Reading view

There are new articles available, click to refresh the page.

K-12 cybersecurity: Protecting schools from cyber threats | Guest Mike Wilkinson

Michael Wilkinson leads the digital forensics and incident response team at Avertium. The team is dedicated to helping clients investigate and recover from IT security incidents daily. Wilkinson talks about threat research, the threat of Vice Society, how K-12 cybersecurity can improve and much more.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Digital forensics and incident response 
3:12 - Getting interested in computers
6:00 - How had digital forensics changed over the years
9:03 - Handling overwhelming amounts of data
12:53 - The threat of Vice Society 
17:20 - Why is Vice Society targeting K-12?
19:55 - How to minimize damage from data leaks
24:25 - How schools can improve cybersecurity
25:54 - What schools should do if cyberattacked 
31:36 - How to work in threat research and intelligence
34:42 - Learn more about Avertium
36:40 - Learn more about Mike Wilkinson
37:08 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Behind the scenes of ransomware negotiation | Guest Tony Cook

Tony Cook of GuidePoint Security knows a lot about threat intelligence and incident response. But he’s also used these skills while working in ransomware negotiation! Cook has handled negotiations for all the big threat groups — REvil, Lockbit, Darkside, Conti and more — and he told me about what a ransomware negotiator can realistically accomplish, which threat groups are on the rise, and why negotiating with amateurs is sometimes worse and harder than dealing with elite cybercriminals. 

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Ransomware negotiating 
2:42 - How Tony Cook got into cybersecurity
4:00 - Cook's work at GuidePoint 
9:31 - Life as a ransomware negotiator 
11:41 - Ransomware negotiation in 2022
13:52 - Stages of a successful ransomware negotiation 
15:23 - How does ransomware negotiation work?
19:11 - The difference between threat-acting groups
20:43 - Bad ransomware negotiating
22:43 - Ransomware negotiator support staff
25:21 - Ransomware research
26:26 - Is cyber insurance worth it? 
29:14 - How do I become a ransomware negotiator? 
32:25 - Soft skills for a ransomware negotiator
33:46 - Threat research and intelligence work
37:45 - Learn more about Cook and GuidePoint
38:17 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

CMMC has changed: Here's what you need to know | Guest Leighton Johnson

Infosec instructor and 40-year cybersecurity veteran Leighton Johnson talks to us about all things CMMC. After last year’s attempted rollout, CMMC pulled back and retooled its entire framework. But why? Johnson gives you all the details, including how to train to be a CMMC-certified auditor.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - CMMC in 2022
3:12 - Getting started in cybersecurity
4:15 - How to be CMMC compliant
5:15 - The evolution of CMMC
7:18 - CMMC compliance timeline
10:28 - Being assessed for CMMC compliance
14:30 - Becoming a CMMC auditor 
18:08 - What if you don't meet CMMC compliance?
21:40 - Skills comparable with the CMMC auditor 
23:25 - Evaluating your company and CMMC needs
28:54 - CMMC auditor job opportunities
31:03 - How to become a federal CMMC auditor
35:04 - What is ISFMT?
37:47 - Learn more about ISFMT and Johnson
38:18 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Cybersecurity public speaking techniques | Guest Lisa Tetrault

Lisa Tetrault of Arctic Wolf talks about the adhesives that hold cybersecurity together: communication, collaboration and strong teamwork. First, Tetrault discusses how public speaking at conferences and events made her a better cybersecurity professional; second, she talks about how her work mentoring cybersecurity students helps them fast-track their way into the cybersecurity community; and third, with her work in organizations with Women in Cyber and siberX, she helps bring diverse cybersecurity professionals into the community, build stronger, more multi-faceted teams, and with them, a more multi-faceted face of the industry!

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Public speaking in cybersecurity 
3:17 - Getting into cybersecurity via Atari
4:59 - Network analyst to technician and more
9:10 - Cybersecurity public speaking
19:30 - How to promote yourself as a speaker
22:27 - Learn how to speak in cybersecurity
25:25 - Mentoring cybersecurity students
32:30 - Gender diversity in cybersecurity 
36:14 - Where cybersecurity fails job mobility
38:29 - Cybersecurity diversity initiatives in 10 years
39:17 - Learn more about Lisa Tetrault 
40:04 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Digital identity and cybersecurity are inseparable | Guest Susan Morrow

Susan Morrow returns for her fourth time on the Cyber Work Podcast and the first since 2019. Morrow, simply put, is plugged into every aspect of digital identity currently being discussed, and she takes us deep into the security, ethical, practical and UX hurdles of current identity practices and gives us both an optimistic and pessimistic version of the digital identity practices in 10 years.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Digital identity 
3:00 - Current digital identity concerns
7:07 - Complicating digital identity
8:22 - Digital identity and daily work
13:00 - Secure coding
14:03 - Biggest problems in identity
20:54 - Competing identity systems
24:50 - How identity affects other areas
28:52 - The tech and processes of identity
30:04 - Identity in the next decade
34:24 - Jobs in identity
40:00 - Identity evangelist 
42:20 - Women in identity 
45:-02 - What is Avoco Secure?
47:28 - Learn more about Susan Morrow
48:40 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Bad data privacy protocols can become an identity fraud disaster | Guest Stephen Cavey

Stephen Cavey, co-founder and chief evangelist of Ground Labs, talks about the jagged jigsaw puzzle of data collection, data privacy and the dozens — if not hundreds — of privacy regulations and frameworks that govern them. Cavey and I talk about the bad old days of indiscriminate data collecting and grossly insecure payment process. We also address the places where the privacy experts of the future will shape the use and protection of personal data in all industries.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free 
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Bad data privacy protocols
2:36 - How Stephen Cavey got into cybersecurity
4:55 - Shifting into cybersecurity privacy
8:30 - Business hurdles in cybersecurity 
13:10 - Why do companies store my data? 
20:20 - Breaking cybersecurity privacy law
25:45 - International privacy laws
28:07 - A universal privacy doctrine 
31:30 - Principles for collecting user data
34:22 - Skills for working in data privacy
37:44 - Data privacy officer work
39:25 - The future of data collection and privacy
42:08 - What is Ground Labs? 
43:30 - Learn more about Cavey and Ground Labs
43:43 - Outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Privacy and international business | Guest Noriswadi Ismail

Noriswadi Ismail of Breakwater Solutions and the Humanising 2030 campaign joins us to talk about privacy as it pertains to international business, cybersecurity and why it’s important not just to learn the certification variants but also the cultural variants that shape them. And via the Humanising 2030 campaign, Noriswadi and colleagues hope to bring a more ethical and diverse approach to programming and guiding AI in the coming decade.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Privacy and international business
2:53 - Noriswadi's first interest in tech
6:38 - A path toward patent law
11:32 - Managing director at Breakwater
16:05 - State of international security and risk plans
18:52 - Certifications internationally
22:58 - Experience versus certification
25:40 - Humanising 2030
29:24 - AI bias and geopolitical impact
32:30 - Diversity and including in cybersecurity
38:23 - Other goals of Humanising 2030
41:22 - What is Breakwater Solutions? 
44:44 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Attack surface managers and the state of attack surfaces | Guest Dave Monnier

Dave Monnier of Team Cymru talks about the state of attack surfaces, the strengths and shortcomings of attack surface managers and why something we refer to as a “soft” skill might be the hardest skill of all! Plus, we touch on shadow IT.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Attack surfaces 
2:55 - Dave Monnier's first interest in cybersecurity
7:30 - Instinctual cybersecurity learning
9:20 - Monnier's work as a chief evangelist 
14:00 - Cybersecurity soft skills
16:30 - What are attack surface managers? 
28:25 - ASM 1.0 to ASM 2.0
32:22 - State of attack surfaces
34:58 - Asset infrastructure in your business
40:00 - Key skills cybersecurity novices need
43:07 - Learning in cybersecurity 
45:42 - Learn more about Team Cymru
47:19 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

The importance of API security and PII | Guest Giora Engel

Today on Cyber Work, Giora Engel of NeoSec talks about securing APIs. Find out why APIs are the new network, why their very nature makes them vulnerable to abuse and how to position yourself as an authority in the ever-growing field of API security. All that and a little entrepreneur talk.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - API security and PII
2:40 - Giora Engel’s cybersecurity beginning
4:20 - Israeli Defense Force and CEO of NeoSec
5:22 - Starting a cybersecurity company
9:20 - What is API security?
13:15 - Misconfiguration errors in API
17:21 - API and privacy regulation
20:02 - How to work in API security
22:06 - Security plan for PII
24:44 - Skills and experience needed to work in API security
27:10 - API hiring practices
28:58 - Fragility of API
31:07 - What is NeoSec?
32:35 - Learn more about NeoSec and Engel
32:55 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Corporate data breaches and security awareness training | Guest Mathieu Gorge

Mathieu Gorge of VigiTrust talks about the Marriott Hotel data breach that happened back in June, including the facts of the event and why once-per-year security awareness training isn’t enough when many employees only work seven months of the year. He also offers some privacy tips that will keep your hotel system privacy compliant under a whole host of different compliance frameworks. 

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Security awareness and data breaches
2:50 - Elephant in the boardroom book
5:42 - Gorge's latest projects and book
9:38 - Hacking of the Marriott Hotel
19:22 - Marriott's privacy and data collection policies
23:20 - Ensuring data privacy worldwide 
30:13 - How hotel franchises handle security
34:32 - Skills needed for securing the hotel industry
38:12 - What is DigiTrust?
41:20 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Overcoming challenges to build a cybersecurity career | Guest Dr. Chanel Suggs

Today's Cyber Work Podcast features Dr. Chanel Suggs, the Duchess of Cybersecurity®. Dr. Suggs is a teacher, business owner and thought leader and has appeared on TV and podcast platforms around the world to talk about cybersecurity and the hacker mentality. She also had an incredibly challenging and seemingly insurmountable upbringing. Her tumultuous story can be found in her book, “Against All Odds: Overcoming Racial, Sexual and Gender Harassment on the Digital Battlefield.” This episode contains a lot of heartbreak and some challenging stories, as well as incredible insights and some thoroughly important takeaways.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Free cybersecurity training resources
0:56 - Overview of today's episode
1:58 - Who is Chanel Suggs, the Duchess of Cybersecurity?
3:12 - Overcoming family obstacles
4:50 - What drew her to a career in cybersecurity
8:10 - First steps to learning IT and cybersecurity
10:45 - Earning cybersecurity certifications
12:20 - Making a cybersecurity training "dungeon"
14:40 - Workplace abuse and harassment
18:28 - Issues with hiring diverse candidates
22:23 - What is Wyvern Security?
27:25 - Changing the workplace culture
32:47 - Social media is key to finding diverse candidates
36:55 - Preventing burnout with employees
40:10 - Advice on earning advanced degrees
42:03 - Contract work vs. full-time employee
43:34 - Free resources and services
44:52 - What's Chanel Suggs book about?
47:48 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

What's it like to work in emergency response? | Guest Christopher Tarantino

Learn all about emergency response — and the myriad techniques and skills that term implies — in today's episode featuring Christopher Tarantino, CEO of Epicenter Innovation. Is there a physical security component? Yes! Is there a cybersecurity component? Big time! Is there an educational element? Absolutely! Find out how disaster planning, preparation, remediation and post-event rebuilding and improvement are all opportunities to strengthen your security posture.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Free cybersecurity training resources
0:56 - Overview of today's episode
1:47 - Who is Christopher Tarantino?
3:25 - What does an emergency response team do?
4:38 - Resilience in emergency response
7:45 - Importance of boring innovation
9:30 - Higher ed emergency response example
13:13 - Healthcare, higher ed and government resilience
16:00 - Years-long education around disasters
21:03 - Biggest cybersecurity blind spots
25:00 - Skills required for emergency response careers
30:00 - Importance of communication across community
35:50 - Transitioning careers from cybersecurity to emergency response
44:10 - Learn more about Epicenter Innovation
44:35 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Securing operational technology: ICS, IoT, AI and more | Guest Francis Cianfrocca

If you want to learn more about working with operational technology (OT) and internet-connected devices, then don't miss today's episode with Francis Cianfrocca, CEO of Insight Cyber Group. He discusses security problems around OT and IoT systems and shares some surprising stories of intruders in the electrical grid. He also talks about why it’s so hard to secure a set of machines that often pre-date computer technology and the small changes in your community that can make huge differences in the entire security industry.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Free cybersecurity training resources
0:56 - Overview of today's episode
1:48 - Who is Francis Cianfrocca and Insight Cyber? 
2:15 - Getting into tech and cybersecurity
4:13 - Francis' job roles and companies
5:22 - Early days of ICS systems security
10:15 - CEO duties at a cybersecurity startup 
12:19 - Why is infrastructure security so bad?
16:05 - Different approaches needed for ICS and IOT systems
20:23 - Catching intruders early on with industrial systems
22:45 - Using artificial intelligence in ICS security
24:50 - Bad actors are really good at reconnaissance
27:20 - ICS and IOT environments cannot have downtime
30:00 - Asset and behavioral inventory is difficult
31:42 - Real-world examples of rogue ICS software
36:30 - ICS vs. IOT security
42:57 - How to promote industrial security careers
46:07 - Impact of AI on cybersecurity careers
48:40 - Preparing for an ICS cybersecurity career
51:07 - What's Insight Cyber working on?
52:45 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Cybersecurity project management: A peek behind the curtain | Cyber Work Live

Last year, Cyber Work Live brought you into the world of cybersecurity project management — with tips for acquiring your skills, improving your resume and getting your foot in the door. But what does the day-to-day work of cybersecurity project managers look like?

Jackie Olshack and Ginny Morton return to answer that question. They’ll also share experiences they’ve gained while working on some of their biggest projects!

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro
0:50 - Who is Jackie Olshack? 
1:24 - Who is Ginny Morton? 
2:52 - Can non-technical PMs move into the tech space?
8:50 - Best way to manage projects with limited resources
13:30 - What certificates are needed for project management jobs?
18:52 - How do you kick off a cybersecurity project?
28:41 - How do you keep the project on schedule?
34:15 - Tips for networking in remote working situations
36:55 - Dealing with slowdowns and delays in projects
43:35 - Importance of a supportive environment in projects
47:40 - Dealing with delays from other teams in projects
50:35 - Tips for managing multiple projects at once
55:35 - How can teams support their project manager
56:35 - Transitioning into a cybersecurity career
59:00 - Outro and Infosec Skills giveaway

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

OWASP Top 10: What cybersecurity professionals need to know | Guest John Wagnon

On today's episode, our old pal John Wagnon, Infosec Skills author and keeper of the secrets of OWASP, joins me to talk about the big changes in the OWASP Top 10 that happened at the end of 2021, his own class teaching the Top 10, and some job tips, study hints and career pivots for people interested in these vulnerabilities. Find out why access managers are going to rule the world someday!

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Free cybersecurity training resources
0:56 - Overview of today's episode
1:43 - Who is John Wagnon? 
2:50 - Working in cybersecurity and teaching OWASP
4:18 - What is the OWASP Top 10?
7:51 - How did the OWASP Top 10 change in 2021?
15:48 - Why do these security issues never go away?
19:06 - Cybersecurity roles using the OWASP Top 10
23:43 - What's covered in John's OWASP Top 10 courses?
26:42 - How to get hands-on cybersecurity experience
30:24 - Vulnerability-related cybersecurity career paths
34:16 - What is John working on with Infosec and Fortinet?
35:37 - Using your career as a learning opportunity
37:16 - Learn more about John Wagnon and OWASP
38:30 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Your personal data is everywhere: What can you do about it? | Guest Mark Kapczynski

Today on the Cyber Work Podcast, Mark Kapczynski of OneRep reminds us of an awful truth most people either don’t know or don’t like to think about. Your personal information — your address, your phone number, your age — all of these things are on the public internet! Mark talks about OneRep’s mission to scrub personal information from these sites, suggests changes that could help prevent this problem, and shares ways you could base a career in this fight for data privacy and autonomy. All that and a detour into grade-school home computer shenanigans on today's episode.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Free cybersecurity training resources
0:56 - Overview of today's episode
1:50 - Who is Mark Kapczynski? 
2:44 - Data breaches are a way of life
3:36 - Getting started in IT and cybersecurity
5:41 - Helping the film industry go digital
7:31 - Transitioning industries from paper to digital
9:53 - What types of personal data are on the internet?
12:40 - How people search sites sell PII and make money
14:50 - How to get personal information removed from sites
18:07 - What type of services does OneRep offer?
19:19 - How is public personal data used in cybercrime?
23:01 - How can consumers limit personal data exposure?
26:38 - Regulatory changes needed to protect personal data
29:00 - Who owns your personal data?
30:55 - Web 3.0, smart contracts and other tech needed
33:58 - Jobs and careers related to data privacy
36:38 - Every professional needs to understand data
39:50 - What makes a data professional's resume stand out?
41:50 - What is OneRep?
44:30 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Keeping your inbox safe: Real-life BEC attacks and email fraud careers | Guest John Wilson

Today's episode is all about email fraud. John Wilson, head of the cyber intelligence division at Agari by HelpSystems, discusses Business Email Compromise (BEC), spearphishing, whaling, romance fraud and more. If you can name it, John’s studied it. And he's likely collected intel that’s managed to freeze cybercriminals’ assets — and even put them away. He gives career tips and advice for engaging in threat research at all levels, we discuss the pyrrhic victory that is the modern spam filter, and John tells me why BEC fraud hunters’ best asset is a degree in psychology! All that and loads more, today on Cyber Work!

– Get your FREE cybersecurity training resources:  https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Free cybersecurity training resources
0:58 - Overview of today's episode
1:58 - Who is John Wilson? 
3:02 - Getting into cybersecurity
4:58 - How spam has evolved over the years
8:12 - Why pursue a career in fraud?
11:10 - 3 primary vectors for email attacks
15:20 - Is BEC ever an insider threat?
16:16 - Is education making a difference on BEC attacks?
20:55 - Tracking down BEC actors and recovering assets
23:50 - Two angles to preventing BEC attacks
29:12 - Careers related to BEC and phishing prevention
34:42 - How to gain cybersecurity experience and get hired
37:25 - Agari and email fraud protection
42:16 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Cybersecurity has a marketing problem — and we're going to fix it | Guest Alyssa Miller

On today's episode, we're breaking down phrases you've heard a million times: “security is everyone’s job,” “humans are the weakest link in the security chain,” “it’s not if you get breached, but when.” Returning guest Alyssa Miller drills into these comforting nostrums and explains why, even when they’re used for well-intended purposes, they often act to limit the conversation and the options, rather than address the hard work needed to overcome these evergreen problems. You’re not going to want to miss this one, folks! It’s all that, plus a little bit of book talk, today on Cyber Work!

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
– Get the Cybersecurity Career Guide by Alyssa Miller: https://alyssa.link/book

0:00 - Intro
1:38 - Alyssa's tweet that inspired this episode
4:00 - Why you need to read the Cybersecurity Career Guide
9:10 - Cybersecurity platitudes and clichés
11:30 - Cliché 1: "It's not if you get breached, but when"
18:44 - Cliché 2:"Just patch your shit"
24:58 - Cliché 3: "Users are the weakest link"
32:34 - Cliché 4: "Security is everyone's job"
35:52 - Cliché 5: What is a "quality gate"?
44:14 - Cliché 6: "You just need passion to get hired"
48:14 - How to write a better cybersecurity job description 
50:15 - Business value of diversity and inclusion
52:52 - Building a security champions program
55:12 - Where can you connect with Alyssa Miller?
56:44 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

What does a secure coder do? | Cybersecurity Career Series

Secure coders are responsible for developing and writing secure code in a way that protects against security vulnerabilities like bugs, defects and logic flaws. They take proactive steps to introduce secure coding methodologies before the application or software is introduced into a production environment, often following recommendations from the Open Web Application Security Project (OWASP) Foundation.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
– Learn more here: https://www.infosecinstitute.com/skills/train-for-your-role/secure-coder/

0:00 - Intro
0:25 - What does a secure coder do?
5:48 - How do you become a secure coder?
9:46 - What skills do secure coders need?
12:28 - What tools do secure coders use?
17:08 - What roles can secure coders transition into?
19:50 - What to do right now to become a secure coder

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Cybersecurity jobs: How to better apply, get hired and fill open roles | Guest Diana Kelley

Diana Kelley returns to the show to discuss her work as a board member of the Cyber Future Foundation and the goings-on at this year’s Cyber Talent Week. Whether you’re a cybersecurity hiring manager who doesn’t know why you’re not getting the applicants you want, a candidate who hears the profession has 0% unemployment but still can’t seem to get a callback or anyone in between, DO. NOT. MISS. THIS. EPISODE. This is one for the books, folks.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Cybersecurity hiring and job searching
4:30 - Diana Kelley of Cyber Future Foundation
9:00 - Cyber Future Foundation talent week
13:58 - Reexamining cybersecurity job descriptions 
21:52 - Cybersecurity hiring manager and applicant training
27:10 - Strategies to bring in diverse talent from other industries
33:06 - Narrowing your cybersecurity job pursuit
39:37 - Using different educations in cybersecurity roles
41:32 - Implementing an educational pipeline
44:40 - Hiring based on strong skills from other trades
48:22 - Cybersecurity apprenticeships 
53:22 - Fostering cybersecurity community value 
59:09 - Diana Kelley's future projects
1:00:30 - Outro

Ethical user data collection and machine learning | Guest Ché Wijesinghe

Today on Cyber Work Ché Wijesinghe of Cape Privacy talks about the safe and ethical collection of user data when creating machine learning or predictive models. When your bank is weighing whether to give you a loan, they can make a better choice the more info they know about you. But how secure is that contextual data? Hint: not as secure as Wijesinghe would like!

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Machine learning and data collection
2:37 - Getting started in cybersecurity
3:15 - Being drawn to big data
4:35 - What data is driving decision-making?
9:04 - How is data collection regulated?
15:02 - Closing the encryption gap
16:50 - Careers in data privacy
19:07 - Where can you move from data privacy?
21:20 - Ethics of data collection 
23:25 - Learn more about Wijesinghe 
23:55 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Working as a privacy manager | Cybersecurity Career Series

A Privacy Manager is responsible for the development, creation, maintenance and enforcement of the privacy policies and procedures of an organization. They ensure compliance with all privacy-related laws and regulations. The Privacy Manager takes an active lead role when a privacy incident or data breach occurs and will start the investigation. They will then monitor, track and resolve any privacy issues. The Privacy Manager builds a strategic and comprehensive privacy program for their organization that minimizes risk and ensures the confidentiality of protected information.

Advanced knowledge of privacy law and data protection is critical to success in this role.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
- Learn more about privacy managers: https://www.infosecinstitute.com/role-privacy-manager/

0:00 - Working as a privacy manager
0:40 - What does a privacy manager do? 
3:02 - Experience a privacy manager needs
5:15 - Is college necessary for a privacy manager?
8:05 - Skills needed to be a privacy manager
10:30 - What tools does a privacy manager use?
11:15 - Where do privacy managers work? 
12:15 - Roles privacy managers can move to
13:30 - How do I get started becoming a privacy manager?

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

What does a cybersecurity beginner do? | Cybersecurity Career Series

Just getting started?  This role is for you!

The Cybersecurity Beginner role focuses on the foundational skills and knowledge that will allow anyone to take the first step towards transitioning into a cybersecurity career.  No prior knowledge of cybersecurity or work experience is required. The only prerequisite is a passion for technology and cybersecurity.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
– Learn more about the role here: https://www.infosecinstitute.com/role-cybersecurity-beginner/

0:00 - Working as a cybersecurity beginner
0:41 - Tasks a cybersecurity beginner may take on
4:15 - Cybersecurity work imposter syndrome
5:49 - Common tools cybersecurity beginners use
9:08 - Jobs for cybersecurity beginners
13:50 - Get started in cybersecurity 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

What does an ICS security practitioner do? | Cybersecurity Career Series

Industrial control system (ICS) security practitioners are responsible for securing mission-critical SCADA and ICS information systems. They are responsible for restricting digital and physical access to ICS devices, such as PLCs and RTUs, to maximize system uptime and availability. Extensive knowledge of OT and IT protocols, incident response, Linux and Windows OS, configuration management, air-gapped or closed networks, insider threats and physical security controls are important competencies for any ICS security practitioner.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
– Learn more about ICS security practitioners: https://www.infosecinstitute.com/skills/train-for-your-role/ics-security/

O:00 - ICS security practitioners 
0:25 - What is an industrial control system practitioner?
2:22 - How to become an ICS practitioner 
4:00 - Education required for an ICS practitioner 
5:00 - Soft skills ICS practitioners need
6:05 - Common tools ICS practitioners use 
7:59 - Where do ICS practitioners work? 
10:05 - Can I move to another role after ICS practitioner? 
12:18 - Getting started as an ICS practitioner 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

A public discussion about privacy careers: Training, certification and experience | Cyber Work Live

Join Infosec Skills authors Chris Stevens, John Bandler and Ralph O’Brien as they discuss the intersection of privacy and cybersecurity. They’ll help you walk a path that will lead to an engaging career as a privacy specialist — a job role that grows with more opportunities year after year!

This episode was recorded live on April 12, 2022. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/.

0:00 - Intro and guests
3:45 - What is privacy as a career? 
8:15 - Day-to-day work of a cybersecurity privacy professional?
16:45 - Intersection of law and tech degrees
20:30 - What beginner privacy certifications should I pursue? 
25:45 - Best practices for studying for IAPP certifications
33:00 - How to gain experience in cybersecurity privacy work
40:27 - How to interview for a cybersecurity privacy job
45:00 - GDPR and ransomware 
51:52 - Implementation of privacy laws and security positions 
58:15 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

What does a security engineer do? | Cybersecurity Career Series

Security engineers are responsible for implementing, and continuously monitoring security controls that protect computer assets, networks and organizational data. They often design security architecture and develop technical solutions to mitigate and automate security-related tasks. Technical knowledge of network/web protocols, infrastructure, authentication, log management and multiple operating systems and databases is critical to success in this role.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
– Learn more: https://www.infosecinstitute.com/skills/learning-paths/security-engineering/

0:00 - What is a security engineer? 
3:39 - How do I become a security engineer? 
4:52 - Studying to become a security engineer
5:47 - Soft skills for security engineers
7:05 - Where do security engineers work? 
9:43 - Tools for security engineers
12:10 - Roles adjacent to security engineer 
13:15 - Become a security engineer right now

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

What does an information risk analyst do? | Cybersecurity Career Series

Information risk analysts conduct objective, fact-based risk assessments on existing and new systems and technologies, and communicate findings to all stakeholders within the information system. They also identify opportunities to improve the risk posture of the organization and continuously monitor risk tolerance.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
– Learn more: https://www.infosecinstitute.com/skills/train-for-your-role/information-risk-analyst/

0:00 - Information risk analyst career
0:30 - Day-to-day tasks of an information risk analyst
2:09 - How to become an information risk analyst
4:00 - Training for an information risk analyst role
5:42 - Skills an information risk analyst needs
9:24 - Tools information risk analysts use
10:51 - Jobs for information risk analysts 
13:08 - Other jobs information risk analysts can do
18:05 - First steps to becoming an information risk analyst

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

The importance of cyber threat research | Guest Moshe Zioni

Moshe Zioni of Apiiro talks about threat research and how to properly report discovered code vulnerabilities. We discuss the ways that vulnerabilities can find their way into code despite your best intentions, the difference between full disclosure and responsible disclosure, and being in the last generation to still grow up before the internet changed everything.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Cybersecurity threat research 
2:21 - Getting interested in computers
3:25 - Penetration testing and threat research 
6:15 - Code vulnerabilities 
10:58 - Research process for vulnerabilities 
17:05 - Proper reporting of threats
23:11 - Full disclosure vs proper disclosure
25:53 - Current security threats
30:20 - Day-to-day work of security researchers 
32:02 - Tips for working in pentesting 
35:32 - What is Apiiro?
39:11 - Learn more about Moshe Zioni 
39:42 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Security awareness and social engineering psychology | Guest Dr. Erik Huffman

TEDx speaker, security researcher, host of the podcast MiC Club and all-around expert on security awareness and social engineering, Dr. Erik Huffman, is today's guest. Huffman spoke at the 2021 Infosec Inspire virtual conference, and for those of you who were captivated by his presentation, prepare for another hour of Dr. Huffman’s insights on why we need to teach security awareness from insight, rather than fear or punishment, how positive name recognition in an email can short-circuit our common sense and how to keep your extrovert family members from answering those questions online about your first pet and the street you lived on as a child.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Clicking on phishing attacks
3:13 - First getting into cybersecurity
5:00 - Higher education and cybersecurity 
7:41 - Cybersecurity research projects
10:05 - Impacting a cybersecurity breach 
11:14 - Security awareness and social engineering
15:45 - Common social engineering tricks 
23:00 - Changing security habits
30:15 - Cybersecurity communication avenues
33:30 - Getting family members cyber safe
38:00 - Harvesting info via social media
42:13 - Working in security awareness and threat research
44:54 - Importance of white papers and documentation 
55:04 - Learn more about Erik Huffman
56:00 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

❌