1 00:00:00,250 --> 00:00:03,982 In this riveting episode, we'll be joined by special guests who do 2 00:00:04,036 --> 00:00:07,674 information security work taking us into the deep, dark 3 00:00:07,722 --> 00:00:11,566 realms of high level hacking. We'll explore the pyramid of 4 00:00:11,588 --> 00:00:15,406 threats from those bumbling high school hackers who couldn't hack their way out of a 5 00:00:15,428 --> 00:00:19,200 paper bag to the notorious figures backed by nation states. 6 00:00:19,970 --> 00:00:23,790 But hold on to your keyboards, folks, because this conversation takes 7 00:00:23,860 --> 00:00:27,190 a turn towards Linux and the intricate world of Ozint. 8 00:00:27,850 --> 00:00:31,286 Yes, that's open source intelligence for those scratching their 9 00:00:31,308 --> 00:00:35,094 heads. We'll unravel the mysteries of Ozint, its 10 00:00:35,132 --> 00:00:38,674 uses, its implications, and how it can be a double edged 11 00:00:38,722 --> 00:00:42,426 sword in the wrong hands. With a touch of espionage and a sprinkle of 12 00:00:42,448 --> 00:00:46,262 humor, we'll leave you on the edge of your ergonomic office chair craving 13 00:00:46,326 --> 00:00:50,034 more. And if that's not enough to make your encryption keys quiver, 14 00:00:50,102 --> 00:00:53,754 we'll also touch upon the interconnectedness of the past with stories 15 00:00:53,802 --> 00:00:57,550 of legendary minds crossing paths in unexpected cafes. 16 00:01:01,730 --> 00:01:05,146 All right. Hello and welcome to Data Driven, the podcast where we explore the emerging 17 00:01:05,178 --> 00:01:09,022 fields of data science, artificial intelligence and of course, data engineering, 18 00:01:09,086 --> 00:01:12,802 which actually makes the whole thing possible. But there's another 19 00:01:12,856 --> 00:01:15,070 field that we're going to talk about today, so it's going to be a little 20 00:01:15,080 --> 00:01:18,870 bit different. We kind of did that with the last show or two, kind of 21 00:01:18,940 --> 00:01:22,178 expanding our purview of topics. 22 00:01:22,354 --> 00:01:25,862 And speaking of purview, I said 23 00:01:25,916 --> 00:01:29,718 Purview, hopefully I pronounced it right, but I know, Andy, you've been playing 24 00:01:29,734 --> 00:01:33,446 around with Azure Purview. I have, yeah. And it's 25 00:01:33,478 --> 00:01:36,922 kind of it's speaking of data engineering, there's a lot there 26 00:01:36,976 --> 00:01:40,794 with data lineage and the 27 00:01:40,832 --> 00:01:44,654 secret sauce to it is it does automated scans and if 28 00:01:44,692 --> 00:01:48,446 it can figure out where something new belongs in 29 00:01:48,468 --> 00:01:51,950 the diagrams, it'll just put it in there and that is 30 00:01:52,020 --> 00:01:54,930 almost magic from a data engineering perspective. 31 00:01:55,590 --> 00:01:59,426 There really is a lot of innovation happening in that space. And 32 00:01:59,608 --> 00:02:03,266 today, as we're recording this, my wife we 33 00:02:03,288 --> 00:02:06,820 mentioned this, does cybersecurity at NIST and 34 00:02:07,430 --> 00:02:11,014 my oldest son went with her to Take Your Sons and Daughters to Work 35 00:02:11,052 --> 00:02:14,822 Day. That's cool. And yeah, so it's really cool. 36 00:02:14,876 --> 00:02:17,974 So we have two guys here on the show. It's one of the few times 37 00:02:18,012 --> 00:02:21,734 we've actually have had two guests at the same time. We have Patrick and Dwayne 38 00:02:21,862 --> 00:02:25,546 who are fellow podcasters for a show called Security this 39 00:02:25,568 --> 00:02:29,398 week. We need applause. Where's your effect? I don't have it. Plugged 40 00:02:29,414 --> 00:02:32,974 in the effect. And 41 00:02:33,172 --> 00:02:36,634 they also are the CEO and CTO, respectively of Pulsar 42 00:02:36,682 --> 00:02:40,254 Security. Combined with them, they have 50 43 00:02:40,292 --> 00:02:43,860 plus years of combined experience in cybersecurity and technology 44 00:02:44,390 --> 00:02:47,982 and they provided services for Disney, the military, 45 00:02:48,046 --> 00:02:51,746 bank of America, the NHL and more. 46 00:02:51,928 --> 00:02:55,710 So welcome to the show, Patrick and Dwayne. Thank you. I just want to 47 00:02:55,720 --> 00:02:58,280 clarify, I have 49 and he has one. 48 00:02:59,210 --> 00:03:03,000 Wow. Just kidding. You look great for your age, by the way. 49 00:03:05,210 --> 00:03:07,800 You started when you were like five. Is that what. 50 00:03:11,390 --> 00:03:14,518 So there's actually a funny thing. There was a namespace collision 51 00:03:14,614 --> 00:03:18,426 because you, Patrick, attended West Point, and thank you for 52 00:03:18,448 --> 00:03:22,234 your service. Thanks, sir. There was another Frank Lavinia that apparently 53 00:03:22,282 --> 00:03:24,080 went through West Point. Yes. 54 00:03:27,330 --> 00:03:30,846 And I almost went to West Point, which probably would have confused a lot of 55 00:03:30,868 --> 00:03:33,870 the professors and staff. 56 00:03:34,310 --> 00:03:37,474 Wait a minute. Did you just leave here? What do you want, the eight year 57 00:03:37,512 --> 00:03:40,900 plan? Yeah. You know what 58 00:03:41,270 --> 00:03:45,058 I'm thinking? This is a time travel thing, Frank. It 59 00:03:45,064 --> 00:03:48,566 is? Yeah. Yes. One of the 60 00:03:48,588 --> 00:03:52,102 NCOs I served with sent me a picture of a Life 61 00:03:52,156 --> 00:03:55,510 magazine cover that showed troops in the 62 00:03:55,580 --> 00:03:59,266 landing craft at Normandy. And the guy at the center of the picture 63 00:03:59,298 --> 00:04:02,186 looked exactly the way I did as a second lieutenant. He's like, I didn't know 64 00:04:02,208 --> 00:04:05,754 you were in World War II. So I bought a copy of it. It's exactly 65 00:04:05,872 --> 00:04:09,466 the way I looked when I was 22 years old. That's great. Okay, so 66 00:04:09,488 --> 00:04:13,226 now both of you are time travel. Maybe that's what West Point does. It's 67 00:04:13,258 --> 00:04:16,320 time travel now. We got to delete this. 68 00:04:17,570 --> 00:04:21,006 We'll do it from the future. It'll be fun. The 69 00:04:21,028 --> 00:04:22,190 neuralizer. 70 00:04:25,810 --> 00:04:28,818 That would only work if. We do the video part of this, but that's true. 71 00:04:28,904 --> 00:04:32,366 I want to repeat the name of the website because I was rambling when Frank 72 00:04:32,478 --> 00:04:35,780 mentioned securitythewsweek.com 73 00:04:36,150 --> 00:04:39,782 and you picked up a couple of new listeners, just 74 00:04:39,836 --> 00:04:43,606 the banner in the virtual green room was enough to say, all 75 00:04:43,628 --> 00:04:47,186 right, I got to make some time to listen to this. All right, we appreciate 76 00:04:47,218 --> 00:04:50,200 it. We're trying to educate just like you. Guys, 77 00:04:50,810 --> 00:04:52,200 and it's always fun. 78 00:04:54,570 --> 00:04:57,510 It's a growth field, I think, to put it mildly. 79 00:04:58,330 --> 00:05:02,126 Someone was asking me recently because a lot of big tech layoffs happening and 80 00:05:02,148 --> 00:05:05,438 things like that, someone was asking me lately, someone who's not in data science, and 81 00:05:05,444 --> 00:05:08,942 I was like, look, if I had to do it all over again in 2023 82 00:05:09,076 --> 00:05:12,926 well, actually it was 2022 when I was asked this. I was like, I 83 00:05:12,948 --> 00:05:16,766 would go with security. I'd probably go with security if you have 84 00:05:16,788 --> 00:05:20,020 50 50 data or security. But you can't go wrong with either. 85 00:05:21,910 --> 00:05:25,654 And there have been recent events in my life which I 86 00:05:25,692 --> 00:05:28,680 keep alluding to a court case, 87 00:05:31,050 --> 00:05:34,886 but definitely I discovered the wonderful world of 88 00:05:34,908 --> 00:05:38,566 OSINT. My 89 00:05:38,588 --> 00:05:41,942 wife is really good at OSINT, right? Because that's her career. Yeah. 90 00:05:41,996 --> 00:05:45,674 But kind of watching what she's able to dig out and 91 00:05:45,712 --> 00:05:49,274 kind of know me doing it, too, we've been able to kind of Swiss out 92 00:05:49,312 --> 00:05:52,640 more information and get clarity on things, and 93 00:05:53,490 --> 00:05:57,086 it's amazing what is available. I took a course on 94 00:05:57,108 --> 00:06:00,766 pluralsight on kind of using Kali Linux. Andy and 95 00:06:00,788 --> 00:06:04,274 I I now work at Red Hat, so I've kind of went from 96 00:06:04,392 --> 00:06:08,114 promoting Windows and using Windows 100% to, thanks 97 00:06:08,152 --> 00:06:11,762 to Windows Eleven, being driven away from the Windows world and into 98 00:06:11,816 --> 00:06:15,010 the wonderful arms of Linux 99 00:06:15,830 --> 00:06:19,638 and fascinated by kind of 100 00:06:19,644 --> 00:06:23,222 the tooling that's out there and built into something like Kali or 101 00:06:23,276 --> 00:06:27,126 Kali. I'm not sure how to pronounce it. Depends on who you are. Yeah, we 102 00:06:27,148 --> 00:06:30,294 usually call it Kali, but that's our bread and butter. We love Kali, right? Yeah. 103 00:06:30,332 --> 00:06:34,106 That's an awesome operating system. So tell us a little bit about because I know 104 00:06:34,208 --> 00:06:37,354 I don't think our listeners are necessarily up on the 105 00:06:37,392 --> 00:06:41,054 Linux, let alone kind of the hacking world making 106 00:06:41,092 --> 00:06:44,814 that assumption. If I'm wrong, please let me know kindly through 107 00:06:44,852 --> 00:06:46,270 email comments 108 00:06:48,850 --> 00:06:52,558 in angry letter form. It's a siloed kind of world. We live in technology, 109 00:06:52,644 --> 00:06:56,274 right. There's a lot of specialization. There's this notion of full 110 00:06:56,312 --> 00:06:58,260 stack this, full stack that, but 111 00:06:59,830 --> 00:07:03,314 I've noticed in security that poison of the notion of full 112 00:07:03,352 --> 00:07:06,882 stack has not hitting you guys yet. It started to kind of 113 00:07:06,936 --> 00:07:10,614 flirt with the data science world. But I don't think you can be because just 114 00:07:10,652 --> 00:07:14,246 looking at what are the disciplines. Right, so I think that's one of the things 115 00:07:14,268 --> 00:07:17,718 we mentioned, OSINT, which for those that don't know is open source intelligence. And I 116 00:07:17,724 --> 00:07:21,366 don't mean open source like Linux or anything like that. What is open source 117 00:07:21,398 --> 00:07:24,714 intelligence? So open source intelligence is 118 00:07:24,912 --> 00:07:28,166 from my field. It's awesome because what open source intelligence 119 00:07:28,198 --> 00:07:31,978 is there's information about every human out there and you can 120 00:07:31,984 --> 00:07:35,694 go like Cambridge Analytica or whoever, right? There's tons of data out there about 121 00:07:35,732 --> 00:07:39,466 every human being on the planet that you can pull from just publicly 122 00:07:39,498 --> 00:07:43,246 available either databases, websites, some of them say the Dark Web, but 123 00:07:43,268 --> 00:07:46,066 you don't need to go to the Dark Web. It's all out there. And we 124 00:07:46,088 --> 00:07:49,010 have some crazy OSINT stories. 