153.3K
Downloads
26
Episodes
Joe Stocker, CEO of a Microsoft Consulting company (”www.PatriotConsultingTech.com”) and author of the bestselling book on Amazon ”Securing Microsoft 365”, mentors his friend Larry on his journey to a career in Cybersecurity. Update: 5/1/2023: Larry is currently working part time for Joe as a SOC Analyst! Connect with Larry on LinkedIN here: https://www.linkedin.com/in/lawrence-lishey-30942020/ Want to be a guest on the show? Let Larry know on LinkedIN!
Episodes
Sunday Sep 27, 2020
Episode 11 - From Fast Food Manager to NASA Cybersecurity Analyst
Sunday Sep 27, 2020
Sunday Sep 27, 2020
Kris went from making burritos in an American chain of fast casual restaurants to become a general manager by age 19 before giving it all up and starting a new career in Cybersecurity, where he is now guarding against cyberattacks for NASA. It all started the day Kris took a 10 minute break before starting a 12-hour shift at a fast food restaurant. He had just worked 200 hours over the previous two weeks! During the break, he stumbled on this Reddit thread about the Stuxnet worm which sparked his interest in cybersecurity.
Soon after he witnessed one of his managers achieve their dreams after attending Year Up, a non-profit offering one-year intensive training program. Kris joined the cybersecurity program and we discuss his transition from that training to his current role as a cybersecurity analyst at NASA.
Here are the resources that have helped Kris:
1. Lesley Carhart's blog post on how to start an infosec career 2. Productivity timer 3. "Atomic Habits" by James Clear 4. Dare to Lead by Brené Brown 5. Terminus 6. OverTheWire War Gaming 7. Certification Overview Graphic 8. Cybersecurity Overview Mind Map
Sunday Oct 25, 2020
Episode 12 - Catching up with Larry
Sunday Oct 25, 2020
Sunday Oct 25, 2020
People are asking how Larry is doing, so this episode is focused on catching up with Larry and his journey towards a career in Cybersecurity.
TL;DR As of 10/25/2020, Larry has 12 weeks left in school and he is open to immediate placement for an entry level cybersecurity or help desk role. He lives in south Orange County, California and can work remotely as well. Connect with Larry on LinkedIN (Click here to Connect with Larry).
Larry is attending an online school called MyComputerCareer where he is studying for the following Certification exams:
- A+
- Network+
- Server+
- Security+
- Microsoft Security Fundamentals
- Microsoft Server Fundamentals
- Microsoft Networking Fundamentals
- Linux Essentials
Larry also recommends:
- MeasureUp (https://www.measureup.com/)
- Quizlet (https://quizlet.com/)
- Kahoot (https://kahoot.com/)
Podcast Timeline:
00:00 Catching up with Larry
5:25: MyComputerCareer offers Job Placement after 6 months. Out of his class of 113 students, half of them have already been placed in jobs!
8:24: Joe gave Larry "The Hacker Playbook" by Peter Kim, because it uses analogies from football (Larry was a professional football coach)
10:43 Joe talks about the pivotal moment in his life that caused him to attend a computer school at night while he earned a college degree during the day
13:13 why is technology interesting to Joe, and how he needs a challenge. Joe would be too bored in a routine and competitive job.
17:16 how hackers can target you individually to your phone
19:40 to 22:00 Larry shares a story about how 80% of people don’t update their phones because it is a hassle.
23:24 to: 26:00 Two major motivations hackers have for targeting individuals
26:00 Instagram Cloning
30:00 Larry’s plan: 12 weeks left in school, then find a company who is willing to give him a shot. His goal is to be a penetration tester or digital forensics.
Sunday Mar 21, 2021
Episode 13 - Larry has a big announcement and shares his future plans
Sunday Mar 21, 2021
Sunday Mar 21, 2021
It has been about five months since we last checked in with Larry's progress in school, so in this episode he has a big announcement to share.
Joe then recaps what has been happening in the world of cyber warfare including SolarWinds, Microsoft Exchange Ransomware #DearCry, and the F5 pre-authentication RCE.
Saturday May 29, 2021
Episode 14 - Daniel Rose discusses Cybersecurity Unicorn Job Descriptions
Saturday May 29, 2021
Saturday May 29, 2021
[Update 7/6/21: Daniel has accepted a job in cybersecurity! Congrats Daniel!!]
Larry and Joe invite special guest Daniel Rose on the show to discuss his efforts to obtain a position in cybersecurity. Daniel grew up placing Ice Hockey and served his country in the US Navy, and served his community in law enforcement before transitioning to IT for the past six years. He has Linux and Security+ certifications and is open to full time employment offers now. Listen to the show to learn more about Daniel's background.
00:00-02:15 Special guest Daniel Rose shares his experience encountering crazy job descriptions like this entry level position: "Must have 5 years experience and former CISO preferred?!" Larry and Daniel discuss how these “unicorn employee” job postings can be frustrating for people looking to break into the cybersecurity field.
02:15-3:15 Larry recalls a conversation he had with an IT Architect who told him having passion for cybersecurity is the most important thing
03:15-05:00 Daniel shares about when he first transitioned from a career in law enforcement to IT. It all started when he took a digital forensics workshop. He then found a computer hardware position and then web/software development.
05:00-08:00 Daniel shares stories about how his passion and drive has helped him overcome challenges in life, including an inspiring story when he served in the US Navy. If you really want to do something - stick to it!
08:00-12:00 Daniel shares tips with Larry on studying for the Pentest+ and Security+ Exam.
12:00-13:30 Daniel explains what TryHackMe.com is all about.
13:30-14:45 Daniel explains what it takes to get a new account in https://HackTheBox.com
14:45-15:30 Daniel talks about https://CodeAcademy.com
15:30-16:05 Daniel recommends that Larry get into Python as his first cybersecurity programming language
16:05-18:43 Daniel recommends https://RangeForce.com and talks about how it helped him gain hands-on experience with PowerShell, Intrusion Detection Systems,
18:43 Daniel talks about https://CyberDefenders.org ; a blue team training course to learn Splunk and reverse engineering malware
20:45 Joe talks about how Marcus Hutchins used his malware analysis skills to find the kill switch that stopped WannaCry ransomware from spreading worldwide in 2017. Learn about Marcus's story here: https://en.wikipedia.org/wiki/Marcus_Hutchins
22:20 Larry talks about the Microsoft MSSA Academy https://military.microsoft.com/programs/microsoft-software-systems-academy/
26:10 Daniel talks about his experience using EDR to investigate ransomware and how he created a watchlist of task scheduler changes to hunt for Indicators of Compromise (IOC)
29:00 Larry ties together how incident response requires skills with forensics
30:00 Daniel talks about how he used the Jason Dion Udemy course to prepare for the LPI Linux course https://www.udemy.com/user/jason-dion/
31:50 Daniel shares his tips with Larry on studying for Security+
35:00 Larry shares an update on his career search
Saturday Jul 17, 2021
Saturday Jul 17, 2021
Dr. Cody Buntain (@codybuntain) is an Asst. prof in the Informatics Department at New Jersey Institute of Technology. He researches how people engage politically online, especially during disasters and times of social unrest, and how coordinating actors behave and information flows across multiple platforms. He has a Postdoctoral Fellowship for the US Office of the Director of National Intelligence (2016-2018), and a former research scientist for Raytheon. Learn more about Dr. Buntain here: http://cody.bunta.in/
#crisis informatics #online political engagement #disinformation #information quality #real-time summarization #weak supervision #text mining #machine learning
1:45 Larry asks Dr. Buntain: How can a person get into cybersecurity when they don't have prior job experience?
- "If you have a background in IT, then consider pursuing an undergrad degree in cybersecurity or a graduate degree'
- "if you have no background in IT, then start with a cybersecurity bootcamp to gain technical skills first."
3:00 to 10:00 Tough Cybersecurity Interview Questions
- When you want to get into cybersecurity, it’s important to have a home lab where you can practice and then you can speak to that during an interview
- Difficult interview questions, like Elon Musk's favorite: "“You're standing on the surface of the earth. You walk one mile south, one mile west, and one mile north. You end up exactly where you started. Where are you?”
11:00 Why humans are still the weak link in cybersecurity
12:30 Cybersafety
- how do we help people be more secure users on the internet
- socioeconomic factors to cyber safety
16:20 Is there enough incentives for large private companies to secure against breaches, when insurance companies cover their losses, and breaches are not mandatory to disclose?
19:30 Tesla employee bribed with a million dollars to plant ransomware by a Russian
https://www.wired.com/story/tesla-ransomware-insider-hack-attempt/
21:00 Insider Risk
24:15 Discussion on Supply Chain Attacks- like Kaseya
27:00 The supply chain risk is not new - example from the cold war. Conclusion: It comes down to trust, which is a decision of weighing risks.
28:15 Is Nationalism inevitable to avoid supply chain compromise?
29:00 Dr. Buntain discusses the #1 problem in cybersecurity today: Phishing and Humans being the weak link. It's about persuading employees with the "why" not just the policy enforcement.
Saturday Jul 17, 2021
Saturday Jul 17, 2021
Larry and Joe speak with Duane Dunston, an Associate Professor of Cybersecurity at Champlain College
https://www.champlain.edu/academics/our-faculty/dunston-duane
Duane just celebrated 24 years in Cybersecurity. He is currently working towards his EdD in Education. Larry and I learned how incredible Duane is! Among his many accomplishments, he volunteers as a security consultant with International Association of Human Traffickers and Investigators. He's working with Champlain students to develop technologies to facilitate the identification of trafficked victims. Duane is currently working on a cross-platform and mobile app to help identify victims of human trafficking. You can buy Duane a cup of coffee here: https://www.buymeacoffee.com/thedunston
And
00:00 Larry and Joe listen to Duane's story of how he got into Cybersecurity, after growing up in a Group Home, he earned a college degree, and then got into tinkering with Log Analysis and worked his way through Graduate school as a janitor. He helped maintain the computers and shortly after became a Unix administrator. He didn't have an easy road, but he is perhaps the best example of what the Information Security community stands for.
4:50 Wireguard VPN and Duane's contribution with Nowire
check out his NoWire Github repo here: https://github.com/thedunston/nowire
11:15 Is Internet Privacy Possible?
19:53 Duane’s presentation at GrimmCon: “Cognitive Science Aproach To Teaching Cybersecurity Education”
20:15 Should Veterans spend their GI Bill on College Degrees or Certs to get their first job in Cyber?
Duane recommends Security+ Certs and to supplement it with the TryHackMe platform.
It requires no home lab equipment so it helps those that have financial constraints.
22:30 Can someone go right into Pentesting?
Duane says you must have a base level of understanding of Networking, Windows and Linux administration.
23:00 eLearnSecurity Junior Penetration Tester (eJPT)
https://elearnsecurity.com/product/ejpt-certification/
23:50 Duane discusses how the OSCP Cert from Offensive Security is more difficult for people who struggle with self learning.
https://www.offensive-security.com/pwk-oscp/
26:00 Duane explains why he does not subscribe to the fatalistic “everyone will be hacked” mindset, and how SolarWinds is the worst case scenario of a Supply Chain compromise.
30:50 Why it is so difficult to detect cobalt strike beacons
32:45 Duane says the fundamentals are necessary: anti-malware, anti-phishing, and application control (allow-listing).
34:00 Web Browser sandboxing with Application Guard
35:15 Weakness of application control is when exclusions are set, malware an remain undetected when hiding in those exclusions
36:50 Host level detection is important because network traffic is encrypted in SSL
37:40 Philosophical Discussion on why Ransomware attacks are on the rise
39:00 Duane discusses his volunteer work with 1) using Augmented Reality to help train people in construction and 2) helping with the problem of human trafficking
44:35 Larry asks Duane a tough question: What is your driving motivation? You keep learning even after being in 24 years in Cybersecurity (Duane just got his MITRE Attack certification).
Duane's Ted Talk can be viewed here: https://www.ted.com/talks/duane_dunston_the_answer_to_cybersecurity_threats_middle_high_schoolers
Duane spoke at The Diana Initiative 2021; a two-day conference to elevate, inspire, and support women/non-binaries of all races, cultures, and backgrounds through every stage of their information security career with education, collaboration, and resources. https://hopin.com/explore/speakers/IEfWTII6uHHgNc1ctq047ro2S
51:00 Duane looks to the future - helping improve training providers. He would like to consult with a think tank on cybersecurity education or technology education or education policy. He can be reached on twitter at @GnuGro
52:37 Duane weighs in on the recent Infosec Bikini Controversy on twitter. Read more about the controversy here: https://www.infosecurity-magazine.com/news/infosec-community-bikini-pics/
Saturday Aug 07, 2021
Saturday Aug 07, 2021
Meshack Mortiz immigrated with his family from the Philippines when he was 13 years old. His family had plans for him to go to college and become a Nurse, or learn medicine through the US Air Force. But Meshack found a special camaraderie among the US Marine recruits that persuaded him to join the most elite fighting force on earth.
Learn about his journey from being an Engineer Equipment Operator (MOS 1345) to becoming a SOC analyst for a top US Government space agency, and then his most recent transition to the private sector as an Incident Response Analyst. Meshack shares tips and tricks that helped him along each stage of the journey that began with the Microsoft Software and Systems Academy (MSSA) https://military.microsoft.com/programs/microsoft-software-systems-academy/ and how he prepared for his interviews, built a home lab, and sought out mentors.
Timeline
00:00 Introduction to Meeshack, a heavy equipment operator in the United States Marine Corp
4:30 Meshack explains the mindset it requires to have a successful career transition into Cybersecurity
"You have to enjoy it."
5:30 Meshack explains how he prepared to get into cybersecurity, through certifications, in particular the Security+ exam.
8:00 Meshack shares how he got his first job in cybersecurity by using OSINT skills to research Social Media
He looked at job postings to see what employers were looking for, then he worked backwards from there.
11:00 Meshack shares his elevator pitch that he used to get people to respond to him on LinkedIN. He got a great response rate!
14:00 Meshack shares his interview strategy: 50% likability and 50% technical skill
16:00 Meshack describes his first home lab setup involved a Raspberry Pi DNS Sinkhole
and pulled everything into the free edition of Splunk
Joe also had given him guidance on using host based IDS such as SNORT
19:30 Interview technique: explain what you have done in your home lab before they start asking you technical questions, especially when you have no prior job experience
31:34 Meeshack shares how his family immigrated to the United States when he was 13 and his family wanted him to become a nurse but he shocked them when he enlisted in the United States Marine Corp.
39:00 For those who want to get into Cybersecurity, Meshack recommends A+, Network+ then Security +. He also recommends CompTIA Cybersecurity Analyst (CySA+)
For those who are already in Cyber SOC positions, Meshack recommends SANS GIAC Certified Incident Handler (GCIH)
Saturday Aug 07, 2021
Saturday Aug 07, 2021
Brett's Story.
Brett spent 24 years in prison, and was recently released. But how Brett spent his time will inspire you. Take the time to listen to Brett and get to know how he invested his time wisely. He has a lot to teach us on so many levels.
Brett took advantage of every education opportunity available, earned a bachelor's degree in Liberal Arts and taught himself to advanced math and physics, all without access to the Internet. But his life really changed when his friends invited him to the Last Mile program (www.TheLastMile.org). He wrote about his journey on his blog article here: The Crucible: Learning How to Code in Prison | by Brett Buskirk | Medium
The Last Mile is a truly amazing program. It gives prisoners an opportunity to learn full stack programming in a simulated web environment. Brett excelled and showed initiative during COVID when the program was suspended, he hand-wrote lesson plans that were distributed to multiple prisons that participated in the Last Mile program. Upon his release from prison, he was hired as an Instructor by Last Mile so he now gets to teach others.
Brett’s story reminds me of Kevin Mitnick. Upon being released from prison, Kevin started the company KnowBe4 which has become one of the fastest growing cybersecurity companies in history. I can say from personal experience that the majority of my corporate customers are now KnowBe4 customers. This is a great example of where as a society we have given returning citizens like Kevin, and now Brett a chance to bless all of us with their valuable skills they have to offer us.
I firmly believe that Brett has a bright career ahead of him - and there are no limits to what Brett can achieve, because his mind is so incredibly sharp and he has gotten to know himself and his self worth. Brett has found joy and purpose in coding and now he is now gaining an interest in Cybersecurity, which is how he found out about this show - one day he searched "Cybersecurity" on Spotify and found our show! He reached out to Larry and we both immediately knew we wanted others to hear his incredible story. The world needs bright minds like Brett to help all of us, because we are in the middle of a cyber war, where dangerous nation state actors and cyber gangs are destroying American businesses. In my opinion, Congress should set aside a gazillion dollars to help prisoners find hope like what Brett has found. Opportunities are all around us if we seek them with all our might - I believe God puts them there for us.
Highlights from the show:
6:55 Brett came to a belief of not accepting Limits of Learning. <- You've gotta hear this - it is very inspirational!
“I don’t believe in limits. I don’t believe that we have to not learn something just because it’s too difficult. I think it boils down to what interests us. If it is something that truly interests us, then we can learn it no matter who we are. It is just the matter of having the will power and discipline to do so.”
8:36 Brett escaped the horrors of prison life by diving deep into Math and Physics. “I knew it was something they couldn’t take from me.”
Later in the episode Brett recalls a time where he wrote an MS Access database with VBA Code to help the print shop with cost estimating. When the prison administration discovered the program, they removed Brett’s access and banned him from jobs involving computers, because they feared what they didn’t understand.
10:40 The pivotal moment in Brett’s prison life happened after he was let go from a job, and his friends told him about the Last Mile program which teaches computer programming, specifically full stack web development (front end and back end coding).
www.TheLastMile.org
“From day one I knew I loved it.”
The first six months, Brett learned front end web development (HTML, CSS, Javascript) and the 2nd six months: Node.js, React, Express and back end development.
Brett really values much more than just the technical part - he appreciates how the program made him feel because they really showed how much they cared about Brett.
15:50 Brett is currently reading a Network+ book, and Larry talks about his decision of pursuing CYSA+ instead of Pentest+ or the Cloud cert.
Learn more about Brett’s story on his Medium Blog post.
19:15 Brett describes how he earned his current role teaching for Last Mile. During COVID he wrote tutorials / lesson plans, which he enjoyed doing, and that really impressed the leadership in Last Mile. After his release from prison, they hired him onto their full time staff, and now he is giving back by teaching those still in the system.
26:00 Brett and Joe talk about how valuable the skills learned in the Last Mile generate hope, and how when people volunteer their time it shows the prisoners that they have have value.
28:00 Brett talks about how the rate of change in the computer industry, and cybersecurity in particular is something that motivates and attracts Brett.
39:00 Joe and Brett discuss how Upwork is a great site for returning citizens to perform freelance work and gain job experience
41:00 Brett is in the process of learning Python, and Larry jumps in that he is also learning Python too.
43:00 Brett shares how he enjoys the show as a fan and following’s Larry’s journey and life experience, and Larry reminisces about his brief rap career
45:00 Larry shares how he failed the Security+ 501 exam and that he will retake the newer Security+ 601 exam. And Larry is available and very interested for anyone who is hiring for a SOC Analyst role.
46:30 Larry shares how he is experimenting with Tryhackme.com
Saturday Sep 18, 2021
Episode 19 - Terence Jackson talks Faith and Hope
Saturday Sep 18, 2021
Saturday Sep 18, 2021
In Episode 19, Joe introduces Larry to Terence Jackson, and they discuss their common faith in Jesus Christ, and how anyone who freely chooses can also become a Christian.
00:00 Larry announces that he is getting married in two weeks! Larry talks about his plans to take the CEH and CYSA Certifications
1:30 Joe introduces Larry to Terence Jackson, a former CISO from Thycotic. Terence was named top 10 CISO.
3:15 Terence has 26 technical certifications and is pursuing graduate studies from Albany Law School
5:30 Terence describes how he developed a friendship with the CEO of a company as they shared a common faith
6:00 Joe asks Terence about how faith in God
6:45 Terence describes his faith journey, from being the child of a Minister - growing up “at church” without being “in church” and the period of his life where he wandered away, to returning back to his faith in God
8:30 Joe says if we only talk about career accomplishments, it’s an incomplete picture of who we really are.
Pastor Bobby Schuller from Shepherd's Grove Church (https://www.sgp.church/) developed this creed:
Try saying this out loud, and pause after each line:
“I’m not what I do.
I’m not what I have.
I’m not what people say about me.
I am the beloved of God.
It’s who I am.
No one can take it from me.
I don’t have to hurry.
I don’t have to worry.
I can trust my Friend, Jesus, and share His love with the world.”
Say that out loud - and note how you feel after saying it.
9:30 Joe describes what it means to have integrity
10:15 Joe describes how faith grounds us.
11:00 God loves you!
11:30 Terence says the secret to success is putting God first. Faith is like a muscle, you have to continue working on it and build it up. It’s important to have community.
12:40 God is Good!
1:00 Does faith without works result in automatic blessing or do you have to put effort into life to have success?
13:41 Proverbs 22:29
15:30 Terence shares how he has found fulfillment in Jesus Christ, and how it has helped him
15:54 Joe and Terence discuss how the death of Jesus Christ allowed for a personal relationship with God
22:40 How can faith help you with the desire to enter a career in cybersecurity
24:40 Terence worked his way up from the bottom (pulling cables and terminating wires) to becoming an executive at Microsoft
25:00 to 31:40 Joe and Terence bring the conversation back to Faith in God
31:40 Larry tries to bring the conversation back to Cybersecurity
33:30 Terence tells a story of hiring a math teach who had no background in cybersecurity, got certifications, Terence takes a chance hiring her, and she is now running cyber for a top 5 bank.
36:00 Terence describes what he looks for in job candidates: curiosity, self starter, and willingness to learn. Thirst. Drive.
37:00 Not all jobs in cybersecurity are hands-on-keyboard
40:00 Joe asks Terence about working for one of the top tech companies in the world
40:20 Your network is just as important as your skill set
41:00 What does Terence do in his day to day work?
TL;DR - God Loves you and while cybersecurity is cool, Faith in God gives meaning to life, hope in the future, and is a sure foundation for when life doesn't go our way.
Why are these men so outspoken about their faith? Shouldn't they keep it quiet and to themselves?
The Holy Bible says we should not be ashamed of having faith, because it is so cherished and important. The Apostle Paul wrote “For I am not ashamed of the gospel of Christ, for it is the power of God to salvation for everyone who believes, for the Jew first and also for the Greek.” Romans 1:16
Jesus said “Whoever is ashamed of me and my words, the Son of Man will be ashamed of them when he comes in his glory and in the glory of the Father and of the holy angels” Luke 9:26
To learn more about how to have a personal relationship with God, check out this website developed by the late evangelist Billy Graham https://peacewithgod.net/
Sunday Nov 21, 2021
Episode 20 - The 25th Anniversary of DDoS with Pankaj Gupta from Citrix
Sunday Nov 21, 2021
Sunday Nov 21, 2021
In this episode we discuss the 25th anniversary of the first DDoS (Distributed Denial of Service) and why this cybersecurity threat is a tricky one to solve.
00:00 to 2:00 Intro to Pankaj Gupta (@PankajOnCloud,CITRIX)
Pankaj leads product and solutions marketing and go to market strategy for cloud, application delivery and security solutions at Citrix. He advises CIOs and business leaders for technology and business model transitions. In prior roles at Cisco, he led networking, cybersecurity and software solution marketing.
2:20 The 25th anniversary of the first Denial of Service attack against Panix, an Internet Service Provider (1996) (https://en.wikipedia.org/wiki/Denial-of-service_attack#Distributed_attack)
25 years later, the largest DDoS attack ever recorded targeted Russian ISP Yandex (https://www.cpomagazine.com/cyber-security/russian-internet-giant-yandex-wards-off-the-largest-botnet-ddos-attack-in-history/). Pankaj notes how this was exactly 25 years later to the month.
3:15 What is a DDoS Attack? 1) Connection overload 2) Volumetric like ICMP flood 3) Application Layer
5:20 Coinminer as an example of Denial of Service when CPU is exhausted
6:00 Why are we still talking about DDoS 25 years later? Pankaj states that they are now easier than ever to perform.
7:00 Larry asks about the connection between ransomware and DDoS
9:00 Pankaj describes how the motivation for DDoS has shifted from hacktivism to financial motivation
9:30 Joe asks how much it costs for an attacker to operate
10:00 Pankaj explains that unskilled attackers with access to the Dark web can orchestrate attacks
11:45 Joe discusses how many attackers target healthcare despite how this hurts people
12:45 Pankaj discusses that while federal laws exist, very few are prosecuted for DDoS attacks.
13:50 Larry asks whether businesses are paying the ransom
14:15 Pankaj says paying the ransom is never recommended. Instead, Pankaj recommends investing in DDoS protection solutions
15:25 Joe asks whether tools exist to quantify costs for downtime to justify the expense of DDoS prevention solutions.
16:30 Pankaj explains how it is not just the economic impact of downtime that is to be factored into the equation but also the damage to reputation by losing customer’s trust.
17:30 Pankaj describes three trends that will cause DDoS attacks to increase in the future (things will get worse rather than better). This is due to increased bandwidth for 5G, exponential growth of IoT devices, and the improved computation power.
18:30 What is IoT? (Internet of Things). This is any device that has an internet connection such as a Nanny Camera, home router, or NEST Thermostat. Bad actors exploits vulnerabilities to transform these devices into a “BOT Network” that the attackers can then use in mass quantity against a single target. This forms the source for the DDoS attacks. All of these devices combined will send packets to the victim website.
20:50 What solutions exist for DDoS? Joe explains how he has solved DDoS historically using services from CloudFlare.
22:00 Joe explains how he configured DDoS protection by configuring DNS, and the weakness when attackers discover the direct IP using OSINT
23:15 Joe asks Pankaj how does Citrix compare with competitors
23:35 Pankaj describes four key criteria when selecting a DDoS solution. 1) The solution should protect against a variety of types of DDoS attacks 2) Can the solution scale? As DDoS attacks increase in size 20% Year over Year (it’s expected to be 3 terabits). 3) The advantage of a cloud-based solution is that it can auto-scale in bandwidth whereas an on-premises DDoS solution cannot guard against bandwidth saturation.
25:50 Joe asks Pankaj if Citrix uses its own data centers (does it have exposures if data centers like Google, Amazon or Microsoft). Pankaj describes the Citrix solution as having the scale to handle 12 terabits of scrubbing across multiple points of presence (pop).
29:00 Pankaj describes two types of DDoS solutions, Always-ON, or On-Demand. If you are an e-commerce website then Always-on may make more sense even though it costs more than on-demand because every minute that you cannot sell your products will lose money.
31:00 DDoS attacks can be a diversion tactic to distract IT and SECOPS teams so that the attackers can perform other types of attacks such as financial fraud (Wire Fraud, SWIFT, etc)
32:40 Larry asks: What is the difference between a buffer overflow and DDoS? Pankaj explains that a buffer overflow could be used as a type of DDoS since it could impact the availability of the service.
34:00 Joe describes how DDoS strikes at the heart of one of the three components of the CIA Triad “Confidentiality, Integrity, and Availability.”
35:00 For businesses interested in learning more about Citrix solutions, Pankaj recommends using this contact form on the Citrix website: https://www.citrix.com/contact/form/inquiry/
36:30 Joe asks what market is Citrix chasing: Small Business, Mid-Market or Enterprise? Pankaj responds that all businesses need DDoS protection, and how cloud-based solutions are easier to implement.
DISCLAIMER: Larry and Joe received no compensation in any form from anyone for our Podcast. This is a "hobby" podcast - we don't even have advertisements!