SECTION 9 Cyber Security

We cover the latest in computer security and industry best practices. We spend hours every week on security research, labs and training. Our lab includes enterprise hardware from Cisco, Juniper & Meraki. We have Kali Linux ready to go with Metasploit, nmap, OpenVAS and other security tools. We regularly run security audits to make sure hackers haven't taken over. Security is the name of the game. Don’t let the hackers win!

0 Likes     0 Followers     1 Subscribers

Sign up / Log in to like, follow, recommend and subscribe!

Information Security is the name of the game. Don’t let the hackers win!
🇬🇧 English
last modified
2019-11-05 05:45
last episode published
2019-11-04 06:00
publication frequency
7.6 days
SECTION 9 Cyber Security author  
SECTION 9 Cyber Security owner  
Number of Episodes
Detail page
Technology Gadgets Software How-To News



Date Thumb Title & Description Contributors

Azure: Custom Domain, User Accounts, Password Reset and More - 134

More Azure! We’ve added a custom domain and configured a password rest option. We’ve also made Dorothy an owner of the Azure subscription. It took a bit of research to get this done. The tutorial is good, but it doesn’t cover everything. We still have ...
SECTION 9 author

Azure Active Directroy Domain Services - 133

iTunes | Google | Stitcher | SpotifyTime to learn about Azure. Last episode we talked about Azure Active Directory Federated Services. What we really want is Azure AD DS. LINKSWhat is Azure Active Directory Domain Services?Tutorial: Create and configur...
SECTION 9 author

Azure AD FS and Operational Issues - 132

iTunes | Google | Stitcher | SpotifyWe’re looking into new technology like Azure AD FS. Before we can start new projects, we need to get the operational side of things in order. We’ve done a good job of clearly defining a patch management process. It’s...
SECTION 9 author

Security Solutions & Process - 131

iTunes | Google | Stitcher | SpotifyAre fancy security solutions like Palo Alto firewalls, ExtraHop or LogRhythm going to keep you secure? By them selves, no. It doesn’t matter what the vendor says. There’s no such thing as a security solution that mag...
SECTION 9 author

Streamlining Operations - 130

iTunes | Google | Stitcher | SpotifyHow do we do section 9 projects, keep systems running, and record a weekly podcast while having full time jobs? We need the right combination of tools and process. LINKS
SECTION 9 author

They Convinced Me to Take the Job

iTunes | Google | Stitcher | SpotifyTime to talk about the new job. Can’t say much yet. I start this coming Tuesday. I can say that what they offered was too good to believe. They want to do the things we talk about on the show. Proper planning, manage...
SECTION 9 author

Secure Configurations With CIS Benchmarks

iTunes | Google | Stitcher | SpotifyTime to start securing systems and software. To do that, we’re using the CIS benchmarks. These are configuration guides for things like Windows 10 and BIND 9. The two things we’re focusing on. We have to start somewh...
SECTION 9 author

How are we doing? - 127

iTunes | Google | Stitcher | SpotifyAre we going in the right direction? Are we doing the things we said we would? Time for a quick review. Overall, we’re doing pretty good. There are a few things we need to work on. That’s okay. Now’s the time to figu...
SECTION 9 author

What do you do when you find a vulnerability? - 126

iTunes | Google | Stitcher | SpotifyWe found a couple of vulnerabilities during our weekly patch review. According to Automox, we needed to update Google Chrome and Microsoft’s .NET framework. This lead to a discussion about patching early. Don’t panic...
SECTION 9 author

Is our network connected power strip a security issue? - 125

iTunes | Google | Stitcher | SpotifyWe’ve got a Synaccess network connected power strip. Devices like this aren’t built with security in mind. Is this device a security issue? Should we be concerned? Could a hacker access this device?LINKSSynaccess Web...
SECTION 9 author

