Unspoken Security by ZeroFox is a raw and gritty podcast for cybersecurity professionals who are looking to understand how the internet is being leveraged by threat actors. In each episode, host AJ Nash engages with a range of industry experts to dissect current trends, share practical insights, and address the blunt truths surrounding cybersecurity. Ultimately, the lessons learned will enable security professionals to take an intel-driven, proactive approach to physical and cybersecurity that extends past the perimeter.
In this unfiltered episode of Unspoken Security, host A. J. Nash explores the looming threat quantum computing poses to our digital infrastructure with experts Robert Clyde, Managing Director of Clyde Consulting and Chair of crypto-security firm CryptoQuanti, and Jamie Norton, a Board Director at ISACA with extensive cybersecurity credentials. They cut through the technical jargon to explain how quantum computing fundamentally differs from classical computing and why its exponential processing power threatens to break current encryption standards."While current quantum computers operate at around 150 qubits, once they reach sufficient power, everything from banking transactions to secure communications could be compromised instantly," warns Robert during the discussion of "Q Day" — the moment when quantum computers become powerful enough to defeat public-key cryptography underpinning internet security.Despite the alarming scenario, the experts offer practical guidance on preparing for this threat. They outline how organizations should begin implementing post-quantum cryptography solutions developed by NIST, emphasizing that proactive preparation, not panic, is the critical response security professionals should adopt today. Listen to the full episode to understand the quantum threat and learn the concrete steps your organization should take now before Q Day arrives.Send us a textSupport the show
In this eye-opening episode of Unspoken Security, host AJ Nash welcomes notorious hacker and security expert Jayson E. Street to discuss why traditional security awareness training falls short. Jayson explains that most corporate security training is merely policy-driven compliance, not actual security education.Instead of focusing on checkbox exercises once a year, Jayson advocates for building situational awareness—a security mindset that extends beyond the workplace into everyday life. He shares practical strategies for gamifying security training, fostering a culture where employees feel like participants rather than targets, and creating year-round engagement through creative competitions.Through entertaining stories and candid insights from his experience as a simulated adversary for hire, Jayson challenges the industry's approach to security training and offers a refreshing perspective on how to make organizations genuinely more secure.Send us a textSupport the show
In this eye-opening episode of Unspoken Security, host AJ Nash welcomes notorious hacker and security expert Jayson E. Street to discuss why traditional security awareness training falls short. Jayson explains that most corporate security training is merely policy-driven compliance, not actual security education.Instead of focusing on checkbox exercises once a year, Jayson advocates for building situational awareness—a security mindset that extends beyond the workplace into everyday life. He shares practical strategies for gamifying security training, fostering a culture where employees feel like participants rather than targets, and creating year-round engagement through creative competitions.Through entertaining stories and candid insights from his experience as a simulated adversary for hire, Jayson challenges the industry's approach to security training and offers a refreshing perspective on how to make organizations genuinely more secure.Send us a textSupport the show
Ransomware gangs aren't faceless shadows. Jon DiMaggio knows—he's talked to them. In this episode, A.J. Nash sits down with the Chief Security Strategist at Analyst1 to pull back the curtain on the hidden world of cybercriminals. Jon shares how he builds detailed personas, infiltrates ransomware crews like LockBit, and navigates the psychological toll that comes with living a double life.Jon breaks down the tactics behind covert engagements—how ego, language barriers, and criminal alliances can be used to gain access. He also talks through his storytelling process in The Ransomware Diaries and why long-form, evidence-based intelligence reporting still matters. This isn't just threat research—it's human behavior under a microscope.The conversation also dives into attribution, burnout, and the personal risks Jon has faced. He opens up about being targeted, leaning on mental health support, and using fear as fuel. This is a raw, unfiltered look at cyber threat intelligence from the inside.Send us a textSupport the show
In this episode of Unspoken Security, host AJ Nash sits down with Chris Birch, an intelligence practitioner with nearly 30 years of experience, to discuss the ever-evolving landscape of social engineering. Chris's unique perspective comes from leading teams that actively engage with threat actors, turning the tables on those who typically exploit vulnerabilities.Chris details how social engineering is simply human manipulation, a skill honed from birth. He explains how attackers leverage fear and greed, the fastest and cheapest ways to manipulate individuals. He also dives into how attacks have evolved, highlighting the dangers of increasingly sophisticated tactics like deepfakes and the blurring lines between legal and illegal applications of social engineering.The conversation also explores the crucial role of organizational culture in cybersecurity. Chris emphasizes that awareness, not just education, is key to defense. He advocates for sharing threat intelligence widely within organizations and across industries, empowering everyone to become a sensor against social engineering attempts. Chris also shares a surprising personal fear, offering a lighthearted end to a serious discussion.Send us a textSupport the show
In this episode of Unspoken Security, host A.J. Nash sits down with Ramesh Rajagopal, Co-Founder and CEO of Authentic8, to discuss the evolving landscape of digital investigations. They explore how modern intelligence teams navigate the deep and dark web, conduct secure open-source research, and protect themselves from exposure. Ramesh shares how his platform, Silo, empowers analysts by providing anonymity, obfuscation, and productivity tools to streamline investigations without compromising security.The conversation dives into the challenges of direct engagement with cybercriminal environments, the risks analysts face when conducting investigations, and how organizations are shifting towards more proactive intelligence programs. A.J. and Ramesh also discuss the growing adoption of digital investigation tools in the commercial sector, spanning industries from financial services to corporate security and brand protection.AI's role in intelligence work also takes center stage, with insights on how automation can assist analysts without replacing human expertise. The episode closes with practical recommendations for organizations looking to strengthen their intelligence operations while balancing security, efficiency, and long-term strategic growth.Send us a textSupport the show
The intelligence community is often misunderstood, shrouded in secrecy, and clouded by misinformation. In this solo episode, A.J. Nash pulls back the curtain on how intelligence actually works, breaking down the 18 agencies that make up the U.S. intelligence community, their legal limitations, and the oversight that keeps them in check. He explains the different types of intelligence—SIGINT, HUMINT, OSINT, and more—highlighting their roles in national security. A.J. also addresses the myths surrounding intelligence work, including claims of government surveillance, political weaponization, and conspiracy theories. He details how intelligence professionals are trained to be objective, follow strict oversight, and operate within legal frameworks. With firsthand experience, he challenges misconceptions and explains why the reality of intelligence work is far less sinister than the public is often led to believe.Finally, A.J. discusses the impact of political rhetoric on intelligence agencies, emphasizing the importance of separating fact from fiction. He urges listeners to approach claims about intelligence abuse with scrutiny and to recognize the dedication of those working behind the scenes to protect national security.Send us a textSupport the show
DEF CON is more than just a hacking conference—it's a community. In this episode, host AJ Nash sits down with Ada Zebra, a longtime goon and leader behind DEF CON Hotline, a resource dedicated to handling security incidents, harassment reports, and crisis situations at the event. Ada shares her journey from a first-time attendee to a key figure in DEF CON's security efforts, shedding light on the history and evolution of the hotline.She discusses how the hotline was born out of necessity after an incident in 2017, when leadership realized DEF CON needed a dedicated space for attendees to report issues safely. Since its launch in 2018, the hotline has grown every year, bringing in highly trained volunteers to assist in complex situations ranging from restraining orders to personal safety concerns.AJ and Ada also explore the hotline's relationship with DEF CON's security team, how volunteers are selected and trained, and why fostering an inclusive environment matters in the hacker community. If you've ever wondered what happens behind the scenes at one of the world's largest hacker gatherings, this episode offers an inside look at the challenges, responsibilities, and impact of the DEF CON Hotline.Send us a textSupport the show
In this episode of Unspoken Security, host AJ Nash sits down with intelligence and security expert Brian Kime to explore the often misunderstood world of industry analysts. With years of experience at Forrester, Brian pulls back the curtain on how analysts conduct research, engage with vendors, and influence the cybersecurity landscape. Together, they address the widespread belief that vendor evaluations are purely “pay to play” and explain why this assumption misses the mark.Brian shares insights into the rigorous methodologies analysts use, the importance of vendor neutrality, and how advisory services help enterprises make informed decisions. He highlights how analysts serve as a bridge between security leaders and vendors, often guiding product development and procurement strategies. The discussion also touches on the value of contributing to analyst research, even for smaller vendors, and how to effectively build relationships with analysts.Whether you're a vendor aiming to get noticed or a CISO navigating technology decisions, this episode offers valuable takeaways on leveraging industry analysts for growth and strategic alignment.Send us a textSupport the show
In this episode of Unspoken Security, AJ Nash sits down with Ryan Cloutier, CEO of ScareBear Industries, to discuss the future of artificial intelligence. Ryan explains the evolution of AI, from its origins with Alan Turing to today's generative AI and large language models. He highlights the importance of understanding that AI, at its core, is mathematics. Ryan emphasizes the need for careful consideration of ethics and societal impact as AI continues to develop.Ryan discusses both the exciting potential and the inherent risks of AI. He explores the potential for misuse and the need for careful governance. He also highlights positive use cases, such as AI companions for the elderly and advancements in medicine. Ryan raises concerns about job displacement and the potential transfer of power from humans to machines.Ryan encourages listeners to become involved in their local AI communities and promote the safe and ethical development of this transformative technology. He stresses the importance of critical thinking and kindness in navigating the future of AI. He leaves listeners with a call to action: do a random act of kindness daily.Send us a textSupport the show
In this episode of Unspoken Security, host A.J. Nash sits down with Jeff Daisley, Principal Security Intelligence Engineer at Comcast, to explore the multifaceted world of executive protection. Together, they unpack the growing convergence of physical and cyber threats facing high-value individuals, including executives, public figures, and their families. From cyberattacks and social engineering to physical security breaches, Jeff emphasizes the importance of a holistic approach to safeguarding these individuals in today's volatile landscape.Jeff shares actionable insights into building robust executive protection programs, highlighting the need for proactive measures like cyber hygiene, travel assessments, and device security. He underscores the role of trust and collaboration in integrating protective strategies that span personal and professional lives, ensuring the safety of not only the executives but also their inner circles.The conversation also delves into real-world examples, illustrating how vulnerabilities in seemingly small areas—like smart home technologies or insider threats—can lead to significant risks. Whether you're an industry expert or simply security-conscious, this episode offers valuable perspectives on bridging the gap between digital and physical security in a rapidly evolving world.Send us a textSupport the show
In this episode of Unspoken Security, host AJ Nash dives into the shadowy world of data brokers with guest Lawrence Gentilello, CEO of Optery. They begin by exploring what data brokers are, revealing how these companies collect, buy, and sell personal information—from dating app details to home addresses—to virtually anyone with a credit card. The conversation sheds light on the breadth of the industry and its impact on individual privacy, especially in the context of emerging technologies.Lawrence discusses the challenges of protecting personal data, detailing common security risks posed by apps, social media, and open web data. The episode emphasizes the need for proactive steps, like using password managers, enabling multi-factor authentication, and reducing one's digital footprint to minimize exposure to these vast data exchanges.In the final segment, AJ and Lawrence address legislative measures around data privacy, including state-level laws and the evolving role of AI in data brokering. Lawrence shares how Optery's automated data removal service helps individuals regain control over their personal information, reducing vulnerabilities and enhancing digital security. This episode is essential listening for anyone looking to better understand data privacy and protect their personal information.Send us a textSupport the show
On this episode of Unspoken Security, host AJ Nash welcomes Gary Berman, CEO of Cyberman Security. AJ speaks with Gary about his harrowing journey from successful business owner to victim of a persistent insider threat campaign. What started as financial fraud quickly spiraled into years of cyberstalking orchestrated by a group with suspected ties to a religious cult.Gary's story unveils the devastating impact of insider threats that extend far beyond financial loss. He details the emotional and psychological toll of being relentlessly targeted, both personally and professionally. His experience underscores the often-overlooked connection between cybercrime and extremist organizations.Now a cybersecurity advocate, Gary channels his experience into educating others. He discusses his work with Cyberheroes Comics and his latest venture: a platform designed to make high-level CISO talent accessible to small and medium-sized businesses.Send us a textSupport the show
In this episode of Unspoken Security, host Aj Nash sits down with Charity Wright, Principal Threat Intelligence Consultant at Recorded Future, to dive into the complexities of foreign influence on U.S. elections. They explore the evolving tactics used by nation-states like Russia and China, focusing on cyber threats, disinformation campaigns, and election interference. Charity highlights the growing concern over foreign actors exploiting vulnerabilities to weaken democracies.A key discussion point is the alarming rise of ransomware as a significant threat to the 2024 election. Charity explains how both nation-state and cybercriminal groups could disrupt critical infrastructure, potentially preventing voters from accessing polls or undermining public trust in the electoral process.The conversation wraps up by addressing how misinformation and disinformation campaigns have evolved, especially with the use of AI. Charity offers insights on how citizens can better identify credible sources and resist manipulative tactics designed to divide and destabilize.Send us a textSupport the show
In this episode of Unspoken Security, host A.J. Nash sits down with Dominic Vogel, founder of Vogel Leadership & Coaching, to discuss the importance of bringing humanity back into the cybersecurity field. Dominic shares his journey from corporate burnout to becoming an advocate for kindness and authenticity in an industry often focused on metrics and technology.Dominic explains how leading with empathy and building real, human connections can transform the workplace. He emphasizes that in a high-stress field like cybersecurity, creating positive environments is crucial for maintaining mental well-being and productivity. The conversation also touches on Dominic's leadership approach, where he prioritizes relationships and kindness over traditional, rigid business strategies. Tune in to learn how Dominic is reshaping cybersecurity leadership by focusing on people first, showing that a human-centered approach can lead to long-term success in both business and personal life.Send us a textSupport the show
In this episode of Unspoken Security, host AJ Nash talks with Crystal Morin, Cybersecurity Strategist at Sysdig, about the world of threat hunting. Crystal shares her journey from military linguist to cyber defender, highlighting the skills that translate across these fields.The conversation dives into what threat hunting is and why it's crucial for proactive cybersecurity. Crystal explains how she developed a company-wide threat-hunting program at Booz Allen Hamilton, emphasizing the importance of open-source tools and training.Crystal discusses the challenges of funding proactive security measures and the need for more threat hunters in the industry. She also touches on recent discoveries, including novel cybercriminal operations and targeted attacks against large language models. The episode wraps up with insights on making threat hunting accessible to more professionals in the cybersecurity field.Send us a textSupport the show
In this episode of Unspoken Security, host AJ Nash sits down with Emily Phelps, Director of Marketing Communications at CYWARE. They dive into the core challenges and strategies in cybersecurity marketing. Emily emphasizes the importance of not just attracting customers but ensuring they are the right fit to prevent churn and frustration. She highlights the need for authenticity in marketing messages, noting that misleading claims can harm both the company's reputation and customer trust.AJ and Emily also discuss the essential goals of marketing within the cybersecurity industry, stressing the need to build and retain a loyal customer base. Emily shares her philosophy on marketing, focusing on creating value and clear, truthful communication rather than succumbing to the pressure of exaggerated claims. She underscores the importance of understanding the audience and articulating the unique value propositions of the company.The conversation delves into the broader role of marketing in supporting the security community. Emily explains how effective marketing can bridge the gap between technical experts and the market, fostering better understanding and collaboration. This episode provides a candid look at the realities of cybersecurity marketing and the principles that drive successful strategies.Send us a textSupport the Show.
In this episode of Unspoken Security, host AJ Nash engages in an insightful conversation with Karla Reffold, Chief Product Officer at Surefire Cyber. The episode dives into the nuances of cybersecurity careers and leadership. Karla shares her journey from a background in recruiting and corporate governance to her current role in cybersecurity, highlighting her expertise in risk assessment and leadership.Karla discusses the importance of confidence and humility in career advancement, recounting stories of successful career transitions and emphasizing the need for clear career goals. She also reflects on the evolving nature of cybersecurity and the critical role of continuous learning and networking.AJ and Karla explore the significance of understanding risk in cybersecurity, with Karla underscoring the value of practical experience and networking over formal certifications. The episode concludes with a discussion on the challenges faced by women in the cybersecurity industry and the importance of resilience and self-belief.Send us a Text Message.Support the Show.
In this episode of Unspoken Security, host AJ Nash sits down with Paul Ashley, Chief Technology Officer at Anonyome Labs, to explore the intricacies of decentralized identity. Paul explains how decentralized identity offers stronger security and better privacy compared to traditional centralized and federated identity systems. He emphasizes the role of identity wallets, which store user identities and verifiable credentials, ensuring users maintain control over their personal information. Paul dives into the historical evolution from centralized identity systems in the 1990s to the current decentralized models. He highlights the limitations and privacy concerns associated with federated identity systems, such as data aggregation by large identity providers like Google. These concerns underscore the need for decentralized systems that empower users to manage their identities independently. The conversation also covers real-world applications of decentralized identity, including mobile driver's licenses, which offer selective disclosure and zero-knowledge proofs. These innovations allow users to share only necessary information, enhancing privacy and security. Paul predicts a significant impact of decentralized identity on the security landscape in the coming years, marking a transformative shift in how personal data is managed and protected.Send us a Text Message.Support the Show.
In this episode of Unspoken Security, host AJ Nash welcomes Jeff Foley, founder and leader of the OWASP AMASS flagship project and Vice President and Distinguished Fellow of Research at ZeroFox. They dive into the critical importance of attack surface management (ASM) in cybersecurity, emphasizing the need for visibility from an adversarial perspective. Jeff explains how attackers spend most of their time on surveillance to deeply understand their targets; a vital component to improving the likelihood of being successful during any attack.AJ and Jeff discuss the transition from government to commercial cybersecurity - including the challenges and opportunities - and Jeff shares his insights on how the commercial sector can benefit from the disciplined and thorough approaches used in government cybersecurity. He stresses the importance of ASM as a form of intelligence, advocating for organizations to identify and manage their attack surfaces as attackers do proactively.The episode also covers the terminology and misconceptions surrounding ASM, with both AJ and Jeff agreeing that "attack surface management" may not fully capture the essence of the practice, suggesting "attack surface intelligence" as a more accurate term. They underscore the necessity for continuous monitoring and adaptation in a constantly evolving cyber threat landscape.Finally, as with all episodes of Unspoken Security, our guest (Jeff, in this case), reveals a secret...something that - to this point - has remained unspoken. Like every episode, Jeff doesn't disappoint!
In this episode of Unspoken Security, host AJ Nash welcomes Virgil Capollari, the founder of Adaptive Risk Strategies, to dive into the intricacies of insider threat programs. They discuss the often misunderstood aspects of these initiatives, emphasizing the importance of clear definitions and transparency to foster trust within organizations.Virgil, leveraging his extensive experience in intelligence and risk management, highlights the fundamental elements required for an effective insider threat program. He stresses the necessity of executive buy-in and continuous training to maintain security awareness across all levels of an organization.The conversation shifts to the delicate balance of maintaining confidentiality duringinvestigations while being transparent about processes and objectives. Virgil advises against excessive secrecy which could alienate the workforce the program aims to protect. Instead, he advocates for a collaborative approach to strengthen the program's effectiveness and ensure organizational security.Finally, as with all episodes of Unspoken Security, AJ presses Virgil to share something he has never talked about before; something unspoken. Virgil responds with a powerful lesson about the risk of - and potential harm that can be caused by - cutting and pasting.
In this episode of Unspoken Security, A.J. Nash and Adam Darrah (Senior Director of Dark Ops, ZeroFox) dive into the symbiosis between intelligence backgrounds and cybersecurity. With his roots in the CIA, Adam brings a nuanced perspective on transitioning these skills to private-sector cybersecurity, emphasizing the value of human insight and technical prowess.The conversation underscores the blend of experience and innovation, where Adam's journey from the CIA to ZeroFox exemplifies leveraging governmental training in entrepreneurial landscapes. It reflects on the essential role of people in cybersecurity, challenging the notion that technology alone can safeguard digital realms.Moreover, the dialogue navigates through the ethos of cybersecurity operations, highlighting the critical, yet often unappreciated, human element. It dispels the stereotype of cybersecurity work as purely technical, revealing the depth of human engagement in understanding and mitigating threats.Finally, as with all episodes of Unspoken Security, Adam reveals what has been "unspoken" in his life up to this point...and it's another great reveal.
In this episode of "Unspoken Security" - a turbo-charged special recorded live at the RSA Conference last week - host AJ Nash and guest Kayla Williams of DEVO dive into the evolving role of Chief Information Security Officers (CISOs) in today's fast-paced cybersecurity landscape. Kayla, a seasoned CISO with a non-traditional background in governance, risk, and compliance (GRC), shares insights into the unique advantages and challenges of her career path. Her expertise in translating security into business terms fosters strong collaborations and aids in securing budgets—essential for driving security initiatives forward.Kayla emphasizes the strategic importance of aligning security objectives with business goals, highlighting how security is not just a cost center but a growth driver in modern enterprises. Her approach underscores the necessity of communication skills and business acumen for CISOs, which are often overshadowed by the technical aspects of the role.The conversation also touches on the interpersonal skills crucial for leading security teams, such as emotional intelligence and the ability to manage stress and team dynamics effectively. Kayla's journey illustrates the broader impacts of security leadership, from fostering trust among customers to navigating the complexities of corporate governance and compliance. This episode is a must-listen for those interested in the broader implications of cybersecurity leadership and its integration with business strategies.And, as usual, this episode ends with our guest telling us something that has so far gone unspoken...and Kayla overachieved by sharing two very interesting stories that I'm certain you'll want to hear.
In this episode of Unspoken Security, host A.J. Nash continues his conversation with guests Ana Aslanishvili & Shawn Abelson from Pine Risk Management as they dive into the intricacies of security risk management, challenging the conventional separation between cyber and physical security. They emphasize the critical need for a holistic security approach, shedding light on common assumptions and practices that might not hold up under scrutiny.Through engaging discussions, the trio uncovers the subtle yet impactful differences between penetration testing and red teaming, illustrating the value of viewing security measures through the lens of potential adversaries. This approach tests the effectiveness of existing security protocols and fosters a culture of continuous improvement and adaptation to evolving threats.Listeners are treated to real-world anecdotes, from navigating the challenges of physical security assessments to the nuances of social engineering, offering a rare glimpse into the minds of security professionals who think outside the box to protect organizations from obvious and obscure vulnerabilities.This episode serves as a reminder of the ever-blurring lines between physical and cybersecurity, urging professionals and organizations alike to adopt a more integrated and dynamic approach to safeguarding their assets.Finally, as is customary on "Unspoken Security," Ana and Shawn each share something they hadn't previously talked about...something unspoken...and you're going to want to hear their stories.
In this episode of Unspoken Security, host A.J. Nash welcomes Ana Aslanishvili and Shawn Abelson from Pine Risk Management. Together, they dive into the often-overlooked intersection of cyber and physical security. With a combined experience of 30 years, Ana and Shawn share their insights on the importance of integrating these two realms to fortify organizational defenses against evolving threats.The conversation highlights the critical distinctions between penetration testing and red teaming. Ana and Shawn explain how red teaming goes beyond traditional pen testing by adopting an adversary's perspective, aiming to challenge and improve the existing security measures. This approach not only tests the effectiveness of physical and cyber security controls but also enhances the overall resilience of organizations against sophisticated attacks.The episode sheds light on the synergy between intelligence and security practices. Byleveraging threat intelligence, Ana and Shawn illustrate how organizations can anticipate and mitigate potential security breaches. Their expertise underscores the necessity of a holistic security strategy that encompasses both cyber and physical aspects, urging businesses to reassess and strengthen their security posture.
In this episode of Unspoken Security (sponsored by ZeroFox), AJ Nash is joined by Senior Threat Intelligence Analyst (and PhD candidate) Freddy Murre. Freddy brings his years of intelligence and security experience across military service and consulting into a discussion about one of the most common challenges many of us face: demonstrating the value of Intelligence.Freddy and AJ discuss some of the consistent challenges they see in building intelligence-driven security programs, including educating leadership on the differences between data, information, and Intelligence, structured analytic techniques, and how to speak the language of leadership needed to secure and grow budgets. They go on to share their views on building trust and demonstrating value to leadership, as well as available tools to measure that value in objective, defensible ways.As always, the show wraps up with our guest revealing something that had, to this point, gone "unspoken." Freddy, like every guest, didn't disappoint with his candid answers.P.S. Freddy referenced his mind map project, so we wanted to ensure you could find it!- https://github.com/Errum/IntelArchitectureMap
In this episode of Unspoken Security (sponsored by ZeroFox), AJ Nash is joined by Roman Sannikov, the President of Constellation Cyber LLC. Before his current efforts conducting research and delivering Intelligence reports for various clients, Roman has led multiple teams focused on combatting threats in the Deep and Dark Web.Roman and AJ give a brief overview of what we all mean when we say "Deep Web" or "Dark Web" to ensure we're all speaking the same language and then discuss the subcultures and self-regulation within some of the busiest criminal marketplaces. Roman provided insights into things that have changed over the last couple of decades (and what has remained the same) as cybercriminals have become more structured and professionalized.The discussion turned to an exploration of things people often misunderstand when it comes to cybercriminal marketplaces and how easily people can go wrong in their choices for how to combat these threats. From there, the show focused on some of the myths and true stories from Roman's long and storied career as a resident within the cybercriminal underground, including some fascinating stories about his work on behalf of the FBI.As always, the show wraps up with our guest revealing something that had, to this point, gone "unspoken." While I don't want to give too much away, Roman didn't disappoint when he revealed his "unspoken" truth.
In this episode of Unspoken Security (sponsored by ZeroFox), AJ Nash is joined by our first social media star...Gabrielle Hempel! Also known as LadyG on Twitter (@gabsmashh) - with over 100,000 followers - she also focuses on making the world a safer place as a Customer Solutions Engineer for LogRhythm.(NOTE: Gabrielle was actually recorded as AJ's second guest on Unspoken Security - way back in October! - but we saved her appearance until we built our own audience so we weren't just taking advantage of her following.)Gab and AJ have a fun and interesting conversation about Gabrielle's unusual path from working in an auto repair shop in Ohio - where she was almost stabbed! - to become an expert and influencer in cybersecurity. Gab shares how she grew from a shy child into a confident, powerful voice in cybersecurity, including some incredible stories of overcoming the opinions and assumptions of others. She learned how to assess risk and resolve conflicts in some dangerous real-world scenarios, and combined that with her incredible education (B.A., in Psychology, B.S. in Neuroscience, & MS in Global Security, Conflict, and Cybercrime from NYU).With all the things in her life - social media, public speaking, a cybersecurity career, and a family - Gab offers her lessons learned and advice (including the power of saying "no") to get closer to the work/life balance most people need to avoid burning out in an industry where it is so easy to do. AJ added some interesting insights and leadership tactics he's also used to help teammates maintain a more balanced life.This episode even had an additional special guest when AJ's dog Ryleigh couldn't resist meeting Gab! Ryleigh probably heard how much fun AJ and Gab were having and wanted to get some camera time, too.As always, the show wraps up with our guest revealing something that had, to this point, gone "unspoken." Download this episode to find out Gabrielle's secret because you will ABSOLUTELY want to give her (and probably AJ) a hard time after you hear this!
In this episode of Unspoken Security (sponsored by ZeroFox), AJ Nash is joined by Brian Mohr, the founder and CEO of Reqfast, a technology startup dedicated to helping security teams document and prioritize their needs to better focus on work instead of workflow. Brian and AJ talk define what is meant when we talk about Intelligence requirements, why they are important, how to document requirements and use them to measure the value of intelligence (that all-important metric needed to justify investing in Intelligence, and their personal observations on the progress made when it comes to understanding and accepting the need for Intelligence requirements to justify spending and drive successful security practices.Finally, as always, the show wraps up with our guest revealing something that had, to this point, gone "unspoken." In Brian's case, his secret has to do with the novel way he has been keeping track of his passwords which is both simple and feels a bit James Bond-ish.
In this episode of Unspoken Security (sponsored by ZeroFox), AJ Nash is joined by Lisa Ackerman, the Deputy Chief Information Security Officer for GSK (formerly known as GlaxoSmithKline, a British multinational pharmaceutical and biotechnology company. Lisa and AJ talk about the value of building Intelligence-driven security programs, particularly the vital aspect of impacting decision-making. They also both shared the complicated - perhaps unusual? - ways that career Intelligence professionals think and communicate about threats, risks, and preparedness.Perhaps most interestingly, Lisa shares how she not only took her skills from the Intelligence Community (IC) into the private sector to build threat intelligence programs based on the IC's best practices, but has become one of the very few Intelligence professionals to become a leader in the CISO career path.Having transitioned from being a provider of Intelligence to being more of the consumer (on the CISO side), Lisa talked about how her perspective has changed, how it hasn't, and who she thinks CISOs trust the most these days…the “CISO Whisperer” is.Finally, as always, the show wraps up with Lisa revealing something that had, to this point, gone "unspoken”...and Lisa delivered some great stories and insights about how having the guts to leap into challenging situations can be a key to growing a career.
In this episode of Unspoken Security (sponsored by ZeroFox), AJ Nash is joined by Brian Stack, the Vice President of Engineering and Dark Web Intelligence for Experian, a globally recognized leader in data analytics and consumer credit reporting.Brian and AJ take on the topic of ransomware, including talking about some criminal groups associated with this activity and the evolution from simple ransomware attacks up to complex double-, triple-, and quadruple-extortion tactics being used by some of the most industrious criminal groups that are always looking for new ways to pressure companies into paying these ever-growing ransoms.After examining the financial impact of these ransomware attacks, the conversation turns to recent changes to the laws in a handful of states - making it illegal to pay ransom - and what those changes could mean- What will the impact of these laws likely be?- Will criminals change their behavior? -- If so, will this create haves and have-nots among corporations that eventually require the U.S. to consider a national law?To prevent becoming a victim of a ransomware attack - or at least limit the harm of a ransomware attack should it happen - AJ and Brian provide recommendations for proactive defense, playbooks, and exercises that build organizational strength BEFORE things go wrong. As always, the show wraps up with Brian revealing something that had, to date, gone "unspoken." If you want to know the truth about some of the ugliest things you've ever heard about on the Dark Web...Brian's answer is one you'll absolutely want to hear.
In this episode of Unspoken Security (sponsored by ZeroFox), AJ Nash (VP & Distinguished Fellow of Intelligence, ZeroFox) is joined by Tarah Wheeler, who is not only the CEO at Red Queen Dynamics, but also a Senior Fellow for Global Cyber Policy at the Council on Foreign Relations and Advisory Board Member for the Electronic Frontier Foundation (EFF).Tarah and AJ discuss some of the ongoing challenges facing small businesses as they attempt to defend themselves and their customers against cyber threats. Of particular interest in this conversation, Tarah has some passionate thoughts about a new Federal Trade Commission (FTC) regulation regarding breach reporting that is set to go into effect in May 2024. You're definitely going to want to hear what she has to say on this!(Spoiler Alert: Things are about to get a lot harder for small businesses!)Lastly, as with all episodes of Unspoken Security, AJ asks his guests to reveal something they had never talked about before (something "unspoken"). Tarah struggled with this one a bit (partially because she already shared a great secret earlier in the show) before giving a very cool answer that led to AJ and Tarah planning a road trip together.What a way to finish the show!
In this episode of Unspoken Security (sponsored by ZeroFox), AJ Nash (VP & Distinguished Fellow of Intelligence, ZeroFox) and Lance James (CEO, Unit 221b) talk about leadership, corporate culture, work/life balance, and the challenges of processing grief and trauma in an industry that never really stops.This conversation goes beyond the superficial, digging deeper into the importance and impact of building a healthy and supporting culture around the needs of people instead of just talking about work/life balance while incentivizing prioritizing work over family and health (physical and mental).Lance and AJ each also share their personal stories of the tragic deaths of loved ones, how they grieved (in very different ways), and how the experiences changed them both personally and professionally. While there is no "right" way to grieve, these stories remind us that hardship is universal and we all benefit from knowing people who can empathize, understand, and support us when we need them most...especially during the holiday season.Lastly, as is customary on all episodes of Unspoken Security, AJ asks his guest to reveal something they had never talked about before (something "unspoken")...and Lance shares a great story that is sure to be interesting and amusing to anyone who hears it.
In this episode of Unspoken Security, AJ Nash and Janet Rathod - the Global Head of Cyber Threat Intelligence for Citi - talk about what people mean when referring to the career field of Intelligence. They explain what goes into becoming an Intelligence professional, different paths for entering and growing within the career field (HINT: it is more than just smart people who know how to use Google), and why organizations must stop thinking that someone successful in another security discipline can be a plug-and-play answer for building or leading an Intelligence team.Janet and AJ examine the skills needed to succeed in Intelligence, the importance of education and training, and why people from various backgrounds are so important to building successful Intelligence programs. Additionally, Janet talks about the concept of "intelligence failures" and digs deeper into some of the 188 different kinds of biases that all Intelligence Analysts need to know and overcome to deliver results that influence security decisions.Finally, as is customary with every episode of Unspoken Security, AJ asks Janet to share something from her career that has so far been unspoken...and she doesn't disappoint!
In this episode of Unspoken Security, AJ Nash and Errol Weiss - Chief Security Officer for the Health Information Sharing and Analysis Center (Health-ISAC) - talk about the importance of building diverse intelligence teams. They share their insights on the evolution of program and team building over the last decade (or more) and focus on how the exponential growth of hybrid and remote work as a result of the COVID-19 pandemic has changed our world. Errol and AJ dig into the challenges and opportunities of building geographically dispersed teams, starting with the interview process and going on to growing and mentoring people from afar, addressing and measuring productivity, burnout, and more. Perhaps most interestingly, Errol shares his opinion on how he sees things in the tug-o'-war of remote vs return-to-office (RTO) currently unfolding across our industry.Finally, as is customary with every episode of Unspoken Security, AJ asks Errol to share something from his career that has so far been unspoken...and it's a really interesting story you're going to want to hear!
In this first episode of Unspoken Security, AJ Nash and Neal Bridges explore the nuanced world of cybersecurity from a startup CISO's perspective. They get into the differences and similarities across various CISO roles, highlighting the unique challenges startups face. Neal, with his extensive background, offers insights into the evolving landscape of cyber threats and the role of human expertise amidst the rise of AI.The conversation also touches on the personal side of cybersecurity professionals. Neal candidly discusses the balance between work and personal struggles, including his fight against cancer. This blend of professional and personal discussion paints a holistic picture of life in the cybersecurity space.Lastly, the episode challenges the industry's status quo, questioning the effectiveness of traditional security measures like patching and compliance standards. Neal's forthright views on the maturity of the cybersecurity industry and the need for a reality check provide listeners with food for thought on the future of cyberdefense strategies.