Episode 13 - A Journey Through Venture Capitalism: Mentoring and Leading in Silicon Valley

On this episode of Hacker Valley Studio, hosts Ron and Chris speak with Alissa Knight, author of the book Hacking Connected Cars and self described “recovering hacker.” Their conversation covers content creation, API’s and hacking cars.   Alissa grew up in Seattle, Washington where there was a big art scene. She began building her own computers and running her own boards at an early age. She says a lot of people don’t know that she started out in the BBS scene back in the 90’s. At seventeen she hacked into a government network and was arrested. Eventually, the charges were dropped on a technicality and she went on to work for the US Intelligence Community in cyber warfare.   Alissa’s first start-up was a web design company where she ran a Lennox webserver around the time the teardrop attack in Lennox servers. The people she rented office space from were teardropping her web hosting server. She picked up a book on cyber security, and got introduced into the world of cyber security through necessity. She had a passion for finding vulnerabilities, and understanding things that were difficult to understand, which is what brought her to embedded systems. The rest she says is history.   As the episode ends, Alissa talks about her YouTube Channel, KnighTV. She says she’s always been an artist, and always wanted to do things at 200%. Her following is relatively new, at the beginning of 2019 she only had 4 followers on Twitter and now she’s passed the threshold to be part of the YouTube Partner Program. She wanted a cinematic experience for the viewer to stand out and not be just another video for the viewer. For anyone interested in getting started in being a breaker, she’s posted a couple videos on the topic, and explains there are many resources at their disposal. She says this line of work takes grit, and in her opinion a passion for reading.   2:08 - The episode and guest are introduced. 3:19 - Alissa gives an overview of her background. 6:29 - How Alissa’s career began. 10:16 - Do you have to program to hack? 14:26 - What led Alissa to hacking cars? 24:55 - Alissa explains what people get wrong about the red team. 29:25 - Alissa answers the question, “is there an unhackable device?” 36:54 - How KnightTV came into being. 41:08 - Alissa gives her advice on where to start getting into cyber security   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Follow Alissa Knight on Twitter Subscribe to Alissa’s YouTube Channel Learn more about the season sponsor, RiskIQ

6 Okt 202046min

This episode of the Hacker Valley Studio podcast continues the Hacker Valley Red series by featuring Alex Rice.  Alex is the CTO and co-founder of HackerOne, and he joins hosts Ron and Chris for a conversation about such topics as the beginnings of the researcher community, bug bounty, and the term “hacker.”    Alex first shares about his background leading up to what he’s doing today.  He worked as a developer, and then about 20 years ago, he moved into the security field.  Part of his career trajectory was motivated by his frustration over a lack of feedback loops, and he explains both how HackerOne came to be and some details about bug bounty.  Ron and Chris are particularly interested in why HackerOne has the term “hacker” in it, even though the term can carry with it negative connotations (however inaccurate they may be).  Alex clarifies that he and his colleagues do not want to beat around the bush, but want to be part of the work of dismantling false stereotypes about hacking.    Moving forward in the conversation, Alex covers a variety of topics related to his work.  He addresses changes in hackers’ experiences with cease and desist orders, the bug bounty community, and the gamification of security and hacking.  He shares about different motivations of security researchers, teenagers making a lot of income through bug bounty, hacking outliers and their personas, impacts of COVID-19, and writing reports.  Ron and Chris ask Alex about whether or not unhackability is possible (spoiler: it’s not!), as well as about the closest thing to unhackable that can be achieved.  Alex explains what he’s looking toward in the future, talks about his love of outdoor work, and finally offers encouragement to the person in bug bounty looking to keep progressing in the field.   1:34 - Listeners are introduced to Alex Rice and the conversation to come. 2:41 - What is Alex’s background, and what is he doing today? 7:45 - Alex explains why the term “hacker” is included in his company’s name. 10:45 - The group considers cease and desist orders, bug bounty community, and gamification of security and hacking. 18:11 - Alex addresses the reality of teenagers making millions through bug bounty, as well as the personas of hacking outliers. 22:43 - Alex talks bug bounty, COVID-19, and writing reports. 25:41 - Is unhackability possible?  If not, what’s the closest we can get to it? 30:02 - The conversation concludes with Alex’s thoughts on the future, hobbies, and encouragement to people in bug bounty looking to continue in the field.   Links: Connect with Alex Rice on Twitter Connect with the Bug Bounty Community at hackerone.com/hacktivity Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about the season sponsor, RiskIQ

6 Okt 202038min

On this episode of Hacker Valley Studio, hosts Ron and Chris speak with Rachel Tobac, CEO of SocialProof Security and Chair of the Women in Security and Privacy Board. Their conversation covers everything from neuroscience to spearfishing and human’s place in cyber security.   Rachel is a human hacker, also known as a social engineer, and she begins the episode by explaining her background in social engineering and experience in the non profit space. She credits her success in the field to her background in neuroscience and behavioral psychology as well as training in improv. Her husband works in cyber security and encouraged her into the space even though she was nervous at first because she didn’t know how to code.   Rachel explains that she still does not know how to code, her most important skills in social engineering are the ability to persuade and improv. When working with companies, Rachel helps client facing employees to help confirm people are who they say they are. She sits down with them to go through processes that help her close the loopholes that allow hackers to mine information. Humans are the first line of defense, so they have to have their guard up. From there, keeping the organization up  to date on the latest trends in cyber security and how hackers find their way in is key to getting the correct tools to prevent hacks.   As the episode ends, Rachel shares her next steps are working with hospitals to prevent ransomware and phishing attacks. She’s also turning her attention toward the election and educating people on what the 2020 Presidential election will look like and the time it may take to announce the winner. While she does not currently think elections can be done entirely from home, she considers it a goal for the future.     1:59 - Rachel Tobac and today’s episode of Hacker Valley Red is introduced. 8:50 - What are the skills needed to become a social engineer? 10:51 - Rachel leads Ron and Chris through an improv exercise. 13:59 - Rachel shares where she thinks technology is headed. 20:20 - Rachel shares the scariest part of social engineering hacks. 25:29 - Rachel’s key takeaways. 34:11 - Rachel is looking toward 2020 election security.   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Follow Rachel Tobac on Twitter Learn more about the season sponsor, RiskIQ

6 Okt 202038min

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris introduce the podcast’s new series: Hacker Valley Red.  After the previous season highlighted the defensive side of cyber security, this season will focus on the other side of the coin - the offensive side.  Ron and Chris spend this initial episode talking about their experience with the offensive side of cyber security, what listeners can look forward to hearing in the episodes ahead, and what sorts of questions experts will field throughout the season.   As the conversation gets underway, Ron and Chris introduce the season, which will cover such topics as the background and personas of red teamers, information about red teaming technology, misconceptions from the blue side, and what red teaming really looks like.  The hosts then share their own backgrounds in red teaming.  While they both had some prior experience with red teaming, they learned a lot through hosting the episodes in the season.  As they introduce the series ahead, Ron and Chris touch on the social side of red teaming, analogies by which red teaming can be explained, Ron’s exploitation video, the value and use of red teaming within organizations, the shared community of red and blue teaming, purple team engagement, the concept of unhackability, and more.    In the episodes ahead, Ron and Chris will ask guests what other aspects of life and technology help them with red teaming, and there are particular topics from the episodes that they are most excited to consider with listeners.  These topics include the issue between blue and red teams, the concept of a hacker, the idea of unhackability, and different perspectives of paths into the field of red teaming and to mastery within it.  Ron and Chris conclude their introductory conversation with two lessons they hope listeners will take from the season: the lesson that creation is a process and that the best red teamers learn to love the process, and the lesson that both red and blue team members are on the same team.   0:48 - The podcast is now moving to the other side of the coin: the offensive side of cyber security. 2:48 - Ron and Chris share their respective backgrounds in red teaming. 7:25 - What other aspects of life and technology help guests with red teaming? 10:50 - Chris asks about Ron’s exploitation video. 12:52 - The hosts address the iterative improvement of an organization’s security posture. 18:14 - Ron and Chris talk about purple team engagement. 21:12 - Is unhackability real or possible? 24:53 - Hacking can have to deal with a human, rather than a device or application. 26:34 - What key takeaways do the hosts want listeners to take from the season? 28:10 - What do Ron and Chris want listeners to learn?   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about the season sponsor, RiskIQ

6 Okt 202030min

In this episode of the Hacker Valley Studio podcast’s Hacker Valley Blue series, Ron and Chris wrap up the season with a recap of its past episodes and major takeaways, as well as a look at what’s to come for them personally and for the podcast. Looking back on the season, Ron and Chris consider the importance of communication in the field of threat intelligence, specifically thinking of insights from their talk with D’Arcy and lessons in poetry and delivery from Valentina.  They cover the surprise of Jack’s willingness to share personal thoughts, review their discussions of bias (specifically highlighting talks with Jon and Susan), and recount things learned about the concept of unhackability. Listeners will hear about the inevitability of mistakes in threat intelligence work, the “easy button” framework, the season theme of sharpening oneself outside of work, and the dynamic of a threat intelligence team. The episode then turns toward Ron and Chris, themselves.  Ron first puts Chris in the hot seat and asks what the future of threat intelligence is for him.  Chris explains that, while he thinks his days as an individual contributor for threat intelligence are over, he is still doing some quiet, yet-to-be revealed work, and is turning much of his attention to giving back to the field.  Ron, in explaining his own work, talks about bouncing between tasks, building tools for others, distilling information into simple messages, and continuing to navigate issues of automation.  Finally, Ron and Chris thank people involved with the season and address what the future holds for the Hacker Valley Studio podcast.  Listeners hear the exciting announcement of the next season: Hacker Valley Red! 0:47 - Ron and Chris talk about the importance of communication in the field of threat intelligence. 2:56 - What was one surprise in this season? 3:52 - The hosts review their conversations about bias. 6:55 - The episode turns to the “easy button” framework and the need for personal sharpening outside of work. 16:15 - Ron and Chris consider the inevitability of analysts missing things and the building of a team. 20:22 - What is the future of threat intelligence for Chris and Ron? 27:50 - The hosts review their insights about the possibility of an unhackable device or app. 29:43 - What is next for the Hacker Valley Studio podcast?   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about RiskIQ

1 Sep 202035min

Ron and Chris host their vocal coach, D’Arcy Webb, for this episode of the Hacker Valley Studio podcast’s Hacker Valley Blue series.  Since threat intelligence is a communications-based function, Ron and Chris look to “The Speech Diva” for insight.  She has experience as an actress, was a coach for TEDxCambridge, and loves teaching people how to access the power of language to touch people’s hearts and change their minds. As the conversation begins, D’Arcy explains her background to listeners.  She explains how an acting incident early in her career turned her attention to the topic of vocals, and clarifies that she has spent the last 25 years teaching and exploring this aspect of performance.  D’Arcy is passionate about treating the voice as the instrument that it is, and she works with students such as Chris and Ron to help them discover the musical and magical components to language and improve their own speaking practice.  The way we speak, she insists, impacts people, and so it is well worth pursuing excellence in this area. The conversation also highlights various details pertaining to vocal training.  D’Arcy lists some of her favorite speakers and the reasons why she loves them (going out of her way to point listeners to NPR’s Fresh Air and its host, Terry Gross)  She also speaks to the nature of vowels and consonants, the usefulness of pauses and variety in speech, how listeners can grow through coaching and - even today - through working on their breathing, the place of filler words in language, and the ideal of comfort with one’s own technique.  Listeners will hear about Pablo Nerudo, onomatopoeia, vibrations, and so much more! 1:29 - Listeners are introduced to D’Arcy. 4:35 - The group considers Ron and Chris’s progress in speech. 6:08 - D’Arcy believes that magic and music are inherent in language. 8:48 - Who are D’Arcy’s favorite speakers, and what is the value of pauses? 12:03 - People wanting to grow need to learn the fundamentals. 17:05 - D’Arcy addresses filler words. 19:31 - The group thinks about comfortable technique, Pablo Neruda, onomatopoeia, and more. 27:52 - D’Arcy speaks to the power of speech and the importance of proper breathing.   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about D’Arcy Webb Connect with D’Arcy on Facebook Email D’Arcy at darcy@darcywebb.com Learn more about our sponsor RiskIQ

1 Sep 202033min

This episode of the Hacker Valley Studio podcast’s Hacker Valley Blue series is a bit unique.  It features Brandon Dixon, the VP of Strategy at RiskIQ, a major sponsor of the podcast.  Brandon co-founded Passive Total in 2014, and it was later purchased by RiskIQ.  He is the quintessential guest, invested in fitness, philosophy, tech, and leadership.  He is an expert in both the practice and business of threat intelligence, and he shares with Ron and Chris about himself, his work, and the field. Much of the conversation focuses on Brandon and his work background.  Brandon explains his journey into the threat intelligence field, from his early interest, through jobs in tech and academia, and to work in espionage research.  Eventually, he and friend Steve McGinty saw a need and tried to solve it; their efforts took shape in the company they co-founded, Passive Total.  Brandon explains to listeners the process by which he and Steve created Passive Total, as well as the way in which they arrived at the deal to sell Passive Total to RiskIQ.  Brandon was heavily involved in the integration of Passive Total into RiskIQ, before eventually settling into a specific role within RiskIQ that capitalizes his love of the business side of the field.  He aims to work in light of his personal philosophy on life and success, which he also details. The conversation touches on many practically relevant details of the threat intelligence field, as well.  Brandon addresses the changes in the field and motivation he draws from these changes, bias and intelligence collection, and lessons that have arisen through his specific experiences.  Other topics covered include intelligence leads and the future of threat intelligence, unhackability, the place of circumstances in life and business, and how intelligence leaders can improve their programs.  As Brandon anticipates that threat intelligence will only become a more pervasive field, listeners will doubtless benefit from his own insights, as well as his recommendations of such resources as Malcolm Gladwell’s Outliers and RiskIQ workshops. 0:26 - The conversation begins with an introduction to this unique episode, its guest, and his background. 2:43 - The group considers the changing business of threat intelligence and what drives Brandon. 8:24 - The next topics are bias and intelligence collection, as well as what surprises Brandon. 13:00 - Brandon shares the story of Passive Total and its integration into RiskIQ, also addressing the business side of the field and lessons learned through his experience. 24:04 - Brandon addresses intelligence leads and the question of unhackability. 34:44 - What is Brandon’s philosophy on life and success? 39:37 - Brandon explains what threat intelligence leaders need to do to improve their programs.   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Follow Brandon on Twitter Learn more about our sponsor RiskIQ Follow RiskIQ on Twitter Connect with RiskIQ on YouTube

1 Sep 202043min

This episode of the Hacker Valley Studio podcast is the fifth installment in this first season of the Hacker Valley Blue series, and features guest Susan Peediyakkal, an expert in building threat intelligence programs.  Susan is a cyber threat intelligence consultant, the founder of BSides Sacramento, and a member of the advisory boards for several cybersecurity companies.  She joins hosts Ron and Chris to speak to her background, the future of threat intelligence, and much more. Susan first details her background, running through the highlights of her approximately 16 years in cybersecurity, which have focused mostly on threat intelligence.  Susan began her career in the air force, and is still a reservist.  She worked with radar, and eventually decided to cross-train and branch into IT.  The following years saw her in a number of roles with various organizations, and move decisively into the threat intelligence field.  Eventually, Susa noticed that her career trajectory was moving her toward building threat intelligence programs for government entities.  She built programs for such varied clients as the government of Abu Dhabi, USPS, US courts, and industry leaders.  She recently paused her work to pursue further education, but has since returned to work as a threat intelligence practitioner.. As the conversation continues, Ron and Chris ask Susan to share insights on several topics.  The group considers the importance of community and a human element within the threat intelligence field, ways Susan has faced misconceptions when starting threat intelligence programs, the concept of unhackability, and what stakeholders outside the field get wrong about it.  Returning to a topic that has been forefront on Ron and Chris’s minds recently, Susan also shares about bias in her line of work and how threat intelligence analysts go wrong in dealing with it.  Moving into more personal topics, the group discusses Susan’s podcast-worthy voice, clarity, and articulation.  Susan explains how experts in threat intelligence can cultivate a new wave of speakers, and the conversation ends with a look at what the future holds for both Susan and the field of threat intelligence. 1:40 - Listeners are introduced to the episode and today’s guest, Susan Peediyakkal; Susan then shares her background. 5:41 - The group considers the importance of community, misconceptions Susan has noticed about her field, and the artistry and human element of threat intelligence. 16:02 - What kind of bias is Susan running into, and where do analysts go wrong with regard to bias? 21:38 - Susan addresses the term “unhackable.” 24:35 - Susan and her hosts turn to matters of podcasting, voice, and speaking. 31:40 - What do people outside the field get wrong about it? 33:48 - What’s the future look like for Susan, her field, and the workforce?   Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Follow Susan on Twitter Connect with Susan on LinkedIn Learn more about the episode sponsor, RiskIQ

1 Sep 202040min