Advanced Persistent Security

A Technology and Tech News podcast
Good podcast? Give it some love!

Best Episodes of Advanced Persistent Security

Mark All
Search Episodes...
Women & Minorities in Technology (WITH SHANA BUMPAS) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 21 GUEST: Shana Bumpas October 3, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers Women & Minorities in Technology (with Shana Bumpas) SHOW NOTES PART 1 Joe introduces Shana Bumpas, an Information Security professional with both state and federal experience. She gets us up to speed on what she’s been up to and then we transition into the news. Shana and Joe provide their outside analysis of the Yahoo data breach and the impact it will have on Yahoo’s sale to Verizon. Joe voices his belly aches with everyone claiming “Nation State” attacks. PART 2 Shana talks about the gap in technology of minorities and females. She talks about the decline in completion of STEAM (Science, Technology, Engineering, Art, and Math) degrees and entering the workforce. Shana equates this to a lack of mentors. Joe talks about putting effort in and reaping the rewards as well as crushing the security and technology elitism. We discuss using shows like Mr. Robot as a tool for awareness and getting the security conversation started. Joe calls out his mentors in his early days: Luke Winkelmann and Jim Roller. Shana and Joe discuss newer perspectives and challenges in promoting diversity. PART 3 Joe mentions Girls Who Code, Women Cyberjutsu, Women In Technology, and Women In Cybersecurity. Shana talks about these organizations spreading the word and gaining the male advocacy. Shana provides more groups, which are in the resources section with the groups Joe mentioned. Shana calls higher learning institutions to do more to mentor students via clubs, job shadowing, and helping them gain internships. ABOUT Shana Shana Bumpas Shana Bumpas has been working in the IT profession for over 20 years in both the public and private sectors. Prior to that, she served as an Aviation Electronics Technician in the US Navy.  She graduated from Virginia Commonwealth University in Richmond, VA with a Bachelors of Science in Business Administration majoring in Management of Information Systems.  She has earned a Master of Science in Information Assurance from Norwich University in Northfield, VT.   She is currently working a Doctorate of Education at Liberty University. Prior to her current role as the IT Risk Manager with a state agency, she was a Senior Information Security Analyst, security administrator, systems administrator, to name a few of the multiple areas of IT in which she has worked. Shana is a member of the International Information Systems Security Certification Consortium and is a Certified Information Systems Security Professional.  She is also a member of Information Systems Auditing Control Association’s international and Virginia chapters and holds a both Certified Information Systems Auditor and Certified in Risk and Information Systems Control certifications.  She is also CompTIA Security+ certified and a Microsoft Certified Professional. Resources and sites mentioned: haveibeenpwned.com Time Based Security (Book) Girls Who Code: website / @GirlsWhoCode (Twitter) / Facebook Women’s Society of Cyberjutsu: website / @WomenCyberjutsu (Twitter) / Facebook Women in Cybersecurity (WiCyS) Conference: website Nation Center for Women & information Technology: website / @NCWIT (Twitter) / Facebook Women in Technology: website / @WITWomen (Twitter) Black Girls Code: website / @BlackGirlsCode (Twitter) / Facebook National Black Data Processing Association: website / @BDPA (Twitter) / Facebook PASSWORD BLOG LINKS: AlienVault Hosted Locally on Advanced Persistent Security WI-FI BLOG LINK: AlienVault Hosted Locally on Advanced Persistent Security POWERSHELL LINK: AlienVault Hosted Locally on Advanced Persistent Security Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name
SANS Top 20 Critical Security Controls 13-16 The SANS SANS Top 20 Critical Security Controls are an industry and (for the most part) vendor neutral set of controls that organizations are encouraged to implement to ensure they are cognizant of security issues and can respond accordingly. This episode deals exclusively with the fourth 4 (Numbers 13-16) controls in-depth, so to not overwhelm listeners with what is shaping up to be a nearly 3 hour podcast. If you want to discuss how Advanced Persistent Security can help you implement the SANS Top 20 Critical Security Controls, please contact Advanced Persistent Security Sales. Content This week, we begin to discuss the SANS Top 20 Critical Security Controls, this week we cover the following 4 Controls: SANS Top 20 Critical Security Controls, #13: Boundary Defense SANS Top 20 Critical Security Controls, #14: Maintenance, Monitoring, and Analysis of Audit Logs SANS Top 20 Critical Security Controls, #15: Controlled Access Based on the Need to Know SANS Top 20 Critical Security Controls, #16: Account Monitoring and Control DISCLAIMER: Aside from receiving training from SANS and holding a certification from their partner organization, GIAC, neither Advanced Persistent Security nor myself, Joe Gray are affiliated with SANS. This podcast is authorized via SANS open use clause and is not officially authorized by SANS. There is no compensation to Advanced Persistent Security nor myself, Joe Gray for doing this podcast. The purpose is to increase awareness using open frameworks. If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Be sure to subscribe to this podcast and to our Blog. References NIST SP 800-53 Revision 4 SANS Top 20 Critical Security Controls Enter your email address: Delivered by FeedBurner Subscribe to our mailing list * indicates required Email Address * First Name Last Name // <![CDATA[ (function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true); // ]]></script> // <![CDATA[ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-67054607-1', 'auto'); ga('send', 'pageview'); // ]]></script>
SANS Top 20 Critical Security Controls 1-4 The SANS SANS Top 20 Critical Security Controls are an industry and (for the most part) vendor neutral set of controls that organizations are encouraged to implement to ensure they are cognizant of security issues and can respond accordingly. This episode deals exclusively with the first 4 controls in-depth, so to not overwhelm listeners with what is shaping up to be a nearly 3 hour podcast. If you want to discuss how Advanced Persistent Security can help you implement the SANS Top 20 Critical Security Controls, please contact Advanced Persistent Security Sales. Content This week, we begin to discuss the SANS Top 20 Critical Security Controls, this week we cover the following 4 Controls: SANS Top 20 Critical Security Controls, #1: Inventory of Authorized and Unauthorized Devices SANS Top 20 Critical Security Controls, #2: Inventory of Authorized and Unauthorized Software SANS Top 20 Critical Security Controls, #3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers SANS Top 20 Critical Security Controls, #4: Continuous Vulnerability Assessment and Remediation The Center for Internet Security Benchmarks Program The NIST National Checklist Program DISCLAIMER: Aside from receiving training from SANS and holding a certification from their partner organization, GIAC, neither Advanced Persistent Security nor myself, Joe Gray are affiliated with SANS. This podcast is authorized via SANS open use clause and is not officially authorized by SANS. There is no compensation to Advanced Persistent Security nor myself, Joe Gray for doing this podcast. The purpose is to increase awareness using open frameworks. If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Be sure to subscribe to this podcast and to our Blog. References NIST SP 800-53 Revision 4 SANS Top 20 Critical Security Controls Enter your email address: Delivered by FeedBurner Subscribe to our mailing list * indicates required Email Address * First Name Last Name // <![CDATA[ (function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true); // ]]></script> // <![CDATA[ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-67054607-1', 'auto'); ga('send', 'pageview'); // ]]></script>
Help families Affected by the Smoky Mountain Wildfires If you’re a regular reader, you’ll know that I am not one to ask for help or money. I am not asking for money myself, but I am asking for help. As you may know, I am originally from Eastern Tennessee near the Great Smoky Mountains. They are ablaze right now. I am asking that if you’re able to do so financially, consider donating to help the families that lost their homes and everything during an already financially stressful time of year. I will update this list with resources as I receive them.   To assist families who have lost everything (including their homes), donate to Citizens National Bank branch Phone:865-453-9031 re: “City of Pigeon Forge Fire Relief Fund” #PrayForTheSmokies #PrayForGatlinburg#PrayforEastTennessee You can donate to the American Red Cross by Texting “REDCROSS” to 90999 to make a $10 donation. You may also mail checks to: 6921 MIddlebrook Pike Knoxville, TN 37909 You can donate to the Seymour Volunteer Fire Department here.   Ongoing Blog Post. H/T to WATE 6 On Your Side (http://wate.com/)
Intro to App Sec (with Frank Rietta) Advanced Persistent Security Podcast Episode 16 Guest: Frank Rietta August 29, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers Intro to App Sec (with Frank Rietta) Show Notes Part 1 We introduce Frank and discuss his background. We begin to discuss application security (App Sec) and how it plays into the cloud. We also provide a few cloud definitions Part 2 We discuss defense in Depth. We provide a definition and some applicable scenarios as to its use. We graze the surface on passwords, encryption, access controls, and training. We discuss training and events local to Atlanta and the Georgia area. Part 3 We discuss some scenarios we have seen or heard about in the security space and how they work or did not work. We also discuss the role of security in system development and the relationships between the business, security, developers, and dev ops. We discuss bug bounties on sites like HackerOne and BugCrowd. We introduce the following lists to help security professionals and developers alike: OWASP Top 10 OWASP Application Security Standard Verification Standard (ASVS) Center for Internet Security (CIS) Critical Security Controls (formerly the SANS Top 20) Cloud Security Alliance (CSA) Treacherous 12  Frank Rietta About Frank Mr. Rietta’s role in Rietta Inc is to ensure that your project is designed for security and speed. With over 16 years of career experience, he is specialized in working with startups, new Internet businesses, and in developing with the Ruby on Rails platform to build scalable businesses. He is a computer scientist with a Masters in Information Security from the College of Computing at the Georgia Institute of Technology. Frank is a public speaker, teaching about data breaches and information security topics. You can also follow him on Twitter or LinkedIn using the links below. Contacting Frank: Twitter: @frankrietta Email: frank@rietta.com LinkedIn Website: www.rietta.com Learning Center Frank’s Book Recommendations Software Security: Building Security In The Tangled Web: A Guide to Securing Modern Web Applications Gary McGraw’s Cigital Silver Bullet Podcast Announcements and Resources Advanced Persistent Security has partnered with the EC-Council to provide a discounted EC-Council Training Event to our readers and listeners. The codes are only good for the Hacker Halted event in Atlanta, GA September 11-14 and 15-16, 2016. Below are the codes, if you have any questions, Contact Us. Password Blog Links: AlienVault Hosted Locally on Advanced Persistent Security Vulnerable Web Applications for Learning: OWASP Maintains a list here. Conferences Mentioned: Security Onion Conference: Friday, September 9, 2016 from 7:30 AM to 5:00 PM (EDT) Augusta University Jaguar Student Activity Center (JSAC) Ballroom 2500 Walton Way Augusta, GA 30904 BSides Augusta: September 10, 2016 at 7:45 AM J. Harold Harrison MD, Education Commons 1301 R.A. Dent Blvd Augusta, GA 30901 SEPTEMBER 11TH-14TH, 2016 $1,999 Courses if you register using discount code: HHAPSTRN Choose one of the following courses and exams: Certified Ethical Hacker (C|EH)* Computer Hacking Forensic Investigator (C|HFI)* Certified Security Analyst (E|CSA/L|PT)* Certified Chief Information Security Officer (C|CISO)* All courses include: Official Courseware 1 Complimentary Exam Voucher Certificate of attendance Lunch and coffee breaks throughout the duration of the training Complimentary Pass to Hacker Halted – Atlanta conference (September 15 & 16) September 15-16, 2016 *Individual conference passes can be purchased for $35 (down from $199) Use code: HHAPSCON Instructions for registration: 1) Click here 2) Fill in all the necessary info 3) Enter Qty (1) for conference pass – public 4) Enter promotional code HHAPSCON (for $35 Conference Passes) HHAPSTRN (for $1,999 Courses) Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern. Enter your email address: Delivered by FeedBurner Subscribe to our mailing list * indicates required Email Address * First Name Last Name // <![CDATA[ (function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true); // ]]></script> // <![CDATA[ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-67054607-1', 'auto'); ga('send', 'pageview'); // ]]></script>
OSINT Framework (WITH Justin Nordine) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 29 GUEST: Justin Nordine December 19, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers OSINT Framework (WITH Justin Nordine) SHOW NOTES PART 1 Instead of discussing the news, we decided to talk about Josh Huff‘s recent OSINT Fire Drills: Monitoring the Internet blog post. We discuss his approach in evaluating change detection and his use of and testing of a variety of tools. Joe also relates this to contingency and redundancy. We talk about when testing of new tools is appropriate and when it is not. We discussed Josh’s DerbyCon talk. The discussion shifted to the breadth of OSINT and the integration of OSINT into Penetration Testing and Red Teaming. PART 2 Justin talks about the origins of OSINT Framework. It began as a project with some of his co-workers. We talk about the change detection tools within OSINT Framework and some case studies relative to Josh’s blog post. We discuss the use of typo squatting for OSINT and Social Engineering as well malicious use. We talk about contributing information to threat intelligence feeds like AlienVault Open Threat Exchange (OTX). OSINT and the election is covered in terms of the misinformation campaigns and candidates using OSINT to better understand their constituents. PART 3 We talk about analyzing Metadata. Justin provides examples of scraping metadata from pictures on websites like Facebook or Craigslist. He talks about sites now removing or obfuscating metadata to protect users. We discuss use cases for malicious software from the attacker and defender perspectives, when to scan your own files for exploitation (thus burning them) versus keeping them. The discussion shifts to Operations Security (OPSEC). We discuss persona generation and when to employ it. Joe mentions Riffle as a Tor alternative. Riffle Information: Tech Crunch article about Riffle Riffle ABOUT Justin Justin Nordine Justin is a “Cyber Pathologist” by day. He holds various SANS/GIAC certifications. He is active in the lock picking and lock sports communities. He is the author of OSINTFramework. He resides somewhere in the Carolinas. CONTACTING Justin: Twitter: @jnordine OSINT Framework GitHub: Lock Fale PASSWORD BLOG LINKS: AlienVault Hosted Locally on Advanced Persistent Security WI-FI BLOG LINK: AlienVault Hosted Locally on Advanced Persistent Security POWERSHELL LINK: AlienVault JOE’S BLOG ON ITSP: When Friendly Thermostats & Toasters Join The IoT Dark Side Joe’s Blog on Tripwire: Burgling From an OSINT Point of View Joe’s Blogs on Sword & Shield Enterprise Security’s site: Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce Holiday Shopping Safety Series: Holiday Scams and Hoaxes Joe’s Work with WATE 6 News in Knoxville, TN: Shopping online safely this holiday season iPhone scam uses text messages to hack iCloud information Maryville hacker takes over Facebook accounts Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name
