All Episodes
BrakeSec Education Podcast — 463 episodes
Jay Beale discusses his K8s class at BlackHat, Kubernetes developments, and mental health
Socvel intel threat quiz, Pearson Breached, nintendo bricking stuff, and kevintel.com
Bronwen Aker - harnessing AI for improving your workflows
post-bsides SD discussion, EPSS, the answer I should have given, and 'Lord Brake'
March23: buy browser extensions, attackers don't need exploits, socvel CTI quiz
steam distributes malware in game form, RDP open from DOGE servers, hacking a supply chain for 50K
Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more!
Josh Grossman - building Appsec programs, bridging security and developer gaps
Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox
p2-accidentalCISO, building trust in new places
AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec
1st show of 2024! Our 10th Anniversary...
Brakesec Call to Action 2023
How to get more headcount, BLUFFs Vulnerability, and Ranty Clause debuts!
25Oct - okta breached (again), Energy company hit by supply chain attack, and you can help hire the best people
Nicole Sundin - CPO at Axio - SEC compliance, usable security, setting up risk mgmt programs
John Aron, letters of marque, what does a "junior" job look like with AI?
Megan Roddie - co-author of "Practical Threat Detecion Engineering"
meeting new people, walking on your keyboard causes issues, even google gets phone numbers wrong.
Bsides Seattle and Austin, SecureBoot patch, and more
lynsey wolf, conducting insider threat investigations, CASB and UEBA utlization to good use.
3CX supply chain attack, Mark Russinovich and Sysinternals, CISA ransomware notifications, and emotional intelligence
Dish Network is still busted, John Deere avoiding OSS requests, Is DAST dead?
Nickolas Means talks about Security, Devops velocity, blameless orgs, and conferences infosec should attend
SPECIAL INTERVIEW: John Aron and Jerod Brennen
Layoff discussions, another TMO breach, OneNote Malware, and more!
GPS car hacks, Google Threat report, notable topics of 2020, satellite threat modelling, twitter breach(?)
Josh-Whalen-risk-management-data_visualization-tools, value-creating activities -p2
John Whalen, data visualization tools, risk management, handling org risk-p1
Interview with Infrared - one of the Seattle Community Network organizers
JAMBOREE - an Android App testing platform from @operat0r -part2
JAMBOREE - an Android App testing platform from @operat0r
07-oct-news-twitch streaming
Uber Breach, MFA fatigue, who can help communicate biz risk?
Manual Code reviews/analysis, post-infosec Campout discussion
Amanda's Sysmon Talk -p2
Amanda's Sysmon Talk -p1
Tanya Janca, Securing APIs, finding Security Champions, and accepting Risk
Tanya Janca on secure coding practices, Swagger docs, and why documentation matters
PYPI enables 2FA, some devs have a problem with this
JW Goerlich on Training, phishing exercises, security metrics,getting the most from user training
RSA conference, Zero Trust, SSO, 2FA, and multi-cloud tenancy with J Goerlich
jon-dimaggio-part2-threat intel-hacking back-analyzing malware
Jon DiMaggio_Art-of-cyberwarfare_hacking_back-insider-threat-messaging_P1
news, infosystir's talk at RSA, conti has an 'image' problem
Mieng Lim, Ransomware actions, using insurance to offset risk, good IR/PR comms
Mieng-Lim-Ransomware-Best-Practices-p1
Mick Douglas on threat intel, customer worries about being hacked, and more
news, farmers affected by ransomware, protestware for the 3rd time, trusting opensource
Mick Douglas discusses What2Log, and guidance in light of Okta incident
logging analysis, log correlation, and threat analysis dicussion continues - p2
Amanda and Bryan discusses log analysis, finding, IOCs, and what to do about them.
Shannon Noonan and Stacey Cameron - process automation -p2
Shannon Noonan and Stacey Cameron - process automation
K12SIX-project-Doug_Levin-Eric_Lankford-threat_intel-edusec-p2
K12SIX's Eric Lankford and Doug Levin on helping schools get added security -p1
April Wright and Alyssa Miller - IoT platforms, privacy and security, embracing standards
Alyssa Miller, April Wright, on IoT Privacy & Security, using tech for stalking, what could be done? Part1
Bit of news, Belarus train system hack, VMware Horizon vulns, edge network device vulns
April Wright and Alyssa Miller- Open Source sustainabilty
Amélie Koran and Adam Baldwin discuss OSS sustainability, supply chain security,, governance, and outreach for popular applications - part2
OSS sustainability, log4j fallout, developer damages own code-p1
2021-046-Mick Douglas, Log4j vulnerabilities, egress mitigations- part2
2021-045-Mick Douglas, Log4j vulnerabilities, egress mitigations- part1
2021-044-Litmoose discusses stalking and protecting yourself
2021-043- Fred Jennings, Vuln Disclosure policy, VEP, and 0day disclosure - p2
2021-042- Fred Jennings, VDP, Vuln Equity, And 0day disclosure - p1
Blumira Sponsor #3 - Emily Eubanks, more actionable events, incident response help, and more
2021-041-0day disclosure, Randori, FBI email server pwnage
2021-040-Sweden's parents rebel over poor App design, US government forcing patching of systems, and Vuln chaining
2021-039-Minimum Viable vendor security sheet, Federal logging requirements, and more!
SPONSOR-Blumira's Nato Riley on Log Classification, Security Maturity,
2021-038-Liz Saling, 5 pillars of building a good team
2021-037-Tony Robinson, leveraging your home lab for job success - Part2
2021-036-Tony Robinson, twtich breach, @da_667 lab setup new book edition! -part1
2021-035-GRC selection discussion, TechSecChix, and the 'job description problem'
2021-034-Khalilah Scott, good GRC tool practices - part1
2021-033-Kim_Crawley, 8 steps to better security-Part2
SPONSOR: Blumira's Patrick Garrity
2021-032--Author_Kim_crawley-8-Simple_Rules_for_Cybersecurity
2021-031- back in the saddle, conference discussion, company privacy
2021-030-incident response, business goal alignment, showing value in IR -p2
2021-029- incident response, PICERL cycle, showing value in IR, aligning with business goals -p1
2021-028-Rebekah Skeete - social engineering techniques and influences
2021-027-Black Girls Hack COO Rebekah Skeete!
2021-026-Triaging threat research, Jira vulns, Serious Sam vuln, Systemd vulns, and HiveNightmare
2021-025-Dan Borges, Author of Adversarial Techniques from Packt Publishing
2021-024-Dan Borges, Author of Adversarial Techniques from Packt Publishing
2021-023-d3fend framework, DLL injection types, more solarwinds infections
2021-022-github policy updates targeting harmful software, Ms. Berlin discusses WWHF, CVSS discussion
2021-021-Security Sphynx, ZeroTrust, implementation prep- part2
2021-020: Security Sphynx, Preparing for ZeroTrust implementation - Part1
2021-019-Joe Gray, OSINT CTFs, gamifying and motivating to do the right thing
2021-018-LawyerLiz, Pres. Biden's EO, and the clueless professor
2021-017-Joe Gray on his future book, the OSINT loop, motivators, and gamification - part1
2021-016-researchers knowingly add vulnerable code to linux kernel, @pageinsec joins us to discuss -part2
2021-015-researchers knowingly add vulnerable code to linux kernel, @pageinsec joins us to discuss -part1
2021-014-Slipstreaming blocked by Chrome, Slack being used for malware, plus dork and deskjockeys!
2021-013-Liana_McCrea-Garrison_Yap-cecil_hotel, Elisa_Lam-physical_security-part2
2021-012-physical security discussion with @geecheethreat and @garrisony75 -pt1
2021-011- Dr. Catherine J Ullman, the art of communication in an Incident - Part 2
2021-010- Dr. Catherine J Ullman, the art of communication in an Incident - Part 1
2021-009-Jasmine_Jackson-TheFluffy007-analyzing_android_apps-FRida-Part2
2021-008-Jasmine jackson - TheFluffy007, Bio and background, Android App analysis - part 1
2021-007-News-Google asking for OSS to embrace standards, insider threat at Yandex, Vectr Discussion
2021-006-Ronnie Watson (@secopsgeek), building a security monitoring system with ELK, and Wazuh - part2
2021-005-Ronnie Watson (@secopsgeek), building a security monitoring system with ELK, and Wazuh
2021-004-Danny Akacki talks about Mergers and Acquisitions - Part 2
2021-003- Danny Akacki, open communications, mergers&acquistions
2021-002-Elastic Search license changes, Secure RPC patching for windows, ironkey traps man's $270 million in Bitcoin
2021-001-news, youtuber 'dream' doxxed, solarwind passwords bruteforced, malware attacks
2020-046-solarwinds-fireeye-breaches-GE-medical-device-issues-and-2021_predictions
SPONSORED- Nathanael Iversen from Illumio, future of microsegmentation,
2020-045-Marco Salvati, supporting open source devs, incentivizing leeching companies who don't give back- part2
2020-044-Marcello Salvati (@byt3bl33d3r), porchetta industries, supporting opensource tool creators, sponsorship model
2020-043-Software_Defined_Radio-Sebastien_dudek-RF-attacks- IoT and car RF attacks
SPONSORED Podcast: Katey Wood from Illumio on deployment and using WIndows Filtering Platform
2020-042-Kim Crawley and Phillip Wylie discuss "Pentester Blueprint", moving into pentesting career
2020-041- Conor Sherman, IR stories, cost of not prepping for an incident
2020-040- Jeremy Mio, State of Ohio Election Security
2020-039-Philip Beyer-leadership- making an impact
SPONSORED PODCAST: Neil Patel, Illumio on Microsegmentation, and adopting the Zero Trust philosophy
2020-038-Phil_Beyer-etsy-CISO-leadership-making-an-impact
2020-037-Katie Moussouris, Implementing VCMM, diversity in job descriptions - Part 2
2020-036-Katie Moussouris, Vulnerability Coordination Maturity Model, when are you ready for a bug bounty - Part 1
2020-035-ransomware death in Germany, Zerologon woes, drovorub, and corp data on personal devices
2020-034-Fortnite account selling, process change agility, IRS wanting to track the 'untrackable'
2020-033-garmin hack, Tesla employee thwarted IP espionage, Slack RCE payout, and more!
2020-032-Dr. Allan Friedman, SBOM, Software Transparency, and how the sausage is made - Part 2
2020-031-Allan Friedman, SBOM, software transparency, and knowing how the sausage is made
2020-030- Mick Douglas, Defenses against powercat, offsec tool release, SRUM logs, and more!
2020-029- Brad Spengler, Linux kernel security in the past 10 years, software dev practices in Linux, WISP.org PSA
2020-028-Shlomi Oberman, RIPPLE20, supply chain security discussion, software bill of materials
2020-027-RIPPLE20 Report, supply chain security, responsible disclosure, software development, and vendor care.
2020-026- WISP PSA, PAN-OS vuln redux, F5 has a bad weekend, vuln scoring, Twitter advice, and more!
2020-025-Cognizant breach, maze ransomware, PAN-OS CVE 2020-2021, SAML authentication walkthrough
2020-024-Bit of news, Ripple20 vulns, IoT Security, windows error codes, captchas used for evil, Marine Momma
2020-023-James Nelson from Illumio, cyber resilence, business continuity
2020-022-Andrew Shikiar, FIDO Alliance, removing password from IoT, and discussing FIDO implementation
2020-021- Derek Rook, redteam tactics, blue/redteam comms, and detection of testing
2020-020-Andrew Shikiar - FIDO Alliance - making Cybersecurity more secure
2020-019-Masha Sedova, customized training, phishing, ransomware, and privacy implications
2020-018- Masha Sedova, bespoke security training, useful metrics to tailor training
2020-017-Cameron Smith, business decisions, and how it affects Security
2020-016-Cameron Smith, Business decisions and their (in)secure outcomes - Part 1
2020-015-Tanya_Janca-Using Github Actions in your Devops Environment, workflow automation
2020-014-Server Side Request Forgery defense, Tanya Janca, AppSec discussion
2020-013- part 2, education security, ransomware, april mardock, Nathan McNulty, and Jared folkins
2020-012-April Mardock, Nathan McNulty, Jared Folkins, school security, ransomware attacks
2020-011-Alyssa miller, deep fakes, threatmodeling for Devops environments, and virtual conferences
2020-010-Dave Kennedy, offensive security tool release, Derbycom, and Esports
2020-009-Dave Kennedy, Offensive Tool release (Part 1)
2020-008-Nemesis_Taylor Mutch
2020-007-Roberto_Rodriguez-threat_hunting-juypter_notebooks_data-science
2020-006-Roberto Rodriguez, threat intel, threat hunting, hunter's forge, mordor setup
2020-005-Marcus J Carey, red team automation, and Tribe of Hackers book series
2020-004-Marcus Carey, ShmooCon Report, threat simulation
2020-003- Liz Fong Jones, tracking Pentesters, setting up MFA for SSH, and Developer Advocates
2020-002-Liz Fong-Jones discusses blog post about Honeycomb.io Incident Response
2020-001- Android malware, ugly citrix bugs, and Snake ransomware
2019-046-end of the year, end of the decade, predictions, and how we've all changed
2019-045-Part 2-Noid, Dave Dittrich, empowered teams, features vs. security
2019-044-Noid and Dave Dittrich discusses recent keybase woes - Part 1
2019-043-Bea Hughes, dealing with realistic threats in your org
2019-042-CircuitSwan, Gitlabs, Job descriptions that don't suck, layer8con
2019-041-circuitswan, diana initiative, diversity initiatives at conferences
2019-040-vulns in cisco kit, google's project 'nightmare', healthcare data issues, TAGNW conference update
2019-039-bluekeep_weaponized-npm_security_cracks-grrcon_report
2019-038-Deveeshree_Nayak-risk_analysis, and OWASP WIA
2019-038- Ethical dilemmas with offensive tools, powershell discussion with Lee Holmes - Part2
2019-037-Lee Holmes, Powershell logging, and why there's an 'execution bypass'
2019-036-RvrShell-graphql_defense-Part2
2019-035-Matt_szymanski-attack and defense of GraphQL-Part1
2019-034- Tracy Maleeff, empathy as a service, derbycon discussion
2019-033-Part 2 of the Kubernetes security audit discussion (Jay Beale & Aaron Small)
the last Derbycon Brakesec podcast
2019-032-kubernetes security audit dicussion with Jay Beale and Aaron Small
2019-031- Dissecting a Social engineering attack (Part 2)
2019-030-news, breach of PHI, sephora data breach
2019-029-dissecting a real Social engineering attack (part 1)
2019-028-fileless_malware_campaign,privacy issues with email integration-new_zip_bomb_record
2019-027-GDPR fines for British Airways, FTC fines Facebook, Zooma-palooza
2019-026-Ben Johnson discusses hanging your shingle, going independent
2019-025-Ben Johnson discusses identity rights management, and controlling your AuthN/AuthZ issues
2019-024-Tanya_Janca-mentorship-WoSec_organizations_what-makes-a-good-mentor
2019-023-Tanya Janca, Dev Slop, DevOps tools for free or cheap
2019-022-Chris Sanders-Rural_Tech_Fund-embracing_the_ATT&CK_Matrix
2019-021-Chris Sanders discusses a cognitive crisis, mental models, and dependence on tools
2019-020-email_security_controls-windows_scheduler
2019-019-Securing your RDP and ElasticSearch, InfoSec Campout news
2019-018-Lesson's I learned, github breach, ransoming github repos
2019-017-K8s Security, Kamus, interview with Omer Levi Hevroni
2019-016-Conference announcement, and password spray defense
2019-015-Kevin_johnson-incident_response_aftermath
2019-014-Tesla fails encryption, Albany and Sammamish ransomware attacks.
2019-013-ASVSv4 discussion with Daniel Cuthbert and Jim Manico - Part 2
2019-012: OWASP ASVSv4 discussion with Daniel Cuthbert and Jim Manico - Part 1
2019-011-part 2 of our interview with Brian "Noid" Harden
2019-010-Zach_Ruble-building_a_better_cheaper_C2_infra
2019-009- Log-MD story, Noid, communicating with Devs and security people-part1
2019-008-windows retpoline patches, PSremoting, underthewire, thunderclap vuln
2019-007-bsides_seattle_recap-new_phishing_vector-Kernel_use_after_free_vuln
2019-006: CSRF, XSS, infosec hypocrites, and the endless cycle
2019-005: Security Researcher attack, disabling SPECTER, and Systemd discussion
2019-004-ShmooCon, and Bsides Leeds discussion, Facetime bug (with update), a town for ransom
2019-003-Liz Rice, creating processes to shift security farther left in DevOps
2019-002-part 2 of the OWASP IoT Top 10 with Aaron Guzman
2019-001: OWASP IoT Top 10 discussion with Aaron Guzman
2018-045: end of the year podcast!
