PODCAST

Hacker Valley Blue

Hacker Valley Media

Exploring the defensive side of cybersecurity through the eyes of the experts and innovators in the space.
Start Here
Hacker Valley Blue: Know Thyself Finale
Hacker Valley Blue: Know Thyself Finale
This is the finale of Know Thyself. What an incredible journey, we feel like this entire experience flew by so fast, we got to talk to so many incredible people about knowing yourself, knowing your team, knowing your tech stack, knowing your environment, and even knowing your story. Make your organization better make your security posture better, strive for impact, what are the most high leverage things that you can do today to make everybody's lives easier, or more safe, and then yield the feedback, there might be some things that you might be missing, you might need to ask questions, ask for feedback, get some information from your stakeholders, what what are you thinking about that I might not be thinking about? asking these different things is how you know thyself. And this is how you get to know the people that are around you, your peers, your stakeholders, the more knowledge you have got started with that Sun Tzu quote, in the very beginning of the podcast, if you know yourself and you know your enemy, you need not fear the results of 100 battles. So if you really understand yourself, and you have good threat intelligence, understanding the externals, you have good vulnerability management that understands the externals and the internals, if you mash all that information together, I think you'll be able to do great things with your cybersecurity program.   Key Takeaways 0:02 Introduction to the show 0:49 Our Sponsor, Axonius  2:09 Welcome back 2:31 Reflecting on Know Thyself 3:17 Recap This Seasons Guest 3:22 Marcus Carey 4:17 John Strand 5:05 Aaron Reinhart & Jamie Dixon 5:54 Chaos Engineering 7:12 Lenny Zeltser, asset inventory 7:54 Kevin Allison, Storytelling is a soft skill 10:19 John Strand 12:13 Can we do better? 13:54 What kind of leader are you? 14:26 Do you have unsupported devices? 17:34 Ask yourself these questions 13:33 Go back to the EASY Framework 21:50 Learning 23:29 Exploration 24:00 Immersion 27:28 Reach Hacker Valley   Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Supported by Axonius
Oct 18 2021
28 mins
Understanding Your Story with Kevin Allison
In this masterclass of HVB season 2 we brought in a master story teller in Kevin Allison. The biggest thing is to get a person to understand, don't just summarize, don't just walk us through a Wikipedia like where you're just giving us a broad overview. And you're explaining; it’s important to remember sensory details that will help us see almost like movie scenes, what was happening between people. That is what brings the story alive. So that's a good case right there where the bones of the story were incredible. Like that's just on paper and an incredible overview of a story, but it's not going to work unless you can fill in all those sensory details that bring it alive and make it emotional for us. Storytelling is a soft skill that offers the ability to contextualize cybersecurity in a manner that any organization can understand to allow their business to stay safe.   Key Takeaways:   0:00 Previously on the show 2:37 Kevin introduction 3:20 Episode begins 3:39 Where Kevin is today 7:58 Kevin’s origin story 12:04 Cybersecurity is performing 17:08 Storytelling for business 21:00 Engineering a story 26:12 Authentic storytelling 34:54 Speaking isn’t perfect 41:02 Where to find Kevin   The Story Studio RISK!: True Stories People Never Thought They’d Dare To Share RISK! Podcast Twitter Facebook Instagram Risk Show Podcast Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius
Oct 18 2021
42 mins
Understanding Where You Are with John Strand
If want to get into computer security, you're going to learn to love it, you're going to have to be successful, because a lot of computer security isn't just about bits and bytes, it's really about effectively communicating what needs to be done to the right people. In this episode we have the incredible John Strand. Organizations need to become more proactive, and see where those weak spots are to protect themselves from something like ransomware. You need to run a pen test because you can have somebody literally launch those attacks, and identify those weaknesses in those vulnerabilities before the bad people do. What's the gap that we can all learn from? It's passwords. By and large for most users, passphrases are the way to go. And, multi-factor authentication is actually a very sound strategy. If you look at one key tenant of computer security, complexity is the enemy of computer security. And security is constantly trying to catch up and protect against yesterday's attacks. So, the future is more connected, it's more complicated. And the problem is, we still have people that use weak passwords, we still have people that click on links from strangers. And ultimately, when we're looking at that future, you're going to see the exact same problems that we've always had complicated on a much, much, much, much, much larger scale. As things get more and more pushed to the cloud. There'll be no shelter here, the front line is everywhere. World of computer security.    Key Takeaways: 0:00 Previously on the show 2:02 John introduction 2:44 Episode begins 2:47 What John is doing today 3:45 John’s core tenets 5:51 How pen testing is “Blue” 6:17 Why understanding fundamentals matters 8:55 Ransomware 10:41 Organizations need to be prepared 11:58 Password gap 13:37 Password philosophy 17:07 Multi-factor authentication 21:40 What to do today 24:24 New problems 26:44 Learn your own network 28:26 Where to find John   John Strand on Twitter John Strand on LinkedIn Black Hills Information Security Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius
Oct 18 2021
29 mins
Learning Through Chaos Engineering with Aaron and Jamie
In this episode, we brought in two exceptional guests that are no stranger to chaos. In fact, they've identified ways to engineer for chaos. In the studio, we have Aaron Rinehart, CTO, and founder at Verica. We also have Jamie Dicken, former manager of applied security at Cardinal Health and current director at Resilience. These two are also authors of Security Chaos Engineering. If you haven't read that book it's already out, you should check it out.  Chaos engineering is the technique of introducing turbulent conditions into a distributed system to try to determine the conditions that cause it to fail before it actually fails. So they simplify it. What we do with chaos engineering is learn about the system without experiencing the pain of an outage or an incident. You learn to trust your gear by testing. The biggest impact really came once we understood how security chaos engineering fits into the bigger security picture. It's not about just being a part of the latest and greatest techniques and having the excitement of doing something that's cutting edge, but security chaos engineering at the end of the day. It's useless unless what you've learned drives change.    Key Takeaways: 0:00 Previously on the show 1:40 Aaron Rinehart and Jamie Dixon introduction  2:08 Episode begins 2:59 What Jamie and Aaron are doing today 3:13 What Jamie is doing 4:13 What Aaron is doing 5:00 Discuss chaos engineering 9:26 Importance of chaos engineering 10:16 Myths of chaos engineering 12:55 Chaos engineering customer impacts 17:34 Learning to trust the test and end result 19:03 Reader and customer feedback 22:21 Chaos engineering gone wrong 27:39 Implementing change in cybersecurity 28:11 Building a team of experts 39:08 Getting involved in chaos engineering  41:09 Tools for listeners 43:25 Keeping up with Aaron and Jamie     Aaron Rinehart on Twitter aaron@verica.io Jamie Dicken on Twitter Verica on LinkedIn Verica Free Book  Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius
Oct 18 2021
44 mins
Mastering the Fundamentals with Lenny Zeltser
In this episode, we brought back our good friend Lenny Zeltser.  Lenny is Chief Information Security Officer at Axonius.  He's developed a mindset of looking at security components as building blocks to create a holistic security environment. To this day, even while operating as an executive, he has wisdom that anyone can learn from. Quite often, the less sexy aspects of information security are ignored, when in reality, you need to understand what resources you're supposed to protect, which assets are compromised, and the infrastructure for your organization.  People jump right into fighting the big fires, and as you know, there is a reason why there are so many day-to-day urgent activities.  To start moving in a positive direction, Lenny shares this advice, “Understand what the major data sources you can tap into rather than thinking ‘let me create this one new way of serving everything I have are.’”  The information is there. Think about three sources of information that might get you the biggest bang for the buck!   Key Takeaways:   0:00 Previously on the show 1:40 Lenny introduction 2:05 Episode begins 3:10 What Lenny is doing today 5:35 The evolution of Lenny’s career 8:30 Parallels between beginning and now 10:38 Journey and growth of REMnux 13:00 Challenges Lenny has faced 15:21 Collaboration surprises 17:18 Horror stories 20:18 Enforcing policies 23:34 Asset management 26:08 New tech and trends 28:45 Biggest discovery about self 32:38 Advice for others 34:24 Keeping up with Lenny     Links: What Lenny Does Lenny on the Web Follow Lenny on Twitter Lenny on LinkedIn Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius
Oct 18 2021
35 mins
Essentials for Cybersecurity with Chani SimmsBeing the Charles Xavier of Cyber with Marcus Carey
Know thy organization is key! Wise words from the powerful Marcus J. Carey.  Don’t be afraid to admit the bad stuff and be honest about the situation.  Most of the time people get fired because they are scared to admit the failure.   You have to build a tight network of people you trust who will be brutally honest with you.  You need those people who are going to tell you the truth.  Other people will see your superpowers before you do. Superman didn’t know he was different, but others saw the differences and the strengths he didn’t even realize he had.  Always pay attention to how people react to what you do, then you will figure out what you are really good at.  We over emphasize what we suck at and ignore what we are good at.  Don’t do that. You need to understand how amazing, awesome and beautiful you are.  Double down and double down hard.  Do not be afraid to show your talents and be confident in your superpower.   In security, there is a role for everybody.   Key Takeaways:   1:40 In this episode 2:12 Welcome 3:40 Marcus background 4:57 What lead Marcus to cyber 7:09 Self discovery 9:48 Creations and inventions 14:22 Gathering and retaining information 17:53 Auxiliary skill 21:35 Abilities and mission 25:26 Overlooked areas 31:44 Advice to others 35:41 Staying up-to-date with Marcus   Links:   Marcus on Twitter   Marcus' Books on Amazon Marcus on LinkedIn Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius
Oct 18 2021
36 mins
Hacker Valley Blue: Know Thyself
Welcome to Hacker Valley Blue Season 2 “Know Thyself”. Instead of focusing on the enemy – threat intelligence and environment, we are focusing on knowing yourself and security stack. You need to know the business, but also the fundamentals of security landscape. Without the fundamentals, you cannot reach the level of success you desire. Getting laser sharp on computer networks and how computers speak to each other. Without understanding how each of the pieces work together, you cannot make strategic decisions. We have many guests this season that will teach more about the fundamentals. Stop ignoring the fundamentals and find synchronicity among your team. Building this team makes an impact for the business. You will have positive outcomes. Stop sweeping the issues under the rug to make better decisions. Cybersecurity is a lot like playing a game of chess using pieces, policies, and guidelines.  Opponents use the same things but don’t play by the rules.  You continually must up your game and face the opponent who isn’t playing fairly.  Knowing business, team, story and self is so important and that is what is coming up on the rest of the season.     Key Takeaways   0:00 Welcome 2:00 Kick-off 3:13 The fundamentals 5:46 How do you get people excited? 7:07 Making an impact on a business 8:43 Where does one begin to know thyself 10:32 Formula 1 analogy 12:32 Leadership 16:00 Superpowers 19:38 Three Rs of memory 24:58 Chaos engineering 27:56 The brother’s trip 30:11 Stepping into unknown 31:15 Play at work 32:00 Season recap   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter This entire season is sponsored by Axonius
Oct 18 2021
33 mins
Hacker Valley Season One Finale
In this episode of the Hacker Valley Studio podcast’s Hacker Valley Blue series, Ron and Chris wrap up the season with a recap of its past episodes and major takeaways, as well as a look at what’s to come for them personally and for the podcast. Looking back on the season, Ron and Chris consider the importance of communication in the field of threat intelligence, specifically thinking of insights from their talk with D’Arcy and lessons in poetry and delivery from Valentina.  They cover the surprise of Jack’s willingness to share personal thoughts, review their discussions of bias (specifically highlighting talks with Jon and Susan), and recount things learned about the concept of unhackability. Listeners will hear about the inevitability of mistakes in threat intelligence work, the “easy button” framework, the season theme of sharpening oneself outside of work, and the dynamic of a threat intelligence team.   0:47 - Ron and Chris talk about the importance of communication in the field of threat intelligence. 2:56 - What was one surprise in this season? 3:52 - The hosts review their conversations about bias. 6:55 - The episode turns to the “easy button” framework and the need for personal sharpening outside of work. 16:15 - Ron and Chris consider the inevitability of analysts missing things and the building of a team. 20:22 - What is the future of threat intelligence for Chris and Ron? 27:50 - The hosts review their insights about the possibility of an unhackable device or app. 29:43 - What is next for the Hacker Valley Studio podcast?   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about RiskIQ
Oct 18 2021
35 mins
Speaking Intelligently with D’Arcy Webb
Ron and Chris host their vocal coach, D’Arcy Webb, for this episode of the Hacker Valley Studio podcast’s Hacker Valley Blue series.  Since threat intelligence is a communications-based function, Ron and Chris look to “The Speech Diva” for insight.  She has experience as an actress, was a coach for TEDxCambridge, and loves teaching people how to access the power of language to touch people’s hearts and change their minds. As the conversation begins, D’Arcy explains her background to listeners.  She explains how an acting incident early in her career turned her attention to the topic of vocals, and clarifies that she has spent the last 25 years teaching and exploring this aspect of performance.  D’Arcy is passionate about treating the voice as the instrument that it is, and she works with students such as Chris and Ron to help them discover the musical and magical components to language and improve their own speaking practice.  The way we speak, she insists, impacts people, and so it is well worth pursuing excellence in this area.   1:29 - Listeners are introduced to D’Arcy. 4:35 - The group considers Ron and Chris’s progress in speech. 6:08 - D’Arcy believes that magic and music are inherent in language. 8:48 - Who are D’Arcy’s favorite speakers, and what is the value of pauses? 12:03 - People wanting to grow need to learn the fundamentals. 17:05 - D’Arcy addresses filler words. 19:31 - The group thinks about comfortable technique, Pablo Neruda, onomatopoeia, and more. 27:52 - D’Arcy speaks to the power of speech and the importance of proper breathing.   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about D’Arcy Webb Connect with D’Arcy on Facebook Email D’Arcy at darcy@darcywebb.com Learn more about our sponsor RiskIQ
Oct 18 2021
33 mins
The Business of Threat Intelligence with Brandon Dixon
This episode of the Hacker Valley Studio podcast’s Hacker Valley Blue series is a bit unique.  It features Brandon Dixon, the VP of Strategy at RiskIQ, a major sponsor of the podcast.  Brandon co-founded Passive Total in 2014, and it was later purchased by RiskIQ.  He is the quintessential guest, invested in fitness, philosophy, tech, and leadership.  He is an expert in both the practice and business of threat intelligence, and he shares with Ron and Chris about himself, his work, and the field. Much of the conversation focuses on Brandon and his work background.  Brandon explains his journey into the threat intelligence field, from his early interest, through jobs in tech and academia, and to work in espionage research.  Eventually, he and friend Steve McGinty saw a need and tried to solve it; their efforts took shape in the company they co-founded, Passive Total.  Brandon explains to listeners the process by which he and Steve created Passive Total, as well as the way in which they arrived at the deal to sell Passive Total to RiskIQ.  Brandon was heavily involved in the integration of Passive Total into RiskIQ, before eventually settling into a specific role within RiskIQ that capitalizes his love of the business side of the field.  He aims to work in light of his personal philosophy on life and success, which he also details.   0:26 - The conversation begins with an introduction to this unique episode, its guest, and his background. 2:43 - The group considers the changing business of threat intelligence and what drives Brandon. 8:24 - The next topics are bias and intelligence collection, as well as what surprises Brandon. 13:00 - Brandon shares the story of Passive Total and its integration into RiskIQ, also addressing the business side of the field and lessons learned through his experience. 24:04 - Brandon addresses intelligence leads and the question of unhackability. 34:44 - What is Brandon’s philosophy on life and success? 39:37 - Brandon explains what threat intelligence leaders need to do to improve their programs.   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Follow Brandon on Twitter Learn more about our sponsor RiskIQ Follow RiskIQ on Twitter Connect with RiskIQ on YouTube
Oct 18 2021
43 mins
Global Threat Intelligence with Susan Peediyakkal
This episode of the Hacker Valley Studio podcast is the fifth installment in this first season of the Hacker Valley Blue series, and features guest Susan Peediyakkal, an expert in building threat intelligence programs.  Susan is a cyber threat intelligence consultant, the founder of BSides Sacramento, and a member of the advisory boards for several cybersecurity companies.  She joins hosts Ron and Chris to speak to her background, the future of threat intelligence, and much more. Susan first details her background, running through the highlights of her approximately 16 years in cybersecurity, which have focused mostly on threat intelligence.  Susan began her career in the air force, and is still a reservist.  She worked with radar, and eventually decided to cross-train and branch into IT.  The following years saw her in a number of roles with various organizations, and move decisively into the threat intelligence field.  Eventually, Susa noticed that her career trajectory was moving her toward building threat intelligence programs for government entities.  She built programs for such varied clients as the government of Abu Dhabi, USPS, US courts, and industry leaders.  She recently paused her work to pursue further education, but has since returned to work as a threat intelligence practitioner.   1:40 - Listeners are introduced to the episode and today’s guest, Susan Peediyakkal; Susan then shares her background. 5:41 - The group considers the importance of community, misconceptions Susan has noticed about her field, and the artistry and human element of threat intelligence. 16:02 - What kind of bias is Susan running into, and where do analysts go wrong with regard to bias? 21:38 - Susan addresses the term “unhackable.” 24:35 - Susan and her hosts turn to matters of podcasting, voice, and speaking. 31:40 - What do people outside the field get wrong about it? 33:48 - What’s the future look like for Susan, her field, and the workforce?   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Follow Susan on Twitter Connect with Susan on LinkedIn Learn more about the episode sponsor, RiskIQ
Oct 18 2021
40 mins
Chasing Bad Actors with Jon DiMaggioHunting Intelligently with Valentina Palacín
In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris welcome Valentina Palacín for the third episode in the Hacker Valley Blue series.  Valentina is a threat hunter who used to work as a translator, and she is currently a senior cyber threat intelligence analyst.  She joins Ron and Chris to talk about her background in languages, poetry and the impact of words, and much more. As the conversation gets underway, Valentina explains her background to listeners.  She studied translation before starting her career in that field, but transitioned to information technology about two years ago.  In her free time, she researches threat hunting in her home country of Argentina.  It was challenging for Valentina to change her career path, since she had no background in computer science, but she took multiple steps - working in web development, learning to do programming, taking courses, and more - ultimately becoming a threat intel analyst and speaker.  Though the journey was difficult, Valentina feels she was born to work in her current field, and has found her past experience, including knowledge of over 7 languages, to be helpful in her work.   1:38 - Listeners are introduced to Valentina, her background, and her challenging process to enter into the large intel community in Argentina . 5:24 - Did knowledge of language impact Valentina’s threat intelligence work? 7:55 - Valentina shares about her programming experience and details her journey into threat intel. 14:23 - What are Valentina’s thoughts about MITRE and the relation between intelligence and threat hunting? 18:06 - The group considers how to keep up with changes in the field, and acknowledges that threat intelligence will not catch everything. 22:48 - One thing that Valentina is passionate about pursuing is hobbies outside of work. 27:56 - Does poetry help with threat intelligence work? 32:53 - The conversation turns to Valentina’s community, focusing on BlueSpace Security.   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Connect with Valentina Palacín on Twitter Connect with Valentina on LinkedIn Learn more about the episode sponsor, RiskIQ
Oct 17 2021
36 mins
Seeing the Dark Side of the Internet with Jack Rhysider
Fan-favorite Jack Rhysider of the Darknet Diaries podcast joins Hacker Valley Studio hosts Ron and Chris for the second episode of Hacker Valley Blue! Jack joins the show again during an ideal season - one focused on threat intelligence - and this episode will focus on Jack’s past in the field of threat intelligence, as well as on a major issue faced daily by analysts in the field: that of managing bias. As the conversation begins, the group focuses on threat intelligence and Jack’s work in the field.  Jack has been pouring himself into his own podcast, leaning into the fact that threat intelligence is a form of knowing what has happened in the past by his sharing of stories.  Jack explains what has surprised him recently in his work, how he maintains a sharp sense of focus, and what sort of continuity he sees between the news-sharing of his current role and a more formal practitioner role within the field of threat intelligence.  Jack’s podcast work necessitates practical skill in his field, and demands an ability to share complex concepts through simple expression. 1:40 - Listeners are introduced to Jack and the episode ahead. 4:13 - How is Jack currently thinking about storytelling? 8:40 - The group dives into some topics related to Jack’s work: his focus and need for practical skill. 12:37 - The conversation turns to the subject of bias. 28:28 - What is Jack doing for research today, and how does he navigate technical questions of storytelling? 36:35 - Finally, Jack and his hosts turn to considerations of personal privacy.   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about Jack Rhysider Follow Jack on Twitter Learn more about Darknet Diaries Learn more about the episode sponsor, RiskIQ
Oct 17 2021
38 mins
Exploring Threat Intelligence
Hosts Ron and Chris welcome you to today’s episode! This episode of Hacker Valley Studio is the start of a new season, Hacker Valley Blue, a series dedicated to threat intelligence, exclusively for listeners. The episode begins with Ron and Chris sharing their backgrounds in threat intelligence and cybersecurity. Chris picked intelligence as his job field in the United States Marine Corps, and eventually went on to The National Security Agency and United States Cyber Command. He focused on the how, who, and what of all the cyber-attacks happening at the time. Chris then went on to create his own company, and do consulting work in threat intelligence for over a decade. Throughout the episode, you will hear about what threat intelligence can do for businesses. Ron and Chris discuss how analysts can build rapport with the employees and stakeholders using their intelligence, and what questions companies should ask of analysts for the best results. They do this by walking listeners through Chris’ EASY framework. 1:07 - The new season of Hacker Valley Blue is introduced. 3:43 - Chris shares his background in intelligence. 6:15 - Ron shares his background in intelligence 11:43 - What can threat intelligence do for an organization? 17:50 - The EASY Framework 18:41 - Elicit Requirements 21:40 - Asses Collection Plan 26:03 - Strive for Impact 30:24 - Yield the Feedback Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about the episode sponsor, RiskIQ
Oct 17 2021
41 mins

0:00