8th Layer Insights
Get ready for a deep dive into what cybersecurity professionals often refer to as the "8th Layer" of security: HUMANS. Welcome to 8th Layer Insights (8Li). This podcast is a multidisciplinary exploration into how the complexities of human nature affect security and risk. Author, security researcher, and behavior science enthusiast Perry Carpenter taps experts for their insights and illumination. Topics include cybersecurity, psychology, behavior science, communication, leadership, and more.
Bonus · Fri, December 27, 2024
The FAIK Files | Holiday Special: AI Safety Update
Note: We're posting Perry's new show, "The FAIK Files", to this feed through the end of 2024. This will give you a chance to get a feel for the new show and subscribe to the new feed if you want to keep following in 2025. Welcome back to the show that keeps you informed on all things artificial intelligence and natural nonsense. In our holiday episode, Mason opens a rather unique Christmas present from Perry, we invite a special guest to help explain the infamous "Paperclip Maximizer" thought experiment, and we discuss an interesting (and somewhat disturbing) new AI Safety paper from Apollo Research. Want to leave us a voicemail ? Here's the magic link to do just that: https://sayhi.chat/FAIK You can also join our Discord server here: https://discord.gg/cThqEnMhJz *** NOTES AND REFERENCES *** An interesting cluster of new AI safety research papers: Apollo research: Frontier Models are Capable of In-context Scheming (Dec 5, 2024) YouTube Video: Apollo Research - AI Models Are Capable Of In Context Scheming Dec 2024 YouTube Video: Cognitive Revolution - Emergency Pod: o1 Schemes Against Users, with Alexander Meinke from Apollo Research OpenAI o1 System Card (Dec 5, 2024) Anthropic: Alignment Faking in Large Language Models (Dec 18, 2024) Anthropic: Sycophancy to subterfuge: Investigating reward tampering in language models (June 17, 2024) Fudan University: Frontier AI systems have surpassed the self-replicating red line (Dec 9, 2024) Other Interesting Bits: The Paperclip Maximizer thought experiment explanation Theory of Instrumental Convergence iPhone Game: Universal Paperclips VoxEU: AI and the paperclip problem Real Paperclips! 500 Pack Paper Clips (assorted sizes)
Bonus · Fri, December 20, 2024
The FAIK Files | The Butcher Will Scam You Now
Note: We're posting Perry's new show, "The FAIK Files", to this feed through the end of the year. This will give you a chance to get a feel for the new show and subscribe to the new feed if you want to keep following in 2025. Welcome back to the show that keeps you informed on all things artificial intelligence and natural nonsense. Warning: today's episode gets a bit dark as we chat with seasoned prosecutor and founder of Operation Shamrock, Erin West, about a devastating combination of attacks known as "Pig Butchering" scams. We go deep into how they work and what we can do about them. Want to leave us a voicemail ? Here's the magic link to do just that: https://sayhi.chat/FAIK You can also join our Discord server here: https://discord.gg/cThqEnMhJz *** NOTES AND REFERENCES *** Learn more about Erin West Erin's LinkedIn Profile Operation Shamrock Pig Butchering Scams : CNN Story featuring Erin West: Killed by a scam: A father took his life after losing his savings to international criminal gangs. He’s not the only one CNN Story: Hear how this man lost $1M in a 'pig butchering' crypto scam CNN Story: Myanmar-based gangs force trafficking victims to scam Americans online YouTube video: John Oliver episode FBI Internet Crime Complaint Center (IC3) Ok, doomer! Let's talk P(doom): NY Times article: Silicon Valley Confronts a Grim New A.I. Metric FastCompany article: P(doom) is AI's latest apocalypse metric. Here's how to calculate your score Wikip
Fri, December 13, 2024
The FAIK Files | AI Gone Wild: Worrisome Leaks, Misguided Conspiracies, and More
Note: We're posting Perry's new show, "The FAIK Files", to this feed through the end of the year. This will give you a chance to get a feel for the new show and subscribe to the new feed if you want to keep following in 2025. Welcome back to The FAIK Files--- the show about artificial intelligence and natural nonsense! In this week's episode: Mason shares how ChatGPT became an unexpected hero in solving his home networking and studio challenges Perry dives into the mysterious case of "David Mayer" and how a simple ChatGPT privacy patch sparked widespread conspiracy theories We explore Tencent's bold entry into AI video generation with their open-source HunyuanVideo model And in our AI Dumpster Fire of the Week, we unpack the drama surrounding leaks of multiple models from OpenAI Want to leave us a voicemail ? Here's the magic link to do just that: https://sayhi.chat/FAIK You can also join our Discord server here: https://discord.gg/cThqEnMhJz *** NOTES AND REFERENCES *** The ChatGPT Privacy Patch Conspiracy: TechCrunch: Why does the name 'David Mayer' crash ChatGPT? OpenAI says privacy tool went rogue FastCompany: The Internet is Freaking Out Because ChatGPT Won't Say the Name "David Mayer" USA Today: Why won't ChatGPT acknowledge the name David Mayer? Internet users uncover mystery YouTube: Solved: Why ChatGPT Will Not Say "David Mayer" The Decoder: New York Times writer exposes how AI models can be fooled by invisible text on websites NYT: How Do You Change a Chatbot's Mind? Tencent's HunyuanVideo Release: The Decoder: Tencent introduces open source video generator HunyuanVideo and challenges Sora TechNode: T
Bonus · Fri, December 06, 2024
The FAIK Files | A Hunch about Hutch
Note: We're posting Perry's new show, "The FAIK Files", to this feed through the end of the year. This will give you a chance to get a feel for the new show and subscribe to the new feed if you want to keep following in 2025. Welcome back to The FAIK Files— the show about artificial intelligence and natural nonsense! In this week’s episode: Mason has an update on last week's shocking story of Google Gemini’s alleged threats against a user. Is this a glitch, a hack, or something more sinister? We sit down with cybersecurity expert Justin “Hutch” Hutchins (author of The Language of Deception ) to dive into his experience weaponizing large language models and what it means for the future of AI. And finally, we lighten things up with some fun AI music experiments, showing that Perry & Mason may have too much time on their hands, Want to leave us a voicemail ? Here's the magic link to do just that: https://sayhi.chat/FAIK You can also join our Discord server here: https://discord.gg/cThqEnMhJz *** NOTES AND REFERENCES *** Hutch's stuff: Justin's Book: The Language of Deception: Weaponizing Next Generation AI AI podcast: The Frontier Today ( Apple Podcasts ) ( Spotify ) Justin and Len Noe’s podcast: Cyber Cognition ( Apple Podcasts ) ( Spotify ) RSA Conference talk: Autonomous Hacking Systems - Future Risk or FUD Houston Security Conference talk: This is how we lose control - Focused on the catastrophic/societal risks - P(Doom) Mason's update on theories about Google Gemini threatening people : AI Didn’t Threaten Humanity—The Media Did: Breaking Down the Gemini Incident LLM Context Windows Lost in the Middle: How Language Models Use Long Contexts <a href="https://arxiv.org/pdf/231
Bonus · Fri, November 29, 2024
The FAIK Files | Consciousness, Scams, & Death Threats
Note: We're posting Perry's new show, "The FAIK Files", to this feed through the end of the year. This will give you a chance to get a feel for the new show and subscribe to the new feed if you want to keep following in 2025. Happy FAIKs-giving everyone! Welcome to the newly renovated and relaunched FAIK Files podcast. On this week's episode, Perry & Mason cover Anthropic's recent hiring of an employee focused on AI well-being, an AI grandmother from hell (for scammers), and Google's Gemini chatbot allegedly tells a user what it really thinks of them. Welcome back to the show that keeps you informed on all things artificial intelligence and natural nonsense. Want to leave us a voicemail ? Here's the magic link to do just that: https://sayhi.chat/FAIK You can also join our Discord server here: https://discord.gg/cThqEnMhJz *** NOTES AND REFERENCES *** AI Wellbeing: Anthropic has hired an 'AI welfare' researcher: https://www.transformernews.ai/p/anthropic-ai-welfare-researcher It’s time to take AI welfare seriously: https://www.transformernews.ai/p/ai-welfare-paper Taking AI Welfare Seriously: https://arxiv.org/pdf/2411.00986 The problem of sycophancy in AI : Suckup software: How sycophancy threatens the future of AI: https://www.freethink.com/robots-ai/ai-sycophancy Towards Understanding Sycophancy in Language Models: https://arxiv.org/pdf/2310.13548 AI Interpretability: Mapping the Mind of a Large Language Model: https://www.anthropic.com/news/mapping-mind-language-model Lex Fridman podcast interview with Dario Amodei, Amanda Askell, & Chris Olah: https://youtu.be/ugvHCXCOmm4 Deceptive and self-serving tendencies in AI systems: Sycophancy to subterfuge: Investigating reward tampering in language models: https://www.anthropic.com/research/reward-tampering OpenAI o1 System Card: https://openai.com/index/openai-o1-system-card/ Announcing our updated Responsible Scaling Policy: <a href="https://www.anthropic.com/ne
Bonus · Mon, October 07, 2024
FAIK Miniseries (sneak peek) | Chapter 3: The Mindset and Tools of a Digital Manipulator
This is Part Three of a ten-part miniseries exploring Perry Carpenter's latest book, FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions . Each episode kicks off with a dramatized reading of the "Whispers from the Static" vignette that opens the chapter, followed by an in-depth conversation with Perry Carpenter and Mason Amadeus, where they unpack the chapter's themes and real-world implications. Get the Book (Amazon Associate Link): FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions Check out the website for more info: https://thisbookisfaik.com Voice credits for the opening "Whispers from the Static": Kayla Temshiv This is the last episode we are publishing in this feed. If you enjoy The FAIK Files, be sure to follow the show's feed so you don't miss out on future episodes. Links to the show: Apple Podcasts : https://podcasts.apple.com/us/podcast/the-faik-files-decoding-ai-deception/id1771521321 Spotify : https://open.spotify.com/show/7CGEktxUQAbgwQaWB922Ip?si=9-NazIazRgKCDXudoGwAdQ All others : https://www.buzzsprout.com/2409237 Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Mon, September 30, 2024
FAIK Miniseries (sneak peek) | Chapter 2: New Frontiers of Deception: AI and Synthetic Media
This is Part Two of a ten-part miniseries exploring Perry Carpenter's latest book, FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions . Each episode kicks off with a dramatized reading of the "Whispers from the Static" vignette that opens the chapter, followed by an in-depth conversation with Perry Carpenter and Mason Amadeus, where they unpack the chapter's themes and real-world implications. Get the Book (Amazon Associate Link): FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions Check out the website for more info: https://thisbookisfaik.com We'll be posting episodes 1 through 3 on this feed. If you enjoy The FAIK Files, be sure to follow the show's feed so you don't miss out on future episodes. Links to the show: Apple Podcasts : https://podcasts.apple.com/us/podcast/the-faik-files-decoding-ai-deception/id1771521321 Spotify : https://open.spotify.com/show/7CGEktxUQAbgwQaWB922Ip?si=9-NazIazRgKCDXudoGwAdQ All others : https://www.buzzsprout.com/2409237 Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Mon, September 30, 2024
FAIK Miniseries (sneak peek) | Chapter 1: The Eternal Battle for the Mind
This is Part One of a ten-part miniseries exploring Perry Carpenter's latest book, FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions . Each episode kicks off with a dramatized reading of the "Whispers from the Static" vignette that opens the chapter, followed by an in-depth conversation with Perry Carpenter and Mason Amadeus, where they unpack the chapter's themes and real-world implications. Get the Book (Amazon Associate Link): FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions Check out the website for more info: https://thisbookisfaik.com We'll be posting episodes 1 through 3 on this feed. If you enjoy The FAIK Files, be sure to follow the show's feed so you don't miss out on future episodes. Links to the show: Apple Podcasts : https://podcasts.apple.com/us/podcast/the-faik-files-decoding-ai-deception/id1771521321 Spotify : https://open.spotify.com/show/7CGEktxUQAbgwQaWB922Ip?si=9-NazIazRgKCDXudoGwAdQ All others : https://www.buzzsprout.com/2409237 Learn more about your ad choices. Visit megaphone.fm/adchoices
S5 E10 · Tue, September 17, 2024
Digital Mindhunters
In this conversation, Perry sits down with Dr. Bilyana Lilly to discuss her new book Digital Mindhunters (Coming Oct 30) and the intersection of cybersecurity, disinformation, and AI. She describes the narrative structure of her book, navigating a world of cyber threats and influence operations, and the evolving landscape of disinformation with AI amplifying threats. Dr. Lilly emphasizes the importance of awareness and education in combating misinformation and highlights the global threats posed by countries like Russia and China. Guests: Dr. Bilyana Lilly ( LinkedIn ) ( Twitter ) References: Digital Mindhunters , by Dr. Bilyana Lilly (Amazon Associates Link) EU vs. Disinfo website International Fact-Checking Network (IFCN) Code of Principles Quote Origin: A Lie Can Travel Halfway Around the World While the Truth Is Putting On Its Shoes SE Community John Henry competition (where Perry's AI bot was able to compete!) [PROVED] Unsuspecting Call Recipients Are Super Vulnerable to AI Vishing Perry's LinkedIn post talking about the competition results Perry's Books (Amazon Associate Links) NEW BOOK (Oct 1, 2024) : FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions Book website: https://thisbookisfaik.com Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https:/
S5 E9 · Tue, September 03, 2024
Let's talk Social Engineering
In this episode, Perry catches-up with Stephanie (Snow) & JC Carruthers. They talk about social engineering, the DEFCON Social Engineering Community / Village, and share their favorite (and most embarrassing) social engineering stories. Perry also gives a quick update on his recent exploits entering an AI chatbot into the Social Engineering Village CTF, speaking at the DEFCON AI Village, and the release of his new book, FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions . Guests: Stephanie (Snow) Carruthers: ( LinkedIn ) ( Twitter ) JC Carruthers: ( LinkedIn ) ( Twitter ) References: Social Engineering Community website SE Community twitter page SE Community John Henry competition (where Perry's AI bot was able to compete!) [PROVED] Unsuspecting Call Recipients Are Super Vulnerable to AI Vishing Perry's LinkedIn post talking about the competition results Perry's Books (Amazon Associate Links) NEW BOOK (Oct 1, 2024) : FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions Book website: https://thisbookisfaik.com Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.Gam
S5 E8 · Tue, July 30, 2024
What About Ethics?
On this episode, Perry gets to sit down with Ed Skoudis to discuss the simplicity and complexities of cybersecurity ethics. Ed's new book is The Code of Honor: Embracing Ethics in Cybersecurity . Guest: Ed Skoudis ( LinkedIn ) ( Twitter ) ( Website ) Books and References: The Code of Honor: Embracing Ethics in Cybersecurity , by Paul J. Maurer and Ed Skoudis The Mysterious Case of Rudolf Diesel: Genius, Power, and Deception on the Eve of World War I, by Douglas Brunt The Cybersecurity Code (downloadable): https://www.montreat.edu/cybersecurity-code/ The Code of Honor book page YouTube Video: Inside SANS Holiday Hack Challenge 2023 | Host: Ed Skoudis | August 29, 2023 Perry's Books (Amazon Associate Links) NEW BOOK (Oct 1, 2024) : FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions Book website: https://thisbookisfaik.com Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit <a h
S5 E7 · Tue, July 09, 2024
Can You Really Tell if Something is Written by an AI?
On this episode, Perry gets to sit down with Jon Gillham. Jon is the founder and CEO of Originality.ai -- an AI content detection platform designed to help website owners, content marketers, writers and publishers hit 'publish' with integrity in the world of generative AI. In this interview, we get the lowdown on how AI content detection works, what it is good at, and where some of the current limits are. Guest: Jon Gillham ( LinkedIn ) ( Twitter ) ( Website ) Books and References: AI Content Detector Accuracy Review + Open Source Dataset and Research Tool , Originality.ai blog post Is Using AI Tools the Same as Plagiarizing? A Legal Perspective , Originality.ai blog post Empirical Study of AI-Generated Text Detection — Results as per An Empirical Study of AI-Generated Text Detection Tools , Originality.ai blog post A Survey on LLM-Generated Text Detection: Necessity, Methods, and Future Directions LLM-as-a-Coauthor: The Challenges of Detecting LLM-Human Mixcase Perry's Books (Amazon Associate Links) NEW BOOK (Oct 1, 2024) : FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn <a href="h
S5 E6 · Tue, June 04, 2024
Money Laundering 101: a chat with Investigative Journalist Geoff White
On this episode, Perry gets to sit down with investigative journalist, author, and podcaster, Geoff White. They discuss Geoff's new book, "Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World's Deadliest Crooks", the state of global cybercrime, and (everybody's favorite topic) artificial intelligence. Guest: Geoff White ( LinkedIn ) ( Twitter ) Books and References: Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World's Deadliest Crooks , by Geoff White RinsedGPT -- Generative AI questions/answers from the book, Rinsed The Lazarus Heist: Based on the hit podcast , by Geoff White Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global , by Geoff White The Lazarus Heist podcast (BBC) YouTube video: Three Key Types of Cybercriminals , by Geoff White Perry's Books (Amazon Associate Links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices
S5 E5 · Tue, May 07, 2024
Communicating Complex Topics with Creativity and Passion
In this episode, Perry sits down with award winning cybersecurity author, George Finney to discuss his recent book, Project Zero Trust . This is a broad discussion that hits on the concepts of Zero Trust, George's approach to writing the book, his passion for storytelling, and much more. Guest : George Finney ( LinkedIn ) ( Website ) Books and References: Project Zero Trust: A Story about a Strategy for Aligning Security and the Business , by George Finney Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future , by George Finney The history and evolution of zero-trust security , TechTarget Wikipedia: Zero Trust Security Model Perry's Books (Amazon Associate Links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices
S5 E4 · Tue, April 09, 2024
How Rachel Tobac Hacked Me
In this episode Perry Carpenter sits down with Rachel Tobac to debrief after her recent KB4-CON session, "How I'd Hack You Live" where she... well... hacked Perry live. Perry and Rachel explore how age-old deception techniques are being revamped for the digital age. The discussion spans the future of social engineering, the increasing role of AI in security, and a few other fun bits. Guest : Rachel Tobac ( LinkedIn ) ( Twitter / X ) ( Website ) Books and References (Books are Amazon Associate Links and help support the show): KB4-CON 2024 Main Stage Sessions (Registration required) Deepfake scammer walks off with $25 million in first-of-its-kind AI heis t, Ars Technica The Social Engineer's Playbook: A Practical Guide to Pretexting , by Jeremiah Talamantes The Art of Deception: Controlling the Human Element of Security , by Kevin Mitnick YouTube video: 60 minutes Here’s how I used AI to clone a 60 Minutes correspondent’s voice to trick a colleague YouTube video: It Was Easy to Hack a Billionaire YouTube video: Inside the Mind of an Ethical Hacker Perry's Books (Amazon Associate Links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn </l
S5 E3 · Tue, March 19, 2024
How AI Can Deceive and be Deceived
On this episode Perry sits down with Dr. Matthew Canham to explore ways in which AI can be weaponized against us, and how age old social engineering tactics can be used to trick large language models. Guest : Dr. Matthew Canham ( LinkedIn ) ( Website ) Books and References (Books are Amazon Associate Links and help support the show): Cognitive Security Institute YouTube Channel Cognitive Security Institute website YouTube video: BlackHat Presentation -- Me and My Evil Digital Twin: The Psychology of Human Exploitation by AI Assistants YouTube video: NEW AI Jailbreak Method SHATTERS GPT4, Claude, Gemini, LLaMA Not with a Bug, But with a Sticker: Attacks on Machine Learning Systems and What To Do About Them , by Ram Shankar Siva Kumar & Hyrum Anderson Six Thinking Hats , the de Bono Group Six Thinking Hats: Looking at Decision in Different Ways , MindTools AI + Six Thinking Hats , LifeArchitect.ai 8Li Season 4, episode 10: Artificial Intelligence Insights & Oddities Perry's Books (Amazon Associate Links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: <a href="https://www.linkedin.com/in/perrycarpent
S5 E2 · Tue, February 27, 2024
Frame the Future: The Art of Becoming a Futurist
On this episode Perry sits down with Jeremy Treadwell, a people-first technologist and futurist, to get the lowdown on how a futurist approaches the world. Guest : Jeremy Treadwell ( LinkedIn ) ( Twitter ) Books and References (Books are Amazon Associate Links and help support the show): YouTube Video: What UX/UI Taught Me about Improving Security Awareness [SANS Security Awareness Summit 2022] , Jeremy Treadwell YouTube Video: Reimagine the Future of Data, Privacy + Security with Technologist Jeremy Treadwell The Institute for the Future website Four Questions to Turn Everyone in Your Company Into a Futurist , FastCompany article How Does a Futurist See the Future , LinkedIn Article by Jacob Morgan The Black Swan: Second Edition: The Impact of the Highly Improbable: With a new section: "On Robustness and Fragility" , by Nassim Nicholas Taleb The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore , by Michele Wucker William Gibson’s Future Is Now , Pagan Kennedy, the New York Times 8Li Season 1, episode 8: The Risk Episode: Black Swans, Grey Rhinos, Angels & Demons Perry's Books (Amazon Associate Links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed
S5 E1 · Tue, February 13, 2024
How to Scam a Romance Scammer
Welcome to season 5 of 8th Layer Insights! To celebrate Valentine's Day, Perry sits down with Emmy winning reporter Kerry Tomlinson to talk about the time she turned the tables on a romance scammer. Guest : Kerry Tomlinson ( LinkedIn ) ( Website ) ( YouTube ) Books and References: YouTube video: Inside a romance scam: how to make a catfisher sing YouTube video: Scammers are stealing people's faces for live video calls National Cybersecurity Alliance : Online Romance and Dating Scams National Cybersecurity Alliance : Romance Scams Resource Kit Federal Trade Commission: Romance scammers’ favorite lies exposed Know Your Meme: On the Internet, Nobody Knows You're A Dog ‘NOBODY KNOWS YOU’RE A DOG’: As iconic Internet cartoon turns 20, creator Peter Steiner knows the joke rings as relevant as ever Wikipedia: On the Internet, nobody knows you're a dog Perry's Books (Amazon Associate Links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th L
S4 E10 · Thu, November 30, 2023
Artificial Intelligence: Insights & Oddities
On this episode, Perry celebrates the one year birthday of ChatGPT by taking a look at AI from technological, philosophical, and folkloric perspectives. We see how AI was formed based on human words and works, and how it can now shape the future of human legend and belief. Guests: Brandon Karpf, Vice President at N2K Networks ( LinkedIn ) ( Website ) Dr. Lynne S. McNeill, Associate Professor at Utah State University ( LinkedIn ) ( Twitter ) Dr. John Laudun, Professor at University of Louisiana at Lafayette ( LinkedIn ) ( Twitter ) ( Website ) Lev Gorelov, Research Director at Handshake Consulting ( LinkedIn ) ( Twitter ) ( Website ) Resources Interview with the AI, part one , by the Brandon Karpf / the CyberWire 'Hard Fork': An Interview With Sam Altman , by The New York Times The Exciting, Perilous Journey Toward AGI , Ilya Sutskever TED Talk Ilya: the AI scientist shaping the world , by The Guardian Meet Loab, the AI Art Woman Haunting the Internet: Is she a demon? A Cryptid? Or nothing at all... , the Guardian In 2016, Microsoft’s Racist Chatbot Revealed the Dangers of Online Conversation The bot learned language from people on Twitter—but it also learned values , IEEE Spectrum Perry's Digital Folklore episode about AI Handshake's Generative AI Masterclass on Maven Perry's Books (Amazon Associate links) <l
Bonus · Tue, October 24, 2023
Technology and the Law of Unintended Consequences (Encore)
Let's face it. Most of us have a love/hate relationship with technology and technological advances. We dream about the new thing... but when it arrives, we are usually a little disappointed. Many of us also lament the constant erosion of privacy, the changes in social norms, and more. And, little-by-little, we allow those aspects of new technology to make us numb. We accept the cognitive dissonance of not totally being happy with the trade-offs; yet we still make the trade. In this episode, we explore a few of the positives and some of the unintended consequences associated with recent technological advancements. We'll hear from Dr. Lydia, Kostopoulos, Dr. Charles Chaffin, Andra Zaharia, and Aaron Barr. Guests : Dr. Lydia Kostopoulos ( LinkedIn ) ( Website ) Dr. Charles Chaffin ( LinkedIn ) ( Website ) Andra Zaharia ( LinkedIn ) ( Website ) Aaron Barr ( LinkedIn ) ( Website ) Books and Resources : IEEE Article: Decoupling Human Characteristics from Algorithmic Capabilities by Dr. Lydia Kostopoulos Numb: How the Information Age Dulls Our Senses and How We Can Get them Back by Dr. Charles Chaffin (Amazon Associate Links) The Numb Podcast by Dr. Charles Chaffin The Cyber Empathy Podcast by Andra Zaharia Reminder: Your 'smart AI' often involves a low-paid contractor surveilling you How creepy is your smart speaker? Newton's Laws of Motion Unintended Consequences Elon Musk's warning regarding AI Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter (Amazon Associate Link) Everything is Alive podcast by PRX and Radiotopia Production Credits:</stro
S4 E9 · Tue, October 10, 2023
Cybersecurity First Principles w/Rick Howard
On today's show, Perry sits down with Rick Howard to discuss Rick's new book and the concept of "First Principles" as they apply in the domain of cybersecurity. Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, and recently published , "Cybersecurity First Principles: A Reboot of Strategy and Tactics." Guest: Rick Howard ( LinkedIn ) Rick's book, podcasts, and other stuff Cybersecurity First Principles: A Reboot of Strategy and Tactics (Amazon Associate link) Promo video for Rick's Cybersecurity First Principles video course CSO Perspectives Podcast Word Notes Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Be sure to check out Perry's other show, Digital Folklore. It's all about the oddities and importance of online culture. Head over to the show's website ( https://digitalfolklore.fm/ ) to see our custom artwork, subscribe to the newsletter , shop for merch , support the show on Patreon , and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news . Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , Storyblocks , & EpidemicSound . 8Li cover art by Chris Machowski @ https://www.RansomWear.net/ . 8th Layer Insights theme music composed and performed by Marcos Moscat @ <a href="https://www.g
S4 E8 · Tue, September 26, 2023
OSINT, Curiosity, Creativity, & Career Pivots: A Conversation with Rae Baker
If you’ve been listening to this show for a while, you’ll know that we’ve touched on the topic of Open Source Intelligence (otherwise known as OSINT) several times. It is an area of information security that penetration testing that’s been getting quite a bit of attention over the past several years. When you think about the digital world we live in, where we have a proliferation of personal, organizational, and governmental data on the internet...and the simple fact that data likes to leak…we can safely predict that OSINT investigation techniques will continue to be in demand. On this episode, Perry sits down with Rae Baker. Rae is the author of the book Deep Dive: Exploring the Real-world Value of Open Source Intelligence, which was released in April of this year from Wiley publishing. In this discussion with Rae, you’ll hear a bit about her career pivot to OSINT specialist from being a graphic designer, how creativity fuels her job, advice for aspiring cybersecurity and OSINT professionals, and a lot more. Guest : Rae Baker ( LinkedIn ) ( Twitter ) ( Website ) Books and References: Deep Dive: Exploring the Real-world Value of Open Source Intelligence , by Rae Baker (Amazon Associate link) Kase Scenarios: https://kasescenarios.com/ The OSINT Curious project TraceLabs YouTube Playlist from the 2022 SANS OSINT Summit YouTube video by The Cyber Mentor: Learn OSINT in 4.5 Hours Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Perry's Books (Amazon Associate Links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessio
S4 E7 · Tue, September 12, 2023
Conversational Security Awareness: Putting Humanity into Your Human Risk Management Program
Listen in as Perry Carpenter & Dr. Jessica Barker present their joint session, " Conversational Security Awareness" at the SANS Managing Human Risk Summit. ... and stay tuned after the presentation for a quick conversation between Perry, Jessica, and Lance Spitzner (SANS) as they discuss themes from this year's event. Guests : Dr. Jessica Barker ( LinkedIn ) ( Twitter ) Jeremy Treadwell ( LinkedIn ) ( Twitter ) Lance Spitzner ( LinkedIn ) ( Twitter ) Additional Resources : Jessica Barker's great blog post summarizing this session Jessica Barker's 2020 RSA Keynote Related 8Li Episodes : 8Li S1 E9: Security ABCs Part 1: Make Awareness Transformational 8Li S1 E10: Security ABCs Part 2: 8th Layer Insights and the Quest for Security Culture 8Li S2 E10: The Next Evolution of Security Awareness 8Li S4 E3: Carrots, Sticks, and Culture: The Art and Science of Social Signaling 8Li S4 E5: We are the Champions 8Li S4 E6: Blending Awareness, Social Engineering, and Physical Penetration Testing -- A Conversation with Jayson E. Street Relevant Books (Amazon Associate Links) Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career , by Jessica Barker Cybersecurity ABCs: Delivering awareness, behaviours and culture change by Jessica Barker, Adrian Davis, Bruce Hallas, & Ciarán Mc Mahon Mixed Signals: How Incentives Really Work , by Uri Gneezy Security Awareness Program Builder: Practical guidelines for building your Information Security Awareness Program & prep guide for the Security Awareness and Culture Professional (SACP)™ by Mark Majewski Perry's Books (Amazon Associate
S4 E6 · Tue, August 29, 2023
Blending Awareness, Social Engineering, and Physical Penetration Testing -- A Conversation with Jayson E. Street
On today's show, Perry sits down with Jayson E. Street to discuss his unique blend of social engineering, physical penetration testing, and security awareness. Jayson refers to this as being trained by a simulated adversary . At the heart of Jayson's method is intense boldness in his approach to social engineering and penetration testing coupled with an equally intense passion for helping his clients and their employees improve their overall security posture and mindsets. It's about education rather than exploitation. Guest: Jayson E. Street ( LinkedIn ) ( Twitter ) ( Website ) YouTube videos of Jayson 2022 Saintcon: Hacker Striptease Tomorrow Unlocked: Penetration tester Jayson E. Street helps banks by hacking them Risks & Reels: Who's a Hacker? Jasyon's book (Amazon Associate link) Dissecting the Hack: The V3rb0t3n Network Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Be sure to check out Perry's other show, Digital Folklore. It's all about the oddities and importance of online culture. Head over to the show's website ( https://digitalfolklore.fm/ ) to see our custom artwork, subscribe to the newsletter , shop for merch , support the show on Patreon , and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news . Season 2 starts September 4, 2023 . Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , Storyblocks , & EpidemicSound . 8Li cover art
Bonus · Tue, August 08, 2023
How to Fool the White House (Encore)
Hey all! I'm at BlackHat and Defcon this week. If you're there, track me down. I'd love to meet you! This week's episode is an encore of one of my favorites. My interview with James Linton (a.k.a. The Email Prankster). In 2017, James went on a virtual joyride exploiting the ways that people interact with emails. One of the most interesting things about James' story is that his exploits didn't rely on any type of highly technical method(s); they were simple display name deceptions. But that didn't stop him from fooling CEOs from some of the worlds largest banks, celebrities, and high ranking staff members in the White House. James' success using these simple methods serves as a warning for us all. We don't fall for scams because they are technically sophisticated or because we are stupid. We fall for scams because we are human. Guest: James Linton ( LinkedIn ) ( Website ) Books and Resources : Anatomy Of An Email Impersonation Spree: Who Got Pranked And Why An email prankster is hitting the CEOs of the world's biggest banks How to Prank the Rich and Powerful Without Really Trying Morgan Stanley CEO James Gorman falls for email prank This Man Pranked Eric Trump And Harvey Weinstein — Now He Just Wants A Job Media Coverage YouTube Playlist James Linton -- Wikipedia Entry The Journal of Best Practices: A Memoir of Marriage, Asperger Syndrome, and One Man's Quest to Be a Better Husband by David Finch Perry -- Interview on Springbrook's Converge Autism Radio Perry -- Security Weekly Interview Perry Carpenter - The Aspies Guide to Social Engineering - DEF CON 27 Social Engineering Village <a href="https://www.amazon.com/Transformational-Securit
S4 E5 · Wed, July 26, 2023
We are the Champions
There has been a lot of buzz for the past few years about the benefits and importance of establishing security champions programs. These are groups of people in your organization who become vital, responsible, and proactive contributing evangelists to the security culture of your organization. I often refer to them as "culture carriers." And, while there is general agreement that these are good programs to have, establishing them is currently a bit of a dark art. On today's show, Perry sits down with Sarah Janes of Layer 8 security to discuss the importance of champion programs and tease out a few best practices. Guest: Sarah Janes ( LinkedIn ) ( Twitter ) ( Website ) Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Be sure to check out Perry's other show, Digital Folklore. It's all about the oddities and importance of online culture. Head over to the show's website ( https://digitalfolklore.fm/ ) to see our custom artwork, subscribe to the newsletter , shop for merch , support the show on Patreon , and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , Storyblocks , & EpidemicSound . 8Li cover art by Chris Machowski @ https://www.RansomWear.net/ . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter <a href="https://www.instagram.com/8lipo
S4 E4 · Tue, June 20, 2023
Something Wicked This Way Comes: PenTesting Your Environment w/Chad Peterson of NetSPI
On this episode, Perry sits down with Chad Peterson, Managing Director at NetSPI , to discuss the importance of penetration testing. We touch on aspects of social engineering, discussing complex security issues with Boards of Directors, the prevalence of Ransomware, and some of the unique challenges facing the healthcare industry. Guest: Chad Peterson ( LinkedIn ) ( Twitter ) Books & References (Books are Amazon Associate links) CISO Desk Reference Guide: A Practical Guide for CISOs by Bill Bonney, Gary Hayslip, & Matt Stamper Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman Practical Social Engineering: A Primer for the Ethical Hacker by Joe Gray Ransomware Protection Playbook by Roger Grimes The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity by Christian Espinosa Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Perry's new show, Digital Folklore kicked-off Jan 16, 2023. It's all about the oddities and importance of online culture. Check out the website ( https://digitalfolklore.fm/ ) to see our custom artwork, subscribe to the newsletter , check out our merch , Patreon , and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , Storyblocks , & EpidemicSound . 8Li cover art by Chris Machowski @ https://www.RansomWear.net/ . 8th Layer Insights theme music composed an
S4 E3 · Tue, June 06, 2023
Carrots, Sticks, and Culture: The Art and Science of Social Signaling
On this episode, what cybersecurity professionals need to understand about how social signaling and incentives really work. Today's episode features a conversation with Uri Gneezy. In the field of cybersecurity, we are very interested in identifying proactive and positive ways to encourage the behavior we want. That's where Uri comes in. Uri is a well-known behavioral economist and professor of economics and strategy in the Rady School of Management at the University of California at San Diego. Most of us recognize that many of our behaviors, beliefs, and values are caught rather than taught. So, if you are interested in developing a positive security culture in your workplace, then it’s important to understand the dynamics of how people both receive and signal their security-related beliefs and values so that associated behaviors become a natural result. Listen in as Perry sits down with Uri to discuss key findings from Uri's new book, Mixed Signals: How Incentives Really Work . This is a fascinating deep dive into Uri’s research that has immediate applicability for anyone needing to design programs that work with, rather than against, human nature. Guest: Uri Gneezy ( LinkedIn ) ( Twitter ) ( Website ) Books & References (Books are Amazon Associate links) Mixed Signals: How Incentives Re ally Work, by Uri Gneezy The Why Axis: Hidden Motives and the Undiscovered Economics of Everyday Life by Uri Gneezy & John List Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Perry's new show, Digital Folklore kicked-off Jan 16, 2023. It's all about the oddities and importance of online culture. Check out the website ( https://digitalfolklore.fm/ ) to see our custom artwork, subscribe to the newsletter , check out our merch , Patreon , and more. Want to check out what others are
Bonus · Tue, May 23, 2023
Hacking the Paranormal -- a conversation with Banachek
In this episode, Perry Carpenter sits down with renowned mentalist and skeptic, Banachek. Banachek (Steve Shaw) grew up with a fascination in magic and a frustration with psychic frauds. As a teenager, he contacted magician and skeptic, James “The Amazing” Randi and ended up working with Randi on a special initiative known as Project Alpha, which set out to expose a general lack of objectivity in parapsychology research. Banachek served as the director for the James Randi Educational Foundation’s “One Million Dollar Paranormal Challenge” for 15 years and is now the President of the James Randi Educational Foundation. Perry and Banachek discuss Project Alpha, the ways of fake psychics and fraudulent faith healers, and issues associated with confirmation bias and framing effects. They also discuss Banachek’s new live mentalism show in Las Vegas, which incorporates theatrical mindreading and other mentalism effects along with a storyline that explores Banachek’s life, antics, and passion for critical thinking. Guest: Banachek ( Website ) ( twitter ): Mentalist ( Performing in Las Vegas add 'social' for 30% off tickets), Skeptic, President of the James Randi Educational Foundation This episode also featured a quick comment from: George Finney : ( LinkedIn ); Chief Security Officer at Southern Methodist University ; Founder of Well Aware Security Books and References (Book links are 'Amazon Associate' links which help support the show): Brian Brushwood's podcast, World's Greatest Con Banachek Wikipedia entry Project Alpha Wikipedia entry James Randi Wikipedia entry Article about Houdini's efforts to debunk fake mediums The Discoverie of Witchcraft Wikipedia entry The Psychology of the Ouija Barnum Effect Wikipedia entry James Randi & Project Alpha Video Project Alpha lookback -- James Randi and Michael Edwards <a
S4 E2 · Tue, May 09, 2023
What Cybersecurity Pros can Learn from Star Wars
This week's episode is a late Star Wars ("May the 4th Be With You") celebration. We check out a couple interesting articles about security-related lessons embedded in the Star Wars movies, and Perry sits down with Adam Shostack, author of the new book, Threats: What Every Engineer Should Learn From Star Wars to discuss threat modeling principles using Star Wars related examples. Guest : Adam Shostack ( LinkedIn ) ( Twitter ) ( Website ) Books & References (Books are Amazon Associate links) Threats: What Every Engineer Should Learn From Star Wars , by Adam Shostack Threat Modeling: Designing for Security , by Adam Shostack Threat modeling videos from Adam Threat modeling and security-related games by Adam Adam's whitepapers BlackPoint: Learn Their Lesson, They Did Not Gary Hibbard LinkedIn post Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Perry's new show, Digital Folklore kicked-off Jan 16, 2023. Check out the website ( https://digitalfolklore.fm/ ) to see our custom artwork, subscribe to the newsletter , check out our merch , Patreon , and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news Voice Acting for this episode : Darth Vader voice over artist: https://business.fiverr.com/freelancers/mistercorley Darth Vader breathing sound: <a href="https://www.youtube.com/w
S4 E1 · Tue, April 25, 2023
Postcards from the Intersection of Cybersecurity and Folklore
Welcome to season 4, episode 1 of 8th Layer Insights! On this episode, Perry speaks with Josiah Dykstra (Senior Fellow, Office of Innovation at the National Security Agency ) about the new book he co-authored with Eugene Spafford and Leigh Metcalf. The book is titled Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us , This topic coincides well with Perry's recent studies into folklore and urban legends for his other podcast, Digital Folklore . Guests : Josiah Dykstra ( LinkedIn ) ( Twitter ) ( Website ) Chelsey Weber-Smith ( LinkedIn ) ( Twitter ) ( Website ) Mason Amadeus ( LinkedIn ) ( Twitter ) ( Website ) Books & References (Books are Amazon Associate links) American Hysteria Podcast episode , Urban Legends in the Internet Wilderness with the Digital Folklore Podcast Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us , by Eugene Spafford, Leigh Metcalf, and Josiah Dykstra Essential Cybersecurity Science: Build, Test, and Evaluate Secure Systems, by Josiah Dykstra Folklore 101: An Accessible Introduction to Folklore Studies , by Jeana Jorgensen Folklore Rules: A Fun, Quick, and Useful Introduction to the Field of Academic Folklore Studies , by Lynne S. McNeill Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Perry's new show,
S3 E10 · Tue, January 24, 2023
Season 3 finale: What's the deal with Authentication, MFA, and Password Managers?
For the last episode of season 3, I thought we'd talk about something that's been in the news quite a lot recently: Authentication and Password Managers. As security professionals, we've decried the password for decades. Multifactor authentication (MFA) has started to gain popularity... but not without its own issues. Security leaders and tech teams may have once again hoped for a silver bullet, only to be disappointed to find out that crafty attackers can easily bypass MFA. We've also been touting the benefits of Password Managers for quite a while. After all, in a world where most of us have to manage upwards of 200 passwords in a year, who can keep up? No human can have great password hygiene across all those accounts. But password managers also face their own problems as illustrated by a recent high-profile incident . Our guest today is Roger Grimes. He has a multi-decade cybersecurity career and is the author of 13 cybersecurity books, countless articles, and is a highly sought-after industry luminary. ... Oh -- and he has opinions. Listen in as Roger and I discuss the current state of authentication, MFA, password managers, and more. Guests : Roger Grimes ( LinkedIn ) ( Twitter ) Want to submit a question to have answered in a future episode? If you’ve got a question or comment that you’d like me to try to answer or respond to, leave a voice message at https://www.speakpipe.com/8Li . Frankly, that would make it more engaging than if I just read your questions. But, if you aren’t able to record a message or don’t want your voice on the show, then you can email me your questions at perry@8thLayerMedia.com . I’d love to hear from you and answer any questions you have about my thoughts on security topics, creativity, online culture, podcasting… or anything else you have on your mind. Books & References: Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use One , by Roger Grimes Roger's Password Masterclass Roger's Hacking MFA presentation Hacking Multifactor Authentication , by Roger Grimes Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto , b
Bonus · Tue, January 10, 2023
Quick announcement and sneak peek of my new show: Digital Folklore
Hey all! An announcement and something special! First, the announcement: Here's your chance to participate in the final episode of 8Li season 3. If you’ve got a question or comment that you’d like me to try to answer or respond to, leave a voice message at https://www.speakpipe.com/8Li . Frankly, that would make it more engaging than if I just read your questions. But, if you aren’t able to record a message or don’t want your voice on the show, then you can email me your questions at perry@8thLayerMedia.com . I’d love to hear from you and answer any questions you have about my thoughts on security topics, creativity, online culture, podcasting… or anything else you have on your mind. Now for something special: Here's a quick 10 minute sneak peek from episode 1 of my new show, Digital Folklore . Season 1 kicks off Jan 16. This episode introduces us to two "monsters" who were birthed on the internet, but couldn't be contained there. Their names are Slenderman and Momo, and they are great examples of a few key folkloric concepts. So join us as we take a look at Slenderman and Momo and learn about ostension, monster theory, moral panics, and the defining traits that make something folklore as opposed to just a simple online expression of creativity. Guests appearing on the full episode include: Dr. Vivian Asimos, author of Digital Monsters and Digital Mythology and the Internet's Monster: The Slender Man Ben Brock Johnson , Amory Sivertson , and Quincy Walters from WBUR's podcast, Endless Thread Chelsey Weber-Smith , host of American Hysteria Kathleen Hale , author of Slenderman: Online Obsession, Mental Illness, and the Violent Crime of Two Midwestern Girls Season 1 begins Jan 16, 2023. Subscribe or follow so you don't miss out! You can sign-up for our newsletter and learn more about the show at https://digitalfolklore.fm . Support the Digital Folklore Podcast on Patreon: https://patreon.com/digitalfolklore Find us on the socials: Twitter: @digiFolklorePod Facebook: <a href="https://www.facebo
S3 E9 · Tue, December 27, 2022
Cybersecurity, Creativity, Leadership: a Conversation with Chris Cochran and Ron Eddings
On this episode, Perry speaks with Chris Cochran and Ron Eddings . Chris and Ron started the Hacker Valley Studio Podcast back in June of 2019 with the goal of exploring the human condition to inspire peak performance in cybersecurity. The podcast is about Chris and Ron’s quest to find inspirational stories and knowledge to elevate themselves and their communities. That podcast eventually kicked off a journey that led them to create their own podcast network ( Hacker Valley Media ), foster communities, and they recently partnered with SANS to create the Difference Makers Awards . Chris and Ron are passionate about cybersecurity, leadership, creativity, and podcasting — and so on today’s show, you’ll hear us touch on all of those topics and more. Guests : Chris Cochran ( LinkedIn ) ( Twitter ) Ron Eddings ( LinkedIn ) ( Twitter ) References: Hacker Valley Media Hacker Valley Studio podcast Technically Divided Difference Makers Awards Hacker Valley Discord server Perry's new show, Digital Folklore. Check out the website ( https://digitalfolklore.fm/ ) to see our custom artwork, subscribe to the newsletter , check out our merch , and more. Coming January 16, 2023 everywhere you listen to podcasts . You can also check a 10 minute sneak peek of episode 1 . Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer <stron
S2 E8 · Tue, December 13, 2022
Your Life, Their Profit: Buyer Awareness in the 21st Century
On this episode, Perry sits down with Marta L. Tellado , President and CEO at Consumer Reports , to discuss the digital moment we are in and what that means for consumers and the marketplace: the risks, dangers, traps… and also the places and paths that can lead to progress. They also discuss Marta's new book, Buyer Aware: Harnessing Our Consumer Power for a Safe, Fair, and Transparent Marketplace . Guest: Marta L. Tellado ( LinkedIn ) ( Twitter ) ( Website ) Books and References: Fighting For a Fair Digital World. Consumer Reports resources to empower you to take action Buyer Aware: Harnessing our consumer power for a safe, fair, and transparent marketplace , by Marta L. Tellado Old Consumer reports commercials: Example 1, Example 2 , Example 3 . Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , Storyblocks , & EpidemicSound . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter <a href="htt
Tue, November 29, 2022
[Holiday Replay] The Battle for Truth: Disinformation, Misinformation, & Conspiracies
Get ready for those 'fun' holiday dinner conversations with friends and family. You know the ones... In the spirit of the holidays, I thought we'd revisit Season 1, Episode 2. This is an episode about the battle for truth. As disinformation, misinformation, malinformation, and conspiracy theories seem to be hitting epidemic levels, how can we help each other determine what is real and what is fake? How can we help people who are falling down conspiracy rabbit holes? And what roles do technology companies, governments, and ordinary citizens play? Perry Carpenter speaks with acclaimed cybersecurity expert, Bruce Schneier , disinformation experts, Samantha North and Allie Wong , and conspiracy theory researcher, Mick West . In this episode, we also hear from Peter Leyden from Reinvent and Eli Periser , author of The Filter Bubble. Learn more about our guests here: Bruce Schneier - Internationally renowned security technologist, author, and speaker. You can find Bruce's website here . Allie Wong - VP of Mis/dis/mal-information, Response and Resiliency, Limbik; Consultant, United Nations Institute for Disarmament Research. ( LinkedIn ) Samantha North - Disinformation researcher and consultant. ( LinkedIn ) Co-Founder: North Cyber Research ( website ) Mick West - Skeptical investigator and retired video game programmer. Creator of the websites Contrail Science ( website ) and Metabunk ( website ). Author of Escaping the Rabbit Hole: How to Debunk Conspiracy Theories Using Facts, Logic, and Respect ( link ). Personal website ( link ). Special thanks to Reinvent for allowing use of audio. References: http://reinvent.net/events/event/how-we-can-pop-the-filter-bubble-with-eli-pariser/ https://reboot-foundation.org/study-social-media-poor-judgment/ <a href="https://reboo
S3 E7 · Tue, November 15, 2022
Spycraft: A Behind the Curtain Look into the Intelligence Community
There is something about a good spy story that seems to really resonate with people in the cybersecurity world. We love watching the moves and the counter moves, and the sneaking around, and the social engineering, and hacking, and all of the gadgets and toys, and car chases, and fights and double crosses and triple crosses. Yeah, you get the point. But how much of that is real and how much can be chalked up to an author's creative license? And what's life and work like for real people in the intelligence industry? This episode features two guests: ex-CIA agent Peter Warmka and Andrew Hammond , historian and curator at the International Spy Museum . Guests : Peter Warmka ( LinkedIn ) ( Twitter ) ( Website ) Andrew Hammond ( LinkedIn ) ( Twitter ) ( Website ) Books and References: Confessions of a CIA Spy: The Art of Human Hacking , by Peter Warmka The CIA Guy & CIA Spy Podcast , Peter Warmka and Robert Siciliano Peter Warmka Videos International Spy Museum website SpyCast Podcast , hosted by Andrew Hammond INTEL.gov The Evolution of Espionage in America , INTEL.org Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & <a href="https://www.story
Bonus · Tue, November 01, 2022
8th Layer Insights and the Quest for Security Culture
For this week, we are revisiting a previous episode that first aired as Season 1 Episode 10. In this episode, we discuss the concept of security culture -- specifically, the difficulty that security leaders have in defining what a security culture actually is. Luckily, we can draw on learnings from organizational culture management and culture transformation experts. Guests for this episode include, David Sturt, Executive Vice President of the O.C. Tanner Institute , author of Great Work: How to Make a Difference People Love and Appreciate: Celebrating People, Inspiring Greatness ., Dr. Jessica Barker (co-CEO and Co-Founder, Socio-Technical Lead at Cygenta ; author of Confident Cyber Security and co-author of Cybersecurity ABCs ), Kai Roer, Chief Research Officer at KnowBe4 , creator of the Security Culture Framework, author of Build a Security Culture , and Michael Leckie, founding partner at Silverback Partners, LLC and author of The Heart of Transformation: Build the Human Capabilities that Change Organizations for Good . Guests: David Sturt Dr. Jessica Barker Kai Roer Michael Leckie References, Resources & Books: Security ABCs Part 1: Make Awareness Transformational , 8Li Season 1, Episode 9 4 Ways to Build a Thoughtful Security Culture , by Perry Carpenter 7 Tips for Building a Strong Security Culture , by Perry Carpenter Appreciate: Celebrating People, Inspiring Greatness , by David Sturt Build a Security Culture , by Kai
S3 E6 · Tue, October 18, 2022
Social Engineering and Breaking into Stuff with Jenny Radcliffe
On this episode, Perry sits down with Jenny Radcliffe (a.k.a. The People Hacker ). Jenny is a well-known speaker, podcaster, professional social engineer, and physical penetration tester… in other words, she’s a social engineer who specializes not only in tricking people into doing things they shouldn’t do… but she also specializes getting into places she shouldn’t be and finding things she shouldn’t be able to find. Her job is to embody the criminal mindset and use the skills of a criminal to find the vulnerabilities that a criminal would find. In this interview, Jenny talks shop about her path to becoming a full time social engineer, the realities of penetration testing, inherent vulnerabilities in buildings and humans, and how to continuously improve at anything. Guests : Jenny Radcliffe ( LinkedIn ) ( Twitter ) ( Website ) Books and References: Bruce Schneier blog about the Security Mindset Video -- Jenny Radcliffe: How I Fooled A £2mil Security System Jenny's interview on the Jordan Harbinger Show Jenny's interview on Darknet Diaries Jenny's interview on the Security Mastermind's Podcast The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick Harvard Business Review article on the Principles of Persuasion A blog series Perry did on Deception ( Part 1 ), ( Part 2 ). Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defe
S3 E5 · Tue, October 04, 2022
Open Source Intelligence (OSINT): The Data We Leak
Over the past few years, there's been a lot of talk about the value of understanding Open Source Intelligence (OSINT). But, even with so much talk, relatively few cybersecurity professionals have had the time to take a deep dive into the topic. In this episode, Perry sits down with social engineer, OSINT investigator, and member of the OSINT Curious project , Christina Lekati to get an overview of the value of OSINT as well as some basic techniques. After that, we hear from Chris Kirsch (co-founder and CEO of runZero ). Chris is a former black badge winner at DEF CON's social engineering competition and served as a judge in the most recent competition. He recently released an interesting report analyzing the top OSINT sources and vishing (voice phishing via phone) pretexts from that competition. Guests : Christina Lekati ( LinkedIn ) ( Twitter ) Chris Kirsch ( LinkedIn ) ( Twitter ) Books and References: Top OSINT sources and vishing pretexts from DEF CON’s social engineering competition , research by Chris Kirsch referenced in this episode YouTube video by Christina Lekati: Protecting High-Value Individuals: An OSINT Workflow YouTube video: DEF CON 27 Recon Village presentation by Chris Kirsch: Using OSINT for Competitive Intelligence YouTube Playlist from the 2022 SANS OSINT Summit YouTube video by The Cyber Mentor: Learn OSINT in 4.5 Hours The OSINT Curious project DEFCON Social Engineering Community 15 top open-source intelligence tools , CSO Online Top 25 OSINT Tools for Penetration Testing , SecurityTrails WebMii.com <a href
S3 E4 · Tue, September 20, 2022
The Secrets to Consistently Creating Great Content
In this episode, Perry talks about the value of storytelling and provides 7 tips for anyone who faces the fear associated with staring at a blank screen, wondering how they can begin to create fresh content. This is adapted from a presentation Perry recently gave at the 2022 SANS Security Awareness Summit . Books & Resources: Overview of "The Iron Triangle" Visual Summary of Perry's SANS Security Awareness Summit presentation YouTube Video: You are not a storyteller - Stefan Sagmeister @ FITC Security is Alive : 8th Layer Insights, Season 2, episode 6 Creativity for Non Creatives : 8th Layer Insights, Season 2, episode 10 Igniting and Sustaining Creativity : 8th Layer Insights, Season 2, episode 1 Unleashing Trojan Horses for the Mind : 8th Layer Insights, Season 1, episode 1 Steal Like an Artist: 10 Things Nobody Told You About Being Creative , by Austin Kleon Show Your Work: 10 Ways to Share Your Creativity and Get Discovered , , by Austin Kleon MasterClass -- Margaret Atwood Teaches Creative Writing "Everything is Alive" Podcast Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ <a href="https://www.ran
S3 E3 · Tue, September 06, 2022
If It's Smart, It's Vulnerable: a Conversation with Mikko Hyppönen
In this episode, Perry sits down with Mikko Hyppönen for a wide ranging discussion about the history, current state, and future of cybersecurity. We also discuss Mikko's new book, the title of which is derived from Hyppönen's Law: If It's Smart, It's Vulnerable . Guest: Mikko Hyppönen ( LinkedIn ) ( Twitter ) ( Web ) Books & Resources: If It's Smart, It's Vulnerable , by Mikko Hyppönen Mikko's TED Talks Daemon , by Daniel Suarez Internet of Things and data placement , by Dell Technologies Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices
S3 E2 · Tue, August 23, 2022
Finding Your Path: Mid-Career Moves into Cybersecurity
This is a follow-up to Season 2, episode 4 – Bridging the Cyber Skills Gap . Many listeners contacted me saying that they loved the episode, but wished that I’d put more focus on people trying to find a career in cybersecurity later in life. So, consider this episode a Bridging the Cyber Skills Gap Part 2 . We’ll hear the stories of several people who’ve come to cybersecurity a bit later in life. This episode features interviews with Alethe Denis, Tracy Z. Maleeff (a.k.a. InfoSec Sherpa), Phillip Wylie, Lisa Plaggemier, Naomi Buckwalter, and Alyssa Miller. Guests: Alethe Denis ( LinkedIn ) ( Twitter ) ( LinkTree ) Tracy Z. Maleeff (a.k.a. InfoSec Sherpa) ( LinkedIn ) ( Twitter ) Phillip Wylie ( LinkedIn ) ( Twitter ) ( Medium ) Lisa Plaggemier ( LinkedIn ) ( Twitter ) Naomi Buckwalter ( LinkedIn ) Alyssa Miller ( LinkedIn ) ( Twitter ) ( Website ) Books & Resources: The Cybersecurity Career Guide , by Alyssa Miller The Pentester BluePrint: Starting a Career as an Ethical Hacker , by Phillip Wylie The Hacker Factory Podcast | With Phillip Wylie Building the Next Generation of Cybersecurity Professionals , LinkedIn Learning course from Naomi Buckwalter 8Li: Fun and Games: Lock Picking, Capture the Flag Contests, Simulations, and More How to Break Into Cybersecurity , article by Katlyn Gallo Transformational Security Awareness: What Neuroscientists, Storytellers, and Markete
S3 E1 · Tue, August 09, 2022
Cyber Mindfulness
You've probably been hearing the term 'mindfulness' a lot these days. And for good reason. We humans seem to be busier and more stressed out than ever before, and mindfulness practices seem to offer positive benefit. But how does mindfulness intersect with cybersecurity? What practices can we learn and promote to decrease human risk in our organizations and live safer digital lives? In this episode, we explore the topic of cyber mindfulness. And to do so, we'll be hearing from Anna Collard, Michael Davis, and Yvonne and Jasmine Eskenzi. Guests: Anna Collard ( LinkedIn ) ( Twitter ) ( Company Site ) Michael Davis ( LinkedIn ) ( Company Site ) Yvonne Eskenzi ( LinkedIn ) ( Twitter ) ( Company Site ) Jasmine Eskenzi ( LinkedIn ) ( Twitter ) ( Company Site ) Books & Resources: The Zensory App Research Paper: The current state of mind: A systematic review of the relationship between mindfulness and mind-wandering Research Paper: Training to Mitigate Phishing Attacks Using Mindfulness Techniques Research Paper: Understand the mistakes that compromise your company's security University of Dayton's Cyber Mindful program overview The Human Firewall: 3 Mindfulness Techniques Your Team Can Use to Prevent Phishing Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer </u
Bonus · Wed, June 22, 2022
Lockpicking, Physical Penetration Testing, and More with Deviant Ollam
On this bonus episode, Perry sits down with physical penetration tester, lock picking guru, and Board Member of The Open Organization of Lockpickers (TOOOL), Deviant Ollam. They discuss lockpicking, physical penetration testing, locksport, and the ethics of teaching these skills. Guest: Deviant Ollam ( Twitter ) ( YouTube ) ( Website ) Books & Resources: 8th Layer Insights S2E8: Fun and Games: Lock Picking, Capture the Flag Contests, Simulations, and More Lockpicking Resources from Deviant Ollam Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks , by Deviant Ollam. (Amazon affiliate link) Practical Lock Picking: A Physical Penetration Tester's Training Guide , by Deviant Ollam. (Amazon affiliate link) TOOOL US -- The Open Organization of Lockpickers TOOOL US instructional videos on YouTube The Official TOOOL Slides The Lockpicking Lawyer on YouTube Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter (Amazon affiliate link) The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer (Amazon affiliate link) Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com </p
Bonus · Tue, June 07, 2022
The Lazarus Heist: Investigative Journalism, Podcasting, and North Korean Hacking (with Geoff White)
On this bonus episode, Perry sits down with investigative journalist, speaker, podcaster, and author, Geoff White to talk about his path into investigative journalism, podcasting, and his new book, "The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War." Guest: Geoff White ( LinkedIn ) ( Twitter ) ( Website ) Books & Podcasts: Lazarus Heist Book Lazarus Heist Podcast Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter (Amazon affiliate link) The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer (Amazon affiliate link) Production Credits: Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices
Bonus · Tue, May 17, 2022
An Announcement, a Request, and How You Can Win Some $$$
Please take the listener survey--->>> https://www.surveymonkey.com/r/8LI_Survey One of the things that defines 8th Layer Insights is the amount of writing, editing, and production that’s involved. Each episode generally takes about 30 hours of work to complete. And, since this is a personal project, that equates to quite a few late nights and weekends. It can be exhausting… but it’s totally worth it. YOU make it worth it. One of my main goals is ensuring that I’m doing everything possible to make this show sustainable AND continuing to improve and to never sacrifice quality. So – with that being said – I’ll let you in on how I’m planning to do it. Just a couple weeks ago, I created a company called 8th Layer Media and have brought on a brilliant partner – his name is Mason Amadeus. Mason will serve as a co-Creative Director and Production Manager. (like Carl, but more competent). Don’t worry – Carl will still be around in season 3 and beyond. It’s hard to unseat Carl. But Mason will play a big part in increasing my capacity. Here’s where you can help : we need your input on what’s working with the show and what can be improved. We want your honest, unfiltered feedback so that we can make a show that isn’t just good – it’s great… consistently great. We also want to get information on how you first found out about 8th Layer Insights, what topics you want the show to explore and more. We even want to know if you have better ideas for the name of the show. …Seriously, if you submit an alternate show name, and we decide to adopt that name, you’ll win a $300 Amazon gift card . There will be other prizes as well. If you’re ready to help shape the future of 8th Layer Insights, take the survey: https://www.surveymonkey.com/r/8LI_Survey Survey closes Friday, June 3, 2022. Perry's Books: Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter (Amazon affiliate link) The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer (Amazon affiliate link) Wondering who Mason is? Here are a few links: Twitter ( @itsMasonAmadeus ) Website ( https://masonamadeus.com/ ) Podcast ( PodCube ) Want to get in touch with Perry? Here's how: <a href="https://www.linkedin.com
Bonus · Thu, May 05, 2022
An Interview with a Password
If you could interview a password, what questions would you ask? Today, May 5th, 2022 is World Password Day. World Password Day was first established in 2013 and is celebrated each year on the 1st Thursday in May. To celebrate, I thought it would be fun to share an excerpt of a previous episode (" Security is Alive ") where I interviewed multiple security-related objects. This clip is my interview with Dave the Password. Stick around after the interview for a few password-related tips and best practices! Learn more about your ad choices. Visit megaphone.fm/adchoices
S2 E10 · Tue, May 03, 2022
Creativity for Non-Creatives
Creativity can be a scary topic for technologists. Most of us haven't been trained in the art and science of creativity and so they either feel out of their depth when called on to create content. But it doesn't have to be that way. In this episode, Perry sits down with New York Times bestselling author, Michelle Richmond, Audible bestselling author Rob Dircks, and two critically acclaimed cybersecurity podcasters, Ran Levi (creator and host of the Malicious Life podcast) and David Spark (creator and host of the CISO Series podcast) to discuss creativity, how to create relatable content, and how to communicate technology-related content in clear and compelling ways. Guests: Ran Levi ( LinkedIn ) ( Website ) David Spark ( LinkedIn ) ( Website ) Michelle Richmond ( LinkedIn ) ( Website ) ( Amazon Page ) Rob Dircks ( LinkedIn ) ( Website ) ( Amazon Page ) Books and Resources : 8Li Season 1, Episode 1: Unleashing Trojan Horses for the Mind 8Li Season 2, Episode 1: Igniting and Sustaining Creativity 8Li Season 2, Episode 2: You're Listening to "The Dark Stream" 8Li Season 2, Episode 3: Technology & the Law of Unintended Consequences 8Li Season 2, Episode 6: Security is Alive "Malicious Life" Podcast , Ran Levi "CISO Series" Podcast , David Spark How do you explain virtualization to your mom? -- David Spark video "Everything is Alive" Podcast "Writing Excuses" Podcast The Wonder Test: A Novel , by Michelle Richmond (Amazon affiliate link) The Marriage Pact: A Novel , by Michelle Richmond (Amazon affiliate link) Where the Hell is Tesla? A Novel , by Rob Dircks (Amazon affiliate link) <a hre
S2 E9 · Tue, April 19, 2022
The Next Evolution of Security Awareness
"Security Awareness" is a slippery topic for a lot of people. It's a well known phrase -- and, let's face it, it's a phrase that can be very misleading. In this episode, Perry sits down with Dr. Jessica Barker (author and co-CEO at Cygenta), Cassie Clark (Security Awareness Lead Engineer at Brex), John Scott (Head of Security Education at Bank of England), and Lance Spitzner (Director, SANS Institute: Founder, Honeynet Project) to discuss what is currently being done well and, more importantly, where it needs to grow over the next few years. Spoiler alert: it's all about managing human risk. Guests : Dr. Jessica Barker ( LinkedIn ) ( Twitter ) Cassie Clark ( LinkedIn ) ( Twitter ) John Scott ( LinkedIn ) ( Twitter ) Lance Spitzner ( LinkedIn ) ( Twitter ) Books and Resources : 8Li S1 E9: Security ABCs Part 1: Make Awareness Transformational 8Li S1 E10: Security ABCs Part 2: 8th Layer Insights and the Quest for Security Culture Cybersecurity ABCs: Delivering awareness, behaviours and culture change by Jessica Barker, Adrian Davis, Bruce Hallas, & Ciarán Mc Mahon A Data-Driven Computer Defense: A Way to Improve Any Computer Defense by Roger A. Grimes Security Awareness Program Builder: Practical guidelines for building your Information Security Awareness Program & prep guide for the Security Awareness and Culture Professional (SACP)™ by Mark Majewski People-Centric Security: Transforming Your Enterprise Security Culture by Lance Hayden Start with Why: How Great Leaders Inspire Everyone to Take Action by Simon Sinek (Amazon affiliate link) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors , by Perry Carpenter (Amazon affiliate link) The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer (Amazon affiliate link) Production Credits: Music and Sound Effects by <a hr
Bonus · Mon, April 04, 2022
Why Are We So Bad At Risk?
Risk is a funny thing – our minds are constantly looking for risk, scanning our environments and our available choices. And sometimes we do a great job at anticipating and avoiding risky situations. But that doesn’t mean that we are universally good at dealing with risk. In fact, we can be downright appalling at considering and avoiding risk. In this episode, we explore the concept of risk, why we're so bad at understanding it, and the steps we can take to improve. Perry speaks with four risk experts who will help us understand the ups and downs of how we evaluate risk. We’ll touch on everything from Black Swans to Grey Rhinos to risk frameworks, risk equations, inbuilt risk in the design of computing interfaces, and more. Featuring Michele Wucker (author of The Grey Rhino and You Are What You Risk ), Christian Hunt (Founder of Human Risk ), Dr. Arun Vishwanath (Founder and Chief Technology Officer of Avant Research Group ), and Matt Stamper (Chief Information Security Officer and Executive Advisor at EVOTEK and co-author of the CISO Desk Reference Guides vol1 & vol2 ). Original release date: Aug 31, 2021. Guests: Michele Wucker Christian Hunt Arun Vishwanath Matt Stamper Resources & Books: Black Swan Theory Grey Rhino Events Various Risk Equations Risk Perception Equation , Freakonomics 20 Cognitive Biases That Affect Risk Decision Making , SafetyRisk.net <a href="https:
S2 E8 · Tue, March 22, 2022
Fun and Games: Lock Picking, Capture the Flag Contests, Simulations, and More
What images come to mind when you see or hear the word 'Cybersecurity?' That word probably evokes mental images of people hunched over keyboards launching cyberattacks at each other. Or maybe you picture someone picking a lock or stealing a badge to slip into a building. In other words, most people picture the battle... or what some might think of as "the fun parts." But, here's the thing. Not everyone gets to participate in these aspects of cybersecurity and, in many cases, finding safe and legal ways to practice these skills can be challenging. So where can curious minds turn? That's where gamification can really help. There are a ton of really fun and engaging ways to learn these skills without fear of being arrested or breaking something. These are also great ways to level-up cybersecurity skills and help bring new people into the field. In this episode, we explore the "fun and games" of cybersecurity: lock picking, (CTFs) capture the flag competitions, simulations, and even pickpocketing and magical (sleight of hand and misdirection) thinking. Perry's guests are Alethe Denis (social engineer and DefCon 2019 Social Engineering CTF winner), Deviant Ollam (penetration tester, lock picking guru, and Board Member of The Open Organization of Lockpickers), Chris Kirsch (Co-Founder and CEO of Rumble, DefCon 2017 Social Engineering CTF winner) , and Gerald Auger (Founder of Simply Cyber, Director of Cybersecurity Education & Cybersecurity Program Manager at ThreatGEN). Guests: Alethe Denis ( LinkedIn ) ( Twitter ) ( Website ) Deviant Ollam ( Twitter ) ( YouTube ) ( Website ) Chris Kirsch ( LinkedIn ) ( Twitter ) Gerald Auger ( LinkedIn ) ( Twitter ) ( YouTube ) Resources & Books: What is Gamification? Lockpicking Resources from Deviant Ollam Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks , by Deviant Ollam Practical Lock Picking: A Physical Penetration Tester's Training Guide , by Deviant Ollam TOO
S2 E7 · Tue, March 08, 2022
World's Greatest Con – A Conversation with Brian Brushwood
If you love learning about cons, scams, and tricks, then this is the episode for you. Listen as Perry sits down with Brian Brushwood, someone who has made understanding and teaching scams and tricks his life's work. Brian is the creator of Scam School, Scam Nation, Hacking the System, Modern Rogue, and more. For the past 20 years, he's toured around the world teaching and demonstrating everything from side show stunts, to sleight-of-hand magic, to the intricacies of con artistry. Brian’s new podcast, World’s Greatest Con is a deep-dive into the stories and tactics behind the most intricate and interesting cons imaginable. In season 1, he told the story of Operation Mincemeat, a WWII plot devised by Ian Fleming (creator of James Bond) to trick none other than Adolf Hitler. Season 2 covers five different cons all related to the game show industry… it’s both entertaining and riveting in some very unexpected ways. A big thank you to my friends over at the PodCube podcast for creating a custom skit for this episode. If you are a fan of sketch comedy, be sure to check out their show! (PodCube: The Future, is Yesterday™). Guest: Brian Brushwood ( Website ) ( Twitter ) Books and Resources Brian's Website World's Greatest Con podcast site Scam School YouTube Channel Modern Rogue YouTube Channel Brian Brushwood Mistreats His Tongue Brian doing psychic surgery on Penn & Teller: Fool Us Brian doing the "hidden ghost" trick Brian's Entire Bizarre Magic Stage Show How to make a fake tongue (without using a deer tongue) Operation Mincemeat -- Wikipedia 13 Unbelievably Fascinating Game Show Cheating Scandals That'll Shock Both Devoted And Casual Fans -- Buzzfeed Project Alpha -- Wikipedia Going Mental: A Conversation with Banachek -- 8th Layer Insights S1E7 PodCube Podcast Thinking, Fast and
S2 E6 · Tue, February 22, 2022
Security is Alive
Every now and then you need to try something new. That's what this episode is. If you listened to Season 2, Episode 3 (Technology and the Law of Unintended Consequences), you may remember the mock interview with Janet, the virtual assistant. This episode expands that idea and features a set of four mock interviews -- all with security-related object. This is an interesting experiment to help flesh-out some ideas behind these objects, the reasons they exist, their motivations, and the situations in which they find themselves. On this episode, we have four guests: Samantha, a piece of facial recognition software with a really interesting idea, Dave the password who has a pretty bad sharing problem, Devon, a secure email gateway who is struggling with the weight of the world and Barb, the phishing email who will say just about anything possible to get you to click that link. Guests: Samantha – Facial Recognition Software Dave – Password Devon – Secure Email Gateway Barb – Phishing Email Books and Resources : MasterClass -- Margaret Atwood Teaches Creative Writing "Everything is Alive" Podcast Krebs on Security - Password Do’s and Don’ts What makes a good password? 9 rules to protect you from cyberattacks World Password Day: Roger Grimes on passwords Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate How does facial recognition work? Facial recognition: top 7 trends (tech, vendors, use cases) NISTIR 8238 Ongoing Face Recognition Vendor Test (FRVT) Part 2: Identification How Accurate are Facial Recognition Systems – and Why Does It Matter? Social Engineering Red Flags Email Security Gap Analysis Shows 10.5% Miss Rate <a href="https:
S2 E5 · Tue, February 08, 2022
How to Fool The White House-- A conversation with James Linton (aka The Email Prankster)
On this episode, Perry sits down with James Linton (formerly known as The Email Prankster). In 2017, James went on a virtual joyride exploiting the ways that people interact with emails. One of the most interesting things about James' story is that his exploits didn't rely on any type of highly technical method(s); they were simple display name deceptions. But that didn't stop him from fooling CEOs from some of the worlds largest banks, celebrities, and high ranking staff members in the White House. James' success using these simple methods serves as a warning for us all. We don't fall for scams because they are technically sophisticated or because we are stupid. We fall for scams because we are human. Guest: James Linton ( LinkedIn ) ( Website ) Books and Resources : Anatomy Of An Email Impersonation Spree: Who Got Pranked And Why An email prankster is hitting the CEOs of the world's biggest banks How to Prank the Rich and Powerful Without Really Trying Morgan Stanley CEO James Gorman falls for email prank This Man Pranked Eric Trump And Harvey Weinstein — Now He Just Wants A Job Media Coverage YouTube Playlist James Linton -- Wikipedia Entry The Journal of Best Practices: A Memoir of Marriage, Asperger Syndrome, and One Man's Quest to Be a Better Husband by David Finch Perry -- Interview on Springbrook's Converge Autism Radio Perry -- Security Weekly Interview Perry Carpenter - The Aspies Guide to Social Engineering - DEF CON 27 Social Engineering Village Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers C
S2 E4 · Tue, January 25, 2022
Bridging the Cyber Skills Gap
If you've been following the cybersecurity industry for the past few years, you've likely heard about the "cyber skills gap." In this episode, Perry sits down with Heath Adams ( TCM Security ), Professor Karla Carter ( Bellevue University ), Sam Curry ( Cybereason ), and Lola Obamehinti ( eBay ) to explore what the skills gap is and how to begin to close the gap. We touch on subjects such as where traditional degrees, online training, certifications, mentorship, and networking fit in, as well as the value of diversity. And we offer thoughts for employers, current industry professionals, and job seekers. Guests : Heath Adams ( LinkedIn ) Karla Carter ( LinkedIn ) Sam Curry ( LinkedIn ) Lola Obamehinti ( LinkedIn ) Books and Resources : Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career , by Dr. Jessica Barker Cybersecurity Domain Map ver 3.0 by Henry Jiang Cybersecurity Employment in 2022: Solving the Skills Gap , by Jenn Fulmer Cybersecurity: The Starting Line , by 4n6Lady The 8 CISSP domains explained , by Luke Irwin Examination of Personality Characteristics Among Cybersecurity and Information Technology Professionals , by Sarah E. Freed (utc.edu) GenCyber Camps: Inspiring the Next Generation of Cyber Stars NSA National Centers for Academic Excellence in Cybersecurity Navigating the Cybersecurity Career Path by Hellen E. Patton Over 200,000 Girl Scouts Have Earned Cybersecurity Badges by Ashley Savageau Tribe of Hackers: Cybersecurity Advice from the
S2 E3 · Tue, January 11, 2022
Technology & the Law of Unintended Consequences
Let's face it. Most of us have a love/hate relationship with technology and technological advances. We dream about the new thing... but when it arrives, we are usually a little disappointed. Many of us also lament the constant erosion of privacy, the changes in social norms, and more. And, little-by-little, we allow those aspects of new technology to make us numb. We accept the cognitive dissonance of not totally being happy with the trade-offs; yet we still make the trade. In this episode, we explore a few of the positives and some of the unintended consequences associated with recent technological advancements. We'll hear from Dr. Lydia, Kostopoulos, Dr. Charles Chaffin, Andra Zaharia, and Aaron Barr. Guests : Dr. Lydia Kostopoulos ( LinkedIn ) ( Website ) Dr. Charles Chaffin ( LinkedIn ) ( Website ) Andra Zaharia ( LinkedIn ) ( Website ) Aaron Barr ( LinkedIn ) ( Website ) Books and Resources : Everything is Alive by PRX and Radiotopia IEEE Article: Decoupling Human Characteristics from Algorithmic Capabilities by Dr. Lydia Kostopoulos Numb: How the Information Age Dulls Our Senses and How We Can Get them Back by Dr. Charles Chaffin The Numb Podcast by Dr. Charles Chaffin The Cyber Empathy Podcast by Andra Zaharia Reminder: Your 'smart AI' often involves a low-paid contractor surveilling you How creepy is your smart speaker? Newton's Laws of Motion Unintended Consequences Elon Musk's warning regarding AI Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure B
S2 E2 · Tue, December 28, 2021
You're Listening to "The Dark Stream"
And now for something completely different. This episode is a show within a show. Get ready to step into The Dark Stream : it's a parody of one of those old late night paranormal, conspiracy, or confession call-in radio shows from the 1980's and 90's. And, yes, it's over-the-top and cheesy. In this episode, you'll hear some re-edited and never before aired sections from Perry's previous interviews with Rachel Tobac, Maxie Reynolds, and Chris Hadnagy. Guests : Rachael Tobac : ( LinkedIn ), CEO of SocialProof Security Maxie Reynolds ( LinkedIn ), Founder of Subsea Cloud Chris Hadnagy : ( LinkedIn ); CEO of Social Engineer, LLC ; Founder of Innocent Lives Foundation ; Founder of Social-Engineer.org Recommended Books and Resources: CNN coverage of Rachel Tobac using social engineering to ruin Donie O'Sullivan's day Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You by Chris Hadnagy The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Production Credits: Additional voice talent provided by Rich Daigle (a.k.a. Mouth Almighty) and Sarah McQuiggan Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Learn more about your ad choices. Visit megaphone.fm/adchoices
S2 E1 · Tue, December 14, 2021
Igniting and Sustaining Creativity
This episode is all about creativity: what it is, what it looks like, and what to do when you get stuck. Perry speaks with four experts who have made creating new and interesting things their life's work. Featuring Jack Rhysider (Creator/host of Darknet Diaries ), Faith McQuinn (creator of Boom , Margaritas & Doughnuts , and Apollyon ), Tom Buck ( YouTuber and content creator ), and Sam Qurashi (Exploring the Psychology of Everything ). Guests: Jack Rhysider Faith McQuinn Tom Buck Sam Qurashi Resources & Books: The No. 1 Habit of Highly Creative People Alchemy: The Dark Art and Curious Science of Creating Magic in Brands, Business, and Life Seven Techniques For Getting Creatively Unstuck The Unusual Habits Of 8 Famous Creative Minds The World's Most Creative People Have This Thing in Common You Are an Artist: Assignments to Spark Creation Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors Additional research by Nyla Gennaoui. Music and Sound Effects by Blue Dot Sessions , Envato Elements , & Storyblocks . Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com . 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Learn more about your ad choices. Visit <a href="https://megaphone.f
S1 E10 · Tue, September 28, 2021
Security ABCs Part 2: 8th Layer Insights and the Quest for Security Culture
This is the second of a two part series covering Cybersecurity’s ABCs: Security Awareness, Behavior, and Culture. This episode discusses the difficulty that security leaders have in defining what a security culture actually is. Luckily, we can draw on learnings from organizational culture management and culture transformation experts. Guests for this episode include, David Sturt, Executive Vice President of the O.C. Tanner Institute , author of Great Work: How to Make a Difference People Love and Appreciate: Celebrating People, Inspiring Greatness ., Dr. Jessica Barker (co-CEO and Co-Founder, Socio-Technical Lead at Cygenta ; author of Confident Cyber Security and co-author of Cybersecurity ABCs ), Kai Roer, Chief Research Officer at KnowBe4 , creator of the Security Culture Framework, author of Build a Security Culture , and Michael Leckie, founding partner at Silverback Partners, LLC and author of The Heart of Transformation: Build the Human Capabilities that Change Organizations for Good . Guests: David Sturt Dr. Jessica Barker Kai Roer Michael Leckie References, Resources & Books: 4 Ways to Build a Thoughtful Security Culture , by Perry Carpenter 7 Tips for Building a Strong Security Culture , by Perry Carpenter Appreciate: Celebrating People, Inspiring Greatness , by David Sturt Build a Security Culture , by Kai Roer Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career , by Jessica Barker <a href="https://www.culturerulesbook.com
S1 E9 · Tue, September 14, 2021
Security ABCs Part 1: Make Awareness Transformational
This is the first of a two part series covering Cybersecurity’s ABCs: Security Awareness, Behavior, and Culture. We touched on facets of Awareness in Episode 1 and Behavior in Episode 3. These two episodes cover the cybersecurity ABCs in a very pragmatic way, with this episode covering Awareness and Behavior and Episode 10 providing a deep dive into Culture. Guests for this episode include, Dr. Jessica Barker (co-CEO and Co-Founder, Socio-Technical Lead at Cygenta ; author of Confident Cyber Security and co-author of Cybersecurity ABCs ), Chrysa Freeman (Senior Program Manager for Security Awareness at Code42 ), Ian Murphy (Founder, CyberOff ), and Lauren Zink (Senior Security Awareness Specialist at Boeing ; author of LinkedIn Learning courses: Creating a Security Awareness Program and Building a Security Awareness Program: Phishing Simulations ). Guests: Dr. Jessica Barker Chrysa Freeman Ian Murphy Lauren Zink References, Resources & Books: 5 Things You May Not Know About Security Awareness Training , by Perry Carpenter Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career , by Jessica Barker Cybersecurity ABCs: Delivering awareness, behaviours and culture change , by Jessica Barker, Adrian Davis, and Bruce Hallas The Dilemma: Should you phish test during the COVID-19 pandemic? , by Perry Carpenter Down the Rabbit Hole: Why People Question the Value of Security Awareness , by Perry Carpenter Do You Care More about What Your P
S1 E8 · Tue, August 31, 2021
The Risk Episode: Black Swans, Grey Rhinos, Angels & Demons
Risk is a funny thing – our minds are constantly looking for risk, scanning our environments and our available choices. And sometimes we do a great job at anticipating and avoiding risky situations. But that doesn’t mean that we are universally good at dealing with risk. In fact, we can be downright appalling at considering and avoiding risk. In this episode, we explore the concept of risk, why we're so bad at understanding it, and the steps we can take to improve. Perry speaks with four risk experts who will help us understand the ups and downs of how we evaluate risk. We’ll touch on everything from Black Swans to Grey Rhinos to risk frameworks, risk equations, inbuilt risk in the design of computing interfaces, and more. Featuring Michele Wucker (author of The Grey Rhino and You Are What You Risk ), Christian Hunt (Founder of Human Risk ), Dr. Arun Vishwanath (Founder and Chief Technology Officer of Avant Research Group ), and Matt Stamper (Chief Information Security Officer and Executive Advisor at EVOTEK and co-author of the CISO Desk Reference Guides vol1 & vol2 ). Guests: Michele Wucker Christian Hunt Arun Vishwanath Matt Stamper Resources & Books: Black Swan Theory Grey Rhino Events Various Risk Equations Risk Perception Equation , Freakonomics 20 Cognitive Biases That Affect Risk Decision Making , SafetyRisk.net <a href="https://en.wikipedia.org/wiki/Factor_analysis_of_informa
S1 E7 · Tue, August 17, 2021
Going Mental: A Conversation with Banachek
In this episode, Perry Carpenter sits down with renowned mentalist and skeptic, Banachek. Banachek (Steve Shaw) grew up with a fascination in magic and a frustration with psychic frauds. As a teenager, he contacted magician and skeptic, James “The Amazing” Randi and ended up working with Randi on a special initiative known as Project Alpha, which set out to expose a general lack of objectivity in parapsychology research. Banachek served as the director for the James Randi Educational Foundation’s “One Million Dollar Paranormal Challenge” for 15 years and is now the President of the James Randi Educational Foundation. Perry and Banachek discuss Project Alpha, the ways of fake psychics and fraudulent faith healers, and issues associated with confirmation bias and framing effects. They also discuss Banachek’s new live mentalism show in Las Vegas, which incorporates theatrical mindreading and other mentalism effects along with a storyline that explores Banachek’s life, antics, and passion for critical thinking. Guest: Banachek ( Website ) ( twitter ): Mentalist ( Performing in Las Vegas add 'social' for 30% off tickets), Skeptic, President of the James Randi Educational Foundation This episode also featured a quick comment from: George Finney : ( LinkedIn ); Chief Security Officer at Southern Methodist University ; Founder of Well Aware Security Books and References: Banachek Wikipedia entry Project Alpha Wikipedia entry James Randi Wikipedia entry Article about Houdini's efforts to debunk fake mediums The Discoverie of Witchcraft Wikipedia entry The Psychology of the Ouija Barnum Effect Wikipedia entry James Randi & Project Alpha Video Project Alpha lookback -- James Randi and Michael Edwards Psychological Subtleties vol 1 , by Banachek <a href="https://www.amazon.
S1 E6 · Tue, August 03, 2021
Embrace an Attacker Mindset to Improve Security
Have you ever taken time to view the world through the eyes of an attacker? Doing so is an interesting and useful exercise. Understanding the mind of an attacker is fundamental to securing your organization or aspects of your personal life. After all, if you aren't doing the job of viewing things from an attacker's perspective, that means that only the attackers are. The idea is to understand the mindset, motivations, and capabilities of a possible threat actor so that you aren’t simply oblivious to your vulnerabilities. This episode is a deep dive into attacker mindsets, we’ll hear from four experts who really know what it is to view the world through the eyes of an attacker. Featuring Chris Kirsch (DEF CON Social Engineering CTF Black Badge winner and co-founder of Rumble, Inc.), David Kennedy (Founder of Binary Defense and TrustedSec), Maxie Reynolds (Author of The Art of Attack: Attacker Mindset for Security Professionals , and Technical Team Leader, Social-Engineer, LLC), and Ted Harrington (Author of Hackable: How to Do Application Security Right , and Executive Partner at Independent Security Evaluators). Guests: Maxie Reynolds ( https://www.linkedin.com/in/maxiereynolds/ ) David Kennedy ( https://www.linkedin.com/in/davidkennedy4/ ) Chris Kirsch ( https://www.linkedin.com/in/ckirsch/ ) Ted Harrington ( https://www.linkedin.com/in/securityted/ ) Books and References: Bruce Schneier blog about the Security Mindset: https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html Origin of "Devil's Advocate": https://allthatsinteresting.com/devils-advocate-origin Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/ 12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ <a href="https://ww
S1 E5 · Tue, July 20, 2021
Going Meta: A Conversation and AMA with Bruce Schneier
In this episode, Perry Carpenter interviews cybersecurity guru Bruce Schneier. Perry and Bruce explore how cybersecurity is about so much more than technology — It’s about people, so we benefit by taking a multidisciplinary approach. In preparing for this interview, Perry solicited his LinkedIn network to see what questions people had for Bruce. This is a wide ranging conversation covering everything from Bruce’s thoughts on cybersecurity’s “first principles” to the impact that the pandemic had on society to need for regulation to help raise the overall standards for security and privacy. Guest: Bruce Schneier ( https://www.schneier.com/blog/about/ ) ( https://twitter.com/schneierblog ) Bruce's personal website 'about me' page: https://www.schneier.com/blog/about/ Wikipedia article about Bruce Schneier: https://en.wikipedia.org/wiki/Bruce_Schneier Another background article about Bruce: https://www.cybersecurityeducationguides.org/bruce-schneier-legendary-cryptographer/ More Background on Bruce: http://academickids.com/encyclopedia/index.php/Bruce_Schneier Bruce's Solitaire encryption algorithm: https://www.schneier.com/academic/solitaire/ More info on the Solitaire algorithm: https://www.schneier.com/blog/archives/2019/10/more_cryptanaly.html Proximity Blindness: https://dannyozment.com/cant-see-the-forest-for-the-trees-the-dangers-of-proximity-blindness-2/ The story of the Blind Men and an Elephant: https://en.wikipedia.org/wiki/Blind_men_and_an_elephant Cryptography After the Aliens Land: https://www.schneier.com/essays/archives/2018/09/cryptography_after_t.html Secrets and Lies book preface with "If you think" quote: https://www.schneier.com/books/secrets-and-lies-pref/ "if you think cryptography" quote: https://news.ycombinator.com/item?id=19589899 Recommended Books (Amazon affiliate links): <
S1 E4 · Tue, July 06, 2021
Deceptionology 101: Introduction to the Dark Arts
Have you ever noticed how fundamental deception is to the human condition? Deception and forms of social engineering have been with us since the beginning of recorded history. And yet, it seems like we are just as vulnerable to it as ever. But now the stakes are higher because technology allows social engineers to deceive at scale. This episode explores the psychology of deception, provides a foundation for understanding social engineering, offers a few mental models for exploration and exploitation, and discusses how we can prepare our mental defenses. Guests: Rachael Tobac: ( LinkedIn ), CEO of SocialProof Security Chris Hadnagy: ( LinkedIn ); CEO of Social Engineer, LLC ; Founder of Innocent Lives Foundation ; Founder of Social-Engineer.org Lisa Forte: ( LinkedIn ); Partner at Red Goat Cyber Security ; Co-Founder Cyber Volunteers 19 George Finney: ( LinkedIn ); Chief Security Officer at Southern Methodist University ; Founder of Well Aware Security Notes & Resources: CSO Online article on Social Engineering OODA Loop Understanding Framing Effects More examples of Framing Effects Harvard Business Review article on the Principles of Persuasion A blog series I did on Deception ( Part 1 ), ( Part 2 ). PsychologyToday article on Social Engineering Recommended Books (Amazon affiliate links): The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick <a href="https
S1 E3 · Tue, June 22, 2021
This is BS!
Ever wrestled with the fact that people often make horrible security decisions even though their employers have security awareness programs in place? It's often because we assume that being aware of something should naturally result in better behavior. Well... that's not the case. This episode takes a deep dive into the knowledge-intention-behavior gap where we are confronted with three realities of security awareness. And those realities lead us to the realization that we need to focus on behavior. Guests for this episode are all leaders in the fields of Behavioral Science. They are, BJ Fogg, Ph.D., author of Tiny Habits: the Small Changes that Change Everything , Matt Wallaert, author of Start at the End: How to Build Products That Create Change, and Alexandra Alhadeff, co-author of Deep Thought: A Cybersecurity Story. Guests: BJ Fogg, Ph.D. . -- Behavior Scientist & Innovator at Stanford University. ( Personal website ) Author of Tiny Habits: The Small Changes That Change Everything . ( Amazon link ) Matt Wallaert -- Head of Behavioral Science at frog (a Capgemini company). Author of Start at the End: How to Build Products That Create Change ( Amazon link ) Alexandra Alhadeff -- Behavioral Scientist & Product Manager at The Fabulous. ( Personal website ) Notes & Resources: BJ Fogg testimony to the 2006 US Federal Trade Commission about the dangers of persuasive technology. Fogg Behavior Model About Nudge Theory Multiple examples of Nudging Great catalog of Dark Patterns Ideas42 cybersecurity-related behavioral science research . Deep Thought: A Cybersecurity Story , by Ideas42. Recommended Books (Amazon affiliate links): Tiny Habits: The Small Changes That Change Everything , by BJ Fogg, Ph.D. Start at the End: How to Build Products That Create Change , by Matt Wallaert <a href="https://amzn.to/3iW2z6d"
S1 E2 · Tue, June 08, 2021
The Battle for Truth: Disinformation, Misinformation, & Conspiracies
This is an episode about the battle for truth. As disinformation, misinformation, malinformation, and conspiracy theories seem to be hitting epidemic levels, how can we help each other determine what is real and what is fake? How can we help people who are falling down conspiracy rabbit holes? And what roles do technology companies, governments, and ordinary citizens play? Perry Carpenter speaks with acclaimed cybersecurity expert, Bruce Schneier , disinformation experts, Samantha North and Allie Wong , and conspiracy theory researcher, Mick West . In this episode, we also hear from Peter Leyden from Reinvent and Eli Periser , author of The Filter Bubble. Learn more about our guests here: Bruce Schneier - Internationally renowned security technologist, author, and speaker. You can find Bruce's website here . Allie Wong - VP of Mis/dis/mal-information, Response and Resiliency, Limbik; Consultant, United Nations Institute for Disarmament Research. ( LinkedIn ) Samantha North - Disinformation researcher and consultant. ( LinkedIn ) Co-Founder: North Cyber Research ( website ) Mick West - Skeptical investigator and retired video game programmer. Creator of the websites Contrail Science ( website ) and Metabunk ( website ). Author of Escaping the Rabbit Hole: How to Debunk Conspiracy Theories Using Facts, Logic, and Respect ( link ). Personal website ( link ). Special thanks to Reinvent for allowing use of audio. References: http://reinvent.net/events/event/how-we-can-pop-the-filter-bubble-with-eli-pariser/ https://reboot-foundation.org/study-social-media-poor-judgment/ https://reboot-foundation.org/is-there-a-fake-news-generation/ Recommended Books (Amazon affiliate links): <a href="https://amzn.to/2RufbG
S1 E1 · Tue, May 25, 2021
Unleashing Trojan Horses for the Mind
This episode explores the concept of “Trojan Horses for the Mind.” There are four Trojan Horses. They are: emotion, sound, visuals, and words/story. Using these Trojan Horses will help us increase the signal to noise ratio in our communications, bypass mental defenses, and embed messages within the minds of our audiences. To explore the concepts related to this, Perry speaks with voice actor, writer, and producer, Rob McCollum; author, marketer, and storytelling expert Joe Lazauskas; and executive storyteller coach and trainer, Stephanie Paul. Learn more about our guests here: Rob McCollum -- Voice actor, script writer, director, producer ( LinkedIn ). Rob's IMDB page. Joe Lazauskas -- Head of Marketing at Contently. Author of, The Storytelling Edge . LinkedIn . Amazon affiliate link to book . Stephanie Paul -- Executive Storyteller, Coach, Speaker, and Trainer ( LinkedIn ). Stephanie's website . Resources: Special offer : Stephanie Paul is offering a $5.00 discount off her book, The WhyGuide to Storytelling. Just visit here and use the coupon code HACK4U at checkout. For more about the Trojan Horses for the Mind, check out Perry’s book, Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors. Amazon affiliate links to books mentioned: The Storytelling Edge Save the Cat! Transformational Security Awareness Music and Sound Effects by Blue Dot Sessions & Storyblocks. Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices
Trailer · Tue, May 04, 2021
Trailer
Coming May 25, 2021 . Get ready for a deep dive into what cybersecurity professionals often refer to as the "8th Layer" of security: HUMANS. This podcast is a multidisciplinary exploration into how the complexities of human nature affect security, risk, and life. Author, security researcher, and behavior science enthusiast Perry Carpenter taps experts for their insights and illumination. Topics include cybersecurity, psychology, behavior science, communication, leadership, and more. Learn more about your ad choices. Visit megaphone.fm/adchoices
loading...