Welcome to season 4, episode 1 of 8th Layer Insights!On this episode, Perry speaks with Josiah Dykstra (Senior Fellow, Office of Innovation at the National Security Agency) about the new book he co-authored with Eugene Spafford and Leigh Metcalf. The book is titled Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us, This topic coincides well with Perry's recent studies into folklore and urban legends for his other podcast, Digital Folklore.Guests: Josiah Dykstra (LinkedIn) (Twitter) (Website) Chelsey Weber-Smith (LinkedIn) (Twitter) (Website) Mason Amadeus (LinkedIn) (Twitter) (Website) Books & References (Books are Amazon Associate links) American Hysteria Podcast episode, Urban Legends in the Internet Wilderness with the Digital Folklore Podcast Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us, by Eugene Spafford, Leigh Metcalf, and Josiah Dykstra Essential Cybersecurity Science: Build, Test, and Evaluate Secure Systems, by Josiah Dykstra Folklore 101: An Accessible Introduction to Folklore Studies, by Jeana Jorgensen  Folklore Rules: A Fun, Quick, and Useful Introduction to the Field of Academic Folklore Studies, by Lynne S. McNeill Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Perry's new show, Digital Folklore kicked-off Jan 16, 2023. Check out the website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, check out our merch, Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-newsProduction Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound.8Li cover art by Chris Machowski @ https://www.RansomWear.net/.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

For the last episode of season 3, I thought we'd talk about something that's been in the news quite a lot recently: Authentication and Password Managers. As security professionals, we've decried the password for decades. Multifactor authentication (MFA) has started to gain popularity... but not without its own issues. Security leaders and tech teams may have once again hoped for a silver bullet, only to be disappointed to find out that crafty attackers can easily bypass MFA. We've also been touting the benefits of Password Managers for quite a while. After all, in a world where most of us have to manage upwards of 200 passwords in a year, who can keep up? No human can have great password hygiene across all those accounts. But password managers also face their own problems as illustrated by a recent high-profile incident.Our guest today is Roger Grimes. He has a multi-decade cybersecurity career and is the author of 13 cybersecurity books, countless articles, and is a highly sought-after industry luminary. ... Oh -- and he has opinions. Listen in as Roger and I discuss the current state of authentication, MFA, password managers, and more.Guests:Roger Grimes (LinkedIn) (Twitter)Want to submit a question to have answered in a future episode?If you’ve got a question or comment that you’d like me to try to answer or respond to, leave a voice message at https://www.speakpipe.com/8Li. Frankly, that would make it more engaging than if I just read your questions. But, if you aren’t able to record a message or don’t want your voice on the show, then you can email me your questions at perry@8thLayerMedia.com. I’d love to hear from you and answer any questions you have about my thoughts on security topics, creativity, online culture, podcasting… or anything else you have on your mind.Books & References: Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use One, by Roger Grimes Roger's Password Masterclass Roger's Hacking MFA presentation Hacking Multifactor Authentication, by Roger Grimes Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto, by Roger Grimes Ransomware Protection Playbook, by Roger Grimes A Data-Driven Computer Defense: A Way to Improve Any Computer Defense, by Roger Grimes Hacking the Hacker: Learn from the Experts Who Take Down Hackers, by Roger Grimes LastPass Security Incident, December 22, 2022 LinkedIn 2FA Hacking demo by Kevin Mitnick The Humane Interface: New Directions for Designing Interactive Systems, by Jef Raskin Wired Magazine Article -- The Best Password Managers to Secure Your Digital Life Perry's new show, Digital Folklore kicked-off Jan 16. Check out the website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, check out our merch, Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-newsPerry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

Hey all!An announcement and something special!First, the announcement:Here's your chance to participate in the final episode of 8Li season 3. If you’ve got a question or comment that you’d like me to try to answer or respond to, leave a voice message at https://www.speakpipe.com/8Li. Frankly, that would make it more engaging than if I just read your questions. But, if you aren’t able to record a message or don’t want your voice on the show, then you can email me your questions at perry@8thLayerMedia.com. I’d love to hear from you and answer any questions you have about my thoughts on security topics, creativity, online culture, podcasting… or anything else you have on your mind.Now for something special:Here's a quick 10 minute sneak peek from episode 1 of my new show, Digital Folklore. Season 1 kicks off Jan 16.This episode introduces us to two "monsters" who were birthed on the internet, but couldn't be contained there. Their names are Slenderman and Momo, and they are great examples of a few key folkloric concepts. So join us as we take a look at Slenderman and Momo and learn about ostension, monster theory, moral panics, and the defining traits that make something folklore as opposed to just a simple online expression of creativity.Guests appearing on the full episode include: Dr. Vivian Asimos, author of Digital Monsters and Digital Mythology and the Internet's Monster: The Slender Man Ben Brock Johnson, Amory Sivertson, and Quincy Walters from WBUR's podcast, Endless Thread Chelsey Weber-Smith, host of American Hysteria Kathleen Hale, author of Slenderman: Online Obsession, Mental Illness, and the Violent Crime of Two Midwestern Girls Season 1 begins Jan 16, 2023. Subscribe or follow so you don't miss out! You can sign-up for our newsletter and learn more about the show at https://digitalfolklore.fm.Support the Digital Folklore Podcast on Patreon: https://patreon.com/digitalfolkloreFind us on the socials: Twitter: @digiFolklorePod Facebook: DigitalFolklorePod Instagram: DigitalFolklorePod TikTok: digitalfolklore Thanks so much! Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, Perry speaks with Chris Cochran and Ron Eddings. Chris and Ron started the Hacker Valley Studio Podcast back in June of 2019 with the goal of exploring the human condition to inspire peak performance in cybersecurity. The podcast is about Chris and Ron’s quest to find inspirational stories and knowledge to elevate themselves and their communities. That podcast eventually kicked off a journey that led them to create their own podcast network (Hacker Valley Media), foster communities, and they recently partnered with SANS to create the Difference Makers Awards.Chris and Ron are passionate about cybersecurity, leadership, creativity, and podcasting — and so on today’s show, you’ll hear us touch on all of those topics and more.Guests: Chris Cochran (LinkedIn) (Twitter) Ron Eddings (LinkedIn) (Twitter) References: Hacker Valley Media Hacker Valley Studio podcast Technically Divided Difference Makers Awards Hacker Valley Discord server Perry's new show, Digital Folklore. Check out the website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, check out our merch, and more. Coming January 16, 2023 everywhere you listen to podcasts. You can also check a 10 minute sneak peek of episode 1.Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, Perry sits down with Marta L. Tellado, President and CEO at Consumer Reports, to discuss the digital moment we are in and what that means for consumers and the marketplace: the risks, dangers, traps… and also the places and paths that can lead to progress. They also discuss Marta's new book, Buyer Aware: Harnessing Our Consumer Power for a Safe, Fair, and Transparent Marketplace.Guest:Marta L. Tellado (LinkedIn) (Twitter) (Website)Books and References: Fighting For a Fair Digital World. Consumer Reports resources to empower you to take action Buyer Aware: Harnessing our consumer power for a safe, fair, and transparent marketplace, by Marta L. Tellado Old Consumer reports commercials: Example 1, Example 2, Example 3. Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

Get ready for those 'fun' holiday dinner conversations with friends and family. You know the ones...In the spirit of the holidays, I thought we'd revisit Season 1, Episode 2. This is an episode about the battle for truth. As disinformation, misinformation, malinformation, and conspiracy theories seem to be hitting epidemic levels, how can we help each other determine what is real and what is fake? How can we help people who are falling down conspiracy rabbit holes? And what roles do technology companies, governments, and ordinary citizens play?Perry Carpenter speaks with acclaimed cybersecurity expert, Bruce Schneier, disinformation experts, Samantha North and Allie Wong, and conspiracy theory researcher, Mick West. In this episode, we also hear from Peter Leyden from Reinvent and Eli Periser, author of The Filter Bubble.Learn more about our guests here: Bruce Schneier - Internationally renowned security technologist, author, and speaker. You can find Bruce's website here. Allie Wong - VP of Mis/dis/mal-information, Response and Resiliency, Limbik; Consultant, United Nations Institute for Disarmament Research. (LinkedIn) Samantha North - Disinformation researcher and consultant. (LinkedIn) Co-Founder: North Cyber Research (website) Mick West - Skeptical investigator and retired video game programmer. Creator of the websites Contrail Science (website) and Metabunk (website). Author of Escaping the Rabbit Hole: How to Debunk Conspiracy Theories Using Facts, Logic, and Respect (link). Personal website (link). Special thanks to Reinvent for allowing use of audio.References: http://reinvent.net/events/event/how-we-can-pop-the-filter-bubble-with-eli-pariser/ https://reboot-foundation.org/study-social-media-poor-judgment/ https://reboot-foundation.org/is-there-a-fake-news-generation/ Recommended Books: Escaping the Rabbit Hole: How to Debunk Conspiracy Theories Using Facts, Logic, and Respect by Mick West. Click Here to Kill Everybody: Security and Survival in a Hyper-connected World by Bruce Schneier. The Filter Bubble: How the New Personalized Web Is Changing What We Read and How We Think by Eli Pariser. Thinking, Fast and Slow by Daniel Kahneman. Why Are We Yelling?: The Art of Productive Disagreement by Buster Benson. The Righteous Mind: Why Good People Are Divided by Politics and Religion by Jonathan Haidt. Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

There is something about a good spy story that seems to really resonate with people in the cybersecurity world. We love watching the moves and the counter moves, and the sneaking around, and the social engineering, and hacking, and all of the gadgets and toys, and car chases, and fights and double crosses and triple crosses. Yeah, you get the point. But how much of that is real and how much can be chalked up to an author's creative license? And what's life and work like for real people in the intelligence industry?This episode features two guests: ex-CIA agent Peter Warmka and Andrew Hammond, historian and curator at the International Spy Museum.Guests: Peter Warmka (LinkedIn) (Twitter) (Website) Andrew Hammond (LinkedIn) (Twitter) (Website) Books and References: Confessions of a CIA Spy: The Art of Human Hacking, by Peter Warmka The CIA Guy & CIA Spy Podcast, Peter Warmka and Robert Siciliano Peter Warmka Videos International Spy Museum website SpyCast Podcast, hosted by Andrew Hammond INTEL.gov The Evolution of Espionage in America, INTEL.org Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

For this week, we are revisiting a previous episode that first aired as Season 1 Episode 10. In this episode, we discuss the concept of security culture -- specifically, the difficulty that security leaders have in defining what a security culture actually is. Luckily, we can draw on learnings from organizational culture management and culture transformation experts.Guests for this episode include, David Sturt, Executive Vice President of the O.C. Tanner Institute, author of Great Work: How to Make a Difference People Love and Appreciate: Celebrating People, Inspiring Greatness., Dr. Jessica Barker (co-CEO and Co-Founder, Socio-Technical Lead at Cygenta; author of Confident Cyber Security and co-author of Cybersecurity ABCs), Kai Roer, Chief Research Officer at KnowBe4, creator of the Security Culture Framework, author of Build a Security Culture, and Michael Leckie, founding partner at Silverback Partners, LLC and author of The Heart of Transformation: Build the Human Capabilities that Change Organizations for Good.Guests: David Sturt Dr. Jessica Barker Kai Roer Michael Leckie References, Resources & Books: Security ABCs Part 1: Make Awareness Transformational, 8Li Season 1, Episode 9 4 Ways to Build a Thoughtful Security Culture, by Perry Carpenter 7 Tips for Building a Strong Security Culture, by Perry Carpenter Appreciate: Celebrating People, Inspiring Greatness, by David Sturt Build a Security Culture, by Kai Roer Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career, by Jessica Barker Culture Rules! The 10 Core Principles of Corporate Culture, by John R. Childress Cybersecurity ABCs: Delivering awareness, behaviours and culture change, by Jessica Barker, Adrian Davis, and Bruce Hallas Great Work: How to Make a Difference People Love, by David Sturt The Heart of Transformation: Build the Human Capabilities that Change Organizations for Good,, by Michael Leckie The Importance Of A Strong Security Culture And How To Build One, by Perry Carpenter Perry Carpenter's (ISC)2 Info Security Professional Journal 4 episode series on Security Awareness (Episode 1, Episode 2, Episode 3, Episode 4) Security Culture and Credential Sharing, KnowBe4 Research Security Culture Report 2021: A Global Security Culture Perspective During a Pandemic, KnowBe4 Research Seven Dimensions of Security Culture, KnowBe4 Research Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, Perry sits down with Jenny Radcliffe (a.k.a. The People Hacker). Jenny is a well-known speaker, podcaster, professional social engineer, and physical penetration tester… in other words, she’s a social engineer who specializes not only in tricking people into doing things they shouldn’t do… but she also specializes getting into places she shouldn’t be and finding things she shouldn’t be able to find. Her job is to embody the criminal mindset and use the skills of a criminal to find the vulnerabilities that a criminal would find.In this interview, Jenny talks shop about her path to becoming a full time social engineer, the realities of penetration testing, inherent vulnerabilities in buildings and humans, and how to continuously improve at anything.Guests:Jenny Radcliffe (LinkedIn) (Twitter) (Website)Books and References: Bruce Schneier blog about the Security Mindset Video -- Jenny Radcliffe: How I Fooled A £2mil Security System Jenny's interview on the Jordan Harbinger Show Jenny's interview on Darknet Diaries Jenny's interview on the Security Mastermind's Podcast The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick Harvard Business Review article on the Principles of Persuasion A blog series Perry did on Deception (Part 1), (Part 2). Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

Over the past few years, there's been a lot of talk about the value of understanding Open Source Intelligence (OSINT). But, even with so much talk, relatively few cybersecurity professionals have had the time to take a deep dive into the topic. In this episode, Perry sits down with social engineer, OSINT investigator, and member of the OSINT Curious project, Christina Lekati to get an overview of the value of OSINT as well as some basic techniques. After that, we hear from Chris Kirsch (co-founder and CEO of runZero). Chris is a former black badge winner at DEF CON's social engineering competition and served as a judge in the most recent competition. He recently released an interesting report analyzing the top OSINT sources and vishing (voice phishing via phone) pretexts from that competition.Guests: Christina Lekati (LinkedIn) (Twitter) Chris Kirsch (LinkedIn) (Twitter) Books and References: Top OSINT sources and vishing pretexts from DEF CON’s social engineering competition, research by Chris Kirsch referenced in this episode YouTube video by Christina Lekati: Protecting High-Value Individuals: An OSINT Workflow YouTube video: DEF CON 27 Recon Village presentation by Chris Kirsch: Using OSINT for Competitive Intelligence YouTube Playlist from the 2022 SANS OSINT Summit YouTube video by The Cyber Mentor: Learn OSINT in 4.5 Hours The OSINT Curious project DEFCON Social Engineering Community 15 top open-source intelligence tools, CSO Online Top 25 OSINT Tools for Penetration Testing, SecurityTrails WebMii.com Hunter.io Wigle.net Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Threat Modeling: Designing for Security by Adam Shostack What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/ 12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices