8th Layer Insights

Get ready for those 'fun' holiday dinner conversations with friends and family. You know the ones...In the spirit of the holidays, I thought we'd revisit Season 1, Episode 2. This is an episode about the battle for truth. As disinformation, misinformation, malinformation, and conspiracy theories seem to be hitting epidemic levels, how can we help each other determine what is real and what is fake? How can we help people who are falling down conspiracy rabbit holes? And what roles do technology companies, governments, and ordinary citizens play?Perry Carpenter speaks with acclaimed cybersecurity expert, Bruce Schneier, disinformation experts, Samantha North and Allie Wong, and conspiracy theory researcher, Mick West. In this episode, we also hear from Peter Leyden from Reinvent and Eli Periser, author of The Filter Bubble.Learn more about our guests here: Bruce Schneier - Internationally renowned security technologist, author, and speaker. You can find Bruce's website here. Allie Wong - VP of Mis/dis/mal-information, Response and Resiliency, Limbik; Consultant, United Nations Institute for Disarmament Research. (LinkedIn) Samantha North - Disinformation researcher and consultant. (LinkedIn) Co-Founder: North Cyber Research (website) Mick West - Skeptical investigator and retired video game programmer. Creator of the websites Contrail Science (website) and Metabunk (website). Author of Escaping the Rabbit Hole: How to Debunk Conspiracy Theories Using Facts, Logic, and Respect (link). Personal website (link). Special thanks to Reinvent for allowing use of audio.References: http://reinvent.net/events/event/how-we-can-pop-the-filter-bubble-with-eli-pariser/ https://reboot-foundation.org/study-social-media-poor-judgment/ https://reboot-foundation.org/is-there-a-fake-news-generation/ Recommended Books: Escaping the Rabbit Hole: How to Debunk Conspiracy Theories Using Facts, Logic, and Respect by Mick West. Click Here to Kill Everybody: Security and Survival in a Hyper-connected World by Bruce Schneier. The Filter Bubble: How the New Personalized Web Is Changing What We Read and How We Think by Eli Pariser. Thinking, Fast and Slow by Daniel Kahneman. Why Are We Yelling?: The Art of Productive Disagreement by Buster Benson. The Righteous Mind: Why Good People Are Divided by Politics and Religion by Jonathan Haidt. Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

There is something about a good spy story that seems to really resonate with people in the cybersecurity world. We love watching the moves and the counter moves, and the sneaking around, and the social engineering, and hacking, and all of the gadgets and toys, and car chases, and fights and double crosses and triple crosses. Yeah, you get the point. But how much of that is real and how much can be chalked up to an author's creative license? And what's life and work like for real people in the intelligence industry?This episode features two guests: ex-CIA agent Peter Warmka and Andrew Hammond, historian and curator at the International Spy Museum.Guests: Peter Warmka (LinkedIn) (Twitter) (Website) Andrew Hammond (LinkedIn) (Twitter) (Website) Books and References: Confessions of a CIA Spy: The Art of Human Hacking, by Peter Warmka The CIA Guy & CIA Spy Podcast, Peter Warmka and Robert Siciliano Peter Warmka Videos International Spy Museum website SpyCast Podcast, hosted by Andrew Hammond INTEL.gov The Evolution of Espionage in America, INTEL.org Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

For this week, we are revisiting a previous episode that first aired as Season 1 Episode 10. In this episode, we discuss the concept of security culture -- specifically, the difficulty that security leaders have in defining what a security culture actually is. Luckily, we can draw on learnings from organizational culture management and culture transformation experts.Guests for this episode include, David Sturt, Executive Vice President of the O.C. Tanner Institute, author of Great Work: How to Make a Difference People Love and Appreciate: Celebrating People, Inspiring Greatness., Dr. Jessica Barker (co-CEO and Co-Founder, Socio-Technical Lead at Cygenta; author of Confident Cyber Security and co-author of Cybersecurity ABCs), Kai Roer, Chief Research Officer at KnowBe4, creator of the Security Culture Framework, author of Build a Security Culture, and Michael Leckie, founding partner at Silverback Partners, LLC and author of The Heart of Transformation: Build the Human Capabilities that Change Organizations for Good.Guests: David Sturt Dr. Jessica Barker Kai Roer Michael Leckie References, Resources & Books: Security ABCs Part 1: Make Awareness Transformational, 8Li Season 1, Episode 9 4 Ways to Build a Thoughtful Security Culture, by Perry Carpenter 7 Tips for Building a Strong Security Culture, by Perry Carpenter Appreciate: Celebrating People, Inspiring Greatness, by David Sturt Build a Security Culture, by Kai Roer Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career, by Jessica Barker Culture Rules! The 10 Core Principles of Corporate Culture, by John R. Childress Cybersecurity ABCs: Delivering awareness, behaviours and culture change, by Jessica Barker, Adrian Davis, and Bruce Hallas Great Work: How to Make a Difference People Love, by David Sturt The Heart of Transformation: Build the Human Capabilities that Change Organizations for Good,, by Michael Leckie The Importance Of A Strong Security Culture And How To Build One, by Perry Carpenter Perry Carpenter's (ISC)2 Info Security Professional Journal 4 episode series on Security Awareness (Episode 1, Episode 2, Episode 3, Episode 4) Security Culture and Credential Sharing, KnowBe4 Research Security Culture Report 2021: A Global Security Culture Perspective During a Pandemic, KnowBe4 Research Seven Dimensions of Security Culture, KnowBe4 Research Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, Perry sits down with Jenny Radcliffe (a.k.a. The People Hacker). Jenny is a well-known speaker, podcaster, professional social engineer, and physical penetration tester… in other words, she’s a social engineer who specializes not only in tricking people into doing things they shouldn’t do… but she also specializes getting into places she shouldn’t be and finding things she shouldn’t be able to find. Her job is to embody the criminal mindset and use the skills of a criminal to find the vulnerabilities that a criminal would find.In this interview, Jenny talks shop about her path to becoming a full time social engineer, the realities of penetration testing, inherent vulnerabilities in buildings and humans, and how to continuously improve at anything.Guests:Jenny Radcliffe (LinkedIn) (Twitter) (Website)Books and References: Bruce Schneier blog about the Security Mindset Video -- Jenny Radcliffe: How I Fooled A £2mil Security System Jenny's interview on the Jordan Harbinger Show Jenny's interview on Darknet Diaries Jenny's interview on the Security Mastermind's Podcast The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick Harvard Business Review article on the Principles of Persuasion A blog series Perry did on Deception (Part 1), (Part 2). Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

Over the past few years, there's been a lot of talk about the value of understanding Open Source Intelligence (OSINT). But, even with so much talk, relatively few cybersecurity professionals have had the time to take a deep dive into the topic. In this episode, Perry sits down with social engineer, OSINT investigator, and member of the OSINT Curious project, Christina Lekati to get an overview of the value of OSINT as well as some basic techniques. After that, we hear from Chris Kirsch (co-founder and CEO of runZero). Chris is a former black badge winner at DEF CON's social engineering competition and served as a judge in the most recent competition. He recently released an interesting report analyzing the top OSINT sources and vishing (voice phishing via phone) pretexts from that competition.Guests: Christina Lekati (LinkedIn) (Twitter) Chris Kirsch (LinkedIn) (Twitter) Books and References: Top OSINT sources and vishing pretexts from DEF CON’s social engineering competition, research by Chris Kirsch referenced in this episode YouTube video by Christina Lekati: Protecting High-Value Individuals: An OSINT Workflow YouTube video: DEF CON 27 Recon Village presentation by Chris Kirsch: Using OSINT for Competitive Intelligence YouTube Playlist from the 2022 SANS OSINT Summit YouTube video by The Cyber Mentor: Learn OSINT in 4.5 Hours The OSINT Curious project DEFCON Social Engineering Community 15 top open-source intelligence tools, CSO Online Top 25 OSINT Tools for Penetration Testing, SecurityTrails WebMii.com Hunter.io Wigle.net Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Threat Modeling: Designing for Security by Adam Shostack What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/ 12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Perry talks about the value of storytelling and provides 7 tips for anyone who faces the fear associated with staring at a blank screen, wondering how they can begin to create fresh content. This is adapted from a presentation Perry recently gave at the 2022 SANS Security Awareness Summit.Books & Resources: Overview of "The Iron Triangle" Visual Summary of Perry's SANS Security Awareness Summit presentation YouTube Video: You are not a storyteller - Stefan Sagmeister @ FITC Security is Alive: 8th Layer Insights, Season 2, episode 6 Creativity for Non Creatives: 8th Layer Insights, Season 2, episode 10 Igniting and Sustaining Creativity: 8th Layer Insights, Season 2, episode 1 Unleashing Trojan Horses for the Mind: 8th Layer Insights, Season 1, episode 1 Steal Like an Artist: 10 Things Nobody Told You About Being Creative, by Austin Kleon Show Your Work: 10 Ways to Share Your Creativity and Get Discovered,, by Austin Kleon MasterClass -- Margaret Atwood Teaches Creative Writing "Everything is Alive" Podcast Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Perry sits down with Mikko Hyppönen for a wide ranging discussion about the history, current state, and future of cybersecurity. We also discuss Mikko's new book, the title of which is derived from Hyppönen's Law: If It's Smart, It's Vulnerable.Guest:Mikko Hyppönen (LinkedIn) (Twitter) (Web)Books & Resources: If It's Smart, It's Vulnerable, by Mikko Hyppönen Mikko's TED Talks Daemon, by Daniel Suarez Internet of Things and data placement, by Dell Technologies Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

This is a follow-up to Season 2, episode 4 –Bridging the Cyber Skills Gap. Many listeners contacted me saying that they loved the episode, but wished that I’d put more focus on people trying to find a career in cybersecurity later in life. So, consider this episode a Bridging the Cyber Skills Gap Part 2.We’ll hear the stories of several people who’ve come to cybersecurity a bit later in life. This episode features interviews with Alethe Denis, Tracy Z. Maleeff (a.k.a. InfoSec Sherpa), Phillip Wylie, Lisa Plaggemier, Naomi Buckwalter, and Alyssa Miller.Guests: Alethe Denis (LinkedIn) (Twitter) (LinkTree) Tracy Z. Maleeff (a.k.a. InfoSec Sherpa) (LinkedIn) (Twitter) Phillip Wylie (LinkedIn) (Twitter) (Medium) Lisa Plaggemier (LinkedIn) (Twitter) Naomi Buckwalter (LinkedIn) Alyssa Miller (LinkedIn) (Twitter) (Website) Books & Resources: The Cybersecurity Career Guide, by Alyssa Miller The Pentester BluePrint: Starting a Career as an Ethical Hacker, by Phillip Wylie The Hacker Factory Podcast | With Phillip Wylie Building the Next Generation of Cybersecurity Professionals, LinkedIn Learning course from Naomi Buckwalter 8Li: Fun and Games: Lock Picking, Capture the Flag Contests, Simulations, and More How to Break Into Cybersecurity, article by Katlyn Gallo Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

You've probably been hearing the term 'mindfulness' a lot these days. And for good reason. We humans seem to be busier and more stressed out than ever before, and mindfulness practices seem to offer positive benefit. But how does mindfulness intersect with cybersecurity? What practices can we learn and promote to decrease human risk in our organizations and live safer digital lives?In this episode, we explore the topic of cyber mindfulness. And to do so, we'll be hearing from Anna Collard, Michael Davis, and Yvonne and Jasmine Eskenzi.Guests: Anna Collard (LinkedIn) (Twitter) (Company Site) Michael Davis (LinkedIn) (Company Site) Yvonne Eskenzi (LinkedIn) (Twitter) (Company Site) Jasmine Eskenzi (LinkedIn) (Twitter) (Company Site) Books & Resources: The Zensory App Research Paper: The current state of mind: A systematic review of the relationship between mindfulness and mind-wandering Research Paper: Training to Mitigate Phishing Attacks Using Mindfulness Techniques Research Paper: Understand the mistakes that compromise your company's security University of Dayton's Cyber Mindful program overview The Human Firewall: 3 Mindfulness Techniques Your Team Can Use to Prevent Phishing Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

On this bonus episode, Perry sits down with physical penetration tester, lock picking guru, and Board Member of The Open Organization of Lockpickers (TOOOL), Deviant Ollam. They discuss lockpicking, physical penetration testing, locksport, and the ethics of teaching these skills.Guest:Deviant Ollam (Twitter) (YouTube) (Website)Books & Resources: 8th Layer Insights S2E8: Fun and Games: Lock Picking, Capture the Flag Contests, Simulations, and More Lockpicking Resources from Deviant Ollam Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks, by Deviant Ollam. (Amazon affiliate link) Practical Lock Picking: A Physical Penetration Tester's Training Guide, by Deviant Ollam. (Amazon affiliate link) TOOOL US -- The Open Organization of Lockpickers TOOOL US instructional videos on YouTube The Official TOOOL Slides The Lockpicking Lawyer on YouTube Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter (Amazon affiliate link) The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer (Amazon affiliate link) Production Credits:Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices