In this episode, Perry sits down with award winning cybersecurity author, George Finney to discuss his recent book, Project Zero Trust . This is a broad discussion that hits on the concepts of Zero Trust, George's approach to writing the book, his passion for storytelling, and much more. Guest : George Finney ( LinkedIn ) ( Website ) Books and References: Project Zero Trust: A Story about a Strategy for Aligning Security and the Business , by George Finney Well Aware: Master the Nine Cybersecuri...
May 07, 2024•55 min•Season 5Ep. 5
In this episode Perry Carpenter sits down with Rachel Tobac to debrief after her recent KB4-CON session, "How I'd Hack You Live" where she... well... hacked Perry live. Perry and Rachel explore how age-old deception techniques are being revamped for the digital age. The discussion spans the future of social engineering, the increasing role of AI in security, and a few other fun bits. Guest : Rachel Tobac ( LinkedIn ) ( Twitter / X ) ( Website ) Books and References (Books are Amazon Associate Li...
Apr 09, 2024•34 min•Season 5Ep. 4
On this episode Perry sits down with Dr. Matthew Canham to explore ways in which AI can be weaponized against us, and how age old social engineering tactics can be used to trick large language models. Guest : Dr. Matthew Canham ( LinkedIn ) ( Website ) Books and References (Books are Amazon Associate Links and help support the show): Cognitive Security Institute YouTube Channel Cognitive Security Institute website YouTube video: BlackHat Presentation -- Me and My Evil Digital Twin: The Psycholog...
Mar 19, 2024•55 min•Season 5Ep. 3
On this episode Perry sits down with Jeremy Treadwell, a people-first technologist and futurist, to get the lowdown on how a futurist approaches the world. Guest : Jeremy Treadwell ( LinkedIn ) ( Twitter ) Books and References (Books are Amazon Associate Links and help support the show): YouTube Video: What UX/UI Taught Me about Improving Security Awareness [SANS Security Awareness Summit 2022] , Jeremy Treadwell YouTube Video: Reimagine the Future of Data, Privacy + Security with Technologist J...
Feb 27, 2024•40 min•Season 5Ep. 2
Welcome to season 5 of 8th Layer Insights! To celebrate Valentine's Day, Perry sits down with Emmy winning reporter Kerry Tomlinson to talk about the time she turned the tables on a romance scammer. Guest : Kerry Tomlinson ( LinkedIn ) ( Website ) ( YouTube ) Books and References: YouTube video: Inside a romance scam: how to make a catfisher sing YouTube video: Scammers are stealing people's faces for live video calls National Cybersecurity Alliance : Online Romance and Dating Scams National Cyb...
Feb 13, 2024•56 min•Season 5Ep. 1
On this episode, Perry celebrates the one year birthday of ChatGPT by taking a look at AI from technological, philosophical, and folkloric perspectives. We see how AI was formed based on human words and works, and how it can now shape the future of human legend and belief. Guests: Brandon Karpf, Vice President at N2K Networks ( LinkedIn ) ( Website ) Dr. Lynne S. McNeill, Associate Professor at Utah State University ( LinkedIn ) ( Twitter ) Dr. John Laudun, Professor at University of Louisiana a...
Nov 30, 2023•1 hr 6 min•Season 4Ep. 10
Let's face it. Most of us have a love/hate relationship with technology and technological advances. We dream about the new thing... but when it arrives, we are usually a little disappointed. Many of us also lament the constant erosion of privacy, the changes in social norms, and more. And, little-by-little, we allow those aspects of new technology to make us numb. We accept the cognitive dissonance of not totally being happy with the trade-offs; yet we still make the trade. In this episode, we e...
Oct 24, 2023•52 min
On today's show, Perry sits down with Rick Howard to discuss Rick's new book and the concept of "First Principles" as they apply in the domain of cybersecurity. Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, ...
Oct 10, 2023•41 min•Season 4Ep. 9
If you’ve been listening to this show for a while, you’ll know that we’ve touched on the topic of Open Source Intelligence (otherwise known as OSINT) several times. It is an area of information security that penetration testing that’s been getting quite a bit of attention over the past several years. When you think about the digital world we live in, where we have a proliferation of personal, organizational, and governmental data on the internet...and the simple fact that data likes to leak…we c...
Sep 26, 2023•34 min•Season 4Ep. 8
Listen in as Perry Carpenter & Dr. Jessica Barker present their joint session, " Conversational Security Awareness" at the SANS Managing Human Risk Summit. ... and stay tuned after the presentation for a quick conversation between Perry, Jessica, and Lance Spitzner (SANS) as they discuss themes from this year's event. Guests : Dr. Jessica Barker ( LinkedIn ) ( Twitter ) Jeremy Treadwell ( LinkedIn ) ( Twitter ) Lance Spitzner ( LinkedIn ) ( Twitter ) Additional Resources : Jessica Barker's g...
Sep 12, 2023•57 min•Season 4Ep. 7
On today's show, Perry sits down with Jayson E. Street to discuss his unique blend of social engineering, physical penetration testing, and security awareness. Jayson refers to this as being trained by a simulated adversary . At the heart of Jayson's method is intense boldness in his approach to social engineering and penetration testing coupled with an equally intense passion for helping his clients and their employees improve their overall security posture and mindsets. It's about education ra...
Aug 29, 2023•1 hr 6 min•Season 4Ep. 6
Hey all! I'm at BlackHat and Defcon this week. If you're there, track me down. I'd love to meet you! This week's episode is an encore of one of my favorites. My interview with James Linton (a.k.a. The Email Prankster). In 2017, James went on a virtual joyride exploiting the ways that people interact with emails. One of the most interesting things about James' story is that his exploits didn't rely on any type of highly technical method(s); they were simple display name deceptions. But that didn'...
Aug 08, 2023•1 hr 5 min
There has been a lot of buzz for the past few years about the benefits and importance of establishing security champions programs. These are groups of people in your organization who become vital, responsible, and proactive contributing evangelists to the security culture of your organization. I often refer to them as "culture carriers." And, while there is general agreement that these are good programs to have, establishing them is currently a bit of a dark art. On today's show, Perry sits down...
Jul 26, 2023•43 min•Season 4Ep. 5
On this episode, Perry sits down with Chad Peterson, Managing Director at NetSPI , to discuss the importance of penetration testing. We touch on aspects of social engineering, discussing complex security issues with Boards of Directors, the prevalence of Ransomware, and some of the unique challenges facing the healthcare industry. Guest: Chad Peterson ( LinkedIn ) ( Twitter ) Books & References (Books are Amazon Associate links) CISO Desk Reference Guide: A Practical Guide for CISOs by Bill ...
Jun 20, 2023•45 min•Season 4Ep. 4
On this episode, what cybersecurity professionals need to understand about how social signaling and incentives really work. Today's episode features a conversation with Uri Gneezy. In the field of cybersecurity, we are very interested in identifying proactive and positive ways to encourage the behavior we want. That's where Uri comes in. Uri is a well-known behavioral economist and professor of economics and strategy in the Rady School of Management at the University of California at San Diego. ...
Jun 06, 2023•46 min•Season 4Ep. 3
In this episode, Perry Carpenter sits down with renowned mentalist and skeptic, Banachek. Banachek (Steve Shaw) grew up with a fascination in magic and a frustration with psychic frauds. As a teenager, he contacted magician and skeptic, James “The Amazing” Randi and ended up working with Randi on a special initiative known as Project Alpha, which set out to expose a general lack of objectivity in parapsychology research. Banachek served as the director for the James Randi Educational Foundation’...
May 23, 2023•1 hr 11 min
This week's episode is a late Star Wars ("May the 4th Be With You") celebration. We check out a couple interesting articles about security-related lessons embedded in the Star Wars movies, and Perry sits down with Adam Shostack, author of the new book, Threats: What Every Engineer Should Learn From Star Wars to discuss threat modeling principles using Star Wars related examples. Guest : Adam Shostack ( LinkedIn ) ( Twitter ) ( Website ) Books & References (Books are Amazon Associate links) T...
May 09, 2023•48 min•Season 4Ep. 2
Welcome to season 4, episode 1 of 8th Layer Insights! On this episode, Perry speaks with Josiah Dykstra (Senior Fellow, Office of Innovation at the National Security Agency ) about the new book he co-authored with Eugene Spafford and Leigh Metcalf. The book is titled Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us , This topic coincides well with Perry's recent studies into folklore and urban legends for his other podcast, Digital Folklore . Guests : Josi...
Apr 25, 2023•46 min•Season 4Ep. 1
For the last episode of season 3, I thought we'd talk about something that's been in the news quite a lot recently: Authentication and Password Managers. As security professionals, we've decried the password for decades. Multifactor authentication (MFA) has started to gain popularity... but not without its own issues. Security leaders and tech teams may have once again hoped for a silver bullet, only to be disappointed to find out that crafty attackers can easily bypass MFA. We've also been tout...
Jan 24, 2023•1 hr 10 min•Season 3Ep. 10
Hey all! An announcement and something special! First, the announcement: Here's your chance to participate in the final episode of 8Li season 3. If you’ve got a question or comment that you’d like me to try to answer or respond to, leave a voice message at https://www.speakpipe.com/8Li . Frankly, that would make it more engaging than if I just read your questions. But, if you aren’t able to record a message or don’t want your voice on the show, then you can email me your questions at perry@8thLa...
Jan 10, 2023•14 min
On this episode, Perry speaks with Chris Cochran and Ron Eddings . Chris and Ron started the Hacker Valley Studio Podcast back in June of 2019 with the goal of exploring the human condition to inspire peak performance in cybersecurity. The podcast is about Chris and Ron’s quest to find inspirational stories and knowledge to elevate themselves and their communities. That podcast eventually kicked off a journey that led them to create their own podcast network ( Hacker Valley Media ), foster commu...
Dec 27, 2022•45 min•Season 3Ep. 9
On this episode, Perry sits down with Marta L. Tellado , President and CEO at Consumer Reports , to discuss the digital moment we are in and what that means for consumers and the marketplace: the risks, dangers, traps… and also the places and paths that can lead to progress. They also discuss Marta's new book, Buyer Aware: Harnessing Our Consumer Power for a Safe, Fair, and Transparent Marketplace . Guest: Marta L. Tellado ( LinkedIn ) ( Twitter ) ( Website ) Books and References: Fighting For a...
Dec 13, 2022•49 min•Season 2Ep. 8
Get ready for those 'fun' holiday dinner conversations with friends and family. You know the ones... In the spirit of the holidays, I thought we'd revisit Season 1, Episode 2. This is an episode about the battle for truth. As disinformation, misinformation, malinformation, and conspiracy theories seem to be hitting epidemic levels, how can we help each other determine what is real and what is fake? How can we help people who are falling down conspiracy rabbit holes? And what roles do technology ...
Nov 29, 2022•1 hr 3 min
There is something about a good spy story that seems to really resonate with people in the cybersecurity world. We love watching the moves and the counter moves, and the sneaking around, and the social engineering, and hacking, and all of the gadgets and toys, and car chases, and fights and double crosses and triple crosses. Yeah, you get the point. But how much of that is real and how much can be chalked up to an author's creative license? And what's life and work like for real people in the in...
Nov 15, 2022•50 min•Season 3Ep. 7
For this week, we are revisiting a previous episode that first aired as Season 1 Episode 10. In this episode, we discuss the concept of security culture -- specifically, the difficulty that security leaders have in defining what a security culture actually is. Luckily, we can draw on learnings from organizational culture management and culture transformation experts. Guests for this episode include, David Sturt, Executive Vice President of the O.C. Tanner Institute , author of Great Work: How to...
Nov 01, 2022•1 hr 8 min
On this episode, Perry sits down with Jenny Radcliffe (a.k.a. The People Hacker ). Jenny is a well-known speaker, podcaster, professional social engineer, and physical penetration tester… in other words, she’s a social engineer who specializes not only in tricking people into doing things they shouldn’t do… but she also specializes getting into places she shouldn’t be and finding things she shouldn’t be able to find. Her job is to embody the criminal mindset and use the skills of a criminal to f...
Oct 18, 2022•34 min•Season 3Ep. 6
Over the past few years, there's been a lot of talk about the value of understanding Open Source Intelligence (OSINT). But, even with so much talk, relatively few cybersecurity professionals have had the time to take a deep dive into the topic. In this episode, Perry sits down with social engineer, OSINT investigator, and member of the OSINT Curious project , Christina Lekati to get an overview of the value of OSINT as well as some basic techniques. After that, we hear from Chris Kirsch (co-foun...
Oct 04, 2022•45 min•Season 3Ep. 5
In this episode, Perry talks about the value of storytelling and provides 7 tips for anyone who faces the fear associated with staring at a blank screen, wondering how they can begin to create fresh content. This is adapted from a presentation Perry recently gave at the 2022 SANS Security Awareness Summit . Books & Resources: Overview of "The Iron Triangle" Visual Summary of Perry's SANS Security Awareness Summit presentation YouTube Video: You are not a storyteller - Stefan Sagmeister @ FIT...
Sep 20, 2022•43 min•Season 3Ep. 4
In this episode, Perry sits down with Mikko Hyppönen for a wide ranging discussion about the history, current state, and future of cybersecurity. We also discuss Mikko's new book, the title of which is derived from Hyppönen's Law: If It's Smart, It's Vulnerable . Guest: Mikko Hyppönen ( LinkedIn ) ( Twitter ) ( Web ) Books & Resources: If It's Smart, It's Vulnerable , by Mikko Hyppönen Mikko's TED Talks Daemon , by Daniel Suarez Internet of Things and data placement , by Dell Technologies Tr...
Sep 06, 2022•47 min•Season 3Ep. 3
This is a follow-up to Season 2, episode 4 – Bridging the Cyber Skills Gap . Many listeners contacted me saying that they loved the episode, but wished that I’d put more focus on people trying to find a career in cybersecurity later in life. So, consider this episode a Bridging the Cyber Skills Gap Part 2 . We’ll hear the stories of several people who’ve come to cybersecurity a bit later in life. This episode features interviews with Alethe Denis, Tracy Z. Maleeff (a.k.a. InfoSec Sherpa), Philli...
Aug 23, 2022•44 min•Season 3Ep. 2
