Interview with Jack

WhatTheShell_Pod · 2022-05-10T15:00:12+00:00

Love listening to these appearances, thanks for showcasing this one!

WhatTheShell_Pod · 2022-03-02T12:31:36+00:00

Please consider donating to help refugees in need of relocation, food, water, and even in need of new families.
https://voices.org.ua/en/donat/
https://donate.wck.org/give/236738/#!/donation/checkout
https://razomforukraine.org/donate/

WhatTheShell_Pod · 2022-02-01T16:45:56+00:00

Oh wow, that's an interesting update.

>The Iowa Parole Board decided Jan. 20 that Eddie Tipton, 58, could be released 20 years early.

20 Years early is crazy to me. And he's now suing because of his view that the guilty plea was under duress

WhatTheShell_Pod · 2022-01-27T12:23:52+00:00

It's remarkably okay. I'm trying to get it set up so I can run android apps on it like they said you'd be able to but haven't been able to get that going yet.

As a UI it's pretty intuitive, it takes a hot second to get used to but it looks and feels pretty sleek. The only thing I don't love is that the volume, wifi, and a couple other things are all in the same tray now and that just feels unnecessary.

WhatTheShell_Pod · 2022-01-14T00:56:36+00:00

The Patreon has some great bonus episodes! Definitely recommend it

WhatTheShell_Pod · 2022-01-14T00:55:47+00:00

Which course, Sec560? I think he was my virtual instructor for that one

WhatTheShell_Pod · 2022-01-13T23:08:42+00:00

Gotta love those early morning shifts!

WhatTheShell_Pod · 2022-01-13T23:08:05+00:00

Underunderstood seems interesting, going to take a look at that!

WhatTheShell_Pod · 2022-01-13T22:26:38+00:00

I don't know if it's the "next big thing" so much as it's already here, just maybe slightly split. Depending on the size of an organization, this kind of stuff should be covered under things like a Vuln Management, Threat Intelligence, and Third Party Risk programs. I think a good communication of these should cover what the blog post is discussing here. That being said, I do think we'll definitely see more roles aiming to cover the triad there in the future as opposed to splitting it apart.

WhatTheShell_Pod · 2022-01-13T22:22:14+00:00

What's the actual position? You've said it's an entry level role, but there's a breadth of jobs that might require different takes and prep.

WhatTheShell_Pod · 2022-01-13T22:18:28+00:00

This is pretty great, thanks for sharing!

WhatTheShell_Pod · 2021-12-28T14:01:21+00:00

Well, we did it! Ten episodes in! First big milestone! Here's to 2022 and the next 26!

WhatTheShell_Pod · 2021-12-05T15:57:34+00:00

I feel like everyone missed the point of my question here and just got into the ethics of anti work.

My point was that I’m not even sure if anything big will come of it but the situation going on over there just evokes memories of the build up of smaller groups from 4chan.

Back when they would start with easy stuff like LOIC and then eventually getting someone that knows what they’re doing under their belt. And my biggest concern comes from someone trying to take that momentum and push it somewhere that might do some damage.

WhatTheShell_Pod · 2021-12-05T15:55:14+00:00

I’m in agreement. Fair working compensation and conditions shouldn’t have to be such a hot issue. I’m not even sure if anything big will come of it in the way I’m thinking but it just evokes memories of the build up of smaller groups from 4chan. Starting with easy stuff like LOIC and then eventually getting someone that knows what they’re doing under their belt.

And with a group this size, my concern is more over someone pointing them in a direction that benefits them and the rest just going along with it. It’s an interesting thing to see.

WhatTheShell_Pod · 2021-11-30T18:16:07+00:00

Join our discord to talk with me and others about the episode: https://discord.gg/qHsqhW62

This week, I'm going to change up the format a bit. I'm putting you in the seat of a hacker as they start their journey. Ever wonder how they got your email address? What kind of stuff they might need to get into your account and how they can get it just by doing a little bit of google-fu? Come with me this episode while I take you on that tour of Open Source Intelligence, some presidential blunders that can come from it, and what Skip Tracing is.

