June 3, 2022

Purposeful Communication Through PlexTrac with Dan DeCloss

by Hacker Valley Red

Show Notes

We’re joined by sponsor and guest Dan DeCloss, CEO and Founder of PlexTrac, on the podcast today to talk about communication and collaboration between the red and blue side of cybersecurity and why security success depends on those two sides working together. On their mission to build stronger, more productive, and well-rounded security teams, PlexTrac provides incredible and insightful metric and messaging tools that change the game for the cybersecurity industry.

Timecoded Guide:

[05:36] Understanding PlexTrac’s history and mission for cybersecurity teams

[09:58] Lack of empathy and understanding in red team and blue team communication

[18:48] Breaking through the resentment and confusion within a team

[24:45] Envisioning the future of PlexTrac’s community impact

[27:52] Caring about your cybersecurity mission beyond yourself

Sponsor:

Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone

PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley

 

What is the function of PlexTrac that would help you the most as a pen tester?

With prior hands-on experience on the red side, Dan found his journey to creating PlexTrac to be full of moments where he wanted to fix the same problems he encountered over and over with reporting and communicating. One of these problems was solved easily with the addition of a video feature, a simple function that has existed since PlexTrac first began but is instrumental and is a huge time-saver for visual learners.

“As a pen tester, I hated finding that I had 20-odd screenshots if it's a pretty complex exploit. I think the adage for us is like, if a picture's worth 1,000 words, then a video is worth 1,000 pictures, right?”

What do you think are some of the gaps in skills that organizations face when hiring these professionals to perform offensive operations?

Communication is key— not just in life, but in this episode. While we’ve discussed skills gaps previously in cybersecurity, Dan is quick to point out that a consistent gap he sees in all areas of cybersecurity is effective communication. PlexTrac keeps this struggle to communicate in mind and creates easy, simple pathways and functions that encourage communication and facilitate collaborative problem solving.

“If there's one area that I really emphasize with anybody that I'm mentoring or have hired in the past is, as a security person, whether you're red or blue, you really do need to be a good communicator and be able to communicate risk effectively within the right context.”

What would you want to say to those folks that don't see eye-to-eye from the red or the blue side?

We’re fighting the same fight, no matter if we’re on the red side or the blue side of cybersecurity. Dan’s message for our warring red and blue teams throughout the industry is to understand the importance of your mission and to not let relationships between red and blue feel clouded with misunderstanding or resentment. No one’s job is harder than anyone else’s, and each role on offensive and defensive plays a part in our collective victory.

“I'm gonna just be point blank about it…Are you trying to just prove a point about your knowledge and your skills? Or, are you actually trying to make the world a safer place?”

What would you want to say to all those folks out there [in cybersecurity]?

As PlexTrac aims to make a huge impact on our community, Dan and his team acknowledge a need for a unified, focused, and collaborative cybersecurity industry, with hard workers on both the red and blue sides. With PlexTrac’s assistance in making reports, measurable results, and communication that much easier, our team at Hacker Valley is thankful to be a part of PlexTrac’s amazing network and can’t wait to share more tools like this with all of you.

“I think keep fighting the good fight, for both sides, and recognizing that your mission is vital to the safety and security of your organization and the world at large, right? We are all in this battle together.”

Hacking the Vocabulary:

DOD: The United States Department of Defense.

----------

Additional resources to check out:

Spend some time with our guest, Dan DeCloss, on LinkedIn, and the PlexTrac website 

Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.

Follow Ron Eddings on Twitter and LinkedIn

Catch up with Chris Cochran on Twitter and LinkedIn

Continue the conversation by joining our Discord



Transcript

Hacker Valley Red
Purposeful Communication Through PlexTrac with Dan DeCloss

Axonius Ad 00:21
Hey everyone, it's me, Simone Biles. You might be wondering why you're hearing my voice on a cybersecurity podcast ad. Well, it's because I'm partnering with Axonius. Whether you're a gymnast like me, or an IT, or a Security Pro, complexity is inevitable. And I've learned that the key to success is focusing on what you can control. Go check out my video at Axonius.com/Simone. That's Axonius.com/Simone.
Chris 00:54
Welcome back to Hacker Valley Red, where we're exploring the nexus of offensive cybersecurity and humanity with a hacker’s mindset. Again, I'm Chris Cochran.
Ron 01:04
And I'm Ron Eddings. And we are going to continue this journey of understanding cybersecurity legends, focusing on red teaming, offensive operations, and anything that would make you throw a hack or attack.
Chris 01:19
Absolutely. One thing that we have to think about is the future. We've been talking about changing this relationship between the red team and the blue team and bringing them together. And this episode, we have a very special guests that we're going to bestow upon you This is somebody that's really thinking about the future, but before we get to all that, we got to talk a little bit about what it means to be a part of a team, right? What does it mean to work together because we often see this red versus blue like, us versus them, but that is counter intuitive to what it means to work together. So, when you think about teamwork, Ron, what comes to mind? When you're talking about uniting the red and the blue side?
Ron 02:00
When I'm thinking about teamwork, I'm thinking about bringing everybody together. I think that's what really a team is. It's a group of people working together to achieve a common goal. And when it comes to red and blue, the goal of both sides should really be to provide security, protection, and safety for your organization. I think as long as the goal is common amongst team members, that's the best place to start. If we're working on breaking down the blue team, and they're working on securing the organization, and we're not thinking about that common goal, there is going to be friction.
Chris 02:35
100%, there's gonna be friction. You said a couple of things that are really important, right? As long as you're headed towards a common goal, right? We talk about one team, one fight all the time. If you're heading toward that direction, all in lockstep, that means it's going to be easier for you to look at it as a united team. Sometimes, you even have to have a certain team identity. One of the things that I like to do when either I'm building a team or taking over a team is really understanding like, who are we as a team? When you say, "Alright, this is the blue side, this is the red side," there's an instant division there just by logic. But when you say, 'We are the security team," it's a very different mindset when it comes to working together. So, team identity, team mission, once you have those altogether, it's easier to march forward. When I did some of the purple team stuff that I was doing, the most important part of that was communication. Communication on the front end, not letting all the secrets out of the back, but communication on the front end to the folks that needed to know what's in scope, what's not in scope, but then communication during the incident and during the exercise. And then, afterwards, that's where the most important communication happens, all the lessons learned. What were all the steps that we're taking? What were all the things that were missed? What worked? How long did it take us to do something for the engagement? All of this communication stuff is really where all that teamwork begins.
Ron 03:55
And it's crazy that you're mentioning all this because it's taking me back to my time as an offensive operator. And I'm thinking, those are a lot of questions I didn't ask my team members. How long is this taking you? Is this easy to fix? How can I help? That's a very important question to ask. And this episode, we have a very special guests, we're actually gonna be talking about: Who builds tools for the attackers? Who builds tools for the defenders? There’re not many tools that overlap where both sides red and blue can both use. It's almost like blue team, you know, they're using the sim. They're using the source solution. They're using the EDR solution. And red team, they're using a completely different set of tools, some custom, some from GitHub, some from vendors. But today we have an opportunity to
speak to Dan DeCloss. He is the CEO and Founder of PlexTrac. PlexTrac is all about bringing and uniting red teams and blue teams. So, without further ado, let's jump right into this interview.
Chris 04:57
Welcome back to Hacker Valley Red, where we are exploring the nexus between offensive
cybersecurity and humanity with a hacker’s mindset. I'm one of your hosts. I'm Chris Cochran.
Ron 05:10
And I'm your other host. I'm Ron Eddings. And this season, we're going to be talking to legends of cybersecurity. And for this episode, we've brought in Dan DeCloss. Dan is the founder and CEO of PlexTrac, who's actually one of our sponsors this season. Dan, thank you for sponsoring the episode, we truly appreciate it. But most importantly, welcome to the show.
