Episode 15 - Dr. Cody Buntain ”Humans are the weak link in cybersecurity - let’s do something about it!” #Cybersafety

This is a pretty big deal! After 3 years of studying, Larry is now a SOC Analyst for Joe's company, Patriot Consulting. Joe recently launched a service for medium sized organizations that monitors for security alerts.  In this episode, Larry shares his experience thus far and gives some tips for those just beginning the journey. 

In the final episode of this series, Joe and Larry discuss their new YouTube channel where all future episodes will be hosted. Please subscribe and follow us there! https://www.youtube.com/channel/UCJsqpIC4GSpNwIWTvbSt2rQ The advantage of moving to YouTube is that Joe will be able to share his computer screen with Larry to help him gain additional hands on training.  In this episode, Joe talks to former police officer Doug Roberts. Like Larry, Doug is currently working in Information Technology but seeking a full time position as a Security Operations Center (SOC) Analyst.  Doug has three college degrees including an associates degree in networking, a bachelor's degree, and a master's degree in Cybersecurity. Additionally, Doug has several cybersecurity certifications (Security+, CySA+, CSAP) and he is working towards the CISSP. Despite 6 years of IT experience, degrees and certifications, Doug has found it difficult to land his dream job in cybersecurity. Let's help him out!!  If you know a hiring manager or a company that may be hiring, Doug can be reached on LinkedIN (here).

Larry completes the "Certified Ethical Hacker" course and then Larry asks Joe about the new book he published "Securing Microsoft 365" available on Amazon https://www.amazon.com/Securing-Microsoft-365-Joe-Stocker/dp/1956630015/ref=sr_1_1?crid=1U874UDJKI0A3&keywords=securing+microsoft+365&qid=1653877474&sprefix=securing+micro%2Caps%2C125&sr=8-1

In this episode we discuss the 25th anniversary of the first DDoS (Distributed Denial of Service) and why this cybersecurity threat is a tricky one to solve.  00:00 to 2:00 Intro to Pankaj Gupta (@PankajOnCloud,CITRIX) Pankaj leads product and solutions marketing and go to market strategy for cloud, application delivery and security solutions at Citrix. He advises CIOs and business leaders for technology and business model transitions. In prior roles at Cisco, he led networking, cybersecurity and software solution marketing. 2:20 The 25th anniversary of the first Denial of Service attack against Panix, an Internet Service Provider (1996) (https://en.wikipedia.org/wiki/Denial-of-service_attack#Distributed_attack) 25 years later, the largest DDoS attack ever recorded targeted  Russian ISP Yandex (https://www.cpomagazine.com/cyber-security/russian-internet-giant-yandex-wards-off-the-largest-botnet-ddos-attack-in-history/). Pankaj notes how this was exactly 25 years later to the month. 3:15 What is a DDoS Attack? 1) Connection overload 2) Volumetric like ICMP flood 3) Application Layer  5:20 Coinminer as an example of Denial of Service when CPU is exhausted 6:00 Why are we still talking about DDoS 25 years later? Pankaj states that they are now easier than ever to perform.  7:00 Larry asks about the connection between ransomware and DDoS 9:00 Pankaj describes how the motivation for DDoS has shifted from hacktivism to financial motivation  9:30 Joe asks how much it costs for an attacker to operate  10:00 Pankaj explains that unskilled attackers with access to the Dark web can orchestrate attacks 11:45 Joe discusses how many attackers target healthcare despite how this hurts people 12:45 Pankaj discusses that while federal laws exist, very few are prosecuted for DDoS attacks. 13:50 Larry asks whether businesses are paying the ransom  14:15 Pankaj says paying the ransom is never recommended. Instead, Pankaj recommends investing in DDoS protection solutions 15:25 Joe asks whether tools exist to quantify costs for downtime to justify the expense of DDoS prevention solutions.  16:30 Pankaj explains how it is not just the economic impact of downtime that is to be factored into the equation but also the damage to reputation by losing customer’s trust.  17:30 Pankaj describes three trends that will cause DDoS attacks to increase in the future (things will get worse rather than better). This is due to increased bandwidth for 5G, exponential growth of IoT devices, and the improved computation power.  18:30 What is IoT? (Internet of Things). This is any device that has an internet connection such as a Nanny Camera, home router, or NEST Thermostat. Bad actors exploits vulnerabilities to transform these devices into a “BOT Network” that the attackers can then use in mass quantity against a single target. This forms the source for the DDoS attacks. All of these devices combined will send packets to the victim website.  20:50 What solutions exist for DDoS? Joe explains how he has solved DDoS historically using services from CloudFlare.  22:00 Joe explains how he configured DDoS protection by configuring DNS, and the weakness when attackers discover the direct IP using OSINT 23:15 Joe asks Pankaj how does Citrix compare with competitors  23:35 Pankaj describes four key criteria when selecting a DDoS solution. 1) The solution should protect against a variety of types of DDoS attacks 2) Can the solution scale? As DDoS attacks increase in size 20% Year over Year (it’s expected to be 3 terabits). 3) The advantage of a cloud-based solution is that it can auto-scale in bandwidth whereas an on-premises DDoS solution cannot guard against bandwidth saturation.  25:50 Joe asks Pankaj if Citrix uses its own data centers (does it have exposures if data centers like Google, Amazon or Microsoft). Pankaj describes the Citrix solution as having the scale to handle 12 terabits of scrubbing across multiple points of presence (pop).  29:00 Pankaj describes two types of DDoS solutions, Always-ON, or On-Demand.  If you are an e-commerce website then Always-on may make more sense even though it costs more than on-demand because every minute that you cannot sell your products will lose money.  31:00 DDoS attacks can be a diversion tactic to distract IT and SECOPS teams so that the attackers can perform other types of attacks such as financial fraud (Wire Fraud, SWIFT, etc) 32:40 Larry asks: What is the difference between a buffer overflow and DDoS? Pankaj explains that a buffer overflow could be used as a type of DDoS since it could impact the availability of the service. 34:00 Joe describes how DDoS strikes at the heart of one of the three components of the CIA Triad “Confidentiality, Integrity, and Availability.”  35:00 For businesses interested in learning more about Citrix solutions, Pankaj recommends using this contact form on the Citrix website: https://www.citrix.com/contact/form/inquiry/ 36:30 Joe asks what market is Citrix chasing: Small Business, Mid-Market or Enterprise? Pankaj responds that all businesses need DDoS protection, and how cloud-based solutions are easier to implement.  DISCLAIMER: Larry and Joe received no compensation in any form from anyone for our Podcast. This is a "hobby" podcast - we don't even have advertisements! 

In Episode 19, Joe introduces Larry to Terence Jackson, and they discuss their common faith in Jesus Christ, and how anyone who freely chooses can also become a Christian.  00:00 Larry announces that he is getting married in two weeks! Larry talks about his plans to take the CEH and CYSA Certifications 1:30 Joe introduces Larry to Terence Jackson, a former CISO from Thycotic. Terence was named top 10 CISO. 3:15 Terence has 26 technical certifications and is pursuing graduate studies from Albany Law School 5:30 Terence describes how he developed a friendship with the CEO of a company as they shared a common faith 6:00 Joe asks Terence about how faith in God 6:45 Terence describes his faith journey, from being the child of a Minister - growing up “at church” without being “in church” and the period of his life where he wandered away, to returning back to his faith in God 8:30 Joe says if we only talk about career accomplishments, it’s an incomplete picture of who we really are. Pastor Bobby Schuller from Shepherd's Grove Church (https://www.sgp.church/) developed this creed:  Try saying this out loud, and pause after each line: “I’m not what I do. I’m not what I have. I’m not what people say about me. I am the beloved of God. It’s who I am. No one can take it from me. I don’t have to hurry. I don’t have to worry. I can trust my Friend, Jesus, and share His love with the world.” Say that out loud - and note how you feel after saying it.    9:30 Joe describes what it means to have integrity 10:15 Joe describes how faith grounds us. 11:00 God loves you! 11:30 Terence says the secret to success is putting God first. Faith is like a muscle, you have to continue working on it and build it up. It’s important to have community. 12:40 God is Good! 1:00 Does faith without works result in automatic blessing or do you have to put effort into life to have success? 13:41 Proverbs 22:29 15:30 Terence shares how he has found fulfillment in Jesus Christ, and how it has helped him 15:54 Joe and Terence discuss how the death of Jesus Christ allowed for a personal relationship with God 22:40 How can faith help you with the desire to enter a career in cybersecurity 24:40 Terence worked his way up from the bottom (pulling cables and terminating wires) to becoming an executive at Microsoft 25:00 to 31:40 Joe and Terence bring the conversation back to Faith in God 31:40 Larry tries to bring the conversation back to Cybersecurity 33:30 Terence tells a story of hiring a math teach who had no background in cybersecurity, got certifications, Terence takes a chance hiring her, and she is now running cyber for a top 5 bank. 36:00 Terence describes what he looks for in job candidates: curiosity, self starter, and willingness to learn. Thirst. Drive. 37:00 Not all jobs in cybersecurity are hands-on-keyboard 40:00 Joe asks Terence about working for one of the top tech companies in the world 40:20 Your network is just as important as your skill set 41:00 What does Terence do in his day to day work? TL;DR - God Loves you and while cybersecurity is cool, Faith in God gives meaning to life, hope in the future, and is a sure foundation for when life doesn't go our way.  Why are these men so outspoken about their faith? Shouldn't they keep it quiet and to themselves? The Holy Bible says we should not be ashamed of having faith, because it is so cherished and important. The Apostle Paul wrote “For I am not ashamed of the gospel of Christ, for it is the power of God to salvation for everyone who believes, for the Jew first and also for the Greek.” Romans 1:16  Jesus said “Whoever is ashamed of me and my words, the Son of Man will be ashamed of them when he comes in his glory and in the glory of the Father and of the holy angels” Luke 9:26 To learn more about how to have a personal relationship with God, check out this website developed by the late evangelist Billy Graham https://peacewithgod.net/