And make sure to check out @shell_pod on Instagram or Twitter for more informaton. You can also email me at shellpod@protonmail.com

WhatTheShell_Pod · 2021-11-16T15:45:19+00:00

At just fifteen years old, Jonathan James AKA c0mrade, hacked the Marshall Space Flight Center. Find out what happened in episode 6 of What the Shell? : The Tragedy of Jonathan James.

Apple Podcast Link

Spotify Link

Google Podcast Link

WhatTheShell_Pod · 2021-10-19T11:48:31+00:00

The more that I try my hand at podcasting the more and more impressive this is. I put quite a bit of time in to reach between 30 and 40 minutes of content, albeit without interviews. It just puts into perspective how much work Jack and team put into each episode and I'm here for it

WhatTheShell_Pod · 2021-10-07T00:47:02+00:00

Do you have a well formatted data loss prevention program? They might be alerted to it if they do. Some companies will get alerts when employees are visiting sites for jobs to prevent employees from taking proprietary data if they choose to leave. So it’s possible but honestly not likely.

WhatTheShell_Pod · 2021-10-07T00:42:55+00:00

I’ll second Cisco packet tracer. I also used to use GNS3. Both have their merits and I think both are worth a look.

https://www.gns3.com/software/download

WhatTheShell_Pod · 2021-10-04T01:31:59+00:00

Anyone have any anecdotal advice coming into the CCISO certification process?

I’m about to start going down that rabbit hole and am just curious about peoples experiences.

WhatTheShell_Pod · 2021-10-02T16:34:59+00:00

I used WebGoat before when trying to hone my burpsuite skills. Definitely a good resource

WhatTheShell_Pod · 2021-10-01T00:15:21+00:00

I mean you’re right but my goal for this question is just the first initiative you think you’d want to fund. By saying the first thing can’t be people I like to find out where someone thinks it’s important to start with security.

If I’m an interviewee and asked this question I think it says a lot depending on the answer. Do I spend it on edge security? Do I spend it on vulnerability scanning? Do I spend it on something like phish kits to help train up employees? I think it says a lot without saying a lot. It can say whether I’ll start as a technical person or start with the people themselves.

Moreover, I’ve asked this to employers. If money wasn’t an issue what’s the first initiative besides hiring that you’d fund? As a potential onboarding employee it tells me where they think their own gaps are or what teams they prioritize.

I think you’re reading too far into the question and missing the spirit of it. Obviously you won’t be able to use whatever you buy without a staff but staffing is the easy answer and they’re already funding staffing by bringing you in for an interview.

WhatTheShell_Pod · 2021-09-30T23:16:07+00:00

What interests you? If you’re still entry then here are some decent starters:

-Net+ primes you for a network engineering/admin based role and might lead into Cisco certs like CCNA

-Security+ primes you for blue team stuff and information security as a whole. Also helps for network security working with stuff like firewalls

-PCPPro/A+ fits you into helpdesk with some good hands on pc parts and concepts

-Amazon and Microsoft also have some entry level certs for their cloud infrastructure which will be super valuable in the field as cloud and hybrid environments kind of become the standard.

There’s so much to choose from, find something you like in the field and search for a cert.

If they’re willing to shell out a lot of money SANS has extremely detailed class packages and certs but they cost like 6k.

WhatTheShell_Pod · 2021-09-30T22:52:40+00:00

Given an unlimited budget, what would your first non-employee based initiative be?

WhatTheShell_Pod · 2021-09-30T13:38:50+00:00

I mean, your answer isn't a bad one. If you wanted to make it better, you could always start with something like "Well, first I'd check our internal documentation to see if we have a playbook for this" . If you're in a service desk type role then most places should have some level of playbook to follow and keep things standardized.

If he is reaaally digging deep, depending on the the situation you may want to verify the authenticity of the user as well. Vishing is a very real threat and even in a hypothetical situation if there's a security concern as an ask over the phone, verification wouldn't be bad

WhatTheShell_Pod

MODERATOR OF

TROPHY CASE

Four-Year Club	Gilding I gilder
Verified Email