This season of Hacker Valley Red wraps up with another interview of an incredible offensive cybersecurity legend. Known first and foremost for his work founding Metasploit and his recent work co-founding Rumble, HD Moore joins the show this week to talk about his journey from spiteful hacker to successful founder. HD walks through the history of Metasploit, the motivation behind their coding decisions, his opinions on open source software, and the excitement of exploration and discovery. Timecoded Guide: [04:57] Catching up on HD’s career from his hacking exploits in the ‘90s through his founding of Metasploit to his recent activities with Rumble [11:41] Getting personal with the feelings and takeaways from a project as successful and impactful on the cyber industry as Metasploit [18:52] Explaining HD’s personal philosophies around accessible education and the risk of sharing vulnerable information publicly  [25:39] Diving deep into the technical stories of HD’s path of discovery and exploration during his time at Metasploit [31:14] Giving advice for future founders and hackers looking to make a legendary impact on the cybersecurity community   Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley   What were some of the trials, tribulations, and successes of Metasploit?  Although Metasploit has had a lasting impact on the cyber world, HD Moore is not afraid to admit that part of Metasploit existed out of spite for critics, employers, and gatekeepers in the cybersecurity industry. In terms of trials and tribulations, HD saw a great deal of criticism come from his peers and from professionals ahead of him in the industry, often displaying rudeness towards the quality of the exploits and Metasploit’s audience of young hackers. Later, HD says that a surprising and amusing side effect of his success with the project was watching employers and peers go from criticizing to lifting up his work with Metasploit and attributing success of many hacking professionals to its creation. “When we started the Metasploit project, we really wanted to open up to everybody. We wanted to make sure that, even if you barely knew how to program, you can still contribute something to Metasploit. So, we did our best to make it really easy for folks to get in touch with us, to submit code.”   Where does your philosophy land today on giving information freely? HD has heard the same opinions many professionals that teach and give information freely have heard: “You’re making it easier for people to use this information the wrong way.” Instead of considering the worst possible outcomes of making hacking accessible, HD chooses to acknowledge the importance of accessible education and publicly provided information. According to HD, if someone is creating and teaching content to the next generation of red teamers, that content is theirs to use. Whether they’re a physical pen tester teaching lock picking or a hacker disclosing a vulnerability, what they choose to share with others has to be based on personal moral code and what others do with that information is up to them.  “It comes down to: You do the work, you own the result. If you're teaching people how to do stuff, great, they can do what they want. You can decide to do that, you can decide not to do that, but it's your decision to spend your time training people or not training them.”   Is it possible to be a CEO, or a co-founder, and stay technical? The downside of success in the cybersecurity industry is often stereotyped as losing the op

We’re joined again by the hacker’s hacker, Tommy DeVoss, aka dawgyg. Bug bounty hunter and reformed black hat, Tommy dives back into a great conversation with us about his journey in hacking and his advice to future red team offensive hackers. We cover everything we couldn’t get to from part 1 of our interview, including his struggles with burnout, his past hacking foreign countries on a bold quest to stop terrorism, and his future in Twitch streaming to teach you how to be a better bug bounty hunter.   Timecoded Guide: [02:57] Fixating on hacking because of the endless possibilities and iterations to learn, but understanding that burnout does happen, especially when hacking gets frustrating [09:54] Giving advice to the next generation of hackers, including patience for success, getting back up after a failure, and dedicating yourself to a hands-on learning experience [17:17] Contacting Tommy and keeping up with him on Twitter, and asking questions publicly so that others can learn from the answers he gives you [21:43] Planning a Twitch course to teach hackers about bug bounties using real bugs and real-world examples of how they work [24:57] Hacking in the early 2000s and understanding the freedom Tommy has to talk about any and all illegal hacking he’s done now that he’s gone to prison    Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley   Do you ever struggle with burnout when it comes to hacking? Hacking has maintained Tommy’s interest longer than anything else because of the constant changes in technology and the ever-evolving issues in the online world. However, just because hacking is his passion, doesn’t mean that burnout or frustration never happens. Currently, Tommy is taking more of a break with hacking, letting his current day job and his passion for gaming have a front seat. However, he’s still firmly in the industry, passionately developing learning opportunities for future hackers and answering questions from cyber professionals of all backgrounds. “I do get burned out sometimes…When it comes to bug bounty hunting, I try and make it so it averages out to where I make at least $1,000 an hour for my effort. It doesn't always work. Sometimes I'm more, sometimes I'm less, but I try and get it so it averages out to about that.”   What hacking advice would you give the younger version of yourself?  Although his black hat ways resulted in prison time for Tommy, he doesn’t regret his past and instead seeks to teach others the lessons he’s learned. When we asked Tommy for advice for new hackers, he was clear that success is a longer journey than people assume it is. Tommy’s success was not a fluke, it took years of hands-on learning and patience with failures in order to develop his bug bounty skills. Nothing is actually automatic or easy with hacking, especially as the technology continues to change and evolve. Tommy wants hackers to take every opportunity to try out their skills, even if it's a complete failure. “Don't expect success overnight. Also, don't let failure discourage you. When it comes to hacking, you're going to fail significantly more than you're going to succeed. And the people that are successful in bug bounties are the ones that don't let those failures discourage them.”   What do you think about the “media obsessed” stereotype many people have about black hat hackers? Wrapping up today, Tommy tells us that he’d be happy to be back in the Hacker Valley Studio again some time. Although the stereotype of a black hat hacker wanting attent

We’re joined by million-dollar hacker and bug bounty hunter, Thomas DeVoss, this week as we continue our season-long discussion of offensive cybersecurity legends. A legend in the making with a success story in bug bounty hunting that has to be heard to be believed, Tommy is an incredibly successful black hat hacker-turned-bug bounty hunter. He represents how misunderstood the hacking community can be and how positively impactful bug bounties can be. Who hacks the hackers? Look no further than Tommy DeVoss.   Timecoded Guide: [02:59] Becoming interested in hacking for the first time at a young age through internet chat rooms and finding a mentor through those rooms [08:26] Encountering unfriendly visits with the government and the FBI after his hacking skills progressed and being arrested in the 2000s [14:20] Seeking his first computer job after a couple visits to prison and finding a new position with someone that knew of his hacking skills  [25:21] Discussing with Yahoo the possibility of working with them due to his successful bug boundaries and understanding the limitation he would be under if he did that [30:56] Giving honest advice to hackers looking to break into the bug bounty scene and make the amount of money that he’s making   Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley   When did you get into hacking for the first time? At an early age, Thomas found his passion for hacking in an IRC chat room. Mentored by a man named Lewis and encouraged by fellow friends in the hacking world, popping shells and breaking into US systems using foreign IP addresses. Although Tommy became incredible at his craft from a young age, his early habits became serious black hat issues that ended up getting him in trouble with the US government. Just like the hacker in a big Hollywood blockbuster, the government caught up with Tommy and he faced 2 years in prison in his first sentence. “Instead of coming back to him and saying, "Hey, I'm done," I came back and I was actually asking him questions like, "Can you explain this?” And he saw that I was like, actually interested in this and I wasn't one of the people that was just expecting it to be handed to me and everything like that.”    After spending time in prison, were there barriers to getting involved in hacking again?  After being in and out of prison a couple times, Tommy found the worst part of coming home to be his ban from touching any sort of device with internet access. Despite it being a part of his probation, his passion for tech continued to bring him back to computers and gaming. After his final stint in prison after being falsely suspected of returning to his black hat ways, the FBI lifted Tommy’s indefinite ban on computer usage and immediately renewed his passion for working in tech.  “They had banned me indefinitely from touching a computer. So, when I came home on probation the first time, they upheld that and I still wasn't allowed to touch computers as part of my probation. For the first month or so, I didn't get on a computer when I came home from prison, but then it didn't take long before I got bored.”   How did your cyber career pivot to bug bounty hunting? With prison behind him and his ban on computers lifted, Tommy got a job working for a family friend in Richmond, Virginia for a modest salary of $30,000. Although this amount felt like a lot at the time, he quickly realized that there was money to be made in bug bounties. His first few experiments in attempting bug bounty programs had him ear

