Episódios
-
About the Guests:
Norman Menz and Nick Ascoli are seasoned cybersecurity professionals and entrepreneurs with experience dating back to the early days of the industry. Norman Menz is the CEO of Flare and his career spans system configuration, offensive security, vulnerability prioritization, and third-party risk assessment. He founded and led companies like Prevalent and Delve, which focused on vendor risk assessment and vulnerability prioritization, respectively. Nick Ascoli, the founder of Fortrace, started his journey with a background in Linux distros and programming. He pursued Security and Risk Analysis (SRA) at Penn State University, with a passion for red team operations and an emphasis on external exposure and data. Professionally, Nick has engaged in detection engineering and has been deeply involved in attack surface management.
Episode Summary:
In an engaging dialogue between cybersecurity leaders, Nick Ascoli and Norman Menz share their insights into the ever-evolving landscape of cybersecurity. The episode delves into the need for better understanding external threats and leveraging adversarial-focused techniques to stay ahead of cyber risks. The conversation around reconnaissance, red teaming, and attack surface management is intertwined with personal career anecdotes, illustrating a shift towards more proactive and data-centric approaches to cybersecurity.
The transcript reveals a shared origin story for both guests' companies, originating from the desire to provide an "adversarially focused view" of external footprints in cybersecurity. In an age where conventional risk quantification isn't enough, operations at an enterprise's security level require innovative solutions. The merging of Fortress and Flair is discussed as a groundbreaking step towards unifying valuable data and expertise to enhance the industry's approach to threat exposure management, pen testing, and understanding the full scope of external exposures.
Key Takeaways:
The utilization of cybersecurity tools for reconnaissance is key for red teamers and for organizations aiming to understand what's exposed.
A fundamental aspect for both Fortrace and Flare was the emphasis on data that is "operationally relevant to the sock - to actual operational level security ops."
There's a trend in cybersecurity to educate users on the difference between a vulnerability assessment and a pen test, and when each is appropriate given the maturity of an organization's security posture.
The guests emphasized the need for a "universal search" for external exposure that simplifies finding exposed data across the clear and dark web, useful for red teamers and risk managers alike.
The acquisition of Fortrace by Flare marks the first in the Continuous Threat Exposure Management (CTEM) space, aiming to centralize and streamline the approach to understanding external exposure.
Notable Quotes:
"As red teamers sort of desperate for a more adversarially focused view of your external footprint."
"There was a lot of education of just the difference between a vulnerability assessment and a pen test."
"We were educated for a while, and then the exposure started to grow, where everyone started to realize there's a lot of different flavors of exposure."
"…How do I take the intuition of a red teamer and enable it for anyone who's using a platform in a very simple manner?"
Resources:
Flare Website: https://flare.io/
Special Promotion: A self-service trial provided by Flare: https://try.flare.io/pw/
Flare LinkedIn: https://www.linkedin.com/company/flare-io/
Norman Menz's LinkedIn: https://www.linkedin.com/in/norman-menz-92829014/
Nick Ascoli's LinkedIn: https://www.linkedin.com/in/nick-ascoli-28a78b93/ -
About the Guest:
Tyler Day is a seasoned professional in the cybersecurity field, whose journey into penetration testing (pen testing) has been one of substantial growth and commitment. With a rich background that involves disassembling computers and game consoles from a young age, Tyler's passion for understanding the intricacies of technology has been evident. His transition from being intrigued by shows like 'Mr. Robot' to becoming a proficient pen tester showcases his dedication to the craft. Tyler's trajectory includes a period of rigorous self-teaching aided by formal education and a series of professional opportunities that forged his path in the cybersecurity industry.
Episode Summary:
In this captivating episode, Phillip Wylie engages in a deep dive with Tyler Day, unraveling the complexities and challenges of a career in penetration testing. This conversation is a treasure trove of insights for both novices and seasoned professionals in cybersecurity.
Tyler Day shares his hacker origin story, reflecting on the initial allure of cybersecurity as depicted in pop culture and his subsequent realization of the discipline's intricate nature. The discussion meanders through the real-world applications of pen testing, the perseverance required to excel, and the continuous learning imperative in the field. The conversation also touches on the mental fortitude necessary to confront competition and imposter syndrome, offering empathy and strategies to aspiring professionals in the rapidly evolving cybersecurity landscape.
Key Takeaways:
Penetration testing requires a significant commitment to continuous learning both during and outside of work hours.
Entry into the cybersecurity field can be both competitive and intimidating, yet it holds a wealth of opportunity for personal and professional growth.
It is common for cybersecurity professionals to struggle with confidence and feelings of imposter syndrome but overcoming these challenges is crucial for career advancement.
Innovation, adaptability, and persistence are essential traits for anyone embarking on or progressing within a cybersecurity career.
Seeking mentorship, being open to asking questions, and putting oneself in challenging situations are key to developing expertise in cyber pen testing.
Notable Quotes:
"Pen testing is the only pillar within the cyber field that requires you to do as much work as you do in work outside of work."
"Be yourself in your own corner. If nobody's gonna help and support you, you don't need them."
"Can I research and they know how to study? That skill, I think, is developed through just life."
"Just keeping up with the Joneses on that, and it's like, am I required to be the jack of all but master of none?"
"Do you have the time, you know, and this for the cyber field in general. Is this something that you can commit time to?"
Resources:
https://www.linkedin.com/in/tyler-day-4a831a12b/ -
Estão a faltar episódios?
-
About the Guest:
Vivek Ramachandran is the founder of SquareX and a veteran in the cybersecurity industry with over 20 years of experience in building security products and finding vulnerabilities in security systems. His entrepreneurial experience spans over a decade, during which he has built wireless monitoring solutions, pentesting gadgets, and cloud-powered lab environments. Before SquareX, he founded Pentester Academy, a cloud-based cybersecurity training startup that was successfully acquired. Vivek also discovered the infamous Caffe Latte Attack and has authored multiple books and research papers on offensive cybersecurity techniques. He has spoken at top conferences like DEFCON and BlackHat over the years.
Episode Summary:
In this Be Fearless episode, hosted by Phillip Wylie and sponsored by Square X, the conversation delves into the intricate world of cybersecurity with the spotlight on browser-based threats and the need for innovative solutions. Vivek Ramachandran, a pioneer in cybersecurity training and the mastermind behind Square X, joins the discourse to share insights from his extensive experience in the domain.
The episode unravels the complexities of securing web browsing in an enterprise landscape predominantly ruled by browser usage. Vivek critiques the current reliance on secure web gateways (SWGs) and emphasizes the limitations they present in the face of agile and sophisticated attacks. The dialogue shifts to a discussion on the superiority of browser-native solutions, advocating for their adoption over outdated cloud-based proxies, and underscoring their fundamental advantage of being application context and user interaction aware.
Key takeaways from the episode include the importance of understanding the threat landscape shaped by browser-centric workflows, recognizing the shortcomings of existing secure web gateways, and appreciating the merits of browser-native security solutions that offer rich data and immediate mitigation capabilities.
Key Takeaways:
* Browser-native security solutions provide more comprehensive protection compared to traditional secure web gateways, which lack application context and user interaction awareness.
* Browser-native security solutions built into the browser can offer better visibility and immediate mitigation against threats.
* The enterprise browser market, featuring companies like Island and Talon, focuses on a niche problem and might not be comprehensive in addressing secure browsing needs.
* The adoption of new security technology in enterprises sometimes faces friction due to reliance on analyst reports and the market's resistance to change.
Notable Quotes:
* "The browser has become the most important application used in the enterprise today." - Vivek Ramachandran
* "The next generation of attacks are starting to live and die inside the browser." - Vivek Ramachandran
* "Enterprise browsers solve a very small problem…but don't actually do anything substantial beyond that." - Vivek Ramachandran
* "I'm hoping [Square X] can disrupt this… industry for the better." - Vivek Ramachandran
* "2025 is actually going to be like a holy war… taking… disruptive [solutions]… and seeing how we can have the industry adopt this." - Vivek Ramachandran
Resources:
Get your free SquareX Chrome plugin: http://sqrx.io/pw_x
https://www.linkedin.com/company/getsquarex/
https://twitter.com/getsquarex
https://www.instagram.com/getsquarex/sible. -
About the Guest:
Ryan Pullen is a cybersecurity expert based in the UK who specializes in offensive cybersecurity pathways. With a unique entry into the field through a job found on Gumtree, Ryan has carved a formidable career that moved from defensive roles into offensive cybersecurity and later involved in adversarial simulations and penetration testing. He has extensive experience in incident response and has worked on notable projects, including those in collaboration with Stripe OLT, where he is now a board member. Ryan has been instrumental in the evolution of cybersecurity since the mid-2000s, bringing a wealth of knowledge, especially in SOC operations and Microsoft security practices.
Episode Summary:
In this enlightening episode of the Philip Wylie show, Ryan Pullen joins the podcast to share his extensive journey and insights in the cybersecurity world. Ryan delves into the progression of cybersecurity practices over the past decade and offers invaluable advice to those looking to start or advance in the industry. From discussing the importance of networking to the nuances of job hunting in the cyber sector, Ryan provides a rich overview of technical and career-developing strategies.
Ryan emphasizes how persistence and self-improvement play crucial roles in both penetrating the cybersecurity job market and excelling within the field. He illustrates this point through his own 'hacker origin story', showcasing the benefits of seizing the right opportunities and the importance of continuous learning and networking. Additionally, the conversation covers resources for aspiring SOC analysts and the value of understanding an offensive cybersecurity mindset even in defensive roles. The takeaway is clear – whether you're stepping into red teaming, SOC operations, or pen testing, embracing an inquisitive attitude and expanding your network are key.
Key Takeaways:
The pathway to a cybersecurity career is varied, and taking opportunities as they come can be pivotal in finding success.
Networking is vital in the cybersecurity industry, as personal connections often lead to job opportunities and growth.
Understanding challenges from an offensive cybersecurity mindset is beneficial for roles across the security spectrum.
For those looking to enter the field, platforms like TryHackMe, HackTheBox, and Let's Defend offer valuable hands-on experiences.
Becoming a public speaker in the cybersecurity realm can open up new opportunities and serve as an effective way to give back to the community.
Notable Quotes:
"Networking is key, especially for people trying to get their foot on the ladder."
"My journey starts with, well, I was playing with this and this was interesting to me and I didn't want to put it down."
"The more you do anything, the better you're going to get."
"For anyone looking to start, have a go at all of the online kind of labs and free tools."
Resources:
LinkedIn (https://www.linkedin.com/in/ryan-pullen/)
TryHackMe (https://tryhackme.com)
HackTheBox (https://www.hackthebox.eu)
Let's Defend (https://www.letsdefend.io/)
Kusto Detective Agency (https://detective.kusto.io/) -
About the Guest:
Huxley Barbee is recognized in the cybersecurity field for his extensive experience in security automation and software engineering. With a professional trajectory spanning over decades, Huxley's path began in high school, where his interest in computers and passion for programming were piqued. Throughout his career, he has significantly contributed to various sectors by emphasizing the defensive aspects of cybersecurity, scaling from hands-on firewall configurations to leading consulting practices for major corporations. As an advocate for education and collaboration in the InfoSec community, Huxley is also the organizer of BSides New York City, a renowned cybersecurity conference.
Episode Summary:
In this impactful episode of the Philip Wylie show, cybersecurity expert Huxley Barbee delves into his journey within the cybersecurity landscape, starting from the halls of his high school to the cusp of modern security automation. Listeners will be drawn into an engaging narrative that interleaves personal anecdotes with professional wisdom, highlighting pivotal moments that shaped Huxley's career.
The conversation with Phillip Wylie covers a multitude of insights, from the importance of programming knowledge in cybersecurity to the evolution of security tools and practices. Huxley underscores the need for hands-on learning and emphasizes the significance of understanding system fundamentals regardless of automation advances. The dialogue evolves to address current trends and challenges in security, particularly focusing on the nuanced utilization of AI in cybersecurity practices.
Key Takeaways:
In-depth programming knowledge can significantly enhance a cybersecurity professional's ability to understand, reverse engineer, and secure applications.
Security automation should incorporate human-driven decision points to mitigate potential risks associated with complete automation.
The cybersecurity field is evolving with new challenges, including the integration of AI and the risk management associated with older technologies that have gained new exposure, like OT systems.
Building security tools requires adopting best practices from software engineering to ensure long-term maintainability and support.
AI in cybersecurity poses an array of unpredictable outcomes and thus should be approached cautiously with risk mitigation or acceptance strategies.
Notable Quotes:
"What's most interesting about that role was I was able to combine my software engineering background with my security background and bring it all together."
"You need to understand - you are a programmer, right? Yes, you're working in the security fields, you're part of the security domain, but you are a programmer."
"One of the principles that I learned from leading that consulting practice is the goal. Your goal as a security engineer, somebody that's doing automation should never be 100% automation."
"Every single developer has done this because I'm doing this in development. It's fine. I'm just trying to get to work. When we go into production, we'll go ahead and fix that later."
"AI has a very important role to play going forward. I would not run production environments on anything that uses AI dependencies right now."
Resources:
* https://www.linkedin.com/in/huxleybarbee/
* https://twitter.com/huxleybarbee
* Infosec Exchange (Mastodon instance): @Huxley at Infosec Exchange
* BSides New York City: BSides NYC -
About the Guest:
Ricky Allen is a seasoned cybersecurity expert and a key player at CyberOne, where his expertise in cybersecurity strategy and innovation is instrumental. With a rich professional history dating back to the late 1990s, he has witnessed and contributed to the evolution of the cybersecurity industry, working with companies like EDS, PricewaterhouseCoopers, and founding member status at Critical Start. His trajectory from penetration testing to defensive cybersecurity strategies highlights his comprehensive understanding of the field. Currently, he spearheads efforts in consulting, advisory work, and AI development at CyberOne, leading the charge in tackling today's sophisticated cybersecurity challenges.
Episode Summary:
In this insightful episode, Phillip Wylie sits down with Ricky Allen, a prominent figure from CyberOne, to discuss the dynamic world of cybersecurity as we enter 2024. The conversation delves into the current challenges and advancements within the sector, exploring topics such as sales strategies, budgeting hurdles in cyber defenses, and the evolving landscape of risks and threat responses.
This discussion sheds light on the transition from offensive security approaches to more comprehensive defensive strategies. Ricky shares his extensive experience, from his early roots in IT and security to his current role in shaping cybersecurity frameworks and AI applications. The conversation also touches on the importance of continuous learning in the industry and provides career guidance for aspiring cybersecurity professionals.
Key Takeaways:
Cybersecurity remains a top concern with ransomware as a multi-billion dollar industry, making budget justification and protection efforts more critical than ever.
The path from red team tactics to blue team strategies is crucial for a rounded understanding of security and effective defense mechanisms.
Modern cybersecurity operations must consider and validate even low-level threats, as they can contribute to significant breaches when combined.
Continuous education and personal initiative in learning new technologies and methodologies are key to staying relevant in the cybersecurity field.
Governance and cautious implementation of AI are necessary to harness its potential securely within organizational frameworks.
Notable Quotes:
"We have to understand the attacker's mindset. Understand how I could use this to really explain what your situation was."
"It's sometimes impossible, is the defender's job. We're always keeping up. We're always looking for that next."
"I'm excited about the next generation coming in… but often they say, 'Well, where can I get a job?' And that's the hard part."
"We've solved this… but yet to fully apply [zero trust] the way they should be."
"I'm trying to look outwards and say, what are those biggest plans? What are we working on? What are the initiatives that most listeners actually will be doing this year?"
Resources:
https://www.linkedin.com/in/rickyaallen/
https://www.linkedin.com/company/cyberonesecurity/
http://www.cyberonesecurity.com/ -
About the Guest:Matt Johanson, known as Matt J, is a seasoned cybersecurity professional and an active content creator within the industry. With a rich background that spans across various facets of cybersecurity, Matt's expertise ranges from practical experience in offensive security to leadership roles in software security. His journey began with computer programming in high school, followed by a computer science degree and an influential senior seminar focused on cybersecurity, taught by a SANS instructor. Matt's professional career kicked off with engagements in penetration testing, and he eventually played an instrumental role in building WhiteHat Security's threat research team. At present, Matt holds the title of Head of Software Security at Reddit, where he brings his extensive knowledge and experience to the forefront of protecting one of the internet's most significant community platforms.
Episode Summary:In this intriguing episode of The Philip Wylie Show, host Philip Wylie engages in a compelling conversation with cybersecurity connoisseur Matt Johansson. Listeners are drawn into the dialogue as Matt shares the narrative of his origin story, chronicling his early forays into hacker culture, his educational pursuits, and the serendipitous events involving industry notables that shaped his career trajectory.Delving into the intricacies of breaking into and advancing within the AppSec realm, Matt elucidates the accessibility of the field, emphasizing the advantage of readily available learning resources like bug bounty programs and OWASP. Equally crucial, he divulges insights on the evolving landscape of cybersecurity, spotlighting burgeoning areas like threat detection that beckon aspirants.
Key Takeaways:Matt Johansson's foundational cybersecurity experiences were fostered in the '90s through video game system modding and initial programming courses in high school and college.Networking and community involvement at hacker conferences like ShmooCon can yield lifelong professional relationships and career opportunities.AppSec and web app penetration testing present more accessible entry points for breaking into cybersecurity, bolstered by resources such as OWASP and bug bounty programs.Everyone has valuable experiences to share; beginning content creators should start creating and learning publicly, regardless of initial quality perceptions.Open dialogue on mental health is vital within the cybersecurity industry, and it's something Matt J actively promotes through his newsletter Vulnerable You and other content mediums.Notable Quotes:"…really fortunate timing there." — Matt Johansson regarding his introduction to cybersecurity."There is no, like, you're never going to turn the corner and find the room of adults. Like, you're the adults now." — Matt Johansson on career progression and imposter syndrome."Look at this. We're, we're not in it. We're, you and I are both in our house right now." — Matt Johansson on the prevalence of remote work affecting the loneliness epidemic.Resources:https://twitter.com/mattjayhttps://www.linkedin.com/in/matthewjohansen/Vulnerable U Newsletter https://vulnu.mattjay.com/https://www.youtube.com/@VulnerableU
-
About the Guest:Michael Kim is a seasoned professional in the realm of offensive security, boasting an extensive background in red teaming and penetration testing. Throughout his dynamic career, Michael has contributed his expertise to a variety of organizations, which enables him to offer a unique perspective on cybersecurity. Prior to diving into the security field, Michael followed his passion in music production and DJing for over a decade. His pivot to cybersecurity was catalyzed by the realization that it did not require a formal degree but could be pursued through alternative educational platforms like boot camps. Michael's commitment to continual learning and self-improvement is demonstrated by his approach to gaining new skills and certifications necessary for advancing his career. Currently, he holds the position of red team operator.Episode Summary:In this episode of the Philip Wylie Show, host Phillip Wylie engages with Michael Kim, an expert in offensive security, to discuss his unconventional journey into the field of cybersecurity and insights on red teaming and penetration testing. Michael's narrative is not only a testament to career shifts but also an inspiration for individuals looking to pivot into new endeavors later in life. This conversation delves into the intricacies of cybersecurity, the differences between penetration testing, and red teaming, as well as effective learning strategies for those aspiring to break into the security sector.Michael and Phillip exchange valuable information on the evolution of cybersecurity careers, revealing how passion and dedication can lead to substantial professional growth despite starting from non-technical backgrounds. The episode underscores the importance of a proactive work ethic, the utilization of learning resources like TryHackMe and Hack The Box, and the strategic pursuit of relevant certifications. With Michael's background in music and his proactive approach to personal branding on LinkedIn, listeners are offered a multifaceted perspective on forging a successful career path in offensive security.Key Takeaways:Transitioning to cybersecurity does not require a formal degree; alternative education paths like boot camps can be effective.Red teaming involves stealth and in-depth tactics, unlike the broader approach of penetration testing.Certifications like OSCP are valuable but not entry-level; it's essential to build a foundation of skills prior to attempting advanced certifications.Resources such as TryHackMe and Hack The Box Academy are highly recommended for hands-on learning and skill development.Personal branding and active engagement on professional networks like LinkedIn can significantly benefit one's career advancement.Notable Quotes:"I always start with saying… I'm not here to push past, I'm just here because I just want to help out.""If I can do it, anyone can do it. If you have the passion, if you have dedication, never give up because everybody has a different starting point.""It's important to have a plan of action. And I feel like from there on, you can build on that plan of action.""I feel like if everybody does their due diligence to try to research, understand what certs actually help, it'll be easier to navigate [the field].""We only go through this once and there'll be times when you look back fondly and like, 'Oh, I used to not be able to do this, but now I can do this really easily.'"Resources:https://www.linkedin.com/in/michael-kim-83b0627b/https://twitter.com/MeterPeter4Eva
-
About the Guest:Shourya Pratap Singh is a Principal Engineer at SquareX. He is responsible for building SquareX’s secure and privacy-focused extension, and works on researching methods to counteract web security risks. He has conducted a workshop at Texas Cyber Summit, and his work is being presented at Blackhat Arsenal EU. Before joining SquareX, he worked with FinBox (an Indian fintech) where he led a team of brilliant developers and was responsible for building and scaling multiple product lines. He has a bachelor’s degree from IIIT Bhubaneswar and holds a patent. His area of interest includes browser extensions and web application security.
Episode Summary:In this highly informative episode of the Philip Wylie Show, we dive into the pertinent topic of online security. Together with Shourya Pratap Singh from Squarex, we explore the intricacies of malicious file detection and examine the latest advancements Squarex has incorporated to bolster digital safety. From password-protected archives to deceptive file naming practices, this episode sheds light on the multi-layered defense strategies designed to ward off cyber threats.Shourya explains how Squarex has evolved its scanning abilities, focusing on zip files and extending its malicious document detection features to manage complex archives, including encrypted and recursively nested zip files. By integrating innovative capabilities directly within the browser, Squarex enables users to seamlessly scan for potential threats without compromising the security of their data. The discussion extends to how Squarex handles password retrieval from email bodies to automate the scanning process, showcasing the company's forward-thinking approach to cybersecurity.The episode also reveals Squarex's latest feature developments, such as the Download Interceptor, which provides users with additional layers of protection against unwittingly executing harmful downloads.
Key Takeaways:
Squarex has enhanced its platform to detect malicious content within zip files, including password-protected and recursively nested archives. The download interceptor feature within Squarex offers capabilities such as blocking downloads, ensuring users can review security scans before proceeding. Squarex can automatically use passwords found in email bodies to scan encrypted files seamlessly, maintaining user convenience without compromising security. Attackers' methods, such as renaming zip files or using multiple layers of encryption, can be thwarted with Squarex's comprehensive scanning features. The cybersecurity landscape demands defenders to be always vigilant, as showcased by Shourya's assertion that "attackers have to win only once, but whoever is trying to protect you has to win every time."Resources:Get your free SquareX Chrome plugin: http://sqrx.io/pw_x https://www.linkedin.com/company/getsquarex/ https://twitter.com/getsquarex https://www.instagram.com/getsquarex/sible. -
About the Guest:Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.
Episode Summary:In this insightful episode of the Phillip Wylie show, cybersecurity aficionado Jeswin Mathai returns to delve deeper into the intricacies of in-browser malicious file detection. Sponsored by Squarex, this continuation of the "Be Fearless Online" series sheds light on the ever-evolving tactics used by cyber attackers to circumvent traditional antivirus measures. The conversation promises a blend of technical demonstrations and thought-provoking discussion that's integral for professionals and enthusiasts alike.Jeswin guides us through the dark alleys of cyber threats, starting with reflections on the fundamental evasion techniques like VBA stomping and purging. He invites listeners into a complex world where even simple file renaming or metadata tampering can make malicious documents slip undetected past security checkpoints. Further, Jeswin exposes a fascinating aspect of cybersecurity—"large file attacks"—demonstrating that size does matter in malware detection. With technology that detects such threats in real-time, Jeswin introduces listeners to Squarex's latest advancements, aiming to revolutionize the way we stay safe online.
Key Takeaways:Attackers are innovating new evasion techniques that fool even the most advanced antivirus systems, like hiding malicious code in macro-enabled files.Simple changes, such as renaming files and modifying metadata, can significantly reduce the chances of detection by standard security measures.Large-file attacks are a newer method used by attackers to bypass antivirus systems by embedding malicious code within massive files.Squarex is at the forefront of combating these advanced threats with in-browser detection technology capable of analyzing and intercepting malicious downloads.Future updates from Squarex promise even greater capabilities in detecting and dealing with sophisticated in-browser threats.Notable Quotes:"In case of large files, let me start with the one XLSM. So this is the one that's having 33 Mb. It will take a few seconds and… it was able to flag it right there.""Now the moment we try to upload this on Virus Total… it will take a long time.""So now let's take a look at how Squarex's detection is going to help us.""With download Interceptor, it's a big win for all of the files out there, whether the file is coming from Google Drive, whether it is Telegram, WhatsApp, Whatnot."Resources:Get your free Chrome plugin: http://sqrx.io/pw_xhttps://www.linkedin.com/company/getsquarex/https://twitter.com/getsquarexhttps://www.instagram.com/getsquarex/
-
About the Guest:Cecile Mengue is a dynamic and inspiring penetration tester with a background that diverges from the traditional cybersecurity pathway. Her journey into the realm of cybersecurity was spurred by a personal experience involving cybercrime, which led her to pivot from her degree in criminal justice to pursuing a career in penetration testing. Demonstrating an entrepreneurial spirit and a passion for security, Mengue transitioned from being a victim of hacking to a cybersecurity expert. A notable speaker with an interesting origin story, she presently holds a position as a penetration tester at IBM.
Episode Summary:In this compelling episode of the Phillip Wylie Show, host Phillip Wylie welcomes an intriguing guest, Cecile Mengue, whose unconventional path to becoming a penetration tester is not just informative but also deeply motivational. The conversation delves into Mengue's unique "hacker origin story," shedding light on her transition from working in juvenile court to unraveling a hacking attempt that targeted her own business.Cecile Mengue's narrative is one of resilience and tenacity. Having been hacked during her entrepreneurial ventures, Mengue chose to transform her anger into curiosity, leading her down the path of self-taught cybersecurity methods and eventually open-source intelligence (OSINT). She remarkably tracked down her attackers and successfully recovered her losses, a victory that fueled her interest in cybersecurity. Her unconventional entry into pen testing highlights the power of determination and self-directed learning.Throughout the conversation, Mengue candidly shares the strategies she employed to break into the cybersecurity field, including how she targeted her efforts specifically toward pen testing and leveraged networking to secure her first professional role. The episode is a testament to the idea that one's passion, complemented by strategic skill-building and smart networking, can create pathways to success in the technology industry.
Key Takeaways:Cecile Mengue's foray into cybersecurity stemmed from her own experience with a hacking incident, leading to a career change from criminal justice to penetration testing.With determination and self-learning, she tracked down her hacker, which sparked her interest in cybersecurity and ethical hacking.Focusing on a specific area of interest within cybersecurity, Mengue optimized her learning and job search toward penetration testing, emphasizing the importance of specialization.Mengue's proactive approach in gaining experience, such as volunteering to help secure local businesses, played a pivotal role in strengthening her resume.Networking and taking advantage of apprenticeship and entry-level programs can be crucial steps in securing a position in cybersecurity, as demonstrated by Mengue’s journey.Notable Quotes:"Once I became curious about how it happened, I started kind of like poking around the Internet myself, trying to Google.""It was anger, then curiosity, then after curiosity, it was determination.""I kept waiting because I didn't think that I could do it, right, because I felt like every time I start researching hackers or pen testers or anything in cybersecurity, one of the things that I noticed, like, nobody looked like me.""Your attitude and just the way you go about things is already a big step.""My passion was always about going after the bad guy to protect the good guy, right?"Resources:https://www.linkedin.com/in/cecile-m-2375b9133/https://www.instagram.com/cybercile/https://cybercile.com/
-
About the Guest:
Mariana Padilla is a cybersecurity professional with a background in marketing and a keen focus on storytelling as a powerful tool. With an unexpected foray into the cybersecurity world, she has found her niche and currently serves as a co-founder, and CEO of a company pioneering in creating an automated demo marketplace for cybersecurity software. She brings a wealth of experience from education and nonprofit sectors, with a mission to bridge the gap between different cybersecurity communities through initiatives like virtual coffee meetings and community events.
Episode Summary:
In this fascinating episode of the Phillip Wylie Show, we delve into the importance of networking and the art of virtual connection in the dynamic field of cybersecurity. Our special guest, Mariana Padilla, shares her journey into the world of cybersecurity, highlighting the unexpected paths that lead to fulfilling careers in the industry. Her innovative approach to networking through 'virtual coffees' underscores the value of building strong professional relationships.
Mariana Padilla emphasizes the critical role of trust and relationship-building in the cybersecurity sector. She narrates her personal networking strategy, which includes initiating 100 virtual meetings in as many days, an effort that significantly expanded her professional network. This approach not only showcases her dedication to connecting with industry professionals but also her entrepreneurial spirit as she ventured into the cybersecurity space with her automated demo marketplace and community events. Her ability to leverage LinkedIn as a networking tool provides listeners with actionable insights on how to navigate and utilize social media effectively for career advancement.
Key Takeaways:
The Power of Networking: Establishing a strong network is key in cybersecurity, and virtual coffees can serve as an innovative and effective method for building connections.
Trusting in Opportunities: Being open to possibilities and stepping out of your comfort zone can lead to unforeseen and valuable relationships within the industry.
Personal Branding Importance: Showcasing personal achievements, like participating in or winning CTF (Capture The Flag) competitions, is crucial for building one's brand and portfolio.
Bridging Industry Gaps: Collaboration between different cybersecurity communities, such as practitioners and executives, is essential.
Utilizing LinkedIn: Engage actively on LinkedIn, not just by posting content but also by participating in discussions and utilizing the platform's diverse features for networking.
Notable Quotes:
"I really think that the common thread with everything that I've done is storytelling."
"One of the things that I learned very early on after joining this industry is that it is very much focused… it operates differently from a lot of industries in terms of it is trust based."
"Every good conversation opens the door to other conversations."
"You have to think about it kind of like sailing. You just have to open up your sails and be willing to be open to the opportunities that come your way."
"The market is continuing to be more and more crowded. They're looking for new ways to show their product and showcase to potential clients and customers how it works."
Resources:
Mariana Padilla's LinkedIn Profile: https://www.linkedin.com/in/heretoshakeshitup/
Hackerverse Website: https://hackerverse.co/
Hackerverse LinkedIn Page: https://www.linkedin.com/company/hackerverse/
-
About the Guest:
Justin Elze is the CTO of TrustedSec, a highly acclaimed cybersecurity company. With over 14 years of industry experience, Justin is an expert in the field of offensive security, especially in the domain of red teaming and penetration testing. His extensive knowledge extends over several facets of cybersecurity, from system engineering to research. At TrustedSec, he also oversees the red team and research team, showcasing a driven career that advanced from hands-on technical roles to strategic leadership.
Episode Summary:
In this insightful episode of the cybersecurity-focused podcast, we have the pleasure of welcoming Justin Elze, the Chief Technology Officer of TrustedSec. The conversation dives deep into the world of offensive security, balancing technical expertise with leadership, and the evolution of penetration testing and red teaming in the dynamic cybersecurity landscape.
The episode kicks off with host Phillip Wylie introducing Justin Elze and acknowledging his substantial experience in cybersecurity and defensive security. As they delve into the discussion, Justin shares his origin story, detailing his journey from IRC beginnings and computer repair to ascending the ranks in the cybersecurity realm. The conversation steers towards various career tips for aspiring cybersecurity professionals, touching upon certifications, the art of interviewing, and the importance of having a diverse skill set. Also discussed are current trends and future directions in offensive security, such as assume breach assessments, red team specialization, and purple team operations.
Key Takeaways:
Experience in IT prior to entering offensive security is invaluable for understanding business processes and applying cybersecurity measures effectively. For those looking to break into cybersecurity, certifications such as OSCP and specialized courses can offer a significant edge. Purple team operations are pivotal for organizations to develop robust defenses and improve upon the insights gained from offensive security assessments. Cultural shifts, such as the move towards more assume breach assessments, indicate the evolving strategies in red teaming and cybersecurity testing. Although specializations can be advantageous, they should be balanced with broader skills to remain adaptable in the swiftly changing cybersecurity landscape.Notable Quotes:
"Once you get to a certain point of doing this, you really just need to focus on, hey, I found a really good class on AWS, found a really good class on enumeration."
