Normal view

There are new articles available, click to refresh the page.
Before yesterdayPentest/Red Team

Red teaming: The fun, and the fundamentals | Cyber Work Live

By: Infosec
12 July 2021 at 07:00

Learn what it’s like to do good by being bad. The idea of breaking into a company, by hook or by crook, attracts all sorts of would-be secret agents. But what is red teaming really like as a job? What are the parameters, what are the day-to-day realities and, most importantly, what is hands-off in a line of work that bills itself as being beyond rules?

Join a panel of past Cyber Work Podcast guests:
– Amyn Gilani, Chief Growth Officer, Countercraft
– Curtis Brazzell, Managing Security Consultant, GuidePoint Security

Our panel of experts have worked with red teaming from a variety of positions and will answer your questions about getting started, building your skills and avoiding common mistakes.

0:00 - Intro
2:34 - Favorite red team experiences
7:57 - How to begin a cybersecurity career
14:42 - Ethical hacking vs pentesting
18:29 - How to become an ethical hacker
23:32 - Qualities needed for red teaming role
29:20 - Gain hands-on red teaming experience
33:02 - Supplier red team assessments
37:00 - Pentesting variety
46:22 - Becoming a better pentester
52:12 - Red team interview tips
56:00 - Job hunt tips
1:01:18 - Sponsoring an application
1:02:18 - Outro

This episode was recorded live on June 23, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

How remote work is impacting federal cybersecurity careers | Guest Becky Robertson

By: Infosec
6 July 2021 at 07:00

Becky Robertson joins us from Booz Allen to discuss creating remote work situations that address modern requirements but don’t sacrifice security. We discuss the ways in which COVID-19 helped the federal sector reconsider every aspect of the workflow process and what that means for future remote roles.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
2:21 - Cybersecurity origin story
4:58 - Changes from the early days of cybersecurity
6:24 - Staying in the same organization for 25 years
8:56 - Day-to-day work as a VP
10:56 - Security and working from home
13:18 - Technical hurdles to work remotely
15:15 - Changing the nature of work post pandemic 
16:58 - Employees working remotely 
19:04 - Security concerns when working remotely
22:55 - How to pursue a federal cybersecurity career
25:18 - Federal cybersecurity positions in demand
27:42 - Skills needed to work in federal government
29:33 - Federal skills gaps
32:05 - Career advice 
32:57 - Finding mentors 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Building a billion-dollar cybersecurity company | Guest Sam King

By: Infosec
28 June 2021 at 07:00

Veracode CEO Sam King is an icon in the realms of secure coding and application security, and she joins the podcast, along with Infosec CEO Jack Koziol, to discuss her cybersecurity journey, the President’s directive on software security and so, so many more topics. You really don’t want to miss this one, folks.

– Download our FREE ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook
– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
3:10 - Origin story
5:05 - Ground floor of cybersecurity 
7:54 - The “aha!” moments 
12:30 - Point were you thought industry would grow
14:28 - Changes implemented at Veracode
19:52 - Nation’s approach to cybersecurity
24:10 - Federal government security 
26:25 - Government oversight 
28:14 - Secure coding practices 
31:52 - Veracode’s app security report
40:04 - How to learn web application security 
43:46 - Mistakes to avoid when applying  
47:13 - Bringing in more diverse candidates  
51:36 - Maintaining Veracode’s edge
54:25 - Advice to move into a new cybersecurity role
56:24 - Outro 

Sam King is the chief executive officer of Veracode and a recognized expert in cybersecurity, DevSecOps and business management. A founding member of Veracode, Sam has played a significant role in the company’s growth trajectory over the past 15 years, helping to mature it from a small startup to a company with a billion dollar plus valuation. Under her leadership, Veracode has been recognized with several industry distinctions including a seven-time consecutive leader in the Gartner Magic Quadrant, leader in the Forrester SAST Wave and a Gartner Peer Insights Customer Choice for Application Security. Sam has been a keynote speaker at events such as Gartner Security Summit, RSA and the Executive Women’s Forum, on topics ranging from cybersecurity to empowering women and creating diverse and resilient corporate cultures. She has been profiled in business publications such as the Huffington Post, CNNMoney, Financial Times, InfoSecurity Magazine and The Boston Globe.

Sam received her masters of science and engineering in computer and information science from University of Pennsylvania. She earned her BS in computer science from University of Strathclyde in Glasgow, Scotland, where she earned the prestigious Charles Babbage Award, awarded to the student with the highest academic achievement in the graduating class. She currently sits on the board of Progress Software. Sam is also a member of the board of trustees for the Massachusetts Technology Leadership Council, where she was a charter member of the 2030 Challenge: a Tech Compact for Social Justice in efforts to bring more diversity to the local workforce.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

How to pick your cybersecurity career path | Guest Alyssa Miller

By: Infosec
21 June 2021 at 07:00

Alyssa Miller of S&P Global Ratings discusses the easiest pentest she ever ran on an app and the importance of diversity of hiring, not just “diversity of thought.” She also gives some of the best advice we’ve heard yet on picking your cybersecurity path.

– Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook
– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro
2:44 - Miller’s origin story
5:53 - Experiences working while at school
8:20 - Pursuing a degree
10:57 - How has cybersecurity changed?
12:58 - Coming into cybersecurity from a different perspective
13:55 - Moving to pentesting versus programming
18:52 - Penetration testing through the years
20:46 - A big change in your industry
25:27 - Specifics of a business information security officer 
29:09 - Skills for a business information security officer role
32:34 - “Cyber Defenders’ Career Guide” book
35:08 - What surprised you about writing the book?
41:46 - Equity and inclusion in cybersecurity
47:11 - Who is doing equity correctly? 
49:12 - Long term equity strategies? 
52:45 - Final cybersecurity career advice 
55:40 - Outro 

Alyssa Miller is a hacker, security researcher, advocate and international public speaker with over 15 years of experience in cybersecurity. From a young age, she has enjoyed exploring and deconstructing technology to learn more about how it works. At 12 years old, she bought her first computer. From that $1,000 purchase, she launched a hobby that would later become her career. Just seven years later, she was hired to her first full-time salary job as a programmer. Alyssa is also passionate that doing better in security begins with sharing knowledge and learning from each other. She regularly presents her perspectives through public speaking engagements. She speaks at various industry conferences, vendor and customer hosted events and non-security related events. Alyssa’s mission is to improve all aspects of the security community. Therefore, her topics range from technical to strategic to higher level community and policy issues.

Alyssa is a member of Women in Cyber Security (WiCyS) Racial Equity Committee. Additionally, she participates in other organizations designed to build a more welcoming and cooperative culture in security. As a member of ISACA, Alyssa currently holds a Certified Information Security Manager (CISM) certification. She is also the author of "The Cyber Defenders’ Career Guide," published by Manning in May 2021. We’re going to be discussing all of Alyssa’s fascinating story, her career journey, the work of demystifying cybersecurity and her work helping to create a more inclusive and welcoming space in the cybersecurity industry. 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

How hackathons can help propel your career | Guest Jonathan Tanner

By: Infosec
14 June 2021 at 07:00

Jonathan Tanner of Barracuda talks about his time moving up the ladder at Barracuda, how he still enjoys computer science competitions like DEFCON Wireless Capture the Flag (CTF), and Barracuda’s revolutionary malware detection ATP platform he built.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro
3:04 - Origin story in cybersecurity 
5:45 - Major accomplishments and moving up with Barracuda
7:55 - Daily work as senior security researcher 
10:36 - Was this always what you were interested in?
12:42 - How did you expand your skills and position
14:30 - Cyber security resume tips
17:20 - Becoming a cybersecurity professional
19:01 - How can hackathons and conferences help you?
22:33 - Improving the hiring process
25:33 - How to prepare for cyber security interview
27:46 - Working long term with a tech company
29:27 - What’s next for you at Barracuda?
30:26 - Where should security professionals begin?
33:46 - What’s happening at Barracuda
34:33 - Where can I find out more about you?
35:06 - Outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Working as a cybersecurity researcher and industry analyst | Guest French Caldwell

By: Infosec
7 June 2021 at 07:00

French Caldwell of The Analyst Syndicate talks about his role as founder and chief researcher of the group. We also talk about Caldwell’s time at Gartner research, and his passion for cybersecurity research as a whole.

00:00 - Intro
03:43 - Caldwell’s background in cybersecurity
07:25 - Knowledge management
09:55 - Protecting digital trash
12:33 - Risk assessment and day-to-day work life
18:00 - How has research changed since 1999?
22:48 - Founding The Analyst Syndicate
26:45 - What is your day like at the Syndicate?
28:11 - What is your research like now?
29:33 - Disruptive technology and public policy
31:09 - Disruptive trends
34:30 - Advice to students in disruptive technologies
38:58 - Tell us about your simulator
46:22 - Cyberterrorism and risk to municipalities and hospitals
50:18 - Learn more about Caldwell and the Syndicate
51:54 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

French Caldwell is the leading strategist and thought leader in RegTech, including GRC and ESG, cybersecurity, social and digital risks and regulation and the impact of disruptive technologies on policy and strategy. He is a former Gartner Fellow, and following Gartner he became the global head of marketing at a Silicon Valley firm that delivers regtech solutions for governance, risk and compliance analytics and reporting. Skilled at the alignment of strategy, communications, technology, processes, analysis, policy and people to improve business and mission outcomes. Experienced at advising senior executives and corporate directors on disruptive technology, strategic risk management, cybersecurity and public policy issues.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Healthcare cybersecurity issues and legacy health systems | Guest Dirk Schrader

By: Infosec
24 May 2021 at 07:00

Dirk Schrader of New Net Technologies talks about healthcare security and legacy systems. We discuss the millions of pieces of health data left out in the open, the issues with closing these holes and the need for professional legacy system-whisperers.

0:00 - Intro
2:56 - What drew Dirk to security
4:46 - Did your Dad’s role inspire you?
5:55 - Stepping stones to your current job
9:35 - What is it like to be a security research manager
14:38 - Unprotected healthcare records
21:50 - Unprotected systems in the U.S.
25:20 - Using better security in hospitals
31:55 - Logistical issues of security for hospitals
37:48 - Best solution for hospital cybersecurity
39:30 - How to prepare for change
42:32 - What skills do you need for this work?
46:00 - Will people pursue these changes?
49:40 - Projects Dirk’s working on
52:10 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Dirk Schrader is the global VP of New Net Technologies (NNT). A native of Germany, Dirk’s work focusses on advancing cyber resilience as a sophisticated, new approach to tackle cyberattacks faced by governments and organizations of all sizes for the handling of change and vulnerability as the two main issues to address in information security.

Dirk has worked on cybersecurity projects around the globe, including more than four years in Dubai. He has published numerous articles in German and English about the need to address change and vulnerability to achieve cyber resilience, drawing on his experience and certifications as CISSP (ISC²) and CISM (ISACA). His recent work includes research in the area of medical devices, where he found hundreds of systems unprotected in the public internet, allowing access to sensitive patient data. This is going to be the topic of today’s episode, and we’re also going to talk about unprotected or poorly protected legacy systems in general, and how we start to build some coverage over this vast swath of unprotected information.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Project management careers in the military and private sector | Guest Ginny Morton

By: Infosec
17 May 2021 at 07:00

Ginny Morton, project management professional at Dell and veteran in the U.S. Army, takes us through the practice of cybersecurity project management in both for-profit and military sectors on today’s episode. We talk about Scrum and Agile certifications, building the best team for the project and tapping into your personal power in your work. 

0:00 - Intro
2:04 - Origin story
4:47 - What does a cybersecurity project manager do?
6:10 - Average work day as a project manager
7:40 - Best and worst parts of project management
9:30 - How does a PM improve cybersecurity work?
10:40 - Dell team management
12:50 - Being the team’s first manager
14:36 - Best project management certifications
21:02 - PM work for Dell versus the military
23:00 - Military clearances for PM work
24:08 - Skills and experiences necessary for high-level PM
22:52 - Skills and interests for a successful career
27:04 - Tips for those who want to transition careers
27:38 - Changes to PM work during COVID
28:40 - Adjustments to work from home
29:55 - Will PM work change?
31:04 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Ginny Morton is a senior cyber security advisor, program management at Dell, and has spent much of her career in the project management space for cybersecurity, previously working at TekSystems and in both the Texas Army National Guard and the U.S. Army.

Our recent guest, project manager Jackie Olshack, recommended Morton for the show, and as we had a ton of people tune in to see Jackie’s episode, we realize that our listeners are passionate about learning more about project management in IT and cyber as a career path, so I’m looking forward to talking with Morton about her career path as well as the unique aspects of doing project management work on a federal/military level.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Data governance strategy in 2021 | Guest Rita Gurevich

By: Infosec
10 May 2021 at 07:00

This episode we welcome Rita Gurevich, CEO and founder of Sphere Technology Solutions. She talks about what it’s like to start her own company, why it is important to know your assets when setting policy, and what skills and experiences set applicants apart when they look to hire. Plus, she has plenty of data governance strategies to chat about. 

0:00​ - Intro
2:47​ - Origin story
4:51​ - The creation of Sphere
7:14​ - Working solo at Sphere
9:12​ - What would you change going back?
10:30​ - Pricing your business activities
12:36​ - Average day as a CEO
13:32​ - Favorite parts of the job
14:50​ - What is data governance?
17:40​ - Factors driving data growth
19:28​ - First steps to form data strategy
22:07​ - Data governance best practices
23:40​ - Time frame to get a master inventory
25:17​ - What does good data governance do
26:12​ - Skills I need for data governance and management
27:47​ - Importance of collaboration and mentorship
30:26​ - Skills and experiences for Sphere candidates
32:48​ - Tips to get into cybersecurity work
34:06​ - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

As the CEO and Founder of Sphere, Rita Gurevich is charged with leading the strategic growth of the organization in providing business critical governance, security and compliance solutions to customers spanning multiple geographic locations and industry verticals.

Gurevich founded Sphere after gaining a massive amount of experience in a short time period during the Lehman bankruptcy, the economic downturn of 2008, and the enhanced regulatory environment that dominated the industry. Being in a unique position from this experience, Gurevich founded Sphere as a single contributor, and worked strategically to grow the company into the entity it is today.

Gurevich is the recipient of multiple honors and awards including recognition from her Entrepreneurial skills from Ernst & Young, and SmartCEO, along with being on the 40 Under 40 list in 2017. In addition, Gurevich sits on the Board of Directors for the New Jersey Technology Council.

This week’s topic is data governance strategies in 2021. As more of what we do goes online and into the cloud, and as more people need access to information, making sure that entrance points aren’t more accessible than they need to be is more important than ever. We’re going to talk about the issues around this topic, and also job strategies for people who want to do this type of work.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Lessons cybersecurity can learn from physical security | Guest Jeff Schmidt

By: Infosec
3 May 2021 at 07:00

This episode we welcome Jeff Schmidt of Covail to discuss security and risk management, working at the FBI to create the InfraGard program, and what cybersecurity can learn from physical security controls and fire safety and protection.

0:00 - Intro
2:30 - Origin story
4:31 - Stepping stones throughout career
8:00 - Average work day
12:14 - Learning from physical security
17:18 - Deficiencies in detection
22:17 - Which security practices need to change?
24:15 - How massive would this change be?
27:37 - Skills needed for real-time detection
32:00 - Strategies to get into cybersecurity
34:30 - Final words on the industry
37:16 - What is Covail?
38:40 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Jeff Schmidt, VP and Chief Cyber Security Innovator at Covail is an accomplished cybersecurity expert with a background in security and risk management. He founded JAS Global Advisors LLC, a security consulting firm in Chicago, and Authis, a provider of innovative risk-managed identity services for the financial sector. Jeff is a board member for Delta Risk LLC. In 1998, he worked with the FBI to create the InfraGard program, receiving commendations from the Attorney General and the Director of the FBI. He is an adjunct professor of systems security engineering at the Stevens Institute of Technology and a Zurich Cyber Risk Fellow, Cyber Statecraft Initiative, at The Atlantic Council. Jeff received a Bachelor of Science in computer information systems and an MBA from the Fisher College of Business at The Ohio State University.

Jeff came to us with an intriguing topic. He proposes what he calls a Detect, Defend, and Respond Posture in Cybersecurity, and postulates that cybersecurity can learn lessons from “the mature sciences of physical security and fire protection.” No matter how you’re securing your system now, there’s often room for improvement, and always room for taking in new ideas, so let’s take a closer look!

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Supporting economic advancement among women in cybersecurity | Guest Christina Van Houten

By: Infosec
26 April 2021 at 07:00

Christina Van Houten talks about Women@Work and women in cybersecurity on this week's episode. We discuss tactics for bringing more women and diverse candidates into cybersecurity, the importance of a well-balanced and skills-diverse team, and how the work of Chief Strategy Officer is like an ever-evolving game of Tetris! 

0:00 - Intro
2:30 - Van Houten's origin story
4:13 - Strategies cybersecurity was lacking
7:05 - Accomplishments that helped bolster her career
13:46 - Average day as chief strategy officer
18:03 - Entering cybersecurity in different ways
20:37 - Women@Work and trying to help
26:27 - Bringing more women into cybersecurity
29:20 - Making careers accessible to women
34:14 - Diversifying upper management 
36:22 - Success stories mentoring women
41:01 - Men@Work book and men in cybersecurity
46:33 - Roadblocks women in cybersecurity face
50:47 - Projects from Mimecast
54:37 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Christina Van Houten is a veteran of the enterprise technology industry, having spent two decades with some of the world’s largest firms, including Oracle, IBM and Infor Global Solutions as well as Netezza and ProfitLogic, the entrepreneurial companies that were acquired by them. Currently, Christina is chief strategy officer for Mimecast, a global leader in cybersecurity, where she leads product management, market strategy, corporate development, and M&A. She also serves on the board of directors for TechTarget and has been involved as an advisory board member of several emerging technology firms. In 2017, Christina launched Women@Work, a resource platform dedicated to the economic advancement and self-reliance of women and girls around the world.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Supply-chain security and servant leadership | Guest Manish Gupta

By: Infosec
19 April 2021 at 07:00

In this episode we explore supply-chain security with Manish Gupta. We’re going to learn about risks and cyberattacks related to the continuous integration/continuous deployment or CI/CD pipeline, which, given high-profile attacks like SolarWinds, will give us plenty to discuss this week!

0:00 - Intro
2:21 - Manish's origin story
4:58 - Major career stepping stones
8:45 - Lessons when ahead of the curve
11:21 - Average day as a servant leader CEO
14:54 - Concerns with supply chain security
21:22 - Federal supply chain action
26:20 - What supply chain policy should focus on
28:40 - Skills needed for supply chain jobs
32:48 - What should be on my resume?
34:03 - Showing supply chain aptitude
36:04 - Future projects
38:29 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Manish Gupta is the founder and CEO of ShiftLeft, an innovator in automated application security and the leader in application security for developers. He previously served as the chief product and strategy officer at FireEye, where he helped grow the company from approximately $70 million to more than $700 million in revenue, growing the product portfolio from two to more than 20 products. Before that he was vice president of product management for Cisco’s $2 billion security portfolio. He also served as a  vice president/general manager at McAfee and iPolicy networks.

Manish has an MBA from the Kellogg Graduate School of Management, MS in engineering from the University of Maryland and a BS in engineering from the Delhi College of Engineering.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

What does a digital forensic investigator do in the government? | Guest Ondrej Krehel

By: Infosec
12 April 2021 at 07:00

Digital forensics professional Ondrej Krehel talks about the work of digital forensics in federal and government locations, the things he learned during a months-long attempt at decrypting a well-secured Swiss bank file and why finishing the research beats any degree you could ever have.

0:00 - Intro
2:11 - Ondrej's cybersecurity journal
5:33 - Career stepping stones
9:55 - The Swiss job
16:02 - Chasing the learning and experience
20:01 - Digital forensics on a government and federal scale
28:07 - Forensics collaboration on a case
30:46 - Favorite work stories
31:33 - How to improve infrastructure security
36:01 - Skills needed to enter digital forensics in government
41:31 - Unheard activities of digital forensics
43:48 - Where do I get work experience?
47:05 - Tips for digital forensic job hunters
52:19 - Work with LIFARS
57:50 - Outro

Have you seen our new, hands-on training series Cyber Work Applied? Tune in every other week as expert Infosec instructors teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You’ll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free!

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Ondrej Krehel is a Digital forensics and cybersecurity professional. His background includes time with special cyber operations, cyber warfare and offensive missions and a court expert witness. His Forensic Investigation matters have received attention from Forbes, CNN, NBC, BBC, ABC, Reuters, The Wall Street Journal and The New York Times.

As you can see, Ondrej has a deep background in digital forensics and ethical hacking. He tells us about time spent as a guest lecturer at the FBI Training Academy, the current state of digital forensics in a federal and government context and gives us some info about how that realm differs from similar work done in for-profit or private companies.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Your beginner cybersecurity career questions, answered! | Cyber Work Live

By: Infosec
5 April 2021 at 07:00

Whether you’re looking for first-time work in the cybersecurity field, still studying the basics or considering a career change, you might feel overwhelmed with choices. How do you know you have the right knowledge? How do you make yourself stand out in the resume pile? How do you get jobs that require experience without having any experience?

Join a panel of past Cyber Work Podcast guests including Gene Yoo, CEO of Resecurity, and the expert brought in by Sony to triage the 2014 hack; Mari Galloway, co-founder of Women’s Society of Cyberjutsu and Victor “Vic” Malloy, General Manager, CyberTexas.

They provide top-notch cybersecurity career advice for novices, including questions from Cyber Work Live viewers.

0:00 - Intro
3:38 - I'm tech-savvy. Where do I begin?
10:55 - Figuring out the field for you
19:16 - Returning to cybersecurity at 68
23:30 - Finding a cybersecurity mentor
29:39 - Non-technical roles in the industry
36:21 - Breaking into the industry
43:46 - Standout resume and interview
51:31 - Is a certification necessary?
56:50 - Related skills beginners should have
1:04:35 - Outro

This episode was recorded live on March 25, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Defending the grid: From water supply hacks to nation-state attacks | Guest Emily Miller

By: Infosec
29 March 2021 at 07:00

This episode we welcome back Emily Miller of Mocana to discuss infrastructure security! We discuss the water supply hack in Oldsmar, Fla., the state of the nation’s cybersecurity infrastructure and brainstorm a TikTok musical that will make infrastructure security the next Hamilton! 

0:00 - Intro
3:02 - The last two years
5:54 - The impact of COVID
10:10 - The Florida hack
15:50 - Scope and scale of safety systems
18:50 - State and local government responses
23:20 - Logistical issues of security for infrastructure
26:45 - Ideal solutions to security 
31:33 - How to improve infrastructure security
39:42 - Aiming toward state and local government 
43:20 - Skills to learn for this work
48:13 - Future proofing this role
52:54 - Work and upcoming projects
55:55 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Miller is the Vice President of Critical Infrastructure and National Security with Mocana Corporation. Miller has over 15 years of experience protecting our nation’s critical infrastructure in both physical and cybersecurity, focusing on control systems, industrial IoT and other operational technology. Prior to joining Mocana, Miller was a federal employee with the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).  

On our previous episode back in early 2019, Miller and I talked about IoT security and infrastructure security, and how strengthening IoT and the security systems of our electrical, water and internet infrastructures isn’t just good business, it’s saving lives.

In the last two years, these issues have become even more noticeable and pronounced. Earlier this year, hackers were able to break into the network of a water purification system in a small town in Florida. By changing cleaning and purification levels in the town’s water supply, they could have realistically poisoned the whole town. Miller and I will be discussing not only how to address the problems we have now, but to help the new generation of cybersecurity professionals lead the charge to reverse a 50+ year trend of neglect against our country’s vital infrastructure, from power grids to roads.

About Infosec

Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

How to become a cybersecurity project manager | Guest Jackie Olshack

By: Infosec
22 March 2021 at 07:00

This episode we chat with Jackie Olshack, a project management professional, about the role of project management in cybersecurity. We break down the specific functions of some major project management certifications, discuss things you can do tonight to start your project management training and hear why every security breach story on CNN is a cause for reflection.

0:00 - Intro
3:09 - Getting into cybersecurity project management
4:30 - What does a cybersecurity project manager do?
5:56 - Identity access management
8:35 - Average day for a project manager
9:57 - Managing project resources
11:36 - Getting into project management
12:54 - What happens without a project manager?
14:30 - Highs and lows of the job
17:22 - Training needed for the role
20:18 - What is identity access management?
24:12 - Preferred job experiences
28:02 - Interests and skills to succeed
31:17 - Where do I begin with tech lingo?
33:18 - What can I do to change careers?
35:00 - Has remote work changed workflow?
35:55 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Jackie Olshack worked almost 20 years as legal secretary/paralegal for multiple patent corporate law firms. In the late 1990s, she began to recognize it was becoming harder to break the ceiling on her $58,000 salary as more and more attorneys were typing their own documents, managing their own calendars and making their own travel arrangements, putting the future of her career in jeopardy. After some introspection, she decided to go back to college and pursue a science degree with plans to go to law school to become a patent attorney — but couldn’t get her LSAT higher to get into even a fourth-tier law school. She now proudly thanks all the law schools that turned her down, preventing the dreaded $150,000-$200,000 law school debt she would have incurred. She is now an analytical, top performing SAFe trained senior project management professional with 14+ years of experience managing and implementing IT programs and projects successfully.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

How to become a security awareness manager | Guest Tiffany Franklin

By: Infosec
15 March 2021 at 07:00

Today we're talking about security awareness, specifically about the role of a security awareness manager, with Tiffany Franklin of Optiv. We talk about the importance of C-suite buy-in to a security awareness program, how to create challenging phishing simulators without making employees feel like victims of a gotcha attack and how being a fifth-grade math teacher can make you a better security awareness manager. 

0:00 - Intro
2:13 - Getting into cybersecurity
3:57 - Instructional design and technology
4:58 - Primary responsibilities in her role
6:38 - Security awareness work
9:40 - What is the division of work?
11:55 - Skills needed for this role
15:04 - Helping people when they fail
17:12 - Daily tasks
18:15 - Highs and lows of the job
22:00 - COVID phishing emails
22:40 - GoDaddy phishing and ethics
26:20 - Creating security awareness campaigns
31:14 - Optimal combo of tech and savvy
34:20 - How to get into cybersecurity
37:10 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Tiffany Franklin has over 13 years’ experience as a learning and development professional and is currently a Manager of Cybersecurity Education at Optiv. Tiffany and her team develop solutions that address the unique challenges of global organizations facing a wide array of cybersecurity risks, including security awareness training program courses, simulated phishing attacks, and training reinforcement materials. She has a background in education and has a Masters in Instructional Design & Technology.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Working at The Analyst Syndicate, AI ethics and sneaking into DARPA | Guest Diana Kelley

By: Infosec
8 March 2021 at 08:00

Diana Kelley of The Analyst Syndicate is on the podcast to chat about her 25-year-long career in security. She touches on artificial intelligence and machine learning ethics, sneaking into DARPA in the '70s and much more.

0:00 - Intro
3:14 - Getting into cybersecurity
11:51 - Cybersecurity changes in the past 25 years
15:34 - Choosing exciting cybersecurity projects
19:49 - What is The Analyst Syndicate?
23:00 - Editorial process at The Analyst Syndicate
26:26 - Changes in security from the pandemic
32:22 - Combating fatigue at home
34:35 - Digital transformation
39:25 - Bringing more women into cybersecurity
43:08 - Tips for hiring managers
46:16 - Using AI and ML ethically
51:50 - Tips to get into cybersecurity
55:15 - Kelley's next projects
56:18 - Learn more about Kelley
57:08 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Diana Kelley’s security career spans over 30 years. She is co-founder and CTO of SecurityCurve and donates much of her time to volunteer work in the cybersecurity community, including serving on the ACM Ethics & Plagiarism Committee, as CTO and board member at Sightline Security, board member and Inclusion Working Group champion at WiCyS, cybersecurity committee advisor at CompTIA, Advisory Council, Bartlett College of Science and Mathematics, Bridgewater State University and RSAC US Program Committee. Kelley produces the #MyCyberWhy series and is the host of BrightTALK’s The (Security) Balancing Act and co-host of the Your Everyday Cyber podcast. She is also a principal consulting analyst at TechVision Research and a member of The Analyst Syndicate. She was the Cybersecurity Field CTO for Microsoft, global executive security advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner) and a manager at KPMG. She is a popular keynote speaker, the co-author of the books "Practical Cybersecurity Architecture" and "Cryptographic Libraries for Developers," has been a lecturer at Boston College's Masters program in cybersecurity, the EWF 2020 Executive of the Year and one of Cybersecurity Ventures 100 Fascinating Females Fighting Cybercrime.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Working at Google: Security, anti-abuse and artificial intelligence | Guest Elie Bursztein

By: Infosec
1 March 2021 at 08:00

Elie Bursztein joins us on today’s episode to talk all about his role as chief research lead for anti-abuse at Google! Along with Infosec Founder Jack Koziol and Cyber Work Podcast host Chris Sienko, they discuss the difference between the practices of security and anti-abuse, the difference between protecting Google the company and Gmail the product, and the aspects of security and anti-abuse that AI will never be able to do.

0:00​ - Intro
2:35 - Starting a career in cybersecurity
12:57 - Entering the industry today
19:09​ - Career progression
42:18​ - Tech and academia collaboration for anti-abuse research
52:26​ - Getting hired in anti-abuse and cybersecurity
1:01:09​ - Future of machine learning as AI hacking
1:16:26 - Outro

Have you seen our new, hands-on training series Cyber Work Applied? Tune in every other week as expert Infosec instructors teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You’ll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free! Click the link below to get started.

– Learn cybersecurity with our FREE Cyber Work Applied training series: https://www.infosecinstitute.com/learn/
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Elie Bursztein leads the Security and Anti-Abuse Research team at Google. He focuses on deep learning and cryptography research, and among many other accomplishments, broke SHA-1. His website, elie.net, is packed with informative articles and online talks he’s given over the years, a veritable master-class for any cybersecurity aspirants. He also describes himself as a wearer of berets and a purveyor of magic tricks in his spare time.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

CompTIA Security+ SY0-601 update: Everything you need to know | Guest Patrick Lane

By: Infosec
25 February 2021 at 08:00

CompTIA’s Security+, the most popular cybersecurity certification in the world, is getting an overhaul for 2021! The updated exam (from SY0-501 to SY0-601) re-aligns the certification to match the most in-demand entry-level cybersecurity skills and trends of 2021.

Get insights into the changes directly from the source, Patrick Lane, Director of Products at CompTIA, as he explains how Security+ is evolving to remain the “go-to” certification for anyone trying to break into cybersecurity.

0:00​ - Intro
4:10 - What is the CompTIA Security+ certification?
5:05​ - Security+ baseline technical skills
16:00​ - Security+ helps solve an industry problem
21:35​ - Security+ job roles
31:45​ - Job role skills and exam release
37:35​ - CompITA Cybersecurity Career Pathway
47:27​ - SY0-601 vs SY0-501: 6 big changes
52:10 - Security+ exam details
56:48- Live Q&A
1:02:13 - Outro

– 7 days of free Security+ training with your Infosec Skills trial: https://www.infosecinstitute.com/skills/learning-paths/comptia-security/
– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Patrick directs IT workforce skills certifications for CompTIA, including Security+, PenTest+, CySA+ and CASP+. He assisted the U.S. National Cybersecurity Alliance (NCSA) to create the “Lock Down Your Login” campaign to promote multi-factor authentication nationwide. He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users. Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, born and raised on U.S. military bases, and has authored and co-authored multiple books, including “Hack Proofing Linux: A Guide to Open Source Security.”

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Launch your cybersecurity career by finding a mentor | Guest Mike Gentile

By: Infosec
22 February 2021 at 08:00

Learn how mentors in the cybersecurity community can help launch your career on today’s episode featuring Mike Gentile, the Founder and CEO of CISOSHARE. Mike discusses the CyberForward program, which creates a mentorship and support system for new students of cybersecurity — often those with diverse cultural or economic backgrounds! CyberForward addresses not just skills training, but quality of life issues that might prevent entrance to the security field. If you’re feeling blocked and unsure how to enter the industry, you’ll really want to hear this episode!

0:00​ - Intro
2:24 - Starting a career in cybersecurity
5:39​ - Creating CISOHandbook.com
7:35 - What is CISOSHARE?
9:38​ - What is CyberForward?
11:15​ - Thoughts on the cybersecurity skills gap
17:40​ - Mentoring students through CyberForward
25:13​ - The training value system is broken
29:33 - Creating a network of support
32:44 - Helping the “beaten down” break through
36:52 - What’s next for CyberForward?
39:15 - Advice for getting started in cybersecurity
43:28​ - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Mike Gentile is the Founder, President and CEO of CISOSHARE, headquartered in San Clemente, CA. He has led the company since inception to become a global leader in security program services and solutions. Initially an experiment, the CISOSHARE culture centers around learning and teaching to make the confusing security discipline understandable.

In 2019, Mike founded CyberForward Academy by CISOSHARE using this learning and teaching culture to address both the cybersecurity resource shortage and the livable wage gap issues felt in many communities. This partner-enabled professional development program identifies and then rapidly develops effective job-ready cybersecurity professionals.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Malware analyst careers: Getting hired and building your skills | Guest Dr. Richard Ford

By: Infosec
15 February 2021 at 08:00

What does a malware analyst do? Find out on today’s episode featuring Dr. Richard Ford, Chief Technology Officer of Cyren. Richard talks about breaking into the field, whether a computer science degree is or isn’t essential for the role, and an early program he wrote to brag about his high score to his classmates!

0:00​ - Intro
2:30 - Richard’s cybersecurity origin story
6:07​ - Being an IBM anti-malware researcher in the 90s
9:18​ - How malware has evolved
11:27​ - Major career milestones
18:14​ - Two types of malware analysts
21:42​ - How to get hired as an entry-level analyst
25:45​ - Day-to-day malware analyst tasks
29:40 - Transitioning to an analyst role without any experience
34:30 - What does Cyren do?
37:25​ - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Dr. Richard Ford is the Chief Technology Officer of Cyren. He has over 25 years’ experience in computer security, working with both offensive and defensive technology solutions. During his career, Ford has held positions with Forcepoint, Virus Bulletin, IBM Research, Command Software Systems and NTT Verio. Dr. Ford has also worked in academia, having held an endowed chair in Computer Security, and worked as Head of the Computer Sciences and Cybersecurity Department at the Florida Institute of Technology. Ford holds a bachelor’s, master’s and D.Phil. in Physics from the University of Oxford. In addition to his work, he is an accomplished jazz flutist and instrument rated private pilot.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Gamification: Making cybersecurity training fun for everyone | Guest Jessica Gulick

By: Infosec
8 February 2021 at 08:00

We’re making cybersecurity training fun with today’s episode, which is all about gamification! Jessica Gulick of Katczy discusses the Wicked6 Cyber Games, the Women’s Society of Cyberjutsu, and the ways in which cyber games could rise to the ranks of other televised esports.

0:00​ - Intro
2:16​ - Starting in cybersecurity after 9/11
3:28​ - Major career milestones so far
7:08​ - Day to day duties as a CEO
11:00​ - Cybersecurity burnout and ongoing learning
13:16​ - Let’s dig into gamification!
19:11​ - How to design deeper gamification
22:32 - Selling gamification to leadership
28:45 - Wiked6 Cyber Games
35:10 - Gamified security awareness campaigns
37:42​ - Can gamification help grow the talent panel
42:05​ - Working with the Women’s Society of Cyberjutsu
49:58​ - What’s next for these gamified cyber events?
52:20​ - Outro

– Try our Choose Your Own Adventure® Zombie Invasion game: https://www.infosecinstitute.com/iq/choose-your-own-adventure/
– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Jessica Gulick is CEO of Katzcy, a woman-owned growth firm specializing in cybersecurity marketing and cyber games. She is also President of the Board at the Women’s Society of Cyberjutsu, a 501c3 dedicated to advancing women in cyber careers. Jessica is a 20-year veteran in the cybersecurity industry and a CISSP.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Moving up in cybersecurity: From help desk to FireEye to CEO | Guest Jason Meller

By: Infosec
1 February 2021 at 08:00

From working the help desk to becoming FireEye’s Chief Security Strategist and founding his own company Kolide, Jason Meller has a wealth of experience to share about moving up the cybersecurity ladder. On today’s episode, he discusses his security journey, including working one of the best help desk jobs of all time, bluescreening his friends in the Wild West days of the Internet and sharing advice for up-and-coming cybersecurity professionals.

0:00​ - Intro
2:22​ - Pixar movie Soul and finding his "spark"
6:40​ - The Wild West of cybersecurity
7:56​ - Working at the best help desk ever
12:13​ - Becoming a cyber threat analyst
18:02​ - The importance of soft skills
21:23​ - Becoming a chief security strategist at FireEye
24:38​ - Working solo vs in a team
25:55​ - Adding a new superpower with your talents
28:03​ - Should you leave your job?
31:10​ - Exploring the psychology of security
36:34​ - Security veterans and mentorship
40:30​ - What is Kolide?
44:30​ - The new work/life balance of security
46:40​ - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Jason Meller is the CEO and founder of Kolide. Jason has dedicated his career to building products and tools that enable security experts to successfully defend western interests from sophisticated and organized global cyber threats. He started his security and product career at GE's elite computer incident response team, led by Richard Bejtlich (the father of modern network security monitoring). From there, Jason moved to the legendary Mandiant corporation (acquired by FireEye) quickly working his way up from an entry level analyst position to becoming the Chief Security Strategist. As Chief Security Strategist at FireEye, Jason was responsible for rapidly building products and services with an engineering strike team to facilitate and grow high-profile partnerships and key strategic initiatives.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

SecOps and the keys to a successful cybersecurity startup | Guest Raju Chekuri

By: Infosec
25 January 2021 at 08:00

NetOps, SecOps and CloudOps — you’ll learn about it all on today’s episode featuring Raju Chekuri, CEO of NetEnrich. Raju shares his career journey, discusses his work helping new tech and cybersecurity startups, and explains why clinging blindly to a five-year plan can be a recipe for disaster.

0:00 - Intro 
2:12 - Getting started in cybersecurity
3:38 - How the security landscape has changed
8:27 - Complexity and scope of cybersecurity
10:05 - 16+ years at NetEnrich
14:30 - Going beyond governance to do it right
17:30 - Strategies for upping ITOps along with business
22:50 - Examples of companies doing it right
24:55 - Helping startups become successful
30:45 - Keys to a solid business plan
33:42 - Mentorships in security and startups
36:25 - Being an entrepreneur & humanitarian
40:15 - What's next for NetEnrich?
46:18 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Raju founded NetEnrich in 2004 after a successful IT career as an entrepreneur, visionary and business leader in Silicon Valley. He has led the company’s growth as SaaS for digital operations while innovating for AIOps and cybersecurity solutions. Raju is currently the chairman of the board at OpsRamp, a spin-off from NetEnrich. Previously, he founded Velio Communications, Inc., and led it to its acquisition by LSI Logic and Rambus in 2003. Raju earned an MBA at St. Mary’s College of California and a Bachelor of Technology at Kakatiya University. 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Cybersecurity careers: Risk management, privacy and healthcare security | Guest Tyler Cohen Wood

By: Infosec
19 January 2021 at 08:00

Learn about different cybersecurity roles and career paths in this wide-ranging conversation with today’s guest Tyler Cohen Wood. Tyler discusses working as a senior intelligence officer for the Defense Intelligence Agency (DIA), overseeing cyber risk for AT&T and writing her book Catching the Catfishers. We talk about online privacy, implementing complex cybersecurity systems, healthcare security shortcomings in the age of COVID — and her blue-haired, pre-cyber years working in the record industry!

0:00 - Intro
2:20 - Getting into IT & security
4:20 - Digital forensics & incident response
6:18 - Moving up the cybersecurity ladder
9:40 - Working with complex systems
12:57 - Director of Cyber Risk at AT&T
15:37 - Becoming a cybersecurity consultant
22:30 - Sharing too much personal info
26:20 - Work from home privacy & security
33:18 - Cybersecurity career tips
37:33 - Cybersecurity hiring & diversity
39:51 - Healthcare privacy & HIPAA changes
48:53 - Future career plans
50:15 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Tyler Cohen Wood is a cyber-authority with 18+ years of highly technical experience. As a cyber intelligence and national security expert, as well as three-time author and public speaker, Tyler is relied on for her wealth of knowledge and unique insights. She served with the DIA as a senior intelligence officer where she developed highly technical cyber solutions and made recommendations to significantly develop and change critical cyber policies and directives, which affected current and future intelligence community programs. She has helped the White House, DoD, federal law enforcement and the intel community thwart many cyberthreats to the U.S. She is the author of the book Catching the Catfishers. 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Kubernetes: Vulnerabilities, efficiency and cloud security | Guest Michael Foster

By: Infosec
11 January 2021 at 08:00

Learn all about Kubernetes, its possible misconfigurations and vulnerabilities, and how it applies to cloud security on today’s episode, featuring Michael Foster, a Cloud Native Advocate at StackRox. Michael discusses intrinsic Kubernetes security issues compared with those that come from improper use, the work of a Cloud Security Advocate, his time in the Chicago Cubs and more.

0:00 Intro 
2:03 Getting started in tech
4:09 From Cubs to security
8:10 What is Kubernetes?
10:45 Kubernetes issues & CNCF roadmap
14:50 Types of vulnerabilities
19:10 Kubernetes checklist and wishlist
23:30 Role and duties at StackRox
25:30 Cloud security skills & careers
31:30 Future of Kubernetes
33:28 What is StackRox?
35:35 Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Michael Foster is a passionate tech enthusiast and open-source advocate with a multidisciplinary background. As a Cloud Native Advocate at StackRox, Michael understands the importance of building an inclusive community. Michael embraces all forms of automation, focusing on Kubernetes security, DevOps, and infrastructure as code. He is continually working to bridge the gap between tech and business and focus on sustainable solutions.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Running a digital forensics business | Guest Tyler Hatch

By: Infosec
4 January 2021 at 08:00

We’re going back into the world of digital forensics careers with today’s guest, Tyler Hatch of DFI Forensics! Tyler tells us about moving from being a lawyer into the field of digital forensics, key traits of great forensics professionals and how to prove that incriminating evidence on a defendant’s laptop isn’t always what it seems. 

0:00 Intro 
2:46 Getting started in tech
5:24 Lawyer vs forensics
12:11 Staff and cases
18:45 Responsibilities and tasks
24:10 Digital forensics files podcast
27:45 Getting hired
30:40 Covid-19 work impact
33:16 Future of forensics
40:17 Breaking into forensics
42:43 Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Following a six-year legal career that included representing clients in legal proceedings in small claims, the Supreme Court and a variety of administrative tribunals in B.C., Tyler found his way into the fascinating world of digital forensics and never looked back. 

Tyler is a Certified Computer Forensics Examiner (CCFE) and a Certified Mobile Forensics Examiner (CMFE) and is always training and receiving education to further his knowledge and understanding of computer forensics, IT forensics, digital forensics, cybersecurity and incident response. Tyler formed DFI Forensics in July 2018 and is the host of the “Digital Forensics Files” podcast. He is also a frequent contributor of written articles to various legal and digital forensics publications, including AdvocateDaily.com, LawyersDaily.ca, eForensics Magazine and Digital Forensics Magazine. 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

The 5 pillars of cybersecurity framework | Guest Mathieu Gorge

By: Infosec
28 December 2020 at 08:00

Help your C-suite get serious about cybersecurity with today’s episode, featuring Mathieu Gorge. Using his Five Pillars of Security Framework and his book, The Cyber Elephant in the Boardroom, Mathieu takes complex, confusing regulatory frameworks and maps them in a language that non tech-fluent board members can understand. 

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Mathieu Gorge is the author of the new ForbesBooks release, The Cyber Elephant in the Boardroom: Cyber-Accountability with the Five Pillars of Security Framework. He is also the CEO and founder of VigiTrust, a cybersecurity company with clients in 120 countries. Mathieu has over 20 years of IT security and risk management experience and is much-sought after for his expertise. As an authority on cybersecurity solutions, he has been asked to speak at conferences including RSA, ISSA and ISACA. 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

❌
❌