Phillip Wylie Show

Phillip Wylie

Join Phillip Wylie Show host Phillip Wylie as he and his guests discuss the intriguing and ever-expanding field of cybersecurity, including topics from the offensive security side to the defensive and response sides of cybersecurity. Frequent offensive security topics include pentesting, red teaming, ethical hacking, security research, and bug bounties. Guests share their origin stories, tips, and career advice. Phillip and his guests discuss content creation and personal branding in this podcast. If you enjoyed Phillip's previous podcast, The Hacker Factory, you will love this! read less
TechnologyTechnology

Episodes

Andy Liverman Anderson: Scaling Cybersecurity Functions with AI
5d ago
Andy Liverman Anderson: Scaling Cybersecurity Functions with AI
About the Guest: Andy Liverman Anderson is a seasoned professional with a diverse background spanning real estate, Wall Street, and cybersecurity. With nearly a decade dedicated to the field of cybersecurity, Andy brings a wealth of experience and knowledge to the industry. As a history major, he leverages his unique perspective to analyze the intricacies of cybersecurity's geopolitical landscape. Notably, Andy has been pivotal in the development of moving target defense strategies and has pioneered the use of machine learning to estimate cyber risk in the insurance domain. Currently, he serves as a VP of Sales at Uno AI, a company at the forefront of incorporating AI into cybersecurity efforts. Episode Summary: This episode of The Phillip Wylie Show delves into the rapidly evolving landscape of cybersecurity, focusing on the integration of automation and AI technologies. Host Phillip Wylie is joined by Andy Liverman Anderson from Uno AI to explore the ways these advancements are transforming the industry. Fascinated by the seismic shift caused by AI tools like Chat GPT, they discuss the implications for cybersecurity professionals, who like superheroes, each have their own origin story. The conversation begins by highlighting the role of automation in cybersecurity, referencing Jeff Foley's mass reconnaissance script, and moves on to unpack Andy's journey from real estate and Wall Street into the complex world of cybersecurity. The second summary paragraph touches on the significant role AI plays in vulnerability management, acting as a force multiplier for security practitioners, and the potential for Uno AI's copilots to scale and enhance the capabilities of cybersecurity teams. As the episode unfolds, it becomes clear that the integration of AI into cybersecurity is not just a possibility, it's a reality unfolding before us. Key Takeaways: Automation and AI are revolutionizing cybersecurity, taking over repetitive and tedious tasks to free up professionals for more complex work. Andy Liverman Anderson's history in both traditional tech and cybersecurity provides a unique perspective on the use of AI in cybersecurity. Cyber insurance and understanding post-attack scenarios are critical components in managing cyber risk effectively. Uno AI's cyber AI copilot assists security professionals by streamlining the process of vulnerability management and producing actionable insights. As AI democratizes technology, it may lower barriers to entry in cybersecurity and generate better, more creative jobs. Notable Quotes: "It's the land of broken toys. You get to look at all these different things." "Every organization should have cyber insurance. I'm not selling insurance anymore, but I think you're crazy as an organization, even a very small business, it's surprisingly inexpensive." "What AI is going to do because the very narrow skills that you had are no longer so scarce." "A bot never gets tired, is always happy to answer them, and as long as they're providing accurate answers." "When you've seen sort of a democratization of core technologies, that's just the explosive impact it's had across the world." Resources: https://www.linkedin.com/in/andyandersoncyber/ https://www.linkedin.com/company/unoai/ https://uno.ai/
Be Fearless Online: In Browser Malicious File Detection Part 2
Feb 13 2024
Be Fearless Online: In Browser Malicious File Detection Part 2
About the Guest: Dakshitaa Babu is a Software Engineer at SquareX, where she is engaged in data engineering and analytics. She is also the pen behind the engineering blogs written on SquareX's infrastructure and security research. After completing her Bachelor's degree at the National University of Singapore, Dakshitaa joined SquareX, marking her foray into the cybersecurity industry. While new to the field, her enthusiasm for discovering and understanding new concepts has quickly established her as a committed contributor to the evolving sector. Her interests are in Browser Security and consumer education. Episode Summary: In this captivating episode of The Phillip Wylie Show, cybersecurity enthusiasts witnessed a deep dive into the cutting-edge realm of in-browser malicious file detection with Dakshitaa Babu. Dakshitaa, showcasing her prowess in the industry, illustrates sophisticated features of her company's flagship cybersecurity product designed to enhance online safety. Dakshitaa demonstrates the product's ability to detect malicious macros within files, emphasizing the significance of privacy in their detection methods which occur directly within the browser environment. Focusing primarily on Gmail due to its widespread use, she articulates how the product can reveal hidden dangers within office documents and macros. The episode highlights not only the detection of conventional threats but also uncovers tactics like file renaming, VBA purging, and old file format analysis to pinpoint potentially harmful activity. The conversation shifts towards the efficiency and privacy advantages of in-browser detection. Dakshitaa explains how this approach offers immediate and private threat recognition compared to traditional methods. She confidently positions her company's product as a vital layer of defense, complementing existing antivirus solutions and empowering users with immediate insights into file safety before downloads occur. Key Takeaways: In-browser malicious file detection technology offers advanced privacy and fast analysis by scanning files directly within the email client. Dakshitaa demoed the tech's proficiency in detecting renamed files, large file components, and outdated file formats—all indicative of potential malware. The product integrates seamlessly with Gmail, providing users with immediate warnings and detailed insights into file contents without downloads. Unique detection methods allow for identifying suspicious activities such as VBA purging, which can bypass some antivirus solutions. The browser extension is free and compatible with all chromium-based browsers, encouraging user adoption for an added layer of cybersecurity. Notable Quotes: "We are going deeper than what surface level checks do in Gmail, for instance." -Dakshitaa Babu "We have no idea why you're still using it in 2024." -Dakshitaa Babu "We are trying to create a product that has never been there before that is truly important for every user." -Dakshitaa Babu "We can't always take our own sweet time to scan through every single file thoroughly before letting the user use it." -Dakshitaa Babu "We want to make sure that before you give the file a chance to even penetrate to your local device or to your network… we want to be there first and give you a first line of defense." -Dakshitaa Babu Resources: Get your free Chrome plugin: ⁠⁠⁠http://sqrx.io/pw_x⁠⁠⁠ ⁠⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠⁠ ⁠⁠⁠https://twitter.com/getsquarex⁠⁠⁠ ⁠⁠⁠https://www.instagram.com/getsquarex/
Michael Jenks: Lessons from a Former DoD Professional
Feb 12 2024
Michael Jenks: Lessons from a Former DoD Professional
About the Guest: Michael Jenks, commonly referred to as "Jenks," is an esteemed figure with an extensive background in the Department of Defense (DoD). With a penchant for cybersecurity and a wealth of experience in cyber warfare, Jenks offers a valuable skill set that has been honed in high-stakes environments where precision and accuracy are paramount. Having started his journey in computer science, he quickly developed a fascination with digital code and its impact. Transitioning from dial-up ISPs to L-3 Communications, where he gained clearance for classified work, Jenks eventually founded his own defense contracting company specializing in offensive and defensive cyber operations. Episode Summary: In this riveting episode of the Phillip Wylie Show, host Phillip examines the intersection of cybersecurity and defense backgrounds through his conversation with Michael Jenks from Interpris. The dynamic dialogue delves into how professionals from critical sectors, such as the Department of Defense, bring innovative solutions and meaningful perspectives to the cybersecurity industry. Jenks shares his 'origin story,' which follows a trajectory starting from gaming and IRC administration, leading to a computer science degree and an impressive tenure at various defense-related roles. His story highlights a critical insight: that the best cybersecurity defenses are often forged in the crucible of real-world operations where the cost of failure is immense. Central to the conversation, Jenks unravels the methodology behind Interpris—a platform designed to contextualize and elevate existing cybersecurity tools through continuous threat exposure management. Leveraging a thorough understanding of threat profiles, Interpris aims to help organizations prioritize potential risks based on industry, operations, and data sensitivity. The platform's philosophy is clear—fortify defenses by optimizing tools that organizations already possess, using informed strategies and continuous monitoring to proactively counter advanced cyber threats. Key Takeaways: Cyber professionals with DoD experience bring invaluable expertise to cybersecurity solutions. Interpris focuses on improving an organization's security posture by providing context and strengthening existing tools. Assume breach approach and implementing best practices are essential for a robust security posture. Insider threats are as significant as external threat actors, making holistic security measures necessary. The emergence of AI in both offensive and defensive cybersecurity tools is rapidly changing the landscape. Notable Quotes: "I mean, man, if you have it, background, a clearance, man, there are just a ton of jobs." -Michael Jenks "From just the digital realm. Gamer growing up. Cut my teeth on hacking back in the day." -Michael Jenks "You already have enough tools, right. It's really just that optimized configuration, that prioritization, that customization." -Michael Jenks "It's my job to defend this environment. I have no idea where we're protected, where we're not." -Michael Jenks "What we're doing is weaving together all of these products, from EDR, from network sensing, to firewall, to your ESM." Michael Jenks Resources: https://www.linkedin.com/in/michaeljenks/ https://www.linkedin.com/company/interpres-security/ https://twitter.com/InterpresSec https://interpressecurity.com/
Be Fearless Online: In Browser Malicious File Detection Part 1
Feb 8 2024
Be Fearless Online: In Browser Malicious File Detection Part 1
About the Guest: Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security. Episode Summary: In this riveting episode of the "Philip Wylie Show," listeners are invited to explore the intricate world of cybersecurity with Jeswin Mathai, who returns to discuss the innovative features of Squarex. Designed to bolster online safety, Squarex addresses the challenges individuals face with malicious files, particularly through email and other online communication platforms. Jeswin demonstrates Squarex's ground-breaking in-browser malicious file detection capability against the backdrop of increasing macro-based cyber threats. These threats often exploit macros within documents to compromise systems, a technique that has persisted in popularity among cybercriminals. Jeswin also touches upon the limitations of traditional antivirus solutions and email client security in detecting such risks. Key Takeaways: Squarex's new feature conducts an in-browser analysis of files to promptly detect malicious content, enhancing email client security. Traditional antivirus programs and email clients often fail to adequately detect or block macros, a common vector for cyber attacks. Attackers can exploit file type mismatches and employ social engineering tactics to deliver malicious payloads through seemingly benign document files. Jeswin unveils techniques such as "VBA Stomping" and "VBA Purging" that attackers use to bypass antivirus detection. Squarex offers solutions to safely convert potential macro-threats into clean or PDF versions within the browser, providing a privacy-centric approach to cybersecurity. Notable Quotes: "Anytime you receive a malicious attachment…we are going to do in-browser file analysis." - Jeswin Mathai "It's kind of interesting because, like going through the OSCP course, one of the payloads they were mentioning during that time, this was back 2012, 2013, was using macros in the payloads." - Phillip Wylie "Gmail, when it comes to webmail client, has the most amount of market share…72% is just Gmail." - Jeswin Mathai "So the way mail clients work is, let's say here, we'll consider the example of Gmail…" - Jeswin Mathai "The sad part about COVID was a lot of things happened that we are not aware of because the sad event of COVID, the deaths…a lot of other attention or other issues were not given that much amount of attention and they never came to the light of the public." - Jeswin Mathai Resources: Get your free Chrome plugin: ⁠http://sqrx.io/pw_x⁠ ⁠https://www.linkedin.com/company/getsquarex/⁠ ⁠https://twitter.com/getsquarex⁠ ⁠https://www.instagram.com/getsquarex/
Chris Glanden, Kevin Pentecost, & Jason Popillion: Welcome to The Circus
Feb 5 2024
Chris Glanden, Kevin Pentecost, & Jason Popillion: Welcome to The Circus
About the Guests: Kevin Pentecost and Jason Papillon are the dynamic duo behind the engaging podcast Cyber Distortion. They share a strong history of creating content that delves deep into the cybersecurity world, aiming to educate and inform a wide audience about offensive and defensive strategies within the industry. Kevin brings in his expertise in graphic design, while Jason focuses on the content structure and delivery, making them a well-rounded team. Chris Glanden is the voice behind the Barcode podcast and the newly introduced webcast, Risk Radar. With previous experience in film, Chris steers his podcast to explore the impacts of AI on cybersecurity, aligning with his efforts to create a documentary on the weaponization of AI systems. He recently made strides into entrepreneurship with his company, Barcode Security. In this episode of the Phillip Wylie Show, we're treated to a rare gathering of cybersecurity enthusiasts who have built a reputation for their captivating content creation. This episode stands out as the first to feature multiple guests, offering a unique blend of perspectives on professional hacking, content creation, and AI's role in cybersecurity. Episode Summary: The episode kicks off with a recount of the Lone Star Cyber Circus—a collaboration event that brought together local talent from Dallas and introduced thought-provoking discussions on the ever-evolving Dallas hacker scene and AI's intersection with cybersecurity. The conversation pivots to the art and influence of content creation, as the guests delineate pathways for individuals to kickstart or amplify their cybersecurity careers through effective branding and exposure. As the dialogue unfolds, it touches upon the individual journeys and collaborative ventures of the guests. Kevin and Jason of Cyber Distortion detail their foray into podcasting, aiming to disseminate cybersecurity knowledge at scale. Chris shares his foray into documentary filmmaking, aiming to shed light on the dark potential of AI if left unchecked. Together, their experiences coalesce into a shared vision that culminates in the announcement of the Cyber Circus Network (CCN)—a unifying initiative set to propel the cybersecurity conversation into new heights. Key Takeaways: The synergistic collaboration of Kevin and Jason provides insights into the world of cybersecurity through their high-production podcast, Cyber Distortion.Chris Glanden's Barcode podcast and his upcoming documentary on AI highlight the industry's pertinent issues and emerging threats.Content creation in cybersecurity is an avenue ripe for exploration, presenting opportunities for education, networking, and career growth.The newly formed Cyber Circus Network signals a collective move toward amplifying cybersecurity awareness and fostering community engagement through various events and content mediums.The upcoming episodes and events under CCN are gearing up to provide value-driven, diverse content for the cybersecurity community. Notable Quotes: "We want to surround ourselves with as many people as possible that can add value to the area that we're working in." — Jason Papillon "I always have fun meeting with you guys and talking shop." — Jason Popillion"I'm excited about what we all do individually as well, and how that adds value." — Jason Papillon"I think our values align as well. At the end of the day, we all want to help each other." — Chris Glanden Resources: Kevin Pentecost & Jason Popillion: Cyber Distortion Podcast https://twitter.com/DistortionCyberhttps://www.linkedin.com/in/jason-popillion-cissp-863a464/https://www.linkedin.com/in/kevin-pentecost-cissp-cism-ceh-cpt-mcse-cca-itil-f-4a61404/https://www.youtube.com/@TheCyberDistortionPodcast Chris Glanden: Barcode Podcast https://www.linkedin.com/in/chrisglanden/https://www.linkedin.com/company/barcodesecurity/https://barcodesecurity.com/https://twitter.com/ChrisGlitz Cyber Circus Network http://cybercircusnetwork.com/
Jason Haddix: A Conversation on AI, Bug Bounty, and Red Teaming
Jan 29 2024
Jason Haddix: A Conversation on AI, Bug Bounty, and Red Teaming
About the Guest: Jason Haddix is a seasoned cybersecurity professional with a wealth of experience spanning over two decades in the field. Recognized for his insightful contributions to ethical hacking communities, he's penned informative articles, engaged in content creation, and previously held the title of top hunter at Bugcrowd in 2016. Jason has contributed his expertise to several organizations including HP, where he was part of the Shadow Labs internal pen testing team, and Ubisoft where he served as CISO. He's recently embarked on a new journey with Arcanum Information Security, focusing on red teaming, training, and consulting services. Episode Summary: In this episode, host Phillip Wylie sits down with cybersecurity expert Jason Haddix to explore the ever-evolving realm of cybersecurity. As a beacon of knowledge, Jason delves into his career trajectory, from learning the ropes in clandestine online forums to ascending the ranks as a top bug bounty hunter and, ultimately, leading as a CISO. This conversation ventures through the corridors of Jason's illustrious journey, offering vital insights into not just his past accomplishments but his current endeavors in the wide world of cybersecurity. The discussion pivots to the frontiers of AI's application in security, where Jason unveils his work in leveraging AI for practical defense measures and his innovative teaching methods. They explore the implications of AI on future cybersecurity roles, debunk myths around job displacement, and share resources for those keen on sharpening their hacking prowess. Emphasizing the imperative for continuous learning and adaptation, Jason's narrative is a treasure trove of guidance for professionals navigating the cybersecurity landscape. Key Takeaways: Jason Haddix shares how his early involvement in underground web forums sparked his pursuit of cybersecurity, leading to a diverse career in pen testing, bug bounties, and CISO roles. AI's integration into cybersecurity is highlighted as a pivotal game-changer, with practical use cases ranging from building defensive solutions to enhancing security programs. Haddix elucidates how his origins in bug bounty hunting enriched his capabilities during his recent tenure in red teaming more than the other way around. The conversation dives into the emerging skill set of natural language hacking and the importance of prompt engineering for security practitioners. Jason's new company, Arcanum Information Security, focuses on delivering specialized training and consulting in modern application analysis, reconnaissance, and security leadership. Notable Quotes: “It's like having a colleague next to you to ask dumb pen test questions to when you don't know how some technology works and that's how I treat the [AI] bot.” - Jason Haddix “Who needs DA when you have the entire data lake of a company already downloaded into an app that you broke into because it had a local file include, that feels like 1995 or something like that.” - Jason Haddix “I think defenders will run with this thing [AI] and be better than ever.” - Jason Haddix Resources: Jason Haddix on X(formerly Twitter): @Jhaddix Jason Haddix on LinkedIn: https://www.linkedin.com/in/jhaddix/ Arcanum Information Security: https://arcanum-sec.com/
Bryson Bort: From Red to Purple: The Evolution of Cybersecurity
Jan 23 2024
Bryson Bort: From Red to Purple: The Evolution of Cybersecurity
