The CISO Diaries

Decrypting The Good DoctorThanks for tuning in to Check Point ReelTalk, a podcast for security folks who want less FUD and more F-U-N. Each episode, we'll join forces with other security pros, and react to how the industry is portrayed in film and TV.This time, we'll be reacting to an intense medical-action mashup of "The Good Doctor" where the hospital is hit by ransomware and the IT Director has hours to outsmart the hackers. Host, Syya Yasortornrat, will be joined by Check Point Product Marketer, Diana Polansky, and Avid CISO, Dmitriy Sokolovskiy, who bring their knowledge of the cybersecurity industry to react to "The Good Doctor" Season 4, Episode 10: Decrypt. Find out: What was accurate? What wasn't? And what can you apply to real world cyber events?*****Special Thanks!Video clips and sound tracks are provided by YouTube and Envato creators.Listen/Watch Here: Lea is Doing a Surgery | The Good Doctor 04x10 HD CLIP • Video The Good Doctor - Lea Being A Hacker For 2 And A Half Minutes Straight • Video The Good Doctor 4x10 (Lea Gets The Hospital Back Online) • Video Lea Saves the Hospital Network - The Good Doctor • Lea Saves the Hos... Hospital is Attacked By Hackers | The Good Doctor 04x10 HD Scene • Video The Good Doctor 4x10 Promo "Decrypt" (HD) • The Good Doctor 4... Connect With Us:Syya Yasotornrat: https://www.linkedin.com/in/syyayasot...Diana Polansky: https://www.linkedin.com/in/dianamika...Dmitriy Sokolovskiy: https://www.linkedin.com/in/dmitriy-s...Website: https://checkpoint.com/Facebook: https://www.facebook.com/checkpointsoftwareLinkedin: https://www.linkedin.com/company/check-point-software-technologies/Twitter: https://twitter.com/checkpointswYouTube: https://www.youtube.com/user/CPGlobalReelTalk...

Daniel DeCloss is Founder and CEO of PlexTrac and has over 15 years of experience in Cybersecurity. Dan started his career in the Department of Defense then moved to private sector consulting where he worked at companies like Veracode as a Principal Consultant in Penetration Testing. He also served as a Principal Security Engineer for the Mayo Clinic and a Sr. Security Advisor for Anthem. Prior to PlexTrac, Dan was the Director of Cybersecurity at Scentsy where he built the security program fro infancy into a best-in-class-program. Dan has a Master's Degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Dan holds the OSCP and CISSP certifications. LinkedIn: https://www.linkedin.com/in/ddecloss/ (https://www.linkedin.com/in/ddecloss/ ) Twitter: https://twitter.com/wh33lhouse (@wh33lhouse)

Michael Manrod, CISO at Grand Canyon Education  Mike Manrod, MSISE, CCSBA, CSSBB, CISSP, Chief Information Security Officer--Mike presently serves as the Chief Information Security Officer for Grand Canyon Education, responsible for leading the security team and formulating the vision and strategy for protecting students, staff and information assets across the enterprise.   Previous experiences include serving as a threat prevention expert for Check Point and working as a consultant and analyst for other large enterprise customers.  He is also a co-author/contributor for the joint book project, Understanding New Security Threats published by Routledge in 2019.   When not exploring the implications of the rapidly evolving threat landscape or the convergence between cognitive psychology and machine learning, he spends time playing video games with his kids, practicing martial arts and cooking.    LinkedIn: https://www.linkedin.com/in/manrod/ (https://www.linkedin.com/in/manrod/) Twitter: https://mobile.twitter.com/croodsolutions (@CroodSolutions)

Anu Kukar is an industry award winner, international keynote speaker and diverse executive with 20 years of experience in both consulting and industry. She has spoken 60+ events, published articles and been a guest on podcasts globally across 9 countries. She shares insights and provides practical tips through her unique storytelling whilst taking the audience on a virtual around the world tour. Anu has worked across and within Critical Infrastructure – energy, utilities, telecommunication, media and financial services. LinkedIn: www.linkedin/com/in/anukukar Switch2Cyber Campaign: https://www.linkedin.com/company/switch2cyber/ (https://www.linkedin.com/company/switch2cyber/ ) (in collaboration with Cyber Future Foundation, Whole Cyber Human Initiative and many more)

Alex Rhodes is a Cybersecurity Research Engineer and Space Cyber affluent. He also serves on the board of advisors and as Youth and Community Director for Whole Cyber Human Initiative. He's retired from the U.S. Army in 2018 as the Assistant Special Agent in Charge of the Digital Forensics Research Branch for the Army Criminal Investigative Division, (USACIDC). In addition to conducting digital forensics and felony investigations for the Army, he spent 5 years as a Russian Linguist and about 2 years as a Satellite Communications Specialist. After retiring from the Army, he worked for Lockheed Martin as a cybersecurity professional where he was awarded with the 2020 Technical Innovation Award for a classified cybersecurity project. ​Alex's next assignment was with Peraton where he used his previous experience to assist with completely rebuilding and revamping the cybersecurity program for the 62nd Cybersecurity Squadron, U.S. Space Force. While working on an assignment to help secure satellite platforms, Alex wrote a research paper highlighting the vulnerabilities inherent within the Telemetry and Commanding (TT&C) system of a satellite. ​Currently, Alex is working as an Information Systems Security Engineer and cybersecurity researcher for Stephenson Technologies Corporation. He has co-authored a research paper into the HiveNightmare vulnerability with Paul Cummings. Currently, he is researching vulnerabilities inherent in a system of systems and critical infrastructure systems. Alex has numerous military and civilian awards over the last 20 years. He has an Associates in Russian Language from the Defense Language Institute, Foreign Language Center, a Bachelor's of Science in Russian Studies from Excelsior College, and a Masters of Science in Cybersecurity with a focus in Information Assurance from Excelsior College. LinkedIn: https://www.linkedin.com/in/alexrhodes79/ (https://www.linkedin.com/in/alexrhodes79/) Whole Cyber Human Initiative Non-Profit: https://www.wholecyberhumaninitiative.org/ (https://www.wholecyberhumaninitiative.org/)

About Valmiki Mukherjee: Valmiki (Val) is Chairman and Founder of Cyber Future Foundation and a globally recognized expert in the cyber and cloud security industry with a focus on innovation and collaboration to address the Information Security needs of the future. He previously served as an Executive Director in the Cyber Advisory Services at EY. For several years, Val has served as a trusted advisor to a number of the top Fortune 500 C-Level executives, public agency leaders and education institution management teams. Val is considered as an original thought leader in the domain of Cyber Peace and in 2014 established the Cyber Peace Alliance, a global think/do tank of cybersecurity and policy experts advancing the concept of a secure and trusted Cyberspace. Val founded Cyber Future Foundation and its Constituents including the Cyber Peace Alliance to take the initiative forward. Val is known for his Commitment to the information security professional community and is constantly engaged as a leader and contributor within many standards initiatives, security alliances and consortium. He also serves as the Global Co-chair of Cloud Security Alliance's IAM domain. Val is also the Founder and Current Chairman of CSA North Texas which in a couple of years has grown to be a significant contributor to the global Cloud Security domains. He also addresses graduate classes at leading schools on Information Security, Risk Management and Cloud Security. Show Highlights: Cyber is a complex issue, you cannot just solve for it with academic knowledge, you need to have hands-on experience. Getting someone the hands-on experience is a problem, that's why it's a risk with entry level – this causes issues and problems. We need a constructive way to get these people meaningful hands-on experience and work. There has to be a pathway between academic learning, fundamental knowledge, so their base is strong. We need to build this in as much 'Left Shift' as possible and make sure that the digital citizens of tomorrow and of today get this experience for the workforce. To stand up a team like this in some organizations can be quite costly. Why don't we shift it towards the final years of education and community experience so that they get that experience then. This is what my new Cybersecurity Venture will focus on. This is why Cyber Talent Week (April 22, 2022) is so imperative. Apprenticeship is a great model. The way the system is set up now makes it very hard to set this up – this is what we are changing. Social good can happen and commercial success can happen – they have to be together. LinkedIn: https://www.linkedin.com/in/valmikim (https://www.linkedin.com/in/valmikim) Twitter: https://twitter.com/valmikim (https://twitter.com/valmikim)  Cyber Future Foundation: https://cyberfuturefoundation.org/index.html (https://cyberfuturefoundation.org/index.html) Cyber Talent Week: https://cybertalentweek22.eventbrite.com/ (https://cybertalentweek22.eventbrite.com/)

