14 best YouTube channels to follow if you’re serious about cyber security

 Watch and learn with our pick of the 14 best YouTube channels to follow if you’re serious about cyber security

Watch and learn with our pick of the 14 best YouTube channels to follow if you’re serious about cyber security

Cyber security is constantly evolving, and to stay ahead of the black hat hackers, you need to stay up to date. We find the best way is to listen to some of the experts – on both sides of the divide – not just telling you what’s going on but showing you too.  

More and more professionals are turning to video-based content. Cyber security has always been an opaque, semi-informal field, so if you want to follow the latest trends, intelligence and training, we reckon you should go straight to the source. YouTube!

Having scoured the internet and watched hundreds of hours of smart (as well as some pretty damn surreal) footage, we’ve compiled a list of the best people to subscribe to on YouTube. Because we’re nice like that.

 

The Infosec Institute

https://www.youtube.com/c/InfoSecInstitute

Infosec describes its mission as putting people at the centre of cybersecurity’. The channel helps IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber safe at work and home.

More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. The lessons themselves are clear, in-depth, while not too hard to follow for those people new to cyber security. If you want to know where to start, start here.

‍

David Bombal

https://www.youtube.com/c/DavidBombal

David Bombal is a funny, engaging speaker who covers varied subjects including Linux, Python, ethical hacking, networking, CCNA, virtualization and more. The subject matter is heavy and detailed, but there’s a ton here to learn.

‍

Infosec Live

https://www.youtube.com/c/infoseclive

Infosec Live’s channel’s biggest feature is Live Streams every week (as well as the usual interviews, tutorials and walkthroughs) – perfect if you have a burning question that’s too specific to find an answer for in the regular videos. You can also join their free online community at https://www.info-sec.live if you need access to mentors, learning pathways and much more.

‍

Security Onion

https://www.youtube.com/channel/UCNBFTyYCdjT5hnm7uW25vGQ

If you want to know more about threat hunting, then peel away a few layers on this channel. Run by Security Onion Solutions, this is a free and open source platform for threat hunting, network security monitoring, and log management. Security Onion includes best-of-breed open source tools such as Suricata, Zeek, Wazuh, the Elastic Stack, among many others.

‍

The CyberWire

https://www.youtube.com/c/Thecyberwire

If you need to stay abreast of the latest news about software vulnerabilities, exploits, attacks and breaches, then subscribe to The CyberWire. It’s a free, community-driven cyber security news service that produces a daily digest of the critical news happening across the global cyber security domain.

Best of all, The CyberWire is ad-free and available both as a daily email and on its website – so if you don’t have the time or toolkit to watch YouTube videos at your desk you can still catch up with the latest news over a first morning coffee.

‍

The Cyber Chronicle

https://www.youtube.com/c/TheCyberChronicle

The Cyber Chronicle says it’s the fastest growing channel on Youtube for cyber security, and you can see why when you watch one of their latest vidcasts. Awarded one of the top ten best cyber security podcasts by Feedspot, The Cyber Chronicle is a weekly video blog of the most shared articles on cyber security across the internet. Basically they scrub the web – including LinkedIn and YouTube – for cyber security stories so you don't have to.

‍

Introduction to Cryptography by Cristof Paar

https://www.youtube.com/channel/UC1usFRN4LCMcfIV7UjHNuQg

Cryptography is an important component of cyber security, so having at least a grasp of it can be important for a number of reasons. And one of the best ways to do that is to go back to school – virtually, at least. Armed with an old-fashioned chalkboard, Cristof Paar a series of lectures to give you a comprehensive introduction to modern applied crypto.

Only school-level maths is required to follow the lectures and you don’t typically need anything but your brain to follow along – although there is also a companion textbook called "Understanding Cryptography" by Christof Paar and Jan Pelzl. You can find it here:  www.crypto-textbook.com

The videos show the two-semester introductory courses for our B.Sc. and the M.Sc. IT security students.

‍

Cloud Security Podcast

https://www.youtube.com/c/CloudSecurityPodcast

As more and more companies migrate to cloud-based infrastructure, services, and resources, security teams need to get to grips with Cloud Security. That makes it one of the fastest-growing areas of cyber security training – but one of the least understood.

To rectify that the Cloud Security Podcast is a community-first Weekly video podcast that features interviews with CyberSecurity Leaders and Cloud Security Practitioners from around the world to help you learn How to and What's HOT in Cloud Security.

Podcast host Ashish is a Chief Information Security Officer (CISO) and has worked a Security Architect, SOC Manager, Cloud Security Engineer, and Identity and Access Management Consultant, so he knows what he’s talking about. The jargon can be a little much, but he really knows his stuff.

‍

Professor Messer

https://www.youtube.com/c/professormesser

Professor Messer is the Internet's most comprehensive choice for CompTIA A+, Network+, Security+, and other IT certifications. All of Professor Messer's certification videos are posted online, and you can watch every minute of every video on YouTube, for free. Crazy.

‍

Malware Analysis for Hedgehogs

https://www.youtube.com/c/MalwareAnalysisForHedgehogs

We can’t exclude MAH – we love a hedgehog too. But also because the prickly one’s subject matter – digital forensics and incident response (DFIR) and Malware Analysis – continues to be the bread and butter of the cyber security space. We’ve gathered a list of some great cybersecurity YouTube channels that cover the topics of DFIR and Malware Analysis.

Definitely not just for hedgehogs.

‍

John Hammond

https://www.youtube.com/c/JohnHammond010

Possibly the most popular vlogger about cyber security, and owner of a perfectly trimmed ginger beard, John Hammond is a must-follow when it comes to all things cyber. Now a researcher for the Threat Operations team at Huntress, Hammond also worked previously as a Department of Defense Cyber Training Academy instructor, he taught the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages and the adversarial mindset.

He has developed training material and information security challenges for events such as PicoCTF and competitions at DEFCON US. John speaks at security conferences such as BsidesNoVA, to students at colleges such as the US Naval Academy, and other online events including the SANS Holiday Hack Challenge/KringleCon.

John currently holds the following certifications: Security+, CEH, LFS, eJPT, eCPPT, PNPT, PCAP, OSWP, OSCP, OSCE, OSWE, OSEP, and OSED (OSCE(3)).

So, yeah. He knows his stuff – and presents it in a fun, simple, engaging way. You can also follow John on LinkedIn here: https://www.linkedin.com/in/johnhammond010/

‍

OWASP Foundation

https://www.youtube.com/c/OWASPGLOBAL

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. It says its mission is to ‘make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks’.

Everyone is free to participate in OWASP and all of its materials are available under a free and open software license.

‍

STÖK

https://www.youtube.com/c/STOKfredrik

‍

LiveOverflow

https://www.youtube.com/c/LiveOverflow

And in the other corner… Both Fredrik Stok and Live Overflow are two of the most prominent ‘white hat’ hackers on the internet. Their videos give a fair summary of what the other side sees in terms of potential exploits and flaws in cyber security systems and regularly take part in in hacking competitions. They’re both smart, engaging speakers and it’s a bit of a relief to have them on our side, to be honest.

 

And that’s our pick of the 14 best channels. Think we missed some out? Want to give your own channel a shoutout? Let us know here and we’ll check it out.

Infosec - YouTube

Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and ce...

 

Leadership lesson learned from being fired

 Leadership: I went through a span recently as a civilian where I lost 3 jobs in the span of a year. I was working my ass off and everything just started going to shit. The worse thing about this time was adhering to the work ethic and values from the Army. I was truly naive and at this led to me making some bad decisions which ultimately cascaded into being fired, and having to relinquish a position I put a lot of blood sweat and tears into. I truly felt that i had let my crew down by leaving abruptly in one situation and then being asked to not come back in another situation. Shortly after the second thing happened I was asked to brief the FBI which snowballed into me losing my TS clearance, the third job and having to decline a very promising position that would have spanned cyber security for the entire intelligence community.

During this time i worked with some amazing selfless people, individuals that owned cyber security engineers and analysts that were on the fringes of attack sensing and warning, fore  


Ladies and gentlemen I am no longer on the _ contract. The client did not feel confident in my abilities to lead the team any longer and requested my removal. This is not a reflection of your abilities to be 100% successful on this contract. Our team has proven on numerous occasions that we are not only capable but exceed expectations;

There were times when they doubted individual abilities but obviously forgot we are a team and would support each other. I witnessed every day your commitment to success and I supported you above all else. I continue to have confidence in you and yes there are areas for improvement which I know you will continue to focus on no matter who sits in the _ desk.

So thank you again, I enjoyed each and every opportunity I had working with you all. You have my contact information feel free to contact me about anything I may be able to assist you with in the future. 

It was a pleasure working for you Bro, you looked out for us no matter what and my first though when I heard the news was a number of us had let you down and could have fought harder especially if we knew this would be the end result.  Look forward to staying in touch with you and I know you'll continue to be a success no matter what your next role may be.

Thanks for being a great supervisor and team player. 

Well, I'm not going lie, it broke my heart when I found out. I honestly did not like the way it was handled. I believe the issue was not with you and removing you from the contract will not solve the root of the problem, but rather misplace it elsewhere. The cards were stacked against you and the team from the start but you tried to keep it together and keep things afloat. 

I know it has not been an easy year, for any of us. I hope you find a position somewhere that will allow you to grow and utilize your skills to its capacity. 

I do want to thank you for everything you've done for us. I know I wasn't an easy person to work with, and my being slightly high-strung didn't help either. (: However, I do hope to keep in touch and look forward to hearing from you again soon. 

Your hard work has  always exceeded the _ _ they through at you. _ God bless you and if there's a job out there you needed me to fill. Text or call me I'll always work for an honest man. Peace _! LOL 

Felt like I should reach out and thank you specifically for your patience with me during our time together. Your commitment to your people above all was something I experienced first hand. Even through my brooding and often critical moments, you always seemed to want to understand and relate on a personal level, well beyond your professional obligations. I regret not returning your kindness more often. Perhaps a missed opportunity for me from being too rigid and absolute in my expectations for our office.  I can say that through your example and time here, I learned from you more then I thought I would. I would like to think I would do things differently if I ever have the pleasure of working with you again.

Thank you for your service,

Today's comment

It's not the load that breaks you down, it's the way you carry it.

23Mar2018

information-technology/2018/03/atlanta-city-government-systems-down-due-to-ransomware-attack/?amp=1

hackingdna.com

Main causes of data losses

                                                                    

Python training

Sentdex Phyton training YT

Python

 Python basics Playlist

Target lesson learned why Small business need cyber insurance

http://news.softpedia.com/news/target-to-pay-18-5-million-to-47-states-for-2013-data-breach-516007.shtml

It has always been my opinion  that all business need to plan for unforseen issues via insurance. Just as consumers have car, home and etc.... This TARGET settlement highlights the need for or at the very least demonstrates the liability that business incur when operating in cyber space. Target can absorb this but i imagine my account or cleaners that operate via the WWW as a critical business component and what would be their recourse in a similar instance. Despite recent regulation for POS and health there is no over arching regulation for PII (personable identity information) and small business best business practices. This leaves a considerable gap for the small business that operates in cyber space. As a tangent is there a need for retailers to warn  buyers of vulnerabilities in IOT?

Cyber kill chain

http://www.darkreading.com/operations/CISO board-members-have-widely-divergent-views-on-cybersecurity/d/d-id/1328674

CISOs, Board Members Have Widely Divergent Views on Cybersecurity

Boards often want a lot more business-relevant reporting than CISOs provide, Focal Point Data Risk study shows.

For all the talk about cybersecurity needing to be a board-level issue, security executives and corporate directors continue to have very different views on just about every critical aspect of the security function.

Research released this week by Focal Point Data Risk shows that CISOs and board members often have different perspectives on the value of cybersecurity, on how to assess the effectiveness of security programs, and how to measure and express risk.

While C-suite members for example often viewed data and brand protection as the primary value of cybersecurity to the organization, CISOs somewhat surprisingly viewed their primary functions as guiding and enabling the business and in ensuring loss avoidance.

For the report, Focal Point conducted one-on-one interviews with more than 50 CISOs, 25 corporate directors and 10 subject matter experts. The goal was to try and identify how corporate directors and CISOs viewed each other’s roles and responsibilities on the cybersecurity front. Interview questions were open-ended and were conducted by Cyentia Institute, which also wrote the report.

One of the key discoveries was that CISOs—at least those interviewed for the report—generally tended to view the security function as having less to do with data and brand protection than board members.

A lot of that, according to the report, may simply have to do with CISOs trying to position cybersecurity as a business enabler rather than a cost center in meetings with board members. While security executives know that protecting data is one of their primary functions, many feel pressured to demonstrate how that helps the bottom line, the report noted.

Board members and CISOs also had substantially divergent views on the effectiveness of their organization’s security program. While 46% of security executives in the Focal Point study expressed confidence in their security controls, only 5% of board members shared that sentiment. Conversely, 49% of board members expressed a lack of confidence in their organizational security controls compared to 13% of security executives who felt the same way.

“CISOs have a challenging time proving a negative, that if they didn’t exist [it] would result in a material weakness and bad outcome,” says Yong-Gon Chon, CEO of Focal Point Data Risk. The board’s lack of confidence also stems from the continuing habit by security executives to present cyber jargon to board instead of business language, Yong-Gon Chon said. Meetings with security executives often leave board members with the impression that no matter how much they spend, they will still get breached.

Similarly, the metrics that CISOs use to convey the status of the organization’s security program to the board tend to be more operational in nature while board members are far more interested in big picture metrics such as peer benchmarking.

One surprising finding from the report is the relatively low desire among board members to see risk expressed in terms of financial losses over a specific time frame.

“I hear it said a lot that the ‘language of the board is dollars,’ and assumed that meant they’d want to hear cyber risk discussed in those same terms,” says Wade Baker, co-founder of Cyentia Institute. “But I think there’s a lot of skepticism on the ability to accurately measure cyber risk, and so they prefer a clear explanation of where things stand.”

John Pescatore, director of emerging security trends at the SANS Institute says much of the disconnect stems from a failure by CISOs to communicate. “CISOs [are] very good at presenting ‘blood in the streets’ and very bad at presenting strategy on how to avoid it,” Pescatore says. Many are weak at using trend data to give the board confidence that the business could avoid or minimize the risks facing them.

CISOs have to learn to show the connection between security expenditures and business impact. “That doesn’t always mean ROI, but it does mean more than ‘bad things are happening. If we don’t get more people or spend more money, it will happen to us,’” he said.

Framing things in terms of risk and business enablement can help enable a better conversation with the board, adds Christopher Pierson, general counsel and chief security officer at online payment service Viewpost.

“Showing the board a bunch of flowcharts, diagrams, and numbers on how much malware was blocked does not answer or address their fundamental question,” Pierson says. What the board wants to know is how the security organization is mitigating risk and what its directors can do to help.

“A [board member] favors metrics combined with an intuitive story. But it has to be a narrative they can understand,” says Daniel Kennedy, an analyst with 451 Research. “The somewhat difficult, technical problem of security needs to be described in layman terms that go just deep enough for very intelligent people, who happen not to be security experts [to understand],” Kennedy says.

Homework

"Protecting the Privacy of Customers of Broadband and Other Telecommunications Services"

War-for-cybersecurity-talent-hits- DC

War-for-cybersecurity-talent-hits- DC

courtesy: www.cio.com 

Matt Hamblen

Jan 17, 2017 3:00 AM

Many analysts and business leaders believe there is a severe need for qualified cybersecurity professionals in the U.S., something that has caught the eye of at least one key congressman.

U.S. House Homeland Security Committee Chairman Michael McCaul (R-Texas) on Wednesday said more needs to be done to address the cybersecurity labor shortage.

"I agree 110% that we need to strengthen the workforce" of cybersecurity professionals, McCaul said during a meeting with reporters at the National Press Club.

McCaul was referring not only to cybersecurity workers needed for U.S. government agencies, but also for U.S. businesses that control the nation's critical infrastructure, including the electric grid and electronic healthcare records. "Eighty percent of the malicious codes are in the private sector," he said.

[ Further reading: Former DHS head urges Trump to see economic dangers from cyberattacks ]

The need to fill cybersecurity jobs has been top of mind recently because of cyber exploits like the two massive Yahoo breaches announced late last year. Also, intelligence community revelations that Russia tried to influence the U.S. elections with various cyber-exploits have galvanized some U.S. lawmakers, including McCaul.

Several experts have estimated the workforce shortage of cybersecurity workers in the U.S. -- across multiple job titles -- currently at 300,000 or more. The most recently available analysis, from the U.S. Bureau of Labor Statistics, said the shortage of such workers in 2015 reached 209,000. Globally, the shortfall of cybersecurity professionals is expected to reach 1.5 million by 2020, according to data published by the National Institute of Standards and Technology.

DealPosts

Despite such dire projections, there is at least one contrary point of view. A DHS official said in a blog post in November that the cybersecurity skills shortage is a myth.

For his part, McCaul plans to push for a cybersecurity agency within the Department of Homeland Security, partly to provide cyber assistance for national elections that are under state management. "DHS needs focus and resources," he said.

To fill cybersecurity job openings, U.S. companies have developed a number of strategies over recent years.

Major corporations such as AT&T have established in-house re-training of IT workers to become cybersecurity professionals. Also, AT&T has set up a rotational program so that a recent graduate can rotate through various departments at the company to become a well-rounded security expert.

"The labor shortage is a huge problem. Nobody can get enough resources," said Jason Porter, vice president of security solutions at AT&T, in an interview. "We're excited to see a bunch of colleges have launched new programs around cybersecurity, so we'll see more cyber talent. But companies are still way behind. Right now, cybersecurity is paramount. We are actively retraining our own employee base."

Over the entire company, AT&T currently has more than 2,000 cybersecurity professionals, he said. The company operates eight security operations centers globally and offers cybersecurity services to thousands of companies.

While AT&T and other major companies are trying to adjust, the security challenges are greatest for small and mid-sized companies, analysts said.

"Small and mid-sized businesses are suffering the most," said IDC analyst Sean Pike. "They don't have the money to pay for talent and not even for managed services. They are sometimes hiring inexperienced talent, like a security generalist, who will move into a specialty in a year or two. It's really difficult to attract and retain the specialists."

Pike said he's heard of security specialists moving into managerial roles in corporations who can make $250,000. One such manager moved into the vice president level and made $750,000, he said. With salaries at such high levels, smaller companies often have to resort to taking out an incident response retainer with a service provider for a year to protect against exploits.

Analysts said it isn't necessarily that there aren't cybersecurity candidates available to fill positions, but there might be a lack of candidates to fill the positions that are open at the time.

Gartner in a recent report said that there is a "war for cyber talent as organizations seek qualified candidates in an environment where demand outweighs supply." Gartner noted that the Bureau of Labor Statistics expects the demand for cybersecurity professionals to increase by 53% through 2018.

Gartner also said security budgets in U.S. companies are not increasing enough to keep up with salaries for cybersecurity professionals that have "skyrocketed."

The cybersecurity labor gap is already causing "major vulnerabilities," said Gartner analyst Avivah Litan, in an email. "Many organizations are turning to outsourced and managed security services to fill their cybersecurity skill gap, but those managed services firms are facing their own recruitment challenges since there just aren't that many skilled cybersecurity professionals to fill the gaps."

FIOS internet is down

Just spoke to a representative to let her know that my FIOS has been out and that I do not have access at the ONT. Apparently the technicians  had not informed customer service of wide spread outages in VA, PA and MD.

Verizion is in need of some process improvements. I hope they get ahead of this before the morning rush in about 3 hours. I didnt ask if there is a differentprocess for buisness customers, I hope so.

Fios internet is down but TV still works I know they utilize MoCa between boxes in the house  to stay synced for time and DVR.

(Draft in progress) National_cyber security_workforce_framework and Cyber career paths

National_cyber security_workforce_framework (NCWF) and Cybersecurity career paths

Aligning the NCWF and Cybersecurity career paths
Ultimately the goal is to do something you like to do, provide for your family and take care of your responsibilities; although I have had genuine success in meeting this three objectives I can also say that i understand simply wanting to move into a career field that has momentum. (insert job forecast)
I hope that by discussing both the National framework and the various career paths that I can demystify what cyber security is in respect to Information Technology as well as provide some ad hock guidance to prepare cyber workforce prospects for a very rewarding career

cyber-security-workforce-framework 2016
"The National Cybersecurity Workforce Framework  provides a blueprint to categorize, organize, and describe cybersecurity work into Specialty Areas, tasks, and knowledge, skills, and abilities (KSAs)." It represents the broadest overarching dialogue on jobs, skill sets and workforce expectations in respect to each distinct functionality. This does not, however represent a strict skill set trajectory, since individuals may have multiple functions based on the size and strategic objectives of the organization. The Investigate and Operate/ Maintain functions are a practical example where an organization could benefit from combining the functionalities into one Job requirement.
The NCWF also "provides a common language to speak about cyber roles and jobs and helps define personal requirements in cybersecurity."

Cyber Security Market:






Cyber-security-career-paths:




Cyber Security Certifications:





















courtesy:
IT Security Career Paths and Certifications
Course by: Marc Menninger
http://www.cyberdegrees.org/listings/masters-degrees/

Congressional Hearing on Cyber

Full Video:

https://www.c-span.org/video/?420936-1/senior-intelligence-officials-resolute-russian-role-electionyear-hacking

Intel Chiefs testify on US Cyber Operations

Speed, agility, organization, workforce improvement are necessary. Improved communication with critical infrastructure and civilian industry.[ WTFO, the guy behind Senator Jack Reed has his badge out that is a security concern, he is too busy on his phone.]

DHS and NIST still on the hook for controls and best business practices

 The cyber domain does not have the same boundaries as nuclear deterrence. But has similar consequences in my opinion from a collateral aspect. 

Damn did Dir. Clapper just say we don't have the Cyber capabilities to deter Cyber attacks from rogue nations states?  Sen Wicker just asked an earnest question on what do we do via our national power. Prevent, Detect, respond, and sustain methodology as Sen. McCain just implied case by case response is not a very good policy I agree that repeatable processes are the norm, however, initial response will require cyber agility while an overarching National policy is more reflective of our national powers as a deterrent. Unfortunately, our current policy does not seem to be up to par. Critical infrastructure is the key and the workforce is the foundation. 

STEM programs are not enough we need to incorporate STEM aspects throughout our primary and secondary education. Definitely, something industry local governments and federal government can improve on via robust education overhaul and cooperation. We have to invest in the future in order to become less reactive and become more proactive.

Tool Check CND/ Forensics and Pen testing

Tools checkin

Kali is on board

Interview prep

WATSON?

PENETRATION testing 101@ Cover6

Couldnt find it on the local network, I wonder why?

LAB/ Malware ref.

Social engineering video

Hacked 

Social engineering tutorial