Bare Knuckles and Brass Tacks

Erik Bloch, security operations expert and longtime infosec leader, joins the show to talk about the real problems plaguing SOCs and why the industry keeps missing the mark!George K and George A talk to Erik about:- The massive disconnect between what vendors think SOCs do vs. reality - spoiler alert: most founders have never worked in the trenches- Why we're still fighting the same problems from 20 years ago - false positives aren't even 10% of the actual work, so why do we keep obsessing over them?- The real burnout formula: high responsibility + low control + endless busywork that has nothing to do with catching bad guys- Business alignment that actually works: Stop talking about theoretical $48 bazillion losses and start tying security outcomes to actual business growthWhether you're a vendor or an executive leader, there's gold -- and data! -- in this episode. The "AI will solve everything" narrative is misleading, hear what actually works in security operations!------------

This conversation hits different. Mohammed "Moh" Waqas, CTO Healthcare at Armis, joined us to talk about burnout, mental health, and the hidden costs of our "always-on" cybersecurity culture.George K and George A talk to Mohammad about: Why perfectionism in cyber is literally making us sick How epilepsy taught Moh to recognize burnout triggers before they hit The real cost of saying "yes" to every sales deadline Why your team needs mandatory disconnect time (and how to make it happen) Leading with radical transparency during layoffs and industry chaosThis isn't just feel-good advice – it's business-critical. Burned out teams cost more, perform worse, and leave faster.Drop a comment: What's your biggest burnout trigger in cyber? Let's normalize this conversation.---------------

Quinnlan Varcoe, founder of Blueberry Security, joins the show for a raw conversation about building a security startup!Quinn takes us through her wild ride from SOC analyst to founder - including how she shut down her business only to relaunch it stronger than ever. George K and George A talk to Quinn about: Finding your true product-market fit in the security services space The brutal reality of B2B sales cycles (hint: they're WAY longer than you think) How literally ONE client call changed everything while she was recovering from surgery Her narrative-based approach to security operations trainingPlus, Quinn opens up about her experience as a trans founder in cybersecurity, navigating both professional challenges and today's political climate.This episode is PACKED with insights for founders, security practitioners, and anyone interested in the human side of building something from scratch. ---------------

Dr. Kashyap "Kash" Thimmaraju joins the show to talk about a new study on burnout, wellbeing, and flow state in security operations.George K and George A talk to Kash about: New research using psychologically validated scales to measure burnout in cybersecurity professionals How "flow state" might be the key to better performance AND preventing burnout The impact of remote work and isolation on security teams Practical techniques security leaders can implement TODAY to support their teamsProtecting our human resources is just as important as protecting our digital ones.Dr. Thimmaraju and his co-authors' research points to a significant gap in how we understand and support the mental wellbeing of security professionals. It's time to start changing that conversation.Mentioned this episode: Human Performance in Cybersecurity Operations Paper: https://flowguard-institute.com/wp-content/uploads/2025/03/Human-Performance-in-Security-Operations.pdf Human performance in cybersecurity survey: http://flowguard-institute.com/hpcs Flow Guard Institute: http://flowguard-institute.com

Recorded LIVE at RSAC 2025: Don Jeter, Chief Meme Officer at Torq returns! He breaks down how Torq built a cult brand in cybersecurity around their "SOAR is Dead" campaign.George K and George A talk to Don about: Harnessing creativity in an era of algorithmic optimization: “You're not remembered for the safe ideas ever" Building internal excitement with your team (especially sales) before launching campaigns Creating something people actually want to be part of, not just another product His beliefs that brand leads to demandIf you're tired of AI-generated content, algorithm chasing, and the same old B2B tech marketing playbook, this episode delivers practical advice on standing out in an oversaturated market.This episode is presented in partnership with Torq.Check out the full video version of this interview on YouTube.

