Home  /  Podcast Directory  /  Technology  /  The Standard Deviant Security Podcast


Last update: 2015-08-23

#9 - Justin Engler on secure messaging for normal people

2015-08-23
Length: 51s

Episode #9 of the Standard Deviant Security Podcast is all about secure messaging on the Internet. Privacy and confidentiality is a very important topic and the constant data breaches and privacy violations we see in the news where users personal information is exposed really emphasizes how serious it is. We're going to be talking about secure messaging and some of the underlying cryptographic technologies that facilitate secure communications. It’s usually a very complex concept and it's not easy for most people to follow, so I've invited Justin Engler to the podcast. I had the pleasure of seeing his talk at DEF CON 23, which took the complicated topic of secure communications and cryptography and made it very understandable for people who aren't experts in the field.

Justin explains the basics, such as the difference between an unsecured message and a secure message, the common threat actors regular users have to be concerned about and key exchange. We also have a chance to discuss a very cool project he worked on a few years ago – a robot that guesses and enters 4-digit PINs!

Justin Engler is a Principal Security Consultant with NCC Group. Justin has been involved in application security assessments of many open and closed source messaging applications and other related technologies. He has spoken previously at DEF CON, BlackHat, Toorcon, and other regional events. Justin has 5 years of security consulting experience and has been involved in security, software development, and IT professionally for over 10 years.

You can follow Justin on Twitter @justinengler.

Please follow the Standard Deviant Security Podcast on Twitter @standeviant and visit the website at www.thestandarddeviant.com.

x

Share: #9 - Justin Engler on secure messaging for normal people


#8 - Jeena Cho on work stress, burnout, dealing with trolls and training your mind for optimal performance

2015-08-11
Length: 56s

We're going to do something a little different this episode and take a slight departure from the usual topics of cyber security, vulnerabilities and hacks and take a look at career and personal development.

In the last episode, #7, with Jack Daniel and in episode #1 with Bill Brenner we briefly covered the subjects of work stress, burn-out and depression. This is a subject that is near and dear to me because I have, at various points in my career, suffered from all three. Those of us in Information Technology and Information Security know these conditions all too well: we work in high pressure, high stress jobs in which the stakes are very, very high. Most companies now depend on  IT systems for their very survival and those of us that maintain and secure those systems feel the daily stress.

Joining me for Episode #8 of the Standard Deviant Security Podcast is a good friend of mine, Jeena Cho. Jeena isn't in security - she's an attorney so she knows a thing or two about managing the stress of a demanding career. We discuss work stress, coping with depression, silencing the inner critic, imposter syndrome and dealing with trolls. We also discuss something that myself, Jeena, Marc Benioff, Howard Stern, Ray Dalio and Russell Simmons all have in common - we meditate. It's how we unlock high performance, greater focus and keep depression in check.

Jeena Cho is co-founder of JC Law Group PC, a bankruptcy law firm in San Francisco, CA. She is also the author of the upcoming American Bar Association book, "The Anxious Lawyer: An 8-Week Guide to a Happier, Saner Law Practice Using Meditation." She offers training programs on using mindfulness and meditation to reduce stress while increasing focus and productivity. She's the co-host of the Resilient Lawyer podcast.

You can reach her smile@theanxiouslawyer.com or on Twitter at @jeena_cho.

Please follow the Standard Deviant Security Podcast on Twitter @standeviant and visit the website at www.thestandarddeviant.com.

x

Share: #8 - Jeena Cho on work stress, burnout, dealing with trolls and training your mind for optimal performance


#7 - Jack Daniel on the history of Security BSides

2015-07-27
Length: 1s

Security BSides Las Vegas is right around the corner, August 4th and 5th. Security BSides is unlike any other security conference out there – it’s community driven, completely open (anyone can spin up a BSides in their city) and it has spread like wildfire. Now, in 2015, BSides events are held all over the US, in Europe, Asia, Africa and South America.

BSides Las Vegas was the very first in July 2009 and it’s still the largest. Anyone who has been to a BSides, whether it’s a very large one or one of the smaller events, knows the speaker quality and grassroots origins make it a very special and important part of our community.

Episode #7 of the Standard Deviant Security Podcast is dedicated to the history of BSides, BSides Las Vegas and community building in information security. Joining us is Jack Daniel, a co-founder of Security BSides. We will discuss exactly what BSides is, how and why BSides was started and how to get involved. We also discuss the implication that the security community can be “cliquey” and how to overcome that perception, if you feel that way.

Jack Daniel works for Tenable Network Security, has over 20 years' experience in network and system administration and security, and has worked in a variety of practitioner and management positions.

A technology community activist, he supports several information security and technology organizations. Jack is a co-founder of Security BSides, serves on the boards of three Security BSides non-profit corporations, and helps organize Security B-Sides events.

Jack is a frequent speaker at technology and security events. An early member of the information security community on Twitter, @jack_daniel is an active and vocal Twitter user. Jack is a CISSP, holds CCSK, and is a Microsoft MVP for Enterprise Security.

Please follow the Standard Deviant Security Podcast on Twitter @standeviant and visit the website at www.thestandarddeviant.com.

x

Share: #7 - Jack Daniel on the history of Security BSides


#6 - Megan Penn on organized cyber crime, violent extremist organizations and getting started in the field

2015-07-13
Length: 52s

Episode #6 of the Standard Deviant Security Podcast is an exploration into the world of organized cyber crime, the online operations of terrorist groups and government policies combatting cyber espionage. Our guest is Megan Penn, who researches cyber security policy, violent extremist organizations and many other related topics.

We cover many subjects, ranging from data theft at e-waste sites, to why ISIS is so successful at using social media tools, to China’s cyber espionage efforts. Additionally, Megan offers invaluable advice for people that want to get into the cyber security field, but don’t have a programming or computer science background.

Megan Penn is a recent graduate from the George Washington University, where she received her M.A. in Security Policy Studies from the Elliott School of International Affairs. During her degree, Megan concentrated on transnational security issues, specifically non-state actors and human security, and cyber security policy, a self-designed concentration to include courses in information technology policy and engineering management. Her final co-authored capstone offered policy recommendations for the U.S. government in countering violent extremism online. Although new to cyber security, Megan has been published in Canada and the U.S. on cyber security policy, mobile technology, and cyber crime.

You can follow Megan on Twitter @megantiffany12.

Please follow the Standard Deviant Security Podcast on Twitter @standeviant and visit the website at www.thestandarddeviant.com.

x

Share: #6 - Megan Penn on organized cyber crime, violent extremist organizations and getting started in the field


#5 - Ken Westin on trust: losing it and how we can get it back

2015-07-04
Length: 43s

Episode #5 of the Standard Deviant Security Podcast focuses on the topic of trust with Ken Westin of Tripwire Inc. Ken has done a lot of work and research on this topic and has very insightful commentary on the subject. The Internet, when it was first conceived and designed, was built around a model of implicit trust - people and devices just trusted each other. Fast forward 40 some years and now we deal with all sorts of activity that can harm data, reputation, and people - activities that the original creators of the Internet probably couldn’t even conceive of. We've added on technology that increases trust and mitigates risk of data breaches, DDoS attacks, organized crime rings and other threats but significant risk still exists and seems to be increasing. Where is the security industry succeeding and where is it failing?

Ken is a Senior Security Analyst at Tripwire Inc., with 15 years of experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and has won awards from MIT, CTIA, Oregon Technology Awards, SXSW, Entrepreneur and named in Portland Business Journal's 2013 "40 Under 40". He has worked with law enforcement and journalists utilizing various technologies to unveil organized crime rings, recover stolen cars, even a car jacking amongst other crimes.

You can follow Ken on Twitter: @kwestin

Please follow the Standard Deviant Security Podcast on Twitter @standeviant and visit the website at www.thestandarddeviant.com.

x

Share: #5 - Ken Westin on trust: losing it and how we can get it back


#4 - Jay Jacobs on the cost of a data breach

2015-06-19
Length: 43s

The Verizon Data Breach Investigations Report (DBIR) is one of the most, if not the most, widely read and well respected annual security reports in the industry. The report analyzes nearly 80,000 cyber attacks based on contributions from 70 organizations. The resultant data is staggering - and publicly available through the VERIS framework for everyone to benefit from. The DBIR team then analyzes the data for the better part of a year and comes up with a pretty amazing report. The report gives analysis on cyber attacks broken down by victim industry, method of attack, the target and many other vectors.

This year the DBIR tackled the cost of a data breach. For the last decade or so the standard accepted by the industry was the Ponemon Institute's model. The latest DBIR offers a new model, one that is build on a completely different data collection method than Ponemon's.

This new model ended up causing quite a bit of commotion, controversy and media attention because the conclusion is starkly different than the previously established model. The guest for episode #4 of the Standard Deviant Security Podcast is Jay Jacobs, a Security Data Scientist at Verizon and a co-author of their annual Data Breach Investigation Report. We discuss the controversy, the new model for ascertaining the cost of a data breach and much more.