Shoulders of Infosec (with Jack Daniel) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 20 GUEST: Jack Daniel SEPTEMBER 26, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers I apologize for my voice and coughing, I was fighting off some “crud.” Shoulders of Infosec (with Jack Daniel) SHOW NOTES PART 1 I introduced Jack and we discussed his Hacker Halted talk and Shoulders of Infosec. We talk about buzzword reuse and the challenges that infosec people face. Jack talks about how to react to and talk to the business unit as a security professional. Joe channels his inner Kenny Rogers in The Gambler, “You have to know when to hold ’em and know when to fold ’em.” We transition into a discussion about passwords and password managers. We also discuss prioritizing security from the perspective of budget, effort, and business. PART 2 Jack tells us what is bothering him (he gets wound up easily). The inability to see the world views of others bothers Jack. Joe and Jack talk about security elitism and those who believe that people who don’t write code can’t be security people and the frustrations with that belief. Jack provides his advice to the up and coming infosec people. We talk about certifications vice experience vice studying to learn. Jack mentions phosgene gas and reminds Joe of his Navy days aboard a submarine. Jack affirms that pen testing is not the end all/be all of working in infosec. Take technical writing classes!  PART 3 Jack says goodbye and provides more information about Shoulders of Infosec. He gives us links to his social media and other endeavors. Jack tells us about his “Infosec Survival Skills” talks coming up as well as other topics he is passionate about. About Jack Jack Daniel Jack Daniel works for Tenable Network Security, has over 20 years’ experience in network and system administration and security, and has worked in a variety of practitioner and management positions. A technology community activist, he supports several information security and technology organizations. Jack is a co-founder of Security BSides, serves on the boards of three Security BSides non-profit corporations, and helps organize Security B-Sides events. Jack is a frequent speaker at technology and security events and is a co-host on the award-winning Security Weekly Podcast. An early member of the information security community on Twitter, Jack is an active and vocal Twitter user. Jack is a CISSP, holds CCSK, and is a Microsoft MVP for Enterprise Security. ABOUT Shoulders of Infosec One of the key projects Jack is involved in today is Shoulders of Infosec. “If I have seen further it is by standing on the shoulders of giants” Most famously attributed to Sir Isaac Newton, this quote reflects the sentiment of this project. All of us in the field of information security stand on the shoulders of giants, this project is dedicated to shining a light on those shoulders- the the known and unknown. This blog will primarily be used for updates and announcements, most of the content will be on a wiki at wiki.shouldersofinfosec.org. CONTACTING Jack: Twitter: @jack_daniel Twitter: @InfosecNoir Website: Shoulders of Infosec Security BSides Security Weekly (Podcast) Uncommon Sense Security Blog Traveling Curmudgeon Blog (Jack’s Travels) PASSWORD BLOG LINKS: AlienVault Hosted Locally on Advanced Persistent Security WI-FI BLOG LINK: AlienVault Hosted Locally on Advanced Persistent Security Powershell LINK: AlienVault The Zen of Python To recreate this, type: python import this Beautiful is better than ugly. Explicit is better than implicit. Simple is better than complex. Complex is better than complicated. Flat is better than nested. Sparse is better than dense. Readability counts. Special cases aren’t special enough to break the rules. Although practicality beats purity. Errors should never pass silently. Unless explicitly silenced. In the face of ambiguity, refuse the temptation to guess. There should be one– and preferably only one –obvious way to do it. Although that way may not be obvious at first unless you’re Dutch. Now is better than never. Although never is often better than *right* now. If the implementation is hard to explain, it’s a bad idea. If the implementation is easy to explain, it may be a good idea. Namespaces are one honking great idea — let’s do more of those! Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name
OSINT Techniques (with Michael Bazzell) Advanced Persistent Security Podcast Episode 40 Guest:Michael Bazzell March 30, 2018 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers OSINT Techniques (with Michael Bazzell) Show Notes In this episode, we introduce Caroline Stephens as a new co-host. Our guest, Michael Bazzell discusses his background in OSINT; how he got into OSINT and why he wrote his first book as well as his new book Open Source Intelligence Techniques (6th Edition). Michael talks about what has changed in OSINT since 2001 in terms of collecting everything then versus filtering as much as possible now. We discuss automating OSINT and Buscador Linux. We go over a few tools that we like to use – Recon-ng, Datasploit, and Buscador. Maltego came up and we discuss our use and reservations of usage. On the topic of Buscador, Michael discusses how it came about, his collaboration with David Wescott, and the need for a linux based OSINT virtual machine. Joe and Michael discuss the ethical requirements and implications of collecting and usage of data gathered using OSINT techniques. Michael talks about his commitment to OPSEC (Operations Security) when working on OSINT investigations. We talk about proactive OSINT and Privacy; the offense and defense. Facebook Live is discussed. Michael and Joe also talk about spoofing location information and the impact of using a VPN on a cell phone. The usage of Michael’s tools for law enforcement and the media is discussed. Michael tells us about his experience working on Mr. Robot. ABOUT Michael Michael Bazzell spent 18 years as a government computer crime investigator. During the majority of that time, he was assigned to the FBI’s Cyber Crimes Task Force where he focused on computer crime investigations. As an active investigator, he has been involved in numerous major criminal investigations including online child solicitation, child abduction, kidnapping, cold-case homicide, terrorist threats, and computer intrusions. He has trained thousands of individuals in the use of his investigative techniques. He also served as the technical advisor for the television hacker drama “Mr. Robot”. His books “Open Source Intelligence Techniques” and “Hiding from the Internet” have been best sellers in both the United States and Europe. Michael currently works and resides in Washington, D.C. Contacting Michael: Twitter: @inteltechniques Web: inteltechniques.com Books: Open Source Intelligence Techniques 6th Edition Hiding From the Internet Complete Privacy and Security Desk Reference Volume 1: The Digital Outsmarting Your Kids Online: A Safety Handbook for Overwhelmed Parents Personal Digital Security: Protecting Yourself from Online Crime Podcast: Complete Privacy and Security Podcast Contacting David: Twitter: @aptnotes Contacting Caroline: Twitter: @cxstephens Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name
Have I Been Pwned (with Troy Hunt) Advanced Persistent Security Podcast Episode 19 Guest: Troy Hunt September 19, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers Have I Been Pwned (with Troy Hunt) Show Notes Part 1 I introduced Troy and he discussed his background. We discussed Intel selling McAfee. Troy does not see any major impacts on the landscape of anti-malware. Joe talks about the decline of anti-virus and the rise of Endpoint (Incident) Detection and Response (EDR/IDR) software. Troy mentions User Behavior Analytics (UBA) and the resurgence we are seeing and why. We then moved onto a discussion about President Obama appointing a CISO for the United States. Troy talks about the level of relevance this puts on Information and Cyber Security and how it ties into Critical Infrastructure. In terms of Critical Infrastructure, we discussed the problems with the voter registration databases and not being considered “protected information.” We transition to further discuss the Filipino election commission and Australian census attacks. We discussed how/why people around the age of 16 are successful in conducting cyber attacks. Part 2 We delve into how and why Troy created Have I Been Pwned. Troy was working to determine trends in data breaches. He reveals that he actually wrote most of it flying on a plane to the Philippines. He talks about flagging sensitive accounts and requiring verification before seeing if a user is on some breaches, like Ashley Madison or Brazzers. Troy reveals that he uses donations to keep Have I Been Pwned running. Troy talks about how he uses OSINT to discover information for Have I Been Pwned. Part 3 Troy tells Joe about the Dropbox data leak. He reiterates that it is a “mega leak” and talks about the correlation between it and the Tumblr, Myspace, and LinkedIn leaks also from 2012. He discusses differences in the hashing algorithms used in the Dropbox leak and how hard some hashes were to break while others were incredibly simple. Troy reveals that someone tried to DDoS his site. The conversation transitions to a discussion about password managers/vaults and Troy’s thoughts about the NIST Password recommendations. We vent about issues with passwords on websites and errors in planning on web sites such as length discrepancies and restricting characters.  We discuss the Brazzers leak and transition to talking about bug bounties. Troy Hunt About Troy Troy Hunt is an Australian Microsoft Regional Director and also a Microsoft Most Valuable Professional for Developer Security. He does not work for Microsoft, but they’re kind enough to recognize his community contributions by way of their award programs which he has been an awardee of since 2011. Troy gets to interact with some fantastic people building their best products and then share what he knows about creating secure applications for the web with the broader community. Pluralsight Troy is a Pluralsight author of many top-rating courses on web security and other technologies. There’s no better way to get up to speed on a topic quickly than through professional training that you can take at your own pace. As both an author and a student, Troy has nothing but positive things to say about the breadth and quality of Pluralsight courses. Pfizer For fourteen years prior to going fully independent, Troy worked at Pfizer with the last seven years being responsible for application architecture in the Asia Pacific region. Time spent in a large corporate environment gave Troy huge exposure to all aspects of technology as well as the diverse cultures his role spanned. Many of the things Troy teaches in post-corporate life are based on these experiences, particularly as a result of working with a large number of outsourcing vendors across the globe. For more corporatey background, there’s always his LinkedIn profile.  About Have I been pwned One of the key projects Troy is  involved in today is Have I been pwned? (HIBP), a free service that aggregates data breaches and helps people establish if they’ve been impacted by malicious activity on the web. As well as being a useful service for the community, HIBP has given Troy an avenue to ship code that runs at scale on Microsoft’s Azure cloud platform, one of the best ways we have of standing up services on the web today. Contacting Troy: Twitter: @troyhunt Website: http://troyhunt.com Have I been pwned? Troy’s Have I Been Pwned Donation page Password Blog Links: AlienVault Hosted Locally on Advanced Persistent Security Wi-Fi Blog Link: AlienVault Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern. Enter your email address: Delivered by FeedBurner Subscribe to our mailing list * indicates required Email Address * First Name Last Name  
BSides Atlanta (with Martin Fisher) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 22 GUEST: Martin Fisher October 17, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers BSides Atlanta (with Martin Fisher) SHOW NOTES Apology: Unbeknownst to us, we encountered sound distortion issues around the 3:30 to 5:15 mark and some sound overlapping later in the podcast. I apologize immensely for this. I am in the process of upgrading my recording equipment to a more professional set up to  get away from relying on software to record. Your ears do not deceive you, Armor Guy, Martin Fisher is on Advanced Persistent Security Podcast. Joe introduces Martin and we kick off the conversation about BSides Atlanta. Here is a quick Q&A: Are BSides Atlanta Tickets sold out? Yes, but more may open up closer to the time of the event. Follow the Twitter feed to check for continuing updates. What do you have to pay for? Parking. Pay for Atlanta Tech Village parking. It’s $6 at ATV, vice getting booted for $75+. Are CPEs available for attending the event? Yes. Take the form from the site (below) to the event. Are there any volunteering opportunities? Not at this time. The response was excellent. When will the speaker list be out? Within about 10 days of the event. <h2″>ABOUT Martin Martin Fisher Martin is a seasoned and experienced information security executive with experience in the healthcare, commercial aviation, and finance sectors. His passion is to build high performing teams that, in turn, build excellent programs that add capability and value to the larger organization. He believes in programs that create guardrails – enabling business to change as quickly as needed without driving off a cliff – and not speed bumps that only hinder the velocity of valuable change and only detract from value. He has been co-host of the award nominated Southern Fried Security Podcast since January 2010. The podcast focuses on issues of information security management and leadership and has, since its inception, delivered over 200,000 episode downloads to listeners. Martin was honored to be a 2014 Information Security Executive of the Year Southeast nominee. Resources and sites mentioned: Security BSides BSides Atlanta: Twitter / Website Twitter: @armorguy Podcast: @sfspodcast Southern Fried Security Podcast PASSWORD BLOG LINKS: AlienVault Hosted Locally on Advanced Persistent Security WI-FI BLOG LINK: AlienVault Hosted Locally on Advanced Persistent Security POWERSHELL LINK: AlienVault Hosted Locally on Advanced Persistent Security Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name
Mobile Insecurity (with Georgia Weidman) Advanced Persistent Security Podcast Episode 11 Guest: Georgia Weidman April 26, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. Mobile Insecurity Show Notes Everyone wants to think about how secure they are. This podcast flips the script and assesses insecurity, specifically Mobile Insecurity. We discuss issues within the mobile computing ecosystem. Part 1 Introductions and Current Event Current Event: Apple Quick Time and why could it not have been Flash. Georgia’s dad still uses Microsoft XP and won’t connect his printer to the network. Part 2 Georgia delivers her “Mobile Insecurity” talk and we discuss issues in the mobile threat landscape and possible mobile issues. Mobile Malware, Ransomware, and MDM are discussed. Issues within the actual mobile Operating Systems are discussed briefly. Joe asks if Georgia sees mobile devices distributing Ransomware and Malware to cars. Part 3 Quick banter of Apple vs FBI and the implications of the precedent both attempted and actually set. Part 4 Goodbyes and How to Contact Georgia About Georgia: Georgia Weidman Shevirah founder and CEO Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She holds a MS in computer science as well as holding CISSP, CEH, and OSCP certifications. Her work in the field of smartphone exploitation has been featured internationally in print and on television. She has provided training at conferences such as Blackhat USA, Brucon, and CanSecWest. Georgia founded Bulb Security LLC, a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security culminating in the release of the open source project the Smartphone Pentest Framework (SPF). She founded Shevirah Inc. to create product solutions for assessing and managing the risk of mobile devices in the enterprise and testing the effectiveness of enterprise mobility management solutions and is a graduate of the Mach37 cybersecurity accelerator. She is the author of Penetration Testing: A Hands-On Introduction to Hacking from No Starch Press. She was the recipient of the 2015 Women’s Society of CyberJutsu Pentest Ninja award. She is on the board of advisors of the angel backed security training startup Cybrary and the nonprofit Digital Citizens Alliance. “There’s always going to be vulnerabilities” – Georgia Weidman Contacting Georgia: www.bulbsecurity.com www.shevirah.com (Coming Soon) Twitter: @georgiaweidman Penetration Testing:A Hands On Introduction Hacking is her book From the Publisher at https://www.nostarch.com/pentesting. If you buy it directly from No Starch Press you get a discount with the code GEORGIA. APS Blog Posts MedStar Health Cybersecurity Fails to Prevent Attack Adobe Patches Exploited Vulnerability Ransomware Locks MBR Iranian hackers hit with Federal charges Spear Phishermen Target Corporate W-2 Data Google Fixes Kernel Vulnerability 4 Things to Know About Ransomware Ransomware Hits Mac Computers IRS Targeted in Another Cyberattack Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.   If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern. Enter your email address: Delivered by FeedBurner Subscribe to our mailing list * indicates required Email Address * First Name Last Name // <![CDATA[ (function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true); // ]]></script> // <![CDATA[ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-67054607-1', 'auto'); ga('send', 'pageview'); // ]]></script>
This week in Security: October 20, 2015 This week, we discuss the Adobe Flash, Google Android Zero Day, and Cyberwar esclations. We recap the blogs and I add a little information and perspective. This is a work in progress. The only way to improve at podcasting is to do it more. I will be applying my knowledge of security, coupled with my teaching experience to create valuable IT and Cyber Security podcasts as time progresses. Related Blogs: Why The Future of Android Depends on Security Cyberwar Begins New Arms Race Latest Bug for Adobe Flash the Nail in the Coffin?   If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Be sure to subscribe to this podcast and to our Blog. Enter your email address: Delivered by FeedBurner Subscribe to our mailing list * indicates required Email Address * First Name Last Name // <![CDATA[ (function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true); // ]]></script> // <![CDATA[ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-67054607-1', 'auto'); ga('send', 'pageview'); // ]]></script>
THREAT INTELLIGENCE (WITH Rob Gresham) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 36 GUEST:Rob Gresham February 13, 2017 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers Threat Intelligence (WITH Rob Gresham) SHOW NOTES PART 1 Joe introduces Rob Gresham. Rob explains the Intel/McAfee/Foundstone dynamic. Rob tells us about the 6 degrees of Foundstone and the associated businesses and people. We recall and discuss SuperScan. We cover Threat Hunting in terms of what it is and it is not. Rob explains that Threat Hunting is learning YOUR ENVIRONMENT and determining when/where/how to meet the enemy.  Joe characterizes it as “Purple Teaming.” Rob provides an application of the Scientific Method using hypotheses to evaluate purple teaming. Rob stresses to not be Elmer Fudd. Joe postulates IT F.U.D. (Fear, Uncertainty, Doubt, Elmer’s nephew).  Rob talks about attribution versus retribution. We talk about APTs and motivations of other types of attackers. Social Media as C2 (Command and Control) is discussed. We discuss the identification of Indicators that can be used in an actionable context. Joe gets on his training and awareness soapbox. The Cyber Kill Chain makes an appearance in regards to the applicability in network defense. PART 2 Rob tells us about MITRE and CVEs (Common Vulnerabilities and Exposures). He tells us about Adversarial Tactics Techniques And Common Knowledge  (ATTACK). Rob talks about actionable intelligence vice merely feeds or the tool de jour. Joe goes on his rant about the fallacy of silver bullet solutions. Rob talks about robust and elastic incident response planning. He tells us about adaptive and active containment.We talk about vendor diversity and the coverage in threat mitigation and identification. Rob talks about the level of influence and integration that machine learning has with antivirus companies like McAfee and Symantec. Rob brings the Pyramid of Pain into the discussion. ABOUT Rob Rob Gresham has extensive experience executing and instructing on cyber threat intelligence. Primarily on the information flow and analysis of operational, strategic and tactical cyber intelligence. He has extensive experience building data centers and enterprise environments with the proper security architecture and robust designs that enable business security needs and maturity over time with less rework. With  extensive experience, Rob investigates compromised systems, performs memory analysis and determines the scope of the breach. Rob has a perceptive talent for visualizing processes, workflows and procedures which has help tremendously when designing SOC process framework. He has successfully built security response teams that provide incident response for SOCs and critical infrastructure and key resource restoration teams. CONTACTING Rob: Twitter: @rwgresham LinkedIn Team Email: foundstone@intel.com Webinar JOE’S Second BLOG ON CISOCAST CISOCast JOE’S Social Engineering BLOG ON Black Hills Information Security Black Hills Information Security JOE’S AlienVault Blog about Insider Threat AlienVault Hosted Locally on Advanced Persistent Security JOE’S Sword & Shield BLOG Post Sword & Shield Blog Hosted Locally on Advanced Persistent Security JOE’S First BLOG ON CISOCast CISOCast Hosted Locally on Advanced Persistent Security Joe’s Blog on Jenny Radcliffe’s Deception Chronicle Jenny Radcliffe’s Deception Chronicles Hosted Locally on Advanced Persistent Security Joe’s Dyn DDOS Blog on Tripwire: Tripwire Hosted Locally on Advanced Persistent Security Joe’s Ranking in the AlienVault Top Blogs of 2016: AlienVault Hosted Locally on Advanced Persistent Security PASSWORD BLOG LINKS: AlienVault Hosted Locally on Advanced Persistent Security WI-FI BLOG LINK: AlienVault Hosted Locally on Advanced Persistent Security POWERSHELL LINK: AlienVault JOE’S BLOG ON ITSP: When Friendly Thermostats & Toasters Join The IoT Dark Side Joe’s Blog on Tripwire: Burgling From an OSINT Point of View Joe’s Blogs on Sword & Shield Enterprise Security’s site: Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce Holiday Shopping Safety Series: Holiday Scams and Hoaxes Joe’s Work with WATE 6 News in Knoxville, TN: Shopping online safely this holiday season iPhone scam uses text messages to hack iCloud information Maryville hacker takes over Facebook accounts Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name
Holiday Special (with Tracy Z. Maleeff) Advanced Persistent Security Podcast Episode 28 Guest: Tracy Z. Maleeff December 12, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers HOLIDAY SPECIAL (WITH TRACY Z. MALEEFF) Part 1 We did a quick review of Tracy’s (@InfoSecSherpa) background and entry into Information Security (InfoSec.) She is a returning guest to the podcast. Hear her first appearance here. We discussed the UK reopening Bletchley Park as a cybersecurity school. Tracy told us about her uncle that did similar things in the US to Bletchley Park during World War II. We then discussed basic advice to prevent phishing and improve personal information security. Part 2 We discussed Violet Blue‘s article, “Six Gifts for Your Paranoid Friends and Family.” One we discussed in-depth was the “USB Condom.” This device is capable of blocking unsolicited synchronizing and buffering against malware infections. Tracy liked the RFID blocking wallet. We discussed the TOOOL‘s lock picking kit (Note: check your state for legality here). Next, we discussed the Onion Pi. This is a Raspberry Pi with Tor enabled for a secure proxy. The conversation briefly went on a tangent to discuss the MIT Riffle. Part 3 As a contrast to the previous segment, Joe talked about some gifts he would like. He would really like Santa to bring him Hak5’s field kits. They contain “Rubber Duckies,” “LAN Turtles,” “Wi-Fi Pineapples (Nano and Tetras),” and an RF Hacking kit. Many of these were seen on the “Mr. Robot” TV show — guaranteed to make your friends and family paranoid! About Tracy Tracy Z. Maleeff Tracy is an independent information professional providing research and social media consulting, with a focus on information security. She is a frequent presenter about best practices of data mining from social media, professional networking, and introduction to information security topics. Tracy has 15 years of experience as a librarian in academia, corporate, and law firm industries and earned a Master of Library and Information Science from the University of Pittsburgh. She is the Principal of Sherpa Intelligence LLC – your guide up a mountain of information. Contacting Tracy: Twitter: @infosecsherpa Email:  tracy@sherpaintel.com LinkedIn Website: http://sherpaintel.com/ PVC Sec Podcast:  www.pvcsec.com/ Link to Beginner’s Guide to Information Security: Kickstart your security career with insight from InfoSec experts (Book sourced from Peerlyst.com and mentioned in this podcast) Peerlyst: tracy-z-maleeff PASSWORD BLOG LINKS: AlienVault Hosted Locally on Advanced Persistent Security WI-FI BLOG LINK: AlienVault Hosted Locally on Advanced Persistent Security POWERSHELL LINK: AlienVault JOE’S BLOG ON ITSP: When Friendly Thermostats & Toasters Join The IoT Dark Side Joe’s Blog on Tripwire: Burgling From an OSINT Point of View Joe’s Blogs on Sword & Shield Enterprise Security’s site: Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce Holiday Shopping Safety Series: Holiday Scams and Hoaxes Joe’s Work with WATE 6 News in Knoxville, TN: Shopping online safely this holiday season iPhone scam uses text messages to hack iCloud information Maryville hacker takes over Facebook accounts Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name
Brakeing Down the Advanced Persistent Security Podcast Holiday Special and Book CLub Kickoff Make sure you’re wearing your ugly Christmas Sweater and have a glass of eggnog when you enjoy this special episode. A Joint PODCAST with Brakeing Down Security (With Bryan Brake and Brian (mr.) Boettcher, Featuring Dr. Gary McGraw) December 3, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers BRAKEING DOWN THE ADVANCED PERSISTENT SECURITY PODCAST HOLIDAY SPECIAL AND BOOK CLUB KICKOFF SHOW NOTES As part of Brakeing Down Security’s ongoing discussion about the #SDLC and getting security baked in as far left as possible, Bryan, Mr. Boettcher, and I sat down with Dr. Gary McGraw, author of “Software Security: Building Security In” to discuss his book, which we are doing in the Brakeing Security Book Club (check out both Brakeing Down Security‘s and our #Slack channel for more information!) Gary walks us through the 7 Kingdoms of getting more security in, including doing automated and manual code audits, proper penetration testing of the application at various stages (testing), documentation (if you don’t know it works, how can you test it?), and your Security Operations people, monitoring for things once it goes into production. Join Bryan, Mr. Boettcher, and I for a discussion with a true leader in the software and application security industry. ABOUT Gary McGraw Dr. Gary McGraw, CTO, Cigital Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area and thirteen offices throughout the world. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series.  Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for SearchSecurity and Information Security Magazine, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Dasient (acquired by Twitter), Fortify Software (acquired by HP), Raven White, Invotas, and Max Financial. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics.  Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by SearchSecurity). CONTACTING Dr. McGraw: Twitter: @cigitalgem Company: www.cigital.com Podcast: www.cigital.com/silverbullet Blog: www.cigital.com/blog Book: www.swsec.com Personal: www.garymcgraw.com Dr. McGraw’s Books: Software Security: Building Security In Exploiting Software: How to Break Code Building Secure Software: How to Avoid Security Problems the Right Way (Discussed on the show and part of the Brakeing Down Security Book Club; considered by many to be a seminal text in application security) PASSWORD BLOG LINKS: AlienVault Hosted Locally on Advanced Persistent Security WI-FI BLOG LINK: AlienVault Hosted Locally on Advanced Persistent Security POWERSHELL LINK: AlienVault JOE’S BLOG ON ITSP: When Friendly Thermostats & Toasters Join The IoT Dark Side JOE’S BLOG ON TRIPWIRE: Burgling From an OSINT Point of View JOE’S BLOGS ON SWORD & SHIELD ENTERPRISE SECURITY’S SITE: Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce Holiday Shopping Safety Series: Holiday Scams and Hoaxes Joe’s Work with WATE 6 News in Knoxville, TN: Shopping online safely this holiday season iPhone scam uses text messages to hack iCloud information Maryville hacker takes over Facebook accounts Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name
Killing the Pen Test & BSides Knoxville (with Adrian Sanabria) Advanced Persistent Security Podcast Episode 44 Guests: Adrian Sanabria April 26, 2018 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers Killing the Pen Test &amp; BSides Knoxville (with Adrian Sanabria) Show Notes In this episode, Joe is joined by Adrian Sanabria. Adrian is a co-organizer of BSides Knoxville and one of the founders of dc865. We discuss Adrian’s background in technology and how he came into security in the days before PCI. Adrian talks about his transition into working at 451 Research in terms of terminology and industry analysis. Joe and Adrian talk about Savage Security and RSA Conference. Adrian tells us about his (then forthcoming) presentation at RSA Conference. Adrian’s presentation is called It is Time to Kill the Pen Test and why it is important. He cites Haroon Meer’s Keynote at 44con in 2011 as a thought provoking idea that spawned this. Pen testing as a skill is not the problem, it is the service offering that is. Adrian cites inefficiencies like vulnerability scanning and reporting at the same rate as the test. We talk about the advanced attacks versus sticking to the basics. Adrian talks about prioritizing breach simulations and ransomware simulations over a pen test. We talk about the scoping documents of pen tests and how they are relative to actual attacks and their objectives. The fact that not all adversaries attempt to get domain admin, while others try to perform defacement or exfiltration. Adrian mentions Haroon’s quote: Pen testers are not emulating attackers. They are emulating other pen testers. Adrian talks about the lack of responsiveness of blue teams during pen tests. We talk about the mentality of many attackers of wanting to “pwn the world” vice enhance the security of an organization. Adrian calls for more “white box testing.” Joe mentions the lack of analysis of OSINT as another inefficiency in pen testing. We also discuss the fact that dwell time is so high that expecting a black box test is almost unrealistic. Adrian talks about some metrics associated with MSSPs detecting him when doing breach simulations. We talk about C2 and other indicators such as the use of TOR. We talk about how to make the industry better. About Adrian: Adrian Sanabria is Co-Founder and Director of Research at Savage Security. Sanabria’s past experience includes 13 years as a Defender and Consultant building security programs, defending large financial organizations and performing penetration tests. He has spent far more time dealing with PCI than is healthy for an adult male of his age. Sanabria learned the business side of the industry as a research analyst for 451 Research, working closely with vendors and investors. He is an outspoken researcher and doesn’t shy away from the truth or being proven wrong. Sanabria loves to write about the industry, tell stories and still sees the glass as half full. Contacting Adrian: Twitter: @sawaba Blog BSides Knoxville: Website Registration Date: May 18, 2018 Locations: Scruffy City Hall, Preservation Pub, Knoxville Entrepreneurial Center 8:00 AM – 6:00 PM   Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name
BSides Knoxville (with Roger Seagle) Advanced Persistent Security Podcast Episode 15 Guest: Roger Seagle May 18, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers. BSides Knoxville Show Notes BSides Knoxville co-organizer, Roger Seagle joins us to talk about security and his upcoming event BSides Knoxville. We discuss trends and happenings in security. our own backgrounds and opinions as well as what we are seeing in security. Part 1 We kick it off with an introduction of Roger and his background. He has a PhD in Computer Science from University of Tennessee and has worked for Cisco for around 10 years. We kick it off with some post-DBIR discussion about ransomware, phishing, and password management utilities. Part 2  We talk about threat hunting and the internet of things. We talk about the evolution of security processes and the moving target. We talk about what  trends we anticipate next. Part 3 We go over the history of BSides and over the talks at BSides Knoxville. Roger tells us about the tracks and the fact that there is something for everyone from beginner to expert. We discuss logistics, parking, and the ability to consume alcohol at the conference. Contacting Roger: Twitter: @rogwfu BSides Knoxville Twitter: @BSidesKnoxville (Use hash tag #BSK2016) BSides Knoxville Email: mailto:info@bsidesknoxville.com   Advanced Persistent Security has partnered with the EC-Council to provide a discounted EC-Council Training Event to our readers and listeners. The codes are only good for the Hacker Halted event in Atlanta, GA September 11-14 and 15-16, 2016. Below are the codes, if you have any questions, Contact Us: SEPTEMBER 11TH-14TH, 2016 $1,999 Courses if you register using discount code: HHAPSTRN Choose one of the following courses and exams: Certified Ethical Hacker (C|EH)* Computer Hacking Forensic Investigator (C|HFI)* Certified Security Analyst (E|CSA/L|PT)* Certified Chief Information Security Officer (C|CISO)* All courses include: Official Courseware 1 Complimentary Exam Voucher Certificate of attendance Lunch and coffee breaks throughout the duration of the training Complimentary Pass to Hacker Halted – Atlanta conference (September 15 & 16) September 15-16, 2016 *Individual conference passes can be purchased for $35 (down from $199) Use code: HHAPSCON Instructions for registration: 1) Click here 2) Fill in all the necessary info 3) Enter Qty (1) for conference pass – public 4) Enter promotional code HHAPSCON (for $35 Conference Passes) HHAPSTRN (for $1,999 Courses) Recent APS Posts Change Your Email Password Now! Qatar Bank Breached After Bangladesh Bangladesh Bank Loses 80 Million USD Ransomware Infects Android 4.x Spotify Allegedly Hacked…Again MedStar Health Cybersecurity Fails to Prevent Attack Ransomware Locks MBR Iranian hackers hit with Federal charges Spear Phishermen Target Corporate W-2 Data 4 Things to Know About Ransomware Ransomware Hits Mac Computers Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.   If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern. Enter your email address: Delivered by FeedBurner Subscribe to our mailing list * indicates required Email Address * First Name Last Name // <![CDATA[ (function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true); // ]]></script> // <![CDATA[ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-67054607-1', 'auto'); ga('send', 'pageview'); // ]]></script>
2017 Holiday Podcaster’s Podcast (NSF Kids/Work) ADVANCED PERSISTENT SECURITY   December 22, 2017 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this show are ours alone and do not reflect those of our employers 2017 HOliday Podcaster’s Podcast (NSF Kids/Work) SHOW NOTES SUPER NOT SAFE for kids (and probably adults, come to think of it). Really this is just us griping and remaining hopeful for industry. Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name
Lessons in Infosec (with Tracy Z. Maleeff) Advanced Persistent Security Podcast Episode 18 Guest: Tracy Z. Maleeff September 12, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers Lessons in Infosec (with Tracy Z. Maleeff) Show Notes Part 1 I introduced Tracy and she discussed her background and entry into Information Security (Infosec). She informed us about how what’s known as “Google Hacking” is actually an advanced research technique that librarians have used for a long time. We then transitioned into talking about training and breaking down the barriers to entry in Information Security. She told a story about someone she knows who had great concern about paying with debit cards in restaurants, but had no qualms using open Wi-Fi in a public place. We briefly talked about “Evil Twins” and general awareness. Part 2 We discussed more of the misinformation believed by people not in the Infosec industry. In another story, Tracy told about the time she met someone who believed that companies with open Wi-Fi are obligated to ensure safety and security of those who connect to it….and Joe nearly had a heart attack! We also talked about the motivations behind attacks. We advocated using the TV show “Mr. Robot” as a tool to help people understand the attacks that can be perpetrated by hackers as a part of an awareness program. Part 3 We described the upcoming Cybersecurity Awareness Month in October and the opportunities it offers train the communities around us. Tracy mentioned StaySafeOnline.org as a resource for awareness training. We further discussed open Wi-Fi. We also discussed a general evaluation of ways to stay secure in connecting to the internet while traveling, as well as the Opera browser’s new VPN service. We were not sure about the quality of it, but at the time of discussion, it seemed like a viable option over using no VPN at all. About Tracy Tracy Z. Maleeff Tracy is an independent information professional providing research and social media consulting, with a focus on information security. She is a frequent presenter about best practices of data mining from social media, professional networking, and introduction to information security topics. Tracy has 15 years of experience as a librarian in academia, corporate, and law firm industries and earned a Master of Library and Information Science from the University of Pittsburgh. She is the Principal of Sherpa Intelligence LLC – your guide up a mountain of information.             Contacting Tracy: Twitter: @infosecsherpa Email:  tracy@sherpaintel.com LinkedIn Website: http://sherpaintel.com/ PVC Sec Podcast:  www.pvcsec.com/ Link to Beginner’s Guide to Information Security: Kickstart your security career with insight from InfoSec experts (Book sourced from Peerlyst.com and mentioned in this podcast) Peerlyst: tracy-z-maleeff  Announcements and Resources Advanced Persistent Security has partnered with the EC-Council to provide a discounted EC-Council Training Event to our readers and listeners. The codes are only good for the Hacker Halted event in Atlanta, GA September 11-14 and 15-16, 2016. Below are the codes, if you have any questions, Contact Us. Password Blog Links: AlienVault Hosted Locally on Advanced Persistent Security   Wi-Fi Blog Link: AlienVault (Live after 9 am Eastern time (6 am Pacific) September 12, 2016)    SEPTEMBER 11TH-14TH, 2016 $1,999 Courses if you register using discount code: HHAPSTRN Choose one of the following courses and exams: Certified Ethical Hacker (C|EH)* Computer Hacking Forensic Investigator (C|HFI)* Certified Security Analyst (E|CSA/L|PT)* Certified Chief Information Security Officer (C|CISO)* All courses include: Official Courseware 1 Complimentary Exam Voucher Certificate of attendance Lunch and coffee breaks throughout the duration of the training Complimentary Pass to Hacker Halted – Atlanta conference (September 15 & 16) September 15-16, 2016 *Individual conference passes can be purchased for $35 (down from $199) Use code: HHAPSCON Instructions for registration: 1) Click here 2) Fill in all the necessary info 3) Enter Qty (1) for conference pass – public 4) Enter promotional code HHAPSCON (for $35 Conference Passes) HHAPSTRN (for $1,999 Courses) Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern. Enter your email address: Delivered by FeedBurner Subscribe to our mailing list * indicates required Email Address * First Name Last Name // <![CDATA[ (function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true); // ]]></script> // <![CDATA[ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-67054607-1', 'auto'); ga('send', 'pageview'); // ]]></script>
Infosec Thoughts (with Jayson E. Street & Tracy Maleeff) Advanced Persistent Security Podcast Episode 42 Guests: Jayson E. Street and Tracy “Infosec Sherpa” Maleeff April 12, 2018 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers Infosec Thoughts (with Jayson E. Street & Tracy Maleeff) Show Notes Segment 1 In this episode, Tracy and Joe introduce Jayson E. Street. Tracy mentions Jayson’s talk about failing from Tactical Edge conference. Joe and Tracy agree that people in infosec do not talk enough about their failures. Jayson talks about how to break into infosec. He shares how he would survey his defenses as a security guard (30 years ago) from the lens of someone who would be breaking in. Bad Guys will break in just like a red teamer, but they won’t give you a report to mitigate it. Brian Krebs should not be your IDS. Joe hits Jayson with a trick question about which language one should learn to break into infosec. Jayson passes the test with the answer of “English.” We continue down the rabbit hole of effective communications with regards to buzzwords and speaking the language of the audience. We talk about the use of the word “cyber” in the sense of cybersecurity in lieu of information security when speaking to the businesses. Segment 2 Tracy asks Jayson how to approach talking to non-technical, non-security people about the umbrella of information security relative to explaining the various types of security disciplines and the differences in each. Jayson levels with us with regards to the culture of information security based on his travels across the world. Jayson tells us how he would collect information about a company using OSINT to phish the company or gain unauthorized access. He encourages listeners to go out and speak to non-security groups to raise awareness across other verticals. kittenwar.com About Jayson Jayson E. Street Jayson E. Street is an Author of Dissecting the Hack: The F0rb1dd3n Network from Syngress. Also Creator of http://dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ’CONs and colleges on a variety of information security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of pizza from Beijing to Brazil. He does not expect anybody to still be reading this far, but if they are please note he was chosen as one of Time’s persons of the year for 2006. Contacting Jayson: Twitter: @jaysonstreet Awkward Hugs iRonin JaysonEStreet.com The Forb1dd3n Network Books Dissecting the Hack: The F0rb1dd3n Network Revised Dissecting the Hack: The V3rb0t3n Network About Tracy: Tracy Maleef Tracy Z. Maleeff is a Cyber Analyst in the Security Operations Center for global pharmaceutical company GSK. She holds a Master of Library and Information Science degree from the University of Pittsburgh. She has 15+ years’ experience as a law firm librarian and also worked as an independent consultant who specialized in social media, research, and Information Security awareness training. Tracy received the Wolters Kluwer Law & Business Innovations in Law Librarianship Award in 2016 and the Information Systems Security Association Women in Security Leadership Award in 2017. Tracy has presented at a variety of conferences including the Special Libraries Association, Security BSides, O’Reilly Security, and DEF CON’s Recon Village. Contacting Tracy: Twitter: @infosecsherpa Newsletter Website: Sherpa Intel Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name
Breaking Down the Inc Magazine Top 8 In this episode, we break down the Inc Magazine Top 8 cyber security mistakes executives make and how we can help to prevent them from occurring. This is intended as an informational podcast. Advanced Persistent Security can certainly help you and your organization avoid these costly mistakes. Contact us using the information below to discuss how we can help you. References: KPMG Study Inc Magazine article If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Be sure to subscribe to this podcast and to our Blog. Enter your email address: Delivered by FeedBurner Subscribe to our mailing list * indicates required Email Address * First Name Last Name // <![CDATA[ (function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true); // ]]></script> // <![CDATA[ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-67054607-1', 'auto'); ga('send', 'pageview'); // ]]></script>
This week in Security: September 8, 2015 Content This week in security, Ashley Madison data breach, the Jailbroken iPhone hack, and Netflix ceasing to use antivirus are discussed.We recap the blogs and I add a little information and perspective. This is a work in progress. The only way to improve at podcasting is to do it more. I will be applying my knowledge of security, coupled with my teaching experience to create valuable IT and Cyber Security podcasts as time progresses. If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Be sure to subscribe to this podcast and to our Blog. Enter your email address: Delivered by FeedBurner Subscribe to our mailing list * indicates required Email Address * First Name Last Name // <![CDATA[ (function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true); // ]]></script> // <![CDATA[ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-67054607-1', 'auto'); ga('send', 'pageview'); // ]]></script>
This week in Security: October 27, 2015 This week, we discuss the T-Mobile/Verizon Android LTE Security Vulnerability, Congress Attempting to Pass a Revamped CISPA, and CIA Director gets email hacked by a teenager. We recap the blogs and I add a little information and perspective. This is a work in progress. The only way to improve at podcasting is to do it more. I will be applying my knowledge of security, coupled with my teaching experience to create valuable IT and Cyber Security podcasts as time progresses. Related Blogs: T-Mobile/Verizon Android LTE Security Vulnerability Congress Pushes Revamped CISPA CIA Director Email Hacked by a Teen Links Mentioned in Podcast I will NOT be #22 I will NOT be #22 on Facebook I will NOT be #22 on Twitter I will NOT be #22 on Pinterest I will NOT be #22 on Instagram I will NOT be #22 Online Store If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Be sure to subscribe to this podcast and to our Blog. Enter your email address: Delivered by FeedBurner Subscribe to our mailing list * indicates required Email Address * First Name Last Name // <![CDATA[ (function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true); // ]]></script> // <![CDATA[ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-67054607-1', 'auto'); ga('send', 'pageview'); // ]]></script>
SANS Top 20 Critical Security Controls 9-12 The SANS SANS Top 20 Critical Security Controls are an industry and (for the most part) vendor neutral set of controls that organizations are encouraged to implement to ensure they are cognizant of security issues and can respond accordingly. This episode deals exclusively with the third 4 (Numbers 9-12) controls in-depth, so to not overwhelm listeners with what is shaping up to be a nearly 3 hour podcast. If you want to discuss how Advanced Persistent Security can help you implement the SANS Top 20 Critical Security Controls, please contact Advanced Persistent Security Sales. Content This week, we begin to discuss the SANS Top 20 Critical Security Controls, this week we cover the following 4 Controls: SANS Top 20 Critical Security Controls, #9: Security Skills Assessment and Appropriate Training to Fill Gaps SANS Top 20 Critical Security Controls, #10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches SANS Top 20 Critical Security Controls, #11: Limitation and Control of Network Ports, Protocols, and Services SANS Top 20 Critical Security Controls, #12: Controlled Use of Administrative Privileges DISCLAIMER: Aside from receiving training from SANS and holding a certification from their partner organization, GIAC, neither Advanced Persistent Security nor myself, Joe Gray are affiliated with SANS. This podcast is authorized via SANS open use clause and is not officially authorized by SANS. There is no compensation to Advanced Persistent Security nor myself, Joe Gray for doing this podcast. The purpose is to increase awareness using open frameworks. If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Be sure to subscribe to this podcast and to our Blog. References NIST SP 800-53 Revision 4 SANS Top 20 Critical Security Controls Enter your email address: Delivered by FeedBurner Subscribe to our mailing list * indicates required Email Address * First Name Last Name // <![CDATA[ (function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true); // ]]></script> // <![CDATA[ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-67054607-1', 'auto'); ga('send', 'pageview'); // ]]></script>
This week in Security: October 6, 2015 Content We discuss the recent attack on T-Mobile/Experian, Trump Hotel’s Malware Infection, Cyphinx Cyber Security Training Video Game, and the world of automobile cyber security. The automobile portion discusses attacks on Tesla, Chrysler, Fiat, Dodge, Ram, and On-Star. We look at how the Volkswagen emissions issue may change cyber security in the auto industry. This is a work in progress. The only way to improve at podcasting is to do it more. I will be applying my knowledge of security, coupled with my teaching experience to create valuable IT and Cyber Security podcasts as time progresses. If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Be sure to subscribe to this podcast and to our Blog. Enter your email address: Delivered by FeedBurner Subscribe to our mailing list * indicates required Email Address * First Name Last Name // <![CDATA[ (function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';}(jQuery));var $mcj = jQuery.noConflict(true); // ]]></script> // <![CDATA[ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-67054607-1', 'auto'); ga('send', 'pageview'); // ]]></script>
Rate Podcast
Get episode alerts
Subscribe to receive notifications by email whenever this podcast releases new episodes.

Subscribe to receive notifications by email whenever this podcast releases new episodes.

Recommend This Podcast

Recommendation sent

Join Podchaser to...

  • Rate podcasts and episodes
  • Follow podcasts and creators
  • Create podcast and episode lists
  • & much more

Podcast Details

Started
Sep 8th, 2015
Latest Episode
Apr 26th, 2018
Release Period
Weekly
No. of Episodes
50
Avg. Episode Length
About 1 hour
Explicit
No

Podcast Tags

Do you host or manage this podcast?
Claim and edit this page to your liking.
Are we missing an episode or update?
Use this to check the RSS feed immediately.
\\n\\n\\n// \\n\\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"10180777\":{\"air_date\":\"2016-08-29 10:00:28\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/utFMFs_PxSo/intro-to-app-sec-with-frank-rietta.mp3\",\"length\":2082,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=1999\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/09/jocephus865.jpg?fit=1400%2C1400&ssl=1\",\"slug\":\"intro-to-app-sec-with-frank-rietta\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"Intro to App Sec (with Frank Rietta)\",\"id\":10180777,\"creator_count\":0,\"description\":\"Intro to App Sec (with Frank Rietta)\\nAdvanced Persistent Security Podcast\\nEpisode 16\\nGuest: Frank Rietta\\nAugust 29, 2016\\nIf you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.\\nNOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers\\nIntro to App Sec (with Frank Rietta) Show Notes\\nPart 1\\nWe introduce Frank and discuss his background. We begin to discuss application security (App Sec) and how it plays into the cloud. We also provide a few cloud definitions\\nPart 2\\nWe discuss defense in Depth. We provide a definition and some applicable scenarios as to its use. We graze the surface on passwords, encryption, access controls, and training. We discuss training and events local to Atlanta and the Georgia area.\\nPart 3\\nWe discuss some scenarios we have seen or heard about in the security space and how they work or did not work. We also discuss the role of security in system development and the relationships between the business, security, developers, and dev ops. We discuss bug bounties on sites like HackerOne and BugCrowd.\\nWe introduce the following lists to help security professionals and developers alike:\\n\\nOWASP Top 10\\nOWASP Application Security Standard Verification Standard (ASVS)\\nCenter for Internet Security (CIS) Critical Security Controls (formerly the SANS Top 20)\\nCloud Security Alliance (CSA) Treacherous 12 \\n\\nFrank Rietta\\nAbout Frank\\nMr. Rietta’s role in Rietta Inc is to ensure that your project is designed for security and speed.\\nWith over 16 years of career experience, he is specialized in working with startups, new Internet businesses, and in developing with the Ruby on Rails platform to build scalable businesses.\\nHe is a computer scientist with a Masters in Information Security from the College of Computing at the Georgia Institute of Technology.\\nFrank is a public speaker, teaching about data breaches and information security topics. You can also follow him on Twitter or LinkedIn using the links below.\\nContacting Frank:\\nTwitter: @frankrietta\\nEmail: frank@rietta.com\\nLinkedIn\\nWebsite: www.rietta.com\\nLearning Center\\nFrank’s Book Recommendations\\nSoftware Security: Building Security In\\nThe Tangled Web: A Guide to Securing Modern Web Applications\\nGary McGraw’s Cigital Silver Bullet Podcast\\nAnnouncements and Resources\\nAdvanced Persistent Security has partnered with the EC-Council to provide a discounted EC-Council Training Event to our readers and listeners. The codes are only good for the Hacker Halted event in Atlanta, GA September 11-14 and 15-16, 2016. Below are the codes, if you have any questions, Contact Us.\\nPassword Blog Links:\\nAlienVault\\nHosted Locally on Advanced Persistent Security\\nVulnerable Web Applications for Learning:\\nOWASP Maintains a list here.\\nConferences Mentioned:\\nSecurity Onion Conference: Friday, September 9, 2016 from 7:30 AM to 5:00 PM (EDT)\\nAugusta University\\nJaguar Student Activity Center (JSAC) Ballroom\\n2500 Walton Way\\nAugusta, GA 30904\\nBSides Augusta: September 10, 2016 at 7:45 AM\\nJ. Harold Harrison MD, Education Commons\\n1301 R.A. Dent Blvd \\nAugusta, GA 30901\\nSEPTEMBER 11TH-14TH, 2016\\n$1,999 Courses if you register using discount code: HHAPSTRN\\nChoose one of the following courses and exams:\\n\\nCertified Ethical Hacker (C|EH)*\\nComputer Hacking Forensic Investigator (C|HFI)*\\nCertified Security Analyst (E|CSA/L|PT)*\\nCertified Chief Information Security Officer (C|CISO)*\\n\\nAll courses include:\\n\\nOfficial Courseware\\n1 Complimentary Exam Voucher\\nCertificate of attendance\\nLunch and coffee breaks throughout the duration of the training\\nComplimentary Pass to Hacker Halted – Atlanta conference (September 15 & 16)\\n\\nSeptember 15-16, 2016\\n*Individual conference passes can be purchased for $35 (down from $199) Use code: HHAPSCON\\nInstructions for registration:\\n1) Click here\\n2) Fill in all the necessary info\\n3) Enter Qty (1) for conference pass – public\\n4) Enter promotional code HHAPSCON (for $35 Conference Passes) HHAPSTRN (for $1,999 Courses)\\n\\n Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\n\\nIf you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.\\n\\n\\n\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\n\\n\\nSubscribe to our mailing list\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name\\n\\n\\n\\n\\n\\n\\n\\n\\n// \\n\\n\\n// \\n\\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"10180778\":{\"air_date\":\"2016-05-18 13:00:33\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/KVwerZ3hPYc/bsides-knoxville-roger-seagle.mp3\",\"length\":2705,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=1865\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/08/jocephus86512twitter.jpg?fit=1500%2C500&ssl=1\",\"slug\":\"bsides-knoxville-with-roger-seagle\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"BSides Knoxville (with Roger Seagle)\",\"id\":10180778,\"creator_count\":0,\"description\":\"BSides Knoxville (with Roger Seagle)\\nAdvanced Persistent Security Podcast\\nEpisode 15\\nGuest: Roger Seagle\\nMay 18, 2016\\nIf you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.\\nNOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers.\\nBSides Knoxville Show Notes\\nBSides Knoxville co-organizer, Roger Seagle joins us to talk about security and his upcoming event BSides Knoxville. We discuss trends and happenings in security. our own backgrounds and opinions as well as what we are seeing in security.\\nPart 1\\nWe kick it off with an introduction of Roger and his background. He has a PhD in Computer Science from University of Tennessee and has worked for Cisco for around 10 years. We kick it off with some post-DBIR discussion about ransomware, phishing, and password management utilities.\\nPart 2\\n We talk about threat hunting and the internet of things. We talk about the evolution of security processes and the moving target. We talk about what  trends we anticipate next.\\nPart 3\\nWe go over the history of BSides and over the talks at BSides Knoxville. Roger tells us about the tracks and the fact that there is something for everyone from beginner to expert. We discuss logistics, parking, and the ability to consume alcohol at the conference.\\nContacting Roger:\\nTwitter: @rogwfu\\nBSides Knoxville Twitter: @BSidesKnoxville (Use hash tag #BSK2016)\\nBSides Knoxville Email: mailto:info@bsidesknoxville.com\\n \\nAdvanced Persistent Security has partnered with the EC-Council to provide a discounted EC-Council Training Event to our readers and listeners. The codes are only good for the Hacker Halted event in Atlanta, GA September 11-14 and 15-16, 2016. Below are the codes, if you have any questions, Contact Us:\\nSEPTEMBER 11TH-14TH, 2016\\n$1,999 Courses if you register using discount code: HHAPSTRN\\nChoose one of the following courses and exams:\\n\\nCertified Ethical Hacker (C|EH)*\\nComputer Hacking Forensic Investigator (C|HFI)*\\nCertified Security Analyst (E|CSA/L|PT)*\\nCertified Chief Information Security Officer (C|CISO)*\\n\\nAll courses include:\\n\\nOfficial Courseware\\n1 Complimentary Exam Voucher\\nCertificate of attendance\\nLunch and coffee breaks throughout the duration of the training\\nComplimentary Pass to Hacker Halted – Atlanta conference (September 15 & 16)\\n\\nSeptember 15-16, 2016\\n*Individual conference passes can be purchased for $35 (down from $199) Use code: HHAPSCON\\nInstructions for registration:\\n1) Click here\\n2) Fill in all the necessary info\\n3) Enter Qty (1) for conference pass – public\\n4) Enter promotional code HHAPSCON (for $35 Conference Passes) HHAPSTRN (for $1,999 Courses)\\nRecent APS Posts\\nChange Your Email Password Now!\\nQatar Bank Breached After Bangladesh\\nBangladesh Bank Loses 80 Million USD\\nRansomware Infects Android 4.x\\nSpotify Allegedly Hacked…Again\\nMedStar Health Cybersecurity Fails to Prevent Attack\\nRansomware Locks MBR\\nIranian hackers hit with Federal charges\\nSpear Phishermen Target Corporate W-2 Data\\n4 Things to Know About Ransomware\\nRansomware Hits Mac Computers\\n Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\n \\nIf you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.\\n\\n\\n\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\n\\n\\nSubscribe to our mailing list\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n\\n// \\n\\n\\n// \\n\\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"10180782\":{\"air_date\":\"2016-04-26 13:00:14\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/l6MVKCTffHQ/mobile-insecurity-georgia-weidman.mp3\",\"length\":5086,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=1668\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/09/jocephus865.jpg?fit=1400%2C1400&ssl=1\",\"slug\":\"mobile-insecurity-with-georgia-weidman\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"Mobile Insecurity (with Georgia Weidman)\",\"id\":10180782,\"creator_count\":0,\"description\":\"Mobile Insecurity (with Georgia Weidman)\\nAdvanced Persistent Security Podcast\\nEpisode 11\\nGuest: Georgia Weidman\\nApril 26, 2016\\nIf you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.\\nMobile Insecurity Show Notes\\nEveryone wants to think about how secure they are. This podcast flips the script and assesses insecurity, specifically Mobile Insecurity. We discuss issues within the mobile computing ecosystem.\\nPart 1\\nIntroductions and Current Event\\nCurrent Event: Apple Quick Time and why could it not have been Flash. Georgia’s dad still uses Microsoft XP and won’t connect his printer to the network.\\nPart 2\\nGeorgia delivers her “Mobile Insecurity” talk and we discuss issues in the mobile threat landscape and possible mobile issues.\\nMobile Malware, Ransomware, and MDM are discussed. Issues within the actual mobile Operating Systems are discussed briefly.\\nJoe asks if Georgia sees mobile devices distributing Ransomware and Malware to cars.\\nPart 3\\nQuick banter of Apple vs FBI and the implications of the precedent both attempted and actually set.\\nPart 4\\nGoodbyes and How to Contact Georgia\\nAbout Georgia:\\nGeorgia Weidman\\nShevirah founder and CEO Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She holds a MS in computer science as well as holding CISSP, CEH, and OSCP certifications. Her work in the field of smartphone exploitation has been featured internationally in print and on television. She has provided training at conferences such as Blackhat USA, Brucon, and CanSecWest. Georgia founded Bulb Security LLC, a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security culminating in the release of the open source project the Smartphone Pentest Framework (SPF). She founded Shevirah Inc. to create product solutions for assessing and managing the risk of mobile devices in the enterprise and testing the effectiveness of enterprise mobility management solutions and is a graduate of the Mach37 cybersecurity accelerator. She is the author of Penetration Testing: A Hands-On Introduction to Hacking from No Starch Press. She was the recipient of the 2015 Women’s Society of CyberJutsu Pentest Ninja award. She is on the board of advisors of the angel backed security training startup Cybrary and the nonprofit Digital Citizens Alliance.\\n\\n\\n“There’s always going to be vulnerabilities” – Georgia Weidman\\n\\n\\nContacting Georgia:\\nwww.bulbsecurity.com\\nwww.shevirah.com (Coming Soon)\\nTwitter: @georgiaweidman\\nPenetration Testing:A Hands On Introduction Hacking is her book\\nFrom the Publisher at https://www.nostarch.com/pentesting.\\nIf you buy it directly from No Starch Press you get a discount with the code GEORGIA.\\nAPS Blog Posts\\nMedStar Health Cybersecurity Fails to Prevent Attack\\nAdobe Patches Exploited Vulnerability\\nRansomware Locks MBR\\nIranian hackers hit with Federal charges\\nSpear Phishermen Target Corporate W-2 Data\\nGoogle Fixes Kernel Vulnerability\\n4 Things to Know About Ransomware\\nRansomware Hits Mac Computers\\nIRS Targeted in Another Cyberattack\\n\\nThanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\n \\nIf you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.\\n\\n\\n\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\n\\n\\nSubscribe to our mailing list\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n\\n// \\n\\n\\n// \\n\\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"10180783\":{\"air_date\":\"2015-10-27 18:43:12\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/HnHebUJEPHA/this-week-in-security-october-27-2015.mp3\",\"length\":662,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=1252\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/09/this_week.jpg?fit=425%2C425&ssl=1\",\"slug\":\"this-week-in-security-october-27-2015\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"This week in Security: October 27, 2015\",\"id\":10180783,\"creator_count\":0,\"description\":\"This week in Security: October 27, 2015\\nThis week, we discuss the T-Mobile/Verizon Android LTE Security Vulnerability, Congress Attempting to Pass a Revamped CISPA, and CIA Director gets email hacked by a teenager. We recap the blogs and I add a little information and perspective. This is a work in progress. The only way to improve at podcasting is to do it more. I will be applying my knowledge of security, coupled with my teaching experience to create valuable IT and Cyber Security podcasts as time progresses.\\nRelated Blogs:\\nT-Mobile/Verizon Android LTE Security Vulnerability\\nCongress Pushes Revamped CISPA\\nCIA Director Email Hacked by a Teen\\nLinks Mentioned in Podcast\\nI will NOT be #22\\nI will NOT be #22 on Facebook\\nI will NOT be #22 on Twitter\\nI will NOT be #22 on Pinterest\\nI will NOT be #22 on Instagram\\nI will NOT be #22 Online Store\\nIf you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net\\nThanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nBe sure to subscribe to this podcast and to our Blog.\\n\\n\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\n\\n\\nSubscribe to our mailing list\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n\\n// \\n\\n\\n// \\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"10180784\":{\"air_date\":\"2015-10-20 21:11:28\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/kkd92feGqlI/this-week-in-security-october-20-2015.mp3\",\"length\":642,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=1187\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/09/this_week.jpg?fit=425%2C425&ssl=1\",\"slug\":\"this-week-in-security-october-20-2015\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"This week in Security: October 20, 2015\",\"id\":10180784,\"creator_count\":0,\"description\":\"This week in Security: October 20, 2015\\nThis week, we discuss the Adobe Flash, Google Android Zero Day, and Cyberwar esclations. We recap the blogs and I add a little information and perspective. This is a work in progress. The only way to improve at podcasting is to do it more. I will be applying my knowledge of security, coupled with my teaching experience to create valuable IT and Cyber Security podcasts as time progresses.\\nRelated Blogs:\\nWhy The Future of Android Depends on Security\\nCyberwar Begins New Arms Race\\nLatest Bug for Adobe Flash the Nail in the Coffin?\\n \\nIf you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net\\nThanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nBe sure to subscribe to this podcast and to our Blog.\\n\\n\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\n\\n\\nSubscribe to our mailing list\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n\\n// \\n\\n\\n// \\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"10180785\":{\"air_date\":\"2015-10-15 10:00:27\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/fn116omGcbU/sans-top-20-critical-security-controls-13-16.mp3\",\"length\":1283,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=1123\",\"image_url\":null,\"slug\":\"sans-top-20-critical-security-controls-13-16\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"SANS Top 20 Critical Security Controls 13-16\",\"id\":10180785,\"creator_count\":0,\"description\":\"\\n\\n\\nSANS Top 20 Critical Security Controls 13-16\\n\\nThe SANS SANS Top 20 Critical Security Controls are an industry and (for the most part) vendor neutral set of controls that organizations are encouraged to implement to ensure they are cognizant of security issues and can respond accordingly. This episode deals exclusively with the fourth 4 (Numbers 13-16) controls in-depth, so to not overwhelm listeners with what is shaping up to be a nearly 3 hour podcast.\\nIf you want to discuss how Advanced Persistent Security can help you implement the SANS Top 20 Critical Security Controls, please contact Advanced Persistent Security Sales.\\nContent\\nThis week, we begin to discuss the SANS Top 20 Critical Security Controls, this week we cover the following 4 Controls:\\nSANS Top 20 Critical Security Controls, #13: Boundary Defense\\nSANS Top 20 Critical Security Controls, #14: Maintenance, Monitoring, and Analysis of Audit Logs\\nSANS Top 20 Critical Security Controls, #15: Controlled Access Based on the Need to Know\\nSANS Top 20 Critical Security Controls, #16: Account Monitoring and Control\\nDISCLAIMER: Aside from receiving training from SANS and holding a certification from their partner organization, GIAC, neither Advanced Persistent Security nor myself, Joe Gray are affiliated with SANS. This podcast is authorized via SANS open use clause and is not officially authorized by SANS. There is no compensation to Advanced Persistent Security nor myself, Joe Gray for doing this podcast. The purpose is to increase awareness using open frameworks.\\nIf you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net\\nThanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nBe sure to subscribe to this podcast and to our Blog.\\n\\n\\nReferences\\nNIST SP 800-53 Revision 4\\nSANS Top 20 Critical Security Controls\\n\\n\\n\\n\\n\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\n\\n\\nSubscribe to our mailing list\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n\\n// \\n\\n\\n// \\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"10180787\":{\"air_date\":\"2015-10-08 10:00:48\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/WQnzeA4raaA/sans-top-20-critical-security-controls-9-12.mp3\",\"length\":1295,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=891\",\"image_url\":null,\"slug\":\"sans-top-20-critical-security-controls-9-12\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"SANS Top 20 Critical Security Controls 9-12\",\"id\":10180787,\"creator_count\":0,\"description\":\"\\n\\n\\nSANS Top 20 Critical Security Controls 9-12\\n\\nThe SANS SANS Top 20 Critical Security Controls are an industry and (for the most part) vendor neutral set of controls that organizations are encouraged to implement to ensure they are cognizant of security issues and can respond accordingly. This episode deals exclusively with the third 4 (Numbers 9-12) controls in-depth, so to not overwhelm listeners with what is shaping up to be a nearly 3 hour podcast.\\nIf you want to discuss how Advanced Persistent Security can help you implement the SANS Top 20 Critical Security Controls, please contact Advanced Persistent Security Sales.\\nContent\\nThis week, we begin to discuss the SANS Top 20 Critical Security Controls, this week we cover the following 4 Controls:\\nSANS Top 20 Critical Security Controls, #9: Security Skills Assessment and Appropriate Training to Fill Gaps\\nSANS Top 20 Critical Security Controls, #10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches\\nSANS Top 20 Critical Security Controls, #11: Limitation and Control of Network Ports, Protocols, and Services\\nSANS Top 20 Critical Security Controls, #12: Controlled Use of Administrative Privileges\\nDISCLAIMER: Aside from receiving training from SANS and holding a certification from their partner organization, GIAC, neither Advanced Persistent Security nor myself, Joe Gray are affiliated with SANS. This podcast is authorized via SANS open use clause and is not officially authorized by SANS. There is no compensation to Advanced Persistent Security nor myself, Joe Gray for doing this podcast. The purpose is to increase awareness using open frameworks.\\nIf you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net\\nThanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nBe sure to subscribe to this podcast and to our Blog.\\n\\n\\nReferences\\nNIST SP 800-53 Revision 4\\nSANS Top 20 Critical Security Controls\\n\\n\\n\\n\\n\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\n\\n\\nSubscribe to our mailing list\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n\\n// \\n\\n\\n// \\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"10180788\":{\"air_date\":\"2015-10-06 17:10:47\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/kYHM_6CvbyI/this-week-in-security-october-6-2015.mp3\",\"length\":1494,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=872\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/09/this_week.jpg?fit=425%2C425&ssl=1\",\"slug\":\"this-week-in-security-october-6-2015\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"This week in Security: October 6, 2015\",\"id\":10180788,\"creator_count\":0,\"description\":\"\\nThis week in Security: October 6, 2015\\nContent\\nWe discuss the recent attack on T-Mobile/Experian, Trump Hotel’s Malware Infection, Cyphinx Cyber Security Training Video Game, and the world of automobile cyber security. The automobile portion discusses attacks on Tesla, Chrysler, Fiat, Dodge, Ram, and On-Star. We look at how the Volkswagen emissions issue may change cyber security in the auto industry.