About the Guest: Bryson Bort is a recognized information security expert, founder, and entrepreneur with extensive experience in the cybersecurity field. Bryson is the founder and CEO of Scythe, a cybersecurity company known for creating a platform that enables security teams to build and emulate real-world adversarial campaigns in a safe manner. He has a rich background, having grown up in Germany and the Soviet Union, and served at West Point and as an officer in the Army and Signal Corps. Bryson is also known for his work in defense and intelligence, and he's a prominent figure for his contributions to the information security community. Additionally, he co-founded a nonprofit called the ICS Village dedicated to education and advocacy for critical infrastructure security. In this thought-provoking episode of "The Philip Wylie Show," the host Phillip Wylie dives into an in-depth conversation with cybersecurity maven Bryson Bort. The audience is welcomed into Bryson's world of entrepreneurship and cybersecurity innovation, with particular emphasis on his journey from military service to founding cutting-edge cybersecurity ventures. Bryson's impactful narrative charts his transition from his startup Scythe's initial product offering—a platform for creating custom, scalable cyberattack simulations—to driving the cybersecurity industry forward with accessible automated defenses. Bryson shares insights into the psychological barriers in information security, the evolution of cyber threats, and the critical role of post-access attack strategies. Furthermore, the episode shines a light on the operational technology (OT) space, underscoring the pressing need for robust cybersecurity measures amidst crucial infrastructures and the inherent risks of physical harm. Bryson Bort's transition from military service to cybersecurity entrepreneurship highlights the value of real-world offensive security experience in building successful startups.The concept of "Bryson Attack Model" (BAM), which emphasizes the significance of post-access attack phases, reveals limitations in the traditional cybersecurity defenses.The progression from red team tools to a more enterprise-friendly purple teaming approach suggests a shift in cybersecurity practices aiming for collaborative and immediate security enhancements.Industrial Control Systems (ICS) and OT cybersecurity represent a field of critical importance with unique challenges, including the need for balancing safety with potential cyber threats.Bryson Bort discusses the importance of drawing wisdom from cybersecurity's past to inform future defenses, hinting at the release of a detailed paper on developing a true cyber warfare capability. "The first is reconnaissance [...] the second step is I break in. Initial access [...] That's the third phase, the post access." -Bryson Bort"We built our initial platform in C Sharp. No assembly [...] Red team operators aren't developers." -Bryson Bort"I describe being a startup founder as you are the CEO and you're the janitor." -Bryson Bort"Going back to your question earlier, what does the real thing look like? I think that will also give a lot more detail that I'll be comfortable sharing because I'll have time to really think with him through what we're willing to share publicly." -Bryson Bort Socials and Resources: https://www.linkedin.com/in/brysonbort/https://www.linkedin.com/company/scythe_io/https://www.linkedin.com/company/icsvillage/https://twitter.com/brysonborthttps://twitter.com/scythe_iohttps://twitter.com/ICS_Villagehttps://scythe.io/
Unleash Your Personal Brand & Master Professional Networking!
Jan 19 2024
Unleash Your Personal Brand & Master Professional Networking!
About the Guest: Phillip Wylie is a seasoned professional in the cybersecurity field, recognized for his expertise in offensive security and personal branding. With a career marked by actively sharing his insights at conferences like DEF CON, Phillip engages deeply with the community to foster networking and personal growth. As a speaker and advocate, he guides others in diversifying their connections and professional presence, promoting an integrated approach to in-person and online networking. In this insightful episode featuring Phillip Wylie, listeners gain essential advice on networking and personal branding sculpted from Wylie's rich experience in the cybersecurity industry. Known for his practical guidance and successful engagement strategies with the community, Wylie unpacks the synergistic relationship between virtual and real-world interactions, offering a valuable roadmap for career growth and visibility. Philip emphasizes the power of diversification in networking efforts, both online and offline. Encouraging professionals to attend various conferences and engage with individuals outside their usual circles, Wylie's approach is about expanding personal networks and opportunities in unexpected places. With a focus on cybersecurity events and how to leverage them for greater impact, he offers unique tips that promise to enrich one's personal brand and career path. Integrate in-person networking with social media to create synergistic personal branding effects.Attend various meetups and conferences, even those outside your usual professional scope, to broaden your network.Utilize social media platforms to announce presence at events and connect with both existing and new contacts.Diversification in social media presence, including experimenting with new platforms or content formats, can lead to unexpected opportunities.The significance of building a personal brand for increased visibility and engagement in your professional field, benefiting both the individual and their associated organizations. "The connections you make in person are so much more powerful than just what you do online.""Getting out there, talking to people when you're at these events is helpful and diversification.""You need to show this is where I'm speaking. These are workshops I'm teaching. These are things I'm doing. So people get to see this guy is a subject matter expert in offensive security.""Work on your personal brand because the day may come you may need to move jobs and you don't want it to all be purely this certain company over here that's not transferable.""I've got so many more followers and subscribers to my podcast and views compared to the audio-only platforms." Resources: Phillip Wylie's LinkedIn Article (Referenced as an inspirational article for this video.)DEF CON (Mentioned as a venue where Phillip gave a talk on networking and personal branding)Podcast: The Phillip Wylie Show https://www.phillipwylieshow.com/ Episode Summary:Key Takeaways:Notable Quotes:Resources:
Andy Thompson: Journey From It To Offensive Security Research Evangelist
Jan 16 2024
Andy Thompson: Journey From It To Offensive Security Research Evangelist
About The Guest: Andy Thompson, also known as Rainmaker, is a cybersecurity professional and a research evangelist at CyberArk. With over 20 years of experience in the industry, Andy has a background in systems administration and website design. He is an active member of the cybersecurity community and is heavily involved in the Dallas Hackers Association (DHA), where he serves as the MC and co-organizer of the monthly meetups. Andy is passionate about mentoring and helping others get started in the industry. Summary: In this episode, Phillip Wylie interviews Andy Thompson, a cybersecurity professional and research evangelist at CyberArk. They discuss Andy's journey into the industry, the importance of community, and the role of public speaking in cybersecurity. Andy shares his experience with Dallas Hackers Association (DHA) and how it has helped launch many speaking careers in the cybersecurity field. He also provides valuable advice for those looking to get started in cybersecurity and emphasizes the significance of networking and being part of a community. Key Takeaways: Dallas Hackers Association (DHA) has played a significant role in launching speaking careers in the cybersecurity field.Public speaking skills are valuable in the industry and can help differentiate individuals from the crowd.Toastmasters and improv classes are great resources for improving public speaking skills.Being part of a community and networking are crucial for getting started in cybersecurity.Twitter is a valuable platform for staying updated on the latest hacks, vulnerabilities, and industry news. Quotes: "The best way to become part of the information security hacking industry is to be part of a community." - Andy Thompson"Networking really will get your foot in the door in ways that traditional job hunting won't allow you to do." - Andy Thompson Socials and Resources: https://twitter.com/Andy_Thompson https://www.linkedin.com/in/andythompsoninfosec/
