No episode playing
Joe Stocker, CEO of a Microsoft Consulting company (”www.PatriotConsultingTech.com”) and author of the bestselling book on Amazon ”Securing Microsoft 365”, mentors his friend Larry on his journey to a career in Cybersecurity. Update: 5/1/2023: Larry is currently working part time for Joe as a SOC Analyst! Connect with Larry on LinkedIN here: https://www.linkedin.com/in/lawrence-lishey-30942020/ Want to be a guest on the show? Let Larry know on LinkedIN!
- Joe and Larry discuss the episode's focus and introduce Dan Pestolesi.
- Danny talks about his casual streaming experience (0:52)
- Story about Danny's dad streaming volleyball matches (1:25)
- Danny's double major in Cinema and Computer Science (3:37)
- Transition from film to computer science and cybersecurity (6:39)
- Importance of sports in Danny's development (12:05)
- Comparing sports and cybersecurity teamwork (13:30)
- Initial struggles and career decisions post-graduation (16:10)
- Moving from corporate sales to school district IT (17:22)
- Starting a part-time IT business (18:28)
- Developing interest through classes and projects (19:15)
- Fascination with the Stuxnet virus (21:21)
- Explanation of MPI Angels and Devils project (24:21)
- Importance of multithreaded processing and game theory (25:02)
- Value of Network+ and Security+ certifications (27:16)
- Future plans for certifications (28:08)
- Experience with a 2.5-hour interview (28:25)
- Importance of cultural fit and team dynamics (30:05)
- Larry's educational background in networking (36:08)
- Real-world application of networking skills (37:00)
- Story about identifying a malicious IP address (38:47)
- Importance of collaboration in cybersecurity (39:13)
- Skills that helped Larry transition into cybersecurity (42:08)
- Recommendations for learning and certifications (42:26)
- Using resources like TryHackMe and Udemy (42:48)
- Importance of taking notes and reading manuals (48:44)
- Using AI tools to assist with learning (46:19)
- Final thoughts and encouragement for listeners
- Invitation to connect and learn more about the field
Call to Action:
- Join the cybersecurity field! Get started for free at https://KC7cyber.com
- Connect with the KC7 community on Discord!
Episode Highlights:
Introductions (0:00)
Simeon Kakpovi’s background (0:52)
Gregory Schloemer’s background (3:01)
Larry's Journey to Cybersecurity (5:20)
Transition from sports and coaching to cybersecurity
Role of faith and mentorship
Meeting and Partnership (7:08)
How Joe and Larry met
Similar missions and goals
KC7 Overview (8:10)
Introduction to KC7 and its impact
Simeon’s story and vision for KC7 (9:22)
Development of KC7 (11:38)
Greg’s involvement and development process
Challenges and successes in creating KC7
KC7 in Action (12:57)
Demonstration of KC7 platform and features
Tips and tricks for using KC7 effectively (16:46)
Expansion and future goals for KC7 (18:14)
KC7 Summer Camp (19:24)
Overview of the summer camp for students
Success stories and impact on students
Generating Realistic Data for KC7 (22:30)
Techniques for creating realistic cybersecurity data
Use of AI in data generation (23:26)
Interactive Demo: Creating a Scenario (26:40)
Step-by-step demo of generating a threat scenario with AI
Explanation of threat actor behaviors and data patterns (31:01)
Future of KC7 and AI Integration (33:46)
Plans for scaling and improving KC7 with AI
Vision for automating question generation (34:03)
Community and Feedback (36:04)
Importance of community support and feedback
Success stories from KC7 users (38:32)
Conclusion (39:48)
Final thoughts and appreciation
Invitation to join the KC7 community https://kc7cyber.com/ and connect on Discord https://discord.com/invite/TmgCUnrArT
Episode Highlights:
- Hosts: Joe Stocker and Larry Lishey
- Larry's new role as a SOC Analyst
- Transition from warehouse management to cybersecurity
- Motivations and inspirations (1:06)
- Role of formal education and certifications (4:22)
- Key learning experiences and helpful resources
- Typical daily tasks and responsibilities
- Working with Microsoft Sentinel and other security tools (3:23)
- The importance of thorough incident investigation
- Initial challenges and overcoming nerves
- The pressure and importance of accurate incident triage (11:06)
- Rewarding aspects: customer satisfaction and team support (21:26)
- The role of mentors in Larry's growth
- Advice for new SOC analysts: ask questions, find a mentor
- Team structure and dynamics within the SOC (19:08)
- Key skills and knowledge areas developed over 12 months
- Specific incident analysis and forensics experiences (14:32)
- Learning and growth through practical experiences and mentorship
- Life changes from the career transition
- Balancing work and personal life, including gym routines (29:55)
- Benefits of remote work and its dynamics
- Notable guests and influential conversations (31:57)
- Favorite moments and topics covered (32:57)
- Future aspirations for the podcast: more day-to-day SOC operations, specific scenarios
- Joe's thoughts on AI's impact on cybersecurity
- Microsoft's Copilot for Security (34:56)
- Broader societal implications of AI, including deep fakes and cybercrime
- Final thoughts and encouragement for listeners
- Invitation to connect and learn more about the field
Resources:
- KC7 Cybersecurity Game: https://kc7cyber.com/
- Education and certification programs https://www.mycomputercareer.edu/
- Connect with Larry on LinkedIn https://www.linkedin.com/in/lawrence-lishey-30942020/
This is a pretty big deal! After 3 years of studying, Larry is now a SOC Analyst for Joe's company, Patriot Consulting. Joe recently launched a service for medium sized organizations that monitors for security alerts.
In this episode, Larry shares his experience thus far and gives some tips for those just beginning the journey.
In the final episode of this series, Joe and Larry discuss their new YouTube channel where all future episodes will be hosted. Please subscribe and follow us there!
https://www.youtube.com/channel/UCJsqpIC4GSpNwIWTvbSt2rQ
The advantage of moving to YouTube is that Joe will be able to share his computer screen with Larry to help him gain additional hands on training.
In this episode, Joe talks to former police officer Doug Roberts. Like Larry, Doug is currently working in Information Technology but seeking a full time position as a Security Operations Center (SOC) Analyst.
Doug has three college degrees including an associates degree in networking, a bachelor's degree, and a master's degree in Cybersecurity. Additionally, Doug has several cybersecurity certifications (Security+, CySA+, CSAP) and he is working towards the CISSP. Despite 6 years of IT experience, degrees and certifications, Doug has found it difficult to land his dream job in cybersecurity. Let's help him out!! If you know a hiring manager or a company that may be hiring, Doug can be reached on LinkedIN (here).
Larry completes the "Certified Ethical Hacker" course and then Larry asks Joe about the new book he published "Securing Microsoft 365" available on Amazon https://www.amazon.com/Securing-Microsoft-365-Joe-Stocker/dp/1956630015/ref=sr_1_1?crid=1U874UDJKI0A3&keywords=securing+microsoft+365&qid=1653877474&sprefix=securing+micro%2Caps%2C125&sr=8-1
In this episode we discuss the 25th anniversary of the first DDoS (Distributed Denial of Service) and why this cybersecurity threat is a tricky one to solve.
00:00 to 2:00 Intro to Pankaj Gupta (@PankajOnCloud,CITRIX)
Pankaj leads product and solutions marketing and go to market strategy for cloud, application delivery and security solutions at Citrix. He advises CIOs and business leaders for technology and business model transitions. In prior roles at Cisco, he led networking, cybersecurity and software solution marketing.
2:20 The 25th anniversary of the first Denial of Service attack against Panix, an Internet Service Provider (1996) (https://en.wikipedia.org/wiki/Denial-of-service_attack#Distributed_attack)
25 years later, the largest DDoS attack ever recorded targeted Russian ISP Yandex (https://www.cpomagazine.com/cyber-security/russian-internet-giant-yandex-wards-off-the-largest-botnet-ddos-attack-in-history/). Pankaj notes how this was exactly 25 years later to the month.
3:15 What is a DDoS Attack? 1) Connection overload 2) Volumetric like ICMP flood 3) Application Layer
5:20 Coinminer as an example of Denial of Service when CPU is exhausted
6:00 Why are we still talking about DDoS 25 years later? Pankaj states that they are now easier than ever to perform.
7:00 Larry asks about the connection between ransomware and DDoS
9:00 Pankaj describes how the motivation for DDoS has shifted from hacktivism to financial motivation
9:30 Joe asks how much it costs for an attacker to operate
10:00 Pankaj explains that unskilled attackers with access to the Dark web can orchestrate attacks
11:45 Joe discusses how many attackers target healthcare despite how this hurts people
12:45 Pankaj discusses that while federal laws exist, very few are prosecuted for DDoS attacks.
13:50 Larry asks whether businesses are paying the ransom
14:15 Pankaj says paying the ransom is never recommended. Instead, Pankaj recommends investing in DDoS protection solutions
15:25 Joe asks whether tools exist to quantify costs for downtime to justify the expense of DDoS prevention solutions.
16:30 Pankaj explains how it is not just the economic impact of downtime that is to be factored into the equation but also the damage to reputation by losing customer’s trust.
17:30 Pankaj describes three trends that will cause DDoS attacks to increase in the future (things will get worse rather than better). This is due to increased bandwidth for 5G, exponential growth of IoT devices, and the improved computation power.
18:30 What is IoT? (Internet of Things). This is any device that has an internet connection such as a Nanny Camera, home router, or NEST Thermostat. Bad actors exploits vulnerabilities to transform these devices into a “BOT Network” that the attackers can then use in mass quantity against a single target. This forms the source for the DDoS attacks. All of these devices combined will send packets to the victim website.
20:50 What solutions exist for DDoS? Joe explains how he has solved DDoS historically using services from CloudFlare.
22:00 Joe explains how he configured DDoS protection by configuring DNS, and the weakness when attackers discover the direct IP using OSINT
23:15 Joe asks Pankaj how does Citrix compare with competitors
23:35 Pankaj describes four key criteria when selecting a DDoS solution. 1) The solution should protect against a variety of types of DDoS attacks 2) Can the solution scale? As DDoS attacks increase in size 20% Year over Year (it’s expected to be 3 terabits). 3) The advantage of a cloud-based solution is that it can auto-scale in bandwidth whereas an on-premises DDoS solution cannot guard against bandwidth saturation.
25:50 Joe asks Pankaj if Citrix uses its own data centers (does it have exposures if data centers like Google, Amazon or Microsoft). Pankaj describes the Citrix solution as having the scale to handle 12 terabits of scrubbing across multiple points of presence (pop).
29:00 Pankaj describes two types of DDoS solutions, Always-ON, or On-Demand. If you are an e-commerce website then Always-on may make more sense even though it costs more than on-demand because every minute that you cannot sell your products will lose money.
31:00 DDoS attacks can be a diversion tactic to distract IT and SECOPS teams so that the attackers can perform other types of attacks such as financial fraud (Wire Fraud, SWIFT, etc)
32:40 Larry asks: What is the difference between a buffer overflow and DDoS? Pankaj explains that a buffer overflow could be used as a type of DDoS since it could impact the availability of the service.
34:00 Joe describes how DDoS strikes at the heart of one of the three components of the CIA Triad “Confidentiality, Integrity, and Availability.”
35:00 For businesses interested in learning more about Citrix solutions, Pankaj recommends using this contact form on the Citrix website: https://www.citrix.com/contact/form/inquiry/
36:30 Joe asks what market is Citrix chasing: Small Business, Mid-Market or Enterprise? Pankaj responds that all businesses need DDoS protection, and how cloud-based solutions are easier to implement.
DISCLAIMER: Larry and Joe received no compensation in any form from anyone for our Podcast. This is a "hobby" podcast - we don't even have advertisements!
In Episode 19, Joe introduces Larry to Terence Jackson, and they discuss their common faith in Jesus Christ, and how anyone who freely chooses can also become a Christian.
00:00 Larry announces that he is getting married in two weeks! Larry talks about his plans to take the CEH and CYSA Certifications
1:30 Joe introduces Larry to Terence Jackson, a former CISO from Thycotic. Terence was named top 10 CISO.
