Episode 128 - A Masterclass on Being Yourself with Ashish Rajan

This episode of Hacker Valley Studio podcast’s Hacker Valley Red Series features guest Maurice Ashley, a chess grandmaster and author of Chess for Success. Maurice is a chess guru and has been playing it ever since his high school years. He is currently involved in commentating for chess events, teaching chess, and training national chess champions. In this episode, Maurice and the hosts talk about Maurice’s chess journey along with some parallels between chess and cyber security. The hosts, Ron and Chris, start off the interview by pointing out one parallel between chess and cybersecurity: the art of training. Maurice responds by sharing about the rigorous training of chess, and of the different strategies and techniques that must be learned. He also takes some time to explain his own journey with training in chess and how it progressed through the years. In high school, he started playing with his brother, and then moved to playing in more formal settings with more challenging opponents. This eventually led to earning the title of chess grandmaster. Being the first black male to receive the Chess Grandmaster title, Maurice speaks on how this accomplishment inspired others to reach for their goals. Circling back to the parallels between chess and cyber security, Maurice touches on the importance of practicing for performance. This means knowing your opponent, studying their strategies, and using their energy against them. Chris and Ron highlight how this parallels with cyber security in knowing how to approach the opponent. They then ask Maurice about his thoughts on an unbeatable chess player and how it relates to an unhackable system. Maurice responds by explaining that in the game if chess with its millions of possible outcomes, having an unbeatable player is impossible. Additionally, He emphasizes how this truth relates to cyber security. Rather than focusing on being unbeatable, Maurice encourages focus to be spent on readiness which is acquired through practice. In cyber security, Chris and Ron explain how readiness means having the ability to respond automatically to situations. They ask Maurice about blitz and bullet chess and how it relates to this kind of practice. According to Maurice, blitz and bullet chess rely heavily on instinct and experience. The conversation ends as the hosts ask Maurice to share some tips for people interested in learning chess. Maurice encourages people interested in chess to download his new app, Learn Chess with Maurice Ashley, where he provides lessons on chess. He closes by encouraging others to reach for the greatness inside them. According to Maurice, greatness is defined as having the right mindset, doing the hard work, making the sacrifices, and learning through the process. This is the greatness that will be reflected in the end goal. 2:49 - Maurice introduces himself 6:46 - Maurice’s journey of becoming a grandmaster 9:20 - The impact of Exposure 11:07 - Maurice tells of the significance of being the first black male to earn the title of Chess Grandmaster. 15:00 - Maurice tells of the influence of his family in earning the title of Chess Grandmaster. 17:58 - Maurice speaks on practicing for performance and how it relates to cyber security. 22:00 -The parallels between an unbeatable chess player and an unhackable system 25:18 - Maurice explains blitz and bullet chess and how it relates to cyber security. 33:25 - Maurice gives some tips on how to get started playing chess. 37:04 - Maurice gives advice on how to reach greatness.   Links: To learn more about Maurice Ashley, visit https://mauriceashley.com Follow Maurice Ashley on Twitter and Instagram Learn more about Maurice Ashley’s book Chess for Success and his app Learn Chess with Maurice Ashley Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about the season sponsor, RiskIQ

6 Loka 202041min

On this episode of Hacker Valley Studio, hosts Ron and Chris speak with Lisa Jiggetts, founder of Women’s Society of Cyberjutsu. Their conversation covers Lisa’s background, her current work and her involvement as a penetration tester.   Lisa says she’s always been a techie who loved gadgets, breaking things and trying to understand how they fit together. She knew she wanted to work with computers, but wasn’t sure what that meant, exactly. Out of high school she joined the military working in IT, but knew she wanted to be a hacker. Eventually, she made her way to pentesting apps and systems in the cloud. Lisa loves the game aspect of pentesting and the red team. She says she enjoys the challenge of trying to get into the box and “level up,” trying more and more ways in before reaching out for help.   In between jobs a few years ago, Lisa began dreaming of a hands on training group for women like herself. It began as a meet-up group, which grew into the Women’s Society of Cyberjutsu, (WSC). She wanted hands-on workshops and an opportunity for networking and building a network of mentors and mentees. The first workshops and members were women in IT and even outside of tech, who were looking for a change and challenge in their career. Now the organization is in a state of growth with chapters across the country. To anyone interested, she says WSC gives the opportunity for hands-on training and a network of support.   As the episode ends, Lisa shares her advice to anyone interested in the red team or the world of cyber security in general. Her number one piece of advice is networking, because that’s the way she’s found a lot of her work in the past. She also encourages listeners, regardless of where they’re starting, to get their skills up any way they can. The field is always changing, Lisa says, so the initiative to work and show up is invaluable.   2:12 - The episode and guest are introduced. 3:50 - Lisa gives an overview of her background. 10:00 - Lisa explains her breaker mentality. 15:57 - What made Lisa commit to pentesting and the red team? 20:34 - Lisa discusses the founding of the Women’s Society of Cyberjutsu. 29:44 - Lisa’s advice for listeners interested in the red team and cyber security.   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about WSC Follow Lisa Jiggetts on Twitter Learn more about the season sponsor, RiskIQ

