Cyber Security Effectiveness Podcast

If you are here looking for Cyber Security Effectiveness, we invite you to visit the feed of Mandiant's new podcast, The Defender's Advantage Podcast: https://www.buzzsprout.com/1762840 The new show launches this week with the same great content you've come to expect from us and even more.Host Luke McNamara anchors our Threat Trends series, chatting with Mandiant intel analysts, consultants, and researchers, as well as external practitioners and leaders in cyber security, all through a threat-focused lens. And Mandiant's Kerry Matre joins to host monthly conversations with Mandiant customers and industry experts who will share their experiences and stories from the frontline of cyber security as part of our new Frontline Stories series.Stay tuned for our inaugural Threat Trends episode later this week.

Mandiant Regional Account Executive Maggie Wilder sums up customers' viewpoints best – they are being expected to do more with less. While there has never been more awareness around cyber security, the rate of acceleration for threats has been astounding and many are feeling lost. What is an organization to do?

The Behavior Research Team is a group unique to the work on which Mandiant Security Validation prides itself: assuring customers that they are protected. Drew Holland, Manager of Threat Research at Mandiant, joins the conversation to talk about landscape trends, his career in threat research, and why he loves what he does. 

Brian talks with Mandiant Advantage's Janice Kennedy, Director of Channel Management for the Western region, to get her perspective from the partner side of security. They delve into the types of response they are seeing from the channel and how these partners are building upon their skillsets and tools. 

Mandiant Regional Account Executive Toks Jowosimi is one of the few who have witnessed the maturation and evolution of Mandiant Security Validation from the beginning, and has her own unique perspective to share on its transformation. She and Brian talk reactivity vs. proactivity, today's common use cases for security validation, and customer priorities. 

One of the most common security questions that organizations ask is how to better their security posture without exceeding their tight budget -- not an easy task. Brian and Mandiant Sr. Director of Customer Engineering Morris Hicks dig into Mandiant Security Validation's ability to help organizations optimize their existing investments and cut out unnecessary overlap. 

The world of incident response has slowly been moving further from the “ninja-like” appraoch it's been known for. Purple team extraordinaire Evan Peña revisits the podcast to talk about changes to incident response, purple teaming, and the recent shift toward collaboration with other teams to eliminate today's largest threats.

In our 100th episode, Brian brings on longtime friend and colleague Colby DeRodeff to talk about past projects, the surge of threat intelligence, and Mandiant Security Validation's rapid expansion within the market. 

To commemorate the 99th episode, Brian brings on his two co-producers -- Daniel Craig and Katie Billigmeier -- to reminisce about the podcast's beginnings, how it's grown in the past three years, and each of their favorite episodes.

Devon Goforth has been with Mandiant Security Validation (formerly Verodin) since its early startup days in 2015, and had infused his background of electrical engineering, physics, and math with an interest in cyber security. He shares not only how the company and solutions have changed, but also current influences on the threat ecosystem, risks, and hacker trends.

Board members are not only crucial for helping lead a company in the right direction, but nowadays they also offer crucial cyber security guidance. And those with a legal background, like FireEye's Alexa King, provide an even more valuable perspective in the event of a breach and help organizations mitigate risks as an organization evolves.

Having been a board member for technology and cyber security companies since the 90s, Matt Bigge has fine-tuned the art of being an effective board member. He and Brian discuss the evolution of a board member's role as a company changes, adapting interactions with leadership, and some words of wisdom. 

Our focus on board members continues as Kara Nortman, Managing Partner at Upfront Ventures and a board member with several technology and cyber security companies, talks about her key responsibilities as a cloud-native specialist, the importance of nurturing positive relationships, and the growing trend of third-party solutions.

The unknown factor of cyber security risk are keeping more CEOs up at night than ever before, and many of them view it as priority number one in areas of the business to address. Jay Leek brings his perspective as former Blackstone CISO, ClearSky Security co-founder, and board member for a number of cyber security companies, where he communicates today's risk. 

As someone who has worked as a FireEye executive and been on a board member for several publicly traded companies, Julie Cullivan has been able to closely witness the dichotomy between the two. She chats with Brian about how board members can influence real cyber security development.To see the video version of this episode on YouTube, click here.

Former RSA President & CEO Art Coviello revisits the podcast to share his wisdom for CISOs and aspiring board members, and breaks down board interactions in the private and public space. 

Working as a security leader at Kyriba, an international FinTech company, Eric Adams attributes a lot of success to automation – the key to developing and growing a business. He describes this and many more ways to optimize your assets, no matter how big or small.

When it comes down to cyber security in the Federal space, US Army Reserve Colonel Jerry Chappee likens it to working on a car: your first priority should be perfecting the basics. He talks with Brian about the evolution of cyber operations, building a leadership team, and addressing vulnerabilities.

Former NSA Chief Cryptologic Technician, Retired US Navy Chief, and author Chase Cunningham is so fascinated by cyber conflict that it inspired him to create a comic book series. He and Bryan talk about the nation state interaction in cyberspace, APTs, deepfakes, and more.

Nick Andersen's perspective and strategy skills have evolved from his time in the Marine Corps and federal government. Now CISO of Public Sector at Lumen Technologies, he reflects on his experience overseeing cyber security for energy and emergency response, statewide threat intelligence, his day-to-day duties, and more.

Brian chats with Soluble Co-founder and CEO Richard Seiersen, who recently published his second book, The Metrics Manifesto: Confronting Security with Data. They talk security operations, digital transformation, and cybersecurity's growing presence in executive meetings.

Brian speaks with Bill Crowell, who in his career has held Director roles in many organizations including the National Security Agency (NSA), about political ties to critical infrastructure, tension between CIOs and CISOs, and his recent projects.

National Cybersecurity Center CSO and Board Member Mark Weatherford joins Brian to discuss the world of MSSPs, what the CISO's role should be in 2021, and our fast-growing dependence on the supply chain. 

Chief Research Analyst and author Richard Stiennon joins the podcast again to discuss his new book, Security Yearbook 2020, in which he characterizes the modern evolving cyber security vendor and the market today.

Past podcast guest Kathleen Moriarty returns to share about her new book, Transforming Information Security, in which she declares that security currently is too complex. She and Brian discuss other topics explored, including privacy, encryption, automation, and trends.

Brian chats with Steven Edwards, Sr. SOC Manager at Globe Life (formerly Torchmark) about cybersecurity in the insurance and finance industry. Steven covers cloud migration, use cases and mistakes he's learned from, and relaying security strategies to non-technical consumers and members of the board.  

The aviation industry has arguably been the most negatively impacted by the pandemic and has forced sudden changes on the organizations' business models, cyber security operations, and more. United Airlines' VP and CISO Deneen DeFiore talks about how the aviation organizations have adapted, key measurements for effectiveness, and the secret to maintaining a strong security mindset in these uncertain times. 

This packed episode focuses on all things high-level intelligence. Brian speaks with JD Jack, FireEye VP of DoD/IC/Special Programs, on his past experience with aviation and national intelligence and how it has taught him to lead at FireEye. They look at today's intel gaps, the DoD's biggest threats, and discuss tool collaboration.

Widespread digitization has pushed sales-driven car dealerships to build more dedicated security teams. Air Force Space Command veteran Chip Regan and Brian talk about how his military experience has prepared him to become AutoNation's newest CISO, prioritizing critical objectives, communicating with other executives, and data security.

Where compliance obligations and regulations are concerned, the insurance industry can look almost identical to finance. DJ Goldsworthy, Aflac's Director of Security Ops and Threat Management, talks about the pressure to adapt to the changing security landscape, past SIEM experiences, and recent trends.

Auto Club Group CISO Gopal Padinjaruveetil loves to combine his passion for philosophy with cybersecurity and shares a fascinating prediction for IoT devices and the future for humans. He and Brian also discuss the meaning of maturity and cyber readiness, cyber economics, and the three basic types of security metrics.

In the time since Dave Bang appeared in 2018 as our first podcast guest, he's pivoted his career at LyondellBasell from overseeing Information Technology (IT) to managing Operational Technology (OT). He and Brian cover IT vs. OT challenges, vendors' perspectives on secure system environments, and using a streamlined approach to solve enterprise problems.

More organizations are keen to introduce purple teaming to their security practices but in most cases, they are not yet at the level of the business maturity needed to take that next step. Evan Pena, Director of Professional Services at Mandiant (FireEye), describes how his team uses FireEye's premiere threat intelligence to enhance purple teaming efficiency.

Sallie Mae Sr. Director of Cybersecurity Operations Steve Lodin returns to the podcast to share his experiences introducing and maintaining cloud-based SIEM to existing infrastructure. He and Brian discuss the technicalities of transferring a mid-size financial organization to the cloud.

Sandra Joyce, FireEye SVP & Head of Global Intelligence, returns to talk with Brian about recent infamous hacker groups' exploitation of COVID-19, why having more security tools damages your chance of surviving a breach, and gives insight into findings from the Mandiant Validation Security Effectiveness Report.

Brian chats with Dawn-Marie Hutchinson, Security Transformation Executive at global pharmaceutical company GSK, on persistent industry obstacles highlighted even more by the effects of COVID-19, addressing the global skills shortage, and perfecting your security tech stack.

