Normal view

There are new articles available, click to refresh the page.
Before yesterdayInfosec Resources

Working at Google: Security, anti-abuse and artificial intelligence | Guest Elie Bursztein

By: Infosec
1 March 2021 at 08:00

Elie Bursztein joins us on today’s episode to talk all about his role as chief research lead for anti-abuse at Google! Along with Infosec Founder Jack Koziol and Cyber Work Podcast host Chris Sienko, they discuss the difference between the practices of security and anti-abuse, the difference between protecting Google the company and Gmail the product, and the aspects of security and anti-abuse that AI will never be able to do.

0:00​ - Intro
2:35 - Starting a career in cybersecurity
12:57 - Entering the industry today
19:09​ - Career progression
42:18​ - Tech and academia collaboration for anti-abuse research
52:26​ - Getting hired in anti-abuse and cybersecurity
1:01:09​ - Future of machine learning as AI hacking
1:16:26 - Outro

Have you seen our new, hands-on training series Cyber Work Applied? Tune in every other week as expert Infosec instructors teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You’ll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free! Click the link below to get started.

– Learn cybersecurity with our FREE Cyber Work Applied training series: https://www.infosecinstitute.com/learn/
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Elie Bursztein leads the Security and Anti-Abuse Research team at Google. He focuses on deep learning and cryptography research, and among many other accomplishments, broke SHA-1. His website, elie.net, is packed with informative articles and online talks he’s given over the years, a veritable master-class for any cybersecurity aspirants. He also describes himself as a wearer of berets and a purveyor of magic tricks in his spare time.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

CompTIA Security+ SY0-601 update: Everything you need to know | Guest Patrick Lane

By: Infosec
25 February 2021 at 08:00

CompTIA’s Security+, the most popular cybersecurity certification in the world, is getting an overhaul for 2021! The updated exam (from SY0-501 to SY0-601) re-aligns the certification to match the most in-demand entry-level cybersecurity skills and trends of 2021.

Get insights into the changes directly from the source, Patrick Lane, Director of Products at CompTIA, as he explains how Security+ is evolving to remain the “go-to” certification for anyone trying to break into cybersecurity.

0:00​ - Intro
4:10 - What is the CompTIA Security+ certification?
5:05​ - Security+ baseline technical skills
16:00​ - Security+ helps solve an industry problem
21:35​ - Security+ job roles
31:45​ - Job role skills and exam release
37:35​ - CompITA Cybersecurity Career Pathway
47:27​ - SY0-601 vs SY0-501: 6 big changes
52:10 - Security+ exam details
56:48- Live Q&A
1:02:13 - Outro

– 7 days of free Security+ training with your Infosec Skills trial: https://www.infosecinstitute.com/skills/learning-paths/comptia-security/
– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Patrick directs IT workforce skills certifications for CompTIA, including Security+, PenTest+, CySA+ and CASP+. He assisted the U.S. National Cybersecurity Alliance (NCSA) to create the “Lock Down Your Login” campaign to promote multi-factor authentication nationwide. He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users. Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, born and raised on U.S. military bases, and has authored and co-authored multiple books, including “Hack Proofing Linux: A Guide to Open Source Security.”

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Launch your cybersecurity career by finding a mentor | Guest Mike Gentile

By: Infosec
22 February 2021 at 08:00

Learn how mentors in the cybersecurity community can help launch your career on today’s episode featuring Mike Gentile, the Founder and CEO of CISOSHARE. Mike discusses the CyberForward program, which creates a mentorship and support system for new students of cybersecurity — often those with diverse cultural or economic backgrounds! CyberForward addresses not just skills training, but quality of life issues that might prevent entrance to the security field. If you’re feeling blocked and unsure how to enter the industry, you’ll really want to hear this episode!

0:00​ - Intro
2:24 - Starting a career in cybersecurity
5:39​ - Creating CISOHandbook.com
7:35 - What is CISOSHARE?
9:38​ - What is CyberForward?
11:15​ - Thoughts on the cybersecurity skills gap
17:40​ - Mentoring students through CyberForward
25:13​ - The training value system is broken
29:33 - Creating a network of support
32:44 - Helping the “beaten down” break through
36:52 - What’s next for CyberForward?
39:15 - Advice for getting started in cybersecurity
43:28​ - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Mike Gentile is the Founder, President and CEO of CISOSHARE, headquartered in San Clemente, CA. He has led the company since inception to become a global leader in security program services and solutions. Initially an experiment, the CISOSHARE culture centers around learning and teaching to make the confusing security discipline understandable.

In 2019, Mike founded CyberForward Academy by CISOSHARE using this learning and teaching culture to address both the cybersecurity resource shortage and the livable wage gap issues felt in many communities. This partner-enabled professional development program identifies and then rapidly develops effective job-ready cybersecurity professionals.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Malware analyst careers: Getting hired and building your skills | Guest Dr. Richard Ford

By: Infosec
15 February 2021 at 08:00

What does a malware analyst do? Find out on today’s episode featuring Dr. Richard Ford, Chief Technology Officer of Cyren. Richard talks about breaking into the field, whether a computer science degree is or isn’t essential for the role, and an early program he wrote to brag about his high score to his classmates!

0:00​ - Intro
2:30 - Richard’s cybersecurity origin story
6:07​ - Being an IBM anti-malware researcher in the 90s
9:18​ - How malware has evolved
11:27​ - Major career milestones
18:14​ - Two types of malware analysts
21:42​ - How to get hired as an entry-level analyst
25:45​ - Day-to-day malware analyst tasks
29:40 - Transitioning to an analyst role without any experience
34:30 - What does Cyren do?
37:25​ - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Dr. Richard Ford is the Chief Technology Officer of Cyren. He has over 25 years’ experience in computer security, working with both offensive and defensive technology solutions. During his career, Ford has held positions with Forcepoint, Virus Bulletin, IBM Research, Command Software Systems and NTT Verio. Dr. Ford has also worked in academia, having held an endowed chair in Computer Security, and worked as Head of the Computer Sciences and Cybersecurity Department at the Florida Institute of Technology. Ford holds a bachelor’s, master’s and D.Phil. in Physics from the University of Oxford. In addition to his work, he is an accomplished jazz flutist and instrument rated private pilot.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Gamification: Making cybersecurity training fun for everyone | Guest Jessica Gulick

By: Infosec
8 February 2021 at 08:00

We’re making cybersecurity training fun with today’s episode, which is all about gamification! Jessica Gulick of Katczy discusses the Wicked6 Cyber Games, the Women’s Society of Cyberjutsu, and the ways in which cyber games could rise to the ranks of other televised esports.

0:00​ - Intro
2:16​ - Starting in cybersecurity after 9/11
3:28​ - Major career milestones so far
7:08​ - Day to day duties as a CEO
11:00​ - Cybersecurity burnout and ongoing learning
13:16​ - Let’s dig into gamification!
19:11​ - How to design deeper gamification
22:32 - Selling gamification to leadership
28:45 - Wiked6 Cyber Games
35:10 - Gamified security awareness campaigns
37:42​ - Can gamification help grow the talent panel
42:05​ - Working with the Women’s Society of Cyberjutsu
49:58​ - What’s next for these gamified cyber events?
52:20​ - Outro

– Try our Choose Your Own Adventure® Zombie Invasion game: https://www.infosecinstitute.com/iq/choose-your-own-adventure/
– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Jessica Gulick is CEO of Katzcy, a woman-owned growth firm specializing in cybersecurity marketing and cyber games. She is also President of the Board at the Women’s Society of Cyberjutsu, a 501c3 dedicated to advancing women in cyber careers. Jessica is a 20-year veteran in the cybersecurity industry and a CISSP.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Moving up in cybersecurity: From help desk to FireEye to CEO | Guest Jason Meller

By: Infosec
1 February 2021 at 08:00

From working the help desk to becoming FireEye’s Chief Security Strategist and founding his own company Kolide, Jason Meller has a wealth of experience to share about moving up the cybersecurity ladder. On today’s episode, he discusses his security journey, including working one of the best help desk jobs of all time, bluescreening his friends in the Wild West days of the Internet and sharing advice for up-and-coming cybersecurity professionals.

0:00​ - Intro
2:22​ - Pixar movie Soul and finding his "spark"
6:40​ - The Wild West of cybersecurity
7:56​ - Working at the best help desk ever
12:13​ - Becoming a cyber threat analyst
18:02​ - The importance of soft skills
21:23​ - Becoming a chief security strategist at FireEye
24:38​ - Working solo vs in a team
25:55​ - Adding a new superpower with your talents
28:03​ - Should you leave your job?
31:10​ - Exploring the psychology of security
36:34​ - Security veterans and mentorship
40:30​ - What is Kolide?
44:30​ - The new work/life balance of security
46:40​ - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Jason Meller is the CEO and founder of Kolide. Jason has dedicated his career to building products and tools that enable security experts to successfully defend western interests from sophisticated and organized global cyber threats. He started his security and product career at GE's elite computer incident response team, led by Richard Bejtlich (the father of modern network security monitoring). From there, Jason moved to the legendary Mandiant corporation (acquired by FireEye) quickly working his way up from an entry level analyst position to becoming the Chief Security Strategist. As Chief Security Strategist at FireEye, Jason was responsible for rapidly building products and services with an engineering strike team to facilitate and grow high-profile partnerships and key strategic initiatives.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

SecOps and the keys to a successful cybersecurity startup | Guest Raju Chekuri

By: Infosec
25 January 2021 at 08:00

NetOps, SecOps and CloudOps — you’ll learn about it all on today’s episode featuring Raju Chekuri, CEO of NetEnrich. Raju shares his career journey, discusses his work helping new tech and cybersecurity startups, and explains why clinging blindly to a five-year plan can be a recipe for disaster.

0:00 - Intro 
2:12 - Getting started in cybersecurity
3:38 - How the security landscape has changed
8:27 - Complexity and scope of cybersecurity
10:05 - 16+ years at NetEnrich
14:30 - Going beyond governance to do it right
17:30 - Strategies for upping ITOps along with business
22:50 - Examples of companies doing it right
24:55 - Helping startups become successful
30:45 - Keys to a solid business plan
33:42 - Mentorships in security and startups
36:25 - Being an entrepreneur & humanitarian
40:15 - What's next for NetEnrich?
46:18 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Raju founded NetEnrich in 2004 after a successful IT career as an entrepreneur, visionary and business leader in Silicon Valley. He has led the company’s growth as SaaS for digital operations while innovating for AIOps and cybersecurity solutions. Raju is currently the chairman of the board at OpsRamp, a spin-off from NetEnrich. Previously, he founded Velio Communications, Inc., and led it to its acquisition by LSI Logic and Rambus in 2003. Raju earned an MBA at St. Mary’s College of California and a Bachelor of Technology at Kakatiya University. 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Cybersecurity careers: Risk management, privacy and healthcare security | Guest Tyler Cohen Wood

By: Infosec
19 January 2021 at 08:00

Learn about different cybersecurity roles and career paths in this wide-ranging conversation with today’s guest Tyler Cohen Wood. Tyler discusses working as a senior intelligence officer for the Defense Intelligence Agency (DIA), overseeing cyber risk for AT&T and writing her book Catching the Catfishers. We talk about online privacy, implementing complex cybersecurity systems, healthcare security shortcomings in the age of COVID — and her blue-haired, pre-cyber years working in the record industry!

0:00 - Intro
2:20 - Getting into IT & security
4:20 - Digital forensics & incident response
6:18 - Moving up the cybersecurity ladder
9:40 - Working with complex systems
12:57 - Director of Cyber Risk at AT&T
15:37 - Becoming a cybersecurity consultant
22:30 - Sharing too much personal info
26:20 - Work from home privacy & security
33:18 - Cybersecurity career tips
37:33 - Cybersecurity hiring & diversity
39:51 - Healthcare privacy & HIPAA changes
48:53 - Future career plans
50:15 - Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Tyler Cohen Wood is a cyber-authority with 18+ years of highly technical experience. As a cyber intelligence and national security expert, as well as three-time author and public speaker, Tyler is relied on for her wealth of knowledge and unique insights. She served with the DIA as a senior intelligence officer where she developed highly technical cyber solutions and made recommendations to significantly develop and change critical cyber policies and directives, which affected current and future intelligence community programs. She has helped the White House, DoD, federal law enforcement and the intel community thwart many cyberthreats to the U.S. She is the author of the book Catching the Catfishers. 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Kubernetes: Vulnerabilities, efficiency and cloud security | Guest Michael Foster

By: Infosec
11 January 2021 at 08:00

Learn all about Kubernetes, its possible misconfigurations and vulnerabilities, and how it applies to cloud security on today’s episode, featuring Michael Foster, a Cloud Native Advocate at StackRox. Michael discusses intrinsic Kubernetes security issues compared with those that come from improper use, the work of a Cloud Security Advocate, his time in the Chicago Cubs and more.

0:00 Intro 
2:03 Getting started in tech
4:09 From Cubs to security
8:10 What is Kubernetes?
10:45 Kubernetes issues & CNCF roadmap
14:50 Types of vulnerabilities
19:10 Kubernetes checklist and wishlist
23:30 Role and duties at StackRox
25:30 Cloud security skills & careers
31:30 Future of Kubernetes
33:28 What is StackRox?
35:35 Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Michael Foster is a passionate tech enthusiast and open-source advocate with a multidisciplinary background. As a Cloud Native Advocate at StackRox, Michael understands the importance of building an inclusive community. Michael embraces all forms of automation, focusing on Kubernetes security, DevOps, and infrastructure as code. He is continually working to bridge the gap between tech and business and focus on sustainable solutions.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Running a digital forensics business | Guest Tyler Hatch

By: Infosec
4 January 2021 at 08:00

We’re going back into the world of digital forensics careers with today’s guest, Tyler Hatch of DFI Forensics! Tyler tells us about moving from being a lawyer into the field of digital forensics, key traits of great forensics professionals and how to prove that incriminating evidence on a defendant’s laptop isn’t always what it seems. 

0:00 Intro 
2:46 Getting started in tech
5:24 Lawyer vs forensics
12:11 Staff and cases
18:45 Responsibilities and tasks
24:10 Digital forensics files podcast
27:45 Getting hired
30:40 Covid-19 work impact
33:16 Future of forensics
40:17 Breaking into forensics
42:43 Outro

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Following a six-year legal career that included representing clients in legal proceedings in small claims, the Supreme Court and a variety of administrative tribunals in B.C., Tyler found his way into the fascinating world of digital forensics and never looked back. 

Tyler is a Certified Computer Forensics Examiner (CCFE) and a Certified Mobile Forensics Examiner (CMFE) and is always training and receiving education to further his knowledge and understanding of computer forensics, IT forensics, digital forensics, cybersecurity and incident response. Tyler formed DFI Forensics in July 2018 and is the host of the “Digital Forensics Files” podcast. He is also a frequent contributor of written articles to various legal and digital forensics publications, including AdvocateDaily.com, LawyersDaily.ca, eForensics Magazine and Digital Forensics Magazine. 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

The 5 pillars of cybersecurity framework | Guest Mathieu Gorge

By: Infosec
28 December 2020 at 08:00

Help your C-suite get serious about cybersecurity with today’s episode, featuring Mathieu Gorge. Using his Five Pillars of Security Framework and his book, The Cyber Elephant in the Boardroom, Mathieu takes complex, confusing regulatory frameworks and maps them in a language that non tech-fluent board members can understand. 

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Mathieu Gorge is the author of the new ForbesBooks release, The Cyber Elephant in the Boardroom: Cyber-Accountability with the Five Pillars of Security Framework. He is also the CEO and founder of VigiTrust, a cybersecurity company with clients in 120 countries. Mathieu has over 20 years of IT security and risk management experience and is much-sought after for his expertise. As an authority on cybersecurity solutions, he has been asked to speak at conferences including RSA, ISSA and ISACA. 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

SolarWinds breach: Insights from the trenches | Guest Keatron Evans | Bonus incident response walkthroughs in description

By: Infosec
21 December 2020 at 08:00

It’s been a busy week for cybersecurity professionals as they respond to the SolarWinds breach. On December 13, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to immediately “disconnect or power down SolarWinds Orion products" as they were being actively exploited by malicious actors.

Infosec Skills author and KM Cyber Security managing partner Keatron Evans is helping numerous clients respond to the breach. In this live discussion and incident response demo (recorded Friday, December 18) he covers:

– What happened with the SolarWinds supply chain attack
– Immediate action you can take to protect your systems
– Industry responses to help mitigate the incident
– Live demo of Snort, memory forensics and Zeek
– Q&A with live attendees

Live walkthroughs from Keatron can be found here:
– Full video presentation: https://www.youtube.com/watch?v=5lc4HtmEYl4
– 10-minute Snort demo for SolarWinds and Sunburst incident response: https://www.youtube.com/watch?v=wG8dLV-LZwY
– 10-minute memory forensics demo of SolarWinds and Sunburst: https://www.youtube.com/watch?v=uLGLCv1Cu6A

Additional resources discussed by Keatron:
– FireEye Mandiant SunBurst countermeasures: https://github.com/fireeye/sunburst_countermeasures
– McAfee analysis into the Sunburst backdoor: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/
– Keatron's free Cyber Work Applied training videos: https://www.infosecinstitute.com/learn/
– Keatron's Infosec Skills courses: https://www.infosecinstitute.com/authors/keatron-evans/

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Hiring a ransomware negotiator: Tactics, tips and careers | Guest Kurtis Minder

By: Infosec
14 December 2020 at 08:00

Ever thought of hiring a ransomware negotiator, or becoming one yourself? On today’s episode, Kurtis Minder of GroupSense tells us what makes a good ransomware negotiator, why setting the right tone is crucial in a successful negotiation and why, in the right situation, you can get away with referring to a ransomer as “grasshopper.” 

We’re also excited to announce a new, hands-on training series called Cyber Work Applied. Every week, expert Infosec instructors and industry practitioners teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You’ll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free! Check out the link below to start learning.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

As the CEO and co-founder of GroupSense, Kurtis Minder leads a team of world-class analysts and technologists providing custom cybersecurity intelligence to some of the globe’s top brands. The company’s analysts conduct cyber research and reconnaissance and map the threats to client risk profiles. Kurtis arrived at GroupSense after more than 20 years in roles spanning operations, design and business development at companies like Mirage Networks (acquired by Trustwave), Caymas Systems (acquired by Citrix) and Fortinet (IPO).

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Vulnerability hunting and ecommerce safety | Guest Ted Harrington

By: Infosec
7 December 2020 at 08:00

Let’s talk about the practice of finding vulnerabilities! For Ted Harrington, Executive Partner of ISE, it’s much more than a job, it’s a life mission. Ted joins the Cyber Work Podcast to discuss being part of the first team to hack the iPhone, as well as thinking like a hacker to avoid being hacked yourself. He also gives advice for people who would rather sell their wares online this holiday season than spend all day thinking about security. The world has been moving in the direction of holiday shopping online for quite some time now, but with things being what they are in 2020, that trend is likely to grow exponentially upward as stores become either closed to the public or only open to a few people at a time for safety. Either way, that means a lot of online transactions, and a lot of juicy targets for cybercriminals.

– Get Ted's book, "Hackable: How to do application security right": https://hackablebook.com
– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Ted Harrington, Executive Partner at ISE is finding new ways to protect digital assets. He's helped companies like Disney, Amazon, Google, Netflix and Adobe fix tens of thousands of security vulnerabilities. His team at ISE is composed of ethical hackers known for being the first to hack the iPhone, where he applies his think-like-a-hacker mentality to constantly adapt to fresh security and software development challenges.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Securing Apple devices: Managing growing cyberattacks and risk | Guest Kelli Conlin

By: Infosec
30 November 2020 at 08:00

Dive into all things Apple security with today’s guest, Kelli Conlin, Security Solutions Specialist at Jamf. Learn about securing devices across multiple operating systems, the hidden-in-plain-sight Apple security Bible, and why Kelli’s mom isn’t allowed to use the 15-year-old Mac laptop Kelli is still hanging on to after all these years.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Kelli Conlin is a Security Solutions Specialist at Jamf focused on helping organizations be more secure with Apple. Prior to joining Jamf, Kelli was an Intelligence Analyst in the U.S. Air Force supporting special operations before starting an IT career path. Kelli currently lives in Tampa, FL with her husband, son, two cats and a miserable husky.

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Privileged access management and work-from-home tips | Guest Terence Jackson

By: Infosec
23 November 2020 at 08:00

Today we’re talking cloud security and work-from-home. If you’ve ever checked your work email on your personal phone – I know you have, because we’ve all done it! – or touched up some time-sensitive spreadsheets on the same ipad your kids use to play Animal Crossing, Terence Jackson, Chief Information Security & Privacy Officer of Thycotic, is going to tell you how to tighten up your security protocols to ensure that work-from-home doesn’t become breach-from-home!

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

With more than 17 years of public and private sector IT and security experience, Terence Jackson is responsible for protecting the company’s information assets. In his role, he currently leads a corporate-wide information risk management program. He identifies, evaluates and reports on information security practices, controls and risks in order to comply with regulatory requirements and to align with the risk posture of the enterprise. Prior to joining Thycotic, Terence was the Director of Cybersecurity and Professional Services for TSI, a Virginia based Inc. 5000 company. He has also worked as a Senior Security Consultant for Clango, Inc., a top Identity and Access Management (IAM) consultancy. He was featured in and also was a contributor to the book “Tribe of Hackers.”

About Infosec

Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Ask us anything: Security awareness, behavior and culture (part 2) | Infosec Inspire 2020

By: Infosec
21 November 2020 at 08:00

The final episode in our two-week long daily series includes four guests from the past two podcasts: David Hansen, Senior Analyst, Corporate IT Security & Compliance for Brookfield Renewable; Dan Teitsma, Information Security Specialist/Program Manager for Amway; Donna Gomez, Security Risk & Compliance Analyst for Johnson County Government in the State of Kansas; and Tomm Larson, Cyber Security Awareness Lead at Idaho National Laboratory. Our guests, along with moderator Tyler Schultz, answered questions that were sent in live during our virtual Infosec Inspire conference in September, including topics like the changes in awareness strategies in the face of mass work-from-home scenarios due to COVID, key traits to look for when hiring security awareness storytellers, and more.

Thanks for joining us for this 12-episode series. We’ll return on Monday with our normal weekly episodes.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Collaboration and cultural relevance: Taking security awareness global | Infosec Inspire 2020

By: Infosec
20 November 2020 at 08:00

The old saying goes, it takes a village to raise a child. In the case of Brookfield Renewable’s Senior Analyst David Hansen and Amway’s Information Security Specialist Dan Teitsma, their village is global. It takes a collaborative network of peers to plan and manage a worldwide security awareness and training program. If that sounds daunting, let Dan and David walk you through their blueprints for getting buy-in from stakeholders and designing feedback loops that allow them to tailor their programs to be culturally relevant and appropriate to employees.

For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Influencing security mindsets and culture | Infosec Inspire 2020

By: Infosec
19 November 2020 at 08:00

Communication, creativity and empathy are crucial in shifting from what we call a “have-to” security mindset (i.e., “I have to take this precaution because IT said so”) to a “want-to” mindset, which suggests employee buy-in to a company’s security policy beyond simply ticking off a to-do box or watching a training video. In today’s episode, Donna Gomez, Security Risk and Compliance Analyst for Johnson County Government in the State of Kansas, and Tomm Larson, Cyber Security Awareness Lead at Idaho National Laboratory, share security awareness and training strategies for putting learner experiences first, engaging employees and building your team with the right blend of talents to foster a strong security culture.

For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Ask us anything: Security awareness, behavior and culture (part 1) | Infosec Inspire 2020

By: Infosec
18 November 2020 at 08:00

In today’s episode, two guests from our September Infosec Inspire event answer all questions related to security awareness. Keynote speaker Jinan Budge, Principal Security and Risk Analyst at Forrester, and Bruce Hallas of the “Rethinking the Human Factor” podcast took questions from our virtual audience, including where to focus your time and budget in educating your staff at times other than Security Awareness Month, picking employees to be security champions, and maturing your organization’s security culture.

For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Why we need to rethink the human factor | Infosec Inspire 2020

By: Infosec
17 November 2020 at 08:00

Back in October, Cyber Work featured Bruce Hallas, author, speaker and host of the “Rethinking the Human Factor” podcast, to talk about his security awareness journey and strategies. In today’s episode, taken from the Infosec Inspire virtual conference, Bruce joins host Kristin Zurovich to talk about the ways that companies can move their security awareness strategies from a “have to” mindset, as in “I have to remember to do this because IT will yell at me if I don’t” to a “want to” mindset, in which security becomes not just a check-mark on a to-do list, but something that everyone in your company takes personal ownership of after the security training modules have been finished.

For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. 

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Storytelling in cybersecurity: The impact of a great story | Infosec Inspire 2020

By: Infosec
16 November 2020 at 08:00

Steve Jobs once said, "The most powerful person in the world is the storyteller. The storyteller sets the vision, values and agenda of an entire generation that is to come." But it’s not just the C-suite who has this power – everyone has access to the powers of storytelling to enhance security awareness. Today’s episode features Sarah Moffatt, a talent development expert, leader, coach and speaker. Her passion in life is working to empower and excite people about the practice of security, and if you stick around for today’s episode, you’ll find out how!

For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. 

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast


About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Ask us anything: Developing security talent and teams (part 2) | Infosec Inspire 2020

By: Infosec
14 November 2020 at 08:00

In the last two episodes, we talked about the importance of upskilling in employee engagement and retention and building stronger security teams by training for career progression, not just immediate tasks. Today, the guests of those two episodes, Jessica Amato of Raytheon Technologies, Romy Ricafort of Comcast Business, Katie Boswell of KPMG Cyber and Jason Jury of Booz Allen Hamilton answer some questions related to those discussions. They explore finding and recruiting new and novice cyber talent, methods of making diversity a robust part of your hiring strategy, best practices for the always scary process of moving between different career tracks, and a lot more.

For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. 

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Building stronger teams: Career path development strategies | Infosec Inspire 2020

By: Infosec
13 November 2020 at 08:00

On today’s episode, we discuss the strategies organizations can use to build stronger cybersecurity teams. Katie Boswell, Director of KPMG Cyber, and Jason Jury, Lead Associate at Booz Allen Hamilton, take you behind the scenes of KPMG's Cyber Academy and Booz Allen Hamilton's Cyber Core programs to share inspiration and strategies for building security talent internally and providing staff with progressive career path opportunities.

For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. 

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Upskilling to deepen employee engagement and retention | Infosec Inspire 2020

By: Infosec
12 November 2020 at 08:00

Today we dive into a hot topic in the cybersecurity world: how to upskill, engage and retain your cybersecurity workforce. Jessica Amato, Operations Manager at Raytheon Technologies, and Romy Ricafort, Senior Director Sales Engineering at Comcast Business, know first-hand the powerful role an investment in skills development can have in engaging their employees. They’ve designed security training programs around empowering their staff with an emphasis on career progression, not just short-term problem solving. They’re here to share the strategies that have helped Raytheon and Comcast develop and strengthen employees!

For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. 

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

💾

Ask us anything: Developing security talent and teams (part 1) | Infosec Inspire 2020

By: Infosec
11 November 2020 at 08:00

In the last two episodes, we talked about flipping the talent funnel and using the NICE Cybersecurity Workforce Framework to customize your company’s security training. Today, the guests of those two episodes, Danielle Santos, program manager at the National Initiative for Cybersecurity Education, Leo Van Duyn, Cybersecurity & Technology Workforce Development Strategy at JPMorgan Chase, and Karl Sharman, Head of Cyber Solutions & Consultancies at Stott & May, answer some questions related to those discussions. Danielle, Leo, and Karl discuss mentoring as a method to upskill less experienced members of your team, the unseen training costs of employee churn and a lot more.

For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. 

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
At Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

💾

Close your skills gap: Putting the NICE Workforce Framework for Cybersecurity to work | Infosec Inspire 2020

By: Infosec
10 November 2020 at 08:00

We continue our twelve straight days of episodes with a discussion around the NICE Workforce Framework for Cybersecurity featuring Danielle Santos, program manager at NICE, Leo Van Duyn, Cybersecurity & Technology Workforce Development Strategy at JPMorgan Chase, and Infosec moderator Megan Sawle. Danielle and Leo explain how to provide targeted, role-based training based on knowledge, skills and competencies and guide you step-by-step through creating custom role profiles to match your organization’s specific cybersecurity needs.

For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. 

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
At Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.



💾

Flip the funnel: Fixing the cybersecurity talent pipeline challenge | Infosec Inspire 2020

By: Infosec
9 November 2020 at 08:00

For the next twelve days, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. 

In our first episode, entitled “Flip the funnel: Fixing the cybersecurity talent pipeline challenge,” former Cyber Work Podcast guest Karl Sharman, Head of Cyber Solutions & Consultancies for Stott & May, and Infosec’s Director of Research & Product Marketing Megan Sawle drill down into the notion of the skills gap. Karl and Megan know that the skills gap is a significant challenge, but with actionable guidance to help fill vacant cybersecurity roles, you can think like successful security and IT leaders and improve recruiting, hiring and retention without relying on “unicorn” candidates to wander in. 

– Download Infosec’s 2020 IT & security talent pipeline study: https://www.infosecinstitute.com/form/2020-hiring-study-report/
– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
At Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

💾

BAHAMUT: Uncovering a massive hack-for-hire cyberespionage group | Guest Eric Milam

By: Infosec
2 November 2020 at 08:00

A very special co-host joins today’s episode of Cyber Work! Infosec founder and CEO Jack Koziol stops by to meet Eric Milam and dig into BlackBerry’s work on a massive research project about the threat actor group BAHAMUT. Eric discusses how their research found connections within a group that targets everyone from Indian oil tycoons to Middle Eastern government officials, the key skills his research team needed to do the work, and what the dinner-table conversations are like when you’re aggressively pursuing a nation-state attack group.

– Download the report, BAHAMUT: Hack-for-hire masters of phishing, fake news and fake apps: https://www.blackberry.com/us/en/forms/enterprise/bahamut-report
– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Eric Milam is the VP of Research Operations at BlackBerry where he and his team track malware threats and threat actors. During his time at BlackBerry, he discovered and published the details of numerous emerging threats and malware variants actively being exploited in the wild. Prior to joining BlackBerry, Eric was a highly regarded penetration tester and frequent conference speaker, widely known for his red-teaming exploits.

About Infosec
At Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.



💾

❌
❌