Byte Sized Security

Marc David

In a world where cyberattacks are becoming more commonplace, we all need to be vigilant about protecting our digital lives, whether at home or at work. Byte Sized Security is the podcast that provides snackable advice on cybersecurity best practices tailored for professionals on the go. Hosted by information security expert, Marc David, each 15-20 minute episode provides actionable guidance to help listeners safeguard their devices, data, and organizations against online threats. With new episodes released every Monday, Byte Sized Security covers topics like social engineering, password management, multi-factor authentication, security awareness training, regulatory compliance, incident response, and more. Whether you're an IT professional, small business owner, developer, or just someone interested in learning more about cybersecurity, Byte Sized Security is the quick, easy way to pick up useful tips and insights you can immediately put into practice. The clear, jargon-free advice is perfect for listening on your commute, during a lunch break, or working out. Visit bytesizedsecurity.com to access episodes and show notes with key takeaways and links to useful resources mentioned in each episode. Don't let cybercriminals catch you off guard - get smart, fast with Byte Sized Security! Tune in to boost your cybersecurity knowledge and help secure your part of cyberspace. read less
TechnologyTechnology
BusinessBusiness
NewsNews
EntrepreneurshipEntrepreneurship
Business NewsBusiness News

Episodes

Ep26: Cybersecurity Influencers Need to Do Better
Mar 14 2024
Ep26: Cybersecurity Influencers Need to Do Better
The Responsibility of Cybersecurity Influencers: A Call for IntegrityThis podcast addresses the issue of misinformation in the cybersecurity community, especially among influencers on platforms such as TikTok. The narrator emphasizes the importance of influencers conducting thorough research and providing accurate, evidence-based information rather than spreading myths or fear-mongering. They argue that cybersecurity influencers have an obligation to their audience to be reliable sources of information, citing examples such as unfounded fears about iOS updates and privacy. The podcast critiques the current state of cybersecurity discourse, where ease of content creation has led to an abundance of unverified information, comparing it unfavorably to the medical field where expertise is rigorously vetted. The narrator calls on influencers to improve their practices by doing proper research, citing sources, and understanding the real-world impact of their advice on data protection and security. Lastly, the importance of being discerning about the motives behind the information provided by influencers, including financial incentives, is highlighted as crucial for the audience's ability to trust the content they consume.00:00 The Call for Cybersecurity Influencers to Step Up00:45 The Dangers of Misinformation in Cybersecurity02:09 The Responsibility of Influencers: Research and Truth03:52 The Importance of Credibility and Trust in Cybersecurity Advice05:57 The Role of Influencers in Educating the Public Responsibly09:59 The Obligation of Cybersecurity Influencers to Provide Accurate Information12:46 Final Thoughts: The Impact of Responsible Influence---I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.----Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:Listen to Byte Sized Security --Support this Podcast with a Tip:Support Byte Sized Security --If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.
Ep23: Updated Google Cybersecurity Professional Certificate
Nov 19 2023
Ep23: Updated Google Cybersecurity Professional Certificate
Decoding Google Cybersecurity Certificate ProgramThe speaker discusses the Google Cybersecurity Certificate Program and its benefits for both experienced and new cybersecurity enthusiasts. The speaker discusses how you can get the program for free through libraries that offer Coursera, like the California state public library. No matter if you're already in the field and looking for a refresher course or entirely new to cybersecurity, the speaker finds the program commendable. They add that while it won't guarantee you a job, it does provide a structured learning path and a certificate that you can mention on your resume.Timeline:00:00 Introduction to Google Cybersecurity Certificate Program00:16 Who Should Consider the Program00:51 Benefits of the Program01:12 Comparing with Other Certifications02:32 How to Access the Program for Free03:11 Personal Experience with the Program03:26 Benefits for Existing Certification Holders05:31 Value of the Certificate for Job Seekers07:02 Final Thoughts and Recommendations---I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.--Sites Mentioned in this EpisodeGoogle Cybersecurity Certificate - The Google Cybersecurity Certificate program on Coursera--Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:Listen to Byte Sized Security --Support this Podcast with a Tip:Support Byte Sized Security --If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.Mentioned in this episode:YouTube Byte-Sized Security Channel
Ep21: How to Get Coursera Courses for Free
Nov 8 2023
Ep21: How to Get Coursera Courses for Free
I'll explain how to access Coursera courses for free with a public library card. This is possible for people living in specific states and cities like California, New York, Tennessee, Missouri, and Chicago. I'll share personal experience of using library resources to take an 8-module Google cybersecurity professional certificate course from Coursera for free, from which I earned CPE credits towards my CISSP renewal. I'll also mention the added bonuses of a library card, including access to Udemy, free WiFi hotspots, newspapers like New York Times, and more. I encourage listeners to explore this free route to improve their cybersecurity knowledge, saying a sign of curiosity and inquisitiveness, two qualities important to succeeding in cybersecurity.---I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.--Sites Mentioned in this EpisodeCoursera partners with the California State Library to launch free statewide job training program  - Coursera Blog - Check your local library's eLearning or Digital areas. Ask them if they can join if it's not listed. Coursera is free for the California State Library partner libraries including New York, Tennessee, Missouri, and the city of Chicago. --Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:Listen to Byte Sized Security --Support this Podcast with a Tip:Support Byte Sized Security --If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.
Ep20: LinkedIn Learning Free with a Library Card... And a Whole Lot More!
Nov 6 2023
Ep20: LinkedIn Learning Free with a Library Card... And a Whole Lot More!
Unlock Free Learning Resources with your Public Library CardIn this podcast, I will tell you how to access premium online learning resources like LinkedIn Learning, Udemy, and Coursera for free, simply by utilizing your public library card. Most people don't know that library cards can open doors to various resources, varying from library to library. However, most libraries in the U.S provide free access to LinkedIn's premium content. Plus you can gain access to Libby, an app allowing users to borrow a selection of audiobooks and ebooks. I want to stress the importance of taking advantage of available resources paid through taxes rather than spending additional money on courses and online platforms.00:00 Introduction to Free Access to LinkedIn Learning00:37 The Secret: Public Library Card00:57 How to Use Your Library Card for Online Learning01:33 Accessing LinkedIn Premium Content with Library Card02:12 Why Collect Multiple Library Cards02:27 Examples of Different Libraries and Their Offers02:49 Accessing Coursera with Library Card03:53 Additional Benefits of Public Library Card00:40 Steps to Accessing Online Learning Resources05:48 The Value of Public Library Resources07:23 Conclusion and Call to Action08:08 Accessing Mobile Hotspots with Library Card---I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.----Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:Listen to Byte Sized Security --Support this Podcast with a Tip:Support Byte Sized Security --If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.Mentioned in this episode:YouTube Byte-Sized Security Channel
Ep18: The Illusion of Expertise: Are YouTube's Security Gurus Really in the Trenches?
Oct 26 2023
Ep18: The Illusion of Expertise: Are YouTube's Security Gurus Really in the Trenches?
Show Notes for Byte-Sized Security Episode: "The Illusion of Expertise: Why YouTube's Security Gurus Aren't in the Trenches"In this eye-opening episode, host Marc David takes a critical look at the proliferation of self-proclaimed cybersecurity 'experts' on YouTube. We delve into the mechanics of content creation, the business model behind it, and the glaring gap of practical experience. Ready for a reality check? Tune in!📌 Timestamps00:00 - Introduction: The Fluff & Stuff of Cybersecurity YouTube Videos01:46 - Core Argument 1: The Content Mill03:25 - Core Argument 2: The Business of YouTube05:28 - Core Argument 3: Missing Practical Experience07:15 - Counter-Arguments: The Other Side of the Coin08:58 - Conclusion: A Byte-Sized Reality Check10:15 - Call to Action & Community Poll: How Do You Vet YouTube Cybersecurity Experts?🎯 Key TakeawaysExpertise ≠ Popularity: A large subscriber count doesn't necessarily make someone an authority in cybersecurity.Content Mills: The alarming rate at which some YouTubers churn out content may impact the quality and depth of their advice.Business Over Authenticity: Learn why monetization models can clash with the ethical considerations of cybersecurity.The Importance of Practical Experience: There's no substitute for hands-on, in-the-field know-how.🗳️ Community PollDon't forget to participate in our YouTube community poll: "How do you vet the credibility of a cybersecurity expert on YouTube?" Click here to vote!---I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.----Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:Listen to Byte Sized Security --Support this Podcast with a Tip:Support Byte Sized Security
Ep15: How I Got a Job in Cyber Security without Experience
Oct 10 2023
Ep15: How I Got a Job in Cyber Security without Experience
Getting a job in cybersecurity without direct experience can be challenging but not impossible. Here are some strategies to help you break into the field:Education and Certifications: Obtain foundational certifications like CompTIA Security+ and consider advancing to others like CISSP, CEH, or Cisco's CCNA Cyber Ops.Network: Attend cybersecurity conferences, seminars, and meetups. Engage with professionals and peers in events like DEFCON or platforms like Meetup.com.Internships and Entry-Level Positions: Pursue internships or related entry-level positions, such as IT support roles, to gain relevant industry experience.Projects and Portfolio: Establish a home lab, explore security tools, or conduct ethical hacking on systems where you have permission. Document and showcase your endeavors.Online Platforms: Engage in platforms like Hack The Box, TryHackMe, or participate in Capture The Flag (CTF) challenges to hone practical skills.Blogs and Publications: Write about cybersecurity topics to demonstrate your knowledge and passion for the field.Additional Training: Use platforms like Cybrary, Udemy, and Coursera to take courses in cybersecurity and further develop your skills.Soft Skills: Highlight your analytical, problem-solving abilities, and other vital soft skills that are in demand in cybersecurity roles.Transferrable Skills: Emphasize skills from previous roles or experiences that can be applied to a cybersecurity position.Stay Updated: Regularly update your knowledge on the latest trends, news, and threats in the cybersecurity domain.Further Education: Depending on your aspirations, consider pursuing degrees in cybersecurity or related disciplines.Seek Mentorship: Connect with industry professionals who can provide guidance, insights, and potential introductions.Volunteer Opportunities:Contribute to local non-profits, schools, or community centers by offering cybersecurity services or training.Use the experience to develop practical skills and expand your professional network.Highlight your dedication to the industry and community on your resume.Starting Your Own Business:Demonstrate your entrepreneurial spirit, initiative, and proactive approach.Gain hands-on experience by tackling real-world cybersecurity challenges for clients.Develop and hone both technical and business skills, such as client relations and project management.Establish credibility through success stories, case studies, or client testimonials.With a combination of these strategies, you can build a robust resume and gain valuable experience, positioning yourself effectively for a career in cybersecurity, even if you're starting without direct experience in the field.---I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.----Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:Listen to Byte Sized Security --Support this Podcast with a Tip:Support Byte Sized Security
Ep14: The Future of Authentication: Passkeys Explained
Oct 1 2023
Ep14: The Future of Authentication: Passkeys Explained
Episode Overview:In this episode, I had the pleasure of sitting down with Dr. Lillian Hartfield to discuss the transformative approach to authentication: Passkeys. We delved deep into what passkeys are, how they differ from traditional passwords, and the reasons behind their rising popularity.Key Discussion Points:Introduction to PasskeysDr. Hartfield provided a comprehensive overview of passkeys and their advantages over traditional passwords.The Problem with Current Password SystemsWe discussed the challenges users face with complex passwords and the security risks associated with password reuse.Enhanced Security with PasskeysDr. Hartfield shed light on how passkeys leverage public-key cryptography to offer a more secure authentication method.The Process of Creating and Using PasskeysWe walked through the user-friendly process of setting up and using passkeys for online authentication.Device and Platform Support for PasskeysDr. Hartfield highlighted the widespread adoption of passkeys across various devices and platforms.Password Managers and PasskeysWe touched upon the integration of passkeys in password managers, with a special mention of 1Password.The Future of PasskeysDr. Hartfield shared her insights on the potential of passkeys to replace traditional passwords in the near future.Episode Highlights:"Passkeys offer a more secure and user-friendly alternative to passwords." - Dr. Lillian Hartfield"Password managers like 1Password are evolving to support passkeys, ensuring users have a centralized, secure location for authentication." - Dr. Lillian Hartfield---I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.--Sites Mentioned in this EpisodeWhat are passkeys? Everything you need to know about the death of passwords--Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:Listen to Byte Sized Security --Support this Podcast with a Tip:Support Byte Sized Security
Ep12: The MGM Resorts Breach: Lessons Learned and Future Implications (Extended)
Sep 25 2023
Ep12: The MGM Resorts Breach: Lessons Learned and Future Implications (Extended)
Episode Overview:In this extended episode, host Marc David and cybersecurity expert Savvy Sharma delve deep into the recent cyberattack on MGM Resorts International. They discuss the tactics used by the attackers, the vulnerabilities exploited, and the cascading impact of the breach on MGM's operations.Key Discussion Points:Introduction to the MGM Resorts AttackOverview of the attack and its significance in the cybersecurity landscape.The Attackers and Their TacticsThe role of Scattered Spider and their use of social engineering.The exploitation of password reuse and the significance of multi-factor authentication.The Impact and AftermathThe deployment of BlackCat/ALPHV ransomware and its consequences.The financial and operational repercussions for MGM Resorts.Lessons Learned and Mitigation StrategiesThe importance of privileged access management (PAM) solutions.Strategies for improving multi-factor authentication (MFA) control.The significance of protecting Tier 0 assets and adopting best Identity Provider (IdP) practices.CyberArk Labs' TakeawaysThe commonality of attacking IAM platforms.The role of BlackCat/ALPHV in the attack.The importance of monitoring trust changes and staying updated on evolving cyber threats.Episode Highlights:"A series of mistakes ultimately led to one of the most visible and brand-damaging attacks in years." - Savvy Sharma"It’s crucial for organizations to continuously improve their security measures and follow best practices to protect themselves in today’s digital landscape." - Savvy Sharma---I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.--Sites Mentioned in this EpisodeThe MGM Resorts Attack: Initial Analysis--Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:Listen to Byte Sized Security --Support this Podcast with a Tip:Support Byte Sized Security
Ep10: Staying Cyber Safe While Traveling
Sep 21 2023
Ep10: Staying Cyber Safe While Traveling
In this episode, Marc David speaks with expert Amelia Thompson about staying cyber secure while traveling including:Using VPNs and avoiding sensitive logins on public WiFi to prevent eavesdroppingEnabling device tracking in case items are lost or stolen during transitStrengthening account login protections with multi-factor authenticationSetting travel notices on financial accounts to prevent fraudulent transactionsAvoiding phishing attempts by strangers when distracted in public spacesUpdating devices and backing up data in case of damage or theftCarrying temporary “burner” phones devoid of personal dataUsing mobile device management for securely configured company phonesRemaining vigilant about security while recognizing travel poses added risksFor more bite-sized cybersecurity tips, visit bytesizedsecurity.show or subscribe to the podcast. See you next time!---I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.--Sites Mentioned in this EpisodeEFF Border Search Pocket Guide | Electronic Frontier FoundationCyber-Safe Travel5 Cyber Safety Tips for Travelers and Digital NomadsCybersecurity Tips for International Travelers | Federal Communications CommissionCybersecurity While Traveling Tip Card8 cybersecurity tips to keep you safe when travellingHow To Keep Your Data Secure While Traveling | 1Password--Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:Listen to Byte Sized Security --Support this Podcast with a Tip:Support Byte Sized Security
Security Update: Urgent iOS Update Alert for iPhone Users
Sep 8 2023
Security Update: Urgent iOS Update Alert for iPhone Users
Attention iPhone users! Apple has just released an emergency update, iOS 16.6.1, which addresses two critical vulnerabilities that have been actively exploited in real-world scenarios. Here's what you need to know:The Flaws: The first vulnerability is associated with ImageIO, identified as CVE-2023-41064. This flaw could let attackers execute malicious code through a specially crafted image. The second vulnerability is linked to Apple's Wallet, labeled as CVE-2023-41061. This could allow attackers to execute code via a malicious attachment. Apple has confirmed that both these issues have been actively exploited.Real-Life Implications: These vulnerabilities aren't just theoretical. They've been used in real-life attacks to deploy spyware without any user interaction. Notably, the infamous Pegasus spyware, which grants attackers full access to iPhones, has been linked to these flaws. Citizen Lab, a security research group, discovered an exploit named "BLASTPASS" that compromised iPhones running iOS 16.6 without any user interaction.Why Update Now: Given the severity of these vulnerabilities, it's crucial to update to iOS 16.6.1 immediately. Even if you believe you're not a direct target, the more these flaws are known, the higher the risk of them being used maliciously. Independent security researcher, Sean Wright, emphasizes the importance of updating promptly. For those concerned about potential compromises, tools like iVerify can be used to check device security. Additionally, Apple's Lockdown Mode can be activated for those at higher risk, though it does limit device functionality.Broader Impacts: It's not just iPhones. The Wallet vulnerability is also present in Apple Watch, and the ImageIO issue has been addressed in a new Mac update. Ensure all your Apple devices are updated for maximum security.How to Update: Even if you've set your iPhone for automatic updates, it's recommended to manually check and update to ensure you have the latest protection. Navigate to iPhone Settings > General > Software Update and install iOS 16.6.1.Listeners, in the ever-evolving world of technology, staying updated is not just about getting the latest features; it's about ensuring your personal security. Always prioritize updates, especially those addressing security concerns.---I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.--Sites Mentioned in this EpisodeiOS 16.6.1—Update Now Warning Issued To All iPhone Users--Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:Listen to Byte Sized Security --Support this Podcast with a Tip:Support Byte Sized Security
Ep9: The 10 Best Password Managers of 2023
Sep 8 2023
Ep9: The 10 Best Password Managers of 2023
In this episode, host Marc David and cybersecurity expert Dr. Emily Thompson discuss the top 10 password managers for 2023. They delve into the pros, cons, and unique features of each, providing listeners with a comprehensive guide to choosing the right password manager.Key Highlights:Introduction: Recap of Episode 1, emphasizing the importance of using a password manager in today's digital landscape.Guest Introduction: Dr. Emily Thompson, a cybersecurity expert with over a decade of experience, adjunct professor at MIT, and a frequent speaker at international conferences.Master Password Tips:Importance of a strong master password or passphrase.Tips sourced from NIST's Digital Identity Guidelines and the SP 800 63 series.Recommendations on password length, complexity, avoiding personal information, and more.Top 10 Password Managers:LastPass: Popular choice with user-friendly interface, cross-platform support, and unique “Security Challenge” feature.Dashlane: Offers VPN integration, dark web monitoring, and an identity dashboard.1Password: Ideal for families, with features like travel mode and watchtower.Keeper: Known for biometric login and a self-destruct feature.Bitwarden: Open-source option with data import capabilities.NordPass: From the makers of NordVPN, offers OCR scanning and password health checks.RoboForm: Not just a password manager, but also a form filler.Enpass: Offers offline access and a one-time purchase model.Sticky Password: Known for USB portability and local Wi-Fi syncing.Password Boss: Features a digital wallet, emergency access, and a security score.Notable Mention:Proton Pass: From the Proton team, offers end-to-end encryption, hide-my-email aliases, and acts as an identity manager.Closing Remarks:A reminder of the importance of digital security and the role of password managers in safeguarding online identities. Please review the research links below for more information regarding the LastPass breach.---I do hope you enjoyed this episode of the podcast. Here are some helpful resources, including any sites that were mentioned in this episode.--Sites Mentioned in this EpisodeLastPass Review 2023: Is It Still Safe to Use? | CybernewsProton Pass: Open Source Password Manager App | Proton - Not sure about LastPass? Check this one out.Security Incident March 2023 Update & Actions - LastPassExperts Fear Crooks are Cracking Keys Stolen in LastPass Breach – Krebs on SecurityThe Best Password Managers for 2023 | PCMagThe 10 best password managers of 2023: Top choices tested by our experts - CBS News--Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:Listen to Byte Sized Security --Support this Podcast with a Tip:Support Byte Sized Security
Ep8: Securing Your Credit Reports and Freezes
Sep 6 2023
Ep8: Securing Your Credit Reports and Freezes
In this episode, Marc David speaks with credit expert Olivia Chen about best practices for safeguarding your credit reports and identity including:Placing credit freezes with Equifax, Experian and TransUnion to restrict new account openingsLifting freezes temporarily when applying for new credit using your PINFreezing children’s credit reports until they are old enough to manage creditChecking your credit reports annually for signs of fraudulent activityReviewing reports to verify personal info and watch for unauthorized accountsDisputing fraudulent charges, closing accounts and reporting identity theftPutting freezes and monitoring in place proactively even if not breach impactedMaking credit protections part of your regular financial security regimenFor full episode recaps and cybersecurity tips, visit bytesizedsecurity.show or subscribe to the podcast. See you next time!---I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.--Sites Mentioned in this EpisodeIdentityTheft.gov - Recovery Steps - Hopefully you won't need this resource but if you do or you know somebody who needs help with Identity TheftAnnual Credit Report.com - Home Page - The free way to request your credit report, annually, from the big agenciesCredit Freeze | Freeze My Credit | TransUnionSecurity Freeze | Freeze or Unfreeze Your Credit | EquifaxHow to Freeze Your Credit For Free - ExperianFree credit freezes are here | Consumer Financial Protection BureauWhat To Know About Credit Freezes and Fraud Alerts | Consumer AdviceHow To Freeze Your Credit With Experian, Equifax and TransUnion - This article from Clark Howard provides excellent guidance on how to freeze and unfreeze your credit with the three major credit bureaus to prevent identity theft.--Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:Listen to Byte Sized Security --Support this Podcast with a Tip:Support Byte Sized Security