154.5K
Downloads
26
Episodes
Joe Stocker, CEO of a Microsoft Consulting company (”www.PatriotConsultingTech.com”) and author of the bestselling book on Amazon ”Securing Microsoft 365”, mentors his friend Larry on his journey to a career in Cybersecurity. Update: 5/1/2023: Larry is currently working part time for Joe as a SOC Analyst! Connect with Larry on LinkedIN here: https://www.linkedin.com/in/lawrence-lishey-30942020/ Want to be a guest on the show? Let Larry know on LinkedIN!
Episodes
Saturday Jul 17, 2021
Saturday Jul 17, 2021
Larry and Joe speak with Duane Dunston, an Associate Professor of Cybersecurity at Champlain College
https://www.champlain.edu/academics/our-faculty/dunston-duane
Duane just celebrated 24 years in Cybersecurity. He is currently working towards his EdD in Education. Larry and I learned how incredible Duane is! Among his many accomplishments, he volunteers as a security consultant with International Association of Human Traffickers and Investigators. He's working with Champlain students to develop technologies to facilitate the identification of trafficked victims. Duane is currently working on a cross-platform and mobile app to help identify victims of human trafficking. You can buy Duane a cup of coffee here: https://www.buymeacoffee.com/thedunston
And
00:00 Larry and Joe listen to Duane's story of how he got into Cybersecurity, after growing up in a Group Home, he earned a college degree, and then got into tinkering with Log Analysis and worked his way through Graduate school as a janitor. He helped maintain the computers and shortly after became a Unix administrator. He didn't have an easy road, but he is perhaps the best example of what the Information Security community stands for.
4:50 Wireguard VPN and Duane's contribution with Nowire
check out his NoWire Github repo here: https://github.com/thedunston/nowire
11:15 Is Internet Privacy Possible?
19:53 Duane’s presentation at GrimmCon: “Cognitive Science Aproach To Teaching Cybersecurity Education”
20:15 Should Veterans spend their GI Bill on College Degrees or Certs to get their first job in Cyber?
Duane recommends Security+ Certs and to supplement it with the TryHackMe platform.
It requires no home lab equipment so it helps those that have financial constraints.
22:30 Can someone go right into Pentesting?
Duane says you must have a base level of understanding of Networking, Windows and Linux administration.
23:00 eLearnSecurity Junior Penetration Tester (eJPT)
https://elearnsecurity.com/product/ejpt-certification/
23:50 Duane discusses how the OSCP Cert from Offensive Security is more difficult for people who struggle with self learning.
https://www.offensive-security.com/pwk-oscp/
26:00 Duane explains why he does not subscribe to the fatalistic “everyone will be hacked” mindset, and how SolarWinds is the worst case scenario of a Supply Chain compromise.
30:50 Why it is so difficult to detect cobalt strike beacons
32:45 Duane says the fundamentals are necessary: anti-malware, anti-phishing, and application control (allow-listing).
34:00 Web Browser sandboxing with Application Guard
35:15 Weakness of application control is when exclusions are set, malware an remain undetected when hiding in those exclusions
36:50 Host level detection is important because network traffic is encrypted in SSL
37:40 Philosophical Discussion on why Ransomware attacks are on the rise
39:00 Duane discusses his volunteer work with 1) using Augmented Reality to help train people in construction and 2) helping with the problem of human trafficking
44:35 Larry asks Duane a tough question: What is your driving motivation? You keep learning even after being in 24 years in Cybersecurity (Duane just got his MITRE Attack certification).
Duane's Ted Talk can be viewed here: https://www.ted.com/talks/duane_dunston_the_answer_to_cybersecurity_threats_middle_high_schoolers
Duane spoke at The Diana Initiative 2021; a two-day conference to elevate, inspire, and support women/non-binaries of all races, cultures, and backgrounds through every stage of their information security career with education, collaboration, and resources. https://hopin.com/explore/speakers/IEfWTII6uHHgNc1ctq047ro2S
51:00 Duane looks to the future - helping improve training providers. He would like to consult with a think tank on cybersecurity education or technology education or education policy. He can be reached on twitter at @GnuGro
52:37 Duane weighs in on the recent Infosec Bikini Controversy on twitter. Read more about the controversy here: https://www.infosecurity-magazine.com/news/infosec-community-bikini-pics/
Comments (0)
To leave or reply to comments, please download free Podbean or
No Comments
To leave or reply to comments,
please download free Podbean App.