George K and George A are off to San Francisco for RSAC 2025 this week. Here are some short musings on what they think they might see...Mentioned: Chase Cunningham has built an app that lets you rank vendor demos in real time! If you'd like to join the effort, you can do so here: https://10ringvendors.glide.page

“When you look at cybersecurity…we've got to be constantly thinking about how we disrupt ourselves in order to actually solve the problem."Casey Ellis is a hacker, a founder, and an advisor and investor. Occupying a lot of different vantage points in cyber has given him a very unique perspective on the industry.George K and George A talk to Casey about: How Casey went from hacker to solution architect to entrepreneur, creating a marketplace that connects ethical hackers with companies who need them Why security startups focused solely on acquisition are hurting the industry (and why defenders deserve better) The reality check on AI in security - separating hype from actual value Why human creativity will always be necessary in security (automation is great, but humans build systems and humans break them)It's real and it's raw. As always.

Jake Bernardes, CISO at Anecdotes, brings a uniquely adventurous spirit to this week's show! And his ethos of “Don't be an a**hole” is certainly one we can get behind.George K and George A talk to Jake about: Jake's "inherent risk-taker" philosophy that's guided his career moves Why the best CISOs are "repulsed by the idea of being bored" and how that drives innovation The changing face of security leadership - from risk-averse consultants to today's disruptive problem solvers His refreshingly honest take on how CISOs should interact with vendors: "Just don't be an a**hole"Whether you're in the trenches, pitching security tools, or running a whole damn cyber program, Jake drops serious insights you can use.————

George K and George A are out this week to keynote SecureWorld Toronto and host the Cyber Pitch Battle Royale. Catch up on interviews you may have missed with: Stacey Lokey-Day on collecting experiences to build your career Candace Williams on the keys to networking Allan Alford on the best ways vendors can engage with CISOs and ensure they stay in good graces Jessica Andree on how to build loyalty and performance through better talent acquisition Kate Wood on the top 3 pieces of advice for advancing your career———

This week, Ads Dawson, Staff AI Security Researcher at Dreadnode, joins the show to talk all things AI Red Teaming!George K and George A talk to Ads about: The reality of securing #AI model development pipelines Why cross-functional expertise is critical when securing AI systems How to approach continuous red teaming for AI applications (hint: annual pen tests won't cut it anymore) Practical advice for #cybersecurity pros looking to skill up in AI securityWhether you're a CISO trying to navigate securing AI implementations or an infosec professional looking to expand your skill set, this conversation is all signal.Course mentioned: https://learn.nvidia.com/courses/course-detail?course_id=course-v1:DLI+S-DS-03+V1————

Ever wondered why cybersecurity hiring is broken? Jessica's flipping the script with a revolutionary approach to talent acquisition and development!George K and George A talk to Jessica about: How she transformed the company's hiring by focusing on building talent rather than looking for unicorns or perfect fits Why asking "Why are you here?" is her #1 interview question (and what she learns from it) How her military background shaped her approach to servant leadership Their "strange renegades" philosophy that's created remarkable team loyalty"Accessibility does not equate to aptitude. Some people just don't have access, but that doesn't mean they won't be great employees."Every company struggling with talent acquisition or employee churn needs to check out this conversation.Jessica's transparency about Risk360's approach to compensation, benefits, and career development is refreshingly honest.Listen now and let us know what you think! Could this approach work in your organization?------------

This week, researcher Kate Wood from Info-Tech joins the show to talk about the future of security autonomization with AI.George K and George A talk to Kate about: The reality of AI adoption in security beyond marketing hype (and where the hallucinations are still problematic) Modernizing vendor risk management beyond checkbox exercises A fascinating framework for "autonomization" vs. automation - and understanding your tolerance for AI decision-making at operational, tactical and strategic levels And Kate drops some incredibly real and raw career advice on authenticity, pursuing work you love, and finding mentorsResearch mentioned: https://www.infotech.com/research/ss/build-an-autonomous-security-delivery-roadmap-----------

This week we talk to Allan Alford talking about his 25 years journey from CISO to startups to consulting and now his return back to corporate America!George K and George A talk to Allan about: His wild career journey - and what motivated his most recent career decision His new gig at NTT Global Data Centers, and why data centers are the next hot thing in security The truly global scope of his new gig Why people and process beat technology EVERY time - even in tech companies!Allan also drops some straight FIRE about vendor relationships - including the sobering fact that in 25 YEARS, cold outreach has matched his actual needs exactly ONCE. Vendors, there's a lot of learn here about how to stand out before and after the contract is signed.-——

This week Jeanette Belashov, of Anvilogic, joins the show to talk about smarter and more authentic cybersecurity marketing.George K and George A talk to Jeanette about: Why the lead gen MQL mindset is total BS and hurts both your strategy AND your buyers Using selling signals instead of vanity metrics to actually help your sales team connect with the right accounts at the right time about the right use case Why marketers MUST get their hands dirty with the product and spend time understanding the day-to-day challenges of practitioners Creating hybrid attribution frameworks that actually make sense for today's complex buyer journeysJeanette drops some serious science about how successful cybersecurity marketers need to immerse themselves in the community - from Reddit threads to conference conversations - to truly understand what matters to security teams.As the CISO said: "This has to be one of the most value-filled episodes I've ever been a part of... You could probably do an entire course based on the themes and ideas she brought up."Check out the full episode wherever you listen to podcasts!

The unstoppable Tennisha Martin joins the show this week! The Executive Director of BlackGirlsHack digs into what it really takes to build diverse cybersecurity talent pipelines in today's challenging environment.George K and George A talk to Tennisha about: How BGH is using AI and hands-on labs to teach real-world hacking skills Why traditional education often falls short on practical cybersecurity training The economic barriers keeping talented people out of tech careers Building sustainable nonprofit programs when traditional funding gets rockyPlus we dive into some raw talk about staying focused on the mission even when external pressures try to knock you off course.As Tennisha puts it: "Our mission hasn't changed just because the administration has changed. We're still training people, still getting folks certified, still building that workforce."Whether you're interested in cybersecurity education, diversity in tech, or nonprofit leadership, this episode has something for you.———

New episode drop! This week Chloe Burton joins us to talk about her journey from IT Help Desk to Head of Detection Engineering.George K and George A talk to Chloe about: How she used a foray into Splunk to learn and launch her career Why "more alerts" doesn't equal better security Her views on consulting as a career accelerator in cyber How she looks for and mentors new talentIf you're tired of the "more alerts = more security" mindset or wondering how to break into cybersecurity from a non-traditional background, this episode is for you.———

Candace Williams, security leader, joins the show to talk about what ACTUALLY matters in networking and professional development in cybersecurity. No BS, just real talk from someone who's lived it.George K and George A talk to Candace about: Why your internal barriers are often bigger than external ones The truth about transactional networking (spoiler: it doesn't work) Why chasing certs and being a “paper tiger” might not get you the job (and what will!) Why preparation beats perfection when opportunities ariseCandace drops some serious wisdom about building authentic relationships vs just collecting LinkedIn connections. Whether you're starting out or leading teams, this episode has something for you.P.S. And no, she won't look at your resume if the first time you reach out is to ask for a job———

Kenneth Ellington returns, one year later to talk about the changes from leaving his corporate gig to work for himself.George K and George A talk to Kenneth about: How he's balancing running a cybersecurity academy, staffing agency, AND active security work Real talk about the challenges of building business processes from scratch Brutally honest advice about job hunting in cyber Why job opportunities still exist in cyber - but you need the right mindset Contract work vs full-time positionsFavorite quote: "Be honest with yourself. Lying to yourself never is a good option."Whether you're looking to break into cyber, considering the leap to entrepreneurship, or just want some straight talk about the industry - this episode delivers valuable insights from someone walking the walk.Shout out this episode: Henry Davis, Techtual

This week we dive into GRC Engineering with Justin Pagano, Emre Ugurlu, and returning guest Terra Cooke, three of minds behind the new GRC Engineering Manifesto.We tackle: Why GRC folks are engineers (yes, really!) Moving beyond "legacy GRC" into systems thinking Building GRC tools that engineers actually want to use The intersection of AI and compliance automationThis one gets nerdy! But if you want to understand how modern organizations can take a systems-based approach to governance while keeping engineers happy, this episode is for you.Check out the manifesto and repo at grc.engineering and join the conversation!

Kristin Demoranville joins the show this week to talk securing the food supply chain as critical infrastructure, incidents' effect on the global economy, representation in ICS/OT, and more!George K and George A talk to Kristin about: Dispelling misconceptions about OT security The food industry as critical infrastructure The need for more diverse voices in OT/ICS security to drive innovation and better solutions How to break into OT securityPlus some raw honesty about being a woman founder in the space and building community despite the challenges.———

This week, Stacey Lokey-Day joins the show to talk about her career pivot from stay-at-home mom to cybersecurity analyst!George K & George A talk to Stacey about: How she leveraged a bootcamp experience into a successful career pivot Why she believes in "collecting experiences" early in your career, even the tough ones How her time in the SOC built up her resilience and confidence Finding your voice, and owning who you are in techThe lessons from her story are valuable to anyone, at any stage of their career. Turn it up!————

"Community" is getting bandied about a lot. What does it really mean, for both cybersecurity vendors and practitioners? This week's episode is a roundtable discussion recorded LIVE at Cyber Marketing Con in December 2024! The panel features Dani Woolf, Ben Siegel, Bronwen Hudson, Elliot Volkman, and BKBT's George K. Some key topics covered: Community is not something you can just spend money on. Successful communities are affecting change. You can't expect instant ROI from community building. Be passionate about your community's mission. Listen to your community; they will guide you. Communities are about adding value, not extracting.————

HAPPY NEW YEAR from BKBT! to you and yours! We have big plans...We hope you have a peaceful New Year's, and we're wishing you all the prosperity for 2025!

Happy holidays from BKBT to you and yours! Enjoy the time, and may be it restful, relaxing, and free of critical open-source vulns.

As 2024 comes to close, we revisit some of the most listened to episodes in Season 3 so far! Don Jeter, CMO at Torq talks about breaking through the noise, and how to stand out in a market full of boring B2B copycats Lauren Palmer talks about why Sales is a profession people should be proud of, and how to build teams that don't abuse trust Andrew Owlett, global cybersecurity executive, explores how to tell the story of your career and your skills Michelle Eggers, pentester, talks about how she quickly broke into the industry and found a niche that has her sharing insights on the conference circuit so quickly————

This week we sit down with Cecil Pineda to talk about building real community in cybersecurity, vendor relationships that actually work, and how to avoid being that annoying sales person calling every Monday.George K and George A talk to Cecil about:

Mainframe pentester Michelle Eggers joins us to share her incredible journey into cybersecurity, and specifically her niche in mainframe security.George K and George A talk to Michelle about:

JR Cunningham, CISO at Nuspire, joins the show to talk about why cybersecurity isn't just another IT job - mentally, it's more like being a first responder.George K and George A talk to JR about:

Andrew Owlett joins the show to talk about what actually matters in cybersecurity career development (hint: it's not your GPA)!George K and George A talk to Andrew about: Why "failing" early in his career shaped his approach to leadership The problem with cyber's culture of shame and how to build confidence What cross-functional skills ACTUALLY look like (and how you probably already have them) Truth about work-life balance and corporate "family"Plus we dive into real advice for career transitions, building authentic relationships, and how to craft your story.No buzzwords, no BS - just practical insights from someone who's lived it.————

BONUS! In the last of our interviews recorded live at GoSec 2024 in Montreal, we talk to Andréanne Bergeron, PhD, Director of Research at GoSecure. George K and George A talk to Andréanne about her unconventional foray into cybersecurity and the lessons learned, as an academic, for workforce development and educating the next generation of defenders. She discusses her studies of cybercriminal psychology as a social scientist, and what the implication might be for defense strategies.This episode was produced with the support of GoSecure.

Ofer Klein CEO & Co-founder of Reco AI jumps into the ring to talk about making the leap from e-commerce to cybersecurity, and why having "outsider" experience can be a superpower.George K and George A talk to Ofer about:

Episode 100! And this time, George K and George A are the ones in the hot seat!Guest host, and friend of the pod, Amber DeVilbiss takes the mic to put the Georges on the spot.They take on listener questions about: Tech and industry trends, AI, new risks The deep, dark, and personal Selling and marketing tactics And MORE!Thank you to all the listeners who submitted questions!

This week we step outside cyber to learn how to make sales a profession that sellers can be proud of. Lauren Palmer, VP of North America at Interlink, joins the show!George K and George A talk to Lauren about: Why she believes sales is a "giving profession" What sales leaders can do to equip their teams for success without relying on high pressure tactics What objectives really matter when measuring sales success Her mission to transform the operation and perception of sales

Recorded LIVE: The Bare Knuckles and Brass Tacks closing keynote at SecureWorld Denver!Titled, "Radical Transparency," George K and George A took on the holy trinity in cyber: people, process, and technology. For each part they break down where we need radical transparency to build trust, on both the buying and selling sides of the industry.They also ask something new of the audience...

All year we've been trying to rebrand "soft skills" as essential business skills for any cybersecurity professional. Evgeniy Kharam has literally written the book on it. He sat down with us live at GoSec 2024 to talk about his new book, "Architecting Success: The Art of Soft Skills in Technical Sales."This is a great breakdown of what kinds of communication skills are needed for both buyers and sellers trying to solve security problems. Don't miss it!This episode was produced with the support of GoSecure.

Aaron Pritz of Reveal Risk joins us this week to deepfake George K in real-time video! Also, how to engage the workforce on new and emerging risks

How do you build multiple successful companies? The dynamic duo behind Knight Group, Alissa and Mel Knight, join the show to talk about their relentless entrepreneurial journey.In this episode:

How do you know what's a winning idea? Serial cyber entrepreneur Stuart McClure sat down with us live at GoSec 2024 to record his thoughts on go-to-market strategies.Stuart was the founder of Cylance, the fastest company to record $100M in ARR, and he's the lead author on a book about hacking techniques. In short, he talks the talk and walks the walk.In this episode:

Don Jeter, CMO of Torq joins the show this week to talk about his crusade against boring cyber marketing, and why that means his title is really Chief Menace Officer.In this episode:

September is Suicide Prevention Month. CISO Ben Howard joins the show to share his story for the first time. *Warning: This episode contains discussion of suicide and suicidal ideation.*If you are feeling suicidal, call or text 988 to get help immediately.George K and George A talk to Ben about:

Tabletop exercises, a necessary evil or just a compliance snoozefest? This week, Kailee Miner sits down to talk about how she's revolutionizing cyber threat readiness training to make boring TTXs a thing of the past.In this episode:

Welcome to Season 3! This week we're bringing you the live recording of our talk at SquadCon during Hack Summer Camp a few weeks back. Our talk was called, “Future Proof Your Career with Cyber Threat Intelligence Techniques.” Many thanks again to the Black Girls Hack Foundation and the SquadCon crew for having us, and to Rebekah Skeete for the killer intro!And, we're fast approaching episode 100 of this podcast! We're doing an AMA with a very special guest host. So, what do you wanna ask us? Email your questions to bareknucklespod@gmail.com, with "AMA" in the subject line. If we air your question, you can expect some special swag your way!

Season 3 of Bare Knuckles and Brass Tacks is coming soon!Same human focus in cyber. Same fire.

This week we're featuring a Best Of edition, packed with the gold from episodes past. We were away at Black Hat last week, and we're gearing up for the start of Season 3!This episode features: Dr. Chase Cunningham on Zero Trust Sarah Breathnach on why whitepapers need to go Chas Larios are connecting with practitioners Adrian Wood on the securing the ML development pipeline Mari Galloway on breaking into cyber Reanna Schultz on life in SOC

Why are so many cybersecurity company founders so bad at talking about their own products?! This week we're joined by Elliot Volkman and Doug Landis to talk about how they used storytelling training to transform one company's message to its customers!In this episode:

On the show this week: Reanna Schultz, SOC Team Lead and all-around badass, talks about life in the trenches of cybersecurity operations.George K and George A talk to Reanna about:

Justin Merhoff, Director of InfoSec, and Florian Beijers, a blind web developer, join the show to talk about accessibility in cybersecurity. This week the Americans with Disabilities Act turns 34!George K and George A talk to Justin and Florian about:

What does it really take to break into cyber? Mari Galloway jumps into the ring and brings her 15+ years of experience to bear.George K and George A talk to Mari about:

CEO Carolina Ruiz jumps into the ring to talk about leading cyber consultancy, the value of diverse skill sets, and how she memorized ISO 27001 in a weekend!

Hacker and researcher Adrian Wood (threlfall), an expert red teamer joins the show to talk about using supply chain attack techniques to poison AI models. This is the cutting edge, and most organizations are entirely unprepared.George K and George A talk to Adrian about: