Brushing Scams with Venkat Margapuri
Easy Prey
Scams come in many forms but receiving a freebie from a scammer doesn’t make sense. If something shows up at your door that you didn’t order, should you be worried? Brushing scams are becoming more common and while they may seem harmless at first they can be a gateway to fraud, identity theft and financial loss. Today we’re diving into how these scams work, why they exist and the real dangers behind them. Our guest is Dr. Venkat Margapuri, an assistant professor of computer science at Villanova University. His research focuses on AI applications in agriculture and healthcare but he’s...
info_outline
Ransomware, Phishing and Fraud
Easy Prey
Cybersecurity isn't just a concern for large corporations. It's vital for businesses of all sizes. It's essential for companies to know how to protect sensitive data, restore from backups, and regularly test their systems with internal pen tests to keep their teams safe. Today's guest is Bryce Austin. Bryce is the CEO of TCE Strategy, a cybersecurity advisory firm. They provide vulnerability scans, penetration tests, fractional CISO services, and incident response services. He is also a professional speaker on ransomware. Bryce is the fractional CISO to many companies, including one on the...
info_outline
CISOs: The Ultimate Stress Test With Jill Knesek
Easy Prey
The CISO role is constantly changing. With all the shifts in cybersecurity, it's crucial to find ways to attract new talent to close the growing skills gap. CISOs now juggle complex systems managed at multiple levels and handle burnout amongst many other responsibilities. Today's guest is Jill Knesek. Jill is the Chief Information Security Officer for Blackline, a company that does financial SaaS solutions. It’s based out of the Los Angeles area. She’s been there almost three years now as the CISO, running the information security team. She previously served as Chief Security Officer for...
info_outline
AI, Automation, and the Future of Cybersecurity With Mike Lyborg
Easy Prey
With the increase in targeted cyber attacks, it's more important than ever for organizations to quickly identify and respond to threats. AI is helping security teams by acting as virtual analysts, handling much of the investigation work. However, human oversight is still essential for the final steps and judgment. Today's guest is Michael Lyborg. Michael is the Chief Information Security Officer at Swimlane. Prior to taking his current role, Michael was Global Vice President of Advisory Services, a highly sought-after expert by the world's largest Fortune 500 companies and global government...
info_outline
Cybersecurity Training from Boring to Engaging With Howard Goodman
Easy Prey
The landscape of cybersecurity training and collaboration is changing, interactive education sessions and cross team communication is key. Building a security culture and staying ahead of the modern threats has never been more important. Today’s guest is Howard Goodman, Senior Technical Director at Skybox Security. With over 20 years of experience Howard has become a well known figure in the cybersecurity world, he combines strategic planning with hands-on application across many industries. In this episode we talk about; security culture, the evolution of cybersecurity training and how...
info_outline
Next-Gen Account Security with Christiaan Brand
Easy Prey
With phishing and password breaches on the rise, passkeys could offer a more secure, user-friendly solution that could reshape how we protect our online identities. Today's guest is Christiaan Brand. Christiaan is the co-founder of Entersekt, a financial services security firm and a key player at Google in their security and identity teams. A respected voice in cybersecurity, Christian co-chairs the FIDO2 technical working group focusing on standardizing robust online security protocols in advancing the use of passkeys. He has been at the forefront of the shift toward more secure,...
info_outline
5 Key Cybersecurity Elements with Kelly Hood
Easy Prey
How do phishing scams, AI-powered attacks, and strategic governance intersect? Together, they're redefining the future of cybersecurity. Organizations are navigating a mix of challenges and implementing innovative solutions to proactively address today's threats. Today's guest is Kelly Hood. She is the EVP and cybersecurity engineer at Optics Cyber Solutions. She is a CISSP who specializes in implementing cybersecurity and privacy best practices to manage risks and to achieve compliance. She supports the NIST cybersecurity framework and serves as a CMMC registered practitioner, helping...
info_outline
Identity Crimes (Theft, Compromise & Misuse) with Mona Terry
Easy Prey
When you search for customer service numbers online, you might come across a scammer’s number instead. It’s important to be cautious when sharing personal information, and to verify identities before responding to requests for sensitive data. Today’s guest is Mona Terry. As Chief Victims Officer at Identity Theft Resource Center, she navigates the complexities of identity protection and identity crime recovery and management of multi-million dollar federal grants. She analyzes victim experiences to create ITRC’s Identity Report and to provide information about new and ongoing...
info_outline
Why Resolutions Fail with Dr. Leslie Becker-Phelps
Easy Prey
We often put off changes and schedule them to start on January 1st. Many of these idealistic resolutions fail shortly after beginning, so it is important to be thoughtful when planning so that you can set yourself up for success. Today’s guest is Dr. Leslie Becker-Phelps. Leslie is a noted psychologist who authored a number of books, including Insecure in Love, The Insecure in Love Workbook, and Bouncing Back from Rejection. She writes the Authentically You Blog and the Psychology Today Making Change Blog. Additionally, she is a national speaker and hosts a YouTube channel. Show Notes: ...
info_outline
Erasing Your Digital Footprint with Jeff Jockisch
Easy Prey
Data is continuously being collected and this information can lead to misleading conclusions about an individual. Without proper context, behavior can be misinterpreted. This underscores the need for data privacy laws and stronger protections against data brokers. Today’s guest is Jeff Jockisch. Jeff is a passionate data privacy researcher dedicated to exploring the evolution of technology, our search behaviors, trust dynamics, and safeguarding of our information. As Managing Partner at ObscureIQ, he specializes in advanced data removal and privacy risk mitigation for enterprises and...
info_outlineSecurity risks are dynamic. Projects, employees, change, tools, and configurations are modified. Many companies utilize PEN testers on an annual basis, but as quickly as systems are revised, you may need to implement threat emulation for regular monitoring.
Today’s guest is Andrew Costis. Andrew is the Chapter Lead of the Adversary Research Team at Attack IQ. He has over 22 years of professional industry experience and previously worked in the Threat Analysis Unit Team at Firmware, Carbon Black, and Logrhythm Labs, performing security research, reverse engineering malware, and tracking and discovering new campaigns and threats. Andrew has delivered various talks at DefCon, Adversary Village, Black Hat, B Side, Cyber Risk Alliance, Security Weekly, IT Pro, Bright Talk, SE Magazine, and others.
Show Notes:
- [1:14] - Andrew shares his background and what he currently does in his career at Attack IQ.
- [3:49] - At the time of this recording, there has been a major global security panic.
- [6:06] - There are many programs that we use on a regular basis that we don’t always consider the security of.
- [8:09] - Historically, companies would pay for an external pen test. Andrew describes the purpose of this and how they usually went.
- [9:33] - Pen tests and threat emulation do not need to be limited to just once a year.
- [10:45] - Andrew’s team is in the business of testing post-breached systems. But they preach prevention.
- [11:55] - Attackers are lazy in the sense that they will reuse the same strategies over and over again.
- [14:13] - Many programs we use may be caught in the crosshairs of attacks and vulnerabilities in other companies.
- [16:41] - Andrew discusses the frequency of really critical CVEs.
- [19:01] - What do attackers go after when they’ve breached a system?
- [21:04] - The priority for attackers is to get in quickly and make the victim’s data unavailable.
- [22:24] - A lot of people are under the impression of vulnerability testers. “Fire and forget it” is not a beneficial mindset.
- [24:56] - If we run every test, the amount of data will be overwhelming.
- [27:03] - In his experience, there has been client testing that has been overwhelmingly easy to breach.
- [29:07] - There are also organizations that have done a fantastic job. However, vulnerabilities will still be found.
- [30:18] - The red team is not going to be able to cover your entire organization.
- [32:15] - Threat emulation and pen testing are technically the same thing. Andrew explains how she sees the difference.
- [33:50] - How are vulnerabilities and tests prioritized?
- [36:19] - Andrew describes the things his team works on and their objectives for customers and clients.
- [38:34] - The outage at the time of this recording had a big impact. It gave a really good idea of what could happen if it were a real security breach.
- [41:37] - There are a ton of free resources out there. The primary resource at Attack IQ is the free Attack IQ Academy.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.