Dan 05:33
Well, thanks. Yeah, thanks for having me. It's a pleasure, for sure.
Chris 05:36
Dan, when we had our first conversation, we talked about that tie between red and blue teams. And when you walk me through your product, I said, "Sign me up, sign me up, this is something that we need to do, because communication is so important." And obviously, you have a big role in that you are going to literally change the way people operate, but for the folks that don't know who you are just yet, we'd love to hear a little bit about your background and what you're doing today.
Dan 06:03
Yeah, absolutely. No, that's great. Dan DeCloss, Founder and CEO. I have been in security my entire career, starting to feel old. I started back in 2005, I went to the Naval Postgraduate School and got a Master's degree in Computer Science with an emphasis in security. And so, I started my career in the DOD, I wore a lot of hats. Everything from full management, to IR, to forensics, and then I started to find my niche in penetration testing. So, I come out of the penetration testing background with a deeper niche and emphasis in application security pen testing, so hacking web apps and mobile devices, embedded devices. So, that's really where I got my experience. And really, what spawned the impetus for PlexTrac, which we'll talk about throughout this show, but it led me on the path to now be the founder and CEO of PlexTrac. And really, our mission is to help security people, security teams win and fight the right cybersecurity battles, right?
Chris 06:55
Yeah, absolutely, we got to go to the beginning of when this whole journey really started for you. Because I'm sure it didn't just start when you founded a company like, "Alright, I founded a company, now let's figure out what we're gonna do." I'm sure very early on, this problem kept coming up. What was that problem? And how did you decide that you're going to fix it?
Dan 07:12
Yeah, so during my time as a penetration tester, I hated writing reports, just like any other pen tester, or hacker. Nobody likes writing the report, you'd much rather be doing the hacking. But I felt like we were just spending a ridiculous amount of time on the documentation portion, as well as like, resizing screenshots, and like, doing things that just felt like such a big waste of time. So, that was a big pain point for me. I also hated delivering like, a really large PDF or Word document, and then coming back a year later, and basically seeing that nothing had been fixed here, like, rewriting the same report. So, I hated that problem. As much as like, on the consulting side, you're just finding things that you've already found, so it makes the test a little bit easier, right? But I felt like we weren't making progress and helping customers get better at their security posture. So, I identified some problems there in terms of just lack of collaboration, not being able to help people along the remediation lifecycle, and just more
visibility into the findings as they're getting reported because once you receive a Word document or a PDF as the customer, what are you supposed to do with that, right? So, that was the initial pain point and so, that's when I kind of decided, like, I'm gonna just start with this as a side project and see if this has legs as a potential business.
Ron 08:23
I gotta ask what are practitioners, companies organizations supposed to do with that report? It seems like it can be an overwhelming task. It's daunting, it's in the form of a Word document, and it's not compatible with your security solutions. So, what have you seen as someone that's practice offensive operations? What have you seen organizations do with the report? What are the best practices and worst-case scenarios?
Dan 08:48
Well, yeah, I mean, I guess before PlexTrac. Best case scenario is that it all comes into PlexTrac and you have that centralized view for tracking and remediation. But what we were seeing, and what I think happens a lot today still, is people are copying and pasting that information into a spreadsheet, that's going to be probably the most common thing. Other people will copy and paste that information into other tracking systems like Jira, or ServiceNow, or whatever their ticketing system is. So, you still get some of that tracking piece, but you don't get as much of the detailed analytics, as well as visibility as a whole from: Here were the composition of this report, and here were all the findings out of it, and how are we making progress as it relates to this report? Versus how are we making progress year over year from previous reports, or even quarter over quarter or however often your cadence is for assessments? So, I think the best case is that they're using PlexTrac, right? But at a minimum, using something that is getting more visibility into the progress on every finding, and having a dynamic way to update the severity of those findings, right? Because a low finding from a pen test last year may not be a low today, right?
Chris 09:58
So, where's the breakdown in communication between the red and the blue side? Is there a cultural difference that seems to be separating the two sides? Is there a lexicon different? So, what are some of the things that you would say, at the base level, separates the blue and the red side?
Dan 10:13
Yeah, I think at the base level, at its core, some of it is just lack of empathy. I would say, you know, to not really know, "Hey, this is what the blue team is really fighting every day," right? And here are the things that they have to keep track of, and they're on their minds. Whereas on the blue team side, I think it's also some lack of like, "I don't know how they're doing these tactics and techniques," right? How's the red team conducting these? So, there's, I think, some just natural breakdown and plus, you may have a blue team and not an internal red team. So, you're kind of just, "Hey, we went and hired these people, and they're going to be doing the testing and then, I'm just waiting for a report, and then we'll go on from there." So, I think there's just kind of some natural, just lack of like, awareness that this is what the red team is doing and here's the activities that are going on. So, just a breakdown in some of that communication at its core. And so, being able to collaborate, not only during the engagement, as well as post engagement, whether that's an internal team that's doing the testing or a consulting firm, being able to have deeper visibility and more real time collaboration on what's happening. What are the activities? What should we be looking for? And do we need to fix this right away? These are all of those highlights that kind of brings in that whole purple teaming concept.
Ron 11:24
And everyone's job is harder than everyone else's, right? I'm sure that's also part of the empathy challenge, right?
Dan 11:30
Right. I mean, and I think that's also one thing that we see when there is deeper collaboration. There is
a stronger sense of like, "Okay, I know that the blue team is going to be looking, I mean, these are the things that are their big pain points. So, how do we help them identify the better way in more efficient ways to get this done?" And to even have better recognition of how hard it is on both sides of the fence; how hard their jobs are. So, it's kind of coming back to that empathy perspective of like, "Hey, now I've got a deeper respect for each team's challenges as they go throughout the both sides of that engagement."
Chris 12:01
So, when you're looking at the thing that you have built with PlexTrac, and I'm sure you saw
functionality after functionality really coming together, was there a particular thing you were like, "Oh, if I would only have this when I was a pen tester," what was that function that you would select?
Dan 12:19
What's funny is probably one of the very first features I ever put in was like— This is because actually, when I started writing it, I was moving out into leadership. So, I wasn't doing as much testing, but I added the ability to have videos. I know it sounds very small and simple, but like having videos as an artifact in the write up of a finding. It saves so much time, right? Because hackers love videos. So, that's one thing that's, again, that's been around in PlexTrac since early days, right? But it's one of my favorite features because like, as a pen tester, I hated a finding that had 20 some odd screenshots, if it's a pretty complex exploit or something like that. I think the adage for us is like, if a picture's worth 1000 words, a video is worth 1000 pictures, right? So, that's one of them. I really do like our run books module, and that view and ability to collaborate between the red and the blue team in real time. That's a really nice feature. And then, also, our status tracking capability, where you have that real time view of
what's happening with the finding and being able to make comments and notes that really facilitates deeper collaboration between those red and blue teams on the remediation side of the house. We facilitate that collaboration during the engagement as well as on the remediation side.
Ron 13:30
I love the idea of videos, because that's the way that some people learn best. Some people learn best by reading, but me, I'm a visual person, I learned best by either watching or doing that action while following along while watching. And I'm sure a lot of people are really excited about that aspect of it. Chris and I, we recently did a segment on the cybersecurity skills gap and we really focused on the defensive side of the house, but we didn't really talk about red teaming, offensive operations. What do you think are some of the gaps in skills that organizations face when hiring these professionals to perform the offensive operations?
Dan 14:11
Yeah, I mean, it's a good question. I think, to our benefit and also to our detriment, there's a lot of tools, right? That can-do specific things. I equate pen testing tools to a calculator. Some people will just be able to like, plug things in and hit the button and hope it works, right? You know, but not really understanding what's going on under the hood. And so, I think that's an important piece of like, as a hacker and as a pen tester, you really do need a deeper level of understanding of what's happening on the core technology under the hood, and that's not easy. That's not a quick thing, and it does take sometime. So, I think that's one of them, is being able to understand what the tool is doing and when to apply it because we do have a lot of community-based tools that solve specific problems. So, I think that's one of them. The other kind of soft skills gap that I think that exists is just being able to communicate effectively. Having good communication skills and being able to translate the risk appropriately, some people do a great job at that, and others don't, right? And if there's one area that I really emphasize with anybody that I'm mentoring or have hired in the past is like, as a security person, whether you're red or blue, you really do need to be a good communicator and be able to communicate risk effectively within the right context. That's a soft skill that's a little bit more learned, rather than a hard skill. But yeah, those are my highlights.
Chris 15:30
Yeah, communication is so important in any facet of life or work, really. When you think about the wide spectrum of utilization of offensive security, whether you outsource everything to a vendor, or you have an in-house red team, or even if you don't have anything at all, there's really like a wide spectrum. But for the folks that have an internal red team, do you feel like everyone is using the red team as efficiently as they should? Because it's really about those iterative improvements, right? Where do you think people miss the mark when it comes to utilizing the offensive side of cybersecurity?
Dan 16:09
I think some of the observations that I've had, and obviously, I'm not exposed to everybody's internal pen test teams or red teams, but I think sometimes they over scope, right? They're like, now that they're internal, rather than if they’re in a consulting firm, like I'm scoped within a month timeframe or something like that. Internal teams can just say, "Hey, we're gonna do a three-month engagement," or something like that, which is okay, but I think that you want to put it in the context of: How are we moving the needle more efficiently and more effectively, on an iterative basis? Because I think, when I was a security director, we took things in more small chunks, and like, "Hey, we're going to just test these things and do this quite frequently." So, like, every two weeks, we're testing something different and I think we saw a lot more progress. So, I think making sure, in terms of utilization, it's like, what are the goals that we want to set out for this red team throughout the year? How do we measure the progress? And really then, scoping the engagements and breaking those down accordingly. That would
be my advice, and I think some people do that well and others, I think, probably say, "Oh, we're gonna go try and just boil this ocean," right? And I think there's a time and a place for that, but that's not the way I would do it all the time, right?
Ron 17:15
So, let's say you are dropped in the middle of this hypothetical organization. They don't have any tools, they're just getting started, but they are trying to build this offensive operation, this offensive capability. What are some of the tenants or components that you're gonna want to use if you have something like PlexTrac, or if you don't have some like PlexTrac? How are you going to start to approach the challenge of standing up a red team capability?
Dan 17:42
Yeah, that's a great question. I mean, I think, where I tend to gravitate is doing kind of an initial analysis of like: Where do we just have a gut feeling of where our bigger gaps are? I'm a huge proponent of the mitre attack framework, because it really breaks down: What are the specific tactics in each phase of the attack lifecycle that we should at least have some cognizance of, right? So like, do we have bigger gaps around open source intelligence and recon information, just publicly available information? Do we have bigger gaps in like, lateral movement? Where are some of those bigger gaps that we feel? And then, start testing from that perspective, rather than kind of doing a full blown, "Hey, what are all the big rocks?" Because then you're gonna get overwhelmed. Yeah, you may have a lot of issues, but you got to start somewhere. And so, I think, kind of approaching it from: What's most important to the business? And what should we be testing that really will secure that aspect first? And being able to use something
like our Runbooks module, like, "Here's the campaign, here's the things, we're going to test," and execute on those and then be able to measure your progress in a continuous basis.
Chris 18:48
I don't know if you do a lot of keynotes, but you seem like a pretty confident speaker. So, I want you to go through something with me, I want you to imagine you're up onstage. And out in the crowd, is every team that does not meet eye-to-eye, whether they're on the blue side, or on the red side, there's just something, just some type of tension. And you're up onstage, and you have an absolutely captive audience. What would you want to say to those folks that they don't see eye-to-eye from the red or the blue side? What would you tell them?
Dan 19:17
I'm gonna just be point blank about: What is your goal? What is your mission? Are you trying to just prove a point about your knowledge and your skills? Or are you actually trying to make the world a safer place, right? Because I think when we talk about potentially an adversarial relationship between red and blue teams, it's probably hubris that is likely getting in the way or resentment, right? I can definitely see from the blue team side is like, "All they do is just crush us, and they just don't help." And on the red team side, it's like, "I get to try out this new exploit this time, and I'm really excited about it," right? You know, so there can be those kinds of mentalities. And that's all well and good, I mean, you want those, you want to be exposing the techniques and things, but also coming at it from a point of: What is the goal? At the end of the day, we're trying to improve the security posture of the organization, making the world a safer place. And so, if there's any tension there, it's time to level set on the why we're doing what we're doing.
