Phillip Wylie Show

Takeaways

·     

·     

·     

·     

·     

·     

·     

·     

·     

·     

Sound Bites

·     

·     

·     

Chapters

00:00 Introduction to Horizon 3 and Snehal Antani

03:26 Leadership and Company Culture at Horizon 3

06:30 Snehal's Hacker Origin Story

10:37 Transition from Corporate America to JSOC

13:45 Building Horizon 3's Culture and Team

16:28 The Unique Approach of Horizon 3

20:24 The Evolution of Pen Testing

24:34 The Role of Humans in Pen Testing

28:41 The Shift in Cybersecurity Mindset

32:31 Certifications and Bootcamps in Cybersecurity

36:26 The Future of Cybersecurity and Co-Pilots

40:21 The Importance of Data in Cybersecurity

44:22 The Impact of Autonomous Pen Testing

48:22 Conclusion and Future Outlook

58:33 Phillip Wylie Show Outro Video.mp4

Resources

https://www.linkedin.com/in/snehalantani/

https://x.com/snehalantani

https://www.horizon3.ai/

https://www.linkedin.com/company/horizon3ai/

Summary

In this episode of the Phillip Wylie Show, host Phillip Wylie speaks with Christophe Foulon, a cybersecurity expert and podcaster, about his journey into the cybersecurity field, the importance of self-discovery for aspiring professionals, and the evolving landscape of hiring practices in the industry. They discuss the significance of certifications, the need for internal talent development, and the value of community involvement in cybersecurity education. Christophe shares practical advice for job seekers, emphasizing the importance of networking and curiosity in building a successful career in cybersecurity.

Takeaways

Christophe's journey into cybersecurity began at a young age.

Self-discovery is crucial for those entering the cybersecurity field.

Certifications are often necessary, especially for government roles.

Hiring practices are evolving, with less emphasis on traditional degrees.

Internal training and development can help fill cybersecurity roles.

Apprenticeships can provide valuable hands-on experience.

Community involvement is essential for building a skilled workforce.

Networking is key to finding job opportunities in cybersecurity.

Curiosity and continuous learning are vital for success in cybersecurity.

Understanding the job market and roles can prevent burnout.

Sound Bites

"I was just hooked."

"It all starts on the foundation of self-discovery."

"You need to be eternally curious."

Chapters

00:00 Introduction and Background

06:46 Recommendations for Breaking Into Cybersecurity

10:54 The Role of Certifications in Cybersecurity

16:08 Creating Career Paths and Apprenticeships in Cybersecurity

25:02 The Value of Networking and Building Relationships in Job Hunting

29:40 Staying Informed: Researching Industry Trends in Cybersecurity

32:14 Closing Remarks

32:39 Phillip Wylie Show Outro Video.mp4

Resources

https://www.linkedin.com/in/christophefoulon/

https://x.com/chris_foulon

Summary

 In this episode, Len Noe, the world's first augmented

Takeaways 

Sound Bites 

Chapters 

00:00 Introduction and Guest Introduction

03:36 Unconventional Paths into Cybersecurity

10:28 Implantable Technology and the Future of Augmented

18:41 Redefining Medical Ethics: Risks and Benefits of Body

25:44 Hacked Human: Insights from the World's First

37:26 Phillip Wylie Show Outro Video.mp4

Resources

https://x.com/hacker_213

https://www.linkedin.com/in/len-noe/

Human Hacked: My Life and Lessons as the World's First

https://www.wiley.com/en-mx/Human+Hacked%3A+My+Life+and+Lessons+as+the+World's+First+Augmented+Ethical+Hacker-p-9781394269167

Summary

HOU.SEC.CON is a cybersecurity conference in Texas that aims

Takeaways

HOU.SEC.CON is a cybersecurity conference in Texas that

The conference was started in 2010 by Michael Farnum and Sam

They initially ran the conference under the auspices of the

HOU.SEC.CON has grown over the years, attracting attendees

The conference aims to provide an affordable and accessible

HOU.SEC.CON has added two additional conferences, OT.SEC.CON

The organizers also host monthly user group meetings and

Sound Bites

"HOU.SEC.CON is a cybersecurity conference in

"The conference was started in 2010 by Michael Farnum

"They initially ran the conference under the auspices

"We were close to 1400 last year."

"Let's top out at 300. Let's top out at 500. Let's do

"We would have to take up multiple floors if we were

Chapters

00:00 Introduction to HOU.SEC.CON and its mission

06:15 The origins of HOU.SEC.CON and its role in the Houston

18:33 Differentiating HOU.SEC.CON from other conferences:

24:15 The growth and recognition of HOU.SEC.CON

26:35 Expanding HOU.SEC.CON

30:51 A More Accessible Alternative

35:46 Building a Strong Cybersecurity Community

Resources

http://houstonseccon.org/

https://www.linkedin.com/company/houseccon/

https://x.com/HouSecCon

https://www.linkedin.com/in/mfarnum/

https://x.com/m1a1vet

https://www.linkedin.com/in/svanryder/

https://x.com/SamVR

About the Guest:

Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.

Episode Summary:

In this captivating episode of 'The Philip Wylie Show', host Philip Wylie is joined once again by offensive security aficionado Jeswin Mathai. This talk orbits around the expansive realm of professional hacking, highlighting the persistent curiosity and zealous passion these experts have for overcoming challenges in their line of work. With Jeswin on board, listeners can anticipate an in-depth exploration of Squarex's new and riveting features aimed at staving off online vulnerabilities.

The episode delves into the intricate world of in-browser malicious file detection, a pressing issue in today's digital-heavy climate. Jeswin Mathai meticulously walks listeners through the challenges surrounding the detection of malicious files, expanding upon why conventional antivirus solutions struggle and how attackers exploit naïveté during delivery. Furthermore, he presents a live demonstration of Squarex's monumental browser integration, showcasing its real-time detection capabilities and remediation options, elevating Gmail's native security measures to impressive new heights.

Key Takeaways:

Squarex is revolutionizing online security: The discussion reveals how the product can enhance Gmail security by detecting and alerting users to potential threats before they materialize.

In-browser file analysis: Squarex performs comprehensive checks directly within your browser, maintaining user privacy while offering robust protection against malicious files.

Malicious macros are a key threat vector: Jeswin explains how attackers utilize document macros, often undetected by traditional antivirus software, to compromise user systems.

Real-time alerts and remediation: Squarex provides instantaneous analysis of file attachments, distinguishing malicious intent and providing safer alternatives for download.

Enhanced user-friendly protection: The product is designed for ease of use, offering an intuitive safety net for both tech-savvy individuals and those less accustomed to cybersecurity measures.

Notable Quotes:

"The moment you open it, it's almost instantaneous. And not only is it telling you contains macros, tells you the details."

"This is a macro free version created right there in your browser, in case if you're concerned that something can go wrong."

"Email is like the primary source right now of delivery of malicious payload."

"So we have received the mail. So now as you can notice, this is a macro enabled file, but Gmail didn't say anything."

"It's a full blown file system packaged in just one single file, and how crazy it can be to detect malicious macros."

Resources:

Get your free Chrome plugin: ⁠⁠http://sqrx.io/pw_x⁠⁠

⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠

⁠⁠https://twitter.com/getsquarex⁠⁠

⁠⁠https://www.instagram.com/getsquarex/

Summary

In this episode, Joe Brinkley, also known as the blind hacker, joins Phillip Wylie to discuss his hacker origin story and offer advice for breaking into offensive security and pen testing. They also explore the commoditization of pen testing, the evolution of the industry, and the challenges of testing complex environments. Joe shares his insights on the different generations of hackers and the role of automation and AI in pen testing. He also talks about his work with the Mentor Village and offers resources for those interested in starting their own cybersecurity brand or company.

