Security Weekly
Leadership

Twerking Santa – PSW #631

View Show Index

Full Audio

Segments

1. Blue Team Tactics and Techniques – PSW #631

Guests

Bill Swearingen
Bill Swearingen
Sr Cyber Strategist at IronNet Cybersecurity

Bill has devoted his career to protecting critical infrastructure and Fortune100 companies from advanced cyber threats. He brings direct experience with being on the front lines, and an in-depth understanding of the challenges our customers are faced with — and what problems they are wanting to solve. Bill has a proven track record of creating, developing, and managing strong technical teams needed to provide Incident Response, Digital Forensics, Vulnerability Assessment, Penetration Testing, and Policy enforcement for large (Fortune 150) corporations such as CenturyLink and Sprint.

Chris Kubecka
Chris Kubecka
CEO at Hypasec

Chris CEO of HypaSec. Previously, Chris headed the Information Protection Group, NOC, SOC and joint-international intelligence team for the Aramco family. Helping to recover Aramco from a nation-state attack, implementing digital security and reconnecting international business operations. Responsible for all digital IT and ICS assets throughout the EMEA region (minus KSA) and Latin America. Subsequently, establishing and assisting global digital security teams, standards, security-driven legal contracts for secure software development with third parties, the Aramco EU/UK Privacy group with internal and external counsel and computer emergency response teams. Chris has practical and strategic hands-on experience in several cyber warfare incidents. USAF Space Command, detecting and helping to halt the July 2009 Second Wave attacks from the DPKR against South Korea and helping to recover and re-establish international business operations after the world’s most devastating cyber warfare attack, Shamoon in 2012. Expert advisor and panelist for several governments and parliaments.

Jason Neester
Jason Neester
CISO at A company in the financial sector

Jason has been in the IT industry since the late ’90s and has worked in manufacturing, government, retail, and finance verticals in every IT-related job role imaginable. He is passionate about defending organizations and greatly enjoys creative, unique solutions to complex problems. His favorite past time is trolling the red team and driving them to profanity.

Jim Nitterauer
Jim Nitterauer
Senior Security Engineer at Zix - AppRiver

Currently a Senior Security Engineer at AppRiver, LLC., a Zix company, his team is responsible for global network deployments and manages the SecureSurf global DNS infrastructure and SecureTide global spam and virus filtering infrastructure as well as all internal applications. Jim works directly with the CISO helping to bring the Zix compliance standards to AppRiver’s services. He holds the CISSP and CISM certifications in addition to a Bachelor of Science degree with a major in biology from Ursinus College and a Master of Science degree with a major in microbiology from the University of Alabama.

Michael Gough
Michael Gough
Malware Archaeologist at NCC Group

Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is a primary contributor to the Open Source project ARTHIR. Michael is also co-developer of LOG-MD, a free tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael also is co-host of the “Brakeing Down Incident Response” BDIR Podcast to education on Incident Response daily tasks. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons.

Ron Gula
Ron Gula
President at Gula Tech Adventures

Ron is President at Gula Tech Adventures which focuses on cyber technology, cyber policy and recruiting more people to the cyber workforce. Since 2017, GTA has invested in dozens of cyber start-ups and funds and supported multiple cyber nonprofits and projects. From 2002 to 2016, Ron was the co-founder and CEO of Tenable Network Security. He helped grow the company to 20,000 customers, raise $300m in venture capital and grow revenues to $100m, setting up the company for an IPO in 2018. Prior to Tenable, Ron was a cyber industry pioneer and developed one of the first commercial network intrusion detection systems called Dragon, ran risk mitigation for the first cloud company, was deploying network honeypots in the mid 90s for the DOD and was a penetration tester for the NSA and got to participate in some of the nation’s first cyber exercises. Ron is involved in a variety of cyber nonprofits and think tanks including Defending Digital Campaigns, the Center for Internet Security, the National Security Institute and the Wilson Center. In 2020, Ron was honored to receive the Northern Virginia Technology Council Cyber Investor of the Year award and the Baltimore Business Journal Power 10 CEO award.

