Cover image of Cyber Security Interviews
(54)

Rank #64 in Tech News category

Business
Careers
News
Tech News

Cyber Security Interviews

Updated 2 months ago

Rank #64 in Tech News category

Business
Careers
News
Tech News
Read more

There is “no one way” to start and stay in the field of cyber security. Whether you are involved from the military, law enforcement, consulting, or IT services, it doesn’t matter. I have had countless discussions for years with other professionals online, at conferences, or over drinks, which have changed the way I think about cyber security. That is where this podcast comes in. What if I can capture those moments and frank discussions? I want to share the stories from other cyber security leaders and influencers so everyone can learn from their respective journeys and challenges. Why did they take the path they did? Who were their mentors? How did they tackle some of their biggest career challenges? By hearing how the industry leaders and influencers got to where they are and how they overcame some of the problems they faced, I hope to shed light on the path for other professionals. I will discover what motivates them, explore their journey in cyber security, and discuss where they think the industry is going.

Read more

There is “no one way” to start and stay in the field of cyber security. Whether you are involved from the military, law enforcement, consulting, or IT services, it doesn’t matter. I have had countless discussions for years with other professionals online, at conferences, or over drinks, which have changed the way I think about cyber security. That is where this podcast comes in. What if I can capture those moments and frank discussions? I want to share the stories from other cyber security leaders and influencers so everyone can learn from their respective journeys and challenges. Why did they take the path they did? Who were their mentors? How did they tackle some of their biggest career challenges? By hearing how the industry leaders and influencers got to where they are and how they overcame some of the problems they faced, I hope to shed light on the path for other professionals. I will discover what motivates them, explore their journey in cyber security, and discuss where they think the industry is going.

iTunes Ratings

54 Ratings
Average Ratings
51
0
1
0
2

Absolutely recommended

By Dogfolife69 - Apr 28 2018
Read more
Stunning interviews with Cybersecurity thought leaders!

Great content!

By DelePay - Aug 21 2017
Read more
Great content for anyone interested in cyber security

iTunes Ratings

54 Ratings
Average Ratings
51
0
1
0
2

Absolutely recommended

By Dogfolife69 - Apr 28 2018
Read more
Stunning interviews with Cybersecurity thought leaders!

Great content!

By DelePay - Aug 21 2017
Read more
Great content for anyone interested in cyber security
Cover image of Cyber Security Interviews

Cyber Security Interviews

Latest release on Aug 10, 2020

Read more

There is “no one way” to start and stay in the field of cyber security. Whether you are involved from the military, law enforcement, consulting, or IT services, it doesn’t matter. I have had countless discussions for years with other professionals online, at conferences, or over drinks, which have changed the way I think about cyber security. That is where this podcast comes in. What if I can capture those moments and frank discussions? I want to share the stories from other cyber security leaders and influencers so everyone can learn from their respective journeys and challenges. Why did they take the path they did? Who were their mentors? How did they tackle some of their biggest career challenges? By hearing how the industry leaders and influencers got to where they are and how they overcame some of the problems they faced, I hope to shed light on the path for other professionals. I will discover what motivates them, explore their journey in cyber security, and discuss where they think the industry is going.

Rank #1: #002 – David Cowen: Standing On the Shoulders of Giants

Podcast cover
Read more

David Cowen has more than sixteen years of experience in the areas of security integration, architecture, assessment, programming, forensic analysis and investigations. He started out as a penetration tester then moved to digital forensics. Currently, he is a partner at G-C Partners, LLC, a full service digital forensics investigation company, and has experience working in a variety of environments ranging from high security military installations to large/small private sector companies.

David is also one of the most passionate and active contributors within the cyber security and forensic communities. I look at David's contributions and think he doesn't sleep and/or someone in Dallas, TX there is cloning facility that has produced David Cowens versions 2 -5 which are all running around outputting awesome contributions to the community (yes, like the movie Multiplicity).

Here is just a short list of what David' does to give back to the industry:

He is also a two-time Forensic 4cast award winner for both Digital Forensic Article of the Year and Digital Forensic Blog of the year.

When he is not doing all of this, he is also a family man and BBQ aficionado.

Nope. Zero chance this is one person.

In this interview we will discuss how he has accomplished all of this, why he loves being an expert witness, why he moved from pen tester to forensicator, his inspiration to start programming, his favorite type of investigation and the questions to ask, how to hire good talent, what it took to develop TriForce ANJP and how it was a community effort, how no one stands on their own in the industry, and much more.

I hope you enjoy this discussion. Please leave your comments below!

Where you can find David:

Nov 23 2016

1hr 17mins

Play

Rank #2: #076 – Lesley Carhart: You’ve Got to Play the Game

Podcast cover
Read more

Lesley Carhart is a Principal Threat Analyst at the Threat Operations Center at Dragos. She is recognized as a subject matter expert in cybersecurity, incident response, and digital forensics, regularly speaking at conferences and universities. She has spent the last 11 years of her 20+ year IT career specializing in information security, with a heavy focus on response to nation-state adversary attacks. Prior to Dragos, she was the incident response team lead at Motorola Solutions, performing digital forensics and incident handling services for both enterprise and public safety customers.

In 2017, Lesley was named a “Top Woman in Cybersecurity” by Cyberscoop news and received the Guidance Enfuse conference “Women in Technology” award. She holds a Bachelor’s Degree in Network Technologies from DePaul University, A.A.S. in Avionics Systems and Electronics Systems, GIAC GCIH, GREM, GCFA, and GCFE certifications, and currently serves as a Cyber Systems NCO in the US Air Force Reserves.

In her free time, Lesley co-organizes resume and interview clinics at several cybersecurity conferences, blogs, and tweets prolifically about infosec, and is a youth martial arts instructor.

In this episode, we discuss her early mentors, mentoring, writing resumes, starting as a coder, organizational missions, ICS security, electronic voting, submitting CFPs, and so much more.

Where you can find Lesley:

Sep 30 2019

45mins

Play

Rank #3: #003 – Lenny Zeltser: You Can Never Know Everything

Podcast cover
Read more

Lenny Zeltser is a seasoned business and tech leader with extensive information security expertise. As a product portfolio owner at a Fortune 500 company, he delivers the financial success and expansion of his orgnization's security services and SaaS products. He has also been a national lead of the security consulting practice at Savvis (acquired by CenturyLink), where he managed the US team of service professionals, aligning their expertise to the firm’s cloud solutions.

Lenny helps shape global infosec practices by teaching incident response and malware defenses at SANS Institute and by sharing knowledge through writing, public speaking and community projects. He has earned the prestigious GIAC Security Expert professional designation and developed the Linux toolkit REMnux, which is used by malware analysts throughout the world. Lenny is on the Board of Directors of SANS Technology Institute and on the Advisory Board of Minerva Labs.

Lenny’s approaches to business and technology are built upon his work experience, independent research, as well as a Computer Science degree from the University of Pennsylvania and an MBA degree from MIT Sloan. His expertise is strongest at the intersection of business, technology, and information security, and spans incident response, infosec cloud services and business strategy. To get a sense for Lenny’s thought process and knowledge areas, take a look at his blog.

In this interview we will discuss why he is passionate about security, stagnating in information security and going back to grad school, public speaking, who has inspired him, his personal challenge asking for advice, early failures in technology, why he developed REMnux to make malware analysis accessible to as many people as possible, cloud security, writing better job descriptions, refining communication skills to technical and non-technical audiences, how to use certifications as a signaling mechanism, building industry relationships, and much more.

I hope you enjoy this discussion. Please leave your comments below!

Where you can find Lenny:

Dec 05 2016

1hr 10mins

Play

Rank #4: #029 – Don’t Hire Security Consultants

Podcast cover
Read more

This is a solo episode between interviews.

I have been doing IT and security consulting for a long time. Over this time, I have noticed a few things that are worth noting when hiring a security consultant. In fact, I would say until you perform some basics and perform some due diligence on your own, don't hire me or any other security consultant. Yes, this seems a little counter intuitive for me to say, "Don't hire me," but there are many common elements I see in environment after environment both on the proactive and responsive engagements.

This episode will touch on some of these elements and is by no means all inclusive.

The take away is to get to know thy self and do your home work!

Aug 07 2017

6mins

Play

Rank #5: #075 – Brian Martin (Jericho): The Hacker Mindset

Podcast cover
Read more

Brian Martin (a.k.a. Jericho) has been poking about the hacker and security scene for over 22 years, building valuable skills such as skepticism and anger management. As a hacker-turned-security whore, Jericho has a great perspective to offer an unsolicited opinion on just about any security topic. A long-time advocate of advancing the field, sometimes by any means necessary, he thinks the idea of ‘forward-thinking’ is quaint; we’re supposed to be thinking that way all the time.

No degree, no certifications, just the willingness to say things many in this dismal industry are thinking, but unwilling to say themselves. He remains a champion of security industry integrity and small misunderstood creatures.

In this episode, we discuss starting as a phreak and phone systems, BBS hacking forums, sharing knowledge, calling people out, cybersecurity skill shortages, understanding the adversaries mindset, PCI compliance, and so much more.

Where you can find Brian:

Sep 23 2019

48mins

Play

Rank #6: #062 – Chad Loder: Just Because It’s Basic, Doesn’t Mean It’s Easy

Podcast cover
Read more

Chad Loder is the CEO and co-founder of Habitu8, a Los Angeles-based cyber security startup that's transforming the security awareness industry away from its traditional "training-centric" approach to an approach that is based on measurable risk reduction through influencing and measuring key employee behaviors.

Prior to Habitu8, Chad was co-founder and VP of Engineering at Rapid7, which he helped bring to a $900M IPO in 2015. Chad has also worked as a public company CISO and a strategic advisor to several security startups.

In this episode we discuss his start with phreaking, starting Rapid7, the focus on the human element in infosec, mistakes users make, how to measure your programs success, how people learn security, being a founder, and so much more.

Where you can find Chad:

Dec 10 2018

39mins

Play

Rank #7: #038 – Eric Conrad: You Need To Be Interested Beyond 9 to 5

Podcast cover
Read more

SANS Senior Instructor Eric Conrad is the lead author of SANS MGT414: SANS Training Program for CISSP® Certification, and coauthor of both SANS SEC511: Continuous Monitoring and Security Operations and SANS SEC542: Web App Penetration Testing and Ethical Hacking. He is also the lead author of the books the CISSP Study Guide, and the Eleventh Hour CISSP: Study Guide.

Eric's career began in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and health care. He is now CTO of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a master of science degree in information security engineering. In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. Eric also blogs about information security at www.ericconrad.com.

In this episode we discuss starting in IT before there was infosec, the value of certifications, making blue teams sexy again, teaching for SANS, what makes a good cyber security professional, threat hunting, the importance of PowerShell, DeepBlueCLI, and so much more.

Where you can find Eric:

Oct 09 2017

51mins

Play

Rank #8: #032 – Ryan Kalember: We’ve Moved From Mass Surveillance to Targeted Attacks

Podcast cover
Read more

Ryan Kalember has over 15-years of experience in the information security industry. Ryan currently leads cybersecurity strategy for Proofpoint and is a sought-out expert for media commentary on breaches and best practices for enterprises as well as consumers. He joined Proofpoint from WatchDox where he served as chief marketing officer and was responsible for successfully building and leading the marketing team through the company’s acquisition by Blackberry.

Prior to WatchDox, Ryan was instrumental in running solutions across Hewlett-Packard’s portfolio of security products. He has also held a variety of marketing leadership positions at ArcSight and VeriSign including EMEA regional manager. Ryan received his bachelor's degree from Stanford University, where he studied fault tolerance, cryptography, and authentication algorithms.

In this episode we discuss his start in cyber security, his transition to marketing and product management, the importance of communication skills, the changing role of the CISO, AI and machine learning, the malware research his team does, the spread of ransomware, and so much more.

Where you can find Ryan:

Aug 28 2017

52mins

Play

Rank #9: #043 – David Navetta: The Year Of the Phishing Attack

Podcast cover
Read more

David Navetta is a US co-chair of Norton Rose Fulbright's Data Protection, Privacy and Cybersecurity practice group. David focuses on technology, privacy, information security and intellectual property law. His work ranges from compliance and transactional work to breach notification, regulatory response and litigation. David currently serves as "breach coach" or is on the approved panel for numerous cyber insurance carriers and companies, and has helped dozens of companies across multiple industries respond to data security breaches.

Prior to joining Norton Rose Fulbright, David co-founded InfoLawGroup LLP, a law firm focusing on information technology, privacy, security and IP-related law. David and InfoLawGroup successfully served a wide assortment of US and foreign clients from large Fortune 500 multinationals, retailers, hotels and restaurants, sophisticated technology companies, financial institutions, and more.

David is a Certified Information Privacy Professional through the International Association of Privacy Professionals and previously served as a Co-Chair of the American Bar Association's Information Security Committee and was also Co-Chair of the PCI Legal Risk and Liability Working Group. He has spoken and written frequently concerning technology, privacy and data security legal issues, and is frequently cited as an expert in the press and otherwise.

In this episode we discuss transitioning from litigation into data privacy and cyber security, starting a cyber focused law firm, the role of legal in a data breach, how to perform effective tabletop exercises, when to bring in law enforcement to an incident, breach threats to small and medium sizes businesses, and so much more.

Where you can find Dave:

A few disclaimers on this episode as well. For purposes of certain state ethics rules, this episode may constitute attorney advertising. This website and this episode does not constitute legal advice or create attorney-client relationship. Please be sure to contact your legal representatives with any legal questions.

Nov 27 2017

45mins

Play

Rank #10: #051 – Robert M. Lee: The Adversary’s Ability to Change Their Trade Craft is Difficult

Podcast cover
Read more

Robert M. Lee is the CEO and Founder of the industrial (ICS/IIoT) cyber security company Dragos, Inc. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers, awarded EnergySec’s Cyber Security Professional of the Year (2015), and inducted into Forbes’ 30 under 30 for Enterprise Technology (2016).

A passionate educator, Robert is the course author of SANS ICS515 – “ICS Active Defense and Incident Response” with its accompanying GIAC certification GRID and the lead-author of SANS FOR578 – “Cyber Threat Intelligence” with its accompanying GIAC GCTI certification.

Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission.

In this episode we discuss threat hunting, SCADA/ICS, IIoT, IoT security, his start in cyber security, the 2015 Ukrainian power grid attack, starting and teaching a SANS ICS class, advice he would give someone starting in the industry, and HACKNYC, and so much more.

Where you can find Robert:

Apr 24 2018

52mins

Play

Rank #11: #008 – Darren Hayes: Be Cautious and Think It Through

Podcast cover
Read more

Dr. Darren Hayes is the Director of Cybersecurity and an Assistant Professor at Pace University, New York and a leading expert in the field of digital forensics and cyber security. In 2013, he was listed as one of the Top 10 Computer Forensics Professors, by Forensics Colleges. He has developed four distinct courses in digital forensics, at Pace University, at the undergraduate and graduate levels. Also through Pace, Darren continually conducts research to support of law enforcement agencies both domestically and internationally. He has successfully been awarded grants, in the field of computer forensics, by the Department of Defense, National Science Foundation and other notable foundations. Daren is also a professional consultant in computer forensics and cyber law for the Department of Education in New York.

For a number of years, Hayes has served on the Board of the High Technology Crime Investigation Association (HTCIA) Northeast Chapter and was the President of the HTCIA Northeast. Currently, he serves as Second Vice President of the HTCIA Northeast.

Darren is also an accomplished author with numerous peer-reviewed articles on computer forensics. He has co-authored two textbooks and published “A Practical Guide to Computer Forensics Investigations”. Darren has appeared on numerous media and news outlets such as Bloomberg Television, The Street and Fox 5 News and been quoted by CNN, The Guardian (UK), The Times (UK), Wall Street Journal, Financial Times, Forbes, Investor’s Business Daily, MarketWatch, CNBC, ABC News, Forensic Magazine, SC Magazine, PC Magazine, USA Today, Washington Post, New York Post, Daily News and Wired News (to name but a few!). He has also been invited to lecture for the Harvard Business Review, University College Dublin and, more recently, was Visiting Professor at Sapienza University, Rome, Italy.

In this interview we will discuss how he supports law enforcement, developing teaching skills, the importance of problem solving abilities, the challenges when authoring books, misinformation in the media, his involvement with HTCIA, gender roles in information security, foundational skills necessary to be good in information security, immigration challenges, real world physical threats from cyber attacks, the growth of ransomware, the "brain drain" in the government sector, how to learn cyber security on a budget, and much more.

I hope you enjoy this discussion. Please leave your comments below!

Where you can find Darren:

Jan 09 2017

58mins

Play

Rank #12: #050 – Chris Roberts: Make New Mistakes

Podcast cover
Read more

Chris Roberts is the Chief Security Architect at Acalvio and is regarded as one of the world’s foremost experts on counter threat intelligence within the cyber security industry.

At Acalvio, Chris helps drive Technology Innovation and Product Leadership. In addition, Roberts directs a portfolio of services within Acalvio designed to improve the physical and digital security posture of both enterprise, industrial and government clients.

(In English) Acalvio has given him the opportunity to help shape the next generation of deception platforms, allowed him to spend time doing R&D...and he still gets to break into companies and help them with their maturity modeling and overall solutions within the security industry.

For the 50th episode, I couldn't have picked a better guest and this was my favorite interview to date. We discuss scotch tasting and food, and how that relates to infosec, building a better cyber security community, learning from past mistakes, why giving back to the community is so important, why the new generation needs to make their own mistakes, the word hacker, and so much more.

Where you can find Chris:

Apr 09 2018

46mins

Play

Rank #13: #033 – Perry Carpenter: Security Culture Management

Podcast cover
Read more

Perry Carpenter currently serves as Chief Evangelist and Strategy Officer for KnowBe4.

Previously, Perry led security awareness, security culture management, and anti-phishing behavior management research at Gartner Research, in addition to covering areas of IAM strategy, CISO Program Management mentoring, and Technology Service Provider success strategies.

With a long career as a security professional and researcher, Perry has broad experience in North America and Europe, providing security consulting and advisory services for many of the best-known global brands. His passion is helping people make better security decisions by applying strategic behavior and culture management practices to the intersection of technology and humanity.

Perry holds a Master of Science in Information Assurance (MSIA) from Norwich University in Vermont and is a Certified Chief Information Security Officer (C|CISO).

In this episode we discuss his focus on the human side of information security, building a security culture, working with famous hacker Kevin Mitnick, rewarding users for reporting, changing user's behavior, how CISO's can effect change and evaluate products, and so much more.

Where you can find Perry:

Sep 04 2017

45mins

Play

Rank #14: #035 – David Kovar: Where Is the Best Application of Your Skill Set

Podcast cover
Read more

David Kovar is the President and founder of Kovar & Associates where he leads the development of URSA – Unmanned & Robotics Systems Analysis – a suite of tools designed to collect, integrate, analyze, and present UAV related data for many purposes including fleet management, criminal investigations, failure analysis, and predictive analysis. He also leads the firm’s consulting practice which addresses UAV cyber security and UAV threat management.

David founded the practice of UAV forensics in 2015 and is one of the leading practitioners in the country. David has worked in digital forensics and cyber security since the mid 90’s and, prior to founding his own company, led EY’s U.S. incident response program.

David earned a BA from Dartmouth in Computer Science and will receive an MA from the Fletcher School at Tufts in International Affairs this summer. David’s Master’s thesis is entitled “Defending Against UAVs Operated by Non-State Actors”.

David is a rated pilot, is the Advocacy Director for the National Association of Search and Rescue where he writes UAV policy papers and develops presentations on UAVs in SAR for various audiences, and is working on SAR UAV standards for ASTM.

In this episode we discuss his early transition from IT to information security, good incident response planning, team building and communications, the development of analyzeMFT, giving back to the community, the emerging drone security and analysis field, founding a cyber security company, and so much more.

Where you can find David:

Sep 18 2017

52mins

Play

Rank #15: #053 – Cameron Williams: Make Your Day Easier

Podcast cover
Read more

Cameron Williams is the Founder and CTO of OverWatchID. Cam has more than 22 years of experience as a leader in the cyber security industry. He has led breach mitigation and designed security solutions/countermeasures for leading global companies such as IBM, Boeing, Sony, BP, Chase and Washington Mutual. He has designed and built a multitude of access management systems including privileged access management, identity access management (SSO, SAML, OAuth and Federation) and cloud access security brokering systems.

Prior to cofounding OverWatchID, Cameron was VP Engineering at IntelliSecure, where he led the development of a next generation MSSP platform including multi-tenant PAM, correlation engine (SIEM software), deployment automation, and application monitoring systems.

In this episode we discuss the alphabet soup of identity and access management, cloud security, maturing the trust model, the problems he is trying to solve, why he switched to IT from pre-med, automation and orchestration, and so much more.

Where you can find Cam:

May 14 2018

42mins

Play

Rank #16: #009 – Ismael Valenzuela: Let’s See What Happens

Podcast cover
Read more

Defined by his peers as a “passionate, experienced and visionary individual who is always striving to improve himself,” Ismael Valenzuela is one of the few individuals that has done almost all in the InfoSec arena, from founding one of the first IT Security companies in Spain to managing a distributed CERT across the world as well as teaching for highly reputed institutions such as SANS, BSi or the Spanish National Center of Intelligence.

His command of both the business and technical aspects of information security has allowed him to specialize in building and boosting highly technical security teams and successful security businesses across North America, EMEA, India and Australia in the last 15 years.

As a top cybersecurity expert with strong technical background and deep knowledge of penetration testing, security architectures, intrusion detection and computer forensics, Ismael has provided security consultancy, advice and guidance to large government and private organisations, including major EU Institutions and US Government Agencies.

Prior to joining Foundstone Services at Intel Security, Ismael worked as Global IT Security Manager for iSOFT Group Ltd, one of the world’s largest providers of healthcare IT solutions, focusing on establishing and managing the IT Security program in more than 40 countries while providing risk-driven strategic planning, defining an ISO 27001 compliant policy framework and working with the applications team to ensure that security was embedded into their SDLC.

Author of security articles for Hakin9, INSECURE Magazine and the SANS Forensics Blog, Ismael also serves on the GIAC Advisory Board and is a Community SANS Instructor.

