It's that time again!  We're doing another Infosec tabletop in a D&D style, this time with the fine gentlemen from the Defensive Security podcast!  Jerry and Andrew join me for another infosec tabletop with all new scenarios, pitfalls, and approaches. Special thanks to Ryan McGeehan and his Tabletop Scenarios twitter account for providing the ideas behind this episodes "challenges". Some links of interest:

• The Defensive Security Podcast: https://defensivesecurity.org/

• Jerry's Twitter: @maliciouslink

• Andrew's Twitter: @lerg

• Tabletop Scenarios Twitter: @badthingsdaily

Want to reach out to the show?  There's a few ways to get in touch!

• Show's Twitter: @PurpleSquadSec

• John's Twitter: @JohnsNotHere

• Podcast Website: purplesquadsec.com

• Sign-Up for our Slack community: https://signup.purplesquadsec.com

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

The idea of "community" is an important one, especially if you talk about a group of people who want to help improve their skills by sharing their ideas, experiences, etc, with like minded individuals.  The Infosec community is no exception to this.  In fact I would argue that it is one of the strongest communities I have encountered yet! Joining me this week is Cheryl "3ncr1pt3d" Biswas to talk about the Infosec community, what makes it special, and the importance of it.  In addition we will be talking about one of Cheryl's many contributions to the community in the form of the Diana Initiative. Some links of interest:

• Diana Initiative Website: https://www.dianainitiative.org/

• Diana Initiative's Twitter: @DianaInitiative

• Cheryl's Twitter: @3ncr1pt3d

• Cheryl's Website: whitehatcheryl.wordpress.com

Want to reach out to the show?  There's a few ways to get in touch!

• Show's Twitter: @PurpleSquadSec

• John's Twitter: @JohnsNotHere

• Podcast Website: purplesquadsec.com

• Sign-Up for our Slack community: https://signup.purplesquadsec.com

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

With no guest this week, John decides to share his own story about how he got into #infosec and some other thoughts he's had about the journey and why it's a never ending adventure to learn new things. Some links of interest:

• MeetUp.com

• OSSEC

• Wazuh (OSSEC Alternative)

Want to reach out to the show?  There's a few ways to get in touch!

• Show's Twitter: @PurpleSquadSec

• John's Twitter: @JohnsNotHere

• Podcast Website: purplesquadsec.com

• Sign-Up for our Slack community: https://signup.purplesquadsec.com

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

Stress.  Depression. Anxiety.  Fear.  Uncertainty.  Doubt.  All of these symptoms and conditions are well known to anyone who has spent a few years in security.  This can be a heavy topic, but it's one that we should discuss openly and often.  Danny Akacki joins me on this episode to talk about his own mental health, what are some of the things that has helped him, and he also gives us some insight on his contributions back to the community through the creation of infosanity.org, a website dedicated to helping those in the hacking community who may be struggling and aren't sure where to go. Please remember, if you have a serious concern about your mental health, please, PLEASE seek professional help. Some links of interest:

• Worldwide Crisis Line Phone Numbers

• Infosanity.org

• @DAkacki

• @InfoSanityOrg

Want to reach out to the show?  There's a few ways to get in touch!

• Show's Twitter: @PurpleSquadSec

• John's Twitter: @JohnsNotHere

• Podcast Website: purplesquadsec.com

• Sign-Up for our Slack community: https://signup.purplesquadsec.com

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

From the crowd to the cloud, we shift focus this episode to a topic that may be holding back some infosec professionals from embracing the cloud - namely what to do when you're attacked?  Digital Forensics and Incident Response (DFIR) is a topic we've covered in the past, but that was from a more traditional view.  I'm fortunate enough to have Jonathon Poling (@JPoForenso) join me again to revisit DFIR, but this time from a cloud perspective.  What's easier, what's harder, and what's different?  Have a listen to find out! Some links of interest:

• Margarita Shotgun

• AWS to Azure Mapping

• AWS to GCP Mapping

• Azure to GCP Mapping

• Duo Labs GitHub

• StreamAlert

• Netflix GitHub

  • RepoKid

• NCC Group

  • Scout2

• Ponder The Bits - https://ponderthebits.com/

• @JPoForenso

Want to reach out to the show?  There's a few ways to get in touch!

• Show's Twitter: @PurpleSquadSec

• John's Twitter: @JohnsNotHere

• Podcast Website: purplesquadsec.com

• Sign-Up for our Slack community: https://signup.purplesquadsec.com

• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

The crowd.  Recently gaining attention again due to some news events that were much ado about nothing, there is still a bit of a mystery with crowdsourcing and how best to secure it.  Organizations like Bug Crowd and HackerOne have shown it can be used for specific security tasks, but what about in general?  Nicolas Valcarcel joins me on this episode to share his thoughts and experience with security the crowd and what organizations should be aware of when considering using the crowd for their own purposes. Some links of interest:

• Crowd Security Whitepaper - https://github.com/nxvl/crowd-security

• How to Make the Most of Mechanical Turk

• How We Maintain a Trustworthy Rainforest Tester Network

• The Pros and Cons of Using Crowdsourced Work

• How We Train Rainforest Testers

• AWS re:Invent: Managing Crowdsourced Testing Work with Amazon Mechanical Turk

• Virtual Machine Security: The Key Steps We Take to Keep Rainforest VMs Secure

• @nxvl

Want to reach out to the show?  There's a few ways to get in touch!

• Show's Twitter: @PurpleSquadSec

• John's Twitter: @JohnsNotHere

• Podcast Website: purplesquadsec.com

• Sign-Up for our Slack community: https://signup.purplesquadsec.com

• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

In the first of a new format, I sit down with Joe Gray with only a handful of questions and just chat.  We cover things from Through The Hacking Glass, upcoming talks that Joe will be doing, to the various conferences that Joe will be attending.  Lots of great information and stories were shared, and if you'd like to provide feedback, please reach out and let me know!  Also, make sure you listen for a special easter egg that Joe has for those who are in the Atlanta area in September for entry to a conference at no cost! Some links of interest:

• Through The Hacking Glass

  • @hackingglass - https://twitter.com/hackingglass
  • Facebook - https://www.facebook.com/hackingglass/
  • Peerlyst - https://www.peerlyst.com/posts/announcing-through-the-hacking-glass-a-peerlyst-mentorship-experience-joe-gray

• RSA Conference USA - https://www.rsaconference.com/events/us18

• Hacker Halted - https://www.hackerhalted.com/

  • Free Admission to conference code: HH18JGCON
  • 25% off training code: HH18JJTRN

• Hack NYC - https://q22018.hacknyc.com/en/

  • Coupon code: STORMNYCJJ

• @c_3pjoe

• @advpersistsec

Want to reach out to the show?  There's a few ways to get in touch!

• Show's Twitter: @PurpleSquadSec

• John's Twitter: @JohnsNotHere

• Podcast Website: purplesquadsec.com

• Sign-Up for our Slack community: https://signup.purplesquadsec.com

• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

Continuing with the theme of soft skills that any infosec professional should have, this episode will focus on developers.  I sit down with James Jardine from the DevelopSec podcast to talk about how best to communicate with developers.  Just like executives, developers have a different language and approach that is needed in order to communicate effectively.  Trying to avoid the all-to-common animosity between developers and security, James and I discuss some strategies to help build bridges between the groups and not burn them to the ground. Some links of interest:

• www.jardinesoftware.com

• www.developsec.com

• podcast.developsec.com

• podcast.wh1t3rabbit.net

• DevleopSec YouTube Channel

• @developsec

• @jardinesoftware

• Email James:  [email protected]

Want to reach out to the show?  There's a few ways to get in touch!

• Show's Twitter: @PurpleSquadSec

• John's Twitter: @JohnsNotHere

• Podcast Website: purplesquadsec.com

• Sign-Up for our Slack community: https://signup.purplesquadsec.com

• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

Nothing helps out security more than information.  Heck, it's the first part of our professions name!  In Infosec, knowledge is key and sometimes we need to roll up our sleeves to get the information we need from various open source outlets.  I'm fortunate to have as a guest on this episode the man who literally wrote the book on OSINT techniques, Michael Bazzell.  We discuss OSINT techniques as well as his recently updated book.  Have yourself a listen and hear the advice Michael has for starting your own OSINT adventures. Some links of interest:

• https://inteltechniques.com/

• Open Source Intelligence Techniques, 6th Edition

• Buscador - OSINT OS

• https://michaelbazzell.com/forum.html

Want to reach out to the show?  There's a few ways to get in touch!

• Show's Twitter: @PurpleSquadSec

• John's Twitter: @JohnsNotHere

• Podcast Website: purplesquadsec.com

• Sign-Up for our Slack community: https://signup.purplesquadsec.com

• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

I love purple teams.  Purple teaming is something that I was hoping to share with more people and more organizations!  It's part of the reason I named this podcast after them.  So why don't I think that a purple teamer exists?  It's an interesting stance, but it's one that makes sense.  Joining me this week is Haydn "Doctor Purple" Johnson to discuss all things purple. Some links of interest:

• Red Teamers Can Learn Secrets by Purple Teaming

• Purple Teaming: Red & Blue Living Together, Mass Hysteria

• Red Team v. Blue Team? They Are In Fact One – The Purple Team

• Top 4 Tips for Purple Team Exercises

• Purple Teaming - Lessons Learned & Ruxcon Slides

• BSidesTO 2015 - Haydn Johnson & Laura Rafferty - Purple View

• Hackfest 2016 - Chris Nickerson : Adversarial Simulation: Why your defenders are the Fighter Pilots

• Haydn's Slideshares

• @haydnjohnson

Want to reach out to the show?  There's a few ways to get in touch!

• Show's Twitter: @PurpleSquadSec

• John's Twitter: @JohnsNotHere

• Podcast Website: purplesquadsec.com

• Sign-Up for our Slack community: https://signup.purplesquadsec.com

• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com