Trent Lo
Trent Lo
Co-Founder & Security Professional at SecKC

Trent is a seasoned security professional with a distinguished career defending a Tier 1 Network from skillful adversaries. His versatile background in both offense and defense has helped him architect visionary security solutions that are deployed within numerous Fortune 500 Companies. He is an established Security Researcher who has reported vulnerabilities in organizations like Microsoft, Google and Southwest Airlines. He is also the creator of ‘OvRfLoW’ (Microsoft Flow Attack Framework). Trent is a key contributor to Government Cyber Exercises like Cyber Shield and Cyber Storm. He has also built relationships on Threat Intelligence Sharing by speaking at the Network Security Information Exchanges (NSIE,) National Defense Information Sharing and Analysis Center (ND-ISAC) and Multilateral Network Security Information Exchanges (MNSIE.) Trent has worked with industry partners and government agencies to dismantle botnets like “3ve” and “themoon”.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
April Wright
April Wright
Preventative Security Specialist at Architect Security
Doug White
Doug White
Professor at Roger Williams University
Larry Pesce
Larry Pesce
Product Security Research and Analysis Director at Finite State
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Matt Alderman
Matt Alderman
VP, Product at Living Security
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. The State of Penetration Testing – PSW #631

Guests

Christopher Hadnagy
Christopher Hadnagy
Chief Human Hacker at Social-Engineer, LLC

Chris possesses more than 17 years of experience as a practitioner and researcher in the security field. The author of three (soon-to-be four) best-selling books, he also teaches three distinct international courses. Chris has trained various branches of the government, including the United States Special Operations Command and the Federal Bureau of Investigation. Additionally, Chris has debriefed dozens of general officers and government officials inside the Pentagon on social engineering and its effect on the United States.

David Kennedy
David Kennedy
CEO at TrustedSec

David Kennedy is founder of Binary Defense and TrustedSec. Both organizations focus on the betterment of the security industry. David also served as a board of director for the ISC2 organization. David was the former CSO for a Diebold Incorporated where he ran the entire INFOSEC program. David is a co-author of the book “Metasploit: The Penetration Testers Guide”, the creator of the Social-Engineer Toolkit (SET), Artillery, Unicorn, PenTesters Framework, and several popular open source tools. David has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. David is the co-host of the social-engineer podcast and on several additional podcasts. David has testified in front of Congress on two occasions on the security around government websites. David is one of the founding authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. David was the co-founder of DerbyCon, a large-scale conference started in Louisville, Kentucky. Prior to the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.

Ed Skoudis
Ed Skoudis
President of SANS Technology Institute, Director of Holiday Hack Challenge at SANS Institute & Counter Hack

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.

Joe Gray
Joe Gray
Senior Investigator & Founder/Principal Instructor at Spy Cloud & The OSINTion

Joe Gray, a veteran of the U.S. Navy Submarine Force, is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. By day, Joe is a Senior Investigator at SpyCloud in addition to being the Founder and Principal Instructor at The OSINTion.

As a member of the Password Inspection Agency, Joe has consistently performed well in Capture the Flag events, specifically those involving OSINT. Examples include 2nd Place in the HackFest Quebec Missing Persons CTF and Winning the TraceLabs OSINT Search Party during DEFCON 28 and DEFCON 29. Independently, Joe placed 4th in the DerbyCon OSINT CTF and 3rd in the National Child Protection Task Force Missing Persons CTF.

Joe has contributed material for a variety of platforms such as Forbes and Dark Reading in addition to his platforms. Joe has authored the OSINT tools DECEPTICON Bot and WikiLeaker in addition to the forthcoming book, Practical Social Engineering, due in late 2021 via NoStarch Press.

Tom Liston
Tom Liston
Lead Instructor at Dark Matter

Tom Liston is a Lead Cybersecurity Instructor at Dark Matter, a security consulting firm in the UAE. He is also a Handler for the SANS Institute’s Internet Storm Center and co-author of the book Counter Hack Reloaded. In the past, he worked as the Principal Information Security Architect for Warner Brothers and spent 10 years as a Senior Security Consultant with InGuardians, Inc. – performing high-end penetration tests against Fortune 500 companies.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies
Jeff Man
Jeff Man
Sr. InfoSec Consultant – Online Business Systems, Director DEI at Hak4kidz, Tribe of Hackers
Joff Thyer
Joff Thyer
Security Analyst at Black Hills Information Security
Larry Pesce
Larry Pesce
Product Security Research and Analysis Director at Finite State
Patrick Laverty
Patrick Laverty
Security Consultant at Rapid 7
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

3. Holiday Hack Challenge – PSW #631

Guest

Ed Skoudis
Ed Skoudis
President of SANS Technology Institute, Director of Holiday Hack Challenge at SANS Institute & Counter Hack

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Doug White
Doug White
Professor at Roger Williams University
Jeff Man
Jeff Man
Sr. InfoSec Consultant – Online Business Systems, Director DEI at Hak4kidz, Tribe of Hackers
Joff Thyer
Joff Thyer
Security Analyst at Black Hills Information Security
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Matt Alderman
Matt Alderman
VP, Product at Living Security
prestitial ad