In this episode, Dr. Chase Cunningham, aka DrZeroTrust, joins us to shed light on what a horror story looks like from an adversarial perspective. In drawing on his extensive red teaming and NSA background, he explores why doing the basics and applying them intelligently does matter, why people should abandon the notion of perfect security, and what controls and practices organizations can adopt and follow to make it a bad day for bad actors.

---------

Key Quotes:

“ It's called a best practice for a reason. It's not because somebody woke up and was like, how can I just, you know, put things on a piece of paper? It's a best practice because it's a practice that's best.”

“ I think people should abandon the idea of perfect security because it doesn't exist. You know, you think if you're if you're postured up and you've spent enough money and you've got the right things in place that you're not going to have a breach. The odds of you not having a breach are really, really slim. It's just a matter of time. That doesn't mean that you stop trying, but it just means to be aware of when things go wrong, what is your plan, how will you isolate, how will you minimize the damage, how do you move or how do you stop lateral movement, etc.”

“There are some people that you just have to say like, Look, man, I gotta put some additional controls around you because you're, you're prone to clicking, bro. Like I don't know what to tell you, man, but I got to do something about you. And it's not because I don't like you and I don't like your hair color or whatever else, but you're a risk to my business.”

---------

Time stamps:

02:26 - About Chase

03:58 - What’s a classic attacker horror story?

08:49 - Red teamer incidents

12:35 - Lessons learned

26:00 - Advice for security leaders

---------

Links:

Find Chase on LinkedIn

Find Jonathan on LinkedIn

Learn more about NinjaOne