"You kind of need to look at where you are today, where things you think will be in five years."
"The report is really what you're going to digest… Making sure that they [cybersecurity firms] are there to kind of support you after you have the report to digest it at different levels that you need."
Resources:
https://twitter.com/HackingLZ
https://www.linkedin.com/in/justinelze/
TrustedSec website: trustedsec.com
-
About the Guest:
Cathy Ullman, known in the cybersecurity community as Investigator Chick, boasts an impressive 24-year tenure at the University of Buffalo where her expertise spans across digital forensics and incident response. She has not only made a mark with her significant work in tech support but also holds a leadership position in organizing significant conference events such as summer camp. A celebrated author, Ullman recently published a thought-provoking book that delves into the intersection of offensive and defensive cybersecurity strategies.
Episode Summary:
In this episode of the Phillip Wylie show, listeners are treated to an intimate conversation with cybersecurity expert Cathy Ullman. The talk traverses Ullman's storied path which veers from a unique childhood surrounded by pioneering computing to her two-decade-plus stint in university cyber security. Along the way, Ullman offers a peek into the heart of her recent book, which urges a mindset shift in cybersecurity defense by taking cues from offensive tactics.
Ullman reflects on her early days in tech support, leading to her current specialization in digital forensics and incident response at the University of Buffalo. She discusses the value and rigorous nature of certifications such as the IAsis and the doors they've opened within her field. The conversation turns to Ullman's enlightening journey into the offensive side of cybersecurity, captured in her new book "The Active Defender." Ullman makes a compelling case for why understanding offensive strategies can fortify defense mechanisms within the cybersecurity realm.
Key Takeaways:
Cathy Ullman's Emergence: From a childhood surrounded by computing, Cathy's journey is emblematic of the organic evolution into the cybersecurity niche.
Higher Education in Cybersecurity: Ullman underscores the benefits and stability offered by her long-standing role at the University of Buffalo and the profound learning and growth it has facilitated.
Digital Forensics Certification: Cathy shares insights into the invaluable expertise and depth gained from the digital forensics and incident response training with IAsis.
Cybersecurity Community Engagement: The significance of attending and participating in events like B sides for professional development and networking is emphasized.
Understanding Offensive Security: Ullman explores the perspective that comprehending offensive techniques enhances defensive strategies, a central theme in her latest book.
Notable Quotes:
"And I took SANS classes on forensics before I had the IACIS background, and it did not go well."
"Understanding how offensive security folks think, because if you understand what they do and how they think, then you can be better as a defender in terms of your own defenses."
"I've been there 24 years, and I've had the opportunity to kind of grow into different spaces within that without having to jump ship."
"It was a matrix moment, you know, the blue pill, red pill thing, where I suddenly realized, hey, there's this whole other world that I was missing out on."
"Everybody wants to share all the cool things with you. The excitement is palpable when you go to these conferences."
Resources:
Cathys Twitter: @investigatorchic
Cathy's LinkedIn: https://www.linkedin.com/in/catherine-ullman-26a9406/
Cathy's book: The Active Defender: Immersion in the Offensive Security Mindset https://www.wiley.com/en-us/The+Active+Defender%3A+Immersion+in+the+Offensive+Security+Mindset-p-9781119895213
-
About the Guest:
Andy Liverman Anderson is a seasoned professional with a diverse background spanning real estate, Wall Street, and cybersecurity. With nearly a decade dedicated to the field of cybersecurity, Andy brings a wealth of experience and knowledge to the industry. As a history major, he leverages his unique perspective to analyze the intricacies of cybersecurity's geopolitical landscape. Notably, Andy has been pivotal in the development of moving target defense strategies and has pioneered the use of machine learning to estimate cyber risk in the insurance domain. Currently, he serves as a VP of Sales at Uno AI, a company at the forefront of incorporating AI into cybersecurity efforts.
Episode Summary:
This episode of The Phillip Wylie Show delves into the rapidly evolving landscape of cybersecurity, focusing on the integration of automation and AI technologies. Host Phillip Wylie is joined by Andy Liverman Anderson from Uno AI to explore the ways these advancements are transforming the industry. Fascinated by the seismic shift caused by AI tools like Chat GPT, they discuss the implications for cybersecurity professionals, who like superheroes, each have their own origin story.
The conversation begins by highlighting the role of automation in cybersecurity, referencing Jeff Foley's mass reconnaissance script, and moves on to unpack Andy's journey from real estate and Wall Street into the complex world of cybersecurity. The second summary paragraph touches on the significant role AI plays in vulnerability management, acting as a force multiplier for security practitioners, and the potential for Uno AI's copilots to scale and enhance the capabilities of cybersecurity teams. As the episode unfolds, it becomes clear that the integration of AI into cybersecurity is not just a possibility, it's a reality unfolding before us.
Key Takeaways:
Automation and AI are revolutionizing cybersecurity, taking over repetitive and tedious tasks to free up professionals for more complex work.
Andy Liverman Anderson's history in both traditional tech and cybersecurity provides a unique perspective on the use of AI in cybersecurity.
Cyber insurance and understanding post-attack scenarios are critical components in managing cyber risk effectively.
Uno AI's cyber AI copilot assists security professionals by streamlining the process of vulnerability management and producing actionable insights.
As AI democratizes technology, it may lower barriers to entry in cybersecurity and generate better, more creative jobs.
Notable Quotes:
"It's the land of broken toys. You get to look at all these different things."
"Every organization should have cyber insurance. I'm not selling insurance anymore, but I think you're crazy as an organization, even a very small business, it's surprisingly inexpensive."
"What AI is going to do because the very narrow skills that you had are no longer so scarce."
"A bot never gets tired, is always happy to answer them, and as long as they're providing accurate answers."
"When you've seen sort of a democratization of core technologies, that's just the explosive impact it's had across the world."
Resources:
https://www.linkedin.com/in/andyandersoncyber/
https://www.linkedin.com/company/unoai/
https://uno.ai/
-
About the Guest:
Dakshitaa Babu is a Software Engineer at SquareX, where she is engaged in data engineering and analytics.
She is also the pen behind the engineering blogs written on SquareX's infrastructure and security research. After completing her Bachelor's degree at the National University of Singapore, Dakshitaa joined SquareX, marking her foray into the cybersecurity industry. While new to the field, her enthusiasm for discovering and understanding new concepts has quickly established her as a committed contributor to the evolving sector. Her interests are in Browser Security and consumer education.
Episode Summary:
In this captivating episode of The Phillip Wylie Show, cybersecurity enthusiasts witnessed a deep dive into the cutting-edge realm of in-browser malicious file detection with Dakshitaa Babu. Dakshitaa, showcasing her prowess in the industry, illustrates sophisticated features of her company's flagship cybersecurity product designed to enhance online safety.
