-
Ep.8 - Marcus Sailler, Global Director of Red Team at MUFG
- 2024/11/27
- 再生時間: 2 時間 14 分
- ポッドキャスト
-
サマリー
あらすじ・解説
SummaryIn this episode of Hackers to Founders, Chris Magistrado interviews Marcus Sailler, a seasoned expert in cybersecurity with over 25 years of experience. They discuss Marcus's journey from the military to leading red teams, the importance of understanding business impact in cybersecurity, and the nuances of interviewing in the field. Marcus shares insights on building effective red teams, the significance of program development, and how aspiring professionals can transition from pen testing to red teaming. The conversation emphasizes the need for intellectual curiosity, practical experience, and the ability to communicate effectively within organizations. In this conversation, Chris and Marcus delve into the dynamics between red and blue teams, discussing the transition of professionals between these roles and the importance of understanding various vulnerabilities. They explore the relevance of legacy vulnerabilities in modern cybersecurity, the challenges faced in building effective red team programs, and the ethical considerations surrounding the use of zero-day vulnerabilities. Additionally, they highlight the significance of industry breaches in validating security programs and the value of certifications and training for aspiring red teamers. In this conversation, Chris and Marcus delve into various aspects of cybersecurity, focusing on the importance of critical thinking in exams, the transition from on-premises to cloud environments, and the necessity of understanding cloud infrastructure for red teaming. They also explore social engineering techniques, particularly vishing, and discuss the #WeHackHealth movement, which combines fitness and cybersecurity. Additionally, they touch on the discovery of CVEs and the challenges of vulnerability management in software. In this conversation, Chris REal0day and Marcus Sailler discuss various aspects of the cybersecurity industry, including investment opportunities, content creation strategies, the importance of networking, and career transitions. They explore the challenges of building relationships in a corporate environment, the significance of soft skills, and the complexities of navigating global cybersecurity issues. The discussion also touches on the differences between vulnerability research and red teaming, highlighting the unique challenges and rewards of each career path. In this conversation, Marcus Sailler and Chris REal0day delve into various aspects of cybersecurity, leadership dynamics, cultural insights, and personal growth. They discuss the challenges of reporting vulnerabilities without rewards, the complexities of different leadership styles, and the importance of understanding interpersonal relationships through concepts like love languages. The conversation also touches on the significance of cultural adaptation in language learning, the tools essential for cybersecurity professionals, and the value of continuous training and development in red teaming. Additionally, they share insightful book recommendations that emphasize resilience and self-awareness in both personal and professional contexts.TakeawaysRed teamers must understand the business impact of their findings.Interviews should be interactive and allow for discussion.Early career experiences can be valuable in cybersecurity.Joining the military can provide a strong foundation for IT careers.Building a red team requires maturity in the organization's security posture.Learning from experts and networking is crucial for career development.Program development is essential for legitimizing red team efforts.Demonstrating curiosity and initiative can help in career transitions.Creating internal communities can foster talent and interest in cybersecurity.Understanding operating systems is key for effective red teaming. Red teamers often transition from blue team roles due to frustration with unaddressed issues.Understanding foundational vulnerabilities is still valuable, even if less prevalent.The usefulness of vulnerabilities depends on the organization's maturity and vulnerability management program.Building a red team requires investment in talent development and retention.Using industry breaches can effectively validate the need for security programs.Ethical considerations arise when using zero-day vulnerabilities in demonstrations.Training and certifications are crucial for effective red teaming.Practical experience is essential for understanding red team operations.The urgency of red teaming requires quick execution in complex environments.A strong understanding of both offensive and defensive strategies is necessary for red team success. The exam structure emphasizes critical thinking and situational awareness.Understanding cloud infrastructure is crucial for aspiring red teamers.Vishing is an effective social engineering technique that uses phone calls.The #WeHackHealth movement promotes fitness within the cybersecurity community.Vulnerability management requires ...