Embrace an Attacker Mindset to Improve Security
8th Layer Insights - En podkast av Perry Carpenter | N2K Networks - Tirsdager
Kategorier:
Have you ever taken time to view the world through the eyes of an attacker? Doing so is an interesting and useful exercise. Understanding the mind of an attacker is fundamental to securing your organization or aspects of your personal life. After all, if you aren't doing the job of viewing things from an attacker's perspective, that means that only the attackers are. The idea is to understand the mindset, motivations, and capabilities of a possible threat actor so that you aren’t simply oblivious to your vulnerabilities. This episode is a deep dive into attacker mindsets, we’ll hear from four experts who really know what it is to view the world through the eyes of an attacker. Featuring Chris Kirsch (DEF CON Social Engineering CTF Black Badge winner and co-founder of Rumble, Inc.), David Kennedy (Founder of Binary Defense and TrustedSec), Maxie Reynolds (Author of The Art of Attack: Attacker Mindset for Security Professionals, and Technical Team Leader, Social-Engineer, LLC), and Ted Harrington (Author of Hackable: How to Do Application Security Right, and Executive Partner at Independent Security Evaluators). Guests: Maxie Reynolds (https://www.linkedin.com/in/maxiereynolds/) David Kennedy (https://www.linkedin.com/in/davidkennedy4/) Chris Kirsch (https://www.linkedin.com/in/ckirsch/) Ted Harrington (https://www.linkedin.com/in/securityted/) Books and References: Bruce Schneier blog about the Security Mindset: https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html Origin of "Devil's Advocate": https://allthatsinteresting.com/devils-advocate-origin Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/ 12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds Hackable: How to Do Application Security Right by Ted Harrington The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick Threat Modeling: Designing for Security by Adam Shostack Threat Modeling: A Practical Guide for Development Teams by Izar Tarandach and Matthew J. Coles Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Music and Sound Effects by Blue Dot Sessions & Storyblocks. Artwork by Chris Machowski.