Easy Prey
In a world of cybersecurity and online privacy, anonymity seems to be the key. VPNs are often promoted as the cure-all to our internet needs. Let’s talk about some of those misconceptions. Today’s guest is Lance Cottrell. Lance founded Anonymizer in 1995 and is an internationally recognized expert in cryptography, online privacy, and internet security. He is the principal author on multiple internet privacy and security technology patents. Lance stayed on as Chief Scientist as Anonymizer was acquired by Intrepid, and now advises start-ups through his platform. Show Notes: [1:09] - Lance...
info_outline AI: Double-Edged Sword for Cybersecurity with Vincent LaRoccaEasy Prey
Cybersecurity is more crucial than ever. It’s essential that we proactively safeguard our data and recognize that no one is immune to attacks. We are all vulnerable. As malicious actors continually enhance their tactics, we must stay one step ahead by consistently improving our defenses. Today’s guest is Vincent LaRocca. Vincent is the CEO of CyberSecOp with the commitment to protecting sensitive data and mitigating cyber threats. With over two decades of experience, Vincent has successfully steered CyberSecOp to become one of the world’s fastest growing managed security providers,...
info_outline Understanding and Avoiding Triangulation Fraud with Soups RanjanEasy Prey
As consumers, we may realize the need to be vigilant by using two-factor authentication and password managers, but there are so many scams out there that can impersonate legitimate organizations, websites, and people. We really can’t let our guard down. Today’s guest is Soups Ranjan. Soups has over 18 years of experience in software engineering, data science, and risk management. He is the co-founder and CEO of Sardine. This behavior-infused platform offers fraud prevention, compliance, and payment solutions for various industries including banking, online marketplaces, FinTech, crypto,...
info_outline Finding Small Business Fraud with James RatleyEasy Prey
There are a shocking amount of businesses that ultimately fail because of fraud. Many managers and business owners are unaware of their losses because they do not have the systems in place to look for fraud and it may not be their primary concern. Today’s guest is James Ratley. Jim graduated from the University of Texas at Dallas with a bachelor’s degree in Business Administration. In 1971, he joined the Dallas Police Department as a police officer. He was on numerous task forces with a concentration on major fraud cases. He joined a major forensic accounting practice and was in charge of...
info_outline Truth and Lies with Mark BowdenEasy Prey
Now that so much of our communications are digital, such as texts, emails, and chats, we miss out on the tone and facial expressions to help us understand the intent and content in communication. It’s important to know ourselves well enough to know what areas we’ll be more easily influenced and are susceptible to being deceived. The greater our desire for something to be true, the easier it is for us to be scammed. Today’s guest is Mark Bowden. Mark is a world-renowned body language expert, keynote speaker, and best-selling author. He is the founder of the communication training company,...
info_outline The Update That Broke America with Gabe DimeglioEasy Prey
Many industries are reliant on software and if the software becomes corrupt or an update fails, it may require hands-on support. Do you have your infrastructure set for repair and recovery? Today’s guest is Gabe Dimeglio. Gabe is a 20-year veteran of information technology and security for private and public sector organizations. He is a results-driven leader, specializing in security services and solutions for mission-critical, complex enterprise platforms. His expertise includes strategic consulting services, risk analysis/risk mitigation, and compliance. Mr. Dimeglio serves as Vice...
info_outline A Lesson in Crisis Management with Jeremiah GrossmanEasy Prey
It’s not always easy to determine the value of digital assets. The potential of overestimating or undervaluing your data can make it difficult to establish how much protection you need for a cyber intrusion. Today’s guest is Jeremiah Grossman. Jeremiah has spent over 25 years as an InfoSec professional and hacker. He is the Managing Director of Grossman Ventures. He is an industry creator and founder of White Hat Security and Bit Discovery. He has his black belt in Brazilian Jiu-Jitsu and is an avid car collector. Show Notes: [0:53] - Jeremiah shares his background and what he does...
info_outline Pig Butchering Is Getting Worse with Erin WestEasy Prey
Pig butchering is worse than just manipulating someone and taking their money. It leaves them with emotional anguish. Once their finances have been drained, they lose their financial security and they no longer trust people. Today’s guest is Erin West. Erin has been with the County of Santa Clara for 26 years and is a Deputy District Attorney. She specializes in cryptocurrency investigations and prosecutions. Show Notes: [0:46] - Erin shares her background and what her role is as a Deputy District Attorney in Santa Clara County. [3:20] - Five years ago, Erin found herself working on...
info_outline Protecting Parents with Terri ProctorEasy Prey
Sometimes people only share their stories after they’ve gone through a challenging time. But it’s also important to learn from those in the middle of a scam to learn how people are manipulated and how vulnerable our loved ones can really be. Today’s guest is Terri Proctor. Terri’s elderly mother has been scammed by romance scammers over the last three years. In trying to get help from different recommended services, she realized that no one was really interested in helping. She started the non-profit Stop Elderly Scams to educate and bring awareness to the community. Show Notes: ...
info_outline Technology Regulation is Outdated with Bruce SchneierEasy Prey
Regulators have to invest a considerable amount of time in keeping legislation and policy up to date regarding technology and AI, but it’s not easy. We need floor debates, not for sound bytes or for political gain, but to move policy forward. Today’s guest is Bruce Schneier. Bruce is an internationally renowned security technologist called The Security Guru by The Economist. He is the author of over a dozen books including his latest, A Hacker’s Mind. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is...
info_outlineSecurity risks are dynamic. Projects, employees, change, tools, and configurations are modified. Many companies utilize PEN testers on an annual basis, but as quickly as systems are revised, you may need to implement threat emulation for regular monitoring.
Today’s guest is Andrew Costis. Andrew is the Chapter Lead of the Adversary Research Team at Attack IQ. He has over 22 years of professional industry experience and previously worked in the Threat Analysis Unit Team at Firmware, Carbon Black, and Logrhythm Labs, performing security research, reverse engineering malware, and tracking and discovering new campaigns and threats. Andrew has delivered various talks at DefCon, Adversary Village, Black Hat, B Side, Cyber Risk Alliance, Security Weekly, IT Pro, Bright Talk, SE Magazine, and others.
Show Notes:
- [1:14] - Andrew shares his background and what he currently does in his career at Attack IQ.
- [3:49] - At the time of this recording, there has been a major global security panic.
- [6:06] - There are many programs that we use on a regular basis that we don’t always consider the security of.
- [8:09] - Historically, companies would pay for an external pen test. Andrew describes the purpose of this and how they usually went.
- [9:33] - Pen tests and threat emulation do not need to be limited to just once a year.
- [10:45] - Andrew’s team is in the business of testing post-breached systems. But they preach prevention.
- [11:55] - Attackers are lazy in the sense that they will reuse the same strategies over and over again.
- [14:13] - Many programs we use may be caught in the crosshairs of attacks and vulnerabilities in other companies.
- [16:41] - Andrew discusses the frequency of really critical CVEs.
- [19:01] - What do attackers go after when they’ve breached a system?
- [21:04] - The priority for attackers is to get in quickly and make the victim’s data unavailable.
- [22:24] - A lot of people are under the impression of vulnerability testers. “Fire and forget it” is not a beneficial mindset.
- [24:56] - If we run every test, the amount of data will be overwhelming.
- [27:03] - In his experience, there has been client testing that has been overwhelmingly easy to breach.
- [29:07] - There are also organizations that have done a fantastic job. However, vulnerabilities will still be found.
- [30:18] - The red team is not going to be able to cover your entire organization.
- [32:15] - Threat emulation and pen testing are technically the same thing. Andrew explains how she sees the difference.
- [33:50] - How are vulnerabilities and tests prioritized?
- [36:19] - Andrew describes the things his team works on and their objectives for customers and clients.
- [38:34] - The outage at the time of this recording had a big impact. It gave a really good idea of what could happen if it were a real security breach.
- [41:37] - There are a ton of free resources out there. The primary resource at Attack IQ is the free Attack IQ Academy.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.