2018-044: Mike Samuels discusses NodeJS hardening initiatives
2018-043-Adam-Baldwin, npmjs Director of Security, event stream post mortem, and making your package system more secure
2018-042-Election security processes in the state of Ohio
2018-041: part 2 of Kubernetes security insights w/ ian Coldwater
2018-040- Jarrod Frates discusses pentest processes
2018-039-Ian Coldwater, kubernetes, container security
2018-038-InfosecSherpa, security culture,
2018-037-iWatch save man's life, Alexa detects your mood, and post-derby discussion
2018-036-Derbycon 2018 Audio with Cheryl Biswas and Tomasz Tula
2018-035-software bloat is forever; malicious file extensions; WMIC abuses
2018-034-Pentester_Scenario
2018-031-Derbycon ticket CTF, Windows Event forwarding, SIEM collection, and missing events... oh my!
2018-030: Derbycon CTF and Auction info, T-mobile breach suckage, and lockpicking
2018-029-postsummercamp-future_record_breached-vulns_nofix
2018-028-runkeys, DNS Logging, derbycon Talks
2018-027-Godfrey Daniels talks about his book about the Mojave Phonebooth
2018-026-insurers gathering data, netflix released a new DFIR tool, and google no longer gets phished?
2018-025-BsidesSPFD, threathunting, assessing risk
2018-024- Pacu, a tool for pentesting AWS environments
2018-023: Cydefe interview-DNS enumeration-CTF setup & prep
2018-022-preventing_insider_threat
2018-021-TLS 1.3 discussion, Area41 report, wireshark goodness
2018-020: NIST's new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords
2018-019-50 good ways to protect your network, brakesec summer reading program
2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs
2018-017- threat models, vuln triage, useless scores, and analysis tools
2018-016- Jack Rhysider, DarkNet Diaries, and a bit of infosec history (Part 1)
2018-015-Data labeling, data classification, and GDPR issues
2018-014- Container Security with Jay Beale
2018-013-Sigma_malware_report, Verizon_DBIR discussion, proper off-boarding of employees
2018-012: SIEM tuning, collection, types of SIEM, and do you even need one?
2018-011: Creating a Culture of Neurodiversity
2018-010 - The ransoming of Atlanta, Facebook slurping PII, Dridex variants
2018-009- Retooling for new infosec jobs, sno0ose, Jay Beale, and mentorship
BDIR-001: Credential stealing emails, How do you protect against it?
2018-008- ransomware rubes, Defender does not like Kali, proper backups
2018-007- Memcached DDoS, Secure Framework Documentation, and chromebook hacking
2018-006- NPM is whacking boxes, code signing, and stability of code
2018-005-Securing_your_mobile_devices_and_CMS_against_plugin_attacks
2018-004 - Discussing Bsides Seattle, and Does Autosploit matter?
BDIR-000 ; The Beginning
2018-003-Privacy Issues using Crowdsourced services,
2018-002-John_Nye-Healthcare's_biggest_issues-ransomware
2018-001- A new year, new changes, same old trojan malware
2017-SPECIAL005-End of year Podcast with podcasters
2017-042-Jay beale, Hushcon, Apple 0Day, and BsidesWLG audio
2017-041- DFIR Hierarchy of Needs, and new malware attacks
2017-040-Expensify_privacy_issues-Something_is_rotten_at_Apple
2017-039-creating custom training for your org, and audio from SANS Berlin!
2017-038- Michael De Libero discusses building out your AppSec Team
2017-037 - Asset management techniques, and it's importance, DDE malware
2017-036-Adam Shostack talks about threat modeling, and how to do it properly
2017-SPECIAL004- SOURCE Conference Seattle 2017
2017-035-Business_Continuity-After_the_disaster
2017-SPECIAL003-Audio from Derbycon 2017!
2017-034-Preston_Pierce, recruiting, job_descriptions
2017-SPECIAL002-Derbycon-podcast with podcasters (NSF Kids/Work)
2017-033- Zane Lackey, Inserting security into your DevOps environment
2017-032-incident response tabletops, equifax breach
2017-031-Robert_Sell-Defcon_SE_CTF-OSINT_source
2017-030-Vulnerability OSINT, derbycon CTF walkthrough, and bsides Wellington!
