Nate Fleming and Joshua Sitta talk Cybersecurity incidents. How they happened, who dunnit and what that means for you!
Happy Thanksgiving, Everyone.
8 min 59 sec
Joshua Sitta holds several Information Security credentials, created the phishing simulations and training for a big bank with over 5000 employees, and has written the playbook for how to identify phishing emails. Throughout his career, he's blocked millions of phishing emails from ever reaching the end user and has personally received hundreds of different phishing scams. He's seen it all, from the Nigerian Prince we all joke about to the spearphishing emails crafted by the world's most successful cyber criminals - and he's never fallen for even one of them. Until today. As Joshua talks through his eperience in falling for the easiest-to-identify phishing email ever, Nate points out how differently the two approach failure. For Nate, failure is one of the most important tools in his toolbox. We'd like to set you up with a safety net and take the scary out of failure. Sittadel is ready to be the group that has your back - 24 hours a day, 365 days a year. Start the conversation at www.sittadel.com or send us an email at ask[at]sittadel.com.
31 min 40 sec
When cybersecurity professionals need to develop their skills and earn credentials, they turn to Ben Malisow, author of Exposed! and a number of self-paced courses on Udemy. In 41 minutes, Joshua completely changed his stance on privacy. Ben Malisow didn't waste any time to bring his unwelcome perspective to the podcast. In Ben's mind, it's time for you to embrace a future of perfect privacy: where all of your secrets become public. Your location, your browser history, and your finances should all be at the fingertips of your neighbors. Big corporations and governments are already using this information, so why should the person you just met at the bar be left out in the cold? It's easy to disagree with Ben. But what if it wasn't just your secrets? What if everyone's information was available to you as well? Would you feel more comfortable meeting a stranger if you were able to review their arrest history first? As Ben points out, privacy creates opportunities for fear and distrust. Secrets lead to shame. There are movements all over the United States to bring about transparency in politics and law enforcement. Today, cities burn in the wake of officer-involved shootings, but if the public had access to all the information, they could reach a level of comfort that the actions were justified. Or if it wasn't justified, it would be plain to see for the Good Apples who protect and serve. But this would only be possible with complete transparency. And what is transparency if not the enemy of privacy? It's hard to disagree with Ben. Until we reach our new future, it's up to cybersecurity practitioners to continue defending the C in the CIA triad. For more information on how Sittadel can keep your secrets safe, let's get the conversation started at www.sittadel.com.
41 min 40 sec
Social Media has fostered the most interconnected and mentally unwell society in history. Communities have never been more accessible and people have never felt more alone. What's the point? Silicon Valley titans like Pinterest and Reddit have fundamentally changed the way information is shared on the Internet. For many previously marginalized voices, social media has provided platforms for collaboration and representation. And while those examples are important, the valor of social media starts to drop off from there. After another round of concerning reports on facebook's priorities, Nate has to hold the conversation that stays resident in the back of our minds: When billion-dollar businesses drive our communication, can decisions be made with the public's best interests in mind? The social media apps that live in our pockets are treasure troves of private information. For law enforcement, that data represents an endless stream of opportunities to protect the innocent. But as we explored last week, this moral tradeoff can leave us feeling conflicted at best. In this episode, the two discuss Social Media, facebook, Instagram, outages, transparency and accountability, the facebook whistleblower, health and wellness monitoring, and Nate started a gang. There's no call to visit our website today. Just promise us you'll think about spending your time intentionally.
33 min 31 sec
We know your location, see your pictures, listen in on your microphone, and even get into your encrypted chat. But we only use that for good! (Okay, except for that one time...) Are we fighting fire with fire or becoming the very thing we defend against? Israeli based cyber intelligence company NSO Group is a billion-dollar business that helps law enforcement agencies and governments learn everything about innocent and guilty citizens alike in the name of protecting the virtuous. Cyber weapons like Pegasus represent a moral tradeoff. The intended use is to curb human trafficking or intervene before violent crimes are committed, but it comes at the cost of invading the privacy of good-doing citizens. We're quick to accept this risk when weapons are wielded by the armed forces that defend countries, but the NSO Group is motivated by profits as much as any other private company. What we called spyware in the 90s has become the way modern advertising works, and that lets platform holders more finely target the spaghetti they throw at the wall. Now it's angel hair pasta, and everything is sticking. The ethics of doing business today are directly tied to the ethics of cybersecurity. As Nate discusses in the episode, he often finds himself caught between the creative ambition of an artist and catering to what will sell. To pay the bills, Nate has to sacrifice a bit of creative freedom. When companies profit from circumventing the security systems that keep us safe, it's a much greater sacrifice. This is not a new challenge, but privacy has entered a new frontier of technological reliance. In this episode, we discuss zero day vulnerabilities, Pegasus Spyware, NSO Group, Edward Snowden, Spysweeper, Privacy concerns, mobile security, law enforcement, wardriving, and WIFI security. Use our contact form or tweet us @sittadelpodcast to start the conversation on how Mobile Device Management (MDM) solutions can play a role in protecting your information (and if you're a business, there's a good chance you're already paying for one you've never set up).
44 min 33 sec
Some men see EDR as it is; others see EDR as it should be. Maxime Lamothe-Bressard joins Nate and Joshua for a discussion on the ways LimaCharlie is removing the roadblocks for working with some of the most important data points for Incident Responders and SOC analysts: file execution telemetry. Maxime brings a wealth of experience to the show, bringing insight from his time at Google-X, CrowdStrike, and a French Cafe. You can get started with LimaCharlie today for free by visiting limacharlie.io. For more information, visit https://www.sittadel.com or tweet us at @sittadelpodcast.
45 min 1 sec
Friend of the show Aaron Burns drops by the studio to talk about his experiences with scams sent straight to his phone. Aaron and Nate do their best to reinvent a few new cybersecurity terms, but Joshua wasn't having any of that nonsense. In this episode, the team discusses how Universal 2 Factor Authentication (U2A) promises big improvements by requiring login pages to prove their identity before users are permitted to login.
32 min 7 sec
Happy Labor Day! Comedian Jayson "Avocado" Acevedo helps the Sittadel Podcast team celebrate with a look at 3 day weekends and the social engineering risks they introduce for businesses. Later, Jayson would weigh in on cryptographically relevant quantum computers, which could be the worst idea we've ever had. What does quantum computing have to do with drive thru terminals? Nothing, Jayson. Absolutely nothing. If you'd like to hear more from Jayson, head over to https://jaysonavocado.com To enjoy CrowdStrike's APT database, check out https://adversary.crowdstrike.com To chat with the Sittadel Podcast team, tweet us @sittadelpodcast, email us at ask(at)sittadel(dotcom), or start the conversation at https://sittadel.com In this episode, we talk about social engineering, viruses, advanced persistent threats, APTs, CrowdStrike, Jayson Avocado, Marvel, DC, comic books, and several things that had to be edited out (looking at you, Jayson).
49 min 12 sec
Trafenia joins us for another trip back to the 90s to talk about the Melissa Virus, Joshua tells us about how plywood fits into cybersecurity, and Nate introduces us to Jacques. In this episode, the trio discusses phishing, security awareness training, Kevin Mitnick, Hook Security, honest hips, business continuity, and disaster recovery. For more on what Sittadel can do for you, head to our website at https://www.sittadel.com
33 min 24 sec
Trafenia Flynn Salzman has been working with computers since the movie Rush Hour was a relevant cultural reference. She's bringing that depth of experience to the podcast and comments on the representation of women in cybersecurity, Cloud Security, Zero Trust, and CARTA. Later, Nate would be disappointed the episode wasn't titled White Van Candy Man. Topics in this episode include diversity, Cloud Security, ZTNA, CARTA, MFA, trust algorithms, data centers, and teradactyls. For more on what Sittadel can do for you, head over to our website at https://www.sittadel.com.
31 min 17 sec
Troy Hunt created www.HaveIBeenPwned.com with the expectation that a few of his mates would use it to keep their accounts safe, but today it's the resource the world uses to monitor passwords at risk for credential stuffing attacks. Troy spends an hour on the podcast discussing password strength, his work at Pluralsight, and answering the age old question: What do squirrels have to do with cybersecurity? We thank Troy both for his time and for making the Internet a safer place.
46 min 23 sec
Joshua tries to talk about the role of executive management in a cybersecurity operation, but Nate would rather talk about movies.
30 min 35 sec
We talk about everything you need to know before buying cyber security insurance, and Nate and Joshua chat about an update to the Kaseya ransomware that crippled 1500 small businesses. Bearded barley is a cool season annual cereal grain, growing about 3 feet high. It's great for adding lots of organic matter or biomass in a short period of time. Additionally, it provides erosion control and weed competition. You can't get cybersecurity facts like these anywhere else.
