Mathieu Gorge of VigiTrust talks about the Marriott Hotel data breach that happened back in June, including the facts of the event and why once-per-year security awareness training isn’t enough when many employees only work seven months of the year. He also offers some privacy tips that will keep your hotel system privacy compliant under a whole host of different compliance frameworks. 

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Security awareness and data breaches
2:50 - Elephant in the boardroom book
5:42 - Gorge's latest projects and book
9:38 - Hacking of the Marriott Hotel
19:22 - Marriott's privacy and data collection policies
23:20 - Ensuring data privacy worldwide 
30:13 - How hotel franchises handle security
34:32 - Skills needed for securing the hotel industry
38:12 - What is DigiTrust?
41:20 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today on Cyber Work, Giora Engel of NeoSec talks about securing APIs. Find out why APIs are the new network, why their very nature makes them vulnerable to abuse and how to position yourself as an authority in the ever-growing field of API security. All that and a little entrepreneur talk.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - API security and PII
2:40 - Giora Engel’s cybersecurity beginning
4:20 - Israeli Defense Force and CEO of NeoSec
5:22 - Starting a cybersecurity company
9:20 - What is API security?
13:15 - Misconfiguration errors in API
17:21 - API and privacy regulation
20:02 - How to work in API security
22:06 - Security plan for PII
24:44 - Skills and experience needed to work in API security
27:10 - API hiring practices
28:58 - Fragility of API
31:07 - What is NeoSec?
32:35 - Learn more about NeoSec and Engel
32:55 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Dave Monnier of Team Cymru talks about the state of attack surfaces, the strengths and shortcomings of attack surface managers and why something we refer to as a “soft” skill might be the hardest skill of all! Plus, we touch on shadow IT.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Attack surfaces 
2:55 - Dave Monnier's first interest in cybersecurity
7:30 - Instinctual cybersecurity learning
9:20 - Monnier's work as a chief evangelist 
14:00 - Cybersecurity soft skills
16:30 - What are attack surface managers? 
28:25 - ASM 1.0 to ASM 2.0
32:22 - State of attack surfaces
34:58 - Asset infrastructure in your business
40:00 - Key skills cybersecurity novices need
43:07 - Learning in cybersecurity 
45:42 - Learn more about Team Cymru
47:19 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Noriswadi Ismail of Breakwater Solutions and the Humanising 2030 campaign joins us to talk about privacy as it pertains to international business, cybersecurity and why it’s important not just to learn the certification variants but also the cultural variants that shape them. And via the Humanising 2030 campaign, Noriswadi and colleagues hope to bring a more ethical and diverse approach to programming and guiding AI in the coming decade.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Privacy and international business
2:53 - Noriswadi's first interest in tech
6:38 - A path toward patent law
11:32 - Managing director at Breakwater
16:05 - State of international security and risk plans
18:52 - Certifications internationally
22:58 - Experience versus certification
25:40 - Humanising 2030
29:24 - AI bias and geopolitical impact
32:30 - Diversity and including in cybersecurity
38:23 - Other goals of Humanising 2030
41:22 - What is Breakwater Solutions? 
44:44 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Stephen Cavey, co-founder and chief evangelist of Ground Labs, talks about the jagged jigsaw puzzle of data collection, data privacy and the dozens — if not hundreds — of privacy regulations and frameworks that govern them. Cavey and I talk about the bad old days of indiscriminate data collecting and grossly insecure payment process. We also address the places where the privacy experts of the future will shape the use and protection of personal data in all industries.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free 
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Bad data privacy protocols
2:36 - How Stephen Cavey got into cybersecurity
4:55 - Shifting into cybersecurity privacy
8:30 - Business hurdles in cybersecurity 
13:10 - Why do companies store my data? 
20:20 - Breaking cybersecurity privacy law
25:45 - International privacy laws
28:07 - A universal privacy doctrine 
31:30 - Principles for collecting user data
34:22 - Skills for working in data privacy
37:44 - Data privacy officer work
39:25 - The future of data collection and privacy
42:08 - What is Ground Labs? 
43:30 - Learn more about Cavey and Ground Labs
43:43 - Outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Susan Morrow returns for her fourth time on the Cyber Work Podcast and the first since 2019. Morrow, simply put, is plugged into every aspect of digital identity currently being discussed, and she takes us deep into the security, ethical, practical and UX hurdles of current identity practices and gives us both an optimistic and pessimistic version of the digital identity practices in 10 years.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Digital identity 
3:00 - Current digital identity concerns
7:07 - Complicating digital identity
8:22 - Digital identity and daily work
13:00 - Secure coding
14:03 - Biggest problems in identity
20:54 - Competing identity systems
24:50 - How identity affects other areas
28:52 - The tech and processes of identity
30:04 - Identity in the next decade
34:24 - Jobs in identity
40:00 - Identity evangelist 
42:20 - Women in identity 
45:-02 - What is Avoco Secure?
47:28 - Learn more about Susan Morrow
48:40 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Lisa Tetrault of Arctic Wolf talks about the adhesives that hold cybersecurity together: communication, collaboration and strong teamwork. First, Tetrault discusses how public speaking at conferences and events made her a better cybersecurity professional; second, she talks about how her work mentoring cybersecurity students helps them fast-track their way into the cybersecurity community; and third, with her work in organizations with Women in Cyber and siberX, she helps bring diverse cybersecurity professionals into the community, build stronger, more multi-faceted teams, and with them, a more multi-faceted face of the industry!

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Public speaking in cybersecurity 
3:17 - Getting into cybersecurity via Atari
4:59 - Network analyst to technician and more
9:10 - Cybersecurity public speaking
19:30 - How to promote yourself as a speaker
22:27 - Learn how to speak in cybersecurity
25:25 - Mentoring cybersecurity students
32:30 - Gender diversity in cybersecurity 
36:14 - Where cybersecurity fails job mobility
38:29 - Cybersecurity diversity initiatives in 10 years
39:17 - Learn more about Lisa Tetrault 
40:04 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Infosec instructor and 40-year cybersecurity veteran Leighton Johnson talks to us about all things CMMC. After last year’s attempted rollout, CMMC pulled back and retooled its entire framework. But why? Johnson gives you all the details, including how to train to be a CMMC-certified auditor.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - CMMC in 2022
3:12 - Getting started in cybersecurity
4:15 - How to be CMMC compliant
5:15 - The evolution of CMMC
7:18 - CMMC compliance timeline
10:28 - Being assessed for CMMC compliance
14:30 - Becoming a CMMC auditor 
18:08 - What if you don't meet CMMC compliance?
21:40 - Skills comparable with the CMMC auditor 
23:25 - Evaluating your company and CMMC needs
28:54 - CMMC auditor job opportunities
31:03 - How to become a federal CMMC auditor
35:04 - What is ISFMT?
37:47 - Learn more about ISFMT and Johnson
38:18 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Tony Cook of GuidePoint Security knows a lot about threat intelligence and incident response. But he’s also used these skills while working in ransomware negotiation! Cook has handled negotiations for all the big threat groups — REvil, Lockbit, Darkside, Conti and more — and he told me about what a ransomware negotiator can realistically accomplish, which threat groups are on the rise, and why negotiating with amateurs is sometimes worse and harder than dealing with elite cybercriminals. 

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Ransomware negotiating 
2:42 - How Tony Cook got into cybersecurity
4:00 - Cook's work at GuidePoint 
9:31 - Life as a ransomware negotiator 
11:41 - Ransomware negotiation in 2022
13:52 - Stages of a successful ransomware negotiation 
15:23 - How does ransomware negotiation work?
19:11 - The difference between threat-acting groups
20:43 - Bad ransomware negotiating
22:43 - Ransomware negotiator support staff
25:21 - Ransomware research
26:26 - Is cyber insurance worth it? 
29:14 - How do I become a ransomware negotiator? 
32:25 - Soft skills for a ransomware negotiator
33:46 - Threat research and intelligence work
37:45 - Learn more about Cook and GuidePoint
38:17 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Michael Wilkinson leads the digital forensics and incident response team at Avertium. The team is dedicated to helping clients investigate and recover from IT security incidents daily. Wilkinson talks about threat research, the threat of Vice Society, how K-12 cybersecurity can improve and much more.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Digital forensics and incident response 
3:12 - Getting interested in computers
6:00 - How had digital forensics changed over the years
9:03 - Handling overwhelming amounts of data
12:53 - The threat of Vice Society 
17:20 - Why is Vice Society targeting K-12?
19:55 - How to minimize damage from data leaks
24:25 - How schools can improve cybersecurity
25:54 - What schools should do if cyberattacked 
31:36 - How to work in threat research and intelligence
34:42 - Learn more about Avertium
36:40 - Learn more about Mike Wilkinson
37:08 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Ameesh Divatia, CEO of Baffle, Inc., talks about data privacy, data security, cloud security and how a skillset in the middle of that triangle will be your best asset in the years to come. All that, and a little bit of local-focused philanthropy.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Data privacy, data security and cloud security 
2:43 - Ameesh Divatia's start in cybersecurity
7:13 - Founding cybersecurity companies
10:19 - Security innovation
12:41 - Cybersecurity regulatory compliance
17:00 - Transferring skills to data security
21:23 - Cybersecurity interviews and knowledge
25:03 - Data privacy policies 
27:44 - Data privacy requirements
30:22 - Confluence of data privacy, security and cloud
33:32 - Volunteering on a city's technology council
41:02 - What is Baffle?
44:11 - Connect with Divatia 
44:43 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Returning guest Ken Jenkins stops by to talk about his work as the head coach of the US Cyber Games. If you’re intrigued by this emerging e-sport, you will want to keep it here: Jenkins discusses the selection process for the athletes, the roles of the coaches and mentors, and the intense, real-time collaboration going on during the competitions.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - US Cyber Games 
3:38 - How does the security scorecard work
9:06 - Ken Jenkin's typical workday
12:20 - Head coach at the US Cyber Games
18:20 - How do Cyber Games teams work? 
20:50 - Cyber Games events
21:28 - Cyber Games draft
26:30 - Challenges for Cyber Games teams
30:00 - The makeup of a Cyber Games team
32:46 - Cyber Games participation explained
38:35 - Cyber Games red teaming
41:13 - How to get into the Cyber Games
44:31 - How Cyber Games translate to real-world skills
48:27 - Tackling a new cybersecurity challenge
51:12 - Follow the US Cyber Games
55:05 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Whether you’re studying for the CEH, CISSP, Pentest+, or even the Security+, there’s always one question about cryptography, and it’s easy to miss! Want to hear a cool trick to keep symmetric and asymmetric cryptography straight in your head? Keatron Evans has one, and he told it to me — stay tuned and listen closely because it’s a Cyber Work Hacks!

0:00 - Cryptography exam tips
0:23 - Certifications with cryptography questions
1:15 - Symmetric versus asymmetric cryptography
3:40 - Learn more about cryptography
4:50 - Find and learn from Keatron Evans

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Cyberis’ Matt Lorentzen talks all things pentesting, red teaming, the changing roles that red teaming has in fine-tuning and interrogating modern security and why you don’t have to stop doing the fun stuff even when you’re climbing the career ladder. 

0:00 - Intelligent pentesting, red teaming and modern security
2:30 - Matt Lorentzen's interest in cybersecurity
3:51 - What is a security consultant
8:02 - Pentesting and red team operations 
10:30 - Continued learning in cybersecurity 
15:54 - Read teaming and testing cyberattacks
21:40 - Intelligence-driven red teaming
23:40 - Surprising attack vectors 
26:53 - Common gaps in cybersecurity 
28:46 - School systems and cybersecurity 
32:33 - Adjustments to cybersecurity for school systems
36:14 - How to get into pentesting and red teaming
44:28 - Cybersecurity threats in the next decade
46:43 - What is Cyberis? 
48:02 - Learn more about Matt Lorentzen 
48:38 - Outro
 
About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

A.N. Ananth of Netsurion joins us to talk about the future of SOCs. Security operations centers used to look more like bunkers crowded with network traffic analysts who rarely got to see the sun. Ananth sees the Covid-induced era of remote SOCs to be a new reality but also a way to bring new professionals in from small towns are far-away locations, making it a partial fix to the security skills gap.

0:00 - Changes to SOC
2:59 - How A.N. Ananth got into cybersecurity
4:07 - Ananth's projects and career
6:25 - Management in cybersecurity
8:40 - What is the SOC?
11:08 - How large is a SOC team?
14:30 - The SOC mentality
17:07 - Remote SOC work
18:52 - Security challenges for remote SOC work
20:55 - Bringing in new SOC talent
23:13 - How to get your foot into cybersecurity
28:53 - What should be on a SOC resume?
32:00 - What is Netsurion
34:00 - Connect with Ananth
34:57 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec Skills author Leighton Johnson talks about major changes to CISM in 2022. CISM has shifted qualitatively from the “Manager” side of the cert name to the “Security” side.

0:00 - Changes to CISM's focus
2:21 - Why did CISM's focus change?
3:43 - How to study for the new CISM changes
6:47 - Important CISM skills to know
8:28 - Find Leighton Johnson
9:31 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Paul Giorgi of XM Cyber helps us wrap up 2022 by discussing some of the most unusual and complex attack paths he and XM have seen in the past year. We discuss some of the most common breaches and methods, as well as several attack paths that are the very definition of “taking the scenic route,” which is, of course, why they worked so long. Also, tune in for some great advice about getting involved in risk management and access management.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Unusual attack vectors in 2022
3:00 - First getting into cybersecurity
6:35 - What is a sales engineer? 
11:50 - Average workday as director of sales
15:30 - Strangest attack vectors of 2022
20:08 - Lessons learned in 2022 cybersecurity 
22:06 - DoD and zero trust
24:32 - Successful security attacks
31:30 - The uber breach and security landscape
36:01 - Smart cars and cybersecurity 
39:03 - Working in cybersecurity solutions
42:21 - Learn about XM Cyber
46:27 - Learn more about Paul Giorgi
47:04 - Outro 

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Venafi solutions architect Steve Judd talks about the recent directive from the Pentagon that a zero-trust policy be implemented at the Department of Defense in the next four years. Is this a workable deadline? What are the hurdles to be jumped? Judd also tells me what a solutions architect does and why he thinks it’s the most fun job in cybersecurity.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Pentagon’s zero-trust policy and DoD
2:22- How did you get into cybersecurity?
5:10 - Cybersecurity solution architect work
9:05 - Scope of zero-trust policy
16:00 - Getting ahead of the zero-trust policy
17:49 - What skills do zero-trust make mandatory?
19:37 - New jobs via zero-trust
23:44 - DevOps and DevSecOps
28:48 - Areas of studies to emphasize
31:00 - Things not to study in cybersecurity
38:00 - What is Venefi
40:05 - Learn more about Steve Judd
40:36 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec Skills author and Paraben founder and CEO Amber Schroader talks about how to quickly and inexpensively set up your own home digital forensics lab. 

0:00 - Creating your digital forensics lab
1:00 - Benefits of your own digital forensics lab
1:40 - Space needed for digital forensics lab
2:30 - Essential hardware needed for a forensics lab
5:01 - Important forensic lab upgrades
5:42 - Running your forensics lab
6:51 - Forensic lab projects
7:35 - Getting into forensic labs
8:04 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Yossi Appleboum, CEO of Sepio, talks about Cybersecurity and Infrastructure Security Agency (CISA)’s operational directive for non-military federal agencies to adopt a strict set of asset visibility and vulnerability detection system starting as early as April of 2023. Yossi discusses this directive, saying that it takes FCEB agencies out of the cybersecurity stone ages and into the future. Can it work in such a short time frame? Yossi has thoughts!

0:00 - Asset visibility and vulnerability detection
3:10 – First getting into cybersecurity
6:21 – Co-founding cybersecurity companies
9:30 – What it’s like as CEO of a cybersecurity company
13:00 – Ambassador of the Global Cyber Alliance
15:32 – CISA’s operational directive for federal agencies
19:25 – What are asset management and vulnerability?
24:40 – What comes after asset protection?
28:40 – CISA’s deadline for asset visibility compliance
30:40 – Job outlook for asset visibility and vulnerability detection
35:07 – Work experience needed for asset visibility roles
36:30 – How to work in asset visibility
40:04 – How will this CISA directive change cybersecurity?
41:50 – What is Sepio?
43:56 – Learn more about Yossi Appleboum
44:50 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Learn more about the (ISC)² CGRC certification: https://resources.infosecinstitute.com/overview/cgrc/

Enroll in a CGRC boot camp: https://www.infosecinstitute.com/courses/isc%C2%B2-cgrc-training-boot-camp/

Infosec instructor and returning guest Leighton Johnson talks about the recent (ISC)² CAP certification change: the Certified Authorization Professional (CAP) is now Certified in Governance, Risk and Compliance (CGRC). Why are they changing the name of the CAP certification? Is the CAP content going to change as well? What does this mean for the future? Let’s figure this out together.

0:00 - CAP vs. CGRC certification
1:40 - What jobs require a CGRC certification?
2:50 - Why change the CAP name to CGRC?
4:17 - Is CAP exam content different from CGRC?
6:00 - Should I upgrade CAP to CGRC?
7:35 - Study tips for the CGRC exam
9:13 - Learn more about CGRC
9:53 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Jacob DePriest, the VP and deputy chief security Officer at GitHub, talks about development security. In 2021, GitHub significantly ramped up its security department. DePriest told me all about the commitment to security and how you can move your organization toward a developer-focused security team. Whether you’re just hearing about GitHub now or you’re using GitHub from the moment your work day starts, you’ll want to check out this episode.

0:00 - GitHub's cybersecurity strategy
2:30 - How did you get into cybersecurity?
5:00 - Moving up in cybersecurity
8:57 - Working with NSA
10:08 - Working as a chief security officer
13:35 - Communication in cybersecurity
15:00 - What is GitHub?
17:46 - Coding as a team
19:30 - GitHub's security team
21:18 - Security threats GitHub faces
22:28 - GitHub's role in software security
25:10 - Navigating GitHub's tools
28:50 - How to study cybersecurity
30:54 - Entering software security
33:55 - Security tips for developers
36:45 - Learn more about DePriest and GitHub
38:25 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Amber Schroader, CEO of Paraben, explains the different ways to pursue a career in digital forensics, like pursuing a college degree or studying toward a certification. And if a certification, which one will take you on the path you want? Schroader also talks about what doors can open for you, where to get started, and which upper-level certs you should work toward so you’re prepared for the job you want.

0:00 - Breaking down digital forensics certifications 
1:08 - Different ways to learn digital forensics 
2:07 - Digital forensics college courses versus certifications
3:45 - Main digital forensics certifications and paths
5:20 - Finding a digital forensics niche
6:18 - Hands-on projects for digital forensics experience
7:25 - How to get started in digital forensics 
8:34 - Learn digital forensics
9:01 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, my guest, Jack Nichelson, wants you to know something. AI is coming! But it’s not SkyNet; it’s not the rise of the machines. Whatever unnerving story you’ve read in the past few weeks about ChatGPT and what it will or won’t do to humanity, I’d like you to join us here and get a much fuller picture of AI as a tool and our role in shaping and building it.

0:00 - ChatGPT AI
2:50 - How Jack Nichelson got into cybersecurity
4:45 - Types of IT cybersecurity roles
6:57 - AI versus human value
10:46 - Life as a CISO
15:12 - The ChatGPT story
19:37 - Where is AI at right now?
24:20 - Actual applications of AI in the future
30:04 - Areas of study to enter cybersecurity and AI
34:27 - Where AI tools may lead cybersecurity
37:00 - Training for future AI malware
40:20 - Software to spot AI malware
44:50 - What is Inversion6?
46:55 - Learn more about Jack Nichelson
47:12 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

James Stanger, chief technology evangelist at CompTIA, walks through their new Data+ certification. Infosec is proud to provide bootcamp and course training for a range of CompTIA certifications, and James helpfully breaks down the basics of data analytics, the types of learning you’ll need to engage in to pass and why security professionals have a lot more data analyst in their job role than they might think. All that, and a bit of geeking out about the humanities.

0:00 - CompTIA Data+
3:40 - How did James Stanger get into cybersecurity?
5:00 - From literature to IT
9:50 - Working for CompTIA as a tech evangelist
13:22 - What makes up a tech evangelist role?
18:00 - CompTIA's new Data+ certification
26:06 - Why is Data+ important for pros?
32:38 - Prerequisites for Data+ certification
40:05 - What does Data+ teach you?
43:53 - Training materials for Data+ certification

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

These days, keeping your security, IT or research team close now that more of us than ever work remotely is a challenge. How do you keep team bonds strong when your main interaction path is your tiny little colleagues trapped in little squares on a computer monitor? Susan Morrow has been managing a remote team for almost two decades. She dispenses wisdom on coordinating schedules in multiple time zones, ensuring everyone’s moving toward the same goal and helping team members of all work styles to do and feel their best. 

0:00 - Cybersecurity team remote work
2:30 - Remotely working with multiple teams
4:16 - What doesn't work remotely? 
5:51 - Avoiding remote work pitfalls
7:27 - Solving team drift
9:19 - Learn more from Susan Morrow
9:58 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Karen Worstell is a 25-year veteran of the tech, IT and security space; she’s a senior cybersecurity strategist at VMware and a chaplain. This episode goes to many fascinating places, from her days learning coding on a TRS-80 computer, how her extremely visual and right-brained approach to learning has influenced her security journey, her experiences as a woman in the industry and how her work as a chaplain brought her back from a security industry hiatus to help people suffering chronically from burnout. There’s also a bit about XDR — and its a big deal! 

0:00 - Burnout in cybersecurity
3:06 - Karen Worstell's start in cybersecurity
6:11 - A family of inventors
9:35 - Physical sciences and computer sciences
16:00 - Work as a senior cybersecurity strategist
18:18: - Working as a woman in cybersecurity
23:15 - Changes to make cybersecurity equitable
31:40 - Strategies for hiring equity in cybersecurity
34:00 - Burnout in cybersecurity
48:35 - Helpful cybersecurity organizations
51:37 - Why is XDR so important?
56:10 - Learn more about Worstell
56:44 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Paul Giorgi of XM Cyber, a man who told me his favorite way to learn new skills is to break things and put them back together, walked me through the basics of setting up your own cybersecurity practice lab at home for not too much money. But watch out because he says that once you start, your excitement about hands-on practice and buying old servers on eBay can get overwhelming! 

0:00 - Build your own cybersecurity practice lab
1:30 - How to practice with a home cybersecurity lab
5:48 - Resource requirements for a cybersecurity lab
8:48 - Cost of a cybersecurity lab
10:28 - First projects for a cybersecurity lab
13:02 - Learn more about Paul Giorgi and XM Cyber
13:42 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

David Melamed of Jit brings us a new wrinkle in our ongoing series of developer security topics! Melamed says we should move beyond “shift left,” shifting the security earlier in the CI/CD pipeline, into “Born Left,” a platform in which security tools are in the hands of developers at the point of creation. Melamed talks about his early programming experiences, his Ph.D. in Bioinformatics, and the delineation of responsibilities between developers and the DevSec team. All that and a bit of CTO talk.

0:00 - Moving from “shift left” to “born left”
3:05 - How David Melamed got into cybersecurity
6:00 - Choosing your cybersecurity job path
11:15 - Daily work as a cybersecurity CTO
13:02 - How to become a cybersecurity CTO
15:10 - Keeping a company on track
16:40 - DevSecOps shift left to born left
21:08 - Born left, and overall security
23:13 - Accountability for developers
25:07 - Application security and born left
29:33 - What will DevSecOps and born left look like in the future?
31:00 - How to work in software development security
34:35 - First steps to a cybersecurity development job
35:30 - What is Jit?
38:33 - Learn more about Melamed
39:08 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.