8th Layer Insights

In this episode, Perry sits down with cybersecurity expert Rick Howard to delve into the concept of 'First Principles' in cybersecurity. They discuss the importance of risk decision-making, threat modeling, and tabletop exercises, as well as the use of Bayes algorithm in cybersecurity risk forecasting. The chapter also highlights the Cybersecurity Canon Project and emphasizes the need for organizations to maximize existing technology before considering new investments.

If you’ve been listening to this show for a while, you’ll know that we’ve touched on the topic of Open Source Intelligence (otherwise known as OSINT) several times. It is an area of information security that penetration testing that’s been getting quite a bit of attention over the past several years. When you think about the digital world we live in, where we have a proliferation of personal, organizational, and governmental data on the internet...and the simple fact that data likes to leak…we can safely predict that OSINT investigation techniques will continue to be in demand.On this episode, Perry sits down with Rae Baker. Rae is the author of the book Deep Dive: Exploring the Real-world Value of Open Source Intelligence, which was released in April of this year from Wiley publishing. In this discussion with Rae, you’ll hear a bit about her career pivot to OSINT specialist from being a graphic designer, how creativity fuels her job, advice for aspiring cybersecurity and OSINT professionals, and a lot more. Guest:Rae Baker (LinkedIn) (Twitter) (Website)Books and References: Deep Dive: Exploring the Real-world Value of Open Source Intelligence, by Rae Baker (Amazon Associate link) Kase Scenarios: https://kasescenarios.com/ The OSINT Curious project TraceLabs YouTube Playlist from the 2022 SANS OSINT Summit YouTube video by The Cyber Mentor: Learn OSINT in 4.5 Hours Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Perry's Books (Amazon Associate Links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

Listen in as Perry Carpenter & Dr. Jessica Barker present their joint session, "Conversational Security Awareness" at the SANS Managing Human Risk Summit. ... and stay tuned after the presentation for a quick conversation between Perry, Jessica, and Lance Spitzner (SANS) as they discuss themes from this year's event.Guests: Dr. Jessica Barker (LinkedIn) (Twitter) Jeremy Treadwell (LinkedIn) (Twitter) Lance Spitzner (LinkedIn) (Twitter) Additional Resources: Jessica Barker's great blog post summarizing this session Jessica Barker's 2020 RSA Keynote Related 8Li Episodes: 8Li S1 E9: Security ABCs Part 1: Make Awareness Transformational 8Li S1 E10: Security ABCs Part 2: 8th Layer Insights and the Quest for Security Culture 8Li S2 E10: The Next Evolution of Security Awareness 8Li S4 E3: Carrots, Sticks, and Culture: The Art and Science of Social Signaling 8Li S4 E5: We are the Champions 8Li S4 E6: Blending Awareness, Social Engineering, and Physical Penetration Testing -- A Conversation with Jayson E. Street Relevant Books (Amazon Associate Links) Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career, by Jessica Barker Cybersecurity ABCs: Delivering awareness, behaviours and culture change by Jessica Barker, Adrian Davis, Bruce Hallas, & Ciarán Mc Mahon Mixed Signals: How Incentives Really Work, by Uri Gneezy Security Awareness Program Builder: Practical guidelines for building your Information Security Awareness Program & prep guide for the Security Awareness and Culture Professional (SACP)™ by Mark Majewski Perry's Books (Amazon Associate Links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: hello [at] 8thLayerInsights [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

On today's show, Perry sits down with Jayson E. Street to discuss his unique blend of social engineering, physical penetration testing, and security awareness. Jayson refers to this as being trained by a simulated adversary. At the heart of Jayson's method is intense boldness in his approach to social engineering and penetration testing coupled with an equally intense passion for helping his clients and their employees improve their overall security posture and mindsets. It's about education rather than exploitation.Guest: Jayson E. Street (LinkedIn) (Twitter) (Website)YouTube videos of Jayson 2022 Saintcon: Hacker Striptease Tomorrow Unlocked: Penetration tester Jayson E. Street helps banks by hacking them Risks & Reels: Who's a Hacker? Jasyon's book (Amazon Associate link) Dissecting the Hack: The V3rb0t3n NetworkPerry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Be sure to check out Perry's other show, Digital Folklore. It's all about the oddities and importance of online culture. Head over to the show's website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, shop for merch, support the show on Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news. Season 2 starts September 4, 2023.Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound.8Li cover art by Chris Machowski @ https://www.RansomWear.net/.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

Hey all! I'm at BlackHat and Defcon this week. If you're there, track me down. I'd love to meet you!This week's episode is an encore of one of my favorites. My interview with James Linton (a.k.a. The Email Prankster). In 2017, James went on a virtual joyride exploiting the ways that people interact with emails. One of the most interesting things about James' story is that his exploits didn't rely on any type of highly technical method(s); they were simple display name deceptions. But that didn't stop him from fooling CEOs from some of the worlds largest banks, celebrities, and high ranking staff members in the White House.James' success using these simple methods serves as a warning for us all. We don't fall for scams because they are technically sophisticated or because we are stupid. We fall for scams because we are human.Guest: James Linton (LinkedIn) (Website)Books and Resources: Anatomy Of An Email Impersonation Spree: Who Got Pranked And Why An email prankster is hitting the CEOs of the world's biggest banks How to Prank the Rich and Powerful Without Really Trying Morgan Stanley CEO James Gorman falls for email prank This Man Pranked Eric Trump And Harvey Weinstein — Now He Just Wants A Job Media Coverage YouTube Playlist James Linton -- Wikipedia Entry The Journal of Best Practices: A Memoir of Marriage, Asperger Syndrome, and One Man's Quest to Be a Better Husband by David Finch Perry -- Interview on Springbrook's Converge Autism Radio Perry -- Security Weekly Interview Perry Carpenter - The Aspies Guide to Social Engineering - DEF CON 27 Social Engineering Village Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: hello [at] 8thLayerInsights [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

There has been a lot of buzz for the past few years about the benefits and importance of establishing security champions programs. These are groups of people in your organization who become vital, responsible, and proactive contributing evangelists to the security culture of your organization. I often refer to them as "culture carriers." And, while there is general agreement that these are good programs to have, establishing them is currently a bit of a dark art.On today's show, Perry sits down with Sarah Janes of Layer 8 security to discuss the importance of champion programs and tease out a few best practices.Guest: Sarah Janes (LinkedIn) (Twitter) (Website)Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Be sure to check out Perry's other show, Digital Folklore. It's all about the oddities and importance of online culture. Head over to the show's website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, shop for merch, support the show on Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-newsProduction Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound.8Li cover art by Chris Machowski @ https://www.RansomWear.net/.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, Perry sits down with Chad Peterson, Managing Director at NetSPI, to discuss the importance of penetration testing. We touch on aspects of social engineering, discussing complex security issues with Boards of Directors, the prevalence of Ransomware, and some of the unique challenges facing the healthcare industry.Guest: Chad Peterson (LinkedIn) (Twitter)Books & References (Books are Amazon Associate links) CISO Desk Reference Guide: A Practical Guide for CISOs by Bill Bonney, Gary Hayslip, & Matt Stamper Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman  Practical Social Engineering: A Primer for the Ethical Hacker by Joe Gray Ransomware Protection Playbook by Roger Grimes The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity by Christian Espinosa Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Perry's new show, Digital Folklore kicked-off Jan 16, 2023. It's all about the oddities and importance of online culture. Check out the website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, check out our merch, Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-newsProduction Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound.8Li cover art by Chris Machowski @ https://www.RansomWear.net/.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, what cybersecurity professionals need to understand about how social signaling and incentives really work.Today's episode features a conversation with Uri Gneezy. In the field of cybersecurity, we are very interested in identifying proactive and positive ways to encourage the behavior we want. That's where Uri comes in. Uri is a well-known behavioral economist and professor of economics and strategy in the Rady School of Management at the University of California at San Diego.Most of us recognize that many of our behaviors, beliefs, and values are caught rather than taught. So, if you are interested in developing a positive security culture in your workplace, then it’s important to understand the dynamics of how people both receive and signal their security-related beliefs and values so that associated behaviors become a natural result.Listen in as Perry sits down with Uri to discuss key findings from Uri's new book, Mixed Signals: How Incentives Really Work. This is a fascinating deep dive into Uri’s research that has immediate applicability for anyone needing to design programs that work with, rather than against, human nature.Guest: Uri Gneezy (LinkedIn) (Twitter) (Website)Books & References (Books are Amazon Associate links) Mixed Signals: How Incentives Really Work, by Uri Gneezy The Why Axis: Hidden Motives and the Undiscovered Economics of Everyday Life by Uri Gneezy & John List Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Perry's new show, Digital Folklore kicked-off Jan 16, 2023. It's all about the oddities and importance of online culture. Check out the website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, check out our merch, Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-newsProduction Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound.8Li cover art by Chris Machowski @ https://www.RansomWear.net/.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

In a captivating discussion, Banachek, a renowned mentalist and the President of the James Randi Educational Foundation, shares his journey from magic enthusiast to skeptic. He dives into the groundbreaking Project Alpha, revealing how he and another teen tricked parapsychologists into believing they had psychic abilities. Banachek also elaborates on the ethics of illusion, the psychology of influence in entertainment, and his new live show in Las Vegas, which intertwines mentalism with critical thinking. Expect insights on deception and the power of perception!

This week's episode is a late Star Wars ("May the 4th Be With You") celebration. We check out a couple interesting articles about security-related lessons embedded in the Star Wars movies, and Perry sits down with Adam Shostack, author of the new book, Threats: What Every Engineer Should Learn From Star Wars to discuss threat modeling principles using Star Wars related examples.Guest: Adam Shostack (LinkedIn) (Twitter) (Website)Books & References (Books are Amazon Associate links) Threats: What Every Engineer Should Learn From Star Wars, by Adam Shostack Threat Modeling: Designing for Security, by Adam Shostack Threat modeling videos from Adam Threat modeling and security-related games by Adam Adam's whitepapers BlackPoint: Learn Their Lesson, They Did Not Gary Hibbard LinkedIn post Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Perry's new show, Digital Folklore kicked-off Jan 16, 2023. Check out the website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, check out our merch, Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-newsVoice Acting for this episode: Darth Vader voice over artist: https://business.fiverr.com/freelancers/mistercorley Darth Vader breathing sound: https://www.youtube.com/watch?v=MBi01iy2db8&ab_channel=chefhawk Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound.8Li cover art by Chris Machowski @ https://www.RansomWear.net/.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices