There is “no one way” to start and stay in the field of cyber security. Whether you are involved from the military, law enforcement, consulting, or IT services, it doesn’t matter. I have had countless discussions for years with other professionals online, at conferences, or over drinks, which have c…
Douglas A. Brush | Weekly Interviews w/ InfoSec Pros
cyber security, cybersecurity, infosec, security podcast, pros, professionals, field, leaders, industry, experts, fascinating, useful, great content, interviews, questions, must listen, subscribe, highly recommend, guests, insight.
Listeners of Cyber Security Interviews that love the show mention:This is the 5th part of the podcast's return after a brief hiatus. Daniel Ayala continues his interview of me. In this fifth part, we will discuss the start-up resources we provided in our Hang Out A Shingle presentation, what I am doing with Accel Consulting, selling to CISOs, tips to avoid when presenting cyber services, the selling to CISOs Master Class we are developing, and so much more!
This is the 4th part of the podcast's return after a brief hiatus. Daniel Ayala continues his interview of me. In this fourth part, we will discuss my first forensic litigation case, the importance of data governance, the myth of cyber, why I am tired of cybersecurity conferences, and so much more!
This is the 3rd part of the podcast's return after a brief hiatus. Daniel Ayala continues his interview of me. In this third part, we will discuss what I am doing as a Special Master and Court Appointed Neutral, the reasons I think there will be a continued convergence of legal, cybersecurity, and data privacy, why I decided to start another consulting firm, data valuation, and so much more!
This is the 2nd part of the return of the podcast after a brief hiatus.Daniel Ayala continues his interview of me. In this second part, we will discuss how I got started in the industry, defining moments of my career, my first computer, early entrepreneurship, characteristics I look for in professionals, the toxic cybersecurity gatekeeping, and so much more!
After a hiatus, the Cyber Security Interviews podcast is back!A lot has happened in my life over the past 18 months. I have endured death, despair, divorce, and car theft, to name a few traumatic events that made me take a break from several endeavors.However, it has allowed me to reprioritize many things to understand where I am now and where I want to go.This is the first of several episodes where Daniel Ayala interviews me. In this first part, we will cover mental resiliency, the importance of taking time off, how to be your best, and so much more!
https://www.linkedin.com/in/leeann-nicolo/ (Leeann Nicolo) is the Incident Response lead at https://www.coalitioninc.com/ (The Coalition) and specializes in digital forensics and cyber investigations. She has conducted investigations into ransomware, phishing, hacking, data breaches, trade secret theft, and employee malfeasance. Leeann has investigated thousands of digital devices and has extensive subject matter expertise in Windows enterprise forensics, mobile device forensics, business email compromise, cloud security, and ransomware. Prior to joining Coalition, Leeann worked at https://kivuconsulting.com/ (Kivu Consulting) in Denver and https://www.kraftkennedy.com/ (Kraft Kennedy) in New York City overseeing complex cyber investigations and discovery matters for law firms and large multinational corporate clients. She conducted her undergraduate studies at the University of Albany in Information Systems, then achieved my https://www.pace.edu/program/cybersecurity-ms (Masters of Science in Cybersecurity at Pace University). She is also a https://www.sans.org/digital-forensics-incident-response/coin-holders/ (SANS Lethal Forensicator Coin Holder) and on the GIAC Advisory Board. In this episode, we discuss her start in information technology, how she made the move to cybersecurity, the discrimination she has faced in the industry, becoming a manager, strong women role models, mentoring others, and so much more. Where you can find Leeann: https://www.linkedin.com/in/leeann-nicolo/ (LinkedIn) https://www.coalitioninc.com/ (The Coalition) https://www.wsj.com/articles/how-to-haggle-with-your-hacker-11566811806 (Wall Street Journal)
https://www.linkedin.com/in/shannonbrazil/ (Shannon Brazil )is a Senior Cyber Security Specialist working within a CIRT of a Canadian Fortune 500. She has been in IT for over 12 years, with the last three years in Cybercrime investigations with law enforcement and recently moving into the private sector to focus on Digital Forensic analysis and investigations and Incident Response. As a hobby, Shannon dives into OSINT CTFs, helps promote young women to enter the STEM industry through Technovation - an innovative program for young entrepreneurs, and offers mentorship to those looking to venture into Cyber Security. She is also a course designer and developer with her local college that aims to arm the new generations with tactics, techniques, and knowledge in becoming experts in Digital Forensics and Investigations. In this episode, we discuss starting as a chef, skills learned from culinary arts, moving from IT to investigations, burnout and self-care, mentors she follows, why she mentors others, diversity and inclusion, and so much more. Where you can find Shannon: https://www.linkedin.com/in/shannonbrazil/ (LinkedIn) https://twitter.com/4n6lady (Twitter) Website
https://www.linkedin.com/in/wright-hamor/ (Cimone Wright-Hamor) works at https://www.pnnl.gov/cybersecurity (Pacific Northwest National Laboratory) (PNNL) as a cybersecurity researcher while pursuing a Ph.D. in Computer Engineering at Iowa State University. She has spent the last decade of her life interning at a variety of organizations. She has had ten internships at more than six different organizations, including public and private industries ranging from Fortune 500 companies like https://www.microsoft.com/ (Microsoft) to successful startups such as https://www.smartagllc.com/ (Smart-Ag), state government, and national laboratories. Cimone has spent the last five years of her career working in the cybersecurity field. While completing research, she has helped protect the infrastructure for the State of Iowa and ensured that startup companies are developing software with security in mind. In this episode, we discuss getting started in information security due to responding to an incident, an early upbringing which prepared her for cybersecurity, bridging theory to engineering, teaming with dev and security teams, the importance of project updates, increasing diversity in the industry, and so much more. Where you can find Cimone: https://www.linkedin.com/in/wright-hamor/ (LinkedIn) https://blackcomputeher.org/ (blackcomputeHER) https://www.pnnl.gov/science/staff/staff_info.asp?staff_num=10129 (PNNL)