Major General Earl Matthews, USAF (Ret) joins Brian on the Cybersecurity Effectiveness Podcast to discuss the latest hot topics in validation. They cover security for this year's upcoming election and dive into the data recorded in Mandiant Validation's 2020 Security Effectiveness Report, including that which inhibits organizations from garnering the most value from their existing products.   Visit https://www.verodin.com/podcasts/mandiant-security-effectiveness-report-takeaways-and-predictions to watch the full video.

Privacy affects all industries beyond just the obvious legal implications, and even after 20 years security vendors don't spend enough time strengthening all factors involved. Rebecca Herold, CEO of The Privacy Professor discusses security and privacy mistakes that still pop up today, and how the education industry plays a part in data distribution.

For a computer science undergrad looking to start a cybersecurity career, good experience depends on a healthy balance between academia and extracurriculars. University of Tennessee student Julianne Cox tells Brian how she has developed her skills inside and outside of the classroom, and looks forward to increasing diversity as the next president of her school's Women in Cyber Security (WiCS) chapter.

Although we tend to portray cybersecurity as black-and-white, good vs. bad, digital forensics and incident response investigations have revealed that it's much more complicated. Brian chats with Cindy Murphy, President & Founder of Tetra Defense (formerly Gillware Digital Forensics), about her start in law enforcement, reacting to ransomware attackers, and the mindset of a business leader.

Security and compliance misinformation runs rampant – especially with thousands of products joining the market each year. How does a service provider cut through all that noise? Choice CyberSecurity co-founder and COO Alex Rutkovitz breaks down compliance misconceptions, separating value from product, risk assessment, and more.

Consumers may install the latest security feature on their device but perhaps the most important question is, do they know how to use it? Kyla Guru, high school senior and CEO & founder of Bits N' Bytes Cybersecurity, deems user education a crucial aspect of security that is often overlooked in favor of the technology itself and shares how she built her own organization to empower tech users in their everyday lives.

Despite being only a couple of years old, the City of New York's cybersecurity program has quickly risen to become a model of success for cities all over the globe. Quiessence Phillips, the city's Deputy CISO and Head of Threat Management, has spent her last few years there fortifying its SOC team. She and Brian talk “true ops” philosophy, playbook automation, and other secrets to success. 

Generation Z kids have the benefit of growing up in a super-connected world with so much more available to them than other generations, but this can inhibit creativity and imagination down the road. Brian sits down with Paraben Corporation President & CEO Amber Schroader, to talk about the young new hires to digital forensics, cybercrimes in the cloud, and how her past culinary experience prepared her for her line of work.

Perspectives on what's essential to developing your skills in cyber vary depending on who you ask. Some say it depends on certifications, others say experience is the key. Mari Galloway, CEO of Women's Society of Cyberjutsu and Sr. Security Architect, discusses her motivations, recommended approach to education and certifications, and what she looks forward to in the rest of 2020. 

In order to stand out as a brilliant startup in a sea of cybersecurity vendors, a few things should always be top-of-mind: a strong investor-entrepreneur relationship, awareness of other vendors, and a thorough understanding of the landscape. Roselle Safran, who is a founder & CEO of a stealth-mode startup herself, speaks to her experience with building a strong startup and offers advice for others seeking the same.

Security and e-discovery often work together closely but the key differences are subtle, with the latter being more focused on preserving evidence. Mary Mack, CEO of EDRM, elaborates on the work of those professionals, shares mistakes she's seen and lessons learned, as well as organizations' changing perspectives on data in the cloud.

To address the global cyber talent shortage, we must expand our outreach efforts to offer education to women and girls in third-world countries. Eileen Brewer travels to remote parts of the world equipped with a suitcase full of motherboards to teach computer workshops and inspire future engineers. She describes how listeners can get involved in similar programs and make a difference in helping to diversify the industry.

The lack of diversity in cybersecurity and technology in general is no secret, but it wasn't always that way. Soviet-Era Russia and other eastern countries have seen more equality in certain industries, and that was a difference that guest Elena Elkina certainly noticed in her transition to American life. As Sr. Privacy & Data Protection Management Executive for Aleada Consulting, she discusses gender roles, seeking challenges, and starting her nonprofit and consulting startup.

There's a reason why people get distracted by new tech or security solutions: what if it's the silver bullet that solves everything with minimal effort? Unfortunately, that is seldom the case. Brian chats with Becky Pinkard, CISO of Aldermore Bank, PLC, about caution with buzzwords, sharing threat intelligence, and what lies ahead for security. 

The number of company data breaches that make headlines on an almost daily basis will continue to skyrocket without signs of stopping if organizations neglect to take proper precautions to protect their assets. Dr. Chanel Suggs, known also as The Duchess of Cybersecurity, shares details of some of the latest shocking public breaches and how she stays on top of trends to help clients be better prepared and well-informed.