Видео

jackbooted thugs? so you're on the side of the DDOS

I am leaving a comment for the RUclips algorithm. Hello and hope you have a lovely day. :)

Great session, learnt good ways of threat modelling.

The Sneakers t-shirt is indeed very nice.

Isn't true generative AI most beneficial if we can't predict the end result?

"Doom for Windows 3.1"

That quote is from Armageddon said by Steve Buscemi

Aryon land 😅👍

Is CrowdStrike speaking at your convention? ;-)

it's really great

Darktrace is a leader in this space, check us out!

This episode is so timely, considering ... 😬

NIST 800-14 General guidelines for Secure software applications I bet the next security audit is going to be brutal - We are effectively synergizing backward outflow for upward revenue stream dynamics REMEMBER BASELINE CONTROLS SATISFY REQUIREMENTS

Updating the kernel daily without testing, using cheap labor? what can go wrong?

Good to hear that about team work. Thanks

error when importing the module, could you explain it? Import-Modul.\Mailsniper.ps1 : The term 'Import-Modul.\Mailsniper.ps1' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + Import-Modul.\Mailsniper.ps1

Awesome episode!!!!

Tyler is missing something in blaming customer when okta support explicitly states don't upload passwords.. what happens when a customer asks for help to remove passwords.. Often, support isn't going to be helpful.. when that happens the requirement to remove becomes unsupportable as a way to remove responsibility from Okta.

Speedway gas stations were also done. Some smaller stations were cash only in ohio

Maybe its time for IBM to take the lead and provide closed systems for critical infrastructure and captured servers running Linux with mainframe backends. The cloud and Microsoft along with connectionless protocols (IP) are not really suited for critical systems. BTW-VPN will not save you. Devops is death for these systems as well.

Love listening to you!! I work for Amazon Transportation Department. Most sites in North America are still able to send stuff out via trucks. Most of the issues we faced was workstations with BSOD, but there are was around the system to get trucks in and out. At least for those of us who have been around for a while and recall doing things before automation was put in.

The "workaround" is there and very easy. There is no reason to "PANIC"...if the servers are repaired...(by deleting a bunch dumb .sys files) and restarting. It takes a minute.

how do you “beta test” something that is used throughout all major industries. complete incompetence on MS.

I worked IT for almost 20 years. I feel for ALL of the poor agents having flipped out customers. All the best folks. I hope this is not some kind of "test run"? 🤔

Great video on this!

i had a feeling you would cover this! thanks

6:46 I also got the Zero W deal on prime day! I’m wanting to try my hand at a Pwnagotchi or Pi-hole

According to ‘Psychology’ fifth addition by Schacter, Gilbert, Nock, and Wegner, chapter 10: Emotional Intelligence is defined as the ability to reason about emotions and to use emotions to enhance reasoning. It is the type of intelligence that allows you to tell a friend that she talks too much without hurting their feelings, calm yourself down and cheer yourself up after a failed test, and recognizing whether you are angry or anxious. Emotional intelligent people know what kinds of emotions a situation will trigger; they can identify, describe, and manage their emotions; they know how to use their emotions to improve their decisions; and they can better identify other people’s emotions through facial expressions and tones of voice. This is very important for social relationships. They have better social skills and more friends, judged to be more competent in their interactions, and they have better romantic and workplace relationships. Emotional intelligent people tend to be happier and more satisfied with their lives. Emotional intelligence is one of the middle-level abilities that the data-based approach has missed.

Had to listen to this podcast, rather than watch, out of solidarity for my Mavericks 😂

Emotion is not.intelligence, intelligence requires logic

Great stuff from NightWing listening to this. They understand the issues a lot of people talk about .

Thanks.

Ask Timothy what he's looking for. I am a beginner programmer looking to land a job in cybersecurity.

His camera is a potato lolzz

I am the new viewer. The one who didn’t know what SOHO meant. Thank you for the explanation 😂

Cyborgs Unite! Great show, was a good watch.

Thank you for having me on your show. It was a pleasure!

You guys are amazing. Aaran was my inspiration to get into cyber. Now I’m an analyst. Today analyst, tomorrow ransomware Pinky.

