Download - 2020-004-Marcus Carey, ShmooCon Report, threat simulation

Discover

Podcast Features
Your all-in-one podcasting solution.

Blog to Podcast
Turn your blog into an engaging podcast.
Livestream
High-performing audio live, without limits.

Podcast Studio
Easy-to-use audio recorder app.
Podbean AI
AI-Enhanced Audio Quality and Content Generation.

Podcast App
The best podcast player & podcast app.

Ads Marketplace
Join Ads Marketplace to earn money
through sponsorship on your podcast.

PodAds
Manage your ads with dynamic ad insertion capability.
Apple Podcasts Subscriptions Integration
Effortlessly publish and manage exclusive episodes for your
Apple Podcasts subscribers directly from Podbean.
Live Streaming
Receive livestream rewards from your audience and earn
recurring income from your Fan Club membership.

All Arts Business Comedy Education
Fiction Government Health & Fitness History Kids & Family
Leisure Music News Religion & Spirituality Science
Society & Culture Sports Technology True Crime TV & Film
Live

How to Start a Podcast
How to Start a Live Podcast
How to Monetize a podcast
How to Promote Your Podcast
How to Use Group Recording

Log in
Start your podcast for free

Podcasting
Monetization
Advertisers
Enterprise
Pricing
Discover

BrakeSec Education Podcast

News:Tech News

2020-004-Marcus Carey, ShmooCon Report, threat simulation

2020-02-05

Download Right click and do "save link as"

Marcus Carey https://twitter.com/marcusjcarey

Prolific Author, Defender, Enterprise Architect at ReliaQuest

https://twitter.com/egyp7

https://www.darkreading.com/vulnerabilities---threats/reliaquest-acquires-threatcare/d/d-id/1335950

“GreyMatter integrates security data from security incident and event manager (SIEM), endpoint detection and response (EDR), firewalls, threat intelligence feeds, and other security tools, and includes analysis functions and automation. Threatcare's technology — which will become a new feature on the platform — simulates how a specific threat or attack could target an organization's network in order to determine whether its security tools and settings are or are not actually working to thwart the threats.”

Security model - everyone’s is diff

How do you work with your threat model?

A proper threat model

Attack Simulation -

How is this different from doing a typical Incident Response tabletop? Threat modeling systems?

How is this different than a pentest?

Is this automated red teaming? How effective can automated testing be?

Is this like some kind of constant scanning system?

How does this work with threat intel feeds?

Can it simulate ransomware, or any attacks?

Hedgehog principles

A lot of things crappily, and nothing good

Mr. Boettcher: “Why suck at everything…”

Atomic Red Team - https://github.com/redcanaryco/atomic-red-team

ATT&CK Matrix - https://attack.mitre.org/matrices/enterprise/

Tribe of Hackers

https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189 - Red Book

The Tribe of Hackers team is back with a new guide packed with insights from dozens of the world’s leading Red Team security specialists. With their deep knowledge of system vulnerabilities and innovative solutions for correcting security flaws, Red Team hackers are in high demand. Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity takes the valuable lessons and popular interview format from the original Tribe of Hackers and dives deeper into the world of Red Team security with expert perspectives on issues like penetration testing and ethical hacking. This unique guide includes inspiring interviews from influential security specialists, including David Kennedy, Rob Fuller, Jayson E. Street, and Georgia Weidman, who share their real-world learnings on everything from Red Team tools and tactics to careers and communication, presentation strategies, legal concerns, and more

Learn what it takes to secure a Red Team job and to stand out from other candidates
Discover how to hone your hacking skills while staying on the right side of the law
Get tips for collaborating on documentation and reporting
Explore ways to garner support from leadership on your security proposals
Identify the most important control to prevent compromising your network
Uncover the latest tools for Red Team offensive security

https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1119643376 - Yellow Book

Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is your guide to joining the ranks of hundreds of thousands of cybersecurity professionals around the world. Whether you’re just joining the industry, climbing the corporate ladder, or considering consulting, Tribe of Hackers offers the practical know-how, industry perspectives, and technical insight you need to succeed in the rapidly growing information security market. This unique guide includes inspiring interviews from 70 security experts, including Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street.

Get the scoop on the biggest cybersecurity myths and misconceptions about security
Learn what qualities and credentials you need to advance in the cybersecurity field
Uncover which life hacks are worth your while
Understand how social media and the Internet of Things has changed cybersecurity
Discover what it takes to make the move from the corporate world to your own cybersecurity venture
Find your favorite hackers online and continue the conversation

https://smile.amazon.com/Tribe-Hackers-Security-Leaders-Cybersecurity/dp/1119643775 - Green Book

(Next out!)

Information security is becoming more important and more valuable all the time. Security breaches can be costly, even shutting businesses and governments down, so security leadership is a high-stakes game. Leading teams of hackers is not always easy, but the future of your organization may depend on it. In this book, the world’s top security experts answer the questions that Chief Information Security Officers and other security leaders are asking, including:

What’s the most important decision you’ve made or action you’ve taken to enable a business risk?
How do you lead your team to execute and get results?
Do you have a workforce philosophy or unique approach to talent acquisition?
Have you created a cohesive strategy for your information security program or business unit?

https://smile.amazon.com/Tribe-Hackers-Blue-Team-Cybersecurity/dp/1119643414 - Blue Book

(OUT SOON!)

Tribe of Hackers Blue Team goes beyond the bestselling, original Tribe of Hackers book and delves into detail on defensive and preventative techniques. Learn how to grapple with the issues that hands-on security experts and security managers are sure to build into their blue team exercises.

Discover what it takes to get started building blue team skills
Learn how you can defend against physical and technical penetration testing
Understand the techniques that advanced red teamers use against high-value targets
Identify the most important tools to master as a blue teamer
Explore ways to harden systems against red team attacks
Stand out from the competition as you work to advance your cybersecurity career

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotify: https://brakesec.com/spotifyBDS

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel: http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site: https://brakesec.com/bdswebsite

#iHeartRadio App: https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com