Oct 24, 2016
Join us for a special episode this week! I (Bryan) was able to
attend my first Source Seattle convention. Two days of talks,
technical and non-technical, combining red/blue team concepts, as
well as professional development, to help you navigate the
corporate waters easier.
I was able to interview a number of people from the conference. You
can see a partial list of them here:
http://www.sourceconference.com/single-post/2016/09/30/SOURCE-Seattle-Highlights
Interviewed
Chip McSweeney from OpenDNS (@chipmcmalware) and Rob Cheyne about
the conference and got a bit of information about Chip's talk on
"Domain Generating Algorithms" (DGA) that #malware use for domain
C&C, and how to detect and reverse certain algos.
Rob Cheyne is the organizer of Source, so we talked a bit about the
history and difficulties putting on 3 of these a year, and what
makes the "Source" conference format so different.
Masha Sedova was one of the keynote speakersto discuss how she
gamified her information security program and got everyone
involved. Really excellent talk about changing organizational
behavior.
Rob Fuller gave two days of Metasploit training, to show the
versatility and to teach about the effectiveness of this tool. I
also ask if Metasploit has reached it's end, since it's easily
detected in many environments. Rob is a great interview and gives
me his unvarnished opinion.
Mike Shema from https://cobalt.io/ discussed expanding and
tailoring your bug bounty program to suit your organization and to
ensure that your bug bounty program is mature. Using private bug
bounties, and ensuring proper follow through in a timely manner can
ensure maximum bang for the buck.
Last but not least, Deidre Diamond who did a keynote about 'Words
to Stop Using now'. Deidre is the CEO of a national cyber security
staffing company (Cyber Security Network) and Founder of a
not-for-profit that empowers women in the infosec industry. Hear
her thoughts on how leadership training is needed in the corporate
environment, I ask her why we still need recruiters with hiring
sites and why job descriptions are still a thorn in everyone's
sides.
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-042-Source_Seattle_2016_audio.mp3
iTunes: https://itunes.apple.com/us/podcast/2016-042-audio-from-source/id799131292?i=1000377063127&mt=2
YouTube: https://www.youtube.com/watch?v=sj_SD2k7zXw
#RSS: http://www.brakeingsecurity.com/rss
#SoundCloud: https://www.soundcloud.com/bryan-brake
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake
#Facebook: https://www.facebook.com/BrakeingDownSec/
#Tumblr: http://brakeingdownsecurity.tumblr.com/
#Player.FM : https://player.fm/series/brakeing-down-security-podcast
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582