Security Chipmunks

Episode 3 - Self made? More like community made

Edna Season 1 Episode 3

Share episode
UNKNOWN:

Thank you.

SPEAKER_02:

security chipmunk podcast where we talk about the development of cybersecurity skills. To stay up to date in today's world, you need to be resilient. That's why as advanced persistent chipmunks, we keep chipping away at it. My name is Edna Johnson. I'm here with my co-host Neil Smalley. And today we are joined by our special guest, Patrick Lowther. Patrick, nice to have you here today.

SPEAKER_00:

Thanks for having

SPEAKER_02:

me, guys. It's a start us off with some news?

SPEAKER_01:

So unless you've been completely cut off from news the last few weeks, there is yet another exchange vulnerability out there. So make sure you are updating and patching your exchange servers. If not, the FBI might be doing it for you as the department approved them going in and removing web shells off of exchange servers.

SPEAKER_02:

Yeah, and that's pretty serious. The FBI has come and to do it for you. You better get to work on that. All right. So for our conferences, we have two conferences that we wanted to mention today. There is... So

SPEAKER_01:

one conference here in April we have is the Many Hats Club Isolation Con 2, which is coming on April 24th through the 25th, which is streamed on Twitch. And there's also a CTF you can participate in as well.

SPEAKER_02:

There's also another one coming up in June. I know This one is not free. This one does have a cost. Right now, early bird tickets are$50, but that is Circle City Con 8.0. They are virtual this year, and they are known as the Happy Little Con. So, DEFCON, that was just released, that DEFCON is going to be in person. What are your thoughts on that? It's going to be hyper, actually, both in person and online.

SPEAKER_01:

I'll let our guest go first here. Will we see you at DEFCON this year?

SPEAKER_00:

Perhaps. So I do have both my rounds of vaccine shots. So I'll meet those criteria. Just really comes down to if I want to be in Nevada in August.

SPEAKER_02:

So it's the heat that's keeping you away.

SPEAKER_00:

Yeah. Yeah. Well, I mean, heat and past couple of years, DEF CON has been like pretty, pretty big. And so with it being a hybrid, I'm hoping if they limit the number of people, I think it will probably make for a better in-person con. So it gets back to kind of the smaller feel that they've had for a while. So if I can get a pre-register, sure, I'll go.

SPEAKER_02:

All right.

SPEAKER_01:

Very

SPEAKER_02:

nice.

SPEAKER_01:

You want to introduce yourself a little bit and tell us what you do? Sure.

SPEAKER_00:

My name's Patrick. I like long walks on the beach. No, I'm kidding. I'm currently a Microsoft consultant working on behalf of Microsoft to help implement their security technologies, both in cloud and on premise. And what that will do is cover Azure Active Directory and everything that's associated with that. Parts of the Microsoft Information Protection Suite as well, which is their data protection and DLP solutions. The identity management, managing the identity of both users and devices. And so with that, that's portions of what's called Intune and also system center or system center endpoint management. Lots of fun stuff doing things like that. So helping large companies and some small companies leverage the most out of their Microsoft benefits and get them into a better security posture. So that's what I do on a day-to-day basis. Sounds like

SPEAKER_01:

a lot of fun, a lot of variety.

SPEAKER_02:

Yeah, that's very neat. So what is the most fun part for you of your work?

SPEAKER_00:

So one of the things I really enjoy about what I do in the security field is Basically, we go to a client and they have a puzzle that they need help solving. And so I get to leverage my training, my information that I know about, my various techniques, some of the best practices in the industry and best practices from Microsoft. I take all this knowledge, kind of jumble it all together, create a design, create an implementation plan for it and start about doing it for these clients. So that's probably my very favorite thing to do. And the best part about doing that is I still get to be hands on and actually, you know, implement that stuff. So that's really fulfilling, be able to see like a project go from, you know, cradle to implementation, and then hand it off and do like a educational dump on the people who will be administering

SPEAKER_02:

it. Wow, that's really cool. So what is the biggest biggest challenge facing you right now?

SPEAKER_00:

The biggest challenge that professionally we're seeing is these companies as they adapt to the newer new is the reaction to COVID-19 and how they can still secure their data that they're generating, secure the data on devices that may not be coming into the office or they may not have a VPN connection back and everything like that. So a lot of the challenge is putting together plans to make sure that these devices stay updated from a security posture and also to make sure that that data that's created on those devices is stored in a protected manner. So no matter if you go and get a document off the shelf or not document, a laptop or something off the shelf from like Best Buy or any of the places like, you know, have a drop ship from UEG or anything like that. The challenge is to how to take this device from a zero configuration point of view, bring it into your cloud presence and then secure the data that's generated by the user on there. So that's like the number one challenge that we've been seeing going forth since COVID started. So it's a fun challenge and every environment is always kind of unique, but also always kind of the

SPEAKER_02:

same. All right. Yeah, so that's got to be a lot of things to consider when you're trying to make sure those are secure and probably that people aren't putting applications that you don't want them to have on their machines as well.

SPEAKER_00:

Right, right. Yeah. Well, I mean, if you think about it, like if you go to Best Buy and just pick up a laptop, right, think of just how much junk and garbage is on that laptop. Now, if you expand that solution, when you go to Best Buy and buy 500, 600, maybe 1,000 laptops because of your supply chain, you can't get enough laptops through Dell or HP or any of your normal provisioning channels. That's a solution that needs to be brought into the fold. It's pretty interesting how to solve those issues.

SPEAKER_01:

So, you're also a student as well how do you juggle your work and your studying

SPEAKER_00:

yeah so you know typically I have anywhere between like 50 hours a week with work and then as I go about studying various classes through WGU and everything like that you know that's probably another 20 on top and I like to do it's kind of a method that I find works best for me so I'm kind of like like an ADHD person. So like I have real hyper focus on something and I like to get really deep into it. So I like to do almost like sprints for studying and learning where I spend 25 minutes doing a study on something. And then I have a reminder that pops up and then I take five minute breaks. So with that, you know, it's usually in the evenings after work and after we've put the kids to bed and everything like that. So it's, It's a process that works for me. Sometimes, you know, I'll set a goal, may not hit that goal. But, you know, depending on the schools that you go to, you know, I'm currently a WGU student. And so their flexibility allows me to have that in my schedule. So that's what I like to do. Is

SPEAKER_01:

there any resources that have helped you along the way or things you go to when you're trying to figure something out, just starting out?

SPEAKER_00:

Yeah. So like going through, you know, Some of the class works. It's always good to read through the syllabus. I like to leverage, like if it's a technical class, a lot of the times it would be through UCertify, the technical learning. As far as secondary learning resources, I like to leverage LinkedIn Learning, which is free with your WGU account. There's also Pluralsight Access, which is another great way to have videos to help kind of explain that. And I'm also a fan of some Udemy teachers and professors. Classes like, you know, Jason Dion really kind of helped get you in the right mindset for what will be on like a certificate exam or to kind of help solve that, you know, issue that you may have a mental block with. So like subnetting, you know, like Jason Dion's video on subnetting, it's absolutely great. He does this corny thing with these gloves and like, you know, counts down from 256 to 128 and everything like that, and then goes the other way for determining the number of IPs, et cetera, in that subnet. But it's a great way to be able to look at it and remember how to do it based on what's on your hands. So there's some of my resources. And then as I'm learning new technologies in the field itself, since I'm mostly Microsoft-focused, I like to leverage, learn, dot Microsoft dot com or like Microsoft Docs on new things. There's also certain Yammer groups that you can join part of the public to be able to get like the new customer focused deployment and the tech community with Microsoft on that. So those are all good resources.

