Lessons from the School of Cyber Hard Knocks

Today's guest is Lynn Dohm, Executive Director at Women in Cybersecurity (WiCyS). In today's episode, Lynn discusses WiCyS and her role as Executive Director, how WiCyS became a non-profit organization, how the pandemic affected the organization, WiCyS' partnerships, whether she is optimistic or pessimistic about the future of the cybersecurity workforce, Chicago versus Detroit pizza, and as always, her toughest lesson learned.

Today's guest is Scott McCrady, CEO of SolCyber. In today's episode, Scott discusses SolCyber and his role as CEO, what brings customers to MSSPs, how the security landscape has changed over the past ten years, how the attack surface and threat actor has changed in recent years, his perspective on cyber insurance, his preferred topic of conversation at a cocktail party, and as always, his toughest lesson learned.

In a special edition of the podcast 'Lessons from the School of Security Hard Knocks' we delve into a compelling discussion that shines a spotlight on the incredible women who are redefining the cybersecurity landscape.  Let's dive into the incredibly intriguing subject of "Women in Cybersecurity" with the winners of the RunSafe Cybersecurity Leadership Awards: Christine Gadsby, Kiersten Todt, and Madison Horn. This episode also features Laurie Williams, Vijaya Kaza, Lee Kappon, Teresa Shea, Jen Sovada, Candice Frost, and Megan Samford. These cyber leaders are at the forefront, sharing their invaluable experiences and the toughest lessons they've learned along the way. Their lessons are not only enlightening but also instrumental for anyone striving for success in this ever-evolving domain. Tap to listen, and let's join forces in championing diversity, inclusion, and innovation in cybersecurity. Together, we can create a safer and more resilient digital world. #WomenInCybersecurity #CybersecurityLeaders #DiversityInTech

Today's guest is Christine Gadsby, VP of Product Security Operations at Blackberry. In today's episode, Christine discusses Blackberry and her role there, what organizations should consider around software supply chain security, what Blackberry is doing about SBOM security, what advancements she has seen and hopes to see in open source software, Blackberry's role in security for critical infrastructure, her thoughts on the National Cybersecurity Strategy, whether she is optimistic or pessimistic about the future of companies' critical infrastructure security, and as always, her toughest lesson.

Today's guest is Madison Horn, CEO of Critical Fault and former US Senate nominee. In today's episode, Madison discusses Critical Fault and her role there, how trends in cybersecurity have changed over the past 10 years, her thoughts on the Biden administration's National Cybersecurity Strategy, the seriousness of China's threat on critical infrastructure, the biggest threat to our national security, if we are facing a new world order, what cybersecurity issues Congress should focus on, whether she will consider running for office again in the future, and as always, her toughest lesson learned.

Today's guest is Colonel Candice Frost, Adjunct Professor of Security Studies Program at Georgetown University. In today's episode, Colonel Frost discusses her transition from her military career to the private sector, serving as commander of the Joint Intelligence Operations Center for USCYBERCOMMAND, how she approaches near term threat horizons vs longer term threat horizons, lessons we can learn from the war in Ukraine, what she looks for in leaders, pressing national security issues, critical infrastructure threats, how we can improve public/private partnerships, and as always, her toughest lesson learned.

Today's guest is Teresa Shea, President of Oplnet LLC. In today's episode, Teresa shares how she got involved in signals intelligence, the role universities should play to develop future security leaders in cyber offensive and defensive domains, the differences and similarities between government-sponsored R&D and venture capital, the role threat intelligence plays in cyber operations for defensive purposes, how enterprises can gain insight on offensive methods to inform their security posture, her thoughts on the National Cybersecurity Strategy document, whether she is optimistic or pessimistic about the future of cybersecurity, how someone should prepare for a career in cyber operations, and as always, her toughest lesson learned.

Today's guest is Jen Sovada, President of Public Sector at SandboxAQ. In today's episode, Jen discusses SandboxAQ and her role there, what role quantum computers can play in internet security, what surprises her about her students today, serving as chair of the board of the Defense Entrepreneurs Forum, creating a talent management framework, whether she is optimistic or pessimistic about the future of cybersecurity, viewing AI as an opportunity rather than a threat, and as always, her toughest lesson learned.

Today's guest is Bob Ackerman, Founder & Managing Director of AllegisCyber Capital. In today's episode, Bob discusses AllegisCyber Capital and his role there, how he got his start, the three things they look for in founders, the market of VC Capital in cybersecurity and the future for IPOs, his thoughts on the the national cybersecurity strategy, the liability shift in critical infrastructure from asset owners to product manufacturers, his thoughts on the future of the United States' cyber resilience, and as always, his toughest lesson learned. Robert R. Ackerman Jr. founded AllegisCyber Capital—the world's first dedicated cyber venture firm—to be “for cyber entrepreneurs by cyber entrepreneurs.”Bobis also the Co-founder of cybersecurity and data science foundry DataTribe, Co-founder of CyberGRX, and Chairman of the annual Global Cyber Innovation Summit—the “Davos of Cybersecurity”—for leading Global 2000 CISOs, cyber innovators, and policy leaders. With a 20+ history in early-stage cybersecurity investing,Bobis titled as one of “Cyber's Money Men'' by major business publications for his experience and leadership in cybersecurity VC investing, named one of “Technology's Top 100 Investors” by Forbes and featured on Forbes Midas List, and recognized as one of two leading cyber investors in the world by Cyber Defense magazine.

Today's guest is Kiersten Todt. In today's episode, Kiersten discusses her time at CISA and her recent transition from Chief of Staff, how the industry has matured over the agency's lifetime, progress made within cybersecurity and infrastructure, the urgency of solving memory safety, how the government can encourage a liability shift from asset owner/infrastructure provider to product manufacturer, learnings from tabletop exercises, the greatest threat facing cybersecurity today, whether she is optimistic or pessimistic about the future of cybersecurity, and as always, her toughest lesson learned.

Today's guest is Patrick O'Brien, Senior Safety and Cybersecurity Engineer at exida. In today's episode, Patrick discusses exida and his role there, the safety and cybersecurity issues facing industrial systems, the similarities and differences between threat models facing organizations, working on ISA/IEC 62443 and other standards, what role the software development plays in developing standards, his industry's use of SBOM, the most significant cybersecurity threat asset owners face today, whether he is optimistic or pessimistic about the future of cybersecurity, a surprise Penn State football question, and as always, his toughest lesson learned.

Today's guest is Ralph Langner, founder/CEO of Langner, Inc. In today's episode, Ralph discusses Langner, Inc., his role in what happened at stuxnet, our progress over the years in terms of OT security, motivations to attack OT networks, shifting cyber liability, whether he is optimistic or pessimistic about the cyber protections for cyber physical systems, and as always, his toughest lesson learned.

Today's guest is Chris Blask, VP of Strategy at Cybeats. In this episode, Chris discusses Cybeats and his role there, his work with SBOMs, why SBOMs are a corporate asset, the importance of understanding open source software, his work as the chair of ICS-ISAC, the greatest cybersecurity threats currently facing society and why we're not ready to face them, his thoughts on the current national cyber strategy, how he got his start in security, and as always, his toughest lesson learned. 

Today's first return guest is Bryan Ware, CEO of LookingGlass Cyber. Today we welcome back our first returning guest, Bryan Ware! In this episode, Bryan discusses his move to CEO of LookingGlass Cyber, founding Next5, competition with China, and then Joe and Bryan dive into some Next5 Matrix Monitor highlights including: the recent Chinese spy balloon, Huawei's patent strategy, his hopes for the next National Cyber Director and the Biden administration, and as always, an all-new toughest lesson learned!

Today's guest is Emily de La Bruyère, co-founder of Horizon Advisory. In this episode, Emily discusses Horizon Advisory, China's digital strategy, examples of China's influence on supply chain technology, new factors of production and who will benefit the most in this era of digital competition, what the US should do, the implications on China of President Biden's semiconductor ban, implications for Germany, and as always, her toughest lesson learned. 

Today's guest is David Weston (aka "DWIZZLE"), Vice President of Enterprise and OS Security at Microsoft. In this episode, David talks about his role at Microsoft, changes Microsoft has made over the past few years to protect software, their defense in depth outlook, how his earlier career impacts his current work, the greatest security threats facing enterprise customers, his work with TAC, how he got interested in the cyber world, the origins of his "Dwhizzle" name, and as always, his toughest lesson learned.

Today's guest is Richard Stiennon, Chief Research Analyst at IT-Harvest. In a nod to Clausewitz and Gaddis, this episode is called On Cyber Warfare. In this episode, Richard discusses founding IT-Harvest and his current role there, the transition to data-driven research, the biggest industry shifts and trends, the threat and the current state of cyber warfare, his feelings towards cyber defense, and as always, his toughest lesson learned.

Today's guest is Dmitri Alperovitch, executive chairman at Silverado Policy Accelerator. In this episode, Dmitri discusses the story behind co-founding CrowdStrike, how threat intelligence has advanced since its founding, his non-profit Silverado Policy Accelerator, the struggle for world order, what the United States can do to reduce the threat against Taiwan, the Biden administration's semi-conductors policy, the importance of chips, his predictions about the future of Russia and Ukraine, Silverado's ecological footprint, his optimism towards the future, and as always, his toughest lesson learned.

Today's guest is Dr. Laurie Williams, Distinguished University Professor of Computer Science at North Carolina State University. In this episode, Laurie discusses some of the programs she works in as a distinguished university professor in Computer Science at North Carolina State University, her current research projects, developers' role in fixing vulnerabilities, the future of DevOps, the efficacy of scanning tools for detecting vulnerabilities, supply chain issues, benefits of SBOM, today's biggest security threat, how her past experience informs her current work, and as always, her toughest lesson learned.

Today's guest is Thomas Pace, founder/CEO of NetRise. In this episode, Thomas discusses NetRise and his role as founder/CEO, how the approach to OT security has changed, their ideal customer profile, what surprises him about current trends, SBOM, managing software supply chain risk, how he entered the field, the trials of being a founder/CEO, and as always, his toughest lesson learned.

Today's guest is José Costa, CISO at Critical Software. In this episode, José discusses Critical Software and his role as CISO, his key priorities in the development process, bridging the gap between functional safety and cybersecurity, the driving forces and security implications of the digital transformation, risks associated with APIs, software supply chain security, his optimism about the future, and as always, his toughest lesson learned.

Today's guest is Brad LaPorte, Partner at High Tide Advisors. In this episode, Brad discusses High Tide Advisors and his role there, hot trends in the cybersecurity world, his biggest takeaways from working at Gartner, his previous work and military experience, attack surface reduction, the war in Ukraine, his thoughts on the future of the industry, and as always, his toughest lesson learned.

Today's guest is John Cusimano, Managing Director of Cyberstrategic Risk at Deloitte. In this episode, John discusses Deloitte and his role there, the advantages of being part of a larger firm, the most common themes across industry and use cases, CyberPHA and how can organizations apply it, how he got his start in cybersecurity, his work as a Process Safety Product Manager at Siemens, the ISA/IEC 62443-3-2 standard, what security threats keep him up at night, and as always, his toughest lesson learned. 

Today's guest is Bryson Bort, founder/CEO of Scythe. In this episode, Bryson discusses founding Scythe, their product platform, why organizations should be as sentient as their attackers, vulnerability management, building the Scythe community, the drivers for malware, how the threat landscape has changed over the past two decades, and as always, his toughest lesson learned.

Today's guest is Antoinette King, founder of Credo Cyber Consulting. In this episode, Antointte discusses founding Credo Cyber Consulting and her role there, the dangers of looking at cybersecurity as a "cost center", the connection between physical and cyber security, data privacy, her work in the Security Industry Association, her attitude towards biometrics and AI, RAD (robotics assisted devices) and their mission, the impact of technology on youth, what keeps her up at night, and as always, her toughest lesson learned. 

Today's guest is the co-founder/CEO of ERI. In this episode, John discusses ERI and its founding as well as his role there, what drove him to write his book: "The Insecurity of Everything", prioritizing environmental or data protection, innovations pre and post COVID, "cross-contamination" of devices, and as always, his toughest lesson learned.

Today's guest is Min Kyriannis, founder/CEO of Amyna Systems. Does Min prefer silicone or carbon-based employees?! In this episode, Min discusses Amyna Systems and her role there, some of the challenges facing critical infrastructure, the importance of creating new cybersecurity standards and workflows, her work with Women In International Security (WIIS) and Curious Minds Foundation, founding the GlobalCyberConsortium, her biggest industry concerns, and as always, her toughest lesson learned. 

Have you ever wondered: "Where did Joe come up with the idea for this podcast?" or "Does the man who asks everyone for their toughest lesson have one himself?" How about: "Who is Alex O'Shea and what is she doing asking the questions this week?!" Listen to find out the answer to these questions and many more on this week's SPECIAL EDITION episode, where the tables have turned and we hear from Joe Saunders, the founder/CEO of RunSafe Security and the host of this podcast!

Today's guest is JB Benjamin, founder/CEO of Kryotech. In this episode, JB discusses Kryotech and his role there, Vox Messenger, the future of cryptocurrency, his thoughts on the metaverse, his biggest concerns about cybersecurity, the government's role and responsibility in regards to cybersecurity, quantum computing, how he got his start, what keeps him up at night, and as always, his toughest lesson learned. 