He holds a Bachelor's degree in Computer Science from the University of Malaga, is certified in Business Administration, and holds numerous professional certifications including the highly regarded GIAC Security Expert (GSE #132) any many others from GIAC, ISC2 and ISACA.

In this interview we will discuss learning security on his own, scoping penetration testing projects, security in the healthcare industry, running international teams, how to drive an internal security culture, developing internal training programs, threat hunting and his rastrea2r threat hunting tool, lessons learned from his IR work, and much more.

I hope you enjoy this discussion. Please leave your comments below!

Where you can find Ismael:

Jan 16 2017

1hr

Play

Rank #17: #010 – ShmooCon 12 (2017)

Podcast cover
Read more

Early each year, for the past 12 years, the hacker conference ShmooCon takes place in Washington, DC. This year I was honored and fortunate to get a press pass to this sold out event which the organizers call, "an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues."

It was a great time and in this episode I will recap my experience over the three days.

More ShmooCon information:

Thank you to ShmooCon and the organizers for letting me be part of this event!

Jan 23 2017

11mins

Play

Rank #18: #034 – Harlan Carvey: You Have To Apply the Data To Your Theory

Podcast cover
Read more

Harlan Carvey is currently the Director of Intelligence Integration at Nuix.

Harlan has been involved in information security for 28 years, which began during his military career. After leaving active duty 20 years ago, he started in consulting, performing vulnerability assessments and penetration testing. From there, it was a natural progression to digital forensics and incident response services.

Harlan is an accomplished public speaker and a prolific author. He is the author of several open source tools, including RegRipper, and is the author of the WindowsIR blog.

In this episode we discuss his start in information security, windows registry forensics, new artifacts, the importance of communications, mistakes examiners make, ransomware, the commonalities between information security and home beer brewing, so much more.

Where you can find Harlan:

Sep 11 2017

1hr

Play

Rank #19: #052 – Jeremiah Grossman: The Cavalry Is Not Coming

Podcast cover
Read more

Jeremiah Grossman is the CEO of Bit Discovery. Jeremiah's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names.

Since Jeremiah earned a Brazilian Jiu-Jitsu black belt, the media has described him as "the embodiment of converged IT and physical security.” In 2001, Jeremiah founded WhiteHat Security, which today has one of the largest professional hacking armies on the planet. Jeremiah has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for privately informing them of weaknesses in their systems -- a polite way of saying, ‘hacking them'.

In this episode we discuss RSAC 2018, starting in infosec, web application vulnerabilities, what to look for in application security developers, building security development metrics, why you need to inventory websites, making time to contribute to the community, and so much more.

Where you can find Jer:

Apr 30 2018

33mins

Play

Rank #20: #073 – Bernard Harguindeguy: Identity Is The Keystone

Podcast cover
Read more

Bernard Harguindeguy is the Chief Technology Officer & General Manager Intelligence from Ping Identity. Bernard joined Ping in June 2018 through the acquisition of Elastic Beam, where he was the CEO and founder. His work at Elastic Beam revolutionized the use of AI to protect API infrastructures from cyber attacks and deliver deep insight into API access and usage.

Bernard earned an MS in Engineering Management from Stanford University and a BS in Electrical Engineering from the University of California Irvine where he was inducted into the Engineering Hall of Fame.

In this episode, we discuss starting in email security, identity as the perimeter, API security, selling to the C suite, how AI will help security, IoT security, and so much more.

Where you can find Bernard:

Aug 19 2019

40mins

Play

#098 – Andrea Roberson: Reach Out to Others

Podcast cover
Read more

Andrea Roberson is a product manager at Centrify Corporation, where she directs the product roadmap for Centrify Privileged Access Service. She was previously a technical support engineer at the company for almost two years and has held several engineering and support roles during her career including at Google and Apple.

She has a Bachelor of Science degree in Computer Science from Spelman College, where she was a member of the National Society of Black Engineers, the Association for Computing Machinery, and SpelBots.

In this episode, we discuss working with product teams remotely, moving from IT to information security, securing remote access, diversity and inclusion in cybersecurity, mentoring others, self-care and mental health, new threats due to COVID, and so much more.

Where you can find Andrea:

Aug 10 2020

35mins

Play

#097 – HD Moore: The New Normal

Podcast cover
Read more

HD Moore is the founder and CEO of Rumble Network Discovery; a platform designed to make asset inventory quick and easy by combining active scanning with innovative research.

Prior to starting Rumble, HD was best known as the founder of the Metasploit Project, the foremost open-source exploit development framework, and continues to be a prolific researcher and occasional speaker at security events.

In this episode, we discuss starting with BBSs back in the day, starting the Metasploit project, project Sonar, his development of Rumble Networks, securing home networks, fingerprinting networks, jump boxes in IoT networks, and so much more.

Where you can find HD:

Aug 03 2020

35mins

Play

#096 – Gabe Gumbs: Data Is An Asset

Podcast cover
Read more

Gabe Gumbs has a deep-rooted passion for technology, information security, and problem-solving. As Chief Innovation Officer of Spirion—a leader in rapid identification and protection of sensitive data—he’s channeling that passion to make the digital world a safer place. Wielding a unique mix of technical vision, marketing, and business acumen, Gabe is shaping the future of data security and protecting the sensitive personal data of customers, colleagues, and communities around the world.

Despite having held a range of leadership positions in security technology— including VP of Product Strategy at STEALTHbits and Director of Research & Products at WhiteHat Security—Gabe considers his most valuable experience to be the time he spent on the ground as a security practitioner. Thanks to his intimate understanding of the real issues security professionals face on the front lines, he’s able to identify the core of the problem and create innovative solutions that push data security technology forward.

In this episode, we discuss his early starts with the 2600 meet-ups, privacy versus security, speaking to executives in their language, cloud security, information security skills shortages, training legal teams for cyber, how to get started in cybersecurity, and so much more.

Where you can find Gabe:

Jul 20 2020

38mins

Play

#095 – Shahrokh Shahidzadeh: Education Is a Big Part of IT

Podcast cover
Read more

Shahrokh Shahidzadeh is the CEO of Acceptto. Shahrokh is a seasoned technologist and leader with 29 years of contribution to modern computer architecture, device identity, platform trust elevation, large IoT initiatives, and ambient intelligence research with more than 25 issued and pending patents.

Before Acceptto, Shahrokh was a senior principal technologist contributing to Intel Corporation for 25 years in a variety of leadership positions where he architected and led multiple billion-dollar product initiatives.

In this episode, we discuss evolving authentication, SSO and MFA challenges, anomalous behavior detection, enforcing least privilege, his time with Intel, AI and ML, multi-cloud security, securing home users, and so much more.

Where you can find Shahrokh:

Jul 13 2020

38mins

Play

#094 – Deborah Golden: How Can I Support You Today

Podcast cover
Read more

Deborah Golden is the US Cyber & Strategic Risk leader for Deloitte Risk & Financial Advisory. In the prior six years, Deborah served as the Government & Public Services (GPS) Cyber Risk Services leader, as well as the GPS Advisory Market Offering leader, GPS Empowered Well-Being leader and the lead principal for a major federal government health care provider.

Deb has more than 25 years of information technology experience spanning numerous industries, with an in-depth focus on government and public services, life sciences and health care, and financial services.

Deb received a bachelor’s degree in Finance at Virginia Tech and a master’s degree in Information Technology at George Washington University. She serves on Virginia Tech’s Business Information Technology and Masters in Information Technology Advisory Boards is a self-proclaimed fitness junky and avid traveler and trains service dogs with the Guide Dog Foundation in her spare time.

In this episode, we discuss mental health awareness, her 1-3-5-15 routine, working with clients remotely, COVID-19 cybersecurity spend, securing home networks, diversity in the cyber workplace, The Guide Dog Foundation, and so much more.

Where you can find Deb:

Jul 06 2020

46mins

Play

#093 – Kyle Hanslovan & Chris Bisnett: Crimeware Is a Business

Podcast cover
Read more

Kyle Hanslovan comes to Huntress Labs from the U.S. Intelligence Community, where he supported defensive and offensive cyber operations for the past decade. He previously co-founded the defense consulting firm StrategicIO and actively participates in the ethical hacking community as a Black Hat conference trainer, STEM mentor, and Def Con CTF champion. Additionally, he serves in the Maryland Air National Guard as a Cyber Warfare Operator.

Chris Bisnett is a veteran information security researcher with more than a decade of experience in offensive and defensive cyber operations. While serving with the NSA RedTeam, he attacked government networks and systems to identify and remedy vulnerabilities. Chris is also a recognized Black Hat conference trainer and has taught his “Fuzzing For Vulnerabilities” course at several events around the world. Before founding Huntress Labs, Chris co-founded LegalConfirm, LLC, where he led product design and development until the company was acquired in 2014.

In this episode, we discuss incident response planning, their early starts in offensive theaters, red teaming, Ransomware-as-a-Service, small business and enterprise threats, breaking bad news to clients, holding leadership accountable, hacking back, tips and resources for start-ups, warnings for founders, and so much more.

(Note: If you are interested in start-ups and being a founder, Daniel Ayala and I created a regularly updated blog for founders and start-ups: Hang Out A Shingle – Starting Your Cybersecurity Company.

Where you can find Kyle and Chris:

Jun 29 2020

52mins

Play

#092 – Jack Kudale: You Gotta Have More Cowbell

Podcast cover
Read more

Jack Kudale is Founder and CEO at Cowbell Cyber with over two decades of business executive experience. Previous senior roles include COO at Cavirin, CEO at Lacework, both cloud security startups; SnapLogic, a leader in hybrid cloud integration; and CA Technologies, where Jack led DevOps sales for the Fortune 500 leader.

With deep operational experience in the DevOps, Cybersecurity, IT Ops, & Big Data spaces, Jack leads Cowbell to execute on its vision of bridging the cyber insurability gap. Jack also serves as a governing board member of Brighter Children, a non-profit organization.

In this episode, we discuss the importance of cyber insurance, risk management, the difference between cyber insurance vs other insurance products, the risks COVID-19 pose to small businesses, right-sizing cyber insurance policies, industries that are targets for attackers, and so much more.

Where you can find Jack:

Jun 22 2020

51mins

Play

#091 – Daniel Ayala: Does This Help Us

Podcast cover
Read more

Daniel Ayala is the Founder, and Managing Partner for Secratic, a strategic information security, and privacy consultancy focused on helping companies protect data and information, and be prepared before incidents happen. Daniel is also currently serving as the Interim Chief Information Security Officer for Michigan State University.

Throughout his 24 year career, he has led security organizations large and small in banking and financial services, pharmaceutical, information, library, and technology companies around the world, taught university-level courses, and both writes and regularly speaks on the topics of security, privacy, data ethics, and compliance.

In this episode, we discuss remote working, being a virtual CISO, compliance vs. security vs. privacy, application development security, creating a culture of security, communication skills, giving back to the community, mentoring others, mental health, and so much more!

Where you can find Daniel:

Jun 15 2020

57mins

Play

#090 – Anthony Bettini: Building What No One Else Has

Podcast cover
Read more

Anthony Bettini is the CTO for WhiteHat Security, the leader in Application Security, enabling businesses to protect critical data, ensure compliance, and manage risk. Previously, Anthony ran Tenable Research where Anthony joined via Tenable’s acquisition of FlawCheck – a leading Container Security startup where Anthony was the CEO & Founder.

Before its acquisition by Symantec, Anthony was CEO & Founder of Appthority, a leading Mobile Security startup, and winner of the “Most Innovative Company of the Year” award at the RSA Conference.

In this episode, we discuss managing a remote team, web application security, DevSec, responsible vulnerability disclosure, Artificial Intelligence (AI), how to focus your career, being a founder, and so much more!

Where you can find Anthony:

Jun 08 2020

38mins

Play

#089 – Ed Bellis: Complexity is the Enemy

Podcast cover
Read more

Ed Bellis is a security industry veteran and expert and was once named “Information Security Executive of the Year”. He currently serves as the Chief Technology Officer and Co-founder of Kenna Security. He founded Kenna Security to deliver a data-driven risk-based approach to remediation and help IT teams prioritize and thwart would-be security threats.

Ed is the former CISO of Orbitz and former Vice President, Corporate Information Security at Bank of America. He is an advisor to Dascena and former advisor to SecurityScoreboard.com, Dharma, and Society of Payment Security Professionals. Ed is a contributing author to the book, Beautiful Security. He is also a frequent speaker at industry conferences such as RSA, BlackHat, and many others.

In this episode, we discuss vulnerability management maturity, how to focus on remediation, inventory management, securing cloud services, IoT devices in the enterprise, entrepreneurship, hiring the right people, and so much more.

Where you can find Ed:

Jun 01 2020

41mins

Play

#088 – Mikko Hyppönen: You Might Have an Enemy In the Future

Podcast cover
Read more

Mikko Hypponen is a global security expert and has worked at F-Secure since 1991. Currently, he serves as F-Secure's Chief Research Officer.

Mikko has written on his research for the New York Times, Wired, and Scientific American, and he frequently appears on international TV. He has lectured at the universities of Stanford, Oxford, and Cambridge. He was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list.

Mikko sits on the advisory boards of t2 and Social Safeguard and in the advisory panel for the Monetary Authority of Singapore.

In this episode, we discuss his early starts in information security, the rebirth of TELNET, security by design, the difference between privacy and security, mobile device security, IoT security, election security, and so much more.

Where you find Mikko:

May 25 2020

50mins

Play

#087 – Steve Moore: It’s a Balancing Act

Podcast cover
Read more

Stephen Moore is a Vice President and the Chief Security Strategist at Exabeam and is also the host of The New CISO podcast. Stephen has more than 15 years of experience in information security, intrusion analysis, threat intelligence, security architecture, and web infrastructure design. Before joining Exabeam, Stephen spent more than seven years at Anthem in a variety of cybersecurity practitioner and leadership roles. He played a leading role in the response and remediation of the data breach announced in 2015.

Stephen has deep experience working with legal, privacy, and audit staff to improve cybersecurity and demonstrate greater organizational relevance. He has been a Member of the Advisory Board at SecureAuth Corporation since July 2017.

In this episode, we discuss adopting SOCs for remote operations, shifting focus to credentials, SOAR, attacker attribution, threat intelligence, post-Covid-19 IT changes, and so much more.

Where you can find Stephen:

May 18 2020

51mins

Play

#086 – Dave Kennedy: The Basics Are Still Challenging

Podcast cover
Read more

David Kennedy is the founder of Binary Defense and TrustedSec. Both organizations focus on the betterment of the security industry. David also served as a board of director for the ISC2 organization. David was the former CSO for a Diebold Incorporated, where he ran the entire INFOSEC program. David is a co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), Artillery, Unicorn, PenTesters Framework, and several popular open-source tools. 

David was the co-founder of DerbyCon; a large-scale conference started in Louisville, Kentucky. Before the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence-related missions.

David is frequently interviewed by news organizations, including CNN, Fox News, MSNBC, CNBC, and BBC World News. He has testified in front of Congress on two occasions on the security around government websites.

In this episode, we discuss the shift to virtual conferences, Zoom vulnerabilities, responsible vulnerability disclosure, the importance of communication skills, giving back to the community, mental health, working from home, and so much more.

Where you can find David:

May 11 2020

46mins

Play

#085 – John Strand: Making the Industry Better

Podcast cover
Read more

John Strand is the owner of Black Hills Information Security, a firm specializing in penetration testing, Active Defense, and Hunt Teaming services. He is also the CTO of Active Countermeasures, a firm dedicated to tracking advanced attackers inside and outside your network.

John has consulted and taught hundreds of organizations in the areas of cybersecurity, regulatory compliance, and penetration testing. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks. He is also an experienced speaker, having done presentations to the FBI, NASA, the NSA, and at various industry conferences. 

John also co-hosts Security Weekly, the world's largest information security podcast; co-authored Offensive Countermeasures: The Art of Active Defense; and writes loud rock music and makes various futile attempts at fly-fishing.

In this episode, we discuss remote workers in the Covid-19 pandemic, validating VPN targets in pen tests, cloud security, developing SANS course material, how to choose what to give away, planning conferences, threat hunting, keeping up with new vulnerabilities, mental health, and so much more.

Where you can find John:

May 04 2020

46mins

Play

#084 – Adam Hunt: A Game We Play

Podcast cover
Read more

Adam Hunt is the CTO and Chief Data Scientist at RiskIQ. As Chief Data Scientist, Adam leads the data science, data engineering, and research teams at RiskIQ. Adam pioneers research automating the detection of adversarial attacks across disparate digital channels, including email, web, mobile, social media. Adam also has received patents for identifying new external threats using machine learning.

Adam received his Ph.D. in experimental particle physics from Princeton University. As an award-winning member of the CMS collaboration at the Large Hadron Collider, he was an integral part of developing the online and offline analysis systems that lead to the discovery of the Higgs Boson.

In this episode, we discuss starting in particle physics, data science, communication skills, process automation, managing attack surface areas, and so much more.

Where you can find Adam:

Mar 23 2020

30mins

Play

#083 – Nate Fick: Give Teams Autonomy

Podcast cover
Read more

Nate Fick is the General Manager of Elastic Security and former CEO of Endgame. He is also an Operating Partner at Bessemer Venture Partners. Before joining Endgame, Nate was CEO of the Center for a New American Security. He led Marine Corps infantry and reconnaissance units in combat in Afghanistan and Iraq. His book about that experience, One Bullet Away, was a New York Times bestseller, a Washington Post "Best Book of the Year," and one of the Military Times' "Best Military Books of the Decade.”

Nate is a graduate of Dartmouth College, the Harvard Kennedy School, and the Harvard Business School. Nate serves as a Trustee of Dartmouth, and on the Military & Veterans Advisory Council of JPMorgan Chase & Co. He is a member of the Young Presidents’ Organization and a life member of the Council on Foreign Relations and Trout Unlimited.

In this episode, we discuss leadership, lessons learned in the Marines, cyberwar, information sharing, government policies, finding the signals in the noise, resource management, and so much more!

Where you can find Nate:

Feb 17 2020

37mins

Play

#082 – Jamil Jaffer: Not All Nation-state Activity Is the Same

Podcast cover
Read more

Jamil Jaffer is Senior Vice President for Strategy, Partnerships & Corporate Development at IronNet, a startup technology firm founded by former National Security Agency (NSA) Director Gen. Keith Alexander (ret.).

Prior to joining IronNet, Jamil served as the Chief Counsel and Senior Advisor for the Senate Foreign Relations Committee and Senior Counsel to the House Intelligence Committee where he led the committee’s oversight of NSA surveillance and wrote the original version of the Cybersecurity Information Sharing Act (CISA) signed into law in 2015. He also worked in the White House during the Bush Administration as an Associate Counsel to the President and in the Justice Department where he led the National Security Division's work on the President's Comprehensive National Cybersecurity Initiative.

Jamil is also an Assistant Professor of Law and Director of the National Security Law & Policy Program at the Antonin Scalia Law School at George Mason University and a Visiting Fellow at Stanford University’s Hoover Institution.

In this episode, we discuss starting as in legal, government's role in cybersecurity, information sharing with real-time collaboration, automation, trend spotting, impacts to small businesses, cyberwar, and so much more.

Where you can find Jamil:

Feb 10 2020

37mins

Play

#081 – James Patchett: Make Small Businesses Safe

Podcast cover
Read more

James Patchett is the President and CEO of the New York City Economic Development Corporation. James has spent his career building stronger cities through investments in affordable housing, innovation, and 21st-century infrastructure.

During his tenure, he has overseen some of the city’s most ambitious projects, including launching a citywide ferry system, developing Mayor de Blasio’s 100,000 jobs plan, and optimizing NYCEDC’s 60 million square feet of real estate.

Prior to his appointment as NYCEDC President in 2016, James served as chief of staff to Deputy Mayor for Housing and Economic Development Alicia Glen, where he helped oversee more than 25 city agencies and played a pivotal role in preserving thousands of affordable homes. James holds a BA in Economics from Amherst College and an MBA from Stanford University.

In this episode, we discuss NYC building a cyber army, economic development through cyber, business accelerators, matching inventors with business coaches, NYC's talent pool, and so much more.

Where you can find James:

Jan 20 2020

34mins

Play

#080 – Heather Mahalik: Earn The Tool

Podcast cover
Read more

Heather Mahalik is the Senior Director of Digital Intelligence at Cellebrite and a Senior Instructor, author and course lead for FOR585: Smartphone Forensic Analysis In-Depth. To say that digital forensics is central to Heather's life is quite an understatement. Heather has worked on high-stress and high-profile cases, investigating everything from child exploitation to media associated with terrorism. She has helped law enforcement, eDiscovery firms, military, and the federal government extract and manually decode artifacts used in solving investigations around the world.

Heather began working in digital forensics in 2002, and has been focused on mobile forensics since 2010 - there's hardly a device or platform she hasn't researched or examined or a commercial tool she hasn't used. She also maintains www.smarterforensics.com. Heather is the co-author of Practical Mobile Forensics (1st -4th editions), currently a best seller from Pack't Publishing.

In this episode, we discuss coming back to law enforcement, cloud forensics, what drives her research, early mentors, the start of cellphone forensics, mobile device threats, developing presentations, and so much more!

Where you can find Heather:

Jan 13 2020

37mins

Play

#079 – Mari DeGrazia: Not Just One Technology

Podcast cover
Read more

Mari DeGrazia is a Senior Vice President in the Cyber Risk practice of Kroll, a division of Duff & Phelps. Over the course of a 12-year career in the computer industry, Mari has become a leader within the digital forensics community. Mari joined Kroll from Verizon Enterprises where she served as Case Lead on various network intrusion and data breach investigations.

Mari is a strong believer in giving back to the forensic community and has written and released numerous programs/scripts, two of which are used in SANS training. In addition, she has presented her research at several industry conferences, published articles in eForensics Magazine, and was the technical editor for Windows Registry Forensics S.E.

In this episode, we discuss starting in IT, balancing work and family, self-training, the importance of the DFIR community, cross-training, using AI for detection, cloud security, giving back to the industry, and so much more.

Where you can find Mari:

Jan 06 2020

44mins

Play

iTunes Ratings

54 Ratings
Average Ratings
51
0
1
0
2

Absolutely recommended

By Dogfolife69 - Apr 28 2018
Read more
Stunning interviews with Cybersecurity thought leaders!

Great content!

By DelePay - Aug 21 2017
Read more
Great content for anyone interested in cyber security