Discussion with AlgoSec around ransomware based off of the Extrahop Cyber Confidence Index 2022 . I cover numerous questions about what organizations are doing today and what they should change to improve cyber defenses. The crux of this study shows the cognitive dissonance of cyber security leaders and IT decision makers. They believe one thing whereas the evidence completely contradicts what they say. Visit this link to learn more about Network Security in Cloud, Cloud Application Networks, an...
Nov 09, 2022•29 min•Transcript available on Metacast In this episode I discuss cyber-attacks in the Summer of 2022. I’ll review who was attacked, its impact, and the aftermath. While I would love to go into the technical details about the attacks, that data becomes harder and harder to find with each breach and news release. Victims are tight lipped and apparently being told more and more to not share technical details. We know that both China and Russia have increased cyber-attacks due to global tension in Taiwan (Chinese Taipei) and Ukraine. I a...
Sep 21, 2022•16 min•Transcript available on Metacast This episode covers online tools and lab environments that cyber security students and early professionals can use to learn and increase technical skills. While these environments are usually meant for those that want to get very deep with the technical side of cyber security, non-technical folks can certainly use these as well. The tools/trainings go as deep as the user wants. I also go over building a lab at home using Virtual Box or VMWare. I also provide insight and recommendations for build...
Sep 14, 2022•18 min•Transcript available on Metacast In this episode I spend 30-minutes talking with Adrianus Warmenhoven, Defensive Strategist at Nordvpn. We dove into virtual private networks (VPN) and networking. Hear how VPN's work, when to use them and why. We discuss real-world examples and talk security stories as well as some cyber security history. Send comments, questions, and episode ideas to: cybergreybeard@gmail.com NordVPN RFC1918 Tim Berners-Lee OSINT Tools – Open-Source Intelligence Tooling For those interested in supporting J...
Sep 07, 2022•31 min•Transcript available on Metacast Here I talk about different avenues within cyber security. We use terms such as red team, blue team, and purple team when discussing offense, defense, and a merger of the two. I’ll go over different technologies, teams that cover each of these areas and jobs that involve each team. We have these teams and terms due to the size and complexity of the overall cyber security profession. This episode provides a lot of insight on technologies and jobs to help listeners better focus on their cyber secu...
Aug 31, 2022•25 min•Transcript available on Metacast This episodes has me talking about how employees can get enhanced benefits from their employer. Most people figure salary is the only thing that matters from when it comes to the benefits of working. This is a major mistake. Healthcare alone can potentially bring thousands of dollars per year in additional compensation and companies vary greatly in this area. 401(k) programs have the potential of financially beating healthcare benefits depending on your salary, contribution, and company match pr...
Aug 24, 2022•26 min•Transcript available on Metacast Conversation with Perry Carpenter, C | CISO, MSIA, who currently serves as chief evangelist and strategy officer for KnowBe4, the world’s most popular security awareness and simulated phishing platform. Perry and I talked about the history of KnowBe4, his journey in cyber security, what students and early professionals can study to succeed in social engineering among other topics. Perry talks about his background and how he took his Arts and Science education to become an extremely successful cy...
Aug 17, 2022•31 min•Transcript available on Metacast Podcast sponsored by AlgoSec where I discuss how applications impact network and security engineers. This was a 1:1 conversation between me as an SME with a marketing leader at AlgoSec. You can find the full video interview here . This topic provides detail on challenges experienced by network and security engineers related to applications and application security. We talk about a business focus and the need for network and security engineers to know and focus on more than packets and protocols....
Aug 10, 2022•20 min•Transcript available on Metacast In this episode, I discuss the detail and complexity inherent with software solutions including specific jobs that relate to cyber security applications. Many of us tend to think that software is only skin deep. In reality, applications go from involved to intricate to MASSIVELY COMPLEX. Too often I’ve engaged with projects where I figure, oh, it’s a software program, no big deal. Then I get surprised by the depth, detail, and breadth of the product. Listen in and hear about all of the jobs tied...
Aug 03, 2022•19 min•Transcript available on Metacast In this episode I step away from my normal monologue style to interview a renowned guest, W. Curtis Preston . Curtis, the Chief Technical Evangalist at Druva, is also known as Mr. Backup. Curtis runs his own website, Backup Central dot com with his own Podcast called Restore It All. He also participates in the No Hardware Required Podcast for Druva. Curtis and I discuss the relationship between backups and cyber security. He also shares his professional journey and offers advice to students and ...
Jul 27, 2022•28 min•Transcript available on Metacast This episode goes into great detail about a timeshare scam that directly targeted me. I tell the story along with detailed steps the con artists took to try and make me their victim. I provide steps taken to PROVE they were liars and thieves. I conclude with 12 critical steps everyone should implement that will protect them from online scams. We are all at risk to con artists through phone, text, and email. Knowledge is power and this episode empowers my listeners with critical data required to ...
Jul 20, 2022•18 min•Transcript available on Metacast In this episode I discuss how to start a new cyber security job. I talk about emotions associated with starting over, fear, stress, anxiety, excitement, and joy, among others. I touch on topics around people, processes and technology at the company. This episode discusses change and how to deal with it. Starting a new job happens to nearly every employee and it is important to know you are not alone and that the challenges with starting over are universal. Herein I discuss what to focus on, what...
Jul 13, 2022•21 min•Transcript available on Metacast Brief introduction to Season 4 - July 2022-Sept 2022 and then the full session I presented at for the MSS Forum in Phoenix on May 12, 2022. The topic covers today's cyber security networking challenges. I offer recommendations for solutions and provide advice on where security professionals can focus. If you want a copy of the deck I used, send an email to cybergreybeard@gmail.com. Please donate to my Cyber Security mentee , Josh Gbemisola The Cuckoo's Egg The Phoenix Project IBM Cost ...
Jun 15, 2022•33 min•Transcript available on Metacast Many people are threatened with losing their jobs or violating their conscience. This episode talks about how you are not alone. I talk about standing up for what you believe in. Swim upstream if that's for you. Do not "go along to get along" if that does not comport with your values. Stand up. Be strong. Leave your employer if they force you to violate your beliefs. Do not feel the need to justify yourself. An employer is an employer, nothing more. There are firms out there that ...
Nov 18, 2021•11 min•Transcript available on Metacast Fireside chat with Garrettson Blight, Principal at Booz Allen Hamilton led by Kate Rodgers, Director of Brand at Infosec virtually on October 19, 2021. We discussed learning and development opportunities in our organizations and how important it is for employees. Salary is only a single benefit to employment. Learning and development along with healthcare comes in second for many professionals. We discuss how employees can take advantage of training in the workplace. "We need to appeal to t...
Nov 10, 2021•36 min•Transcript available on Metacast In this episode I talk about high profile cyber-attacks in the Spring and Summer of 2021. I’ll review who was attacked, what the attack involved, it’s impact, the aftermath, and how it affected the economy. Sign up for NewsBits from SANS at https://www.sans.org/newsletters/newsbites/ Review Security Intelligence periodically: https://securityintelligence.com/ Security Magazine offers solid content: https://www.securitymagazine.com/ Executive Order 14208: https://www.cisa.gov/executive-order-impr...
Oct 06, 2021•21 min•Transcript available on Metacast In this episode I talk about incident response plans, what they are, why they are important and how to create one. NIST, the National Institute of Standards and Technology has a fabulous document entitled Computer Security Incident Handling Guide, Special Publication 800-61 Rev. 2. This document prescribes key data for incident response plans. In this episode I’ll review key components of this document and how and why these components play a key role in cyber security incident response planning....
Sep 29, 2021•22 min•Transcript available on Metacast In this episode I talk about real situations I’ve experienced. I won’t name companies, only industry and relative geography so as not to expose any entities. Some of these are more egregious than others, all are good learning experiences, for early as well as experienced professionals. Many look to join Cyber Security and wonder what it’s really like out there, these tales should provide some insight to that curiosity. I encourage each of you to think of solutions to these problems. While I give...
Sep 22, 2021•23 min•Transcript available on Metacast While this podcast focuses on cyber security professionals, this episode provides general and wide-ranging interviewing and presentation tips. The discussion goes into detail about how and why we communicate and then provides examples and performance tips. Later there are examples, and recommendations for how to interview, present, and speak publicly overall. I give suggested questions to ask interviewers and provide information on delivering more engaging and successful presentations. I also gi...
Sep 15, 2021•25 min•Transcript available on Metacast Audio recording of session at MSS Forum LA on June 30th, 2021. Group discussion lead by Phelim Rowe of CTG Intelligence. We review the top "post holder" and go into depth around who has responsibility for cyber security in an organization. I was pleased to join Richard Staynings, Shawn Kohrman, Ashwin Krishnan, and Louis Arul-Doss on this round table discussion. You can watch the Zoom recording on YouTube at https://www.youtube.com/watch?v=uvvqbOMiTmE Look out for an MSS Forum in your ...
Sep 08, 2021•40 min•Transcript available on Metacast In this special episode I'm sharing a real-world conversation I had with an early professional at my company. This individual worked for a couple of years in the healthcare field as an administrator and then moved to an extremely large company. He reached out wanting to know what to study and how and where to steer his career. Listen to this real life conversation and understand a direction and path to take in the cyber security field. I'm posting this special episode to help all of my...
Sep 01, 2021•35 min•Transcript available on Metacast Discussion on cyber security certifications. Which make sense. Where to focus. How to proceed. I cover certifications from GIAC, ISC2, ISACA, EC-Council, Amazon, Microsoft, Google, CompTIA, and others. This episode discusses areas to find training and recommendations before taking certification exams. These are recommendations only and based on my opinion and experiences. Please do research before investing in any certification or training course. ISC2: https://www.isc2.org/ ISACA: https://www.i...
Aug 25, 2021•25 min•Transcript available on Metacast Book reviews of four cyber security books published between 2019-2020. Dark Mirror: Edward Snowden and the American Surveillance State by Barton Gellman 2020, The Hacker and The State by Ben Buchanan, 2020, Sandworm by Andy Greenberg, 2019 and The Coming Cyber War by Marc Crudgington, 2020. These books provide great insight to where we are in the cyber security profession. They discuss history, technology, and attacks. Cyber security professionals need to understand the threat landscape. These b...
Aug 18, 2021•22 min•Transcript available on Metacast Financial guidance based on my 30 years’ experience, economic degree, financial education, and wonderful direction from my father, a 40+ year professional financial advisor. I veer away from my standard cyber security talks in this episode to help students and early professionals learn, grow, and advance their financial well being. I see a critical need for, and interest in, financial advice and take time herein to help my listeners. Note these are my opinions and recommendations only. I am not ...
Aug 11, 2021•23 min•Transcript available on Metacast Advice and examples on how to own your career. While I focus on cyber security, these tips are valid for any profession. I give examples of my past as well as situations friends have experienced over the years. My advice includes tips such as be strong, be proud, track what you do, toot you own horn, and many more. This is a talk going back to the roots of this Podcast, helping cyber security students and early professionals learn, grow, and advance. Send questions, comments, or thoughts to cybe...
Aug 04, 2021•17 min•Transcript available on Metacast What jobs are out there, what jobs interest you and/or fit best with your desires, abilities, and preferences. I talk about eight (8) practices, over a dozen jobs, and 12 markets/industries, for listeners to learn about. This talk came out of a 1:1 I had with an early professional at my company and I believe many listeners can benefit from this conversation. Where do you want to take your cyber security career? What's out there? How do you find it? What should you do? Reach out with questio...
Jul 28, 2021•28 min•Transcript available on Metacast Herein I talk about where I've been for the past 8 months, what's been going on, and what this season entails. I go over 7 specific topics I will cover and ask the audience for input on guest speakers and other topics. This is an exciting talk about the future and what to expect upcoming from Cyber Security Grey Beard. Support the show
Jul 21, 2021•15 min•Transcript available on Metacast How are businesses, with focus on managed security service providers, dealing with remote working in a distributed work environment? This recording comes from a half hour panel discussion on this topic. Session from Third Annual MSS Forum Denver put on by CTG Intelligence and sponsored by KnowBe4, Hackdefnet, Fishtech Group and Stellar Cyber. Title: Understanding the Evolution of Third Party Security in a Remote Working and Distributed Business Environment Brad Rhodes, Head of Cyber Security, Zv...
Feb 17, 2021•28 min•Transcript available on Metacast Discussion around my professional journey with ties into what cyber security jobs exist for students and early professionals. I talk about specific jobs including network operations, security operations, forensic analysis and others. The class I spoke to was a Networking I class so I spend a bit of time discussing network technologies. I go over specific cyber security threats and attacks while tying them into the daily work of security professionals. Support the show...
Feb 03, 2021•48 min•Transcript available on Metacast 45 minute presentation delivered to the Long Island ISC2 chapter on October 20, 2020. I created this content for IIA/ISACA Chicago and launched for ISC2 as the content has wide appeal throughout the Cyber Security spectrum. This talk focuses on leadership and the need for engagement throughout organizations. We are, in many ways, the same in Cyber Security as we were 25+ years ago. Something has to change and this talk focuses on leadership engaging as a potential solution. The agenda covers: In...
Nov 25, 2020•48 min•Transcript available on Metacast 