ı enjoyed the ıntro a lot

Only get hands dirty with deep dives if directly relevant to current projects.. too many rabbit holes.. I pick ones that may have most value in as many different activities as possible

40:00 boom, this is a boom moment in this excellent interview. the reason is that security requirements ARE product requirements, and they cant be treated like a separate set of requirements, they are engineering requirements and they need to be included in the overall planned engineering effort. so many times security is an afterthought, consider the length and frequency of the CISA alert list. The engineers must own their requirements, including the security requirements, so we've found methods to improve this by compelling leadership to insist that security requirements are planned and not foisted on engineers as extra work. product management must lead and set the tone for this, and program management must step up and start tracking everything security related, as well. secondly, the good-engineer is delighted to see me, because i represent a body of knowledge that can only be gained through experience, and our advisement and insights are invaluable, esp when considering the broad range of inexperienced, or rather, "specialized" engineers that companies employ today. it takes only one ill-managed moment to assign the wrong task to an engineer not well-prepared for it, and this may introduce defects that result in loss of human lives. to avoid that, we must build product security teams that operate pen-test labs continously testing releases. we must introduce hands-on security-focused attacker-mindset engineering concepts for the engineers, and we must have leeadership understanding that they must aquire a technical security vocabulary and use it. directors and above should have security leadership training, and should get it from outside the org, like from SANS or something other than their own intenral groups. also, the security team should report outside the engineering management chain, and significantly higher in the chain than the lowest engineering director. directors are typically failed engineers, but then again, what is a title. its all bs at the end of the day.

So good to watch and learn about IDR. Thanks for your sharing your view Dave and we are implementing the same!

Bhavanasinghthapa halooo if weafgf more hoo

Bhavanasinghthapa nmaste . Do good and happy day.

Everyone who works in IT has to know something about security. From the website designer who is building the forms, or setting up the eCommerce, to the janitor who is always on the look out for open doors, to the help desk agent who is setting GPO and changing passwords. To say only pentesters and SOCs are security is probably why organizations are so poorly trained, why the people on the front lines are constantly left out of the conversation, and why we keep losing. Utah? Where the data centers are? BTW, this video is poorly linked. I had to search for it. Part 2 is saying some really great stuff. More people should see it. Jeff, I love you man, but you're fixed on this notion (and I know devils advocate is your job as the host) that you or people exactly like you, are the only ones who can do this job because you've been in it so long. Yes, you have a unique perspective, but it's not the only perspective that matters or is helpful. People are born everyday that are (and are going to be) better than you, me, whoever. The world goes on whether we're in it or not. If we both got hit by a bus tomorrow cybersecurity goes on and someone will fill that position who probably comes from a far more impressive background because they had more resources to draw from than you did. When you started there was no this, this or that. When they started, there was.

I know I'm 2 years late on this video, but what's striking is watching 2 guys refuse to believe that anyone else can do or even learn their job or any job related to security unless they've been around since before AOL chat rooms. I appreciate that you've been around since back in the day, you have much to teach. Teach and stop keeping a such a tight grip on the industry as if you're going to live forever, and when you do go, you're going to take it with you. How are all the old schoolers going to leave the industry? Better than they found it? Or are they going to work until they die and take it all with them? They have an opportunity to actually build the industry, organize it, and set it up for success for the protection of ALL OF US, rather than the rag tag, gatekeeping, dysfunction that it is now. True leaders leave a legacy that benefits generations.

Does CTEM integrate EDR and MDR solutions in its framework?

File transfer systems like MoveIt will always have a place as long as two bloated megacorps need to exchange data. You can, above a certain size, have a department that does nothing BUT that. Smol boys can get away with AWS Secure File Transfer Service (there's a reason it's expensive). Big boys have to deal with SFTP, FTPS, god help you regular FTP, and a handful of other transfer protocols in various configurations and directions. MoveIt et al fill that gap. Migrate off MoveIt specifically? Sure. But telling companies to just not move data via multiple protocols their partners use with a tool that brings some sanity to the world is like telling someone to just not breath on a Tuesday.