3:15 Terence has 26 technical certifications and is pursuing graduate studies from Albany Law School
5:30 Terence describes how he developed a friendship with the CEO of a company as they shared a common faith
6:00 Joe asks Terence about how faith in God
6:45 Terence describes his faith journey, from being the child of a Minister - growing up “at church” without being “in church” and the period of his life where he wandered away, to returning back to his faith in God
8:30 Joe says if we only talk about career accomplishments, it’s an incomplete picture of who we really are.
Pastor Bobby Schuller from Shepherd's Grove Church (https://www.sgp.church/) developed this creed:
Try saying this out loud, and pause after each line:
“I’m not what I do.
I’m not what I have.
I’m not what people say about me.
I am the beloved of God.
It’s who I am.
No one can take it from me.
I don’t have to hurry.
I don’t have to worry.
I can trust my Friend, Jesus, and share His love with the world.”
Say that out loud - and note how you feel after saying it.
9:30 Joe describes what it means to have integrity
10:15 Joe describes how faith grounds us.
11:00 God loves you!
11:30 Terence says the secret to success is putting God first. Faith is like a muscle, you have to continue working on it and build it up. It’s important to have community.
12:40 God is Good!
1:00 Does faith without works result in automatic blessing or do you have to put effort into life to have success?
13:41 Proverbs 22:29
15:30 Terence shares how he has found fulfillment in Jesus Christ, and how it has helped him
15:54 Joe and Terence discuss how the death of Jesus Christ allowed for a personal relationship with God
22:40 How can faith help you with the desire to enter a career in cybersecurity
24:40 Terence worked his way up from the bottom (pulling cables and terminating wires) to becoming an executive at Microsoft
25:00 to 31:40 Joe and Terence bring the conversation back to Faith in God
31:40 Larry tries to bring the conversation back to Cybersecurity
33:30 Terence tells a story of hiring a math teach who had no background in cybersecurity, got certifications, Terence takes a chance hiring her, and she is now running cyber for a top 5 bank.
36:00 Terence describes what he looks for in job candidates: curiosity, self starter, and willingness to learn. Thirst. Drive.
37:00 Not all jobs in cybersecurity are hands-on-keyboard
40:00 Joe asks Terence about working for one of the top tech companies in the world
40:20 Your network is just as important as your skill set
41:00 What does Terence do in his day to day work?
TL;DR - God Loves you and while cybersecurity is cool, Faith in God gives meaning to life, hope in the future, and is a sure foundation for when life doesn't go our way.
Why are these men so outspoken about their faith? Shouldn't they keep it quiet and to themselves?
The Holy Bible says we should not be ashamed of having faith, because it is so cherished and important. The Apostle Paul wrote “For I am not ashamed of the gospel of Christ, for it is the power of God to salvation for everyone who believes, for the Jew first and also for the Greek.” Romans 1:16
Jesus said “Whoever is ashamed of me and my words, the Son of Man will be ashamed of them when he comes in his glory and in the glory of the Father and of the holy angels” Luke 9:26
To learn more about how to have a personal relationship with God, check out this website developed by the late evangelist Billy Graham https://peacewithgod.net/
Brett's Story.
Brett spent 24 years in prison, and was recently released. But how Brett spent his time will inspire you. Take the time to listen to Brett and get to know how he invested his time wisely. He has a lot to teach us on so many levels.
Brett took advantage of every education opportunity available, earned a bachelor's degree in Liberal Arts and taught himself to advanced math and physics, all without access to the Internet. But his life really changed when his friends invited him to the Last Mile program (www.TheLastMile.org). He wrote about his journey on his blog article here: The Crucible: Learning How to Code in Prison | by Brett Buskirk | Medium
The Last Mile is a truly amazing program. It gives prisoners an opportunity to learn full stack programming in a simulated web environment. Brett excelled and showed initiative during COVID when the program was suspended, he hand-wrote lesson plans that were distributed to multiple prisons that participated in the Last Mile program. Upon his release from prison, he was hired as an Instructor by Last Mile so he now gets to teach others.
Brett’s story reminds me of Kevin Mitnick. Upon being released from prison, Kevin started the company KnowBe4 which has become one of the fastest growing cybersecurity companies in history. I can say from personal experience that the majority of my corporate customers are now KnowBe4 customers. This is a great example of where as a society we have given returning citizens like Kevin, and now Brett a chance to bless all of us with their valuable skills they have to offer us.
I firmly believe that Brett has a bright career ahead of him - and there are no limits to what Brett can achieve, because his mind is so incredibly sharp and he has gotten to know himself and his self worth. Brett has found joy and purpose in coding and now he is now gaining an interest in Cybersecurity, which is how he found out about this show - one day he searched "Cybersecurity" on Spotify and found our show! He reached out to Larry and we both immediately knew we wanted others to hear his incredible story. The world needs bright minds like Brett to help all of us, because we are in the middle of a cyber war, where dangerous nation state actors and cyber gangs are destroying American businesses. In my opinion, Congress should set aside a gazillion dollars to help prisoners find hope like what Brett has found. Opportunities are all around us if we seek them with all our might - I believe God puts them there for us.
Highlights from the show:
6:55 Brett came to a belief of not accepting Limits of Learning.
Meshack Mortiz immigrated with his family from the Philippines when he was 13 years old. His family had plans for him to go to college and become a Nurse, or learn medicine through the US Air Force. But Meshack found a special camaraderie among the US Marine recruits that persuaded him to join the most elite fighting force on earth.
Learn about his journey from being an Engineer Equipment Operator (MOS 1345) to becoming a SOC analyst for a top US Government space agency, and then his most recent transition to the private sector as an Incident Response Analyst. Meshack shares tips and tricks that helped him along each stage of the journey that began with the Microsoft Software and Systems Academy (MSSA) https://military.microsoft.com/programs/microsoft-software-systems-academy/ and how he prepared for his interviews, built a home lab, and sought out mentors.
Timeline00:00 Introduction to Meeshack, a heavy equipment operator in the United States Marine Corp
4:30 Meshack explains the mindset it requires to have a successful career transition into Cybersecurity
"You have to enjoy it."
5:30 Meshack explains how he prepared to get into cybersecurity, through certifications, in particular the Security+ exam.
8:00 Meshack shares how he got his first job in cybersecurity by using OSINT skills to research Social Media
He looked at job postings to see what employers were looking for, then he worked backwards from there.
11:00 Meshack shares his elevator pitch that he used to get people to respond to him on LinkedIN. He got a great response rate!
14:00 Meshack shares his interview strategy: 50% likability and 50% technical skill
16:00 Meshack describes his first home lab setup involved a Raspberry Pi DNS Sinkhole
and pulled everything into the free edition of Splunk
Joe also had given him guidance on using host based IDS such as SNORT
19:30 Interview technique: explain what you have done in your home lab before they start asking you technical questions, especially when you have no prior job experience
31:34 Meeshack shares how his family immigrated to the United States when he was 13 and his family wanted him to become a nurse but he shocked them when he enlisted in the United States Marine Corp.
39:00 For those who want to get into Cybersecurity, Meshack recommends A+, Network+ then Security +. He also recommends CompTIA Cybersecurity Analyst (CySA+)
For those who are already in Cyber SOC positions, Meshack recommends SANS GIAC Certified Incident Handler (GCIH)
Amanda is a wife. A mother. A blogger. A Christian.
A charming, beautiful, bubbly, young woman who lives life to the fullest.
But Amanda is dying, with a secret she doesn’t want anyone to know.
She starts a blog detailing her cancer journey, and becomes an inspiration, touching and
captivating her local community as well as followers all over the world.
Until one day investigative producer Nancy gets an anonymous tip telling her to look at Amanda’s
blog, setting Nancy on an unimaginable road to uncover Amanda’s secret.
Award winning journalist Charlie Webster explores this unbelievable and bizarre, but
all-too-real tale, of a woman from San Jose, California whose secret ripped a family apart and
left a community in shock.
Scamanda is the true story of a woman whose own words held the key to her secret.
New episodes every Monday.
Follow Scamanda on Apple Podcasts, Spotify, or wherever you listen.
Amanda’s blog posts are read by actor Kendall Horn.