124 - We're Focusing on Risk Assessments

iTunes | Google | Stitcher | SpotifyWe have business & tech issues to deal with. On the business side, we have some basics to take care of. It’s part of doing business. On the tech side, we’ve decided to focus on Risk Assessments. We’re conducting ...
SECTION 9 author

123 - Using Our Simple Patch Management Process

iTunes | Google | Stitcher | SpotifyIt’s official! We can say we’ve double checked our patch process. It’s quick and easy. We still have to double check our 3rd party apps. We’re hoping to start that process before the end of the month. Remember, patch...
SECTION 9 author

122 - Installing & Using Nessus Essentials

iTunes | Google | Stitcher | SpotifyI finally downloaded, installed and tested Nessus Essentials. It worked out better than I expected. While it does have some limitations, it found Vulnerabilities on our servers. It’s another tool for the tool box. Th...
SECTION 9 author

121 - Patching - It Wasn't an Automox Issue

iTunes | Google | Stitcher | SpotifyWhat I thought were Automox issues turned out to be our issues. We go over the good and the bad. We’re a few steps closer to a good patch management process. PowerShell Scripts For Installing SoftwareThe first script...
SECTION 9 author

120 - How do we use LastPass in an enterprise environment?

iTunes | Google | Stitcher | SpotifyThere’s only two of us here at Section 9. Deploying and using LastPass was relatively easy. What about using it in an enterprise environment with hundreds of workstations and laptops? That’s the real challenge. What ...
SECTION 9 author

119 - Our Patch Management Process

iTunes | Google | Stitcher | SpotifyWe’ve got a patch management process. It isn’t perfect, but It’s a start. That’s way better than some organizations. What’s next? Testing it on Patch Tuesday.
SECTION 9 author

118 - Managing DigitalOcean Servers With Baselines And Automox

iTunes | Google | Stitcher | SpotifyAfter migrating to smaller, cheaper servers on DigitalOcean, I realized we need a new management process. We need a checklist that says do these 10 or 15 things. We’re starting the conversation. We hope to have this ...
SECTION 9 author

117 - Time For Secure Configurations

iTunes | Google | Stitcher | SpotifyTime to start thinking about secure configurations. What is a secure configuration? What gets configured? How do you manage them?This is just the beginning!
SECTION 9 author

116 - HIPAA Clarification, BIND 9 & The Jitbit Help Desk Solution

iTunes | Google | Stitcher | SpotifyWe’ve got a HIPAA correction to make, BIND 9 changes, & a new help desk solution called Jitbit. LINKSHITRUST Alliance About HITRUST If I’m HITRUST CSF certified, does that mean I’m HIPAA-compliant?BINDJitbit - H...
SECTION 9 author

115 - Patch Tuesday, Automox Issues & HIPAA Compliance

iTunes | Google | Stitcher | SpotifyIn this episode we talk about patch Tuesday, An issue with Automox, & HIPAA compliance. We also have a bit of interesting news. We might have our first client. There’s a minor issue. They asked about HIPAA compli...
SECTION 9 author

114 - Why aren't you patching?

iTunes | Google | Stitcher | SpotifyThe city of Baltimore wasn’t patching. They got hacked. One million systems connected to the Internet are vulnerable to BlueKeep. Why haven’t these systems been patched? When will they be hacked? Not patching could ...
SECTION 9 author

113 - The Baltimore Ransomware Attack

iTunes | Google | Stitcher | SpotifyThe City of Baltimore was hit by Ransomware. We go over some of the details, including an unpatched vulnerability from 2017. LINKSHackers Are Holding Baltimore Hostage: How They Struck And What’s NextBaltimore estima...
SECTION 9 author

112 - The Verizon Data Breach Report

iTunes | Google | Stitcher | SpotifyI finally took a look at the Verizon Data Breach Report. If you haven’t read it, do it now. This report helps you understand how the hackers are getting in. You need to know how they get in if you want to plan for pr...
SECTION 9 author

111 - Surviving Patch Tuesday With Automox

iTunes | Google | Stitcher | SpotifyWith the help of Automox, we survived patch Tuesday. We know all of our Windows systems are patched. This process wasn’t seamless. It required a few more mouse clicks than we expected. I’ll take a few more mouse clic...
SECTION 9 author

110 - Patch & Configuration Management With Automox

iTunes | Google | Stitcher | SpotifyAutomox is a cross platform patch and configuration management solution. This thing is awesome. We patched an Ubuntu workstation and 3 Windows 10 systems. We even installed notepad++ on a couple of Windows 10 systems...
SECTION 9 author

109 - The First 3 Critical Security Controls Are Tough To Implement

iTunes | Google | Stitcher | SpotifyThe first three critical security controls might seem simple, but they’re not. For those that have a hand full of devices, they can be simple. For those that have more than a hand full, they can be difficult to imple...
SECTION 9 author

108 - A Security Program For Everyone

iTunes | Google | Stitcher | SpotifyAs the title says, we’ve come up with a security program that works for everyone. For some, this is it. For others, this is a place to start. We’re basing this on the first three CIS controls. We’re also using the ne...
SECTION 9 author

107 - Virtualization With Proxmox or ESXi

iTunes | Google | Stitcher | SpotifyTime to take a look at our Virtualization options. It’s a choice between Proxmox or ESXi.We don’t need anything fancy. We’re simple people. We still need to test them to make sure they work. Before we can test anythi...
SECTION 9 author

106 - Cleaning Up The Network

iTunes | Google | Stitcher | SpotifyTime to clean up the network. Not as simple as I thought it would be. We talk about the issues I had and the changes I made. We can’t do any testing until the network is cleaned up.
SECTION 9 author

105 - We Figured Out Two Step Verification vs Two Factor Authentication

iTunes | Google | Stitcher | SpotifyWe figured out two step verification. Well, sort of. At least we know the difference between two factor authentication and two step verification. Sometimes all it takes is a quick review of the options. CORRECTIONIn ...
SECTION 9 author

103 - Getting Cheaper DNS Servers

iTunes | Google | Stitcher | SpotifyWe’re working on a better process for securely accessing our Gmail or Google account. We’ve got 2-step verification with our phone. That works great, but now we have a new problem. What happens when we lose our phone...
SECTION 9 author

103 - Getting Cheaper DNS Servers

iTunes | Google | Stitcher | SpotifyWe just learned that we’re paying too much for our DigitalOcean servers. Unfortunately there’s no simple fix. These are authoritative DNS servers for We can’t just delete them and create new, cheaper ver...
SECTION 9 author

102 - Creating Solutions Based on The CIS Controls

iTunes | Google | Stitcher | SpotifyTime to start our own business, or at least give it a try. Dorothy & I talk about building services and solutions around the first three critical security controls. This includes possible solutions for hardware i...
SECTION 9 author

101 - The Risk Assessment Process

iTunes | Google | Stitcher | SpotifyWe take a look at the risk assessment process. What is a risk assessment? How Does it reduce risk? We’re using a NIST risk assessment process. It can be long and complicated. We also do a quick risk assessment on two...
SECTION 9 author

100 - What is Cyber Security?

iTunes | Google | Stitcher | SpotifyThis is our 100th episode. Hard to believe we’ve made it this far. For this episode Dorothy and I want to answer what might seam to be a simple question. It isn’t. We also talk about the things we want to learn, futu...
SECTION 9 author

99 - LastPass & Backblaze Rock! But...

iTunes | Google | Stitcher | SpotifyAs the title says, LastPass and Backblaze rock, but they’re not set and forget. We’re in the operate and optimize phases of the Cisco Network Life-cycle. There are a few gotchas with LastPass and Backblaze. This has ...
SECTION 9 author

98 - Wireshark Saves The Day

iTunes | Google | Stitcher | SpotifyWe managed to take a couple of small steps in the right direction. I managed to document and clean up the network. Dorothy got my new workstation moved over to her desk. We couldn’t have done it without Wireshark. It...
SECTION 9 author