Brett's Story.   Brett spent 24 years in prison, and was recently released. But how Brett spent his time will inspire you.  Take the time to listen to Brett and get to know how he invested his time wisely. He has a lot to teach us on so many levels. Brett took advantage of every education opportunity available, earned a bachelor's degree in Liberal Arts and taught himself to advanced math and physics, all without access to the Internet. But his life really changed when his friends invited him to the Last Mile program (www.TheLastMile.org). He wrote about his journey on his blog article here: The Crucible: Learning How to Code in Prison | by Brett Buskirk | Medium The Last Mile is a truly amazing program. It gives prisoners an opportunity to learn full stack programming in a simulated web environment. Brett excelled  and showed initiative during COVID when the program was suspended, he hand-wrote lesson plans that were distributed to multiple prisons that participated in the Last Mile program. Upon his release from prison, he was hired as an Instructor by Last Mile so he now gets to teach others.  Brett’s story reminds me of Kevin Mitnick. Upon being released from prison, Kevin started the company KnowBe4 which has become one of the fastest growing cybersecurity companies in history. I can say from personal experience that the majority of my corporate customers are now KnowBe4 customers. This is a great example of where as a society we have given returning citizens like Kevin, and now Brett a chance to bless all of us with their valuable skills they have to offer us. I firmly believe that Brett has a bright career ahead of him - and there are no limits to what Brett can achieve, because his mind is so incredibly sharp and he has gotten to know himself and his self worth. Brett has found joy and purpose in coding and now he is now gaining an interest in Cybersecurity, which is how he found out about this show - one day he searched "Cybersecurity" on Spotify and found our show! He reached out to Larry and we both immediately knew we wanted others to hear his incredible story. The world needs bright minds like Brett to help all of us, because we are in the middle of a cyber war, where dangerous nation state actors and cyber gangs are destroying American businesses. In my opinion, Congress should set aside a gazillion dollars to help prisoners find hope like what Brett has found.  Opportunities are all around us if we seek them with all our might - I believe God puts them there for us.   Highlights from the show: 6:55 Brett came to a belief of not accepting Limits of Learning.

Meshack Mortiz immigrated with his family from the Philippines when he was 13 years old. His family had plans for him to go to college and become a Nurse, or learn medicine through the US Air Force. But Meshack found a special camaraderie among the US Marine recruits that persuaded him to join the most elite fighting force on earth. Learn about his journey from being an Engineer Equipment Operator (MOS 1345) to becoming a SOC analyst for a top US Government space agency, and then his most recent transition to the private sector as an Incident Response Analyst. Meshack shares tips and tricks that helped him along each stage of the journey that began with the Microsoft Software and Systems Academy (MSSA) https://military.microsoft.com/programs/microsoft-software-systems-academy/ and how he prepared for his interviews, built a home lab, and sought out mentors. Timeline 00:00 Introduction to Meeshack, a heavy equipment operator in the United States Marine Corp   4:30 Meshack explains the mindset it requires to  have a successful career transition into Cybersecurity "You have to enjoy it."   5:30 Meshack explains how he prepared to get into cybersecurity, through certifications, in particular the Security+ exam.   8:00 Meshack shares how he got his first job in cybersecurity by using OSINT skills to research Social Media He looked at job postings to see what employers were looking for, then he worked backwards from there.   11:00 Meshack shares his elevator pitch that he used to get people to respond to him on LinkedIN. He got a great response rate!   14:00 Meshack shares his interview strategy: 50% likability and 50% technical skill   16:00 Meshack describes his first home lab setup involved a Raspberry Pi DNS Sinkhole  and pulled everything into the free edition of Splunk  Joe also had given him guidance on using host based IDS such as SNORT    19:30 Interview technique: explain what you have done in your home lab before they start asking you technical questions, especially when you have no prior job experience   31:34 Meeshack shares how his family immigrated to the United States when he was 13 and his family wanted him to become a nurse but he shocked them when he enlisted in the United States Marine Corp.   39:00 For those who want to get into Cybersecurity, Meshack recommends A+, Network+ then Security +.  He also recommends CompTIA Cybersecurity Analyst (CySA+)  For those who are already in Cyber SOC positions, Meshack recommends SANS GIAC Certified Incident Handler (GCIH) 