6 Loka 202034min

In this episode of the Hacker Valley Studio podcast’s Hacker Valley Red series, this time featuring guest Ted Harrington.  Ted is an Executive Partner at ISE Security, an author, and a professional speaker. Hosts Ron and Chris speak with Ted about the concept of unhackability, his experience in the security field, an interesting story of an attack in real time, and more!   To start off the interview, Ted shares about his background.  He currently works for a consulting firm that focuses on ethical hacking and aims to help companies solve their security problems, and his interest in the work of hacking goes back to a car-hacking experience in which he and his colleagues were inspired by a claim of unhackability and disproved the claim.  Ted clarifies that there is effectively no such thing as an unhackable device or application, but that his work centers on closing attack vectors and making security systems stronger.  In fact, he wants his legacy in the field to center on making things better.  He shares about his own energy and motivation, and also explains the mindset of a hacker, which involves creativity and a certain way of thinking about and solving problems.   Ted has learned a great deal in his years in the hacking field, and Ron and Chris are eager to draw lessons out for listeners.  Ted explains misconceptions about the red side of security before providing an extended example of hacking in real time: an example of cryptocurrency wallets that involved Ted and his team happening upon a real thief at work.  Ted explains that people should not have a laissez-faire attitude about security, and that they should foster a right mindset and right partnerships.  He clarifies that he sees many breakers start as builders, explains the utility of thinking from the perspective of a buyer, and offers advice for listeners looking to enter the field.  This advice centers on mindset and hands-on activity; there are lots of opportunities to get involved with DEF CON, talks, contests, and even internships (including some at Ted’s company).    1:50 - The episode features Ted Harrington; listeners are introduced to him and the episode ahead. 3:05 - The conversation begins with Ted’s background. 7:21 - The group considers the term “unhackable,” closing attack vectors, and breakers starting as builders. 14:02 - “Think like a hacker.” 20:02 - Ted explains some lessons from real-life work, focusing on a cryptocurrency wallet example. 25:13 - What should people learn and do? 30:38 - Where do Ted’s energy and motivation come from, and what is the most interesting part of his work? 34:32 - Ted offers advice and shares what he hopes his legacy in the field will be.   Links: Connect with Ted on LinkedIn or email him at ted@ise.io Learn about Ted’s book, Hackable Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about the season sponsor, RiskIQ

6 Loka 202041min

On this episode of Hacker Valley Studio, hosts Ron and Chris speak with Alissa Knight, author of the book Hacking Connected Cars and self described “recovering hacker.” Their conversation covers content creation, API’s and hacking cars.   Alissa grew up in Seattle, Washington where there was a big art scene. She began building her own computers and running her own boards at an early age. She says a lot of people don’t know that she started out in the BBS scene back in the 90’s. At seventeen she hacked into a government network and was arrested. Eventually, the charges were dropped on a technicality and she went on to work for the US Intelligence Community in cyber warfare.   Alissa’s first start-up was a web design company where she ran a Lennox webserver around the time the teardrop attack in Lennox servers. The people she rented office space from were teardropping her web hosting server. She picked up a book on cyber security, and got introduced into the world of cyber security through necessity. She had a passion for finding vulnerabilities, and understanding things that were difficult to understand, which is what brought her to embedded systems. The rest she says is history.   As the episode ends, Alissa talks about her YouTube Channel, KnighTV. She says she’s always been an artist, and always wanted to do things at 200%. Her following is relatively new, at the beginning of 2019 she only had 4 followers on Twitter and now she’s passed the threshold to be part of the YouTube Partner Program. She wanted a cinematic experience for the viewer to stand out and not be just another video for the viewer. For anyone interested in getting started in being a breaker, she’s posted a couple videos on the topic, and explains there are many resources at their disposal. She says this line of work takes grit, and in her opinion a passion for reading.   2:08 - The episode and guest are introduced. 3:19 - Alissa gives an overview of her background. 6:29 - How Alissa’s career began. 10:16 - Do you have to program to hack? 14:26 - What led Alissa to hacking cars? 24:55 - Alissa explains what people get wrong about the red team. 29:25 - Alissa answers the question, “is there an unhackable device?” 36:54 - How KnightTV came into being. 41:08 - Alissa gives her advice on where to start getting into cyber security   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Follow Alissa Knight on Twitter Subscribe to Alissa’s YouTube Channel Learn more about the season sponsor, RiskIQ

6 Loka 202046min

This episode of the Hacker Valley Studio podcast continues the Hacker Valley Red series by featuring Alex Rice.  Alex is the CTO and co-founder of HackerOne, and he joins hosts Ron and Chris for a conversation about such topics as the beginnings of the researcher community, bug bounty, and the term “hacker.”    Alex first shares about his background leading up to what he’s doing today.  He worked as a developer, and then about 20 years ago, he moved into the security field.  Part of his career trajectory was motivated by his frustration over a lack of feedback loops, and he explains both how HackerOne came to be and some details about bug bounty.  Ron and Chris are particularly interested in why HackerOne has the term “hacker” in it, even though the term can carry with it negative connotations (however inaccurate they may be).  Alex clarifies that he and his colleagues do not want to beat around the bush, but want to be part of the work of dismantling false stereotypes about hacking.    Moving forward in the conversation, Alex covers a variety of topics related to his work.  He addresses changes in hackers’ experiences with cease and desist orders, the bug bounty community, and the gamification of security and hacking.  He shares about different motivations of security researchers, teenagers making a lot of income through bug bounty, hacking outliers and their personas, impacts of COVID-19, and writing reports.  Ron and Chris ask Alex about whether or not unhackability is possible (spoiler: it’s not!), as well as about the closest thing to unhackable that can be achieved.  Alex explains what he’s looking toward in the future, talks about his love of outdoor work, and finally offers encouragement to the person in bug bounty looking to keep progressing in the field.   1:34 - Listeners are introduced to Alex Rice and the conversation to come. 2:41 - What is Alex’s background, and what is he doing today? 7:45 - Alex explains why the term “hacker” is included in his company’s name. 10:45 - The group considers cease and desist orders, bug bounty community, and gamification of security and hacking. 18:11 - Alex addresses the reality of teenagers making millions through bug bounty, as well as the personas of hacking outliers. 22:43 - Alex talks bug bounty, COVID-19, and writing reports. 25:41 - Is unhackability possible?  If not, what’s the closest we can get to it? 30:02 - The conversation concludes with Alex’s thoughts on the future, hobbies, and encouragement to people in bug bounty looking to continue in the field.   Links: Connect with Alex Rice on Twitter Connect with the Bug Bounty Community at hackerone.com/hacktivity Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about the season sponsor, RiskIQ

6 Loka 202038min

On this episode of Hacker Valley Studio, hosts Ron and Chris speak with Rachel Tobac, CEO of SocialProof Security and Chair of the Women in Security and Privacy Board. Their conversation covers everything from neuroscience to spearfishing and human’s place in cyber security.   Rachel is a human hacker, also known as a social engineer, and she begins the episode by explaining her background in social engineering and experience in the non profit space. She credits her success in the field to her background in neuroscience and behavioral psychology as well as training in improv. Her husband works in cyber security and encouraged her into the space even though she was nervous at first because she didn’t know how to code.   Rachel explains that she still does not know how to code, her most important skills in social engineering are the ability to persuade and improv. When working with companies, Rachel helps client facing employees to help confirm people are who they say they are. She sits down with them to go through processes that help her close the loopholes that allow hackers to mine information. Humans are the first line of defense, so they have to have their guard up. From there, keeping the organization up  to date on the latest trends in cyber security and how hackers find their way in is key to getting the correct tools to prevent hacks.   As the episode ends, Rachel shares her next steps are working with hospitals to prevent ransomware and phishing attacks. She’s also turning her attention toward the election and educating people on what the 2020 Presidential election will look like and the time it may take to announce the winner. While she does not currently think elections can be done entirely from home, she considers it a goal for the future.     1:59 - Rachel Tobac and today’s episode of Hacker Valley Red is introduced. 8:50 - What are the skills needed to become a social engineer? 10:51 - Rachel leads Ron and Chris through an improv exercise. 13:59 - Rachel shares where she thinks technology is headed. 20:20 - Rachel shares the scariest part of social engineering hacks. 25:29 - Rachel’s key takeaways. 34:11 - Rachel is looking toward 2020 election security.   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Follow Rachel Tobac on Twitter Learn more about the season sponsor, RiskIQ

6 Loka 202038min

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris introduce the podcast’s new series: Hacker Valley Red.  After the previous season highlighted the defensive side of cyber security, this season will focus on the other side of the coin - the offensive side.  Ron and Chris spend this initial episode talking about their experience with the offensive side of cyber security, what listeners can look forward to hearing in the episodes ahead, and what sorts of questions experts will field throughout the season.   As the conversation gets underway, Ron and Chris introduce the season, which will cover such topics as the background and personas of red teamers, information about red teaming technology, misconceptions from the blue side, and what red teaming really looks like.  The hosts then share their own backgrounds in red teaming.  While they both had some prior experience with red teaming, they learned a lot through hosting the episodes in the season.  As they introduce the series ahead, Ron and Chris touch on the social side of red teaming, analogies by which red teaming can be explained, Ron’s exploitation video, the value and use of red teaming within organizations, the shared community of red and blue teaming, purple team engagement, the concept of unhackability, and more.    In the episodes ahead, Ron and Chris will ask guests what other aspects of life and technology help them with red teaming, and there are particular topics from the episodes that they are most excited to consider with listeners.  These topics include the issue between blue and red teams, the concept of a hacker, the idea of unhackability, and different perspectives of paths into the field of red teaming and to mastery within it.  Ron and Chris conclude their introductory conversation with two lessons they hope listeners will take from the season: the lesson that creation is a process and that the best red teamers learn to love the process, and the lesson that both red and blue team members are on the same team.   0:48 - The podcast is now moving to the other side of the coin: the offensive side of cyber security. 2:48 - Ron and Chris share their respective backgrounds in red teaming. 7:25 - What other aspects of life and technology help guests with red teaming? 10:50 - Chris asks about Ron’s exploitation video. 12:52 - The hosts address the iterative improvement of an organization’s security posture. 18:14 - Ron and Chris talk about purple team engagement. 21:12 - Is unhackability real or possible? 24:53 - Hacking can have to deal with a human, rather than a device or application. 26:34 - What key takeaways do the hosts want listeners to take from the season? 28:10 - What do Ron and Chris want listeners to learn?   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about the season sponsor, RiskIQ

6 Loka 202030min

In this episode of the Hacker Valley Studio podcast’s Hacker Valley Blue series, Ron and Chris wrap up the season with a recap of its past episodes and major takeaways, as well as a look at what’s to come for them personally and for the podcast. Looking back on the season, Ron and Chris consider the importance of communication in the field of threat intelligence, specifically thinking of insights from their talk with D’Arcy and lessons in poetry and delivery from Valentina.  They cover the surprise of Jack’s willingness to share personal thoughts, review their discussions of bias (specifically highlighting talks with Jon and Susan), and recount things learned about the concept of unhackability. Listeners will hear about the inevitability of mistakes in threat intelligence work, the “easy button” framework, the season theme of sharpening oneself outside of work, and the dynamic of a threat intelligence team. The episode then turns toward Ron and Chris, themselves.  Ron first puts Chris in the hot seat and asks what the future of threat intelligence is for him.  Chris explains that, while he thinks his days as an individual contributor for threat intelligence are over, he is still doing some quiet, yet-to-be revealed work, and is turning much of his attention to giving back to the field.  Ron, in explaining his own work, talks about bouncing between tasks, building tools for others, distilling information into simple messages, and continuing to navigate issues of automation.  Finally, Ron and Chris thank people involved with the season and address what the future holds for the Hacker Valley Studio podcast.  Listeners hear the exciting announcement of the next season: Hacker Valley Red! 0:47 - Ron and Chris talk about the importance of communication in the field of threat intelligence. 2:56 - What was one surprise in this season? 3:52 - The hosts review their conversations about bias. 6:55 - The episode turns to the “easy button” framework and the need for personal sharpening outside of work. 16:15 - Ron and Chris consider the inevitability of analysts missing things and the building of a team. 20:22 - What is the future of threat intelligence for Chris and Ron? 27:50 - The hosts review their insights about the possibility of an unhackable device or app. 29:43 - What is next for the Hacker Valley Studio podcast?   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about RiskIQ

1 Syys 202035min