Preview Mode Links will not work in preview mode

Jun 9, 2019

ANNOUNCEMENTS: INFOSEC CAMPOUT TICKETS ARE STILL ON SALE. Go to for Eventbrite link and more information.



Part 2 of our Discussion with Chris Sanders (@chrissanders88)

Topics discussed:

Companies dropping existing frameworks for ATT&CK Matrix, why?

Rural Technology Fund - What it is, how does it work, Who can help make it more awesome.


I’ve argued for some time that information security is in a growing state of cognitive crisis…


Demand outweighs supply

Because so many organizations need experience, they are unable to appropriately invest in entry-level jobs and devote the necessary time for internal training.

That’s an HR and hiring manager issue, right? --brbr  No. --bboettcher


Information cannot be validated or trusted

    There are few authoritative sources of knowledge about critical components and procedures.


Large systemic issues persist with no ability to tackle them in a large, mobilized, or strategic manner.

    The industry is unable to organize or widely combat the biggest issues they face.

    Groups of individuals, everyone thinking they have the ‘right answer’, just like linux flavors --brbr


Dependence on tools:


How do we solve it?


  1. We must thoroughly understand the processes used to draw conclusions.
    1. S.M.A.R.T.?
  2. Experts must develop repeatable, teachable methods and techniques.
  3. Educators must build and advocate pedagogy that teaches practitioners how to think. - sawbones podcast (amanda mentioned)


Mental Model?

    We use them all the time? Gotta simplify the complex...

    Distribution and the Bell Curve

    Operant Conditioning

    The Scientific Method


Applied Models


    13 Organ Systems

    4 Vital Signs

    10 Point Pain scale

Defense in Depth

OSI model

Investigation Process


Model Desperation

    Companies dumping existing models and embracing something else


The problem is that we’re model hungry and we’ll rapidly use and abuse any reasonable model that presents itself. Ultimately, we want good models because we want a robust toolbox. But, not everything is a job for a hammer and we don’t need fourteen circular saws.


What makes a good model?



Imperfect? (wuh?)-brbr


Creating models

    Begins by asking a question… (what is the weather going to look like tomorrow? --brbr)

        What defines the sandwich? (kind of like “” --brbr)


Discuss the Rural Tech Fund

Practical Threat Hunting -

Practical Packet Analysis -



Suggesting books:

More references on Chris’ site


Book Club

Cult of the dead cow - June

Tribe of Hackers - July

The Mastermind - August

The Cuckoo’s Egg - September


Check out our Store on Teepub!

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email

#Brakesec Store!:



#Youtube Channel:

#iTunes Store Link:

#Google Play Store:

Our main site:

#iHeartRadio App:


Comments, Questions, Feedback:

Support Brakeing Down Security Podcast by using our #Paypal OR our #Patreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM :

#Stitcher Network:

#TuneIn Radio App: