Profile

Cover photo
Bryan Brake
147 followers|147,785 views
AboutPostsPhotosVideos

Stream

Bryan Brake

Shared publicly  - 
 
We discuss why you'd want to use Security Onion if you are a network engineer, or if you were wanting a cheap, easy way to setup proper network monitoring. 

#securityonion   #infosec  #podcast #IntrusionDetection  #tools  
Having a more secure network by deploying tools can be no easy task. This week, we show you a tool, Security Onion, that can give you an IDS and log analysis tool in less than 20 minutes.  http://blog.securityonion.net/p/securityonion.html
1
Add a comment...

Bryan Brake

Shared publicly  - 
 
We continue our journey on the 24 Deadly Programming Sins. If you listened to last week's podcast, we introduced the book we were using as a study tool:

http://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751

This week is on command injection. We first discussed code injection as part of our OWASP Top 10 for 2013, but you'll be surprised just how easy it is for devs to allow it to happen in compiled code as well.

#owasp   #code   #programming   #developers   #command  #injection
We continue our journey on the 24 Deadly Programming Sins. If you listened to last week's podcast, we introduced the book we were using as a study tool: http://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751 This week is on command injection. We first discussed code injection as part of our OWASP Top 10 for 2013, but you'll be surprised just how easy it is for devs to allow it to happen in compiled code as well.
1
Add a comment...

Bryan Brake

Shared publicly  - 
 
2015-018- How can ITIL help you flesh out your infosec program?

When you're faced with major projects, or working to understand why your IDS fails every day at the same time, there must be a way to work that out. Or when you must do the yearly business continuity failover, you need a process oriented framework to track and ensure changes are committed in a sane, orderly manner.

ITIL is a completely versatile, flexible framework that scales with your organization. You can also use it with your software development lifecycle. You can use it to enhance major projects and security initiatives.

Tim Wood joins us for Part 2 of his interview. We discuss Change Management, Problem Management and making inter-departmental SLAs a reality for proper and timely management of changes.

 

Tim Wood's Presentation: https://drive.google.com/file/d/0B-qfQ-gWynwiVS0zLTZidml0VzA/view?usp=sharing (view only)
When you're faced with major projects, or working to understand why your IDS fails every day at the same time, there must be a way to work that out. Or when you must do the yearly business continuity failover, you need a process oriented framework to track and ensure changes are committed in a sane, orderly manner. ITIL is a completely versatile, flexible framework that scales with your organization. You can also use it with your software develo...
2
Add a comment...

Bryan Brake

Shared publicly  - 
 
Much of InfoSec and Compliance is all about processes, procedures, controls, audits, and the proper management of all of these.  To do so, you need a proper framework to make these as seamless as possible. ITIL is one of these types of frameworks.

We introduce Mr. Tim Wood on the podcast, who has over 20 years of ITIL experience and began ITIL implementations in banks and Healthcare systems in the United Kingdom. He currently works with different industries to change culture and make an ITIL a reality.

This week, we go over the History of ITIL, and understand the various incarnations from v1.0 to v3.0. You quickly understand where security will start fitting into all those facets of the ITIL framework.

 

Tim Wood's Presentation: https://drive.google.com/file/d/0B-qfQ-gWynwiVS0zLTZidml0VzA/view?usp=sharing (view only)

#ITIL #InfoSec #Management #frameworks #processes   #improvement  
Much of InfoSec and Compliance is all about processes, procedures, controls, audits, and the proper management of all of these.  To do so, you need a proper framework to make these as seamless as possible. ITIL is one of these types of frameworks. We introduce Mr. Tim Wood on the podcast, who has over 20 years of ITIL experience and began ITIL implementations in banks and Healthcare systems in the United Kingdom. He currently works with differen...
1
Add a comment...

Bryan Brake

Shared publicly  - 
 
It's that time of year again...  when all the reports come out that shows how various industries did over the last year.

Brakeing Down Security went over the results of the Verizon PCI report.  Did companies do worse this year, or could they have actually improved? Listen to our analysis, and what companies can do to learn from this, and how you can use this report to help get a leg up when your QSA comes calling.

 

 http://www.verizonenterprise.com/pcireport/2015/

 

Pay IRS using "Snapcard": http://www.coindesk.com/pay-taxes-bitcoin-snapcard-pay-irs/

 

According to the US Internal Revenue Service (IRS), virtual currencies are treated as "Property": http://www.irs.gov/uac/Newsroom/IRS-Virtual-Currency-Guidance


#infosec   #pci   #security   #bitcoin   #breaches  
It's that time of year again...  when all the reports come out that shows how various industries did over the last year. Brakeing Down Security went over the results of the Verizon PCI report.  Did companies do worse this year, or could they have actually improved? Listen to our analysis, and what companies can do to learn from this, and how you can use this report to help get a leg up when your QSA comes calling.    http://www.verizonenterpri...
1
Add a comment...

Bryan Brake

Shared publicly  - 
 
We invited the organizers of the "TheLab.ms", a Dallas, Texas based hacker/makerspace on the podcast to talk about why they wanted to start a #makerspace, the costs and plans to setup a #hackerspace, and some of the things you can do with a makerspace. We also understand the sense of community and the learning environment gained from these places. 

If you are looking to start a 'space in your area, or looking to understand why they are needed in a community, you'll want to listen to Roxy, Sean, and Jarrod talk about the highs and lows and even some of the gotchas in setting up a space.
#makingadifference   #hackers   #3dprinter   #costumemaker  
1
Add a comment...
Have him in circles
147 people
Philip Beyer's profile photo
Jim Seggie's profile photo
Alex Apostol (Author)'s profile photo
Ryan Corey's profile photo
Switz Antivirus UK's profile photo
Michael Tumey's profile photo
Anshu Kumar's profile photo
Daniel Hathaway's profile photo
Michael Gough's profile photo

Bryan Brake

Shared publicly  - 
 
Least possible access and auditing what is ingressing and egressing from your network segments can be the difference between failing your compliance audit, or sending your data to another country, or allowing bad guys into your network.

#SANS   #Infosec   #infrastructure   #firewall   #routers   #auditing  
When you're working with network infrastructure, there's a real need for proper configuration management, as well as having a proper baseline to work from. Mr. Boettcher and I continue through the SANS Top25 Critical Security Controls. #10 and #11 are all dealing with network infrastructure. Proper patches, baselines for being as secure as possible. Since your company's ideal security structure needs to be a 'brick', and not an 'egg'.  
1
Add a comment...

Bryan Brake

Shared publicly  - 
 
listen to the brand new Brakeing Down Security! You can also catch it on Itunes: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2  (we love feedback!) and our RSS feed: http://www.brakeingsecurity.com/rss

#codereview   #bufferoverruns   #code   #podcast   #programming   #infosec  
Code Audits are a necessary evil. Many organizations resort to using automated tools, but tools may not find all issues with code. Sometimes, you need to take a look at the code yourself. Since I'm not well-versed at this, and Mr. Boettcher has a CS degree, we Mr. Boettcher and I begin going through the book "24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them" What we covered this week is "buffer overruns", we discuss wha...
1
Bryan Brake's profile photo
 
Thanks +Philip Beyer !!!!
Add a comment...

Bryan Brake

Shared publicly  - 
 
Anyone who follows me can enjoy one free play of this recording of fine instrumental music
1
Add a comment...

Bryan Brake

Shared publicly  - 
 
Brakeing Down Security Special interview this week! On the heels of their uber successful KickStarter campaign, we brought co-founder Ryan and one of the technical editors Anthony in to discuss what Cybrary is. We also discuss ways you can leverage it in your own business to get quality security awareness training, as well as train up your employees on infosec topics that can benefit your company and employees. You can find out more at http://www.cybrary.it   #training   #infosec   #CCNA   #Cybrary   #freestuff   #podcast   #interview  
2
Add a comment...

Bryan Brake

Shared publicly  - 
 
Brakeing Down Security continues our trek down the list of SANS Top 20 Critical Security Controls this week with #12 and #13 - Boundry Defense, and Controlled use of Administrative Privileges.  Learn what you can do to shore up your network defenses, and how to handle admin privileges... When to give that kind of access, and how to make privileged access as secure as possible while still allowing administrators to do their work. #SANS #infoSec    #top20  
#accesscontrol   #firewall   #networksecurity   #permissions  
We continue our trek down the list of SANS Top 20 Critical Security Controls this week with #12 and #13 - Boundry Defense, and Controlled use of Administrative Privileges.  Learn what you can do to shore up your network defenses, and how to handle admin privileges... When to give that kind of access, and how to make privileged access as secure as possible while still allowing administrators to do their work.     https://www.sans.org/media/crit...
1
Add a comment...

Bryan Brake

Discussion  - 
 
Illusion is working great, but I really need to have a screen lock that locks all the time, not just when I lock it. I can't have someone just coming up and unlocking the phone if I've failed to shut off the screen, and then wake up the phone just to click 'lock'. Is there a setting to lock it regardless of how I turn off the screen (power button, double-tap status, timeout, etc)?
1
Andrew Oldfield's profile photo2SHAYNEZ's profile photoBryan Brake's profile photo
9 comments
 
My idea of 'trusted' devices, and Android's is two different things... I thought it was a white list permitting only those devices to connect, not 'make my phone's security protections become lax when I'm paired to a BT/NFC device'
Add a comment...
People
Have him in circles
147 people
Philip Beyer's profile photo
Jim Seggie's profile photo
Alex Apostol (Author)'s profile photo
Ryan Corey's profile photo
Switz Antivirus UK's profile photo
Michael Tumey's profile photo
Anshu Kumar's profile photo
Daniel Hathaway's profile photo
Michael Gough's profile photo
Basic Information
Gender
Male
Story
Introduction
I'm a CISSP that loves working in the security field.
Bragging rights
I lived on the island of Diego Garcia.
Links
Contributor to