Michael Jenks: Lessons from a Former DoD Professional
02/12/24 • 42 min
About the Guest:
Michael Jenks, commonly referred to as "Jenks," is an esteemed figure with an extensive background in the Department of Defense (DoD). With a penchant for cybersecurity and a wealth of experience in cyber warfare, Jenks offers a valuable skill set that has been honed in high-stakes environments where precision and accuracy are paramount. Having started his journey in computer science, he quickly developed a fascination with digital code and its impact. Transitioning from dial-up ISPs to L-3 Communications, where he gained clearance for classified work, Jenks eventually founded his own defense contracting company specializing in offensive and defensive cyber operations.
Episode Summary:
In this riveting episode of the Phillip Wylie Show, host Phillip examines the intersection of cybersecurity and defense backgrounds through his conversation with Michael Jenks from Interpris. The dynamic dialogue delves into how professionals from critical sectors, such as the Department of Defense, bring innovative solutions and meaningful perspectives to the cybersecurity industry.
Jenks shares his 'origin story,' which follows a trajectory starting from gaming and IRC administration, leading to a computer science degree and an impressive tenure at various defense-related roles. His story highlights a critical insight: that the best cybersecurity defenses are often forged in the crucible of real-world operations where the cost of failure is immense.
Central to the conversation, Jenks unravels the methodology behind Interpris—a platform designed to contextualize and elevate existing cybersecurity tools through continuous threat exposure management. Leveraging a thorough understanding of threat profiles, Interpris aims to help organizations prioritize potential risks based on industry, operations, and data sensitivity. The platform's philosophy is clear—fortify defenses by optimizing tools that organizations already possess, using informed strategies and continuous monitoring to proactively counter advanced cyber threats.
Key Takeaways:
Cyber professionals with DoD experience bring invaluable expertise to cybersecurity solutions.
Interpris focuses on improving an organization's security posture by providing context and strengthening existing tools.
Assume breach approach and implementing best practices are essential for a robust security posture.
Insider threats are as significant as external threat actors, making holistic security measures necessary.
The emergence of AI in both offensive and defensive cybersecurity tools is rapidly changing the landscape.
Notable Quotes:
"I mean, man, if you have it, background, a clearance, man, there are just a ton of jobs." -Michael Jenks
"From just the digital realm. Gamer growing up. Cut my teeth on hacking back in the day." -Michael Jenks
"You already have enough tools, right. It's really just that optimized configuration, that prioritization, that customization." -Michael Jenks
"It's my job to defend this environment. I have no idea where we're protected, where we're not." -Michael Jenks
"What we're doing is weaving together all of these products, from EDR, from network sensing, to firewall, to your ESM." Michael Jenks
Resources:
https://www.linkedin.com/in/michaeljenks/
https://www.linkedin.com/company/interpres-security/
https://twitter.com/InterpresSec
https://interpressecurity.com/
About the Guest:
Michael Jenks, commonly referred to as "Jenks," is an esteemed figure with an extensive background in the Department of Defense (DoD). With a penchant for cybersecurity and a wealth of experience in cyber warfare, Jenks offers a valuable skill set that has been honed in high-stakes environments where precision and accuracy are paramount. Having started his journey in computer science, he quickly developed a fascination with digital code and its impact. Transitioning from dial-up ISPs to L-3 Communications, where he gained clearance for classified work, Jenks eventually founded his own defense contracting company specializing in offensive and defensive cyber operations.
Episode Summary:
In this riveting episode of the Phillip Wylie Show, host Phillip examines the intersection of cybersecurity and defense backgrounds through his conversation with Michael Jenks from Interpris. The dynamic dialogue delves into how professionals from critical sectors, such as the Department of Defense, bring innovative solutions and meaningful perspectives to the cybersecurity industry.
Jenks shares his 'origin story,' which follows a trajectory starting from gaming and IRC administration, leading to a computer science degree and an impressive tenure at various defense-related roles. His story highlights a critical insight: that the best cybersecurity defenses are often forged in the crucible of real-world operations where the cost of failure is immense.
Central to the conversation, Jenks unravels the methodology behind Interpris—a platform designed to contextualize and elevate existing cybersecurity tools through continuous threat exposure management. Leveraging a thorough understanding of threat profiles, Interpris aims to help organizations prioritize potential risks based on industry, operations, and data sensitivity. The platform's philosophy is clear—fortify defenses by optimizing tools that organizations already possess, using informed strategies and continuous monitoring to proactively counter advanced cyber threats.
Key Takeaways:
Cyber professionals with DoD experience bring invaluable expertise to cybersecurity solutions.
Interpris focuses on improving an organization's security posture by providing context and strengthening existing tools.
Assume breach approach and implementing best practices are essential for a robust security posture.
Insider threats are as significant as external threat actors, making holistic security measures necessary.
The emergence of AI in both offensive and defensive cybersecurity tools is rapidly changing the landscape.
Notable Quotes:
"I mean, man, if you have it, background, a clearance, man, there are just a ton of jobs." -Michael Jenks
"From just the digital realm. Gamer growing up. Cut my teeth on hacking back in the day." -Michael Jenks
"You already have enough tools, right. It's really just that optimized configuration, that prioritization, that customization." -Michael Jenks
"It's my job to defend this environment. I have no idea where we're protected, where we're not." -Michael Jenks
"What we're doing is weaving together all of these products, from EDR, from network sensing, to firewall, to your ESM." Michael Jenks
Resources:
https://www.linkedin.com/in/michaeljenks/
https://www.linkedin.com/company/interpres-security/
https://twitter.com/InterpresSec
https://interpressecurity.com/
Previous Episode
Be Fearless Online: In Browser Malicious File Detection Part 1
About the Guest:
Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.
Episode Summary:
In this riveting episode of the "Philip Wylie Show," listeners are invited to explore the intricate world of cybersecurity with Jeswin Mathai, who returns to discuss the innovative features of Squarex. Designed to bolster online safety, Squarex addresses the challenges individuals face with malicious files, particularly through email and other online communication platforms.
Jeswin demonstrates Squarex's ground-breaking in-browser malicious file detection capability against the backdrop of increasing macro-based cyber threats. These threats often exploit macros within documents to compromise systems, a technique that has persisted in popularity among cybercriminals. Jeswin also touches upon the limitations of traditional antivirus solutions and email client security in detecting such risks.
Key Takeaways:
Squarex's new feature conducts an in-browser analysis of files to promptly detect malicious content, enhancing email client security.
Traditional antivirus programs and email clients often fail to adequately detect or block macros, a common vector for cyber attacks.
Attackers can exploit file type mismatches and employ social engineering tactics to deliver malicious payloads through seemingly benign document files.
Jeswin unveils techniques such as "VBA Stomping" and "VBA Purging" that attackers use to bypass antivirus detection.
Squarex offers solutions to safely convert potential macro-threats into clean or PDF versions within the browser, providing a privacy-centric approach to cybersecurity.
Notable Quotes:
"Anytime you receive a malicious attachment...we are going to do in-browser file analysis." - Jeswin Mathai
"It's kind of interesting because, like going through the OSCP course, one of the payloads they were mentioning during that time, this was back 2012, 2013, was using macros in the payloads." - Phillip Wylie
"Gmail, when it comes to webmail client, has the most amount of market share...72% is just Gmail." - Jeswin Mathai
"So the way mail clients work is, let's say here, we'll consider the example of Gmail..." - Jeswin Mathai
"The sad part about COVID was a lot of things happened that we are not aware of because the sad event of COVID, the deaths...a lot of other attention or other issues were not given that much amount of attention and they never came to the light of the public." - Jeswin Mathai
Resources:
Get your free Chrome plugin: http://sqrx.io/pw_x
https://www.linkedin.com/company/getsquarex/
https://twitter.com/getsquarex
https://www.instagram.com/getsquarex/
Next Episode
Be Fearless Online: In Browser Malicious File Detection Part 2
About the Guest:
Dakshitaa Babu is a Software Engineer at SquareX, where she is engaged in data engineering and analytics.
She is also the pen behind the engineering blogs written on SquareX's infrastructure and security research. After completing her Bachelor's degree at the National University of Singapore, Dakshitaa joined SquareX, marking her foray into the cybersecurity industry. While new to the field, her enthusiasm for discovering and understanding new concepts has quickly established her as a committed contributor to the evolving sector. Her interests are in Browser Security and consumer education.
Episode Summary:
In this captivating episode of The Phillip Wylie Show, cybersecurity enthusiasts witnessed a deep dive into the cutting-edge realm of in-browser malicious file detection with Dakshitaa Babu. Dakshitaa, showcasing her prowess in the industry, illustrates sophisticated features of her company's flagship cybersecurity product designed to enhance online safety.
Dakshitaa demonstrates the product's ability to detect malicious macros within files, emphasizing the significance of privacy in their detection methods which occur directly within the browser environment. Focusing primarily on Gmail due to its widespread use, she articulates how the product can reveal hidden dangers within office documents and macros. The episode highlights not only the detection of conventional threats but also uncovers tactics like file renaming, VBA purging, and old file format analysis to pinpoint potentially harmful activity.
The conversation shifts towards the efficiency and privacy advantages of in-browser detection. Dakshitaa explains how this approach offers immediate and private threat recognition compared to traditional methods. She confidently positions her company's product as a vital layer of defense, complementing existing antivirus solutions and empowering users with immediate insights into file safety before downloads occur.
Key Takeaways:
In-browser malicious file detection technology offers advanced privacy and fast analysis by scanning files directly within the email client.
Dakshitaa demoed the tech's proficiency in detecting renamed files, large file components, and outdated file formats—all indicative of potential malware.
The product integrates seamlessly with Gmail, providing users with immediate warnings and detailed insights into file contents without downloads.
Unique detection methods allow for identifying suspicious activities such as VBA purging, which can bypass some antivirus solutions.
The browser extension is free and compatible with all chromium-based browsers, encouraging user adoption for an added layer of cybersecurity.
Notable Quotes:
"We are going deeper than what surface level checks do in Gmail, for instance." -Dakshitaa Babu
"We have no idea why you're still using it in 2024." -Dakshitaa Babu
"We are trying to create a product that has never been there before that is truly important for every user." -Dakshitaa Babu
"We can't always take our own sweet time to scan through every single file thoroughly before letting the user use it." -Dakshitaa Babu
"We want to make sure that before you give the file a chance to even penetrate to your local device or to your network... we want to be there first and give you a first line of defense." -Dakshitaa Babu
Resources:
Get your free Chrome plugin: http://sqrx.io/pw_x
https://www.linkedin.com/company/getsquarex/
https://twitter.com/getsquarex
https://www.instagram.com/getsquarex/
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/phillip-wylie-show-259013/michael-jenks-lessons-from-a-former-dod-professional-44799514"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to michael jenks: lessons from a former dod professional on goodpods" style="width: 225px" /> </a>
Copy