Infosec’s Principal Security Researcher, instructor and cybersecurity renaissance man Keatron Evans returns to the show for the first in a series of once-quarterly episodes breaking down big stories in the news and cybersecurity trends for the future! We talk Solarwinds, Colonial Access Pipeline, Oldsmar, Keatron’s origin story and why, just like practicing your scales makes you a better musician, master pentesters and security pros got where they did by mastering the art of repetition in learning.
0:00 - Intro 2:30 - How did you get into cybersecurity? 4:00 - What skills did you have early on? 6:10 - First interaction with Infosec 10:34 - Work as a principal security researcher 13:20 - Machine learning in cybersecurity 14:14 - Infosec classes 17:28 - Equity in cybersecurity 20:25 - You don't need a technical background 21:36 - Major security breaches of 2021 22:15 - SolarWinds breach 24:56 - What job roles help stop these breaches? 27:50 - Water treatment plant breach 31:42 - Infrastructure security 34:30 - President Biden and cybersecurity 39:22 - Supply chain security 43:20 - Security trends for 2022 49:00 - Projects to keep an eye on 50:52 - Learn more about Evans 51:44 - Outro
Security managers develop security strategies that align with the organization's goals and objectives. In addition, they direct and monitor security policies, regulations and rules that the technical team implements. Knowledge in areas like information security governance, program development and management, incident response and risk management are important to success in any security management role.
0:00 - Intro 0:26 - What does a security manager do? 3:15 - How do you become a security manager? 4:54 - What education is required for security managers? 5:55 - What certificates are required for security managers? 7:23 - What skills does a security manager need to have? 9:58 - Common tools security managers use 11:48 - Where do security managers work? 13:45 - How well do security managers pivot into other roles? 15:36 - What step can someone take now to become a security manager? 17:27 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Andrew Howard, CEO of Kudelski Security, returns to give us his cybersecurity predictions for 2022! How will cybersecurity protect the supply chain, why is quantum computing on all of his clients' minds, and how would Andrew rewrite security from the ground up if a genie granted him three wishes?
0:00 - Intro 3:00 - Getting into cybersecurity 4:00 - How has the cloud evolved? 6:46 - The past year in cybersecurity 8:20 - The next cybersecurity innovation 8:57 - Where quantum computing is going 10:15 - Concerns about encryption data 10:54 - The state of ransomware 12:57 - Cybersecurity supply chain issues. 16:18 - Hybrid work cybersecurity 18:42 - The year of cyber insurance 20:35 - DOD directive to close security gaps 22:15 - What would you change in cybersecurity? 25:45 - What would put phishing out of mind? 28:10 - Advice to 2022 cybersecurity students 29:37 - Kudelski Security 30:58 - Blockchain security in 2022 31:57 - Learn more about Kudelski 32:10 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Penetration testers, or ethical hackers, are responsible for planning and performing authorized, simulated attacks within an organization’s information systems, networks, applications and infrastructure to identify vulnerabilities and weaknesses. Findings are documented in reports to advise clients on how to lower or mitigate risk. Penetration testers often specialize in a number of areas such as networks and infrastructures, Windows, Linux and Mac operating systems, embedded computer systems, web/mobile applications, supervisory control data acquisition (SCADA) control systems, cloud systems and internet of things (IoT) devices.
0:00 - Intro 0:26 - What does a penetration tester do? 1:10 - Levels of penetration testers 1:50 - How to become a penetration tester 3:08 - Education needed to be a pentester 3:50 - Skills needed to pentest 4:24 - Common tools of the pentester 5:07 - Training with the tools 5:42 - Job options for pentesters 6:36 - Work duty expectations 7:45 - Can you move to a different role? 9:09 - What can I do to become a pentester? 9:54 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Roderick Jones of Concentric talks about security risks facing content creators, influencers, gamers and streamers on Twitch, YouTube and elsewhere. Online harassment is often seen as “part of the package” if you’re going to work in a public-facing streamer community, but Jones knows that this isn’t inevitable, and it is fixable. A future without a shrug-shoulders approach to online abuse?
0:00 - Intro 3:37 - How did you get into cybersecurity? 5:30 - Were you scouted for your role? 6:44 - How did the landscape change? 8:40 - Security intelligence to private sector 11:50 - Daily work at Concentric 13:25 - Staying up on trends 15:09 - Gaming, streaming and security issues 21:31 - Desentization and online personalities 25:42 - The future of online access 27:37 - How to protect streamers 31:40 - Censoring on streaming platforms with AI 35:06 - Safeguards streams should have in place 40:06 - Cybersecurity jobs related to streaming security 41:58 - Being courteous online 42:43 - More about Concentric 43:58 - Learn more about Jones 44:35 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Bentsi Ben-Atar of Sepio Systems talks about some truly scary high-tech hacking weapons and techniques, from Raspberry Pis in your mouse or keyboard to charging cables that can exfiltrate data from a mile away. What do we do? How do we prepare?
0:00 - Intro 3:18 - Getting into cybersecurity 4:30 - Career highlights 5:50 - Co-founding two companies 7:22 - Typical work day at CTO and CMO 11:29 - New stealthy hacking tools 13:08 - Hacking a smart copy machine 17:46 - Stealing data with a Raspberry Pi 26:01 - The ninja cable 32:11 - Security awareness while traveling 35:20 - How to work battling high-tech cybercrime 36:35 - Exploring cybersecurity 37:47 - More about Bentsi’s companies 39:31 - Find more about Bentsi 39:57 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, Menachem Shafran of XM Cyber talks about cloud security. Menachem tells us about the work of project manager and product manager, how the haste to migrate to the cloud can unnecessarily leave vulnerabilities wide open and why a cloud security expert also needs to be a good storyteller.
0:00 - Intro 2:40 - Getting into cybersecurity 5:47 - Project manager in cybersecurity 9:12 - Identifying pain points 10:24 - Working as a VP of product 14:09 - Data breaches 16:30 - Critical versus non-critical data breaches 18:19 - Attacker’s market 19:38 - How do we secure the cloud? 22:45 - A safer cycle of teams 24:40 - How to implement cybersecurity changes 28:50 - How to work in cloud security 30:48 - A good cloud security resume 33:02 - Work from home and cloud security 34:30 - XM Cyber’s services 37:21 - Learn more about Menachem 38:00 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On this week’s Cyber Work Podcast, BugCrowd and disclose.io! founder Casey Ellis discusses how to think like a cybercriminal, the crucial need for transparent vulnerability disclosure, the origins of BugCrowd and why mentorship is a gift that goes in both directions.
0:00 - Intro 3:15 - Getting into cybersecurity 4:30 - Criminal mindset in cybersecurity 5:49 - Ellis’s career to date 9:10 - Healthcare cybersecurity 11:47 - Mentoring others 13:52 - Mentorship as a two-way street 16:12 - Bugcrowd and bug bounty 19:18 - Vulnerability disclosure project 21:30 - Bug bounty popularity 24:52 - U.S. sanctions on hacking groups 26:52 - Hiring hackers 31:52 - Pursue specialization 33:51 - Cyber threats flying under the radar 39:17 - Working from home safely 40:48 - How to get into bug bounties 42:18 - How to report vulnerabilities 44:04 - Advice to begin ethical hacking 45:23 - Learn more about Ellis 45:56 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, Kyle McNulty of Secure Ventures talks about interviewing the people behind the most up-and-coming cybersecurity startups. We discuss the best advice he’s received on the show, how to get your own podcast off the ground and his own security startup, ConsultPlace.
0:00 - Intro 2:40 - Getting into cybersecurity 6:00 - McNulty’s education and career 9:50 - Getting into consulting and startups 14:08 - Secure Ventures podcast 17:45 - Best insight from a podcast guest 20:13 - Startup stories 22:10 - Startups during COVID 23:42 - Advice for startups 25:22 - How to begin a podcast 33:25 - Tips for cybersecurity newcomers 35:04 - Upcoming podcasts 36:15 - ConsultPlace work 38:00 - Find more about McNulty 38:42 - Outro
On today’s podcast, Adam Flatley of Redacted talks about 14 years spent with the NSA and working in global intelligence. He also delineates the process of disrupting ransomware and cybercrime groups by dismantling organizations, putting on pressure and making the crime of ransomware more trouble than it’s worth!
0:00 - Intro 3:13 - Getting into cybersecurity 4:27 - Why work for the DoD? 6:37 - Average work day in threat intelligence 9:28 - Main security threats today 11:53 - Issues cybersecurity is ignoring 16:12 - Disrupting ransomware offensively 23:00 - How to handle ransomware 25:07 - How do I fight cybercriminals 27:15 - How to convey self learning on a resume 28:24 - Security recommendations for your company 31:40 - Logistics of changing security 34:40 - Cybercrime in five years 36:57 - Learn about Redacted 39:18 - Learn more about Adam 40:00 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, John Bambenek of Netenrich and Bambenek Consulting talks about threat research, intelligence analytics, why the same security problems are so evergreen and the importance of pitching in a little extra bit of your time and talents to make the world a bit better than you found it.
0:00 - Intro 2:45 - Getting into cybersecurity 9:40 - Threat researcher versus security researcher and threat analyst 12:05 - How to get into a research or analyst role 16:32 - Unusual types of malware 19:03 - An ideal work day 23:06 - Current main threat actors 28:50 - What cybersecurity isn’t addressing 31:38 - Where can I volunteer? 36:02 - Skills needed for threat researchers 40:53 - Adjacent careers to threat research 45:11 - Threat research in five years 48:55 - Bambenek Consulting 49:35 - Learn more about Bambenek 50:26 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, Cicero Chimbanda, Infosec Skills author and lecturer, discusses his cybersecurity leadership and management courses. We discuss the many paths of a cybersecurity leadership role, the soft skills that separate a good information security manager from a great one and why a baseline of cybersecurity knowledge can enhance any job, even if you don’t plan to pivot into the industry.
0:00 - Intro 3:37 - Getting into cybersecurity 6:43 - First learning cybersecurity 7:54 - Skills needed to move up 10:41 - CISM certification 13:00 - Two tracks of technology 15:13 - Are certifications important? 18:50 - Work as a college lecturer 22:43 - Important cybersecurity soft skills 27:40 - Cybersecurity leadership and management 32:33 - Where to go after security leadership 35:26 - Soft skills for cybersecurity managers 37:23 - Benefits to skills-based education 39:40 - Tips for lifelong learning 43:46 - Cybersecurity education’s future 45:21 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, Secureworks president and CEO Wendy Thomas talks about the company’s drive to provide innovative, best-in-class security solutions that sit at the heart of customers’ security operations. Thomas shares over 25 years of experience in strategic and functional leadership roles, including work as a chief financial officer, chief product officer and VP of strategy. Thomas has worked across multiple technology-driven companies and has a wealth of knowledge.
0:00 - Intro 3:18 - Wendy’s origin in cybersecurity 5:13 - Climbing the career ladder 8:10 - Average day as CEO 10:38 - Collaboration in cybersecurity 13:07 - Roadblocks in collaboration 15:03 - Strategies to encourage collaboration 17:53 - Is there collaboration now? 19:30 - Solving technology security gaps 21:35 - Limiting incident response noise 23:10 - Addressing the skills shortage 25:07 - Women in cybersecurity 30:45 - Developing your team 32:53 - Advice for those entering cybersecurity 34:18 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, Infosec Skills author Ted Harrington talks about authoring a recent Infosec Skills learning path, “How To Do Application Security Right,” which is also the subtitle of his recent book, “Hackable: How To Do Application Security Right.” Harrington shares his application security expertise, or AppSec, the benefits of skills-based learning, and what it was like to hack the iPhone.
0:00 - Intro 3:00 - Hacking the iPhone 8:30 - IOT security 14:00 - “Hackable” book 17:14 - Using the book as a roadmap 18:42 - Most important skills right now 21:45 - Taking Harrington’s class 24:40 - Demystifying application security 26:48 - Career opportunities 28:26 - Roadblocks in application security 30:55 - Education tips for application security 33:40 - Benefits of skills-based education 37:21 - The skills gap and hiring process 41:19 - Tips for lifelong learners 43:43 - Harrington’s next projects 44:33 - Cybersecurity’s education’s future 45:38 - Connect with Harrington 46:50 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast Infosec Skills author Chrys Thorsen talks about founding IT Without Borders, a humanitarian organization built to empower underserved communities through capacity building information and communications technology (ICT) skills and information access. She’s also a consultant and educator. And, for our purpose, she is the author of several learning paths on our Infosec Skills platform. She has written course paths for Writing Secure Code in Android and Writing Secure Code in iOS, as well as a forthcoming CertNexus Cyber Secure Coder path.
0:00 - Intro 2:43 - Thorsen’s origin story in cybersecurity 4:53 - Gaining about 40 certifications 6:20 - Cross certification knowledge 7:25 - Great certification combos 8:45 - How useful are certifications? 11:12 - Collecting certifications 13:01 - Changing training landscape 14:20 - How teaching changed 16:36 - In-demand cybersecurity skills 17:48 - What is secure coding? 19:34 - Secure coders versus coders 20:31 - Secure coding in iOS versus Android 22:39 - CertNexus secure coder certification 24:13 - Secure coding before coding 24:42 - Secure coding curriculum 26:27 - Recommended studies post secure coding 26:50 - Benefits to skills-based education 27:43 - Tips for lifelong learning 29:29 - Cybersecurity education’s future 30:54 - IT Without Borders 33:38 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
On today’s podcast, Jasmine Jackson takes us through how you can get noticed on your resume, how Linux basics can set you up for learning other aspects of cybersecurity, and how capture the flag activities are crucial to enriching your work skills. Jackson has over 10 years of information security experience and shares her passion for cybersecurity by presenting and teaching workshops, including new courses now available in Infosec Skills. She is currently the Jeopardy-style capture the flag (CTF) coach for the inaugural U.S. Cyber Games and works as a senior application security engineer for a Fortune 500 company.
0:00 - Intro 3:08 - Jasmine Jackson’s origin story 4:25 - Winning a computer 6:22 - Jackson’s career path 13:46 - Thoughts on certifications 19:10 - Ideal job description 21:01 - Most important cybersecurity skills 22:54 - Linux fundamentals class 25:07 - What does knowing Linux do for you? 26:35 - How to build upon a Linux foundation 28:51 - Benefits to skills training 29:50 - Tips for lifelong learning 31:30 - Coaching in the U.S. Cyber Games 34:26 - How are team members chosen for the games? 37:47 - An intriguing CTF puzzle 41:43 - Where is cybersecurity education heading? 43:36 - Learn more about Jackson 46:33 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Today's guest is Alex Amiryan, a software developer with over 18 years of experience specializing in cybersecurity and cryptography. Alex is the creator of the popular SafeCamera app, which was the predecessor of Stingle Photos, an end-to-end encrypted, open-source gallery and sync app able to prevent theft by breach. How does it work, and how did Alex come by his obsession for cryptography? Tune in and find out!
0:00 - Intro 1:41 - Origin story in cybersecurity 3:38 - Running afoul of the law 4:44 - Beginning your own company 7:10 - Advice on starting a business 9:15 - What is Stingle Photos? 12:30 - End-to-end encryption 15:20 - Black box storage 17:47 - Encryption safety 19:01 - Preventing photo theft 22:20 - Working in encryption and cryptography 24:24 - Skills needed for encryption and cryptography 26:43 - An "aha" moment 28:00 - Cryptographer job market 29:45 - Next steps in cryptography 35:52 - Learn more about Stingle Photos 36:28 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
This week we chat with Connor Greig of CreatorSphere (creatorsphere.co) about beginning a career in IT at age 17 when he joined Hewlett Packard as an applications engineer, but after just a few weeks was promoted to project manager. He went on to work on secure projects for the British government and was a project manager for secure cloud computing and software development modernization during the WannaCry, Spectre and Meltdown vulnerabilities that were found.
0:00 - Intro 3:00 - Origin story 4:58 - Getting into IT 8:53 - Being scouted by HP at 17 11:34 - What did HP see in you? 15:42 - Working with the British government 17:49 - Being fast on your feet 19:51 - Area of specialty 21:30 - Balancing work and management 25:25 - Saving McDonald's from a data breach 31:58 - McDonald's reaction 38:56 - Starting your own company 45:25 - Advice for starting your own company 49:15 - How to learn new concepts and skills 53:15 - What's it like being a gay man in cybersecurity? 55:30 - Making cybersecurity more welcoming 58:15 - Cybersecurity career advice 1:00:33 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Security Yearbook creator Richard Stiennon joins today’s podcast to share his career journey. He talks about creating the first ISP in the Midwest in the ‘90s, the role of the Security Yearbook in telling the history of cybersecurity and the best place to start your cybersecurity career. Hint: It’s not necessarily with the big firms!
0:00 - Infosec Skills Monthly Challenge 0:50 - Intro 2:50 - How Richard got started in cybersecurity 7:22 - Penetration testing in the ‘90s 10:17 - Working as a research analyst 14:39 - How the cyberwar landscape is changing 19:33 - Skills needed as a cybersecurity researcher 20:30 - Launching the Security Yearbook 27:20 - Security Yearbook 2021 29:00 - Importance of cybersecurity history 30:48 - How do cybersecurity investors see the industry 34:08 - Impact of COVID-19 and work from home 35:50 - Using the Security Yearbook to guide your career 40:38 - How cybersecurity careers are changing 43:29 - Current pentesting trends 47:06 - First steps to becoming a research analyst 48:20 - Plans for Security Yearbook 2022 50:20 - Learn more about Richard Stiennon 51:09 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Cybersecurity hiring managers, and the entire cybersecurity industry, can benefit from recruiting across a wide range of backgrounds and cultures, yet many organizations still struggle with meaningfully implementing effective diversity, equity and inclusion (DEI) hiring processes.
Join a panel of past Cyber Work Podcast guests as they discuss these challenges, as well as the benefits of hiring diversely: – Gene Yoo, CEO of Resecurity, and the expert brought in by Sony to triage the 2014 hack – Mari Galloway, co-founder of Women’s Society of Cyberjutsu – Victor “Vic” Malloy, General Manager, CyberTexas
This episode was recorded live on August 19, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/
The topics covered include: 0:00 - Intro 1:20 - Meet the panel 3:28 - Diversity statistics in cybersecurity 4:30 - Gene on HR's diversity mindset 5:50 - Vic's experience being the "first" 10:00 - Mari's experience as a woman in cybersecurity 12:22 - Stereotypes for women in cybersecurity 15:40 - Misrepresenting the work of cybersecurity 17:30 - HR gatekeeping and bias 25:56- Protecting neurodivergent employees 31:15 - Hiring bias against ethnic names 37:57 - We didn't get any diverse applicants! 43:20 - Lack of developing new talent 46:48 - The skills gap is "nonsense" 49:41- Cracking the C-suite ceiling 53:56 - Visions for the future of cybersecurity 58:15 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
PLEASE NOTE: Around minute 47, I incorrectly say that Eric Milam, author of the definitive report on the BAHAMUT threat group, is employed by HP. He is, in fact, employed by Blackberry. I sincerely apologize to Mr. Milam for the error.
In this special episode, we look back at how the show has evolved over the past three years and celebrate our amazing guests and viewers. You've helped grow the Cyber Work Podcast to nearly a million plays!
To give back, we're launching a brand new way for EVERYONE to build their cybersecurity skills. It's free. It's hands-on. Oh, and did we mention there's more than $1,000 in prizes EVERY MONTH.
Huge thank you to all the past guests who shared their expertise over the past 200 episodes. The timings of everyone in this episode are listed below. Happy listening!
0:00 - Intro 0:42 - Monthly challenges and $1,000 in prizes! 1:30 - Cyber Work Podcast origins 2:32 - First episode with Leighton Johnson 3:16 - Finding our first guests 3:46 - Keatron Evans on incident response 6:54 - Susan Morrow on two-factor authentication 8:54 - Susan Morrow on GDPR 11:03 - Susan Morrow on "booth babes" and speaking up 13:20 - Alissa Knight on getting arrested for hacking at 17 16:39 - Alissa Knight on API security 19:14 - Ron Gula on cybersecurity challenges 23:23 - Amber Schroader on the real work of digital forensics 26:19 - Theme of the Cyber Work Podcast 27:01 - Jeff Williams on creating the OWASP Top Ten 31:23 - David Balcar on the biggest APTs 33:46 - Elie Bursztein on breaking into cybersecurity 37:37 - Sam King on AppSec frameworks and analysis 41:17 - Gary DeMercurio on getting arrested for red teaming 47:19 - Eric Milam on the BAHAMUT threat group 53:39 - Feedback from Cyber Work Podcast listeners 55:16 - Alyssa Miller on finding your career path 57:24 - Amber Schroader on computer forensics tasks 59:07 - Richard Ford on malware analyst careers 1:02:02 - Career action you can take today 1:02:19 - Rita Gurevich on reading and learning 1:03:20 - Snehal Antani on transitioning careers 1:04:26 - Promoting underrepresented voices 1:05:09 - Mari Galloway on women in cybersecurity 1:05:31 - Alyssa Miller on diversity "dog whistles" 1:10:11 - Christine Izuakor on creating role models 1:10:52 - We want to hear your story 1:11:40 - Monthly challenges and outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Gemma Moore of Cyberis Limited talks about her incredible pentesting career and shares her advice for aspiring pentesters. She also discusses security as it regards the human cost of social engineering, which is the title of a recent article Gemma wrote.
– Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast 0:00 - Intro 5:26 - Becoming a world-class pentester 13:55 - 2004 pentesting versus now 17:25 - Early years of pentesting 19:30 - Natural skills to be a pentester 23:12 - Advice for aspiring pentesters 25:50 - Working in pentesting 27:50 - Red teaming 31:08 - How to be a great pentester 33:04 - Learn about CREST 36:13 - What should be on my resume? 37:45 - Cyberis Limited 40:25 - Diversity and inclusion 43:42 - The human cost of social engineering 50:06 - Training staff positively 52:54 - Current projects 54:20 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Ning Wang of Offensive Security talks to us about her role as CEO of Offensive Security. In her role she is responsible for the company culture, vision, strategy and execution. We talk about Wang’s cybersecurity journey, her direction at OffSec and the ways that white hat hackers can be recruited into the industry, possibly riding the interest of big news-story hacking events like the Colonial Pipeline hack to do so.
0:00 - Intro 2:21 - Origin story 5:31 - Changing careers 7:46 - Skills learned throughout Wang’s career 11:46 - Taking a chance on a new career 12:50 - What is Offensive Security? 16:19 - Try harder mindset 19:42 - Offensive Security certification 23:02 - Recruiting ethical hackers 28:12 - Civic responsibility 33:10 - Ethical hacking job specialties 36:49 - Tips for ethical hacking learners 40:09 - Women in cybersecurity 43:56 - Offensive Security’s future 46:35 - Feedback from students 48:11 - Learn more about Wang OS 48:48 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Adam Levin of CyberScout talks to us about scams, identity theft and more across the cybersecurity industry from the 1970s until today. He also tells us about his podcast, What the Hack with Adam Levin, which is focused on hacking, fraud and theft.
0:00 - Intro 3:01 - Origin story 7:07 - Bank safety in the old days 8:02 - Fraud and scams over the years 9:27 - Tactics today 13:15 - Scam experiences 14:33 - Scam embarrassment and stigma 18:17 - What the Hack podcast 20:22 - A taste of What the Hack 21:28 - How do you pursue stories for the podcast? 25:38 - How do you structure episodes? 26:44 - Humor in cybersecurity environment 28:43 - Work from home balance 30:25 - What is hot in fraud right now 36:50 - Credit reports 38:28 - Consumer protection and fraud careers 42:53 - Cyber savvy countries 44:31 - Predictions on fraud evolution 48:26 - Benefit to nationwide education? 50:42 - Optimism for security education 52:26 - Find out more about What the Hack 52:58 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Neal Dennis of Cyware talks to us about building a collective defense via increased threat intelligence sharing in the global security community. Dennis has worked with customer success and clients, helping them map out new intelligence workflows, and has also built out several intelligence analysis programs for Fortune 500 companies. Neal started his career as a SIGINT specialist while serving in the United States Marine Corps and later supported cyber initiatives for USCYBERCOM, STRATCOM, NSA, 24th Air Force, USAF Office of Special Investigations and JFCC-NW.
0:00 - Intro 2:10 - Origin story 3:57 - Military and linguistics influence 6:10 - Work in counterintelligence 8:51 - Digital forensics work 11:02 - Changes in open-source intelligence work 13:00 - Building a global defensive network 15:46 - Why aren’t we sharing info? 18:41 - How to implement global changes? 23:42 - Areas of friction for sharing 29:15 - Threat intel and open-source intel as a job 32:55 - Do research analysis 35:03 - Hiring outlook 37:15 - Tell us about Cyware 39:38 - Learn more about Dennis and Cyware 40:06 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Snehal Antani joins us from Horizon3.ai to talk about pentesting, red teaming and why not every vulnerability necessarily needs to be patched. He also shares some great advice for people entering the field.
0:00 - Intro 2:12 - Origin story 4:12 - Using your hacking powers for good 7:14 - Working up the IBM ranks 12:18 - Cloud problems 14:25 - Post-IBM days 16:50 - Work with the DOD 20:33 - Why did you begin Horizon3.ai? 24:38 - Vulnerabilities: not always exploitable 29:46 - Strategies to deal with vulnerabilities 33:36 - Sensible use of a security team 35:29 - Advice for red and blue team collaboration 39:14 - Pentesting and red teaming career tips 41:12 - Demystifying red and blue team 45:40 - How do you become intensely into your work 47:24 - First steps to get on your career path 49:49 - How to learn more about Horizon3.ai 50:42 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com. Neal Dennis
Frank Smith joins us from Ntiva to talk about the new Cybersecurity Maturity Model Certification (CMMC), organizations achieving Level 1 and Level 3 maturity levels, and why CMMC is so important for government contractors. Plus he discusses security for federal entities and how to get started in a career in cyber compliance by becoming a Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA).
0:00 - Intro 2:11 - Origin story 4:17 - Key projects to climb the work ladder 6:45 - An average work day 9:30 - Cybersecurity Maturity Model Certification 16:38 - CMMC over five years 17:30 - Which level of certification will you need? 19:00 - Level 3 versus level 1 certification 22:20 - Finding your feet by 2022 23:55 - Jobs to take in first steps toward compliance officer 27:27 - Benefits of CMMC for other roles 28:44 - Experiences to make you desirable as a worker 31:55 - Imperative to locking down infrastructure 37:58 - Ntiva 39:47 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Learn what it’s like to do good by being bad. The idea of breaking into a company, by hook or by crook, attracts all sorts of would-be secret agents. But what is red teaming really like as a job? What are the parameters, what are the day-to-day realities and, most importantly, what is hands-off in a line of work that bills itself as being beyond rules?
Join a panel of past Cyber Work Podcast guests: – Amyn Gilani, Chief Growth Officer, Countercraft – Curtis Brazzell, Managing Security Consultant, GuidePoint Security
Our panel of experts have worked with red teaming from a variety of positions and will answer your questions about getting started, building your skills and avoiding common mistakes.
0:00 - Intro 2:34 - Favorite red team experiences 7:57 - How to begin a cybersecurity career 14:42 - Ethical hacking vs pentesting 18:29 - How to become an ethical hacker 23:32 - Qualities needed for red teaming role 29:20 - Gain hands-on red teaming experience 33:02 - Supplier red team assessments 37:00 - Pentesting variety 46:22 - Becoming a better pentester 52:12 - Red team interview tips 56:00 - Job hunt tips 1:01:18 - Sponsoring an application 1:02:18 - Outro
This episode was recorded live on June 23, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Becky Robertson joins us from Booz Allen to discuss creating remote work situations that address modern requirements but don’t sacrifice security. We discuss the ways in which COVID-19 helped the federal sector reconsider every aspect of the workflow process and what that means for future remote roles.
0:00 - Intro 2:21 - Cybersecurity origin story 4:58 - Changes from the early days of cybersecurity 6:24 - Staying in the same organization for 25 years 8:56 - Day-to-day work as a VP 10:56 - Security and working from home 13:18 - Technical hurdles to work remotely 15:15 - Changing the nature of work post pandemic 16:58 - Employees working remotely 19:04 - Security concerns when working remotely 22:55 - How to pursue a federal cybersecurity career 25:18 - Federal cybersecurity positions in demand 27:42 - Skills needed to work in federal government 29:33 - Federal skills gaps 32:05 - Career advice 32:57 - Finding mentors
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.