage
LinkedIn Learning, which is freewith your WGU account.
(09:30):
There's also Pluralsight Access,which is another great way to
have videos to help kind ofexplain that.
And I'm also a fan of some Udemyteachers and professors.
Classes like, you know, JasonDion really kind of helped get
you in the right mindset forwhat will be on like a
(09:51):
certificate exam or to kind ofhelp solve that, you know, issue
that you may have a mental blockwith.
So like subnetting, you know,like Jason Dion's video on
subnetting, it's absolutelygreat.
He does this corny thing withthese gloves and like, you know,
counts down from 256 to 128 andeverything like that, and then
(10:14):
goes the other way fordetermining the number of IPs,
et cetera, in that subnet.
But it's a great way to be ableto look at it and remember how
to do it based on what's on yourhands.
So there's some of my resources.
And then as I'm learning newtechnologies in the field
itself, since I'm mostlyMicrosoft-focused, I like to
(10:39):
leverage, learn, dot Microsoftdot com or like Microsoft Docs
on new things.
There's also certain Yammergroups that you can join part of
the public to be able to getlike the new customer focused
deployment and the techcommunity with Microsoft on
that.
So those are all good resources.
SPEAKER_01 (10:59):
Speaking of learning new things, I was doing some
learning this week.
I saw a poll on Twitter whereShadowBits asked, should a
decent sock detect using taskmanager dump lsass.exe so i was
somewhat familiar with likeusing things like mimi cats to
dump your memory but i didn'twasn't aware that you could use
(11:22):
task manager to dump out the thememory is my understanding
SPEAKER_00 (11:26):
yeah um it's kind of neat so you can use task manager
and if you're looking from likea sock point of view to detect
that some tools that you canleverage that are sysmon sysmon
being the tool from markrasanovic who is part of
Sysinternals.
He is one of the best things tohave happened to Microsoft with
(11:49):
his tool sets in a long time.
The next steps that you can dois, so if you're talking about
LSAS, which is the localsecurity authority server
service, that's actually foldedup onto what's called the LSA.
And the LSA is responsible foryou know, any type of
(12:11):
authentication of users andremote sign-ins and like
enforcing your security policieson that machine, right?
So that's what the LSA does.
And so you can actually set upmonitoring inside of there, like
monitoring the LSA to pick upmini cats and to pick up those
(12:32):
dumps and everything like thatas well.
SPEAKER_01 (12:34):
Sounds like a lot of fun to set up in a lab
environment and play with.
Or you can do it in prod.
SPEAKER_02 (12:39):
I wouldn't want to dare do that, but maybe
SPEAKER_01 (12:49):
you do.
I think the point is that a goodproduction environment should
have that kind of monitoring.
And I also noticed some of thereplies on the thread is that
you can use things likeMicrosoft Defender ATP to do
some pretty fancy detection aswell.
SPEAKER_00 (13:04):
Yep.
Yeah.
SPEAKER_02 (13:06):
So I was wondering who has been your biggest
supporter or maybe your mentoror a role model or the course of
your career?
SPEAKER_00 (13:16):
Oh, my biggest supporter is definitely by far
my wife.
Um, it's true.
Um, you know, my, uh, so like mybackstory is I've, I got into
the tech field when I was 19.
I had just found out, uh, that Iwas going to be having my first
(13:37):
child and I was just kind of awandering around aimlessly
through life, you know?
And so when I, when I found thatout, I decided I had to get like
a real job instead of likewashing dishes and being like a
line cook and that fun stuff.
So I had my first job as adial-up tech for a local ISP.
(14:00):
And so I did dial-up phonesupport for a year and a half
before moving on.
But that was pretty interestingbecause so my wife, she's
probably the best thing to everhappen to me because her family
has been super supportive.
Her dad was always supportive ofme.
(14:23):
You know, you figure like twoteenage kids, you know, the dad
may not like the guy, but he wasalways very loving and
welcoming.
And, you know, he had a way ofphrasing things to really sell
it to you.
Not really sell it, but to helpsee how a third party may view
(14:47):
it and kind of get that sense offocus on things.
So with that, I'd say my wife,her father, and as I go through
my career, I always findmentorship through trying to not
(15:10):
be the smartest guy in the room.
And I say that because if I'mthe smartest guy in the room, we
have issues.
I always like to surround myselfwith smarter people or people
who think differently so I cansee things from a different
(15:30):
perspective to maybe solveanswers from a different point
of view.
So that's kind of how I go aboutdoing it and finding mentorship.
And you may not be looking for amentor at the time, but you may
find a friend and then thatfriend turns into being a really
good mentor.
So I've had that happen quite afew times to me so
SPEAKER_02 (15:51):
yeah that's good to know and it's a good point with
being you have your familysupporting you in your endeavors
and in your career and whatyou're trying to accomplish and
that's really important havingthat support system at home yeah
that's great I'm glad you havethat
SPEAKER_00 (16:15):
yeah thank you
SPEAKER_02 (16:17):
so what is your dream job If you could work
anywhere, do anything, whatwould you be doing?
SPEAKER_00 (16:24):
You know, that's really, it's kind of a hard
question to answer because aslong as a job isn't boring to
me, like as long as it doesn'tbecome like mundane and routine
for everything like that, I'mhappy.
And, you know, I could be doingthings that I don't really
(16:47):
enjoy, but it, Like a dream jobto me, it doesn't really matter
what work I'm doing.
It's the team supporting thework that you're doing.
And I say that because a lot oftimes people will say, oh, you
know, I can't do this job for solong because it's so boring.
But as long as you have a goodsupporting team and that team
(17:09):
pulls together to get the jobdone, to me, that's what really
makes a good dream job, a dreamjob.
