Cyber Distortion Podcast Series

When the world comes crumbling down and your entire existence is burning to the ground, will you be prepared to handle it? What am I talking about anyway? The post-breach apocalypse, of course. What else?! You see, we have all heard it said so many times, "It's not a matter of IF you get breached; it's a matter of WHEN!" Well, if that is true, do you think you should be making every possible effort to get as prepared as possible ahead of time? We do! That is precisely why have handpicked the special guest for this episode. Stephen Cracknell is an Amazon best-selling author with experience in a very critical area that we know you can improve in by absorbing his wisdom. We know that, because we all can improve in this area. Stephen and his team at USM Technology are passionate about helping business leaders repel cyberattacks. They work with IT leaders across Texas to build out comprehensive incident response plans designed to ensure that the IT team, as well as the company's leadership, work effectively during the critical first 72 hours after a cyberattack. Their focus is helping IT leaders develop a plan that brings critical business processes back online quickly, so their leadership team is not forced to pay the hacker's ransom. Your well-designed recovery plan also avoids data loss, business downtime, irate customers as well as injury to your company's reputation and your career. So, sit back, refill your coffee mugs, and pull up a chair. It's time to dive into an episode we've titled DOOMSDAY BREACH PREPPING 101! Yee-haw! Citations: USM Technology Pentesting Services: https://www.usmtechnology.com/uncover.html Purchase Stephen's Book on Amazon Find Stephen on LinkedIn: https://www.linkedin.com/in/stephencracknell/ Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.

Electronic Blinky-Bling?!! What the heck is that?! Take a quick walk around the Las Vegas strip around mid-summer at the DEFCON Hacking/Security Conference and you'll find out pretty darned quick! #BADGELIFE is a sub-culture of creators, hackers, programmers, and like-minded pseudo geniuses that craft some of the coolest electronic gadgetry you're ever going to see! Imagine a sea of LEDs dancing to the music of a DJs mix, on a PCB designed to look artsy and cool. Oh, also imagine that you can hack that bad boy and play games, and set the LCD screen to your favorite animated GIF. Imagine using the latest programming languages and technologies to link hundreds of badges together on their own network of social awesomeness! That's a fraction of what Badgelife is really all about. In this light-hearted episode, we talk with our pals Zapp and Hyr0n at AND!XOR about how they continue to set the badgelife world ablaze with their creative masterpieces every single year. It should go without saying that their work is some of the absolute best as they start planning for the next masterpiece over 18 months ahead in many cases. You can rest assured, they always have a virtual line out the door filled with people looking to string an AND!XOR PCB medallion around their necks. Why?! Because their creations are always EPIC A** Kickery! Join Cybersecurity professionals and CISSP brethren, Jason (Redeemer) and Kevin (Sabotage66) as they bring another hard-hitting and action packed episode. This one centers on all of the intricacies of this amazing sub-culture of the awesome DEFCON conference. Strap on your best hacker gear, throw on your black hoodie, or your bucket hat, and if you've got it, flip on your coolest blinky-bling and join us as we pick the brains of half of the AND!XOR team! Let's get DISTORTED (in a full on Cybery kind of way)!! Helpful DEFCON websites: Official DEFCON Website: https://defcon.org/ Official DEFCON SWAG: https://shop.defcon.org/ Registration for DC30: https://shop.defcon.org/products/def-con-30-pre-registration-ticket DEFCON Forums: https://forum.defcon.org/ Helpful AND!XOR websites: AND!XOR Twitter: https://twitter.com/andnxor AND!XOR YouTube: https://www.youtube.com/channel/UCPn2tbrSo1Pi92k9TTJgmyg Other podcasts featuring AND!XOR: Macrofab Ep#66 Macrofab Ep#109 Macrofab Ep#144 Macrofab Ep#238 Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.

In this episode, Jason and Kevin join guest Ross Ingersoll, Executive Risk & Cyber Account Executive at Holmes & Murphy & Associates. We discuss the topic of cyber insurance and how being protected from today's Cyber risks can better position your company in the event of a major breach event. If you've ever wondered about what Cyber Insurance covers, or what types of things you need to be considering before you even think about applying for Cyber Insurance, then this episode will hit home! In today's Cyber climate, does your company have the risk appetite to go without the added protection of Cyber Insurance to fall back on? Ross shares his valuable insight on why YOU might want to at least consider a policy for your business. We'll also play the "Cyber Claim Game" where we take a look at how some of today's larger breaches played out and what other companies have paid out due to lack of preparedness. You will take away some valuable insight around this topic and several key actionable items that you can consider if you want to look into cyber insurance for your company! Lastly, you'll discover the Key Carrier Provisions that every underwriter looks at before inking a policy. Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.

In this episode, join Jason & Kevin as they discuss the journeys they both took to obtain the coveted CISSP (Certified Information Systems Security Professional) certification from the governing body of (ISC)2. Anyone who knows ANYTHING about Cybersecurity and has aspirations of becoming a manager know that the CISSP is the most sought after certification offered. In this episode, they discuss why that is. We also discuss the various domains covered in the exam, the weightings of each domain, the exam format, and many helpful tips and tricks to help get you over the hump as you traverse your studies. We know the effort required to obtain this certification and we are familiar with the full experience, even the failure of each of our first exams. That's a painful pill to swallow but we have some sage advice that might just help you to succeed on your next attempt. We hope that this episode is considered just one more tool to add to the virtual tool belt for all aspiring future CISSPs that are embarking on this prestigious and esteemed certification. We KNOW that you'll find this information valuable. After all, don't you need a light-hearted break from your books and flash cards anyway?!?! =) Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company. CITATIONS: Matt Elliott Blog Post: A Journey Through Hell. My CISSP Experience. https://medium.com/@pentesta/my-cissp-experience-a-journey-through-hell-56790c4f569e (ISC)2 Official Website The Pathway to Certification https://www.isc2.org/Certifications/CISSP How to Think Like a Manager for the CISSP Exam Luke Ahmed https://www.amazon.com/Think-Like-Manager-CISSP-Exam/dp/1735085197/ref=sr_1_1?crid=2LO79N1BUYEIS&keywords=Luke+Ahmed&qid=1651298957&sprefix=luke+ahmed%2Caps%2C99&sr=8-1 Cybrary.IT Video Course by Kelly Handerhan – Certified Information Systems Security Professional (CISSP) https://www.cybrary.it/course/cissp/ Host Unknown – The Very Fine Chaps Host Unknown presents: I'm a C I Double S P (CISSP Parody) https://podcast.hostunknown.tv/ https://hostunknown.tv/ https://youtube.com/user/HostUnknownTV LMFAO – Yes Instrumental https://www.karaoke-version.com/mp3-backingtrack/lmfao/yes.html

In this episode, Jason & Kevin join special guest Stacie Grimm, Principal at UHY. UHY is one of the Midwest's leading CPA, business advisory and M&A firms. They deliver a broad range of tax, accounting, consulting and investment banking capabilities to serve businesses as well as individuals. Stacie brings 15 years of experience as a seasoned auditor to the conversation in this episode. In this episode we hit Stacie with questions around all the differences around company assessments, reports, audits, certifications and frameworks! We talk about Internal versus External audits, and we land on anything and everything SOC (System and Organizational Controls) and the SOC Suite of Services, Stacie's specialty! We learn how SOC is nothing more than a framework through which organizations can communicate relevant useful information about the effectiveness of their cybersecurity risk management program and CPAs can report on such information to meet the cybersecurity information needs to a broad range of stakeholders. By the end of the episode, you'll know all about the differences between SOC I, SOC 2 (Type 1 and Type 2), and SOC 3 reports. NOT Audits, reports! =) Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.

In this episode, Jason and Kevin join guest Adam Fisher, Principal Security Engineer at Salt Security. We focus on a very common threat vector and component in modern web applications, the topic of API security. API security is the process of protecting APIs from attacks. Because APIs are very commonly used, and because they enable access to sensitive software functions and data, they are becoming a primary target for attackers. In this episode, we'll look at why API security is at an all-time high on the concerns lists for companies. If it's not on your top 5 list of concerns, it SHOULD be! APIs connect systems together everywhere and we use them every day. We discuss some of the biggest API breaches you've likely heard about. We also cover why we're vulnerable but more importantly, what you can do about it! Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.

What is this mysterious online enigma? Maybe you've heard about it and wondered, "What type of craziness would I find out there?" Cybersecurity professionals and CISSP brothers, Jason and Kevin bring a hard-hitting and action packed episode centered on all of the mysteries the Dark Web has to offer. Join them as they navigate the waters of the various internet layers, the world of anonymity via the Onion Router (TOR). Finally, take a trip down the infamous Silk Road and follow it all the way to the illusive Red Room. Who knows? You may even find out the cost to go buy yourself 1000 TikTok, Instagram, or Twitter followers!! Does everything that you've heard of on the Dark Web even really exist? Well….maybe…just maybe, one day, they'll take it upon themselves to go find out. That, my friends is for another episode!! Helpful websites: https://haveibeenpwned.com/ Citations: Chitty, T (2017, May, 26). What is the Dark Web. CNBC Explains. https://www.youtube.com/watch?v=fUjSVrh9UN4 Nelson, T (2021, February 11). Full Documentary: Dark Web. Janson Media. https://www.youtube.com/watch?v=cL3pEe47qyk VICE (2021, July 24). How to Hire a Hitman| The Business of Crime. VICE. https://www.youtube.com/watch?v=sinsp0uLsS8 Leyden, J (2019, October 29). Cybersecurity news and views. The Daily Swig CYBERCRIME MAGAZINE. https://portswigger.net/daily-swig/arpanet-anniversary-the-internets-first-transmission-was-sent-50-years-ago-today Matthieu, C (2020, October 19). Journey from ARPANET to XRPANET. Medium.com. https://medium.com/xrpanet/journey-from-arpanet-to-xrpanet-cc7bb576a49f

Jason and Kevin join guest Eric Lough, VP of Business Development at FCP Euro to discuss how managers think and make critical decisions around Cybersecurity. Eric brings over 15 years of experience in the Automotive Aftermarket to the table. We spend the majority of the episode picking his brain on several key questions on today's challenging decisions that most managers have to make as it relates to protecting their businesses. As you'll find out in this conversation, not all of these decisions are easy! Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.

Jason and Kevin, both CISSP's and seasoned cybersecurity professionals, join guest David Bonvillain, VP of Sales Engineering for Halcyon.ai. David shares his 20+ years of experience to dive deep into Ransomware. David shares with the audience practical ways to keep yourself safe based on his years of reverse engineering malware and his deep understanding on how they are programmed to behave. He also takes on a historical review of Ransomware, where it started, how it progressed into a major business model and recent new developments discovered in the last 2 weeks on where it is going. We conclude with information you can use to track Ransomware attacks and data breaches. Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as a Information Security Director for a Manufacturing company.

Jason and Kevin, both CISSP's and seasoned cybersecurity professionals, join guest Benjamin Hall CISA, CDPSE, a cybersecurity consultant to break down key understandings of Ransomware. They share Ransomware horror stories and participate in a live simple Ransomware awareness quiz game produced by the FTC. They also discuss Senior Management buy-in and provide the audience with simple tools they can implement now so they can protect themselves and their companies. Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as a Information Security Director for a Manufacturing company.

Jason and Kevin, both CISSP's and seasoned cybersecurity professionals, breakdown 3 of the top Ransomware attacks of 2021. They give insights into why hackers found these vulnerabilities and help you understand why this podcast series is important to add to your podcast list for 2022.