Hacker Valley Studio

Connect with Marco Figueroa on Twitter

10/23/20 • 56 min

Hacker Valley Red Finale - Marco Figueroa

Hacker Valley Studio

10/06/20 • 46 min

This episode of the Hacker Valley Studio podcast concludes the Hacker Valley Red series. In this finale, Ron and Chris interview their friend - and formerly their shared roommate - Marco Figueroa. Marco is a security researcher and cybersecurity speaker, and he is also a bug bounty enthusiast. He and the hosts constant improvement, bug bounty, and more, while also looking back at the conversations thus far in the season.

At the start of the conversation, Marco shares about his background and what he’s doing now. He runs through the past 7-8 years of his career, ultimately arriving at his current transition to Sentinel. Ron and Chris jump in to thank him for his contributions to their podcast, and to share with listeners about their friendship with Marco. Moving forward, Marco talks about how he first got into the security community, and eventually found a niche in reverse-engineering malware. He also involved himself in the bug bounty community, and in his various spheres of life, he is committed to building relationships and staying relevant. Marco explains his system of scheduling calls, his practice of (and future plans for) content creation, and love of learning and feedback.

Throughout the conversation, Ron and Chris lead the conversation to cover a wide variety of topics. They ask about the possibility of an unhackable device (which Marco denies), the mindset of a hacker, Marco’s philosophy in protection work, and the question of whether or not coding experience is needed for hacking. The group looks back to former conversation about the hacker mindset (with Ted), about community (with Alex), and about social engineering (with Rachel). In view of the whole season, the group considers two main takeaways: the value of mentorship and the need to put oneself out there and take a first shot. Marco shares a lot from his own experience, and makes sure listeners know to press on and trust the process.

-The episode features Marco Figueroa, and listeners are introduced to the content ahead.

-What is Marco’s background, and what is he doing now?

-Is there such a thing as an unhackable device?

-The group talks about Marco’s philosophy in his protection work, the place of social engineering, and the value of building relationships.

-What is the hacker mindset, and do you need coding experience to be a good hacker?

-If interested in the red side of the field, what should someone do first?

-Marco shares about what he sees on the horizon.

-The group considers two major season takeaways: the value of mentorship and the need to put yourself out there and take the first shot.

-Where is Marco planning to take his contact creation from here?

Links:

Connect with Marco on LinkedIn

Follow Marco’s Livestream

Learn more about the season sponsor, RiskIQ

10/06/20 • 46 min

Hacker Valley Red Episode 7 - Maurice Ashley

Hacker Valley Studio

10/06/20 • 41 min

This episode of Hacker Valley Studio podcast’s Hacker Valley Red Series features guest Maurice Ashley, a chess grandmaster and author of Chess for Success. Maurice is a chess guru and has been playing it ever since his high school years. He is currently involved in commentating for chess events, teaching chess, and training national chess champions. In this episode, Maurice and the hosts talk about Maurice’s chess journey along with some parallels between chess and cyber security.

The hosts, Ron and Chris, start off the interview by pointing out one parallel between chess and cybersecurity: the art of training. Maurice responds by sharing about the rigorous training of chess, and of the different strategies and techniques that must be learned. He also takes some time to explain his own journey with training in chess and how it progressed through the years. In high school, he started playing with his brother, and then moved to playing in more formal settings with more challenging opponents. This eventually led to earning the title of chess grandmaster. Being the first black male to receive the Chess Grandmaster title, Maurice speaks on how this accomplishment inspired others to reach for their goals.

Circling back to the parallels between chess and cyber security, Maurice touches on the importance of practicing for performance. This means knowing your opponent, studying their strategies, and using their energy against them. Chris and Ron highlight how this parallels with cyber security in knowing how to approach the opponent. They then ask Maurice about his thoughts on an unbeatable chess player and how it relates to an unhackable system. Maurice responds by explaining that in the game if chess with its millions of possible outcomes, having an unbeatable player is impossible. Additionally, He emphasizes how this truth relates to cyber security. Rather than focusing on being unbeatable, Maurice encourages focus to be spent on readiness which is acquired through practice. In cyber security, Chris and Ron explain how readiness means having the ability to respond automatically to situations. They ask Maurice about blitz and bullet chess and how it relates to this kind of practice. According to Maurice, blitz and bullet chess rely heavily on instinct and experience.

The conversation ends as the hosts ask Maurice to share some tips for people interested in learning chess. Maurice encourages people interested in chess to download his new app, Learn Chess with Maurice Ashley, where he provides lessons on chess. He closes by encouraging others to reach for the greatness inside them. According to Maurice, greatness is defined as having the right mindset, doing the hard work, making the sacrifices, and learning through the process. This is the greatness that will be reflected in the end goal.

2:49 - Maurice introduces himself

6:46 - Maurice’s journey of becoming a grandmaster

9:20 - The impact of Exposure

11:07 - Maurice tells of the significance of being the first black male to earn the title of Chess Grandmaster.

15:00 - Maurice tells of the influence of his family in earning the title of Chess Grandmaster.

17:58 - Maurice speaks on practicing for performance and how it relates to cyber security.

22:00 -The parallels between an unbeatable chess player and an unhackable system

25:18 - Maurice explains blitz and bullet chess and how it relates to cyber security.

33:25 - Maurice gives some tips on how to get started playing chess.

37:04 - Maurice gives advice on how to reach greatness.

Links:

To learn more about Maurice Ashley, visit https://mauriceashley.com

Follow Maurice Ashley on Twitter and Instagram

Learn more about Maurice Ashley’s book Chess for Success and his app Learn Chess with Maurice Ashley

Learn more about Securityweek’s CISO Forum

10/06/20 • 41 min

Episode 99 - Securityweek's 2020 CISO Forum: HVS Style

Hacker Valley Studio

10/12/20 • 31 min

In this special live recording of the Hacker Valley Studio podcast, Chris and Ron are joined by Fredrick 'Flee' Lee, chief security officer at Gusto and an inspirational cybersecurity leader who is focused on making security "lovable" across the organization.

Securityweek’s CISO Forum is designed for senior level security leaders to discuss, share and learn innovative information security and risk management strategies. The forum addresses issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

The Hacker Valley Studio podcast explores the human element of cybersecurity programs and the inspirational stories and knowledge to elevate culture and quality of security programs.

Follow Flee on Twitter

Get your free audiobook from Audible.com

10/12/20 • 31 min

Hacker Valley Red Episode 5 - Ted Harrington

Hacker Valley Studio

10/06/20 • 41 min

In this episode of the Hacker Valley Studio podcast’s Hacker Valley Red series, this time featuring guest Ted Harrington. Ted is an Executive Partner at ISE Security, an author, and a professional speaker. Hosts Ron and Chris speak with Ted about the concept of unhackability, his experience in the security field, an interesting story of an attack in real time, and more!

To start off the interview, Ted shares about his background. He currently works for a consulting firm that focuses on ethical hacking and aims to help companies solve their security problems, and his interest in the work of hacking goes back to a car-hacking experience in which he and his colleagues were inspired by a claim of unhackability and disproved the claim. Ted clarifies that there is effectively no such thing as an unhackable device or application, but that his work centers on closing attack vectors and making security systems stronger. In fact, he wants his legacy in the field to center on making things better. He shares about his own energy and motivation, and also explains the mindset of a hacker, which involves creativity and a certain way of thinking about and solving problems.

Ted has learned a great deal in his years in the hacking field, and Ron and Chris are eager to draw lessons out for listeners. Ted explains misconceptions about the red side of security before providing an extended example of hacking in real time: an example of cryptocurrency wallets that involved Ted and his team happening upon a real thief at work. Ted explains that people should not have a laissez-faire attitude about security, and that they should foster a right mindset and right partnerships. He clarifies that he sees many breakers start as builders, explains the utility of thinking from the perspective of a buyer, and offers advice for listeners looking to enter the field. This advice centers on mindset and hands-on activity; there are lots of opportunities to get involved with DEF CON, talks, contests, and even internships (including some at Ted’s company).

1:50 - The episode features Ted Harrington; listeners are introduced to him and the episode ahead.

3:05 - The conversation begins with Ted’s background.

7:21 - The group considers the term “unhackable,” closing attack vectors, and breakers starting as builders.

14:02 - “Think like a hacker.”

20:02 - Ted explains some lessons from real-life work, focusing on a cryptocurrency wallet example.

25:13 - What should people learn and do?

30:38 - Where do Ted’s energy and motivation come from, and what is the most interesting part of his work?

34:32 - Ted offers advice and shares what he hopes his legacy in the field will be.

Links:

Connect with Ted on LinkedIn or email him at [email protected]

Learn about Ted’s book, Hackable

Learn more about the season sponsor, RiskIQ

10/06/20 • 41 min

Hacker Valley Red Episode 4 - Alissa Knight

Hacker Valley Studio

10/06/20 • 46 min

On this episode of Hacker Valley Studio, hosts Ron and Chris speak with Alissa Knight, author of the book Hacking Connected Cars and self described “recovering hacker.” Their conversation covers content creation, API’s and hacking cars.

Alissa grew up in Seattle, Washington where there was a big art scene. She began building her own computers and running her own boards at an early age. She says a lot of people don’t know that she started out in the BBS scene back in the 90’s. At seventeen she hacked into a government network and was arrested. Eventually, the charges were dropped on a technicality and she went on to work for the US Intelligence Community in cyber warfare.

Alissa’s first start-up was a web design company where she ran a Lennox webserver around the time the teardrop attack in Lennox servers. The people she rented office space from were teardropping her web hosting server. She picked up a book on cyber security, and got introduced into the world of cyber security through necessity. She had a passion for finding vulnerabilities, and understanding things that were difficult to understand, which is what brought her to embedded systems. The rest she says is history.

As the episode ends, Alissa talks about her YouTube Channel, KnighTV. She says she’s always been an artist, and always wanted to do things at 200%. Her following is relatively new, at the beginning of 2019 she only had 4 followers on Twitter and now she’s passed the threshold to be part of the YouTube Partner Program. She wanted a cinematic experience for the viewer to stand out and not be just another video for the viewer. For anyone interested in getting started in being a breaker, she’s posted a couple videos on the topic, and explains there are many resources at their disposal. She says this line of work takes grit, and in her opinion a passion for reading.

2:08 - The episode and guest are introduced.

3:19 - Alissa gives an overview of her background.

6:29 - How Alissa’s career began.

10:16 - Do you have to program to hack?

14:26 - What led Alissa to hacking cars?

24:55 - Alissa explains what people get wrong about the red team.

29:25 - Alissa answers the question, “is there an unhackable device?”

36:54 - How KnightTV came into being.

41:08 - Alissa gives her advice on where to start getting into cyber security

Links:

Learn more about Hacker Valley Studio

Support Hacker Valley Studio on Patreon

Follow Hacker Valley Studio on Twitter

Follow Alissa Knight on Twitter

Subscribe to Alissa’s YouTube Channel

Learn more about the season sponsor, RiskIQ

10/06/20 • 46 min

Hacker Valley Red Episode 6 - Lisa Jiggetts

Hacker Valley Studio

10/06/20 • 34 min

On this episode of Hacker Valley Studio, hosts Ron and Chris speak with Lisa Jiggetts, founder of Women’s Society of Cyberjutsu. Their conversation covers Lisa’s background, her current work and her involvement as a penetration tester.

Lisa says she’s always been a techie who loved gadgets, breaking things and trying to understand how they fit together. She knew she wanted to work with computers, but wasn’t sure what that meant, exactly. Out of high school she joined the military working in IT, but knew she wanted to be a hacker. Eventually, she made her way to pentesting apps and systems in the cloud. Lisa loves the game aspect of pentesting and the red team. She says she enjoys the challenge of trying to get into the box and “level up,” trying more and more ways in before reaching out for help.

In between jobs a few years ago, Lisa began dreaming of a hands on training group for women like herself. It began as a meet-up group, which grew into the Women’s Society of Cyberjutsu, (WSC). She wanted hands-on workshops and an opportunity for networking and building a network of mentors and mentees. The first workshops and members were women in IT and even outside of tech, who were looking for a change and challenge in their career. Now the organization is in a state of growth with chapters across the country. To anyone interested, she says WSC gives the opportunity for hands-on training and a network of support.

As the episode ends, Lisa shares her advice to anyone interested in the red team or the world of cyber security in general. Her number one piece of advice is networking, because that’s the way she’s found a lot of her work in the past. She also encourages listeners, regardless of where they’re starting, to get their skills up any way they can. The field is always changing, Lisa says, so the initiative to work and show up is invaluable.

2:12 - The episode and guest are introduced.

3:50 - Lisa gives an overview of her background.

10:00 - Lisa explains her breaker mentality.

15:57 - What made Lisa commit to pentesting and the red team?

20:34 - Lisa discusses the founding of the Women’s Society of Cyberjutsu.

29:44 - Lisa’s advice for listeners interested in the red team and cyber security.

Links:

Learn more about Hacker Valley Studio

Support Hacker Valley Studio on Patreon

Follow Hacker Valley Studio on Twitter