Ron 20:10
Usually, we would have an ad at this point, and we'd be talking all about PlexTrac. But why do that when we have the CEO and Founder, right? I'm gonna mention a few details about PlexTrac, and I'm gonna throw a curveball at you, and this will replace what we would typically put in the middle. So, for those that don't know, PlexTrac makes cybersecurity teams more efficient, effective, and proactive, and helps them fight the right security battles. And this is done by aggregating security data, centralizing remediation efforts, and deploying a purple teaming platform that helps facilitate tabletop exercises that are going to make your team more efficient. So, the question that I have for you, Dan, is: Why should someone choose PlexTrac, based off of what they're already doing? What can you say any organization could benefit from when using a tool like PlexTrac?
Dan 21:02
Yeah, we're gonna make the centralization of all of your proactive assessments easier to manage, right? You're gonna have deeper visibility on all of the progress that you're making, as you not only report on these engagements, but also remediate the issues out of it. So, you have a holistic view of your security posture. And then, you start to get the added benefit of trending over time in terms of analytics, and, "How are we doing?" So, that's one aspect, and then just deeper collaboration across the different teams that are doing these workflows already, but they had a manual perspective, using a lot of Word documents, a lot of spreadsheets. Now you can consolidate all that information, while bringing in, like you said, data from other scanning tools or other automated tools. So, you really have a central source of truth for all of your security posture data over time.
Chris 21:48
Perfect. You know, it's story time, we gotta hear two stories. Communication would have saved a scenario, this could be a pen test, this could be a red team operation, this could really be anything in cybersecurity that you've seen where communication would have saved the scenario, but it didn't quite go that way. But then we'd also love to hear a scenario where communication did work and it saved either the operation, or it saved money and saved time, it helped the breach. We would love to hear those two stories from you.
Dan 22:17
Yeah, that's a good one. I mean, I can come up pretty easily with them. When I was doing a lot of penetration testing, we had a really difficult time— And maybe this kind of ties the same answer in both, is, if we found something really, really serious during the engagement, time is really of the essence, particularly like, if it's a really exploitable vulnerability, or if you found indicators of previous compromise, right? So, like, "Hey, we think somebody's already in here, or they've been in here recently." So, being able to get that information delivered safely and securely and as quickly as possible, is crucial. So, one struggle that we had is like: How do you do that? Do you encrypt an email? Do you get people to call? But then, you can't get all the details of the issue together. So, it really delays the ability to respond as quickly as possible. And you know as well as anybody, the more time that you give an attacker to be in an environment, the worse off you are. So, I think that's really important, because that happens a lot on proactive security assessments, especially penetration tests, where they do find people, because they're using similar techniques, right? They're going to find the same indicators of compromise from people that are not hired to be doing this. And so, on the flip side
of that, having a more robust, streamlined mechanism for real-time reporting of issues, and being able to get all the details to the right people as quickly as possible, makes a big difference in your response capabilities.
Ron 23:41
What keeps you going back to this red team idea? I mean, do you still get your hands dirty and try to tinker around? What keeps you going back to this red team topic?
Dan 23:53
I don't Tinker as much as I used to, right? I mean, I love the topic. I think that it's one of the most important jobs in security, because I think it really highlights exactly how vulnerable an organization is, regardless of their security investment or maturity. And it's going to highlight the biggest risks that organizations are going to have. So, I think it's a vital and important team to be involved in, in any capacity. And so, I am passionate about that, right? I think it's easy to have a lot of noise, and the red team is really going to help bring a lot more signal from any type of assessment. So no, I don't get involved in it, but I'm very passionate about working with the red teams and helping improve their lives, who in turn improve the lives of the blue team. That's what really motivates us as a company as well, is continuing to keep everybody focused and working on the right things. It's easy to get distracted and lose focus and say, "These are the most important things I have to work on today."
Chris 24:45
Perfect. I'm going to drop you into the future five years and I want you to realize that, "Wow, PlexTrac has been so successful beyond my wildest dreams." What is that impact that PlexTrac has made for the community?
Dan 25:01
Yeah, I genuinely hope that we have made the world a better place by keeping people more efficient and effective, and being able to communicate risk the same way, having a standardized way of how they track their progress over time. I think that's what makes us really mission-critical. And ideally, when people are spinning up a program, it's like Google, it's like Salesforce, "Hey, we need PlexTrac in order to have a top-notch security team and security program, to make us the best team possible."
Ron 25:27
Love that. That's a good way to think about it, being almost like, the necessity for red teaming, like Salesforce is necessity for sales and even marketing, for some instances. So, let's take a look at this word that keeps coming up over and over again, and that word is communication. You've said it, Chris has said it, it seems like this is the skill that you can't miss. This is the most important element because without that, whether you have the best hack, worst hack, it's not going to come across to the team or the organization. What tips do you have for communication? What are some strategies that you use? And what are some strategies that you'd like to tell other people to use?
Dan 26:09
Yeah, obviously, preparation is vital when you're getting ready to communicate. But I think rehearsing impromptu scenarios, being able to communicate with your boss and with other team members, like: Am I talking about this correctly? I think continuing to seek feedback is important. And then, having a standard set of ways that you do communicate. When we're talking specifically about risk, if you have a standard nomenclature of like, "Here's the impact, here's the effectiveness of this exploit," those kinds of things, it really helps drive the point home. But at the end of the day, it's one of those practice makes perfect, you do just need to get used to it. You need to be taking opportunities to provide presentations, or asking just to do a presentation within your team, just to get used to it. Because at some point, you may be in the thick of battle in an incident response scenario, or something like that, where you've got
to go in and defend, or not defend, but like present, "Here's what we've done in the past, here's how we would recommend you go fix this," and your kind of in the heat of the moment. So, it's one of those as you train, you'll fight that battle better. So, I think that's a really important piece and it's just continuing to be prepared for all the different questions that you might be presented with, in any kind of presentation scenario.
Chris 27:21
All right, I'm gonna take you back to the stage again. You're back up there, but this time, we're going to invite everyone in. Not the folks that have the tension, we're going to invite everybody that's in cybersecurity, but we are going to separate it, we're going to have the blue side over here and we're going to have the red side stand over here. For the folks that are listening, I would love for you to speak to both sides. You could go ahead and speak to the blue side for one and the red side. Or if you want to speak to everybody all at once. It's really up to you, but what would you want to say to all those folks out there?
Dan 27:52
Yeah, I think keep fighting the good fight, for both sides, and recognizing that your mission is vital to the safety and security of your organization and the world at large, right? We are all in this battle together. So, I think on the blue team side it's like, recognizing that it is a marathon, not a sprint to secure your organization. So, stay focused on the things that need to get done today and helping prioritize those risks in accordance with what your security posture demands. And then, on the red team side, it's continued to stay engaged with what the community needs. I think probably my bigger message for the red team is like, keep building up more red teamers, right? It's easy to stay focused on yourselves, or to not mentor the next generation of red teamers, but that job is so vitally important and such a skill set that is not easily gained or attained, that we need to continue to bring together the next generation of red teamers, so that we can continue to stay ahead of the attackers that are doing this for nefarious purposes and getting paid for it in other ways, right? So, that would be my message to both sides.
Chris 28:59
Well said, Dan, thank you so much for taking time out of your busy schedule to hop on the mics with us. For everyone out there that wants to stay up to date with you, your company, and everything you're doing to bring people together and go into the future: What are the best ways that people can do that?
Dan 29:14
Yeah, absolutely. So, we do have a special page for Hacker Valley listeners at PlexTrac.com/HackerValley. You can see a demo and get signed up there, but just follow us on
PlexTrac.com for any just product related things. We do have a blog that we try to provide information and webinars and things like that, that is relevant to the community not just product oriented. We're onTwitter @PlexTrac, and then we obviously have a big presence on LinkedIn and Facebook to a degree, I think, we don't see as many hackers on Facebook, but we're all over the place.
Ron 29:47
Awesome. And just in case you've missed it, it's PlexTrac.com/HackerValley. It is also in the show notes, or the description if you're watching this. Dan, we really appreciate it, and we will see everyone next time.
Dan 30:02
Yeah, thanks a bunch.
Chris 30:04
That was incredible. This is what it's all about. It's about communication. It's about solving problems, and creating a new future. Really, communication is all about the future. It's about building relationships. It's about working together, and I love the way Dan really put it. He saw a problem in communication, but he also saw a problem in efficiency. Sometimes, you don't want to pull a huge report together, but to make it easy for the operator to say, "Okay, this is all the information that they
need." Boom, here's a common lexicon that everyone else understands. It makes it so much easier to close out those vulnerabilities. It makes it easier to close out those gaps, and really iteratively improve your security posture.
Ron 30:46
Exactly. So, you just mentioned a key word that made my mind go crazy is: creating a new future. What does that mean? Like, especially from someone like you, that's really teetered more on the purple side of the house, what does it mean to create a new future? And how do we do that? What other kinds of things do we need to look at as a community?
Chris 31:06
You know, it's funny, when you say creating a new future, it makes me think of that formula for
storytelling, right? There's normal, huge explosion, big bang, whatever you want to call it, and then new normal. I do believe that creating a new future is all about that. What is that big bang? What is that explosion? What is that thing that changes everything and makes things better? So, when you think about innovation, you think about creativity, you think about things that disrupt the way we operate today, I think that's the only way we're going to change the future. Because if we just say, "Hey, we're gonna just continue to do things the way they've always been done," you're not going to have that big difference. You're not going to really change the future. It's the people that are thinking about: How do we get people to work better together? How do we get folks on the same page? How do we get folks talking again? Because there's a lot of separation, now that we're looking at a lot of remote work, it's going to be even harder. It was hard enough to have everybody in the same building, red and blue,
having conversations, but now we're working remotely, we have this very myopic view of like, "What my work is, this is my work, these are my priorities." But now, if we can have a place where this collaboration is happening intuitively, this is what is going to help change the game. What about for you?
Ron 32:20
The same thing, it's all about the collaboration. When we look at tools like Slack, Zoom, and G Suite, Microsoft 365, these are the main tools that companies and organizations and teams use. If we can use such few tools to really maintain our collaborative environment, to create an environment for communication through just a few tools, just imagine what could happen if we did the same for our offensive and defensive tools, if we really brought the collaboration opportunities within those tools. When we were speaking to Dan, it almost sounds like PlexTrac is a little bit like G Suite, but for offensive operators and the blue team. So, if we had more tools like that, where I can go and get a report and make action on a report, and then maybe use automation to ensure whatever things in this report are not being followed, like, a security violation or a policy violation, I'm notified. But it seems like we need a lot of tools, like, a lot of organizations are using something like Soar, or custom automation to take output from tool A and use as input for tool B. But really, we just want one tool to work perfectly for us. And I think this is why some security practitioners really like using a suite, whether it's like Palo
Alto Networks, or Cisco. Having more intuition, like you were describing and how to use these tools, is how we're going to create an amazing future for everyone to thrive.
Chris 33:50
You know, it's so funny. When we started this season, I thought it was really gonna be a lot of the tactics and techniques on the red side. But it's really making me think of like, Dale Carnegie's How to Make Friends and Influence People, because a lot of the stuff that we're talking about is about team dynamics, communication, leadership. Even Dan. Dan is doing a technical implementation of communication, like, it's crazy that this is where we have to get to in order to make the teams better. It's not so much about just the technology, the controls, it's not about the processes, but it's about the interactions, it's about the other things on the fringes of cybersecurity that's gonna make a program that much better. And I love the way this entire season is heading, we have so much more in store for you and everyone else out there. It's gonna be really good to see some of these other individuals that are legends in the game, legends on the red side of the house. It's gonna be awesome.
Ron 34:49
So, let's go ahead and jump into it, right? We have more episodes in store, more content available at HackerValley.com. It would mean the world to us if you dropped us a review on your favorite streaming platform, and check us out in our Discord. You can find that at HackerValley.com/Discord, and with that, we'll see everyone next time.

Keeping It Open Source with Metasploit’s HD Moore

July 1, 2022 Hacker Valley Red

00:00:00