WE'RE IN!

Ready to hear from top cybersecurity newsmakers, executives and storytellers? Eager for advice on how to launch a successful cyber career? Curious about hacking threats that seem to grow more menacing by the day? Get ready for Season 3 of WE'RE IN!Hosted by Synack's Head of Communications and longtime cybersecurity journalist Blake Thompson Heuer (Sobczak), WE'RE IN! takes you inside the brightest minds in cybersecurity for unique insights and colorful stories from the front lines of our digital transformation. Don't miss the latest season of this breakout podcast, sponsored by Synack!

The next generation of cybersecurity leaders have a vision for the future of cybersecurity. Facing advanced nation-state threats, the breakneck speed of tech innovation and a deluge of zero days, Lauren Zabierek is moving the dial on workforce diversity to tackle these challenges. Lauren, senior policy advisor for Cybersecurity and Infrastructure Security Agency and co-founder of #ShareTheMicInCyber, is also helping organizations “shift left” by integrating security principles into the innovation process.   Don't miss the latest episode of WE'RE IN! to hear Lauren's insights into why cybersecurity job descriptions are broken and how talking to everyday people can build the pipeline of cyber talent.----------Listen to learn more about: * Which cybersecurity story she'd like to see made into a Christopher Nolan movie* Why she believes “diversity is national security”* How she ended up with Ms. magazine bylines

Pentesting is in Jeremiah Roe's DNA. He has worked for a traditional pentesting consultancy, conducted clever physical penetration tests over the years (as documented in his episode on the Darknet Diaries podcast), and he now finds himself at the cutting edge of security testing as field CISO for North America at Synack.Jeremiah is a fan of escape rooms and brings his creativity and strategic thinking to some of the cybersecurity industry's toughest challenges. Don't miss the latest episode of WE'RE IN! to hear Jeremiah weigh in on topics such as:----------Listen to learn more about: * Budding API security challenges and how to address them* Techniques for transitioning from the armed services to a role in cybersecurity* How to think like an attacker to conquer high-risk vulnerabilities

The operational technology (OT) computer networks that support life as we know it are increasingly coming under threat. But despite the proliferation of malware aimed at critical infrastructure, Danielle Jablanski isn't running for the hills. As an OT cybersecurity strategist for Nozomi Networks, Danielle helps critical infrastructure organizations understand and prioritize digital risks, whether they stem from a lack of visibility into industrial environments or a sophisticated cyberattack from a foreign nation-state. Don't miss the latest episode of WE'RE IN! to hear Danielle's insights into industrial control systems (ICS) risk management, including the recently disclosed COSMICENERGY ICS-focused cyberthreat. ----------Listen to learn more about: * What makes the ICS security field “niche but not nebulous”* How Danielle's background in nuclear weapons policy informs her approach to cyber incident planning* Why so few critical infrastructure operators know where equipment with known vulnerabilities may exist on their networks* Hacking satellites in space

Application programming interfaces (APIs) are taking over the internet. APIs now make up 83% of internet traffic because they help applications communicate with each other via API calls. And they're a critical threat vector for companies. Corey Ball, author of “Hacking APIs,” saw the API takeover happening and realized there was a gap in security training and tactics. He founded APIsec University, which offers online courses to help level up the infosec community's API security testing skills. APIs are essentially direct links to a company's database, a valuable target for a malicious actor, and their flaws can be difficult to detect without proper documentation and thorough analysis. Security teams are just getting started tackling API security and Corey outlines how they can get started and which executives, including the board of directors, need to be aware of their API attack surface.  ----------Listen to learn more about: * His favorite API vulnerability * Why generic security scanners can't detect API security flaws * The future of API security

Power and energy security strategist Emma Stewart is always on the lookout for what's next in the U.S. electric grid, whether that be an influx of renewable energy or cyberattacks by malicious hackers. Her engineering background helps her understand how things work so she can break them to build them again, but stronger. Emma has announced she's joining Idaho National Laboratory as Chief Power Grid Scientist and Research Strategist in the lab's National and Homeland Security Directorate, putting her on the forefront of efforts to keep Americans' electricity networks resilient in the face of cyberthreats. Emma previously worked as Chief Scientist for the National Rural Electric Cooperative Association, which represents the nation's roughly 900 non-profit electric co-ops. Because rural infrastructure can lack the same level of funding or support compared to bigger electric companies, she often had to puzzle over how to fortify distributed resources from nation-state cyberthreats.----------Listen to this episode to hear more about: * How cyber mutual assistance programs can help level the playing field in the fight against adversaries * Emma's cancer survivorship * Takeaways from the S4 industrial cybersecurity conference in Miami Beach, where Emma was a speaker

As Chief Information Security Officer for NYC, Kelly Moan is on the front lines protecting New Yorkers from the latest cyberthreats. She juggles everything from implementing zero-trust security models to helping state agencies fend off sophisticated hacking attempts. Don't miss the latest episode of WE'RE IN! in which Kelly opens up about her professional history and shares tips for anyone interested in supporting their own communities through pursuing a career in cybersecurity. Her office has worked to foster the next generation of cyber talent through efforts like the New York City Cyber Academy program. “The really amazing thing about the profession in general is you don't need a degree,” Kelly says. “If you have access to the internet and you have access to a technology product like a mobile phone, a laptop– there's so much out there and open source that, if you really want to, you can start learning.”-------Tune in to hear more about: * Why cloud security is such a top-of-mind concern for CISOs * New York's first-of-its-kind Joint Security Operations Center* Kelly's approach to ensuring “diversity of experience” in the infosec field

Hacker Cris Thomas – better known by his old bulletin board system handle Space Rogue – has witnessed the infosec community grow from a hodgepodge network of hacking collectives to a multibillion dollar industry. Space Rogue was a member of the L0pht Heavy Industries hacker group that made its name poking holes in premier products from burgeoning tech giants like Microsoft and Oracle. Now Global Lead of Policy and Special Initiatives at IBM, he is also author of a new memoir recounting his experiences from the “magical hacker scene” of the 1990s, Space Rogue: How the Hackers Known As L0pht Changed the World. In the latest episode of WE'RE IN!, Space Rogue shares his side of the story from L0pht's influential May 1998 testimony before Congress, in which the hackers warned of glaring security vulnerabilities that remain relevant to this day. --------Tune in to hear more from Space Rogue on: * Tales from early meetings of the famous hacker quarterly 2600 * The value of college versus certifications for anyone seeking to launch an infosec career* The fragility of the modern internet

Morgan Adamski wants to talk to you about cyberthreats. As chief of the National Security Agency's Cybersecurity Collaboration Center, she's responsible for bringing highly sensitive threat information out from behind the walls of Fort Meade and onto the desks of defense industry leaders who can use it. In the latest episode of WE'RE IN!, Morgan shares how she helped build the CCC into a vital public-private conduit for cyber intelligence, rewriting existing NSA operating models along the way.“We knew that it was important to be able to have this type of direct engagement, because we knew the only way to really counter a nation-state actor is to get ahead of it,” Adamski said of the CCC's “fast and furious” history. --------Tune in to hear Adamski's thoughts on: * Strategies for getting more women involved in the cybersecurity field * The Biden administration's new National Cybersecurity Strategy* The importance of being part of something bigger than yourself 

In Nicole Perlroth's blockbuster 2021 book, “This Is How They Tell Me the World Ends,” the former New York Times journalist conveys cybersecurity experts' mounting anxiety about increasingly dangerous digital threats. From spyware to ransomware, the black market for cyber tools that skirt the law is lucrative and often poorly understood. Nicole points to catastrophic cyberattacks like NotPetya, a 2017 ransomware look-alike that attempted to obliterate Ukraine's critical infrastructure before causing billions of dollars in damages worldwide. But even with geopolitical tensions now at a fever pitch, Nicole, now a cybersecurity advisor and investor, explains why “mutually assured digital destruction” has so far helped stave off major attacks on U.S. critical infrastructure. ---------Also covered in the podcast: * The importance of educating board members about cybersecurity * What constitutes a cyber weapon* Why Nicole is optimistic about the future of ransomware

Hudney Piquant kicked off his cybersecurity career working for a startup out of a garage in Michigan. He has since uncovered critical vulnerabilities as a Synack Red Team member, joined Synack full time as a solutions architect and been honored with a Most Inspiring Up And Comer award by CyberScoop last fall. Tune into the latest episode of WE'RE IN! to hear Hudney share his insights into getting started with the Synack Red Team, the importance of mentorship in the cybersecurity community and his “sixth sense” that helps him to find creative workarounds for tough security challenges. ---------More topics covered in the podcast:* Why we haven't seen the last of the blockbuster Log4j vulnerability * The importance of applying an adversary's perspective on your networks* How to build trust among professionals skeptical of ethical hackers

In the latest episode of WE'RE IN!, Selena Larson shares insights into malicious hackers and scammers she's tracking as senior threat intelligence analyst for Proofpoint. Business email compromise, ransomware, sextortion, multi-factor authentication bypass techniques – dealing with the onslaught of modern cyberthreats “is very much like playing whack-a-mole,” she said. By unpacking attackers' motivations and psychological profiles, defenders can train themselves and their teams to avoid falling into common traps. -------More reasons you should listen: * Hear Selena discuss what makes threat intelligence actionable, versus extra noise for a SOC* Find out about an alarming cyber espionage campaign that recently targeted journalists* Learn why Selena despises evil TOADs – “telephone-oriented attack delivery” attacks

Philanthropist Craig Newmark is most famous for founding the classifieds site Craigslist nearly 30 years ago. But he's recently earned praise in the cybersecurity community for pledging $50 million in early 2022 to support a cyber civil defense initiative through his namesake philanthropy. On the latest episode of WE'RE IN!, hear Craig describe what he means by cyber civil defense and listen to his candid thoughts on everything from quantum computing to the dangers of state-sponsored disinformation campaigns. He also shares insights into the philanthropic strategy driving many of his contributions to the field of cybersecurity and continuing education.----------Tune in to hear more about: * Challenges in fostering collaboration across the cybersecurity community, from the White House to organizations like the Aspen Institute's Cybersecurity Group* How a “cybersecurity nutrition label” could empower consumers * Craig's participation in the Whole Earth 'Lectronic Link, one of the oldest virtual communities

Journalist Andy Greenberg is no stranger to the murky world of cryptocurrency. The senior writer for WIRED and longtime cybersecurity journalist was one of the last reporters to interact with pseudonymous Bitcoin founder Satoshi Nakamoto before they evidently ceased communications. In his new book, “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency,” Andy follows the gripping story of IRS special agent Tigran Gambaryan as he follows the money to zero in on some of the most mysterious and monstrous criminals in the cyber underground. -------Don't miss the inaugural episode of WE'RE IN! Season 2 to hear more from Andy on: * How Tigran joined forces with expert investigators and cryptographers to jettison misconceptions about the anonymity of major cryptocurrencies, exposing alleged criminal masterminds in the process* The genesis of successful crypto tracing and analysis firms like Chainalysis* The twisted motivations of those who founded infamous dark web emporiums like AlphaBay and Silk Road-------Links: * https://andygreenberg.net/* https://www.wired.com/* https://www.synack.com/* https://readme.security/

Ready to hear from top cybersecurity newsmakers, executives and storytellers? Eager for advice on how to launch a successful cyber career? Curious about hacking threats that seem to grow more menacing by the day? Get ready for Season 2 of WE'RE IN! Co-hosted by Synack security operations engineer Bella DeShantz-Cook and longtime cybersecurity journalist Blake Sobczak, WE'RE IN! takes you inside the brightest minds in cybersecurity for unique insights and colorful stories from the front lines of our digital transformation. Don't miss the latest season of this breakout podcast, sponsored by Synack! 

Application security maven Tanya Janca – AKA SheHacksPurple – is an accomplished author, pentester and onetime music festival organizer. But she's perhaps best known as the founder of We Hack Purple, a community of security professionals dedicated to sharing useful cyber information including coding trainings and coursework. (Dynamic application security testing Bright Security acquired We Hack Purple earlier this year, bringing its own approach to the “shift left” dilemma of moving cybersecurity earlier in the software development cycle.)Tanya has spent much of her career in cybersecurity and IT empowering others to strengthen their own skills. With We Hack Purple, she built a community from the ground up, and she's organized plenty of security talks and capture-the-flag tournaments along the way. Computer science can be a nebulous, wide-ranging field – Tanya has further helped people zero in on what they should focus on learning in the wide world of cybersecurity. -------Tune into the episode to hear more on: * The story behind Tanya's bestselling book, “Alice and Bob Learn Application Security” * The qualities that make a good pentester: “You have to be very determined and detail oriented,” as Tanya put it*  #cybermentoringmonday and the value of professional mentorship -------Links: * https://wehackpurple.com/* https://brightsec.com/* https://www.synack.com/* https://readme.security/