\\nThis is a work in progress. The only way to improve at podcasting is to do it more. I will be applying my knowledge of security, coupled with my teaching experience to create valuable IT and Cyber Security podcasts as time progresses.\\nIf you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net\\nThanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nBe sure to subscribe to this podcast and to our Blog.\\n\\n\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\n\\n\\nSubscribe to our mailing list\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n\\n// \\n\\n\\n// \\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"10180791\":{\"air_date\":\"2015-09-24 14:00:53\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/VsD3Rg__0vI/sans-top-20-critical-security-controls-1-4.mp3\",\"length\":1559,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=545\",\"image_url\":null,\"slug\":\"sans-top-20-critical-security-controls-1-4\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"SANS Top 20 Critical Security Controls 1-4\",\"id\":10180791,\"creator_count\":0,\"description\":\"\\n\\n\\nSANS Top 20 Critical Security Controls 1-4\\n\\nThe SANS SANS Top 20 Critical Security Controls are an industry and (for the most part) vendor neutral set of controls that organizations are encouraged to implement to ensure they are cognizant of security issues and can respond accordingly. This episode deals exclusively with the first 4 controls in-depth, so to not overwhelm listeners with what is shaping up to be a nearly 3 hour podcast.\\nIf you want to discuss how Advanced Persistent Security can help you implement the SANS Top 20 Critical Security Controls, please contact Advanced Persistent Security Sales.\\nContent\\nThis week, we begin to discuss the SANS Top 20 Critical Security Controls, this week we cover the following 4 Controls:\\nSANS Top 20 Critical Security Controls, #1: Inventory of Authorized and Unauthorized Devices\\nSANS Top 20 Critical Security Controls, #2: Inventory of Authorized and Unauthorized Software\\nSANS Top 20 Critical Security Controls, #3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers\\nSANS Top 20 Critical Security Controls, #4: Continuous Vulnerability Assessment and Remediation\\nThe Center for Internet Security Benchmarks Program\\nThe NIST National Checklist Program\\nDISCLAIMER: Aside from receiving training from SANS and holding a certification from their partner organization, GIAC, neither Advanced Persistent Security nor myself, Joe Gray are affiliated with SANS. This podcast is authorized via SANS open use clause and is not officially authorized by SANS. There is no compensation to Advanced Persistent Security nor myself, Joe Gray for doing this podcast. The purpose is to increase awareness using open frameworks.\\nIf you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net\\nThanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nBe sure to subscribe to this podcast and to our Blog.\\n\\n\\nReferences\\nNIST SP 800-53 Revision 4\\nSANS Top 20 Critical Security Controls\\n\\n\\n\\n\\n\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\n\\n\\nSubscribe to our mailing list\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n\\n// \\n\\n\\n// \\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"10180794\":{\"air_date\":\"2015-09-14 13:00:48\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/Wj56V8U2AUM/break-down-the-inc-magazine-top-8.mp3\",\"length\":572,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=415\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/09/earth-and-sun-10010628.jpg?fit=150%2C118&ssl=1\",\"slug\":\"breaking-down-the-inc-magazine-top-8\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"Breaking Down the Inc Magazine Top 8\",\"id\":10180794,\"creator_count\":0,\"description\":\"Breaking Down the Inc Magazine Top 8\\nIn this episode, we break down the Inc Magazine Top 8 cyber security mistakes executives make and how we can help to prevent them from occurring.\\nThis is intended as an informational podcast. Advanced Persistent Security can certainly help you and your organization avoid these costly mistakes. Contact us using the information below to discuss how we can help you.\\nReferences:\\nKPMG Study\\nInc Magazine article\\nIf you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net\\nThanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nBe sure to subscribe to this podcast and to our Blog.\\n\\n\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\n\\n\\nSubscribe to our mailing list\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n\\n// \\n\\n\\n// \\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"10180795\":{\"air_date\":\"2015-09-08 14:00:34\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/0-_Z9nwFz3c/this-week-in-security-september-8-2015.mp3\",\"length\":1477,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=331\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/09/this_week.jpg?fit=425%2C425&ssl=1\",\"slug\":\"this-week-in-security-september-8-2015\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"This week in Security: September 8 2015\",\"id\":10180795,\"creator_count\":0,\"description\":\"\\nThis week in Security: September 8, 2015\\nContent\\nThis week in security, Ashley Madison data breach, the Jailbroken iPhone hack, and Netflix ceasing to use antivirus are discussed.We recap the blogs and I add a little information and perspective. This is a work in progress. The only way to improve at podcasting is to do it more. I will be applying my knowledge of security, coupled with my teaching experience to create valuable IT and Cyber Security podcasts as time progresses.\\nIf you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net\\nThanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nBe sure to subscribe to this podcast and to our Blog.\\n\\n\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\n\\n\\nSubscribe to our mailing list\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n\\n// \\n\\n\\n// \\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"11253947\":{\"air_date\":\"2017-02-13 11:00:55\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/hGYAInBazK0/threat-intelligence-with-rob-gresham.mp3\",\"length\":6292,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=2481\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/09/jocephus865.jpg?fit=1400%2C1400&ssl=1\",\"slug\":\"threat-intelligence-with-rob-gresham\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"Threat Intelligence (with Rob Gresham)\",\"id\":11253947,\"creator_count\":0,\"description\":\"THREAT INTELLIGENCE (WITH Rob Gresham)\\nADVANCED PERSISTENT SECURITY PODCAST\\nEPISODE 36\\nGUEST:Rob Gresham\\nFebruary 13, 2017\\nIf you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.\\nNOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers\\nThreat Intelligence (WITH Rob Gresham)\\nSHOW NOTES\\nPART 1\\nJoe introduces Rob Gresham. Rob explains the Intel/McAfee/Foundstone dynamic. Rob tells us about the 6 degrees of Foundstone and the associated businesses and people. We recall and discuss SuperScan. We cover Threat Hunting in terms of what it is and it is not. Rob explains that Threat Hunting is learning YOUR ENVIRONMENT and determining when/where/how to meet the enemy.  Joe characterizes it as “Purple Teaming.” Rob provides an application of the Scientific Method using hypotheses to evaluate purple teaming.\\nRob stresses to not be Elmer Fudd. Joe postulates IT F.U.D. (Fear, Uncertainty, Doubt, Elmer’s nephew).  Rob talks about attribution versus retribution. We talk about APTs and motivations of other types of attackers. Social Media as C2 (Command and Control) is discussed. We discuss the identification of Indicators that can be used in an actionable context. Joe gets on his training and awareness soapbox. The Cyber Kill Chain makes an appearance in regards to the applicability in network defense.\\nPART 2\\nRob tells us about MITRE and CVEs (Common Vulnerabilities and Exposures). He tells us about Adversarial Tactics Techniques And Common Knowledge  (ATTACK). Rob talks about actionable intelligence vice merely feeds or the tool de jour. Joe goes on his rant about the fallacy of silver bullet solutions. Rob talks about robust and elastic incident response planning. He tells us about adaptive and active containment.We talk about vendor diversity and the coverage in threat mitigation and identification. Rob talks about the level of influence and integration that machine learning has with antivirus companies like McAfee and Symantec. Rob brings the Pyramid of Pain into the discussion.\\nABOUT Rob\\n\\nRob Gresham has extensive experience executing and instructing on cyber threat intelligence. Primarily on the information flow and analysis of operational, strategic and tactical cyber intelligence. He has extensive experience building data centers and enterprise environments with the proper security architecture and robust designs that enable business security needs and maturity over time with less rework. With  extensive experience, Rob investigates compromised systems, performs memory analysis and determines the scope of the breach. Rob has a perceptive talent for visualizing processes, workflows and procedures which has help tremendously when designing SOC process framework. He has successfully built security response teams that provide incident response for SOCs and critical infrastructure and key resource restoration teams.\\nCONTACTING Rob:\\nTwitter: @rwgresham\\nLinkedIn\\nTeam Email: foundstone@intel.com\\nWebinar\\n\\nJOE’S Second BLOG ON CISOCAST\\nCISOCast\\nJOE’S Social Engineering BLOG ON Black Hills Information Security\\nBlack Hills Information Security\\nJOE’S AlienVault Blog about Insider Threat\\nAlienVault\\nHosted Locally on Advanced Persistent Security\\nJOE’S Sword & Shield BLOG Post\\nSword & Shield Blog\\nHosted Locally on Advanced Persistent Security\\nJOE’S First BLOG ON CISOCast\\nCISOCast\\nHosted Locally on Advanced Persistent Security\\nJoe’s Blog on Jenny Radcliffe’s Deception Chronicle\\nJenny Radcliffe’s Deception Chronicles\\nHosted Locally on Advanced Persistent Security\\nJoe’s Dyn DDOS Blog on Tripwire:\\nTripwire\\nHosted Locally on Advanced Persistent Security\\nJoe’s Ranking in the AlienVault Top Blogs of 2016:\\nAlienVault\\nHosted Locally on Advanced Persistent Security\\nPASSWORD BLOG LINKS:\\nAlienVault\\nHosted Locally on Advanced Persistent Security\\nWI-FI BLOG LINK:\\nAlienVault\\nHosted Locally on Advanced Persistent Security\\nPOWERSHELL LINK:\\nAlienVault\\n\\nJOE’S BLOG ON ITSP:\\nWhen Friendly Thermostats & Toasters Join The IoT Dark Side\\nJoe’s Blog on Tripwire:\\nBurgling From an OSINT Point of View\\nJoe’s Blogs on Sword & Shield Enterprise Security’s site:\\nHoliday Shopping Safety Series: Shopping Via Credit Card and e-Commerce\\nHoliday Shopping Safety Series: Holiday Scams and Hoaxes\\nJoe’s Work with WATE 6 News in Knoxville, TN:\\nShopping online safely this holiday season\\niPhone scam uses text messages to hack iCloud information\\nMaryville hacker takes over Facebook accounts\\nThanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\nSUBSCRIBE TO OUR MAILING LIST\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n\\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"15811251\":{\"air_date\":\"2016-10-03 10:00:54\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/LkxL_hmAwRo/women-minorities-in-technology-with-shana-bumpas.mp3\",\"length\":3869,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=2171\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/09/jocephus865.jpg?fit=1400%2C1400&ssl=1\",\"slug\":\"women-minorities-in-technology-with-shana-bumpas\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"Women & Minorities in Technology (with Shana Bumpas)\",\"id\":15811251,\"creator_count\":0,\"description\":\"Women & Minorities in Technology (WITH SHANA BUMPAS)\\nADVANCED PERSISTENT SECURITY PODCAST\\nEPISODE 21\\nGUEST: Shana Bumpas\\nOctober 3, 2016\\nIf you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.\\nNOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers\\nWomen & Minorities in Technology (with Shana Bumpas) SHOW NOTES\\nPART 1\\nJoe introduces Shana Bumpas, an Information Security professional with both state and federal experience. She gets us up to speed on what she’s been up to and then we transition into the news. Shana and Joe provide their outside analysis of the Yahoo data breach and the impact it will have on Yahoo’s sale to Verizon. Joe voices his belly aches with everyone claiming “Nation State” attacks.\\nPART 2\\nShana talks about the gap in technology of minorities and females. She talks about the decline in completion of STEAM (Science, Technology, Engineering, Art, and Math) degrees and entering the workforce. Shana equates this to a lack of mentors. Joe talks about putting effort in and reaping the rewards as well as crushing the security and technology elitism. We discuss using shows like Mr. Robot as a tool for awareness and getting the security conversation started. Joe calls out his mentors in his early days: Luke Winkelmann and Jim Roller. Shana and Joe discuss newer perspectives and challenges in promoting diversity.\\nPART 3\\nJoe mentions Girls Who Code, Women Cyberjutsu, Women In Technology, and Women In Cybersecurity. Shana talks about these organizations spreading the word and gaining the male advocacy. Shana provides more groups, which are in the resources section with the groups Joe mentioned. Shana calls higher learning institutions to do more to mentor students via clubs, job shadowing, and helping them gain internships.\\nABOUT Shana\\nShana Bumpas\\nShana Bumpas has been working in the IT profession for over 20 years in both the public and private sectors. Prior to that, she served as an Aviation Electronics Technician in the US Navy.  She graduated from Virginia Commonwealth University in Richmond, VA with a Bachelors of Science in Business Administration majoring in Management of Information Systems.  She has earned a Master of Science in Information Assurance from Norwich University in Northfield, VT.   She is currently working a Doctorate of Education at Liberty University. Prior to her current role as the IT Risk Manager with a state agency, she was a Senior Information Security Analyst, security administrator, systems administrator, to name a few of the multiple areas of IT in which she has worked.\\nShana is a member of the International Information Systems Security Certification Consortium and is a Certified Information Systems Security Professional.  She is also a member of Information Systems Auditing Control Association’s international and Virginia chapters and holds a both Certified Information Systems Auditor and Certified in Risk and Information Systems Control certifications.  She is also CompTIA Security+ certified and a Microsoft Certified Professional.\\nResources and sites mentioned:\\nhaveibeenpwned.com\\nTime Based Security (Book)\\nGirls Who Code: website / @GirlsWhoCode (Twitter) / Facebook\\nWomen’s Society of Cyberjutsu: website / @WomenCyberjutsu (Twitter) / Facebook\\nWomen in Cybersecurity (WiCyS) Conference: website\\nNation Center for Women & information Technology: website / @NCWIT (Twitter) / Facebook\\nWomen in Technology: website / @WITWomen (Twitter)\\nBlack Girls Code: website / @BlackGirlsCode (Twitter) / Facebook\\nNational Black Data Processing Association: website / @BDPA (Twitter) / Facebook\\nPASSWORD BLOG LINKS:\\nAlienVault\\nHosted Locally on Advanced Persistent Security\\nWI-FI BLOG LINK:\\nAlienVault\\nHosted Locally on Advanced Persistent Security\\nPOWERSHELL LINK:\\nAlienVault\\nHosted Locally on Advanced Persistent Security\\n\\nThanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nIf you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\nSUBSCRIBE TO OUR MAILING LIST\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"24426256\":{\"air_date\":\"2017-12-22 17:00:26\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/zLDfh55nk90/2017-holiday-podcasters-podcast-nsf-kids-work.mp3\",\"length\":4969,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=2898\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/09/jocephus865.jpg?fit=1400%2C1400&ssl=1\",\"slug\":\"2017-holiday-podcasters-podcast-nsf-kidswork\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"2017 Holiday Podcaster’s Podcast (NSF Kids/Work)\",\"id\":24426256,\"creator_count\":0,\"description\":\"2017 Holiday Podcaster’s Podcast (NSF Kids/Work)\\nADVANCED PERSISTENT SECURITY\\n \\nDecember 22, 2017\\nIf you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.\\nNOTE: The opinions expressed in this show are ours alone and do not reflect those of our employers\\n2017 HOliday Podcaster’s Podcast (NSF Kids/Work) SHOW NOTES\\nSUPER NOT SAFE for kids (and probably adults, come to think of it). Really this is just us griping and remaining hopeful for industry.\\nThanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\nSUBSCRIBE TO OUR MAILING LIST\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"27051682\":{\"air_date\":\"2018-03-30 10:00:15\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/jnTQVzrbOJI/osint-techniques-with-michael-bazzell.mp3\",\"length\":3930,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=2940\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/09/jocephus865.jpg?fit=1400%2C1400&ssl=1\",\"slug\":\"osint-techniques-with-michael-bazzell\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"OSINT TECHNIQUES (WITH MICHAEL BAZZELL)\",\"id\":27051682,\"creator_count\":0,\"description\":\"OSINT Techniques (with Michael Bazzell)\\nAdvanced Persistent Security Podcast\\nEpisode 40\\nGuest:Michael Bazzell\\nMarch 30, 2018\\nIf you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.\\nNOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers\\nOSINT Techniques (with Michael Bazzell)\\nShow Notes\\nIn this episode, we introduce Caroline Stephens as a new co-host. Our guest, Michael Bazzell discusses his background in OSINT; how he got into OSINT and why he wrote his first book as well as his new book Open Source Intelligence Techniques (6th Edition). Michael talks about what has changed in OSINT since 2001 in terms of collecting everything then versus filtering as much as possible now. We discuss automating OSINT and Buscador Linux. We go over a few tools that we like to use – Recon-ng, Datasploit, and Buscador. Maltego came up and we discuss our use and reservations of usage.\\nOn the topic of Buscador, Michael discusses how it came about, his collaboration with David Wescott, and the need for a linux based OSINT virtual machine. Joe and Michael discuss the ethical requirements and implications of collecting and usage of data gathered using OSINT techniques. Michael talks about his commitment to OPSEC (Operations Security) when working on OSINT investigations.\\nWe talk about proactive OSINT and Privacy; the offense and defense. Facebook Live is discussed. Michael and Joe also talk about spoofing location information and the impact of using a VPN on a cell phone. The usage of Michael’s tools for law enforcement and the media is discussed. Michael tells us about his experience working on Mr. Robot.\\nABOUT Michael\\nMichael Bazzell spent 18 years as a government computer crime investigator. During the majority of that time, he was assigned to the FBI’s Cyber Crimes Task Force where he focused on computer crime investigations. As an active investigator, he has been involved in numerous major criminal investigations including online child solicitation, child abduction, kidnapping, cold-case homicide, terrorist threats, and computer intrusions. He has trained thousands of individuals in the use of his investigative techniques. He also served as the technical advisor for the television hacker drama “Mr. Robot”. His books “Open Source Intelligence Techniques” and “Hiding from the Internet” have been best sellers in both the United States and Europe. Michael currently works and resides in Washington, D.C.\\nContacting Michael:\\nTwitter: @inteltechniques\\nWeb: inteltechniques.com\\nBooks:\\nOpen Source Intelligence Techniques 6th Edition\\nHiding From the Internet\\nComplete Privacy and Security Desk Reference Volume 1: The Digital\\nOutsmarting Your Kids Online: A Safety Handbook for Overwhelmed Parents\\nPersonal Digital Security: Protecting Yourself from Online Crime\\nPodcast: Complete Privacy and Security Podcast\\nContacting David:\\nTwitter: @aptnotes\\nContacting Caroline:\\nTwitter: @cxstephens\\n\\nThanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\nSUBSCRIBE TO OUR MAILING LIST\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"27364857\":{\"air_date\":\"2018-04-12 10:00:29\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/cE9aQ1usYXY/infosec-thoughts-with-jayson-e-street-tracy-maleeff.mp3\",\"length\":3324,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=2950\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/09/jocephus865.jpg?fit=1400%2C1400&ssl=1\",\"slug\":\"infosec-thoughts-with-jayson-e-street-tracy-maleeff\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"Infosec Thoughts (with Jayson E. Street & Tracy Maleeff)\",\"id\":27364857,\"creator_count\":0,\"description\":\"Infosec Thoughts (with Jayson E. Street & Tracy Maleeff)\\nAdvanced Persistent Security Podcast\\nEpisode 42\\nGuests: Jayson E. Street and Tracy “Infosec Sherpa” Maleeff\\nApril 12, 2018\\nIf you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.\\nNOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers\\nInfosec Thoughts (with Jayson E. Street & Tracy Maleeff)\\nShow Notes\\nSegment 1\\nIn this episode, Tracy and Joe introduce Jayson E. Street. Tracy mentions Jayson’s talk about failing from Tactical Edge conference. Joe and Tracy agree that people in infosec do not talk enough about their failures. Jayson talks about how to break into infosec. He shares how he would survey his defenses as a security guard (30 years ago) from the lens of someone who would be breaking in.\\nBad Guys will break in just like a red teamer, but they won’t give you a report to mitigate it.\\nBrian Krebs should not be your IDS.\\nJoe hits Jayson with a trick question about which language one should learn to break into infosec. Jayson passes the test with the answer of “English.” We continue down the rabbit hole of effective communications with regards to buzzwords and speaking the language of the audience. We talk about the use of the word “cyber” in the sense of cybersecurity in lieu of information security when speaking to the businesses.\\nSegment 2\\nTracy asks Jayson how to approach talking to non-technical, non-security people about the umbrella of information security relative to explaining the various types of security disciplines and the differences in each. Jayson levels with us with regards to the culture of information security based on his travels across the world. Jayson tells us how he would collect information about a company using OSINT to phish the company or gain unauthorized access. He encourages listeners to go out and speak to non-security groups to raise awareness across other verticals.\\nkittenwar.com\\nAbout Jayson\\nJayson E. Street\\nJayson E. Street is an Author of Dissecting the Hack: The F0rb1dd3n Network from Syngress. Also Creator of http://dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ’CONs and colleges on a variety of information security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of pizza from Beijing to Brazil. He does not expect anybody to still be reading this far, but if they are please note he was chosen as one of Time’s persons of the year for 2006.\\nContacting Jayson:\\nTwitter: @jaysonstreet\\nAwkward Hugs\\niRonin\\nJaysonEStreet.com\\nThe Forb1dd3n Network\\nBooks\\nDissecting the Hack: The F0rb1dd3n Network Revised\\nDissecting the Hack: The V3rb0t3n Network\\nAbout Tracy:\\nTracy Maleef\\nTracy Z. Maleeff is a Cyber Analyst in the Security Operations Center for global pharmaceutical company GSK. She holds a Master of Library and Information Science degree from the University of Pittsburgh. She has 15+ years’ experience as a law firm librarian and also worked as an independent consultant who specialized in social media, research, and Information Security awareness training. Tracy received the Wolters Kluwer Law & Business Innovations in Law Librarianship Award in 2016 and the Information Systems Security Association Women in Security Leadership Award in 2017. Tracy has presented at a variety of conferences including the Special Libraries Association, Security BSides, O’Reilly Security, and DEF CON’s Recon Village.\\nContacting Tracy:\\nTwitter: @infosecsherpa\\nNewsletter\\nWebsite: Sherpa Intel\\nThanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\nSUBSCRIBE TO OUR MAILING LIST\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n \\n\",\"rating\":null,\"user_data\":{}},\"27727067\":{\"air_date\":\"2018-04-26 10:00:57\",\"podcast\":85099,\"audio_url\":\"http://feedproxy.google.com/~r/AdvancedPersistentSecurity/~5/qOGPMrmnfO0/killing-the-pen-test-bsides-knoxville-with-adrian-sanabria.mp3\",\"length\":3541,\"review_count\":0,\"guid\":\"https://advancedpersistentsecurity.net/?post_type=podcast&p=3043\",\"image_url\":\"https://i0.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2015/09/jocephus865.jpg?fit=1400%2C1400&ssl=1\",\"slug\":\"killing-the-pen-test-bsides-knoxville-with-adrian-sanabria\",\"rating_count\":0,\"list_count\":0,\"creator_summary\":[],\"highlight\":[],\"weighted_rating_alltime\":3,\"podcast_id\":85099,\"title\":\"Killing the Pen Test & BSides Knoxville (with Adrian Sanabria)\",\"id\":27727067,\"creator_count\":0,\"description\":\"Killing the Pen Test & BSides Knoxville (with Adrian Sanabria)\\nAdvanced Persistent Security Podcast\\nEpisode 44\\nGuests: Adrian Sanabria\\nApril 26, 2018\\nIf you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.\\nNOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers\\nKilling the Pen Test & BSides Knoxville (with Adrian Sanabria)\\nShow Notes\\nIn this episode, Joe is joined by Adrian Sanabria. Adrian is a co-organizer of BSides Knoxville and one of the founders of dc865. We discuss Adrian’s background in technology and how he came into security in the days before PCI. Adrian talks about his transition into working at 451 Research in terms of terminology and industry analysis.\\nJoe and Adrian talk about Savage Security and RSA Conference. Adrian tells us about his (then forthcoming) presentation at RSA Conference. Adrian’s presentation is called It is Time to Kill the Pen Test and why it is important. He cites Haroon Meer’s Keynote at 44con in 2011 as a thought provoking idea that spawned this.\\nPen testing as a skill is not the problem, it is the service offering that is. Adrian cites inefficiencies like vulnerability scanning and reporting at the same rate as the test. We talk about the advanced attacks versus sticking to the basics. Adrian talks about prioritizing breach simulations and ransomware simulations over a pen test.\\nWe talk about the scoping documents of pen tests and how they are relative to actual attacks and their objectives. The fact that not all adversaries attempt to get domain admin, while others try to perform defacement or exfiltration. Adrian mentions Haroon’s quote:\\nPen testers are not emulating attackers. They are emulating other pen testers.\\nAdrian talks about the lack of responsiveness of blue teams during pen tests. We talk about the mentality of many attackers of wanting to “pwn the world” vice enhance the security of an organization. Adrian calls for more “white box testing.” Joe mentions the lack of analysis of OSINT as another inefficiency in pen testing. We also discuss the fact that dwell time is so high that expecting a black box test is almost unrealistic.\\nAdrian talks about some metrics associated with MSSPs detecting him when doing breach simulations. We talk about C2 and other indicators such as the use of TOR. We talk about how to make the industry better.\\nAbout Adrian:\\nAdrian Sanabria is Co-Founder and Director of Research at Savage Security. Sanabria’s past experience includes 13 years as a Defender and Consultant building security programs, defending large financial organizations and performing penetration tests. He has spent far more time dealing with PCI than is healthy for an adult male of his age. Sanabria learned the business side of the industry as a research analyst for 451 Research, working closely with vendors and investors. He is an outspoken researcher and doesn’t shy away from the truth or being proven wrong. Sanabria loves to write about the industry, tell stories and still sees the glass as half full.\\nContacting Adrian:\\nTwitter: @sawaba\\nBlog\\nBSides Knoxville:\\nWebsite\\nRegistration\\nDate: May 18, 2018\\nLocations: Scruffy City Hall, Preservation Pub, Knoxville Entrepreneurial Center\\n8:00 AM – 6:00 PM\\n \\nThanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.\\nEnter your email address:\\n\\n\\nDelivered by FeedBurner\\n\\n\\n\\nSUBSCRIBE TO OUR MAILING LIST\\n* indicates required\\nEmail Address *\\n\\n\\nFirst Name \\n\\nLast Name \\n\\n\\n\\n\\n\\n\\n\\n \\n\",\"rating\":null,\"user_data\":{}}},\"failed\":{},\"by_podcast\":{\"85099\":[2937772,2937773,2937774,2937780,10180772,10180773,10180774,10180775,10180777,10180778,10180782,10180783,10180784,10180785,10180787,10180788,10180791,10180794,10180795,11253947,15811251,24426256,27051682,27364857,27727067]}},\"favourites\":[]},\"category\":{\"categories\":{\"loading\":{},\"entities\":{\"technology\":{\"id\":9,\"text\":\"Technology\",\"slug\":\"technology\",\"relevance\":500},\"tech-news\":{\"id\":45,\"text\":\"Tech News\",\"slug\":\"tech-news\",\"relevance\":400}}}},\"rating\":{\"ratings\":{\"loading\":{},\"entities\":{}}},\"tag\":{\"tags\":{\"entities\":{},\"loading\":{},\"autocomplete\":{},\"failed\":{}}},\"creator\":{\"creators\":{\"entities\":{},\"failed\":{}},\"credits\":{\"entities\":{}},\"suggested_credits\":{\"entities\":{}},\"roles\":{\"entities\":{}},\"loading\":{},\"editing\":null},\"merch\":{\"merch_products\":{\"loading\":{},\"entities\":{},\"failed\":{}}},\"claiming\":{\"feed_details\":null,\"claim_status\":{\"claimed\":false,\"validate_error\":null},\"podcasts\":{},\"user_data\":{\"claimed\":[],\"pending\":[],\"loading\":false,\"loaded\":false}}}";