30 min 49 sec
What's the business you've always wanted to start? Gourmet hot dog cart? A crafty booth at the farmer's market? That's too normal for Nate, who wants to create new dinosaurs. In this episode, we talk through the Kaseya supply chain attack which demands $70 million for the data of over 1500 small businesses. Nate and Joshua discuss ransomware, Kaseya, RMM tools, and an archaeopteryx. We want to say thank you for trusting Sittadel to bring cybersecurity to Lakeland - and the rest of the globe - as we now have clients and listeners all over the globe. If you want to learn more about Sittadel, start the conversation at www.sittadel.com.
23 min 35 sec
Jeffrey Snover is currently serving Microsoft as the CTO for Modern Workforce Transformation, and he spends an hour with Joshua with Nate discussing everything from dinosaurs to professional advice. Joshua can barely keep it together as they discuss PowerShell, Microsoft, women in technology, Windows Server, Unix, GUI and CLI, fatherly advice, the rapid elasticity of Azure, change management, and professional wrestling. Thank you for the impact you have had on my life, Jeffrey. -Joshua
50 min 35 sec
Before the Wannacry attack, MalwareTechBlog was just another place you could go to read about the weapons used by cybercriminals. After the mind behind MalwareTech found a kill switch buried in the Wannacry code, all eyes were on Marcus Hutchins. In this episode, Nate and Joshua talk through one of the most fascinating stories in cyber defense. And offense. Depends on which part of the timeline we're talking about... In this episode, we talk about sinkholing, malware, reverse engineering, wannacry, the NSA, shadowbrokers, and with deep respect, Marcus Hutchins.
49 min 28 sec
Why didn't John Connor use Ransomware to defeat The Terminator? In this episode, Nate and Joshua discuss the best ways to defend against an attack by robots using a machine learning algorithm to identify their targets. Along the way, they stumble upon the meaning of life. In this episode, we discuss tensorflow, IBM Watson, AI, artificial intelligence, machine learning, autonomous vehicles, and influence.
42 min 27 sec
We hit three main topics in this episode: The endless stream of cyber attacks making headlines, network topology, and personal security. Nate coins the phrase, "What you're choosing should be based on what you're using," which perfectly summarizes the approach business owners should have when designing their network. In this episode, we discuss a series of ransomware attacks, cyber extortion, keyloggers, password managers, UTM platforms, network design, and dinosaurs.
You can count on Nate and Joshua to tackle the hard questions like: How tall is the average American male and what's scarier than a network leviathan. Trafenia Flynn Salzman, a Cloud Security Architect for the federal government, drops by to give her thoughts on how network security is affected by using cloud systems. In this episode, we talk about Zero Trust, network security, cloud security, MFA, access control lists, SaaS, PaaS, IaaS, Anonymous, and a few network security threats.
57 min 10 sec
Thinking about network security but don't know where to begin? In this episode, Joshua walks Nate through a few network security fundamentals: Stateful vs Stateless firewalls and IDS vs IPS appliances. It's just enough cybersecurity mumbo jumbo to set the state for June's Network Security series. Also, Hoobastank. We talk a lot about Hoobastank.
45 min 28 sec
Nate has a unique approach to life, and this is our chance to learn about his story so far. In this episode, we talk about the importance of the moment.
55 min 36 sec
Is there a secret to getting hired in a cybersecurity role? Not really, but Nate and Joshua break down a few different approaches to land your first job. In this episode, we talk about CompTia A+, Net+, Sec+, CySA+, CISA, CISM, CISSP, and GCFA certifications, as well as penetration testing and forensics ceilings.
1 hr 6 min
Another day, another headline - this time involving the largest gas pipeline in America. The Department of Homeland Security and the FBI agree that ransomware threatens the existence of small businesses with incidents spiking by over 300% during the pandemic. The challenge falls to us to figure out how to make a compelling argument for preparing for the ransom before your data is gone. In this episode, we talk about ransomware, 2600 baud modems, blackberry, Colonial Pipeline Company, DarkSide (loosely), and the fact that people are just meat computers.
46 min 43 sec
It's another Swapcast! Nate applies some of his inside knowledge of the entertainment industry to tell us about the odd ramifications to the time North Korea attacked Sony in response to an unpopular plot development in The Interview. Whether you call them North Korea, Lazarus Group, Guardians of Peace, or a handful of other code names, Nate talks us through the standard operating procedures used by one of the most active groups on the planet. In this episode, we talk about Seth Rogen, James Franco, Disney, Sony Pictures Entertainment, email security, malware droppers, shamoon whiper malware, and Microsoft Sam.
54 min 43 sec
We were supposed to talk about the Facebook breach, but Nate asked Joshua a question about himself. In this episode, we talk about automation with PowerShell, Robocopy, Batch Scripts, registry reconnaissance, SSH, and ransomware.
1 hr 14 min
You asked for it - here's part 1 of our episode on Bitcoin. Joshua and Nate talk through the things individuals should consider before investing in cryptocurrencies (including a few cyber threats to keep in mind), how to break into Ft Knox and kite checks, and a billionaire that wants you to know about his skills in video games. In this episode, we talk about bitcoin, etherium, substratum, blockchain technology, Kim Dotcom, coin miners, and methods of keeping your bitcoin wallet safe from password theft. Not featured: financial advice.
1 hr 4 min
Nate and Joshua catch up with Trafenia Flynn Salzman, CCSP, an Information Security Architect for the US federal government and leads the nation's 3-letter organizations through a multi-year initiative to implement a Zero Trust approach to cybersecurity. It's one of our top 10 best episodes (as of the time of this writing). In this episode, we talk about zero trust, antivirus, firewalls, network segmentation, and the importance of IT asset inventories.
47 min 55 sec
This episode goes way off the rails as we discuss the effect of interdepartmental politics on a cybersecurity response team. The Threat Hacktors don't have to wait for committee approvals to act, so institutions without predefined incident response plans struggle to keep pace with long term cyber incidents. Nate (who I understand is very funny) coins the phrase, "badvertising," and we talk about a deer wearing a mustache. In this episode, we talk about emotet, trickbot, file binary heuristics and telemetry, thread hijacking, watering hole attacks, and badvertising.
53 min 37 sec
What do Sony and the Bank of Bangladesh have in common? Were they both hacked by Club Penguin using the North Korean malware known as Hidden Cobra? While Nate raises important questions about Club Penguin's involvement in the attempted theft of $850,000,000.00, Joshua went on a 34 minute rant about EDR, MDR, and DDR (don't worry - it was cut for time!). In this episode, we talk about phishing emails, Secure Email Gateways (AKA SEGways), and the importance of having a firm grip on financial procedures.
47 min 18 sec
When American and Israeli cyber operations join forces, you end up with one of the most sophisticated malware operations in history. Nate learns how to make a nuclear bomb, and Josh doesn't know how cars work. In this episode, we discuss zero day vulnerabilities, USB drive controls, hardening, maintaining a software inventory, Carbon Black, and the importance of having a security ally (like Red Canary).
51 min 18 sec
There's a new worst case scenario for small businesses. In this special emergency release of the Sittadel Podcast, Nate brings the cybersecurity as we talk about over a hundred thousand compromised organizations, and Joshua makes it lit. It's a full on swapcast! And this time, the microphones are on. Featured: CVE - Common Vulnerabilities and Exposures - a unique tracking number for thousands of vulnerabilities CVSS - the Common Vulnerability Scoring System - a Richter Scale analog for rating the severity of vulnerabilities IDS/IPS - Intrusion Detection / Prevention Systems - a network appliance that can detect malicious behavior over the network to shut down attempted compromise ...and Fitkicks foldable shoes.
49 min 5 sec
Joshua Sitta and Nate Fleming talk through one of the most successful cyber attacks in history - Solarigate. In this episode, we cover the basics of setting up your own Cybersecurity Strategy both in business and in personal lives. Not featured: Hugh Jackman. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app
42 min 39 sec
What's it take to cripple the largest shipping company in the world? About 7 minutes. Joshua talks through the impact NotPetya had on Møller – Mærsk and explains the approach he uses for combating ransomware. Later, Nate works some things out about Tommy. Featured in this episode are attack.mitre.org and RanSim. For free tips on defeating ransomware, check out The Free Ransomware Defense resource on Sittadel.com. If it wasn't clear, this episode is not sponsored by Møller – Mærsk.
49 min 3 sec
Nate and Joshua manage to talk through important security issues like bears, worms, and monkeys. In this episode, we highlight the way cybercriminals can share the love without compromising an email server if DKIM, DMARC, and SPF were never configured.
47 min 59 sec
Nate Fleming (Comedian) and Joshua Sitta (Cybersecurity Professional) host the Sittadel Podcast which takes listeners on a journey through cybersecurity incidents and their application to their small business. This episode is about the great Target Hack of 2013 and how that was a supply chain attack, email security and a few references to Hugh Jackman.
44 min 9 sec