Melanie Teplinsky fell in love with cryptography at an early age, which led her to landing her first job at the National Security Agency at 16. From there, she found her niche in cybersecurity at the intersection of technology and the law. As a senior fellow at American University in the Law Tech, Law, and Security Program, Melanie helps craft cybersecurity policies that scale and attempt to solve big, societal problems. First, she has to understand how cybersecurity technology and models, such as zero trust, are implemented at companies and organizations of all sizes. Then, she applies those principles to existing laws and government mandates to understand the pitfalls and gaps. Between her early start in cyber and national policy-making, Melanie has a unique perspective to share with the infosec community. Listen to the episode to hear more about: * How cybersecurity policy can transform small- and medium-size businesses' approach to zero trust * Why protecting innovation efforts at universities and small companies is paramount for the cybersecurity industry* The positive outcomes from collaboration between the public and private sectors  Links: * https://www.wcl.american.edu/impact/initiatives-programs/techlaw/our-team/melanie-teplinsky/* https://www.atlanticcouncil.org/in-depth-research-reports/report/cybersecurity-for-innovative-small-and-medium-enterprises-and-academia/* https://www.synack.com/* https://readme.security/

Zinet Kemal is an infosec powerhouse. After emigrating from Ethiopia to Minnesota with her husband, she started her life over. She left behind her community and career as a lawyer and dived into the world of information security. She has since become a children's book author and works as a cloud security engineer for Best Buy, while raising her four kids and completing her master's degree in cybersecurity from Georgia Tech University. In the latest episode of WE'RE IN!, Zinet shares how she published two children's books during the pandemic, “Proud in Her Hijab” and “Oh, No ... Hacked Again!: A Story About Online Safety,” and about her work with Black Girls in Cyber.  Listen to the episode to hear more about: * How you can teach kids (and grandparents) about cybersecurity *Zinet's journey from immigrant to best selling author *The power of diversity in cybersecurity  Links: *https://zinetkemal.com/*https://www.synack.com/*https://readme.security/

Sean Zadig has plenty to be paranoid about. The internet is a frightening place, and Yahoo's Paranoids–the name for the company's infosec team–have their work cut out for them protecting Yahoo's more than one billion global users.As vice president, chief information security officer and “Chief Paranoid” for Yahoo, Sean is charged with keeping sensitive company data safe from an onslaught of cyberthreats, working collaboratively across all Yahoo's media and technology brands.In the latest WE'RE IN! episode, Sean speaks to the need for balance in security messaging and shares how he addresses risks like Log4j. It takes patience and finesse to build a strong culture of security in any organization, let alone a global tech and media company with thousands of employees. “It's important to not shame people, so you don't want to say, ‘how could you miss this?' Or, ‘what happened? Why, why did you commit that code?'” Sean says. “Instead, we use it as a learning experience.”  Tune in to discover how Sean keeps Yahoo on the right track and hear more about:* Yahoo's approach to bug bounties and pentesting* His unlikely path to security leadership– “It was never my career aspiration to become a CISO”* Sean's focus on examining what motivates the attackers targeting Yahoo every day Links: * https://www.yahooinc.com/technology/paranoids-blog/* https://www.synack.com/* https://readme.security/

Four years ago, Jack Rhysider quit his job as a security engineer to move full time into the storytelling business. His podcast, Darknet Diaries, now boasts tens of millions of total downloads and has explored cybersecurity topics from Stuxnet to the collapse of cryptocurrency exchange Mt. Gox.Building Darknet Diaries into a successful show was no cakewalk. In the latest episode of WE'RE IN!, Jack shares his experience putting on a great podcast, from ideation and guest selection all the way to monetization and fielding calls from Hollywood producers.“Don't think about how big of an audience you have,” he said. “You need to find the right person in your head, of who would love this show, and just deliver it to them in a great way.”---------Even if you're not a podcast creator, there are plenty of reasons to listen:* Glean Jack's insights into the creative process, including the importance of self-reflection and listening with “fresh ears”* Hear how he navigates constant deadline pressure while avoiding burnout* Learn the secrets behind the most suspenseful moments in any great story