Reanna Schultz: Tips on Breaking into Cybersecurity and Public Speaking
Jan 9 2024
Reanna Schultz: Tips on Breaking into Cybersecurity and Public Speaking
About The Guest:Reanna Shultz is a cybersecurity professional who currently works in a security operations center. She has a diverse background, having initially pursued a career in criminal justice before discovering her passion for cybersecurity. Reanna is an experienced public speaker and is actively involved in the cybersecurity community. Summary:Reanna Shultz shares her journey into cybersecurity, starting from her small-town upbringing in Kansas City, Missouri. She discusses how she stumbled into the field and found her passion for social engineering and network security. Reanna emphasizes the importance of getting involved in the cybersecurity community and building a strong network. She provides practical advice for breaking into the field, including participating in capture the flag challenges, contributing to open-source projects on GitHub, and gaining real-world experience through volunteering. Reanna also discusses the role of certifications and degrees in the cybersecurity industry and highlights the value of continuous learning. She shares tips for job hunting, including tailoring resumes to match job descriptions and leveraging personal connections. Finally, Reanna offers insights into public speaking and encourages aspiring speakers to find their passion, start locally, and build their brand in the cybersecurity community. Key Takeaways: Get involved in the cybersecurity community to learn, network, and discover your interests within the field. Build a strong resume by showcasing your skills through open-source projects on GitHub and participating in capture the flag challenges. Tailor your resume to match job descriptions and highlight measurable achievements. Leverage personal connections and network within the cybersecurity community to increase your chances of landing a job. Find your passion and start speaking locally to build your brand as a cybersecurity speaker. Quotes: "Get involved in the community because your community is going to teach you what's happening locally around you." - Reanna Shultz "Your time is very valuable because you can't get that back. It's one of our most renewable resources that we could never get back at all." - Reanna Shultz "Read the job description. If it does not speak to you, do not even apply for it." - Reanna Shultz "Think about what you enjoy about cybersecurity because if you feel inspired and passionate with what you're talking about, this is how you're going to motivate people in the audience." - Reanna Shultz "Public speaking is one of the most amazing things about cybersecurity because we learn and grow from one another." - Reanna Shultz Socials and Resources:https://www.linkedin.com/in/reanna-schultz/
Cheryl Biswas: From Political Science Major to Cyber Threat Intelligence
Jan 2 2024
Cheryl Biswas: From Political Science Major to Cyber Threat Intelligence
About The Guest:Cheryl Biswas is a cybersecurity professional with a background in political science. She currently works in cyber threat intelligence, protecting a big bank against cybercrime and state-sponsored adversaries. Cheryl is passionate about the intersection of politics, economics, and technology in the cybersecurity field. Summary:Cheryl Biswas, a cybersecurity professional with a background in political science, shares her journey into the field of cyber threat intelligence. She discusses the importance of curiosity, analysis, and pattern recognition in this field. Cheryl also highlights the need for historical context and an understanding of politics and economics to effectively analyze cyber threats. She emphasizes the value of networking and volunteering at conferences to build connections and gain opportunities in the industry. Cheryl also encourages individuals to take care of their mental health and to have confidence in their abilities. Key Takeaways: Curiosity, analysis, and pattern recognition are essential skills in cyber threat intelligence.Historical context, politics, and economics play a significant role in understanding cyber threats.Networking and volunteering at conferences can provide valuable opportunities and connections.Taking care of mental health is crucial in the cybersecurity field.Confidence in one's abilities is essential for success in the industry. Quotes: "If you are a problem solver and into being a detective by nature, this is a very good field for you." -Cheryl Biswas"The bad guys are extremely efficient. They make money, they don't spend it." -Cheryl Biswas"Volunteering creates conversations where somebody starts to know you, and then they may very well be able to answer your questions or make recommendations." -Cheryl Biswas"Take a moment and assess how you are doing and don't push yourself past your limits because mental health is a real deal." -Cheryl Biswas"You are enough and you have what it takes. You have absolutely got something to bring to this table." -Cheryl Biswas Socials and Resourceshttps://www.linkedin.com/in/cherylbiswas/https://twitter.com/3ncr1pt3d
Chris Marks: From Network Technician to Security Management
Dec 25 2023
Chris Marks: From Network Technician to Security Management
About The Guest:Chris Marks is a cybersecurity professional with a background in engineering and architecture. He has worked in various roles in the cybersecurity field, including system engineer, senior analyst, and security manager. Chris is passionate about helping others enter the cybersecurity industry and is involved in mentoring and advising students at community colleges and universities. Summary:Chris Marks shares his journey into the cybersecurity field, starting from his interest in hacking and his involvement in the Tiger Trap Group. He discusses his experience applying for jobs and the challenges he faced before finally landing a position in Dallas. Chris emphasizes the importance of passion in cybersecurity and advises aspiring professionals to focus on their interests rather than just the potential for financial gain. He also highlights the significance of certifications and degrees in opening doors and advancing in the field. Chris concludes by discussing his current role in security management and his desire to help others succeed in cybersecurity. Key Takeaways: Passion is crucial in the