About Michael Gregg: Michael Gregg is the state of North Dakota's Chief Information Security Officer. The state CISO is responsible for establishing and leading the strategic direction of cyber security for the state and advising the governor and legislators on key cyber issues. With Michael's cyber experience span being over a period of two decades, he has been a pioneer of helping people interested in becoming IT professionals as well as seasoned IT professionals achieve by sharing knowledge by means of authoring over 25 IT cyber security books, including:  Inside Network Security Assessment, Hack the Stack, CISSP Exam Cram2, Build Your Own Network Security Lab ,and Certified Ethical Hacker Exam Prep2. He has developed high-level security classes and has been featured in newspapers, magazines, and on news programs such as MSNBC, The New York Times, Fox News, CBS News, etc. He enjoys contributing his time and talents where there is a need to help others learn and grow by holding board, committee, and advisory positions for non-profit organizations.  Michael is also a faculty member of Villanova University and creator of several of their security programs. He also serves as a site expert for four TechTarget sites, including SearchNetworking, SearchSecurity, SearchMobileNetworking, and SearchSmallBiz. He is a board member of a Houston area Habitat for Humanity. He holds a Bachelors degree, Masters degree, and many security certifications. LinkedIn: https://www.linkedin.com/in/michaelgregg01 (https://www.linkedin.com/in/michaelgregg01) NDIT: https://www.linkedin.com/company/ndgovndit (https://www.linkedin.com/company/ndgovndit) Episode Highlights: Volunteer to get skills Leadership is not a title, it's what you do Going to the gym is like doing security – It's ongoing Vendor Partnerships – Looking for win-win Give effective feedback Focus on Collaboration Advice - Be Honest, Humble, and Hungry GET THE PRENUP!

About Christophe Foulon: Christophe Foulon, senior manager and cybersecurity consultant at F10 FinTech, brings over 15 years of experience as a CISO, vCISO, information security manager, adjunct professor, author, and cybersecurity strategist with a passion for customer service, process improvement, and information security. He also has spent more than 10 years leading, coaching, and mentoring people. As a security practitioner, Christophe is focused on helping businesses tackle their cybersecurity risks while minimizing friction, resulting in increased resiliency, and helping to secure people and processes with a solid understanding of the technology involved. He gives back by producing a podcast, “Breaking into Cybersecurity,” focused on helping people who are trying to transition into the cybersecurity industry by sharing the stories of those who have done it in the past 5 years to inspire those looking to do it now. Christophe holds a Master of Science in Information Technology, Information Assurance, and Cybersecurity, a graduate certificate in Information Systems, and a bachelor's degree in Business Administration/Information Systems from Walden University. He gives back to the community serving as a Career Coach, Adjunct Professor, Author, and Mentor among the Evolutionary Skills Development Network Discord server. Additionally, he joins as volunteer guest speaker to the Veterans Breaking into IT/Cybersecurity Mentorship monthly events. LinkedIn: https://www.linkedin.com/in/christophefoulon (https://www.linkedin.com/in/christophefoulon) Twitter: https://twitter.com/chris_foulon?s=21 (https://twitter.com/chris_foulon?s=21) Breaking into Cybersecurity Podcast: https://m.youtube.com/c/BreakingIntoCybersecurity (https://m.youtube.com/c/BreakingIntoCybersecurity)

About Shefali Mookencherry Shefali Mookencherry is CISO at Edward-Elmhurst Health, has extensive experience in healthcare cybersecurity, HIPAA, PCI, Promoting Interoperability and revenue cycle areas, including 30+ years in the healthcare industry, with fifteen spent in senior management positions. She is currently a CISO, who is responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. She has conducted HIPAA IT Security Risk Analyses/Assessments for various organizations that wished to be compliant with HIPAA and/or Promoting Interoperability measures/requirements. Shefali has worked with small practices/vendors to larger integrated delivery networks/health systems and academic institutions. Furthermore, Shefali teaches graduate students at a local University about HIPAA, health insurance exchanges, healthcare reform, and IT security. LinkedIn: https://www.linkedin.com/in/shefali-mookencherry-aa1a4878/ Book: https://www.amazon.com/Grandpa-Blueberry-Adventures-Through-Meadow/dp/1483696197 (Grandpa Blueberry Adventures: A Walk Through Blueberry Meadow)

John Bambenek - Principal Threat Hunter at Netenrich; Chief Architect of the Cyber Panopticon; Incident Handler for Internet Storm Center  About John Bambenek: John Bambenek is an information security practitioner from Champaign, Illinois. As a graduate from the University of Illinois with a B.A. in Theoretical Astrophysics (emphasis in extragalactic astrophysics) and a minor in Mathematics, he has been employed as a project manager at Cap Gemini Ernst and Young, where he provided consulting services to numerous Fortune 500 firms. He continues to provide his expertise to the SANS Institute by authoring published course materials and exams. He also operates the charitable Tumaini Foundation, which provides funds and other needed resources to Tanzanian schools for AIDS orphans. He is also known for his current work in spyware and botnet technology, and their use concerning identity theft. He is also a volunteer as an incident handler for the Internet Storm Center, and his research has been cited in various media venues such as the New York Times and the Washington Post. Twitter: https://twitter.com/bambenek (https://twitter.com/bambenek)  LinkedIn: https://www.linkedin.com/in/johnbambenek/ (https://www.linkedin.com/in/johnbambenek/)

CHRISTOPHER RUSSELL, CISO, tZERO Group About Christopher Russell: Christopher Russell is the Chief Information Security Officer for tZERO. Apart from holding a master's degree in cybersecurity, he also has several certifications in cloud security, endpoint detection and response, SIEM, NGFWs, and blockchain. He has a background as a human intelligence (HUMINT) collector for the U.S. Army and as a combat Veteran. Christopher graduated from the Defense Language Institute with a specialization in Arabic. Christopher Russell is the Head of Information Security for tZERO Group Inc. He has a Masters Degree in Cybersecurity and numerous certifications and experience in cloud security, endpoint detection and response, SIEM and blockchain. He is a combat Veteran of the US Army, where he was a human intelligence (HUMINT) collector who graduated from the Defense Language Institute, for Arabic. Chris is also Advisory Council member at NightDragon, a venture capital firm investing in and advising late-state and growth companies, providing a platform of growth for the next-generation of cybersecurity, safety, security and privacy companies. Connect with Chris on https://twitter.com/cr00ster (Twitter) or https://www.linkedin.com/in/christopher-russell-5a9b20a7/ (LinkedIn) Episode Highlights: 00:00 - Background and First CISO Role Hard to leave CriticalStart / CyberOne Personal interest in blockchain and FinTech 3:03 - Path into Cybersecurity Cybersecurity is second career First career was in Intelligence - really enjoyed it, did meaningful and exciting work oversees Learned Arabic at Defense Language Institute Was in Middle East as long as they could keep me there Getting into Systems (human operations - debriefings, extracting information from people) was easy for him. He had an 'a-ha' moment that this is where it's at - Information Systems. He hit the books, self-studied, went back to school with GI bill - went through courses, spinning stuff up and tinkering to have enough of a background to function. Had basic networking skills and sensitized to it already. Got his Masters 5:59 - First Job at AT&T Low paying, but learned a lot in networking Could make his own Cat 5 and troubleshoot a network to round out his background 6:18 - First Engineering Role in Cybersecurity Still felt like I knew nothing Stayed late, constant research, networking, put in the effort early on His military background helped him with the detect part and making it make sense to the right people - being able to articulate. Mentoring - he created a mind map with all the different stuff you can do in cybersecurity. Start with Security Engineer, then into Security Architect, then Cloud Architect, then pivot into leadership, for example. If goal is to be a CISO - yes, you can get there from Analyst 14:53 - Using Intuition in Cybersecurity (is he going to host a podcast on this topic soon)? "This is something near and dear to my heart - I feel like I get data from things and situations on a different frequency than most and can quickly address problems." In Intelligence this was invaluable and it helped him get a lot of success there In cybersecurity it's not much different - there's a lot of people like this - we have quirkiness and different personalities in cyber, high on IQ side and they have high intuition - they just know where to go and look for problems and answers. It's not something out of the text book. 33:25 - Parting Thoughts and Fear I am on the low end of the fear scale - try and take my energy and be proactive vs. worry. On a scale of 1-10, I hover at a 3. I have times where I have to remind myself to relax and I creep up to a 6 or 7. In a leadership level, bring a sense of calm - keep everyone focused and calm on the mission. As much as I understand why the fear factor is high right now, I choose to stay focused on a 3 and be proactive.

VALARIE FINDLAY, President / Chief Scientist, TIGIR Secure About Valarie Findlay: Professionally, Valarie has over twenty years in national security, intelligence and threat analysis for US and Canadian governments. From this experience, she developed the methodology and functionality for TIGIR to meet a growing risk assessment and compliance need in public and private sector. Born in Ottawa, Canada, Valarie has a Masters in Terrorism Studies, a Masters in Sociology and is currently writing her doctoral thesis on terrorism as a social phenomenon. She is also a member of IALEIA, CAPIA and several other intelligence and cyber-related committees. TIGIR's US and Canadian patent was filed in 2015, and development proceeded on the beta and prototype, garnering positive reviews and user acceptance. The full version is about to be release in early 2022. The US patent was issued in 2020 and the Canadian patent is in examinations. A continuation has also been filed to extend and protect the IP. Through her extensive network as a member of the Canadian Assoc. Chiefs of Police/CATA, eCrime Cyber Council, the American Society for Evidence-Based Policing (ASEBP), AFCEA Cyber Committee (Washington DC) and as a research fellow with the National Police Foundation, her software solution has received positive feedback. LinkedIn: https://www.linkedin.com/in/valarie-findlay-53b13a163/ (Valarie Findlay) Twitter: https://twitter.com/JaneVMoneypenny (JaneVMoneypenny) Episode Highlights: 00:00 - Background and how Val got into Cybersecurity Started in IT during the dot-com boom and "cut my professional teeth with Nortel" Was quickly rolled into IT security and IT forensics Spent several years in Austin, TX and in Linux Returned to Canada Moved into Military and enforcement in early 2000s and "found my calling" Thrived in the area of National Intelligence and worked with some amazing people and recognized what she thinks is one of our biggest challenges in cybersecurity 5:18 - Entrepreneurship "I'm a reluctant entrepreneur" Most comfortable dealing with my colleagues and solving problems - there is benefit to having soft skills In cybersecurity, it can be a very difficult challenge to get others to understand if they don't work in that field. It's a difficult concept to market as a CEO 8:35 - Females in Cybersecurity - Struggle and Biases and Overcoming these We need to call it out and hold others accountable Have the conversations privately and these things have to be talked about and addressed Works in Canada - one of the most controversial organizations where we have a crisis of how our genders treat each other, and the diversity and respect These things have to be addressed and brought head-on. The key to it is address it and calling it out immediately - we have to have our story heard. "Business is business - we're all in this to make a difference, make money, and build companies - doesn't matter whether we're male or female." 11:50 - Working with Investors Speak the same language Demonstrate expert knowledge Always a shred of doubt when dealing with someone not from cybersecurity - you're really in a position of having to prove yourself, prove the technology and the viability of what you claim your technology does. Fortunate because "I have a U.S. patent." Canadian examinations happening now (at time of recording - December 2021) 21:10 - Public and Private Sector Collaboration & Getting People into Cybersecurity Jobs With all organizations she's been involved in, there are common denominators - each organization is trying to solve a problem - in my case, related to security and criminality and maintaining social values and nation prosperity Responsibility to people like myself when we see youth come in to our profession - people have a lot o add, but they have to be put into contact with the right people who can recognize their skills and help them materialize those...

Dr. Chase Cunningham is the Chief Security Strategy Officer (CSO) at Ericom Software. Previously he was Principal Analyst at Forrester serving Security and Risk professionals. Prior to Forrester Research, Chase was the director of cyber threat intelligence with Armor, where he designed and managed the cloud security and intelligence engine for their enterprise customers. A retired US Navy chief with more than 20 years' experience in cyber forensics and cyber analytic operations, Chase has past operations experience, stemming from time spent in work centers within the NSA, CIA, FBI, and other government agencies. In those roles, he helped clients operationalize security controls; install and leverage encryption and analytic systems; and grow and optimize their security operations command systems and centers.  LinkedIn: https://www.linkedin.com/in/dr-chase-cunningham/ Twitter: https://twitter.com/CynjaChaseC Author of Cybersecurity Books for kids and adults: https://www.amazon.com/Chase-Cunningham/e/B00I2PHD3W?ref=sr_ntt_srch_lnk_2&qid=1643855110&sr=1-2 DrZeroTrust Podcast: https://podcasts.apple.com/us/podcast/drzerotrust/id1570251081

About Paul Cummings: Visionary Paul Cummings is a retired 20-year US Navy Information Systems Technology Chief, currently working as an Information Systems Security Engineer and Cyber Security Research Engineer for Stephenson Technologies Corporation. He brings a comprehensive background in executive-level planning, managing IT and Cyber Security teams, and program management derived from both global and domestic maritime operations. Mr. Cummings has led 15 Navy War Fighting Ships and 176 Information Security Managers and Security Network Engineers to support over 7,000 enterprise users, enforced a 95% patch management and hardening efficiency for five consecutive years with less than 24 hours of critical service downtime. Built and Established a 38-person Cyber Protection Team and managed a $6M training budget that led the team to be fully qualified a year ahead of schedule and successfully led a large-scale incident response operation which was awarded the Department of the Navy IT Team Excellence Award for 2017. He has helped realign budget for personnel by forecasting Life Cycle Ends and computer system upgrades. Paul's career is supported by CompTIA CASP, and he is the recipient of multiple awards for outstanding performance and professionalism. His dedication to the success of others has led him to establish Veterans Breaking into IT/Cybersecurity Mentorship Campaign, an organization where he hosts monthly engagements with transitioning service members, veterans, military spouses, and aspiring civilian professionals found on YouTube under https://www.youtube.com/channel/UCi-DIEYwsRquVzPXoBssNwQ (Paul Cummings Veterans Breaking into IT Cyber). He actively volunteers with Vets2Industry, Npower, Evolutionary Skills Development Network Discord, and Vicious Vineyards Discord. Career is supported by CompTIA CASP and receipt of personal achievements awards: Defense Meritorious Service Medal, the Joint Service Achievement Medal, the Navy Commendation Medal (3 awards), Navy Achievement Medal (4 awards), and the Navy Good Conduct Medal (5 awards), Military Outstanding Volunteer Service Medal, and Department of the Navy IT Excellence Award 2017. LinkedIn: https://www.linkedin.com/in/paul-cummings/ (https://www.linkedin.com/in/paul-cummings/)  WCHI: https://www.wholecyberhumaninitiative.org/ (https://www.wholecyberhumaninitiative.org/)  Episode Highlights: 00:00 - Background and How Paul Got Into Cybersecurity Uncle was his recruiter Was bored of the 9 to 5 jobs Took ASVAB Started as a computer repairman, moved to help desk than ISSM Intro to cyber was in Iceland with an introduction to Red and Blue Teams 5:30 - Assignment in Iraq 16:00 - Complaints on Certifications Certifications and the demands around having them Difference between military and civilian requirements What happened to the CISSP? 25:00 - Importance of STEM Middle School and High School - Why not get a monitor, computer and raspberry Pi? Colleges - Very few doing it, but failing globally - Defining Cyber in IT College classes requiring classes that are not needed....follow the money 31:00 - The different options in Cybersecurity Do personality tests and Cybersecurity tests 37:00 - Transitioning and Recommendations Focus on skills that compliment where you know  For those in transition, look at the the people in your industry Final Thoughts Teach your children Digital Citizenship EARLY!

Josh Mason is the CEO and Founder of Cyber Supply Drop. He runs giveaways that provide participants with free vouchers for training and certification exams. He's also a Red Team instructor at INE, a huge advocate and mentor to veterans breaking into cyber, and a very active contributor in the community. He's also an instructor for WithYouWithMe, an Australian company which helps people without a tech background get jobs in tech, and on the Board of Advisors for non-profit, Whole Cyber Human Initiative. Josh sheds light on the best, most cost and time efficient ways to break through the barriers in the industry. Josh has 10 years of military experience, as an Air Force pilot and cyber warfare officer. His work at the 1 Special Operations Communications Squadron ensured mission continuity on the busiest Air Force Special Operations Command base and at deployed locations across the globe. As a cybersecurity instructor for Jacobs at the Department of Defense Cyber Crime Center, Josh trained hundreds of US DoD cybersecurity operators and special agents in Cyber Threat Emulation, Digital Forensics and Incident Response, and Threat Hunting. As a cybersecurity evangelist, Josh points prospective and active cyber professionals at valuable training and resources, with a focus on free and highly-accessible content. He's a Cyber Warrior, husband and father of two little ones. Diary Highlights: 0:00 - Intro & Background ·  Training background, Military ·  Mentor ·  WithYouWithMe - Mentor, training up veterans and mil spouses to get into jobs ·  Cyber Supply Drop, Red Team Instructor for INE ·  Transitioning from Military to Civilian Life and job ·  Leader suggested that cybersecurity wasn't for him ·  Went into teaching on operations with some cybersecurity, loved instructing ·  Once leaving the military, didn't have an idea on what to do, signed with DOD SkillBridge Internship. ·  Learned Project Management ·  Looked at LinkedIn connections - Reached out to a connection from Navy and had commonality of going through program. 10:00 - Speaking and Engaging ·  Special forces training helping to interview ·  Shout out to military veterans ·  Taught critical thinking skills, instructions vs giving goal to solve ·  Similar to business, give the team to solve their own problem and empower ·  Veterans are used to being empowered and to think. If there is a failure, it's ok to ask for help. Failure is part of the experience to learn. ·  Failure is acceptable ·  Josh's story: In Afghanistan, plane wasn't starting, looked at the challenges with engine problems. In the end, worked through the process. 22:00 - Teams & CISO roles ·  Talks about the ideal teams ·  The newness of CISO role and role of cybersecurity ·  There is an older school  24:50 - Being Told No ·  When the Commander told him to reconsider cybersecurity, was no longer a pilot ·  Josh realized he wasn't doing his "dream job" ·  Looked at the limitations of being effective and limitations of empowerment in military hierarchy ·  SkillBridge was effectively a Leadership Laboratory ·  Helpful to look at building the next generation leadership 29:00 - Applying to Parenthood ·  Primary goal is to be father and husband first ·  All activities is to drive family harmony ·  Met his wife there and she's accomplished in her own right Final Thoughts: Give your people a chance to grow and fail. Accept the responsibility and don't just give them the crown jewel and let them fail so it is easier to learn. Know that you are going to fail. LinkedIn: https://www.linkedin.com/in/joshuacmason/ Twitter: https://twitter.com/joshua17sc

Dr. Bonime-Blanc spent two decades as a c-suite global corporate executive at Bertelsmann, Verint, and PSEG overseeing legal, governance, risk, ethics, corporate responsibility, crisis management, compliance, audit, InfoSec and environmental health and safety, among other functions. She began her career as an international corporate lawyer at Cleary Gottlieb, was born and raised in Europe and is multi-lingual. She serves on several Boards and Advisory Boards including Greenward Partners (a Spanish green energy firm), Ethical Intelligence (an EU-based AI ethics firm), ProtectedBy.AI (A US based AI cybersecurity firm), Epic Theatre Ensemble (a NYC nonprofit), the NACD New Jersey Chapter and NYU Stern-based think tank, Ethical Systems. She also serves as a Governance Mentor at Plug & Play Tech Centre, a global start-up eco-system. She is a NACD Board Leadership Fellow and Governance faculty and holds the Carnegie Mellon CERT Certification in Cyber-Risk Oversight. Andrea is a global speaker, including at Davos, and appears regularly on Bloomberg TV, Yahoo Finance, Cheddar and other media. She is faculty at NYU's Center for Global Affairs Masters program teaching “Cyber Leadership, Risk Oversight and Resilience”. She is an extensively published author of many articles and several books including The Reputation Risk Handbook, Emerging Practices in Cyber-Risk Governance and The Artificial Intelligence Imperative. Her latest book, Gloom to Boom: How Leaders Transform Risk into Resilience and Value (Routledge 2020) debuted as an Amazon #1 Hot Release in Business Ethics and Game Theory. She serves on the board of directors at Cyber Future Foundation, a non-profit and think tank of doers and executives. She lives in New York City with her family and is an avid photographer and artist. About This Discussion: Highlights: 0:00 - Intros & How did Andrea Get into GRC and Ethics? WHY GRC? Started out life as a lawyer at a start up Moved to be Crisis Management, Became the person that got the non-financial issues Y2K was her first contact to prepare the team and IT people and coordinate Grew Up in Germany and Spain, came to US at 17 Social Sciences have always interested Andrea 7:40 - Crisis of The Week - Launching her own business Frustrated with the corporate world on corporate responsibilities, GRC, Cyber issues, etc Saw opportunity to be an outside advisor across multiple industries for clients who really care Notably, clients are doing the right things and want to do better 12:00 - Legal Background and Cybersecurity Legal background and how it helps differentiate to advise Don't consider herself as "narrow" but looking at situational awareness Moving from legal to strategic consultant World have a perception that lawyers Process is commonality in legal and cybersecurity industries - Andrea's German Mom help instill discipline and rigor to establish process Keep learning and helps to drive for themselves or others 19:00 -  Difference between GRC and Security There is a parallel threads between GRC and Security communities Big push in cybersecurity for CISO to be on the C-suite and Boards Andrea  argues that not all CISOs are equal, so multiple backgrounds, though good, the CISO needs to have a broad view. CISO runs risk of being relegated as a focused expert versus an equal peer who speaks the language of business and CRG, Cybersecurity, etc. 22:52- TALENT Question and GRC Cybersecurity is so broad and multi-faceted, so different ways of thinking is welcome in GRC Finding solutions in the world that is dynamic and be curious Don't need to be in the bucket Master Program - Cybercrime and International Security Students - May not have a career in cyber, but she helps connect the dots to help others understand and recognize 27:00 - How do people get into GRC Requires design Interesting on Risk Management Meeting Executives for the first time that addresses areas of 

Lola Obamehinti has a background in journalism and technology. Lola is Business Ethics Officer, Security Awareness & Training Lead at eBay. She graduated with a BA in Journalism from SMU and obtained an MS in Information Science from UNT in 2017. Currently, Lola is the Global Information Security Training & Communications Lead and a Business Ethics Officer at eBay. She is also the Founder of http://www.linkedin.com/company/thenigeriantechie (Nigerian Techie) and the Founder of the https://www.joinclubhouse.com/club/tech-with-style (Tech with Style) club on Clubhouse where she hosts daily discussions about tech, culture and current events as well as manage the club's online community of over 1,400 members. Additionally, she is a freelance TV Host and keynote speaker who specializes in discussing travel, finance and technology topics. Some of the media outlets she has been featured in are The Wall Street Journal, Yahoo Finance, Salesforce Trailhead LIVE, Silicon Valley Business Journal, and Cybercrime Magazine. She is also passionate about creating opportunities for historically excluded individuals in the tech industry. Highlights 0:00 – Introductions and Backgrounds Long round of way getting into cybersecurity with an undergrad degree in journalism Received graduate degree in Information Science with specialist in Cybersecurity 4:05 – eBay Responsibilities Security awareness and communications working with CISO and CIO frequently and Chief Compliance Officer Recently named Business Ethics Officer for the organization - have to have executive presence to relate to the different levels of others 7:18 – Only "black woman on my team" 8:18 – Perspectives on D&I "D&I is not just a position - companies, especially tech companies need a clear roadmap to hire more historically excluded individuals - we are not really minorities, we are the global majority, into positions and create a path to executive levels." 11:16 – Authentic Self and Females in Cybersecurity Started Tech with Style on Clubhouse because of a WSJ article she was featured in to change the narrative of women in the tech industry. "I model on the side" 21:32 – Next in Lola's Purview Devoting her time to growing Tech and Style on Clubhouse - 1600 members (at the time of this recording) and started in April 2021 Always thinking of new and innovative ways to make information security relevant and at the forefront of employees' minds LinkedIn: https://www.linkedin.com/in/lolaobamehinti/ (https://www.linkedin.com/in/lolaobamehinti/) Fall 2021 Issue of North Texan (Alumni Magazine for University of North Texas): The Boys Club Gets a Reboot – https://northtexan.unt.edu/issues/2021-fall/boys-club-gets-reboot (https://northtexan.unt.edu/issues/2021-fall/boys-club-gets-reboot)