Today's guest is Nico Bartolomeo, Senior Consultant of Cloud Security at Rockwell Automation. In this episode, Nico discusses Rockwell Automation as well as his role there, his aversion to the "if it ain't broke, don't fix it" mentality, the role economics plays in cybersecurity, the biggest threats facing cloud security right now, shared security models, his background in insider threat, what security concerns keep him up at night, and as always, his toughest lesson learned. 

Today's guest is Mubarik Mustafa, OT/ICS Cybersecurity Consultant at ACET Solutions. In this episode, Mubarik discusses ACET Solutions and his role there, the current state of OT/ICS security, the major threats, the challenges of OT security over IT security, his background as a Process Automation Network engineer, what keeps him up at night, and as always, his toughest lesson learned. 

Today's guest is Matt Harless, Director of the Cyber Fusion Center at Carrier. In this episode, Matt discusses Carrier and his role there, what a day in the life is like, TMR (Tactical Mitigation Response), the importance of continuous improvement, the Veterans cohort program he is starting with SANS, the similarities and differences between working at a financial company versus an industrial OT product provider, how his role has changed from working in cyber threat intelligence to becoming director of the Cyber Fusion Center, what threats keep him up at night, and as always, his toughest lesson learned. 

Today's guest is Chet Namboodri, SVP Business Development at Nozomi Networks. In this episode, Chet discusses Nozomi Networks and his role there, the state of OT and IoT security, which national security risks are posed, how OT differs from IT, product differentiation, how his career background impacted his current role, what he deems the largest security threats, and as always, his toughest lesson learned. 

Today's guest is John Krzeszewski, Engineering Manager of Cybersecurity at Eaton.  In this episode, John discusses Eaton and his role there, his role as chair of the SAE Vehicle Cybersecurity Systems Engineering Committee and co-convener with ISO on post ISO/SAE 21434, what security concerns keep him up at night, zero-day attacks, what core issues they are working to solve, Eaton's commitment to sustainability, and as always, his toughest lesson learned.

Today's guest is David Scott, Cyber Division Deputy Assistant Director at the FBI. In this episode, David discusses his time in the military to his past roles and now current role in the Cyber Division at the FBI, his current main priorities, who the FBI coordinates with to prevent cyber attacks, who the bad actors are, how he got his start in cyber, new tools and technologies in development, and as always, his toughest lesson learned.

Today's guest is John Deskurakis, Chief Product Security Officer at Carrier. In this episode, John discusses Carrier and his role there, how Carrier is making the world a safer place, what its buyer and customers expect from them, managing software supply chain risk, the risks and benefits associated with open source software, his work with Security Industry Association and ISAGCA, and as always, his toughest lesson learned.

Today's guest is Matthew Bohne, VP & Chief Product Cybersecurity Officer at Honeywell. In this episode, Matthew discusses Honeywell and his role there, what "secure by design" means to him, the importance of ISA/IEC 62443, how he builds the best environment/culture possible, how product security differs amongst organizations and customers, his advice for young professionals, how he got his start, and as always, his toughest lesson learned.

Today's guest is Jake Norwood, Cyber Security Delivery Executive at Booz Allen Hamilton. In this episode, Jake discusses Booz Allen and his role there, the top security concerns clients face, the differences between cybersecurity in the US versus the EU/UK, what surprised him the within the field, what advances in threat intelligence are needed, how his volunteer work in Poland impacted his career, what security issues keep him up at night, and as always, his toughest lesson learned.

Today's guest is Andrew Kling, Industry Automation VP Cybersecurity & Product Security Officer at Schneider Electric. In this episode, Andrew discusses Schneider Electric and his role as Industry Automation VP Cybersecurity & Product Security Officer, the key to managing a large cybersecurity portfolio, the necessity of security, elevated risk, addressing software supply chain risk at Schneider Electric, the Executive Order and SBOM, the adoption and integration of open source, his major security concerns, what keeps him up at night, and as always, his toughest lesson learned.

Today's guest is Rick Tiene, VP of Government and Critical Infrastructure at Mission Secure. Need a crash course in the importance of OT? Today's your lucky day! In this episode, Rick discusses Mission Secure and his role as VP, OT cyber vulnerabilities, how protecting IT differs from protecting OT, software security supply chain from an OT perspective, how homeland security challenges have changed since 9/11, some high-risk examples of OT cybersecurity breaches, what security problems keep him up at night, and as always, his toughest lesson learned. 

Today's guest is Lee Kappon, co-founder and CEO of Suridata. Want to hear from a Forbes' "30 Under 30"?! In this episode, Lee discusses Suridata and her role as CEO, the founding story, why SaaS data is so valuable, being named one of Forbes' "30 Under 30", the root of cybersecurity's success in Israel, the leaders she admires most, her biggest professional fears, and as always, her toughest lesson learned.

Today's guest is Kristi Rogers, Managing Partner & Co-Founder of Principal to Principal. Go Green or Go Blue?! In this episode, Kristi discusses her roles on the board of Qualys and NowSecure as well as her involvement in the Women's Foreign Policy Group. She shares about NowSecure's work with Peloton and how ubiquitous player Qualys is evolving, mobile application security, mobile application security, the complexity of software supply chain security, what the government can do to promote our security posture, what keeps her up at night, and as always, her toughest lesson learned. 

Today's guest is Philippe Humeau, CEO of CrowdSec. In this episode, Philippe discusses CrowdSec and his role there, the advantages of open source, how they make their business model work, how pentesting and the security landscape have changed over the past few decades, how the open source movement is affecting society at large, the implications of gray zone war, how traditional powers should respond to cyber attacks, how he got his start in security, what keeps him up at night, and as always, his toughest lesson learned.

Today's guest is James Johnson, CISO of John Deere. "We're fighting a cyber battle." In this episode, James discusses John Deere and his role as CISO, developing his leadership, current innovation at John Deere, what the customers are asking for, the key in developing security professionals, how security is an enabler for business, managing supply chain security, what keeps him up at night, and as always, his toughest lesson learned. 

Today's guest is Megan Samford, VP, Chief Product Security Officer - Energy Management at Schneider Electric. Before Megan worked in cyber, she was an emergency manager. Learn how that has impacted her career and so much more! In his episode, Megan discusses Schneider Electric and her role there, top security concerns in energy management, how to best manage product security at different companies, how to best communicate across departments, some of her industry initiatives, applying incident command system to cybersecurity, the overwhelming threat to critical infrastructure, what she would do if she were director of CISA, her thoughts on the Executive Order, what keeps her up at night, and as always, her toughest lesson learned.

Today's guest is Brad Hawkins, CEO of SaferNet. In this episode, Brad discusses the mission and founding of SaferNet, the dangers of work-from-home, how he got his start in the security industry, the similarities and differences between running an investment company and a cybersecurity organization, what keeps him up at night, his view on society's biggest security risk, and as always, his toughest lesson learned.

Today's guest is Phil Odence, General Manager of Black Duck Audit Business at Synopsys. In this episode, Phil discusses his responsibilities and Black Duck's role at Synopsys, open source software, the increased risk of visibility, his impression of the Executive Order and the emphasis on SBOMs, his opinion on standards arounds SBOMs, the impact of the pandemic on business, what keeps him up at night, and as always, his toughest lesson learned.

Today's guest is Avi Rubin, computer science professor at Johns Hopkins University. Poker champion, boating captain, and computer science professor?! In this episode, Avi discusses what he's teaching and researching right now, Harvard Labs, what buffer overflow is, consumer IoT and medical devices, surprises within the last few elections, his testimony before Congress, the dangers of cryptocurrency, U of Michigan football predictions, and as always, his toughest lesson learned.

Today's guest is Jeff Williams, Co-Founder and CTO of Contrast Security. Would you rather be right or compelling? In this episode, Jeff discusses Contrast Security, how the application security space has evolved, what their "inside out" approach is, the impact and need of the Executive Order, how he got his start in cybersecurity, the relevance of his law degree, what keeps him up at night, and as always, his toughest lesson learned. 

Today's guest is Mike Vesey, President of IdRamp. Passwords and zero-trust and pink locker rooms, oh my! In this episode, Mike discusses IdRamp, what self-sovereign identity is, why we still have passwords today, zero-trust, what the near future holds, pink locker rooms!, his path to IdRamp, and as always, his toughest lesson learned.

Today's guest is Roland Cloutier, CISO at TikTok. Patience is key. This is just one of the many lessons to be learned from this week's episode. Roland discusses his current role and responsibilities as TikTok CISO, how he has advanced the security capabilities within TikTok, his message when recruiting new security practitioners, the differences between working as a CISO in a premier payroll processing organization versus a major social media company, what a “strategic converged security program is”, how he got his start in security (hint: it wasn't in cyber!), what keeps him up at night, and as always, his toughest lesson learned.