Welcome back to the show! Hacker Valley Studio podcast features Host Ron Eddings, as he explores the world of cybersecurity through the eyes of professionals in the industry. We cover everything from inspirational real-life stories in tech, to highlighting influential cybersecurity companies, and we do so in a fun and enthusiastic way. We’re making cybersecurity accessible, creating a whole new form of entertainment: cybertainment.
Episodes
Tuesday May 25, 2021
Tuesday May 25, 2021
In this episode, we brought back fan-favorite, John Strand. He is owner of Black Hills Information Security, a SANS instructor, and a mentor to many in the industry.
Johns starts the show sharing a little bit about his background and what he is doing today.
Ron and Chris dive a little bit deeper into John’s earlier life asking what his personal superpower, personal or professional, and when did that power really came about in his life?
John shares his experiences with failure, which he feels are key to where he is at today. How everyone needs to get comfortable with struggles, failures and hardships. On top of that, one needs to be able to laugh at themself.
Key Takeaways
1:02 Back with fan favorite John Strand
2:21 John shares his background
3:38 John’s superpower
5:51 Going through the grind to learn
8:30 Partnerships
11:44 Getting a head start
14:58 The entertainment factor
16:36 Journey through being an instructor
19:35 Pay what you can concept
25:53 Education systems
29:18 Advice from John
Links:
John Strand blog.
John Strand on Twitter.
Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter.
Follow hosts Ron Eddings and Chris Cochran on Twitter.
Learn more about our sponsor ByteChek.
Tuesday May 18, 2021
Tuesday May 18, 2021
This is the finale of Know Thyself. What an incredible journey, we feel like this entire experience flew by so fast, we got to talk to so many incredible people about knowing yourself, knowing your team, knowing your tech stack, knowing your environment, and even knowing your story.
Make your organization better make your security posture better, strive for impact, what are the most high leverage things that you can do today to make everybody's lives easier, or more safe, and then yield the feedback, there might be some things that you might be missing, you might need to ask questions, ask for feedback, get some information from your stakeholders, what what are you thinking about that I might not be thinking about? asking these different things is how you know thyself. And this is how you get to know the people that are around you, your peers, your stakeholders, the more knowledge you have got started with that Sun Tzu quote, in the very beginning of the podcast, if you know yourself and you know your enemy, you need not fear the results of 100 battles. So if you really understand yourself, and you have good threat intelligence, understanding the externals, you have good vulnerability management that understands the externals and the internals, if you mash all that information together, I think you'll be able to do great things with your cybersecurity program.
Key Takeaways
0:02 Introduction to the show
0:49 Our Sponsor, Axonius
2:09 Welcome back
2:31 Reflecting on Know Thyself
3:17 Recap This Seasons Guest
3:22 Marcus Carey
4:17 John Strand
5:05 Aaron Reinhart & Jamie Dixon
5:54 Chaos Engineering
7:12 Lenny Zeltser, asset inventory
7:54 Kevin Allison, Storytelling is a soft skill
10:19 John Strand
12:13 Can we do better?
13:54 What kind of leader are you?
14:26 Do you have unsupported devices?
17:34 Ask yourself these questions
13:33 Go back to the EASY Framework
21:50 Learning
23:29 Exploration
24:00 Immersion
27:28 Reach Hacker Valley
Learn more about Hacker Valley Studio
Support Hacker Valley Studio on Patreon
Follow Hacker Valley Studio on Twitter
Follow Chris Cochran on Twitter
Tuesday May 18, 2021
Tuesday May 18, 2021
In this masterclass of HVB season 2 we brought in a master story teller in Kevin Allison. The biggest thing is to get a person to understand, don't just summarize, don't just walk us through a Wikipedia like where you're just giving us a broad overview. And you're explaining; it’s important to remember sensory details that will help us see almost like movie scenes, what was happening between people. That is what brings the story alive. So that's a good case right there where the bones of the story were incredible. Like that's just on paper and an incredible overview of a story, but it's not going to work unless you can fill in all those sensory details that bring it alive and make it emotional for us.
Storytelling is a soft skill that offers the ability to contextualize cybersecurity in a manner that any organization can understand to allow their business to stay safe.
Key Takeaways:
0:00 Previously on the show
2:37 Kevin introduction
3:20 Episode begins
3:39 Where Kevin is today
7:58 Kevin’s origin story
12:04 Cybersecurity is performing
17:08 Storytelling for business
21:00 Engineering a story
26:12 Authentic storytelling
34:54 Speaking isn’t perfect
41:02 Where to find Kevin
RISK!: True Stories People Never Thought They’d Dare To Share
Learn more about Hacker Valley Studio
Support Hacker Valley Studio on Patreon
Follow Hacker Valley Studio on Twitter
Tuesday May 18, 2021
Tuesday May 18, 2021
If want to get into computer security, you're going to learn to love it, you're going to have to be successful, because a lot of computer security isn't just about bits and bytes, it's really about effectively communicating what needs to be done to the right people.
In this episode wet have the incredible John Strand. Organizations need to become more proactive, and see where those weak spots are to protect themselves from something like ransomware. You need to run a pen test because you can have somebody literally launch those attacks, and identify those weaknesses in those vulnerabilities before the bad people do.
What's the gap that we can all learn from? It's passwords. By and large for most users, passphrases are the way to go. And, multi-factor authentication is actually a very sound strategy.
If you look at one key tenant of computer security, complexity is the enemy of computer security. And security is constantly trying to catch up and protect against yesterday's attacks. So, the future is more connected, it's more complicated. And the problem is, we still have people that use weak passwords, we still have people that click on links from strangers. And ultimately, when we're looking at that future, you're going to see the exact same problems that we've always had complicated on a much, much, much, much, much larger scale. As things get more and more pushed to the cloud. There'll be no shelter here, the front line is everywhere. World of computer security.
Key Takeaways:
0:00 Previously on the show
2:02 John introduction
2:44 Episode begins
2:47 What John is doing today
3:45 John’s core tenets
5:51 How pen testing is “Blue”
6:17 Why understanding fundamentals matters
8:55 Ransomware
10:41 Organizations need to be prepared
11:58 Password gap
13:37 Password philosophy
17:07 Multi-factor authentication
21:40 What to do today
24:24 New problems
26:44 Learn your own network
28:26 Where to find John
Black Hills Information Security
Learn more about Hacker Valley Studio
Support Hacker Valley Studio on Patreon
Follow Hacker Valley Studio on Twitter
Tuesday May 18, 2021
Tuesday May 18, 2021
In this episode, we brought in two exceptional guests that are no stranger to chaos. In fact, they've identified ways to engineer for chaos. In the studio, we have Aaron Rinehart, CTO, and founder at Verica. We also have Jamie Dicken, former manager of applied security at Cardinal Health and current director at Resilience. These two are also authors of Security Chaos Engineering. If you haven't read that book it's already out, you should check it out.
Chaos engineering is the technique of introducing turbulent conditions into a distributed system to try to determine the conditions that cause it to fail before it actually fails. So they simplify it. What we do with chaos engineering is learn about the system without experiencing the pain of an outage or an incident. You learn to trust your gear by testing.
The biggest impact really came once we understood how security chaos engineering fits into the bigger security picture. It's not about just being a part of the latest and greatest techniques and having the excitement of doing something that's cutting edge, but security chaos engineering at the end of the day. It's useless unless what you've learned drives change.
Key Takeaways:
0:00 Previously on the show
1:40 Aaron Rinehart and Jamie Dixon introduction
2:08 Episode begins
2:59 What Jamie and Aaron are doing today
3:13 What Jamie is doing
4:13 What Aaron is doing
5:00 Discuss chaos engineering
9:26 Importance of chaos engineering
10:16 Myths of chaos engineering
12:55 Chaos engineering customer impacts
17:34 Learning to trust the test and end result
19:03 Reader and customer feedback
22:21 Chaos engineering gone wrong
27:39 Implementing change in cybersecurity
28:11 Building a team of experts
39:08 Getting involved in chaos engineering
41:09 Tools for listeners
43:25 Keeping up with Aaron and Jamie
Learn more about Hacker Valley Studio
Support Hacker Valley Studio on Patreon
Follow Hacker Valley Studio on Twitter