Episode 16 - Duane Dunston celebrates 24 years in Cybersecurity and discusses Wireguard, Internet Privacy, and Infosec Bikinis
Larry and Joe speak with Duane Dunston, an Associate Professor of Cybersecurity at Champlain College https://www.champlain.edu/academics/our-faculty/dunston-duane Duane just celebrated 24 years in Cybersecurity. He is currently working towards his EdD in Education. Larry and I learned how incredible Duane is! Among his many accomplishments, he volunteers as a security consultant with International Association of Human Traffickers and Investigators. He's working with Champlain students to develop technologies to facilitate the identification of trafficked victims. Duane is currently working on a cross-platform and mobile app to help identify victims of human trafficking. You can buy Duane a cup of coffee here: https://www.buymeacoffee.com/thedunston And 00:00 Larry and Joe listen to Duane's story of how he got into Cybersecurity, after growing up in a Group Home, he earned a college degree, and then got into tinkering with Log Analysis and worked his way through Graduate school as a janitor. He helped maintain the computers and shortly after became a Unix administrator. He didn't have an easy road, but he is perhaps the best example of what the Information Security community stands for. 4:50 Wireguard VPN and Duane's contribution with Nowire check out his NoWire Github repo here: https://github.com/thedunston/nowire 11:15 Is Internet Privacy Possible? 19:53 Duane’s presentation at GrimmCon: “Cognitive Science Aproach To Teaching Cybersecurity Education” https://t.co/Owr38hXBVk?amp=1 20:15 Should Veterans spend their GI Bill on College Degrees or Certs to get their first job in Cyber? Duane recommends Security+ Certs and to supplement it with the TryHackMe platform. https://tryhackme.com/ It requires no home lab equipment so it helps those that have financial constraints. 22:30 Can someone go right into Pentesting? Duane says you must have a base level of understanding of Networking, Windows and Linux administration. 23:00 eLearnSecurity Junior Penetration Tester (eJPT) https://elearnsecurity.com/product/ejpt-certification/ 23:50 Duane discusses how the OSCP Cert from Offensive Security is more difficult for people who struggle with self learning. https://www.offensive-security.com/pwk-oscp/ 26:00 Duane explains why he does not subscribe to the fatalistic “everyone will be hacked” mindset, and how SolarWinds is the worst case scenario of a Supply Chain compromise. 30:50 Why it is so difficult to detect cobalt strike beacons 32:45 Duane says the fundamentals are necessary: anti-malware, anti-phishing, and application control (allow-listing). 34:00 Web Browser sandboxing with Application Guard https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview 35:15 Weakness of application control is when exclusions are set, malware an remain undetected when hiding in those exclusions 36:50 Host level detection is important because network traffic is encrypted in SSL 37:40 Philosophical Discussion on why Ransomware attacks are on the rise 39:00 Duane discusses his volunteer work with 1) using Augmented Reality to help train people in construction and 2) helping with the problem of human trafficking 44:35 Larry asks Duane a tough question: What is your driving motivation? You keep learning even after being in 24 years in Cybersecurity (Duane just got his MITRE Attack certification). Duane's Ted Talk can be viewed here: https://www.ted.com/talks/duane_dunston_the_answer_to_cybersecurity_threats_middle_high_schoolers Duane spoke at The Diana Initiative 2021; a two-day conference to elevate, inspire, and support women/non-binaries of all races, cultures, and backgrounds through every stage of their information security career with education, collaboration, and resources. https://hopin.com/explore/speakers/IEfWTII6uHHgNc1ctq047ro2S 51:00 Duane looks to the future - helping improve training providers. He would like to consult with a think tank on cybersecuri