Ben Johnson is founder and CTO of Obsidian Security and formerly of Carbon Black and the National Security Agency. We met in San Francisco while Ben was in town for RSA 2018. In the interview we discuss his work and how the movie Enemy of the State inspired him to join the NSA. We also discuss GDPR and other cybersecurity related stuff.
My guest this episode is social engineering guru Joe Gray. Joe is a Senior Security Architect at IBM and has his own blog and podcast called Advanced Persistent Security. Joe presented a talk at RSA this year with friend of the show Rachel Tobac on social engineering and OSINT which I posted the full audio of here. Joe spoke with me about Social Engineering, OSINT, vishing, SECTFs, password inspections and more!
After her talk she spoke with me about the evolution of bug bounty programs, her work in developing ISO standards for vulnerability disclosure, her path to a career in information security and much more.
A simulated compromise of a Fortune 500 company as part of a social engineering competition will lead to discussion about how data was collected using open source intelligence (OSINT) beyond that of social media and tools. It will identify places to find data, providing insight for more valuable data sources. This will include a demo of OSINT techniques, phishing and a pretexting discussion.
1: Learn how to defend against social engineering.
2: Understand the relative ease in collecting open source intelligence (OSINT).
3: Learn more about the tools and techniques used in social engineering.