Friday, January 29, 2016

2016-005-Dropbox Chief of Trust and Security Patrick Heim!


Brakeing Down Security had the pleasure of having Patrick Heim join us to discuss a number of topics.
We discussed a number of topics:
Cloud migrations
What stops many traditional #companies from moving into #cloud based operations? What hurdles do they face, and what are some pitfalls that can hamper a successful #migration?
We touched briefly on #BYOD and the use of personal devices in a business environment, as well as #Dropbox's deployment of optional #2FA and using #U2F keys for additional #authentication measures.
Finally, as an established leader in several major #companies, we pick Mr. #Heim's brain about qualities of a leader. Can you self-diagnose if you'll be a good manager? And what does Mr. Heim look for when hiring qualified candidates.
It was a pleasure having Mr. Patrick Heim on and Brakeing Down #Security thanks him for his valuable time.
Some #articles we drew upon for questions to ask Mr. Heim:
http://blogs.wsj.com/cio/2015/05/01/dropbox-is-not-part-of-security-problem-says-new-security-chief/
http://www.itpro.co.uk/cloud-storage/24894/dropbox-users-may-get-free-storage-if-they-adopt-stronger-security
http://www.computerworld.com/article/2489977/security0/boost-your-security-training-with-gamification-really.html
http://www.computerworlduk.com/news/cloud-computing/dropbox-working-on-fido-keys-ensure-top-notch-security-3618267/
http://www.darkreading.com/operations/building-a-winning-security-team-from-the-top-down/a/d-id/1322734

Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
TuneIn Radio App: http://tunein.com/r…/Brakeing-Down-Security-Podcast-p801582/
BrakeSec Podcast Twitter: http://www.twitter.com/brakesec
Bryan's Twitter: http://www.twitter.com/bryanbrake
Brian's Twitter: http://www.twitter.com/boettcherpwned
Join our Patreon!: https://www.patreon.com/bds_podcast
RSS FEED: http://www.brakeingsecurity.com/rss
Comments, Questions, Feedback: bds.podcast@gmail.com
**NEW** Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969

Partick Heim image courtesy of darkreading.com

Here is a new episode of Brakeing Down Security Podcast!

Tuesday, January 26, 2016

2016-004- Bill Gardner-- Author, Speaker, and Professor

BrakeSec Podcast welcomes Bill Gardner this week! Author, InfoSec Convention Speaker, and fellow podcaster...
We break a bit from our usual rigid methods, and have a good ol' jam session with Bill this week. We talk about vulnerability management, career management, the troubles of putting together a podcast and more!

(non-sponsored link)
Bill's "Reboot It" Podcast: http://www.rebootitpodcast.com/



BrakeSec Podcast Twitter: http://www.twitter.com/brakesec





Comments, Questions, Feedback: bds.podcast@gmail.com


2016-003-Antivirus (...what is it good for... absolutely nothing?)

#Anti-virus products... they have been around for as long as many of us have been alive. The first anti-virus program, "The Reaper" was designed to get rid of the first virus 'The Creeper' by Ray Tomlinson in 1971.
This week, we discuss the efficacy of anti-virus. Is it still needed? What should blue teamers be looking for to make their anti-virus work for them.  And what options do you have if you don't want to use anti-virus?
We also argue about whether it's just a huge industry selling snake oil that is bolstered by #compliance #frameworks, like #PCI?
#mcafee,#symantec,#panda,#avg,#kaspersky,#logging,#siem 



BrakeSec #Podcast #Twitter: http://www.twitter.com/brakesec





Comments, Questions, Feedback: bds.podcast@gmail.com


Itunes:https://goo.gl/Jk3CxU 

2016-002-Cryptonite-- or how to not have your apps turn to crap

This week, we find ourselves understanding the #Cryptonite that can weaken devs and software creators when dealing with #cryptographic #algorithms and #passwords. Lack of proper crypto controls and hardcoded passwords can quickly turn your app into crap.
Remember the last time you heard about a hardcoded #SSH private key, or have you been at work when a developer left the #API keys in his #github #repo?
We go through some gotchas from the excellent book "24 Deadly Sins of Software Security". Anyone doing a threat analysis, or code audit needs to check for these things to ensure you don't end up in the news with a hardcoded password in your home router firmware, like these guys: https://securityledger.com/2015/08/hardcoded-firmware-password-sinks-home-routers/

Book:

Show Notes:



BrakeSec Podcast Twitter: http://www.twitter.com/brakesec





Comments, Questions, Feedback: bds.podcast@gmail.com



2016-001-Jay Schulman and BSIMM

#Jay #Schulman is a consultant with 15+ years of experience in helping organizations implementing #BSIMM and other compliance frameworks.  For our first #podcast of 2016, we invited him on to further discuss and how he has found is the best way to implement it into a company's #security #program.

Jay Schulman's #website: https://www.jayschulman.com/
Jay's Podcast "Building a Life and Career in Security" (iTunes): https://itunes.apple.com/us/podcast/building-life-career-in-security/id994550360?mt=2&ls=1


BrakeSec Podcast Twitter: http://www.twitter.com/brakesec
Comments, Questions, Feedback: bds.podcast@gmail.com

2015-054: Dave Kennedy!

#Dave #Kennedy does a lot for the infosec community. As owner/operator of 2 companies (Binary Defense Systems and Trusted Security), he also is an organizer of #DerbyCon and active contributor to the Social Engineering ToolKit (#SET).  You can also find him discussing the latest hacking attempts and breaches on Fox News and other mainstream media outlets.
But this time, we interview Dave Kennedy because he has been elected to the ISC2 board. He will be serving a 3 year term with Wim Remes (who we interviewed a couple of weeks ago) and others to improve #ISC2 processes, and to make #CISSP and other certs more competitive in the #infosec/IT community.
And yes... we find out about what is going on with DerbyCon and get some updates with what will happen in the next DerbyCon.




BrakeSec Podcast Twitter: http://www.twitter.com/brakesec





Comments, Questions, Feedback: bds.podcast@gmail.com