Bentsi Ben-Atar of Sepio Systems talks about some truly scary high-tech hacking weapons and techniques, from Raspberry Pis in your mouse or keyboard to charging cables that can exfiltrate data from a mile away. What do we do? How do we prepare?
0:00 - Intro 3:18 - Getting into cybersecurity 4:30 - Career highlights 5:50 - Co-founding two companies 7:22 - Typical work day at CTO and CMO 11:29 - New stealthy hacking tools 13:08 - Hacking a smart copy machine 17:46 - Stealing data with a Raspberry Pi 26:01 - The ninja cable 32:11 - Security awareness while traveling 35:20 - How to work battling high-tech cybercrime 36:35 - Exploring cybersecurity 37:47 - More about Bentsi’s companies 39:31 - Find more about Bentsi 39:57 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, Menachem Shafran of XM Cyber talks about cloud security. Menachem tells us about the work of project manager and product manager, how the haste to migrate to the cloud can unnecessarily leave vulnerabilities wide open and why a cloud security expert also needs to be a good storyteller.
0:00 - Intro 2:40 - Getting into cybersecurity 5:47 - Project manager in cybersecurity 9:12 - Identifying pain points 10:24 - Working as a VP of product 14:09 - Data breaches 16:30 - Critical versus non-critical data breaches 18:19 - Attacker’s market 19:38 - How do we secure the cloud? 22:45 - A safer cycle of teams 24:40 - How to implement cybersecurity changes 28:50 - How to work in cloud security 30:48 - A good cloud security resume 33:02 - Work from home and cloud security 34:30 - XM Cyber’s services 37:21 - Learn more about Menachem 38:00 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On this week’s Cyber Work Podcast, BugCrowd and disclose.io! founder Casey Ellis discusses how to think like a cybercriminal, the crucial need for transparent vulnerability disclosure, the origins of BugCrowd and why mentorship is a gift that goes in both directions.
0:00 - Intro 3:15 - Getting into cybersecurity 4:30 - Criminal mindset in cybersecurity 5:49 - Ellis’s career to date 9:10 - Healthcare cybersecurity 11:47 - Mentoring others 13:52 - Mentorship as a two-way street 16:12 - Bugcrowd and bug bounty 19:18 - Vulnerability disclosure project 21:30 - Bug bounty popularity 24:52 - U.S. sanctions on hacking groups 26:52 - Hiring hackers 31:52 - Pursue specialization 33:51 - Cyber threats flying under the radar 39:17 - Working from home safely 40:48 - How to get into bug bounties 42:18 - How to report vulnerabilities 44:04 - Advice to begin ethical hacking 45:23 - Learn more about Ellis 45:56 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, Kyle McNulty of Secure Ventures talks about interviewing the people behind the most up-and-coming cybersecurity startups. We discuss the best advice he’s received on the show, how to get your own podcast off the ground and his own security startup, ConsultPlace.
0:00 - Intro 2:40 - Getting into cybersecurity 6:00 - McNulty’s education and career 9:50 - Getting into consulting and startups 14:08 - Secure Ventures podcast 17:45 - Best insight from a podcast guest 20:13 - Startup stories 22:10 - Startups during COVID 23:42 - Advice for startups 25:22 - How to begin a podcast 33:25 - Tips for cybersecurity newcomers 35:04 - Upcoming podcasts 36:15 - ConsultPlace work 38:00 - Find more about McNulty 38:42 - Outro
On today’s podcast, Adam Flatley of Redacted talks about 14 years spent with the NSA and working in global intelligence. He also delineates the process of disrupting ransomware and cybercrime groups by dismantling organizations, putting on pressure and making the crime of ransomware more trouble than it’s worth!
0:00 - Intro 3:13 - Getting into cybersecurity 4:27 - Why work for the DoD? 6:37 - Average work day in threat intelligence 9:28 - Main security threats today 11:53 - Issues cybersecurity is ignoring 16:12 - Disrupting ransomware offensively 23:00 - How to handle ransomware 25:07 - How do I fight cybercriminals 27:15 - How to convey self learning on a resume 28:24 - Security recommendations for your company 31:40 - Logistics of changing security 34:40 - Cybercrime in five years 36:57 - Learn about Redacted 39:18 - Learn more about Adam 40:00 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, John Bambenek of Netenrich and Bambenek Consulting talks about threat research, intelligence analytics, why the same security problems are so evergreen and the importance of pitching in a little extra bit of your time and talents to make the world a bit better than you found it.
0:00 - Intro 2:45 - Getting into cybersecurity 9:40 - Threat researcher versus security researcher and threat analyst 12:05 - How to get into a research or analyst role 16:32 - Unusual types of malware 19:03 - An ideal work day 23:06 - Current main threat actors 28:50 - What cybersecurity isn’t addressing 31:38 - Where can I volunteer? 36:02 - Skills needed for threat researchers 40:53 - Adjacent careers to threat research 45:11 - Threat research in five years 48:55 - Bambenek Consulting 49:35 - Learn more about Bambenek 50:26 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, Cicero Chimbanda, Infosec Skills author and lecturer, discusses his cybersecurity leadership and management courses. We discuss the many paths of a cybersecurity leadership role, the soft skills that separate a good information security manager from a great one and why a baseline of cybersecurity knowledge can enhance any job, even if you don’t plan to pivot into the industry.
0:00 - Intro 3:37 - Getting into cybersecurity 6:43 - First learning cybersecurity 7:54 - Skills needed to move up 10:41 - CISM certification 13:00 - Two tracks of technology 15:13 - Are certifications important? 18:50 - Work as a college lecturer 22:43 - Important cybersecurity soft skills 27:40 - Cybersecurity leadership and management 32:33 - Where to go after security leadership 35:26 - Soft skills for cybersecurity managers 37:23 - Benefits to skills-based education 39:40 - Tips for lifelong learning 43:46 - Cybersecurity education’s future 45:21 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, Secureworks president and CEO Wendy Thomas talks about the company’s drive to provide innovative, best-in-class security solutions that sit at the heart of customers’ security operations. Thomas shares over 25 years of experience in strategic and functional leadership roles, including work as a chief financial officer, chief product officer and VP of strategy. Thomas has worked across multiple technology-driven companies and has a wealth of knowledge.
0:00 - Intro 3:18 - Wendy’s origin in cybersecurity 5:13 - Climbing the career ladder 8:10 - Average day as CEO 10:38 - Collaboration in cybersecurity 13:07 - Roadblocks in collaboration 15:03 - Strategies to encourage collaboration 17:53 - Is there collaboration now? 19:30 - Solving technology security gaps 21:35 - Limiting incident response noise 23:10 - Addressing the skills shortage 25:07 - Women in cybersecurity 30:45 - Developing your team 32:53 - Advice for those entering cybersecurity 34:18 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, Infosec Skills author Ted Harrington talks about authoring a recent Infosec Skills learning path, “How To Do Application Security Right,” which is also the subtitle of his recent book, “Hackable: How To Do Application Security Right.” Harrington shares his application security expertise, or AppSec, the benefits of skills-based learning, and what it was like to hack the iPhone.
0:00 - Intro 3:00 - Hacking the iPhone 8:30 - IOT security 14:00 - “Hackable” book 17:14 - Using the book as a roadmap 18:42 - Most important skills right now 21:45 - Taking Harrington’s class 24:40 - Demystifying application security 26:48 - Career opportunities 28:26 - Roadblocks in application security 30:55 - Education tips for application security 33:40 - Benefits of skills-based education 37:21 - The skills gap and hiring process 41:19 - Tips for lifelong learners 43:43 - Harrington’s next projects 44:33 - Cybersecurity’s education’s future 45:38 - Connect with Harrington 46:50 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast Infosec Skills author Chrys Thorsen talks about founding IT Without Borders, a humanitarian organization built to empower underserved communities through capacity building information and communications technology (ICT) skills and information access. She’s also a consultant and educator. And, for our purpose, she is the author of several learning paths on our Infosec Skills platform. She has written course paths for Writing Secure Code in Android and Writing Secure Code in iOS, as well as a forthcoming CertNexus Cyber Secure Coder path.
0:00 - Intro 2:43 - Thorsen’s origin story in cybersecurity 4:53 - Gaining about 40 certifications 6:20 - Cross certification knowledge 7:25 - Great certification combos 8:45 - How useful are certifications? 11:12 - Collecting certifications 13:01 - Changing training landscape 14:20 - How teaching changed 16:36 - In-demand cybersecurity skills 17:48 - What is secure coding? 19:34 - Secure coders versus coders 20:31 - Secure coding in iOS versus Android 22:39 - CertNexus secure coder certification 24:13 - Secure coding before coding 24:42 - Secure coding curriculum 26:27 - Recommended studies post secure coding 26:50 - Benefits to skills-based education 27:43 - Tips for lifelong learning 29:29 - Cybersecurity education’s future 30:54 - IT Without Borders 33:38 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, Jasmine Jackson takes us through how you can get noticed on your resume, how Linux basics can set you up for learning other aspects of cybersecurity, and how capture the flag activities are crucial to enriching your work skills. Jackson has over 10 years of information security experience and shares her passion for cybersecurity by presenting and teaching workshops, including new courses now available in Infosec Skills. She is currently the Jeopardy-style capture the flag (CTF) coach for the inaugural U.S. Cyber Games and works as a senior application security engineer for a Fortune 500 company.
0:00 - Intro 3:08 - Jasmine Jackson’s origin story 4:25 - Winning a computer 6:22 - Jackson’s career path 13:46 - Thoughts on certifications 19:10 - Ideal job description 21:01 - Most important cybersecurity skills 22:54 - Linux fundamentals class 25:07 - What does knowing Linux do for you? 26:35 - How to build upon a Linux foundation 28:51 - Benefits to skills training 29:50 - Tips for lifelong learning 31:30 - Coaching in the U.S. Cyber Games 34:26 - How are team members chosen for the games? 37:47 - An intriguing CTF puzzle 41:43 - Where is cybersecurity education heading? 43:36 - Learn more about Jackson 46:33 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Today's guest is Alex Amiryan, a software developer with over 18 years of experience specializing in cybersecurity and cryptography. Alex is the creator of the popular SafeCamera app, which was the predecessor of Stingle Photos, an end-to-end encrypted, open-source gallery and sync app able to prevent theft by breach. How does it work, and how did Alex come by his obsession for cryptography? Tune in and find out!
0:00 - Intro 1:41 - Origin story in cybersecurity 3:38 - Running afoul of the law 4:44 - Beginning your own company 7:10 - Advice on starting a business 9:15 - What is Stingle Photos? 12:30 - End-to-end encryption 15:20 - Black box storage 17:47 - Encryption safety 19:01 - Preventing photo theft 22:20 - Working in encryption and cryptography 24:24 - Skills needed for encryption and cryptography 26:43 - An "aha" moment 28:00 - Cryptographer job market 29:45 - Next steps in cryptography 35:52 - Learn more about Stingle Photos 36:28 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
This week we chat with Connor Greig of CreatorSphere (creatorsphere.co) about beginning a career in IT at age 17 when he joined Hewlett Packard as an applications engineer, but after just a few weeks was promoted to project manager. He went on to work on secure projects for the British government and was a project manager for secure cloud computing and software development modernization during the WannaCry, Spectre and Meltdown vulnerabilities that were found.
0:00 - Intro 3:00 - Origin story 4:58 - Getting into IT 8:53 - Being scouted by HP at 17 11:34 - What did HP see in you? 15:42 - Working with the British government 17:49 - Being fast on your feet 19:51 - Area of specialty 21:30 - Balancing work and management 25:25 - Saving McDonald's from a data breach 31:58 - McDonald's reaction 38:56 - Starting your own company 45:25 - Advice for starting your own company 49:15 - How to learn new concepts and skills 53:15 - What's it like being a gay man in cybersecurity? 55:30 - Making cybersecurity more welcoming 58:15 - Cybersecurity career advice 1:00:33 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Security Yearbook creator Richard Stiennon joins today’s podcast to share his career journey. He talks about creating the first ISP in the Midwest in the ‘90s, the role of the Security Yearbook in telling the history of cybersecurity and the best place to start your cybersecurity career. Hint: It’s not necessarily with the big firms!
0:00 - Infosec Skills Monthly Challenge 0:50 - Intro 2:50 - How Richard got started in cybersecurity 7:22 - Penetration testing in the ‘90s 10:17 - Working as a research analyst 14:39 - How the cyberwar landscape is changing 19:33 - Skills needed as a cybersecurity researcher 20:30 - Launching the Security Yearbook 27:20 - Security Yearbook 2021 29:00 - Importance of cybersecurity history 30:48 - How do cybersecurity investors see the industry 34:08 - Impact of COVID-19 and work from home 35:50 - Using the Security Yearbook to guide your career 40:38 - How cybersecurity careers are changing 43:29 - Current pentesting trends 47:06 - First steps to becoming a research analyst 48:20 - Plans for Security Yearbook 2022 50:20 - Learn more about Richard Stiennon 51:09 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Cybersecurity hiring managers, and the entire cybersecurity industry, can benefit from recruiting across a wide range of backgrounds and cultures, yet many organizations still struggle with meaningfully implementing effective diversity, equity and inclusion (DEI) hiring processes.
Join a panel of past Cyber Work Podcast guests as they discuss these challenges, as well as the benefits of hiring diversely: – Gene Yoo, CEO of Resecurity, and the expert brought in by Sony to triage the 2014 hack – Mari Galloway, co-founder of Women’s Society of Cyberjutsu – Victor “Vic” Malloy, General Manager, CyberTexas
This episode was recorded live on August 19, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/
The topics covered include: 0:00 - Intro 1:20 - Meet the panel 3:28 - Diversity statistics in cybersecurity 4:30 - Gene on HR's diversity mindset 5:50 - Vic's experience being the "first" 10:00 - Mari's experience as a woman in cybersecurity 12:22 - Stereotypes for women in cybersecurity 15:40 - Misrepresenting the work of cybersecurity 17:30 - HR gatekeeping and bias 25:56- Protecting neurodivergent employees 31:15 - Hiring bias against ethnic names 37:57 - We didn't get any diverse applicants! 43:20 - Lack of developing new talent 46:48 - The skills gap is "nonsense" 49:41- Cracking the C-suite ceiling 53:56 - Visions for the future of cybersecurity 58:15 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
PLEASE NOTE: Around minute 47, I incorrectly say that Eric Milam, author of the definitive report on the BAHAMUT threat group, is employed by HP. He is, in fact, employed by Blackberry. I sincerely apologize to Mr. Milam for the error.
In this special episode, we look back at how the show has evolved over the past three years and celebrate our amazing guests and viewers. You've helped grow the Cyber Work Podcast to nearly a million plays!
To give back, we're launching a brand new way for EVERYONE to build their cybersecurity skills. It's free. It's hands-on. Oh, and did we mention there's more than $1,000 in prizes EVERY MONTH.
Huge thank you to all the past guests who shared their expertise over the past 200 episodes. The timings of everyone in this episode are listed below. Happy listening!
0:00 - Intro 0:42 - Monthly challenges and $1,000 in prizes! 1:30 - Cyber Work Podcast origins 2:32 - First episode with Leighton Johnson 3:16 - Finding our first guests 3:46 - Keatron Evans on incident response 6:54 - Susan Morrow on two-factor authentication 8:54 - Susan Morrow on GDPR 11:03 - Susan Morrow on "booth babes" and speaking up 13:20 - Alissa Knight on getting arrested for hacking at 17 16:39 - Alissa Knight on API security 19:14 - Ron Gula on cybersecurity challenges 23:23 - Amber Schroader on the real work of digital forensics 26:19 - Theme of the Cyber Work Podcast 27:01 - Jeff Williams on creating the OWASP Top Ten 31:23 - David Balcar on the biggest APTs 33:46 - Elie Bursztein on breaking into cybersecurity 37:37 - Sam King on AppSec frameworks and analysis 41:17 - Gary DeMercurio on getting arrested for red teaming 47:19 - Eric Milam on the BAHAMUT threat group 53:39 - Feedback from Cyber Work Podcast listeners 55:16 - Alyssa Miller on finding your career path 57:24 - Amber Schroader on computer forensics tasks 59:07 - Richard Ford on malware analyst careers 1:02:02 - Career action you can take today 1:02:19 - Rita Gurevich on reading and learning 1:03:20 - Snehal Antani on transitioning careers 1:04:26 - Promoting underrepresented voices 1:05:09 - Mari Galloway on women in cybersecurity 1:05:31 - Alyssa Miller on diversity "dog whistles" 1:10:11 - Christine Izuakor on creating role models 1:10:52 - We want to hear your story 1:11:40 - Monthly challenges and outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Gemma Moore of Cyberis Limited talks about her incredible pentesting career and shares her advice for aspiring pentesters. She also discusses security as it regards the human cost of social engineering, which is the title of a recent article Gemma wrote.
– Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast 0:00 - Intro 5:26 - Becoming a world-class pentester 13:55 - 2004 pentesting versus now 17:25 - Early years of pentesting 19:30 - Natural skills to be a pentester 23:12 - Advice for aspiring pentesters 25:50 - Working in pentesting 27:50 - Red teaming 31:08 - How to be a great pentester 33:04 - Learn about CREST 36:13 - What should be on my resume? 37:45 - Cyberis Limited 40:25 - Diversity and inclusion 43:42 - The human cost of social engineering 50:06 - Training staff positively 52:54 - Current projects 54:20 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Ning Wang of Offensive Security talks to us about her role as CEO of Offensive Security. In her role she is responsible for the company culture, vision, strategy and execution. We talk about Wang’s cybersecurity journey, her direction at OffSec and the ways that white hat hackers can be recruited into the industry, possibly riding the interest of big news-story hacking events like the Colonial Pipeline hack to do so.
0:00 - Intro 2:21 - Origin story 5:31 - Changing careers 7:46 - Skills learned throughout Wang’s career 11:46 - Taking a chance on a new career 12:50 - What is Offensive Security? 16:19 - Try harder mindset 19:42 - Offensive Security certification 23:02 - Recruiting ethical hackers 28:12 - Civic responsibility 33:10 - Ethical hacking job specialties 36:49 - Tips for ethical hacking learners 40:09 - Women in cybersecurity 43:56 - Offensive Security’s future 46:35 - Feedback from students 48:11 - Learn more about Wang OS 48:48 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Adam Levin of CyberScout talks to us about scams, identity theft and more across the cybersecurity industry from the 1970s until today. He also tells us about his podcast, What the Hack with Adam Levin, which is focused on hacking, fraud and theft.
0:00 - Intro 3:01 - Origin story 7:07 - Bank safety in the old days 8:02 - Fraud and scams over the years 9:27 - Tactics today 13:15 - Scam experiences 14:33 - Scam embarrassment and stigma 18:17 - What the Hack podcast 20:22 - A taste of What the Hack 21:28 - How do you pursue stories for the podcast? 25:38 - How do you structure episodes? 26:44 - Humor in cybersecurity environment 28:43 - Work from home balance 30:25 - What is hot in fraud right now 36:50 - Credit reports 38:28 - Consumer protection and fraud careers 42:53 - Cyber savvy countries 44:31 - Predictions on fraud evolution 48:26 - Benefit to nationwide education? 50:42 - Optimism for security education 52:26 - Find out more about What the Hack 52:58 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Neal Dennis of Cyware talks to us about building a collective defense via increased threat intelligence sharing in the global security community. Dennis has worked with customer success and clients, helping them map out new intelligence workflows, and has also built out several intelligence analysis programs for Fortune 500 companies. Neal started his career as a SIGINT specialist while serving in the United States Marine Corps and later supported cyber initiatives for USCYBERCOM, STRATCOM, NSA, 24th Air Force, USAF Office of Special Investigations and JFCC-NW.
0:00 - Intro 2:10 - Origin story 3:57 - Military and linguistics influence 6:10 - Work in counterintelligence 8:51 - Digital forensics work 11:02 - Changes in open-source intelligence work 13:00 - Building a global defensive network 15:46 - Why aren’t we sharing info? 18:41 - How to implement global changes? 23:42 - Areas of friction for sharing 29:15 - Threat intel and open-source intel as a job 32:55 - Do research analysis 35:03 - Hiring outlook 37:15 - Tell us about Cyware 39:38 - Learn more about Dennis and Cyware 40:06 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Snehal Antani joins us from Horizon3.ai to talk about pentesting, red teaming and why not every vulnerability necessarily needs to be patched. He also shares some great advice for people entering the field.
0:00 - Intro 2:12 - Origin story 4:12 - Using your hacking powers for good 7:14 - Working up the IBM ranks 12:18 - Cloud problems 14:25 - Post-IBM days 16:50 - Work with the DOD 20:33 - Why did you begin Horizon3.ai? 24:38 - Vulnerabilities: not always exploitable 29:46 - Strategies to deal with vulnerabilities 33:36 - Sensible use of a security team 35:29 - Advice for red and blue team collaboration 39:14 - Pentesting and red teaming career tips 41:12 - Demystifying red and blue team 45:40 - How do you become intensely into your work 47:24 - First steps to get on your career path 49:49 - How to learn more about Horizon3.ai 50:42 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com. Neal Dennis
Frank Smith joins us from Ntiva to talk about the new Cybersecurity Maturity Model Certification (CMMC), organizations achieving Level 1 and Level 3 maturity levels, and why CMMC is so important for government contractors. Plus he discusses security for federal entities and how to get started in a career in cyber compliance by becoming a Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA).
0:00 - Intro 2:11 - Origin story 4:17 - Key projects to climb the work ladder 6:45 - An average work day 9:30 - Cybersecurity Maturity Model Certification 16:38 - CMMC over five years 17:30 - Which level of certification will you need? 19:00 - Level 3 versus level 1 certification 22:20 - Finding your feet by 2022 23:55 - Jobs to take in first steps toward compliance officer 27:27 - Benefits of CMMC for other roles 28:44 - Experiences to make you desirable as a worker 31:55 - Imperative to locking down infrastructure 37:58 - Ntiva 39:47 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Learn what it’s like to do good by being bad. The idea of breaking into a company, by hook or by crook, attracts all sorts of would-be secret agents. But what is red teaming really like as a job? What are the parameters, what are the day-to-day realities and, most importantly, what is hands-off in a line of work that bills itself as being beyond rules?
Join a panel of past Cyber Work Podcast guests: – Amyn Gilani, Chief Growth Officer, Countercraft – Curtis Brazzell, Managing Security Consultant, GuidePoint Security
Our panel of experts have worked with red teaming from a variety of positions and will answer your questions about getting started, building your skills and avoiding common mistakes.
0:00 - Intro 2:34 - Favorite red team experiences 7:57 - How to begin a cybersecurity career 14:42 - Ethical hacking vs pentesting 18:29 - How to become an ethical hacker 23:32 - Qualities needed for red teaming role 29:20 - Gain hands-on red teaming experience 33:02 - Supplier red team assessments 37:00 - Pentesting variety 46:22 - Becoming a better pentester 52:12 - Red team interview tips 56:00 - Job hunt tips 1:01:18 - Sponsoring an application 1:02:18 - Outro
This episode was recorded live on June 23, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Becky Robertson joins us from Booz Allen to discuss creating remote work situations that address modern requirements but don’t sacrifice security. We discuss the ways in which COVID-19 helped the federal sector reconsider every aspect of the workflow process and what that means for future remote roles.
0:00 - Intro 2:21 - Cybersecurity origin story 4:58 - Changes from the early days of cybersecurity 6:24 - Staying in the same organization for 25 years 8:56 - Day-to-day work as a VP 10:56 - Security and working from home 13:18 - Technical hurdles to work remotely 15:15 - Changing the nature of work post pandemic 16:58 - Employees working remotely 19:04 - Security concerns when working remotely 22:55 - How to pursue a federal cybersecurity career 25:18 - Federal cybersecurity positions in demand 27:42 - Skills needed to work in federal government 29:33 - Federal skills gaps 32:05 - Career advice 32:57 - Finding mentors
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Veracode CEO Sam King is an icon in the realms of secure coding and application security, and she joins the podcast, along with Infosec CEO Jack Koziol, to discuss her cybersecurity journey, the President’s directive on software security and so, so many more topics. You really don’t want to miss this one, folks.
0:00 - Intro 3:10 - Origin story 5:05 - Ground floor of cybersecurity 7:54 - The “aha!” moments 12:30 - Point were you thought industry would grow 14:28 - Changes implemented at Veracode 19:52 - Nation’s approach to cybersecurity 24:10 - Federal government security 26:25 - Government oversight 28:14 - Secure coding practices 31:52 - Veracode’s app security report 40:04 - How to learn web application security 43:46 - Mistakes to avoid when applying 47:13 - Bringing in more diverse candidates 51:36 - Maintaining Veracode’s edge 54:25 - Advice to move into a new cybersecurity role 56:24 - Outro
Sam King is the chief executive officer of Veracode and a recognized expert in cybersecurity, DevSecOps and business management. A founding member of Veracode, Sam has played a significant role in the company’s growth trajectory over the past 15 years, helping to mature it from a small startup to a company with a billion dollar plus valuation. Under her leadership, Veracode has been recognized with several industry distinctions including a seven-time consecutive leader in the Gartner Magic Quadrant, leader in the Forrester SAST Wave and a Gartner Peer Insights Customer Choice for Application Security. Sam has been a keynote speaker at events such as Gartner Security Summit, RSA and the Executive Women’s Forum, on topics ranging from cybersecurity to empowering women and creating diverse and resilient corporate cultures. She has been profiled in business publications such as the Huffington Post, CNNMoney, Financial Times, InfoSecurity Magazine and The Boston Globe.
Sam received her masters of science and engineering in computer and information science from University of Pennsylvania. She earned her BS in computer science from University of Strathclyde in Glasgow, Scotland, where she earned the prestigious Charles Babbage Award, awarded to the student with the highest academic achievement in the graduating class. She currently sits on the board of Progress Software. Sam is also a member of the board of trustees for the Massachusetts Technology Leadership Council, where she was a charter member of the 2030 Challenge: a Tech Compact for Social Justice in efforts to bring more diversity to the local workforce.
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Alyssa Miller of S&P Global Ratings discusses the easiest pentest she ever ran on an app and the importance of diversity of hiring, not just “diversity of thought.” She also gives some of the best advice we’ve heard yet on picking your cybersecurity path.
0:00 - Intro 2:44 - Miller’s origin story 5:53 - Experiences working while at school 8:20 - Pursuing a degree 10:57 - How has cybersecurity changed? 12:58 - Coming into cybersecurity from a different perspective 13:55 - Moving to pentesting versus programming 18:52 - Penetration testing through the years 20:46 - A big change in your industry 25:27 - Specifics of a business information security officer 29:09 - Skills for a business information security officer role 32:34 - “Cyber Defenders’ Career Guide” book 35:08 - What surprised you about writing the book? 41:46 - Equity and inclusion in cybersecurity 47:11 - Who is doing equity correctly? 49:12 - Long term equity strategies? 52:45 - Final cybersecurity career advice 55:40 - Outro
Alyssa Miller is a hacker, security researcher, advocate and international public speaker with over 15 years of experience in cybersecurity. From a young age, she has enjoyed exploring and deconstructing technology to learn more about how it works. At 12 years old, she bought her first computer. From that $1,000 purchase, she launched a hobby that would later become her career. Just seven years later, she was hired to her first full-time salary job as a programmer. Alyssa is also passionate that doing better in security begins with sharing knowledge and learning from each other. She regularly presents her perspectives through public speaking engagements. She speaks at various industry conferences, vendor and customer hosted events and non-security related events. Alyssa’s mission is to improve all aspects of the security community. Therefore, her topics range from technical to strategic to higher level community and policy issues.
Alyssa is a member of Women in Cyber Security (WiCyS) Racial Equity Committee. Additionally, she participates in other organizations designed to build a more welcoming and cooperative culture in security. As a member of ISACA, Alyssa currently holds a Certified Information Security Manager (CISM) certification. She is also the author of "The Cyber Defenders’ Career Guide," published by Manning in May 2021. We’re going to be discussing all of Alyssa’s fascinating story, her career journey, the work of demystifying cybersecurity and her work helping to create a more inclusive and welcoming space in the cybersecurity industry.
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Jonathan Tanner of Barracuda talks about his time moving up the ladder at Barracuda, how he still enjoys computer science competitions like DEFCON Wireless Capture the Flag (CTF), and Barracuda’s revolutionary malware detection ATP platform he built.
0:00 - Intro 3:04 - Origin story in cybersecurity 5:45 - Major accomplishments and moving up with Barracuda 7:55 - Daily work as senior security researcher 10:36 - Was this always what you were interested in? 12:42 - How did you expand your skills and position 14:30 - Cyber security resume tips 17:20 - Becoming a cybersecurity professional 19:01 - How can hackathons and conferences help you? 22:33 - Improving the hiring process 25:33 - How to prepare for cyber security interview 27:46 - Working long term with a tech company 29:27 - What’s next for you at Barracuda? 30:26 - Where should security professionals begin? 33:46 - What’s happening at Barracuda 34:33 - Where can I find out more about you? 35:06 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
French Caldwell of The Analyst Syndicate talks about his role as founder and chief researcher of the group. We also talk about Caldwell’s time at Gartner research, and his passion for cybersecurity research as a whole.
00:00 - Intro 03:43 - Caldwell’s background in cybersecurity 07:25 - Knowledge management 09:55 - Protecting digital trash 12:33 - Risk assessment and day-to-day work life 18:00 - How has research changed since 1999? 22:48 - Founding The Analyst Syndicate 26:45 - What is your day like at the Syndicate? 28:11 - What is your research like now? 29:33 - Disruptive technology and public policy 31:09 - Disruptive trends 34:30 - Advice to students in disruptive technologies 38:58 - Tell us about your simulator 46:22 - Cyberterrorism and risk to municipalities and hospitals 50:18 - Learn more about Caldwell and the Syndicate 51:54 - Outro
French Caldwell is the leading strategist and thought leader in RegTech, including GRC and ESG, cybersecurity, social and digital risks and regulation and the impact of disruptive technologies on policy and strategy. He is a former Gartner Fellow, and following Gartner he became the global head of marketing at a Silicon Valley firm that delivers regtech solutions for governance, risk and compliance analytics and reporting. Skilled at the alignment of strategy, communications, technology, processes, analysis, policy and people to improve business and mission outcomes. Experienced at advising senior executives and corporate directors on disruptive technology, strategic risk management, cybersecurity and public policy issues.
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Dirk Schrader of New Net Technologies talks about healthcare security and legacy systems. We discuss the millions of pieces of health data left out in the open, the issues with closing these holes and the need for professional legacy system-whisperers.
0:00 - Intro 2:56 - What drew Dirk to security 4:46 - Did your Dad’s role inspire you? 5:55 - Stepping stones to your current job 9:35 - What is it like to be a security research manager 14:38 - Unprotected healthcare records 21:50 - Unprotected systems in the U.S. 25:20 - Using better security in hospitals 31:55 - Logistical issues of security for hospitals 37:48 - Best solution for hospital cybersecurity 39:30 - How to prepare for change 42:32 - What skills do you need for this work? 46:00 - Will people pursue these changes? 49:40 - Projects Dirk’s working on 52:10 - Outro
Dirk Schrader is the global VP of New Net Technologies (NNT). A native of Germany, Dirk’s work focusses on advancing cyber resilience as a sophisticated, new approach to tackle cyberattacks faced by governments and organizations of all sizes for the handling of change and vulnerability as the two main issues to address in information security.
Dirk has worked on cybersecurity projects around the globe, including more than four years in Dubai. He has published numerous articles in German and English about the need to address change and vulnerability to achieve cyber resilience, drawing on his experience and certifications as CISSP (ISC²) and CISM (ISACA). His recent work includes research in the area of medical devices, where he found hundreds of systems unprotected in the public internet, allowing access to sensitive patient data. This is going to be the topic of today’s episode, and we’re also going to talk about unprotected or poorly protected legacy systems in general, and how we start to build some coverage over this vast swath of unprotected information.
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.