Thursday, November 23, 2017

2017-039-creating custom training for your org, and audio from SANS Berlin!


This week is a bit of a short show, as Ms. Berlin and Mr. Boettcher are out this week for the holiday.  

I wanted to talk about something that I've started doing at work... Creating training... custom training that can help your org get around the old style training.

 

Also, we got some community audio from one of our listeners! "JB" went to a SANS event in Berlin, Germany a few weeks ago, and talked to some attendees, as well as Heather Mahalick (@HeatherMahalik), instructor of the FOR585 FOR585: Advanced Smartphone Forensics"

Take a listen and we hope you enjoy it!

 

Direct Link: https://brakesec.com/2017-039

 

RSS: https://brakesec.com/BrakesecRSS

Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

 

Join our #Slack Channel! Sign up at 

http://brakesec.com/brakesec

or DM us on Twitter, or email us.

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on #Patreon: https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

 

---Show notes (from Bryan and JB)---

 

Ms. Berlin in New Zealand

 

Mr. Boettcher with the family

 

Training

 

What makes us despise training so much?

Cookie cutter

Scenarios do not match environments

Speaking is a little too perfect

Flash based

UI is horrible

Outdated

Easy questions

 

Infosec training is worse

2 hours of training each year

Not effective

 

Why not make your own?

Been doing it at work

No more than 7 minutes

Custom made

Tailored for your own company

 

Do you training like a talk at a con

Time limit: 7 (no more than 10 minutes)

Create some slides (5-7 slides)

Do it on a timely topic

Recent tabletop exercise results

Recent incident response

Phishing campaign

Script or no-script required

Sometimes talking plainly can be enough

 

https://screencast-o-matic.com/ - Windows (free version is 7 minutes long)

Quicktime - OSX (free) (Screenflow)

Handbrake (convert to MKV or MP4)

Microphone (can use internal microphones if you have a quiet place)


[begin notes: SANS Berlin REMOTE segment]
corresp. JB

reach jb at
(@cherokeejb_) on brakesec slack, twitter, & infosec.exchange


--link to all trainers and info from archive SANS Berlin 2017 https://www.sans.org/event/berlin-2017/


--pre-NetWars chat with the SEC 503 class:
-what do you like about SANS conference
-european privacy laws, even country to country!
-biggest priority for next year:  building a SOC, working together with sales, asset management, constant improvement, password reuse

--special BrakeSec members only cameo


--“bring your own device” interview with an Information Security/forensics professional
password elimination or no reuse


--interview with Heather Mahalik (@HeatherMahalik)
Bio https://www.sans.org/instructors/heather-mahalik
-“game over” whatsapp, unpatched android, other known-historically weak tools as “assume breach of mobile”
-interesection of network forensics and mobile
-open source tools and the lack of, how to judge your tools
-Heather’s recent blog
-getting into mobile, decompiling, etc.
-number one topic for next year:  encryption for Andriod 8 Oreo, iOS 12
-“most popular android is still v4.4”

Heather’s blog we mentioned
http://smarterforensics.com

link to the book Heather mentioned:
https://www.amazon.com/Practical-Mobile-Forensics-Heather-Mahalik/dp/1786464209/


--link to blog mentioned, jb’s initial reflections on SEC 503

https://www.linkedin.com/pulse/whaaaa0101-0000-0011t-aka-extracting-files-out-pcaps-foremost
JBs blog main link, or if you’re not a fan of linkedin
https://cherokeejb.blogspot.de/

small featured music clips used with permission from YGAM Records, Berlin
“Ж” by the artist Ōtone (Pablo Discerens), (c)(p)2016
Get it for free or donate at http://ygam.bandcamp.com !

book club EMEA!:
message JB or David (@dpcybuck) or any of us on brakesec slack if you want to take part in the book club conversations live, but can’t make the main call !


--
-
[end segment]

 


Here is a new episode of Brakeing Down Security Podcast!

No comments: