In this episode of the Abricto Security Podcast, we meet with Chris Mitchiner, Executive Director for Cyber at the University of North Georgia. Cornel and Chris discuss the value of earning a degree in Cyber, how to stand out from the competition when landing your first role, and what private companies can do to make an impact in the Cyber community. Other questions we'll explore include:

• What can students do outside the classroom to prepare themselves for careers in Cyber? 
• What is UNG doing differently to better prepare its Cyber students?
• Why should students opt for UNG's Cyber program as opposed to self-study?
• What certifications are UNG's Cyber students able to earn while still in school?
• How is UNG helping to bridge the gender gap in Cyber?

In this episode, we meet the young and emerging star in cybersecurity, 5pider. We explore a new Command and Control framework by the name of Havoc. This is a powerful and flexible architecture that is capable of huge scalability. Havoc is open-source and is being used by nation-state threat actors. 

• How does someone so young get into cybersecurity creating C2s and malware? 
• What is it like creating modern malware avoiding detection? 
• Where does the inspiration for Havoc come from? 
• What are the future plans for Havoc? 
• How does it feel to know nation-states are using your framework as a standard C2 in their arsenal? 
• How can vulnerable services like Log4J be identified when a zero-day vulnerability drops?

In this episode, we meet with David Levine, Vice President, Executive Partner at Forrester and former CISO at Ricoh USA. In this discussion we dive into the world of risk management. Specifically, David explains how he was responsible for protecting Ricoh’s assets and what approaches he used to accomplish that goal. Some questions we answered include:

• How do large companies track and manage the risk of their internet-facing digital footprint? 
• What are some data privacy and ownership concerns companies should be considering when moving to the cloud? 
• What is the root cause for the majority of cloud breaches? 
• What are the pros and cons of running a bug bounty program in-house? 
• How can vulnerable services like Log4J be identified when a zero-day vulnerability drops? 

In this episode, we meet with two of Abricto Security’s Junior Security Consultants, Dre Porter and Daniel Cornett. Led by one of our Senior Security Consultants, Rob Waltman, we unpack the hurdles faced by folks trying to break into offensive security and the value these team members have to offer. Questions we discuss include: 

• What did our Junior Security Consultants think hacking would be like before they started? 
• What’s it like being a Junior Security Consultant here at Abricto? 
• What did the Junior Security Consultants wish they had known before they started? 
• What’s it like learning how to hack at universities? 
• What are the hurdles folks face when trying to enter the world of offensive security? 
• What are our Junior Security Consultants learning here at Abricto Security? 
• What are the benefits of having Junior Security Consultants on the team? 

In this episode, we sit down with two of Abricto’s Senior Security Consultants to discuss all things password-related. Anthony Ralston and Rob Waltman share their perspectives of why strong passwords are so critical to the security of both your corporate and personal accounts. We cover common yet effective attacks cybercriminals use to crack or bypass your credentials altogether to hack their way in. Specific topics we explore include:

• Why does your password suck?
• Practical implications of password complexity requirements.
• Password re-use, what’s the big deal?
• Password managers, is the juice worth the squeeze?
• Why and how is it to bypass even the strongest passwords.
• Where and how do cybercriminals enumerate target corporate accounts to break into?

In this episode, we meet with DJ Goldsworthy, a thought-leader in enterprise security and cloud adoption. DJ shares his perspective regarding the benefits and efficiencies enabled by cloud adoption. We dig into product security and best-practices for automating secure code development. Some questions we explore include:

• How are organizations benefiting by migrating development efforts to the cloud? 
• Are cloud-native applications and workloads susceptible to ransomware?
• How do you embed security into cloud-based CI/CD pipelines?
• How do we justify investing in product security to the business?
• How can security deal with rogue cloud accounts and subscriptions?

In this episode, we discuss the "anatomy" of a pentest. When people refer to a "pentest", what does that level of effort actually look like? Are all pentests equal? Some other topics we discuss include: 

- What's the difference between a pentest and a vulnerability assessment?

- What comes after a pentest?

- What are the deliverables a client should expect?

- What goes wrong in many pentests?

- How do you distinguish a quality pentest firm from a shady firm? 

- What questions should you be asking your pentest vendors?

In this episode, we finish interviewing our founder, Cornel du Preez. Cornel shares his prior work experience and walks us through the pivot points in his career that led to the creation of Abricto Security. Some key takeaways include:

• Resources we recommend to anyone trying to get their professional break into the world of cybersecurity.
• Traits that the Abricto team look for in candidates when interviewing.
• Cornel’s drink of choice for any and all social settings.