BrakeSec Education Podcast
A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
info_outline
Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more!
06/01/2024
Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more!
Check out the BrakeSecEd Twitch at https://twitch.tv/brakesec Join the Discord! https://discord.gg/brakesec #youtube VOD (in 1440p): Questions and topics: Bsides Vancouver discussion Semgrep Community and Academy Building communities What are ‘secure guardrails’ Reducing barriers between security and developers How to sell security to devs: “hey, if you want to see us less, buy/use this?” “Security is your barrier, but we have goals that we can’t reach without your help.” https://wehackpurple.com/devsecops-worst-practices-artificial-gates/ How are you seeing things like AI being used to help with DevOps or is it just making things more complicated? Not just helping write code, but infrastructure Ops, software inventories, code repo hygiene, etc? OWASP PNW https://www.appsecpnw.org/ Alice and Bob coming next year! Additional information / pertinent LInks (Would you like to know more?): shehackpurple.ca Semgrep (https://semgrep.dev/) https://aliceandboblearn.com/ https://academy.semgrep.dev/ (free training) Netflix ‘paved roads’: https://netflixtechblog.com/how-we-build-code-at-netflix-c5d9bd727f15 https://en.wikipedia.org/wiki/Nudge_theory https://www.perforce.com/blog/qac/what-is-linting https://www.youtube.com/watch?v=FSPTiw8gSEU https://techhq.com/2024/02/air-canada-refund-for-customer-who-used-chatbot/ Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: https://linkedin.com/in/brakeb Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@BrakeSecEd Twitch Channel: https://twitch.tv/brakesec
/episode/index/show/brakeingsecurity/id/31562597
info_outline
Josh Grossman - building Appsec programs, bridging security and developer gaps
04/15/2024
Josh Grossman - building Appsec programs, bridging security and developer gaps
Youtube VOD: #appsec, #owasp, #ASVS, #joshGrossman, #informationsecurity, #SBOM, #supplychain, #podcast, #twitch, #brakesec, #securecoding, #Codeanalysis Questions and topics: 1. The background to the topic, why is it something that interests you? How do you convince developers to take your course? 2. What do you think the root cause of the gap is? 3. Who is causing the gaps? (‘go fast’ culture, overzealous security, GRC requirements, basically everyone?) 4. Where do gaps begin? Is it the ‘need’ to ‘move fast’? 5. What can devs do to involve security in their process? Sprint planning? SCA tools? 6. How have you seen this go wrong at organizations? 7. How important is it to have security early in the product development process? 8. What sort of challenges do you think mainstream security people face in AppSec scenarios? 9. How does Product Security differ from Application Security? (what if the product is an application?) 10. What are the key development concepts that security people need to be familiar with to effectively get involved in AppSec/ProdSec? 11.. How do you suggest a security team approach AppSec/ProdSec? Leadership buy-in Effective/valuable processes Tools should achieve a goal 12. SBOM - NTIA is asking for it, How to get dev teams to care. 13. Key takeaways? Additional information / pertinent LInks (Would you like to know more?): BlackHat Training: https://www.blackhat.com/us-24/training/schedule/index.html#accelerated-appsec--hacking-your-product-security-programme-for-velocity-and-value-virtual-37218 https://www.walkme.com/blog/leadership-buy-in/ https://www.bouncesecurity.com/ https://www.teamgantt.com/blog/raci-chart-definition-tips-and-example https://www.cisa.gov/sbom SCA Tools https://chpk.medium.com/top-10-software-composition-analysis-sca-tools-for-devsecops-85bd3b7512dd https://semgrep.dev/ https://www.linkedin.com/in/joshcgrossman https://owasp.org/www-project-application-security-verification-standard/ https://github.com/OWASP/ASVS/tree/master/5.0 https://owasp.org/www-project-cyclonedx/ https://joshcgrossman.com/ PyCon talk about custom security testing: https://www.youtube.com/watch?v=KuNZzDjvMlg Michal's Black Hat course - Accurate and Scalable: Web Application Bug Hunting: https://www.blackhat.com/us-24/training/schedule/index.html#accurate-and-scalable-web-application-bug-hunting-37210 https://www.blackhat.com/us-24/training/schedule/index.html#accurate-and-scalable-web-application-bug-hunting-372101705524544 ASVS website: https://owasp.org/asvs Lightning talk I did recently about OWASP: https://www.bouncesecurity.com/eventspast#f86548cb37cb2a82728b1762bd1b7aee Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: https://linkedin.com/in/brakeb Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@brakeseced Twitch Channel: https://twitch.tv/brakesec