Dakshitaa demonstrates the product's ability to detect malicious macros within files, emphasizing the significance of privacy in their detection methods which occur directly within the browser environment. Focusing primarily on Gmail due to its widespread use, she articulates how the product can reveal hidden dangers within office documents and macros. The episode highlights not only the detection of conventional threats but also uncovers tactics like file renaming, VBA purging, and old file format analysis to pinpoint potentially harmful activity.
The conversation shifts towards the efficiency and privacy advantages of in-browser detection. Dakshitaa explains how this approach offers immediate and private threat recognition compared to traditional methods. She confidently positions her company's product as a vital layer of defense, complementing existing antivirus solutions and empowering users with immediate insights into file safety before downloads occur.
Key Takeaways:
In-browser malicious file detection technology offers advanced privacy and fast analysis by scanning files directly within the email client.
Dakshitaa demoed the tech's proficiency in detecting renamed files, large file components, and outdated file formats—all indicative of potential malware.
The product integrates seamlessly with Gmail, providing users with immediate warnings and detailed insights into file contents without downloads.
Unique detection methods allow for identifying suspicious activities such as VBA purging, which can bypass some antivirus solutions.
The browser extension is free and compatible with all chromium-based browsers, encouraging user adoption for an added layer of cybersecurity.
Notable Quotes:
"We are going deeper than what surface level checks do in Gmail, for instance." -Dakshitaa Babu
"We have no idea why you're still using it in 2024." -Dakshitaa Babu
"We are trying to create a product that has never been there before that is truly important for every user." -Dakshitaa Babu
"We can't always take our own sweet time to scan through every single file thoroughly before letting the user use it." -Dakshitaa Babu
"We want to make sure that before you give the file a chance to even penetrate to your local device or to your network… we want to be there first and give you a first line of defense." -Dakshitaa Babu
Resources:
Get your free Chrome plugin: http://sqrx.io/pw_x
https://www.linkedin.com/company/getsquarex/
https://twitter.com/getsquarex
https://www.instagram.com/getsquarex/
-
About the Guest:
Michael Jenks, commonly referred to as "Jenks," is an esteemed figure with an extensive background in the Department of Defense (DoD). With a penchant for cybersecurity and a wealth of experience in cyber warfare, Jenks offers a valuable skill set that has been honed in high-stakes environments where precision and accuracy are paramount. Having started his journey in computer science, he quickly developed a fascination with digital code and its impact. Transitioning from dial-up ISPs to L-3 Communications, where he gained clearance for classified work, Jenks eventually founded his own defense contracting company specializing in offensive and defensive cyber operations.
Episode Summary:
In this riveting episode of the Phillip Wylie Show, host Phillip examines the intersection of cybersecurity and defense backgrounds through his conversation with Michael Jenks from Interpris. The dynamic dialogue delves into how professionals from critical sectors, such as the Department of Defense, bring innovative solutions and meaningful perspectives to the cybersecurity industry.
Jenks shares his 'origin story,' which follows a trajectory starting from gaming and IRC administration, leading to a computer science degree and an impressive tenure at various defense-related roles. His story highlights a critical insight: that the best cybersecurity defenses are often forged in the crucible of real-world operations where the cost of failure is immense.
Central to the conversation, Jenks unravels the methodology behind Interpris—a platform designed to contextualize and elevate existing cybersecurity tools through continuous threat exposure management. Leveraging a thorough understanding of threat profiles, Interpris aims to help organizations prioritize potential risks based on industry, operations, and data sensitivity. The platform's philosophy is clear—fortify defenses by optimizing tools that organizations already possess, using informed strategies and continuous monitoring to proactively counter advanced cyber threats.
Key Takeaways:
Cyber professionals with DoD experience bring invaluable expertise to cybersecurity solutions.
Interpris focuses on improving an organization's security posture by providing context and strengthening existing tools.
Assume breach approach and implementing best practices are essential for a robust security posture.
Insider threats are as significant as external threat actors, making holistic security measures necessary.
The emergence of AI in both offensive and defensive cybersecurity tools is rapidly changing the landscape.
Notable Quotes:
"I mean, man, if you have it, background, a clearance, man, there are just a ton of jobs." -Michael Jenks
"From just the digital realm. Gamer growing up. Cut my teeth on hacking back in the day." -Michael Jenks
"You already have enough tools, right. It's really just that optimized configuration, that prioritization, that customization." -Michael Jenks
"It's my job to defend this environment. I have no idea where we're protected, where we're not." -Michael Jenks
"What we're doing is weaving together all of these products, from EDR, from network sensing, to firewall, to your ESM." Michael Jenks
Resources:
https://www.linkedin.com/in/michaeljenks/
https://www.linkedin.com/company/interpres-security/
https://twitter.com/InterpresSec
https://interpressecurity.com/
-
About the Guest:
Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.
Episode Summary:
In this riveting episode of the "Philip Wylie Show," listeners are invited to explore the intricate world of cybersecurity with Jeswin Mathai, who returns to discuss the innovative features of Squarex. Designed to bolster online safety, Squarex addresses the challenges individuals face with malicious files, particularly through email and other online communication platforms.
Jeswin demonstrates Squarex's ground-breaking in-browser malicious file detection capability against the backdrop of increasing macro-based cyber threats. These threats often exploit macros within documents to compromise systems, a technique that has persisted in popularity among cybercriminals. Jeswin also touches upon the limitations of traditional antivirus solutions and email client security in detecting such risks.
Key Takeaways:
Squarex's new feature conducts an in-browser analysis of files to promptly detect malicious content, enhancing email client security.
Traditional antivirus programs and email clients often fail to adequately detect or block macros, a common vector for cyber attacks.
Attackers can exploit file type mismatches and employ social engineering tactics to deliver malicious payloads through seemingly benign document files.
Jeswin unveils techniques such as "VBA Stomping" and "VBA Purging" that attackers use to bypass antivirus detection.
Squarex offers solutions to safely convert potential macro-threats into clean or PDF versions within the browser, providing a privacy-centric approach to cybersecurity.
