The SynAckFinAck Podcast

In this episode Marvin Wheeler and I discuss the recent merger of Cybraics, an AI company with extremely advanced threat detection technology that came out of a DARPA project and SilverSky, a Managed Detection and Response company.  While you normally see big hardware and software companies scooping up companies with unique technology, this was a little different.  I think it's a trend that you will continue to see.  Marvin has great insight into where things are going in cyber and also what qualities are important to advance your career.  Enjoy!    Cybraics: https://www.cybraics.com/ SilverSky https://www.silversky.com/ Connect with Marvin on LinkedIn: https://www.linkedin.com/in/marvinwheeler/  

People are finding out that moving things into the cloud isn't always the right answer.  Tom is an exceptional technologist and we discuss how to take the AI processing to the data when it may not be technically possible or feasible to push it to the cloud.  I have wanted to have him on the podcast for months and we were finally able to lock down a time to chat.  If you want to know where technology is going, this is a great episode to listen to.  Tom and his team are at the very pointy end of solving some really tough and cool compute problems.  We didn't talk about it on this episode but whenever we catch up we usually talk about ultra endurance events and running.  Tom has been on some crazy endurance adventures that would blow your mind.  I'm saving that discussion for another podcast someday... I always learn a ton from these podcasts and I know you will as well.   You can find more about Tom here: https://www.linkedin.com/in/tom-mays-b23339a6/ The NodeWeaver website has some great information, worth spending some time there just to see what they are up to! https://nodeweaver.eu/      

In recent years, encryption has become an essential tool for cybersecurity and data protection. It's also one of the most important aspects of any business today - especially when it comes to cloud databases. Encryption will protect your data from being stolen or intercepted by third parties and maintain your privacy by ensuring your information is only accessible by the intended recipient and not by anyone else. There are many different types of encryption methods, but they all use similar principles, which Jon will cover in-depth in this episode. Join the conversation with Jon McLachlan as he shares about encryption in cyber security and data protection to provide you with tools to protect your data in order to avoid potential threats like cybercrime or data breaches. Jon is the co-founder and CEO of Peacemakr and the host of The Security podcast of Silicon Valley, and he has been in technology, cyber, and startups for a very long time.       Tune in!   During this episode, you will learn about; [00:06] A bit about Jon's career background  [01:41] Jon's earliest inclination in tech, software, and security  [03:29] Going from traditional computer science programming to security [06:21] Jon's experience working with Apple as a young graduate [08:48] What is software product security and examples [09:04] Jon's transition from Apple to his startup company   [13:07] Building encryption system for your data protection  [16:17] End-to-end encryption keys management system    [20:02] Peacemakr and what they do in the encryption space [22:15] Self-driving encryption data security system [23:24] Management of encryptions keys in your applications [26:17] The future of security and the kind of scales to develop today [29:17] Get involved and participate to build your passion  [30:13] Jon's podcast, The Security podcast of Silicon Valley [31:49] How to reach out and connect with Jon Notable Quotes Encryption gives you the power to control who sees your data Building encryption into a product is building a system that controls the distribution and access to its keys. Exploring will help you do your passion justice. We all share something, but we arrive at our destination using different paths. If you want something, go for it, there's never going to be a right time. Connect with Jon McLachlan Website: https://peacemakr.io/ Email: jon@peacemakr.io LinkedIn: https://www.linkedin.com/company/peacemakr-io Twitter: https://twitter.com/peacemakr4          

Thomas is the Director of Post Breach Remediation with Kivu consulting.  We have a great discussion about an incident we worked together and what happens after the breach.   It's pretty interesting when big attacks happens, it's not always the company names you hear about in the news that are the responding teams. Companies like Kivu are brought in for some of the biggest breaches out there, many times by an insurance company, or outside legal counsel when things are really bad. It was great to catch up with Thomas and in this episode you will learn about how incidents get cleaned up after the attack. You can find Thomas on LinkedIn here: https://www.linkedin.com/in/thomas-longhurst-208b9553/ Kivu Consulting https://kivuconsulting.com/ Thomas recently launched a podcast called The Cyber Zone over on youtube where they make cyber issues understandable to everyone, which is not an easy task!  Enjoy! https://www.youtube.com/channel/UCndWz1G-nq6nCj10YBBHiBA  

If you are thinking of starting a company or a new founder, you quickly learn that there are lots of things to do that don't involve working on your technology or your big idea.  It can quickly become a problem if you don't have the tools that you need to run your startup. Greg Miaskiewicz started Capbase and solved the above problem after being a successful founder and seeing a bunch of issues that other founders have when starting companies.  Capbase is a startup building legal/financial tools for founders to setup and build their companies, from incorporation to IPO. Prior to Capbase, Greg built a cybersecurity company using some unique (and funny) methods to capture data, and shared some great knowledge on the podcast. Founders or future founders check out Capbase: https://capbase.com/ Connect with Greg on LinkedIn: https://www.linkedin.com/in/miaskiewicz/ Connect with Robert on LinkedIn: https://www.linkedin.com/in/robertrounsavall/

I was thrilled to chat with Tim from Microshare.io about how he ended up in technology and what they are doing to protect IoT data.   He was working on AI before it was a "thing" and has some amazing experience.  He talked about why it is a great idea to start out in a support role no matter what type of company you work for, and where the industry is going. Enjoy this episode! Tim's company Microshare.io: https://www.microshare.io/ Follow Tim on Twitter: https://twitter.com/microshare_cto Connect with Tim on LinkedIn: https://www.linkedin.com/in/tpanagos/    

Chris has over 20 years of experience in cybersecurity and has worked at some of the biggest companies out there.  He works in the Office of the CTO at VMware. I really enjoyed this conversation and know you will too! Chris shares some of the best ways to get into and learn cyber as well as what skills are necessary to work on to get ahead and succeed over time. Connect with Chris on LinkedIn: https://www.linkedin.com/in/christopherdavis/ Connect with Robert on LinkedIn: https://www.linkedin.com/in/robertrounsavall/   If you are an IT auditor, you need to pick up IT Auditing, using controls to protect information assets: https://www.amazon.com/gp/product/B07XPSGGBR Here are all the books Chris has authored or co-authored: https://www.amazon.com/Chris-Davis/e/B001JP175C  

You have Operational Technology in your environment and probably need to think about it a little bit.  I was lucky to chat with Kunle who is an expert not just in cybersecurity but also in OT Security.  In this episode he give great information on the differences between IT and OT and what you need to consider when protecting it. Connect with Kunle: https://www.linkedin.com/in/kunle-adetoro/ Connect with Robert: https://www.linkedin.com/in/robertrounsavall/ Some of the standards and trainings mentioned in the episode: NERC: https://www.nerc.com/pa/Stand/Pages/default.aspx IEC 62443: https://en.wikipedia.org/wiki/Cybersecurity_standards#IEC_62443 SANS ICS Training: https://ics.sans.org/ Fortinet ICS Solutions: https://www.fortinet.com/solutions/industries/scada-industrial-control-systems  

Great discussion with John about networking, cyber, and fundamental skills that are required to succeed in the space.  We also chatted about Cisco vs Juniper and why you would want to get certified in one vs the other.   John is putting out some amazing content on youtube especially for those looking to get into the space.   Aside from teaching a ton, he does some really cool stuff like break down job descriptions, and reviews certifications that he is doing. Connect with John here: Youtube: https://www.youtube.com/c/CYBERINSIGHT LinkedIn: https://www.linkedin.com/in/john-breth-730b7755/ Twitter: https://twitter.com/JBizzle703 Twitch: https://www.twitch.tv/cyberinsight   Connect with Robert: https://www.linkedin.com/in/robertrounsavall/    

Sanders watched the movie Hackers in middle school and knew he wanted to do that for a living.  We had a great conversation and discussed some tools that are relevant today that have been around for over 20 years that are still very relevant today and you should learn if you want to improve your security game. As has been a theme with almost all of the people I've interviewed the topic of networking comes up and how it could have saved Sanders years of time in his career.   This episode is a winner I know you will love it!   Hackers movie trailer: https://www.youtube.com/watch?v=Rn2cf_wJ4f4 Sanders on LinkedIn https://www.linkedin.com/in/sdiaz2018/ Sanders on Twitter https://twitter.com/d43m05 Robert on LinkedIn https://www.linkedin.com/in/robertrounsavall/          

In a number of conversations lately writing has been coming up as a critical skill to advance your career.  I've been trying to write daily for the last few years and improve that area.  I was lucky to have Richard Lowe come on the podcast this week.  He went from a tech career to a writing career and has great advice for anyone in technology wanting to move up.  You can contact Richard at the links below: Richard Lowe on LinkedIn: https://www.linkedin.com/in/richardlowejr/ Robert on LinkedIn: https://www.linkedin.com/in/robertrounsavall/  

If you want to get into cybersecurity, the military is a great route.  John went to the Navy, got a ton of training, his masters degree, and worked at Microsoft all while in the Navy!  Aside from the opportunity to serve your country, there are some great options available to have a career in cyber.  We discuss this and why he jumped out and started Breachbits.  His company is enabling organization who can't bring in one of the big consulting firms to do an assessment have ongoing testing done for a fraction of the cost.  Lot's of companies need world class penetration testing and assessments for overall security and compliance and they are filling that space very quickly. I love what they are doing and had a great time chatting with John! John's company Breachbits: https://www.breachbits.com/ Connect with John on LinkedIn: https://www.linkedin.com/in/john-lundgren/    

It was awesome to spend some time with Bryce Webster-Jacobsen from Groupsense.  They are helping companies by finding bad things on the dark web.  I love how he took his background in education and transitioned it to be successful in a leading edge cyber security company.  You don't have to be a programmer or computer scientist to be successful in cyber and Bryce is a great example of that! Bryce on LinkedIn: https://www.linkedin.com/in/bryce-webster-jacobsen-73553057/ Bryce on Twitter: @BrycexWJ Groupsense:  https://www.groupsense.io/ Robert on LinkedIn: https://www.linkedin.com/in/robertrounsavall/  

As I was re-listening to this podcast to make sure the audio is ok, I found myself saying over and over, oh that is GREAT information for someone getting into cyber.  Mark is the co-founder and COO at Alphawave and has a ton of experience responding to large incidents and running teams that do that.  I enjoyed chatting with him about what it takes to succeed in cyber and also why if you are in cyber you should learn jiu-jitsu! Connect with Mark on LinkedIn: https://www.linkedin.com/in/mark-st-john-1058a5a/ Connect with Me on LinkedIn: https://www.linkedin.com/in/robertrounsavall/      

In this episode I chat with Derek Cuesta, an amazing security architect for a fortune 500 company.  We talk about the skills that are the most important to be successful in the role, and it's not all technical skills!       Connect with Derek on LinkedIn https://www.linkedin.com/in/derekcuesta/ Connect with me: LinkedIn: https://www.linkedin.com/in/robertrounsavall/ Instagram: https://www.instagram.com/robrounsavall/

Welcome to the SynAckFinAck Podcast! Today I am having a conversation with Drew Goletz. Drew has been in E-Discovery for almost 15 years. He came in through the copy scan world. He first worked in litigation support. Then, shortly after Hurricane Katrina, scanning technology boomed and was the new thing. His career has progressed from paper to small native documents to larger files and now mobile forensics.    During this episode, we dive into all things E-Discovery. E-Discovery explained in simplest terms is taking data and putting it into it's simplest view. Tune in for great insights from Drew about E-Discovery, what it takes to do this type of work, recommendations for those interested in E-Discovery and how Drew sees the future of the field going forward.   In This Episode How Drew and I started talking about Tech [3:02] Drew's story and how he entered the tech space [6:18] Describing E-Discovery [11:40] When does a company typically engage for E-Discovery services [17:50] Skills people need for E-Discovery work [19:49] Recommendations for college grads interested in E-Discovery [22:04] Breaking into E-Discovery [22:43] Working with Relativity One [27:33] How Drew sees the field going forward [29:38] Resources Mentioned Video of the alligators we discussed while running in the everglades...https://www.youtube.com/watch?v=PRbOjKbbfk0   E-Discovery Reference Modelhttps://edrm.net/resources/frameworks-and-standards/edrm-model/ Association of Certified E-Discovery Specialistshttps://aceds.org/ Connect with Drew LinkedInhttps://www.linkedin.com/in/drew-goletz-4b073913/ Avalon https://www.teamavalon.com/ Connect with Robert LinkedIn https://www.linkedin.com/in/robertrounsavall/ Instagram https://www.instagram.com/robrounsavall/

I've been wanting to have a recruiter on for a while and was excited when Sam agreed to come on the podcast and chat.  He is the head of Computer Vision and AI recruiting at Lawrence Harvey, one of the high end recruiting firms.  His team helps companies find data scientists and other very senior technology placements for companies ranging from startups to fortune 100 enterprises. If you are in tech and looking to change gigs, how can you get to the front of the line? If you are hiring, how can you find the best talent? How can you hire data scientists? How can you figure out who is looking for what? Sam has the answers and I know you will enjoy this episode! Connect with Sam on LinkedIn https://www.linkedin.com/in/sam-brown-47b989ba/ https://www.lawrenceharvey.com/  

Commander Steve Fulkerson has had an amazing career in technology floating between cyber research at the most senior levels in the Department of Defense and customer success in the private sector.  There are all types of technology careers in cyber and other spaces within technology and this episode is a great example of that.   Enjoy! https://www.linkedin.com/in/stephenfulkerson/ https://www.tsia.com/  

Great chat with Lonnie Harris from Equifax.  Lonnie started out in engineering working on the Boeing 777 and then moved to Cisco and now is at Equifax.  Great insight into what skills people need in cyber and what people are looking for. Also the best time is NOW to get into cyber.   I enjoyed the conversation and know you will too! If you have cloud/siem/cyber skills and are looking for a gig, Lonnie probably wants to hear from you. Lonnie on LinkedIn: https://www.linkedin.com/in/lonnie-harris-jr-9328153/ Robert on LinkedIn: https://www.linkedin.com/in/robertrounsavall/ Contact the podcast: podcast@synackfinack.com    

In this episode, I am happy to be joined by Dr. Bartley Richardson from NVIDIA to chat about GPU based data science and how to get ahead in cyber.   I've worked in places where I've have to process ALOT of data whether it be network traffic or logs.  I've had problems with data that standard methodologies and hardware just can't scale to handle handle.  Bartley and the team over at NVIDIA has been thinking about how to leverage the power of their platforms to solve some of these hard challenges with GPU based data science capabilities. If you are in security operations working with large volumes of data, or architecting your platforms, you should take a look at rapids.ai.  "The RAPIDS suite of open source software libraries and APIs gives you the ability to execute end-to-end data science and analytics pipelines entirely on GPUs." A GREAT place to start learning about Rapids is their page on Medium where they are always sharing great content about what they are doing. Links: https://medium.com/rapids-ai https://rapids.ai/ https://www.nvidia.com/en-us/ https://www.linkedin.com/in/bartleyrichardson/ I think you will love this episode! If you like what you are hearing it would mean the world to me if you leave a review wherever you listen to your podcasts. If you have feedback or suggestions for guests just shoot me a note at podcast@synackfinack.com        

On this episode of The SynAckFinAck Podcast, I welcome Lenny Chesal, at R2 Unified Technologies. Lenny and I chat about the state of the industry and how to get ahead in cyber.  I learn something in every podcast and this one is no different.  Lenny has so much wisdom from years of experience in the field.  I had no idea he got his start thwarting drug traffickers ability to call their contacts from the hotels of South Beach!  We also chat about the current state of the universities and how to deal with the problem of outdated curriculum, how to give back to the community, and the importance of soft skills. Then, Lenny explains a significant problem with companies not utilizing security tools and shares about his podcast The New Normal and his involvement in various organizations, such as the Leukemia Society.   Connect with Lenny on LinkedIn: www.linkedin.com/in/lennychesal Visit his website: www.r2ut.com Listen to his podcast: https://podcasts.google.com/feed/aHR0cHM6Ly9hbmNob3IuZm0vcy9kZTkwNDUwL3BvZGNhc3QvcnNz     Episode Timeline: [00:04] Introducing Lenny Chesal + How he got into technology industry [09:02] What should people be doing if they want to get into the technology industry? [14:07] What would you recommend a security professional with a few years of experience in the industry to do to further their experience? [18:36] How to avoid plateauing in your career + What to do when you don't feel good in your position [21:18] What do you see as the next big things in technology [25:32] The tools are there, but people and companies are still being crushed. Trust the experts! [29:54] Lenny shares about his podcast and his involvement in various organizations + How to get in touch with him    

In this episode, I chat with Randy Pestana, Director of Education and Training for Cyber Security and Assistant Director for the Institute of Public Policy at FIU. Randy tells us about how he entered the field of cybersecurity and the programs that FIU offers. He explains what the National Initiative for Cybersecurity Education (NICE) framework is and how this system can be an asset for HR and cybersecurity professionals.   Episode Outline [00:40] Randy's background and what got Randy into the field of cybersecurity policy [03:52] FIU's cyber training programs [06:50] The NICE framework and conference [12:27] The diversity of roles and skill sets within the field of cybersecurity [16:27] Industry participation with NICE [20:37] How the  NICE framework can be an invaluable resource for HR and cybersecurity professionals [25:10] The new, updated NICE framework coming soon [26:01] Exposing K-12 to the field of cybersecurity   Resources Mentioned Learn more about the NICE Conference here: https://niceconference.org Read the NICE Framework here: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center Learn more about FIU here: http://gordoninstitute.fiu.edu Learn more about Cybersecurty at FIU here: https://cybersecurity.fiu.edu   Connect with Randy LinkedIn Twitter  

  Nhan had an engineering background and wanted to make a bigger impact by starting a smaller company.     Vinson got his start working at an ISP in someone's basement back when ISP's were in basements in peoples houses.   After spending time in the Northern VA tech space, they came together and founded Blue Cloak in 2015 where they build cyber test platforms for the DoD.   "Innovation Through Integration"  How do you put tools together to do cool things in the offensive space?     Why bother doing something like war driving when you can fly a drone with all the collection and cyber attack capabilities and just land it on the building you are trying to get into?   How do you leverage technologies like Virtual and Augmented Reality or Deep Fake and exploit them?   These are the types of projects that anyone coming up in tech or security would want to work on.   We talk about this stuff and what they look for when they are bringing on interns and employees.   What really important if you are trying to get in to tech?   I'm still trying to figure out how to get an internship with this team, they are working on some amazing things always.   www.blue-cloak.com https://www.linkedin.com/company/bluecloakllc/ https://twitter.com/blu3cloak

Jimmy Dupree has been in the tech space for 25 years working mostly in the DoD.  After successfully developing an internship program at his company Blue Cloak, he and the team decided to run a pilot program with local schools to see if they could help bring people into the community.  After a successful pilot, the team put their money where their mouth is and launched the Empower Group.  They invested in a space, built it out, and were ready to go, then Covid threw a wrench in the plans. They have since adapted and moved everything virtual and have their fist CyberPatriot Bootcamp coming up in a couple of weeks.  Some great advice in here for people who have been in the space and want to give back.  You can find out more about what Jimmy and the team is working on at the links below: https://www.linkedin.com/company/mpowergroupllc/ https://www.blue-cloak.com/ https://www.linkedin.com/in/jimmy-dupree-890a8861/ https://twitter.com/dupreej https://twitter.com/mpowergroupllc          

If you are in a leadership position at a small or medium size business  grappling with what to do about your technology and you don't have a CIO or security team, you will get a lot out of this podcast.  You will learn how to streamline your tech, improve your security, AND reduce cost. After you listen to the podcast, you will want to check out Jess' book Hack Proof Your Business.  I read it in two short sittings and as a "seasoned" security professional, appreciated what they are sharing with business owners.  I have seen and dealt with many of the attacks discussed in the book and it is a really short read advice and the things you should be thinking about.  We had a great conversation about how business is changing, and how business technology has changed over the years.  Jess is one of the smart guys out there who I call when I have tech questions especially as it involves migrating to the cloud. I appreciate Jess taking the time to share his expertise with me and you! Hit these links for more information about Jess on LinkedIn and his company Applied Innovations. 

I was thrilled to chat with Felipe on the podcast.  We discuss a number of topics including moving infrastructure to the cloud, what it takes to get into and make it in the security field, and other topics.  Thank you for listening!

In this interview, I visit with Bill Kimball and James Wright from Cyber Defense Technologies (CDT).  If you are a veteran and in cyber, or would like to get into cyber, you will love this episode.  These guys are so full of knowledge and have very deep experience.  If you are looking for security services, penetration testing, or compliance work, this company would be a great option.  They are a Service-Disabled Veteran-Owned Small Business and most of their team members are also veterans.  I appreciate their service and am thankful that we have guys like this defending some of our nation's most sensitive networks.  Enjoy! [03:56] Experiences in pen testing [05:27] Importance in understanding compliance [06:57] Jobs that require security clearances [13:40] Thoughts on cybersecurity maturity model certification [16:35] How to think about gaps in security [18:37] Role of someone with offensive security certification like OSCP [20:47] Importance of scripting capabilities [23:18] On pursuing a career in cybersecurity [25:39] Ways to prepare yourself for the future by observing trends Quotes: “If you're getting started in your career and moving towards cyber, definitely stay focused on the technology.” “The one thing to understand about the cybersecurity industry or information security industry, is we're an enabler.” “What's important to teach right now in any cybersecurity classes, is the ramifications of big data and machine learning as those continue to evolve and what that is going to do to the security industry” Resources: https://www.cyberdefensetechnologies.com/ https://www.facebook.com/CDTLLC/ https://www.linkedin.com/company/cyber-defense-technologies/ https://www.instagram.com/cdtllc/ https://twitter.com/CDTLLC  

There are levels in all sorts of things in life.  In Ultrarunning there are levels.  I'm a solid mid-pack ultrarunner when I'm training, and will never be at the top.  In Jiu-Jitsu there are levels.  I'm a white belt just at the beginning of my journey.  In infosec there are levels, and I consider myself a pretty strong security professional.  I can always learn more.   I'm lucky to know people who are at the highest levels in different areas and Jorge is at the top of the game in security.  He has been playing the offensive security game for a long time and I've been watching his career as he has become an absolutely amazing professional. He is a professional hacker, SANS instructor, published author, and project lead for the C2 Matrix. I know you will enjoy this one. Jorge talks about his career and how he got his start, and what he's been working on lately.  He helped me understand the difference between red teaming and purple teaming.  If you want to get ahead in infosec or technology, Jorge is a person you should pay attention to and try to emulate. You can find more about Jorge here: https://www.linkedin.com/in/jorgeorchilles/ https://twitter.com/jorgeorchilles https://www.youtube.com/user/jorgeorchilles https://www.thec2matrix.com/  

If you are in tech and security and not paying attention to the technology called “Kubernetes”, it's time to start.  There are some people way smarter than I am saying that Kubernetes is the new Linux and will change computing as much as TCP/IP changed the Internet.  I was lucky enough to have Brad Geesaman, one of the founders of Darkbit.io on the podcast. He is one of the first 20 people in the world to obtain the Google Cloud Certified Fellow designation and has been working with all of the different cloud technologies for years.  Here are links to some of the tools, technology, and training that we discussed in this episode.   Brad's company Darkbithttps://darkbit.io/ Follow Brad on Twitter and LinkedInhttps://twitter.com/bradgeesaman https://www.linkedin.com/in/bradgeesaman/ These two resources Brad specifically called out as amazing after our recording and I wanted to get them in the notes:https://kubernetes-security.info/ Core Kubernetes Book by Chris Lovehttps://www.manning.com/books/core-kubernetes   Everything else we discussed: https://kubernetes.io/ Some great free and paid training options here:https://www.katacoda.com/ You want to learn what a YAML file is...https://yaml.org/start.html Kubernetes Certificationshttps://www.cncf.io/certification/cka/ https://www.cncf.io/certification/ckad/ Kubernetes The Hard Way by Kelsey Hightowerhttps://github.com/kelseyhightower/kubernetes-the-hard-way Center for Internet Security Benchmarks for Kuberneteshttps://www.cisecurity.org/benchmark/kubernetes/

