A long time in the making, this episode on the importance of User Awareness may just be the most important episode we’ve released so far. Kevin Pentecost and Jason Popillion are security veterans and Certified Information Systems Security Professionals (CISSPs) who know their way around a good User Awareness Training program having personally trained in classroom led environments as well as fostered and matured their own corporate training programs over their years as Cybersecurity managers. Join us as the duo delve into the critical topic of Cybersecurity User Awareness. With their wealth of experience, they provided invaluable insights and practical advice on how individuals can protect themselves against evolving cyber threats. They emphasize that user awareness plays a pivotal role in defending against cyber threats. They highlight the fact that attackers often exploit human vulnerabilities and trick individuals into compromising their own security. By enhancing user awareness, people can become more proactive in recognizing and responding to potential threats. A key role is understanding that just like every technical control, YOU are a critical layer of defense both in your personal life, and in your corporate environment. We take a look at the prevalence of social engineering attacks, which manipulate human psychology to deceive individuals into divulging sensitive information or performing harmful actions. We explain common tactics such as phishing emails, vishing calls, targeting spear phishing, CEO Spoofing, and many other non-email related social engineering tactics. To counter these threats, they recommend adopting a skeptical mindset, scrutinizing unexpected communications, and verifying the authenticity of requests before taking any action. Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MPCS, MCSE, CCA, ITIL-F and serves as a Information Security Director for a Manufacturing company.     DOWNLOADS: PRINT and HANG this on your Wall:  Printable Version of the Cyber Distortion Podcast “Red Flags” PDF CyberDistortion Blog: https://cyberdistortionpodcast.com/ CyberDistortion Swag Shop: https://cyberdistortionswag.shop/

HE’S BAAAAAAACK!! In this episode, we RE-visit with our very first guest, Benjamin Hall. Ben has served as a virtual CISO, and serves as Sr. Information Security Consultant at Heartland Business Systems. With experience in Governance, Risk, and Compliance, Ben has worked in several industries including Banking, Finance, Insurance, and Healthcare. He is a Certified Information Systems Auditor (CISA), a Certified Data Privacy Solutions Engineer (CDPSE), and a HITRUST Certified Common Security Framework Practitioner (CCSFP).  He is skilled in DR (Disaster Recovery), BC (Business Continuity), IR (Incident Response), Documentation, Risk Management, Business Development, and Information Security. To say Ben is qualified to tackle this very challenging topic is frankly, an understatement! It was our extreme pleasure to have Ben back to join us as we provide helpful tips on what YOU need to do to address third-party risk for your company. Join Kevin and Jason as they touch on some hard-hitting questions around risk and how to tackle some of the challenges that come with managing your due care and due diligence as it relates to outsourcing, and partnering with companies outside of your own 4 walls. Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MPCS, MCSE, CCA, ITIL-F and serves as a Information Security Director for a Manufacturing company.     CITATIONS: Heartland Business Systems: https://www.hbs.net/ Mark Cuban Interview with Credit-Suisse.com: https://www.credit-suisse.com/about-us-news/en/articles/news-and-expertise/mark-cuban-data-is-the-new-gold-201706.html

In this MUCH anticipated follow-up to our episode 003 on AI an ChatGPT, expect more mind-numbing and terrifying facts about this incredible new technology! Kevin and Jason wrap up their discussion with Justin “Hutch” Hutchins, a true pioneer in the field of AI and it’s social impact in the world of Cybersecurity and beyond. The sole purpose of this episode is to touch the topic of AI and open your mind as to how you need to be thinking about it. How might AI intermingle with the world of Cybersecurity? Is this whole thing just another over-hyped topic that will fade away in a few years, or is it here to stay? Take a seat and ride along with the boys as they delve into this topic with a true subject matter expert in the field of hacking and AI and see what he has to say. We don’t think, we KNOW this one is going to blow your mind!   CITATIONS: 10 Wonderful Examples of Using Artificial Intelligence (AI) for Good: https://www.forbes.com/sites/bernardmarr/2020/06/22/10-wonderful-examples-of-using-artificial-intelligence-ai-for-good/?sh=335e084f2f95 Justin’s posts and conference talks can be found here on his “Sociosploit” blog: https://www.sociosploit.com/ Interested to find out more about the OpenAI ChatGPT project? https://openai.com/blog/chatgpt Are you more interested in AI Generated Imagery?: Try out… -          Midjourney AI Artwork -          https://www.midjourney.com/home/?callbackUrl=%2Fapp%2F -          Bluewillow AI Artwork -          https://www.bluewillow.ai/ Joe Rogan interviewing Elon Musk on AI: https://www.youtube.com/watch?v=Ra3fv8gl6NE   Amazing YouTube Video from Digital Engine on AI today: https://www.youtube.com/watch?v=J6Mdq3n6kgk

What in the world does AI and ChatGPT have to do with Cybersecurity? Well, this episode is going to answer that question for you, and so much more!! In today’s exciting episode, Jason and Kevin discuss the incredible world of AI with special guest and white hat hacker extraordinaire, Justin “Hutch” Hutchins. The sole purpose of this episode is to touch the topic of Ai and open your mind as to how you need to be thinking about it. How might AI intermingle with the world of Cybersecurity? Is this whole thing just another over-hyped topic that will fade away in a few years, or is it here to stay? Take a seat and ride along with the boys as they delve into this topic with a true subject matter expert in the field of hacking and AI and see what he has to say. We think this one might just blow your mind!   CITATIONS: Justin’s posts and conference talks can be found here on his “Sociosploit” blog: https://www.sociosploit.com/ Interested to find out more about the OpenAI ChatGPT project? https://openai.com/blog/chatgpt Are you more interested in AI Generated Imagery?: Try out… -        Midjourney AI Artwork -        https://www.midjourney.com/home/?callbackUrl=%2Fapp%2F -        Bluewillow AI Artwork -        https://www.bluewillow.ai/ Joe Rogan interviewing Elon Musk on AI: https://www.youtube.com/watch?v=Ra3fv8gl6NE   Amazing YouTube Video from Digital Engine on AI today: https://www.youtube.com/watch?v=J6Mdq3n6kgk

In this exciting second episode of the new season, we’re offering up a buffet of delicious options to feast your incessant little cybersecurity appetites on! BREACHES We start by spending time on 5 of the top breaches that took place in 2022, but shift into some real world thoughts and ideas on what concepts could have helped in preventing those types of breaches. FRAMEWORKS Jason and Kevin dig deep into their CISSP bag of tricks to discuss cybersecurity frameworks and do a bit of a shallow dive into NIST, and then migrate into the CIS Top 18 cyber controls for effective cyber defense. GAP ASSESSMENTS and MATURITY ASSESSMENTS The guys hit on two very important aspects of how to leverage a framework for your business, for both analyzing your security overlap and your gaps. Then, they take a look at how you can use that same framework to monitor growth and maturity over time. They use hypothetical company ‘XYZ Company’ to show real-world examples of gap matrices and maturity matrices. These types of critical elements in your security program are items that should be assessed annually or even more frequently. A LOOK AT KPIs The guys move from leveraging the frameworks into looking at KPIs (Key Performance Indicators) and how you can pull KPIs from your controls to determine if you controls are actually working for you! What good is a robust framework if you can’t measure its success? 3RD PARTY RISK Lastly, the guys take a look at the importance of 3rd-party risk and how your partners, customers, vendors, and joint ventures might play a part in your overall security posture. Not only how they play a part, but WHAT you can do to take actionable steps around 3rd party risk. This one is VERY action packed and we cover a lot of ground. Jump on the rollercoaster as we hit ALL the rides in the cyber theme park on this one!   CITATIONS: All about the NIST Cyber Framework https://www.nist.gov/cyberframework CIS Top 18 Cyber Controls https://www.cisecurity.org/controls/v8 Training for using the Frameworks offered by SANS https://www.sans.org/blog/cis-controls-v8/ YouTube Training Videos on each of the 18 Controls https://www.youtube.com/@TheCISecurity https://www.youtube.com/watch?v=pGZViAZlg1k&list=PLpNN1VAyNhovvTU6pye4cNYZksP5CLTyy

WE ARE BACK! Happy 2023 friends… In this exciting episode of or BRAND NEW season 2, Kevin and Jason make good a promise from Season 1 where they go back and take a deep dive into the Dark Web. This time, we’re coming with a purpose! We go back to investigate and see what’s really out there and try to separate myth from reality. Have you always wondered what really exists out on the Dark Web? Do you have a curious bone just itching to go check it all out for yourself? Well, you’re in luck! In this episode, you’ll learn all about how to properly prep to take this journey for yourself. Do we actually recommend it? Listen and find out!! Find out more about the original Dark Web marketplace founded by Ross Ulbricht known as the Silk Road and other place you can still visit today. Learn how to browse the Dark Web, how it all started, and how many people actually surf the Dark Web today. Learn facts you probably didn’t know about this mysterious corner of cyberspace. Lastly, find out things you can ACTUALLY purchase on the Dark Web. You might just be surprised at some of these!! It is important to mention that no humans were trafficked, and no organs were harvested in the making of this episode!   CITATIONS: How to Safely Browse the Dark Web IDEALLY…Visit the Dark Web via an isolated OS ·         Here are some of the most popular options: o   Whonix - https://www.whonix.org/ o   Tails  - https://tails.boum.org (as mentioned on our episode) o   Qubes - https://www.qubes-os.org/ o   Kali Linux - https://www.kali.org/ (awesome hacking tools packaged with this OS) o   TrueOS - https://www.trueos.org/ Get the Tor Browser: https://www.torproject.org/download/ Use a good VPN – Here are some popular options (some offer free 30 day trials): ·         NordVPN - https://nordvpn.com/ ·         SurfShark - https://surfshark.com/ ·         TorGuard - https://torguard.net/ ·         Proton VPN - https://protonvpn.com/ ·         IP Vanish - https://www.ipvanish.com/ ·         Express VPN - https://www.expressvpn.com/ ·         RusVPN - https://rusvpn.com/en/       Learn about Surfing the Dark Web Online https://www.udemy.com/courses/search/?src=ukw&q=Dark+Web Dark Web Stats and Facts https://websitebuilder.org/blog/dark-web-statistics/ Dark Web Usage Stats https://earthweb.com/how-many-people-use-the-dark-web/

There is a worldwide shortage of over 3 million in the ranks of cybersecurity professionals, with half a million of that shortage in North America alone. The problem is only expected to get worse as the demand for infosec talent is expected to grow dramatically in the coming months and years. One troubling fact about this shortage of talent is that the gap could be dramatically filled if only one segment of the population were proportionately represented in the cybersecurity industry – women! Join us as Kevin, Jason, and their very special guests, Kristen Twining (Senior VP of Sales) and Madison Beane (Commercial Account Executive) from Illusive Technology as we rip the Band-Aid off the issue and expose it for what it is, a societal travesty! Gender bias is certainly part of the issue, as evidence suggests that young females, often during high school or even before that point in life have already formed preconceptions about their place in the world. Let’s face it, the world of technology is intimidating enough without the additional issues of biases. The good news is that evidence suggests that things are turning around. We have a long, long way to go to eliminate gender biases, however, we are making progress! We must all do our part to encourage the female population to join the exciting field of cybersecurity. Help us fight the good fight. WE NEED YOU! In this exciting two-part episode, join us for some fun and we talk all about how tear down some of these walls and get more women interested in this fantastic field and career path. Join us this Cybersecurity Awareness month, as we hit on many important topics and focus on WOMEN in CYBERSECURITY! CITATIONS: ISC2 Women in Cybersecurity Report Download the report here: https://www.isc2.org/research/women-in-cybersecurity Frost & Sullivan (Agents of Change: Women in the Information Security Profession) https://1c7fab3im83f5gqiow2qqs2k-wpengine.netdna-ssl.com/wp-content/uploads/2019/03/Women-in-the-Information-Security-Profession-GISWS-Subreport.pdf Cybercrime Magazine Women Know Cyber: The Documentary https://www.youtube.com/watch?v=Kpc31WJ6l2M York University School of Continuing Studies What Challenges do Women Face in Cybersecurity https://www.youtube.com/watch?v=0S7kGvug4m4 Other Great Resources: Women in Cybersecurity.org https://www.wicys.org/ Girls Who Code https://girlswhocode.com/ Women in Tech https://women-in-tech.org/ Women’s Society of Cyberjutsu (WSC) https://womenscyberjutsu.org/page/WhoAreWe WoSEC – Women of Security https://twitter.com/WoSECtweets The Diana Initiative https://www.dianainitiative.org/ Code Like a Girl https://code.likeagirl.io/tagged/cybersecurity Women in Technology https://www.womentech.net/

There is a worldwide shortage of over 3 million in the ranks of cybersecurity professionals, with half a million of that shortage in North America alone. The problem is only expected to get worse as the demand for infosec talent is expected to grow dramatically in the coming months and years. One troubling fact about this shortage of talent is that the gap could be dramatically filled if only one segment of the population were proportionately represented in the cybersecurity industry – women! Join us as Kevin, Jason, and their very special guests, Kristen Twining (Senior VP of Sales) and Madison Beane (Commercial Account Executive) from Illusive Technology as we rip the Band-Aid off the issue and expose it for what it is, a societal travesty! Gender bias is certainly part of the issue, as evidence suggests that young females, often during high school or even before that point in life have already formed preconceptions about their place in the world. Let’s face it, the world of technology is intimidating enough without the additional issues of biases. The good news is that evidence suggests that things are turning around. We have a long, long way to go to eliminate gender biases, however, we are making progress! We must all do our part to encourage the female population to join the exciting field of cybersecurity. Help us fight the good fight. WE NEED YOU! In this exciting two-part episode, join us for some fun and we talk all about how tear down some of these walls and get more women interested in this fantastic field and career path. Join us this Cybersecurity Awareness month, as we hit on many important topics and focus on WOMEN in CYBERSECURITY!   CITATIONS: ISC2 Women in Cybersecurity Report Download the report here: https://www.isc2.org/research/women-in-cybersecurity Frost & Sullivan (Agents of Change: Women in the Information Security Profession)             https://1c7fab3im83f5gqiow2qqs2k-wpengine.netdna-ssl.com/wp-content/uploads/2019/03/Women-in-the-Information-Security-Profession-GISWS-Subreport.pdf Cybercrime Magazine Women Know Cyber: The Documentary https://www.youtube.com/watch?v=Kpc31WJ6l2M York University School of Continuing Studies What Challenges do Women Face in Cybersecurity https://www.youtube.com/watch?v=0S7kGvug4m4 Other Great Resources: Women in Cybersecurity.org https://www.wicys.org/ Girls Who Code https://girlswhocode.com/ Women in Tech https://women-in-tech.org/ Women’s Society of Cyberjutsu (WSC) https://womenscyberjutsu.org/page/WhoAreWe WoSEC – Women of Security https://twitter.com/WoSECtweets The Diana Initiative https://www.dianainitiative.org/ Code Like a Girl https://code.likeagirl.io/tagged/cybersecurity Women in Technology https://www.womentech.net/

If you’re like many others in information security, you too may struggle with understanding the concept and basic premise of “zero trust.” Well, we have good news for you! After this episode, you can rest-assured that we intend to clear the fog over this very confusing topic. Join us as Kevin, Jason, and their very special guest, Brad Moldenhauer as they help unravel the mystery of zero trust by bring in one of the resident experts on the topic. Brad is the VP and CISO at Z-Scaler who comes with a lengthy history in many facets of dealing with risk throughout many verticals in IT. Brad is an expert in the field, and his passion for helping others is evident in this fun-filled episode. Brad is an accomplished cybersecurity leader with over 20 years experience in aligning security strategy and delivering security outcomes that balance risk with business value and IT efficiency. Throughout his career he has held roles in cybersecurity auditing, consulting, and operations management in government, healthcare and the legal industries.   Prior to joining Z-Scaler, Brad was the Global Director of Information Security for Steptoe & Johnson LLP, an Am Law 100 international law firm where he developed, implemented and managed the information security program that addressed the legal business risk landscape along with geolocation and industry-specific security requirements of the firm’s global clientele. Brad is passionate about solving cybersecurity challenges that CISOs regularly deal with while balancing the impact towards employee productivity, client service, and the bottom line.   Get your popcorn ready! It’s time to learn all about ZERO TRUST! This episode MIGHT** contain an easter egg on a Black Hat/DEFCON 30 SWAG drop!!   **Definitely does   CITATIONS: Z-Scaler Resources: https://www.linkedin.com/company/zscaler/ https://www.zscaler.com/ https://twitter.com/zscaler Brad’s LinkedIn Page: https://www.linkedin.com/in/secpro/

In this exciting episode, we cover the very fascinating topic of “Social Engineering” aka: Human Hacking! Anyone that lives in Cybersecurity knows that the weakest link in any company’s cyber defenses is sitting between the keyboard and the chair. Tonight, we talk all about how malicious actors try to take full advantage of that weakness and exploit it to steal your company or your personal data. Join us as Jason and Kevin converse with a special guest Ragnhild "Bridget" Sageng on all facets of this controversial topic. Bridget has several years of experience in the IT industry, working with IT-support before transcending into a career within pentesting. Today, she works as an ethical hacker at Orange Cyberdefense in Norway. Prior to her IT career, “Bridget” educated herself in the field of human psychology and healthcare due to her interest in understanding the human mind. She has always had an interest in cybersecurity and completed her bachelor’s degree in Cybersecurity recently at Noroff University College. Due to her interest in both the human mind and IT security, “Bridget” specializes in social engineering and Open-source investigation (OSINT). In 2020, she won an international social engineering CTF hosted by Temple University. In 2021, “Bridget” became a Certified Social Engineering Pentest Professional (SEPP) and has since dedicated her focus toward social engineering pentesting. Her hands-on experience with social engineering pentesting has prompted her to further research the topics of ethically handling people affected by the tests. It's important to mention that no Princes were harmed during the making of this episode. CITATIONS: Bridget’s DEFCON30 talk “The Aftermath of a Social Engineering Pentest. - Are we Being Ethically Responsible?” https://www.se.community/presentations/#sageng Pentest Your Users with the help of a Company Like Orange Cyberdefense: https://www.orangecyberdefense.com/ Temple University CTF Contest Links: https://sites.temple.edu/collegiatesectf/ Interested in Learning Social Engineering and Getting Certified? Social-Engineer Training Website: https://www.social-engineer.com/ Black Hat & DEFCON Official Websites: https://www.blackhat.com/ https://defcon.org/

When the world comes crumbling down and your entire existence is burning to the ground, will you be prepared to handle it? What am I talking about anyway? The post-breach apocalypse, of course. What else?! You see, we have all heard it said so many times, “It’s not a matter of IF you get breached; it’s a matter of WHEN!” Well, if that is true, do you think you should be making every possible effort to get as prepared as possible ahead of time? We do! That is precisely why have handpicked the special guest for this episode. Stephen Cracknell is an Amazon best-selling author with experience in a very critical area that we know you can improve in by absorbing his wisdom. We know that, because we all can improve in this area. Stephen and his team at USM Technology are passionate about helping business leaders repel cyberattacks. They work with IT leaders across Texas to build out comprehensive incident response plans designed to ensure that the IT team, as well as the company’s leadership, work effectively during the critical first 72 hours after a cyberattack. Their focus is helping IT leaders develop a plan that brings critical business processes back online quickly, so their leadership team is not forced to pay the hacker’s ransom. Your well-designed recovery plan also avoids data loss, business downtime, irate customers as well as injury to your company’s reputation and your career. So, sit back, refill your coffee mugs, and pull up a chair. It’s time to dive into an episode we’ve titled DOOMSDAY BREACH PREPPING 101! Yee-haw!   Citations: USM Technology Pentesting Services: https://www.usmtechnology.com/uncover.html   Purchase Stephen’s Book on Amazon   Find Stephen on LinkedIn: https://www.linkedin.com/in/stephencracknell/   Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.

Electronic Blinky-Bling?!! What the heck is that?! Take a quick walk around the Las Vegas strip around mid-summer at the DEFCON Hacking/Security Conference and you’ll find out pretty darned quick! #BADGELIFE is a sub-culture of creators, hackers, programmers, and like-minded pseudo geniuses that craft some of the coolest electronic gadgetry you’re ever going to see! Imagine a sea of LEDs dancing to the music of a DJs mix, on a PCB designed to look artsy and cool. Oh, also imagine that you can hack that bad boy and play games, and set the LCD screen to your favorite animated GIF. Imagine using the latest programming languages and technologies to link hundreds of badges together on their own network of social awesomeness! That’s a fraction of what Badgelife is really all about. In this light-hearted episode, we talk with our pals Zapp and Hyr0n at AND!XOR about how they continue to set the badgelife world ablaze with their creative masterpieces every single year. It should go without saying that their work is some of the absolute best as they start planning for the next masterpiece over 18 months ahead in many cases. You can rest assured, they always have a virtual line out the door filled with people looking to string an AND!XOR PCB medallion around their necks. Why?! Because their creations are always EPIC A** Kickery! Join Cybersecurity professionals and CISSP brethren, Jason (Redeemer) and Kevin (Sabotage66) as they bring another hard-hitting and action packed episode. This one centers on all of the intricacies of this amazing sub-culture of the awesome DEFCON conference. Strap on your best hacker gear, throw on your black hoodie, or your bucket hat, and if you’ve got it, flip on your coolest blinky-bling and join us as we pick the brains of half of the AND!XOR team! Let’s get DISTORTED (in a full on Cybery kind of way)!!   Helpful DEFCON websites: Official DEFCON Website: https://defcon.org/ Official DEFCON SWAG: https://shop.defcon.org/ Registration for DC30: https://shop.defcon.org/products/def-con-30-pre-registration-ticket                 DEFCON Forums:                 https://forum.defcon.org/ Helpful AND!XOR websites:   AND!XOR Twitter: https://twitter.com/andnxor AND!XOR YouTube: https://www.youtube.com/channel/UCPn2tbrSo1Pi92k9TTJgmyg Other podcasts featuring AND!XOR: Macrofab Ep#66 Macrofab Ep#109 Macrofab Ep#144 Macrofab Ep#238 Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.

In this episode, Jason and Kevin join guest Ross Ingersoll, Executive Risk & Cyber Account Executive at Holmes & Murphy & Associates. We discuss the topic of cyber insurance and how being protected from today’s Cyber risks can better position your company in the event of a major breach event. If you’ve ever wondered about what Cyber Insurance covers, or what types of things you need to be considering before you even think about applying for Cyber Insurance, then this episode will hit home! In today’s Cyber climate, does your company have the risk appetite to go without the added protection of Cyber Insurance to fall back on? Ross shares his valuable insight on why YOU might want to at least consider a policy for your business. We’ll also play the “Cyber Claim Game” where we take a look at how some of today’s larger breaches played out and what other companies have paid out due to lack of preparedness. You will take away some valuable insight around this topic and several key actionable items that you can consider if you want to look into cyber insurance for your company! Lastly, you’ll discover the Key Carrier Provisions that every underwriter looks at before inking a policy. Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.

In this episode, join Jason & Kevin as they discuss the journeys they both took to obtain the coveted CISSP (Certified Information Systems Security Professional) certification from the governing body of (ISC)2. Anyone who knows ANYTHING about Cybersecurity and has aspirations of becoming a manager know that the CISSP is the most sought after certification offered. In this episode, they discuss why that is. We also discuss the various domains covered in the exam, the weightings of each domain, the exam format, and many helpful tips and tricks to help get you over the hump as you traverse your studies. We know the effort required to obtain this certification and we are familiar with the full experience, even the failure of each of our first exams. That’s a painful pill to swallow but we have some sage advice that might just help you to succeed on your next attempt. We hope that this episode is considered just one more tool to add to the virtual tool belt for all aspiring future CISSPs that are embarking on this prestigious and esteemed certification. We KNOW that you’ll find this information valuable. After all, don’t you need a light-hearted break from your books and flash cards anyway?!?! =)   Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.   CITATIONS:  Matt Elliott Blog Post: A Journey Through Hell. My CISSP Experience. https://medium.com/@pentesta/my-cissp-experience-a-journey-through-hell-56790c4f569e   (ISC)2 Official Website The Pathway to Certification https://www.isc2.org/Certifications/CISSP   How to Think Like a Manager for the CISSP Exam Luke Ahmed https://www.amazon.com/Think-Like-Manager-CISSP-Exam/dp/1735085197/ref=sr_1_1?crid=2LO79N1BUYEIS&keywords=Luke+Ahmed&qid=1651298957&sprefix=luke+ahmed%2Caps%2C99&sr=8-1   Cybrary.IT Video Course by Kelly Handerhan – Certified Information Systems Security Professional (CISSP) https://www.cybrary.it/course/cissp/   Host Unknown – The Very Fine Chaps Host Unknown presents: I'm a C I Double S P (CISSP Parody) https://podcast.hostunknown.tv/ https://hostunknown.tv/ https://youtube.com/user/HostUnknownTV   LMFAO – Yes Instrumental https://www.karaoke-version.com/mp3-backingtrack/lmfao/yes.html

In this episode, Jason & Kevin join special guest Stacie Grimm, Principal at UHY. UHY is one of the Midwest’s leading CPA, business advisory and M&A firms. They deliver a broad range of tax, accounting, consulting and investment banking capabilities to serve businesses as well as individuals. Stacie brings 15 years of experience as a seasoned auditor to the conversation in this episode.   In this episode we hit Stacie with questions around all the differences around company assessments, reports, audits, certifications and frameworks! We talk about Internal versus External audits, and we land on anything and everything SOC (System and Organizational Controls) and the SOC Suite of Services, Stacie’s specialty! We learn how SOC is nothing more than a framework through which organizations can communicate relevant useful information about the effectiveness of their cybersecurity risk management program and CPAs can report on such information to meet the cybersecurity information needs to a broad range of stakeholders. By the end of the episode, you’ll know all about the differences between SOC I, SOC 2 (Type 1 and Type 2), and SOC 3 reports. NOT Audits, reports! =)   Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.

In this episode, Jason and Kevin join guest Adam Fisher, Principal Security Engineer at Salt Security. We focus on a very common threat vector and component in modern web applications, the topic of API security. API security is the process of protecting APIs from attacks. Because APIs are very commonly used, and because they enable access to sensitive software functions and data, they are becoming a primary target for attackers. In this episode, we’ll look at why API security is at an all-time high on the concerns lists for companies. If it’s not on your top 5 list of concerns, it SHOULD be! APIs connect systems together everywhere and we use them every day. We discuss some of the biggest API breaches you’ve likely heard about. We also cover why we’re vulnerable but more importantly, what you can do about it!   Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.

What is this mysterious online enigma? Maybe you’ve heard about it and wondered, “What type of craziness would I find out there?” Cybersecurity professionals and CISSP brothers, Jason and Kevin bring a hard-hitting and action packed episode centered on all of the mysteries the Dark Web has to offer. Join them as they navigate the waters of the various internet layers, the world of anonymity via the Onion Router (TOR). Finally, take a trip down the infamous Silk Road and follow it all the way to the illusive Red Room. Who knows? You may even find out the cost to go buy yourself 1000 TikTok, Instagram, or Twitter followers!! Does everything that you’ve heard of on the Dark Web even really exist? Well….maybe…just maybe, one day, they’ll take it upon themselves to go find out. That, my friends is for another episode!! Helpful websites: https://haveibeenpwned.com/ Citations: Chitty, T (2017, May, 26). What is the Dark Web. CNBC Explains. https://www.youtube.com/watch?v=fUjSVrh9UN4   Nelson, T (2021, February 11). Full Documentary: Dark Web. Janson Media. https://www.youtube.com/watch?v=cL3pEe47qyk   VICE (2021, July 24). How to Hire a Hitman| The Business of Crime. VICE. https://www.youtube.com/watch?v=sinsp0uLsS8   Leyden, J (2019, October 29). Cybersecurity news and views. The Daily Swig CYBERCRIME MAGAZINE. https://portswigger.net/daily-swig/arpanet-anniversary-the-internets-first-transmission-was-sent-50-years-ago-today   Matthieu, C (2020, October 19). Journey from ARPANET to XRPANET. Medium.com. https://medium.com/xrpanet/journey-from-arpanet-to-xrpanet-cc7bb576a49f

Jason and Kevin join guest Eric Lough, VP of Business Development at FCP Euro to discuss how managers think and make critical decisions around Cybersecurity. Eric brings over 15 years of experience in the Automotive Aftermarket to the table. We spend the majority of the episode picking his brain on several key questions on today's challenging decisions that most managers have to make as it relates to protecting their businesses. As you'll find out in this conversation, not all of these decisions are easy! Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.

Jason and Kevin, both CISSP's and seasoned cybersecurity professionals, join guest David Bonvillain, VP of Sales Engineering for Halcyon.ai. David shares his 20+ years of experience to dive deep into Ransomware. David shares with the audience practical ways to keep yourself safe based on his years of reverse engineering malware and his deep understanding on how they are programmed to behave.  He also takes on a historical review of Ransomware, where it started, how it progressed into a major business model and recent new developments discovered in the last 2 weeks on where it is going. We conclude with information you can use to track Ransomware attacks and data breaches. Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as a Information Security Director for a Manufacturing company.

Jason and Kevin, both CISSP's and seasoned cybersecurity professionals, join guest Benjamin Hall CISA, CDPSE, a cybersecurity consultant to break down key understandings of Ransomware. They share Ransomware horror stories and participate in a live simple Ransomware awareness quiz game produced by the FTC. They also discuss Senior Management buy-in and provide the audience with simple tools they can implement now so they can protect themselves and their companies.  Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as a Information Security Director for a Manufacturing company.