2017-029-CIS benchmarks, Windows Update reverts changes used to detect malware
2017-028-disabling WU?, Comcast wireless hack, and was it irresponsible disclosure?
2017-026-Machine_Learning-Market Hype, or infosec's blue team's newest weapon?
2017-025-How will GDPR affect your Biz with Wendyck, and DerbyCon CTF info
2017-024-infosec_mental_health_defcon_contest-with-rand0h-and-tottenkoph
2017-023-Jay_Beale_Securing Linux-LXC-Selinux-Apparmor-Jails_and_more
2017-022-Windows Hardening, immutable laws of security admins, and auditpol
2017-SPECIAL- Michael Gough and Brian Boettcher discuss specific ransomware
2017-021-small_biz_outreach-614con-prenicious_kingdoms-ransomware-bonus
2017-020-Hector_Monsegur_DNS_OSINT_Outlaw_Tech_eClinicalWorks_fine
2017-019-Ms. Jessy Irwin, Effective Training in Small/Medium Businesses
2017-018-SANS_course-EternalBlue_and_Samba_vulnerabilities-DerbyCon contest details
2017-017-Zero_Trust_Networking_With_Doug_Barth,_and_Evan_Gilman
2017-016-Fileless_Malware, and reclassifying malware to suit your needs
2017-015-Being a 'security expert' vs. 'security aware'
2017-014-Policy_writing_for_the_masses-master_fingerprints_and_shadowbrokers
2017-013-Multi-factor Auth implementations, gotchas, and solutions with Matt
2017-012-UK Gov Apprenticeship infosec programs with Liam Graves
2017-011-Software Defined Perimeter with Jason Garbis
2017-010-Authors Amanda Berlin and Lee Brotherston of the "Defensive Security Handbook"
2017-009-Dave Kennedy talks about CIAs 'Vault7', ISC2, and Derbycon updates!
2017-008-AWS S3 outage, how it should color your IR scenarios, and killing the 'whiteboard' interview
2017-007- Audio from Bsides Seattle 2017
2017-006- Joel Scambray, infosec advice, staying out from in front of the train, and hacking exposed
2017-005-mick douglas, avoid bad sales people, blue team defense tools
2017-004-sandboxes, jails, chrooting, protecting applications, and analyzing malware
2017-003-Amanda Berlin at ShmooCon
2017-002: Threat Lists, IDS/IPS rules, and mentoring
2017-001: A New Year, malware legislation, and a new cast member!
2016-051: Steps to fixing risks you found, and the State of the Podcast
2016-050: Holiday Spectacular with a little help from our friends!
2016-049-Amanda Berlin, the art of the sale, and Decision making trees
2016-048: Dr. Gary McGraw, Building Security into your SDLC, w/ Special guest host Joe Gray!
2016-047: Inserting Security into the SDLC, finding Privilege Escalation in poorly configured Linux systems
2016-046: BlackNurse, Buenoware, ICMP, Atombombing, and PDF converter fails
2016-044: Chain of Custody, data and evidence integrity
2016-043: BSIMMv7, a teachable moment, and our new Slack Channel!
2016-042-Audio from Source Seattle 2016 Conference
2016-041- Ben Johnson, company culture shifts, job descriptions, cyber self-esteem
2016-040: Gene_Kim, Josh_Corman, helping DevOps and Infosec to play nice
2016-039-Robert Hurlbut, Threat Modeling and Helping Devs Understand Vulnerabilities
2016-038-Derbycon Audio and 2nd Annual Podcast with Podcasters!
2016-037: B1ack0wl, Responsible Disclosure, and embedded device security
2016-036: MSSP pitfalls, with Nick Selby and Kevin Johnson
2016-035-Paul Coggin discusses the future with Software Defined Networking
2016-034: Sean Malone from FusionX explains the Expanded Cyber Kill Chain
2016-033: Privileged Access Workstations (PAWs) and how to implement them
2016-032-BlackHat-Defcon-Debrief, Brakesec_CTF_writeup, and blending in while traveling
2016-031:DFIR rebuttal and handling incident response
2016-030: Defending Against Mimikatz and Other Memory based Password Attacks
2016-029: Jarrod Frates, steps when scheduling a pentest, and the questions you forgot to ask...
