Data, Security, And Advanced Persistent Threats with Patrick Hynds and Duane Laflotte
In this episode, we dive into the pyramid of cybersecurity threats, ranging from amateur hackers to nation-state level cyber threats. We also delve into the intriguing world of OSINT (open source intelligence), uncovering its uses, implications, and potential dangers.
Join us for an intriguing discussion with fellow podcasters Patrick Hynds and Duane Laflotte.
Links
Show Notes
[00:00:00] High-level hacking, OSINT, interconnectedness explored humorously.
[00:04:54] OSINT and security are growing career choices.
[00:09:22] Unauthorized hacking plan involving personal information.
[00:12:22] Two factor authentication is highly effective.
[00:16:22] Breaking into Wi-Fi: remote administration and brute force
[00:19:45] Renting botnets, ransomware, and varying threat levels.
[00:20:48] Advanced persistent threat with unlimited resources.
[00:24:50] Asymmetric key shares are essential but uncertain.
[00:29:00] Connections without LinkedIn, intermingling ideas in history.
[00:32:26] Inject data, stack query, gauge page speed. Awesome.
[00:34:11] Show reveals database vulnerability; Microsoft staff alarmed.
[00:36:26] Acquaintance does physical security with lock picking.
[00:41:11] National Guard, security, Virginia, Maryland, clever, electronics beaten.
[00:44:03] Funny Microsoft speaking gig with office building hazing.
[00:48:40] Reach out to companies for cybersecurity opportunities.
[00:52:01] The end of a thrilling episode of Data Driven explores cybersecurity.
Transcript
In this riveting episode, we'll be joined by special guests who do
Speaker:information security work taking us into the deep, dark
Speaker:realms of high level hacking. We'll explore the pyramid of
Speaker:threats from those bumbling high school hackers who couldn't hack their way out of a
Speaker:paper bag to the notorious figures backed by nation states.
Speaker:But hold on to your keyboards, folks, because this conversation takes
Speaker:a turn towards Linux and the intricate world of Ozint.
Speaker:Yes, that's open source intelligence for those scratching their
Speaker:heads. We'll unravel the mysteries of Ozint, its
Speaker:uses, its implications, and how it can be a double edged
Speaker:sword in the wrong hands. With a touch of espionage and a sprinkle of
Speaker:humor, we'll leave you on the edge of your ergonomic office chair craving
Speaker:more. And if that's not enough to make your encryption keys quiver,
Speaker:we'll also touch upon the interconnectedness of the past with stories
Speaker:of legendary minds crossing paths in unexpected cafes.
Speaker:All right. Hello and welcome to Data Driven, the podcast where we explore the emerging
Speaker:fields of data science, artificial intelligence and of course, data engineering,
Speaker:which actually makes the whole thing possible. But there's another
Speaker:field that we're going to talk about today, so it's going to be a little
Speaker:bit different. We kind of did that with the last show or two, kind of
Speaker:expanding our purview of topics.
Speaker:And speaking of purview, I said
Speaker:Purview, hopefully I pronounced it right, but I know, Andy, you've been playing
Speaker:around with Azure Purview. I have, yeah. And it's
Speaker:kind of it's speaking of data engineering, there's a lot there
Speaker:with data lineage and the
Speaker:secret sauce to it is it does automated scans and if
Speaker:it can figure out where something new belongs in
Speaker:the diagrams, it'll just put it in there and that is
Speaker:almost magic from a data engineering perspective.
Speaker:There really is a lot of innovation happening in that space. And
Speaker:today, as we're recording this, my wife we
Speaker:mentioned this, does cybersecurity at NIST and
Speaker:my oldest son went with her to Take Your Sons and Daughters to Work
Speaker:Day. That's cool. And yeah, so it's really cool.
Speaker:So we have two guys here on the show. It's one of the few times
Speaker:we've actually have had two guests at the same time. We have Patrick and Dwayne
Speaker:who are fellow podcasters for a show called Security this
Speaker:week. We need applause. Where's your effect? I don't have it. Plugged
Speaker:in the effect. And
Speaker:they also are the CEO and CTO, respectively of Pulsar
Speaker:Security. Combined with them, they have 50
Speaker:plus years of combined experience in cybersecurity and technology
Speaker:and they provided services for Disney, the military,
Speaker:bank of America, the NHL and more.
Speaker:So welcome to the show, Patrick and Dwayne. Thank you. I just want to
Speaker:clarify, I have 49 and he has one.
Speaker:Wow. Just kidding. You look great for your age, by the way.
Speaker:You started when you were like five. Is that what.
Speaker:So there's actually a funny thing. There was a namespace collision
Speaker:because you, Patrick, attended West Point, and thank you for
Speaker:your service. Thanks, sir. There was another Frank Lavinia that apparently
Speaker:went through West Point. Yes.
Speaker:And I almost went to West Point, which probably would have confused a lot of
Speaker:the professors and staff.
Speaker:Wait a minute. Did you just leave here? What do you want, the eight year
Speaker:plan? Yeah. You know what
Speaker:I'm thinking? This is a time travel thing, Frank. It
Speaker:is? Yeah. Yes. One of the
Speaker:NCOs I served with sent me a picture of a Life
Speaker:magazine cover that showed troops in the
Speaker:landing craft at Normandy. And the guy at the center of the picture
Speaker:looked exactly the way I did as a second lieutenant. He's like, I didn't know
Speaker:you were in World War II. So I bought a copy of it. It's exactly
Speaker:the way I looked when I was 22 years old. That's great. Okay, so
Speaker:now both of you are time travel. Maybe that's what West Point does. It's
Speaker:time travel now. We got to delete this.
Speaker:We'll do it from the future. It'll be fun. The
Speaker:neuralizer.
Speaker:That would only work if. We do the video part of this, but that's true.
Speaker:I want to repeat the name of the website because I was rambling when Frank
Speaker:mentioned securitythewsweek.com
Speaker:and you picked up a couple of new listeners, just
Speaker:the banner in the virtual green room was enough to say, all
Speaker:right, I got to make some time to listen to this. All right, we appreciate
Speaker:it. We're trying to educate just like you. Guys,
Speaker:and it's always fun.
Speaker:It's a growth field, I think, to put it mildly.
Speaker:Someone was asking me recently because a lot of big tech layoffs happening and
Speaker:things like that, someone was asking me lately, someone who's not in data science, and
Speaker:I was like, look, if I had to do it all over again in 2023
Speaker:well, actually it was 2022 when I was asked this. I was like, I
Speaker:would go with security. I'd probably go with security if you have
Speaker:50 50 data or security. But you can't go wrong with either.
Speaker:And there have been recent events in my life which I
Speaker:keep alluding to a court case,
Speaker:but definitely I discovered the wonderful world of
Speaker:OSINT. My
Speaker:wife is really good at OSINT, right? Because that's her career. Yeah.
Speaker:But kind of watching what she's able to dig out and
Speaker:kind of know me doing it, too, we've been able to kind of Swiss out
Speaker:more information and get clarity on things, and
Speaker:it's amazing what is available. I took a course on
Speaker:pluralsight on kind of using Kali Linux. Andy and
Speaker:I I now work at Red Hat, so I've kind of went from
Speaker:promoting Windows and using Windows 100% to, thanks
Speaker:to Windows Eleven, being driven away from the Windows world and into
Speaker:the wonderful arms of Linux
Speaker:and fascinated by kind of
Speaker:the tooling that's out there and built into something like Kali or
Speaker:Kali. I'm not sure how to pronounce it. Depends on who you are. Yeah, we
Speaker:usually call it Kali, but that's our bread and butter. We love Kali, right? Yeah.
Speaker:That's an awesome operating system. So tell us a little bit about because I know
Speaker:I don't think our listeners are necessarily up on the
Speaker:Linux, let alone kind of the hacking world making
Speaker:that assumption. If I'm wrong, please let me know kindly through
Speaker:email comments
Speaker:in angry letter form. It's a siloed kind of world. We live in technology,
Speaker:right. There's a lot of specialization. There's this notion of full
Speaker:stack this, full stack that, but
Speaker:I've noticed in security that poison of the notion of full
Speaker:stack has not hitting you guys yet. It started to kind of
Speaker:flirt with the data science world. But I don't think you can be because just
Speaker:looking at what are the disciplines. Right, so I think that's one of the things
Speaker:we mentioned, OSINT, which for those that don't know is open source intelligence. And I
Speaker:don't mean open source like Linux or anything like that. What is open source
Speaker:intelligence? So open source intelligence is
Speaker:from my field. It's awesome because what open source intelligence
Speaker:is there's information about every human out there and you can
Speaker:go like Cambridge Analytica or whoever, right? There's tons of data out there about
Speaker:every human being on the planet that you can pull from just publicly
Speaker:available either databases, websites, some of them say the Dark Web, but
Speaker:you don't need to go to the Dark Web. It's all out there. And we
Speaker:have some crazy OSINT stories.
Speaker:There was one company we were trying to break into, Fortune 500,
Speaker:they said, hey, listen, we'd love you to do a spear phishing campaign.
Speaker:I was going to say and to be clear, you were hired to break in,
Speaker:right? Sure, whatever. Yeah. So if there's any attorneys
Speaker:listening, there's any federal DA listening. Let's make that clear
Speaker:publicly what we're. Saying on the podcast. No, we were
Speaker:hired to break into this Fortune 500 and they said, listen, we'd love you to
Speaker:do spear phishing. And for those of you who may not know, spear phishing is
Speaker:where you target one user. It's either like a CEO,
Speaker:CFO, something along those lines. So you start to gather some really detailed
Speaker:information. And we said, listen, it's too easy, we don't want to do that. Let
Speaker:us just focus on the technology. They're like, no, you have to do spear phishing.
Speaker:We said okay. Cool. And we did a lot of research on and we said,
Speaker:we're going to take your head of HR. We took the head of HR and
Speaker:we did a lot of research on her. They said, before you send these emails
Speaker:out, can you come talk to us about them? Just show us them so we
Speaker:can approve them. Said, sure. We sat down with them and said, listen, we got
Speaker:two campaigns we're super excited about. Super excited about. They're like, all right, hit us
Speaker:with them. What are they? We said, okay, we found out that she just
Speaker:purchased a Dodge Durango. I have the Vin number of it, and I know where
Speaker:she bought it from. We've actually purchased a website that's very close to the
Speaker:same dealership website. We're going to send her an email that there's a recall on
Speaker:her Durango with her Vin number. She needs to click a link, come to a
Speaker:website, start typing in some information. We'll take over her computer, access the
Speaker:systems. They're like, no, you can't do that. No,
Speaker:that's way too personal. Okay, cool. Awesome. We got the
Speaker:second campaign, which I think is a real winner. We're just going to kidnap her
Speaker:kids, right? They're like, okay, so hit us with the second 1.
Speaker:Second one is probably great. I said, okay, so we found out what her
Speaker:kids names are, where she lives. We know what school they go to, the
Speaker:teacher's name for each of the kids. And we found the school nurse name. We've
Speaker:set up a website that's close to the school's website, and we can
Speaker:send an email from the nurse with a form that she has to fill out
Speaker:that's a PDF that's infected with a virus that will take over her computer. Right?
Speaker:And we'll mention her kids names and the classes they're in, that sort of stuff.
Speaker:And they're like, what is wrong with you guys? You can't do any of this
Speaker:stuff. No. Yeah.
Speaker:Open source intelligence is crazy right now. It's data, the things you can find. It's
Speaker:all about data. It's the information you give. So what's the lesson here? The big
Speaker:lesson is your data is out there. And even if you don't think it's
Speaker:out there, your data is out there. And you need to use secondary
Speaker:channels of communication to verify things. So if you get a call
Speaker:from the school, get an email, get a text message, call them up, call up
Speaker:the office. If you get a message to call a phone number about your credit
Speaker:card, call the number in the back of your credit card. Try to find a
Speaker:safe, reliable channel and use that to verify. I get calls
Speaker:all the time from my staff that says, did you send me an email to
Speaker:do this? And I invite that because it's like, you should be using
Speaker:second channel verification, and it's incredibly inconvenient. And
Speaker:that's how you know the security is working.
Speaker:If it's convenient, it's probably not as secure as you'd like. Yeah,
Speaker:well, I mean, that's an interesting point because people like convenience.
Speaker:There is a tension you could just feel like, between convenience. I
Speaker:mean, I have to log in
Speaker:to my account using two factor authentication
Speaker:for both my work and my personal stuff. And I know
Speaker:it's annoying, but I know why.
Speaker:And Roblox apparently must have some really
Speaker:hairy security stories because
Speaker:their captions, their two factor authentication,
Speaker:I mean, it's pretty rigorous. And
Speaker:my eight year old, he's, like, complaining about I'm like, no,
Speaker:there's a good reason for this. You got
Speaker:to protect the kids, but also kind of train them early. Oh,
Speaker:yeah, I like that. Yeah, it's a great idea. I was on a
Speaker:panel with a colonel from Disa, and he said he went on vacation
Speaker:and he got bit by a spider on his hand and came back to work.
Speaker:Went into the office, started working, and ten minutes later, armed
Speaker:guard showed up at his desk. And we forced him to identify
Speaker:himself, improve his identity, because his typing cadence had
Speaker:changed. Wow. We're
Speaker:starting to get to the world of the military is doing things we're
Speaker:not thinking of, and eventually we're going to have to do those things. Right. So
Speaker:Dwayne smiled when you said two factor authentication, and I want to know
Speaker:why. Okay. All right. I get the sense
Speaker:it's like the tooth Fairy, right? Like, you want to believe in it, but it's
Speaker:not as effective as it is as it's supposed to be. No, actually.
Speaker:So, interestingly enough, Google and Microsoft both have released
Speaker:independent research that says two factor auth will
Speaker:mitigate about 95% to 98% of most common
Speaker:attacks, but not everything, which is fantastic. We love using it
Speaker:because we look for the gaps in between systems. So there's
Speaker:a couple of two factor authentication providers out there that allow us
Speaker:to verify that you have valid accounts and that sort of stuff, without actually
Speaker:yeah, there's all sorts of once you start digging into the APIs of two
Speaker:FAS, some of them are easily bypassed, some of them are easily mimicked. Some of
Speaker:them allow you to get more information you wouldn't normally get.
Speaker:So just be careful. There's nothing in security. That's the panacea of security.
Speaker:Right. It's the same thing with data analytics. There's nothing that's like, oh, my
Speaker:God, there's this one product, and if you buy it, you know everything and you
Speaker:can see into the future. No, it doesn't work that way. Right. All
Speaker:right. I need to ask you about my password vault off the air.
Speaker:Yes, you do. Let me tell you
Speaker:password for it. No matter what you heard in the news, you should have one,
Speaker:but there's one you might not want to have. Yeah,
Speaker:I may have that pass.
Speaker:I think we're on the same one. Well, when someone tells you who they are,
Speaker:believe them, and then when they tell you again, believe them again.
Speaker:Yes. That's my concern with these
Speaker:password vaults, is that you are putting all your eggs in one basket,
Speaker:and you don't have two arguments, really. You
Speaker:could use hints in your password vault instead of the passwords.
Speaker:It's less convenient, and therefore it works.
Speaker:But that means you still have to use long passwords. So you might have
Speaker:zip codes and phone numbers and favorite words and favorite
Speaker:songs and you know what you're going to pull out of them. You'd still have
Speaker:to have that cognitive presence to understand, but you can put hints
Speaker:in them and then that'll let you get to where you need to be.
Speaker:A friend of mine would put incorrect information
Speaker:in it. Right. And he would know that's what it's same principle.
Speaker:Exactly. Yeah. That is just
Speaker:intriguing. So, quick question. Scrambled up symbols,
Speaker:letters and stuff, or.
Speaker:Better, longer the better complexity. So okay.
Speaker:At our office, we break in at companies all the time legally. Right.
Speaker:I'm going to keep adding that, Patrick, just for the
Speaker:thank you. So when we find a hash so a hash is a representation
Speaker:of a password or an account on a particular system. It's not the actual
Speaker:password. We need to crack it. We need to go and figure out, okay, well,
Speaker:does the word book match to this hash? No. Does the word car match?
Speaker:This is a brute force technique. We're not able to reverse it, but we can
Speaker:brute force it. Right. And so in doing that, we have a crack cluster at
Speaker:the office. So you know the 30, 90 video cards that you might have in
Speaker:your computer? We have a crack cluster that has like 40 of them all in
Speaker:one motherboard. So we can guess 3 billion
Speaker:passwords a second. Wow. Yeah. So if
Speaker:you take a normal hash, we're
Speaker:guessing let's say we're only doing
Speaker:lowercase characters, it's 26 characters. And let's say
Speaker:at ten character password, it takes us a day. Right? Well,
Speaker:at eleven characters, it's a day times 26. Now we're at about a
Speaker:month. At twelve Characters it's a month times
Speaker:26. Now we're at a little over two years for twelve characters.
Speaker:Now let's do one thing. So we also have a
Speaker:dictionary file with 8.4 billion
Speaker:passwords that have been found on the Internet through over the last breach.
Speaker:Ten years. Over the last ten years. If your password is in that, we'll get
Speaker:it in 3 seconds. Right. Because we can get so we also. Have to talk
Speaker:about that after. Yes, for sure.
Speaker:And to be clear, passwords are better. And to be clear, you're doing this
Speaker:offline. Right. It's not like somebody's listening. You're not like hitting the login
Speaker:page and clicking that a billion times. Let me give you stolen the hash.
Speaker:Okay. Yeah. So good example, because that's a great question, Frank. So let's say
Speaker:I'm trying to break into your Wi Fi. Now, there's a couple of ways to
Speaker:do that. One is to try to break into your Wi Fi
Speaker:system because you've allowed a remote administration, which you shouldn't
Speaker:do. And then I have to guess the password, and I might be able to
Speaker:get that to accept 1000 attempts per
Speaker:minute, maybe more, but I'm
Speaker:still throttled by having to send it, having to receive it. It
Speaker:processing. And some of those things are going to be slow. But if I can
Speaker:monitor the airwaves, which I can if I'm local to you and I
Speaker:get the hash through going through the air to
Speaker:someone's phone, which we will get, then we can take that home
Speaker:and we can brute force it in the comfort of our own systems. And that's
Speaker:offline hacking. So online attacks are harder to do
Speaker:because you can't get the speed, you can't parallelize them them
Speaker:parallelize them as easily. But the ones where we can do
Speaker:offline, we can do those much faster and much more powerfully.
Speaker:There are cool ways, though, to do online ones. Okay. Really?
Speaker:Yeah. Okay, real quick, you know how you try and log into a
Speaker:website and if you log in with the wrong password five times it kind of
Speaker:locks you out for a period of time? Sure. So what they're doing is they're
Speaker:saying five times from that one IP address. So what if you could have an
Speaker:infinite amount of IP addresses, which is what
Speaker:Azure and AWS will give you. So you can actually route every
Speaker:password attempt through AWS, for example, and get a new
Speaker:IP address every single time. You can do thousands, but you're still. Throttled by how
Speaker:fast it can reply. And it probably can't reply 3 billion. Not as fast as
Speaker:an offline crack. Exactly. But it can be. I'm just saying won't at some point
Speaker:AWS or Azure kind of like figure. Out you would think. You
Speaker:would think. Okay, no, interesting. So it's a game
Speaker:of cat and mouse. They're dealing with amazing amounts of
Speaker:traffic. Eventually, maybe there'll be an AI that helps, but then we'll use our
Speaker:AI to fight it and it'll be and. Then the Robot Wars.
Speaker:And I would imagine that Microsoft has bigger fish
Speaker:to fry and AWS has. Bigger fish to fry. Problem is, if you're
Speaker:not using Amazon, you just use a botnet and then there's
Speaker:no limitation on that. I got you. Right. And for
Speaker:the education of our audience, just in case you may have heard it in the
Speaker:news, what exactly is a botnet? I think I know what it is,
Speaker:but I want to hear it straight. From the when hackers take over systems,
Speaker:they can do various things with them. They can ransomware them, they can steal your
Speaker:personal information and do identity theft and credential theft. But they can
Speaker:also just turn your computer into one of their slaves and it'll be a
Speaker:zombie in their army. And they get 100,000 of these systems. They could do
Speaker:Denial of Service, they can rent them out. Think of
Speaker:Coin, I think was a thing for a while. Yeah. And honestly, what's interesting,
Speaker:talking about data trends, you start to see ransomware
Speaker:attacks on systems go up when bitcoin's
Speaker:value goes down. So if it's
Speaker:more advantageous for you to use those systems to mine
Speaker:coins, that's what they do. But when it's not, then they just switch over to
Speaker:ransomware and they start making more money that way. So you keep an eye on
Speaker:that market and, you'll know interesting. Yeah,
Speaker:interesting. So they make money, whoever they are,
Speaker:they make money on the way up. One way or
Speaker:another. Yeah, exactly. Right. You have to admire they're business
Speaker:savvy. Oh, it's impressive. You shouldn't, but you
Speaker:can rent a botnet, rent a ransomware framework.
Speaker:So let's talk about one thing. There's different levels of threats. So the
Speaker:kid that's walking through the parking lot trying car doors to steal stuff out of
Speaker:a car is not as much of a threat as the professional who knows how
Speaker:to break into a vault. And there's
Speaker:fewer of that latter than there are of the former. So what you're
Speaker:trying to do is you're trying to build up enough defense that the threats that
Speaker:are likely to come your way are going to be thwarted. You can't stop
Speaker:everything if Dwayne comes after you, I can confidently
Speaker:say we're getting you because that's what we
Speaker:do. And we're not script kitties. We're not amateurs, and we have a lot
Speaker:of capabilities, a lot of software. Some of the software packets we use cost
Speaker:$60,000 a year. Wow. Hackers sitting in their basement
Speaker:aren't doing that. We're a different level of organization. But you
Speaker:want to prepare for the highest level you can so that things
Speaker:bounce off you. Isn't that referred to as
Speaker:advanced persistent threats? Yeah, we would represent
Speaker:an advanced persistent threat because we can do things and
Speaker:spin up resources that aren't available at the lower levels. The lower levels
Speaker:are like kids in high school that are just
Speaker:trying to make a name for themselves. And then there's the we
Speaker:actually have a slide called the Pyramid of Threats that goes through all this. And
Speaker:the next level would be basically a
Speaker:stalker, technical stalker, somebody who's a little bit of a techie and is mad at
Speaker:you and comes after you. That's very personal. Kim Jong
Speaker:UN is probably not your stalker.
Speaker:Probably. The next level is the criminal syndicates who are just in it for the
Speaker:money, and they're going to go after the softest target they can
Speaker:find. And if you make it hard for them, they're just going to go away
Speaker:because you're not what they want. They look for another target. And then you get
Speaker:up to organizations like ours that work with enterprises and
Speaker:governments and billion dollar entities, and then you get to governments themselves,
Speaker:which, when we talk about Mitigation, we have levels of what you need
Speaker:to do to stop the script kitties and everything else. And the top, when we
Speaker:get to nation states, it's prayer. Yeah. There's not much.
Speaker:That'S perfect. Yeah. What's fascinating,
Speaker:though, is I remember reading Bruce Schneier wrote a book on
Speaker:cryptography, which is probably still a vaunted
Speaker:tome, but I remember one of the things
Speaker:was he didn't say exactly what you said, but he
Speaker:phrased it differently. If you're talking about cryptography. There's cryptography to keep your little
Speaker:sister out of it, and there's cryptography to keep nation states out of it. And
Speaker:that's a very wide spectrum.
Speaker:Even though he wasn't writing about cryptography, it sounds like the same philosophy
Speaker:holds true. There's also a duration aspect. So if I'm firing
Speaker:artillery at you, I need the coordinates those are going to land at to be
Speaker:secret for about two minutes, and then after that, it doesn't matter. Then it doesn't
Speaker:matter. Right. But if it's nuclear missile silo locations, I need that
Speaker:for decades. Or mineral depots or things
Speaker:like that. So there's a time duration that also. Factors
Speaker:in which actually, I think is a good topic of something else I'm
Speaker:fascinated with is quantum computing. And I know that
Speaker:you're laughing, so that I know there's a good story behind this. I have a
Speaker:podcast on quantum computing called Things, and
Speaker:it's the only topic that shuts Dwayne up.
Speaker:I'm going to go do something else now. So that's why I saw the eye
Speaker:roll and then you were laughing. Okay. So the reason why
Speaker:people are kind of because in the security space and in the government, there's this
Speaker:whole thing of how do we get post? Yeah. Shore's law.
Speaker:So Shore wrote this algorithm that could theoretically
Speaker:break how we do
Speaker:cryptography now is largely based on it's hard
Speaker:to reverse factor prime numbers. It's the discrete log
Speaker:problem. Right. Which underlies RSA,
Speaker:diffie hellman and elliptical curve. Oh,
Speaker:elliptical curve, too. Yeah. I thought that was meant to be post.
Speaker:Okay, well, they thought so, not so much. Oh, is this the one that
Speaker:was broken? And don't worry, listeners, we'll unpack
Speaker:this. That was the NIST psych. It was an
Speaker:implementation break. So if I can just give a quick
Speaker:reel. No, please do. There's a lot to unpack here, particularly. For folks that are
Speaker:I'm not an. Expert, but I've got a podcast for the last two years on
Speaker:quantum computing called Entangled Things, and it's a great
Speaker:way to learn a topic really well. I took the MIT courses.
Speaker:Peter Short was one of the professors, and so he came up with a
Speaker:way if we had a suitably advanced quantum computer, we could
Speaker:break RSA 2048 or RSA anything. Diffie
Speaker:helman and elliptical curve. Now, those aren't our
Speaker:primary symmetric encryption
Speaker:protocols. Those are our primary asymmetric encryption protocols. So those are
Speaker:the protocols we use to share the key that then does all the
Speaker:encryption. Because files and large amounts of data can't be
Speaker:encrypted with an asymmetric key, it has to use symmetric. But
Speaker:how do you share that key? Well, that's where the asymmetric comes in. And so
Speaker:it's the key to the key drawer is really what it is. And
Speaker:so if those all break, then we need replacements.
Speaker:And NIST, which is one of the reasons I'm a big fan, has come out
Speaker:with basically, they did a Bake off over the last five,
Speaker:six years to figure out which algorithms would not be
Speaker:quantum based, but would be quantum resistant. And
Speaker:Crystals.org has crystals, kyber crystals,
Speaker:dilithium. So you got to love the techies, right?
Speaker:It looks like those kinds
Speaker:of technologies are in our future as well as when
Speaker:quantum finally arrives. The problem is no one knows when quantum will actually be
Speaker:ready. And that's the sticking point. Is it the end of this decade? Is it
Speaker:three decades? I think it's closer to the end of this decade, but we don't
Speaker:know because we're in the middle of the infancy of quantum. But
Speaker:the computers do exist now. But the point you're doing about
Speaker:time, right? So if you need something to be secure for decades,
Speaker:right now is the time to at least
Speaker:try with post quantum cryptography. Because and
Speaker:supposedly there are stories that there are bad actors
Speaker:out there storing stuff, storing data
Speaker:for later. That's what's motivating. Honestly, that's where
Speaker:a lot of the money is coming from for quantum computing, is
Speaker:because of this threat, nothing funds like
Speaker:defense. So this has turned quantum into a defense
Speaker:spending among the primary powers. But it also solves a lot of
Speaker:problems, does a lot of other things. So speaking of geeky stuff, there's
Speaker:a quote from one of the Ferengi characters on Deep Space Nine, and
Speaker:it's something to the effect quark. Yeah, it
Speaker:might even be one of the Rules of Acquisition, but it was basically something to
Speaker:the effect of no one ever went broke selling weapons.
Speaker:I have that book somewhere on this bookshelf. I have that too. That's an awesome
Speaker:book. Yeah, not wrong. I highly recommend that book. I don't know if
Speaker:it's print, but. The other thing I'd say about quantum, and I bring
Speaker:this up every now and then, we have a podcast called Impact
Speaker:Quantum as well. We've been doing it about a year and a half, two years.
Speaker:So it sounds like we started around the same time. Wow. But it's interesting
Speaker:spinning around in the corner in all of this is as
Speaker:they run simulations to try and simulate
Speaker:Quantum every six months or so, they go, oh
Speaker:man, we can take this problem. That was going to take 100,000 years
Speaker:on traditional hardware. Now we can do it in a couple of months.
Speaker:They keep finding these optimizations, I guess.
Speaker:And so it's like without meaning to be here already,
Speaker:quantum is kind of sneaking in. It certainly
Speaker:is. And I think we've just hijacked the podcast here. I
Speaker:know, right? Yeah, it's all good. All these things are. So one
Speaker:of my favorite shows of all time, aside from D Space Nine, of
Speaker:course, is there was this British television series called, I think
Speaker:was Connections. Yeah. And I think it
Speaker:was with the guy who's done a bunch of documentaries, or it was
Speaker:the guy who played a James Bond villain at one point, I forget. But
Speaker:they would basically try to connect. I'm. Going to get a lot of
Speaker:hate mail on that one because I'm totally messy.
Speaker:1978 TV series. This guy, he had a bunch of
Speaker:James Burke. James Burke. You're right. Yes. But he looks like a
Speaker:guy that would play he was also in Game of
Speaker:Thrones, looks like a mad scientist. But
Speaker:he had a number of shows from the 70s into the don't know if there's
Speaker:any newer ones, but you basically show how the way
Speaker:we learn about anything right. Is a very siloed right. You have English class, you
Speaker:have math class, and then you put your brain
Speaker:on part of your brain on the shelf. But he kind of shows how one
Speaker:particular one that stuck out was the connection between perfumes
Speaker:and the carburetor. And that's awesome.
Speaker:The spoiler alert was the Atomizer for the
Speaker:carburetor came from. But there was a whole connection of
Speaker:people that knew each other, who knew each other, just like today. They didn't have
Speaker:LinkedIn then, but you would always have these second and third connections that you
Speaker:would meet at a cocktail party or ballroom dance,
Speaker:depending on the time period. And it was just interesting how these ideas would intermingle.
Speaker:Another story I like that kind of illustrates that, is that apparently there's some cafe
Speaker:in Vienna where Freud would hang out, einstein
Speaker:would hang out, and so would Vladimir Lenin hang out from time
Speaker:to they did they have conversations with each
Speaker:other? I don't know. But just the fact that they were in the same coffee
Speaker:shop around the same time opens up the thing of
Speaker:did Einstein say to Freud, like, hey, can you pass the sugar? And
Speaker:then, you know, that's what your mom said, or something
Speaker:like stupid stuff like
Speaker:or or Lenin would have said, is it really your sugar?
Speaker:But you have to wonder. These little type of chance
Speaker:encounters, those are the types of things that the thought of which fascinate
Speaker:me. Yeah. It is impressive how some of the modern
Speaker:day, you think brilliant inventions, and when you unpack them, you're like,
Speaker:it was a lot of little steps and a lot of weird connections that happened
Speaker:that brought this thing about, right? Yeah. And Quantum to me, is still
Speaker:mind blowing. I'm working on breaking into conventional systems
Speaker:for now. I'll break into Quantum systems later. Well, yeah, I mean,
Speaker:eventually anything can be broken,
Speaker:apparently. You can watch the movie War Games, and War Games
Speaker:came out at 83. I would have been impressionable young youth,
Speaker:and I was just fascinated by that movie. And there's a scene
Speaker:in there where he smugly turns to I guess it would have been Ali. Sheedy
Speaker:like, anything could be broken.
Speaker:Like, if nothing has ever been such a
Speaker:timeless, a just existing is kind of like a
Speaker:vulnerability. I'm telling you, those movies
Speaker:all right, how many of you are fans of Sneakers? Oh,
Speaker:yeah. Well, that wasn't Robert Redford.
Speaker:Yeah, that was the one where I. Was like, okay, if there's a job in
Speaker:the real world to do that, that's what I want to do.
Speaker:Social engineering, right? That was the first time I saw it. Oh, my
Speaker:gosh, I just love that. Movie because it showed,
Speaker:like it's not just the obvious, right? Like the thing where the
Speaker:guy who was blind was playing back with tape
Speaker:whistler was playing, like, the tape. Okay, well, what did the road sound
Speaker:like? And he goes, he described he goes, did it sound like this? I was
Speaker:like, no, a little slower. Oh my God. I was like, So you were on
Speaker:that highway? It was just like but that was one of those
Speaker:moments where you're like, wow, holy crap. That sort of thing possible.
Speaker:Where he's listening to neon signs as they're moving the mic around, and he's like,
Speaker:no, that's an exit sign. And they're like, Dwayne, do you want. To talk about
Speaker:the way you hack a database without actually reading any of the
Speaker:data? So awesome. Based on denials. Have you guys ever heard of blind
Speaker:injection? No? Okay. Blind injection is the coolest thing ever. So let's
Speaker:say we go to a website and it's blackmagic, it's like
Speaker:voodoo stuff. You go to a website and let's say in the website, all you
Speaker:can do is you have a little drop down and you can change the language
Speaker:of the website. And that's it. That's all you can do. No login screen? No
Speaker:none of that stuff. But in that drop down, as a website owner, you
Speaker:keep adding languages. So you add French and you add Spanish and you add whatever,
Speaker:right? So that pulls it out of a database. So what
Speaker:I can do is, even though I don't have
Speaker:the ability to inject data, I can stack the query for
Speaker:the language, and then at that point, I have the ability
Speaker:to gauge how quickly the web page comes
Speaker:back, so I can say, okay, give me the language
Speaker:Spanish. And if the first column in
Speaker:the first database is
Speaker:an A, then pause for a fraction of a second
Speaker:and the page will pause for a fraction of a second.
Speaker:So you can pull all the information out of the back end database just by
Speaker:how quickly the page comes back to you, whether it's two milliseconds
Speaker:or five milliseconds or ten milliseconds, just by blindly injecting, which
Speaker:is awesome. Yeah, that's insidious.
Speaker:The first time I heard about SQL injection was actually at a Microsoft like,
Speaker:dev days thing in New York, and they built this
Speaker:website, I might have been Channel Nine, which for our listeners, they know what
Speaker:Channel Nine is, but it was basically like a community site where they would post
Speaker:content they since killed. It rebranded it's been
Speaker:rebranded to learn. TV or something like that. But
Speaker:I was on channel nine. You were
Speaker:half microsoft flew me out to and five other
Speaker:hackers flew us out to Vegas to break into a casino and
Speaker:they did a half hour long, like breaking into
Speaker:casino. So we did injection. It was called the code room. I remember the code
Speaker:room. I got to see if they've archived that.
Speaker:We have to check it out. You're like that guy in Oceans Eleven, right?
Speaker:I'd like to say it's the only time I've ever been walked through a casino
Speaker:in handcuffs, but whatever. Anyway,
Speaker:another show. Exactly.
Speaker:No. So the same team that built Channel Nine, this would have been early
Speaker:2003, 2004, they basically
Speaker:had shown how they did this challenge, like, who can
Speaker:hack this? And basically somebody had basically said, well, your database sent
Speaker:the email back saying, know, hey, this is what your database looks like. And everybody
Speaker:at Microsoft was freaking out. And it turns out it was a SQL
Speaker:injection. But when I first heard that, my mind was blown like I never thought
Speaker:of cool. And the wife
Speaker:did nix the idea of naming our kid Little Bobby Table. Bobby
Speaker:table, right? Missed
Speaker:opportunities right there. Right? Little Bobby tables.
Speaker:Which if you don't know that story, you have to Google it because the
Speaker:Xkcd cartoon does it. Those are excellent.
Speaker:Brilliant. One of many.
Speaker:So this is awesome.
Speaker:We've talked about OSINT, but there are other disciplines in this. Oh, there's, there's, there's
Speaker:Red Team, Blue Team, pen testing,
Speaker:auditing, auditing, CNA
Speaker:certification, accreditation. Being a good developer. OSCPs.
Speaker:Oh, yeah. Just not being a bad developer using oh my God. Well,
Speaker:that's really true.
Speaker:Oh, Patrick. You froze Patrick. I think we lost him. We lost
Speaker:him. So while we're hoping his video
Speaker:comes back, I will tell you a joke that
Speaker:because when my first child, I think I'm back.
Speaker:You are back. So think about building a house. And then
Speaker:afterwards you say, okay, now secure it. You got to replace all the
Speaker:doors. You got to think about Windows. Now, it's much more expensive when
Speaker:you build anything, whether it's hardware, software, or anything,
Speaker:if you start with security in mind, it's much cheaper. And so really, security is
Speaker:a job for everybody. Data architects, SQL
Speaker:administrators, network, file systems, Nas
Speaker:administrators, everyone. And then there's the ones who are just thinking about
Speaker:security all the time. But we have to make it pervasive. We have to make
Speaker:everybody think about it. Well, I mean, that's a good point, because there's
Speaker:an acquaintance of my wife who does I forget what it's called, but it
Speaker:was basically physical security. He does all kinds of security, but one of the things
Speaker:that he does is more like the stuff you would see
Speaker:in movies where they follow people. They kind of
Speaker:do kind of like the lock picking and the lock picking, stuff
Speaker:like that. There's actually a video on it might have
Speaker:been from Defcon where breaking into like 50
Speaker:places in 50 days or something like that. But
Speaker:I was talking to this acquaintance of my wife and no
Speaker:names, but he basically that's one of the jobs that he
Speaker:does. He's contracted to do that. And
Speaker:he'll get some interesting things where they
Speaker:have some really good stories. This guy. This guy's. Stories. So one story
Speaker:was he's testing out a new data center for
Speaker:someone, and they want to test the security. And he's
Speaker:like, okay. Takes a look around outside, he walks in and he goes
Speaker:and the customer says, well, when do we start to test? And he goes, has
Speaker:the paperwork been signed? He goes, yeah. So he looks at this
Speaker:bulletproof door, and then he's got these giant
Speaker:boots. That's what he always wears, these giant boots. And he just basically looks
Speaker:around. He goes, and the paperwork signed, right? He talked to the lawyer who was
Speaker:there. He goes, yes. Paperwork signed. And he turns to the customer
Speaker:once again, he goes, Are you sure you want to do this? They're like, absolutely.
Speaker:We're secure. We'll get it. And then he does and he does this, like, karate
Speaker:kick, and he's a big guy. Basically knocks down the
Speaker:bulletproof door. Oh, my God. Because the bulletproof door was not on
Speaker:reinforced hinges. Sure, but it was just kind of.
Speaker:Like the description that he gives of
Speaker:whoever was the chief security officer's face just blew color drained from
Speaker:his face. We've done physical security and seen
Speaker:bulletproof systems where they were installed backwards
Speaker:so that people attacking could have taken it out.
Speaker:Because the hinges you have to think about where the hinges are and where the
Speaker:nuts so when you disassemble it.
Speaker:We lost them again. Oh, no. Sadness. I want to know how
Speaker:it ends.
Speaker:So while we wait for him, there's this TV show called Burn
Speaker:Notice, which always has some oh, I love Burn Notice.
Speaker:It's one of my favorite shows. Yeah, well, the one where the drug
Speaker:dealer and I love how he does like the voiceover. He
Speaker:goes, this drug dealer has a bulletproof angel.
Speaker:Angel. That's right. Sugar. Sugar. Sugar. It was sugar. He lived downstairs
Speaker:from him. He shot the door. He shot through the door. The wall. The
Speaker:wall. No, the wall. He's like, yeah, but there's not bulletproof drywall.
Speaker:The way he says it was funny. Yeah, I highly
Speaker:recommend I forget what service it's on, but I discovered it because
Speaker:it was on Pluto. They had a channel that was just burned. Notice.
Speaker:Twenty four seven. And then like 7 hours later I was like, oh, my God,
Speaker:7 hours. It's that good of a show.
Speaker:So you were talking about the before you froze up, you were
Speaker:talking about the hinges.
Speaker:Oh, I'm sorry. I don't know what's going on with my Internet connection. I apologize.
Speaker:No worries. You're probably in the middle of a hack.
Speaker:Dwayne is actually hacking. Yeah. Let me stop. Hold on.
Speaker:So my password is 54 characters long because he kept telling me what my password
Speaker:was in the Smarmiest voice
Speaker:possible. How many years would that take to break
Speaker:all of them? More years than we all have. Until
Speaker:I get quantum computing comes up. To speed, then we're good.
Speaker:Probabilistically. Yeah, I think I was just saying
Speaker:that you got to make sure you think about where the hinges are, which
Speaker:direction they're facing and stuff like that, but it's
Speaker:mistakes. If you look at the news of the day, it's
Speaker:misconfigurations. It's social engineering,
Speaker:and it's getting more and more complex, and so we're having a tough time keeping
Speaker:up with the education, which is why podcasts like yours and ours are so
Speaker:important. No, absolutely. And you're right. Security is
Speaker:everybody's businessweek.com. I've got to
Speaker:check that out. And you got the.
Speaker:Oh, my God. You need a we did it. Yeah,
Speaker:we.
Speaker:Were talking about you were talking about the physical security part. I did a little
Speaker:bit of that back in one day. You were in the military, so you
Speaker:did a lot of the back. Yeah, think about it. At least
Speaker:the National Guard stuff. But it was interesting because
Speaker:being in Virginia and working with a little bit
Speaker:of physical security here, it was amped up a
Speaker:notch. Same way Frank's in Maryland. Same way in Maryland, if you are in
Speaker:driving distance of important places, you
Speaker:know that there's no need to give anybody any more ideas,
Speaker:but occasionally, somebody would
Speaker:do something clever. And the gist
Speaker:of the story, kind of the moral of the story was they didn't beat the
Speaker:electronics. No. They beat the.
Speaker:Was. And it's the same thing with social engineering. It's the same thing with
Speaker:all of this stuff. So hopefully I didn't say too much. Frank, you may have
Speaker:to take that out. I don't know. I
Speaker:live now. I was being the tomahawks on its way. Andy.
Speaker:We have the watch lies come back on, but
Speaker:no, I live up the road on Route 32 from if you know, you know,
Speaker:from places. I know from places from places
Speaker:in and around that county and the next county. There's a lot of
Speaker:office buildings know, just have no signs on them, have
Speaker:suspiciously high degrees of security, and they. Don'T like when you
Speaker:pull up unannounced. Oh, my. No.
Speaker:So right next to where the Microsoft Reston office used to be,
Speaker:there is an unmarked building with
Speaker:a high number of security. And one of my former
Speaker:bosses who drove down from Pittsburgh, his first trip to the Rest in
Speaker:office, he missed the turn, and he was trying to turn around inside that
Speaker:parking lot. Yeah, no. And yeah, he learned
Speaker:very quickly. He went back up. Severe tire. Not that
Speaker:parking. No. Well, I mean, law enforcement showed up pretty
Speaker:quickly with seconds, and they're like, what are you doing here? And he's
Speaker:like, I'm just trying to get the money. Just turn around. Like, sure you are.
Speaker:So ten years ago, my daughter was moving out of
Speaker:a place that she was renting down in Boston, right by the VA hospital.
Speaker:She was finishing her senior year of college, and I had
Speaker:a U Haul truck. And I took the U Haul truck
Speaker:and parked it in the VA parking lot because I'm a veteran, right?
Speaker:And I moved a barrier to do it because I'm a veteran. And I
Speaker:parked it. And then I went and walked through the woods to where her apartment
Speaker:was to talk to her and left my 17 year old nephew in the car.
Speaker:And the cops came, guns drawn,
Speaker:like, Open the truck. Open the truck. Oh, my goodness. Okay. And
Speaker:he opened the truck. It was empty. They're like, what are you doing here? And
Speaker:he's like, oh, my uncle. And he's like, this better not be here when I
Speaker:come back. I came back, and he's like, telling me this story. I'm like, I'll
Speaker:be fine. We're leaving now anyways. And we leave, and the cops coming back, and
Speaker:I'm like, I wave. That's funny.
Speaker:Yeah, there's a lot of good stories. My first day at Microsoft
Speaker:not my first day, but my first speaking gig, because I was doing a developer
Speaker:evangelism then was at a nondescript office building in and around the
Speaker:Bethesda area. And I've driven past 100 times, never noticed
Speaker:it. I still think
Speaker:to this day it was a hazing thing, right? I was a last minute
Speaker:replacement for somebody else, so my name wasn't on the big list. So I
Speaker:show up, and I wasn't on the big list. And then the guard
Speaker:looks at me and was like, well,
Speaker:why don't you go over there? I'm like, uhoh
Speaker:all of a sudden, out of nowhere, this normal suburban looking building
Speaker:like, armed machine guns meant it was just like, oh, my God.
Speaker:Like dogs sniffing around the car. It was crazy.
Speaker:And the guy with the heavy machine gun said to me, you want you to
Speaker:sit in the car and wait for Ain't getting out?
Speaker:And so finally, they did manage to get in a hold of somebody, but it
Speaker:was just kind of like, oh, my God. Yeah.
Speaker:So I've been drawn on at an air force base. We
Speaker:went in to do work, and I was working with I won't mention the military
Speaker:contractor, but military contractor. I wasn't cleared for the particular
Speaker:intelligence systems, but I was helping them do security
Speaker:work. So the contractor had to type,
Speaker:and I had to tell her what to type. And after two days, she's like,
Speaker:listen, I don't know what you're telling me to type anyways. Doesn't matter, right? Just
Speaker:sit down and type at the computer. I was like, okay. So I'm sitting there
Speaker:typing. After a couple of hours, she leaves. A fully uniform guy comes in
Speaker:like, what's your clearance for that system? Oh, my God. I don't have any clearance.
Speaker:Pulls his gun, pulls his gun. Is like, don't touch the key.
Speaker:Step away from that keyboard. And I was just like, I got to get shot.
Speaker:Yeah. Back up slowly. Yeah. No, that
Speaker:was probably the scariest cyber incident I've ever been
Speaker:in. Well, it's interesting because the
Speaker:cybersecurity world, I think, is really an interesting
Speaker:space for a lot of reasons, but it does blend the physical and the real,
Speaker:right. The kinetic and the virtual, as I've heard
Speaker:said. It's fascinating. Yeah.
Speaker:You know what, we didn't get to our questions. I
Speaker:know, I'm okay with that. This was an awesome
Speaker:conversation to come back. There you go. I love
Speaker:it. So we will ask this because
Speaker:you told us in the virtual green room you didn't want to be
Speaker:advertising your company and that sort of stuff, but we ask everyone,
Speaker:where can people learn more about you? And feel free
Speaker:to plug your business. Our website is
Speaker:Pulsarsecurity.com. We're in a weird situation
Speaker:because we have very high end cybersecurity talent. We have
Speaker:several billion dollar customers, and we try to do a lot
Speaker:for community school systems, things like that, on a budget. So cool.
Speaker:But we're really not looking for a ton of customers, which is
Speaker:a good place to be. So we're mostly promoting the podcast
Speaker:to say, that said, we do try to help people who need
Speaker:it, but we also have to pay a lot of cost for that high end
Speaker:software that makes sense.
Speaker:Securitytheweek.com, podcast.
Speaker:And entangle things. Okay. Entangle things. Okay. So
Speaker:before you go, there's one question I think that everybody who's listening to this is
Speaker:probably asking themselves, if you're not in the security field, how does
Speaker:one get started? Where does one get started?
Speaker:You mentioned, like, pluralsight, LinkedIn. There's all sorts
Speaker:of training out there. If there was this much training when I was a kid,
Speaker:I would be way smarter than I am now.
Speaker:You just have to start going and surveying. I tell people they
Speaker:should start a mile wide and an inch deep. They need to learn
Speaker:terminology. They need to learn what is SQL? Well.
Speaker:SQL injection. What'sql? You have to understand what a database is. You have to understand
Speaker:what a file is. You have to understand what Red Hat is and
Speaker:what Kali is and what Linux is. You need that basis. And
Speaker:then you can figure out where your niche will be. Whether you're going to be
Speaker:an auditor, or a hacker, or a red teamer or blue teamer
Speaker:or project manager or whatever. Because it's kind of like saying,
Speaker:I want to be in security or I want to be in technology. That's like
Speaker:saying, I want to be in medicine. It's a wide range. You need to just
Speaker:start getting that understanding so that when you listen to a
Speaker:podcast or read an article, you understand what they mean when they
Speaker:say deployment or compile. That's where you
Speaker:start. You start with the vocabulary. And I'd say the other thing is reach out
Speaker:to companies. I can't tell you how many times I have people reach out to
Speaker:me and say, hey, listen, I'm interested in cybersecurity. What should I
Speaker:do? And we'll do things like, I'll have them sign an NDA
Speaker:and bring them on an engagement. See if this is for you before you actually
Speaker:go. And just watch and ask questions and use
Speaker:it as a training event.
Speaker:So it's things like that. I think you'll find
Speaker:companies out there who are just there's so little people in the cybersecurity space.
Speaker:They're just willing to help and educate and see if this is a field you're
Speaker:interested in. Also, we are summer program
Speaker:True with interns that come in with
Speaker:us. We're working with high school in the area
Speaker:for kids that it's a Stem high school
Speaker:bringing them on and having them do their required hours just to get
Speaker:a feel for what it's all. About, what it's like. Yeah,
Speaker:right? And that mystery voice is Jill.
Speaker:Just for the listeners that are like. Who was somebody broke into the podcast.
Speaker:That's hilarious. Nothing's safe.
Speaker:Okay, Joe. We didn't say your last name. We're good. Yeah.
Speaker:That's really interesting to know about the intern program. My
Speaker:daughter is headed to Virginia Tech for computer science,
Speaker:and she's looking for I don't know if she'll want to do
Speaker:cybersecurity, but if she does now, I know some people. Yeah, there you go.
Speaker:Have her reach out. Because, honestly, even if she just wants to sit in and
Speaker:watch what a Red Team engagement looks like, I've had people my son's 19 years
Speaker:old, and I got him to intern and look at engagements, and he came to
Speaker:me after, like, a year, and he was like, hey, dad, you know what? And
Speaker:I was like, yeah. And he's like, I hate this. This is not yeah,
Speaker:this is not for me. That's a good thing, though, right? Because it's a
Speaker:great thing. Did he say this or you
Speaker:fire targets down. Tell him his 54 character
Speaker:password. That'll get.
Speaker:Well. This has been an awesome show. I hate to end it, but all good
Speaker:things must end. But we'll definitely have you back, because this is a field that
Speaker:I think and there's topics in my head that we didn't come up with. Right.
Speaker:The idea of how do you secure data from
Speaker:the source to the end, right? Because if you're training these AI
Speaker:models, particularly with something like a
Speaker:Kafka stream, what if you inject bad data in? How do you detect that?
Speaker:A friend of mine was talking about there was some talk of using
Speaker:blockchain technology to kind of
Speaker:authenticate data transactions. So that way when you're learning
Speaker:it, you have kind of a trail to it. And obviously that could probably be
Speaker:another hour episode right there. But in the interest of time,
Speaker:we'll definitely love to have you back, and. We'D love to join
Speaker:you. Any parting thoughts? Stay
Speaker:in school. Yes, stay in school. Use long. Change your
Speaker:password. Right? And keep listening to this podcast. It's great. That's
Speaker:right. And the other ones? Awesome. All right. And I'll let the
Speaker:nice British lady finish the show. And that,
Speaker:dear listeners, brings us to the end of another riveting episode of
Speaker:Data Driven. I hope you've all enjoyed delving into
Speaker:the mysterious world of cybersecurity. I must
Speaker:admit, the idea of advanced persistent threats and hacking can be a bit
Speaker:unnerving. But, hey, who needs beauty sleep when you
Speaker:can have nightmares about hackers instead? As we sign
Speaker:off, I'd like to extend a big thank you to our guest speakers, who shared
Speaker:their insights and experiences, including that rogue AI of
Speaker:theirs. Remember, folks, hacking might be a
Speaker:dark art, but with great knowledge comes great,
Speaker:um, well, cybersecurity skills, I suppose.
Speaker:But wait. Before we biddered you, I'd like to remind you all to
Speaker:secure those passwords, enable two factor authentication, and
Speaker:resist the urge to click on suspicious links.
Speaker:Because, let's face it, no one wants to wake up one morning to
Speaker:find out their bank account has been drained by a hacker named Dwayne.
About the author, Frank
Frank La Vigne is a software engineer and UX geek who saw the light about Data Science at an internal Microsoft Data Science Summit in 2016. Now, he wants to share his passion for the Data Arts with the world.
He blogs regularly at FranksWorld.com and has a YouTube channel called Frank's World TV. (www.FranksWorld.TV). Frank has extensive experience in web and application development. He is also an expert in mobile and tablet engineering. You can find him on Twitter at @tableteer.