John Hammond, Senior Security Researcher at Huntress Labs and self-described cybersecurity education enthusiast, joins us as we continue our discussion of red team legends. With a focus on content creation this week, John discusses his success with his YouTube channel, his passion for showcasing authentic and accessible educational materials online, and his advice for creating content safely and spreading awareness with not only a red team or blue team mindset, but with a purple team perspective. Timecode Guide:  [01:37] Understanding the impact of content creators in the cybersecurity community, especially when it comes to YouTube educational content [06:58] Becoming a successful YouTube creator through consistently posting hacking content and ignoring the stereotype of “overnight success” [13:28] Combining his role as a cybersecurity educator with his security research at Huntress to explore exploits and have real life experience with what he teaches [16:47] Focusing on the blue side of the house as someone with red team experience, and understanding how to use a tool like PlexTrac to create a collaborative purple team [21:13] Being mindful of the impact he has through sharing this knowledge and understanding the risk of cybersecurity educational materials falling into “the wrong hands” Sponsor Links:  Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley What is your origin story for wanting to educate other hackers? Like many of us, John started his journey Googling how to become a hacker. As he gained more knowledge about the specific skills involved in hacking, John never left the internet behind, always seeking out videos and articles explaining new and emerging content. Inspired by those who created that content in the first place, he started his own YouTube channel, simply titled John Hammond, as has spent years cultivating a consistent hacker audience.  “Along the way, creating content and helping educate others through YouTube is really my main stage platform and has been just a passion project, a labor of love, and something fun along the way.”   What feelings do you get looking back on the YouTube content you’ve created so far? John prioritizes clarity, transparency, and honesty in what he does, and he’s not afraid to show some humbleness, too. Overall, John is thankful for his YouTube success and the impact it had on the cybersecurity community. No matter what he’s showing in his videos, he prefers to keep things honest, to show where he’s made mistakes, and to accept criticism and advice from other hackers and offensive cybersecurity professionals that see his work.  “I'm showcasing just my computer screen, maybe you get a little face cam and a circle on the bottom right, but it's like you're looking over my shoulder. You're seeing me showcase something raw, live, genuine, and authentic…It’s not all sexy, there’s a lot of failure in hacking.”   Have you ever considered focusing on the blue team or the defensive side of cybersecurity? The majority of John's YouTube content and the work he does in his role at Huntress Labs heavily involves the red team and offensive side of cyber. However, John is a huge advocate for the blue team and the red team collaborating and communicating better. Through making more concepts in cybersecurity accessible through educational content like John’s own videos, he hopes we can continue to bridge the gap and achieve that perfectly mixed purple team. “We're all playing in concert. As one team sharpens their skills in the red team pen t

We’re joined by sponsor and guest Dan DeCloss, CEO and Founder of PlexTrac, on the podcast today to talk about communication and collaboration between the red and blue side of cybersecurity and why security success depends on those two sides working together. On their mission to build stronger, more productive, and well-rounded security teams, PlexTrac provides incredible and insightful metric and messaging tools that change the game for the cybersecurity industry. Timecoded Guide: [05:36] Understanding PlexTrac’s history and mission for cybersecurity teams [09:58] Lack of empathy and understanding in red team and blue team communication [18:48] Breaking through the resentment and confusion within a team [24:45] Envisioning the future of PlexTrac’s community impact [27:52] Caring about your cybersecurity mission beyond yourself Sponsor: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley   What is the function of PlexTrac that would help you the most as a pen tester? With prior hands-on experience on the red side, Dan found his journey to creating PlexTrac to be full of moments where he wanted to fix the same problems he encountered over and over with reporting and communicating. One of these problems was solved easily with the addition of a video feature, a simple function that has existed since PlexTrac first began but is instrumental and is a huge time-saver for visual learners. “As a pen tester, I hated finding that I had 20-odd screenshots if it's a pretty complex exploit. I think the adage for us is like, if a picture's worth 1,000 words, then a video is worth 1,000 pictures, right?” What do you think are some of the gaps in skills that organizations face when hiring these professionals to perform offensive operations? Communication is key— not just in life, but in this episode. While we’ve discussed skills gaps previously in cybersecurity, Dan is quick to point out that a consistent gap he sees in all areas of cybersecurity is effective communication. PlexTrac keeps this struggle to communicate in mind and creates easy, simple pathways and functions that encourage communication and facilitate collaborative problem solving. “If there's one area that I really emphasize with anybody that I'm mentoring or have hired in the past is, as a security person, whether you're red or blue, you really do need to be a good communicator and be able to communicate risk effectively within the right context.” What would you want to say to those folks that don't see eye-to-eye from the red or the blue side? We’re fighting the same fight, no matter if we’re on the red side or the blue side of cybersecurity. Dan’s message for our warring red and blue teams throughout the industry is to understand the importance of your mission and to not let relationships between red and blue feel clouded with misunderstanding or resentment. No one’s job is harder than anyone else’s, and each role on offensive and defensive plays a part in our collective victory. “I'm gonna just be point blank about it…Are you trying to just prove a point about your knowledge and your skills? Or, are you actually trying to make the world a safer place?” What would you want to say to all those folks out there [in cybersecurity]? As PlexTrac aims to make a huge impact on our community, Dan and his team acknowledge a need for a unified, focused, and collaborative cybersecurity industry, with hard workers on both the red and blue sides. With PlexTrac’s assistance in making reports, measurable results, and communication that much

We’re breaking down the concept of difference makers this week and we couldn’t help but call upon Mari Galloway, CEO of the Women’s Society of Cyberjutsu, to be our guest during this conversation. As a black woman in cybersecurity who has dedicated a large portion of her career to helping women and girls become a part of the cyber community on both the technical and non-technical sides, Mari is a stunning example of making a difference and creating a path to expand cybersecurity beyond stereotypes.  Timecoded Guide:  - [01:29] Defining the difference makers and explaining the OODA loop - [13:52] Introducing Mari and the Women’s Society of Cyberjutsu  - [20:14] Finding her purpose in helping others find their purpose  - [25:06] Explaining the roles and paths available outside of strictly technical  - [30:31] Understanding imposter syndrome and forging a freedom-based career journey  Sponsor:  Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!  Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone  PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley    What is that like to see people go from taking that original red pill all the way through starting their career in cybersecurity?  When we talk about making a difference, many of us don’t get to see our impact as clearly as the Women’s Society of Cyberjutsu sometimes gets to see. Mari tells us numerous stories of women throughout this episode, including herself, who became a part of this industry because of the instrumental work they do in outreach and education. For Mari, seeing women change their minds and majors to become a part of the tech industry shows how vital this work is.  “These are the moments we're waiting for, whether it's one person or 50 million people. We want you to feel confident enough to get the skills you need, get in the industry, continue to refine those skills, and be super successful.”    What would you equate your purpose to, and how does everything you do fit into it? Like many of us, Mari isn’t entirely sure what her purpose is, but she knows that she enjoys helping the next generation and making a difference in the landscape of cybersecurity. Working with a nonprofit is not an easy job, even if it is rewarding, and Mari still prioritizes her freedom alongside meeting her purpose. No matter what Mari’s future holds, she knows that this work and this purpose to help others will always find her.  “I think as I get older, as I start to take steps back to just kind of look at what's happened and the impact that I'm having and others around me are having on the next generation of folks coming up, I think my purpose is to help people. It's to help other people see their potential.”    How do you feel like creating that safe environment has affected others?  Helping others find their footing in the cybersecurity industry can be extremely rewarding, especially when Mari found herself in a situation of uncertainty when she first joined the Cyberjutsu Tribe. The community of cybersecurity and the stereotypes around hackers can feel incredibly uninviting from the outside. Offering people, especially women and young girls, an opportunity to step into a safe space where they can ask anything has been huge for Mari.  “We call it our Cyberjutsu Tribe, and we want to make sure that anybody that comes to us feels like they can reach out and touch us and ask us questions and get answers and just have a conversation with us.”    How do we invite more people in and let them know that there are opportunities in cyber outside of technical roles?  Whether you’re hacking, selling, managing, or marketing, there is a space for you

Those on the red team may not be household names to the everyday person, but they are absolute legends and icons in the world of cybersecurity and hacking. While we have our personal favorite hackers between the two of us, we also invite our guest, Davin Jackson, to share his favorite cybersecurity legends and the lessons he’s learned from them. Timecode Guide: [00:50] The importance of red teaming, especially during this season [02:17] Ron and Chris’ first experience working in a red team environment [11:23] Communication and collaboration between blue and red [16:53] Knowledge gained from Davin Jackson’s humble beginnings in tech [22:19] Gaining the blue perspective with Hacker Valley Blue   Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac, the proactive cybersecurity management platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley Legends, Icons, Teachers, and Friends From Marcus Carey to Johnny Long, we’re excited to share the legends that had an early influence and lasting impact on our careers in cybersecurity. While our two backgrounds in red teaming are different, we can attribute so much of our success and our ability to share our knowledge with all of you to the experts that were willing to invite us to join and learn the best hacking techniques alongside them. “I think that's the most important thing in red teaming, it’s passing that knowledge on to someone else.” - Chris Cochran   Communication, collaboration, and community instead of red vs blue It is not two teams with two separate fights when we’re talking about red teams and blue teams. Often, when cybersecurity is too focused on this split between offensive and defensive, we forget to collaborate and fall short of improving on issues we discovered. Communication between red and blue can be a costly struggle, which is why we’re happy to see our sponsor PlexTrac stepping in to develop communication technology for these teams. “There's this push and pull of collaboration. On one hand, you want the red team to work autonomously…but on the other hand, they do need insight if you’re going to go deeper and deeper.” - Ron Eddings   Legends met, lessons learned, tech loneliness understood In the latter half of our episode, we’re joined by Hacker Valley Blue host Davin Jackson, also known as DJax Alpha. Davin started his cybersecurity journey with no computer of his own. Working his way up from basic tech jobs at corporations like Circuit City, lessons Davin learned from the legends he looked up to include finding a mentor, focusing on networking (even when it feels like a dead end), and being always willing to share what you’ve learned. “It’s about consistency, and you have to have self control and discipline…It’s one thing to get it, but it’s another to maintain that success.” - Davin   Hacking the Vocabulary: Pen test — Pen test, or penetration testing, is a method of identifying and testing vulnerabilities and gaps in an IT security system that could be exploited. This can also be referred to as “ethical hacking”. Popping a shell — A slang term for when a hacker exploits a security vulnerability to make a program run a hacker code. Red team — A group within an organization made up of offensive security experts who try to attack an organization’s cybersecurity defenses. Blue team — A group of defensive security experts within the same organization that defends against and responds to the red team attack. Additional resources to check out: Marcus J Carey, Johnny Long/Hackers for Charity, United States Cyber Command, Booz Allen Hamilton ---------- Spend some time with our guest, Davin Jackson (DJax Alpha/Alp

In this season of Hacker Valley Red, we focus on cybersecurity legends in offensive operations with a legend in physical pen testing and lockpicking: Deviant Ollam. As a pioneer in our industry and an author of two incredible books about lockpicking, Deviant shares his history from hobbyist to professional and all that he’s learned along the way. He also discusses making the secrets of the hacking world accessible to all. Timecoded Guide: [01:28] Defining the pioneers in cybersecurity [08:47] Deviant’s first explorations in lockpicking  [16:03] Accessing and democratizing hacking secrets [18:58] Becoming an author to transfer his knowledge [23:12] Seeing the past, present, and future of hacking   Sponsor Links:Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley _________   What does it mean to be a pioneer in cybersecurity?  As our season focuses on legends, it’s important that we explain what makes these individuals such a vital part of our community. In the case of this episode, we explain that our guest Deviant is nothing short of a pioneer. Deviant has been willing to take on new challenges and revolutionize the industry throughout his career, influencing hundreds of individuals and leaving a lasting educational impact on the entire industry. “That ‘zero to one’ part can be the hardest part of any progression in any field, but especially in cybersecurity.” — Chris   When you reflect on changing this whole industry, how does that make you feel? Despite our guest’s legendary reputation, Deviant is humble about his achievements, caring more about how his work has impacted others than himself. What he focuses most on in his teaching, presentations, and writing is making lockpicking and penetration testing accessible and understandable. Instead of harboring secrets and perpetuating exclusionary policies, Deviant wants anyone to be able to master these skills and understand this knowledge. “I’m not the first one who ever did this. What I like to think of my contributions is that they have chiefly been making it accessible and democratizing this knowledge.” — Deviant    Do you think it's harder today to stand out than it was a couple of decades ago? For Deviant, our globalized internet and algorithm-focus social media sites are both a blessing and a curse. While knowledge can be found on every corner of the web and anyone can become familiar with the information that was once borderline inaccessible, Deviant also recognizes that younger hackers and lockpickers will have a very different rise to success than he did years ago, especially due to fragmented audiences and tricky algorithms.  “We have more avenues to put yourself on display, to put yourself out there than ever before, but that means the audience is fragmented and is spread so thin.” — Deviant   What piece of advice would you have for the folks that want to make an impact in security and technology and in our community today? Although success will look different for newer members of our cybersecurity community, Deviant is confident that the younger innovative minds of the future will be able to solve so many of the long-standing problems within our industry. However, he reminds our younger audience that they need to still respect the tenured members of the cybersecurity world and learn from them without oversimplifying the issues past professionals have faced.  “Start thinking about it in a way that doesn’t use ‘just,’ because every old head in the industry has heard that….We couldn’t ‘just’ do it, or we would’ve ‘just’

In this special mini series of Hacker Valley Red, hosts Ron and Chris are joined by the Senior Vice President of Intelligence at CrowdStrike, Adam Meyers, to review and highlight elements shared in CrowdStrike’s 2022 Global Threat Report.  In the final episode of this series Ron, Chris and Adam discuss threats to cloud infrastructure and how to better secure the gaps. Adam explores how the adoption of cloud technology has expanded our attack surface, how the digital transformation has placed significant strain on asset management and observability, and why identity protection and zero trust protocols might be your biggest defense against data breaches. He takes a deep dive into the Log4J vulnerability and its massive impact on cybersecurity teams all over the world. Finally, the trio examine the intersection of cloud and supply chain security and its implications on security operations.   Guest Bio: Adam Meyers is a recognized expert in the security and intelligence communities. With more than 15 years of experience in the security space, Adam has extensive experience building and leading intelligence practices in both the public and private sector. Adam is a founding employee and SVP on the executive team at CrowdStrike Inc., a global provider of security technology and services focused on identifying advanced threats and targeted attacks. A sought-after thought-leader, Adam conducts speaking engagements and training classes around the world on the topics of threat intelligence, reverse engineering, and data breach investigations.   Links: Stay in touch with Adam Meyers on LinkedIn and TwitterFollow CrowdStrike on LinkedIn and  Twitter and learn more about what CrowdStrike has to offer on their websiteHacker Valley Studio: Swag | LinkedIn | Twitter | Instagram | Email Ron & Chris | WebsiteSupport Hacker Valley Studio on PatreonContinue the conversation on our DiscordThanks to our friends at CrowdStrike for sponsoring this episode!  

In this special mini series of Hacker Valley Red, hosts Ron and Chris are joined by the Senior Vice President of Intelligence at CrowdStrike, Adam Meyers, to review and highlight elements shared in CrowdStrike’s 2022 Global Threat Report.  In episode two of this series Ron, Chris and Adam take a deep dive into APTs – how it’s changed over the years and where we stand on the matter today. Adam uncovers the motivations behind nation-state attacks, how APTs are becoming more sophisticated in conducting espionage, and what we need to know about supply chain attacks. Lastly, he explores how APTs are utilizing the cloud and current events to further their operations.   Guest Bio: Adam Meyers is a recognized expert in the security and intelligence communities. With more than 15 years of experience in the security space, Adam has extensive experience building and leading intelligence practices in both the public and private sector. Adam is a founding employee and SVP on the executive team at CrowdStrike Inc., a global provider of security technology and services focused on identifying advanced threats and targeted attacks. A sought-after thought-leader, Adam conducts speaking engagements and training classes around the world on the topics of threat intelligence, reverse engineering, and data breach investigations.   Links: Stay in touch with Adam Meyers on LinkedIn and TwitterFollow CrowdStrike on LinkedIn and  Twitter and learn more about what CrowdStrike has to offer on their websiteHacker Valley Studio: Swag | LinkedIn | Twitter | Instagram | Email Ron & Chris | WebsiteSupport Hacker Valley Studio on PatreonContinue the conversation on our DiscordThanks to our friends at CrowdStrike for sponsoring this episode!  

In this special mini series of Hacker Valley Red, hosts Ron and Chris are joined by the Senior Vice President of Intelligence at CrowdStrike, Adam Meyers, to review and highlight elements shared in CrowdStrike’s 2022 Global Threat Report.  In episode one of this series Ron, Chris and Adam take a deep dive into understanding the state of ransomware today and how it’s shaping the cybersecurity landscape as we know it. Adam explores the evolution of ransomware from a targeting and technical perspective, how data extortion has impacted day-to-day operations and services in our industry, and the risks cloud/SaaS environments present in today’s threat climate. Adams shares a glimpse into the creation of the Global Threat Report and how CrowdStrike is uniquely poised in providing actionable intel to help safeguard your data and operations. Lastly, he gives his advice on how to properly ingest the information provided in the report.   Guest Bio: Adam Meyers is a recognized expert in the security and intelligence communities. With more than 15 years of experience in the security space, Adam has extensive experience building and leading intelligence practices in both the public and private sector. Adam is a founding employee and SVP on the executive team at CrowdStrike Inc., a global provider of security technology and services focused on identifying advanced threats and targeted attacks. A sought-after thought-leader, Adam conducts speaking engagements and training classes around the world on the topics of threat intelligence, reverse engineering, and data breach investigations.   Links: Stay in touch with Adam Meyers on LinkedIn and Twitter Follow CrowdStrike on LinkedIn and Twitter and learn more about what CrowdStrike has to offer on their website Hacker Valley Studio: Swag | LinkedIn | Twitter | Instagram | Email Ron & Chris | Website Support Hacker Valley Studio on Patreon Continue the conversation on our Discord Thanks to our friends at CrowdStrike for sponsoring this episode!  

Alissa Knight joins Ron and Chris to wrap up this season  2 of Hacker Valley Red. Why? Some big news is why! Stay tuned for that and much more as the trio dive back into the mind of a hacker.   Key Takeaways: 02:57 Big News! 03:20 Alissa's Bio, round 2 05:10 Ron’s takeaway for this season of Hacker Valley Red 06:43 Alissa’s take on Lisa Forte 09:30 “My content is different” 11:38 Hacking an entire industry and doing research with it 18:56 The generational difference – Past vs. Present 21:10 Alissa and the video world 23:49 The dream guest 26:13 Alissa asks the golden question   Links: Hacker Valley Studio: Swag | LinkedIn | Twitter | Instagram | Email Ron & Chris | Website Alissa Knight: YouTube | LinkedIn | Twitter | Website Support Hacker Valley Studio on Patreon Join our monthly mastermind group via Patreon HVR is proudly presented by Axonius

This episode is all about the hacked mind and who better to discuss it with than Lisa Forte. Lisa is a partner at Red Goat Cyber Security -- she started her career in counter piracy operations off the coast of Somalia and then worked her way to UK Counter Terrorism Policing. She continued her career in UK Police Cyber Crime Units and co-founded a movement called, “Respect in Security” to try and stamp out harassment and abuse in the infosec industry. This episode is a loaded weapon in the fight against insider threat.   Key Takeaways 2:11 Bio 2:42 Lisa’s favorite part of the job - working with Marines 5:07 What is insider threat? 6:04 An actual employee who got coerced 10:03 Surprising facts about attackers 12:30 Preventing insider threat 15:05 The attackers’ tactics and motivation 22:56 Respect in security - a company after harassment in cyber 26:20 Chris was manipulated on Myspace. What happened?   Hacker Valley Studio: Swag | LinkedIn | Twitter | Instagram | Email Ron & Chris | Website  Lisa Forte: Twitter | LinkedIn | Blog | Website Support Hacker Valley Studio on Patreon Join our monthly mastermind group via Patreon HVR is proudly presented by Axonius

This week on Hacker Valley Red, Chris and Ron are joined by Dan Trauner. Dan is Senior Director of Security at Axonius, and takes pleasure in breaking things to find creative ways to put them back together. The three colleagues discuss more technical specifics of a hacker’s mind, like how we can understand motive and deception, trends among attacks, and much more.     Key Takeaways: 03:09 Bio 04:33 Where to start when you attack a computer – Finding weaknesses 10:20 Surprising Motives 13:00 Trends among security risks 14:34 Bitcoin & Crypto 16:26 The future of attacks 21:00 Reducing attack success 23:10 Understanding deception 27:50 Cohesion between red and blue teams   Links: Hacker Valley Studio: Swag | LinkedIn | Twitter | Instagram | Email Ron & Chris | Website  Dan Trauner: LinkedIn | Twitter  Support Hacker Valley Studio on Patreon Join our monthly mastermind group via Patreon HVR is proudly presented by Axonius

Laurie Pieters-James is an Offender Profiler, Forensic Criminologist, Expert Witness and best-selling author of Shattered Lives: The Story of Advocate Barbie. Chris, Ron and Laurie dive deep into understanding the mind of a hacker, a criminal, and a criminal hacker. Laurie has spent her career learning to profile the most heinous criminals, both in cyber and on the streets. Listen to help yourself understand the enemy from the inside out.     03:20 Bio 04:41 Why did you choose to learn the mind? 06:23 Do criminals think about the punishment when they commit a crime? 09:06 The bridge to cyber security 13:39 Replicating red challenges on the blue side 18:47 Moral disengagement 20:03 Justifying deviant behavior 24:28 More tools for hackers 28:07 Getting into criminology  31:05 Getting started understanding a hacker’s mind   Links:   Hacker Valley Studio: Swag | LinkedIn | Twitter | Instagram | Email Ron & Chris | Website  Laurie Pieters-James: Twitter | LinkedIn | Book Support Hacker Valley Studio on Patreon Join our monthly mastermind group via Patreon HVR is proudly presented by Axonius

Welcome back to Hacker Valley Red season two. This week Chris and Ron are joined by a hacker through and through. Alissa Knight blends influencer marketing, content creation in writing and filmmaking/cinematography, and go-to market strategies for telling brand stories at scale in cybersecurity through the lens of a hacker. She achieves this through ideation to execution of content strategy, storytelling, and execution of influencer marketing strategies that take cybersecurity buyers through your brand’s custom curated journey. But more importantly, she tells us what it takes to hack an entire industry... Key Takeaways:   03:25 Bio 05:59 Why hacking? 07:32 What is FHIR? Hear how it was to hack it. 10:43 I’m just a hacker who did homework 13:50 Unexpected vulnerability 17:57 Support 20:22 How an API works 24:23 Input validation 29:28 A date worth more than oil 33:23 How to scale efforts   Hacker Valley Studio: Swag | LinkedIn | Twitter | Instagram | Email Ron & Chris | Website  Alissa Knight: YouTube | LinkedIn | Twitter | Website Support Hacker Valley Studio on Patreon Join our monthly mastermind group via Patreon HVR is proudly presented by Axonius

In episode three of Hacker Valley Red, Chris and Ron are joined by Deviant Ollam, a hacker to the bone and one of Chris’ inspirations in security. Deviant is currently a physical penetration specialist with The CORE Group and the Director of Education for Red Team Alliance. He is also a master lock-picker and uses his skill to shape the future of physical security. The three discuss very important topics, such as the hacker’s mindset, what we can do to foster growth in the next generation of cyber professionals and how physical security is changing.   Key Takeaways: 03:32 Bio 05:30 Developing the hacker’s mindset 08:40 Hacking in the past vs. the present 11:05 Bringing creativity and freedom back to kids, ultimately freeing adults 17:00 Impactful tinkering 21:39 The difference in the means to get to the end 25:28 Progress in physical security 27:17 Staying ahead of criminal tactics and mindset 31:35 Advice for people who need to fail up 34:57 Get in touch   Links:   Hacker Valley Studio: Swag | LinkedIn | Twitter | Instagram | Email Ron & Chris | Website  Deviant Ollam: Website | Youtube | Twitter Support Hacker Valley Studio on Patreon Join our monthly mastermind group via Patreon Hacker Valley Red is proudly presented by Axonius

Charity Wright is a Threat Intelligence Analyst with over 20 years of experience in the intelligence community, including the US Army and the National Security Agency, where she translated Mandarin Chinese. Charity now specializes in strategic intelligence, dark web cybercrime, counter-disinformation, and at Recorded Future. Join Ron, Chris and Charity as they discuss all things nation state-level, what we can do to avoid bad habits as a community, and how we understand our enemy. Key Takeaways: 03:12 Bio 04:16 China’s security threat to the U.S. 07:20 What are hackers’ motives? 12:30 China plays the long game, and it helps them 15:11 In regards to national security, can we learn from any other countries? 17:20 When the line between crime and nations blurs 23:24 Know thy enemy 28:47 Using high-level strategic intelligence 30:54 Get in touch with Charity!   Links:   Hacker Valley Studio: Swag | LinkedIn | Twitter | Instagram | Email Ron & Chris | Website  Charity Wright: Twitter | LinkedIn | Email Support Hacker Valley Studio on Patreon Join our monthly mastermind group via Patreon Visit our presenting sponsor Axonius to solve your asset management efforts

Chris Hadnagy – Show Notes Christopher Hadnagy is the founder and CEO of Social-Engineer, LLC. He created the world’s first social engineering framework, as well as hosted the first social engineering-based podcast. Chris is an adjunct professor of Social Engineering for an NSA Cyber School of excellence at University of Arizona. Chris is also a well-known author, having written five books on social engineering. Chris’ new book, “Human Hacking: Win Friends, Influence People and Leave Them Better Off for Having Met You”, released January 5, 2021. Join both Chris’ and Ron for an episode of self-analyzation, empathy and understanding.   Key Takeaways 02:52 Bio 06:20 Exploring the title of Chris’ book 08:40 What’s the difference between manipulation and influence? 10:36 A contract in a book. Why? 14:33 What books describe Chris?  21:48 The importance of Empathy 26:48 The science  30:57 Chris’ conference: The Human Behavior Conference   Links: Hacker Valley Studio: Swag | LinkedIn | Twitter | Instagram | Email Ron & Chris | Website  Chris Hadnagy: Twitter | Facebook | Book | Conference Support Hacker Valley Studio on Patreon Join our monthly mastermind group via Patreon Visit our presenting sponsor Axonius to solve your asset management efforts

This episode of the Hacker Valley Studio podcast concludes the Hacker Valley Red series.  In this finale, Ron and Chris interview their friend - and formerly their shared roommate - Marco Figueroa.  Marco is a security researcher and cybersecurity speaker, and he is also a bug bounty enthusiast.  He and the hosts constant improvement, bug bounty, and more, while also looking back at the conversations thus far in the season.   -The episode features Marco Figueroa, and listeners are introduced to the content ahead. -What is Marco’s background, and what is he doing now? -Is there such a thing as an unhackable device? -The group talks about Marco’s philosophy in his protection work, the place of social engineering, and the value of building relationships. -What is the hacker mindset, and do you need coding experience to be a good hacker? -If interested in the red side of the field, what should someone do first? -Marco shares about what he sees on the horizon. -The group considers two major season takeaways: the value of mentorship and the need to put yourself out there and take the first shot. -Where is Marco planning to take his contact creation from here?   Links: Connect with Marco Figueroa on Twitter Connect with Marco on LinkedIn Follow Marco’s Livestream Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about the season sponsor, RiskIQ