2016-028: Cheryl Biswas discusses TiaraCon, Women in Infosec, and SCADA headaches
2016-027: DFIR conference, DFIR policy controls, and a bit of news
2016-026-powershell exfiltration and hiring the right pentest firm
2016-025-Windows Registry, Runkeys, and where malware likes to hide
2016-024: Kim Green, on CISOaaS, the Redskins Laptop, and HIPAA
2016-023- DNS_Sinkholing
2016-022: Earl Carter dissects the Angler Exploit Kit
2016-021: Carbon Black's CTO Ben Johnson on EDR, the layered approach, and threat intelligence
2016-020-College Vs. Certifications Vs. Self-taught
2016-019-Creating proper business cases and justifications
2016-018-software restriction policies and Applocker
2016-017-The Art of Networking, Salted Hashes, and the 1st annual Podcast CTF!
2016-016-Exploit Kits, the "Talent Gap", and buffer overflows
2016-015-Dr. Hend Ezzeddine, and changing organizational security behavior
2016-014-User_Training,_Motivations,_and_Speaking_the_Language
2016-013-Michael Gough, the ISSM reference model, and the 5 P's
2016-012-Ben Caudill on App Logic Flaws, and Responsible Disclosure
2016-011-Hector Monsegur, deserialization, and bug bounties
2016-010-DNS_Reconnaissance
2016-009-Brian Engle, Information Sharing, and R-CISC
2016-008-Mainframe Security
2016-007-FingerprinTLS profiling application with Lee Brotherston
2016-006-Moxie_vs_Mechanism-Dependence_On_Tools
2016-005-Dropbox Chief of Trust and Security Patrick Heim!
2016-004-Bill_Gardner
2016-003-Antivirus (...what is it good for... absolutely nothing?)
2016-002-Cryptonite- or how to not have your apps turn to crap
2016-001: Jay Schulmann explains how to use BSIMM in your environment
2015-054: Dave Kennedy
2015-053: 2nd annual podcaster party
2015-052: Wim Remes-ISC2 board member
2015-051-MITRE's ATT&CK Matrix
2015-049-Can you achieve Security Through Obscurity?
2015-048: The rise of the Shadow... IT!
2015-047-Using BSIMM framework to measure the maturity of your software security lifecycle
2015-046: Getting Security baked in your web app using OWASP ASVS
2015-045: Care and feeding of Devs, podcast edition, with Bill Sempf!
2015-044-A MAD, MAD, MAD, MAD Active Defense World w/ Ben Donnelly!
2015-043: WMI, WBEM, and enterprise asset management
2015-042: Log_MD, more malware archaeology, and sifting through the junk
Derbycon Audio - post-Derby interviews!
Derbycon - A podcast with Podcasters! *explicit*
2015-040; Defending against HTML 5 vulnerabilities
2015-039: Hazards of HTML5
2015-038-Influence Vs. Mandate and Guardrails vs. Speedbumps
2015-037-making patch management work
2015-036: Checkbox security, or how to make companies go beyond compliance
2015-035: Cybrary.it training discussion and Bsides Austin Panel
Flashback: 2014-001_Kicking some Hash
2015-034: SANS Top20 Security Controls #9 - CTFs - Derbycon dicsussion
2015-033: Data anonymization and Valuation, Privacy, and Ethical medical research
2015-032: Incident response, effective communication, and DerbyCon Contest
2015-031: Fab and Megan-High_Math-Psychology_and Scarves
2015-030: Bsides Austin panel Discussion (Red Team vs. Blue Team)
2015-029: Big Brown cloud honeyblog with @theroxyd
2015-028: using log analytics to discover Windows malware artifacts
2015-027- detecting malware in Windows Systems with Michael Gough
2015-026- Cloud Security discussion with FireHost
2015-025: Blue Team Army, Powershell, and the need for Blue team education
2015-024: Is a good defense the best offense? Interview w/ Mick Douglas!
2015-023_Get to know a Security Tool: Security Onion!
2015-022: SANS Top 25 Critical Security Controls-#10 and #11
2015-021: 24 Deadly Sins: Command injection
2015-020 - Deadly Programming Sins - Buffer Underruns
2015-018- How can ITIL help you flesh out your infosec program?
