In this episode, Jason Frank joins Chris Hadnagy and Ryan MacDougall. Jason has an extensive background helping both government and Fortune 100 organizations. He has also served as a course instructor for the Black Hat security conference. Jason is now currently the COO at SpecterOps. He oversees the Adversary Simulation and Detection delivery capabilities, helping clients to understand, detect, and respond to adversaries. May 17, 2021
Download
Ep. 146 – Demand Transparency with a blue shirt with Jason Frank
Get Involved
Got a great idea for an upcoming podcast? Send us a quick message on the contact form!
Enjoy the Outtro Music? Thanks to Clutch for allowing us to use Emily Dickinson as our new SEPodcast Theme Music
And check out a schedule for all our training at Social-Engineer, LLC.
Check out the Innocent Lives Foundation to help unmask online child predators.
Show Notes
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Jason Frank. Jason has an extensive background helping both government and Fortune 100 organizations. He has also served as a course instructor for the Black Hat security conference. Jason is now currently the COO at SpecterOps. He oversees the Adversary Simulation and Detection delivery capabilities, helping clients to understand, detect, and respond to adversaries. May 17, 2021
00:00 – Intro
03:05 – Podcast Guest Jason Frank Intro
03:22 – Jason at BlackHat
03:30 – SpecterOps
04:34 – How Jason got to where he is
08:50 – Curiosity and motivation born from failing at a CTF
09:50 – Adversary Simulation – why is Jason using this phrase?
12:32 – Where are we in the current security culture?
16:11 – How to get attention of stakeholders, what concepts do you put in play?
18:03 – Reactive vs. Proactive
21:56 – How can corporations prepare for and mitigate attacks?
23:39 – What are the business repercussions of not letting machines talk to each other, and only the server?
25:45 – What are the more recent attacks you’ve seen coming up that people should be looking for?
28:14 – Knowledge bombs – terminology that people can look up to recognize “low hanging fruit” they may be missing – Bloodhound
30:00 – Cycles where certain things can be exploited such as ActiveDirectory
30:50 – What other things do companies need to be watching for
32:14 – PowerShell
33:44 – What are some action steps that corporations should start taking right now?
34:51 – Colleagues Jason respects most in the industry
- 34:51Andrew Morris founder of GreyNoise
- 34:51Dane Stuckey from Palantir
- 34:51Jason Hill from DHS CISA
- 34:51Bryan Beyer and Keith McCammon from Red Canary
36:50 – Jason’s Book Recommendations
38:31 – Wrap-Up
@joemontmania on Twitter (Ryan MacDougall)
@HumanHacker on Twitter (Chris Hadnagy)
@InnocentOrg on Twitter (Innocent Lives Foundation)