In addition to being a co-author of he Verizon Data Breach Investigations Report, he is a co-author of "Data Driven Security", a book covering data analysis and visualizations for information security and also hosts a podcast for data driven security and blogs at datadrivensecurity.info.  Jay is also a co-founder of the Society of Information Risk Analysts and currently serves on the organization's board of directors.

Follow Jay on Twitter @jayjacobs.

Please follow the Standard Deviant Security Podcast on Twitter @standeviant and visit the website at www.thestandarddeviant.com.

x

Share: #4 - Jay Jacobs on the cost of a data breach


#3 - Melanie Ensign on reputation management in Information Security

2015-06-06
Length: 45s

People that work in the security field are talented, courageous, strong individuals that often toil tirelessly to make the world a better place. However, people outside of the security community don’t always see all of the positive qualities and instead define us by some of our worst elements – cranky, inept people whose behavior borders on criminal activity. We all know this isn’t the case at all, but how did we get here and how can we fix it?

Episode #3 of The Standard Deviant Security podcast features a discussion about communication, public relations and reputation management in Information Security with Melanie Ensign. Melanie is a security communications advisor with experience counseling Fortune 500 companies across a range of disciplines including media relations, employee awareness, incident response, hacker relations, disclosure incentives, social engagement, and public policy. She also serves as public relations Goon for DEF CON and r00tz Asylum. Melanie holds a Master of Science degree in corporate public relations from Boston University.

Melanie discusses some of the perception and reputational issues the security community currently has and offers great advice on how we all can deal with the media attention that has been put on security, seemingly overnight. We also discuss how to deal with media and journalists, how to best communicate security concepts to business people, how to make Information Security more inclusive and many other topics.

Everyone in the security field, from academics to penetration testers will get a lot of value from the interview and learn how we can all put our best foot forward.

Please visit Melanie on Twitter at @imeluny and check out r00tz Asylum (www.r00tz.org), a great non-profit that Melanie is involved in that teaches kids how to love being white-hat hackers.

Please follow the Standard Deviant Security Podcast on Twitter @standeviant and visit the website at www.thestandarddeviant.com.

x

Share: #3 - Melanie Ensign on reputation management in Information Security


#2 - Dr. Brandon Valeriano on cyber war, cyber hype and recent conflicts

2015-05-31
Length: 45s

There are some that would lead us to believe that we are on the verge of a "cyber 9/11" or a "cyber Pearl Harbor," but the evidence and facts do not match up with the rhetoric. Episode #2 features an interview with Dr. Brandon Valeriano. He is a Senior Lecturer at the University of Glasgow and the author of several books, with the two most recent ones being "Russia's Coercive Diplomacy: Energy, Cyber, and Maritime Policy as New Sources of Power and "Cyber War versus Cyber Reality: Cyber Conflict in the International System," both co-written with Dr. Ryan Maness.

Dr. Valeriano makes the argument that we are not on the verge of cyber war and demonstrates that nations that do have significant cyber capabilities show remarkable restraint and will continue to do so. We also discuss cyber espionage, the actual capabilities that some nations have and examine notable examples, such as Operation Olympic Games.

Please follow the Standard Deviant Security Podcast on Twitter @standeviant and visit the website at www.thestandarddeviant.com.

x

Share: #2 - Dr. Brandon Valeriano on cyber war, cyber hype and recent conflicts


#1 - Bill Brenner on security journalism, airplane hacking, OCD and heavy metal

2015-05-29
Length: 55s

Here we go! The very first episode of The Standard Deviant Security Podcast

The first episode features an interview with Bill Brenner. Bill is well known in the security community for his prolific writing and podcasting on Internet security. He currently works at Akamai technologies as Senior Technical Writer and Bill also blogs about the wider security industry at Liquidmatrix.org and Dark Reading. Unrelated to security, he also writes about mental health issues at The OCD Diaries.

Please follow the Standard Deviant Security Podcast on Twitter @standeviant and visit the website at http://www.thestandarddeviant.com.

x

Share: #1 - Bill Brenner on security journalism, airplane hacking, OCD and heavy metal


The Standard Deviant Security Podcast

The Standard Deviant Security Podcast is a bi-weekly show that takes an in-depth look at the people behind the cyber security stories you hear in the news. Each episode cuts through the noise and hype to deliver compelling and entertaining interviews with people that are challenging the status quo. Hosted by Tony Martin-Vegue -- www.thestandarddeviant.com

The Standard Deviant Security Podcast


Switch to our mobile site