Easy Prey

By: Chris Parker
Listen for free

  • Summary

  • Chris Parker, the founder of WhatIsMyIPAddress.com, interviews guests and tells real-life stories about topics to open your eyes to the danger and traps lurking in the real world, ranging from online scams and frauds to everyday situations where people are trying to take advantage of you—for their gain and your loss. Our goal is to educate and equip you, so you learn how to spot the warning signs of trouble, take quick action, and lower the risk of becoming a victim.
    Show More Show Less
Politics & Government True Crime
Show More Show Less
Episodes
  • Cybersecurity Training from Boring to Engaging With Howard Goodman

    Cybersecurity Training from Boring to Engaging With Howard Goodman
    Jan 29 2025

    The landscape of cybersecurity training and collaboration is changing, interactive education sessions and cross team communication is key. Building a security culture and staying ahead of the modern threats has never been more important. Today’s guest is Howard Goodman, Senior Technical Director at Skybox Security.

    With over 20 years of experience Howard has become a well known figure in the cybersecurity world, he combines strategic planning with hands-on application across many industries. In this episode we talk about; security culture, the evolution of cybersecurity training and how Howard got phished during COVID. We also cover organisational challenges, best practices and the future of cybersecurity.

    Show Notes:
    • [00:48] Howard has a doctorate in cyber operations from Dakota State University. Besides working for Skybox Security, he's also an adjunct professor teaching graduate courses about cyber security.
    • [01:48] Howard shares a phishing experience when he and his wife were selling on eBay during COVID.
    • [03:34] If the pros can fall for something, regular people can too. We need to be on our game 100% of the time.
    • [04:53] We talk about opportunities for adversaries to get in when companies have large cybersecurity teams with a lot of moving parts.
    • [05:29] A lot of people ignore phishing attempts instead of reporting them.
    • [06:04] It comes down to organizations training their people properly. Cyber security training is becoming more interesting, because the boring stuff just doesn't hold people's attention.
    • [10:13] When talking about threats, they focus on the exposure side and the exploitability side. With most businesses, functionality comes before security.
    • [12:47] Formal testing is required before upgrading security patches to make sure that they don't break down the whole system.
    • [13:47] The importance of being able to leverage other security controls while testing patches. Teams need to be able to communicate and act fast.
    • [14:52] Knowing about potential risk is the only way to be proactive.
    • [16:36] Looking at costs and gaps in technology. Failures are often due to a breakdown in communication.
    • [19:33] The approach of starting out security first.
    • [25:08] Best practices include cross-training. Working together and training together. Organizations need to run simulations and see how they react as an organization.
    • [31:06] Skybox talks to organizations about gaps in security.
    • [35:57] We discuss the loss that can happen from not having proper security measures in place.

    Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

    Links and Resources:
    • Podcast Web Page
    • Facebook Page
    • whatismyipaddress.com
    • Easy Prey on Instagram
    • Easy Prey on Twitter
    • Easy Prey on LinkedIn
    • Easy Prey on YouTube
    • Easy Prey on Pinterest
    • Dr. Howard Goodman - Skybox Security
    • Dr. Howard Goodman on LinkedIn
    Show More Show Less
    40 mins
  • Next-Gen Account Security with Christiaan Brand

    Next-Gen Account Security with Christiaan Brand
    Jan 22 2025
    With phishing and password breaches on the rise, passkeys could offer a more secure, user-friendly solution that could reshape how we protect our online identities. Today's guest is Christiaan Brand. Christiaan is the co-founder of Entersekt, a financial services security firm and a key player at Google in their security and identity teams. A respected voice in cybersecurity, Christian co-chairs the FIDO2 technical working group focusing on standardizing robust online security protocols in advancing the use of passkeys. He has been at the forefront of the shift toward more secure, password-free systems. We’ll hear his insights on the challenges and opportunities of implementing passkeys to create safer online environments for users and organizations. Show Notes: [00:52] - Christiaan is part of the security team for Google accounts. He's been with Google for 9 years. Prior to that he had a startup.[01:30] - He joined the FIDO Alliance around the same time Google joined in 2013. When he joined Google, he was able to continue with the same type of work.[02:35] - Each of the big tech companies represents a portion of the market when it comes to how we interact with the web and apps.[04:06] - He became interested in security when he started thinking about what could go wrong with new technology solutions. He wanted users to be able to access their financial information in a safe and secure way.[05:06] - 2FA began gaining traction with Google in 2011. It coincided with the launch of Google Authenticator. 2FA was also used by a gaming company.[07:54] - Usability is important, that's why having an app that displays the codes was one of the first forays into making the technology more accessible.[08:34] - Passkeys allow us to move beyond passwords, leaving the extra hassle of traditional multi-factor authentication behind.[11:05] - Key fobs were one of the earlier ways to try and bring usability to security. Now the technology is being moved to smartphones.[12:33] - Passkeys are a replacement for a password manager.[13:35] - Passkeys are extremely long and asymmetric in nature. You and the site you're going to both have the passkey.[14:27] - The service will have the public part of the passkey, and you'll have the private part. Even if the public part leaks out, your passkey will still be secure. Passkeys can never be revealed to phishing sites.[15:47] - FIDO brings the second authentication step in. The service also has to identify themselves.[20:04] - Password managers try to balance security and convenience. Logging in or accessing a passkey is a unique challenge for providers.[22:20] - Phone numbers are a way to get users back into their accounts.[25:19] - Single device users have extra challenges.[26:08] - There are pros and cons to external sources of identity.[29:44] - The FIDO website has many certified solutions.[33:21] - To get passkeys into daily users' lives, we need to start using them on daily applications where we log in frequently.[35:49] - Hopefully this passkey solution will stand the test of time.[37:34] - Attacks are beginning to shift to session hijacking.[38:24] - DBSC or device-based session credentials is a new standard parallel to FIDO. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web PageFacebook Pagewhatismyipaddress.comEasy Prey on InstagramEasy Prey on TwitterEasy Prey on LinkedInEasy Prey on YouTubeEasy Prey on PinterestEntersektChristiaan Brand on LinkedInChristiaan Brand on TwitterChristiaan Brand on FacebookFIDO2 Technical Working GroupLearn More About PasskeysPasskeys.DevFIDO Alliance Passkeys
    Show More Show Less
    44 mins
  • 5 Key Cybersecurity Elements with Kelly Hood

    5 Key Cybersecurity Elements with Kelly Hood
    Jan 15 2025

    How do phishing scams, AI-powered attacks, and strategic governance intersect? Together, they're redefining the future of cybersecurity. Organizations are navigating a mix of challenges and implementing innovative solutions to proactively address today's threats.

    Today's guest is Kelly Hood. She is the EVP and cybersecurity engineer at Optics Cyber Solutions. She is a CISSP who specializes in implementing cybersecurity and privacy best practices to manage risks and to achieve compliance. She supports the NIST cybersecurity framework and serves as a CMMC registered practitioner, helping organizations strengthen their cybersecurity posture and develop effective risk management strategies.

    Show Notes:
    • [01:06] - Kelly is a cyber security engineer at Optic Cyber Solutions. It's her job to help companies protect themselves.
    • [02:17] - Don't be embarrassed if you fall for a phishing scam.
    • [03:01] - These attempts are getting more realistic. Kelly shares how she was briefly fooled by a phishing scam that looks like an email from her mother.
    • [05:25] - The NIST Cybersecurity Framework is a voluntary framework for defining cybersecurity. An update was put out in February of 2024. They also added a new function.
    • [06:01] - The five functions that organize a cybersecurity program have been to identify, protect, detect, respond, and recover. They recently added the govern function.
    • [06:38] - The govern function is about defining your business objective and then putting protections in place that makes sense for those objectives.
    • [09:01] - The identify function is focused on knowing what we have.
    • [09:40] - Protect includes everything from identity management, authentication, training, data security, and platform security.
    • [10:12] - Detect is looking at what's happening around us. It's continuous monitoring and knowing what happens if something goes wrong.
    • [11:00] - Respond is knowing what the plan is when something does happen.
    • [12:01] - Recover is about getting back to normal after something happens.
    • [16:22] - Data centers want to make sure that they have redundant power supplies.
    • [17:33] - We discuss some of the things that people might forget when identifying cybersecurity assets. Data and people need to be thought about as well as systems and hardware.
    • [21:00] - We need to write things down and understand what systems and data connections we have.
    • [23:10] - We talk about the importance of being aware of the physical space and who is actually supposed to be there.
    • [24:46] - Data is one of the assets that often gets overlooked for protection. There are many new requirements that require data to be protected.
    • [27:54] - Monitoring to understand what traffic you should expect and what is and isn't normal activity is also important.
    • [31:10] - Transparency and communication are paramount for creating trust.
    • [33:51] - Sometimes recovery doesn't mean 100%. Get up and running and prioritize the systems that matter most.
    • [36:56] - With governance, you really want to look at what you're trying to do with the business and then translate cybersecurity to fit that objective.
    • [37:27] - Have guidance documentation in place and have oversight.

    Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

    Links and Resources:
    • Podcast Web Page
    • Facebook Page
    • whatismyipaddress.com
    • Easy Prey on Instagram
    • Easy Prey on Twitter
    • Easy Prey on LinkedIn
    • Easy Prey on YouTube
    • Easy Prey on Pinterest
    • Optic Cyber Solutions
    • (MaPT) Maturity and Progress Tracker
    • Optic Cyber Solutions on LinkedIn
    • Optic Cyber YouTube
    • NIST Cybersecurity Framework
    Show More Show Less
    43 mins

What listeners say about Easy Prey

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.

Audible.co.uk reviews

Amazon reviews
No Reviews are Available