Verizon's 2022 Data Breach Investigations Report (DBIR) is out, and Delinea is here to break down the highlights! Delinea CISO Stan Black and Cybersecurity Evangelist, Tony Goulding, discuss which findings are most surprising, actionable, and trending upward in this year's report. Get the experts' advice on how we all can develop smart, data-driven security solutions based on evolving threat actor behavior and incident analysis. Read all about it in Verizon's 2022 Data Breach Investigations Repo...
Jun 15, 2022•52 min•Ep. 56
Acclaimed cybersecurity power player Chloé Messdaghi is making big moves in her new role as Cybrary's Head of Impact. In this episode of the Cybrary podcast, she discusses commonsense approaches to minimizing bias and cultivating inclusivity in the security industry. How can organizations mitigate not only dynamic cyber risks, but also the revolving door of employee turnover? What can effective leaders do to prioritize the value of security teams and invest in their continued growth? Listen to C...
Jun 08, 2022•44 min
Jump-start your cybersecurity career for FREE with Cybrary ! Where can organizations find specialized candidates for millions of unfilled security jobs? How can the right approach to training help increase employee retention and close the notorious cybersecurity skills gap? Kevin Hanes, CEO of Cybrary, shares why investing in people is a vital part of reducing risk. Learn how you can effectively prioritize diversity in the hiring process and support the growth of people who value the continuous ...
Jun 01, 2022•46 min•Ep. 55
Jump-start your cybersecurity career for FREE with Cybrary ! How can purple teaming benefit your organization? When red teamers like Matt Mullins collaborate with blue teamers like Owen Dubiel, you know you'll get a thorough and cost-effective assessment of your security environment. Listen to Matt and Owen share their strategies for successful purple teaming design and implementation. Plus, hear about their new Cybrary course campaign where you'll learn real-world adversary techniques before en...
May 26, 2022•50 min
Jump-start your cybersecurity career for FREE with Cybrary ! How does the hacker of all trades, Fredrik Alexandersson (aka STÖK), take the time to learn new things, design sustainable fashion, and connect with a growing social media community? Hear how you can satisfy your curiosity with the ultimate work-life balance. Follow STÖK down the bug bounty career path that influenced his cybersecurity career journey and inspired his creative pursuits. Follow STÖK on all platforms! ~ Website ~ YouTube ...
May 18, 2022•58 min•Ep. 54
Ransomware attacks impacted 66% of organizations in 2021. As threat actor groups like FIN7 take advantage of expanded networks, security weaknesses, and human trust, it's more important than ever to keep up with their level of prowess. Cybrary's "enterprise defender," Owen Dubiel, and "chief thief," Matt Mullins, discuss how their cybersecurity work experiences informed their Ransomware for Financial Gain course series modeled after FIN7's techniques. Follow each part of their attack scenario th...
May 13, 2022•53 min
Just in time for World Password Day, this podcast episode is all about password cracking and the solutions to securing your secrets. Four-time DEF CON Black Badge winner and Chief Architect of IBM X-Force, Dustin Heywood, shares essential tips for easy password management. And if you're into ethical hacking, listen to Dustin's advice on which tools, hardware baselines, technique variations, and intellectual abilities will give you the advantage you need to start cracking. Follow Dustin on Social...
May 04, 2022•51 min•Ep. 53
Ready to get hands-on with Cybrary's ten bite-sized OWASP Top 10 courses? Legendary instructor and penetration tester, Clint Kehr, shares what you can expect in his scenario-based training courses that prepare you to exploit real-world web application vulnerabilities. Hear what's new in the 2021 OWASP Top Ten List, including category revisions, position ranking adjustments, and a whole lot of freshly-mapped CWEs. Plus, learn how Clint and the CyDefe team worked to bring you custom lab exercises ...
Apr 27, 2022•48 min
In a world where cybersecurity is no longer just an IT issue, it is more important than ever to assess the human, technical, and physical security aspects of any organization. Bringing responsible awareness to this triad, FC (aka Freaky Clown) and his team at Cygenta are reimagining the role of penetration testing in fostering sustainable cyber resilience. Hear the tricks that FC has learned on the job while (ethically!) robbing banks to identify physical security weaknesses, enhancing the compr...
Apr 20, 2022•48 min•Ep. 52
The Okta security breach has gained considerable attention since the company's public disclosure of the attack on March 22nd, 2022. As debates continue on the timeliness and effectiveness of the organization's response, we at Cybrary want to elevate the discourse on how to foster smart, sustainable, and empathetic approaches to cybersecurity risk management. On this episode of the Cybrary Podcast, listen to the thoughtful advice of Cybrary's CEO, Kevin Hanes, and Senior Director of Content, Will...
