Watch Now

Show Notes

If want to get into computer security, you're going to learn to love it, you're going to have to be successful, because a lot of computer security isn't just about bits and bytes, it's really about effectively communicating what needs to be done to the right people.

In this episode wet have the incredible John Strand. Organizations need to become more proactive, and see where those weak spots are to protect themselves from something like ransomware. You need to run a pen test because you can have somebody literally launch those attacks, and identify those weaknesses in those vulnerabilities before the bad people do.

What's the gap that we can all learn from? It's passwords. By and large for most users, passphrases are the way to go. And, multi-factor authentication is actually a very sound strategy.

If you look at one key tenant of computer security, complexity is the enemy of computer security. And security is constantly trying to catch up and protect against yesterday's attacks. So, the future is more connected, it's more complicated. And the problem is, we still have people that use weak passwords, we still have people that click on links from strangers. And ultimately, when we're looking at that future, you're going to see the exact same problems that we've always had complicated on a much, much, much, much, much larger scale. As things get more and more pushed to the cloud. There'll be no shelter here, the front line is everywhere. World of computer security. 

 

Key Takeaways:

0:00 Previously on the show 2:02 John introduction 2:44 Episode begins 2:47 What John is doing today 3:45 John’s core tenets 5:51 How pen testing is “Blue” 6:17 Why understanding fundamentals matters 8:55 Ransomware 10:41 Organizations need to be prepared 11:58 Password gap 13:37 Password philosophy 17:07 Multi-factor authentication 21:40 What to do today 24:24 New problems 26:44 Learn your own network 28:26 Where to find John

 

John Strand on Twitter

John Strand on LinkedIn

Black Hills Information Security

Learn more about Hacker Valley Studio

Support Hacker Valley Studio on Patreon

Follow Hacker Valley Studio on Twitter

Follow Ron Eddings on Twitter

Follow Chris Cochran on Twitter

Sponsored by Axonius

Recent Episodes

Jun 5, 2025

Zero Trust Isn’t a Tool — It’s Everything with George Finney

What if Zero Trust isn’t a framework, but the only viable cybersecurity strategy—more about people than products? In this episode, George Finney, CISO at the University of Texas System and ...

May 29, 2025

Your Two-Year Edge Starts Now with Marco Figueroa

You won’t be replaced by AI—you’ll be replaced by someone using it better. Returning guest Marco Figueroa is back with a frontline report on the AI agent boom. This isn’t a prediction—it’s a ...

May 22, 2025

Badge Cloning, Alarm Triggers & Getting Hired to Hack with Greg ...

Most people think red teaming is digital—until someone bypasses your locks, plants a Raspberry Pi in your server room, and walks out with your data. That’s not sci-fi. That’s White Knight Labs. ...

May 15, 2025

Building Cyber Resilience Through Culture with David Shipley

What if fixing cybersecurity wasn’t about more tools, but about unlocking human potential?  In this episode, Ron Eddings welcomes back David Shipley, CEO and Field CSO of Beauceron Security, for ...

May 8, 2025

Ditch the Spreadsheets: Smarter Crypto Security with Michael ...

Still tracking certificates in a spreadsheet? You’re not alone—and there’s a better way. In this special episode from RSA 2025, Ron sits down with Michael Klieman, Global Vice President of ...

Apr 24, 2025

Protecting People, Not Just Perimeters with Andrey Suzdaltsev

AI is reshaping the cybersecurity battlefield, and cyber adversaries are getting smarter. In this episode, Ron Eddings welcomes Andrey Suzdaltsev, Co-Founder and CEO of Brightside AI, for a look ...

Apr 10, 2025

Digital Clutter and the Death of Passwords with Collin Sweeney & ...

Passwords are the original digital clutter—messy, overstuffed, and way too easy to forget. Like a junk drawer full of old keys and cables, we keep tossing more into them, hoping they’ll somehow ...

Apr 3, 2025

What Most Cybersecurity Advice Misses—And How to Fix It with ...

What if the biggest threat to cybersecurity isn’t attackers—but the defenders themselves? Why are we still building tools for experts in a world where technical skills are fading fast? In this ...

Mar 27, 2025

Hackers Have HR Now? featuring Christopher Budd

The internet once came this close to crashing—and Microsoft was on the front line. In this episode, cybersecurity veteran Christopher Budd takes us inside the Microsoft Security Response Center ...

Mar 21, 2025

Staying Ahead in the Age of AI Agents with Marco Figueroa

Marco Figueroa is back, and his AI predictions aren’t just coming true—they’re unfolding faster than anyone expected. AI agents aren’t on the horizon—they’re already here, and security teams are ...

WORK WITH US

PODCASTS + SPEAKING + EVENTS

Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.