2015-017: History of ITIL, and integrating Security
2015-016: Special Interview: Cybrary.it
2015-015: 2015 Verizon PCI report
2015-014-SANS Top 20 Controls - #12 and #13
2015-013-Hackerspaces and their sense of community
2015-012-Fill In podcast with Jarrod and Lee!
2015-011- Why does BeEF and metadata tracking keep I2P developers up at night?
2015-010 - How can you use I2P to increase your security and anonymity?
2015-009-Part 2 with Pawel Krawczyk
2015-008- Make your web Apps more secure with Content Security Policy (part 1)
2015-007-SANS_Top20_14and15--Proving_Grounds_Microcast with Megan Wu!
2015-006- Is your ISP doing a 'man-in-the-middle' on you?
2015-005: Threat Modeling with Lee Brotherston
2015-004-SANS Top 20: 20 to 16
All About Tor
Episode 2: Big Trouble in Small Businesses
2015-001- "unhackable" or "attacker debt"
Is Compliance running or ruining Security Programs?
Brakeing Down/Defensive Security Mashup!
Tyler Hudak (@secshoggoth) Discusses incident respose, and DIY malware research
Tyler Hudak discusses malware analysis
Part 2 w/ Ben Donnelly -- Introducing Ball and Chain (making password breaches a thing of the past)
Active Defense and the ADHD Distro with Ben Donnelly
WebGoat install video with Mr. Boettcher!
Active Defense: It ain't 'hacking the hackers'
Interview Part 2 with Paul Coggin: Horror stories
Interview with Paul Coggin (part 1)
Learning about SNMP, and microinterview with Kevin Johnson
Keep Calm and take a tcpdump! :)
Part 2 with Jarrod Frates - how pentesting is important
DerbyCon report and Shellshock news
Marcus J. Carey Interview Part 2 - China, IP, coming cyber war
Video: Using GPG and PGP
Marcus J. Carey, FireDrillMe, and the Rockstars of Infosec
Mr. Boettcher interviewed Ed Skoudis!
Malware, Threat Intelligence, and Blue Team talks at cons -- with Michael Gough Pt.2
Malware, and Malware Sentinel -- with Michael Gough Pt.1
Reconnaissance: Finding necessary info during a pentest
Mr. Boettcher made a thing! Setting up a proper Debian install!
Ratproxy and on being a better Infosec Professional
Introduction to Nmap, Part 2
Risk Management discussion with Josh Sokol - Part 2
Interview with creator of Simple Risk, Josh Sokol! (Part 1)
Flashback: Sqlmap - a little how-to, and getting your developers involved in using it.
Part 2 with Georgia Weidman!
Nmap (pt1)
Part 1 with Author and Mobile Security Researcher Georgia Weidman!
Establishing your Information Security Program - Part 2
Establishing your Information Security Program - Part 1
OWASP Top Ten: 1-5
OWASP Top Ten: Numbers 6 - 10
Talk with Guillaume Ross - Part 2 (all things cloud)
It all goes in "the cloud" (Part 1)
Video 2: BONUS!!!! Kismet Video!
Wireless scans with Kismet and Aircrack-ng
PGP and GPG -- protect your data
clearing up some terminology (hashing, encryption, encoding)
Browsing more Securely
Mandiant 2014 threat report
Episode 13 - 2014 Verizon PCI Report
Episode 12, Part 2 of our interview with Phil Beyer!
Special Report: Heartbleednado-apoco-geddon
Episode 11, Part 1: Interview with Phil Beyer
Video1: quick renaming shortcut with Sed
Phil Beyer's talk at Bsides Austin
Episode 10: IDS/IPS
Episode 9: Framework for Improving Critical Infrastructure Cybersecurity
Episode 8: Why a simple password is not so simple...
Episode 7, Part 2 with Kevin Johnson from SecureIdeas!
Episode 7, Part 1 - Kevin Johnson of SecureIdeas!
Episode 6 - Malware Interview with Michael Gough (Part 2)
Episode 6 - Malware Interview Michael Gough (Part 1)
Episode 5 - Interview with Frank Kim
Episode 4: Origin stories, and talking about reconnaissance
Episode 3 - Alerts, Events, and a bit of incident response
Episode 2 -- Feeling Vulnerable? - Vulnerability scanners - Go Exploit Yourself
Episode 1: Kicking some Hash!