Episode 16 - Duane Dunston celebrates 24 years in Cybersecurity and discusses Wireguard, Internet Privacy, and Infosec Bikinis

Cybersecurity 101 with Joe and Larry - A podcast by Joe Stocker

Categories:

Larry and Joe speak with Duane Dunston, an Associate Professor of Cybersecurity at Champlain College https://www.champlain.edu/academics/our-faculty/dunston-duane Duane just celebrated 24 years in Cybersecurity. He is currently working towards his EdD in Education. Larry and I learned how incredible Duane is!  Among his many accomplishments, he volunteers as a security consultant with International Association of Human Traffickers and Investigators. He's working with Champlain students to develop technologies to facilitate the identification of trafficked victims.  Duane is currently  working on a cross-platform and mobile app to help identify victims of human trafficking. You can buy Duane a cup of coffee here: https://www.buymeacoffee.com/thedunston And  00:00 Larry and Joe listen to Duane's story of how he got into Cybersecurity, after growing up in a Group Home, he earned a college degree, and then got into tinkering with Log Analysis and worked his way through Graduate school as a janitor. He helped maintain the computers and shortly after became a Unix administrator. He didn't have an easy road, but he is perhaps the best example of what the Information Security community stands for. 4:50 Wireguard VPN and Duane's contribution with Nowire check out his NoWire Github repo here: https://github.com/thedunston/nowire 11:15 Is Internet Privacy Possible? 19:53 Duane’s presentation at GrimmCon:  “Cognitive Science Aproach To Teaching Cybersecurity Education” https://t.co/Owr38hXBVk?amp=1 20:15 Should Veterans spend their GI Bill on College Degrees or Certs to get their first job in Cyber? Duane recommends Security+ Certs and to supplement it with the TryHackMe platform. https://tryhackme.com/ It requires no home lab equipment so it helps those that have financial constraints. 22:30 Can someone go right into Pentesting? Duane says you must have a base level of understanding of Networking, Windows and Linux administration. 23:00 eLearnSecurity Junior Penetration Tester (eJPT) https://elearnsecurity.com/product/ejpt-certification/ 23:50 Duane discusses how the OSCP Cert from Offensive Security is more difficult for people who struggle with self learning. https://www.offensive-security.com/pwk-oscp/ 26:00 Duane explains why he does not subscribe to the fatalistic “everyone will be hacked” mindset, and how SolarWinds is the worst case scenario of a Supply Chain compromise. 30:50 Why it is so difficult to detect cobalt strike beacons 32:45 Duane says the fundamentals are necessary: anti-malware, anti-phishing, and application control (allow-listing). 34:00 Web Browser sandboxing with Application Guard https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview 35:15 Weakness of application control is when exclusions are set, malware an remain undetected when hiding in those exclusions 36:50 Host level detection is important because network traffic is encrypted in SSL 37:40 Philosophical Discussion on why Ransomware attacks are on the rise 39:00 Duane discusses his volunteer work with 1) using Augmented Reality to help train people in construction and 2) helping with the problem of human trafficking 44:35 Larry asks Duane a tough question: What is your driving motivation? You keep learning even after being in 24 years in Cybersecurity (Duane just got his MITRE Attack certification). Duane's Ted Talk can be viewed here: https://www.ted.com/talks/duane_dunston_the_answer_to_cybersecurity_threats_middle_high_schoolers  Duane spoke at The Diana Initiative​ 2021; a two-day conference to elevate, inspire, and support women/non-binaries of all races, cultures, and backgrounds through every stage of their information security career with education, collaboration, and resources. https://hopin.com/explore/speakers/IEfWTII6uHHgNc1ctq047ro2S  51:00 Duane looks to the future - helping improve training providers. He would like to consult with a think tank on cybersecuri