Notable Quotes:
"Anytime you receive a malicious attachment…we are going to do in-browser file analysis." - Jeswin Mathai
"It's kind of interesting because, like going through the OSCP course, one of the payloads they were mentioning during that time, this was back 2012, 2013, was using macros in the payloads." - Phillip Wylie
"Gmail, when it comes to webmail client, has the most amount of market share…72% is just Gmail." - Jeswin Mathai
"So the way mail clients work is, let's say here, we'll consider the example of Gmail…" - Jeswin Mathai
"The sad part about COVID was a lot of things happened that we are not aware of because the sad event of COVID, the deaths…a lot of other attention or other issues were not given that much amount of attention and they never came to the light of the public." - Jeswin Mathai
Resources:
Get your free Chrome plugin: http://sqrx.io/pw_x
https://www.linkedin.com/company/getsquarex/
https://twitter.com/getsquarex
https://www.instagram.com/getsquarex/
-
About the Guests:
Kevin Pentecost and Jason Papillon are the dynamic duo behind the engaging podcast Cyber Distortion. They share a strong history of creating content that delves deep into the cybersecurity world, aiming to educate and inform a wide audience about offensive and defensive strategies within the industry. Kevin brings in his expertise in graphic design, while Jason focuses on the content structure and delivery, making them a well-rounded team.
Chris Glanden is the voice behind the Barcode podcast and the newly introduced webcast, Risk Radar. With previous experience in film, Chris steers his podcast to explore the impacts of AI on cybersecurity, aligning with his efforts to create a documentary on the weaponization of AI systems. He recently made strides into entrepreneurship with his company, Barcode Security.
In this episode of the Phillip Wylie Show, we're treated to a rare gathering of cybersecurity enthusiasts who have built a reputation for their captivating content creation. This episode stands out as the first to feature multiple guests, offering a unique blend of perspectives on professional hacking, content creation, and AI's role in cybersecurity.
Episode Summary:
The episode kicks off with a recount of the Lone Star Cyber Circus—a collaboration event that brought together local talent from Dallas and introduced thought-provoking discussions on the ever-evolving Dallas hacker scene and AI's intersection with cybersecurity. The conversation pivots to the art and influence of content creation, as the guests delineate pathways for individuals to kickstart or amplify their cybersecurity careers through effective branding and exposure.
As the dialogue unfolds, it touches upon the individual journeys and collaborative ventures of the guests. Kevin and Jason of Cyber Distortion detail their foray into podcasting, aiming to disseminate cybersecurity knowledge at scale. Chris shares his foray into documentary filmmaking, aiming to shed light on the dark potential of AI if left unchecked. Together, their experiences coalesce into a shared vision that culminates in the announcement of the Cyber Circus Network (CCN)—a unifying initiative set to propel the cybersecurity conversation into new heights.
Key Takeaways:
The synergistic collaboration of Kevin and Jason provides insights into the world of cybersecurity through their high-production podcast, Cyber Distortion. Chris Glanden's Barcode podcast and his upcoming documentary on AI highlight the industry's pertinent issues and emerging threats. Content creation in cybersecurity is an avenue ripe for exploration, presenting opportunities for education, networking, and career growth. The newly formed Cyber Circus Network signals a collective move toward amplifying cybersecurity awareness and fostering community engagement through various events and content mediums. The upcoming episodes and events under CCN are gearing up to provide value-driven, diverse content for the cybersecurity community.Notable Quotes:
"We want to surround ourselves with as many people as possible that can add value to the area that we're working in." — Jason Papillon "I always have fun meeting with you guys and talking shop." — Jason Popillion "I'm excited about what we all do individually as well, and how that adds value." — Jason Papillon "I think our values align as well. At the end of the day, we all want to help each other." — Chris GlandenResources:
Kevin Pentecost & Jason Popillion: Cyber Distortion Podcast
https://twitter.com/DistortionCyber https://www.linkedin.com/in/jason-popillion-cissp-863a464/ https://www.linkedin.com/in/kevin-pentecost-cissp-cism-ceh-cpt-mcse-cca-itil-f-4a61404/ https://www.youtube.com/@TheCyberDistortionPodcastChris Glanden: Barcode Podcast
https://www.linkedin.com/in/chrisglanden/ https://www.linkedin.com/company/barcodesecurity/ https://barcodesecurity.com/ https://twitter.com/ChrisGlitzCyber Circus Network
http://cybercircusnetwork.com/ -
About the Guest:
Jason Haddix is a seasoned cybersecurity professional with a wealth of experience spanning over two decades in the field. Recognized for his insightful contributions to ethical hacking communities, he's penned informative articles, engaged in content creation, and previously held the title of top hunter at Bugcrowd in 2016. Jason has contributed his expertise to several organizations including HP, where he was part of the Shadow Labs internal pen testing team, and Ubisoft where he served as CISO. He's recently embarked on a new journey with Arcanum Information Security, focusing on red teaming, training, and consulting services.
Episode Summary:
In this episode, host Phillip Wylie sits down with cybersecurity expert Jason Haddix to explore the ever-evolving realm of cybersecurity. As a beacon of knowledge, Jason delves into his career trajectory, from learning the ropes in clandestine online forums to ascending the ranks as a top bug bounty hunter and, ultimately, leading as a CISO. This conversation ventures through the corridors of Jason's illustrious journey, offering vital insights into not just his past accomplishments but his current endeavors in the wide world of cybersecurity.
The discussion pivots to the frontiers of AI's application in security, where Jason unveils his work in leveraging AI for practical defense measures and his innovative teaching methods. They explore the implications of AI on future cybersecurity roles, debunk myths around job displacement, and share resources for those keen on sharpening their hacking prowess. Emphasizing the imperative for continuous learning and adaptation, Jason's narrative is a treasure trove of guidance for professionals navigating the cybersecurity landscape.
Key Takeaways:
Jason Haddix shares how his early involvement in underground web forums sparked his pursuit of cybersecurity, leading to a diverse career in pen testing, bug bounties, and CISO roles.
AI's integration into cybersecurity is highlighted as a pivotal game-changer, with practical use cases ranging from building defensive solutions to enhancing security programs.
Haddix elucidates how his origins in bug bounty hunting enriched his capabilities during his recent tenure in red teaming more than the other way around.
The conversation dives into the emerging skill set of natural language hacking and the importance of prompt engineering for security practitioners.
Jason's new company, Arcanum Information Security, focuses on delivering specialized training and consulting in modern application analysis, reconnaissance, and security leadership.
Notable Quotes:
“It's like having a colleague next to you to ask dumb pen test questions to when you don't know how some technology works and that's how I treat the [AI] bot.” - Jason Haddix
“Who needs DA when you have the entire data lake of a company already downloaded into an app that you broke into because it had a local file include, that feels like 1995 or something like that.” - Jason Haddix
“I think defenders will run with this thing [AI] and be better than ever.” - Jason Haddix
Resources:
Jason Haddix on X(formerly Twitter): @Jhaddix
Jason Haddix on LinkedIn: https://www.linkedin.com/in/jhaddix/
Arcanum Information Security: https://arcanum-sec.com/
- Mostrar mais
