- 56
- 365 591
PurpleSec
United States
Приєднався 20 чер 2019
Welcome to the PurpleSec UA-cam channel where you’ll find all things related to cyber security. If you like thought leadership videos, how-to’s, and helpful security tips from industry experts then you’ve come to the right place.
PurpleSec is a cyber security company in the Washington, DC metro area that takes a holistic approach to security by combining offensive and defense security measures to protect what matters most to your business.
PurpleSec specializes in providing small to medium-sized businesses with vulnerability risk assessments, penetration testing, GAP assessments, HIPAA assessment, CMMC, and vulnerability patch management.
Our cyber security experts are experienced professionals with practical and advanced technical skills spanning across industries to include military, government, and commercial sectors.
PurpleSec is here to help whether you want to learn about security, evaluate your network’s security, or need to develop a comprehensive security program.
PurpleSec is a cyber security company in the Washington, DC metro area that takes a holistic approach to security by combining offensive and defense security measures to protect what matters most to your business.
PurpleSec specializes in providing small to medium-sized businesses with vulnerability risk assessments, penetration testing, GAP assessments, HIPAA assessment, CMMC, and vulnerability patch management.
Our cyber security experts are experienced professionals with practical and advanced technical skills spanning across industries to include military, government, and commercial sectors.
PurpleSec is here to help whether you want to learn about security, evaluate your network’s security, or need to develop a comprehensive security program.
Is AI The Future Of Penetration Testing?
AI has the potential to revolutionize penetration testing by automating many repetitive, rote tasks like exploit development, vulnerability scanning, and report generation, thereby speeding up pen tests and making them more efficient.
However, AI is not yet advanced enough to fully replace human expertise, especially when it comes to testing custom web applications and proprietary systems that require critical thinking and creativity.
There are risks associated with AI, such as false positives/negatives, scope creep, and accidental system crashes, that necessitate skilled human oversight.
As a result, pentesters' roles may evolve to focus more on validating AI tool output, conducting adversary simulations, and formulating high-level strategies rather than executing technical tasks.
Furthermore, AI integration faces challenges like a lack of sufficient training data, complex model development, and establishing trust in AI-powered tools.
AI is expected to make pen testing more affordable by augmenting human testers rather than fully replacing them in the near future.
AI & Cybersecurity Newsletter
------------------------------------------------
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry:
www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
Video Chapters
------------------------------
00:00 - Intro
01:27 - Meet Nathaniel Shere
02:18 - Meet Shubham Khichi
03:10 - How Penetration Testing Has Evolved With AI
05:47 - The Risks Of AI In Penetration Testing
09:41 - AI Replacing Human Penetration Testers
14:38 - How AI Is Integrated Into Penetration Testing
18:42 - Challenges Of Deploying AI For Penetration Testing
23:16 - Future Trends Of AI In Penetration Testing
30:16 - Other Areas Of Security AI Is Being Integrated
About The Experts
------------------------------
Jason Firch, MBA
www.linkedin.com/in/jasonfirch/
Nathaniel Shere
www.linkedin.com/in/nathaniel-shere/
Shubham Khichi
www.linkedin.com/in/cybermindnexus/
Socials
------------
- LinkedIn:
www.linkedin.com/company/71507482/
- Twitter:
Purple_Sec
Ready To Get Secure?
-----------------------------------
► If you need help securing your business from cyber attacks then feel free to reach out: purplesec.us/consultation/
#cybersecurity #aisecurity #pentesting
However, AI is not yet advanced enough to fully replace human expertise, especially when it comes to testing custom web applications and proprietary systems that require critical thinking and creativity.
There are risks associated with AI, such as false positives/negatives, scope creep, and accidental system crashes, that necessitate skilled human oversight.
As a result, pentesters' roles may evolve to focus more on validating AI tool output, conducting adversary simulations, and formulating high-level strategies rather than executing technical tasks.
Furthermore, AI integration faces challenges like a lack of sufficient training data, complex model development, and establishing trust in AI-powered tools.
AI is expected to make pen testing more affordable by augmenting human testers rather than fully replacing them in the near future.
AI & Cybersecurity Newsletter
------------------------------------------------
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry:
www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
Video Chapters
------------------------------
00:00 - Intro
01:27 - Meet Nathaniel Shere
02:18 - Meet Shubham Khichi
03:10 - How Penetration Testing Has Evolved With AI
05:47 - The Risks Of AI In Penetration Testing
09:41 - AI Replacing Human Penetration Testers
14:38 - How AI Is Integrated Into Penetration Testing
18:42 - Challenges Of Deploying AI For Penetration Testing
23:16 - Future Trends Of AI In Penetration Testing
30:16 - Other Areas Of Security AI Is Being Integrated
About The Experts
------------------------------
Jason Firch, MBA
www.linkedin.com/in/jasonfirch/
Nathaniel Shere
www.linkedin.com/in/nathaniel-shere/
Shubham Khichi
www.linkedin.com/in/cybermindnexus/
Socials
------------
- LinkedIn:
www.linkedin.com/company/71507482/
- Twitter:
Purple_Sec
Ready To Get Secure?
-----------------------------------
► If you need help securing your business from cyber attacks then feel free to reach out: purplesec.us/consultation/
#cybersecurity #aisecurity #pentesting
Переглядів: 1 191
Відео
10 Cybersecurity Tips For Small Businesses
Переглядів 1,1 тис.5 місяців тому
Small businesses are underserved by the cybersecurity community. Solutions are too complicated, take too long to implement, and are too expensive. This often leads to do-it-yourself security, which means you're not fully addressing the risk of your organization as many do not have internal expertise. In addition, requirements, whether vendor, client, insurance, or compliance, typically lead sec...
Web Application Penetration Testing: Steps, Methods, & Tools | PurpleSec
Переглядів 3,5 тис.5 місяців тому
Web application penetration testing is comprised of four main steps including: 1. Information gathering. 2. Research and exploitation. 3. Reporting and recommendations. 4. Remediation with ongoing support. These tests are performed primarily to maintain secure software code development throughout its lifecycle. Coding mistakes, specific requirements, or lack of knowledge of cyber attack vectors...
Why You Should Learn AI In Cybersecurity
Переглядів 9 тис.6 місяців тому
Cybersecurity faces a difficult challenge with AI. The speed and complexity at which adversaries use this technology pose a serious risk for organizations. Defenders are struggling to keep pace with new use cases and the evolution of AI happening every day. So what's the best way to defend against AI and to enhance your career development in security? Learn AI. We interviewed Jonathan Todd and ...
How LLMs Are Being Exploited
Переглядів 8206 місяців тому
Shubham Khichi has been working on cyber AGI for the past 7 years. Before that, he spent nearly a decade as a red team specialist and cybersecurity researcher. In this interview, Shubham shares his insights into how LLMs are being exploited by adversaries and provides practical tips to secure AI. AI & Cybersecurity Newsletter 👋 If you're new here, then consider subscribing to our weekly newslet...
The Value Of A vCISO For Small Business
Переглядів 1,9 тис.7 місяців тому
Greg Schaffer shares his over 33 years of information technology and cybersecurity experience on the value small and mid-sized businesses gain from working with a virtual CISO (vCISO). AI & Cybersecurity Newsletter 👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights...
Vulnerability Management Metrics: Top 10 KPIs To Measure Success
Переглядів 3,1 тис.Рік тому
Join us for an exclusive interview as we dive deep into the world of vulnerability management KPIs with the expertise of Walter Haydock. 👉 Get our FREE guide to vulnerability management in 2023: purplesec.us/vulnerability-management-guide/?UA-cam&VM_2023& In this engaging interview, Walter shares valuable insights on: 🎯 Balancing costs and benefits while identifying metrics to guide decision-ma...
Vulnerability Management SOP: Expert Reveals Top Tips
Переглядів 1,2 тис.Рік тому
Are you struggling to manage vulnerabilities in your organization? Join us in this conversation with expert Kevin Donatelli who reveals the ins and outs of vulnerability management SOPs! In this not-to-be-missed session, you'll: 🔑 Learn the essential components of effective vulnerability management SOPs 🛡️ Discover how to prioritize and remediate risks efficiently 🧠 Gain invaluable insights fro...
Top 10 Vulnerability Management Trends For 2024
Переглядів 1,8 тис.Рік тому
Join PurpleSec's experts along with Joshua Copeland, Director of Cyber Security at AT&T, as we explore the latest trends and predictions in vulnerability management for 2023. 👉 Get our FREE guide to vulnerability management in 2023: purplesec.us/vulnerability-management-guide/?UA-cam&VM_2023& Continue reading: purplesec.us/learn/vulnerability-management-trends/ Chapters 00:00 - Introduction 00:...
Techniques To Improve Vulnerability Visibility & Detection
Переглядів 1,4 тис.Рік тому
Improve vulnerability visibility in networks & cloud environments with expert tips on strategies, KPIs, prioritization, & automation. Secure your assets now! 👉 Get our FREE guide to vulnerability management in 2023: purplesec.us/vulnerability-management-guide/ Read the full article: purplesec.us/learn/vulnerability-visibility/ Chapters 00:00 - Introduction 00:45 - Clement Fouque 01:36 - Importa...
Risk-Based Vulnerability Management
Переглядів 2,1 тис.Рік тому
PurpleSec security experts implemented risk-based vulnerability management to improve efficiencies and security ROI for our enterprise client. 👉 Get our FREE guide to vulnerability management in 2023: purplesec.us/vulnerability-management-guide/?UA-cam&VM_2023& Read The Full Case Study purplesec.us/case-studies/travel-services-provider/ High Level Findings PurpleSec’s security “cyborgs” were em...
How To Build A Vulnerability Management Program | #PurpleSec
Переглядів 6 тис.2 роки тому
There are 7 key steps when creating a winning vulnerability management program including making an inventory, categorizing vulnerabilities, creating packages, testing the package, providing change management, patching vulnerabilities, and reporting. 👉 Get our FREE guide to vulnerability management in 2023: purplesec.us/vulnerability-management-guide/?UA-cam&VM_2023& Read the full article... pur...
How To Automate Your Vulnerability Remediation Process | PurpleSec
Переглядів 8 тис.2 роки тому
There are 8 best practices when planning your vulnerability remediation including prioritization of vulnerabilities, setting timelines, defining a SLO, developing a remediation policy, automating your vulnerability management processes, adopting continuous remediation, deploying compensating controls, and building a vulnerability management program. 👉 Get our FREE guide to vulnerability managem...
Twitter Zero-Day Exposes Data Of 5.4 MILLION Accounts | Security Insights By #PurpleSec
Переглядів 8 тис.2 роки тому
Social media platform Twitter confirmed they suffered a now-patched zero-day vulnerability, used to link email addresses and phone numbers to users’ accounts, which allowed attackers to gain access to the personal information of 5.4 million users. The vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the ass...
What Is Vulnerability Management? (Explained By Experts)
Переглядів 30 тис.2 роки тому
Vulnerability management is the process of identifying, prioritizing, and mitigating vulnerabilities in an organization’s systems and networks to reduce the risk of cyber attacks and protect against potential threats. 👉 Get our FREE guide to vulnerability management in 2023: purplesec.us/vulnerability-management-guide/?UA-cam&VM_2023& Continue reading... purplesec.us/learn/what-is-vulnerability...
Hertzbleed Attack Impacting Intel & AMD CPUs | Security Insights By PurpleSec
Переглядів 6802 роки тому
Hertzbleed Attack Impacting Intel & AMD CPUs | Security Insights By PurpleSec
PACMAN M1 Chip Attack Explained | Security Insights By PurpleSec
Переглядів 9112 роки тому
PACMAN M1 Chip Attack Explained | Security Insights By PurpleSec
Cleartrip Suffers Massive Data Breach | Security Insights By PurpleSec
Переглядів 2482 роки тому
Cleartrip Suffers Massive Data Breach | Security Insights By PurpleSec
Maui Ransomware Attacking Healthcare | Security Insights By PurpleSec
Переглядів 4162 роки тому
Maui Ransomware Attacking Healthcare | Security Insights By PurpleSec
Conti Costa Rica Ransomware Attack Explained | Security Insights By PurpleSec
Переглядів 2,1 тис.2 роки тому
Conti Costa Rica Ransomware Attack Explained | Security Insights By PurpleSec
Why Is Social Engineering Effective? (Expert Explains)
Переглядів 3,3 тис.3 роки тому
Why Is Social Engineering Effective? (Expert Explains)
Saudi Aramco $50 Million Data Breach Explained | Breach Report
Переглядів 8 тис.3 роки тому
Saudi Aramco $50 Million Data Breach Explained | Breach Report
Kaseya Ransomware Attack Explained: What You Need To Know | Breach Report
Переглядів 5 тис.3 роки тому
Kaseya Ransomware Attack Explained: What You Need To Know | Breach Report
Are Cyber Criminals Coming After Your Video Games? | PurpleSec
Переглядів 1983 роки тому
Are Cyber Criminals Coming After Your Video Games? | PurpleSec
JBS, The World’s Largest Beef Producer Pays $11 Million Ransom Following An Attack | PurpleSec
Переглядів 1023 роки тому
JBS, The World’s Largest Beef Producer Pays $11 Million Ransom Following An Attack | PurpleSec
Is Your Employer Spying On You To Protect Themselves? | PurpleSec
Переглядів 1823 роки тому
Is Your Employer Spying On You To Protect Themselves? | PurpleSec
Reddit, Twitch, Amazon, & Others Go Dark As Cloud Provider Fastly Experiences An Outage | PurpleSec
Переглядів 1343 роки тому
Reddit, Twitch, Amazon, & Others Go Dark As Cloud Provider Fastly Experiences An Outage | PurpleSec
Pulse Secure VPN Breach: What Happened & What Are The Implications? | PurpleSec
Переглядів 6943 роки тому
Pulse Secure VPN Breach: What Happened & What Are The Implications? | PurpleSec
Phishing, Ransomware, & Supply Chain Attacks Dominate The 2021 Threat Landscape | Breach Report
Переглядів 9283 роки тому
Phishing, Ransomware, & Supply Chain Attacks Dominate The 2021 Threat Landscape | Breach Report
Accellion Breach Continues Compromising Top University Security | Breach Report
Переглядів 8763 роки тому
Accellion Breach Continues Compromising Top University Security | Breach Report
thank you very much
Thanks for nice informative interview. 👍
Great Video
so how can we do firewall review and which standard we should follow while reviewing
This is good input. There are a lot of cybersecurity programs that are not requiring coding, but I think they are doing a disservice to students.
Nice video
Hey guys, I love your explanation. Well done, great work. Do you have a video about unassigned IP ?
good lesson, thank you
Promo'SM
Interesting and Well done, Thank you.
Glad you enjoyed the conversation! - Jason
no such thing as lx or etc or not, say, can say etc any nmw s perfx
What I thought of is using the internet using data can be terrible or even frightening hopefully there maybe a day whare you can set up your cell phone like the radio years ago and still now the radio is I guess doctored to are advantage I'm sure you have a good idea what I mean.
Vulnerabilities meant weakpoints and attackers can exploit them so attack types are malwares spoofing ddos social engineering Are we taking those attacks also as vulnerabilities Please someone explain me It means a lot🙏❤️.
Attacks and threats are actions to compromise the weaknesses or flaws in any system. Those flaws or weaknesses are the Vulnerabilities, I am at a beginner's level but this is my understanding. I hope it help
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
Very informative. I am new here and want to expand into the purple team. I really want to help “ the low hanging fruit “. People from the ground up. Thanks 😊
Glad you enjoyed the conversation! Small businesses need a lot of help. Understanding their risk is one of the most important ways to engage with them to gain buy-in. Cybersecurity is an ongoing effort, yet many small businesses buy for requirements and move on thinking they're secure. - Jason
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
Check out our sample web application penetration test report: purplesec.us/wp-content/uploads/2021/10/Web-Application-Penetration-Test-Sample-Report.pdf
Awesome discussion...very informative and helpful, Thank you 🎉
Glad you enjoyed!! - Jason
An important topic and I like how you rhymed off applications of AI to GRC, Incident Response, Security Operations, Threat Intelligence, Red Team and more. Other highlights were that it’s a lifestyle (just like cybersecurity), it’s much more than Chat GPT and how prompt injection might be harder to defend against than SQL injection. Subscribed!
Greatly appreciate your feedback and I'm thrilled I brought value to you in this conversation. Looking to do more on these topics in the future! - Jason
Great points. Maybe in 30 years hiring people will start to value the ability to seek information upon request rather than memorizing leetcode solutions
Glad you enjoyed the conversation! From all the folks I’ve spoken to the timelines are far shorter than you might think. It’s impossible to predict what will happen for sure, but I have a feeling it will be much sooner than we expect. - Jason
@@PurpleSec There are definitely two competing edges of tech right now- those who stick to older legacy ways of learning and accepting new hires, and those who actually adopt the new amazing technology we have at our fingertips. Thank you so much! Definitely sharing this with my AI Cybersecurity peers
We're getting closer to where the traditional way of thinking no longer works! I appreciate your willingness to share with peers - that means a lot and motivates us to continue creating valuable conversations. - Jason
Great discussion! THANKS.
Thrilled you found value in it! I genuinely want to provide thoughtful discussions from those on the front lines. This helps to prioritize the topics and provide value to you! - Jason
insightful interview,
Glad you found value in this conversation! Hope to do more on the topic of AI soon! - Jason
This is actually a great piece of knowledge over there. I am preparing for a SOC/NOC job interview and I find this vid very helpful. Thank You for that!
Fantastic! Very happy this was useful for you. One bit of advice for your interview - lean into your soft skills. It's one of the most desired skills and often overlooked. Best of luck! - Jason
Well done video. Thank you for sharing.
Glad you enjoyed! - Jason
thank you very much
Glad you found value in this content! - Jason
Awesome <3
Glad you found value! - Jason
Are we talking about data loss or data leak? Who coined this term?
Thank you ...
Glad you found value! - Jason
Any open-source tool similar to ivanti?
Thank you for making this video! It's exactly what I was looking for.
Glad you found this to be valuable’
Great information, thank you! Also i have both volumes maxed and the narration seems pretty quiet couldn't really hear..
Glad you found value in this video!
Hello, I am very interested in the WISPR app developed by CRYPTODATA and would be grateful if you could perform a penetration test to evaluate its security. I've heard that it's a superior alternative to WhatsApp and Signal, but I would like to learn more details before deciding to install it. Thank you in advance for your help, and I eagerly await your expert opinion.
Great video on Vulnerability Management. This is an area Im interested in specializing in due to the importance of it.
This is just awesomely good.
Glad we could bring the awesomeness straight to your home for your infotainment pleasure 😁 - Jason
This is very helpful; thank you!
Glad you found value in this! - Jason
Purple purple and purple. ❤
Great video. Thank you.
very good and detailed video. Nice work. may be more videos on showing DLP Architecture.
Glad you found value in this video! - Jason
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/
great information!!
Thrilled to hear! - Jason
28:07. One thing I have found works is when the meeting appointment is sent out, if there is no agenda, I'll ask for one. If I don't get one, then after the meeting I'll ask for the mins of the meeing. I'll do this a couple of times. After that, I'll delline the meetings and state that without an agenda, I cannot do the meeting. Seems to work in most cases.
Yes! For any meeting I run I strive to include either context in the description or a link to the full agenda. It's often the case that I can't get an agenda together until the day of and I email it out a few hours beforehand. This has worked well for me when I run meetings as I like to have structure and not waste time. I also don't expect or want anyone to have to prepare for a meeting that I set. Ideally, those on the call should prepare for their own work as it pertains to the meeting. If they aren't adding any value then you have to determine 1) does that person need to be involved 2) Is that person not doing their job. - Jason
👋 If you're new here, then consider subscribing to our weekly newsletter featuring the top cybersecurity minds in the industry: www.linkedin.com/newsletters/ai-cybersecurity-insights-7058517055238504448/