Episodes

4 days ago
E034 - Researching Threats
4 days ago
4 days ago
In this episode, Bharat Jogi, Senior Director of Vulnerability and Threat Research at Qualys, discusses the intricacies of threat research, the growing landscape of vulnerabilities, and the importance of responsible disclosure. He emphasizes the need for curiosity and creativity in cybersecurity roles, the challenges of managing an influx of vulnerabilities, and the balance between privacy and security. Bharat also shares insights from Qualys' annual vulnerability report, highlighting the staggering number of CVEs and the need for effective vulnerability management strategies.Bharat Jogi on LinkedIn: https://www.linkedin.com/in/bharat-jogi-3a680b13Qualys Threat Research Unit: https://www.qualys.com/truregreSSHion vulnerability info: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-serverChapters00:00 Intro00:38 Introduction to Threat Research04:39 The Role of Threat Researchers16:29 Responsible Disclosure and Communication23:24 Annual Reports and Industry Insights27:35 The Challenges of Patch Management34:31 The Balance of Privacy and Security39:37 Reflections48:15 Outro

Tuesday Jan 28, 2025
E033 - Navigating the Zero Trust Landscape
Tuesday Jan 28, 2025
Tuesday Jan 28, 2025
In this episode, Nathanael Iverson, Chief Evangelist at Zentera, discusses the concept of Zero Trust in cybersecurity. He emphasizes the importance of incremental progress, understanding core principles, and the historical context of Zero Trust. The conversation explores the need for organizational change, executive support, and the business case for cybersecurity investments. Nathanael shares insights on identifying critical assets, risk management, and the journey of implementing Zero Trust effectively.Chapters00:00 Introduction to Nathanael Iverson and Chief Evangelism04:02 The History of Zero Trust07:54 Core Principles of Cybersecurity15:26 Incremental Approaches to Zero Trust Implementation19:13 The Value of Zero Trust24:39 The Zero Trust Journey30:36 Organizational Impacts of Zero Trust33:20 The Fight for Privacy vs. Security37:37 Reflections39:38 OutroNathanael on LinkedIn: https://www.linkedin.com/in/nathanaeliversen/Zentera: https://www.zentera.net

Tuesday Jan 21, 2025
E032 - Penetration Testing
Tuesday Jan 21, 2025
Tuesday Jan 21, 2025
In this episode, Brian and Milou talk with Martin Edwards, a seasoned penetration tester, discussing the intricacies of cybersecurity, the importance of curiosity in IT careers, and the dynamics between red and blue teams. They explore the role of certifications, share fascinating stories from the field, and delve into the hiring process for penetration testers. The conversation also touches on physical penetration testing techniques and the ongoing debate between privacy and security in today's tech landscape.
Chapters
00:00 Introduction to Martin Edwards and Penetration Testing04:24 Understanding Red Team vs Blue Team Dynamics06:50 The Value of Certifications in Cybersecurity08:16 Favorite Penetration Testing Stories14:05 Physical Pen Testing Techniques and Insights21:07 The Business Value of Penetration Testing32:07 The Evolving Landscape of Privacy and Security36:10 Reflections

Tuesday Jan 14, 2025
E031 - Socializing Unspoken Security
Tuesday Jan 14, 2025
Tuesday Jan 14, 2025
In this episode, AJ Nash, founder of Unspoken Security, discusses the challenges and rewards of podcasting in the security space. He emphasizes the importance of authenticity in conversations about security, the need to break the taboo surrounding these discussions, and the generational shift in attitudes towards privacy and security. The conversation also touches on the role of ignorance in security awareness and the challenges of personal security practices. AJ shares insights on creating safe spaces for dialogue and the importance of community in enhancing security awareness.Connect with AJ: https://www.unspokensecurity.com/https://www.linkedin.com/in/nashaj Chapters00:00 Introduction to AJ Nash and Unspoken Security Podcast00:37 Introduction to AJ Nash03:45 Podcasting About the Unspoken Parts of Cybersecurity08:18 Making Security More Approachable14:07 Breaking the Taboo: Why Security Topics Remain Unspoken19:23 The Challenge of Acknowledging Ignorance32:20 The State of Privacy in a Digital Age38:15 Reflections41:25 Outro

Tuesday Jan 07, 2025

Tuesday Dec 17, 2024
E29 - Finding a Job In Tech (Part 1)
Tuesday Dec 17, 2024
Tuesday Dec 17, 2024
In this episode of Socializing Security, Milou and Brian discuss the complexities of job searching during the holiday season, sharing personal experiences with layoffs and the evolving job market in the technology industry. They explore the impact of freelancing and consulting as alternative income sources, the importance of financial planning for job security, and the value of building a supportive network during transitions. The conversation emphasizes lessons learned from their experiences and offers insights for navigating the current job landscape. Chapters00:00 Navigating Job Market Challenges During the Holidays03:03 Personal Experiences with Layoffs and Job Searches05:48 The Impact of Freelancing and Consulting09:04 Financial Planning and Job Security12:09 Building a Supportive Network During Job Transitions14:51 Lessons Learned and Moving Forward21:02 Navigating Job Search Challenges24:25 The Importance of Networking27:13 Effective Job Posting Strategies29:33 Leveraging Social Media for Job Search32:51 Building a Personal Brand35:14 Utilizing Diverse Platforms for Job Opportunities38:33 The Value of Informational Interviews

Tuesday Dec 10, 2024
E28 - Cyber Frameworks All The Way Down
Tuesday Dec 10, 2024
Tuesday Dec 10, 2024
In this episode of Socializing Security, Milou and Brian discuss various cybersecurity frameworks, their applications, and the importance of compliance in building effective information security programs. They explore the NIST Cybersecurity Framework, MITRE frameworks, CIS Critical Security Controls, and compliance standards like SOC 2 and ISO 27001. The conversation emphasizes the need for organizations to adopt a comprehensive approach to cybersecurity that goes beyond mere compliance, focusing on continuous improvement and maturity models to enhance security posture.
Chapters
00:00 Introduction and Context Setting01:34 Exploring Cybersecurity Frameworks09:24 Deep Dive into NIST Cybersecurity Framework12:48 Understanding MITRE Frameworks15:01 CIS Critical Security Controls Overview18:17 Compliance Frameworks: SOC 2 and ISO 2700121:30 Governance and IT Management Frameworks25:35 Industry-Specific Compliance Standards29:51 Maturity Models in Cybersecurity35:49 Conclusion and Future Discussions

Tuesday Dec 03, 2024
E27 - Hacking Mental Health
Tuesday Dec 03, 2024
Tuesday Dec 03, 2024
In this episode, Amanda Berlin discusses the importance of mental health in the tech industry, particularly within cybersecurity. She shares her journey in founding Mental Health Hackers, a nonprofit organization aimed at providing support and safe spaces for individuals struggling with mental health issues. The conversation explores the challenges faced by tech professionals, the impact of keynote talks on mental health awareness, and the significance of community support. Amanda emphasizes the need for open discussions about mental health, coping strategies, and the balance between privacy and security in the tech world.Links and Resourceshttps://www.mentalhealthhackers.org https://infosecindustry.com/category/podcasts/brakeing-down-security/If you need help, and it’s an emergency, don’t hesitate and call 988. For less severe situations, Mental Health Hackers has a wealth of information here: https://www.mentalhealthhackers.org/resources-and-links/Chapters00:00 Introduction to Amanda Berlin04:39 The Birth of Mental Health Hackers10:36 Expanding Mental Health Conversations in Tech13:08 Helping Others With Mental Health Hackers21:56 Giving People Space for Mental Health28:31 Finding Professional Help32:17 The Fight for Privacy36:24 Reflections41:25 Outro

Tuesday Nov 26, 2024
E26 - Cyber Resilience
Tuesday Nov 26, 2024
Tuesday Nov 26, 2024
In this episode, Milou and Brian delve into the concept of cyber resiliency, exploring its definition, importance, and the various components that contribute to a robust cyber resilience program. They discuss the nuances of cyber recovery compared to traditional disaster recovery, the significance of incident response planning, and the role of cyber insurance in mitigating risks. The conversation emphasizes the need for organizations to consider the maturity of their cyber resilience plans, ensuring continuous improvement and adaptation to the ever-evolving cybersecurity landscape. Further reading:- In retrospect: Normal Accidents: https://www.nature.com/articles/477404a- NIST Cybersecurity Framework: https://www.nist.gov/cyberframeworkChapters 00:00 Introduction to Cyber Resiliency 03:14 Understanding Cyber Resilience 08:39 Cyber Resilience vs. Disaster Recovery 14:10 Building a Cyber Resiliency Program 19:47 The Role of Cyber Insurance 23:51 Testing with Tabletop Exercises 26:49 Measuring Maturity of Cyber Resilience 31:13 Outro

Tuesday Nov 19, 2024
E25 - Securing Databases
Tuesday Nov 19, 2024
Tuesday Nov 19, 2024
In this episode, Brian and Milou talk with David Klee, a database expert, to discuss the often-overlooked topic of database security. They explore the challenges companies face in securing their databases, the impact of cloud technology on security practices, and the importance of a top-down approach to security mandates. David emphasizes the need for organizations to integrate security into their database practices and the ongoing fight for privacy in the digital age.
Continue to socialize with David Klee!https://bsky.app/profile/kleegeek.bsky.socialhttps://www.linkedin.com/in/davidakleedavidklee.netheraflux.com Chapters00:00 Introduction04:22 Common Gaps in Database Security07:06 The Interactions of Databases and Applications12:12 The Impact of Cloud on Database Security15:51 Improving Security From the Top Down22:35 Infrastructure Security for Databases26:57 Privacy vs Security29:44 Conclusion and Final Thoughts