How to become a malware analyst | Cyber Work Podcast

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

it's a celebration here in the studio because the cyber work with InfoSec podcast is a winner thanks to the cybersecurity Excellence Awards for awarding us a best cybersecurity podcast gold medal in our category we're celebrating but we're giving all of you the gift or once again giving away a free month of our InfoSec skills platform which features targeted learning modules cloud hosted cyber ranges hands-on projects certification practice exams and skills assessments to take advantage of this special offer for cyber work listeners head over to InfoSec institute comm slash skills or click the link in the description below sign up for an individual subscription as you normally would then in the coupon box type the word cyber work CY BER wo RK no spaces no capital letters and just like magic you can claim your free month thank you once again for listening to and watching our podcast we appreciate each and every one of you coming back each week so enough of that let's begin the episode welcome to this week's episode of the cyber work with InfoSec podcast each week I sit down with a different industry thought leader and we discussed the latest cybersecurity trends how those trends are affecting the work of InfoSec professionals while offering tips for those trying to break in or move the ladder in the cybersecurity industry it's been a while since we talked about ransomware last and it's a toxic growth online in the last couple years even as tools and technologies improved to keep malware out of our computers social engineering and other manipulate X still get people to click the link open the doc or otherwise do things that they should know better to do in these kind of situations our guest today danny jenkins said he wanted to talk about ransomware and quote the ways your favorite apps could be weaponized against you so we're gonna talk about that we're gonna talk about some tips for mediating if you do get hit as well as getting your foot in the door as a malware analyst Danny Jenkins is the a technical guru with deep understanding of corporate IT and cybersecurity he has an entrepreneurial background and two decades of experience in building and securing corporate networks before taking the reins at threat Locker Danny held CEO and CTO positions at multiple IT companies and founded a few cybersecurity businesses of his own Danny welcome to cyber work today thank you for having me so we always like to start the show to sort of warm things up by getting a sense of your own background and personal story your your origin story if you will so let's start with that how and when did you first get involved in computers and tech was this something you'd be interested in since childhood and when did you specifically get interested in the security aspects of things so I guess a child tech wasn't too much around and I grew up in the 90s and when I was at school we had Windows 3.1 on our computers and drives and I guess then what drove me to tech was not a tech class because there was no tech classes back then but more for Business Studies class because we use computers in business studies and while I was at school and I had a lot of trouble with some of the students and my way of getting the secret revenge was to write batch files in those days to keep their work so that was kind of my introduction to tech as a 15 year old and growing up in the UK and the public school system okay so when did you specifically get interested in the security side of things so it kind of organically evolved I started work very easy I took the non-traditional approach of not going to college and I left high school oh it wasn't high school in the UK I did my GCSEs and left at 16 and went into an apprentice role and doing MSP work small business support going out fixing the valve servers and things like that and by the time I was 20 I was working at a large multinational company and I somehow found myself in the corporate headquarters with a very small IT department for where where the organization had 150 different sites probably 10 or 15 different autonomous IT departments and the only role of the corporate headquarters was to figure out what's important corporately and as they didn't really choose what apps they ran or what systems they ran across the globe it really became a security it's a topic it really became we were talking together every time somebody gets a piece of malware it spreads across our entire network and malware wasn't so bad back then it wasn't ransomware it didn't you and bring you to you right it was more about our a year we talked in here mm I started there 2002 and okay so and I was there for five years I remember getting whomped by a piece of malware around that time and it wasn't great yeah but it wasn't your business right right now yeah and I remember getting hitting hit with one in like Oh seven where it just torched my entire computer like they couldn't even like reboot it yeah it's scary definitely gets heavier so and back then it was IT and then became an IT security it wasn't cybersecurity as such it was how do we secure IT and a lot of it was about putting perimeter firewalls in place putting antivirus and then we saw the evolution of personal firewalls went blast that came out in 2002 and malware when it cost 4,000 machines worldwide network and so we ended up setting very hard policies then and and what seemed to be hard policies now when you look back and then we think wow we allowed zip files through email it's that's crazy yeah but that's kind of my introduction to security in hmm okay so yeah so can you kind of from there can you sort of let's let's go to the sort of next step so you started out and kind of this this you know sort of loose umbrella organization of security you know checkpoints and stuff but you know obviously there's a big jump between what you were doing there and moving up to CTO and infrastructure manager and and and so forth says you started out configuring networks for small businesses so like what were some of the major sort of stepping stones where you went from you know this area of knowledge and then you got you know list this much higher and this much higher what were some of the sort of transformative things in your career that got you to where you are now where you're you know starting your own companies and so forth yes so when I was 23 24 25 can remember the age now and one of the big challenges we had in that organization was and malware and most of it was through email and it was a constant challenge it seems we would buy a firewall on that file would stay there and we wouldn't change it with by a would by an antivirus and we should that was stuck with the antivirus but email seemed to be a constantly constant challenge for the business and how could we stop malware and spam which was obviously the birth of spam back then as well coming into the network and we kept buying products and we kept going up to the to the CFO asking for more money and why why you just spent this much money and it didn't work and so from there I decided that I wanted to solve this problem and the logical legs except for me was I don't think this should be a business issue this should be a technology issue and if I was running a technology company I can have the front end to do whatever I wanted and then the back end we could change and evolve so I started a company called air and make sweet which one's an email security company and the idea was was to move email security into the cloud which everyone looked at me like I had two heads then what if my warranty is something gets good to get quarantined then it's stuck in the cloud that was the mentality then and to make it a subscribable solution and then so I started that company and as a CEO I became CTO as we took investment and we grow and we grew pretty fast and that company I exited that company to the to the investors and that later became I think fuse mail which is now Viper and I think the products still going somewhere that's somewhere 10 10 15 years later it's almost nice legacy so from there and when I entered that company I got very involved in some government stuff some some larger construction stuff i sat as a it was the title wasn't even see so but as a security advisement advisor for many large technology companies and I helped try and secure environments in addition to that I also worked on a lot of recovery so ransomware recoveries and probably came actually after the next business more but a lot of breach recoveries breach detection and figuring what happens and one of the things we always saw throughout throughout my 20 years I guess in 19 now I'm getting more than 20 years 90 is it's always seems to be malware it's always whether it's somebody opening and at Oxford whether it's something pushing out like one or I did in 2017 or glass there it's always seems to be malware that's the pain point for everybody hmm okay well let's let's jump right in that's it so you know our topic today specifically is ransomware but malware in general so we've we spoke about malware and ransomware on past episodes and we had a great episode of a while back we might rerelease it with a Christian beak of McAfee who else talked about the gnome or ransom organization but certainly as you say malware and ransomware aren't going away anytime soon and you know they're always sort of staying one step ahead of cyber security experts and you know sort of counter malware methods and so forth you know I'm always we're always putting new sort of malware of the week up on our on our InfoSec resources site and all sorts of like crazy things you know gap jumping and all these new sort of technologies that that you know get you know added to things so what is the state of ransomware at the moment do you think it's gone down stayed up stayed the same in the age of Kovan 19 and people you know being in decentralized locations and working from home and things like that is that many people more or less susceptible do you think so no unfortunately it's gone up to an extreme level probably the highest jump we've seen Wow in the last three years has happened in the last three months okay and that stems from various various things one is we've now the perimeter is now gone where as nearly gone before but the people who were outside the perimeter tend to be more technical savvy sales guys and use laptops and used to dealing with technology and the threat now we've taken call centers outside of the perimeter we've made them the people who are paid lower salaries outside of the perimeter so they've lost all of their perimeter security and we've seen massive amounts of increase in things coming through but more importantly things being executed the other huge contributing factor is nobody knows what the norm is anymore nobody knows is it normal to get an email from my CEO asking me to open something because Frank normally the CEO or the the call center manager was sitting across the room from us so now when at home they're not necessarily the most tech-savvy people they get these emails ask someone to enable its macros you want to clip this file to download this file oh you need to update Adobe to get access to this site I'm clicking it updated open it's not actually about me right right and we're seeing more more people get tricked into doing things that they wouldn't traditionally do hmm in addition to that we're also seeing more and more those good applications it be used and the latest example of course is VirtualBox okay where where people are sending out portable virtual boxes which aren't malware so to speak and when a user opens those boxes virtual boxes which is the application is signed by Oracle it's a legitimate application it opens and it spills spins of a malicious virtual machine inside your environment and we're seeing a whole load of new attack vectors that are coming in in terms of people using those legitimate applications and then being able to bypass things because we're on a zoom conversation now if I send you a link over zoom we've just bypass all our corporate security right yeah now sort of tell me a little more about that that VirtualBox I don't really know like what sort of people would be yet what sort of you know people within the company would be getting something like that that they'd have to open up and then you know make themselves potentially vulnerable so it's not specifically targeted at individuals and that obviously the people who aren't used to who are on a less technical savvy a more vulnerable but the way we've seen it come in is a few different ways we've seen the traditional click on this link you need to update your browser somebody clicks on the link it downloads a file they open it and it runs an exe it spins up on VirtualBox and box in the background is that the most common one is what that will do is I'll actually map your fault personal files your folders into the VirtualBox so then when it opens its able to encrypt those files from inside the VirtualBox Wow of course your antivirus doesn't see what's inside the VirtualBox yeah that makes it more difficult for it to detect basically kidnapped it to a third location or something yeah so that's one way Word documents are pretty common as well people clicking on macros and saying I want it or it calling out power subscript and the user doesn't know anything they've opened a word they said oh you need to click enable macros and but for me obviously it's pretty easy to why would you enable macros but there are so many security alerts there are so many messages that pop up on your computer saying are you sure are you sure you sure nobody really knows what they all mean so they just keep clicking unless you're a technical professional yes right because I need to get this document open and the user opens our document they enable the macro and then it will go off in the background it'll download it silently and these the obvious ones are when they do launch the VirtualBox with immediate malware the other one which will seem more common inside the network which is a little bit more terrifying is where it doesn't go and encrypt your files what it does is it will spin up that VirtualBox and it doesn't it's not limited to VirtualBox that's the biggest target at the moment but any kind of machine they now have a machine running inside your perimeter they now have TeamViewer installed on that machine go to assistance or run actually connect to that machine they can scan your network they can then basically plugged into your lap yeah and it's it's becoming it's this month's flavor of attack I mean next month will be something different but this one it's VirtualBox okay wonder what I mean obviously this is a fairly new and therefore you're probably kind of scrambling to figure out sort of solutions I mean apart from don't click the link are there any particular things that you're working on to fight against this specific type so so the VirtualBox and my opinion has always been to default and I okay the days of looking for bad stuff it's kind of in my opinion stupid to rely on them not right the way the a lot of businesses approach security is they will it's almost like saying I put three house alarms in my house we have glass breaking sensors motion sensors and contact sensors and I'm gonna put three different house alarms in because I want more security but they forget to put a lock on the front door so I can take the TV and walk off the wall it makes a lot of noise but didn't help them and the so our approach is quite simple my might my thought on this is if you don't allow VirtualBox in your environment it can't run and therefore it's on an issue and if you do want to allow VirtualBox it should be an IT issue and the United decision or a business decision at least and it should be contained on what that virtual boss can access so it can't just write wide open could be maybe like you know you could sort of a ask your IT department to let you use one for this session or whatever yeah and if most normal users are not using VirtualBox on their machines before hyper-v or VMware and the same applies for every other virtual technology well any of the technology is if you don't need to run it don't let it run because applications whether they are malware or just wear that they're dangerous yeah and I'm wearing a computer down yeah yeah every application you install becomes a potential portal into your data into your infrastructure if you're running zoom now sue has the ability to access your files that means you will access your files and you've taken a business decision that you think the value of using zoom outweighs the risks but when you as a company you have users downloading free software all over the place at different browsers unpatch then down installing games all of these applications work on potential vulnerabilities on your system whether it's through malicious vendors or whether it's through just poor coding right right right okay well that brings us for to the sort of unofficial title of this episode how your favorite apps can be weaponized against you so this is what we want to start talking about today so you know we're talking specifically about well not absolutely across the way whether it's phone or computer or your you know your home work from home computer or whatever but it sounds like settings and sort of deciding what you won't and will will and won't allow is a big part of what you're saying the solution is so can you sort of give me some tips about apps and ransomware that you can impart to us about you know trying to avoid some of this I always always restrict what can run and I use the word run not installed because you don't need to install something to stealing data restricting what can run make sure you're only allowing Chrome extensions or edge intentions on Firefox extensions that you want in your business I put that one out for a very good reason if you use LastPass or you use a password manager you know that when you go to log if your bank asked you want to save your password that's not a bad thing that's you have that product and you've made that decision but if that's fast can read that past Paige so can candy cross or I don't think we'll or any other coupon clipper or extension you use so make sure you limit what you need ask yourself and I'm not saying don't do anything because you can always bury your computer's in concrete and then they're completely secure you know ask yourself is there a risk versus the benefit that is a risk worth the reward on installing this extension don't just install things because you think it looks cool it's the trick of the day and that applies to applications and extensions and as a business implement NRG implement whitelisting technology to say nothing runs without your consent and the other thing you can do is when your applications are running limit what they can do so we saw zoom and this is the the favorite favorite tackle bit that the quarter I guess right the the the number of vulnerabilities out there we publish a few videos demonstrating some of them where attackers can send links to PowerShell they can send links to malware they can steal your credentials if you limit what zoom can do so zoom can't call Howard shell so zoom can't go out to the internet and talk to unknown or intrusted network shares or even your own network shares so it can't access your files it means the likelihood of that attack being successful if someone does exploit that out or the vendor does turn out to be a bad vendor is massively reduced so we always say take away what you don't need don't install what you don't need yeah as an item confessional your job is to to make sure your network is safe not not to be friends with everybody and when you do allow things to run just limit their access so if you're running if you say okay we're going to allow Angry Birds to run we're not going to Angry Birds access my files there's no business reason for that application yummy access your files so you're basically we're talking kind of an audit of every single sort of app that you're using especially on a work computer so do you have is there any sort of guide that you guys have that suggests you know because I think a lot of people hear this and they're like I don't I wouldn't even know where to start making all those changes so the best way to do this yeah say anyway say the we have a died of what you shouldn't run because that's friends and business required and if you need TeamViewer in your environment then let team you're a run if you don't need TeamViewer and we've seen that be recognized on a lot of times we don't let TeamViewer run and so if if you deploy throughout like oh it's very easy it just scandal you've got it tells you what you've got it gives you suggested policies on what they should access and can office for PowerShell can PowerShell and central network shares and then it brings Fenton's them appropriately and then you let it learn for a week and then you decide to tweak anything you want whether you use that akka or whether you use one of them all just colonial type I'm going to hard-code this I'm going to look at everything manually able to see what's happening it doesn't matter security point of view what matters is things don't run that shouldn't learn and yeah and then and then you're not relying or hoping that your antivirus is could have say today's pick up today's for that right okay so you know let's let's start talking worst-case scenario if heaven forbid you do get hit with ransomware you know I've heard a variety of suggestions for you know dealing with the problem ranging from you know just pay the ransom to contact the authorities to you know there's certain forms online like no more ransom who might be able to help you crack the issue on your own but if you were hit by a ransomware attack tonight walk me through the steps you take to sort of first mediate the damage and then come to a solution so two types of ransomware the one we hear about a lot because companies on necessarily embarrassed about sharing them and the one we don't hear about a lot which is almost a little bit more terrifying the one we hear about a lot is the one that encrypts your files and says if you want your files back pay leaking and pens and I've seen businesses I worked with an insurance company in Australia five years ago just before we started that locker and this company was taking out their backups their databases that's equal service everything from ransomware they did pay the ransom they didn't get the data back right so and they didn't go out of business we managed to recover using dis recovery tools and it was painful and extremely expensive it experienced a lot of but if you sow that type and that's pretty obvious you know when you've been hit your screens read that can you've a Bitcoin and you've got two choices one is you restore from a reliable backup to get your data back and now bear in mind getting your data back doesn't take the danger off the attacker they still have that data they still have your files this don't have your customers orders and your credit card number so just get everything you've got so it doesn't undo that damage and if you really believe these guys are honest or not use that data then there's naima th there too but so the in terms of what should you do the idea the best scenario is if you do get hit and if you do get hit you failed in your security so this isn't something you want to be a situation that is to try and restore from a backup make sure you've got backups take everything off the network it doesn't matter how small or insignificant disease is if you see one machine in your environment that has a red screen saying you've been encrypted the first step you should do is go into your server and pull the power back your server okay it doesn't matter how small you think it is because you can't undo that step yeah and I've seen massive companies completely openness I would never suggest name the ransom yeah I have that is a whole political argument or whether you should or shouldn't I've seen to me people pay not get the data back yeah I've heard also that they say it's almost better to get someone who's who's good at ransoms and ransomware than someone who's a amateur because like the amateurs like might not even you know they just sort of send out there and then they don't really you know answer the call or do the transaction or whatever and it's just very sloppy and then exactly you get that you pay them and nothing happens yeah so I I wouldn't pay it and I I would like to see legislation that starts government agencies pay it we see three cities in Florida last year paid two million dollars in ransom then you may as well just blow on a big red target on every other city in Florida okay because it mean and I was like that yeah it makes you easy monies I pay but we hit you and you're gonna pay us money so to pieces I wouldn't pay one is it doesn't guarantee you even get the data back and this money isn't going to build orphanages it this is this is this is organized crime guy it's it's the terrorist roots in human trafficking it's these are bad people that you're paying money to so if you're making a decision to pay the ransom be fully aware of what you're doing right no it's easy for me to say that because I've never been at the other end of a ransomware right sir but the end it's a business sometimes you have to make hard decisions but I wouldn't pay it I would shut everything down start bringing things on time take the hard disk back of everything in coffee all of the data that you have made sure your backups are in a secure place you're not plugging your backups into your network without having copies of them because you want to assume that the moment you plug in your going to get recovered and build your network from the ground up again don't assume that I've ran my favorite eight antivirus and it's told me it's cleaner I'm here because you can sit there for another six months and I'm gonna fight you again and if you do decide to pay and they give you the decryption keys and they unencrypted it still go and rebuild all your systems because they're just gonna leave a payload sitting on your system you know to do the same thing in six months time yeah the only thing is in six months time you decide where insurance might not cover you okay so those are all things you should absolutely be wondering what are some things you absolutely should not do in the case of a ransomware attack what are some of the worst things that you seen people do the worst thing is leaving the computers on okay that's the absolute where think trying to sell per mediate without nice and professional and I don't mean just the local IT guy because my grandson knows more about it really smart bringing in a proper professional who's done proper and mediation before and gone through these steps and if you bring in a proper company they're going to take everything off the network they can start introducing things one thing at a time and so you absolutely shouldn't you shouldn't do that and and make sure you stop don't use your computer until you know it's clean don't because you know you've been compromised I'm just gonna spread it even worse okay so you know we we always talk about this you know I show it's called cyber work and so you know we we like to talk to the guests about career aspects of whatever they're interested in speaking about so you know Mel we're pretty interesting as kind of a thing and I know that there is you know you know careers in malware analysis and and ransomware and so forth like can you tell me a little bit about the sort of career trajectory of someone who might want to start with analyzing malware and then moving up into sort of higher positions where you're you're thinking about it and sort of a more you know global or holistic sense so when you when you're analyzing malware you have to be careful not to pigeonhole yourself into two Pacific area because really to out to exactly analyze malware it's not about reading lines of code and decoding it's about understanding how systems are built how infrastructure of that is built around security is built and then from there you've got a general idea of what my network looks like what a network looks like what software operating systems not like our administration permissions and privilege can M permissions can change the outcome and then from there when you understand that then you can analyze and say oh this is how it's going so if you if you're looking for a career in stopping is not going anywhere we know that yeah but it make sure it's really about a career in understanding technology understanding security and understanding infrastructure in general because understanding infrastructure not only allows you to break down and stop threats but it also allows you to understand how threats are created and you can see very quickly how I can get around someone's security I've done a lot of white hat stuff where I've shown people how you get around their security right ok we do that when you understand how how people work how how people interact in technology because that's always going to be our weakness how ugly works how vulnerable ities work how operating systems work a firewall ports work out networks work because that's essentially how malware is is getting into our environments and spreading and destroying off or stealing our data ok so do many thoughts on certifications do you have any certifications yourself do you feel that they they benefit your career or is it just you prefer people sort of just start working on the the actual skills that they need that depends on a lot of things I went through a Microsoft certification when I was young it never benefited me in that I already had a job in a high position right I went through it because I was 20 I think I was 20 22 21 I thought maybe years old and I had no college education and very high school education and it was important to show credibility um oh we do look at certifications but don't weigh them to height we are generally trying to find someone's interest and someone's enthusiasm and ability to break down problem lock it about having a certification helped you and it may give you a step up and whether you now that doesn't mean reading the content won't help you write a lot of these certifications build-off content and that content is extremely useful in helping you understand the process so going through the courses or going through the training sessions is always going to be good for you the actual certification depends if you're very young when you have little experience and you're trying to get your first job it's going to give you an edge Roseanna died who's standing next to you who is very young and got very little experience in no certification but it's not going to as you get on through your career nobody is asking you what certifications you have they're looking at the next step so it depends on a lot of things okay so especially for people who are just starting along those lines but don't have the wherewithal to get a cert at the moment what are some other ways that you can sort of present yourself as someone who is passionate and interested on you know a resume when you're looking for your first job like that what are some projects or hands-on things or freelance things that you should do that sort of will show people I'm just getting started but I have have the goods yeah and I think the the storytelling of a resume is very good in a very short manner because we were only reading the first page and if you can get us past with half a page that's that's really interesting telling almost explaining some of your technical knowledge without writing it down it's a technical especially now I always love those resumes they jump out at me when I read them and say right oh this guy has talked about how he's used PowerShell to download a payload from the internet and loan it intervention of into protective memory like that that's gonna learn I don't just go and write that on your resume you can ask me what that means through your homework yeah yeah we have a really long interview process so our interview process and depending on what position you're in typically it's about 16 hours where we're gonna give you homework and we're gonna get it say come back and we're gonna ask you questions we're gonna ask you standard IgE questions we're gonna give you things to learn and see how well you learn them and see how well you understand them both from US sales pointed sales engineer point of you and an engineer for it so we have a really long interview process and and if if you're not and that's how we weed out the good from the bad and it keeps having to keep up staff dinner below because it means before we hire them we know this is the person he's the right she's the right person and she's it's going to deliver for us but no not every company is the same some of the bigger organizations they're just looking at your college education they're checking boxes where the but from from our point of view we do look at certification they may get your resume little bit of the pile and getting a good resume talking about something on there that you know makes me read it twice or makes I will see how I read it twice know it is always going to make you move forward and not just on the resume but when you send that resume in if you send it to a LinkedIn if you can link into CEOs and CEOs and head of security that's a great thing to do just post content all the time all right and it gets our attention yeah because we're ultimately looking for the easiest people we can bring into the position with the least amount of effort yeah I mean LinkedIn is one of those things that you know for a lot of people is this is this kind of you know background joke of you know you know join my LinkedIn page it'll be hilarious or whatever but like yeah it's worth noting especially high level people are reading their feeds and they're really looking at people who are bringing interesting things to the tape not from your profile on LinkedIn but what you post right hand from mind that means don't post anything done you don't just be a sheer monster yeah yeah really good explained to you no explanations on things and and when you and if you do reach out to people and it's a great way people to reach out to us a lot of the resumes we get we get through LinkedIn and and but if you do reach out someone reach out with something that means something not just hi please look at my resume Thanks everyone's saying that same scent yeah build a relationship a little bit yeah you gonna let me read your sentence it's it's worth three yeah totally so yeah your bio suggests that you really haven't you know let a lot of grass grow under your feet but for you know some of our listeners might feel kind of stuck in their current position and want to you know break out into a new area of study or starting a startup or making some other sort of big career decision what advice would you have for them about sort of like getting unstuck or jumping up to the next level so and by nature I am an entrepreneur so I am I'm a risk taker I know it doesn't cross my mind when I move from company to company and I haven't I haven't had short cycles but whether the decisions I make it doesn't cross my mind can I pay my mortgage next month and so sometimes in my life I've been to the stage where I can't pay my mortgage but it hasn't made me it has never stopped my career changing and ability I've always moved forward and thankfully my wife is very supportive of that as well and it's worked out really well for us so we've had a lot of times and good times and it can be very scary to move but if you find yourself in and if you're this way inclined because if you're not it's probably security isn't a job for you because it's a job that changes all the time yes constant learning yeah it is constant learning constant changing and no day is ever going to be the same we we stand at the cliff edge constantly on and that's where innovation happens alright so if you are looking for a if you're thinking about changing and it is a risk it's always going to be a risk changing position sometimes it means taking lower lower money sometimes it means of course if I don't cut it I'm not gonna be in this job in three months time yeah but if if you're the sensible type and you're gonna work a nine to five job and you're gonna punch your paycock every weekend or every day and that then the government's a great job here in front yet if you're a risk-taker that you'll do really well if you can keep up with the pace yeah okay so wrapping up today where do you where do you see I mean the scary enough where it is right now but where do you see malware and ransomware going in the coming years we know it's going to change so I don't I think we're gonna start seeing we're seeing a big trend this less on the encryption side and more on the data theft side so and we see this a lot in healthcare at the moment we see a lot in government agencies in car dealerships and IP theft and things like that but we're gonna see that increase I'm going to see it increase and the worst thing about that is you don't know you've been hit so someone can be cycling data off your network you can see somebody opening an email attachment four six eight nine ten months and you don't even know it's happening you know until one credit card investigation links back to this car dealer or this your store or your business that shows that five thousand credit card numbers are being leaked or two million dollars is being stolen off people's cards and you you might not even know that for a year and then in a year's time someone's gonna knock on your door and tell you you're responsible for all this Larson and you'll be yeah and it's not just Home Depot Home Depot and target and they all make the news this an institute small businesses to medium businesses all your time they're just not worth it it's not newsworthy right yeah you need sort of advice for smaller medium businesses to keep out of that mess yes and size is relative but if you don't have a team of my capable and a good team with different skill sets engage and manage they would combine it a good finally good management provider ask them hard questions about how how do you deal with this how do you deal with this how do you deal with this a true and good manage to divide it isn't going to bundle you a bunch of tools and say oh we just will be selling you the best security tools they're going to give you policy they're going to help you enforce it gonna help you manage and they're gonna tell you what you sometimes don't want to hear if you are a CEO if you are an executive you can't have access to everything you can't have fun unchecked credentials on your network that is the quickest way to go outta business so listen to your manager provider if you do engage on or your IT department if you've got an IT department if your seaso if your head of security or head of IT whatever the person is responsible for security isn't annoying you he or she is not doing their job but that is the job the CSAT that's gonna be the pull quote for this episode all right so that's awesome so to wrap up things today tell me you tell me a little bit about fair Locker but tell me all about threat Locker what are some current projects or initiatives that you're excited about guarantee when we came into the market we wanted to bring the policy driven approach there and zero trusted today's buzzword but the default deny approach if you like have security away from just the big enterprise that the big banks the department defense they've always engaged this type of technology forever but they've also had unlimited resources so we wanted to take the the problems of default deny and solve them so smaller businesses that could use them and we've been extremely successful right in businesses from local government to healthcare to manage their providers we're we're very successful in that space providing small businesses security to bring the zero trust approach down to the end by making it very simple and not being a huge job because we essentially collectively help with the the policies and the doling out definition for you so you don't have to think about I don't know what office needs to run because that was already thought about that phone perfect so one last question if our listeners want to know more about Danny Jenkins or threat Locker where can they go online okay easy-peasy Danny thank you so much for your your time and insights to there and thank you all for listening and watching if you enjoyed today's video you can find many more on our YouTube page just go to youtube.com and type in cyber work with InfoSec to check out our collection of tutorials interviews and past webinars you'd rather have us in your ears during your work day all of our videos are also available as audio podcasts just search cyber work with InfoSec in your podcast catcher of choice and thank you for people who have been reviewing and rating us if you wouldn't mind if you're on iTunes or any other platform give us a five star and a write up we would absolutely love it for a free month of our InfoSec skills platform that you saw in the promo started today's show just go to InfoSec institute comm slash skills and sign up for an account in the coupon code type the word cyber work all one word all small letters no spaces and you'll get a free month thank you once again to Danny Jenkins and thank you all for watching and listening we'll speak to you next week [Music]

Info

Channel: Infosec

Views: 5,361

Rating: undefined out of 5

Keywords: malware analyst, cyber security analyst, malware, ransomware, cyber security, cyber security training, cyber security careers, cyber security jobs, free cyber security course, learn malware analysis, Infosec Skills, how does ransomware work, cybercrime

Id: SxEEhvQoDbc

Channel Id: undefined

Length: 41min 0sec (2460 seconds)

Published: Mon Jul 13 2020