SPEAKER_01:

Speaking of learning new things, I was doing some learning this week. I saw a poll on Twitter where ShadowBits asked, should a decent sock detect using task manager dump lsass.exe so i was somewhat familiar with like using things like mimi cats to dump your memory but i didn't wasn't aware that you could use task manager to dump out the the memory is my understanding

SPEAKER_00:

yeah um it's kind of neat so you can use task manager and if you're looking from like a sock point of view to detect that some tools that you can leverage that are sysmon sysmon being the tool from mark rasanovic who is part of Sysinternals. He is one of the best things to have happened to Microsoft with his tool sets in a long time. The next steps that you can do is, so if you're talking about LSAS, which is the local security authority server service, that's actually folded up onto what's called the LSA. And the LSA is responsible for you know, any type of authentication of users and remote sign-ins and like enforcing your security policies on that machine, right? So that's what the LSA does. And so you can actually set up monitoring inside of there, like monitoring the LSA to pick up mini cats and to pick up those dumps and everything like that as well.

SPEAKER_01:

Sounds like a lot of fun to set up in a lab environment and play with. Or you can do it in prod.

SPEAKER_02:

I wouldn't want to dare do that, but maybe

SPEAKER_01:

you do. I think the point is that a good production environment should have that kind of monitoring. And I also noticed some of the replies on the thread is that you can use things like Microsoft Defender ATP to do some pretty fancy detection as well.

SPEAKER_00:

Yep. Yeah.

SPEAKER_02:

So I was wondering who has been your biggest supporter or maybe your mentor or a role model or the course of your career?

SPEAKER_00:

Oh, my biggest supporter is definitely by far my wife. Um, it's true. Um, you know, my, uh, so like my backstory is I've, I got into the tech field when I was 19. I had just found out, uh, that I was going to be having my first child and I was just kind of a wandering around aimlessly through life, you know? And so when I, when I found that out, I decided I had to get like a real job instead of like washing dishes and being like a line cook and that fun stuff. So I had my first job as a dial-up tech for a local ISP. And so I did dial-up phone support for a year and a half before moving on. But that was pretty interesting because so my wife, she's probably the best thing to ever happen to me because her family has been super supportive. Her dad was always supportive of me. You know, you figure like two teenage kids, you know, the dad may not like the guy, but he was always very loving and welcoming. And, you know, he had a way of phrasing things to really sell it to you. Not really sell it, but to help see how a third party may view it and kind of get that sense of focus on things. So with that, I'd say my wife, her father, and as I go through my career, I always find mentorship through trying to not be the smartest guy in the room. And I say that because if I'm the smartest guy in the room, we have issues. I always like to surround myself with smarter people or people who think differently so I can see things from a different perspective to maybe solve answers from a different point of view. So that's kind of how I go about doing it and finding mentorship. And you may not be looking for a mentor at the time, but you may find a friend and then that friend turns into being a really good mentor. So I've had that happen quite a few times to me so

SPEAKER_02:

yeah that's good to know and it's a good point with being you have your family supporting you in your endeavors and in your career and what you're trying to accomplish and that's really important having that support system at home yeah that's great I'm glad you have that

SPEAKER_00:

yeah thank you

SPEAKER_02:

so what is your dream job If you could work anywhere, do anything, what would you be doing?

SPEAKER_00:

You know, that's really, it's kind of a hard question to answer because as long as a job isn't boring to me, like as long as it doesn't become like mundane and routine for everything like that, I'm happy. And, you know, I could be doing things that I don't really enjoy, but it, Like a dream job to me, it doesn't really matter what work I'm doing. It's the team supporting the work that you're doing. And I say that because a lot of times people will say, oh, you know, I can't do this job for so long because it's so boring. But as long as you have a good supporting team and that team pulls together to get the job done, to me, that's what really makes a good dream job, a dream job. You know, being able to go into work and enjoy doing Like whatever you're doing, because let's be honest, sometimes blue team defense is not the greatest or sexiest thing in the world at all. You know, it's a lot of, uh, uh, black guys, a lot of, you know, getting beat up by the red teamers or even like threat actors, because when you look at it, they only have to find one chink in the armor to get in. And then, then you're kind of SOL, you know? And so from a blue team's perspective, if you're not constantly going through rigorous checks or implementing things in a set manner, which can be boring to some, it can be pretty boring. But like dream job, dream job, I don't really have one. I have a list of companies that I think would be fun to work for. I'm currently working for one of them. So when it becomes not as fun is when I'll start looking around for another position. All

SPEAKER_02:

right. So Microsoft has to keep you on your toes. Right. Yeah. Yeah, that's good points to consider. It's not just the job, it's what you're doing. So that's great.

SPEAKER_01:

So are there any common myths or misconceptions about your profession or field that you might want to debunk?

SPEAKER_00:

So since I'm in the security security side of things, you know, and I do dabble in like, uh, red team activities to keep my skills sharp. Um, sometimes people be like, Oh, you're in security, you know, and to them, what that means is you're, you can like hack into computers or anything like that. Right. And so a lot of times, if you're just talking to like the average lay person, they'll be like, Hey, what about this thing on Facebook? And you're like no man I'm not going to hack Facebook for you to you know find something or like to you know change somebody's Facebook status page or anything like that or you know just some of that stuff when people say they're in security just don't assume that because security is a broad field where you have red team purple team blue team you know reverse engineers where they take the malware and reverse engineer, find out how it goes. And then, you know, then you can gain control of it. And then there's also like threat hunters who go through or like instant response people who go through and help, you know, companies deal with everything. You know, it's a wide gamut of technology. And a lot of people think just because they're good with computers, they'll be good in security. And that's another myth that's not true to be successful in security you need to always be learning you need to be not afraid of taking on new challenges even though you have no idea about it you know you need to be able to take that and start from somewhere at least and then work your way and problem solve but like to get into security you need good fundamentals for your networking language Linux. It sounds funny coming from a guy who deals solely in Microsoft technology, but if you don't have a good grasp of Linux or anything like that, you're going to be in for a world of hurt. Of course, understand Microsoft technology, but more specifically, skills that do transfer well are system administrators and system engineers. With that knowledge, you can take that and be kind of dropped in no matter where you're at and look leverage that skill set that you have built and be pretty successful so

SPEAKER_02:

all right that's good to know

SPEAKER_01:

out of everything we've been talking about like what would be your number one takeaway you'd want to leave our listeners with

SPEAKER_00:

probably uh there's no real set path to get into security and if you're interested in getting into security just make sure that you're the type of person who likes to learn likes to kind of constantly learn because if you're not constantly learning, like I said before, you're, you're going to be, you know, in for a bad time and just always be curious about things. So because those other skills that I mentioned previously can be learned, you know, you can read about them and then you can implement them in a lab, but having like a natural curiosity and a natural desire to always continually to be improving and trying to be better, that's and what you were before. And it's about comparing yourself to where you're at, not comparing yourself to somebody else and where they're at. Because everybody's always on a different journey in life. And if you compared yourself to me, I mean, it's hard. I mean, you don't want to compare yourself to others just because somebody else's journey isn't so easy. Or maybe it may seem easy from the outside going in, but you don't actually know what that person has gone through to do things. So, yeah. And learn how to be empathetic to people. Having empathy when you're in the security field can be a very valuable tool set to have.

SPEAKER_01:

So, is there any place listeners can connect with you online, follow your work?

SPEAKER_00:

Catch me on Twitter at SecurityMuncher.

SPEAKER_02:

Thanks for listening to the Security Chipmunks. And remember, if it seems overwhelming, just keep chipping away at it. He edits out, like I make these, I can't do it on command, but I make these little coughing noises and he edits them out. He makes me sound so good. I

SPEAKER_00:

appreciate

SPEAKER_02:

you, Neil.

SPEAKER_00:

You should do like a, in the blooper, do like a cough reel.

UNKNOWN:

Oh, God.

SPEAKER_01:

Oh, no. Did I tell you how we got the name Security Chipmunks?

SPEAKER_00:

No, go ahead. Tell me.

SPEAKER_01:

So the first time I'm editing, and I don't want to listen to the whole thing normal speed, right? So I crank it up to several times speed, but in Audacity, it turns you into Chipmunks. And so I'm like, this is the best thing ever. We need to just do the podcast and just do Chipmunks the whole time. I wasn't able to sell it on that part of concept, but at least got the name.