George Finney, CSO at Southern Methodist University; Author of Well Aware: Master The Nine Cybersecurity Habits to Protect Your Future George Finney is the Chief Security Officer (CSO) and Director of Digital Interests for Southern Methodist University. George works in a variety of areas at SMU including facilitating IT Security and Compliance, increasing Regulatory Awareness, streamlining the IT Contracts process, as well as advocacy for Open Source software and processes. George joined SMU in March of 2003 as a Network Engineer and worked on several major university IT initiatives, including evaluating Intrusion Detection Systems, implementing network-based packet capture devices and implementing and supporting Network Admission Control. He has developed and matured cybersecurity programs and is an expert in policy, awareness, compliance, operational management and the complex legal issues surrounding security with a talent for building partnerships. Prior to joining SMU, George worked in the telecommunications industry for several years on Voice Over IP projects, Data Security Consulting, and in Network Operations. In May of 2008, George completed his Juris Doctorate at Southern Methodist University's Dedman School of Law and is licensed to practice law in Texas. George was recognized by Security Magazine as one of their top cybersecurity leaders in 2018 and is part of the Texas CISO Council, is a member of the Board of Directors for the Palo Alto Networks FUEL User Group, and is an Advisory Board Member for SecureWorld. He holds a Juris Doctorate from Southern Methodist University and a Bachelor of Arts from St. John's College and as well as multiple cybersecurity certifications including the CISSP, CISM, and CIPP. George is a frequent speaker, and author of Well Aware: Master The Nine Cybersecurity Habits to Protect Your Future and No More Magic Wands: Transformative Cybersecurity Change for Everyone. George earned a bachelor of arts degree in liberal arts in 1999 from St. John's College in Santa Fe. He spends most of his spare time cycling, writing novels, and working on short film projects. Highlights: 0:00 - Introductions and Backgrounds George was a liberal arts major in college, studying philosophy and literature. He wanted to be a stockbroker in college. 3:00 – First Job at GTE in IT & Networking - Security Just Came as a Natural Part of it “I jumped to start up - switched gears from networking to system administration. Inherited an environment that was always locked down. I taught myself security by studying how the previous admin had hardened all of our servers. From there it just ballooned out of control. Then I went to Law School.” 4:00 – Putting Yourself out there While Managing Privacy Writing his book (Well Aware)! 5:10 - "Little ironic that I'm so focused on people, because when you write a book, you have to go into a cave and isolate yourself from other human beings for an excessive amount of time." ..."I was inspired to write the book... wanted to build a bridge with non-security folks, but who we rely on to be successful in our cybersecurity programs." "Security Should Start to Get Easy - People Should Want to Work with Us and Help Empower Our Projects because it's Going to Help Not Just their Company, but it Will Accelerate Everyone's Career" 11:45 - "To get the security jobs, if you can demonstrate that you have worked on security projects, supported those things, this will set people apart. It's a personal part of every person's career trajectory." 20:00 - The Pepsi Challenge "Back in the 80's Pepsi tried to compete with Coke and had free sample stations in store. It didn't work; Coke is still the leader - why? Because a 30 second commercial doesn't work - it doesn't change behaviors." ... "gamification works for some people - you have to meet people where they are." 33:00 - There are Many Barriers to be Broken Down "Understand an organization well

Steve Zalewski was formerly the Chief Information Security Officer at Levi Strauss & Co., a global leader in jeanswear. Prior to Levi Strauss & Co., Steve was the Managing Enterprise Security Architect responsible for cybersecurity critical infrastructure protection at Pacific Gas & Electric Company. Earlier in his career, Steve has held leadership roles in healthcare security at Kaiser Permanente, and in data protection at Fujitsu, Vixel and DEC. Steve is a huge proponent for maximal automation of cyber-risk mitigation and containment – people, processes, tools, whatever it takes. He has multiple patents in data protection and multi-processor operating system design and holds CISSP, CISM and CRISC security certifications. Steve currently provides CISO, security consulting and security advisory services. These include: • International cybersecurity advisor and trainer since 2017. • Executive advisory board member for security startups, providing guidance to the executive leadership on sec  Steve is a frequent co-host with David Spark on the CISO Series podcast, Defense in Depth. He has also contributed to mentoring others answering their questions via the Reddit AMA Series – Ask a CISO Anything Highlights: 0:00 - Introductions and Backgrounds Steve highly recommends everyone takes a sabbatical 8:14 – Brutal Truths “it's not get better; what we have now is over 4,000 products that a CISO can choose from as technology and those 4,000 products aren't solving 4,000 problems – they are solving probably 10 classes of problems. …we are forgetting about the people and the process” 15:15 – “I Learn to Understand the Perspectives of the Individual I'm Working with – the Win-Win” 25:36 - "Am I in the game of profit protection or loss prevention? In my mind, I was internally looking at that." 29:41 - "CISOs are maybe 15 years old as a concept; 10 years old as an operating model and in last 3 years, see it morphing yet again." 42:39 - It Takes a Village! "We have a village and a child and it takes a village to raise a child - cybersecurity is very much like this.... we have a common enemy - bad guys are trying to attack the entire villages, so we have to raise the child - have to get better and act differently." LinkedIn: https://www.linkedin.com/in/szalewski/ (https://www.linkedin.com/in/szalewski/)  Defense in Depth Podcast: https://cisoseries.com/defense-in-depth-cybersecurity-is-not-easy-to-get-into/ (https://cisoseries.com/defense-in-depth-cybersecurity-is-not-easy-to-get-into/) r/cybersecurity – Reddit: https://www.reddit.com/r/cybersecurity/comments/m1y256/ama_series_ask_a_ciso_anything/ (https://www.reddit.com/r/cybersecurity/comments/m1y256/ama_series_ask_a_ciso_anything/)

About Our Diary Entry: Diana Kelley's security career spans over 30 years. She is Co-Founder and CTO of SecurityCurve and donates much of her time to volunteer work in the cybersecurity community, including serving on the ACM Ethics & Plagiarism Committee, as CTO and Board member at Sightline Security, Board member and Inclusion Working Group champion at WiCyS, Cybersecurity Committee Advisor at CompTIA, Advisory Council, Bartlett College of Science and Mathematics, Bridgewater State University, and RSAC US Program Committee.  Diana produces the #MyCyberWhy series and is the host of BrightTALK's The (Security) Balancing Act and co-host of the Your Everyday Cyber podcast. Diana is also a Principal Consulting Analyst at TechVision Research and a member of The Analyst Syndicate. She was the Cybersecurity Field CTO for Microsoft, Global Executive Security Advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner), and a Manager at KPMG. She is a sought after keynote speaker, the co-author of the books Practical Cybersecurity Architecture and Cryptographic Libraries for Developers, has been a lecturer at Boston College's Masters program in cybersecurity, the EWF 2020 Executive of the Year, and one of Cybersecurity Ventures 100 Fascinating Females Fighting Cybercrime. Diana Kelley recently joined Cyber Future Foundation as an Advisor.  Highlights: 0:00 - Introductions and Backgrounds On how she does it all… “It takes a village – everything I do is in partnership with others” “I'm super hyper organized and that helps a lot – once I showed somebody my pantry and everything is labeled” Loves being back on the advisory side; has been at big companies for 8+ years – gives her balance working with smaller companies   6:09 - “When you get to the really big companies, as things get scaled the complications grow exponentially – have legal requirements, regulatory needs based on the geo – people can get really siloed in their focus. CISO has to have some kind of a view…” 8:44 – Diana's Perspective on Leadership. Leadership – she's been called “pushy,” but some people want to go in and get organized and bring people together. In college (she went to Boston College) and loved the radio station. They needed a general manager, and it was a student selected role; in her second year she decided to run for GM and she was the first woman!   Years later when she was working in Cambridge and building out a team, she thought to herself “I could be a Vice President someday – she had been building towards this… Advice: think about what is natural for you and embrace the opportunity. Leaders don't necessarily have to be managers 21:09 - The Button Learning - @whataboutbunny on Instagram 41:04 - What Gets You Excited and Which Role in Cybersecurity?   There are CISOs presenting to boards – what is that you want to do in cyber? Look at people who are in those roles and reach out and talk to them – ask them what their job is like “I've learned so much by just asking people. For a while I was really curious – what's a distinguished engineer…” Ask people what it's like to be in their job and how did they get there Engage with Diana Kelley: LinkedIn: https://www.linkedin.com/in/dianakelleysecuritycurve/ (https://www.linkedin.com/in/dianakelleysecuritycurve/) Twitter: https://twitter.com/dianakelley14 (https://twitter.com/dianakelley14) The (Security) Balancing Act: https://www.brighttalk.com/channel/17830/ (https://www.brighttalk.com/channel/17830/)

About Nick Werner: Nick is an application security engineer and penetration tester and he is passionate about mentoring and helping others in the community break into cybersecurity. He has published a hand full of articles that discuss how to get your foot in the door, what skills are necessary for certain security positions, and how to gain those skills. He is also a huge advocate of networking and reaching out to the right people to make opportunities happen instead of letting it come to you. Nick is a very kind and passionate individual and you should reach out to him if you ever need help finding the right path or you just want to chat about security in general! Contact Nick: LinkedIn: https://www.linkedin.com/in/nick-werner-629122161/ Twitter: https://twitter.com/nicholaswernerr Blog: https://nicholaswerner.medium.com

Shawn Bowen is the Vice President and Chief Information Security Officer of World Fuel Services, a Fortune 500 energy, commodities, and services company.  He was formerly the Global Head of IT Security and Compliance (Chief Information Security Officer) for Restaurant Brands International (parent company of Burger King, Popeyes Louisiana Kitchen, and Tim Hortons). In this role, he was responsible for establishing the strategic direction, instituting comprehensive security programs, along with building a thorough data governance program and consumer privacy framework. He has over 20 years of experience in information technology, primarily in cybersecurity. Previously, he was the first-ever Chief Information Security Officer of the US Marine Corps where he directed the Intelligence, Surveillance, and Reconnaissance Enterprise (MCISRE) Sensitive Compartmented Information (SCI) Cybersecurity Program. For over 23 years, he served as a reservist in the Air Force Cyber Command as a Command Chief Master Sergeant and Senior Enlisted Advisor. Shawn is a Certified EC-Council Instructor (CEI) for the C|CISO course and is regarded as a highly passionate, transformative, thought leader in IT Security, with a record of leading successful strategies in various environments. Shawn is passionate about people and educating them on cybersecurity. He 'wants the willing, no matter what your rank is.' "Meaning, find people who are interested in cybersecurity at any level in your organization: your cybersecurity champions. He notes that it's more important for most of the staff to know a little about cybersecurity than a small percentage of staff know everything about it. It's with this approach that people will start proactively reaching out to Shawn when they have questions and creating a more open dialogue about security throughout the organization." He fuels this passion by serving on the Board of Advisors for YL Ventures and cloud security startup, CloudDefense. Highlights: 0:00 - Introductions & Background Installing Windows 95 on his own kickstarted his interests in computers, etc 2000s getting "stuck" with an audit and learning about the challenges with security Problem solving and the difference between wicked and complex problems Curiosity and being satisfied with "never finishing" Daily puzzles on a calendar 8:05- Personal Bonding and Sharing Within The Team Story: In his 20's focused on the job, personal lives irrelevant, even his personal loss. Learned that he is not a robot and learned to address emotions through team meetings - Personal and professional ratings Understanding the trends between personal and professional performance to help the team to be real Importance of creating a safe place to fail and sharing leadership paths for the next generation leader Held up a solved puzzle during a tough meeting Recognizing different aspects within the team and partnerships EQ prior to Shawn's wife, he looked at personalities based on his assessment and what "value" they had to him. Learned to shift expectations from what the team could do for him and move toward how can he help the person achieve goals. 18:50 - What Is Shawn's Vision of Life After CISO? The evolution of CIO and CISO CISO is where Shawn wants to be Shawn sees a future of CISO as Board Members or Advisors Retirement plan - Advisory work 27:15 - Avoiding Burnout Soccer Hobby the last few years, sky diving! Managing risk and sky diving Finding the right balance between home life and work Passion helps keep things in interesting and fun Don't fake passion for the job, get away and do something else. Reddit comments are gold 30:47 - Where Shawn Got His Passion Self admitted perfectionist and will analyze Soccer story - Goalkeeper and heard comment about him "nitpicking" and analyzing players on the field "Don't Shawn It!" - aka. Seeing forest from the trees Ongoing learning - how to minimize the constant...

This week's guest is persistent and has turned her passion into fuel to fight the good fight and help entry level people break into cybersecurity, while movin' past the gatekeepers. Naomi Buckwalter, CISSP CISM is the Director of Information Security & IT at Beam Technologies. She has over 20 years' experience in IT and Security and has held roles in Software Engineering, Security Architecture, Security Engineering, and Security Leadership. As a cybersecurity career adviser and mentor for people around the world, her passion is helping people, particularly women, get into cybersecurity. Naomi is the founder and Executive Director of Cybersecurity Gatekeepers Foundation, a nonprofit dedicated to closing the demand gap in cybersecurity hiring and breaking down the gatekeeping mindset in cybersecurity. Naomi has two Masters' degrees from Villanova University and a Bachelor of Engineering from Stevens Institute of Technology. In her spare time, Naomi plays volleyball and stays active as the mother of two boys. Guest Naomi Buckwalter LinkedIn: https://www.linkedin.com/in/naomi-buckwalter/ (https://www.linkedin.com/in/naomi-buckwalter/)  Twitter: https://twitter.com/ineedmorecyber (https://twitter.com/ineedmorecyber) Highlights: 0:00 - Introductions & Storytelling Naomi's "Why" on advocating for Cybersecurity Asymmetric skills and defenders: 12.5% of open jobs on LinkedIn are "Entry Level" but half require 5 years experience? Executives in enterprise have greater ramifications to society on cyber crime Cybercrime needs to be as rare as an airplane crash, not common Naomi's Why: To win against cybercrime and live in a better world 6:35 - Think About Where Ransomware Payments Are Going When a company pays a ransomware, money is going back for greater crimes It's not about data, it's bigger 8:00 - About Cybersecurity Gate Breakers - Non-Profit The goal is get talent the opportunity to break past the "gate keepers" of cybersecurity Focus is on encouraging hiring organizations to develop talent and stop looking for the "purple unicorn." Leaders need to critically look at their influence on the world of cybercrime Normalization of cybercrime doesn't need to happen We are all interconnected globally, ex. Midwest Police crime scene hack. Have the conversation and use democracy, education to help combat and help the community Critical thinking and challenging the facts, especially with assumptions on job requirements 15:42 - Give People Chances To Succeed Reforming from Gatekeeping to Advocate Shout out to Intern-Now Employee - Jessica! Give people a chance to blow expectations out of the water Be ok with being someone who knows nothing Give them the basics and guide them. Faking it until you make it is not the best way Naomi's mentor at Vanguard Train entry levels and give them a path so they don't have to "fake" it at mid-level positions 23:07 - Leadership Conversations & Pathway Look for people who have human skills: empathy, influence and persuasion, critical thinking, communication Difficult to teach, but great to grow and develop Technical skills can be taught, but coaching for the muscle to be trained and prepared Business mind and tactical ways of thinking are two different paths and skills 25:50 - Naomi's False Sense of Ego and Getting Fired Overcoming the ego and believing the hype on her success Getting Fired and bringing Naomi back to earth A series of events caused Naomi to reflect Andrew Yang's, "The War on Normal People." What is the mission of the human race? Looking at your bank statement to show your priorities Why are YOU here? Envisioning a world where humans evolve and get better, and having empathy and gratitude. Final Thoughts: If you are grateful for what you have, you'll always be happy. Always.

