Simply Solving Cyber

What can the largest diamond heist in history teach us about modern cybersecurity? When $100 million in diamonds vanished from Belgium's supposedly impenetrable Diamond Center vault, it wasn't cutting-edge technology that failed—it was people and processes.Join host Aaron Pritz and senior cybersecurity consultant Rebecca as they unpack the fascinating story of the 2003 Antwerp Diamond Heist in this surprise mystery episode. Piece by piece, they reveal how jewel thieves bypassed sophisticated security measures using remarkably simple techniques: hairspray on heat sensors, electrical tape over light detectors, and basic tools to pry open safety deposit boxes. More importantly, they uncover how fundamental breakdowns in process and human vigilance created the perfect conditions for this historic theft.The parallels to modern cybersecurity are striking and sobering. Just as the Diamond Center's management skipped background checks and ignored maintenance warnings to save money, many organizations today prioritize convenience over security or postpone critical patches to avoid disruption. The heist demonstrates how social engineering, insider threats, and complacency can defeat even the most impressive security technologies—a lesson that remains painfully relevant in our digital world.Whether you're responsible for protecting digital assets or physical ones, this episode offers valuable insights into the delicate balance between technology, people, and process in creating truly effective security. Listen now to discover how the most catastrophic security failures often stem not from sophisticated attacks, but from neglecting the basics.References: 1. https://www.osti.gov/servlets/purl/11154832. https://www.wired.com/2009/03/ff-diamonds-2/3. https://www.bbc.co.uk/programmes/w3cszdjz

Grace Chi, co-founder and COO of PulseDive, takes us deep into the often overlooked world of cyber threat intelligence networking. Grace has become a passionate advocate for the human connections that power effective security programs, conducting groundbreaking research on how threat intelligence practitioners share information.What makes this conversation especially valuable is Grace's focus on the practical realities of threat intelligence implementation. She reveals that while formal structure or groups like ISACs provide important frameworks, the most timely and actionable intelligence typically flows through one-to-one relationships and trusted peer networks. These connections become critical during security incidents, when having someone who can provide just-in-time context about a threat can make all the difference between detection and compromise.The discussion tackles common pitfalls in threat intelligence program development, particularly the tendency to invest in platforms without proper implementation planning or ongoing maintenance resources. Grace offers concrete advice for organizations at different maturity levels, emphasizing the importance of starting with clear requirements, assigning dedicated point persons for implementation, and understanding pricing models before making significant investments.For those building threat intelligence capabilities from scratch, this episode provides a roadmap that focuses on identifying organizational pain points, leveraging existing talent, and implementing capabilities incrementally rather than attempting to configure every available feed immediately. Grace also highlights the critical distinction between external intelligence sources and the often-underutilized wealth of internal telemetry and observations.Beyond the tactical aspects, we explore how threat intelligence must be communicated differently to technical teams versus executive stakeholders, and how building a diverse network across multiple channels creates compounding value over time. Whether you're a seasoned security professional or just beginning to explore threat intelligence, this conversation offers insights that will help you build more effective security capabilities through the power of community.

How prepared is your organization for disruption? In our latest episode, we dive deep into the critical topic of Business Continuity Planning (BCP) with cybersecurity expert and new Reveal Risk Director Todd Wilkinson. As digital dependencies grow, the way companies approach BCP must evolve. Todd highlights the shift in ownership from IT departments to business leaders, shedding light on the necessity for everyone in the organization to take accountability for continuity strategies. Drawing from his wealth of experience, Todd recounts compelling stories of real-world failures and the stark realities of service disruptions, particularly in the healthcare sector. He explains how reliance on SaaS and cloud services has transformed the landscape of planning, creating both opportunities and vulnerabilities. Listeners will gain valuable insights into best practices for establishing effective BCP protocols, including the vital distinction between BCP and disaster recovery planning. We tackle the importance of clear communication strategies during crises, the need for frequent testing, and the changing roles of different departments when it comes to continuity planning. Engaging and informative, this episode encourages organizations to rethink BCP as a crucial aspect of operational resilience rather than just a checklist for IT departments. Subscribe, share, and let us know how your organization is preparing for unexpected challenges or if you need help along the way! 

Unlock the secrets of a successful career in cybersecurity with our guest, David Gee, a recently retired industry veteran and author of "The Aspiring CIO and CISO." Amazon: https://a.co/d/9FCsBQR Packt (includes a promotion for the e-book version!): https://www.packtpub.com/en-us/product/the-aspiring-cio-and-ciso-9781835469194?srsltid=AfmBOooJFrNzjkRT_cLx3ux-ErfFownjl1EMB-dTupfrpBtI7QMw8103David takes us on a captivating journey through his diverse career, sharing transformative experiences from working across the US, China, Japan, and Australia. Discover how he navigated the complexities of being a CIO and CISO in different industries, and learn from his unique insights into continuous learning and adaptability. David also unveils the SKB (Skills, Knowledge, Behavior) assessment tool he used to foster talent development and promote diversity at Eli Lilly Japan.In our engaging conversation, we discuss the evolving role of a modern CISO, where the balance between technical know-how and soft skills is crucial. David, Cody, and Aaron dive into common misconceptions about the CISO role, particularly the narrow focus on technical skills alone. Through anecdotes about bot attacks and the Colonial Pipeline incident, we highlight the critical need for strategic thinking, stakeholder management, and effective communication. These stories underscore the importance of having a well-rounded skill set to thrive in the cybersecurity realm.As we wrap up, we reflect on the art of making career decisions that resonate with one's passion and promote long-term growth. The implementation of SecureCard Warrior at HSBC serves as a case study for setting clear objectives and achieving data-driven outcomes. David generously shares personal insights about aligning career choices with personal values and finding true fulfillment. Join us in this enlightening episode, where we celebrate David's global perspectives and express our deep appreciation for his valuable contributions to the cybersecurity community.

Unlock the secrets of effective insider risk management with Marene Allison, the former CISO of Johnson & Johnson, as she takes us on a journey through her illustrious career in cybersecurity. From her intriguing transition from military police to managing IT security for the World Cup, Marene shares captivating stories like thwarting a logic bomb attempt at Medco. Her emphasis on prioritizing process over technology offers invaluable insights into tackling insider threats, legacy technology challenges, and strategic loss prevention. Marene's thoughtful approach to cybersecurity underscores the impact of collaboration, highlighting the necessity of engaging with non-IT departments to safeguard critical data assets.In a conversation rich with wisdom and experience, we also explore the transformative power of mentorship with Cody, an advocate for the "pay it forward" philosophy. By fostering a culture of reciprocity, Cody inspires his mentees to guide others, amplifying the positive effects of mentorship in the cybersecurity field. This episode celebrates the unique skills that military veterans bring to the corporate world, emphasizing their significant contributions to data protection and security strategies. Join us for a thought-provoking dialogue that not only educates but also inspires a new generation of cybersecurity professionals to build a more secure future through collaboration and mentorship.

What happens when military intelligence meets professional sports? Our guest, Jack Thompson, Director of InfoSec, Risk, and Compliance at the Indianapolis Colts, brings a unique perspective to cybersecurity in the high-stakes world of professional football. With a career that transitioned from military operations to safeguarding invaluable sports data, Jack's journey underscores the critical importance of Business Continuity Planning (BCP) and Disaster Recovery (DR). We unpack the constant threats to sensitive information like playbooks and scouting reports, and how advanced data analytics are changing the competitive landscape. Jack's experience offers a compelling lens through which we explore historical incidents like Spygate and the ongoing efforts to protect strategic assets.Ever wondered how cybersecurity fits into the dynamic environment of a sports organization? Tune in as we discuss the pivotal role of leadership support in driving cybersecurity initiatives, particularly from general managers and COOs. Jack sheds light on the unique challenges posed by the ever-changing sports rosters and the necessity of securing transient player accounts and critical playbooks. We also explore the different levels of tech receptiveness among coaching staff and players, emphasizing the art of effective communication to ensure everyone understands the significance of cybersecurity measures.Disaster recovery isn't just about tech—it's about being prepared for the unexpected. Jack shares practical insights on handling scenarios like facility damage, emphasizing the need for alternative logistical solutions to keep the team functioning smoothly. From ensuring access to essential services like food and medical care to maintaining thorough documentation, Jack highlights the comprehensive nature of disaster planning. We wrap up this insightful episode with some lighthearted personal stories and nostalgic sports memories, bringing warmth and camaraderie to the serious business of cybersecurity. Join us for a captivating discussion that blends professional wisdom with the passion for sports.