/episode/index/show/brakeingsecurity/id/30836203
info_outline
Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox
04/09/2024
Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox
Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information and experiences and do not represent views of past, present, or future employers. Recorded: 08 Apr 2024 Youtube VOD: https://www.youtube.com/watch?v=K8qApvsFtqw Show Topic Summary: If you want to get in the mind of a board member, I submit to you my discussion with we did last night on . Join Mary and I as we discuss the functions of a board, messaging to various levels of leadership and teams, and what it takes to make that leap to being a CISO. And when you're done, and you need someone to help your org get more mature, contact the team at . Questions and topics: “Just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. “ They obviously have different priorities, so what brings everyone to the table to discuss? Are they even worried about security? Tactical goals vs. org goals and aligning them What are boards most worried about these days? Staying relevant in the face of AI? What tech will protext them from the newest threats? GRC is forced security, security is completely optional, Compliance requires some sort of security Additional information / pertinent LInks (Would you like to know more?): Research organizations (gartner, forrester, etc) Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: Brakesec Website: Youtube channel: Twitch Channel: Discord:
/episode/index/show/brakeingsecurity/id/30743753
info_outline
p2-accidentalCISO, building trust in new places
02/13/2024
p2-accidentalCISO, building trust in new places
Full Youtube VOD: Questions and topics: Let’s talk about Mindful Business Podcast What’s the topics you cover? Topic #1: discuss your experiences when you were a new leader. What worked? What didn't? What would you have done differently? Do you emulate your manager's style? What have been your go-to management resources? What is a good piece of advice that you’ve been given or that you impart to others that relates to leadership? Topic #2: building/Operating SaaS products (we can discuss securing them, what functions should be table stakes (data structures, logging, etc) Topic #3: What are bare minimums for building ‘secure’ Saas products in your particular field? And how do you balance security with a positive user experience (i. e. getting customers to buy into MFA/OAUTH, OTA updates Topic #4: Do many SaaS products get over-integrated? Is the need for integration override best practices in security? Additional information / pertinent LInks (Would you like to know more?): Twitter/Mastodon: The Mindful Business Security Show: Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: Brakesec Website: Youtube channel: Twitch Channel:
/episode/index/show/brakeingsecurity/id/29942788
info_outline
AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec
02/02/2024
AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec
Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information, and do not represent views of past, present, or future employers. Recorded: 28 Jan 2024 Youtube VOD: https://youtube.com/live/uX7odQTBkyQ Questions and topics: Let’s talk about Mindful Business Podcast What’s the topics you cover? Topic #1: discuss your experiences when you were a new leader. What worked? What didn't? What would you have done differently? Do you emulate your manager's style? What have been your go-to management resources? What is a good piece of advice that you’ve been given or that you impart to others that relates to leadership? Topic #2: building/Operating SaaS products (we can discuss securing them, what functions should be table stakes (data structures, logging, etc) Topic #3: What are bare minimums for building ‘secure’ Saas products in your particular field? And how do you balance security with a positive user experience (i. e. getting customers to buy into MFA/OAUTH, OTA updates Topic #4: Do many SaaS products get over-integrated? Is the need for integration override best practices in security? Additional information / pertinent LInks (Would you like to know more?): Twitter/Mastodon: The Mindful Business Security Show: Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: Brakesec Website: Youtube channel: Twitch Channel:
/episode/index/show/brakeingsecurity/id/29766308
info_outline
1st show of 2024! Our 10th Anniversary...
01/09/2024
1st show of 2024! Our 10th Anniversary...