You know, being able to go intowork and enjoy doing Like
whatever you're doing, becauselet's be honest, sometimes blue
team defense is not the greatestor sexiest thing in the world at
all.
(17:29):
You know, it's a lot of, uh, uh,black guys, a lot of, you know,
getting beat up by the redteamers or even like threat
actors, because when you look atit, they only have to find one
chink in the armor to get in.
And then, then you're kind ofSOL, you know?
And so from a blue team'sperspective, if you're not
(17:53):
constantly going throughrigorous checks or implementing
things in a set manner, whichcan be boring to some, it can be
pretty boring.
But like dream job, dream job, Idon't really have one.
I have a list of companies thatI think would be fun to work
for.
I'm currently working for one ofthem.
(18:14):
So when it becomes not as fun iswhen I'll start looking around
for another position.
All
SPEAKER_02 (18:22):
right.
So Microsoft has to keep you onyour toes.
Right.
Yeah.
Yeah, that's good points toconsider.
It's not just the job, it's whatyou're doing.
So that's great.
SPEAKER_01 (18:38):
So are there any common myths or misconceptions
about your profession or fieldthat you might want to debunk?
SPEAKER_00 (18:45):
So since I'm in the security security side of
things, you know, and I dodabble in like, uh, red team
activities to keep my skillssharp.
Um, sometimes people be like,Oh, you're in security, you
know, and to them, what thatmeans is you're, you can like
(19:06):
hack into computers or anythinglike that.
Right.
And so a lot of times, if you'rejust talking to like the average
lay person, they'll be like,Hey, what about this thing on
Facebook?
And you're like no man I'm notgoing to hack Facebook for you
to you know find something orlike to you know change
(19:27):
somebody's Facebook status pageor anything like that or you
know just some of that stuffwhen people say they're in
security just don't assume thatbecause security is a broad
field where you have red teampurple team blue team you know
reverse engineers where theytake the malware and reverse
(19:49):
engineer, find out how it goes.
And then, you know, then you cangain control of it.
And then there's also likethreat hunters who go through or
like instant response people whogo through and help, you know,
companies deal with everything.
You know, it's a wide gamut oftechnology.
(20:10):
And a lot of people think justbecause they're good with
computers, they'll be good insecurity.
And that's another myth that'snot true to be successful in
security you need to always belearning you need to be not
afraid of taking on newchallenges even though you have
no idea about it you know youneed to be able to take that and
(20:33):
start from somewhere at leastand then work your way and
problem solve but like to getinto security you need good
fundamentals for your networkinglanguage Linux.
It sounds funny coming from aguy who deals solely in
Microsoft technology, but if youdon't have a good grasp of Linux
(20:57):
or anything like that, you'regoing to be in for a world of
hurt.
Of course, understand Microsofttechnology, but more
specifically, skills that dotransfer well are system
administrators and systemengineers.
With that knowledge, you cantake that and be kind of dropped
in no matter where you're at andlook leverage that skill set
(21:19):
that you have built and bepretty successful so
SPEAKER_02 (21:23):
all right that's good to know
SPEAKER_01 (21:25):
out of everything we've been talking about like
what would be your number onetakeaway you'd want to leave our
listeners with
SPEAKER_00 (21:32):
probably uh there's no real set path to get into
security and if you'reinterested in getting into
security just make sure thatyou're the type of person who
likes to learn likes to kind ofconstantly learn because if
you're not constantly learning,like I said before, you're,
you're going to be, you know, infor a bad time and just always
(21:58):
be curious about things.
So because those other skillsthat I mentioned previously can
be learned, you know, you canread about them and then you can
implement them in a lab, buthaving like a natural curiosity
and a natural desire to alwayscontinually to be improving and
trying to be better, that's andwhat you were before.
(22:20):
And it's about comparingyourself to where you're at, not
comparing yourself to somebodyelse and where they're at.
Because everybody's always on adifferent journey in life.
And if you compared yourself tome, I mean, it's hard.
I mean, you don't want tocompare yourself to others just
(22:40):
because somebody else's journeyisn't so easy.
Or maybe it may seem easy fromthe outside going in, but you
don't actually know what thatperson has gone through to do
things.
So, yeah.
And learn how to be empatheticto people.
Having empathy when you're inthe security field can be a very
(23:02):
valuable tool set to have.
SPEAKER_01 (23:06):
So, is there any place listeners can connect with
you online, follow your work?
SPEAKER_00 (23:12):
Catch me on Twitter at SecurityMuncher.
SPEAKER_02 (23:14):
Thanks for listening to the Security Chipmunks.
And remember, if it seemsoverwhelming, just keep chipping
away at it.
He edits out, like I make these,I can't do it on command, but I
(23:36):
make these little coughingnoises and he edits them out.
He makes me sound so good.
I
SPEAKER_00 (23:40):
appreciate
SPEAKER_02 (23:43):
you, Neil.
SPEAKER_00 (23:44):
You should do like a, in the blooper, do like a
cough reel.
UNKNOWN (23:49):
Oh, God.
SPEAKER_01 (23:51):
Oh, no.
Did I tell you how we got thename Security Chipmunks?
SPEAKER_00 (23:56):
No, go ahead.
Tell me.
SPEAKER_01 (23:58):
So the first time I'm editing, and I don't want to
listen to the whole thing normalspeed, right?
So I crank it up to severaltimes speed, but in Audacity, it
turns you into Chipmunks.
And so I'm like, this is thebest thing ever.
We need to just do the podcastand just do Chipmunks the whole
time.
I wasn't able to sell it on thatpart of concept, but at least
(24:22):
got the name.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.