What if understanding human behavior could be the key to bolstering your organization's cybersecurity? Join us for an enlightening conversation with Bob Casey, a veteran security expert whose career has spanned the FBI, Houston Police Department, and corporate security at a major pharmaceutical company. Bob's journey from handling organized crime on the midnight beat in Houston to transforming the FBI's intelligence capabilities post-9/11 is packed with lessons and insights that every threat intelligence analyst needs to hear.Discover the critical importance of integrating physical and cybersecurity through a cyclical approach to intelligence and security. Bob delves into the human elements behind cyber threats, discussing insider threats, intellectual property protection, and the interplay between cyber attacks and human behavior. His real-life example of a Texas firm's cyber intrusion underscores the necessity of continuous employee education and cybersecurity vigilance, offering a sobering reminder that overconfidence can lead to significant vulnerabilities.To wrap it all up, Bob shares some of his most memorable encounters with historical figures, including an intriguing story about briefing former President George W. Bush. From advice for aspiring cybersecurity professionals to personal reflections on significant historical moments, this episode is filled with fascinating anecdotes and crucial advice. Whether you're looking to build a career in cybersecurity or simply want to understand the complex world of modern security challenges, you won't want to miss this captivating episode!

Ever feel like you're just checking boxes when it comes to cyber awareness training? Prepare to revolutionize your approach as Aaron Pritz, Cody Rivers, and special guest Jim dissect the urgent need for a cyber education metamorphosis. It's time to transform passive training into a vibrant culture of proactive defense, where every employee is an empowered guardian against digital threats. We're scrapping the obsolete methods and giving you the ABCD blueprint—Awareness, Behavior, Cultural Change, and Delta—to ensure your organization becomes a bastion of cyber resilience. This episode isn't just a discussion; it's a masterclass in erecting a robust cyber awareness program. We unpack the importance of executive endorsement, pinpointing the ideal advocates, and crafting a plan that transcends the initial rollout's excitement. Jim enlightens us with the harsh realities of cyber strategy missteps and the golden nuggets of incentivizing team engagement. If your aim is to forge a formidable cyber team equipped to navigate the ever-shifting cyber threat terrain, let us arm you with the latest and greatest strategies to protect your digital domain.

Discover the unexpected synergies between spy craft and cybersecurity as Shawnee Delaney, ex-intelligence operative and CEO of Vaillance Group, shares her thrilling escapades and invaluable insights. Her experience, including a thwarted attempt to help capture Osama bin Laden due to miscommunication, offers a unique lens through which we examine the human elements essential to protecting national and organizational assets. Shawnee's anecdotes not only captivate but also elucidate the critical role empathy and understanding motivations play in managing insider risks.Tackling the underestimated threat of insider risks, our conversation with Shawnee reveals the foundational pillars of creating a culture of cybersecurity awareness. We expose the vulnerabilities that lie within organizations, often overshadowed by the focus on external threats. Shawnee, drawing from her extensive background, advises on the establishment of an insider risk program, highlighting the importance of a dedicated manager and the strategic communication necessary to engage employees without invoking fears of intrusive surveillance.As we shift our attention to the cultivation of future cybersecurity talent, Shawnee imparts wisdom for those embarking on or exploring a career in this dynamic field. She stresses the vast opportunities that look beyond technical expertise, weaving in the significance of human psychology and intelligence. Moreover, in a surprising twist, we pull back the curtain on a former Disney performer's journey, exploring the art of preserving Disney's magic, the power of networking, and the cultivation of professional relationships that can unlock doors in ways you never imagined.

What risks does the rapidly increasing use of AI bring to the table?Aaron Pritz and Cody Rivers sat down with Partner at Krieg DeVault LLP, Shelley Jackson to chat AI Risk and what you can do about it.

Join Aaron and Cody for this week's episode of Simply Solving Cyber, where they sit down with the VP of Cybersecurity Operations at Sallie Mae, Steve Lodin, to discuss his experience helping cyber start-ups, his fascination with black holes and space, being a murder-mystery book character, and his extreme passion for all things cybersecurity.

We're back with another episode of Simply Solving Cyber! This week, @Aaron Pritz and @Cody Rivers sat down with Cybersecurity Program Director at State of Indiana, Chetrice Romero.

We are thrilled to be joined by Cybersecurity & Technology Attorney, Cory Brennan, for the latest episode of the #SimplySolvingCyber Podcast!The Simply Solving Cyber hosts enjoyed connecting with Cory on all things:➡️ HIPAA-covered entities' common gaps➡️ Risk Analysis➡️ Privacy➡️SOC2 vs. HITRUST / NIST

What does it take to communicate well with and educate your board of directors' members? Independent Board Member, Retired Chief Information Officer, and board guru Mike Hineline joins @codyrivers and @aaronpritz to record the latest episode of #SimplySolvingCyber.

Leon Ravenna is the  Chief Information Security Officer & Chief Information Officer for Kar Global, a Fortune 1000 company headquartered in the Indianapolis suburb of Carmel, Indiana, with over 5,000 employees across the United States, Canada, Mexico, the United Kingdom and  Europe. Prior to Kar, Leon worked at Interactive Intellgence as well as other companies like Irwin Financial, First Financial, Service Link, Millenium Pharma, Heartland ECSI.Aaron, Cody, and Leon talk about prioritization in cybersecurity,  picking "hills to die on", staffing and retention, and more.

Cody Rivers and Aaron Pritz reboot Simply Solving Cyber for season 2. Jeff Ton returns to the show to talk about the Indy CIO Network and it's expansion to the Indiana CIO Network through acquisition by TechPoint.Cody, Aaron, and Jeff explore important topics of change management, digital transformation, and how cybersecurity connects throughout.  Jeff also gives some great tips on building soft skills for leaders, which is a person passion of his and foundational to the focus of the Indiana CIO Network.

Beth StClair joins us to talk about the important topic of burnout in cybersecurity.  While not a cybersecurity expert herself, Teddy and Aaron had so many requests about bringing this important topic for the industry more into the light.Beth is the Owner and Principal Consultant at Act Up Consulting. You will learn a bit more of Beth's background in the show, but she was working as a consultant for a top firm. She had worked her way up and was seemingly doing well by most standards. At this time, she had the need to control everything. She thought being the hero meant solving every problem that came her way, alone. Yep, you needed something done? Beth was your gal.The result was not great. She felt disconnected, tired and burnt out. She felt like she was carrying the weight of the world on her shoulders. So when a friend of hers mentioned improvisational comedy class as a way to help Beth laugh and relax, she (hesitantly) agreed. With no previous theatre of performance experience and in her mid-thirties, Beth jumped into this new world. The decision ended up being one of the best ones of her life.Take a listen and find out how Beth applied these new skills to managing through and beyond burnout.You can visit Beth's company at https://actupconsulting.com/If interested in checking out Improv Comedy, you can visit these resources to get involved!Indy/Local:https://www.indyprov.comhttps://cszindianapolis.comNon-Local (online courses):https://www.secondcity.com/chicago/find-a-class/lets-get-started/https://groundlings.com/school/online-classes

On this episode, we talk to John Sileo, who became a cybersecurity expert (the hard way). John Sileo left hi-tech consulting and became an entrepreneur to reclaim his greatest priority - being present, every day, for his wife Mary and their dream of starting a family. Six successful years, a $2M business and two precious daughters later, he lost it all to cybercrime.Because the cyber criminal, a company insider, masked the crimes using John's identity, John was held legally and financially responsible for the felonies committed. The losses destroyed his company, decimated his finances and consumed two years of his family life as he fought to stay out of jail. John shares his entire story from stage. John has molded his first-hand experiences into a string of successes as an award-winning author, 60 Minutes guest and keynote speaker to the Pentagon, Schwab and thousands of audiences ready to take concrete action on cyber security, digital privacy and tech/life balance.About Simply Solving CyberThis show features an interactive discussion, expert hosts, and guests focused on solving cyber security and privacy challenges in innovative and creative ways. Our goal is for our audience to learn and discover real, tangible, usable ideas that don't require a huge budget to accomplish. Shows like “How It's Made” have become popular because they explain complicated or largely unknown things in easy terms. This show brings the human element to cyber security and privacy.

Aaron and Teddy connected with Sally Illingworth - all the way from Indianapolis to Australia.Sally is a strategic communications advisor and practitioner with a distinguished ability to assimilate, analyse and interpret information. Sally is highly regarded for her approach to narrative design and influence development. Passionate about communicating complex things simply, Sally works with startup and enterprise technology brands on brand awareness, content creation and demand generation initiatives. Recognised globally as one of Australia's most prolific LinkedIn personalities, Sally is an astute content marketer. As the co-founder and COO of LAMPS Media, Sally and her team own and operate The Reboot Show - a technology focussed digital platform that provides informative and engaging content on technology related topicsTeddy and Aaron explore Sally's journey and influence within and around the technology and cybersecurity sector.

Ben Phillips is a Director at Katz, Sapper & Miller. He is a trusted advisor, a board member and a volunteer. Ben holds the CPA (Certified Public Accountant), CITP (Certified Information Technology Professional) and CISA (Certified Information Systems Auditor) designations. Aaron and Teddy connected up with Ben and unpacked his experience in audit and accounting and how he pivoted into cybersecurity with a special focus on internal controls through SOC audits and cybersecurity assessments & audits. Aaron and Ben swap stories about audit and it being much more "cool" than what both even thought it would be.

Teddy and Aaron talk to Todd Wilkinson, Chief Information Security Architect for Elanco Animal Health. Todd had an interesting journey from supporting a university network, to consulting, to big pharma, and business/analytics roles before pivoting into cybersecurity. The guys enjoyed exploring some of his learnings which helped him formulate his posture around how he drives cybersecurity across the company and teams.

Aaron and Teddy connect with Scott Shackelford, the Cybersecurity Program Chair at Indiana University. Scott has a mix of legal, business, privacy, and cybersecurity backgrounds and is a dynamic leader and educator.In the show, Scott mentions the Hoosier State of Cybersecurity 2020 report which can be found here: https://news.iu.edu/stories/2020/12/iub/releases/10-state-of-cybersecurity-preparedness-in-indiana.html

Teddy and Aaron sit down with Mitch Parker from IU Health to discuss how he got into cyber security and healthcare. Mitch is a highly connected influencer in healthcare and hospital network cybersecurity.

Aaron and Teddy chat with Daniel Eliot, Director of Education and Strategic Initiatives at the National Cyber Security Alliance. This organization works with CISA to run National Cyber Security Awareness Month in October and many other initiatives and useful guidance throughout the year.

In Episode 5, Aaron and Teddy connect with Chris Farr, Cybersecurity Strategic Advisor for Eli Lilly (pharmaceuticals). Chris comes from a background of finance, sales, and operations and we explore how diversity of skillset can be so powerful in our field

Aaron and Teddy sit down with Jason Pennington, Sr Director of Indiana IoT Lab -which connects some of Indiana’s best entrepreneurs, startups, and established partners to bring new and exciting Internet of Things (IoT) solutions to the market. While Jason is not a cybersecurity professional, he is an electrical engineer innovating in the domain of IoT, which is a rapidly growing cybersecurity focus area.Indiana IoT Lab Website:https://indianaiot.com/

Aaron and Teddy sit down with Chad Boeckmann (CEO, TrustMAPP) to discuss his journey through cyber security and his insights on where "people" and "process" have been critical to success. Chad has over 20 years of experience in cybersecurity and some really intriguing perspectives from having worked on all sides of the table (corporate InfoSec, consulting, cybersecurity tool provider).

Teddy and Aaron talk with Jeff Ton, who recently started full time into his own business doing speaking, coaching, and consulting. They discuss how Jeff had to solve PCI compliance issues with people and process before technology available to his team while working as the CIO of Goodwill.Make sure to check out Jeff's new book, Amplify Your Job Search: Strategies for Finding Your Dream Job, which is a really great way to refresh your approach and positioning in this challenging market to find THE job that you aspire to.Available now onAmazon: https://bit.ly/AYJSTONBarnes & Noble: http://bit.ly/BNAYJSJeffreySTon.com: http://bit.ly/JSTAYJS

“Simply Solving Cyber” is a show highlighting and promoting a more visable focus on "people" and "process" in cybersecurity; within an industry that tends to get dominated by technical solutions and "silver bullet" marketing claims.The focus will be on exploring conversations with cybersecurity leaders and practitioners on their unique solutions / approaches to difficult problems. Hopefully we can all learn through each other and help new and veteran practitioners evolve their thinking.Joanna Grama is our first guest to the show. Joanna is a lawyer by background that found her way into cybersecurity through working at a university. She now does education focused consulting around cybersecurity.