Infosec Success (with Lesley Carhart)

Jan 02, 2017

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 31

GUEST:Lesley Carhart

January 2, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Infosec Success (with Lesley Carhart)

SHOW NOTES

PART 1

We discuss our predictions for 2017. Lesley gives us her theme of “Reaching a Breaking Point.” She says that some things will get worse in places. This will give risk managers a little more budgetary leverage. Lesley predicts more Distributed Denial of Service (DDOS) and IOT botnet DDOS attacks. Joe predicts a data breach bigger than Yahoo in terms of sensitivity, records, applicability, and ability for misuse. Lesley’s next prediction is government/Law Enforcement on cloud and social media providers and their data retention policies. Joe’s final prediction is to see a rise in social engineering and phishing.

PART 2

Lesley shares with us her wisdom about taking GIAC exams after SANS training and the value of having solid indices. We talk about what to take into the testing center. We talk about the various cost offset models. Lesley and I also talk about the advantages and disadvantages of the larger SANS events versus smaller events and venues. We talk about the SANS Blue Team (DFIR) and Red Team (Pen Test) pipelines. We talk about true “Purple Teamers.”

PART 3

In our Infosec success segment, Lesley’s first tidbit of advice is “Want to be in infosec.” Joe talks about being able to teach someone the knowledge, but not the passion. Joe talks about learning outside of work and tinkering in a home lab. Lesley talks about learning types and finding the method for you to learn best. Joe recommends getting active in the security community via BSides, defcon groups, 2600, ISSA, OWASP, and (ISC)2 chapters. We also talk about Irongeek’s site as well. Joe recommends business cards regardless of your career level. We talk about report writing and public speaking and the importance of producing quality reports regardless of the role. We discuss languages and programming languages.

ABOUT Lesley

Infosec Success (with Lesley Carhart) — Lesley Carhart

Lesley Carhart (GCIH, GREM, GCFA, GPEN, B.S. Network Technologies, DePaul University) is a 17 year IT industry veteran, including 8 years in information security (specifically, digital forensics and incident response). She speaks and writes about digital forensics and incident response, OSINT, and information security careers, is highly involved in the Chicagoland information security community, and is staff at Circle City Con, Indianapolis.

In her free time, Lesley studies three martial arts, is a competitive pistol marksman, and is generally all around a huge geek.

Lesley loves to speak about information security and digital forensics to technical and non-technical audiences, and would be happy to come to your con or speak to your class (time allowing)! Please reach out to @hacks4pancakes on Twitter, or at hacks4pancakes@gmail.com.

CONTACTING Lesley:

Twitter: @hacks4pancakes

Twitter: @Infosec_VetTix

Blog: Tisiphone

SANS References:

Rtfm: Red Team Field Manual

SANS Cheat Sheet Google Search String

Joe’s SANS Security 504 Mentor Course

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:

Delivered by FeedBurner