cybersecurity field, as it can help individuals overcome challenges and stay motivated.Certifications and degrees can significantly enhance career opportunities in cybersecurity.Compliance work is an often overlooked but rewarding area of cybersecurity that offers good job prospects.The cybersecurity field offers various career paths, including application security, cloud security, digital forensics, and more.It is essential to stay updated with the latest frameworks and compliance requirements in the cybersecurity industry. Quotes: "If this is not your passion, if this is not your passion, you will get burned out no matter what avenue it goes." -Chris Marks"You need to invest in your offensive line." -Chris Marks"The money will come, but don't get into this for the money because you will not like it." -Chris Marks"We're not the business to make money, but we are the business to save money." -Chris Marks"If you want to do cybersecurity, there's ways. There's universities, there's community colleges. Definitely reach out to people who know it, who've done it, and then see where it takes you." -Chris Marks"Passion is crucial in the cybersecurity field, as it can help individuals overcome challenges and stay motivated." -Chris Marks"Compliance work is an often overlooked but rewarding area of cybersecurity that offers good job prospects." -Chris Marks"The cybersecurity field offers various career paths, including application security, cloud security, digital forensics, and more." -Chris Marks"It is essential to stay updated with the latest frameworks and compliance requirements in the cybersecurity industry." -Chris Marks Socials and Resources: https://twitter.com/DaBootWolverine https://www.linkedin.com/in/christopher-marks-7357441b/
Be Fearless Online: Protect Yourself Online with SquareX URL Safety Features
Dec 23 2023
Be Fearless Online: Protect Yourself Online with SquareX URL Safety Features
About The Guest: Shourya Pratap Singh is a Principal Engineer at SquareX. He is responsible for building SquareX’s secure and privacy-focused extension, and works on researching methods to counteract web security risks.He has conducted a workshop in Texas Cyber Summit, and his work is being presented at Blackhat Arsenal EU. Before joining SquareX, he worked with FinBox (an Indian fintech) where he led a team of brilliant developers and was responsible for building, and scaling multiple product lines. He has a bachelor’s degree from IIIT Bhubaneswar and holds a patent to his name. His area of interest includes browser extensions and web application security. Summary: Shourya Pratap Singh discusses the importance of safely using URLs and introduces Squarex, a product that provides URL protection. He explains that malicious URLs are a significant problem for IT teams worldwide and that it can be challenging to determine if a URL is malicious or not. SquareX offers a solution with its disposable browser feature, which allows users to open suspicious websites or links in a cloud browser. This feature provides a deterministic view of the website's safety and allows users to access it from different geographical locations. Shourya demonstrates how to use Squarex through the browser extension and the web app, highlighting the convenience and privacy it offers. He also mentions that Squarex includes an ad blocker and protects against browser fingerprinting. Overall, SquareX simplifies online safety and protects users from malicious URLs. Key Takeaways: SquareX's disposable browser feature allows users to open suspicious websites or links in a cloud browser, ensuring their safety.The disposable browser can be accessed through the Squarex browser extension or the web app, providing flexibility for users.SquareX protects users' privacy by preventing cookie sharing and browser fingerprinting.The disposable browser includes an ad blocker, enhancing the browsing experience and protecting against adware. Quotes: "With SquareX, what we have is sort of a deterministic view. So we have this feature which is called disposable browser." - Shourya Pratap Singh"This disposable browser is completely disposable. So you can simply click here, click on the cross button, and that particular session will basically get disposed of." - Shourya Pratap Singh Socials and Resources:Get your free Chrome plugin: ⁠http://sqrx.io/pw_x⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠https://twitter.com/getsquarex⁠⁠https://www.instagram.com/getsquarex/
Be Fearless Online: SquareX Introduces Disposable Emails to Combat Spam and Phishing Attacks
Dec 23 2023
Be Fearless Online: SquareX Introduces Disposable Emails to Combat Spam and Phishing Attacks
About The Guest:Dakshitaa Babu is a Software Engineer at SquareX, where she is engaged in data engineering and analytics. She is also the pen behind the engineering blogs written on SquareX's infrastructure and security research. After completing her Bachelor's degree at the National University of Singapore, Dakshitaa joined SquareX, marking her foray into the cybersecurity industry. While new to the field, her enthusiasm for discovering and understanding new concepts has quickly established her as a committed contributor to the evolving sector. Her interests are in Browser Security and consumer education. Summary:Dakshitaa Babu discusses the importance of disposable emails in the cybersecurity space. She highlights that emails are a primary mode of communication and are therefore at great risk of threats. More than a quarter of all threats that occur on a daily basis happen through email. Dakshitaa explains that the growing importance of disposable emails is due to the fact that email is the gateway into our personal and professional lives. We often have to use our email addresses to sign up for services or receive important information. However, more than 50% of the emails we receive are spam, which can be a waste of time and affect productivity. Dakshitaa also mentions that legitimate sources sometimes sell our email addresses to spammers. She shares a fun tip of adding a suffix to our email addresses to track who may have leaked our email address. Dakshitaa emphasizes the increasing threat of phishing emails, which are becoming more targeted and difficult to detect. She mentions that phishing emails often contain malicious files or links, and even unsubscribe links within emails can be malicious. Dakshitaa explains that Squarex promotes safe email practices by providing an enhanced privacy mode and opening links and files in a disposable environment. She also mentions that Squarex is working on integrating with social media accounts to make clicking on links safer. Dakshitaa concludes by highlighting the importance of using disposable emails to reduce exposure to threats and maintain privacy online. Key Takeaways: Disposable emails are important in reducing the risk of threats that come through email.More than 50% of the emails we receive are spam, which can waste time and affect productivity.Phishing emails are becoming more targeted and difficult to detect.SquareX provides enhanced privacy mode and opens links and files in a disposable environment.Using disposable emails can help reduce exposure to threats and maintain privacy online. Quotes: "Emails are like a primary mode of communication, and that also puts it at great risk of threats." -Dakshitaa Babu"More than 50% of the emails that come in our inbox are spam." -Dakshitaa Babu"Phishing is getting worse, and these days you can't even tell if it's legitimate or not." -Dakshitaa Babu"Emails have become really dangerous. It's almost like the floor is lava." -Dakshitaa Babu"Disposable emails are a great way to exercise privacy online." -Dakshitaa Babu Socials and Resources:Get your free Chrome plugin: ⁠⁠http://sqrx.io/pw_x⁠⁠⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠⁠⁠https://twitter.com/getsquarex⁠⁠⁠⁠https://www.instagram.com/getsquarex/
