Embrace an Attacker Mindset to Improve Security
8th Layer Insights
English - August 03, 2021 04:00 - 1 hour - ★★★★★ - 54 ratingsSocial Sciences Science Business cybersecurity psychology behavior science human layer human factor social engineering scams security culture phishing security awareness Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Have you ever taken time to view the world through the eyes of an attacker? Doing so is an interesting and useful exercise. Understanding the mind of an attacker is fundamental to securing your organization or aspects of your personal life. After all, if you aren't doing the job of viewing things from an attacker's perspective, that means that only the attackers are. The idea is to understand the mindset, motivations, and capabilities of a possible threat actor so that you aren’t simply oblivious to your vulnerabilities.
This episode is a deep dive into attacker mindsets, we’ll hear from four experts who really know what it is to view the world through the eyes of an attacker. Featuring Chris Kirsch (DEF CON Social Engineering CTF Black Badge winner and co-founder of Rumble, Inc.), David Kennedy (Founder of Binary Defense and TrustedSec), Maxie Reynolds (Author of The Art of Attack: Attacker Mindset for Security Professionals, and Technical Team Leader, Social-Engineer, LLC), and Ted Harrington (Author of Hackable: How to Do Application Security Right, and Executive Partner at Independent Security Evaluators).
Guests:
Maxie Reynolds (https://www.linkedin.com/in/maxiereynolds/)
David Kennedy (https://www.linkedin.com/in/davidkennedy4/)
Chris Kirsch (https://www.linkedin.com/in/ckirsch/)
Ted Harrington (https://www.linkedin.com/in/securityted/)
Books and References:
Bruce Schneier blog about the Security Mindset: https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html
Origin of "Devil's Advocate": https://allthatsinteresting.com/devils-advocate-origin
Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/
12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/
The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds
Hackable: How to Do Application Security Right by Ted Harrington
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Threat Modeling: Designing for Security by Adam Shostack
Threat Modeling: A Practical Guide for Development Teams by Izar Tarandach and Matthew J. Coles
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter
Music and Sound Effects by Blue Dot Sessions & Storyblocks.
Artwork by Chris Machowski.
Have you ever taken time to view the world through the eyes of an attacker? Doing so is an interesting and useful exercise. Understanding the mind of an attacker is fundamental to securing your organization or aspects of your personal life. After all, if you aren't doing the job of viewing things from an attacker's perspective, that means that only the attackers are. The idea is to understand the mindset, motivations, and capabilities of a possible threat actor so that you aren’t simply oblivious to your vulnerabilities.
This episode is a deep dive into attacker mindsets, we’ll hear from four experts who really know what it is to view the world through the eyes of an attacker. Featuring Chris Kirsch (DEF CON Social Engineering CTF Black Badge winner and co-founder of Rumble, Inc.), David Kennedy (Founder of Binary Defense and TrustedSec), Maxie Reynolds (Author of The Art of Attack: Attacker Mindset for Security Professionals, and Technical Team Leader, Social-Engineer, LLC), and Ted Harrington (Author of Hackable: How to Do Application Security Right, and Executive Partner at Independent Security Evaluators).
Guests:
Maxie Reynolds (https://www.linkedin.com/in/maxiereynolds/)
David Kennedy (https://www.linkedin.com/in/davidkennedy4/)
Chris Kirsch (https://www.linkedin.com/in/ckirsch/)
Ted Harrington (https://www.linkedin.com/in/securityted/)
Books and References:
Bruce Schneier blog about the Security Mindset: https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html
Origin of "Devil's Advocate": https://allthatsinteresting.com/devils-advocate-origin
Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/
12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/
The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds
Hackable: How to Do Application Security Right by Ted Harrington
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Threat Modeling: Designing for Security by Adam Shostack
Threat Modeling: A Practical Guide for Development Teams by Izar Tarandach and Matthew J. Coles
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter
Music and Sound Effects by Blue Dot Sessions & Storyblocks.
Artwork by Chris Machowski.