Apr 01, 2022•57 min
In this episode of 401 Access Denied, we're joined by Carlos Polop, security researcher and creator of Privilege Escalation Awesome Script Suite (PEASS). Seen recently with the Linux "Dirty Pipe" vulnerability exploitation, it's become critical to learn how attackers exploit privilege escalation flaws. Carlos shares how pen testers can use LinPEAS and WinPEAS to expose vulnerabilities in CTF environments. Additionally, learn how you can contribute to his research in the penetration testing commu...
Mar 24, 2022•50 min•Ep. 51
As cybersecurity teams seek to enhance their defenses in the wake of worldwide ransomware attacks and the spread of wiper malware in Ukraine, what predictions can we make about the evolution of global information wars? Acclaimed security leader and Field CISO at Presidio, Dan Lohrmann, discusses emerging trends in cyber insurance, cyber incident reporting, and incident response planning. Learn more about the potential impact of the Shields Up advisory published by the U.S. Cybersecurity and Infr...
Mar 23, 2022•46 min•Ep. 50
During unprecedented times when cyber and kinetic military actions coalesce, what can we learn about the evolving nature of warfare? Mike McLellan and Rafe Pilling join us from the Counter Threat Unit at Secureworks to discuss the latest cyberattacks in Ukraine. What is distinctive about these emergent types of wiper malware, and how can we better discern the objectives of threat actors? Get advice from the security research experts about how your organization can enhance defenses and incident r...
Mar 16, 2022•44 min
In just the first half of 2021, the financial industry saw a 1,318% in ransomware attacks. How can knowledge of ransomware gangs' encryption strategies help employees at every level of an organization to develop stronger incident response plans? Paula Januszkiewicz, acclaimed security leader, pen tester, and CQURE CEO, offers practical guidance on inclusive approaches to security awareness training. As the threat landscape evolves alongside new technological innovations, questions emerge about h...
Mar 09, 2022•55 min•Ep. 49
Come on over to the dark side with Matt Mullins, the red teamer and penetration tester who is here to help you think like an adversary. Cybrary Course Manager Jenn Barnabee talks with Matt about his Cybrary courses that teach you how to exploit and mitigate the latest critical vulnerabilities, including Log4j, HiveNightmare, and more. Considering a path forward in offensive security? Then you'll love hearing about how Matt's career aspirations evolved from Buddhism studies to the "Help Desk Farm...
Mar 02, 2022•26 min
How can we improve the security of life-saving medical, communications, and transportation devices? What hands-on skills do we need in order to design more trustworthy hardware? In this episode of 401 Access Denied, InfoSec veterans Beau Woods and Paulino Calderon discuss key tips from their informative book, "Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things." If you enjoy working with your hands and breaking things, then you'll want to hear Beau and Paulino's tips...
Feb 23, 2022•56 min•Ep. 48
Ready to defend your organization against the widespread PolicyKit vulnerability that experts are comparing to the Log4j flaw? In this episode of the Cybrary Podcast, Raymond Evans, CEO of CyDefe Labs, discusses his latest Cybrary course on Polkit CVE-2021-4034. By exploiting this flaw, just how easy is it to gain root access on a target system? What can we learn from this vulnerability about the value of penetration testers and open-source software? Find out in this podcast and in Ray's course!...
Feb 16, 2022•38 min
Whether you’re new to cybersecurity or a longtime security professional, one of your best opportunities to network is at conferences. In this fun-filled episode of 401 Access Denied, seasoned conference-goers, Joe Carson and HillBilly Hit Squad’s vCISO (aka “Chief Geek”), Chris Roberts, share their insights on how to make the most of networking events. What clothes should you pack? How can you best plan your daily schedule so that you maximize productivity and have time to socialize? And, most i...
Feb 09, 2022•51 min•Ep. 47
The next revolution in quantum computing and technologies is happening now, but how exactly will these growing innovations affect our lives? Dr. Maksym Sich, CEO of the groundbreaking quantum photonics startup, Aegiq, discusses how quantum will impact our medical, communications, and financial industries. Addressing the myth that quantum computing will break all our encryption keys, Maksym elaborates on quantum communications, post-quantum cryptography, and efforts to develop sustainable solutio...
Feb 02, 2022•51 min
Everyone is talking about malware these days, but what new developments and trends are we seeing in malware attacks? This week’s featured guest is Shyam Sundar Ramaswami—Senior Research Scientist at Cisco by day, and the Batman of Hacking by night. So how does cybersecurity’s Bruce Wayne propose that we strengthen our incident response plans against emerging malware threats? What’s really happening when we click that inconspicuous link in the “Delivery Address Confirmation Needed” email? Find ou...
Jan 26, 2022•57 min•Ep. 46
How did Cybrary instructor Corey Holzer go from being the IT help desk person for the World Wrestling Federation to becoming a PhD-holding Information Security Manager? In this episode of the Cybrary podcast, please enjoy Corey’s fascinating stories of nearly colliding with the Undertaker, losing his internet connection during the CRISC exam, and developing essential problem-solving skills as a cybersecurity professional. Get a behind-the-scenes look at Corey’s newest course, Linux Hardening—out...
Jan 19, 2022•44 min
The 2007 cyberattacks on Estonia culminated into a watershed moment in global cybersecurity awareness. Jaak Tarien, Director of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia, discusses the geopolitical concerns of cybercrime. Ransomware attacks can have a significant economic impact, but how are cybercrime operations also indicative of a breach of sovereignty? To best approach this question, Jaak emphasizes the importance of the CCDCOE's legal scholarship, ...
Jan 12, 2022•41 min•Ep. 45
2021 has been quite a year for all of us, but what have we accomplished and learned in the cybersecurity field? We have certainly had to adjust to a global remote work culture and step up our security strategies to take on new challenges involving more specialized cybercrime. Art Gilliland, CEO of ThycoticCentrify, joins our host, Joseph Carson, to reflect on key lessons learned and predictions for 2022. Will Zero Trust become a security norm like Defense in Depth? How could governments get more...
Dec 29, 2021•55 min•Ep. 44
Welcome back to the Cybrary Podcast, and happy holidays! Whether you are celebrating with family and friends, or simply enjoy the spirit of the season, we hope you are able to take some time off from work and school to celebrate what matters most to you. As 2021 comes to a close and we look back at all we accomplished this year, despite the circumstances, we raise a glass to you and cheers for making it this far. Thank you for joining us each week to learn something new and continuing to share t...
Dec 22, 2021•2 min
Could online gaming be the key to bridging the cybersecurity skills gap? Is enumeration more than a scanner's sport? Ian Austin, Head of Content Innovation at Hack The Box, tackles these questions as he explains why cybersecurity training should be less about checking the boxes and more about thinking outside the box. Hear Ian's thoughts on the global reach of gamified security education and the significance of "purple-minded" cybersecurity initiatives that bring red and blue teams together. Con...
Dec 15, 2021•41 min•Ep. 43
Ready to make a career transition from the military to IT? How can veterans effectively communicate transferrable skills that stand out in the competitive cybersecurity industry? Cybrary Insider Pro Community Manager, Tim Ramirez, shares how he started a new career path after serving 12 years in the U.S. Air Force. Learn about how he began a 3-year IT master's program with no IT experience, managed his expectations on the job market, and finally passed the CISSP exam. Don't forget to rate, revie...
Dec 08, 2021•41 min
When it comes to incident response, “Your plan is worthless, but your planning is priceless.” These wise words from JC Vega, CISO at Devo, highlight the critical difference between having an incident response plan and being incident response ready. In this episode of the 401 podcast, JC explains how unpredictable, engaging simulations can be a game-changer in building an organization’s resilience against critical cyberattacks like ransomware. Find out how your simulation-based training can effec...
Dec 01, 2021•47 min•Ep. 42
What does it take to be a cyber threat intelligence analyst? How can cyber threat intelligence or CTI training be applied in real-world strategic defense planning and risk management assessment? Cybrary Course Manager Jennifer Barnabee returns to the Cybrary Podcast with two guests from MITRE to discuss the value of CTI teams and their research. Jackie Lasky, Senior Cybersecurity Engineer, and Amy Robertson, Cyber Operations Lead, break down the ways that cyber threat intelligence is used to pro...
Nov 24, 2021•26 min
If the security industry is booming, what does this mean for the state of cybersecurity and for humanity at large? Information security leader and content creator, Quentyn Taylor, breaks down the flaws in heavily reactive security and “cybersecurity first” approaches that minimize the human-centered elements of risk management. From IoT-enabled smart locks to RFID credit cards, Quentyn assesses the value and risks behind popular security products. Follow Quentyn's advice to make your organizatio...
Nov 17, 2021•50 min•Ep. 41
How can you build smarter cyber defense strategies that reduce your organization's risk against the threats you care about most? Let the subject-matter experts at MITRE teach you how to disrupt the adversary by employing a threat-informed defense approach. In this episode of the Cybrary Podcast, Cybrary Course Manager, Jennifer Barnabee, hosts a virtual roundtable with special guests from the MITRE Engenuity team, including Frank Duff, Steve Luke, and Richard Struse. With the help of MITRE’s fre...
Nov 10, 2021•37 min