Justin "Hutch" Hutchens: AI's Impact on Cybersecurity
Dec 20 2023
Justin "Hutch" Hutchens: AI's Impact on Cybersecurity
Summary:In this episode of the Phillip Wylie Show, Phillip interviews Justin "Hutch" Hutchens, an offensive security professional and author of "The Language of Deception: Weaponizing Next Generation AI." They discuss the emerging risks and opportunities of artificial intelligence (AI) in the cybersecurity space. Justin shares his experiences with using AI to automate social engineering attacks and highlights the potential dangers of AI-powered conversational agents and technical agents. He also explores the defensive applications of AI, such as using language models for threat intelligence and incident response. The conversation concludes with a discussion on how individuals can leverage AI resources to improve their skills and stay ahead of the curve. Key Takeaways: AI-powered conversational agents can automate social engineering attacks, posing a significant risk to individuals and organizations.The emergence of AI-powered conversational agents and technical agents raises concerns about the potential for large-scale manipulation and exploitation.Language models can be used to filter and make sense of unstructured threat intelligence data, improving the efficiency and effectiveness of security operations.AI has the potential to revolutionize incident response by automating the creation of runbooks and enabling faster, more efficient incident resolution.Individuals can take advantage of AI resources by experimenting with language models and exploring freely available courses and resources. Quotes: "The fact that now, instead of just getting a phishing email, I could now be having a conversation with someone on LinkedIn, or if they've managed to get access to my internal network, possibly even on something like Teams or Slack." - Justin Hutchens"The most profound new capability that we're seeing with these language models in a defensive capability is being able to take that unstructured data and figure out what is relevant to me, what is relevant to my organization." - Justin Hutchens"The most important thing is really just starting, getting your hands on it and playing with it." - Justin Hutchens Socials and Resources: https://www.linkedin.com/in/justinhutchens/ https://twitter.com/sociosploit https://www.wiley.com/en-cn/The+Language+of+Deception%3A+Weaponizing+Next+Generation+AI-p-9781394222544
Be Fearless Online: Safely Deal with Files Online with SquareX
Dec 20 2023
Be Fearless Online: Safely Deal with Files Online with SquareX
About The Guest: Shourya Pratap Singh is a Principal Engineer at SquareX. He is responsible for building SquareX’s secure and privacy-focused extension, and works on researching methods to counteract web security risks. He has conducted a workshop at Texas Cyber Summit, and his work is being presented at Blackhat Arsenal EU. Before joining  @SquareXTeam , he worked with FinBox (an Indian fintech) where he led a team of brilliant developers and was responsible for building and scaling multiple product lines. He has a bachelor’s degree from IIIT Bhubaneswar and holds a patent. His area of interest includes browser extensions and web application security. Summary:In this episode, Shourya Pratap Singh from Squarex discusses how to deal with files securely online. He highlights the dangers of malicious files and the importance of protecting ourselves, especially during the holiday season when cyberattacks are more prevalent. Shourya demonstrates how traditional antivirus software and endpoint security systems work in a probabilistic way, making it difficult to determine if a file is truly safe. He then introduces SquareX's disposable file viewer, which allows users to open files in a cloud-based sandbox, eliminating the risk of executing malicious code on their own machines. Shourya also explains how the disposable file viewer integrates with other SquareX features, such as the privacy mode and download interceptor, to enhance security measures. He concludes by introducing SquareX's progressive web app, which enables users to open local files securely and conveniently. Key Takeaways: Traditional antivirus software and endpoint security systems work in a probabilistic way, making it difficult to determine if a file is truly safe.SquareX's disposable file viewer allows users to open files in a cloud-based sandbox, eliminating the risk of executing malicious code on their own machines.The disposable file viewer integrates with other SquareX features, such as the privacy mode and download interceptor, to enhance security measures.SquareX's progressive web app enables users to open local files securely and conveniently. Quotes: "Probabilistic models are not something we can 100% rely on." - Shourya Pratap Singh"You can open a file fearlessly in a very deterministic way without worrying much about if it's going to actually affect your computer or not." - Shourya Pratap Singh"SquareX brings these features for any normal person to use. Something like a sandbox is not something everyone would usually have access to." - Shourya Pratap Singh Socials and Resources: Get your free Chrome plugin: ⁠⁠http://sqrx.io/pw_x⁠⁠ ⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠ ⁠⁠https://twitter.com/getsquarex⁠⁠ ⁠⁠https://www.instagram.com/getsquarex/
Andy Robbins: The Evolution of Bloodhound
Dec 19 2023
Andy Robbins: The Evolution of Bloodhound
About The Guest:Andy Robbins is the Principal Product Architect at SpecterOps and one of the original 13 founding members of the company. He has a background in pen testing and red teaming and is the co-creator of Bloodhound, a popular open-source tool for attack path mapping in Active Directory environments. Summary:Andy Robbins, the Principal Product Architect at SpecterOps, joins host Phillip Wylie to discuss the evolution of Bloodhound, a tool for attack path mapping in Active Directory environments. Andy shares the origin story of Bloodhound and how it was developed to solve the problem of finding attack paths in complex environments. He explains the graph theory behind Bloodhound and how it visualizes data to help practitioners and defenders understand and mitigate security risks. Andy also discusses the recent release of Bloodhound Community Edition (CE) and the improvements it brings, including faster data ingest, query times, and a friendlier user experience. He highlights the focus on practical attack primitives and abuse primitives in Bloodhound and the goal of making attack paths a non-issue for organizations. Andy concludes by sharing valuable advice for those looking to advance in the industry, emphasizing the importance of understanding and solving real problems and being loyal to people rather than companies. Key Takeaways: Bloodhound is