8th Layer Insights

Have you ever taken time to view the world through the eyes of an attacker? Doing so is an interesting and useful exercise. Understanding the mind of an attacker is fundamental to securing your organization or aspects of your personal life. After all, if you aren't doing the job of viewing things from an attacker's perspective, that means that only the attackers are. The idea is to understand the mindset, motivations, and capabilities of a possible threat actor so that you aren’t simply oblivious to your vulnerabilities. This episode is a deep dive into attacker mindsets, we’ll hear from four experts who really know what it is to view the world through the eyes of an attacker. Featuring Chris Kirsch (DEF CON Social Engineering CTF Black Badge winner and co-founder of Rumble, Inc.), David Kennedy (Founder of Binary Defense and TrustedSec), Maxie Reynolds (Author of The Art of Attack: Attacker Mindset for Security Professionals, and Technical Team Leader, Social-Engineer, LLC), and Ted Harrington (Author of Hackable: How to Do Application Security Right, and Executive Partner at Independent Security Evaluators).Guests: Maxie Reynolds (https://www.linkedin.com/in/maxiereynolds/) David Kennedy (https://www.linkedin.com/in/davidkennedy4/) Chris Kirsch (https://www.linkedin.com/in/ckirsch/) Ted Harrington (https://www.linkedin.com/in/securityted/) Books and References: Bruce Schneier blog about the Security Mindset: https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html Origin of "Devil's Advocate": https://allthatsinteresting.com/devils-advocate-origin Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/ 12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds Hackable: How to Do Application Security Right by Ted Harrington The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick Threat Modeling: Designing for Security by Adam Shostack Threat Modeling: A Practical Guide for Development Teams by Izar Tarandach and Matthew J. Coles Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Perry Carpenter interviews cybersecurity guru Bruce Schneier. Perry and Bruce explore how cybersecurity is about so much more than technology — It’s about people, so we benefit by taking a multidisciplinary approach. In preparing for this interview, Perry solicited his LinkedIn network to see what questions people had for Bruce. This is a wide ranging conversation covering everything from Bruce’s thoughts on cybersecurity’s “first principles” to the impact that the pandemic had on society to need for regulation to help raise the overall standards for security and privacy.Guest: Bruce Schneier (https://www.schneier.com/blog/about/) (https://twitter.com/schneierblog) Bruce's personal website 'about me' page: https://www.schneier.com/blog/about/ Wikipedia article about Bruce Schneier: https://en.wikipedia.org/wiki/Bruce_Schneier Another background article about Bruce: https://www.cybersecurityeducationguides.org/bruce-schneier-legendary-cryptographer/ More Background on Bruce: http://academickids.com/encyclopedia/index.php/Bruce_Schneier Bruce's Solitaire encryption algorithm: https://www.schneier.com/academic/solitaire/ More info on the Solitaire algorithm: https://www.schneier.com/blog/archives/2019/10/more_cryptanaly.html Proximity Blindness: https://dannyozment.com/cant-see-the-forest-for-the-trees-the-dangers-of-proximity-blindness-2/ The story of the Blind Men and an Elephant: https://en.wikipedia.org/wiki/Blind_men_and_an_elephant Cryptography After the Aliens Land: https://www.schneier.com/essays/archives/2018/09/cryptography_after_t.html Secrets and Lies book preface with "If you think" quote: https://www.schneier.com/books/secrets-and-lies-pref/ "if you think cryptography" quote: https://news.ycombinator.com/item?id=19589899 Recommended Books (Amazon affiliate links): Applied Cryptography: Protocols, Algorithms and Source Code in C, by Bruce Schneier Beyond Fear: Thinking Sensibly About Security in an Uncertain World, by Bruce Schneier Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, by Bruce Schneier Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto, by Roger Grimes Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, by Bruce Schneier Liars and Outliers: Enabling the Trust that Society Needs to Thrive, by Bruce Schneier Secrets and Lies: Digital Security in a Networked World, by Bruce Schneier Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

Have you ever noticed how fundamental deception is to the human condition? Deception and forms of social engineering have been with us since the beginning of recorded history. And yet, it seems like we are just as vulnerable to it as ever. But now the stakes are higher because technology allows social engineers to deceive at scale.This episode explores the psychology of deception, provides a foundation for understanding social engineering, offers a few mental models for exploration and exploitation, and discusses how we can prepare our mental defenses.Guests: Rachael Tobac: (LinkedIn), CEO of SocialProof Security Chris Hadnagy: (LinkedIn); CEO of Social Engineer, LLC; Founder of Innocent Lives Foundation; Founder of Social-Engineer.org Lisa Forte: (LinkedIn); Partner at Red Goat Cyber Security; Co-Founder Cyber Volunteers 19 George Finney: (LinkedIn); Chief Security Officer at Southern Methodist University; Founder of Well Aware Security Notes & Resources: CSO Online article on Social Engineering OODA Loop Understanding Framing Effects More examples of Framing Effects Harvard Business Review article on the Principles of Persuasion A blog series I did on Deception (Part 1), (Part 2). PsychologyToday article on Social Engineering Recommended Books (Amazon affiliate links): The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick Ghost in the Wires: My Adventures as the World's Most Wanted Hacker by Kevin Mitnick Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You by Chris Hadnagy Influence, New and Expanded: The Psychology of Persuasion by Robert Cialdini Pre-Suasion: A Revolutionary Way to Influence and Persuade by Robert Cialdini Practical Social Engineering: A Primer for the Ethical Hacker by Joe Gray Social Engineering: The Science of Human Hacking by Chris Hadnagy Thinking, Fast and Slow by Daniel Kahneman. Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future by George Finney Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ever wrestled with the fact that people often make horrible security decisions even though their employers have security awareness programs in place? It's often because we assume that being aware of something should naturally result in better behavior. Well... that's not the case. This episode takes a deep dive into the knowledge-intention-behavior gap where we are confronted with three realities of security awareness. And those realities lead us to the realization that we need to focus on behavior.Guests for this episode are all leaders in the fields of Behavioral Science. They are, BJ Fogg, Ph.D., author of Tiny Habits: the Small Changes that Change Everything, Matt Wallaert, author of Start at the End: How to Build Products That Create Change, and Alexandra Alhadeff, co-author of Deep Thought: A Cybersecurity Story.Guests: BJ Fogg, Ph.D.. -- Behavior Scientist & Innovator at Stanford University. (Personal website) Author of Tiny Habits: The Small Changes That Change Everything. (Amazon link) Matt Wallaert -- Head of Behavioral Science at frog (a Capgemini company). Author of Start at the End: How to Build Products That Create Change (Amazon link) Alexandra Alhadeff -- Behavioral Scientist & Product Manager at The Fabulous. (Personal website) Notes & Resources: BJ Fogg testimony to the 2006 US Federal Trade Commission about the dangers of persuasive technology. Fogg Behavior Model About Nudge Theory Multiple examples of Nudging Great catalog of Dark Patterns Ideas42 cybersecurity-related behavioral science research. Deep Thought: A Cybersecurity Story, by Ideas42. Recommended Books (Amazon affiliate links): Tiny Habits: The Small Changes That Change Everything, by BJ Fogg, Ph.D. Start at the End: How to Build Products That Create Change, by Matt Wallaert Nudge: Improving Decisions About Health, Wealth, and Happiness, by Richard Thaler and Cass Sunstein Inside the Nudge Unit: How Small Changes Can Make a Big Difference, by David Halpern Evil by Design: Interaction Design to Lead Us into Temptation by Chris Nodder Thinking, Fast and Slow by Daniel Kahneman. Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter. Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

This is an episode about the battle for truth. As disinformation, misinformation, malinformation, and conspiracy theories seem to be hitting epidemic levels, how can we help each other determine what is real and what is fake? How can we help people who are falling down conspiracy rabbit holes? And what roles do technology companies, governments, and ordinary citizens play?Perry Carpenter speaks with acclaimed cybersecurity expert, Bruce Schneier, disinformation experts, Samantha North and Allie Wong, and conspiracy theory researcher, Mick West. In this episode, we also hear from Peter Leyden from Reinvent and Eli Periser, author of The Filter Bubble.Learn more about our guests here: Bruce Schneier - Internationally renowned security technologist, author, and speaker. You can find Bruce's website here. Allie Wong - VP of Mis/dis/mal-information, Response and Resiliency, Limbik; Consultant, United Nations Institute for Disarmament Research. (LinkedIn) Samantha North - Disinformation researcher and consultant. (LinkedIn) Co-Founder: North Cyber Research (website) Mick West - Skeptical investigator and retired video game programmer. Creator of the websites Contrail Science (website) and Metabunk (website). Author of Escaping the Rabbit Hole: How to Debunk Conspiracy Theories Using Facts, Logic, and Respect (link). Personal website (link). Special thanks to Reinvent for allowing use of audio.References: http://reinvent.net/events/event/how-we-can-pop-the-filter-bubble-with-eli-pariser/ https://reboot-foundation.org/study-social-media-poor-judgment/ https://reboot-foundation.org/is-there-a-fake-news-generation/ Recommended Books (Amazon affiliate links): Escaping the Rabbit Hole: How to Debunk Conspiracy Theories Using Facts, Logic, and Respect by Mick West. Click Here to Kill Everybody: Security and Survival in a Hyper-connected World by Bruce Schneier. The Filter Bubble: How the New Personalized Web Is Changing What We Read and How We Think by Eli Pariser. Thinking, Fast and Slow by Daniel Kahneman. Why Are We Yelling?: The Art of Productive Disagreement by Buster Benson. The Righteous Mind: Why Good People Are Divided by Politics and Religion by Jonathan Haidt. Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter. Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

This episode explores the concept of “Trojan Horses for the Mind.” There are four Trojan Horses. They are: emotion, sound, visuals, and words/story. Using these Trojan Horses will help us increase the signal to noise ratio in our communications, bypass mental defenses, and embed messages within the minds of our audiences.To explore the concepts related to this, Perry speaks with voice actor, writer, and producer, Rob McCollum; author, marketer, and storytelling expert Joe Lazauskas; and executive storyteller coach and trainer, Stephanie Paul.Learn more about our guests here: Rob McCollum -- Voice actor, script writer, director, producer (LinkedIn). Rob's IMDB page. Joe Lazauskas -- Head of Marketing at Contently. Author of, The Storytelling Edge. LinkedIn. Amazon affiliate link to book. Stephanie Paul -- Executive Storyteller, Coach, Speaker, and Trainer (LinkedIn). Stephanie's website. Resources:Special offer: Stephanie Paul is offering a $5.00 discount off her book, The WhyGuide to Storytelling. Just visit here and use the coupon code HACK4U at checkout.For more about the Trojan Horses for the Mind, check out Perry’s book, Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors.Amazon affiliate links to books mentioned: The Storytelling Edge Save the Cat! Transformational Security Awareness Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

Coming May 25, 2021. Get ready for a deep dive into what cybersecurity professionals often refer to as the "8th Layer" of security: HUMANS. This podcast is a multidisciplinary exploration into how the complexities of human nature affect security, risk, and life. Author, security researcher, and behavior science enthusiast Perry Carpenter taps experts for their insights and illumination. Topics include cybersecurity, psychology, behavior science, communication, leadership, and more. Learn more about your ad choices. Visit megaphone.fm/adchoices