Takeaways

Sound Bites

Resources

https://www.linkedin.com/in/brinkleyjoseph/

https://x.com/TheBlindHacker

https://x.com/deadpixelsec

https://deadpixelsec.com/

Chapters

00:00 Introduction and Background

06:24 Advice for Breaking into Offensive Security

10:39 The Commoditization of Pentesting

15:53 The Impact of Compliance and Cyber Insurance

22:03 Challenges Faced by Practitioners in Limited Time Windows

25:33 The Evolution of Hackers and Accessibility of Education and Tools

30:36 The Role of Automation, Orchestration, and AI in Modern Pentesting

36:23 Building Cybersecurity Brands and the Mentor Village

41:14 Conclusion

41:52 Phillip Wylie Show Outro Video.mp4

Summary

In this live episode of The Phillip Wylie Show, cybersecurity experts Ira Winkler and Ryan Cloutier discuss their hacker origin stories and the evolution of hacking over the years. They emphasize the importance of basic cyber hygiene and the need to systematize the fundamentals of cybersecurity. They also discuss the risks and benefits of AI, highlighting the potential for manipulation and the need for safe adoption. The conversation touches on the role of policies and procedures, the alignment of cybersecurity with business objectives, and the impact of technology on human experiences.

Takeaways

Quotes

Resources

https://www.linkedin.com/in/irawinkler/

https://www.linkedin.com/in/ryan-cloutier/

https://cruisecon.com/

Chapters

00:00 Introduction and Hacker Origin Stories

05:39 The Evolution of Hacking and Basic Cyber Hygiene

08:03 Threat Landscape and Shifting Attack Profiles

10:18 The Impact of Social Media and Bring Your Own Device

18:05 Systematizing the Basics and Enforcing Policies

23:35 Aligning Cybersecurity with the Business and Employee Experience

26:01 AI: Readiness and Safe Adoption

32:13 Understanding AI as Math and the Potential Risks

34:48 Personal Intimate Information and the Weaponization of AI

Summary

David Schloss shares his hacker origin story, starting with his military background and how he ended up in the field of cybersecurity. He talks about his time in the Joint Special Operations Command (JSOC) and the unique missions he was involved in. He also discusses his transition to the private sector and his current role as a Hive Leader at Covert Swarm. The skills he acquired in JSOC have been highly transferable and valuable in his offensive security career. In this conversation, Dahvid Schloss discusses his experience at Seer, a practice prison camp that taught him transferable skills like lock picking and prison escape. He also talks about the challenges of transitioning from using malware and exploits to using his brain in the civilian world. Dahvid emphasizes the importance of finding your passion within offensive security and recommends exploring different areas to figure out what you enjoy. He also highlights the significance of building a personal brand in the cybersecurity field and encourages professionals to be more public about their skills and expertise.

Takeaways

Quotes

"I got through this course, I graduated, and I got to do the fun job of being a special operations communicator."

"Seer was amazing. So Seer is like practice prison camp, right? Which sounds why would that be amazing to cyber? And the reason is, is because they teach you some transferable skills, like how to pick locks and how to escape from prisons."

"Having access to really good malware, really good exploits was not at all. It sounds like it would be really helpful, but it was a hard transfer for me, especially because I'm so used to being able to go dot slash execute. And now I'm on a box and now I have to go, Oh, I have to use my brain."

"Offensive security is massive. It's like, there is no way you can be a master of all. Like there is only one and that's John Hammond so far. That's all I've seen. He's, know, he's got, he's got the chops, but we can't all be him. Right. So, um, really like my biggest recommendation."

Resources

https://www.linkedin.com/in/dahvidschloss/

https://x.com/DahvidSchloss

Chapters

00:00 Introduction and Background

02:36 Military to Cybersecurity Transition

08:41 Learning Cybersecurity Skills

17:34 JSOC and Fighting High-Value Targets

26:34 Transferable Skills and Challenges in Offensive Security

29:55 Exploring Different Areas in Offensive Security

39:04 The Importance of Building a Personal Brand

46:41 Opportunities for Growth in Smaller Cybersecurity Startups

49:49 Taking the Time to Find Your Path in Cybersecurity

Summary

In this episode of the Phillip Wylie Show, Phillip is joined by Eric Teichmiller, a technical account manager at Horizon 3. Eric shares his background in cybersecurity and his journey from IT to risk and compliance to offensive security. He explains his role as a technical account manager and how his defensive background helps him understand and support customers. Eric also discusses the benefits of certifications, offers advice for getting into cybersecurity, and shares his study tips and strategies for avoiding burnout.

Takeaways

Sound Bites

"I'm really enjoying cybersecurity as a whole."

"I kind of have that customer perspective."

"Everything that they were geeking out on not only works, but it works well."

Chapters

00:00 Introduction and Background

03:29 The Role of a Technical Account Manager

06:36 Transitioning from Defensive to Offensive Security

08:41 The Fascination with Autonomous Pen Testing

12:14 The Value of Certifications and Continuous Learning

14:13 Advice for Job Seekers in Cybersecurity

15:55 Navigating Job Descriptions and Requirements

20:12 Avoiding Burnout in Cybersecurity

24:07 Goals and Future Plans at Horizon 3

25:59 Final Thoughts and Conclusion

Resources

https://www.linkedin.com/in/eric-teichmiller-82296295/

https://x.com/ericteichmiller

About the Guest:

Jeff Man is a seasoned professional in the cybersecurity industry, with a rich history in penetration testing and security. He began his career at the National Security Agency (NSA) and has since become renowned for his expertise and contributions to the field. Jeff is also a co-host on Paul Security Weekly and frequently shares his insights at notable security conferences. His vast experience and deep understanding of the industry's evolution make him a respected figure in cybersecurity.

Episode Summary:

In this captivating episode of the Phillip Wylie Show, host Phillip Wylie welcomes cybersecurity veteran Jeff Man. Known for his storied career starting at the NSA, Jeff dives into his unique hacker origin story and the evolution of penetration testing. This episode is packed with insights, anecdotes, and practical advice for anyone interested in the cybersecurity landscape.

Jeff Man shares his early experiences working at NSA, highlighting key moments such as his involvement in creating the first software-based cryptosystem. He delves into the early days of penetration testing, describing how methodologies and technologies have transformed over the years. Jeff also discusses the importance of understanding penetration testing's true objectives and offers guidance on how organizations can maximize the value of these tests. His reflections on the cybersecurity community, vendor relationships, and the need for precise terminology provide valuable perspectives for practitioners and enthusiasts alike.

Key Takeaways:

• Jeff's Striking Background: Learn about Jeff Man's remarkable career trajectory, from his start at the NSA to his present role as a cybersecurity expert and podcaster.

• Evolution of Pen Testing: Understand the shifts in penetration testing methods, technologies, and industry perceptions over the past three decades.

• Maximizing Pen Test Effectiveness: Discover practical advice on how organizations can make the most out of their penetration testing efforts by setting clear objectives and collaborating with trusted advisors.

• Cybersecurity Insights: Jeff emphasizes the importance of understanding and correctly using industry terminology and the value of a comprehensive security program.

• Community and Learning: Hear Jeff's thoughts on the cybersecurity community, including his participation in conferences and his ongoing mission to educate and mentor upcoming professionals.

Notable Quotes:

• "I've always tried to ascribe to that. You might lose something in the near term by saying, well, what we have really isn't the best thing for you right now."

• "Pen testers are the unsung heroes of the industry, often with relatively boring stories, but they are crucial to the security landscape."

• "Very rarely do I see a pen test report that's actually, we tried to break in, or we tried to gain access, or we tried to gain unannounced access."

• "I've always been a consultant. I've always been sort of in this trusted advisor role."

• "And I have clients that I've been working with now for 15, 20, 25 years. Not all the time, but when they need something, they're like, hey, let me give Jeff a call and see what he has to say."

Resources:

Jeff Man LinkedIn: https://www.linkedin.com/in/jeffreyeman/

Jeff Man X(formerly Twitter): https://x.com/MrJeffMan

Jeff Man on Paul Security Weekly: https://www.scmagazine.com/security-weekly