97 - Testing PlexTrack & Nessus Pro

iTunes | Google | Stitcher | SpotifyDorothy and I had to get some last minute projects done. We had to finish testing PlexTrac, management software for security assessments. This testing required us to install and test Nessus Pro. Not only did we get t...
SECTION 9 author

96 - Planning For a New Workstation & Switch

iTunes | Google | Stitcher | SpotifyTime to go back to some unfinished projects. Dorothy is working on my new workstation. Something she bought for me a while ago. I’m in the process of finding a new switch for our network. Something I should have don...
SECTION 9 author

Our Windows 10 Baseline

iTunes | Google | Stitcher | SpotifyWe have a baseline for our Windows 10 systems. One that maps to the first 4 critical security controls. This is a big step in the right direction. LINKSus-cert.govBulletins - Weekly list of vulnerabilities on us-cert...
SECTION 9 author

#94 Testing Sumo for CIS Control #2

iTunes | Google | Stitcher | SpotifyWe did a quick test of Sumo. We tested the free and pro versions. We looked at the pros and cons. So far, Sumo seems like a good solution. The downside, we have to manually install applications. As a tiny organizatio...
SECTION 9 author

#93 Bitdefender GravityZone & Sumo

iTunes | Google | Stitcher | SpotifyDorothy and I do a quick review of Bitdefender GravityZone & Sumo. We’re on the hunt for solutions that meat one or more of the first 6 Critical Security Controls. The first 6 controls are our road map to a secur...
SECTION 9 author

#92 8 Strategies to Mitigate Cyber Security Incidents

iTunes | Google | Stitcher | SpotifyInstead of 20 Critical Security Controls, we’re going to talk about the Essential 8. These are 8 things you can do to keep your organization secure. This list comes from the Australian Cyber Security Center. LINKSEss...
SECTION 9 author

#91 2FA With Duo Security & LastPass

iTunes | Google | Stitcher | SpotifyIn this episode we take a look at two factor authentication with Duo Security and LastPass. We tried to use the Yubikey for 2FA, but that didn’t work out for us. In our case, Duo security might be a better option. No...
SECTION 9 author

#90 The Alaska Earthquake Experience

iTunes | Google | Stitcher | SpotifyOn Friday, November 30, Alaska was hit by a 7.0 earthquake. This happened just outside of Anchorage where we live. This was an experience we will never forget. We thought we would share some of the things we’ve exper...
SECTION 9 author

#89 Critical Security Controls 4-6

iTunes | Google | Stitcher | SpotifyTime to look at controls 4-6. This is where things get a bit tricky. Do you have the skills to deploy these controls? That’s a question we have to ask our selves. In some cases, we don’t. This is just the beginning. ...
SECTION 9 author

#88 The First 3 Critical Security Controls

iTunes | Google | Stitcher | SpotifyIt’s time to take a look at the first three Critical Security Controls. What are they? How do they keep your organization secure? How are we going to implement them? There’s a lot to think about with the first three....
SECTION 9 author

#87 The CIS Controls as an Audit Process

iTunes | Google | Stitcher | SpotifyWe’re trying to use the CIS Critical Security Controls as an audit process. We go over some ideas we’ve come up with. It will take us time to refine the process. We also go over some of the tools we might use. Tools ...
SECTION 9 author

#86 SANS Implementing & Auditing the Critical Security Controls - In-Depth

iTunes | Google | Stitcher | SpotifyI’m taking the SANS 566 course, Implementing & Auditing the Critical Security Controls - In-Depth. We talk about why I’m taking this course. LINKSGIAC GCCCSANS SEC566
SECTION 9 author

#85 Tracking Down Devices On a Switch

iTunes | Google | Stitcher | SpotifyIn this episode we track down devices on a switch using mac addresses. Sounds simple enough. Took a project that forced me to think in different ways to realize this. I add Nmap scans and a spreadsheet formula for go...
SECTION 9 author