It's our 10th anniversary and the first show of our 2024 season! Amanda was on "7 minute security" Check out the complete VOD at Explicit language warning
/episode/index/show/brakeingsecurity/id/29399308
info_outline
Brakesec Call to Action 2023
12/18/2023
Brakesec Call to Action 2023
Youtube Video: is the link to the survey. Your information (should you choose to identify yourself) will not be shared outside of the BrakeSec Team. Thank all of you for listening and for your input. RSS feed for the audio podcast is at website:
/episode/index/show/brakeingsecurity/id/29131788
info_outline
How to get more headcount, BLUFFs Vulnerability, and Ranty Clause debuts!
12/04/2023
How to get more headcount, BLUFFs Vulnerability, and Ranty Clause debuts!
Show Topic Summary: Ms. Berlin proposes a question of how to gather more headcount with metrics, we discuss the BLUFFS bluetooth vulnerability, and “Ranty Claus” talks about CISA’s remarks of putting the onus on device product makers to remove choice for customers and implement secure defaults. #youtube VOD: Questions and topics: Additional information / pertinent LInks (Would you like to know more?): Examples of companies forcing changes - eBPF implementation in Rust Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake on Mastodon.social, Brakesec Website: Twitter: @brakesec Youtube channel: Twitch Channel:
/episode/index/show/brakeingsecurity/id/28924613
info_outline
25Oct - okta breached (again), Energy company hit by supply chain attack, and you can help hire the best people
10/26/2023
25Oct - okta breached (again), Energy company hit by supply chain attack, and you can help hire the best people
Subscribe on Twitch using Amazon Prime and watch us live: https://twitch.tv/brakesec Check out our VODs on Youtube: Join the BrakeSecEd discord: News:
/episode/index/show/brakeingsecurity/id/28433570
info_outline
Nicole Sundin - CPO at Axio - SEC compliance, usable security, setting up risk mgmt programs
09/23/2023
Nicole Sundin - CPO at Axio - SEC compliance, usable security, setting up risk mgmt programs
Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers. Guest Bio: Nicole is the Chief Product Officer at Axio. Nicole has spent her career building awareness around the benefits of usable security and human-centered security as a way to increase company revenue and create a seamless user experience. Youtube VOD Link: Questions and topics: Usable security: is it an oxymoron? What determines if the security is ‘usable’ or no? We sacrifice security for a better UX, what can be done to alleviate that? Or is it some sort of sliding scale in “poor UX, amazing security or awesome UX, poor security” Examples of poor UX for ‘people’: MFA, and password managers. SEC updates and ‘material events’ and how that would affect security, IR, and other company reporting functions. Also, additional documentation (Regulation S-K Item 106) Are companies ready to talk about their cybersecurity? Can the SEC say “you’re not doing enough?” What is ‘enough’? Are we heading toward yet another audit needed for public companies, similar to SOX? When does an 8-K get publicly disclosed? Materiality is based on a “reasonable investor”? So, you don’t need to announce that until you’re certain, and it’s based on what you can collect? Cyber Risk Management and some good examples of how to set up a proper cyber risk organization Additional Links:
/episode/index/show/brakeingsecurity/id/28119962
info_outline
John Aron, letters of marque, what does a "junior" job look like with AI?
09/03/2023
John Aron, letters of marque, what does a "junior" job look like with AI?
Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers. Guest Bio: John is the CEO of Aronetics. An avid climber and runner, John has spoken at many conferences about topics like ZeroTrust, BIOS/UEFI security, communication security, and malware. Aronetics is a technology-enabled service provider. Youtube VOD: https://youtube.com/live/5dIVTwVZLAU Linkedin VOD: Show Topic Summary: John joins us to discuss “letters of Marque” in an effort for hackers to ‘hack back’... the overreliance on automation, and communication siloes. We also talk about what a ‘junior position’ in infosec looks like with AI doing all the “Level 1 SOC Analyst” type roles normally given to someone fresh to the security industry. Questions and topics: Is infosec over reliant on automation? Automation comes with its own challenges. Documentation woes Automation is usually found in userland Aronetics’ Thor provides defense and counter-offense tamper-proof technology digitally tied to Letter of Marque - good idea, or geopolitical disaster waiting to happen? Siloes and communication -best ways to overcome those in an org and outside? How do we overcome siloing? Overcoming security challenges?Identity management - 2FA is everywhere, there’s already ways around 2FA, so what now? 3FA? Biometrics? Make everyone carry around physical tokens that we can lose? Blog post: What do we need to protect against? Nation states with quantum computers? Rubber hose cryptography? Crime thrives in areas of low visibility. (threat detection - the crime thrives in low vis areas) Show points of Contact: Brakesec Website: Youtube channel: Twitch Channel: Amanda Berlin: @[email protected] (Mastodon) @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake on Mastodon.social
/episode/index/show/brakeingsecurity/id/27928935
info_outline
Megan Roddie - co-author of "Practical Threat Detecion Engineering"
08/25/2023
Megan Roddie - co-author of "Practical Threat Detecion Engineering"
Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers. Buy here: Amazon Link: Youtube VOD: https://www.youtube.com/watch?v=p1_jQa9OQ2w Show Topic Summary: Megan Roddie is currently working as a Senior Security Engineer at IBM. Along with her work at IBM, she works with the SANS Institute as a co-author of FOR509, presents regularly at security conferences, and serves as CFO of Mental Health Hackers. Megan has two Master's degrees, one in Digital Forensics and the other in Information Security Engineering, along with many industry certifications in a wide range of specialties. When Megan is not fighting cybercrime, she is an active competitor in Muay Thai/Kickboxing. She is a co-author of “Practical Threat Detection Engineering” from Packt publishing, on sale now in print and e-book. Buy here: ← Amazon redirect link that publisher uses if you want something easier on the notes Questions and topics: Of the 3 models, which do you find you use more and why? (PoP, ATT&CK, kill chain) What kind of orgs have ‘detection engineering’ teams? What roles are involved here, and can other teams (like IR) be involved or share a reverse role there? Lab setup requires an agent… any agent for ingestion or something specific? How does Fleet or data ingestion work for Iot/Embedded device testing? Anything you suggest? How important is it to normalize your log output for ingestion? (app, web, server all tell the story) Additional information / pertinent LInks (Would you like to know more?): Unified Kill Chain: ATT&CK: D3FEND matrix BrakeSec show from 2021: Pyramid of Pain: (per Megan, ‘it’s basically Chapter 11 of the book’) Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake on Mastodon.social, Twitter, bluesky Brakesec Website: Twitter: @brakesec Youtube channel: Twitch Channel:
/episode/index/show/brakeingsecurity/id/27846009
info_outline
meeting new people, walking on your keyboard causes issues, even google gets phone numbers wrong.
07/21/2023
meeting new people, walking on your keyboard causes issues, even google gets phone numbers wrong.
Check out our sponsor (BLUMIRA) at https://blumira.com/brake youtube channel link: Full video on our youtube Channel! - Rust game engine - a more mature Rust game engine - which I suck at, BTW Intro/outro music: "Flex" by Jeremy Blake Courtesy of YouTube Music Library (used with proper permissions)
/episode/index/show/brakeingsecurity/id/27532995
info_outline
Bsides Seattle and Austin, SecureBoot patch, and more
05/27/2023
Bsides Seattle and Austin, SecureBoot patch, and more
BrakeSec Show Outline – No Guest Show Topic Summary (less than 300 words) Bsides Seattle and Bsides Austin Youtube VOD: Questions and potential sub-topics (5 minimum): Bsides Seattle update and Bsides Austin Patching the unpatchable Power and influence (is power bad? Is influence?) 5. (A Theory of Creepy: Technology, Privacy and Shifting Social Norms) (contact info for people to reach out later): Additional information / pertinent Links (would you like to know more?): (contact info for people to reach out later): https://www.bleepingcomputer.com/news/security/microsoft-shares-guidance-to-detect-blacklotus-uefi-bootkit-attacks/ Show Points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake @[email protected] Website: Twitch: Youtube: Email: [email protected]
/episode/index/show/brakeingsecurity/id/26966046
info_outline
lynsey wolf, conducting insider threat investigations, CASB and UEBA utlization to good use.
04/30/2023
lynsey wolf, conducting insider threat investigations, CASB and UEBA utlization to good use.
Show Topic Summary (less than 300 words) Insider threat still exists, Lynsey Wolf talks with us about HR’s role in insider threat, how prevalent investigations are in the post-pandemic work from home environment. Questions and potential sub-topics (5 minimum): What is the difference between insider threat and insider risk? Motivators of insider threat (not much different than espionage,IMO -bryan) (MICE: Money, Ideology, Compromise, and Ego.) 75% of all insider threats are being kicked off by HR departments. In short, it's proactive. “How did HR figure that out?” How are investigations normally initiated? What tools are they implementing to check users or predicting a disgruntled employee?” UEBA? CASB? Employee surveys that are ‘anonymous’? Someone who reported others and it was dismissed? What if HR ‘gets it wrong’ or ‘it’s a hunt to find people no into ‘groupthink’ or ‘not a culture fit’? How can organizations be mindful of how and what data is collected to mitigate risk without affecting employee trust? And who watches the watchers to ensure data is handled responsibly? Are there any privacy guidelines companies need to understand before they implement such a system? (GDPR? CCPA? Privacy notices? Consent to monitoring on login? ) Are companies causing the thing they are protecting against? (making an insider threat because they’ve become repressive?) (hoping there’s an ‘everything in moderation idea here… finding the happy medium between responsible ‘observability’ and ‘surveillance’) Lots of ‘insider threat’ tools, including from EDR companies. Do companies do a good job of explaining to employees why you need EDR? Quiet Quitting - latest term for companies to use to describe “employee has a side gig”. How does this figure into insider threat? Is it assumed that people only have one ‘thing’ they do, or did the lack of a commute give people more time during the pandemic to diversify? Solutions for employees? Separate their work and private/side gig? Learn what their contract states to keep conflicts of interest or your current/past employer from taking your cool side project/start-up idea away from you? Solutions for companies? Additional information / pertinent Links (would you like to know more?): (contact info for people to reach out later): (insider threat ontology) (Air National Guardsman accused in military records leak makes 1st court appearance - story still developing as of 16 April 2023) Show Points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake @[email protected] Website: Twitch: Youtube:
/episode/index/show/brakeingsecurity/id/26698317
info_outline
3CX supply chain attack, Mark Russinovich and Sysinternals, CISA ransomware notifications, and emotional intelligence
04/08/2023
3CX supply chain attack, Mark Russinovich and Sysinternals, CISA ransomware notifications, and emotional intelligence
Show Topic Summary (less than 300 words) 3CX supply chain attack, Mark Russinovich and Sysinternals, ransomware notifications from CISA, and emotional intelligence Youtube VOD: Questions and potential topics (5 minimum): Additional information / pertinent Links (would you like to know more?): Sigma Rule - Show Points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake @[email protected] Website: Twitch: Youtube: Email:
/episode/index/show/brakeingsecurity/id/26484390
info_outline
Dish Network is still busted, John Deere avoiding OSS requests, Is DAST dead?
03/24/2023
Dish Network is still busted, John Deere avoiding OSS requests, Is DAST dead?
Show Topic Summary (less than 300 words) Dish Network is still busted due to ransomware, your Pixel phone baseband RCE, Nothing runs like a Deere (away from OSS requests, anyway), and “Are we past DAST?” Questions and potential sub-topics (5 minimum): (thanks D Mathews!) Additional information / pertinent Links (would you like to know more?): Show Points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake @[email protected] Website: Twitch: Youtube: Email: [email protected]
/episode/index/show/brakeingsecurity/id/26325480
info_outline
Nickolas Means talks about Security, Devops velocity, blameless orgs, and conferences infosec should attend
03/04/2023
Nickolas Means talks about Security, Devops velocity, blameless orgs, and conferences infosec should attend
Guest info Name and Title: Nickolas Means, VP of Engineering at SYM Email/Social Media Contact: @nmeans on Twitter, @[email protected] on Mastodon Time Zone (if other than Pacific): Central (Austin, TX) Show Topic Summary / Intro We welcome Nickolas Means to the stream. Nick is the VP of Engineering at Sym, the adaptive access tool built for developers. He's been an engineering leader for more than a decade, focused on helping teams build velocity through trust and autonomy. He's also a regular speaker at conferences around the world, teaching more effective software development practices through stories of real-world engineering triumphs and failures. He’s also the co-host of “Managing Up” a podcast with Management tips, stories, and interviews to help navigate the challenges of managing creative and technical teams. Questions and potential sub-topics (5 minimum): 'blameless environment' during an incident. We can discuss working an incident and if a 'blameless' environment the exception or the rule (stories from the trenches are always welcome) Building a compliance program without tanking your engineering velocity... I'd like to speak about that in terms of overall security (product security, scanning, license checks, and more) Is there a playbook to building more efficient dev and security teams? Can cross training dev in basic security, or security in sprint planning processes make a better experience for all? Will we ever solve ‘shifting left’? What does Shifting Left really mean to engineering teams, or is that a term security people created to try and speak ‘dev/eng’? ‘Managing Up’... security is often asked to do a lot. Be STO when you don’t manage the resources, timeline, etc. When teams are small, you’re either in the operational/tactical, when management wants a ‘tactical/strategic’ view. What can the overall business do to create a good working relationship out of the gate? “Make a dashboard” is all well and good, except when your org lacks maturity across the board. What are some realistic expectations management should have when the company is small? (I will provide additional context during the stream) Additional information / pertinent Links (would you like to know more?): - Managing Up Podcast “Management tips, stories, and interviews to help navigate the challenges of managing creative and technical teams.“ - Adaptive access management tools built for engineers Show Points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake @[email protected] Website: Twitch: Youtube:
/episode/index/show/brakeingsecurity/id/26124603
info_outline
SPECIAL INTERVIEW: John Aron and Jerod Brennen
02/10/2023
SPECIAL INTERVIEW: John Aron and Jerod Brennen
BrakeSec Show Outline (all links valid as of 27 Jan 2023, subject to change) Is it scheduled? Yes || No|| Completed Date: 2023/01/26 Guest info Name and Title: John Aron, Founder/CEO of Aronetics Email: [email protected] Time Zone (if other than Pacific): Eastern Standard Guest info Name and Title: Jerod Brennen Email: [email protected] Time Zone (if other than Pacific): EST Show Topic Summary (less than 300 words) Clear the fog of marketing truths and viable solutions that actually deter and defend adversarial action. Questions and potential sub-topics (5 minimum): Edge devices everywhere A paradigm culture shift is necessary How/What kind of culture shift is needed? In 2007, Steve Jobs unveiled the iPhone with no mention of how to keep it safe While DARPA that created GPS, shares a sorry - not sorry 4. Working from Home or the office, how can you guarantee security with travel between both? This type of computing isn’t possible in government circles. 5. How can we restore sanity and normalcy to using a computer when there is a persistent threat everywhere? Who is under ‘persistent threat’? 6. Jerod: decentralization of technologies and empowering makers and people Additional information / pertinent Links (would you like to know more?): (local copy) (local copy defeats paywall) ) (local copy defeats paywall) (“good to great”, and “Built to Last” were called out) John’s Bsides San Diego slides: John’s WiCys talk slides: Pending - Sidechannel (Fractional CISO organization) (Jerod’s organization) - (John’s company) Show Points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake @[email protected] Website: Twitch:
/episode/index/show/brakeingsecurity/id/25887660
info_outline
Layoff discussions, another TMO breach, OneNote Malware, and more!
01/24/2023
Layoff discussions, another TMO breach, OneNote Malware, and more!
Lots of Layoffs (meta, Microsoft, Amazon, Sophos, Alphabet, Google) talk about the future effects of that, did it affect security? Attack surface management is risk management, Breaches and the TSA no-fly list leaked, and more! Full youtube video: Questions and/or potential sub-topics (5 minimum): Layoffs (fear, uncertainty, doubt), what it means for people, “No fly list leaked” Attack Surface Management: / ? (issues with "step 0") Additional information / pertinent Links (would you like to know more?): - TMO’s 8k filing Show Points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake @[email protected] Website: Twitch:
/episode/index/show/brakeingsecurity/id/25716489
info_outline
GPS car hacks, Google Threat report, notable topics of 2020, satellite threat modelling, twitter breach(?)
01/10/2023
GPS car hacks, Google Threat report, notable topics of 2020, satellite threat modelling, twitter breach(?)
topics What were the biggest stories of 2022? Any notable trends that you saw (fetch Diversion) I got 5 million steps in 2022! Looking to jog/run 350 miles (danger of , and .. in file paths Google’s threat Horizon’s report Additional information / pertinent Links (would you like to know more?): (google’s Threat Horizons report) \youtube.c Show Points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake @[email protected] Website: Twitch:
/episode/index/show/brakeingsecurity/id/25556889
info_outline
Josh-Whalen-risk-management-data_visualization-tools, value-creating activities -p2
12/20/2022
Josh-Whalen-risk-management-data_visualization-tools, value-creating activities -p2
Full stream video on Youtube: John's Youtube channel, to find more training/contact information: ADKAR model: CCE framework: Dashboard (non-sponsored link): Diagrammming tool: Amazon book:
/episode/index/show/brakeingsecurity/id/25388076
info_outline
John Whalen, data visualization tools, risk management, handling org risk-p1
12/11/2022
John Whalen, data visualization tools, risk management, handling org risk-p1
Full stream video on Youtube: John's Youtube channel, to find more training/contact information: ADKAR model: CCE framework: Dashboard (non-sponsored link): Diagrammming tool: Amazon book:
/episode/index/show/brakeingsecurity/id/25292322
info_outline
Interview with Infrared - one of the Seattle Community Network organizers
11/22/2022
Interview with Infrared - one of the Seattle Community Network organizers
-Full stream video (interview starts at 28m22s) Broadcasted live on Twitch -- Watch live at Seattle Community Network - Check Bryan out on Mastodon! <a rel="me" href="https://mastodon.social/@bryanbrake">Mastodon</a>
/episode/index/show/brakeingsecurity/id/25100775
info_outline
JAMBOREE - an Android App testing platform from @operat0r -part2
11/07/2022
JAMBOREE - an Android App testing platform from @operat0r -part2
introducing @operat0r talked a bit about mobile device hacking and rooting/jailbreaking phones for testing Grab the powershell script here: Check out the Youtube videos, including demo! Part2 is here: https://www.youtube.com/watch?v=RXgwUWpRuYA
/episode/index/show/brakeingsecurity/id/24842532
info_outline
JAMBOREE - an Android App testing platform from @operat0r
10/30/2022
JAMBOREE - an Android App testing platform from @operat0r
introducing @operat0r talked a bit about mobile device hacking and rooting/jailbreaking phones for testing Grab the powershell script here: Check out the Youtube videos, including demo! Part 2 will be available soon! Part 1:
/episode/index/show/brakeingsecurity/id/24842388
info_outline
07-oct-news-twitch streaming
10/12/2022
07-oct-news-twitch streaming
/episode/index/show/brakeingsecurity/id/24661008
info_outline
Uber Breach, MFA fatigue, who can help communicate biz risk?
09/19/2022
Uber Breach, MFA fatigue, who can help communicate biz risk?
Twitter: @boettcherpwned @infosystir @brakeSec @bryanbrake Twitch:
/episode/index/show/brakeingsecurity/id/24413760
info_outline
Manual Code reviews/analysis, post-infosec Campout discussion
09/02/2022
Manual Code reviews/analysis, post-infosec Campout discussion
checkout our website: Follow and subscribe with your Amazon Prime account to our Twitch stream: Twitter: @infosystir @boettcherpwned @bryanbrake @brakesec Find us on all your favorite podcast platforms! Please leave us a 5 star review to help us grow!
/episode/index/show/brakeingsecurity/id/24256401
info_outline
Amanda's Sysmon Talk -p2
08/15/2022
Amanda's Sysmon Talk -p2
Part 2 of our discussion this week with Amanda, Brian, and Bryan on sysmon, We discuss use cases from her talk, and best ways to get sysmon integrated into your environment. BrakeSec is: Amanda Berlin @infosystir Brian Boettcher @boettcherpwned Bryan Brake @bryanbrake Our #twitch stream can be found at: (subscription is req'd to see full videos)
/episode/index/show/brakeingsecurity/id/23894304