Category Archives: infosec

PODCAST: Ray Watson

HFeL7OPC_400x400

Ray Watson

This episode’s guest is Ray Watson who presented at Black Hat 2017. He joins me to talk about hacker history and share some of his infosec pet peeves. We recorded this interview in July 2017 during the week of Black Hat and DEFCON in Las Vegas. His talk was entitled “Jedi Masters, Sith Lords, and Droids: 5 Generations of Hacking” and can be seen in it’s entirety below.

DFsvjCCUMAAC8dx

Ray and Vince hanging out after recording the podcast interview.

 

Tagged , , , , , ,

PODCAST: Physical Pen-testing with Jek Hyde

Jek-Hyde-baby-bump-pic-bathroom-1Guest Jek Hyde of Sincerely Security with prosthetic “baby bump.”

My guest this episode is “Jek” a social engineer/pen-tester who recently live tweeted a real world penetration test in which her team successfully breached a client’s corporate offices and networks. We talk about how she got into social engineering and information security. It was fun to learn about her experiences and pick up a few tips and tricks as I prepare for the Social Engineering Capture The Flag competition at DEFCON next week!

Tagged , , , , , , , , , , , , , , , , , , ,

BrightTALK webinar: Google Docs Phishing Scam

What-is-google-docs-phishing-slide-2

ICYMI: I moderated a BrightTALK webinar on the recent Google Docs phishing attack.

Join BrightTALK and check out this informative panel discussion featuring myself along with panelists Nathan Wenzler and Kowsik Guruswamy.

This slideshow requires JavaScript.

A massive phishing campaign targeting Google accounts ripped through the internet on a Wednesday afternoon in early May. Phishing scams are pretty common. What sets this scam apart is that it is more convincing than most. The email takes users who click on the file to a legitimate Google sign-in screen to grant permissions. If you received the email or are concerned you might be targeted next, join this interactive Q&A panel to get the facts and protect your account and your organization.

We discuss:
– What is the Google Docs email scam?
– How is this scam different from other phishing scams?
– What’s the deal with Eugene Pupov?
– Who’s at risk and how can you avoid being a victim?
– What can we expect in the future?

Moderator:
– Vince Tocce, Vince in the Bay Podcast

Speakers:
– Nathan Wenzler, Chief Security Strategist at AsTech Consulting
– Kowsik Guruswamy, CTO for Menlo Security

Follow me on Twitter!

Tagged , , , , , , , , , , , , , , , , ,

PODCAST: RSA Conference 2017

RSAC2017-Banner

LISTEN TO FULL PODCAST

Another year, another wave of security incidents and threat models to keep the cybersecurity industry busy. So there was plenty to discuss and share as the InfoSec community flocked to San Francisco for the annual RSA Conference last month.

RSAC2017-escalator1

A view from the escalator as I descend into the bowels of RSAC 2017.

As always, the latest trends in the industry were addressed. Large data breaches, quickly growing threat models, security education, political hacking, and the risks posed by the Internet of Things were common threads throughout many of the keynotes, sessions, workshops, expos, and general chatter among attendees.

RSAC has more of a trade show feel compared to other security conferences so I’ve learned over the years that it’s best to approach the conference as an opportunity to meet and network with industry experts. This year I spent less time attending the talks and more time meeting with the players in the industry who are there to make deals and form partnerships.

However, I did catch several enlightening talks and panel discussions featuring the likes of ex-CIA operative Valerie Plame, security guru Bruce Schneier, researcher Rob Graham, people-security expert Masha Sedova, and security consultant Jeff Carr. Also enjoyed the entertaining keynotes by Late Night host Seth Meyers and astrophysicist Neil deGrasse Tyson.

This slideshow requires JavaScript.

CHECK OUT ROB GRAHAM’S TALK ON MIRAI AND IoT BOTNETS HERE!

Throughout the week I was lucky to catch up with several industry professionals representing some of the top tier firms in the cybersecurity sector who shared their take on the challenges and trends facing cybersecurity firms, their clients, and end users.

This episode of the podcast features interviews collected at RSAC 2017.

BIG THANKS TO THE GUESTS ON THIS EPISODE!!

Dave-Lewis-Akamai

Dave Lewis

Dave Lewis – Akamai

rob-graham

Rob Graham – Errata Security

Donald-Meyer

Donald Meyer

Donald Meyer – Check Point Software

Dario

Dario Forte

Dario Forte – DFLabs

Sebastian, Alex and SelenaOnapsis

Scott-Bollinger

Scott Bollinger

Scott Bollinger – Security Researcher

Jeff-Carr

Jeffrey Carr

Jeffrey Carr – 20K League

DOWNLOAD FULL PODCAST MP3

SUBSCRIBE on iTunes, GooglePlay, Stitcher, and Soundcloud!!

1-logo-itunesgoogleplay-logostitcher-logo

Follow on Twitter!