Larry and Joe speak with Duane Dunston, an Associate Professor of Cybersecurity at Champlain College https://www.champlain.edu/academics/our-faculty/dunston-duane Duane just celebrated 24 years in Cybersecurity. He is currently working towards his EdD in Education. Larry and I learned how incredible Duane is!  Among his many accomplishments, he volunteers as a security consultant with International Association of Human Traffickers and Investigators. He's working with Champlain students to develop technologies to facilitate the identification of trafficked victims.  Duane is currently  working on a cross-platform and mobile app to help identify victims of human trafficking. You can buy Duane a cup of coffee here: https://www.buymeacoffee.com/thedunston And  00:00 Larry and Joe listen to Duane's story of how he got into Cybersecurity, after growing up in a Group Home, he earned a college degree, and then got into tinkering with Log Analysis and worked his way through Graduate school as a janitor. He helped maintain the computers and shortly after became a Unix administrator. He didn't have an easy road, but he is perhaps the best example of what the Information Security community stands for. 4:50 Wireguard VPN and Duane's contribution with Nowire check out his NoWire Github repo here: https://github.com/thedunston/nowire 11:15 Is Internet Privacy Possible? 19:53 Duane’s presentation at GrimmCon:  “Cognitive Science Aproach To Teaching Cybersecurity Education” https://t.co/Owr38hXBVk?amp=1 20:15 Should Veterans spend their GI Bill on College Degrees or Certs to get their first job in Cyber? Duane recommends Security+ Certs and to supplement it with the TryHackMe platform. https://tryhackme.com/ It requires no home lab equipment so it helps those that have financial constraints. 22:30 Can someone go right into Pentesting? Duane says you must have a base level of understanding of Networking, Windows and Linux administration. 23:00 eLearnSecurity Junior Penetration Tester (eJPT) https://elearnsecurity.com/product/ejpt-certification/ 23:50 Duane discusses how the OSCP Cert from Offensive Security is more difficult for people who struggle with self learning. https://www.offensive-security.com/pwk-oscp/ 26:00 Duane explains why he does not subscribe to the fatalistic “everyone will be hacked” mindset, and how SolarWinds is the worst case scenario of a Supply Chain compromise. 30:50 Why it is so difficult to detect cobalt strike beacons 32:45 Duane says the fundamentals are necessary: anti-malware, anti-phishing, and application control (allow-listing). 34:00 Web Browser sandboxing with Application Guard https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview 35:15 Weakness of application control is when exclusions are set, malware an remain undetected when hiding in those exclusions 36:50 Host level detection is important because network traffic is encrypted in SSL 37:40 Philosophical Discussion on why Ransomware attacks are on the rise 39:00 Duane discusses his volunteer work with 1) using Augmented Reality to help train people in construction and 2) helping with the problem of human trafficking 44:35 Larry asks Duane a tough question: What is your driving motivation? You keep learning even after being in 24 years in Cybersecurity (Duane just got his MITRE Attack certification). Duane's Ted Talk can be viewed here: https://www.ted.com/talks/duane_dunston_the_answer_to_cybersecurity_threats_middle_high_schoolers  Duane spoke at The Diana Initiative​ 2021; a two-day conference to elevate, inspire, and support women/non-binaries of all races, cultures, and backgrounds through every stage of their information security career with education, collaboration, and resources. https://hopin.com/explore/speakers/IEfWTII6uHHgNc1ctq047ro2S  51:00 Duane looks to the future - helping improve training providers. He would like to consult with a think tank on cybersecurity education or technology education or education policy. He can be reached on twitter at @GnuGro 52:37 Duane weighs in on the recent Infosec Bikini Controversy on twitter.  Read more about the controversy here: https://www.infosecurity-magazine.com/news/infosec-community-bikini-pics/   

Dr. Cody Buntain (@codybuntain) is an Asst. prof in the Informatics Department at New Jersey Institute of Technology. He researches how people engage politically online, especially during disasters and times of social unrest, and how coordinating actors behave and information flows across multiple platforms.  He has a Postdoctoral Fellowship for the US Office of the Director of National Intelligence (2016-2018), and a former research scientist for Raytheon. Learn more about Dr. Buntain here: http://cody.bunta.in/ #crisis informatics #online political engagement #disinformation #information quality #real-time summarization #weak supervision #text mining #machine learning 1:45 Larry asks Dr. Buntain: How can a person get into cybersecurity when they don't have prior job experience?  "If you have a background in IT, then consider pursuing an undergrad degree in cybersecurity or a graduate degree' "if you have no background in IT, then start with a cybersecurity bootcamp to gain technical skills first."  3:00 to 10:00 Tough Cybersecurity Interview Questions  When you want to get into cybersecurity, it’s important to have a home lab where you can practice and then you can speak to that during an interview Difficult interview questions, like Elon Musk's favorite: "“You're standing on the surface of the earth. You walk one mile south, one mile west, and one mile north. You end up exactly where you started. Where are you?” 11:00 Why humans are still the weak link in cybersecurity 12:30 Cybersafety how do we help people be more secure users on the internet socioeconomic factors to cyber safety 16:20 Is there enough incentives for large private companies to secure against breaches, when insurance companies cover their losses, and breaches are not mandatory to disclose? 19:30 Tesla employee bribed with a million dollars to plant ransomware by a Russian https://www.wired.com/story/tesla-ransomware-insider-hack-attempt/ 21:00 Insider Risk 24:15 Discussion on Supply Chain Attacks- like Kaseya 27:00 The supply chain risk is not new - example from the cold war. Conclusion: It comes down to trust, which is a decision of weighing risks. 28:15 Is Nationalism inevitable to avoid supply chain compromise? 29:00 Dr. Buntain discusses the #1 problem in cybersecurity today: Phishing and Humans being the weak link. It's about persuading employees with the "why" not just the policy enforcement.

[Update 7/6/21: Daniel has accepted a job in cybersecurity! Congrats Daniel!!] Larry and Joe invite special guest Daniel Rose on the show to discuss his efforts to obtain a position in cybersecurity. Daniel grew up placing Ice Hockey and served his country in the US Navy, and served his community in law enforcement before transitioning to IT for the past six years. He has Linux and Security+ certifications and is open to full time employment offers now. Listen to the show to learn more about Daniel's background.  00:00-02:15 Special guest Daniel Rose shares his experience encountering crazy job descriptions like this entry level position: "Must have 5 years experience and former CISO preferred?!" Larry and Daniel discuss how these “unicorn employee” job postings can be frustrating for people looking to break into the cybersecurity field.  02:15-3:15 Larry recalls a conversation he had with an IT Architect who told him having passion for cybersecurity is the most important thing 03:15-05:00 Daniel shares about when he first transitioned from a career in law enforcement to IT. It all started when he took a digital forensics workshop. He then found a computer hardware position and then web/software development.  05:00-08:00 Daniel shares stories about how his passion and drive has helped him overcome challenges in life, including an inspiring story when he served in the US Navy. If you really want to do something - stick to it!  08:00-12:00 Daniel shares tips with Larry on studying for the Pentest+ and Security+ Exam. 12:00-13:30  Daniel explains what TryHackMe.com is all about.  13:30-14:45  Daniel explains what it takes to get a new account in https://HackTheBox.com  14:45-15:30 Daniel talks about https://CodeAcademy.com  15:30-16:05 Daniel recommends that Larry get into Python as his first cybersecurity programming language  16:05-18:43 Daniel recommends https://RangeForce.com  and talks about how it helped him gain hands-on experience with PowerShell, Intrusion Detection Systems,  18:43  Daniel talks about https://CyberDefenders.org  ; a blue team training course to learn Splunk and reverse engineering malware  20:45 Joe talks about how Marcus Hutchins used his malware analysis skills to find the kill switch that stopped WannaCry ransomware from spreading worldwide in 2017. Learn about Marcus's story here: https://en.wikipedia.org/wiki/Marcus_Hutchins 22:20 Larry talks about the Microsoft MSSA Academy https://military.microsoft.com/programs/microsoft-software-systems-academy/  26:10 Daniel talks about his experience using EDR to investigate ransomware and how he created a watchlist of task scheduler changes to hunt for Indicators of Compromise (IOC) 29:00 Larry ties together how incident response requires skills with forensics  30:00 Daniel talks about how he used the Jason Dion Udemy course to prepare for the LPI Linux course https://www.udemy.com/user/jason-dion/  31:50 Daniel shares his tips with Larry on studying for Security+ 35:00 Larry shares an update on his career search