About Chris Morales: We're here this week with an AI and threat modeling guru, Chris Morales! He's Netenrich's FIRST CISO and Head of Security Strategy overseeing the strategic development, implementation, and market execution of the company's security solutions and processes. Chris has 20-something years of information security experience, having previously led advisory services and security analytics for Vectra AI – while at Vectra he educated many of the Cloud Security Alliance chapter members on dissecting a Microsoft Office 365 attack. During his career, he has advised and designed incident response and threat management programs for some of the world's largest enterprises. Chris has held senior roles in cybersecurity engineering, consulting, sales and research at companies such as HyTrust, an Entrust company, NSS Labs, 451 Research, Accuvant (acquired by Blackstone Group), McAfee and IBM. He is also currently a council member with CompTIA Cybersecurity and advisory board member for Saporo. He not only brings his wicked smart knowledge on cyber; his candor and wit is refreshing. To boot, he's from the friendship state – Texas, so listen to this podcast – it's like hearing from a friend!Guest Chris Morales LinkedIn: https://www.linkedin.com/in/cmatx/ (https://www.linkedin.com/in/cmatx/)   Twitter: https://twitter.com/MoralesATX (https://twitter.com/MoralesATX) Highlights: 0:00 - Introductions & About Netenrich Netenrich, Ingram Micro and expanding from roots Evolving IT & Security specialization Moving from consulting to CISO 7:10 - Pathway to CISO What's the definition who makes a good CxO? Six Types of CISO - Ref: https://www.forrester.com/blogs/the-future-of-the-ciso-six-types-of-security-leaders/ (Forrester Article, Jan 2020) Identifying different types of personalities for industries Every company is a tech company 14:26 - Difference: Secure Operations vs. Security Operations Question of proactive vs reactive Two different focuses - predictive with cultural challenges and buy in Enhancing customer experience Situational awareness is important with looking at same set of data between groups to communicate daily. 18:16 - Bring Value of "Why Do I Care?" Entire management chain needs to care Alignment is important with the C-suite Look at data, threat modeling to share how and why it impacts key holder Chris learned a lot from statistical analysis and appreciation of data 22:48 - How Chris Came To Security Started as Computer Science to make video games Dropped out of college to launch his own business Joined the military Listened to his Dad talk about "The Art of War," Sun Tzu Spent time hacking to get video games Moving positions and being open to job challenges 31:35 - Advice to Future Leaders The title doesn't mean anything It's more important on what you do Have insight and empathy on why people do things, and learn their pain points Don't worry about being good at everything. Pick one thing and be good at it Hacking is social engineering Security breached through end users is a failure of the security team Don't be afraid to fail as a leader People are the victims, not the problem People are suffering from our technology problem 37:25 - How Chris Avoids Burn Out The question - How do you get more sleep? There is no magic answer and sometimes hitting the wall can be scary "I Am Me" - Chris needs to write this book on addressing burn out Do what you like and works for you. Burn out - Working too hard and no one cares. Final Thoughts: On avoiding burn out: Working hard is ok, but recognize when you are working too hard and no one cares.

This week we chat with the guy who served as the first CISO for the state of Michigan, Dan Lohrmann in May 2002. Today he serves as Chief Security Officer at Security Mentor, Inc. He has advised senior leaders at the White House, National Governors™ Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and non-profit institutions. He's a frequent author for GovTech and other blogs. Tune in to hear Dan's story of the time he nearly got fired and why his personal favourite is Yorkshire tea!  Guest Dan Lohrmann  LinkedIn: https://www.linkedin.com/in/danlohrmann/ (https://www.linkedin.com/in/danlohrmann/)  Twitter: https://twitter.com/govcso (https://twitter.com/govcso)   Highlights: 0:00 - Intros, Background & The Small Cybersecurity Family Cybersecurity is not for the feint of heart, but it's constantly fun and changing Y2K and Michigan Centralizing IT and creating the CISO role 8:09 - Applying Football to Career Siblings impact and influence Football is a lot like security Hockey analogy - Go to where the puck is going Leadership - Cuts across both personal and professional lives 14:45 - Getting "Fired" Dan was given a wifi project Staff Meeting - Dan and Teri Takai confrontation Lesson Learned: Get to YES and bring alternatives to business 22:22 - Importance of Relationships Build trust and relationships Go to lunch! Easy to say, but hard to do Have a good baseline and plan to get to goals Good leadership, relationships and partnerships are key to leadership success Final Thoughts: The Best is Yet to Come Yorkshire Tea is Dan's Favorite!

This episode includes quite the pair – Greg Hatch, CEO, and Dan Ward, CTO, of a new cybersecurity startup focused on Continuous Security Improvement™ (CSI). As serious as cybersecurity is for everyone and businesses, Greg still finds time to keep a sense of humor and have a positive impact on others. Dan is more than the technical brains behind Saepio's technology - he's an avid instructor and mentor to many in the industry. Greg combines exceptional business and sales acumen with technical competency. He has helped organizations deliver on initiatives, revenue and business outcomes. Prior to building Saepio he was Vice President of Business Development at Managed Security Service Provider, Lightstream Technology. He has also held senior positions at Palo Alto Networks, McAfee, and Cisco. When he's not busy improving organizations' cybersecurity posture, you can find him flying over the Pacific Northwest mountains and water.  Dan has been a leader in the information security industry for some time, having participated in the Black Hat NOC by assisting with the implementation and operation of Palo Alto Networks Firewalls that were utilized to secure the event network and protect attendee registration data. He served as Secretary on the Board of Directors for BSides Denver. Prior to Saep.io he held senior technical roles at Palo Alto Networks and Acxiom. He's humble, so get to know him to find out his technology inventions that have propelled organizations cybersecurity posture forward.  Guests: Greg Hatch LinkedIn: https://www.linkedin.com/in/greg-hatch-3222bb4/ (https://www.linkedin.com/in/greg-hatch-3222bb4/) Twitter: https://twitter.com/saep_io (https://twitter.com/saep_io)  Dan Ward LinkedIn: https://www.linkedin.com/in/p0lr/ (https://www.linkedin.com/in/p0lr/)  Twitter: https://twitter.com/saep_io (https://twitter.com/saep_io)  Highlights: 0:00 - Intros & Launching Saepio in a Pandemic The importance of operationalization for Security Saepio mantra: Buy Less and use what you have better. "You can have the best tools and still have terrible security." How the pandemic affected IT and security 8:22 - Connecting with Clients and Prospects Interactions have evolved and people can tell when a vendor makes it about themselves Meet people where they are and walk with them to help their organization move forward Don't be "that vendor" that goes into vendor "pitch mode." Admit that if you don't have the solution, offer a suggestion of someone who can help them Follow the money with attacks like Ransomware. Make yourself Ft. Knox The importance of Outcome based Security. It's about efficacy 15:22 - Building a Culture of Connection Invest time every week to have regular cadence with clients and team Many companies are cutting budgets, so stay top of mind and stay in touch Continued Security Improvement (CSI™) "I wanna hold your hand" - The Beatles Don't shake up sales teams when they have a good rapport with clients 20:10 - Tips and Tricks in Working with Introverts Don't do the "light" conversations. Focus on meaningful conversations Meet folks where they're at and the connections can be stronger 23:10 - Greg and Dan's Cool Hobbies Back country flying and the tie ins with security Managing your risk profile, knowing weather, etc is similar The challenge of landing on water vs land Dan's fly fishing, sitting around with fellow hackers over a whisky Going to places that other people don't go 28:48 - The Future of Saep.io Meet today and see what it brings for tomorrow Focus on customers will always be priority Culture is so important and will remain important Grow in a controlled manner to maintain strong relationships New employees come in and if they leave, leave as better people

Les Correia, Global Head of Application Security at The Estée Lauder Companies – Powerful Intriguing Force!  This week we welcome the worldly Les Correia, who is the Global Head of Application Security at The Estée Lauder Companies Inc. In a previous life he held Senior/Advisory roles providing thought leadership at AT&T, Lucent, INS (now BT Professional services) and many other organizations in the US, Canada, Qatar, Germany, Brazil, and India. During his spare time, he enjoys flying aircraft and exploring New York museums and art galleries. Recently he also contributed to the Purple Book Community led by our friends at ArmorCode. Hear more about why he holds 14+ certifications and his globetrotting experiences.    Connect with Les: Les Correia LinkedIn: https://www.linkedin.com/in/les-correia/ (https://www.linkedin.com/in/les-correia/)  Highlights: 00:00 - Intros & Application Security AppSec is much more than "just development" Consider the points of connections, or "point boundaries" The hardest component is People and the importance of EQ 7:03 - Cybersecurity Sensationalism Watching out for "Hollywood" version vs. reality Hackathons and Ideation Looking at the bigger, holistic story Importance of understanding business in security 12:26 - Les' Career Path and Journey Les doing his "own thing" on learning How being intellectually curious propelled his path Practice what you are thinking and learn from those that came before you Piquing curiosity with culture in international travels and benefits of immersion Enjoy people! 22:03 - Soft Skills and Embracing People & Cultures Taking the time for discipline to LEARN How EQ, empathy and culture mix 26:08 - Definition of Qualifications - To Cert or Not To Cert? Why Les has so many certifications Having diverse backgrounds in search for skills and talent The value of thinking outside the box and thinking differently 30:05 - Les Outside the "Office" The need for speed! The cool folks in the Arts and the way creative people think Staycations rule Keeping the curious mind curious Go Explore! 37:14 - The Purple Book The thinking and people who piqued Les' interests for involvement Democratizing the concept of software and security in a conversation Shout out ArmorCode! Final Thoughts with Les: Stay in touch with people you connect with and appreciate the value of the community we are in

This week captures the one and only, James Azar, CISO – CISSP, Host of CISO Talk Podcast and CyberHub Podcast. Hopped up on his daily espressos he brings passion, energy and opinions to share about his journey into cybersecurity and views on leadership. As much as he challenges all of us, not just on cybersecurity, but on geopolitical issues, he is an avid supporter in the veteran community, helping them break into cyber careers. Make sure you're not tired for this one, or else you'll miss a beat keeping up as James keeps us on our toes!  CONNECT WITH JAMES AZAR: LinkedIn: https://www.linkedin.com/in/james-j-azar/ (https://www.linkedin.com/in/james-j-azar/)  Twitter: https://twitter.com/cyberhubpodcast (https://twitter.com/cyberhubpodcast)  Website: https://Cyberhubpodcast.com (Cyberhubpodcast.com) HIGHLIGHTS: 0:00 – Intros & Background To Espresso or not to Espresso Value of 8-12 minute “Espresso Meetings” Significance of the Paisley Shirt and the fundraising for the Wounded Warrior Project Donate and Learn about Wounded Warrior Project: https://www.woundedwarriorproject.org/ (https://www.woundedwarriorproject.org/) Importance of helping Veterans to get into Cybersecurity 10:00 – What does James Azar actually do?       James isn't just a podcaster, he's also a CISO at a FinTech company. Started a podcast 3 years ago for practitioners and not the “standard” pitch from vendors Check out James' podcasts: Cyber Hub Podcast, CISO Talk, Goodbye Privacy, Tech Town Square, The Other Side of Cyber Having the discipline of adhering to the Sabbath to “get away from it all” Finding passion for cybersecurity and purpose 20:27 – Benefits of Working with a Significant Other Initially working together was purely professional for years, romance came later and naturally James unabashedly loves and supports his wife: She's a trailblazer! 24:42 – Finding Your “Me” Time        Initially it was free flow to do nothing, but Georgia is beautiful, so itching to get out is appealing Consider doing day trips to random cities in towns to “get out” Take time away and find a hobby and get balance is so important! 28:28 – Words of Encouragement and Suggestions on Getting into Cybersecurity      Fallacy – Cybersecurity is “special and complex” Gatekeepers are doing a disservice to get less experienced access to experience Putting in 80 hours is not a badge of honor James doesn't care for Certs and Degrees – It's about experience and skills    Universities do not necessarily have the best or correct curriculum for cybersecurity, but they are coming around  Tips for jobseekers: Do a ONE MINUTE VIDEO on LinkedIn! You WILL stand out.   Document PROJECTS, Volunteering, Event Attendance, ie. DEFCON       Suggestion to change: Take away ATF System   HR systems don't know cybersecurity as well as the hiring managers “Plank Meetings” – Gets together Bi-Weekly and teams get together to review candidates for each of their positions to determine best fits       Comments on “Coded Bias” on Netflix – James' opinion: Alienated groups, but science was true. 43:25 – Thoughts on Getting Employees on Board with Security Should employees have some repercussion for poor security awareness?  The challenge of keeping a company productive and security's role    James suggests to look at technology differently. Solve his problem. Not a layer to do business.  Security should be transparent to users, however if you are looking for it, you'll see. Ex. Look for plain clothes security at airports. Once you know what to look for, they are easier to identify. Cheers to Espresso (or maybe Bourbon at the end of the day!)

This week we have the pleasure of having Mary N. Chaney, someone who's had one heck of a journey through our industry. Mary is a former Federal Bureau of Investigation (FBI) Special Agent where she investigated cybercrime and served as their Information Systems Security Officer. Currently, she practices cyber law for her own firm, specializing in helping the CIO, CISO and General Counsel understand each other to protect the enterprise. She also founded and runs Minorities in Cybersecurity, Inc., a non-profit focused on support, leadership and career development for women and minorities in cybersecurity. There's more to her journey, so have a listen!  Mary's Social Media: LinkedIn: https://www.linkedin.com/in/marynchaney/ (https://www.linkedin.com/in/marynchaney/)  Twitter: https://twitter.com/marynchaney (https://twitter.com/marynchaney) Highlights: 0:00 – Intros and Mary's Background          How a bad grade motivated Mary to do better and ultimately go to Law School         Take a weakness and turn it into strength          Tasking herself to graduate #1 in her law school class 4:45 – Mary's Career With the FBI         Learning how to fight, difficult scenarios         Cybercrime Squad in LA - having fun fighting fraud and going on raids         Collateral duty as acting CISO for LA Field Office         After personal travels, the challenges of entrepreneurship and consulting         “It never ends up the way it ends up!”          Not all FBI jobs are the same or always in the street or “suit and tie” 10:06 – Where does an International Bad@ss come from? Is it genetic?          Krav Magra gives you confidence! Especially for the ladies       Confidence gives mental toughness          The value of sports, authenticity and importance of having a fighting spirit          Mary's discovery of Ancestry DNA test…and Amazon Warriors?!? ·         Importance of working out and building resiliency          Dynamics of confidence and other issues between women and men Get to know yourself         Self-Doubt and Imperfection – What is perfection?          Focusing on learning opportunities vs. mistakes          Silencing the self-doubt earlier in career 23:00 – Mary's CISO Journey and Pivoting   Life after the entrepreneurial “learning experience”         2012 – Mary's five year goal to be a CISO·         Mary's experiences with GE Capital·         Great transparency from her manager, mentors and building allies·         Overcoming the setback after learning dynamics of mentorship and trust       Pivoting from the CISO journey         How Dak Prescott and getting away from the NorthEast area brought Mary to Dallas, TX 33:42 - The formation of Minorities in Cybersecurity         Finding satisfaction in giving to and developing other minorities to break down walls from within and other organizations        Corporate reputations in attracting minority talent   ...

The CISO Diaries is focused on the human side of CISO leadership. Not one path is alike and that draws the allure of getting to know those that are keeping businesses and people protected. This introduction episode is a kick off to get to know hosts, Leah McLean and Syya Yasotornrat. Guests and audiences will experience authenticity, thoughtful conversations, and a bit of fun banter on The CISO Diaries. Formality will be avoided at all costs because, who writes a perfect diary entry? Consider The CISO Diaries exactly like any other diary - moments of happiness, frustration, thoughtfulness, but overall an opportunity to document and share great memories. About Your Hosts: LEAH McLEAN, CISSP Expected in 2022 Leah McLean is Vice President, Cybersecurity Specialist at Mastercard. She is focused on implementing strategy and programs to evolve cybersecurity risk management approaches and cybersecurity awareness and training. She actively contributes in community working groups to advance cybersecurity risk management and third-party risk. Leah is also a mentor to candidates breaking into cybersecurity careers, and collaborates with employers to rethink their workforce and hiring strategies. Leah is a co-founder at Whole Cyber Human Initiative, a non-profit focused on redefining how we identify, train, equip, advance knowledge, and build workforce development within IT and Cybersecurity. She also volunteers for Cyber Future Foundation, a non-profit driving workforce development initiatives and private and public sector collaboration. Previously Leah held senior level roles as a cybersecurity practitioner at Armor, a cloud security company protecting data for SMB and mid-market customers, Apstra (acquired by Juniper Networks), A10 Networks and Cisco Systems. Leah currently is on the Board of Advisors for Cloud Defense, Inc., a breach visibility cloud security startup and is on the board for the Cloud Security Alliance North Texas Chapter. Leah holds a bachelor's degree in Political Science, with an emphasis in International Relations from the University of California, Santa Barbara. She is an active outdoor junkie always chasing adventure. Leah's Handles: LinkedIn: https://www.linkedin.com/in/leahrmclean/ (https://www.linkedin.com/in/leahrmclean/) Twitter: https://twitter.com/lmclean (https://twitter.com/lmclean) WCHI: https://www.wholecyberhumaninitiative.org/ (https://www.wholecyberhumaninitiative.org/ ) SYYA YASOTORNRAT Syya hails from a diverse background encompassing technology sales, IT recruitment, sales management, and hospitality. She's run through the gambit of selling and managing diverse sectors and markets, ranging from Fortune 50, SMB, public sector, and channel sales management in excess of $100M quotas. Bottom line, she knows how to hustle. Syya is a proud alumni of San Francisco State University with a BA in History. She has two wonderful pups, Ellis and Ripley, and can be seen at many a local music venues in the DFW area. Syya's Handles: LinkedIn: https://www.linkedin.com/in/syyayasotornrat/ Twitter: @IamSyaso