a tool for attack path mapping in Active Directory environments, using graph theory to visualize data and identify security risks.Bloodhound Community Edition (CE) brings improvements such as faster data ingest, query times, and a friendlier user experience.Bloodhound focuses on practical attack primitives and abuse primitives to solve real security problems and make attack paths a non-issue for organizations. Quotes: "If we give people an excellent experience for free, then enough of those people will choose to become paying customers that we have a viable business." - Andy Robbins"The industry as a whole is very young, but the capability of visualizing data problems and data security problems in this way is also relatively brand new." - Andy Robbins"We focus on attack paths or risk that emerges out of a combination of the mechanics of a system, the configurations of that system, and the behaviors of users or identities in that system." - Andy Robbins Socials and Resources: https://twitter.com/_wald0 https://twitter.com/SpecterOps https://specterops.io/ https://bloodhoundenterprise.io/ https://github.com/SpecterOps/BloodHound
Jason Downey: Semi-Pro Kickboxer Turned Pentester
Dec 12 2023
Jason Downey: Semi-Pro Kickboxer Turned Pentester
About The Guest: Jason Downey is a pen tester at Red Siege, a boutique pen testing firm. He has been in the industry for almost three years and specializes in network pen testing, social engineering, and physical assessments. Jason has a background in network administration and security, and he is passionate about sharing his knowledge and helping others in the industry. Summary: Jason Downey, a pen tester at Red Siege, joins the podcast to discuss his journey into the world of pen testing and the importance of networking and building relationships in the industry. He emphasizes the need for a strong foundation in networking fundamentals and active directory knowledge. Jason also shares his favorite resources for learning infrastructure pen testing and highlights the collaborative nature of the industry. Key Takeaways: Building a strong network is crucial in the information security industry and can open up opportunities for job prospects and knowledge sharing.Networking fundamentals and active directory knowledge are essential for successful pen testing, as most corporate infrastructures rely on these technologies.Specializing in a specific area of pen testing can be beneficial once you have a solid foundation and understanding of the fundamentals.Online resources such as Google, Hacktricks XYZ, and ired team can provide valuable information and guidance for learning infrastructure pen testing. Quotes: "The power of your network is crucial in the information security industry. It can help you bypass the traditional education, experience, and certification requirements." - Jason Downey"To break something, you have to know how it functions first. Understanding the fundamentals is key to successful pen testing." - Jason Downey"Active directory knowledge is mission critical in pen testing, as most companies rely on it for their infrastructure." - Jason Downey Socials and Resources: https://twitter.com/hackandbackpack
Jessie Bolton: Building Your Personal Brand and Networking in Cybersecurity
Dec 11 2023
Jessie Bolton: Building Your Personal Brand and Networking in Cybersecurity
About The Guest:Jesse Bolton is the founder of Bolt Resources, a cyber staffing and recruiting firm that focuses on workforce development and coaching. She is also involved in the North Texas ISSA and is passionate about advocating for the cybersecurity workforce. Summary:Jesse Bolton, founder of Bolt Resources, joins Phillip Wylie on the Phillip Wylie Show to discuss the importance of building a personal brand and networking in the cybersecurity industry. Jesse emphasizes the need for recruiters to go beyond simply matching candidates with job descriptions and instead focus on understanding the individual and their career goals. She also highlights the prevalence of ghost job postings and the importance of transparency in the hiring process. Jesse shares tips for avoiding burnout and retaining employees, including building authentic relationships and providing opportunities for growth. Key Takeaways: Building a personal brand and networking are essential in the cybersecurity industry.Soft skills, such as communication and self-awareness, are highly valued by hiring managers.Creating a portfolio of projects and sharing them on platforms like GitHub and LinkedIn can help candidates stand out.Employers should focus on building authentic relationships with their employees and providing opportunities for growth to retain talent. Quotes: "Networking is so important. It's not just about what people can do for you. Try to tap into that authenticity within and just be real." - Jesse Bolton"Your social score, your credibility, and how you treat people are important in the hiring process." - Jesse Bolton"Resumes are a piece of paper. Your social media presence and personal brand can have a bigger impact on your job search." - Jesse Bolton Socials and Resources: https://www.linkedin.com/in/cybertalentadvisor/ https://boltresources.net/ https://www.youtube.com/@CyberCareersCoffee
Be Fearless Online: Open emails without being tracked or hacked with SquareX
Dec 5 2023
Be Fearless Online: Open emails without being tracked or hacked with SquareX
About The Guest:Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security. Summary:Jeswin Mathai joins Phillip Wylie in this episode of the "Stay Fearless Online" series to discuss email safety and how SquareX can protect users from being tracked or hacked. They highlight the challenges individuals face in staying safe online, especially those who are not tech-savvy. Jeswin explains that SquareX's browser extension is designed to provide a better way to protect users by sitting on the browser and ensuring secure browsing. They demonstrate how email tracking works and how SquareX's Enhanced Privacy Mode can prevent tracking by blocking third-party images. The extension also offers a secure disposable file viewing environment for opening attachments safely. Jeswin emphasizes the importance of email security as an entry point for attackers and how SquareX aims to provide a user-friendly solution. Key Takeaways: SquareX's browser extension sits on the browser to provide better security for users.Email tracking can reveal information about the user's location, device, and IP address.SquareX's Enhanced Privacy Mode blocks third-party images to prevent tracking.The extension offers a secure disposable file viewing environment for opening attachments safely.Email security is crucial as attackers often target individuals through email. Quotes: "With SquareX, the idea is not to intrude in users' workflow, rather ensuring that we provide them a way with which they can do everything securely." - Jeswin Mathai"The moment you open a link, it will go ahead and reveal information about from where you are opening the email, the IP address information, similarly what device you're using. Now all of this information can be used to profile the user." - Jeswin Mathai Socials and Resources: Get your free Chrome plugin: http://sqrx.io/pw_x https://www.linkedin.com/company/getsquarex/ https://twitter.com/getsquarex https://www.instagram.com/getsquarex/