https://www.linkedin.com/in/je-waters/ (Jenna Waters )is a Cybersecurity Consultant at https://truedigitalsecurity.com/blog (True Digital Security) where she specializes in information security program development, industry compliance assessments, threat intelligence, and cloud security controls. She is an experienced professional who consults with companies across multiple industries in achieving security-related best practices and/or regulatory compliance objectives related to risk management and compliance frameworks, and various privacy laws throughout the United States. Jenna began her career in the United States Navy working under the https://www.fcc.navy.mil/ (U.S. Fleet Cyber Command at the Naval Intelligence Operations Center (NIOC)) and with the National Security Agency (NSA). Afterward, she graduated from the https://business.utulsa.edu/accounting-cis/computer-information-systems/ (University of Tulsa )with a degree in Computer Information Systems. Jenna is passionate about sharing her knowledge of cybersecurity with business owners, public policy leaders, and healthcare, financial, and tech industry members. When she isn't busy helping her clients protect their customers' data, Jenna is a voracious reader, aspiring hobbyist, and dog mom of two. In this episode, we discuss starting cybersecurity with the U.S. Navy, tying spoken languages to coding languages, leading and managing people, building an information security program, getting leadership buy-in, using frameworks for resiliency, diversity and inclusion, and so much more. Where you can find Jenna: https://www.linkedin.com/in/je-waters/ (LinkedIn) https://twitter.com/truedigitalsec (Twitter) https://truedigitalsecurity.com/blog (Blog)
https://www.linkedin.com/in/nato-riley/ (Nato Riley) is an Integrations Engineer at https://www.blumira.com/ (Blumira) and the Co-founder of https://cloudunderground.dev/ (Cloud Underground). Nato provides infrastructure, code, and security across all his efforts and is focused on helping Blumira build the most effective and efficient SIEM on the market for small to mid-sized businesses. He is the host of the “Nato as Code” and the "https://www.youtube.com/channel/UCnKbJ2vW3QYcLot2D1xeJmA (Cloud Underground)" productions on YouTube, the creator and maintainer of the Olympiad platform, and the founder of https://notiapoint.com/ (notiaPoint) (now known as https://cloudunderground.dev/ (Cloud Underground)). In this episode, we discuss starting in technology repairing computers, going to school for public speaking, finding passion in information security, trying too hard to pass certification tests, going out on his own, mentorships, burnout, diversity, and so much more. Where you can find Nato: https://www.linkedin.com/in/nato-riley/ (LinkedIn) https://twitter.com/NateRiles (Twitter) https://www.youtube.com/c/natoascode (Nato as Code - YouTube) https://www.youtube.com/channel/UCnKbJ2vW3QYcLot2D1xeJmA (Cloud Undeground - YouTube)
https://www.linkedin.com/in/sara-avery-6aa1587/ (Sara Avery) is a Regional Sales Manager at https://www.zscaler.com/ (Zscaler). She has held various positions over the past 20 years in the Information Technology field and discovered her passion for information security 15 years ago. Her career has largely been spent in sales and account management with a laser focus on my customer's success. Sara's tenured experience in cybersecurity has given her a strong understanding of the complex technology and intelligence required to keep enterprises secure. From a young age, she was raised to be a strong female and leader. Her mother, along with other trailblazing women, campaigned to start the Equal Rights Amendment in Colorado in the early 1970s. With a passion for helping others, Sara wanted to start a group that would help, mentor, learn and guide women and founded https://www.denverissa.org/women-in-security (Women in Cyber Security, ISSA Denver). Her vision was to find a way to inspire and support women in all areas of information security, as well as develop and mentor the younger female generation for the future of the dynamic and ever-changing world of information security. In this episode, we discuss her early start with Y2K, why she helped start Women In Security with the Denver ISSA chapter, the evolution of communications with workstyles, getting young girls into STEM, how she is championing equality at work, dealing with gaslighting, mansplaining, and microaggressions, removing the stigma of "the hacker," and so much more! Where you can find Sara: https://www.linkedin.com/in/sara-avery-6aa1587/ (LinkedIn) https://www.denverissa.org/women-in-security (Women In Security - ISSA Denver)
https://www.linkedin.com/in/jenniferbrownconsulting/ (Jennifer Brown) is an award-winning entrepreneur, https://jenniferbrownspeaks.com/ (speaker), diversity and inclusion consultant, and author. As the successful founder, president, and https://jenniferbrownconsulting.com/inclusion-the-book/ (CEO of Jennifer Brown Consulting), headquartered in New York City, Jennifer is responsible for designing workplace strategies that have been implemented by some of the biggest companies and nonprofits in the world. She has harnessed more than 14 years of experience as a world-renowned diversity and inclusion expert through consulting work, keynoting, and thought leadership. Jennifer has spoken at many top conferences and events such as the International Diversity Forum, the Global D&I Summit, the Forum for Workplace Inclusion, the NGLCC International Business & Leadership Conference, the Out & Equal Workplace Summit, Emerging Women, as well as at organizations such as the Bill and Melinda Gates Foundation, the NBA, Google, IBM, and more. She is the bestselling author of; https://www.amazon.com/Inclusion-Diversity-Workplace-Will-Change/dp/1946384100 (Inclusion: Diversity, The New Workplace and The Will to Change) and a new book; https://www.amazon.com/How-Be-Inclusive-Leader-Belonging/dp/1523085177/ (How To Be An Inclusive Leader: Your Role in Creating Cultures of Belonging Where Everyone Can Thrive). Jennifer is the host of the popular weekly podcast, https://podcasts.apple.com/us/podcast/will-to-change-uncovering-true-stories-diversity-inclusion/id1208603357 (The Will to Change), which uncovers true stories of diversity and inclusion. In this episode, we discuss being an ally to underrepresented groups, biases in the workplace, how the COVID crisis has shed a light on diversity, how leadership needs to change the culture, removing harmful processes, finding diverse mentors, the risks to business by not embracing diversity, and so much more. Where to find Jennifer: https://www.linkedin.com/in/jenniferbrownconsulting/ (LinkedIn) https://twitter.com/jenniferbrown (Twitter) https://www.amazon.com/Inclusion-Diversity-Workplace-Will-Change/dp/1946384100 (Amazon) https://jenniferbrownconsulting.lpages.co/community-calls/ (Blog and Website)
https://www.linkedin.com/in/alyssam-infosec/ (Alyssa Miller) leads the security strategy for https://www.spglobal.com/ratings/en/ (S&P Global Ratings) as Business Information Security Officer (BISO), connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust. A native of Milwaukee, Alyssa began her IT career as a programmer for a Wisconsin-based financial software provider. Her security passion quickly shaped her career as she moved into a leadership role within the ethical hacking team, conducting penetration testing and application assessments along with her team. As a hacker, Alyssa has a passion for security that she evangelizes to business leaders and industry audiences through her work as a cybersecurity professional and through her various public speaking engagements. When not engaged in security research and advocacy, she is also an accomplished soccer referee, guitarist, and photographer. In this episode, we discuss why she misses conferences, starting with computers at an early age, diversity, equity, and inclusion, the discrimination she has faced, the lack of understanding of privilege, discriminatory hiring practices, how to be an ally, and so much more! Where you can find Alyssa: https://www.linkedin.com/in/alyssam-infosec/ (LinkedIn) https://twitter.com/AlyssaM_InfoSec (Twitter) https://alyssasec.com/ (Alyssa In-Security) https://www.thinkers360.com/tl/AlyssaMiller (Thinkers360)
https://www.linkedin.com/in/chloemessdaghi/ (Chloé Messdaghi) is the Chief Strategist at https://ittakesahuman.com/ (Point3 Security). In addition to her passion for keeping people safe and empowered both on and offline, she is also interested in increasing the numbers of marginalized genders in information security. She is the Co-Founder of https://www.womenofsecurity.com/ (Women of Security (WoSEC)) and https://www.hackingisnotacrime.org/ (Hacking is NOT a Crime) and the Founder of https://www.wearehackerz.org/ (WeAreHackerz (WomenHackerz)). Chloé is a keynote speaker at major information security conferences and events and serves as a trusted source for national and sector reporters and editors. She holds a master of science (MS) from the University of Edinburgh, and a BA in international relations from the University of California, Davis, as well as a certificate in entrepreneurship from Wharton and other professional certificates. In this episode, we discuss the adjustment to conferences from home, feeling unwelcome in cybersecurity as a woman, pivotal moments that kept her in security, making real changes in diversity, equity, and inclusion, how biases develop, removing the bro-culture in management, changing the perceptions of hackers, and so much more! Where you can find Chloé: https://www.linkedin.com/in/chloemessdaghi/ (LinkedIn) https://twitter.com/ChloeMessdaghi (Twitter) https://www.chloemessdaghi.com/ (Personal Page)
https://www.linkedin.com/in/julianwaits/ (Julian Waits) is the general manager of cybersecurity at https://www.devo.com/ (Devo Technology). He has over 30 years of experience in senior leadership roles at technology companies, specializing in security, risk, and threat detection. He serves on several industry boards, including the http://www.icmcponline.com/ (International Consortium of Minority Cybersecurity Professionals (ICMCP)) and https://www.nist.gov/itl/applied-cybersecurity/nice (National Cybersecurity STEM Education (NICE)), promoting the development of the next generation of cybersecurity professionals. In this episode, we discuss missing travel, working more in COVID-19, recruiting from non-traditional places, diversity, equity, and inclusion, his start in music before technology, changing people's understanding of differences, removing unconscious biases, his mentors, why language matters, and so much more! Where you can find Julian: https://www.linkedin.com/in/julianwaits/ (LinkedIn) https://twitter.com/julianwaits (Twitter)
This is the last episode in the five-part series on mental health, self-care, and neurodiversity. This will not be the last time I speak about these issues on the podcast. I encourage everyone to take these issues seriously and help remove stigmas and champion differences in the way our brains work. Cybersecurity professionals spend most of their day focused on the health and wellbeing of the environments in their care. However, the cost of reducing risk and keeping our networks safe often comes at the price of our professionals' mental health. Many InfoSec professionals burn out, suffer from anxiety and depression, and turn to unhealthy coping mechanisms, which further exacerbate underlying psychological and physical health issues. This is an abridged version of one of my public presentations on mental health. My goal is to alleviate the stigma around mental health and stress the importance of open and frank dialogs about this serious issue impacting our community. I will share my journey, reverse engineer the stigma of mental health in business, and look at ways we can hack mental health in productive and meaningful ways. Episode Disclaimer: This podcast's information is not intended or implied as a substitute for professional medical advice, diagnosis, or treatment. We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.
https://www.linkedin.com/in/dakacki/ (Danny Akacki) is just a storyteller perpetually looking for a stage. He loves nothing more than attending conferences, giving talks, writing blogs, and finding new ways to reach as many people as he can to educate about cybersecurity. For him, there is no greater satisfaction than community building. Danny has been fortunate enough to spend his career in Defense, learning from some of the best in the business, including teams at Mandiant, GE capital & most recently as a Technology Advocate with Splunk. He loves what he does and the people he gets to do it with. In this episode, we discuss his mental health journey, adjusting to a new role during COVID-19, finding outlets for stress release, if mental health issues are worse in cybersecurity, neurodiversity, PTSD, and so much more. Where you can find Danny: LinkedIn https://twitter.com/DAkacki (Twitter) https://www.youtube.com/SecondOrderChaos (YouTube) https://www.twitch.tv/2OCStream (Twitch)
https://twitter.com/ryanlouie (Ryan K. Louie), MD, Ph.D. is a board-certified psychiatrist focusing on the mental health impact of cybersecurity, and the psychiatry of entrepreneurship. Ryan received his MD and Ph.D. degrees from the Stanford University School of Medicine and completed residency training in psychiatry at the University of Hawaii Department of Psychiatry. Ryan completed an internship with the Office of International Health and Biodefense at the US Department of State and was the recipient of a Fulbright Fellowship to Japan. Ryan has published academic articles in psychiatry and cell biology and is the inventor of the patented microtubule lumen-cast nanowire technology. In this episode, we discuss the stigmas of mental health, coping skills, the economic costs for not addressing mental health, neurodiversity, handling COVID-19 stress, removing job pressures in information security, and so much more! Where you can find Ryan: https://twitter.com/ryanlouie https://twitter.com/ryanlouie (LinkedIn) https://twitter.com/ryanlouie (Twitter) Episode Disclaimer: This podcast's information is not intended or implied as a substitute for professional medical advice, diagnosis, or treatment. We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.
https://www.linkedin.com/in/amandaberlin/ (Amanda Berlin) is the Lead Incident Detection Engineer for https://www.blumira.com/ (Blumira) and the CEO and owner of the nonprofit corporation https://www.mentalhealthhackers.org/ (Mental Health Hackers). She is the author of a Blue Team best practices book called "https://www.amazon.com/Defensive-Security-Handbook-Practices-Infrastructure/dp/1491960388 (Defensive Security Handbook: Best Practices for Securing Infrastructure)” with Lee Brotherston through O'Reilly Media. She is a co-host on the https://www.brakeingsecurity.com (Brakeing Down Security podcast) and writes for several blogs. Amanda is an avid volunteer and mental health advocate. She has presented at a large number of conventions, meetings, and industry events such as DerbyCon, O’Reilly Security, GrrCon, and DEFCON. In this episode, we discuss her start in help desk, speaking amount mental health, depression and anxiety, men's reluctance to report health issues, neurodiversity, how organizations can encourage self-care, using medication, the Mental Health Hackers organization, and so much more. Where you can find Amanda: https://www.linkedin.com/in/amandaberlin/ (LinkedIn) https://www.mentalhealthhackers.org/ (Mental Health Hackers) https://www.brakeingsecurity.com/ (Brakeing Down Security Podcast) Episode Disclaimer: This podcast's information is not intended or implied as a substitute for professional medical advice, diagnosis, or treatment. We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.
Bill Hudenko, Ph.D. has significant experience in the fields of both mental health and technology. Dr. Hudenko is a licensed psychologist, a researcher, and a professor who holds a joint appointment as a faculty member at https://pbs.dartmouth.edu/people/william-j-hudenko (Dartmouth's Department of Psychological and Brain Sciences) and https://geiselmed.dartmouth.edu/faculty/facultydb/view.php/?uid=4648 (Dartmouth’s Geisel School of Medicine). His research focuses on the use of technology to improve mental health delivery and patient outcomes. Dr. Hudenko is also an experienced software engineer and former database administrator for the National Center for Post-Traumatic Stress Disorder. Dr. Hudenko is currently the CEO of https://trusst.app/ (Trusst Health Inc.), a company devoted to providing high quality, affordable remote psychotherapy via messaging. In this episode, we discuss his background in brain and computer sciences, the intersection of technology and mental health, our brains' development, neurodiversity, mental health stigma, decision making, and so much more! Where you can find Bill: LinkedIn https://pbs.dartmouth.edu/people/william-j-hudenko (Dartmouth's Department of Psychological and Brain Sciences) https://geiselmed.dartmouth.edu/faculty/facultydb/view.php/?uid=4648 (Dartmouth’s Geisel School of Medicine) Episode Disclaimer: This podcast's information is not intended or implied to be a substitute for professional medical advice, diagnosis, or treatment. We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.
https://www.linkedin.com/in/danielewood/ (Daniel Wood )is the Associate Vice President of Consulting at https://www.bishopfox.com/ (Bishop Fox), where he leads all service lines, develops strategic initiatives, and has established the Applied Research and Development program. Daniel has over 15 years of experience in cybersecurity and is a subject matter expert in red teaming, insider threat, and counterintelligence. Daniel was previously the manager of security engineering and technology at Bridgewater Associates, where he shaped the strategic direction of technology for the firm and oversaw technical security assessments of Bridgewater’s international office expansions. Daniel has also served in roles supporting the U.S. government in security architecture, engineering, and offensive operations as a Security Engineer and Red Team Leader. He supported the U.S. Special Operations Command (USSOCOM) on red teaming and digital warfare operations, and the U.S. Army on the Wargaming Cyber Effects on Soldiers’ Decision-Making project. In this episode, we discuss adapting to COVID-19, focusing on red teaming, cloud security architecture, responsible vulnerability disclosure, ICS security, compliance versus security, his work with the US military and cybersecurity, diversity in information security, and so much more! Where you can find Daniel: https://www.linkedin.com/in/danielewood/ (LinkedIn) https://labs.bishopfox.com/industry-blog (Bishop Fox Blog)
https://www.linkedin.com/in/jassoncasey/ (Jasson Casey) is the CTO of Beyond Identity, a passwordless identity management provider. He also serves as a Fellow in CyberSecurity with the https://www.csis.org/ (Center for Strategic and International Studies) (CSIS) and the https://nationalsecurity.gmu.edu/ (National Security Institute )(NSI). Previously, Jasson was CTO of https://securityscorecard.com/ (SecurityScorecard), VP of Engineering at https://www.ironnet.com/ (IronNet Cybersecurity), Founder and Executive Director of http://flowgrammable.org/ (Flowgrammable) and Compiled Networks, and served in other technical and executive roles. Jasson received a bachelor’s degree in computer engineering from The University of Texas at Austin and a Ph.D. in computer engineering from Texas A&M University. In this episode, we discuss adjusting to COVID-19, his start in VoIP, third party security management, security without passwords, why you are a target, the role of a CTO, using the right language in security, start-up hiring, and so much more! Where you can find Jasson: https://www.linkedin.com/in/jassoncasey/ (LinkedIn) https://twitter.com/jassoncasey (Twitter) https://www.beyondidentity.com/blog (Blog)
https://www.linkedin.com/in/johnhammond010/ (John Hammond) is a Security Researcher at https://huntresslabs.com/ (Huntress) as well as a cybersecurity instructor, developer, red teamer, and CTF enthusiast. John is a former https://www.dcita.edu/ (Department of Defense Cyber Training Academy) curriculum developer and teacher for the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages and the adversarial mindset. He personally developed training material and infosec challenges for events such as PicoCTF and the "Capture the Packet" competition at https://www.defcon.org (DEFCON) US. John speaks at security conferences such as http://www.bsidesnova.org/ (BsidesNoVA), to students at colleges such as the University of North Carolina Greensboro, and other events like the https://holidayhackchallenge.com/ (SANS Holiday Hack Challenge/)KringleCon. He is an online https://www.youtube.com/johnhammond010 (YouTube personality) showcasing programming tutorials, cybersecurity guides, and CTF video walkthroughs. In this episode, we discuss how he started in pen-testing, contributing to the community, pen-testing vs purple teaming, setting the rules for engagement, solving the same problems, diversity and inclusion, and so much more. Where you can find John: https://www.linkedin.com/in/johnhammond010/ (LinkedIn) https://twitter.com/_johnhammond (Twitter) https://www.youtube.com/johnhammond010 (YouTube) https://github.com/JohnHammond (GitHub)
https://www.linkedin.com/in/david-wong-53170a4/ (David Wong) is a security engineer working on the https://libra.org/en-US/ (libra Blockchain) at Facebook. He is an active contributor to internet standards like Transport Layer Security and to the applied cryptography research community. David is a recognized authority in the field of applied cryptography; he’s spoken at large security conferences like Black Hat and https://def.camp/speaker/david-wong/ (DEF CON) and has delivered cryptography training sessions in the industry. He is the author of the soon-to-be-published https://www.manning.com/books/real-world-cryptography (Real-World Cryptography book). In this episode, we discuss why he focused on cryptography, the evolution of blockchain, his contributions to TLS, the Noise Protocol Framework, quantum computing, why he wrote a book on crypto, presenting and teaching cryptography, sanitizing data, and so much more! Where you can find David: https://www.linkedin.com/in/david-wong-53170a4/ (LinkedIn) https://twitter.com/cryptodavidw (Twitter) https://www.manning.com/books/real-world-cryptography (Real-Word Cryptography) https://www.cryptologie.net/ (Cryptologie.net) https://noiseprotocol.org/ (Noiseprotocol.org)
https://www.linkedin.com/in/jeff-hussey-a6628a7/ (Jeff Hussey) is the President and CEO of https://tempered.io/ (Tempered). Jeff, the founder of https://www.f5.com/ (F5 Networks), is an accomplished entrepreneur with a proven track record in the networking and security markets. He maintains several board positions across a variety of technology, nonprofit and philanthropic organizations and currently is the chairman of the board for Carena and chairman and co-owner of https://www.ecofiltro.com/ (Ecofiltro) and https://www.puravidacreategood.com/ (PuraVidaCreateGood). Jeff also serves on the board for Webaroo and the Seattle Symphony. He was the chairman of the board for Lockdown Networks, which was sold to McAfee in 2008. Hussey received a BA in Finance from SPU and an MBA from the University of Washington. In this episode, we discuss adjusting to a remote workforce with a start-up, founding F5 Networks, developing a userbase community, tips for information security product success, IoT and OT cybersecurity, the https://www.security7.net/news/what-is-host-identity-protocol-hip (Host Identity Protocol), healthcare security, prioritizing efforts as a founder, what gets him out of the bed in the morning, and so much more! Where you can find Jeff: https://www.linkedin.com/in/jeff-hussey-a6628a7/ (LinkedIn) https://tempered.io/company/#press-room (Tempered)
John Ford is the Cybersecurity Strategist at https://www.ironnet.com/ (IronNet) and is an information security veteran with over twenty years in a wide variety of roles. Prior to IronNet, John was CISO for ConnectWise, the global leader in providing software solutions for Managed Services Providers. In this role, he was accountable for customer-facing security activities, product security, and served as an advisor to the CEO and leadership team. Before joining IronNet, John founded Sienna Group, a firm dedicated to providing data protection solutions to enterprise organizations, and has held executive roles in the healthcare industry. In this episode, we discuss healthcare security, compliance versus security, HIPAA regulation and privacy, intellectual property protection, real-time information sharing, ransomware in hospitals, recommendations for new CISOs, and so much more! Where you can find John: https://www.linkedin.com/in/john-ford-ciso/ (LinkedIn) https://www.ironnet.com/blog (IronNet Blog)
https://www.linkedin.com/in/bshoffman/ (Brandon Hoffman) is the CISO & Head of Security Strategy at https://netenrich.com/blog/ (Netenrich). Brandon is an admired security executive responsible for Netenrich’s technical sales and security strategy for both the company and its customers. Most recently, he oversaw solution architecture for https://public.intel471.com/ (Intel 471)’s dark web threat intelligence business. As former CTO at https://www.firemon.com/products/lumeta/ (Lumeta Corporation) and https://www.redseal.net/ (RedSeal Networks), Brandon led technical and field development in network security, vulnerability, and risk. He’s also held key practitioner roles focused in security architecture, penetration testing, networking, and data center operations. Brandon holds an MS degree from Northwestern University and a BS degree from the University of Illinois at Chicago. In this episode, we discuss adapting to COVID, accidentally getting into security, designing the intelligent SOC, a risk-based approach to information security, measuring cybersecurity outcomes, cyber insurance, risk management frameworks, and so much more! Where you can find Brandon: https://www.linkedin.com/in/bshoffman/ (LinkedIn) https://twitter.com/brandonshoffman (Twitter) https://netenrich.com/blog/ (Netenrich Blog)
This is a special episode where we celebrate the 100th episode of the Cyber Security Interviews podcast! In this episode, I have the mic turned back on me by a past guest, great friend, and an amazing asset to the community, https://cybersecurityinterviews.com/episodes/078-nadean-tanner-boil-it-down/ (Nadean Tanner). She crowdsourced some questions, but head plenty of her own as well as we did this Ask Me Anything special episode. Douglas Brush is an information security executive with over 26 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, Douglas has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues. He also serves as a federally court-appointed Special Master and neutral expert in high profile litigation matters involving privacy, security, and eDiscovery. Currently, he is at Splunk where he works with Fortune 500 organizations to improve their security operations and reduce business risk from cyber-attacks. He is also the founder and host of https://cybersecurityinterviews.com/ (Cyber Security Interviews), a popular information security podcast. In this episode, we discuss why I started the podcast, impostor syndrome, guests I would like to have on the show, my focus on mental health and diversity, important soft skills, talents versus skills, what's in my fridge, and so much more!
Gusto (https://gusto.com/), where he leads information and physical security strategies including consumer protection, compliance, governance, and risk. Before Gusto, Lee spent more than 15 years leading global information security and privacy efforts at large financial services companies and technology startups, most recently as Square's Head of Information Security. He previously held senior security and privacy roles at Bank of America, NetSuite, and Twilio. Lee was born and raised in Mississippi and holds a bachelor's degree in computer engineering from the University of Oklahoma. In this episode, we discuss COVID response, three-dimensional communications, security as an enabler, integrating security and engineering teams, the information security skills shortage, diversity and inclusion in cybersecurity, his early mentors, and so much more. Where you can find Flee: LinkedIn (https://www.linkedin.com/in/fredrickdlee/) Twitter (https://twitter.com/fredrickl)
Andrea Roberson (https://www.linkedin.com/in/andrearoberson/) is a product manager at Centrify Corporation, where she directs the product roadmap for Centrify Privileged Access Service. She was previously a technical support engineer at the company for almost two years and has held several engineering and support roles during her career including at Google and Apple. She has a Bachelor of Science degree in Computer Science from Spelman College, where she was a member of the SpelBots (https://exhibits.stanford.edu/news-service/catalog/ky830df0026). In this episode, we discuss working with product teams remotely, moving from IT to information security, securing remote access, diversity and inclusion in cybersecurity, mentoring others, self-care and mental health, new threats due to COVID, and so much more. Where you can find Andrea: LinkedIn (https://www.linkedin.com/in/andrearoberson/) Centrify Blog (https://www.centrify.com/blog/author/andrea-roberson/)
Rumble Network Discovery (https://www.rumble.run/); a platform designed to make asset inventory quick and easy by combining active scanning with innovative research. Prior to starting Rumble, HD was best known as the founder of the Metasploit Project (https://www.metasploit.com/), the foremost open-source exploit development framework, and continues to be a prolific researcher and occasional speaker at security events. In this episode, we discuss starting with BBSs back in the day, starting the Metasploit project, project Sonar (https://www.rapid7.com/research/project-sonar/), his development of Rumble Networks, securing home networks, fingerprinting networks, jump boxes in IoT networks, and so much more. Where you can find HD: LinkedIn (https://www.linkedin.com/in/hdmoore/) Twitter (https://twitter.com/hdmoore) Blog (https://hdm.io/)
Spirion (https://www.spirion.com/)—a leader in rapid identification and protection of sensitive data—he’s channeling that passion to make the digital world a safer place. Wielding a unique mix of technical vision, marketing, and business acumen, Gabe is shaping the future of data security and protecting the sensitive personal data of customers, colleagues, and communities around the world. Despite having held a range of leadership positions in security technology— including VP of Product Strategy at STEALTHbits and Director of Research & Products at WhiteHat Security—Gabe considers his most valuable experience to be the time he spent on the ground as a security practitioner. Thanks to his intimate understanding of the real issues security professionals face on the front lines, he’s able to identify the core of the problem and create innovative solutions that push data security technology forward. In this episode, we discuss his early starts with the 2600 meet-ups (https://www.2600.com/meetings), privacy versus security, speaking to executives in their language, cloud security, information security skills shortages, training legal teams for cyber, how to get started in cybersecurity, and so much more. Where you can find Gabe: LinkedIn (https://www.linkedin.com/in/gabriel-gumbs-68323939/) Twitter (https://twitter.com/gabrielgumbs) Spirion Blog & Podcast (https://www.spirion.com/blog/)
Acceptto (https://www.acceptto.com/try-acceptto-request/). Shahrokh is a seasoned technologist and leader with 29 years of contribution to modern computer architecture, device identity, platform trust elevation, large IoT initiatives, and ambient intelligence research with more than 25 issued and pending patents. Before Acceptto, Shahrokh was a senior principal technologist contributing to Intel Corporation for 25 years in a variety of leadership positions where he architected and led multiple billion-dollar product initiatives. In this episode, we discuss evolving authentication, SSO and MFA challenges, anomalous behavior detection, enforcing least privilege, his time with Intel, AI and ML, multi-cloud security, securing home users, and so much more. Where you can find Shahrokh: LinkedIn (https://www.linkedin.com/in/shahrokh-shahidzadeh-1187062/) Twitter (https://twitter.com/accepttocorp) Acceptto (https://blog.acceptto.com/)
Deloitte Risk & Financial Advisory (https://www2.deloitte.com/us/en/profiles/debgolden.html) . In the prior six years, Deborah served as the Government & Public Services (GPS) Cyber Risk Services leader, as well as the GPS Advisory Market Offering leader, GPS Empowered Well-Being leader and the lead principal for a major federal government health care provider. Deb has more than 25 years of information technology experience spanning numerous industries, with an in-depth focus on government and public services, life sciences and health care, and financial services. Deb received a bachelor’s degree in Finance at Virginia Tech and a master’s degree in Information Technology at George Washington University. She serves on Virginia Tech’s Business Information Technology and Masters in Information Technology Advisory Boards is a self-proclaimed fitness junky and avid traveler and trains service dogs with the Guide Dog Foundation (https://www.guidedog.org/) in her spare time. In this episode, we discuss mental health awareness, her 1-3-5-15 routine, working with clients remotely, COVID-19 cybersecurity spend, securing home networks, diversity in the cyber workplace, The Guide Dog Foundation, and so much more. Where you can find Deb: LinkedIn (https://www.linkedin.com/in/deborah-golden-7872561a8/) Twitter (https://twitter.com/go1denhokie) Deloitte Bio (https://www2.deloitte.com/us/en/profiles/debgolden.html) Guide Dog Foundation (https://www.guidedog.org/)
Huntress Labs (https://huntresslabs.com/index.html) from the U.S. Intelligence Community, where he supported defensive and offensive cyber operations for the past decade. He previously co-founded the defense consulting firm StrategicIO and actively participates in the ethical hacking community as a Black Hat conference trainer, STEM mentor, and Def Con CTF champion. Additionally, he serves in the Maryland Air National Guard as a Cyber Warfare Operator. Fuzzing For Vulnerabilities (https://www.blackhat.com/us-18/training/fuzzing-for-vulnerabilities.html) ” course at several events around the world. Before founding Huntress Labs, Chris co-founded LegalConfirm, LLC, where he led product design and development until the company was acquired in 2014. In this episode, we discuss incident response planning, their early starts in offensive theaters, red teaming, Ransomware-as-a-Service, small business and enterprise threats, breaking bad news to clients, holding leadership accountable, hacking back, tips and resources for start-ups, warnings for founders, and so much more. (Note: If you are interested in start-ups and being a founder, (https://smartlyremote.net/2020/05/17/show-notes-hang-out-a-shingle/) . Where you can find Kyle and Chris: LinkedIn - Kyle (https://www.linkedin.com/in/kylehanslovan/) LinkedIn - Chris (https://www.linkedin.com/in/chris-bisnett-1792041b/) Twitter - Kyle (https://twitter.com/KyleHanslovan) Twitter - Chris (https://twitter.com/ChrisBisnett) Huntress Blog (https://blog.huntresslabs.com/)
Cowbell Cyber (https://cowbell.insure/blog/) with over two decades of business executive experience. Previous senior roles include COO at Cavirin, CEO at Lacework, both cloud security startups; SnapLogic, a leader in hybrid cloud integration; and CA Technologies, where Jack led DevOps sales for the Fortune 500 leader. With deep operational experience in the DevOps, Cybersecurity, IT Ops, & Big Data spaces, Jack leads Cowbell to execute on its vision of bridging the cyber insurability gap. Jack also serves as a governing board member of Brighter Children (https://www.brighterchildren.org/) , a non-profit organization. In this episode, we discuss the importance of cyber insurance, risk management, the difference between cyber insurance vs other insurance products, the risks COVID-19 pose to small businesses, right-sizing cyber insurance policies, industries that are targets for attackers, and so much more. Where you can find Jack: LinkedIn (https://www.linkedin.com/in/jackkudale/) Twitter (https://twitter.com/cowbellcyber) Cowbell Cyber Blog (https://cowbell.insure/blog/)
Secratic (https://secratic.com/) , a strategic information security, and privacy consultancy focused on helping companies protect data and information, and be prepared before incidents happen. Daniel is also currently serving as the Interim Chief Information Security Officer for Michigan State University. Throughout his 24 year career, he has led security organizations large and small in banking and financial services, pharmaceutical, information, library, and technology companies around the world, taught university-level courses, and both writes and regularly speaks on the topics of security, privacy, data ethics, and compliance. In this episode, we discuss remote working, being a virtual CISO, compliance vs. security vs. privacy, application development security, creating a culture of security, communication skills, giving back to the community, mentoring others, mental health, and so much more! Where you can find Daniel: LinkedIn (https://www.linkedin.com/in/danielaayala/) Twitter (https://twitter.com/buddhake) MentorCore (https://mentorcore.biz/) Secratic (https://secratic.com/) Blog (https://danielayala.com/) Hang Out A Shingle: Starting Your Own Cybersecurity Company (https://smartlyremote.net/2020/05/17/show-notes-hang-out-a-shingle/)
WhiteHat Security (https://www.whitehatsec.com/author/anthony/) , the leader in Application Security, enabling businesses to protect critical data, ensure compliance, and manage risk. Previously, Anthony ran Tenable Research where Anthony joined via Tenable’s acquisition of FlawCheck – a leading Container Security startup where Anthony was the CEO & Founder. Before its acquisition by Symantec, Anthony was CEO & Founder of Appthority, a leading Mobile Security startup, and winner of the “Most Innovative Company of the Year” award at the RSA Conference. In this episode, we discuss managing a remote team, web application security, DevSec, responsible vulnerability disclosure, Artificial Intelligence (AI), how to focus your career, being a founder, and so much more! Where you can find Anthony: LinkedIn (https://www.linkedin.com/in/anthonybettini/) WhiteHat Blog (https://www.whitehatsec.com/author/anthony/)
Kenna Security (https://www.kennasecurity.com/) . He founded Kenna Security to deliver a data-driven risk-based approach to remediation and help IT teams prioritize and thwart would-be security threats. Ed is the former CISO of Orbitz and former Vice President, Corporate Information Security at Bank of America. He is an advisor to Dascena and former advisor to SecurityScoreboard.com, Dharma, and Society of Payment Security Professionals. Ed is a contributing author to the book, Beautiful Security (https://www.amazon.com/Beautiful-Security-Leading-Experts-Explain/dp/0596527489) . He is also a frequent speaker at industry conferences such as RSA, BlackHat, and many others. In this episode, we discuss vulnerability management maturity, how to focus on remediation, inventory management, securing cloud services, IoT devices in the enterprise, entrepreneurship, hiring the right people, and so much more. Where you can find Ed: LinkedIn (https://www.linkedin.com/in/bellis/) Twitter (https://twitter.com/ebellis) Kenna Security Blog (https://www.kennasecurity.com/blog/)
F-Secure's (https://blog.f-secure.com/) Chief Research Officer. Mikko has written on his research for the New York Times, Wired, and Scientific American (https://mikko.hypponen.com/articles.html) , and he frequently appears on international TV. He has lectured at the universities of Stanford, Oxford, and Cambridge. He was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list. Mikko sits on the advisory boards of t2 and Social Safeguard and in the advisory panel for the Monetary Authority of Singapore. In this episode, we discuss his early starts in information security, the rebirth of TELNET, security by design, the difference between privacy and security, mobile device security, IoT security, election security, and so much more. Where you find Mikko: LinkedIn (https://www.linkedin.com/in/hypponen/) Twitter (https://twitter.com/mikko) F-Secure Blog (https://blog.f-secure.com/) (https://www.hbo.com/documentaries/kill-chain-the-cyber-war-on-americas-elections)
The New CISO podcast (https://www.exabeam.com/podcast/) . Stephen has more than 15 years of experience in information security, intrusion analysis, threat intelligence, security architecture, and web infrastructure design. Before joining Exabeam, Stephen spent more than seven years at Anthem in a variety of cybersecurity practitioner and leadership roles. He played a leading role in the response and remediation of the data breach announced in 2015. Stephen has deep experience working with legal, privacy, and audit staff to improve cybersecurity and demonstrate greater organizational relevance. He has been a Member of the Advisory Board at SecureAuth Corporation since July 2017. In this episode, we discuss adopting SOCs for remote operations, shifting focus to credentials, SOAR, attacker attribution, threat intelligence, post-Covid-19 IT changes, and so much more. Where you can find Stephen: LinkedIn (https://www.linkedin.com/in/stephenrmoore/) The New CISO Podcast (https://www.exabeam.com/podcast/) Exabeam Blog (https://www.exabeam.com/information-security-blog/)
Social-Engineer Toolkit (https://github.com/trustedsec/social-engineer-toolkit) (SET), Artillery, Unicorn, PenTesters Framework, and several popular open-source tools. David was the co-founder of DerbyCon (https://en.wikipedia.org/wiki/DerbyCon) ; a large-scale conference started in Louisville, Kentucky. Before the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence-related missions. David is frequently interviewed by news organizations, including CNN, Fox News, MSNBC, CNBC, and BBC World News. He has testified in front of Congress on two occasions on the security around government websites. In this episode, we discuss the shift to virtual conferences, Zoom vulnerabilities, responsible vulnerability disclosure, the importance of communication skills, giving back to the community, mental health, working from home, and so much more. Where you can find David: LinkedIn (https://www.linkedin.com/in/davidkennedy4/) Twitter (https://twitter.com/HackingDave) TrustedSec Blog (https://www.trustedsec.com/blog/) TrustedSec Public Slack (https://t.co/6yHoSwGKVH)
Active Countermeasures (https://www.activecountermeasures.com/) , a firm dedicated to tracking advanced attackers inside and outside your network. John has consulted and taught hundreds of organizations in the areas of cybersecurity, regulatory compliance, and penetration testing. John is a contributor to the industry shaping Penetration Testing Execution Standard (http://www.pentest-standard.org/index.php/Main_Page) and 20 Critical Controls frameworks. He is also an experienced speaker, having done presentations to the FBI, NASA, the NSA, and at various industry conferences. John also co-hosts Offensive Countermeasures: The Art of Active Defense; (https://www.amazon.com/Offensive-Countermeasures-Art-Active-Defense-ebook/dp/B00DQSQ7QY) and writes loud rock music and makes various futile attempts at fly-fishing. In this episode, we discuss remote workers in the Covid-19 pandemic, validating VPN targets in pen tests, cloud security, developing SANS course material, how to choose what to give away, planning conferences, threat hunting, keeping up with new vulnerabilities, mental health, and so much more. Where you can find John: LinkedIn (https://www.linkedin.com/in/john-strand-a1b4b62/) Twitter (https://twitter.com/strandjs) BHIS Blog (https://www.blackhillsinfosec.com/blog/) Security Weekly Podcast (https://securityweekly.com/)
RiskIQ (https://www.riskiq.com/) . As Chief Data Scientist, Adam leads the data science, data engineering, and research teams at RiskIQ. Adam pioneers research automating the detection of adversarial attacks across disparate digital channels, including email, web, mobile, social media. Adam also has received patents for identifying new external threats using machine learning. Adam received his Ph.D. in experimental particle physics from Princeton University. As an award-winning member of the CMS collaboration at the Large Hadron Collider (https://home.cern/science/accelerators/large-hadron-collider) , he was an integral part of developing the online and offline analysis systems that lead to the discovery of the Higgs Boson. In this episode, we discuss starting in particle physics, data science, communication skills, process automation, managing attack surface areas, and so much more. Where you can find Adam: LinkedIn (https://www.linkedin.com/in/adamphunt/) Twitter (https://twitter.com/RiskIQ) RiskIQ (https://www.riskiq.com/blog/)
Nate Fick is the General Manager of (https://www.amazon.com/One-Bullet-Away-Making-Officer/dp/0618773436/) , was a New York Times bestseller, a Washington Post "Best Book of the Year," and one of the Military Times' "Best Military Books of the Decade.” Nate is a graduate of Dartmouth College, the Harvard Kennedy School, and the Harvard Business School. Nate serves as a Trustee of Dartmouth, and on the Military & Veterans Advisory Council of JPMorgan Chase & Co. He is a member of the Young Presidents’ Organization and a life member of the Council on Foreign Relations and Trout Unlimited. In this episode, we discuss leadership, lessons learned in the Marines, cyberwar, information sharing, government policies, finding the signals in the noise, resource management, and so much more! Where you can find Nate: LinkedIn (https://www.linkedin.com/in/natefick/) Twitter (https://twitter.com/ncfick) Elastic Blog (https://www.elastic.co/blog/)
IronNet (https://ironnet.com/about/news/) , a startup technology firm founded by former National Security Agency (NSA) Director Gen. Keith Alexander (ret.). Prior to joining IronNet, Jamil served as the Chief Counsel and Senior Advisor for the Senate Foreign Relations Committee and Senior Counsel to the House Intelligence Committee where he led the committee’s oversight of NSA surveillance and wrote the original version of the Cybersecurity Information Sharing Act (CISA) signed into law in 2015. He also worked in the White House during the Bush Administration as an Associate Counsel to the President and in the Justice Department where he led the National Security Division's work on the President's Comprehensive National Cybersecurity Initiative. Jamil is also an Assistant Professor of Law and Director of the National Security Law & Policy Program at the Antonin Scalia Law School at George Mason University and a Visiting Fellow at Stanford University’s Hoover Institution. In this episode, we discuss starting as in legal, government's role in cybersecurity, information sharing with real-time collaboration, automation, trend spotting, impacts to small businesses, cyberwar, and so much more. Where you can find Jamil: LinkedIn (https://www.linkedin.com/in/jamil-jaffer-199115/) Twitter (https://twitter.com/jamil_n_jaffer) IronNet (https://ironnet.com/about/news/)
New York City Economic Development Corporation (https://edc.nyc/program/cyber-nyc) . James has spent his career building stronger cities through investments in affordable housing, innovation, and 21st-century infrastructure. During his tenure, he has overseen some of the city’s most ambitious projects, including launching a citywide ferry system, developing Mayor de Blasio’s 100,000 jobs plan, and optimizing NYCEDC’s 60 million square feet of real estate. Prior to his appointment as NYCEDC President in 2016, James served as chief of staff to Deputy Mayor for Housing and Economic Development Alicia Glen, where he helped oversee more than 25 city agencies and played a pivotal role in preserving thousands of affordable homes. James holds a BA in Economics from Amherst College and an MBA from Stanford University. In this episode, we discuss NYC building a cyber army, economic development through cyber, business accelerators, matching inventors with business coaches, NYC's talent pool, and so much more. Where you can find James: LinkedIn (https://www.linkedin.com/in/james-patchett-b99b14161/) Twitter (https://twitter.com/jbpatchett) NYCEDC (https://edc.nyc/program/cyber-nyc)
FOR585: Smartphone Forensic Analysis In-Depth (blank) . To say that digital forensics is central to Heather's life is quite an understatement. Heather has worked on high-stress and high-profile cases, investigating everything from child exploitation to media associated with terrorism. She has helped law enforcement, eDiscovery firms, military, and the federal government extract and manually decode artifacts used in solving investigations around the world. Heather began working in digital forensics in 2002, and has been focused on mobile forensics since 2010 - there's hardly a device or platform she hasn't researched or examined or a commercial tool she hasn't used. She also maintains www.smarterforensics.com (www.smarterforensics.com) . Heather is the co-author of Practical Mobile Forensics (1st -4th editions), currently a best seller from Pack't Publishing. In this episode, we discuss coming back to law enforcement, cloud forensics, what drives her research, early mentors, the start of cellphone forensics, mobile device threats, developing presentations, and so much more! Where you can find Heather: Twitter (https://twitter.com/HeatherMahalik) LinkedIn (https://www.linkedin.com/in/heather-mahalik-3615535/) SANS (https://www.sans.org/instructors/heather-mahalik) Blog (https://smarterforensics.com/blog/)
Mari DeGrazia (https://www.linkedin.com/in/mari-degrazia/) is a Senior Vice President in the Cyber Risk practice of Kroll, a division of Duff & Phelps. Over the course of a 12-year career in the computer industry, Mari has become a leader within the digital forensics community. Mari joined Kroll from Verizon Enterprises where she served as Case Lead on various network intrusion and data breach investigations. Mari is a strong believer in giving back to the forensic community and has written and released numerous programs/scripts, two of which are used in SANS training. In addition, she has presented her research at several industry conferences, published articles in eForensics Magazine, and was the technical editor for Windows Registry Forensics S.E. In this episode, we discuss starting in IT, balancing work and family, self-training, the importance of the DFIR community, cross-training, using AI for detection, cloud security, giving back to the industry, and so much more. Where you can find Mari: LinkedIn (https://www.linkedin.com/in/mari-degrazia/) Twitter (https://twitter.com/maridegrazia) Blog (https://az4n6.blogspot.com/) GitHub (https://github.com/mdegrazia)
When my 7-year-old introduced me to his second-grade class, he put it best: "My Mom teaches the good guys how to keep the bad guys out of their computers. She has a blue lightsaber." - Nadean Tanner Puppet (https://puppet.com/) . She is responsible for all things product training from working with internal knowledge sources and the instructional design team to produce modern, engaging knowledge assets to delivering online and onsite classroom sessions. Nadean is an experienced instructor and speaker with nearly 20 years' experience in information technology and security training delivery and development. At Rapid7, she taught vulnerability management and network and application assault as well as SQL, Ruby, and API. Before Rapid 7, Nadean taught Security Analytics and Advanced Security Operations Center Management for RSA. She taught cybersecurity and information assurance 8570 classes for the Department of Defense including CISSP at Fort Gordon, Fort Carson, and the Pentagon, and she developed and taught graduate-level computer science courses at Louisiana State University for six years. In this episode, we discuss teaching and traveling, communicating technical terms, talking about the basics, writing a book, teaching with humility, knowing when you are an expert, and so much more. Where you can find Nadean: LinkedIn (https://www.linkedin.com/in/nadeanhtanner/) Website (https://www.nadeantanner.org/) Amazon (https://www.amazon.com/Cybersecurity-Blue-Toolkit-Nadean-Tanner/dp/1119552931/)
ISACA (https://cybersecurity.isaca.org/) . Frank, a 14-year cybersecurity specialist, graduated with a bachelor’s degree in English from the University of Maryland, after which he promptly joined the US Department of Defense as a subject matter expert, working with computer networks on a daily basis. Realizing that English and cybersecurity were two very different concepts, he proceeded to obtain a master’s degree in cybersecurity from UMBC, after a pit stop at Johns Hopkins to obtain a master’s degree in Government. Eventually, Frank decided to ease the learning process for individuals transitioning from non-technical backgrounds into cybersecurity by becoming a full-time Intelligence and Operations Consultant for multiple federal law enforcement and intelligence agencies. In this episode, we discuss starting in another industry before the DoD, packet capture analysis, doing the work no one else wants to do, knowing when to move into new roles, non-traditional backgrounds, training and certifications, COBIT, and so much more. LinkedIn (https://www.linkedin.com/in/frankdownsnopublic/) FrankDowns.com (https://www.frankdowns.com/) ISACA (https://cybersecurity.isaca.org/)