Episodes
Tabletop security exercises can help organizations game out their response to a security incident. From the technical and business considerations to legal and PR implications, a tabletop exercise, like Dungeons and Dragons, lets you play-test attack and defense scenarios. Johna Till Johnson, CEO of Nemertes consulting firm and co-host of the Heavy Strategy podcast, joins... Read more »
Published 05/28/24
Zero trust is a buzzword, but what does it actually mean and how will it impact network engineers? Jennifer is here to get us up to speed. First, she gives a general description: It’s a security architectural strategy that’s progressing toward increased observability and trust inferences. Then she breaks it down for the three main... Read more »
Published 05/21/24
Have you ever noticed “threat hunting” in vendor products and wondered exactly what it means? James Williams is here to explain: Threat hunting is the R&D of detection engineering. A threat hunter imagines what an attacker might try and, critically, how that behavior would show up in the logs of a particular environment. Then the... Read more »
Published 05/14/24
What’s the difference between cybersecurity “as a service” vs. “managed” vs. “hosted”? And what’s the difference between an MSP and an MSSP? In this episode, JJ helps untangle the terms and concepts in cybersecurity offerings. She explains what questions you should ask vendors to make sure you’re picking the right one for your needs; negotiating... Read more »
Published 05/07/24
The classical encryption algorithms that currently undergird our IT infrastructure will be broken once there’s a powerful and stable enough quantum computer to do the job. Quantum-resistant algorithms are being developed by NIST, but implementation and deployment of these algorithms still have to be addressed. So what does all this mean for busy IT and... Read more »
Published 04/30/24
IoT devices are often like the tiny aliens in the locker in Men in Black: They’ve created a whole little world on your network without almost any humans knowing they exist. Today Troy Martin joins the show to teach us the basics of how to find and secure IoT devices on your network, specifically focusing... Read more »
Published 04/23/24
The US government is seeking comment on a new law mandating detailed cyber incident reporting. In this episode, we cover what you need to know about the “Cyber Incident Reporting for Critical Infrastructure Act.” We break down the details, including what kind of companies the law applies to, what it defines as an “incident,” and... Read more »
Published 04/16/24
If your approach to firmware is that you don’t bother it as long as it doesn’t bother you, you might want to listen to this episode. Concerns about supply chain vulnerabilities are on the rise and for good reason: Attackers are targeting firmware because compromising this software can allow attackers to persist on systems after... Read more »
Published 04/09/24
Learning cloud security can be daunting for experienced network engineers, much less complete newbies. That’s why Rich Mogull started “Cloud Security Lab A Week,” aka Cloud SLAW. Every Thursday, he emails subscribers a new hands-on lab, building a full enterprise deployment week-by-week, step-by-step. Rich explains all the details to JJ and Drew including the cost... Read more »
Published 04/02/24
You’re already running IPv6, even if you don’t know it yet. Your remote users are using it at their homes, your printers come with it built into the kernel, your generals are using it on their mobile phones (check out our news headlines section). So let’s stop trying to disable it whack-a-mole style, and start... Read more »
Published 03/26/24
This episode is for IT professionals who work in small- to medium-sized businesses and are expected to handle cybersecurity on top of issues like “my camera isn’t working on Zoom.” Guest Joe Stern has been filling this role for an 80-person company for almost 30 years. We talk about how he prioritizes risks, security tools... Read more »
Published 03/19/24
According to Bryson Bort, you can build higher metaphorical fences, electrify them, and have sharks with laser beams prowling the moat, but attackers are still going to get through the security perimeter. That’s why the priority of any IT team should be to identify anomalies and anticipate attack logic. To do this, organizations need to... Read more »
Published 03/12/24
When you’re picking a penetration tester to poke at your security infrastructure, how do you know if you’re picking a good one? Is pen testing even the right service for your needs? Pen tester, SANS course creator, and OWASP board member Kevin Johnson joins the show to share tips for what to look for in... Read more »
Published 03/05/24
What are the best cybersecurity certs to get? Do advancements in cloud and AI mean security professionals need to re-skill? How do certifying organizations decide what new courses to create? Chief Curriculum Director and Faculty Lead at the SANS Institute, Rob Lee, joins Jennifer “JJ” Minella and Drew Conry-Murray to give an insider’s view on... Read more »
Published 02/27/24
Today we look at secrets management and privileged access management from the perspective of a network engineer. How do you and your team securely store sensitive data including passwords, SSH keys, API keys, and private certificate keys, while still being able to work nimbly? What Privileged Access Management (PAM) practices can help put guardrails in... Read more »
Published 02/20/24
It’s time to make the switch from WPA2 to WPA3. We cover how to do it and what migration challenges to be prepared for no matter what WLAN you are dealing with (open, passphrase, or 802.1x) . We also discuss what features make WPA3 an improvement over WPA2, particularly the replacement of PSK with SAE.... Read more »
Published 02/13/24
Hi, I’m Jennifer Minella and I’m excited to finally share with you all that I’ll be co-hosting a new podcast on the Packet Pushers network. It’s called Pocket Protector, a podcast exploring the intersection of networking and security. Each week, we’re drilling into topics, from wired and wireless network security to access control and zero... Read more »
Published 02/02/24