Secure AF - A Cybersecurity Podcast
Think like a hacker. Defend like a pro.
Welcome to the Secure AF Cybersecurity Podcast β your tactical edge in the ever-evolving cyber battlefield. Hosted by industry veterans including Donovan Farrow and Jonathan Kimmitt, this podcast dives deep into real-world infosec challenges, red team tactics, blue team strategies, and the latest tools shaping the cybersecurity landscape.
Whether you're a seasoned pentester, a SOC analyst, or just breaking into the field, you'll find actionable insights, expert interviews, and unfiltered discussions with Alias team members and top-tier guests from across the cybersecurity spectrum.
Stay sharp. Stay informed. Stay Secure AF.
Secure AF - A Cybersecurity Podcast
The SOC Brief Turns One π Insights, Stories & Lessons Learned
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Got a question or comment? Message us here!
Itβs our 1-year anniversary! π
From bite-sized cyber insights to growing a passionate listener base, this episode reflects on the journey, the challenges, and the wins along the way. Expect laughs, lessons, and behind-the-scenes stories you wonβt want to miss. π
Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Good morning, good afternoon, or good evening, whenever you may be, and welcome to a special one-year anniversary episode of the Sock Brief. This is still your go-to podcast for staying ahead of the ever-evolving world of cybersecurity threats. I'm your host, Andrew, and today we're going to do something a little bit different. Instead of me walking through the latest threats, hacks, or cybersecurity news, my colleague and our show's producer is joining me to turn the tables and ask me some questions about the podcast itself. Hi, Sam. How are you?
SPEAKER_00Hi, good. How are you? Thanks for letting me sit in in this host seat for a little bit.
SPEAKER_01No, awesome. I appreciate you joining me.
SPEAKER_00This is awesome. I also want to say a special hello to all the sock brief listeners out there. Shout out. Hi. So let's, I guess, jump right in. My first question I got for you is why did you decide to start the sock brief a year ago?
SPEAKER_01Uh, why did we start the sock brief? I think a lot of it came down to um there weren't a lot of short form podcasts out there discussing cybersecurity news. There are a lot of great podcasts out there talking about cybersecurity events, you know, hacks that are happening, vulnerabilities, cool things going on in cybersecurity, but a lot of them are hours long. Um, and you know, not a lot of people have time to sit and listen to that all in one go, or maybe you're just invested in something else, or you start listening and then you stop because you had to take a break. And so our main, you know, idea with starting the sock brief was trying to get some bite-sized, tangible, usable information out that people like you could listen to on the way to work, you know.
SPEAKER_00100%. I think you really um hit the nail on the hammer, hammer on the nail, thing. Yes, yeah, something like that. Um, I really do imagine some people, you know, just taking their a walk or their 15-minute break and just being able to tap in and it's just quick, easy, keeps you up to date without doing too much. Not saying, you know, sometimes these hour-long ones, you never know what's going on. Yeah. Um it gives you just more flexibility. Yeah, flexibility, versions, if you will. Um, and speaking of, you know, these types of listeners, who did you picture as your like ideal listener when you first started? And how do you think that audience has like changed over time?
SPEAKER_01For sure. I think the like the main target audience, I guess, really is anyone interested in cybersecurity. Um, just to kind of understand the ins and outs or kind of things that we look for or new stories that we're paying attention to, but mainly socks themselves, like anyone in a sock, anyone blue team, uh anyone on the defensive side, like um, you know, our world, this job is constantly changing. There's new attacks, there's new attack vectors, there are new, there's new methods, there's new attackers daily. Yeah. Um, and and you know, groups that that are around for a long time today may just be completely gone tomorrow. And the same with their attack techniques. So um one of the things, you know, we wanted to make sure we were doing is um getting information to people that could use it or would want to use it and learn from it.
SPEAKER_00100%. So again, on this path of listeners and kind of target audience, what has been the most surprising feedback or really any feedback or reactions that you've received from the audience?
SPEAKER_01Uh honestly, uh some of the most surprising is going to, you know, cybersecurity conferences just around the country, uh, and just having people recognize the sock brief, like, oh, you know, hey, I listened to that. Um, and just input or, you know, um just people telling us that they they love it, like they enjoy uh the the information that they get from it, that it adds value, and that they can take these little like snippets and go, hey, I didn't know that was actually going on. Yeah. And any recommendation that I might have, you know, during the podcast, they might be able to take something out of that and utilize that in their own environment. And so that's been pretty cool. Uh it was actually really surprising the first time that someone was like, Oh, hey, the sock brief. And I was like, Oh.
SPEAKER_00Okay.
SPEAKER_01Yeah. Yeah, it's pretty cool.
SPEAKER_00Yeah, that's awesome. I really do love how you kind of input um key takeaways or maybe something to work on for that week, kind of towards the end of each episode, because I think it helps put put it into perspective or help practice it for maybe those who um are in the field who or even I mean, I listen to it obviously. And um just kind of gives me a good base understanding coming from, you know, not a cybersecurity background.
SPEAKER_01So Right. And and I think that's like the learning aspect of it as well, is you can listen to a story or read an article that tell you, hey, this crazy new terrifying attack is happening.
SPEAKER_00Yeah.
SPEAKER_01But what do you do about it? You know, and like how many people writing these clickbait articles or whatever, like, you know, are giving you something tangible, like, hey, yeah, this is happening, but you can do something about it.
SPEAKER_00Yeah, exactly. I think it's a good um you intertwine it all really well. I try. Yes. You do that. Um, so kind of pivoting a little bit, I do want to ask you about one of your biggest challenges that you've faced so far, kind of just producing a weekly, this weekly, you know, snippet each week.
SPEAKER_01Honestly, for me, it's it's keeping within topics or or subject matter that I think people can actually get value from. Um you know, if there's some really interesting or critical vulnerability that's popped up, some new zero day, you know, that's an easy episode. Um, but that's not always the case. And, you know, trying to find, you know, or paying attention to recent cybersecurity events, like, you know, what APTs are out there, what certain threat actors are doing, you know, what new tool sets are being utilized. Um, if if you're not out there looking for that information itself, um, you know, you may not know, like, oh, hey, there's this side load DLL that doesn't look too terribly malicious, what's going on here? While if you're actually looking at stuff and you're looking at these IOCs and and you know, all this recent activity, you might be able to go, oh, hey, you know, I recognize that from something I read or something I listened to. Yeah. And so trying to keep each episode with that tangible like value add is probably the the the biggest challenge there.
SPEAKER_00Yeah, a hundred percent. Well, I guess speaking of episodes in general, what has been your favorite episode or topic you've covered within this last year?
SPEAKER_01The favorite episode or topic. I don't know. Um probably the I hate saying this because I don't uh uh the maybe not uh the most popular one, but uh I really enjoy having conversations with Kemet. Yeah. Uh so bringing him in for like the CISO perspective on thing, um, on things, sorry, um is is great. Uh the the guy's just such a wealth of knowledge. And um like if you haven't seen a uh Kemet presentation uh or sat in on a Kemet tabletop, like getting, you know, 15, 10 or 15 minutes of time out of him is just like it's like oh, there's like value add in every single thing he's saying. Um and so from a sock perspective, you know, I I lean on him heavily for things. Uh just kind of getting to share that wealth of information he he has in this short bite side seg segment. It was just fun. It's like how much, how much information can we cram into this short amount of time? That's probably my my favorite one. Um, I also kind of enjoy um discussing the um the nation state ones, like when the US Venezuela stuff was going on, and currently we have like the US Iran stuff, uh, just because it it gets into kind of like the espionage side of things and it really shifts the focus from what we see a majority of the time from these threat actors who are you know motivated by money and financial gains to uh they just want to disrupt. And so that changes things drastically, surprisingly. Like when your motivation is just to disrupt, you know, there's a no-hole bar. You know, there's no, there's no like, you know, hey, we're just gonna ransom you we want money. It's it's uh, we just want to shut you down. So it gets interesting. Uh, but those are those are pretty fun. I enjoy those.
SPEAKER_00That's awesome. Um, so I guess kind of these last couple of questions kind of lean more into the advice um aspect of the show. So what's one piece of advice you would give to SOC analysts or cybersecurity, maybe students or early on learners who listen to the show?
SPEAKER_01One piece of advice, man. That I mean, I think uh the advice would be different for maybe each one of those uh groups. Uh for someone who's maybe a student or learning, um I I would just say be hungry, get out there and look for information, try to better yourself wherever you can. There's all kinds of tools that you can utilize out there. Um maybe build your own home lab, set up a honeypot, you know, things like that that that can help you kind of understand how those attacks work and how they unfold. The other side of it, um, for like SOCS, like if you're if you're already in this field and you're working with the team, um, communication, I like as silly as it may sound, I you know, I'm not talking about like go work with a red teamer or go learn how this you know attack operates. But I I just from personal experience working with other SOC teams, uh, the lack of communication, especially outside of the SOC itself, is astounding sometimes. Um, and it's something that I harp on almost every episode. Uh, I know I brought it up a majority of the episodes, but sharing your findings or sharing um information about new zero days or attack techniques or phishing campaigns is so critical to an organization's security posture. Um, I mean, it's like, you know, there's some crazy disease out there and you found a cure to it and you're not telling anyone about it. Right. You know, like I guess maybe that's not a great analogy, but um being able to share information on like, especially within the SOC team itself, like, hey guys, be aware, check out these IOCs that you know that are out there. How do we adjust our existing tools to keep an eye out for this stuff? And a lot of times we just find that like people will just get that information and make a change, but they're not telling anyone about it, or they don't let, especially C-suite people who they think like, well, they don't care about this. Like, if you want a great way to like get a raise or prove prove your worth, start generating reports about what's happening. Send those to your C-suite people, sit in on those meetings. Um, that that probably my biggest piece of advice there.
SPEAKER_00Nice. Yeah, no, I can 100% agree with that. Um sorry, let me go through here. I guess I'll ask you one last question. Um, so if again, it's another big one. So uh I'll give you this. But if somebody has never listened to the sock brief before, how would you describe the sock brief in a sentence?
SPEAKER_01I would just describe it as a daily uh well, maybe not daily. Let's take it back. I would describe it as a weekly bite-sized cybersecurity news and strategy podcast. I think that's I don't know how accurate that is.
SPEAKER_00But I think that's short and sweet. One sentence, yeah. Yeah. Nice. Well, thank you so much for letting me, you know, kind of poke and prod and ask some of these some of these questions. I think one year is really cool, really impressive. I love the the bite-sized um aspect of it. So I'm excited to continue to see where it goes than this next year.
SPEAKER_01For sure. And Sam, thank you so much for joining me on our anniversary episode here and for all the great questions. Uh, it really has been a great year uh for building the SOC Brief, and I appreciate everything that you've done to help uh make that a reality. Um, and I'm kind of really proud of what we've done together on this. So to our listeners, uh, thank you for being here every week. Uh your time and attention mean a lot to us, and we'll keep doing our best to deliver the short practical episodes that help you do your job and uh stay ahead of any kind of threat that's out there. Uh so this week, if you've been meaning to share an episode with a colleague or a friend, now's the perfect time. And if you have any feedback or ideas for the next year, hit us up on social media. And that's a wrap for this episode of the Sock Brief. Uh, keep your eyes open, keep sharpening those skills, and uh we'll be back next week with a brand new episode. As always, stay secure out there. Bye. Thank you. Bye.
Podcasts we love
Check out these other fine podcasts recommended by us, not an algorithm.
