Skip to Content
1:01:38 Webinar

Ransomware & Resiliency Architectures: A Former Hacker’s Perspective

Each month, Pure’s Coffee Break series invites experts in technology and business to chat about the themes driving today’s IT agenda - much more ‘podcast’ than ‘webinar’. This is no webinar or training session—it’s a freewheeling conversation that’s as fun as it is informative and the perfect way to break up your day.
This webinar first aired on 13 September 2023
The first 5 minute(s) of our recorded Webinars are open; however, if you are enjoying them, we’ll ask for a little information to finish watching.
Click to View Transcript
00:01
Hello and welcome to this month's coffee break for September. My name is Andrew Miller, your host. As always, I'm joined this month by Hector Monger. I've been working on saying your last name, right. I, I think I got it right. Thanks so much for being with us today. Hector. I think it's right.
00:15
You're good. Take it. Uh The topic today, focus is ransomware and resiliency architectures. A former hacker's perspective before we dive into that though. As always, this is a series. Um So from, from a coffee break standpoint, you know, we've been doing this actually coming up to three,
00:33
almost three years now, if you see any of these that you would be interested in and it's why I always go and put this in. We've done one previously with Andy Stone and everybody. And also I'm even gonna toss in the one from last month in case you miss data center fatigue need a cloud bridge, make the cloud fit your business. But these are all available on demand.
00:50
You can also find these on the pure storage website, pure storage dot com slash events. Uh Both previous ones and future ones, there is of course, the, the matter of a drawing that we'll be doing at the end for an ember, for an ember mug that's retail value of 100 and $30 a kind you can control with your phone because it's interesting and cool and actually may be useful too.
01:10
Uh, my wife actually uses ours because she's a, she's a tea drinker and drinks it slowly over time. And of course, if you're one of the 1st 1000 participants, uh, we'll be sending you a $10 coffee e gift card within the next week that's for attending. Uh There are some folks, some categories, you know, who you are where we can't send these gift cards to and thank you for joining us
01:27
regardless. As long as I am your host, Andre Miller and I try not to introduce myself every time thinking about this topic, I was going back to when I was actually before high school even and was using res edit on a Mac to change the welcome to Macintosh screen to be very afraid to try and like, scare your mom. This is like what little kids do when they're
01:48
messing around with computers. Um, or, or even the time that, you know, was newly hired in it operations. And the new, the new security guy scanned the mainframe with Neis and crashed it or, you know, he'd scanned that subnet and I felt really lucky because I've been playing with Neis the week before and I hadn't done that. So, you know,
02:03
I felt like I got out of a jam and he, he got in trouble joined this month by Hector Hector. We're, we're gonna do a whole lot more about your biography here. But do you mind briefly introducing yourself as we're getting going? Yeah. Sure. Um, so my name is Hector. One Seeger. I, uh I'm a director of research for the,
02:23
I would say it's a security company out west. I've also advised for a bunch of startups and, you know, I'm kind of all over the place. Uh I'm a jack of all trades when it comes to security. Really? Um I am a former black cat and not to glorify that, but uh at one point I was the bad guy or
02:37
the bad actor and uh and, but I'm mostly a researcher. I like to um uh you know, researcher and practitioner. Um I have a lot of, I guess interest in, in learning how things work and how they break and so on. I'm originally from the low East side or Alphabet City of New York City.
02:56
Uh For those of you that are in New York now, you would know that Low East side has changed. It's no longer doesn't include Alphabet City anymore. So now Alphabet City is East Village. Fun fact for uh folks that have been there in the eighties. Um And you know, may be confused to why it's not uh, they don't have an association anymore.
03:13
Um, I was a, uh, I would say I started kind of learning about hacking and security back in the mid 19 nineties. Um, it was really inspired by a bunch of films that came out during that time. I'm sure. And you remember, um, we got a question on those actually. Oh, awesome.
03:31
Oh, I can't wait to see the responses on that. Um, and, yeah, so I just, I basically, you know, kind of started out of curiosity and, and got into security of uh again, out of curiosity, I was very instant minded when I started. And then at some point, I took a left turn and I got into uh activism and we'll probably touch into that a little bit,
03:50
but that's kind of who I am these days. Awesome. Thank you. And we're gonna, we're gonna come back and mention the co-host of Packer and the Fed podcast. So there's a, you know, you can already see a little bit of the feel of the story there before we dive in this month though. As this is a series, we've got an interesting kind of two part,
04:06
maybe a two for complimentary this month, focusing with Hector on ransomware resiliency architectures, almost kind of, you know, externally looking at threats. Next month, gonna have Re Tinder A VP at pure networking security engineering discussing DEV stack ops about how you build secure products, how pure build secure products So it's actually a neat kind of complimentary thing that even lines up well with,
04:27
if you're joining us this month, you probably are aware that next month is cybersecurity Awareness Month. There's multiple events that pure is running. Uh, thanks Emily for putting the link to the next month's coffee break in the chat, but it's not just that if anything wrong man, we're doing too many. Well, it's some of the cybersecurity we ought to do a bunch of stuff.
04:43
So digging deeper into data resiliency, both from a tech talk standpoint, that's more deep technical thing. It's gonna be a flash group focused on even you have an engage event that actually has a uh a coach of Tiger Woods. So you have, you know, industry folks that we know that are famous people pair it up with some technology content to make for a fun event.
05:00
Uh By the way, the engage event this month, if you want to join it, if you like coldplay, Coldplay tribute, you wanna talk about uh you know, not having to deal with technical debt, turn up the volume on storage as a service that is actually coming in uh like two weeks or so from whatever today. Sometimes I forget what day of the month, but you can see the information there you can
05:17
register. So with that, I think let's dive into looking at the agenda as always. This is a little bit of a uh a lightweight agenda, keeping it more conversational and heavy slide. So, you know, and, and even a little bit of snark there, you know, enough a ambulance chasing already, please let resiliency be more than a buzzword.
05:36
And I don't know about you, Hector, like resiliency. I feel like it's become a buzzword, but it's a better than average buzzword maybe. Yeah. Well, unfortunately when it comes to, uh, this industry we, we, you know, I, I would say we, it tends to jump buzzword to buzzword. Resilience definitely seems like one.
05:53
I mean, it makes sense. You know, some of the buzz I, I would say some of the, some of the buzzwords that we've seen in the past were for ideas, concepts or products that weren't yet implemented or available yet. Um, but vis vis is something that we could implement today.
06:08
So that's a big difference. Perfect point that, that, that's literally why I think it's like, it's a, it's a buzzword but, but there's some reality to it too. So four parts and, and as always the first half, you know, we're not gonna focus on pure as much. That's the goal.
06:20
So gonna start off with a little bit deeper version, even some kind of your History Hector. And even that, uh you were telling me the story of like, you know, you open the door and you know, hello, it's me when the FBI came, came knocking one time. They're like, really? It's you. So walk through a little bit of your history
06:33
there, then look at, look at both your perspective and even from what I've seen with Andy Stone and Jason Walker, you know, the always evolving cybersecurity landscape change, the only constant next going into. Well, we said it, why, why was up their resiliency architectures? Maybe this is a variation or an extension of defense and depth.
06:52
But, but more than that being real, there's some things that pure can offer here too as well as of course, Hector's perspective on the larger industry. And then last but not least, you know what's coming both overall in the industry landscape uh where you're focused Hector looking at pure investments because we talk architectures, we have to have specific features and tactical depth that we're bringing to these areas for it
07:11
to be true in reality versus just on Power Point. And please as always put Q and A into the, into the, into zoom, we will be trying to end it around 45 minutes after the after the hour, give or take and we'll stay around for Q and A. So put it in and we have got uh Jason and Roger who can help with answering those questions as well as we'll come back and revisit some of
07:30
them live too before we dive in. Let's uh kick off the first poll if you don't mind Emily. And for those of you who remember Emily, hopefully you do Olivia actually had to be uh running around a little bit today. So Emily came back to join us. So uh this was a month actually where we like to do poll questions as everyone knows. And it was a little bit harder because I didn't
07:50
want to ask questions that feel awkward. Um Like you're sometimes you're in these meeting sector and you're not, you're even saying like, you know, you don't want to call the the baby ugly or call these problems because you want to help people not in a way that antagonizes or makes them flustered. So try to walk the line this month with the poll questions that are helpful without making
08:08
anyone feel uncomfortable answering them. So, uh what's your favorite hacker movie? Um Actually did, do you want to answer that in advance Hector or, or do you want to wait and see what the crowd says because you mentioned already? Oh yeah, I'll, I'll answer that. So um I'm really split between, you know what, I'm gonna go with war games. Um uh You know,
08:27
I'm a fan of hackers and sneakers, but war games was the one that really inspired me to, to learn about war dialing, which kind of led me down this path. So, and then do you or your company consider ransomware to be just where does it rank within your threat landscape? Uh We've even been seeing some results from other, other uh or surveys companies that we work with around this area.
08:51
That one have a sense. So we will leave the poll open as we always do because, you know, hey, maybe paying attention to something else or catching a quick bio break and you can do it in a minute. So maybe actually Hector, let, let's just do a little bit longer if you don't mind of kind of how, when you started to go here of, of how you got into, you know,
09:10
no hacking and, and you even mentioned kind of a left turn. Of course, this is never uncomfortable stuff, but it is your history and your background. So you might kind of walking through some of that and, and even like uh advanced persistent threats over to like China and Russia. I think so. Let's turn it over to you just kind of go
09:23
through some of that. Yeah, sounds good. Um And like I said before, ladies and gents, I'm not here to glorify any of that. I think it's, it was, it's a very interesting story nonetheless and um I, I wouldn't take it back, right. These were all lessons that I had to go through and I, I'm very happy to share with you today. Um So let's start at the beginning.
09:44
Let's start at your po question right. There was, there was a point where, you know, I was, I was a young boy and I would watch a lot of films and one of the films that I got to see. Um, that really piqued. My interest was war games, uh, specific because there was two scenes in particular that I found interesting. One was the word dialing scene, um,
10:06
where, you know, uh, the main character would connect his modem to his computer and then he would, you know, essentially call a bunch of numbers looking for live modem responses. I thought that was interesting. I want to learn about that. Um But the second thing was, and it's still relevant today is, well, how do you bypass or circumvent uh a firewall and word games answers the
10:32
question for you because if you guys remember the movie details, there's a point where NORAD and like the department of Defense, they shut down the whopper system, the computer or Joshua, right? Well, what they do is they shut down incoming communication, they don't shut down outgoing communication.
10:51
So Joshua or the whopper system circumvented that by calling the, um you know, the main character back thus mitigating that defense. So what, what you know, for those of you that are in the security industry, you may, you may look at that like a reverse shell, a reverse connection, right tunnel, a reverse tunnel tunnel.
11:11
Yeah, that's exactly right. So that's where I learned that concept from, from that film. It was created in 1983 fantastic stuff. Um But yes, no, I got into securities uh rather I got into, um I got on the internet back in 94 95. And then I got into security as a concept, um, by, I would say the late nineties.
11:33
So during those few years I was learning how to use the internet, learning how to, you know, meet some folks make some friends. Um, in fact, one of my friends is here with me today that I met from back then. And, um, and then it was, it was really about learning about uh well, web application security was really taking off at that time.
11:51
Um So in order for me, I'm not sure if you guys remember this, but before you had PHP and like no GS and all those really cool frameworks, you had something called CG I um Pearl. Even underneath it, sometimes I think Pearl was getting called. That's exactly my path Andrew. Uh In order for me to break AC G I web application, I had to learn Pearl and sometimes
12:13
I joke around and say that Pearl was my first love. This is the first language I got to play with and really spend a lot of time with. Um now, so once I had, yeah, I, I used to have the o'reilly Pearl book and the red book and I kind of learned the Pearl book and I had opened the red book, red book every time I wanted to do something. So keep going.
12:30
Oh, yeah. Yeah. Well, well, Pearl was a fantastic language. It was just very ugly and syntax. Um, but it allowed me to gain access to my first system. Um, and, and for you back then, we didn't have a try hack me or, or hack the box, we didn't have cloud services that you could just deploy a VM and do some
12:48
testing. Uh in order to hack to learn or rather in order to learn to hack, unfortunately, you had to hack to learn. And so, you know, my experience of kind of learning security was by breaking security. OK. Now, OK, so that's like the beginning of the story kind of where I got involved in cybersecurity.
13:07
Um But there was a point where in the mid to late nineties, you had another group called Cult of Dead Cow. Uh We had some other, the uh old hacker groups in those days, but these guys really coined the concept of hacktivism and hacktivism itself is when you take hacking and activism, you combine it together and uh you know,
13:28
you kind of do an engagement. Well, I would say back then it was less on destruction Andrew and it was more of like exploring and learning and taking something apart and putting it back together almost a little bit. Yeah. But if you're doing like a hack of this operation back then instead of like breaking into a system and destroying it,
13:45
you would like leave with the basement message. Remember the basements were the big thing, right? So uh you know, so once I kind of learned how to administer these servers and be able to uh you know, uh even uh learn different vulnerabilities and attack vectors. Um I engaged my first hack of his operation in 2000 and that was against the Puerto Rican
14:04
government and the United States Navy for um something that was happening in that feels ironic given where you are right now, by the way, we didn't talk about Puerto Rico right now. So the government has has forgotten my uh my past transgressions. Um But yes, so that was my first engagement. But really where things took a turn, kind of changed. My life was in 2001.
14:25
So I'm not sure if you guys remember this for the audience here, there was a point in 2001 where a US spy plane and a Chinese jet had crashed. Um and the US spy plane had crashed onto one of the Chinese islands. And the Chinese government wanted a, a public apology from President Clinton at the time or at the time. And the president was being hesitant on kind of
14:46
giving a public apology. And so what it kind of did was create like one of the first, I'm gonna do this very hard emphasis on quotes here. Uh one of the first cyber wars, right? I don't like that term. But uh you had literally overnight uh AAA group from China called the Chinese Honker Union
15:04
saying, hey, we're the biggest hacker group on the planet and we're going to destroy the American government. Ok. And they weren't completely wrong, like, within 36 hours, um, they were defacing and breaking into a ton of us government websites with Chinese messages of, uh, you know, of basically uh dissents and disrespect.
