Cybersecurity 101 with Joe and Larry

00:00 – 00:22 – Welcome Back Larry and Joe return for another engaging episode of Cybersecurity 101. 00:23 – 03:56 – AI and Voice Cloning Scams The hosts discuss the growing threat of AI-powered voice cloning scams targeting the elderly and provide practical tips for avoiding them. 03:57 – 06:08 – Modern Antivirus Solutions Joe explains why built-in tools like Windows Defender outperform legacy products like Norton and McAfee, saving users money and offering superior protection. Source: https://www.av-test.org/en/antivirus/home-windows/ [https://www.av-test.org/en/antivirus/home-windows/] 06:09 – 08:45 – Freezing Your Credit Joe highlights the importance of freezing credit with major bureaus to protect against identity theft, explaining how it eliminates the need for costly services like LifeLock. https://en.wikipedia.org/wiki/Credit_freeze 08:46 – 12:38 – Public Wi-Fi and VPNs A deep dive into the risks of using public Wi-Fi and the scenarios where VPNs can add an extra layer of protection, especially against hotspot impersonation attacks. 12:39 – 15:45 – Mentoring Future Cybersecurity Professionals Larry shares his experience mentoring newcomers to the field, emphasizing the importance of understanding networking basics and applying real-world skills. 15:46 – 18:45 – SOC Workflow and Tiered Roles Joe and Larry break down the structure of a Security Operations Center (SOC), explaining the roles of Tier 1 analysts, Tier 2 shift leaders, and Tier 3 specialists like threat hunters and detection engineers. 18:46 – 22:06 – Responding to Incidents Larry details a recent SOC case involving unusual sign-ins and blocked countries, showcasing the process of verifying legitimate activity. 22:07 – 28:06 – Human Insight vs. AI in Cybersecurity The hosts explore why human instincts remain irreplaceable in handling complex cybersecurity cases, even with advancements in AI. 28:07 – 30:56 – Planning a SOC Lab Joe and Larry brainstorm ideas for a future podcast episode, including building a lab to simulate incidents and share hands-on cybersecurity insights with listeners. 30:57 – Looking Ahead The hosts reflect on their cybersecurity journey and tease upcoming content, including mock incident labs and tutorials to show listeners the day-to-day realities of working in a SOC.

0:06 – 0:22 – Welcome Back!   Larry and Joe kick off the latest episode of their podcast with excitement, diving straight into the cybersecurity topics of the day. 0:56 – 3:56 – The Mobile Carrier Breach   Joe breaks down the recent breach involving major telecom carriers (AT&T, Verizon, T-Mobile), discussing how hackers exploited outdated Cisco routers to access sensitive wiretap systems and target political figures. https://techcrunch.com/2024/11/14/us-confirms-china-backed-hackers-breached-telecom-providers-to-steal-wiretap-data/ 3:56 – 4:33 – Implications for Everyday Users   Joe explains the importance of encrypted communication apps like iMessage, WhatsApp, and Signal, highlighting vulnerabilities in text messaging protocols between iPhone and Android users. 4:33 – 6:09 – Best Practices for 2FA   The hosts emphasize moving away from SMS-based two-factor authentication and adopting authenticator apps or phishing-resistant methods like hardware keys. https://techcommunity.microsoft.com/blog/identity/its-time-to-hang-up-on-phone-transports-for-authentication/1751752 6:25 – 8:55 – Protecting Personal Accounts   Larry and Joe discuss practical ways for regular users to improve password security, including using randomized passwords, password managers, and even a physical password vault. 9:04 – 10:29 – The Pros and Cons of Password Managers   Joe explores the trade-offs between web-based solutions like LastPass and local password safes https://pwsafe.org/ secured with hardware keys from Yubico https://www.yubico.com/product/yubikey-5-series/yubikey-5c-nfc/, offering insights into selecting the right solution for your needs. 10:30 – 12:38 – VPNs and DNS Privacy   Joe delves into VPNs, DNS encryption, and how they protect user privacy, while explaining why these measures are essential for blocking ISPs from selling your data to advertisers. https://en.wikipedia.org/wiki/DNS_over_HTTPS 12:39 – 14:54 – Guarding Against Scams   Larry shares personal stories of family members targeted by scams, prompting tips from Joe on spotting phishing attempts, verifying suspicious emails, and avoiding QR code traps. 14:54 – 16:37 – The Wild West of the Internet   The conversation turns philosophical as the hosts discuss the current state of online security and the challenges of protecting vulnerable users, including the elderly, from relentless cybercriminals. Reminds me of "The Beekeeper" movie https://www.imdb.com/title/tt15314262/ 16:37 – 17:55 – QR Code Scams in the Real World   Joe uncovers the risks of QR code fraud, including fake stickers in restaurants or parking meters and malicious links sent in packages, and how to avoid falling victim to these scams. https://www.instagram.com/cybersecuritygirl/reel/DCaetPtuBIw/ 18:17 – 20:33 – Simple Security Steps for Everyone   Larry asks Joe for his top advice for everyday users, resulting in actionable steps like maintaining unique passwords for every account and writing them down in a secure password book. 20:33 – 21:50 – Credential Stuffing Explained   Joe explains the mechanics of credential stuffing, how hackers automate attacks, and why using different passwords for every account is critical. https://en.wikipedia.org/wiki/Credential_stuffing 21:50 – 22:09 – Planning for the Future   Joe reflects on how maintaining a secure and accessible password book can help families manage accounts after a loved one’s passing, underscoring the value of preparedness.

1. Introduction (0:00)    - Joe and Larry discuss the episode's focus and introduce Dan Pestolesi.   2. Danny's Background and Interests (0:30)    - Danny talks about his casual streaming experience (0:52)    - Story about Danny's dad streaming volleyball matches (1:25)   3. Educational Journey (3:31)    - Danny's double major in Cinema and Computer Science (3:37)    - Transition from film to computer science and cybersecurity (6:39)   4. Sports and Team Dynamics (10:45)    - Importance of sports in Danny's development (12:05)    - Comparing sports and cybersecurity teamwork (13:30)   5. Danny's Career Transition (14:52)    - Initial struggles and career decisions post-graduation (16:10)    - Moving from corporate sales to school district IT (17:22)    - Starting a part-time IT business (18:28)   6. Interest in Cybersecurity (19:01)    - Developing interest through classes and projects (19:15)    - Fascination with the Stuxnet [https://en.wikipedia.org/wiki/Stuxnet] virus (21:21)   7. Key Projects and Skills (22:38)    - Explanation of MPI Angels and Devils project (24:21)    - Importance of multithreaded processing and game theory (25:02)   8. Certifications and Career Growth (26:40)    - Value of Network+ [https://www.comptia.org/certifications/network] and Security+ [https://www.comptia.org/certifications/security] certifications (27:16)    - Future plans for certifications (28:08)   9. Job Interviews and Company Fit (27:47)    - Experience with a 2.5-hour interview (28:25)    - Importance of cultural fit and team dynamics (30:05)   10. Networking Skills in Cybersecurity (36:01)     - Larry's educational background in networking (36:08)     - Real-world application of networking skills (37:00)   11. Teamwork and Communication (38:32)     - Story about identifying a malicious IP address (38:47)     - Importance of collaboration in cybersecurity (39:13)   12. Advice for Aspiring Cybersecurity Professionals (40:29)     - Skills that helped Larry transition into cybersecurity (42:08)     - Recommendations for learning and certifications (42:26)     - Using resources like TryHackMe [https://tryhackme.com/] and Udemy [https://www.udemy.com/](42:48)   13. The Role of Documentation (48:30)     - Importance of taking notes and reading manuals (48:44)     - Using AI tools to assist with learning (46:19)   14. Conclusion (52:01)     - Final thoughts and encouragement for listeners     - Invitation to connect and learn more about the field   Call to Action: - Join the cybersecurity field! Get started for free at https://KC7cyber.com [https://KC7cyber.com] - Connect with the KC7 community on Discord [https://discord.com/invite/TmgCUnrArT]!

Episode Highlights:   Introductions (0:00) Simeon Kakpovi’s background (0:52) Gregory Schloemer’s background (3:01) Larry's Journey to Cybersecurity (5:20)   Transition from sports and coaching to cybersecurity Role of faith and mentorship Meeting and Partnership (7:08)   How Joe and Larry met Similar missions and goals KC7 Overview (8:10)   Introduction to KC7 and its impact Simeon’s story and vision for KC7 (9:22) Development of KC7 (11:38)   Greg’s involvement and development process Challenges and successes in creating KC7 KC7 in Action (12:57)   Demonstration of KC7 platform and features Tips and tricks for using KC7 effectively (16:46) Expansion and future goals for KC7 (18:14) KC7 Summer Camp (19:24)   Overview of the summer camp for students Success stories and impact on students Generating Realistic Data for KC7 (22:30)   Techniques for creating realistic cybersecurity data Use of AI in data generation (23:26) Interactive Demo: Creating a Scenario (26:40)   Step-by-step demo of generating a threat scenario with AI Explanation of threat actor behaviors and data patterns (31:01) Future of KC7 and AI Integration (33:46)   Plans for scaling and improving KC7 with AI Vision for automating question generation (34:03) Community and Feedback (36:04)   Importance of community support and feedback Success stories from KC7 users (38:32) Conclusion (39:48)   Final thoughts and appreciation Invitation to join the KC7 community https://kc7cyber.com/ [https://kc7cyber.com/] and connect on Discord https://discord.com/invite/TmgCUnrArT

Episode Highlights:   1. Introduction (0:00)    - Hosts: Joe Stocker and Larry Lishey    - Larry's new role as a SOC Analyst   2. Larry's Journey to Cybersecurity (0:38)    - Transition from warehouse management to cybersecurity    - Motivations and inspirations (1:06)    - Role of formal education and certifications (4:22)    - Key learning experiences and helpful resources   3. Day-to-Day as a SOC Analyst (2:23)    - Typical daily tasks and responsibilities    - Working with Microsoft Sentinel and other security tools (3:23)    - The importance of thorough incident investigation   4. Challenges and Rewards (10:00)    - Initial challenges and overcoming nerves    - The pressure and importance of accurate incident triage (11:06)    - Rewarding aspects: customer satisfaction and team support (21:26)   5. Mentorship and Team Dynamics (12:07)    - The role of mentors in Larry's growth    - Advice for new SOC analysts: ask questions, find a mentor    - Team structure and dynamics within the SOC (19:08)   6. Professional Growth and Skills Development (13:36)    - Key skills and knowledge areas developed over 12 months    - Specific incident analysis and forensics experiences (14:32)    - Learning and growth through practical experiences and mentorship   7. Career Transition and Personal Impact (18:52)    - Life changes from the career transition    - Balancing work and personal life, including gym routines (29:55)    - Benefits of remote work and its dynamics   8. Podcast Experiences (31:41)    - Notable guests and influential conversations (31:57)    - Favorite moments and topics covered (32:57)    - Future aspirations for the podcast: more day-to-day SOC operations, specific scenarios   9. AI and Cybersecurity (34:45)    - Joe's thoughts on AI's impact on cybersecurity    - Microsoft's Copilot for Security (34:56)    - Broader societal implications of AI, including deep fakes and cybercrime   10. Conclusion (39:48)     - Final thoughts and encouragement for listeners     - Invitation to connect and learn more about the field   Resources: - KC7 Cybersecurity Game: https://kc7cyber.com/ - Education and certification programs  https://www.mycomputercareer.edu/ - Connect with Larry on LinkedIn https://www.linkedin.com/in/lawrence-lishey-30942020/