Hi everyone,   it's our first episode! A special thank you to our friends at PodcastDetroit & ITinTheD.

Security Jabber debuts

 https://soundcloud.com/podcastdetroit/security-jabber-debuts

Guest: Shaun Bertrand, Red Team Lead from CBI

What a cool conversation with a group of people that like hanging out together. We talked about the growing concerns around the Internet of Things (IoT) which are very real concerns around real-world attacks taking advantage of existing vulnerabilities on home appliances, car, drop cams, etc.  It's not just an invasion of privacy, it can lead to an increased level of personal vulnerability, identity theft, financial loss, etc.   

Autonomous assistants such as Alexa & Siri (used for simple, common, and published voice commands) could possibly be used to access and exfiltrate personal, financial data. It's been proven that services provided by Amazon store recorded video/audio when the device is active and sometimes when it's not. Mainstream media might have you believe that it's being used to drive marketing research but what about the huge holes this opens up, enabling the bad-guys to collect intel on highly valued targets? 

Shaun Bertrand leads the Red Team practice for Cyber Security consulting company "CBI".  He's always been curious, but his passion regarding cyber security started when he was 13 yrs old, "dabbling a little bit with a computer". Shaun started off with a 9600 baud modem and moved up to using a port scanner while his friends were "chatting" on AIM & ICQ, he was "scanning and finding open telnet all over the place". 

Shaun said, "It showed me how easy it was to get anywhere I wanted to".  He slowly started attending 2600 meetings and the rest, as they say, is history. Quickly he escalated into going out to Defcon and winning a "shootout" contest, experimenting with throwing wireless signals long distance with custom wireless antennas (pictures to come). Shaun also started doing pen-testing before most people knew what it was and developed a passion for recognizing the impacts of these new identified vulnerabilities. He now starts off his day by thinking "who has been breached today" and begins by researching recent breaches, understanding how they are carried out then contacts his clients letting them know how to improve their defenses against them.

We asked what type of education someone should to get started in this industry. Shaun's advice, have an intimate knowledge of the technical mechanics and modeling that drives IT security. Routing, spoofing, etc... other tips included:

1.       Learn the fundamentals

2.       Lean a small bit about coding (bash scripting, PERL, etc.)

3.       Identify a mentor

4.      Most of all, keep learning

 

Comment