OwlTail

Cover image of John Strand

John Strand

17 Podcast Episodes

Latest 23 Oct 2021 | Updated Daily

Weekly hand curated podcast episodes for learning

Episode artwork

Understanding Where You Are with John Strand

Hacker Valley Blue

If want to get into computer security, you're going to learn to love it, you're going to have to be successful, because a lot of computer security isn't just about bits and bytes, it's really about effectively communicating what needs to be done to the right people. In this episode we have the incredible John Strand. Organizations need to become more proactive, and see where those weak spots are to protect themselves from something like ransomware. You need to run a pen test because you can have somebody literally launch those attacks, and identify those weaknesses in those vulnerabilities before the bad people do. What's the gap that we can all learn from? It's passwords. By and large for most users, passphrases are the way to go. And, multi-factor authentication is actually a very sound strategy. If you look at one key tenant of computer security, complexity is the enemy of computer security. And security is constantly trying to catch up and protect against yesterday's attacks. So, the future is more connected, it's more complicated. And the problem is, we still have people that use weak passwords, we still have people that click on links from strangers. And ultimately, when we're looking at that future, you're going to see the exact same problems that we've always had complicated on a much, much, much, much, much larger scale. As things get more and more pushed to the cloud. There'll be no shelter here, the front line is everywhere. World of computer security.  Key Takeaways: 0:00 Previously on the show2:02 John introduction2:44 Episode begins2:47 What John is doing today3:45 John’s core tenets5:51 How pen testing is “Blue”6:17 Why understanding fundamentals matters8:55 Ransomware10:41 Organizations need to be prepared11:58 Password gap13:37 Password philosophy17:07 Multi-factor authentication21:40 What to do today24:24 New problems26:44 Learn your own network28:26 Where to find John John Strand on Twitter John Strand on LinkedIn Black Hills Information Security Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius

29mins

18 Oct 2021

Episode artwork

An Interview with John Strand of BHIS - 202

SECTION 9 Cyber Security

Yes, we got to Interview John Strand from Black Hills Information Security. He was kind enough to donate his time. We covered first steps to improving security, best practice, tools and training. Links to some of thing things John mentioned. 1. LogonTracer 2. sigma 3. JPCERT Tools 4. JPCERT: Tool Analysis Results Sheet FIND US ON1. Facebook2. Twitter - DamienHull

45mins

14 Jun 2021

Similar People

Episode artwork

404: Ep.25 - The one with John Strand

404: Cybersecurity Not Found

John Strand is the owner of Black Hills Information Security, and he has over 2 decades of experience in cybersecurity. In this podcast, David and Brad from Samurai interview John and share stories and anecdotes about their dealings with organisations across all verticals over the years. When you start planning against a hack, you need to make sure that you can identify your risks. When you strip down risk to its core, it boils to threats and vulnerabilities. Don’t be blinded by one aspect of the danger and assume that the same threat will be repeated. An attacker will never follow just one type of methodology. The threat actors will use any technique at their disposal!Listen further to find out what the best approach is to start protecting your organisation.

49mins

11 Jun 2021

Episode artwork

Episode 147 - Learning Cybersecurity Until You Get It Right with John Strand

Hacker Valley Studio

In this episode, we brought back fan-favorite, John Strand.  He is owner of Black Hills Information Security, a SANS instructor, and a mentor to many in the industry.  Johns starts the show sharing a little bit about his background and what he is doing today. Ron and Chris dive a little bit deeper into John’s earlier life asking what his personal superpower, personal or professional, and when did that power really came about in his life? John shares his experiences with failure, which he feels are key to where he is at today.  How everyone needs to get comfortable with struggles, failures and hardships.  On top of that, one needs to be able to laugh at themself.   Key Takeaways 1:02 Back with fan favorite John Strand 2:21 John shares his background 3:38 John’s superpower 5:51 Going through the grind to learn 8:30 Partnerships 11:44 Getting a head start 14:58 The entertainment factor 16:36 Journey through being an instructor 19:35 Pay what you can concept 25:53 Education systems 29:18 Advice from John Links: John Strand blog. John Strand on Twitter. Support Hacker Valley Studio on Patreon.  Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.

31mins

25 May 2021

Most Popular

Episode artwork

Hacker Valley Blue S2 Episode 6 - John Strand

Hacker Valley Studio

If want to get into computer security, you're going to learn to love it, you're going to have to be successful, because a lot of computer security isn't just about bits and bytes, it's really about effectively communicating what needs to be done to the right people. In this episode wet have the incredible John Strand. Organizations need to become more proactive, and see where those weak spots are to protect themselves from something like ransomware. You need to run a pen test because you can have somebody literally launch those attacks, and identify those weaknesses in those vulnerabilities before the bad people do. What's the gap that we can all learn from? It's passwords. By and large for most users, passphrases are the way to go. And, multi-factor authentication is actually a very sound strategy. If you look at one key tenant of computer security, complexity is the enemy of computer security. And security is constantly trying to catch up and protect against yesterday's attacks. So, the future is more connected, it's more complicated. And the problem is, we still have people that use weak passwords, we still have people that click on links from strangers. And ultimately, when we're looking at that future, you're going to see the exact same problems that we've always had complicated on a much, much, much, much, much larger scale. As things get more and more pushed to the cloud. There'll be no shelter here, the front line is everywhere. World of computer security.  Key Takeaways: 0:00 Previously on the show2:02 John introduction2:44 Episode begins2:47 What John is doing today3:45 John’s core tenets5:51 How pen testing is “Blue”6:17 Why understanding fundamentals matters8:55 Ransomware10:41 Organizations need to be prepared11:58 Password gap13:37 Password philosophy17:07 Multi-factor authentication21:40 What to do today24:24 New problems26:44 Learn your own network28:26 Where to find John John Strand on Twitter John Strand on LinkedIn Black Hills Information Security Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius

29mins

18 May 2021

Episode artwork

Episode 10. - OSINT in Pentesting with John Strand

Breadcrumbs by Trace Labs

As the saying goes: You can't spell Pentest without "preparation"! OSINT collection is an important (and perhaps under-appreciated) part of penetration testing. In this episode we talk to John Strand about OSINT's place in a pentesting toolkit, what pieces of OSINT don't belong in a final report as well as the Black Hills approach to training (spoiler alert: They suck at capitalism). John Strand on Linked In: https://www.linkedin.com/in/john-strand-a1b4b62/Black Hills Information Security: https://www.blackhillsinfosec.com/Want to learn more about Open Source Intelligence? Follow us on Twitter: @TraceLabsJoin our Slack Channel: https://tracelabs.org/slackLearn how to get started with Trace Labs: https://www.youtube.com/watch?v=7OrI4MYv9i4Learn about our Search Party CTFs: https://www.tracelabs.org/initiatives/search-party

54mins

17 May 2021

Episode artwork

John Strand - Running a Security Company Is to Do Illegal Things With Permissions

Open Web Application Security Project (OWASP) - Portland, Oregon Chapter

John Strand is our special guest today. He is the owner of Black Hills Information Security - a company that specializes in penetration testing and security architecture services. He is also  cofounder of Active Countermeasures. He created the popular Backdoors and Breaches incident response card game. He wrote a book called Offensive Countermeasures (The Art of Active Defense). He can watch him along with other great guests on the Black Hills Information Security Podcast on YouTube.This podcast is sponsored by the We Hack Purple Academy.Links from the show:John's Twitter PageJohn's LinkedIn PageOffensive Countermeasures: The Art of Active Defense (book)Black Hills Information SecurityBlack Hills Information Security PodcastActive CountermeasuresBackdoors and Breaches GameDaftHack's Twitter PageN0BANDW1DTH's Twitter PageJohn Strand is interviewed by David Quisenberry and John L. WhitemanFollow us:HomepageTwitterMeetupLinkedInYouTube- Become an OWASP member- Donate to our OWASP PDX chapterSupport the show (https://owasp.org/supporters/)

39mins

21 Feb 2021

Episode artwork

34 - John Strand & Moving Beyond 0-Days

The InfoSec & OSINT Show

This week John Strand joins the show to talk about pen testing in the age of Corona, bypassing multi-factor authentication, dealing with ransomware and starting a security business. My 3 main takeaways were 1) why 0-days don't matter 2) how to bypass identity services like Okta and 3) the one guiding rule for creating a security business For more information, including the show notes check out https://breachsense.io/podcast

36mins

19 Nov 2020

Episode artwork

Fargo City Commissioner John Strand Discusses Masks

News & Views with Joel Heitkamp

Strand discusses the mask mandate he proposed at last night's Fargo City Commission meeting. Strand says, "we punted". The Fargo City Commission, on a 3-2 vote, agreed to have the city attorney draft a citywide mask mandate that would be ready should it be needed. See omnystudio.com/listener for privacy information.

12mins

22 Sep 2020

Episode artwork

#085 – John Strand: Making the Industry Better

Cyber Security Interviews

John Strand is the owner of Black Hills Information Security, a firm specializing in penetration testing, Active Defense, and Hunt Teaming services. He is also the CTO of Active Countermeasures, a firm dedicated to tracking advanced attackers inside and outside your network.John has consulted and taught hundreds of organizations in the areas of cybersecurity, regulatory compliance, and penetration testing. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks. He is also an experienced speaker, having done presentations to the FBI, NASA, the NSA, and at various industry conferences. John also co-hosts Security Weekly, the world's largest information security podcast; co-authored Offensive Countermeasures: The Art of Active Defense; and writes loud rock music and makes various futile attempts at fly-fishing.In this episode, we discuss remote workers in the Covid-19 pandemic, validating VPN targets in pen tests, cloud security, developing SANS course material, how to choose what to give away, planning conferences, threat hunting, keeping up with new vulnerabilities, mental health, and so much more.Where you can find John:LinkedInTwitterBHIS BlogSecurity Weekly Podcast

46mins

4 May 2020

Loading