This browser doesn't support Spotify Web Player. Switch browsers or download Spotify for your desktop.

Brakeing Down Security Podcast

By Brian Boettcher, Amanda Berlin, and Bryan Brake

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

  1. 1.
    2018-039-Ian Coldwater, kubernetes, container security11/12/2018
    50:15
  2. 2.
    2018-038-InfosecSherpa, security culture,11/05/2018
    59:11
  3. 3.
    2018-037-iWatch save man's life, Alexa detects your mood, and post-derby discussion10/22/2018
    44:30
  4. 4.
    2018-036-Derbycon 2018 Audio with Cheryl Biswas and Tomasz Tula10/15/2018
    39:56
  5. 5.
    2018-035-software bloat is forever; malicious file extensions; WMIC abuses10/01/2018
    52:42
  6. 6.
    2018-034-Pentester_Scenario09/25/2018
    40:02
  7. 7.
    2018--033-Chris_Hadnagy-SE-OSINT-vishing-phishing-book_interview-pt209/15/2018
    1:00:27
  8. 8.
    2018-032-chris Hadnagy, discusses his new book, OSINT and SE Part 109/08/2018
    37:51
  1. 9.
    2018-031-Derbycon ticket CTF, Windows Event forwarding, SIEM collection, and missing events... oh my!09/01/2018
    1:08:26
  2. 10.
    2018-030: Derbycon CTF and Auction info, T-mobile breach suckage, and lockpicking08/26/2018
    1:01:34
  3. 11.
    2018-029-postsummercamp-future_record_breached-vulns_nofix08/17/2018
    55:30
  4. 12.
    2018-028-runkeys, DNS Logging, derbycon Talks08/09/2018
    50:35
  5. 13.
    2018-027-Godfrey Daniels talks about his book about the Mojave Phonebooth08/01/2018
    37:45
  6. 14.
    2018-026-insurers gathering data, netflix released a new DFIR tool, and google no longer gets phished?07/27/2018
    43:51
  7. 15.
    2018-025-BsidesSPFD, threathunting, assessing risk07/19/2018
    34:52
  8. 16.
    2018-024- Pacu, a tool for pentesting AWS environments07/11/2018
    55:19
  9. 17.
    2018-023: Cydefe interview-DNS enumeration-CTF setup & prep07/02/2018
    55:24
  10. 18.
    2018-022-preventing_insider_threat06/26/2018
    47:31
  11. 19.
    2018-021-TLS 1.3 discussion, Area41 report, wireshark goodness06/20/2018
    42:42
  12. 20.
    2018-020: NIST's new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords06/13/2018
    36:43
  13. 21.
    2018-019-50 good ways to protect your network, brakesec summer reading program06/06/2018
    47:20
  14. 22.
    2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs05/30/2018
    34:14
  15. 23.
    2018-017- threat models, vuln triage, useless scores, and analysis tools05/23/2018
    39:37
  16. 24.
    2018-016- Jack Rhysider, DarkNet Diaries, and a bit of infosec history (Part 1)05/15/2018
    37:12
  17. 25.
    2018-015-Data labeling, data classification, and GDPR issues05/07/2018
    52:06
  18. 26.
    2018-014- Container Security with Jay Beale04/29/2018
    1:05:29
  19. 27.
    2018-013-Sigma_malware_report, Verizon_DBIR discussion, proper off-boarding of employees04/20/2018
    1:05:19
  20. 28.
    2018-012: SIEM tuning, collection, types of SIEM, and do you even need one?04/11/2018
    1:00:42
  21. 29.
    2018-011: Creating a Culture of Neurodiversity04/04/2018
    1:10:35
  22. 30.
    2018-010 - The ransoming of Atlanta, Facebook slurping PII, Dridex variants03/27/2018
    37:45
  23. 31.
    2018-009- Retooling for new infosec jobs, sno0ose, Jay Beale, and mentorship03/19/2018
    1:12:02
  24. 32.
    BDIR-001: Credential stealing emails, How do you protect against it?03/12/2018
    1:35:36
  25. 33.
    2018-008- ransomware rubes, Defender does not like Kali, proper backups03/12/2018
    58:11
  26. 34.
    2018-007- Memcached DDoS, Secure Framework Documentation, and chromebook hacking03/05/2018
    45:58
  27. 35.
    2018-006- NPM is whacking boxes, code signing, and stability of code02/26/2018
    46:17
  28. 36.
    2018-005-Securing_your_mobile_devices_and_CMS_against_plugin_attacks02/14/2018
    48:23
  29. 37.
    2018-004 - Discussing Bsides Seattle, and Does Autosploit matter?02/05/2018
    38:38
  30. 38.
    BDIR-000 ; The Beginning01/29/2018
    1:04:53
  31. 39.
    2018-003-Privacy Issues using Crowdsourced services,01/27/2018
    1:06:29
  32. 40.
    2018-002-John_Nye-Healthcare's_biggest_issues-ransomware01/20/2018
    1:03:27
  33. 41.
    2018-001- A new year, new changes, same old trojan malware01/12/2018
    1:05:36
  34. 42.
    2017-SPECIAL005-End of year Podcast with podcasters12/23/2017
    1:25:49
  35. 43.
    2017-042-Jay beale, Hushcon, Apple 0Day, and BsidesWLG audio12/16/2017
    1:06:29
  36. 44.
    2017-041- DFIR Hierarchy of Needs, and new malware attacks12/08/2017
    1:02:17
  37. 45.
    2017-040-Expensify_privacy_issues-Something_is_rotten_at_Apple11/30/2017
    47:26
  38. 46.
    2017-039-creating custom training for your org, and audio from SANS Berlin!11/23/2017
    43:12
  39. 47.
    2017-038- Michael De Libero discusses building out your AppSec Team11/15/2017
    56:09
  40. 48.
    2017-037 - Asset management techniques, and it's importance, DDE malware11/08/2017
    52:28
  41. 49.
    2017-036-Adam Shostack talks about threat modeling, and how to do it properly10/29/2017
    1:34:53
  42. 50.
    2017-SPECIAL004- SOURCE Conference Seattle 201710/22/2017
    48:08
  43. 51.
    2017-035-Business_Continuity-After_the_disaster10/16/2017
    59:19
  44. 52.
    2017-SPECIAL003-Audio from Derbycon 2017!10/07/2017
    1:15:05
  45. 53.
    2017-034-Preston_Pierce, recruiting, job_descriptions10/02/2017
    1:02:05
  46. 54.
    2017-SPECIAL002-Derbycon-podcast with podcasters (NSF Kids/Work)09/27/2017
    1:18:30
  47. 55.
    2017-033- Zane Lackey, Inserting security into your DevOps environment09/17/2017
    1:00:35
  48. 56.
    2017-032-incident response tabletops, equifax breach09/12/2017
    47:37
  49. 57.
    2017-031-Robert_Sell-Defcon_SE_CTF-OSINT_source09/04/2017
    1:03:46
  50. 58.
    2017-030-Vulnerability OSINT, derbycon CTF walkthrough, and bsides Wellington!08/29/2017
    52:36
  51. 59.
    2017-029-CIS benchmarks, Windows Update reverts changes used to detect malware08/20/2017
    1:17:40
  52. 60.
    2017-028-disabling WU?, Comcast wireless hack, and was it irresponsible disclosure?08/12/2017
    54:44
  53. 61.
    2017-026-Machine_Learning-Market Hype, or infosec's blue team's newest weapon?08/03/2017
    1:09:01
  54. 62.
    2017-025-How will GDPR affect your Biz with Wendyck, and DerbyCon CTF info07/22/2017
    1:10:48
  55. 63.
    2017-024-infosec_mental_health_defcon_contest-with-rand0h-and-tottenkoph07/16/2017
    1:30:55
  56. 64.
    2017-023-Jay_Beale_Securing Linux-LXC-Selinux-Apparmor-Jails_and_more07/10/2017
    1:09:43
  57. 65.
    2017-022-Windows Hardening, immutable laws of security admins, and auditpol07/03/2017
    53:47
  58. 66.
    2017-SPECIAL- Michael Gough and Brian Boettcher discuss specific ransomware06/30/2017
    19:25
  59. 67.
    2017-021-small_biz_outreach-614con-prenicious_kingdoms-ransomware-bonus06/22/2017
    1:18:46
  60. 68.
    2017-020-Hector_Monsegur_DNS_OSINT_Outlaw_Tech_eClinicalWorks_fine06/14/2017
    1:16:36
  61. 69.
    2017-019-Ms. Jessy Irwin, Effective Training in Small/Medium Businesses06/06/2017
    1:11:33
  62. 70.
    2017-018-SANS_course-EternalBlue_and_Samba_vulnerabilities-DerbyCon contest details05/30/2017
    50:39
  63. 71.
    2017-017-Zero_Trust_Networking_With_Doug_Barth,_and_Evan_Gilman05/09/2017
    1:25:45
  64. 72.
    2017-016-Fileless_Malware, and reclassifying malware to suit your needs05/02/2017
    1:05:42
  65. 73.
    2017-015-Being a 'security expert' vs. 'security aware'04/27/2017
    44:42
  66. 74.
    2017-014-Policy_writing_for_the_masses-master_fingerprints_and_shadowbrokers04/20/2017
    1:00:11
  67. 75.
    2017-013-Multi-factor Auth implementations, gotchas, and solutions with Matt04/13/2017
    48:43
  68. 76.
    2017-012-UK Gov Apprenticeship infosec programs with Liam Graves04/05/2017
    54:12
  69. 77.
    2017-011-Software Defined Perimeter with Jason Garbis03/29/2017
    52:40
  70. 78.
    2017-010-Authors Amanda Berlin and Lee Brotherston of the "Defensive Security Handbook"03/22/2017
    1:13:41
  71. 79.
    2017-009-Dave Kennedy talks about CIAs 'Vault7', ISC2, and Derbycon updates!03/14/2017
    1:15:17
  72. 80.
    2017-008-AWS S3 outage, how it should color your IR scenarios, and killing the 'whiteboard' interview03/06/2017
    1:14:22
  73. 81.
    2017-007- Audio from Bsides Seattle 201703/01/2017
    35:42
  74. 82.
    2017-006- Joel Scambray, infosec advice, staying out from in front of the train, and hacking exposed02/19/2017
    1:05:44
  75. 83.
    2017-005-mick douglas, avoid bad sales people, blue team defense tools02/14/2017
    1:03:57
  76. 84.
    2017-004-sandboxes, jails, chrooting, protecting applications, and analyzing malware02/06/2017
    52:24
  77. 85.
    2017-003-Amanda Berlin at ShmooCon01/29/2017
    30:45
  78. 86.
    2017-002: Threat Lists, IDS/IPS rules, and mentoring01/21/2017
    1:05:40
  79. 87.
    2017-001: A New Year, malware legislation, and a new cast member!01/12/2017
    43:43
  80. 88.
    2016-051: Steps to fixing risks you found, and the State of the Podcast12/25/2016
    41:29
  81. 89.
    2016-050: Holiday Spectacular with a little help from our friends!12/21/2016
    1:14:53
  82. 90.
    2016-049-Amanda Berlin, the art of the sale, and Decision making trees12/15/2016
    56:46
  83. 91.
    2016-048: Dr. Gary McGraw, Building Security into your SDLC, w/ Special guest host Joe Gray!12/03/2016
    1:11:06
  84. 92.
    2016-047: Inserting Security into the SDLC, finding Privilege Escalation in poorly configured Linux systems11/28/2016
    19:49
  85. 93.
    2016-046: BlackNurse, Buenoware, ICMP, Atombombing, and PDF converter fails11/21/2016
    44:49
  86. 94.
    2016-045: Aamir Lakhani discusses the dark web, creating a reputation, and is all the content bad?11/14/2016
    1:01:45
  87. 95.
    2016-044: Chain of Custody, data and evidence integrity11/07/2016
    47:03
  88. 96.
    2016-043: BSIMMv7, a teachable moment, and our new Slack Channel!11/01/2016
    1:14:09
  89. 97.
    2016-042-Audio from Source Seattle 2016 Conference10/24/2016
    1:32:52
  90. 98.
    2016-041- Ben Johnson, company culture shifts, job descriptions, cyber self-esteem10/17/2016
    1:11:22
  91. 99.
    2016-040: Gene_Kim, Josh_Corman, helping DevOps and Infosec to play nice10/10/2016
    1:01:39
  92. 100.
    2016-039-Robert Hurlbut, Threat Modeling and Helping Devs Understand Vulnerabilities10/04/2016
    1:14:59
  93. 101.
    2016-038-Derbycon Audio and 2nd Annual Podcast with Podcasters!09/28/2016
    1:24:13
  94. 102.
    2016-037: B1ack0wl, Responsible Disclosure, and embedded device security09/14/2016
    1:06:50
  95. 103.
    2016-036: MSSP pitfalls, with Nick Selby and Kevin Johnson09/11/2016
    1:08:11
  96. 104.
    2016-035-Paul Coggin discusses the future with Software Defined Networking09/06/2016
    1:13:27
  97. 105.
    2016-034: Sean Malone from FusionX explains the Expanded Cyber Kill Chain08/28/2016
    1:40:43
  98. 106.
    2016-033: Privileged Access Workstations (PAWs) and how to implement them08/22/2016
    57:32
  99. 107.
    2016-032-BlackHat-Defcon-Debrief, Brakesec_CTF_writeup, and blending in while traveling08/15/2016
    59:55
  100. 108.
    2016-031:DFIR rebuttal and handling incident response08/08/2016
    58:59
  101. 109.
    2016-030: Defending Against Mimikatz and Other Memory based Password Attacks07/31/2016
    35:00
  102. 110.
    2016-029: Jarrod Frates, steps when scheduling a pentest, and the questions you forgot to ask...07/25/2016
    1:22:39
  103. 111.
    2016-028: Cheryl Biswas discusses TiaraCon, Women in Infosec, and SCADA headaches07/17/2016
    1:00:23
  104. 112.
    2016-027: DFIR conference, DFIR policy controls, and a bit of news07/10/2016
    45:01
  105. 113.
    2016-026-powershell exfiltration and hiring the right pentest firm07/03/2016
    1:14:54
  106. 114.
    2016-025-Windows Registry, Runkeys, and where malware likes to hide06/27/2016
    50:47
  107. 115.
    2016-024: Kim Green, on CISOaaS, the Redskins Laptop, and HIPAA06/20/2016
    1:13:19
  108. 116.
    2016-023- DNS_Sinkholing06/13/2016
    39:20
  109. 117.
    2016-022: Earl Carter dissects the Angler Exploit Kit06/06/2016
    57:39
  110. 118.
    2016-021: Carbon Black's CTO Ben Johnson on EDR, the layered approach, and threat intelligence05/29/2016
    57:37
  111. 119.
    2016-020-College Vs. Certifications Vs. Self-taught05/21/2016
    54:19
  112. 120.
    2016-019-Creating proper business cases and justifications05/16/2016
    54:42
  113. 121.
    2016-018-software restriction policies and Applocker05/09/2016
    1:00:00
  114. 122.
    2016-017-The Art of Networking, Salted Hashes, and the 1st annual Podcast CTF!05/02/2016
    1:02:25
  115. 123.
    2016-016-Exploit Kits, the "Talent Gap", and buffer overflows04/25/2016
    1:00:13
  116. 124.
    2016-015-Dr. Hend Ezzeddine, and changing organizational security behavior04/16/2016
    1:10:43
  117. 125.
    2016-014-User_Training,_Motivations,_and_Speaking_the_Language04/08/2016
    41:16
  118. 126.
    2016-013-Michael Gough, the ISSM reference model, and the 5 P's03/26/2016
    58:51
  119. 127.
    2016-012-Ben Caudill on App Logic Flaws, and Responsible Disclosure03/19/2016
    51:46
  120. 128.
    2016-011-Hector Monsegur, deserialization, and bug bounties03/14/2016
    1:12:25
  121. 129.
    2016-010-DNS_Reconnaissance03/07/2016
    49:53
  122. 130.
    2016-009-Brian Engle, Information Sharing, and R-CISC02/29/2016
    1:05:56
  123. 131.
    2016-008-Mainframe Security02/22/2016
    1:47:01
  124. 132.
    2016-007-FingerprinTLS profiling application with Lee Brotherston02/14/2016
    1:11:06
  125. 133.
    2016-006-Moxie_vs_Mechanism-Dependence_On_Tools02/08/2016
    54:05
  126. 134.
    2016-005-Dropbox Chief of Trust and Security Patrick Heim!01/30/2016
    46:37
  127. 135.
    2016-004-Bill_Gardner01/24/2016
    1:19:05
  128. 136.
    2016-003-Antivirus (...what is it good for... absolutely nothing?)01/18/2016
    54:33
  129. 137.
    2016-002-Cryptonite- or how to not have your apps turn to crap01/11/2016
    1:03:14
  130. 138.
    2016-001: Jay Schulmann explains how to use BSIMM in your environment01/03/2016
    1:02:16
  131. 139.
    2015-054: Dave Kennedy12/27/2015
    51:52
  132. 140.
    2015-053: 2nd annual podcaster party12/22/2015
    1:17:42
  133. 141.
    2015-052: Wim Remes-ISC2 board member12/17/2015
    46:51
  134. 142.
    2015-051-MITRE's ATT&CK Matrix12/10/2015
    48:22
  135. 143.
    2015-049-Can you achieve Security Through Obscurity?12/04/2015
    42:18
  136. 144.
    2015-048: The rise of the Shadow... IT!11/27/2015
    43:51
  137. 145.
    2015-047-Using BSIMM framework to measure the maturity of your software security lifecycle11/21/2015
    46:44
  138. 146.
    2015-046: Getting Security baked in your web app using OWASP ASVS11/10/2015
    36:47
  139. 147.
    2015-045: Care and feeding of Devs, podcast edition, with Bill Sempf!11/04/2015
    46:25
  140. 148.
    2015-044-A MAD, MAD, MAD, MAD Active Defense World w/ Ben Donnelly!10/30/2015
    55:47
  141. 149.
    2015-043: WMI, WBEM, and enterprise asset management10/22/2015
    44:54
  142. 150.
    2015-042: Log_MD, more malware archaeology, and sifting through the junk10/14/2015
    1:11:57
  143. 151.
    Derbycon Audio - post-Derby interviews!10/10/2015
    1:04:09
  144. 152.
    Derbycon - A podcast with Podcasters! *explicit*09/30/2015
    1:00:09
  145. 153.
    2015-040; Defending against HTML 5 vulnerabilities09/21/2015
    30:58
  146. 154.
    2015-039: Hazards of HTML509/14/2015
    33:28
  147. 155.
    2015-038-Influence Vs. Mandate and Guardrails vs. Speedbumps09/07/2015
    53:35
  148. 156.
    2015-037-making patch management work08/31/2015
    45:39
  149. 157.
    2015-036: Checkbox security, or how to make companies go beyond compliance08/24/2015
    53:10
  150. 158.
    2015-035: Cybrary.it training discussion and Bsides Austin Panel08/16/2015
    40:55
  151. 159.
    Flashback: 2014-001_Kicking some Hash08/15/2015
    39:54
  152. 160.
    2015-034: SANS Top20 Security Controls #9 - CTFs - Derbycon dicsussion08/10/2015
    54:24
  153. 161.
    2015-033: Data anonymization and Valuation, Privacy, and Ethical medical research08/03/2015
    54:25
  154. 162.
    2015-032: Incident response, effective communication, and DerbyCon Contest07/26/2015
    59:12
  155. 163.
    2015-031: Fab and Megan-High_Math-Psychology_and Scarves07/18/2015
    52:51
  156. 164.
    2015-030: Bsides Austin panel Discussion (Red Team vs. Blue Team)07/13/2015
    38:48
  157. 165.
    2015-029: Big Brown cloud honeyblog with @theroxyd07/06/2015
    48:59
  158. 166.
    2015-028: using log analytics to discover Windows malware artifacts06/29/2015
    44:48
  159. 167.
    2015-027- detecting malware in Windows Systems with Michael Gough06/22/2015
    50:33
  160. 168.
    2015-026- Cloud Security discussion with FireHost06/14/2015
    54:06
  161. 169.
    2015-025: Blue Team Army, Powershell, and the need for Blue team education06/08/2015
    34:24
  162. 170.
    2015-024: Is a good defense the best offense? Interview w/ Mick Douglas!05/31/2015
    49:20
  163. 171.
    2015-023_Get to know a Security Tool: Security Onion!05/26/2015
    37:09
  164. 172.
    2015-022: SANS Top 25 Critical Security Controls-#10 and #1105/17/2015
    56:03
  165. 173.
    2015-021: 24 Deadly Sins: Command injection05/10/2015
    40:09
  166. 174.
    2015-020 - Deadly Programming Sins - Buffer Underruns05/03/2015
    38:04
  167. 175.
    2015-018- How can ITIL help you flesh out your infosec program?04/26/2015
    58:15
  168. 176.
    2015-017: History of ITIL, and integrating Security04/18/2015
    55:58
  169. 177.
    2015-016: Special Interview: Cybrary.it04/07/2015
    33:51
  170. 178.
    2015-015: 2015 Verizon PCI report04/04/2015
    43:18
  171. 179.
    2015-014-SANS Top 20 Controls - #12 and #1303/28/2015
    57:32
  172. 180.
    2015-013-Hackerspaces and their sense of community03/21/2015
    49:51
  173. 181.
    2015-012-Fill In podcast with Jarrod and Lee!03/15/2015
    1:43:35
  174. 182.
    2015-011- Why does BeEF and metadata tracking keep I2P developers up at night?03/07/2015
    45:42
  175. 183.
    2015-010 - How can you use I2P to increase your security and anonymity?02/28/2015
    57:05
  176. 184.
    2015-009-Part 2 with Pawel Krawczyk02/21/2015
    35:32
  177. 185.
    2015-008- Make your web Apps more secure with Content Security Policy (part 1)02/16/2015
    29:32
  178. 186.
    2015-007-SANS_Top20_14and15--Proving_Grounds_Microcast with Megan Wu!02/10/2015
    53:39
  179. 187.
    2015-006- Is your ISP doing a 'man-in-the-middle' on you?02/07/2015
    59:27
  180. 188.
    2015-005: Threat Modeling with Lee Brotherston02/01/2015
    45:06
  181. 189.
    2015-004-SANS Top 20: 20 to 1601/25/2015
    58:58
  182. 190.
    All About Tor01/17/2015
    40:58
  183. 191.
    Episode 2: Big Trouble in Small Businesses01/10/2015
    35:53
  184. 192.
    2015-001- "unhackable" or "attacker debt"01/04/2015
    10:42
  185. 193.
    Is Compliance running or ruining Security Programs?12/26/2014
    32:45
  186. 194.
    Brakeing Down/Defensive Security Mashup!12/21/2014
    1:26:27
  187. 195.
    Tyler Hudak (@secshoggoth) Discusses incident respose, and DIY malware research12/15/2014
    41:43
  188. 196.
    Tyler Hudak discusses malware analysis12/08/2014
    39:28
  189. 197.
    Part 2 w/ Ben Donnelly -- Introducing Ball and Chain (making password breaches a thing of the past)12/01/2014
    37:40
  190. 198.
    Active Defense and the ADHD Distro with Ben Donnelly11/22/2014
    44:39
  191. 199.
    Active Defense: It ain't 'hacking the hackers'11/18/2014
    49:25
  192. 200.
    Interview Part 2 with Paul Coggin: Horror stories11/09/2014
    39:03

Listen to Brakeing Down Security Podcast now.

Listen to Brakeing Down Security Podcast in full in the Spotify app