Keeping It Open Source with Metasploit’s HD Moore
Hacker Valley Studio15 Syys 2022

Keeping It Open Source with Metasploit’s HD Moore

This season of Hacker Valley Red wraps up with another interview of an incredible offensive cybersecurity legend. Known first and foremost for his work founding Metasploit and his recent work co-founding Rumble, HD Moore joins the show this week to hear about his journey from spiteful hacker to successful founder. HD walks through the history of Metasploit, the motivation behind their coding decisions, his opinions on open source software, and the excitement of exploration and discovery.

Timecoded Guide:

[04:57] Catching up with HD’s career from his hacking exploits in the ‘90s through his founding of Metasploit to his recent activities with Rumble

[11:41] Getting personal with the feelings and takeaways from a project as successful and impactful on the cyber industry as Metasploit

[18:52] Explaining HD’s personal philosophies around accessible education and the risk of sharing vulnerable information publicly

[25:39] Diving deep into the technical stories of HD’s path of discovery and exploration during his time at Metasploit

[31:14] Giving advice for future founders and hackers looking to make a legendary impact on the cybersecurity community

Sponsor Links:

Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!

Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone

PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!

What were some of the trials, tribulations, and successes of Metasploit?

Although Metasploit has had a lasting impact on the cyber world, HD Moore is not afraid to admit that part of Metasploit existed out of spite for critics, employers, and gatekeepers in the cybersecurity industry. In terms of trials and tribulations, HD saw a great deal of criticism come from his peers and from professionals ahead of him in the industry, often displaying rudeness towards the quality of the exploits and Metasploit’s audience of young hackers. Later, HD says that a surprising and amusing side effect of his success with the project was watching employers and peers go from criticizing to lifting up his work with Metasploit and attributing success of many hacking professionals to its creation.

“When we started the Metasploit project, we really wanted to open up to everybody. We wanted to make sure that, even if you barely knew how to program, you can still contribute something to Metasploit. So, we did our best to make it really easy for folks to get in touch with us, to submit code.”

Where does your philosophy land today on giving information freely?

HD has heard the same opinions many professionals that teach and give information freely have heard: “You’re making it easier for people to use this information the wrong way.” Instead of considering the worst possible outcomes of making hacking accessible, HD chooses to acknowledge the importance of accessible education and publicly provided information. According to HD, if someone is creating and teaching content to the next generation of red teamers, that content is theirs to use. Whether they’re a physical pen tester teaching lock picking or a hacker disclosing a vulnerability, what they choose to share with others has to be based on personal moral code and what others do with that information is up to them.

“It comes down to: You do the work, you own the result. If you're teaching people how to do stuff, great, they can do what they want. You can decide to do that, you can decide not to do that, but it's your decision to spend your time training people or not training them.”

Is it possible to be a CEO, or a co-founder, and stay technical?

The downside of success in the cybersecurity industry is often stereotyped as losing the opportunity to be a hands-on hacker. However, for HD, his success has allowed him to do the exact opposite and instead prioritize his time to be technical. HD believes strongly in the ability to make this happen through proper delegation of duties, incorporating new leaders and managers in your company or project, and acknowledging when you may need the help to bring what you’re working on to the next level. HD is proud of his success with Metasploit and Rumble, and is happy that he was able to hand off certain duties to other professionals that he knew would do better if they had a chance in the founder’s shoes.

“Don't let the growth of your company change what you enjoy about your work. That's really the big thing there, and there's lots of ways you can get there. You can hire folks to help out, you can promote your co-founder to CEO. You can bring on program managers or project managers to help with all the day to day stuff."

What advice do you have for people looking to follow a similar cyber career path?

Content is the name of the game, especially when you’re looking to get more eyes on what you do. HD is the first to admit that putting himself out there in a blog post, on a podcast, or at a stage show is not always a walk in the park, taking him out of his comfort zone and often away from the tech that he spends his time on. However, publicly displaying himself and his work has brought attention to Rumble and Metasploit, and HD knows he would not have achieved this level of success without putting his content out into the world, hearing feedback from his peers, and even receiving his fair share of criticism from industry professionals.

“Not all of it is the most fun thing to do all the time, but it is crucially important, not just for growing yourself and getting out there and getting feedback from your peers, but for learning because you learn so much from the feedback you get from that effort.”

-----------

Links:

Stay in touch with HD Moore on LinkedIn, Twitter, and his website.

Learn more about Rumble, Inc on LinkedIn and the Rumble website.

Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.

Follow Ron Eddings on Twitter and LinkedIn

Catch up with Chris Cochran on Twitter and LinkedIn

Continue the conversation by joining our Discord

Jaksot(408)

Attack Surface Management: The Grit Needed for True Cyber Resilience with Nabil Hannan

Attack Surface Management: The Grit Needed for True Cyber Resilience with Nabil Hannan

Join hosts Ron and Chris as they dive into the world of Attack Surface Management (ASM) in this episode recorded live at RSAC 2023. Special guest Nabil Hannan, a seasoned industry expert and Field CISO at NetSPI, shares his wealth of knowledge and expertise in this critical field. Together, they explore the evolving landscape of ASM, highlighting NetSPI's unique approach compared to other solution providers and shedding light on the state of ASM to empower listeners to enhance their security posture. NetSPI has a team of skilled pen-testers that can help you find those critical vulnerabilities and become your partner in creating the right remediation game plan for you. Check them out at https://www.netspi.com/HVM Links: Connect with Nabil Hannan on LinkedIn: https://www.linkedin.com/in/nhannan/ Connect with us on LinkedIn: https://www.linkedin.com/company/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 01:08 - Introducing Nabil Hannan 01:25 - Relationship-building through play 04:39 - The power of authenticity 05:39 - What is a Field CISO? 07:02 - The rise of attack surface management 09:17 - What makes NetSPI different? 11:26 - A word from our sponsor 12:17 - Attack surface management for SMBs 15:15 - ASM solutions & false positives 17:16 - An ASM case study 21:15 - Red teaming influence on ASM 24:12 - Where do I get started with ASM?

23 Touko 202325min

A Tale of Two Risks: Third-Party and SaaS Security

A Tale of Two Risks: Third-Party and SaaS Security

In this episode, hosts Ron and Chris are joined by Paul Valente, CEO and co-founder of VISO Trust, and Bryan Wong, Sr. Security Analyst at Headspace, as they dive into the world of third-party risk in cybersecurity. With conversations ranging from the current state of third-party risk to identifying trustworthy vendors such as VISO Trust, they'll provide insights into how organizations manage partnerships in a scalable and secure way. Say goodbye to frustration and hello to peace of mind with VISO TRUST! Visit https://visotrust.com/hackervalley/ to learn how to transform your third-party risk management program. Links: Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 01:03 - Introducing Paul Valente & Bryan Wong 01:54 - The current state of third-party risk 02:46 - VISTO Trust — trust through transparency 04:43 - Headspace’s approach to 3rd party providers 05:23 - Managing risk successfully 07:44 - There’s a better way! 09:04 - Risk assessment & procurement 11:37 - VISO Trust & Headspace’s approach to AI 14:43 - A word from our sponsor 15:26 - The challenges of complete visibility 17:16 - Continuous, automated due diligence 18:52 - Identifying trustworthy vendors 21:34 - Doing more with less/cost-effectiveness 23:22 - Is 100% automation doable? 24:20 - You can have your cake and eat it too with third-parties

16 Touko 202325min

Paying the Piper in Cybersecurity: Balancing Success and Personal Life

Paying the Piper in Cybersecurity: Balancing Success and Personal Life

In this episode, Ron Eddings and Chris Cochran discuss the concept of "paying the piper" and its impact on their careers and personal lives. Paying the piper means facing the consequences of one's actions, whether they are good or bad. Chris shares his personal struggles and successes while working at Netflix, where he had to balance his career and family. Ron and Chris also discuss the importance of finding balance in one's life, understanding the consequences of one's actions, and recognizing the impact of one's legacy on both their family and the world.   Links: Icarus’ Balloon: https://www.linkedin.com/pulse/icarus-balloon-short-story-chris-cochran-chris-cochran Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord   Impactful Moments: 00:00 - Introduction 01:18 - What does it mean to ‘pay the piper’? 03:22 - Sacrifices and paying your dues 05:06 - Icarus’ Balloon 07:16 - Maintaining a balanced life 08:36 - Join our community! 09:40 - What is your legacy? 13:32 - Conflict = growth 15:27 - Learning to love the process 18:05 - The power of exploration 19:34 - Staying committed

9 Touko 202321min

CISO Burnout and Gaps in Cybersecurity Detections with Jack Roehrig

CISO Burnout and Gaps in Cybersecurity Detections with Jack Roehrig

In this podcast episode, Jack Roehrig, Technology Evangelist at Uptycs, discusses his experience with burnout and health issues due to his job as a Chief Information Security Officer (CISO). Jack has always known health is wealth and retired to Mexico for a few months to recover from his burnout. Despite telling himself he wouldn't work again, Jack discovered Uptycs, a leading XDR platform that has the opportunity to change cybersecurity and joined their team as Technology Evangelist. Links: Follow Jack Roehrig on LinkedIn: https://www.linkedin.com/in/jackery/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 00:00 - Introducing Jack Roehrig 01:40 - Jack’s security origin story 04:50 - The harsh realities of burnout in tech 05:33 - Finding peace in Mexico 07:51 - Working for your purpose 11:26 - From risk aversion to risk tolerance 13:51 - Join our community! 15:37 - Falling in love with XDR

2 Touko 202322min

The Critical Role of Empathy in Cybersecurity with Tracy Maleeff

The Critical Role of Empathy in Cybersecurity with Tracy Maleeff

In this episode, we explore the often-overlooked importance of empathy in the cybersecurity field. Our guest, Tracy Maleeff, shares her personal journey from community involvement to the industry and discusses how embracing empathy can lead to more effective threat intelligence and a stronger cybersecurity community.   Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord   Impactful Moments: 00:00 - Introduction 01:42 - Tracy’s volunteer and community participation 05:58 - Empathy in cybersecurity, or lack thereof 10:36 - How to bring more empathy into cybersecurity 13:21 - Tracy’s threat intelligence aspirations 18:46 - Identifying the “perfect” employer 20:19 - Diversity of thought and empathy 22:44 - Farewell and outro

25 Huhti 202323min

RSA With Purpose: Sealing Deals, Getting Hired, and Networking with Industry Leaders

RSA With Purpose: Sealing Deals, Getting Hired, and Networking with Industry Leaders

Head into RSA 2023 with a purpose. This episode is all about how to reach a win-win when sealing deals, getting hired, and networking. If you want to catch up with the Hacker Valley Team during RSA be sure to jump into our discord. You can join by going to hackervalley.com/discord Impactful Moments 00:00 - Intro 01:28 - Recapping our first time at RSA 03:02 - The 4 types of interactions  05:27 - Purposeful relationship building 06:57 - The vendor experience at RSA 08:51 - Opportunities and mutual benefiting 12:20 - Join our community! 13:20 - Find your new role at RSA 17:02 - Who inspires us? 18:19 - Tips on making new connections 23:28 - Come meet us at RSA! Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

18 Huhti 202324min

Mastering Focus with Simone Biles and Amy Bream at RSA

Mastering Focus with Simone Biles and Amy Bream at RSA

RSA is right around the corner and we’re so excited because it’s one of our big opportunities to meet with you, our dedicated listener. If you want to catch up with the Hacker Valley Team be sure to jump into our discord. You can join by going to hackervalley.com/discord   Impactful Moments: 00:00 - Intro 01:24 - Introducing Amy Bream & Simone Biles 02:50 - What’s it like being at a cybersecurity conference? 04:20 - Persevering through adversity 05:28 - Consistency — according to Amy & Simone 07:20 - How to overcome imposter syndrome 10:15 - Advice on handling burnout 11:53 - Focus and goal planning 15:09 - Authenticity and staying true to yourself 17:07 - The Axonius partnership — the bridge between athletes and technologists 19:42 - Staying focused in high-intensity environments 22:45 - Simone Biles, as a “person” 24:23 - The mind/body connection 26:55 - Mastering the basics 31:11 - What does legacy mean to you?   Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

11 Huhti 202335min

What Is Cyber Threat Intelligence and How To Stand Out As Threat Intelligence Analyst

What Is Cyber Threat Intelligence and How To Stand Out As Threat Intelligence Analyst

Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord   Impactful Moments 00:00 - Introduction 01:22 - What is Threat Intelligence? 02:17 - How did you get into Threat Intel? 03:20 - All Source vs Threat Intelligence 04:09 - What was the transition into cyber like? 07:03 - What is the salary potential for Threat Intel analysts? 09:00 - What skills do Threat Intel Analysts need? 10:09 - How to answer tough Threat Intel interview questions 10:47 - What does the first day on the job look like? 12:07 - What are the expectations of a Threat Intel Analyst? 13:18 - What expectations should an Intel Analyst have for their employer? 16:51 - Are threat intel feeds valuable? 18:26 - Chris’ first big threat intel “win” 22:24 - How have you changed as an analyst over the years? 24:22 - How to stand out in cybersecurity 27:24 - Advice for those breaking into Cyber Threat Intel   Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals.

4 Huhti 202329min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
voi-hyvin-meditaatiot-2
psykopodiaa-podcast
psykologia
rss-duodecim-lehti
rss-niinku-asia-on
adhd-podi
rss-vapaudu-voimaasi
rss-valo-minussa-2
kesken
jari-sarasvuo-podcast
rss-luonnollinen-synnytys-podcast
aamukahvilla
aloita-meditaatio
rss-uskonto-on-tylsaa
rss-ai-mita-siskopodcast
rss-narsisti
rss-rouva-keto
rss-pedatalk
rss-metropolia-ammattikorkeakoulu