125 00:07:50,230 --> 00:07:53,842 There was one company we were trying to break into, Fortune 500, 126 00:07:53,976 --> 00:07:57,762 they said, hey, listen, we'd love you to do a spear phishing campaign. 127 00:07:57,826 --> 00:08:01,094 I was going to say and to be clear, you were hired to break in, 128 00:08:01,132 --> 00:08:04,882 right? Sure, whatever. Yeah. So if there's any attorneys 129 00:08:04,946 --> 00:08:08,502 listening, there's any federal DA listening. Let's make that clear 130 00:08:08,556 --> 00:08:12,326 publicly what we're. Saying on the podcast. No, we were 131 00:08:12,348 --> 00:08:16,138 hired to break into this Fortune 500 and they said, listen, we'd love you to 132 00:08:16,144 --> 00:08:18,938 do spear phishing. And for those of you who may not know, spear phishing is 133 00:08:18,944 --> 00:08:22,118 where you target one user. It's either like a CEO, 134 00:08:22,214 --> 00:08:25,686 CFO, something along those lines. So you start to gather some really detailed 135 00:08:25,718 --> 00:08:29,406 information. And we said, listen, it's too easy, we don't want to do that. Let 136 00:08:29,428 --> 00:08:32,298 us just focus on the technology. They're like, no, you have to do spear phishing. 137 00:08:32,314 --> 00:08:35,358 We said okay. Cool. And we did a lot of research on and we said, 138 00:08:35,364 --> 00:08:38,478 we're going to take your head of HR. We took the head of HR and 139 00:08:38,484 --> 00:08:41,178 we did a lot of research on her. They said, before you send these emails 140 00:08:41,194 --> 00:08:43,198 out, can you come talk to us about them? Just show us them so we 141 00:08:43,204 --> 00:08:45,926 can approve them. Said, sure. We sat down with them and said, listen, we got 142 00:08:45,948 --> 00:08:49,638 two campaigns we're super excited about. Super excited about. They're like, all right, hit us 143 00:08:49,644 --> 00:08:53,286 with them. What are they? We said, okay, we found out that she just 144 00:08:53,308 --> 00:08:56,726 purchased a Dodge Durango. I have the Vin number of it, and I know where 145 00:08:56,748 --> 00:09:00,486 she bought it from. We've actually purchased a website that's very close to the 146 00:09:00,508 --> 00:09:03,978 same dealership website. We're going to send her an email that there's a recall on 147 00:09:03,984 --> 00:09:07,466 her Durango with her Vin number. She needs to click a link, come to a 148 00:09:07,488 --> 00:09:11,066 website, start typing in some information. We'll take over her computer, access the 149 00:09:11,088 --> 00:09:14,160 systems. They're like, no, you can't do that. No, 150 00:09:15,010 --> 00:09:18,686 that's way too personal. Okay, cool. Awesome. We got the 151 00:09:18,708 --> 00:09:21,566 second campaign, which I think is a real winner. We're just going to kidnap her 152 00:09:21,588 --> 00:09:25,294 kids, right? They're like, okay, so hit us with the second 1. 153 00:09:25,332 --> 00:09:28,914 Second one is probably great. I said, okay, so we found out what her 154 00:09:28,952 --> 00:09:32,546 kids names are, where she lives. We know what school they go to, the 155 00:09:32,568 --> 00:09:36,126 teacher's name for each of the kids. And we found the school nurse name. We've 156 00:09:36,158 --> 00:09:39,938 set up a website that's close to the school's website, and we can 157 00:09:39,944 --> 00:09:43,510 send an email from the nurse with a form that she has to fill out 158 00:09:43,580 --> 00:09:47,254 that's a PDF that's infected with a virus that will take over her computer. Right? 159 00:09:47,292 --> 00:09:50,006 And we'll mention her kids names and the classes they're in, that sort of stuff. 160 00:09:50,028 --> 00:09:53,114 And they're like, what is wrong with you guys? You can't do any of this 161 00:09:53,152 --> 00:09:56,842 stuff. No. Yeah. 162 00:09:56,896 --> 00:10:00,198 Open source intelligence is crazy right now. It's data, the things you can find. It's 163 00:10:00,214 --> 00:10:04,006 all about data. It's the information you give. So what's the lesson here? The big 164 00:10:04,048 --> 00:10:07,818 lesson is your data is out there. And even if you don't think it's 165 00:10:07,834 --> 00:10:11,114 out there, your data is out there. And you need to use secondary 166 00:10:11,242 --> 00:10:15,054 channels of communication to verify things. So if you get a call 167 00:10:15,092 --> 00:10:17,998 from the school, get an email, get a text message, call them up, call up 168 00:10:18,004 --> 00:10:21,714 the office. If you get a message to call a phone number about your credit 169 00:10:21,752 --> 00:10:24,706 card, call the number in the back of your credit card. Try to find a 170 00:10:24,728 --> 00:10:28,526 safe, reliable channel and use that to verify. I get calls 171 00:10:28,558 --> 00:10:30,758 all the time from my staff that says, did you send me an email to 172 00:10:30,764 --> 00:10:34,534 do this? And I invite that because it's like, you should be using 173 00:10:34,572 --> 00:10:38,406 second channel verification, and it's incredibly inconvenient. And 174 00:10:38,428 --> 00:10:40,300 that's how you know the security is working. 175 00:10:42,030 --> 00:10:45,770 If it's convenient, it's probably not as secure as you'd like. Yeah, 176 00:10:45,840 --> 00:10:48,890 well, I mean, that's an interesting point because people like convenience. 177 00:10:50,270 --> 00:10:54,078 There is a tension you could just feel like, between convenience. I 178 00:10:54,084 --> 00:10:57,454 mean, I have to log in 179 00:10:57,652 --> 00:11:01,230 to my account using two factor authentication 180 00:11:03,110 --> 00:11:06,866 for both my work and my personal stuff. And I know 181 00:11:06,888 --> 00:11:09,860 it's annoying, but I know why. 182 00:11:10,790 --> 00:11:14,098 And Roblox apparently must have some really 183 00:11:14,184 --> 00:11:17,060 hairy security stories because 184 00:11:18,390 --> 00:11:22,146 their captions, their two factor authentication, 185 00:11:22,178 --> 00:11:24,120 I mean, it's pretty rigorous. And 186 00:11:25,610 --> 00:11:29,180 my eight year old, he's, like, complaining about I'm like, no, 187 00:11:29,630 --> 00:11:33,386 there's a good reason for this. You got 188 00:11:33,408 --> 00:11:36,906 to protect the kids, but also kind of train them early. Oh, 189 00:11:36,928 --> 00:11:40,378 yeah, I like that. Yeah, it's a great idea. I was on a 190 00:11:40,384 --> 00:11:44,150 panel with a colonel from Disa, and he said he went on vacation 191 00:11:44,230 --> 00:11:47,614 and he got bit by a spider on his hand and came back to work. 192 00:11:47,732 --> 00:11:51,418 Went into the office, started working, and ten minutes later, armed 193 00:11:51,434 --> 00:11:54,682 guard showed up at his desk. And we forced him to identify 194 00:11:54,746 --> 00:11:58,014 himself, improve his identity, because his typing cadence had 195 00:11:58,052 --> 00:12:01,742 changed. Wow. We're 196 00:12:01,806 --> 00:12:05,518 starting to get to the world of the military is doing things we're 197 00:12:05,534 --> 00:12:09,174 not thinking of, and eventually we're going to have to do those things. Right. So 198 00:12:09,212 --> 00:12:12,822 Dwayne smiled when you said two factor authentication, and I want to know 199 00:12:12,876 --> 00:12:16,694 why. Okay. All right. I get the sense 200 00:12:16,732 --> 00:12:19,878 it's like the tooth Fairy, right? Like, you want to believe in it, but it's 201 00:12:19,894 --> 00:12:23,180 not as effective as it is as it's supposed to be. No, actually. 202 00:12:23,630 --> 00:12:26,646 So, interestingly enough, Google and Microsoft both have released 203 00:12:26,758 --> 00:12:30,234 independent research that says two factor auth will 204 00:12:30,272 --> 00:12:33,742 mitigate about 95% to 98% of most common 205 00:12:33,796 --> 00:12:37,086 attacks, but not everything, which is fantastic. We love using it 206 00:12:37,108 --> 00:12:40,778 because we look for the gaps in between systems. So there's 207 00:12:40,874 --> 00:12:44,542 a couple of two factor authentication providers out there that allow us 208 00:12:44,676 --> 00:12:48,114 to verify that you have valid accounts and that sort of stuff, without actually 209 00:12:48,232 --> 00:12:51,794 yeah, there's all sorts of once you start digging into the APIs of two 210 00:12:51,832 --> 00:12:55,506 FAS, some of them are easily bypassed, some of them are easily mimicked. Some of 211 00:12:55,528 --> 00:12:58,500 them allow you to get more information you wouldn't normally get. 212 00:12:59,030 --> 00:13:02,646 So just be careful. There's nothing in security. That's the panacea of security. 213 00:13:02,748 --> 00:13:06,598 Right. It's the same thing with data analytics. There's nothing that's like, oh, my 214 00:13:06,604 --> 00:13:09,158 God, there's this one product, and if you buy it, you know everything and you 215 00:13:09,164 --> 00:13:12,906 can see into the future. No, it doesn't work that way. Right. All 216 00:13:12,928 --> 00:13:16,218 right. I need to ask you about my password vault off the air. 217 00:13:16,384 --> 00:13:19,942 Yes, you do. Let me tell you 218 00:13:20,016 --> 00:13:22,750 password for it. No matter what you heard in the news, you should have one, 219 00:13:22,820 --> 00:13:25,600 but there's one you might not want to have. Yeah, 220 00:13:26,770 --> 00:13:28,240 I may have that pass. 221 00:13:31,490 --> 00:13:34,274 I think we're on the same one. Well, when someone tells you who they are, 222 00:13:34,312 --> 00:13:37,700 believe them, and then when they tell you again, believe them again. 223 00:13:38,390 --> 00:13:42,114 Yes. That's my concern with these 224 00:13:42,152 --> 00:13:45,650 password vaults, is that you are putting all your eggs in one basket, 225 00:13:45,730 --> 00:13:49,414 and you don't have two arguments, really. You 226 00:13:49,452 --> 00:13:53,106 could use hints in your password vault instead of the passwords. 227 00:13:53,298 --> 00:13:56,440 It's less convenient, and therefore it works. 228 00:13:56,810 --> 00:14:00,520 But that means you still have to use long passwords. So you might have 229 00:14:01,770 --> 00:14:05,334 zip codes and phone numbers and favorite words and favorite 230 00:14:05,382 --> 00:14:08,426 songs and you know what you're going to pull out of them. You'd still have 231 00:14:08,448 --> 00:14:12,266 to have that cognitive presence to understand, but you can put hints 232 00:14:12,298 --> 00:14:15,982 in them and then that'll let you get to where you need to be. 233 00:14:16,116 --> 00:14:19,040 A friend of mine would put incorrect information 234 00:14:19,810 --> 00:14:23,582 in it. Right. And he would know that's what it's same principle. 235 00:14:23,646 --> 00:14:27,170 Exactly. Yeah. That is just 236 00:14:27,240 --> 00:14:30,910 intriguing. So, quick question. Scrambled up symbols, 237 00:14:30,990 --> 00:14:32,820 letters and stuff, or. 238 00:14:34,550 --> 00:14:38,110 Better, longer the better complexity. So okay. 239 00:14:38,200 --> 00:14:41,942 At our office, we break in at companies all the time legally. Right. 240 00:14:42,076 --> 00:14:44,440 I'm going to keep adding that, Patrick, just for the 241 00:14:47,130 --> 00:14:50,866 thank you. So when we find a hash so a hash is a representation 242 00:14:50,978 --> 00:14:54,570 of a password or an account on a particular system. It's not the actual 243 00:14:54,640 --> 00:14:58,186 password. We need to crack it. We need to go and figure out, okay, well, 244 00:14:58,288 --> 00:15:02,010 does the word book match to this hash? No. Does the word car match? 245 00:15:02,080 --> 00:15:05,566 This is a brute force technique. We're not able to reverse it, but we can 246 00:15:05,588 --> 00:15:09,438 brute force it. Right. And so in doing that, we have a crack cluster at 247 00:15:09,444 --> 00:15:13,198 the office. So you know the 30, 90 video cards that you might have in 248 00:15:13,204 --> 00:15:16,626 your computer? We have a crack cluster that has like 40 of them all in 249 00:15:16,648 --> 00:15:20,222 one motherboard. So we can guess 3 billion 250 00:15:20,286 --> 00:15:23,586 passwords a second. Wow. Yeah. So if 251 00:15:23,608 --> 00:15:26,818 you take a normal hash, we're 252 00:15:26,834 --> 00:15:30,310 guessing let's say we're only doing 253 00:15:30,380 --> 00:15:34,022 lowercase characters, it's 26 characters. And let's say 254 00:15:34,076 --> 00:15:37,782 at ten character password, it takes us a day. Right? Well, 255 00:15:37,836 --> 00:15:41,306 at eleven characters, it's a day times 26. Now we're at about a 256 00:15:41,328 --> 00:15:44,682 month. At twelve Characters it's a month times 257 00:15:44,736 --> 00:15:48,342 26. Now we're at a little over two years for twelve characters. 258 00:15:48,406 --> 00:15:51,866 Now let's do one thing. So we also have a 259 00:15:51,888 --> 00:15:55,266 dictionary file with 8.4 billion 260 00:15:55,318 --> 00:15:58,954 passwords that have been found on the Internet through over the last breach. 261 00:15:59,002 --> 00:16:02,078 Ten years. Over the last ten years. If your password is in that, we'll get 262 00:16:02,084 --> 00:16:05,454 it in 3 seconds. Right. Because we can get so we also. Have to talk 263 00:16:05,492 --> 00:16:08,580 about that after. Yes, for sure. 264 00:16:10,470 --> 00:16:14,114 And to be clear, passwords are better. And to be clear, you're doing this 265 00:16:14,152 --> 00:16:17,806 offline. Right. It's not like somebody's listening. You're not like hitting the login 266 00:16:17,838 --> 00:16:21,458 page and clicking that a billion times. Let me give you stolen the hash. 267 00:16:21,554 --> 00:16:25,350 Okay. Yeah. So good example, because that's a great question, Frank. So let's say 268 00:16:25,420 --> 00:16:28,438 I'm trying to break into your Wi Fi. Now, there's a couple of ways to 269 00:16:28,444 --> 00:16:31,934 do that. One is to try to break into your Wi Fi 270 00:16:32,002 --> 00:16:35,606 system because you've allowed a remote administration, which you shouldn't 271 00:16:35,638 --> 00:16:39,338 do. And then I have to guess the password, and I might be able to 272 00:16:39,344 --> 00:16:42,894 get that to accept 1000 attempts per 273 00:16:42,932 --> 00:16:46,666 minute, maybe more, but I'm 274 00:16:46,698 --> 00:16:50,174 still throttled by having to send it, having to receive it. It 275 00:16:50,212 --> 00:16:53,582 processing. And some of those things are going to be slow. But if I can 276 00:16:53,636 --> 00:16:57,074 monitor the airwaves, which I can if I'm local to you and I 277 00:16:57,112 --> 00:17:00,626 get the hash through going through the air to 278 00:17:00,648 --> 00:17:04,482 someone's phone, which we will get, then we can take that home 279 00:17:04,536 --> 00:17:07,506 and we can brute force it in the comfort of our own systems. And that's 280 00:17:07,538 --> 00:17:11,174 offline hacking. So online attacks are harder to do 281 00:17:11,212 --> 00:17:14,760 because you can't get the speed, you can't parallelize them them 282 00:17:15,530 --> 00:17:19,174 parallelize them as easily. But the ones where we can do 283 00:17:19,212 --> 00:17:22,330 offline, we can do those much faster and much more powerfully. 284 00:17:23,150 --> 00:17:26,938 There are cool ways, though, to do online ones. Okay. Really? 285 00:17:27,104 --> 00:17:30,778 Yeah. Okay, real quick, you know how you try and log into a 286 00:17:30,784 --> 00:17:33,258 website and if you log in with the wrong password five times it kind of 287 00:17:33,264 --> 00:17:36,698 locks you out for a period of time? Sure. So what they're doing is they're 288 00:17:36,714 --> 00:17:39,726 saying five times from that one IP address. So what if you could have an 289 00:17:39,748 --> 00:17:43,310 infinite amount of IP addresses, which is what 290 00:17:43,380 --> 00:17:47,154 Azure and AWS will give you. So you can actually route every 291 00:17:47,192 --> 00:17:50,706 password attempt through AWS, for example, and get a new 292 00:17:50,728 --> 00:17:54,146 IP address every single time. You can do thousands, but you're still. Throttled by how 293 00:17:54,168 --> 00:17:57,686 fast it can reply. And it probably can't reply 3 billion. Not as fast as 294 00:17:57,708 --> 00:18:01,174 an offline crack. Exactly. But it can be. I'm just saying won't at some point 295 00:18:01,212 --> 00:18:04,966 AWS or Azure kind of like figure. Out you would think. You 296 00:18:04,988 --> 00:18:08,774 would think. Okay, no, interesting. So it's a game 297 00:18:08,812 --> 00:18:12,346 of cat and mouse. They're dealing with amazing amounts of 298 00:18:12,368 --> 00:18:16,186 traffic. Eventually, maybe there'll be an AI that helps, but then we'll use our 299 00:18:16,208 --> 00:18:19,622 AI to fight it and it'll be and. Then the Robot Wars. 300 00:18:19,686 --> 00:18:23,466 And I would imagine that Microsoft has bigger fish 301 00:18:23,498 --> 00:18:27,258 to fry and AWS has. Bigger fish to fry. Problem is, if you're 302 00:18:27,274 --> 00:18:31,066 not using Amazon, you just use a botnet and then there's 303 00:18:31,098 --> 00:18:34,670 no limitation on that. I got you. Right. And for 304 00:18:34,740 --> 00:18:37,698 the education of our audience, just in case you may have heard it in the 305 00:18:37,704 --> 00:18:41,314 news, what exactly is a botnet? I think I know what it is, 306 00:18:41,352 --> 00:18:45,054 but I want to hear it straight. From the when hackers take over systems, 307 00:18:45,102 --> 00:18:48,226 they can do various things with them. They can ransomware them, they can steal your 308 00:18:48,248 --> 00:18:51,846 personal information and do identity theft and credential theft. But they can 309 00:18:51,868 --> 00:18:55,478 also just turn your computer into one of their slaves and it'll be a 310 00:18:55,484 --> 00:18:59,046 zombie in their army. And they get 100,000 of these systems. They could do 311 00:18:59,068 --> 00:19:02,726 Denial of Service, they can rent them out. Think of 312 00:19:02,748 --> 00:19:06,586 Coin, I think was a thing for a while. Yeah. And honestly, what's interesting, 313 00:19:06,688 --> 00:19:10,226 talking about data trends, you start to see ransomware 314 00:19:10,278 --> 00:19:13,946 attacks on systems go up when bitcoin's 315 00:19:13,978 --> 00:19:17,674 value goes down. So if it's 316 00:19:17,722 --> 00:19:21,354 more advantageous for you to use those systems to mine 317 00:19:21,402 --> 00:19:24,890 coins, that's what they do. But when it's not, then they just switch over to 318 00:19:24,900 --> 00:19:27,906 ransomware and they start making more money that way. So you keep an eye on 319 00:19:27,928 --> 00:19:31,060 that market and, you'll know interesting. Yeah, 320 00:19:31,510 --> 00:19:35,170 interesting. So they make money, whoever they are, 321 00:19:35,240 --> 00:19:38,886 they make money on the way up. One way or 322 00:19:38,908 --> 00:19:42,582 another. Yeah, exactly. Right. You have to admire they're business 323 00:19:42,636 --> 00:19:46,454 savvy. Oh, it's impressive. You shouldn't, but you 324 00:19:46,492 --> 00:19:50,114 can rent a botnet, rent a ransomware framework. 325 00:19:50,242 --> 00:19:54,058 So let's talk about one thing. There's different levels of threats. So the 326 00:19:54,064 --> 00:19:57,866 kid that's walking through the parking lot trying car doors to steal stuff out of 327 00:19:57,888 --> 00:20:01,146 a car is not as much of a threat as the professional who knows how 328 00:20:01,168 --> 00:20:04,954 to break into a vault. And there's 329 00:20:05,002 --> 00:20:08,778 fewer of that latter than there are of the former. So what you're 330 00:20:08,794 --> 00:20:12,446 trying to do is you're trying to build up enough defense that the threats that 331 00:20:12,468 --> 00:20:15,922 are likely to come your way are going to be thwarted. You can't stop 332 00:20:15,976 --> 00:20:19,694 everything if Dwayne comes after you, I can confidently 333 00:20:19,742 --> 00:20:23,394 say we're getting you because that's what we 334 00:20:23,432 --> 00:20:27,218 do. And we're not script kitties. We're not amateurs, and we have a lot 335 00:20:27,224 --> 00:20:30,374 of capabilities, a lot of software. Some of the software packets we use cost 336 00:20:30,412 --> 00:20:34,114 $60,000 a year. Wow. Hackers sitting in their basement 337 00:20:34,162 --> 00:20:37,946 aren't doing that. We're a different level of organization. But you 338 00:20:37,968 --> 00:20:41,722 want to prepare for the highest level you can so that things 339 00:20:41,776 --> 00:20:45,562 bounce off you. Isn't that referred to as 340 00:20:45,616 --> 00:20:49,446 advanced persistent threats? Yeah, we would represent 341 00:20:49,478 --> 00:20:53,114 an advanced persistent threat because we can do things and 342 00:20:53,152 --> 00:20:56,906 spin up resources that aren't available at the lower levels. The lower levels 343 00:20:56,938 --> 00:21:00,526 are like kids in high school that are just 344 00:21:00,708 --> 00:21:04,526 trying to make a name for themselves. And then there's the we 345 00:21:04,548 --> 00:21:08,338 actually have a slide called the Pyramid of Threats that goes through all this. And 346 00:21:08,504 --> 00:21:12,114 the next level would be basically a 347 00:21:12,152 --> 00:21:15,906 stalker, technical stalker, somebody who's a little bit of a techie and is mad at 348 00:21:15,928 --> 00:21:19,674 you and comes after you. That's very personal. Kim Jong 349 00:21:19,742 --> 00:21:21,750 UN is probably not your stalker. 350 00:21:23,130 --> 00:21:26,886 Probably. The next level is the criminal syndicates who are just in it for the 351 00:21:26,908 --> 00:21:30,614 money, and they're going to go after the softest target they can 352 00:21:30,652 --> 00:21:33,450 find. And if you make it hard for them, they're just going to go away 353 00:21:33,520 --> 00:21:36,954 because you're not what they want. They look for another target. And then you get 354 00:21:36,992 --> 00:21:40,586 up to organizations like ours that work with enterprises and 355 00:21:40,608 --> 00:21:43,978 governments and billion dollar entities, and then you get to governments themselves, 356 00:21:44,064 --> 00:21:47,886 which, when we talk about Mitigation, we have levels of what you need 357 00:21:47,908 --> 00:21:50,718 to do to stop the script kitties and everything else. And the top, when we 358 00:21:50,724 --> 00:21:53,760 get to nation states, it's prayer. Yeah. There's not much. 359 00:21:55,510 --> 00:21:59,214 That'S perfect. Yeah. What's fascinating, 360 00:21:59,262 --> 00:22:02,786 though, is I remember reading Bruce Schneier wrote a book on 361 00:22:02,808 --> 00:22:06,286 cryptography, which is probably still a vaunted 362 00:22:06,398 --> 00:22:09,702 tome, but I remember one of the things 363 00:22:09,756 --> 00:22:13,446 was he didn't say exactly what you said, but he 364 00:22:13,468 --> 00:22:17,286 phrased it differently. If you're talking about cryptography. There's cryptography to keep your little 365 00:22:17,308 --> 00:22:20,986 sister out of it, and there's cryptography to keep nation states out of it. And 366 00:22:21,088 --> 00:22:23,210 that's a very wide spectrum. 367 00:22:25,550 --> 00:22:29,174 Even though he wasn't writing about cryptography, it sounds like the same philosophy 368 00:22:29,222 --> 00:22:32,646 holds true. There's also a duration aspect. So if I'm firing 369 00:22:32,678 --> 00:22:36,046 artillery at you, I need the coordinates those are going to land at to be 370 00:22:36,068 --> 00:22:39,626 secret for about two minutes, and then after that, it doesn't matter. Then it doesn't 371 00:22:39,658 --> 00:22:43,406 matter. Right. But if it's nuclear missile silo locations, I need that 372 00:22:43,428 --> 00:22:47,186 for decades. Or mineral depots or things 373 00:22:47,208 --> 00:22:50,734 like that. So there's a time duration that also. Factors 374 00:22:50,782 --> 00:22:54,318 in which actually, I think is a good topic of something else I'm 375 00:22:54,334 --> 00:22:57,990 fascinated with is quantum computing. And I know that 376 00:22:58,140 --> 00:23:00,966 you're laughing, so that I know there's a good story behind this. I have a 377 00:23:00,988 --> 00:23:04,600 podcast on quantum computing called Things, and 378 00:23:05,370 --> 00:23:08,360 it's the only topic that shuts Dwayne up. 379 00:23:09,130 --> 00:23:12,194 I'm going to go do something else now. So that's why I saw the eye 380 00:23:12,242 --> 00:23:15,914 roll and then you were laughing. Okay. So the reason why 381 00:23:15,952 --> 00:23:19,706 people are kind of because in the security space and in the government, there's this 382 00:23:19,728 --> 00:23:23,454 whole thing of how do we get post? Yeah. Shore's law. 383 00:23:23,492 --> 00:23:26,954 So Shore wrote this algorithm that could theoretically 384 00:23:27,002 --> 00:23:30,640 break how we do 385 00:23:31,250 --> 00:23:34,834 cryptography now is largely based on it's hard 386 00:23:34,872 --> 00:23:38,322 to reverse factor prime numbers. It's the discrete log 387 00:23:38,376 --> 00:23:41,726 problem. Right. Which underlies RSA, 388 00:23:41,838 --> 00:23:45,346 diffie hellman and elliptical curve. Oh, 389 00:23:45,368 --> 00:23:48,502 elliptical curve, too. Yeah. I thought that was meant to be post. 390 00:23:48,636 --> 00:23:52,406 Okay, well, they thought so, not so much. Oh, is this the one that 391 00:23:52,428 --> 00:23:55,826 was broken? And don't worry, listeners, we'll unpack 392 00:23:55,858 --> 00:23:59,078 this. That was the NIST psych. It was an 393 00:23:59,084 --> 00:24:02,934 implementation break. So if I can just give a quick 394 00:24:02,972 --> 00:24:06,522 reel. No, please do. There's a lot to unpack here, particularly. For folks that are 395 00:24:06,576 --> 00:24:10,300 I'm not an. Expert, but I've got a podcast for the last two years on 396 00:24:10,670 --> 00:24:14,366 quantum computing called Entangled Things, and it's a great 397 00:24:14,388 --> 00:24:18,234 way to learn a topic really well. I took the MIT courses. 398 00:24:18,362 --> 00:24:21,838 Peter Short was one of the professors, and so he came up with a 399 00:24:21,844 --> 00:24:25,394 way if we had a suitably advanced quantum computer, we could 400 00:24:25,432 --> 00:24:29,278 break RSA 2048 or RSA anything. Diffie 401 00:24:29,294 --> 00:24:32,450 helman and elliptical curve. Now, those aren't our 402 00:24:32,520 --> 00:24:36,286 primary symmetric encryption 403 00:24:36,318 --> 00:24:40,118 protocols. Those are our primary asymmetric encryption protocols. So those are 404 00:24:40,124 --> 00:24:43,718 the protocols we use to share the key that then does all the 405 00:24:43,724 --> 00:24:47,094 encryption. Because files and large amounts of data can't be 406 00:24:47,132 --> 00:24:50,966 encrypted with an asymmetric key, it has to use symmetric. But 407 00:24:50,988 --> 00:24:54,426 how do you share that key? Well, that's where the asymmetric comes in. And so 408 00:24:54,448 --> 00:24:58,154 it's the key to the key drawer is really what it is. And 409 00:24:58,192 --> 00:25:01,830 so if those all break, then we need replacements. 410 00:25:01,910 --> 00:25:05,214 And NIST, which is one of the reasons I'm a big fan, has come out 411 00:25:05,252 --> 00:25:08,942 with basically, they did a Bake off over the last five, 412 00:25:08,996 --> 00:25:12,654 six years to figure out which algorithms would not be 413 00:25:12,692 --> 00:25:15,520 quantum based, but would be quantum resistant. And 414 00:25:17,250 --> 00:25:20,926 Crystals.org has crystals, kyber crystals, 415 00:25:20,958 --> 00:25:23,860 dilithium. So you got to love the techies, right? 416 00:25:25,190 --> 00:25:28,618 It looks like those kinds 417 00:25:28,654 --> 00:25:32,374 of technologies are in our future as well as when 418 00:25:32,412 --> 00:25:36,086 quantum finally arrives. The problem is no one knows when quantum will actually be 419 00:25:36,108 --> 00:25:39,494 ready. And that's the sticking point. Is it the end of this decade? Is it 420 00:25:39,532 --> 00:25:43,078 three decades? I think it's closer to the end of this decade, but we don't 421 00:25:43,094 --> 00:25:46,602 know because we're in the middle of the infancy of quantum. But 422 00:25:46,736 --> 00:25:50,542 the computers do exist now. But the point you're doing about 423 00:25:50,596 --> 00:25:53,790 time, right? So if you need something to be secure for decades, 424 00:25:54,290 --> 00:25:57,822 right now is the time to at least 425 00:25:57,876 --> 00:26:01,406 try with post quantum cryptography. Because and 426 00:26:01,428 --> 00:26:04,958 supposedly there are stories that there are bad actors 427 00:26:05,134 --> 00:26:08,740 out there storing stuff, storing data 428 00:26:09,350 --> 00:26:13,186 for later. That's what's motivating. Honestly, that's where 429 00:26:13,208 --> 00:26:17,046 a lot of the money is coming from for quantum computing, is 430 00:26:17,068 --> 00:26:20,918 because of this threat, nothing funds like 431 00:26:21,004 --> 00:26:24,674 defense. So this has turned quantum into a defense 432 00:26:24,722 --> 00:26:28,326 spending among the primary powers. But it also solves a lot of 433 00:26:28,348 --> 00:26:32,118 problems, does a lot of other things. So speaking of geeky stuff, there's 434 00:26:32,134 --> 00:26:35,914 a quote from one of the Ferengi characters on Deep Space Nine, and 435 00:26:35,952 --> 00:26:39,674 it's something to the effect quark. Yeah, it 436 00:26:39,872 --> 00:26:42,579 might even be one of the Rules of Acquisition, but it was basically something to 437 00:26:42,579 --> 00:26:45,070 the effect of no one ever went broke selling weapons. 438 00:26:46,450 --> 00:26:50,030 I have that book somewhere on this bookshelf. I have that too. That's an awesome 439 00:26:50,100 --> 00:26:53,678 book. Yeah, not wrong. I highly recommend that book. I don't know if 440 00:26:53,684 --> 00:26:57,374 it's print, but. The other thing I'd say about quantum, and I bring 441 00:26:57,412 --> 00:27:00,846 this up every now and then, we have a podcast called Impact 442 00:27:00,878 --> 00:27:03,954 Quantum as well. We've been doing it about a year and a half, two years. 443 00:27:03,992 --> 00:27:07,366 So it sounds like we started around the same time. Wow. But it's interesting 444 00:27:07,468 --> 00:27:11,062 spinning around in the corner in all of this is as 445 00:27:11,116 --> 00:27:14,226 they run simulations to try and simulate 446 00:27:14,258 --> 00:27:17,766 Quantum every six months or so, they go, oh 447 00:27:17,868 --> 00:27:21,674 man, we can take this problem. That was going to take 100,000 years 448 00:27:21,712 --> 00:27:25,180 on traditional hardware. Now we can do it in a couple of months. 449 00:27:25,710 --> 00:27:29,226 They keep finding these optimizations, I guess. 450 00:27:29,328 --> 00:27:33,018 And so it's like without meaning to be here already, 451 00:27:33,104 --> 00:27:36,462 quantum is kind of sneaking in. It certainly 452 00:27:36,516 --> 00:27:40,366 is. And I think we've just hijacked the podcast here. I 453 00:27:40,388 --> 00:27:44,238 know, right? Yeah, it's all good. All these things are. So one 454 00:27:44,244 --> 00:27:47,458 of my favorite shows of all time, aside from D Space Nine, of 455 00:27:47,464 --> 00:27:51,218 course, is there was this British television series called, I think 456 00:27:51,224 --> 00:27:55,058 was Connections. Yeah. And I think it 457 00:27:55,064 --> 00:27:58,866 was with the guy who's done a bunch of documentaries, or it was 458 00:27:58,888 --> 00:28:02,470 the guy who played a James Bond villain at one point, I forget. But 459 00:28:02,620 --> 00:28:06,438 they would basically try to connect. I'm. Going to get a lot of 460 00:28:06,444 --> 00:28:10,158 hate mail on that one because I'm totally messy. 461 00:28:10,194 --> 00:28:13,914 1978 TV series. This guy, he had a bunch of 462 00:28:13,952 --> 00:28:17,786 James Burke. James Burke. You're right. Yes. But he looks like a 463 00:28:17,808 --> 00:28:21,658 guy that would play he was also in Game of 464 00:28:21,664 --> 00:28:25,482 Thrones, looks like a mad scientist. But 465 00:28:25,536 --> 00:28:29,338 he had a number of shows from the 70s into the don't know if there's 466 00:28:29,354 --> 00:28:33,166 any newer ones, but you basically show how the way 467 00:28:33,188 --> 00:28:36,126 we learn about anything right. Is a very siloed right. You have English class, you 468 00:28:36,148 --> 00:28:39,966 have math class, and then you put your brain 469 00:28:39,998 --> 00:28:42,754 on part of your brain on the shelf. But he kind of shows how one 470 00:28:42,792 --> 00:28:46,526 particular one that stuck out was the connection between perfumes 471 00:28:46,638 --> 00:28:50,230 and the carburetor. And that's awesome. 472 00:28:50,380 --> 00:28:53,480 The spoiler alert was the Atomizer for the 473 00:28:54,090 --> 00:28:57,846 carburetor came from. But there was a whole connection of 474 00:28:57,868 --> 00:29:01,286 people that knew each other, who knew each other, just like today. They didn't have 475 00:29:01,308 --> 00:29:05,098 LinkedIn then, but you would always have these second and third connections that you 476 00:29:05,104 --> 00:29:08,694 would meet at a cocktail party or ballroom dance, 477 00:29:08,742 --> 00:29:12,470 depending on the time period. And it was just interesting how these ideas would intermingle. 478 00:29:12,550 --> 00:29:15,962 Another story I like that kind of illustrates that, is that apparently there's some cafe 479 00:29:16,026 --> 00:29:19,674 in Vienna where Freud would hang out, einstein 480 00:29:19,722 --> 00:29:23,214 would hang out, and so would Vladimir Lenin hang out from time 481 00:29:23,252 --> 00:29:26,834 to they did they have conversations with each 482 00:29:26,872 --> 00:29:29,886 other? I don't know. But just the fact that they were in the same coffee 483 00:29:29,918 --> 00:29:33,060 shop around the same time opens up the thing of 484 00:29:36,330 --> 00:29:39,766 did Einstein say to Freud, like, hey, can you pass the sugar? And 485 00:29:39,788 --> 00:29:43,160 then, you know, that's what your mom said, or something 486 00:29:44,410 --> 00:29:46,040 like stupid stuff like 487 00:29:49,530 --> 00:29:52,650 or or Lenin would have said, is it really your sugar? 488 00:29:54,670 --> 00:29:58,410 But you have to wonder. These little type of chance 489 00:29:58,480 --> 00:30:02,326 encounters, those are the types of things that the thought of which fascinate 490 00:30:02,358 --> 00:30:05,834 me. Yeah. It is impressive how some of the modern 491 00:30:05,882 --> 00:30:09,646 day, you think brilliant inventions, and when you unpack them, you're like, 492 00:30:09,668 --> 00:30:12,862 it was a lot of little steps and a lot of weird connections that happened 493 00:30:12,916 --> 00:30:16,754 that brought this thing about, right? Yeah. And Quantum to me, is still 494 00:30:16,872 --> 00:30:20,702 mind blowing. I'm working on breaking into conventional systems 495 00:30:20,766 --> 00:30:24,226 for now. I'll break into Quantum systems later. Well, yeah, I mean, 496 00:30:24,248 --> 00:30:26,390 eventually anything can be broken, 497 00:30:29,050 --> 00:30:32,786 apparently. You can watch the movie War Games, and War Games 498 00:30:32,818 --> 00:30:36,450 came out at 83. I would have been impressionable young youth, 499 00:30:36,530 --> 00:30:40,238 and I was just fascinated by that movie. And there's a scene 500 00:30:40,274 --> 00:30:43,846 in there where he smugly turns to I guess it would have been Ali. Sheedy 501 00:30:43,878 --> 00:30:45,210 like, anything could be broken. 502 00:30:48,190 --> 00:30:51,258 Like, if nothing has ever been such a 503 00:30:51,344 --> 00:30:55,006 timeless, a just existing is kind of like a 504 00:30:55,028 --> 00:30:58,730 vulnerability. I'm telling you, those movies 505 00:30:58,890 --> 00:31:02,510 all right, how many of you are fans of Sneakers? Oh, 506 00:31:02,580 --> 00:31:05,970 yeah. Well, that wasn't Robert Redford. 507 00:31:06,310 --> 00:31:09,746 Yeah, that was the one where I. Was like, okay, if there's a job in 508 00:31:09,768 --> 00:31:13,460 the real world to do that, that's what I want to do. 509 00:31:13,830 --> 00:31:17,278 Social engineering, right? That was the first time I saw it. Oh, my 510 00:31:17,304 --> 00:31:20,834 gosh, I just love that. Movie because it showed, 511 00:31:20,882 --> 00:31:24,566 like it's not just the obvious, right? Like the thing where the 512 00:31:24,588 --> 00:31:27,682 guy who was blind was playing back with tape 513 00:31:27,826 --> 00:31:31,414 whistler was playing, like, the tape. Okay, well, what did the road sound 514 00:31:31,452 --> 00:31:34,586 like? And he goes, he described he goes, did it sound like this? I was 515 00:31:34,608 --> 00:31:36,906 like, no, a little slower. Oh my God. I was like, So you were on 516 00:31:36,928 --> 00:31:40,666 that highway? It was just like but that was one of those 517 00:31:40,688 --> 00:31:44,460 moments where you're like, wow, holy crap. That sort of thing possible. 518 00:31:45,550 --> 00:31:49,038 Where he's listening to neon signs as they're moving the mic around, and he's like, 519 00:31:49,044 --> 00:31:52,574 no, that's an exit sign. And they're like, Dwayne, do you want. To talk about 520 00:31:52,612 --> 00:31:56,318 the way you hack a database without actually reading any of the 521 00:31:56,324 --> 00:31:59,566 data? So awesome. Based on denials. Have you guys ever heard of blind 522 00:31:59,598 --> 00:32:03,438 injection? No? Okay. Blind injection is the coolest thing ever. So let's 523 00:32:03,454 --> 00:32:07,234 say we go to a website and it's blackmagic, it's like 524 00:32:07,272 --> 00:32:10,418 voodoo stuff. You go to a website and let's say in the website, all you 525 00:32:10,424 --> 00:32:12,946 can do is you have a little drop down and you can change the language 526 00:32:12,978 --> 00:32:16,534 of the website. And that's it. That's all you can do. No login screen? No 527 00:32:16,572 --> 00:32:20,406 none of that stuff. But in that drop down, as a website owner, you 528 00:32:20,428 --> 00:32:24,250 keep adding languages. So you add French and you add Spanish and you add whatever, 529 00:32:24,320 --> 00:32:27,994 right? So that pulls it out of a database. So what 530 00:32:28,032 --> 00:32:31,846 I can do is, even though I don't have 531 00:32:31,888 --> 00:32:35,726 the ability to inject data, I can stack the query for 532 00:32:35,748 --> 00:32:39,082 the language, and then at that point, I have the ability 533 00:32:39,146 --> 00:32:42,602 to gauge how quickly the web page comes 534 00:32:42,676 --> 00:32:45,902 back, so I can say, okay, give me the language 535 00:32:46,046 --> 00:32:49,874 Spanish. And if the first column in 536 00:32:49,912 --> 00:32:52,980 the first database is 537 00:32:53,670 --> 00:32:56,900 an A, then pause for a fraction of a second 538 00:32:57,270 --> 00:33:01,094 and the page will pause for a fraction of a second. 539 00:33:01,212 --> 00:33:04,806 So you can pull all the information out of the back end database just by 540 00:33:04,828 --> 00:33:08,566 how quickly the page comes back to you, whether it's two milliseconds 541 00:33:08,598 --> 00:33:12,426 or five milliseconds or ten milliseconds, just by blindly injecting, which 542 00:33:12,448 --> 00:33:15,610 is awesome. Yeah, that's insidious. 543 00:33:18,430 --> 00:33:22,154 The first time I heard about SQL injection was actually at a Microsoft like, 544 00:33:22,192 --> 00:33:25,646 dev days thing in New York, and they built this 545 00:33:25,668 --> 00:33:29,406 website, I might have been Channel Nine, which for our listeners, they know what 546 00:33:29,428 --> 00:33:32,802 Channel Nine is, but it was basically like a community site where they would post 547 00:33:32,856 --> 00:33:36,306 content they since killed. It rebranded it's been 548 00:33:36,328 --> 00:33:39,380 rebranded to learn. TV or something like that. But 549 00:33:40,550 --> 00:33:42,820 I was on channel nine. You were 550 00:33:44,470 --> 00:33:47,974 half microsoft flew me out to and five other 551 00:33:48,012 --> 00:33:51,766 hackers flew us out to Vegas to break into a casino and 552 00:33:51,788 --> 00:33:55,334 they did a half hour long, like breaking into 553 00:33:55,372 --> 00:33:59,110 casino. So we did injection. It was called the code room. I remember the code 554 00:33:59,180 --> 00:34:01,880 room. I got to see if they've archived that. 555 00:34:02,970 --> 00:34:06,698 We have to check it out. You're like that guy in Oceans Eleven, right? 556 00:34:06,784 --> 00:34:09,286 I'd like to say it's the only time I've ever been walked through a casino 557 00:34:09,318 --> 00:34:11,900 in handcuffs, but whatever. Anyway, 558 00:34:13,150 --> 00:34:16,140 another show. Exactly. 559 00:34:17,550 --> 00:34:20,862 No. So the same team that built Channel Nine, this would have been early 560 00:34:20,916 --> 00:34:24,414 2003, 2004, they basically 561 00:34:24,532 --> 00:34:28,226 had shown how they did this challenge, like, who can 562 00:34:28,248 --> 00:34:31,954 hack this? And basically somebody had basically said, well, your database sent 563 00:34:31,992 --> 00:34:35,762 the email back saying, know, hey, this is what your database looks like. And everybody 564 00:34:35,816 --> 00:34:39,618 at Microsoft was freaking out. And it turns out it was a SQL 565 00:34:39,634 --> 00:34:43,046 injection. But when I first heard that, my mind was blown like I never thought 566 00:34:43,068 --> 00:34:46,594 of cool. And the wife 567 00:34:46,722 --> 00:34:50,498 did nix the idea of naming our kid Little Bobby Table. Bobby 568 00:34:50,514 --> 00:34:53,746 table, right? Missed 569 00:34:53,778 --> 00:34:57,430 opportunities right there. Right? Little Bobby tables. 570 00:34:59,890 --> 00:35:02,862 Which if you don't know that story, you have to Google it because the 571 00:35:02,996 --> 00:35:06,282 Xkcd cartoon does it. Those are excellent. 572 00:35:06,346 --> 00:35:09,200 Brilliant. One of many. 573 00:35:10,370 --> 00:35:11,680 So this is awesome. 574 00:35:13,990 --> 00:35:17,486 We've talked about OSINT, but there are other disciplines in this. Oh, there's, there's, there's 575 00:35:17,518 --> 00:35:20,370 Red Team, Blue Team, pen testing, 576 00:35:21,190 --> 00:35:24,990 auditing, auditing, CNA 577 00:35:25,150 --> 00:35:28,942 certification, accreditation. Being a good developer. OSCPs. 578 00:35:29,006 --> 00:35:32,806 Oh, yeah. Just not being a bad developer using oh my God. Well, 579 00:35:32,828 --> 00:35:36,520 that's really true. 580 00:35:38,250 --> 00:35:41,634 Oh, Patrick. You froze Patrick. I think we lost him. We lost 581 00:35:41,682 --> 00:35:45,242 him. So while we're hoping his video 582 00:35:45,296 --> 00:35:48,842 comes back, I will tell you a joke that 583 00:35:48,896 --> 00:35:52,460 because when my first child, I think I'm back. 584 00:35:52,990 --> 00:35:56,702 You are back. So think about building a house. And then 585 00:35:56,756 --> 00:36:00,606 afterwards you say, okay, now secure it. You got to replace all the 586 00:36:00,628 --> 00:36:04,446 doors. You got to think about Windows. Now, it's much more expensive when 587 00:36:04,468 --> 00:36:08,210 you build anything, whether it's hardware, software, or anything, 588 00:36:08,280 --> 00:36:11,826 if you start with security in mind, it's much cheaper. And so really, security is 589 00:36:11,848 --> 00:36:14,766 a job for everybody. Data architects, SQL 590 00:36:14,798 --> 00:36:18,494 administrators, network, file systems, Nas 591 00:36:18,542 --> 00:36:22,246 administrators, everyone. And then there's the ones who are just thinking about 592 00:36:22,268 --> 00:36:24,806 security all the time. But we have to make it pervasive. We have to make 593 00:36:24,828 --> 00:36:28,562 everybody think about it. Well, I mean, that's a good point, because there's 594 00:36:28,626 --> 00:36:32,378 an acquaintance of my wife who does I forget what it's called, but it 595 00:36:32,384 --> 00:36:35,754 was basically physical security. He does all kinds of security, but one of the things 596 00:36:35,792 --> 00:36:39,578 that he does is more like the stuff you would see 597 00:36:39,584 --> 00:36:43,018 in movies where they follow people. They kind of 598 00:36:43,024 --> 00:36:46,734 do kind of like the lock picking and the lock picking, stuff 599 00:36:46,772 --> 00:36:50,558 like that. There's actually a video on it might have 600 00:36:50,564 --> 00:36:54,094 been from Defcon where breaking into like 50 601 00:36:54,132 --> 00:36:57,762 places in 50 days or something like that. But 602 00:36:57,816 --> 00:37:01,394 I was talking to this acquaintance of my wife and no 603 00:37:01,432 --> 00:37:04,990 names, but he basically that's one of the jobs that he 604 00:37:05,000 --> 00:37:07,320 does. He's contracted to do that. And 605 00:37:08,810 --> 00:37:12,614 he'll get some interesting things where they 606 00:37:12,652 --> 00:37:15,830 have some really good stories. This guy. This guy's. Stories. So one story 607 00:37:15,900 --> 00:37:19,386 was he's testing out a new data center for 608 00:37:19,568 --> 00:37:23,366 someone, and they want to test the security. And he's 609 00:37:23,398 --> 00:37:27,180 like, okay. Takes a look around outside, he walks in and he goes 610 00:37:28,430 --> 00:37:31,854 and the customer says, well, when do we start to test? And he goes, has 611 00:37:31,892 --> 00:37:35,566 the paperwork been signed? He goes, yeah. So he looks at this 612 00:37:35,588 --> 00:37:38,830 bulletproof door, and then he's got these giant 613 00:37:40,130 --> 00:37:43,966 boots. That's what he always wears, these giant boots. And he just basically looks 614 00:37:43,988 --> 00:37:47,266 around. He goes, and the paperwork signed, right? He talked to the lawyer who was 615 00:37:47,288 --> 00:37:50,962 there. He goes, yes. Paperwork signed. And he turns to the customer 616 00:37:51,016 --> 00:37:54,050 once again, he goes, Are you sure you want to do this? They're like, absolutely. 617 00:37:54,200 --> 00:37:57,874 We're secure. We'll get it. And then he does and he does this, like, karate 618 00:37:57,922 --> 00:38:01,318 kick, and he's a big guy. Basically knocks down the 619 00:38:01,324 --> 00:38:05,174 bulletproof door. Oh, my God. Because the bulletproof door was not on 620 00:38:05,292 --> 00:38:08,746 reinforced hinges. Sure, but it was just kind of. 621 00:38:08,768 --> 00:38:11,820 Like the description that he gives of 622 00:38:12,270 --> 00:38:16,026 whoever was the chief security officer's face just blew color drained from 623 00:38:16,048 --> 00:38:19,500 his face. We've done physical security and seen 624 00:38:19,970 --> 00:38:23,658 bulletproof systems where they were installed backwards 625 00:38:23,754 --> 00:38:27,040 so that people attacking could have taken it out. 626 00:38:29,890 --> 00:38:33,326 Because the hinges you have to think about where the hinges are and where the 627 00:38:33,348 --> 00:38:36,000 nuts so when you disassemble it. 628 00:38:38,690 --> 00:38:42,386 We lost them again. Oh, no. Sadness. I want to know how 629 00:38:42,408 --> 00:38:43,250 it ends. 630 00:38:45,910 --> 00:38:49,266 So while we wait for him, there's this TV show called Burn 631 00:38:49,298 --> 00:38:52,550 Notice, which always has some oh, I love Burn Notice. 632 00:38:52,890 --> 00:38:55,954 It's one of my favorite shows. Yeah, well, the one where the drug 633 00:38:56,002 --> 00:38:59,606 dealer and I love how he does like the voiceover. He 634 00:38:59,628 --> 00:39:03,030 goes, this drug dealer has a bulletproof angel. 635 00:39:03,190 --> 00:39:06,966 Angel. That's right. Sugar. Sugar. Sugar. It was sugar. He lived downstairs 636 00:39:06,998 --> 00:39:10,778 from him. He shot the door. He shot through the door. The wall. The 637 00:39:10,784 --> 00:39:14,570 wall. No, the wall. He's like, yeah, but there's not bulletproof drywall. 638 00:39:14,650 --> 00:39:18,074 The way he says it was funny. Yeah, I highly 639 00:39:18,122 --> 00:39:21,854 recommend I forget what service it's on, but I discovered it because 640 00:39:21,892 --> 00:39:25,534 it was on Pluto. They had a channel that was just burned. Notice. 641 00:39:25,582 --> 00:39:29,010 Twenty four seven. And then like 7 hours later I was like, oh, my God, 642 00:39:29,080 --> 00:39:32,020 7 hours. It's that good of a show. 643 00:39:34,630 --> 00:39:38,434 So you were talking about the before you froze up, you were 644 00:39:38,472 --> 00:39:41,890 talking about the hinges. 645 00:39:43,510 --> 00:39:46,802 Oh, I'm sorry. I don't know what's going on with my Internet connection. I apologize. 646 00:39:46,866 --> 00:39:49,530 No worries. You're probably in the middle of a hack. 647 00:39:51,470 --> 00:39:54,780 Dwayne is actually hacking. Yeah. Let me stop. Hold on. 648 00:39:55,310 --> 00:39:59,094 So my password is 54 characters long because he kept telling me what my password 649 00:39:59,142 --> 00:40:02,282 was in the Smarmiest voice 650 00:40:02,346 --> 00:40:05,280 possible. How many years would that take to break 651 00:40:07,250 --> 00:40:10,942 all of them? More years than we all have. Until 652 00:40:10,996 --> 00:40:14,126 I get quantum computing comes up. To speed, then we're good. 653 00:40:14,228 --> 00:40:18,034 Probabilistically. Yeah, I think I was just saying 654 00:40:18,072 --> 00:40:21,714 that you got to make sure you think about where the hinges are, which 655 00:40:21,752 --> 00:40:25,006 direction they're facing and stuff like that, but it's 656 00:40:25,038 --> 00:40:28,082 mistakes. If you look at the news of the day, it's 657 00:40:28,146 --> 00:40:31,270 misconfigurations. It's social engineering, 658 00:40:32,170 --> 00:40:36,018 and it's getting more and more complex, and so we're having a tough time keeping 659 00:40:36,034 --> 00:40:39,434 up with the education, which is why podcasts like yours and ours are so 660 00:40:39,472 --> 00:40:43,260 important. No, absolutely. And you're right. Security is 661 00:40:43,870 --> 00:40:47,706 everybody's businessweek.com. I've got to 662 00:40:47,728 --> 00:40:49,500 check that out. And you got the. 663 00:40:52,290 --> 00:40:55,566 Oh, my God. You need a we did it. Yeah, 664 00:40:55,588 --> 00:40:56,160 we. 665 00:41:00,850 --> 00:41:04,526 Were talking about you were talking about the physical security part. I did a little 666 00:41:04,548 --> 00:41:08,338 bit of that back in one day. You were in the military, so you 667 00:41:08,344 --> 00:41:12,018 did a lot of the back. Yeah, think about it. At least 668 00:41:12,184 --> 00:41:15,380 the National Guard stuff. But it was interesting because 669 00:41:16,230 --> 00:41:19,958 being in Virginia and working with a little bit 670 00:41:19,964 --> 00:41:23,558 of physical security here, it was amped up a 671 00:41:23,564 --> 00:41:27,094 notch. Same way Frank's in Maryland. Same way in Maryland, if you are in 672 00:41:27,132 --> 00:41:30,806 driving distance of important places, you 673 00:41:30,828 --> 00:41:33,990 know that there's no need to give anybody any more ideas, 674 00:41:34,070 --> 00:41:37,914 but occasionally, somebody would 675 00:41:37,952 --> 00:41:41,626 do something clever. And the gist 676 00:41:41,658 --> 00:41:45,022 of the story, kind of the moral of the story was they didn't beat the 677 00:41:45,076 --> 00:41:47,840 electronics. No. They beat the. 678 00:41:51,890 --> 00:41:55,694 Was. And it's the same thing with social engineering. It's the same thing with 679 00:41:55,732 --> 00:41:58,738 all of this stuff. So hopefully I didn't say too much. Frank, you may have 680 00:41:58,744 --> 00:42:02,594 to take that out. I don't know. I 681 00:42:02,632 --> 00:42:05,810 live now. I was being the tomahawks on its way. Andy. 682 00:42:08,870 --> 00:42:12,302 We have the watch lies come back on, but 683 00:42:12,456 --> 00:42:15,974 no, I live up the road on Route 32 from if you know, you know, 684 00:42:16,012 --> 00:42:18,630 from places. I know from places from places 685 00:42:19,550 --> 00:42:23,226 in and around that county and the next county. There's a lot of 686 00:42:23,248 --> 00:42:27,002 office buildings know, just have no signs on them, have 687 00:42:27,136 --> 00:42:30,846 suspiciously high degrees of security, and they. Don'T like when you 688 00:42:30,868 --> 00:42:33,920 pull up unannounced. Oh, my. No. 689 00:42:34,770 --> 00:42:38,526 So right next to where the Microsoft Reston office used to be, 690 00:42:38,628 --> 00:42:41,600 there is an unmarked building with 691 00:42:42,370 --> 00:42:46,106 a high number of security. And one of my former 692 00:42:46,138 --> 00:42:49,426 bosses who drove down from Pittsburgh, his first trip to the Rest in 693 00:42:49,448 --> 00:42:53,074 office, he missed the turn, and he was trying to turn around inside that 694 00:42:53,112 --> 00:42:56,846 parking lot. Yeah, no. And yeah, he learned 695 00:42:56,878 --> 00:43:00,534 very quickly. He went back up. Severe tire. Not that 696 00:43:00,572 --> 00:43:04,326 parking. No. Well, I mean, law enforcement showed up pretty 697 00:43:04,348 --> 00:43:07,986 quickly with seconds, and they're like, what are you doing here? And he's 698 00:43:08,018 --> 00:43:11,354 like, I'm just trying to get the money. Just turn around. Like, sure you are. 699 00:43:11,472 --> 00:43:14,620 So ten years ago, my daughter was moving out of 700 00:43:15,710 --> 00:43:19,526 a place that she was renting down in Boston, right by the VA hospital. 701 00:43:19,718 --> 00:43:23,114 She was finishing her senior year of college, and I had 702 00:43:23,152 --> 00:43:26,970 a U Haul truck. And I took the U Haul truck 703 00:43:27,050 --> 00:43:30,750 and parked it in the VA parking lot because I'm a veteran, right? 704 00:43:30,820 --> 00:43:34,494 And I moved a barrier to do it because I'm a veteran. And I 705 00:43:34,532 --> 00:43:37,294 parked it. And then I went and walked through the woods to where her apartment 706 00:43:37,342 --> 00:43:40,946 was to talk to her and left my 17 year old nephew in the car. 707 00:43:41,048 --> 00:43:43,730 And the cops came, guns drawn, 708 00:43:44,550 --> 00:43:48,338 like, Open the truck. Open the truck. Oh, my goodness. Okay. And 709 00:43:48,344 --> 00:43:50,978 he opened the truck. It was empty. They're like, what are you doing here? And 710 00:43:50,984 --> 00:43:53,958 he's like, oh, my uncle. And he's like, this better not be here when I 711 00:43:53,964 --> 00:43:57,506 come back. I came back, and he's like, telling me this story. I'm like, I'll 712 00:43:57,538 --> 00:44:00,906 be fine. We're leaving now anyways. And we leave, and the cops coming back, and 713 00:44:00,928 --> 00:44:04,182 I'm like, I wave. That's funny. 714 00:44:04,246 --> 00:44:07,974 Yeah, there's a lot of good stories. My first day at Microsoft 715 00:44:08,022 --> 00:44:11,546 not my first day, but my first speaking gig, because I was doing a developer 716 00:44:11,578 --> 00:44:15,038 evangelism then was at a nondescript office building in and around the 717 00:44:15,044 --> 00:44:18,506 Bethesda area. And I've driven past 100 times, never noticed 718 00:44:18,538 --> 00:44:22,366 it. I still think 719 00:44:22,388 --> 00:44:25,866 to this day it was a hazing thing, right? I was a last minute 720 00:44:25,898 --> 00:44:29,746 replacement for somebody else, so my name wasn't on the big list. So I 721 00:44:29,768 --> 00:44:33,150 show up, and I wasn't on the big list. And then the guard 722 00:44:33,310 --> 00:44:36,180 looks at me and was like, well, 723 00:44:37,910 --> 00:44:40,450 why don't you go over there? I'm like, uhoh 724 00:44:42,890 --> 00:44:46,342 all of a sudden, out of nowhere, this normal suburban looking building 725 00:44:46,396 --> 00:44:50,120 like, armed machine guns meant it was just like, oh, my God. 726 00:44:50,650 --> 00:44:54,120 Like dogs sniffing around the car. It was crazy. 727 00:44:54,670 --> 00:44:57,786 And the guy with the heavy machine gun said to me, you want you to 728 00:44:57,808 --> 00:45:00,700 sit in the car and wait for Ain't getting out? 729 00:45:02,910 --> 00:45:05,918 And so finally, they did manage to get in a hold of somebody, but it 730 00:45:05,924 --> 00:45:09,630 was just kind of like, oh, my God. Yeah. 731 00:45:09,780 --> 00:45:13,486 So I've been drawn on at an air force base. We 732 00:45:13,508 --> 00:45:17,166 went in to do work, and I was working with I won't mention the military 733 00:45:17,198 --> 00:45:20,418 contractor, but military contractor. I wasn't cleared for the particular 734 00:45:20,504 --> 00:45:23,666 intelligence systems, but I was helping them do security 735 00:45:23,768 --> 00:45:27,266 work. So the contractor had to type, 736 00:45:27,368 --> 00:45:31,126 and I had to tell her what to type. And after two days, she's like, 737 00:45:31,148 --> 00:45:34,326 listen, I don't know what you're telling me to type anyways. Doesn't matter, right? Just 738 00:45:34,348 --> 00:45:38,086 sit down and type at the computer. I was like, okay. So I'm sitting there 739 00:45:38,108 --> 00:45:41,942 typing. After a couple of hours, she leaves. A fully uniform guy comes in 740 00:45:41,996 --> 00:45:44,822 like, what's your clearance for that system? Oh, my God. I don't have any clearance. 741 00:45:44,966 --> 00:45:48,762 Pulls his gun, pulls his gun. Is like, don't touch the key. 742 00:45:48,816 --> 00:45:51,462 Step away from that keyboard. And I was just like, I got to get shot. 743 00:45:51,526 --> 00:45:55,166 Yeah. Back up slowly. Yeah. No, that 744 00:45:55,188 --> 00:45:58,894 was probably the scariest cyber incident I've ever been 745 00:45:58,932 --> 00:46:02,334 in. Well, it's interesting because the 746 00:46:02,372 --> 00:46:05,220 cybersecurity world, I think, is really an interesting 747 00:46:05,910 --> 00:46:09,522 space for a lot of reasons, but it does blend the physical and the real, 748 00:46:09,576 --> 00:46:12,420 right. The kinetic and the virtual, as I've heard 749 00:46:13,910 --> 00:46:17,160 said. It's fascinating. Yeah. 750 00:46:17,690 --> 00:46:21,334 You know what, we didn't get to our questions. I 751 00:46:21,372 --> 00:46:24,582 know, I'm okay with that. This was an awesome 752 00:46:24,636 --> 00:46:27,926 conversation to come back. There you go. I love 753 00:46:27,948 --> 00:46:31,580 it. So we will ask this because 754 00:46:32,270 --> 00:46:35,946 you told us in the virtual green room you didn't want to be 755 00:46:35,968 --> 00:46:39,626 advertising your company and that sort of stuff, but we ask everyone, 756 00:46:39,728 --> 00:46:43,486 where can people learn more about you? And feel free 757 00:46:43,508 --> 00:46:45,966 to plug your business. Our website is 758 00:46:45,988 --> 00:46:49,726 Pulsarsecurity.com. We're in a weird situation 759 00:46:49,828 --> 00:46:53,502 because we have very high end cybersecurity talent. We have 760 00:46:53,556 --> 00:46:57,122 several billion dollar customers, and we try to do a lot 761 00:46:57,176 --> 00:47:00,642 for community school systems, things like that, on a budget. So cool. 762 00:47:00,776 --> 00:47:04,546 But we're really not looking for a ton of customers, which is 763 00:47:04,568 --> 00:47:08,174 a good place to be. So we're mostly promoting the podcast 764 00:47:08,302 --> 00:47:11,814 to say, that said, we do try to help people who need 765 00:47:11,852 --> 00:47:15,494 it, but we also have to pay a lot of cost for that high end 766 00:47:15,532 --> 00:47:17,560 software that makes sense. 767 00:47:18,730 --> 00:47:21,670 Securitytheweek.com, podcast. 768 00:47:24,490 --> 00:47:28,154 And entangle things. Okay. Entangle things. Okay. So 769 00:47:28,192 --> 00:47:31,694 before you go, there's one question I think that everybody who's listening to this is 770 00:47:31,732 --> 00:47:35,566 probably asking themselves, if you're not in the security field, how does 771 00:47:35,588 --> 00:47:38,320 one get started? Where does one get started? 772 00:47:39,170 --> 00:47:42,986 You mentioned, like, pluralsight, LinkedIn. There's all sorts 773 00:47:43,018 --> 00:47:46,002 of training out there. If there was this much training when I was a kid, 774 00:47:46,056 --> 00:47:48,980 I would be way smarter than I am now. 775 00:47:49,670 --> 00:47:53,426 You just have to start going and surveying. I tell people they 776 00:47:53,448 --> 00:47:56,514 should start a mile wide and an inch deep. They need to learn 777 00:47:56,552 --> 00:48:00,182 terminology. They need to learn what is SQL? Well. 778 00:48:00,236 --> 00:48:03,782 SQL injection. What'sql? You have to understand what a database is. You have to understand 779 00:48:03,836 --> 00:48:07,510 what a file is. You have to understand what Red Hat is and 780 00:48:07,580 --> 00:48:11,174 what Kali is and what Linux is. You need that basis. And 781 00:48:11,212 --> 00:48:13,970 then you can figure out where your niche will be. Whether you're going to be 782 00:48:13,980 --> 00:48:17,702 an auditor, or a hacker, or a red teamer or blue teamer 783 00:48:17,766 --> 00:48:21,546 or project manager or whatever. Because it's kind of like saying, 784 00:48:21,648 --> 00:48:24,266 I want to be in security or I want to be in technology. That's like 785 00:48:24,288 --> 00:48:27,614 saying, I want to be in medicine. It's a wide range. You need to just 786 00:48:27,812 --> 00:48:31,214 start getting that understanding so that when you listen to a 787 00:48:31,252 --> 00:48:34,734 podcast or read an article, you understand what they mean when they 788 00:48:34,772 --> 00:48:38,514 say deployment or compile. That's where you 789 00:48:38,552 --> 00:48:41,826 start. You start with the vocabulary. And I'd say the other thing is reach out 790 00:48:41,848 --> 00:48:45,426 to companies. I can't tell you how many times I have people reach out to 791 00:48:45,448 --> 00:48:48,738 me and say, hey, listen, I'm interested in cybersecurity. What should I 792 00:48:48,744 --> 00:48:52,466 do? And we'll do things like, I'll have them sign an NDA 793 00:48:52,498 --> 00:48:55,782 and bring them on an engagement. See if this is for you before you actually 794 00:48:55,836 --> 00:48:59,626 go. And just watch and ask questions and use 795 00:48:59,648 --> 00:49:00,860 it as a training event. 796 00:49:05,070 --> 00:49:07,420 So it's things like that. I think you'll find 797 00:49:08,510 --> 00:49:12,254 companies out there who are just there's so little people in the cybersecurity space. 798 00:49:12,292 --> 00:49:15,546 They're just willing to help and educate and see if this is a field you're 799 00:49:15,578 --> 00:49:19,200 interested in. Also, we are summer program 800 00:49:20,210 --> 00:49:23,886 True with interns that come in with 801 00:49:23,908 --> 00:49:27,614 us. We're working with high school in the area 802 00:49:27,732 --> 00:49:30,500 for kids that it's a Stem high school 803 00:49:31,190 --> 00:49:34,946 bringing them on and having them do their required hours just to get 804 00:49:34,968 --> 00:49:38,662 a feel for what it's all. About, what it's like. Yeah, 805 00:49:38,716 --> 00:49:42,230 right? And that mystery voice is Jill. 806 00:49:44,810 --> 00:49:48,570 Just for the listeners that are like. Who was somebody broke into the podcast. 807 00:49:52,670 --> 00:49:56,250 That's hilarious. Nothing's safe. 808 00:50:00,030 --> 00:50:02,800 Okay, Joe. We didn't say your last name. We're good. Yeah. 809 00:50:04,930 --> 00:50:08,494 That's really interesting to know about the intern program. My 810 00:50:08,532 --> 00:50:12,282 daughter is headed to Virginia Tech for computer science, 811 00:50:12,346 --> 00:50:15,742 and she's looking for I don't know if she'll want to do 812 00:50:15,796 --> 00:50:19,490 cybersecurity, but if she does now, I know some people. Yeah, there you go. 813 00:50:19,560 --> 00:50:22,178 Have her reach out. Because, honestly, even if she just wants to sit in and 814 00:50:22,184 --> 00:50:25,954 watch what a Red Team engagement looks like, I've had people my son's 19 years 815 00:50:25,992 --> 00:50:29,458 old, and I got him to intern and look at engagements, and he came to 816 00:50:29,464 --> 00:50:31,718 me after, like, a year, and he was like, hey, dad, you know what? And 817 00:50:31,724 --> 00:50:35,414 I was like, yeah. And he's like, I hate this. This is not yeah, 818 00:50:35,452 --> 00:50:39,258 this is not for me. That's a good thing, though, right? Because it's a 819 00:50:39,264 --> 00:50:42,140 great thing. Did he say this or you 820 00:50:48,270 --> 00:50:51,594 fire targets down. Tell him his 54 character 821 00:50:51,642 --> 00:50:53,120 password. That'll get. 822 00:50:56,930 --> 00:51:00,286 Well. This has been an awesome show. I hate to end it, but all good 823 00:51:00,308 --> 00:51:03,198 things must end. But we'll definitely have you back, because this is a field that 824 00:51:03,204 --> 00:51:07,010 I think and there's topics in my head that we didn't come up with. Right. 825 00:51:07,080 --> 00:51:10,914 The idea of how do you secure data from 826 00:51:10,952 --> 00:51:14,174 the source to the end, right? Because if you're training these AI 827 00:51:14,222 --> 00:51:17,846 models, particularly with something like a 828 00:51:17,868 --> 00:51:21,240 Kafka stream, what if you inject bad data in? How do you detect that? 829 00:51:22,810 --> 00:51:25,974 A friend of mine was talking about there was some talk of using 830 00:51:26,092 --> 00:51:29,110 blockchain technology to kind of 831 00:51:29,260 --> 00:51:32,842 authenticate data transactions. So that way when you're learning 832 00:51:32,896 --> 00:51:36,746 it, you have kind of a trail to it. And obviously that could probably be 833 00:51:36,768 --> 00:51:39,980 another hour episode right there. But in the interest of time, 834 00:51:40,290 --> 00:51:43,754 we'll definitely love to have you back, and. We'D love to join 835 00:51:43,802 --> 00:51:47,646 you. Any parting thoughts? Stay 836 00:51:47,668 --> 00:51:51,198 in school. Yes, stay in school. Use long. Change your 837 00:51:51,204 --> 00:51:55,038 password. Right? And keep listening to this podcast. It's great. That's 838 00:51:55,054 --> 00:51:58,898 right. And the other ones? Awesome. All right. And I'll let the 839 00:51:58,904 --> 00:52:02,642 nice British lady finish the show. And that, 840 00:52:02,696 --> 00:52:06,294 dear listeners, brings us to the end of another riveting episode of 841 00:52:06,332 --> 00:52:10,054 Data Driven. I hope you've all enjoyed delving into 842 00:52:10,092 --> 00:52:13,734 the mysterious world of cybersecurity. I must 843 00:52:13,772 --> 00:52:17,574 admit, the idea of advanced persistent threats and hacking can be a bit 844 00:52:17,612 --> 00:52:21,418 unnerving. But, hey, who needs beauty sleep when you 845 00:52:21,424 --> 00:52:25,034 can have nightmares about hackers instead? As we sign 846 00:52:25,072 --> 00:52:28,806 off, I'd like to extend a big thank you to our guest speakers, who shared 847 00:52:28,838 --> 00:52:32,206 their insights and experiences, including that rogue AI of 848 00:52:32,228 --> 00:52:35,918 theirs. Remember, folks, hacking might be a 849 00:52:35,924 --> 00:52:38,880 dark art, but with great knowledge comes great, 850 00:52:39,650 --> 00:52:43,390 um, well, cybersecurity skills, I suppose. 851 00:52:44,050 --> 00:52:47,886 But wait. Before we biddered you, I'd like to remind you all to 852 00:52:47,908 --> 00:52:51,694 secure those passwords, enable two factor authentication, and 853 00:52:51,732 --> 00:52:54,590 resist the urge to click on suspicious links. 854 00:52:55,210 --> 00:52:59,046 Because, let's face it, no one wants to wake up one morning to 855 00:52:59,068 --> 00:53:02,210 find out their bank account has been drained by a hacker named Dwayne.