15:25
Um So, you know, being patriotic in a way that I was, I said, ok, well, maybe I should start attacking the Chinese infrastructure because I have a little bit of skills. Maybe I could do something there. Um And ironically, I wasn't recruited by an American, I was actually recruited by a Canadian hacker who work with me um over a period of like six months to break into Chinese
15:46
infrastructure and then we eventually somehow decided we should probably also break into Russian infrastructure where we're at it. Um And that kind of started my career as an advanced threat or some may call it a apt advanced persistent threat. Um mostly against the Russian and Chinese infrastructure for, I don't know, something like 10 years plus.
16:05
Um And you know, it was a wild ride. And by the way, here's my joke of the day, ladies and gentle, the United States government was completely ok. Well, not ok, but they just, they left me alone while I was attacking foreign governments. Um Here's where the left turn really, really comes into the conversation. Um There was a point and I'm sure you guys may remember this during the Iraq war,
16:28
right when it was in the invasion of Iraq. And, um, there was a story that came up that, you know, federal contractors were feeding us soldiers these little plates of food and it was like a, a piece of bread with some cheese and lettuce. And they were charging like 350 bucks per plate.
16:47
That upset me. That really upset me because we have, we have, yeah, because we have soldiers out in the desert. You're giving them the ham and cheese sandwich and you're charging the taxpayer 3 50 a play it. Now, uh, I turn my efforts on federal contractors and that's what may be the bad guy here for real,
17:04
for real. Um, and, you know, once I continued with that, eventually I had to knock on the door by the FBI. And, uh, yeah, it's, it's history. I think you even said, like when, when you opened the door there was a little bit of like, really, it, it are, are you sabo, you know, kind of thing?
17:21
You might mind ending with that story if that's all right. Oh, yeah. No, 100%. II, I just want you to tee that off because I, that's, that's a good part for you. Uh, the, the reality is that, uh, the FBI knew about me for a while. You know, they're, they're very good at what they do.
17:35
They're investigators first. Ok. They're detectives um, they're very smart folks and they have a lot of tools at the disposal. Ok. So I'm sure they knew about me for at least a year before they knocked on my door. And when they knocked on my door, I had, um, someone that's very close to me. Now, one of my best friends,
17:52
uh, Chris Tarbell or back then was special agent Chris Tarbell. And he was wearing like a pair of shorts and a bulletproof vest like a like, I don't know, like a like a half button down shirt and he was like a mission statement. Sounds like, yeah, well, you know, I, I had, I got visualize it for you guys, right? Because whenever we watch F page on TV,
18:11
in a film and a V show, they're always in suits, they look like robots, right? He was very human and um and he was like, hey, so you're sabo, right? I mean, we know you're sabo. Um you should probably come out here and I'm like, yeah, it's me, you know, there's no, there's no need for a fuss.
18:28
It's like, it's not that serious guys. Uh You know, uh yeah, that's me. I'm ready, I'm ready to, to deal with it, deal with the consequences. So um but yeah, no, I mean there, there's a lot more nuance to the story. I know we don't have a lot of time. So I kind of would just wanna um just leave you
18:43
let you guys know that it wasn't uh a fiasco. It wasn't a big crazy affair. The, the reason why Chris and I became good friends because he was a, he was a very nice man. You know, he was very realistic and one of the first things he said, and I'll leave it, I'll leave it here, Andrew. Uh He said, you know, he, um, you know,
19:02
are you really trying to do 100 and 20 years for hacking? Like, do you think that's, you know, you have a family, you should probably think about your family before you make any rash decisions. And that's kind of where we left off, you know. So I think with that there's, there's even some other, you've done some other podcasts with this as well.
19:20
I think I'll point folks to those. Um, but I think we're gonna move into section number two and it's almost as, as, even as we chat and I talked to, it was like, I wanna let this extend to the whole time and talk about some history since then. But, you know, we, we'll kind of stick to the agenda. So actually, if you don't mind Emily,
19:34
um, go ahead and close up Olivia, whoever's on the ball here, uh, close up poll one and then we will share the results back out. So, for anyone who was wondering? Oh, ok. I think we're good. Ok. Um, actually, uh, well, we launched Pole Two. There is it.
19:51
Hm. Let me, let me see if I can go back here and I can tell people what Pole one was. And, uh, so for poll one war games came in first, I think we're a little, little too fast there. But, you know, and then, uh, 37% of folks see ransomware as a top five threat through organization.
20:09
40% see ransomware as a top three threat. Only 5% actually saw it see it as a not a major concern, too much else to worry about. So obviously, it's a little bit of a selection bias here. You probably attended this. If you think this, this event, if you think it's important that actually um the Matrix and War games tied by the way, Hector. So, you know,
20:29
there you go. And we, but we got six write in votes for the net. So I love the net. And so I'm glad that six write in votes for it. Big shout out to those who voted for it. And by the way, the matrix is very cool because if you guys remember um uh Trinity uses a SSH zero day and end map. Uh She use N map to identify SSH and then she
20:49
uses a zero day to break into the service. Uh So big shout out to Trinity for that and um I didn't even put this in my, but I actually used to do a lot with web hosting. So you use N map and, and even just basic stuff like trade or even trying to figure out what's on the other end sometimes. And I was, I just cleared security as a customer. Ok.
21:07
Leaving Poll Two Open which is focused on, ok, I'm getting, I'm getting too excited here, so I'm getting out of order. So Poll Two, you can see it right now. Have you seen firsthand? This is where I was trying to be careful about, you know what I'm asking you. So, if you're not comfortable answering the polls, you know,
21:21
don't, don't feel pressured if you've seen firsthand the impact of a ransomware attack once or multiple times or no or maybe just no comment, it's fine. And then who would you say? And this is a hard one to me who is most on the front line, every one of these folks we listed and maybe more on the front line, but in various ways, but in your opinion, who's most on the front line?
21:41
There's a little bit of a perception, reality kind of question going to section number two though. So let's think about a little bit about the larger landscape because it is always evolving. I think if you're either in it, it's either because you have a little bit of ad D or you just enjoy new stuff. If you don't, eventually it gets too tiring, you know,
22:00
kind of things. That's it in general, but it's cybersecurity too. So, so maybe actually Hector, if you don't mind, let me toss it back to you. What do you see as the current state of the security market? Um especially as it relates to ransomware? Yeah. No, that's a great question.
22:18
Um Because of the kind of work that I do, I've had to dedicate a lot of time in researching ransomware malware samples. Uh With one of my partners alone, we were looking at, looked at something like 500,000 malware samples that were reverse engineered and broken into small little chunks.
22:36
And from that, you learn a lot of things you learn about uh the different techniques and tactics and procedures being used by these bad actors and that's very useful. Um But let's talk about what's, what's affecting clients, right? I have clients that are being affected by ransomware substantially.
22:54
Um And ransomware is not really going anywhere and there's a lot of reasons for that. Um You know, you have issues since 2010, but it's still effective. It is crazy. Oh yeah. Well, even going further back like one of the first campaigns that ever happens, um You know, it could have really, I, I don't think it was effective because it did not rely
23:14
on Cryptocurrency. It did not exist back then. Um But they used like something like paypal snail mail. I mean, you guys remember going back to the eighties, it used to be a virus that would ask you to send a check to an address. Um But no, but since 2010, with the advent of Bitcoin and, you know,
23:29
alternative cryptocurrencies, um it allowed for these Attackers to actually, uh moet their compromises. A lot of hacks would be done before then, but folks would just stay on their access until they could monetize in some way. Um But yes, unfortunately, ransomware because of the human element and we could talk about that all day. Um because of lack of policy and,
23:50
or policy enforcement, we could talk about that as well. Um You have a lack of, of kind of dealing with your asset management and uh and even endpoint controls, right? You know, there's a lot of great tools and I would have to say the difference between 2010 and, and today where we stand today, there's been a lot of really good tools and products
24:09
and solutions. Um Some of them are cheap, some of them are not, others are free, some are open source. There's a lot of, you know, uh creative minds working on solutions to the big problem or a set of problems. Um But unfortunately, you know, due to many reasons, we still kind of find ourselves in the same position as we were back in 2010.
24:29
And, you know, in reality, it's, it's uh it, it might be like that until we have more of these discussions like this discussion right here. I'm hoping the audience has a lot of takeaways and I'm hoping that the audience can go back to the company and say, ok, look, we need to look at our security posture and our policies and how we're doing things to try to mitigate an attack before the attack happens if possible.
24:50
Ok. Um, yeah, there's actually one thing I, I wanna go there to even. So, so M fa that's often talked about, um, is it bulletproof or if, if, if it's not, why? Because I'm sure that's something that's hopefully top of mind for folks on the call with us today. Yeah, so M fa is fantastic,
25:07
right? I love M fa. I would recommend that all of you, you know, incorporate some sort of M fa unfortunately, it, it, it's not bulletproof and it all depends on how you deploy Multifactor authentication, ok? I'll give you some examples of bad implementations if you guys don't mind, right?
25:23
So, so you, you would argue that enabling Multifactor authentication in general is very useful, even if it uses S MS as kind of a, a a AAA method of of kind of getting a code and then inputting that code into the application. Here's the problem without S MS S MS is a plain text protocol. OK? Uh Yeah, it could be also references to a reach
25:50
out to for that. Um So yes, even though, you know, at the very least you have a uh M FA implementation. But if you're being targeted by a foreign actor with access to a rogue telecom. They could do a SIM swap, they could intercept your text messages, they could theoretically get that code and then you know,
26:09
if they have your password, they could just log in as you, right. So that's a bad implementation. It's something. But if you're aware that there are potential risks to the implementation, then now you can start to improve or even change how you do it. I'll give you another example, Andrew. I'm sure you've probably heard of this right.
26:26
There we go. Seth just said it right into the chat. Push, right? It's amazing. Push to push or, or, or, or or M fa fatigue, right? And that is when you know you have an M fa implementation where in order for you or the the the account to get logged in. OK?
26:43
Um There has to be some sort of personal notification sent to your mobile device. Um If there's no limits to that process, meaning that you could do it over and over and over. Ding ding ding, then you're basically doing a denial of service against the user of the victim. Eventually they might hit yes. OK?
27:01
Or they might even hit yes by accident just opening the phone. So they call it M fa fatigue. Um You know, so Ju Julie just wrote multi failure authentication. That's right. Um So, so those are examples of bad implementations, right? They're better than nothing. Ok. And if you have to implement it that way,
27:20
make sure it's temporary. You know, you wanna be able to verify your push notifications, you wanna be able to have some sort of validation. Other people like to use codes right from your phone or mobile device. I myself and my company, we use, um, secure uh uh tokens or rather security keys. Um, and there you go. And Matt, Matt just said in the chat,
27:41
final two security keys um are the move and that's exactly what I use. And Mr Widget as well said, UBI co et cetera. Um So yeah, so um M fa works, it works very well. But ladies and gents, I wanna really um also and this is not to scare you, but even with the, the most advanced implementation you could do using uh final two
28:04
keys um with a uh authentication, et cetera. Uh there are still attack paths, right? Attack paths that can't be leveraged by the attacker, especially if you have zero end point technical controls because then what an attacker can do, assuming they're able to compromise your laptop or your workstation, they could just grab your authentication session cookie from your web browser and
28:26
authenticate or rather use that session cookie on another browser and log in as you completely bypassing the entire process, right? But that's a conversation for endpoint security when we get to that point, I think maybe I think we'll get into this a little bit. Maybe, maybe last question here. I'm just always,
28:41
I'm always watching Time or keeping it loose. But, yeah, I'm watching Time to make sure you hit on what promise. So may maybe in the ransomware space, a lot of Attackers aren't technical or at least from what I've seen is even conversations an Estonia, many are almost some more business types. Uh, what do you see there as far as kind of the mix of business and technical and,
28:59
and even the reason for that too? Yeah, so let's look at a ransomware group very quickly, right? Most ransomware groups right now utilize um delegation. So you may have people that are focused on operations, meaning setting up infrastructure, putting the website together, you have others that deal with support.
29:20
They would, those are people that actually negotiate ransoms with victims, unfortunately, which II I don't know how anybody does that job. I would feel so bad, right? Um But then you have the initial access brokers, the I A BS. These are the guys that, you know, 20 years ago were doing what I was doing,
29:36
which is scouring the internet looking for targets, compromising networks and they'll sit there. Um At least back then now once these guys get certain access, let's say active directory access, um you know, uh you know, maybe maybe premise access to main administrator access, then they'll take all of that information and sell it to a ransomware group.
29:57
OK? And we're talking about $1500 maybe a little bit more depending on a target, depending on the victim. Um And yeah, there are, there's a lot of delegation and in many cases, a lot of these groups are not run by technical folks, they really aren't. These are folks that um are more on the business side,
30:16
like you said, Andrew than on the technical side. So are these guys super hackers not necessarily now? And even, I mean, there is a piece of, I mean, I think you, you, you mentioned something about you doing the same way, it just any time selling those, there's like a specialization and you break stuff off based on
30:31
if this is like classic business, stuff like attitude and aptitude, what people find interesting what they're good at and stuff starts to split off that way. So the that even I think answers a little bit of sometimes as we hear about regular fed takedowns and it's like, why does it have lasting impact because it's a little bit of a whack, whack a mole. I mean, there's always people out there that
30:51
will be willing to set ethics aside. They're opportunists. So if they, you knock down one group, there's a void nature pours a vacuum is actually how I think of it sometimes in many ways. So there's an opportunity there and then you mix in the pieces about countries around the world. Um and even some of these have been successful enough.
31:08
They've, they've retired off this too. Ok. I think anything else you want to add in here because man, there's so much, there always is and I know some of what we chatted about ahead of time we left out here. But any, any final thoughts on kind of the current evolution of the landscape? Yeah. So there, there are some, there are some things that people should be aware of.
31:25
In fact, um uh we have Stefan, he, you know, he kind of made a great point about the zero days. Um Well, great comments in the chat, by the way, keep those up please and keep going. Actor. I love the chat. Yeah, great comments. I've been reading by, I've been reading and just kind of, you know, throwing them out there.
31:40
Um I would say that the use of Zero days has been a lot more prevalent, more noticeable recently. Um It wasn't not even a couple of days ago when we heard about the new Pegasis Malware strain affecting um iphones, the latest iphones um using a zero click uh vulnerability or exploit. Um So here's the thing, folks, right,
32:01
zero days are vulnerabilities that have not been patched or unidentified. Um probably won't be patched for quite some time. Ok. There's not really much that we can do, um you know, to deal with a zero day. Um If someone has a zero day, which is basically like a, a master key right into your, you know, your building.
32:19
There's only so much we could deal with that, but there are, there are some circumstances or some controls you could put in place to limit the damage. OK? The blast radius. Yeah, to limit the blast radius. You know, the one thing I always tell folks and this was, this applies to anybody here today. You know,
32:36
what you can do at the very least is take your next lunch break with your team and sit down and say, ok, what's the worst case scenario if Bob gets compromised? Um How, how? Oh yeah. And Bob could be an admin. Uh What about Joe? Joe's been, he's been a network engineer for
32:53
the last 15 years. He probably has access to everything and he probably has policies that mitigates zero trust policies, right? He probably has full control. But when was the last time Bob changed his password? Hey, Bob, can you change your password? I mean, you don't have to admonish anybody, but even having those conversations are very
33:11
similar to what we call in the industry. A tabletop exercise. Let's talk about it. Let's analyze and we could start to come up with solutions. OK. So I'll leave it at that. I love the highlight of tabletop exercise because sometimes tabletop exercise would be like, oh, it has to be. Sometimes people jump in it,
33:25
this big consulting thing. It can be and maybe it should be frankly. But it could be internally done. It could even just be a series of conversations where you're starting to think through what would happen if you know, kind of thing. That, that's really what it is and, and then we break bit process and reporting and structure around it,
33:39
but that's the core. Yes, let me go ahead one last point. So you brought up a good point, right. That yes, you could bring in a third party vendor to help you with the tabletop exercise, but it's not required. At least not yet. If you guys are doing zero tabletop exercises,
33:56
you could start now within your lunch breaks or dedicate some time to it, take what you learned there and when you're ready to have a third party vendor come in and validate that stuff for you, you can, that, that's all, that's all Andrew. Oh, I mean, it's, it's a, it's a thought process or um a kind of mental approach as much as it is like this official
34:13
thing. Um It can be both but that's where it starts. So, Paul two, thank you for answering. You know, we had actually 975 folks answer. So, um the majority, you're seeing these results here have seen one attack or multiple attacks that almost gets us into two thirds, 63%.
34:29
Uh Some folks are not comfortable commenting. So hopefully, this is even useful for you as you're joining, you get a sense of what your peers are seeing and then who's most on the front lines. This was interesting to me, this was a e even three way split. Application teams lower. And that's where I think even some of what you were talking about Hector with application
34:45
fuzzing and some of that, you know, that's the very front end if, if you're not doing it at the human side of getting in, you know, on the, the side door be humans. But the network teams, data storage, data protection teams, security all, all mixed up there. And I was wondering if you might see everyone's
34:59
like, oh, it's a security problem, but that's not what folks are thinking or seeing. So that's actually quite cool to see because it is more than just a security team thing. Um, unfortunately, it would be nice and simple if it was, but it's more than ok, so we'll stop sharing that one and moving into section three. And by the way, in case you didn't figure out this is where like there's so much good stuff
35:19
and I was gonna just naturally let things go longer, so we'll accelerate here a little bit. But as we get into now, kind of what does pure do to be honest. But, you know, as, as well as with your perspective. So we started out by talking about resiliency as a buzzword and there's stuff that we do from peer standpoint and what we're kind of calling resiliency architectures.
35:39
Uh, before I go there, do you mind kind of exploring a little bit, um, Hector, what se resiliency means to you? Sometimes it's about, you know, security as life cycles. Maybe it's about prevention, then it's all about recover, et cetera. But, you know, when you think about resiliency, you would try and unpack that term in a legitimate helpful
35:58
way. What, what, what does it mean to you? Yeah. No, I mean, it's, that's a great question for me and, and mind you, I, I might have a different answer uh because I'm mostly on the offensive side of research, we didn't script this part actually. So, you know, uh so, you know, it, it was fantastic about me being in the position that
36:17
I'm in, I'm able to listen to the resiliency concerns of clients um from a whole bunch of different angles from different industries and, and kind of what, what they prioritize more, right? So let's talk about some of the points that I think that are interesting, at least from what I've learned.
36:35
Um We have organizations that may have developed some sort of policies and those policies may not be uh enforceable because um maybe there's a structure problem, maybe the c the CIO the CSO and the security engineers are not really communicating well. Um And so because you have that failure and structure when it comes down to a breach and incident, something happens, um there's chaos and I actually see that a lot.
37:03
Um, so that really affects resiliency because at that point, if there is a complete fail of ongoing policy, um, then you may not even know who to call when the ransomware does hit, if it does hit. Ok. Um, so, you know, you have that another issue that we're seeing that I'm seeing, at least on my side is a lot of organizations, you know,
37:23
they'll, they'll follow kind of like a blueprint. All right, we're gonna set up a network, we're gonna get this product, we're going to set up a backup solution. Right. Um, and, and some of these are, are, are, you know, uh, really great or not so much. And, and then that's it.
37:37
They're connect, they'll connect AAA backup server to active direct three on the internal network and they'll set it and forget it and they'll automate the, the backup process. But here's the issue. They don't have any, uh, especially some of the things you're gonna talk about today. Uh, Andrew, they don't have any capabilities beyond what they're currently doing in terms of
37:58
security. And, um, you know, being able to, to kind of, uh, you know, redeploy or, um, being able to get back online in the event the incident happens, they're not really prepared for that. In most cases, if I'm able to break into an active directory of domain admin account, I have full control of the backup service.
38:19
We've seen that before. Oh, Yeah, all bets are off. And I'm sure you see that a lot that we've heard a lot of stories of companies where they're like, yeah, we had backup solution but the Attackers got access to it. The whole what if this is a, is a real story. A hospital got to make the super anonymous where the storage admin the day after he went on vacation,
38:35
the Attackers kicked off the attack trashed, the snapshots tracked the back, trashed the backup servers. It turns out they pushed a key logger to his machine because they compromised the help desk because they gotten on an individual person and dumped the Sam credentials. I want to say to get help desk credentials. So that's like a really hard attack chain. And the storage adman didn't do anything wrong
38:54
in that discussion except like press the help desk to update his machine, maybe help. Like that's what you're supposed to do. It's a policy thing. So especially there. And so resiliency architecture for pure often focuses on on kind of the last line of defense and even having multiple layers there. Like you were saying,
39:11
like if you get active directory, is it like that's the holy grail and all bets are off. So this is actually super brief from kind of an approach standpoint, but we've taken kind of an evolution of what we believe is modern data protection. So modern data protection is not just backup, it's about restore. Like restore matters more than backup these days.
39:26
Frankly, 10, 15 years ago is an era of backup. Windows are most critical now, it's about restoring. So, the idea that you would have multiple layers of protection within your last line of defense and you'd have all of these protected by safe mode. You might have primary data, you know, longer term snapshot warehouses, even for like instant response analysis kind of thing.
39:45
Of course, you need Dr but you don't want the Attackers to be able to trash your Dr set up if you need it. Maybe even all the way down to a data bunker scenario. Uh This is where even this can be for us in partnership with a bunch of our other backup providers and partners. But when we layer in especially the portability of data,
40:05
data mobility between systems and efficient ways and for different purposes, some is for fast recovery, some is for instant response, some is to accelerate SIMS. You know, you gotta be able to figure out how the Attackers got in what they got access to and then of course safe mode. And this isn't really meant to be a safe mode a today because I'm hoping that most folks here know about safe mode.
40:25
But the core problem, safe mode solves is not immutability snapshots on pure are already immutable. But if someone gets administrative access to a pure system, can they do the final removal of data and basically blow everything up safe mode helps for that moment. Originally, maybe it was a rogue admin but really today in this scenario, which is really a compromised and administrative scenario and
40:45
that's really, really hard to solve for um any, any commentary on Safe Mote Hector before we jump into the, the final section here or even just a well safe mode because, because you're aware of some of this too, we've been working together as well as even just the, the rogue and compromised admin scenario. So back to you. Oh, absolutely. I mean, I mean, this is very important when
41:04
you're able to uh and I like the tiered approach because the one thing that we want to do, right. So we know there's zero days and we know that eventually there may be a breach, the worst case scenario might happen. Now, um We wanna make sure remember if we're talking about like a ransomware group that they're monetizing their attacks, time equals money.
41:23
OK? Um There, you know it, and I would say a group that has kind of a methodology, they have a kind of a blueprint on what they do once they're inside of a network. If they're running into hurdles when it comes down to breaching your backup solution or your current implementation, or they're not able to control backups after they realize,
41:44
ok, we, we, it's a tiered system if they realize it at all, right. Um They're definitely going to uh you know, change their approach or kind of move forward, right. They might do a wipe aware situation but guess what? You have a tiered solution in place you have backups that are,
42:01
you know, in, in uh uh recoverable. Um And I mean, I think that what makes it, I, I'm always down for making it more difficult for any attacker to be able to have a successful attack. So big. Shout out to safe mode with and this is a critical piece there is without, I've seen protections here that add so much operational complexity that you can't keep up
42:21
with it, which is like this is all great in theory, but I can't play, pull it off. So the even though we're showing and I wanna make sure to highlight here kind of multiple layers. This is layer on top of stuff that folks either pure customers do today or are you doing in existing architectures with a focus on operational simplicity?
42:35
Now, obviously, that's a big promise. We're not going to cash that check today, but it is a focus on what we're going through here. Last poll. Actually, before this, let me, let me share back the results from, oh no, we already shared the results from poll two. It's actually Emily or Olivia if you don't mind launching poll number three.
42:52
So curious because we're talking about recovery there. So I mean, you were talking earlier about M FA and endpoint protection, so not diminishing that at all. But you know, focusing on some of the recovery pieces. So does your company focus as much on prevention as recovery? There is a split, then how many copies of data
43:08
do you target for recovery purposes? So this is 1234, there's even some old jokes about you don't need one copy of your data, you need five or 10, especially if you get into like dev test scenarios, you got, you know, data all over the place and pointer based snapshots help with that. We'll leave this open though as we go into the final section.
43:23
If you and I know I promised at the beginning we target usually kind of 45 minutes after the hour, we're, we're gonna bleed into that a little bit because I think uh well, I, I aired on the side of doing more in the front end section here with Hector, your background and just industry perspective because I think that's helpful for folks. So let's uh move into the last section here of what's coming.
43:43
Uh Do you mind before I jump into maybe kind of pure investments? Do you mind starting maybe a little bit of a, an industry landscape, Hector of kind of what you, what things you see evolving in the industry? Yeah. So I would say from the security perspective, you're going to see the use of A I and a lot of tools.
43:59
Um And I think that's to be expected. I mean, I, I know a lot of companies that have been doing, um, you know, a I work even before, like, you know, people had access to G BT or CHAT, G BT and so similar. Um, so there have been tools in development for quite some time.
44:13
You're probably gonna see more of that, uh, probably on the defensive side and detection. Um, and you might even see a lot of that in continuous work. Um So you can definitely see more A A I stuff there and it's gonna be interesting. OK. What I would love to build one day is a platform where you could look at, let's say your last 10 pen tests,
44:35
take a look at the results process that through natural language processing are similar and be able to prompt and say, OK, so which vulnerabilities uh have been the most persistent for our organization? Um And you know how much it's gonna cost assuming that my it support guy $75 an hour to remediate some of these issues, right? So you're gonna be able to do some really cool
44:55
stuff in the near future. Um So you're gonna see a lot of that. We're also gonna see a lot of organizations moving into password list, right? So pass password authentication um using either your mobile device or even a security key as an alternative um to deal with the fishing problem. Um Endpoint detection, I mentioned a little bit with a I,
45:16
you see endpoint protection getting better and better. There's some companies out there, I don't wanna really mention their names right now, but they're doing amazing work in that space. Um And then finally, let's talk about the attacker side, the Attackers are going to attack, they're always gonna target what, what really makes the most senses of um if you make EDR
45:37
nearly impossible for them to, to kind of uh to breach or, or, or deal with in a post attack scenario. Um Then what you might see is more on the social engineering, on the human side, right? If social engineering on the human side gets more difficult as more technical controls are implemented and more organizations becoming
45:55
more secure, um then you might see the use of more zero days get access to external assets and then being able to compromise elements of the internal network. So that leads me to finally um zero trust again, I may have mentioned before, but zero trust was actually I was making a reference to it earlier, Andrew, right? We talk about buzzwords, zero trust for a
46:16
minute, for a minute. I'm sure we could agree. Um It was kind of like a buzzword scenario, but what we're, what we're seeing is a lot of companies big shout out to these companies, they're coming out with very cool products to kind of deal with zero trust. So I hope you implement some of it. OK?
46:32
Um I know it's complicated for some organizations where they have a massive network, they have active directory, 50,000 employees and a whole bunch of forests. You know, that would be like the opposite of a zero trust environment. So organizations are working on products and solutions to kind of add on top of that or even hit, even, you know, even implement their solution prior to getting access to one of
46:53
those services. I guess the point is we're much better off than we were 10, 20 years ago. There's still a lot of work to be done and I think that, um you know, we'll get there over time. So that's, that's what I'm seeing right now. I mean, I even go back to like when I was a data center architect, if you'd asked me if everything in
47:08
my data center is patched and hardened and up to date. Oh, I don't like that question. We keep building more stuff, we add more and we build higher and higher stacks of infrastructure. And so the reality is that there's gonna be holes, there's gonna be little areas that people quit and focus on. Um So let me let me flip it around then to some
47:25
of what pure has been doing here in this space and this is going to be a lightning round. By the way, I want to definitely recommend some previous and future tech talks will go deep in. We mentioned safe mode based on the worsening ransomware landscape. This is now the protection against even administrative compromise or even it could be the accidental admin too, you know, who does tell you need to.
47:45
So, um this is actually making safe mode on by default and it's an opt out but it even can be granular to per race. So there's some details here about, you know, so mutable snapshots automatically existing volumes and policies aren't modified and then you can opt out if you want to. But we've seen enough cases and sadly where people are like, man, I wish I known about this and it's like we've been trying to shout some
48:05
of this stuff from the rooftops, but we're moving safe mode on flash array to a default on and you can opt out still would light a operational overhead even pieces around visibility. So out of pure one, there's a data protection assessment we launched this recently or um a major new version of that incorporates resiliency score which gives you a sense of which of the pure security features that you're
48:26
actually leveraging and focusing on. Sometimes this gives good visibility across the board, what pure capabilities you're using or not. I know I recognize when things are red or yellow. It always makes you like, oh, come on really. But you know, just gives you visibility related to that.
48:39
Another thing we'll often hear is, hey, if we're using snapshots, even if they're better than average snapshots what snapshots want to be when they grow up, they're pointer base. They don't take space when you make them et cetera. Well, they do take space. It diverges from the baseline. So actually helping people sometimes tactically,
48:53
people get stuck in a little bit of paralysis analysis about, hey, what, what's the con space consumption gonna be? Now, news flash, anything that you spend on extra capacity for snapshots will be far less than the impact of a ransomware attack. So I usually try and put that perspective out there, but you do need to be able to plan and
49:09
model things out next. There's only two more also. And this is one actually where I I have some patents around this one where we've done some really hard work around uh around in around detecting major changes in volume level data reduction ratios. Pure flash array is a data reducing array in line ded duplication, post compression, uh as well as uh in line deduping and compression as
49:32
well as post process. When there's a major change in the deed in the data reduction ratio on a, it's something that isn't inherently a ransomware thing. It might just be a, you know, a sequel DB A who's decided to encrypt his backups. There's nothing inherently wrong with that. That's good for an operations person on an
49:48
operations to know regardless. But it's also a great indicator of someone's writing encrypted data to an a ransomware attack. Now to be very real. This is not necessarily meant to say to detect a ransomware attack. You should have other things doing that or maybe your phone is ringing off the hook anyway, because the applications are going down this at
50:04
least in the initial version. But even, you know, long term will help. You would say I can reduce recovery times by choosing the best first item to recover from. I don't have to guess that this snapshot, this snapshot et cetera because we don't have to bring all the data back from backup with snapshots. You know, it's instant to recover from a
50:18
snapshot in an offline environment where you clean things out, but I can have a better chance of what's the first one that I should try or the second one because you can see when the data reduction ratios start to change majorly and then last but not least sometimes the problem is you've had uh you have an infected array or well not infected, the array is maybe not infected, but you have,
50:37
you know, encrypted data on it and your cybersecurity insurance agency or other folks or your legal or forensic team say you can't touch that. It's a crime scene. Hey, I'm ready to recover and I don't have anything to recover. Two that sucks, right. You know, check in an egg problem. So what we've actually introduced while for
50:54
even through COVID, we've kept very so short supply chain times and frankly, I've had sales teams and Aes and Ses and pure. They've been kind of in hero mode to ship a raise quickly. If you're an evergreen one customer, that's our subscription storage, subscription service. You can add on an sl A where we stand behind saying if you have some of this stuff set up,
51:13
you have to set the safe mode and snapshots as part of the, you know, signing up for the SL A. We will get you a clean uh clean array within the next business day. The asterisk is only for outside the US, right? You know, and hopefully most folks listening are inside the US and then we will actually provide a professional services engineer to
51:29
help make sure the array is stood up and then you can start restoring and there's some guarantees around data transfer rate as as far as what we can handle. It's not saying what your infrastructure is set up for to restore back to kind of thing. So hopefully you get a sense of each one of these I could spend 10 minutes on, but we keep thinking through the different pieces within this space.
51:47
So it's not just, you know, you need to think about resilience architecture, but there's a layer of, there's layers of depth here and capabilities we keep adding and offering anything you want to uh comment on there, Hector, I appreciate you letting me go into monologue mode. But I was like, yeah, if I toss it to you for each one of these,
52:02
we'll, we won't make it through. So, uh, any, any closing thoughts to bring us home. Yeah, that, that was fantastic. And I, I love the, the concept, I mean, you, you've done great work and a big shout out to you. But I love the concept of the drr anomaly detection or anomaly reporting because you,
52:19
you know, we put a detection, right? But it could be a detection, right? Um But this is fantastic, right? Because imagine a scenario where your organization is breached and there's unfortunate ransomware campaign. Um Remember you have to do incident response and incident response is essentially an
52:33
investigation as aside from recovery and so on. Um And so it, you know, going by this here alone, um during the investigation, you would be able to identify when the volume started changing, accelerate that investigation. That's exactly right. I think that's really cool. I know I'm on the offensive side and,
52:52
and the work you guys do, it's more on the defensive side. But it even, you know, the one thing I told folks, especially those of you in the audience, please, if you guys are doing security research, even if you guys are pen testers or on the defensive side, it's really important that you start to understand, um, you know, the, the the defensive needs the capabilities, right?
53:12
Like Andrew just proposed here on the defensive side because it allows you to better understand, you know, the overall picture as an offensive research and the same applies for if the conversation was switched around. And Andrews, uh, you know, wants to learn about the offensive side, then I would say, hey, Andrew, it's time to do some offensive work,
53:30
some pen, testing some research, let's do a session together and now he's getting perspective so that I just want to share with the audience. And I'm hope I'm hoping that aside from potential clients here, you have people that are interested in cybersecurity in general, right? And um, and you know, hopefully the security
53:44
engineers like a little bit so big shout out to them and I realize that and, and maybe if I can almost hate to do this, but uh what you're focusing on, I know a good bit of that. I'm gonna put this in the chat here. You got a regular podcast, hacker and the fed, your good friend. Um Anything else in maybe 60 seconds if I can impose on it that way,
54:03
kind of current and future focus for, for Hector? Yeah, I appreciate you, buddy. Um So yeah, I do have the podcast hacker and the fed is with the FB agent that actually arrested me and a good friend, Chris Tarbell. Um You get to hear both the perspective of law enforcement and myself. Um I have a feature film coming out over the
54:20
next two years. So if you guys have watched that in the movies. Um, and then I'm just kind of building products and, and cool, doing cool things, consulting. Oh, yeah, I do a lot of consulting and everything from pen testing to cyber risks and education. Um, and hopefully, and, and of course,
54:36
doing really cool things with pure, pure has been such a great partner and a great friend of mine, um, over the last, you know, several years so big. Shout out to you guys. Likewise. Thank you. And I'll, we'll come back in a minute to your bio slide just so people can find you on linkedin and Twitter. But as always, the time goes way too fast.
54:53
Thank you for being such a great guest. I really appreciate it for, for the, for the level of knowledge and depth even as we were bounced around on a on a bunch of different topics in case you stayed around for the drawing. Hey, here we are, you know, make sure to get it in. So maybe that's why I stayed. So the number 12 ounce travel mug,
55:09
it's a retail value of 100 and $30. Today's winner is Tom G from Colorado. So Tom, we will be reaching out to you. Thank you for staying around. Please make sure to join us next month. I'll be joined with our Tinder as we'll be going into DEV ops and how you build secure products and what that means.
55:28
Uh This will actually be a pretty, a pretty deep session and I wanna make sure here that as we go. Oh, right. I shouldn't forget the poll. So, let's close out the third poll here. We're wrapping up here. But, you know, we're always kind of hanging out. So I'm gonna close the third poll and share it back here and then we'll do the fourth final
55:44
poll here. So, interestingly, um, this is a fairly balanced set of answer sector. I think around uh you know, focus on prevention versus recovery. Um you know, 41% balance, some focus on recovery, some prevention and then the number of copies, obviously, it's either kind of two or maybe three copies of the data,
56:06
but there are some that are doing four copies in a bunker. So uh your riff on that too if you want. So, yeah. No, I mean, that's fantastic. I mean, the more the better, right? I, I mean, I I'm sure there's people out there still with tape desks, uh rather tape drives and a bunch of tapes just in case the worst
56:22
case scenario. Um No, I mean that that's, I think the question in regards to, you know, how do you balance based off your security budget? Right? We, we all know we know this Andrew that a lot of organizations do. Yeah, there's so much to do and there's only so much time,
56:40
so much time that the budget could afford and this, you know, sometimes companies get budgets for an entire year. Uh They might have a quarterly budget or buy monthly budget. I mean, it, I've seen the, the crazy scenarios but the one thing I'll say is, um you know, as you're kind of building out your security program,
56:57
you wanna focus on prevention, you wanna focus on. Um and there's some great questions here too. I see. Um you want to focus on your backup solutions and asset management and all the different things, security in depth, right? Um You know, within your boundaries and of course, uh finally education,
57:14
this was a great conversation. You see a lot of folks in the, in the chat chat, they enjoyed it. Absolutely. And I hope that we have more of these for sure because this is uh so it was a great session. I was totally listening to you and at the same time I was launching poll number four, you know, kind of thing. So, and this is a little bit more you're like,
57:30
yeah, I look at it. So there's a little bit more just not, it's housekeeping, but we're, we're continuing to think about how we evolve this format. So periodically at the end of these tossing in, you know, do you watch recording on demand, et cetera? And with that, we've got just a couple of minutes left.
57:44
So I'm gonna do um I think I may cherry pick one. Well, actually I I'll cherry pick a question here. Hector unless you have one that you see in the Q and A that, you know, you want to answer. Um, we actually already hit a little bit on A I being used for cyberattacks.
58:00
So I think, I think maybe actually I'm gonna go back to Mr Wit he was listed as the guest here. But um if folks want to get started with security, are there any coding languages that you recommend today? Or let me maybe even generalize that a little bit. If someone wants to get started in this field, where do you recommend they look at and, and to do?
58:18
Ok. So the field is very broad, the cyber security industry is huge and there's a lot that you can do. The one thing that I want you guys to really keep in mind is that at the very least you should have some sort of operating system that you feel comfortable with. Yes, you could use Windows for your main or Mac Os um as your main system.
58:38
But having a good understanding of Linux is gonna go very far for you. It's gonna help you a lot guys. OK. So don't be scared to set up ubuntu or Cali and you don't even need to use Cali. You could use ubuntu or Red Hat or whatever is available to you. Trust me, it's gonna take you far as for programming language. I want to add the answer to that question.
58:56
Um If you're developing tools, uh tools like scripts, bash for UNIX and Linux works. Python works very well. But the one thing that I will say folks is that if you want to get uh get a better understanding of web applications, modern web applications, you want to learn. No js and javascript 100%. OK.
59:17
Now, if you want to continue with your career in cybersecurity, what do you need to know? You need to know the basics of networking? So you should be able to answer what is a three-way handshake and you should know the difference between TCP/IP and UDP. OK. Um And you should be able to understand the O SI layers and how they work.
59:34
OK? Um And then as you get into security, you wanna learn, go to O OS dot org and look at the O OS top 10 security vectors and, and, and areas of research. Trust me, you don't have to be a super hacker. So long as you understand these base concepts, you know what I mean? You'll do very well in your, in your career path.
59:51
Cool. Thank you. I'm I'm gonna do a little bit of, there's a question here about global safe mode, protecting deleted volumes and volume routes. Yes, safe mode in general, global safe mode helps with um any unintended deletion of data. So we've actually thought through even like doing things like reducing snapshot schedules
01:00:07
or disabling snapshots kind of thing. And then there was even some questions about integration with V and cohesive. Um There's some really deep integration with VM. We have flash recovers cohesive. So if you have questions on those, I think with Seth, we didn't get to those because man, there's never enough time, please feel free to reach out to your account team.
01:00:24
Um As, as with pure and we're actually, and we're more than happy to dive deep into that. I think with that Hector, we are actually one minute over, but we still have 1400 folks still hanging out with us. So there's a piece of me that feels like we ought to keep it going, but it's time too. So I wanna, I wanna be respectful of your time
01:00:40
because really, really appreciate you joining today. It's all good brother. Thank you for having me. It's been a pleasure and a big shout out to everybody here that joined us. Awesome. So in case you uh didn't catch it, please make sure to join us next month for building security.
01:00:53
And from day one, the perversive pervasive, pervasive impact of DEV set ups. I'll be joined with by Retender Hector. Thank you again and to everyone who joined us this month, hope you enjoyed the coffee break, learned something worthwhile. We'll look forward to seeing you next month. Have a great day.
  • Ransomware
  • Coffee Break

Andrew Miller

Lead Principal Technologist, Pure Storage

Hector Monsegur

Internationally-recognized cybersecurity expert, Former head of Anonymous and LulzSec

Who knew that the best coffee break conversations would end up happening online? Each month, Pure’s Coffee Break series invites experts in technology and business to chat about the themes driving today’s IT agenda - much more ‘podcast’ than ‘webinar’. This is no webinar or training session—it’s a freewheeling conversation that’s as fun as it is informative and the perfect way to break up your day. While we’ll wander into Pure technology, our goal is to educate and entertain rather than sell.

For the first time ever, host Andrew Miller will be joined by a guest who doesn’t work for Pure - Hector "Sabu" Monsegur, former technical frontman of the infamous LulzSec hacking collective turned internationally-renowned cybersecurity expert.

We’ll leverage Hector’s unique experience to discuss:

  • Hector’s history as a hacker and experience against companies, governments (even the CIA) before he turned good guy.
  • Current Cybersecurity landscape - what Hector is seeing including Business Email Compromises, the continuing growth of ransomware, MFA security and challenges.
  • Resiliency Architectures - how you can defend and where Pure can help.
  • What’s Coming - looking into the future for 1) the overall security landscape, 2) where Hector is focusing, and 3) where Pure is investing.

As always, we’ll keep it educational while exploring how Pure is offering capabilities and products that benefit you. The team will stay on after the webinar answering any questions for those that want to stay longer!

07/2024
Pure Storage FlashArray//X | Data Sheet
FlashArray//X provides unified block and file storage with enterprise performance, reliability, and availability to power your critical business services.
Data Sheet
5 pages
Continue Watching
We hope you found this preview valuable. To continue watching this video please provide your information below.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Your Browser Is No Longer Supported!

Older browsers often represent security risks. In order to deliver the best possible experience when using our site, please update to any of these latest browsers.