John Strand shares some of his own journey into information security and also his ideas and tips for those wanting to get into the industry from the start, or those looking to change career paths mid stream. He’s joined by special guests Randy Marchany, CISO of Virginia Tech & Director of the VA Tech IT […]
Podcast: Play in new window | Download
John Strand talks about his own journey into information security and shares his suggestions for those wanting to get started from scratch or who are looking to change career tracks. Special Guests: Randy Marchany, CISO of Virginia Tech & Director of the VA Tech IT Security Lab, and Ed Capizzi, SANS instructor Show Notes […]
Derek Banks// I live in an area that was initially projected to be hit by Hurricane Florence. Four days prior to the storm making landfall the governor of my state issued a mandatory evacuation for the zone that I live in. The floor of my house is about nine feet above sea level and there […]
Join special guest Chris Brenton, COO of Active Countermeasures, as he discusses the anatomy of beacons and why you need to be looking for them during a threat hunt. He also talks through the challenges of detecting beacons, and some tricks you can use. Slides from the full webcast can be found here: www.activecountermeasures.com/threat-hunting-beacon-analysis-september-11-2018/
Podcast: Play in new window | Download
Bryan Strand// I have recently started taking SEC566 with James Tarala via SANS on the CSC 20 Critical Controls and decided it would be a great blog series to do a quick overview of each of the controls, and how you could start implementing them on your network. This is by no means an in […]
Dakota Nelson // Dakota talks about the pentester pyramid of pain and the different types of tests available from an information security firm. See his slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/7404264/ Extra links & notes: From guest blog post by Scott Worden: Having the penetration tester reach your crown jewels, get root, own you, pwn you, own3d, 0wn3d, pwned, […]
Podcast: Play in new window | Download
BB King// We got an email from a fan today asking how best to find a mentor in information security. Maybe you’re looking for a mentor too. It’s a great question. Much of the advice you see for people looking to make their start in infosec is something like, “Work at the helpdesk or in […]
Mike Felch// With so many Microsoft technologies, services, integrations, applications, and configurations it can create a great deal of difficulty just to manage everything. Now imagine trying to secure an environment that goes well beyond the perimeter. While moving everything to a cloud provider can provide amazing return in scalability, functionality, and even savings, it […]
Marcello Salvati// During Red Team and penetration tests, it’s always important and valuable to test assumptions. One major assumption I hear from Pentesters, Red teamers and clients alike is that most networks (or their own network) block outbound SMB traffic. In my phishing payloads I always try to inject a UNC path: If macros are […]