Tracie Zenti is one of the smartest women in technology that I've ever met.  Her entire career has been working with emerging technology which led her from Hollywood Video where she got her start to companies like IBM, Intel, and Amazon.  She is now at Microsoft where she is the Director of Category Management for Migration for Azure Marketplace.  Marketplaces are completely changing in a great way how companies acquire new software. We discuss: Her career journey and how she ended up in technology. What it's like to work somewhere that they are doing a 25 year out roadmap. Mentoring for women and how to get a mentor, which applies to both men and women. How to effectively network with your peers. After we finished recording the interview, we were talking about a couple of things including some of the challenges that women in technology have and I really should have brought that up during the recording because what she was sharing was so important for women in particular that I asked if I could start recording again.  The last 10 minutes of the episode is that conversation. I hope you enjoy listening as much as I enjoyed chatting with her! Catch you next time!

I have to admit I have a little bit of work envy for my friend Sean Slattery. After starting his computer career in Paris, he moved with his wife down to the Cayman Islands and has been providing security services all over the Caribbean for years. Sean has been making some blocks of time to do some exploring in North America with his family via travel trailer while still taking care of his clients. It was a super fun conversation and here are some of the things we talk about: -Various industry trends and the incremental improvement vs big changes. -What it takes to get into Cyber and what skills are needed. HINT: Learn a programming language... -How we both taught our kids how to pick locks. -Where is the best place to stash a suitcase full of money if you need to. You can find Sean and his company Caribbean Solutions Lab on LinkedIn Instagram @seanslatt.  I think you will really enjoy this episode!

In this episode of the podcast I chat with Robert Renzulli, the CISO for the Port of San Diego. Because of where it is located, they have some unique challenges. They are on an international border, connected to an international airport, a military base, where the Navy SEALs train, and various other things. They are also a public entity in a state with some unique privacy laws and concerns. We discuss a number of topics including a recent Sam Sam ransomware incident they had that was disclosed to the public and led to an indictment of two Iranian Nationals. He basically gave a master class on incident response from technical to communication to legal and many of the other things that people don't often take into consideration during an incident. Some things I took away: When dealing with an incident, first call your General Counsel, then your Cyber Insurance company. The port used the NIMS Fema Incident Management System. Communication is a really big issue during an incident, especially if it is publicly disclosed: "Cyber always somehow focuses on technical and it's so much more than that." We discussed hiring, internships, and where Robert finds people to work in security: "I've found a lot of my best analysts were baristas at Starbucks, or worked as bouncers. It doesn't matter the background, it's the drive, it's the motivation, it's the constantly wanting to learn" We end up talking about what technology will be key and understanding that it's not necessarily the tech, but the DATA that is critical and how important it is to understand your data, what it is, and how to manage and secure it. "Emerging technology is going to be all about how you move the data around, how do you protect the data, and how do you control who has access to the data, and what device the data actually lands on." You can find the SynAckFinAck Podcast wherever you listen to your podcasts. If you like what you hear, please pop over to iTunes and give a review, subscribe to and share the podcast. Thank you for listening! Spotify iTunes Stitcher iHeartRadio

Pete has been in technology and security for over 30 years. He is currently the CISO for Cybraics, and has been CISO for some really large companies like Hertz Rental Car and Virtustream, now a DELL EMC company. He's just got so much knowledge and there was something in there for everyone. After giving his background we have a little discussion about why the CISO is such a short lived position. One of the reasons CISOs only last 14 months. "What should be more of a technical role and the lead security technologist ends up being the lead beggar for money. You're doing nothing but asking for money and trying to justify your projects and figuring out return on investment?" We then chat about the technology they are working on over at Cybraics which came out of a DARPA project to do things like locate IEDs and transitioning it to security use cases, and the challenges with doing Artificial Intelligence and Machine Learning for real: "The language of machine learning is written in Python, and if it's artificial intelligence, it's written in PowerPoint" Pete then drops some knowledge about what it takes to continually move up in the security game and stay relevant long term.  "If you can't work on the business side you're going to hit a wall where you're going to be the smartest tech guy but you're going to plateau, at some salary level" Finally we wrap up talking about some past incidents we've worked on where Pete and the team took a boat up the Miami River and hacked into kiosks at the airport, and a couple of other fun projects that he's been involved with. If you are interested in a career in cyber, moving up in the ranks, or are a seasoned professional, I think there's something in here for you. I hope you enjoy and if so please subscribe, rate, and review. Below are links to the podcast as well as how to find Pete and Cybraics. Until the next one!   Pete's company Cybraics Connect with Pete on LinkedIn Listen to the Podcast: Spotify iTunes Stitcher iHeartRadio

Most people I've worked with who do incident response and forensics are dealing with a cyber attack of some sort. Perhaps it's ransomware, maybe a malware infection, or data leak issue. Aaron Weiss and his team from Forensic Recovery handle those cases and they also get called in for some really interesting and different cases on the criminal and civil side ranging from employee fraud to child pornography. In this interview, Aaron and I discuss: How he got started in the field and his path to computer forensics. "One of the heads of the computer science program, approached me my senior year and said, "Aaron, would you like to take differential equations or do you want to try computer forensics?", and it was the first computer forensics class. I said, "I have no idea what computer forensics is, but I will gladly sign up!" How he got started by volunteering with the Sheriff's office cyber crimes squad. How it's different to work a case like child pornography where you can't take the evidence with you over a period of time and have to do work with investigators on the case watching over everything you do. Also what type of evidence and meta data that can be collected to help find out what is important. "One click can make or break whether someone ends up in jail or not" Things like collecting evidence on different forms of social media that is always changing... FYI If you are filing a fraudulent slip and fall case against your employer, it's probably not the best time to go skiing and post on social media... "There may be a new form of chat or social media that there's no tool for, so we have to figure out what's the best way to preserve evidence" How to get ahead in your career and what causes plateaus. "I've seen a lot of CVs in expert witness cases on the opposing side where their CV stops 5 years ago because they've been doing the same thing and they haven't spent the time to continue to learn." Aaron shares some deep knowledge on reasoning for degrees and certifications and what you can do to get ahead if you are a student or earlier in your career. Here are a few cool ideas: Show up to anything you can locally. Many conferences have FREE or extremely reduced rates for students. Take advantage of all the tech and security companies offering free webinars. You can learn a ton of things from those. He gives a couple of specific examples on the podcast. Set up your own network, test and play. Finally we wrap up talking about improv comedy and how that can help you in your career. Spoiler alert, I agree to take an improv class sometime before the end of the year. I have already found one locally and will eventually jump in and join! Here are links to some of the things mentioned in the podcast: BSides ISSA SANS Work Study Program Tools CelleBrite Access Data FTK (Forensic Tool Kit) X-Ways Forensics Listen to the podcast here: Spotify iTunes Stitcher Google Play Your Computer

I met Brooke Jones a few years back in the Florida Ultra Running community at the Skydive Ultramarathon where mostly insane people jump out of an airplane then run 100 miles, but that's a whole other crazy story for another time... Brooke is an ultrarunner and was a school teacher doing well in her career and moving up quickly. Over time she was facing some burnout and decided to make a major career change. After contemplating going back to school to change careers, she settled on becoming a coder, and you can follow her coding and mountain running adventures on Twitter and Instagram. I wanted to talk to her on the podcast because she wasn't a first or second year teacher and just decided to make a switch, she was 13 years in. That is not only a big deal, but takes some serious guts to stop what you are doing and make a big change. We talk about how she decided on development, where she went to school, and how she landed the awesome job at UpLaunch. If you are thinking about making a career switch or looking for your next gig, there is some great information here that is worth listening to. I couldn't be more excited for Brooke and will continue to follow her career path. I hope you enjoy our conversation in this second episode of the SynAckFinAck Podcast. If you like what you hear, please subscribe and share with anyone who it may be a good fit for!  

In this episode Robert interviews the Director of Security for HBO Latin America.  They discuss career path, and get into some details about challenges, cloud, working with MSSP's, and where the industry is going.