In this episode, host Davin is joined by Tyson Supasatit, the Director of Product Marketing at Uptycs, to discuss how Upytcs is leveraging the MITRE D3FEND framework to further build upon their defensive capabilities. Tyson shares how Uptycs utilizes their robust use case library to demonstrate and provide creative solutions to their customers, compares the ATT&CK and D3FEND frameworks, and explores how Uptycs is leveraging the D3FEND framework to better implement defensive countermeasures. Lastly, Tyson gives his advice to folks looking to break into cybersecurity.    Guest Bio:  Tyson Supasatit is the Director of Product Marketing at Uptycs. He's been in the infosec space for over 10 years and has been fascinated with cyber defense for longer than he can remember. In his spare time, Tyson raises chickens, along with two children and various other pets.   Links:  Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Learn more about the MITRE ATT&CK and MITRE D3FEND frameworks Stay in touch with Tyson Supasatit on LinkedIn and Twitter Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Hear more from  Hacker Valley Media and Hacker Valley Blue  

In this episode of Hacker Valley Blue, host Davin is joined by McKenna Yeakey, a Corporate Security Engineer at Plaid, to discuss the importance of human-centric security. Mckenna explores the “human” aspects of her job and why end user impact plays such a major role in her decision making. She shares how she leverages her natural curiosity and problem solving skills to perform the ins and outs of threat intel as well as her thoughts on The Great Resignation and skill gaps in cybersecurity. Lastly, McKenna expresses her passion for mentoring the next generation of cyber professionals and her tips for newcomers in the field.    Guest Bio:  Mckenna Yeakey is a Corporate Security Engineer in the FINTECH industry. She leverages her technical skills and domain knowledge to bring value to the organization and the cybersecurity community. She is also a very active member of the Women’s Society of Cyberjutsu, Cybersecurity Gatebreakers Foundation, and an SME for CompTIA.   Links:  Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with Mckenna Yeakey on LinkedIn and Twitter Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Check out  Hacker Valley Media and Hacker Valley Blue  

In this episode of Hacker Valley Blue, host Davin is joined by Christopher Peacock, a Detection Engineer at SCYTHE, to discuss all things blue team. Christopher explores why asset management is a great security starting point for small organizations and why advanced persistent threats (APTs) are becoming increasingly difficult to defend against. He emphasizes the importance of red and blue team collaboration and takes time to share his career advice to those looking to break into the field.   Guest Bio:  Chris is an Adversary Emulation - Detection Engineer at SCYTHE, specializing in Purple Team Exercises and Detection Engineering. His previous experience includes multiple roles such as Cyber Threat Intelligence Analyst, Cyber Threat Hunter, Tier 3 SOC Analyst, Incident Responder, Cyber Security Consultant, and Purple Team Lead. He previously worked at Raytheon Intelligence & Space as well as General Dynamics Ordnance and Tactical Systems. Additionally, he has experience in multiple industries, including Energy, Finance, Healthcare, Technology, and Defense. Current certifications include GCTI, GCFA, GCED, eJPT, and CSIS.   Links:  Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with Christoper Peacock on LinkedIn Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Check out  Hacker Valley Media and Hacker Valley Blue  

In this episode of Hacker Valley Blue, host Davin is joined by John Stoner and Andy Piazza to talk about the current state of cyber threat intelligence. John and Andy explore the gap that exists between technical team leads and security leadership, the urgent need for more entry and junior level hires in the field, as well as their favorite CTI resources and tools. Lastly, they share their tips and advice to those interested in breaking into cybersecurity.    Guest Bio:  John Stoner has over 21 years of experience in the US Intelligence Community (USIC), DOD, and national security industry with 12+ focused in cybersecurity. He has experience with Cyber Threat Intelligence (CTI), instructional design, cyber counterintelligence (CI), Defense Industrial Base (DIB) engagements, NIST 800-171 & 800-53 familiarity, Advanced Persistent Threat (APT) analysis, Risk Management Framework (RMF) and Governance, Risk and Compliance (GRC). Andy Piazza is a threat management expert with experience across multiple fields of operations, ranging from high level strategic management down to tactical/technical field ops. Led diverse teams in high-stress environments world-wide, from counter-narcotics to cyber threat analysis; achieving complex mission objectives through focusing on team development and process maturation.   Links:  Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with John on LinkedIn Stay in touch with Andy on LinkedIn Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Check out  Hacker Valley Media and Hacker Valley Blue  

In this episode of Hacker Valley Blue, Davin is joined by the founder and COO of MaxProd Technologies, Marcus Bowie, to share his story from helpdesk, to SOC analyst, to business owner. Marcus shares how he leveraged his resourcefulness and work ethic to fast track his on-the-job work experience. Marcus explores how he strived for success, built on his knowledge over time, and pivoted to new job opportunities along the way. He takes a deep dive into how he and blue teams stay sharp and prepared against emerging threats as well as his thoughts on the skills gap in cybersecurity. Lastly, Marcus gives his tips and advice for newcomers breaking into the field.    Guest Bio: Founder and COO of MaxProd Technologies. Marcus has 12+ years of experience in Information Technology. He has supported several agencies including Department of State Diplomat Security and Department of Homeland Security Customs Border & Patrol. Marcus is now supporting the Department of Energy as a Cyber Security Engineer and Nuclear Regulatory Commission as a Forensics SME.    Links: Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with Marcus on Twitter and LinkedIn Connect with Davin on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Check out  Hacker Valley Media and Hacker Valley Blue

How do you use threat intelligence to inform your decision making? In this episode, Davin and guest Katie Nickles take a deep dive into cyber threat intelligence. Katie explores the role threat intelligence plays in determining an organization’s security posture, how threat intel helps blue teams stay ahead of and anticipate emerging threats, and what the day-to-day of a Director of Intelligence looks like. Katie shares her passion for teaching and nurturing the next generation of cybersecurity professionals and getting more girls/women interested in tech. Lastly, Kaite shares why she feels asset inventory is an inexpensive solution and great starting point for companies looking to kick off a security program. Guest Bio: Katie Nickels is the Director of Intelligence for Red Canary as well as a SANS Instructor for FOR578: Cyber Threat Intelligence and a non-resident Senior Fellow for the Atlantic Council’s Cyber Statecraft Initiative. She has worked in cyber threat intelligence and network defense for over a decade for the U.S. DoD, MITRE, Raytheon, and ManTech. Links: Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with Katie on Twitter and LinkedIn Connect with Davin on LinkedIn and Twitter Watch the live recording of this show on YouTube Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Blue

When red and blue forces unite, everyone wins. Eric Belardo joins Davin in this episode to discuss the benefits of blue and red teams working together, the challenges blue teamers face, and the benefits of diversity of thought. Be sure to tune in to this impactful episode of Hacker Valley Blue: The Defenders. Guest Bio: Eric Belardo is a former CISO and experienced professional with over 30 years experience in Cyber Security Risk Management, Security Operations Center Management & Operations, Security Architecture (COBIT, TOGAF, DODAF), Application Security, Security Operations Management, Penetration testing and GRC. He is also a former Forensics Investigator and Instructor. OT/ICS/PLC/SCADA and IT security. Links: Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with Eric on Twitter and LinkedIn Connect with Davin on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Check out  Hacker Valley Media and Hacker Valley Blue

Welcome to episode 1 of season 3 for Hacker Valley Blue! In this season, host Davin Jackson will be gathering the BEST blue team defenders in the field to share their expert advice, tips and strategies to up your defensive game in cybersecurity. In this episode Davin is joined by Lesley Carhart, an ICS Incident Response and hacker extraordinaire. The two take a deep dive into Lesley’s cyber background, address blue teaming common misconceptions, and where her “hacks for pancakes” tagline comes from.  Guest Bio:  Lesley Carhart is a Principal Incident Responder at the industrial cyber security company Dragos, Inc. She has spent the last 14 years of her 20+ year IT career specializing in information security, with a heavy focus on incident response to nation-state adversary attacks. Prior to Dragos, she was the incident response team lead at Motorola Solutions, performing digital forensics and incident handling services for both enterprise and public safety customers. Her focus at Dragos is developing forensics and incident response tools and processes for uncharted areas of industrial systems. She is also a curriculum developer and instructor for the Dragos “Assessing, Hunting and Monitoring Industrial Control System Networks” course. Lesley was named a “Top Woman in Cybersecurity” by Cyberscoop news, was voted DEF CON Hacker of the Year in 2020, and received the Guidance Enfuse conference “Women in Technology” award. She holds a Bachelor’s Degree in Network Technologies from DePaul University, A.A.S. in Avionics Systems and Electronics Systems, GIAC GCIH, GREM, GCFA, and GCFE certifications, and currently serves as a Cyber Systems NCO in the US Air Force Reserves.   Links: Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with Lesley on Twitter and LinkedIn Connect with Davin on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Check out  Hacker Valley Media and Hacker Valley Blue  

This is the finale of Know Thyself. What an incredible journey, we feel like this entire experience flew by so fast, we got to talk to so many incredible people about knowing yourself, knowing your team, knowing your tech stack, knowing your environment, and even knowing your story. Make your organization better make your security posture better, strive for impact, what are the most high leverage things that you can do today to make everybody's lives easier, or more safe, and then yield the feedback, there might be some things that you might be missing, you might need to ask questions, ask for feedback, get some information from your stakeholders, what what are you thinking about that I might not be thinking about? asking these different things is how you know thyself. And this is how you get to know the people that are around you, your peers, your stakeholders, the more knowledge you have got started with that Sun Tzu quote, in the very beginning of the podcast, if you know yourself and you know your enemy, you need not fear the results of 100 battles. So if you really understand yourself, and you have good threat intelligence, understanding the externals, you have good vulnerability management that understands the externals and the internals, if you mash all that information together, I think you'll be able to do great things with your cybersecurity program.   Key Takeaways 0:02 Introduction to the show 0:49 Our Sponsor, Axonius  2:09 Welcome back 2:31 Reflecting on Know Thyself 3:17 Recap This Seasons Guest 3:22 Marcus Carey 4:17 John Strand 5:05 Aaron Reinhart & Jamie Dixon 5:54 Chaos Engineering 7:12 Lenny Zeltser, asset inventory 7:54 Kevin Allison, Storytelling is a soft skill 10:19 John Strand 12:13 Can we do better? 13:54 What kind of leader are you? 14:26 Do you have unsupported devices? 17:34 Ask yourself these questions 13:33 Go back to the EASY Framework 21:50 Learning 23:29 Exploration 24:00 Immersion 27:28 Reach Hacker Valley   Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Supported by Axonius  

In this masterclass of HVB season 2 we brought in a master story teller in Kevin Allison. The biggest thing is to get a person to understand, don't just summarize, don't just walk us through a Wikipedia like where you're just giving us a broad overview. And you're explaining; it’s important to remember sensory details that will help us see almost like movie scenes, what was happening between people. That is what brings the story alive. So that's a good case right there where the bones of the story were incredible. Like that's just on paper and an incredible overview of a story, but it's not going to work unless you can fill in all those sensory details that bring it alive and make it emotional for us. Storytelling is a soft skill that offers the ability to contextualize cybersecurity in a manner that any organization can understand to allow their business to stay safe.   Key Takeaways:   0:00 Previously on the show 2:37 Kevin introduction 3:20 Episode begins 3:39 Where Kevin is today 7:58 Kevin’s origin story 12:04 Cybersecurity is performing 17:08 Storytelling for business 21:00 Engineering a story 26:12 Authentic storytelling 34:54 Speaking isn’t perfect 41:02 Where to find Kevin   The Story Studio RISK!: True Stories People Never Thought They’d Dare To Share RISK! Podcast Twitter Facebook Instagram Risk Show Podcast Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius