WE'RE IN!

In this episode, Micah Hoffman talks about his career in Open Source Intelligence (OSINT) and the value it has for investigations, cybersecurity and understanding how information is weaponized. He also gets into strategies for safeguarding personal privacy in the face of increasing digital surveillance. This episode will have you thinking twice about what you post on social media!

Why you should listen:
* Hear from one of the leading Open Source Intelligence researchers working today.
* Learn about the value of OSINT for offensive and defensive cybersecurity.
* Get a better understanding of all the privacy risks from fitness trackers, apps, shopping online and social media.  

Key quotes:

* "OSINT is a reconnaissance skill. It's all about that preparation work that needs to be done before you do anything in cyber, whether it's attacking or defending."  

* "Once things are on the internet -- or once things are even collected, not necessarily on the internet -- you've lost control of it."
* "The reality is that we give up our privacy every single time we use an app, every single time we choose to purchase something."

Links:

* https://www.spotlight-infosec.com/

* https://osintcurio.us/

* https://www.synack.com/

Nicolas Chaillan, former Air Force Chief Software Officer, resigned from the DoD over frustrations with what he called a lack of innovation, collaboration and agility. He gets into those issues and talks about how the U.S. can invest more in technology to compete with China in artificial intelligence and cybersecurity.  

---------

Why you should listen:

* Nicolas offers a candid and controversial view of the military's approach to the growing technological threat from China.

* He outlines his view for a Pentagon that is more agile, collaborative and competitive. 

* Hear from a former DoD insider about some of the institutional barriers that can hinder innovation and software advancements.  

---------

Key quotes:

* "In 10, 15, 20 years from now, America as we know it and the value we have and the freedom we enjoy will be at risk of going away if China dominates in AI like they are doing now."

* "TikTok is effectively an intelligence weapon of China on US citizens right now."

* "We don't see a lot of training and implementation of Agile at all in the DoD, which really leads to the inability to move at the pace of relevance and tremendous waste of taxpayer money."

---------

* https://www.synack.com/

* https://www.linkedin.com/in/nicolaschaillan/

* https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-chaillan/

* https://ama.preventbreach.com/register

Nicolas Chaillan, former Air Force Chief Software Officer, resigned from the DoD over frustrations with what he called a lack of innovation, collaboration and agility. He gets into those issues and talks about how the U.S. can invest more in technology to compete with China in artificial intelligence and cybersecurity.  

---------

Why you should listen:

* Nicolas offers a candid and controversial view of the military's approach to the growing technological threat from China.

* He outlines his view for a Pentagon that is more agile, collaborative and competitive. 

* Hear from a former DoD insider about some of the institutional barriers that can hinder innovation and software advancements.  

---------

Key quotes:

* "In 10, 15, 20 years from now, America as we know it and the value we have and the freedom we enjoy will be at risk of going away if China dominates in AI like they are doing now."

* "TikTok is effectively an intelligence weapon of China on US citizens right now."

* "We don't see a lot of training and implementation of Agile at all in the DoD, which really leads to the inability to move at the pace of relevance and tremendous waste of taxpayer money."

---------

* https://www.synack.com/

* https://www.linkedin.com/in/nicolaschaillan/

* https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-chaillan/

* https://ama.preventbreach.com/register

In this episode, Phillip Wylie talks about his journey from pro wrestling to pentesting and what motivated him to start teaching, mentoring and giving back to the infosec community. It's an inspirational story for veterans in the field and newbies alike. Phillip not only talks about his work helping others get started in ethical hacking, but the value of truly understanding the mind of the adversary. 

-------

Why you should listen:

* Phllip's story is both educational and inspirational -- worthwhile for anyone interested or involved in cybersecurity. 

* Learn something from one of the most prolific cybersecurity speakers and educators. 

* Get a better understanding of ethical hacking and the value of offensive security testing.

-------

Key quotes:

* "Once you learn how to pentest, your whole world changes."

* "For people that have been in the industry for a while, listen to the new folks. I learned a lot from my students."

* "If you can help people succeed, that's even more rewarding than personal success."

-------

Links:

* www.synack.com

* https://twitter.com/PhillipWylie

* https://www.youtube.com/c/ThePwnSchoolProject

* https://www.itspmagazine.com/the-hacker-factory-podcast

Kim Zetter is a former staff writer at WIRED and author of the seminal cybersecurity book “Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon.” Her work has appeared in The New York Times, POLITICO, The Washington Post and regularly in her Substack newsletter, “Zero Day.” In this episode, Kim talks about her approach to reporting, what sparked her Stuxnet investigation and how the discovery of that malware fundamentally altered our global cybersecurity conversation.

Why you should listen:

* Hear from one of the most influential and knowledgeable journalists writing about cybersecurity today.
* Get her take on some of the biggest security stories of 2021 such as Colonial Pipeline and the Pegasus Project.
* Learn more about the key policy debates around election security and critical infrastructure protections.

Key Quotes:
* “Stuxnet really helped shine a light on industrial control systems as a target.”
* “We focus too much on the stuff that makes the headlines and completely ignore the innocuous things that you’re downloading onto your phone .... Those things are spying on you, as well.”
* “The Obama administration was the first administration to [make] cyber a priority, but they didn't really put critical infrastructure as a priority in the sense of using the government's weight to force security on critical infrastructure. We're actually only seeing that in this last year … in the wake of Colonial Pipeline.”
* “When we saw Russia trying to interfere in 2016, that woke up DHS that someone, somewhere needed to have some kind of influence over election officials.”

Links:

* www.synack.com

* https://zetter.substack.com/
* https://www.nytimes.com/2018/09/26/magazine/election-security-crisis-midterms.html

Defense Digital Service Acting Director Katie Olson heads up a team of about 80 technologists working on some of the toughest challenges facing the U.S. Department of Defense. Since Katie started leading the team, often called the Pentagon’s “SWAT team of nerds," it has increasingly focused on the threat from drones, cybersecurity risks in space and the consequences of climate change. In this episode, Katie talks about this cutting-edge work, how DDS helped the Pentagon reduce the impact of COVID-19 and what big issues her team will tackle next. 

-------

Why you should listen:

* Learn about some of the most cutting-edge work going on inside the Pentagon.

* Better understand emerging threats such as drones and risks associated with climate change.

* Hear how DDS helped the military rapidly deploy technology to reduce the spread of COVID-19.

-------
Key Quotes:

* "What I've seen shifting in my time here is making security researchers the good guys."

* “Facilitated by the pandemic, we are seeing just increased awareness and attention to cybersecurity.”

* “It would be better for us to check our defenses first before we have some kind of major breach.”

*  “For those white hat hackers who want to contribute to national security, [there’s] a huge opportunity.”
-------

Related Links:

www.synack.com

https://www.dds.mil/

https://www.synack.com/blog/3-years-of-hack-the-pentagon/

https://www.usds.gov/projects/hack-the-pentagon

Earlier this year, the Electronic Frontier Foundation named Matt Mitchell, founder of CryptoHarlem, one of its 2021 Pioneer Award winners for his groundbreaking work to protect Black communities from surveillance. In this episode, Matt talks about what led him to apply his hacking skills to social justice causes and how that led to his role today as a Technology Fellow for the BUILD program at the Ford Foundation. Matt also discusses what Twitch can do to safeguard creators and the steps anyone can take to better protect themselves online. 

--------

Why you should listen:

* Hear from a hacker working on the frontlines of today’s most important racial justice issues.

* Better understand the state of digital surveillance in Black communities.

* Hear about what steps platforms such as Twitch can take to better protect creators.

* Learn the three things everyone online should do to better protect themselves on the internet.

* Discover where “Mr. Robot” placed an elusive CryptoHarlem Easter egg.

--------

Key Quotes:

* “It's really about taking the skill that we have and applying it toward something bigger than yourself.”

* “Under the lens of a surveyor, who’s always looking for wrongs, you’ll find what you’re looking for all the time.”

* “We sometimes confuse public safety with surveillance.”

* “I'm pretty realistic. If you look at the number of cyberattacks that came from sticky notes on personal computers, it’s zero. But don’t put a sticky note on the nuclear codes.” 

--------

Related Links:

* Synack.com

* https://www.cryptoharlem.com/

* https://www.fordfoundation.org/

* https://calyxinstitute.org/

Alyssa Miller, Business Information Security Officer at S&P Global Ratings and author of the forthcoming book, “Cyber Defenders' Career Guide, is one of the most provocative, unfiltered and interesting voices in the cybersecurity community. She’s essential reading on infosec Twitter and a regular draw at conferences around the world. In this episode, she dives into all sorts of issues in the cybersecurity community, from incoherent job postings to a lack of diversity—she covers it all. Tune in to find out how you can best address these problems and also learn how to reach out of your comfort zone and forge your own path to success. 

--------

Why you should listen:

* Figure out why most cybersecurity job postings “suck” and how the industry can help fix the issue.

* Learn how to address key issues that come up during a cybersecurity job hunt.

* Identify how to maximize opportunities for personal growth and realize your potential in the infosec community.

* Understand how to be a better ally to underrepresented groups in the cybersecurity community.

* Hear about the value of diversity and inclusion in cybersecurity. 

--------

Key Quotes:

* “Read the narrative at the beginning of the job description. If that sounds like something you can do and something you can learn and grow in, apply. The very worst thing they can do is tell you no."

* "The difference between you experiencing success or not is in how you respond to opportunities. Do you take those moments and go after them or do you let them go by the wayside."

* “If we want to be better at cybersecurity, having diversity matters.”

* "You don't get diversity of thought by having 20 heterosexual white males sitting in a room talking about how to build cybersecurity defenses."

--------

Related Links:

* Synack.com

* https://www.synack.com/lp/cloud-security-solutions/

*https://twitter.com/AlyssaM_InfoSec?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor

* https://alyssasec.com/

In this episode, Stephanie Wong, head of Google Cloud Developer Engagement, explores Google’s security culture, why it conducts “blameless” postmortems after security testing and how it’s working to dispel lingering misconceptions about the cloud. She also talks about her journey in Silicon Valley and how her experiences winning pageants such as Miss Asian North America 2020 helped her become one of today’s most visible technology content gurus.

Why you should listen:

* Learn how to build an effective cybersecurity culture within your organization.

* Get the inside scoop on the security precautions that Google takes with its physical data center.

* Hear about what Google is doing to overcome misperceptions about cloud security.

* Figure out how to conduct security postmortems the Google way. 

* If you don't know about the "pancake principle," you'll find out why it matters, and how it can work for you.

Key Quotes:

* "It's become really clear that remote work will be a very defining characteristic of the new normal and modernizing security is going to be imperative."

* "Our teams are really horrified by network-based security because network-based security is hackable, even with two factor authentication."

* “It's all about empowering [users] so that they can be the ones to flag suspicious activity, websites, and phishing in emails."

* "Being in Silicon valley, we're often in a bubble where we assume that a lot of people already understand the value of [the cloud] and how it can actually increase your security posture overall."

* "It's all about blameless postmortems and a blameless culture. No pointing fingers. If something goes wrong, it's all about how can we improve it."

Related Links:

* Synack.com

* https://www.synack.com/lp/cloud-security-solutions/

* https://twitter.com/stephr_wong

 * https://bit.ly/2Vkckh5 (Stephanie’s Youtube Page) 

* https://www.stephrwong.com/about

In this episode, Stephanie Wong, head of Google Cloud Developer Engagement, explores Google’s security culture, why it conducts “blameless” postmortems after security testing and how it’s working to dispel lingering misconceptions about the cloud. She also talks about her journey in Silicon Valley and how her experiences winning pageants such as Miss Asian North America 2020 helped her become one of today’s most visible technology content gurus.

Why you should listen:

* Learn how to build an effective cybersecurity culture within your organization.

* Get the inside scoop on the security precautions that Google takes with its physical data center.

* Hear about what Google is doing to overcome misperceptions about cloud security.

* Figure out how to conduct security postmortems the Google way. 

* If you don't know about the "pancake principle," you'll find out why it matters, and how it can work for you.

Key Quotes:

* "It's become really clear that remote work will be a very defining characteristic of the new normal and modernizing security is going to be imperative."

* "Our teams are really horrified by network-based security because network-based security is hackable, even with two factor authentication."

* “It's all about empowering [users] so that they can be the ones to flag suspicious activity, websites, and phishing in emails."

* "Being in Silicon valley, we're often in a bubble where we assume that a lot of people already understand the value of [the cloud] and how it can actually increase your security posture overall."

* "It's all about blameless postmortems and a blameless culture. No pointing fingers. If something goes wrong, it's all about how can we improve it."

Related Links:

* Synack.com

* https://www.synack.com/lp/cloud-security-solutions/

* https://twitter.com/stephr_wong

 * https://bit.ly/2Vkckh5 (Stephanie’s Youtube Page) 

* https://www.stephrwong.com/about