Tracy Maleeff led a successful career transition into the tech and cybersecurity world nearly seven years ago. Now a security researcher with the Krebs Stamos Group, the former librarian still uses her hard-won open source intelligence skills to sort through a deluge of cybersecurity information for clients and for subscribers of her free InfoSecSherpa news roundups.In the latest WE'RE IN! episode, she speaks to the importance of having diverse perspectives at the table when it comes to cybersecurity and warns of a disconnect between tech hiring managers and HR departments.“Companies keep hunting for unicorns when they really just need to pay attention to the squirrels at the base of the tree,” Maleeff said.---------Here are a few more reasons to listen:* Discover Tracy's tips for breaking into the cybersecurity industry from other professions: She once helped a mechanic launch a career in pentesting* Learn how she's used Twitter to advance her own cybersecurity career* Hear about out her favorite episode of Keeping up with the Kardashians – and yes, there is an infosec connection!---------Links:* https://infosecsherpa.medium.com/* https://www.ks.group/* https://www.synack.com/* https://readme.security/

Beau Woods knows firsthand how every moment counts when it comes to medical cybersecurity. He launched his career in a hospital, where it wasn't always possible for doctors to punch in complex passwords or spare a second thought for cybersecurity. Beau went on to found I Am the Cavalry, a group of cyber ambassadors dedicated to improving the security of devices ranging from pacemakers to connected door locks.In his current role as senior advisor for the Cybersecurity and Infrastructure Security Agency, Beau helps fill gaps in U.S. cyber defenses by boosting organizations that may not have the resources or knowledge needed to secure critical connected equipment like insulin pumps.“If you can get ahead of things and help them to build better procurement processes, help them to identify more securable technologies that have better business models, that will have  greater longevity, then you can stop the flow of inbound, insecurable devices and – over the next decade or two – eventually that cyber hygiene tide line can rise,” he said in this episode of WE'RE IN!----------Here are a few more reasons to tune in:* Learn Beau's tips for making cybersecurity issues more engaging, from gamification to building empathy* Hear about his unconventional career path from psychology to security* Build awareness on the state of healthcare cybersecurity and CISA's role in government----------Links:* https://www.cisa.gov/* https://iamthecavalry.org/* https://www.synack.com/* https://readme.security/

Dragos CEO and founder Robert M. Lee has been talking about cybersecurity risks to critical infrastructure long before threats to utility operators and water plants were making headlines. In this episode of WE'RE IN!, he discusses the ongoing dangers to the grid from nation-state hackers and ransomware gangs, but also the progress the U.S. is making to better secure its most vulnerable assets. And there's also a great conversation about pay transparency that anyone working in infosec will want to hear.  A few more reasons to listen:*It's a candid and sobering interview with one of the world's leading experts on industrial cybersecurity.*You might be surprised how Dragos approaches pay transparency, hiring and job interviews. *Better understand how critical infrastructure operators should approach cybersecurity differently from enterprise technology.  Key quotes:* "If you are an oil and gas pipeline or a manufacturing company, and you haven't had ransomware scenarios at a board level with an understanding of what you're doing specifically in OT, your liability and your lawsuit is going to be bad."* "One hundred percent of our engineers are in the United States. We don't outsource anything where they're related to our product, because if we're deploying software into nuclear power plants and similar, I'd like control of the supply chain."* "We've been talking about cyber at a presidential, international leader, board level for a long time. But they never knew they needed to differentiate between IT and OT. And now they're realizing all the resources have been spent on the non-revenue generating side of the business and they're going, "Holy crap! What's our OT cybersecurity strategy?" Links:* https://www.dragos.com/* https://www.synack.com/* https://readme.security/

Jim Manico is full of opinions. The founder of Manicode Security has advice on how to use the OWASP Top 10, on secure coding and especially on the OWASP Application Security Verification Standard (ASVS). He has advice for people starting out in security and all around thoughts on what it means to be a decent person. Jim is definitely one of those! He's also an educator, author, investor and entrepreneur. There are so many reasons to listen to this episode. Here are just a few: * Hear from one of the leading educators focused on helping developers code securely. * Learn more about all the important projects and initiatives happening at OWASP.* Get Jim's perspective on how organizations can best implement DevSecOps.  Key quotes: * "Honestly, you shouldn't be basing a security program on the OWASP Top 10. The Top 10 is meant for one purpose only: awareness. This is not just my opinion. This is actually codified in the introduction of the Top 10."* "Being a decent human being, being a community supporter, trying to help people out, giving free talks: you can call it being a decent person, but it's also a good life and business strategy."* "Learn how to f-ing code. And you don't have to be an expert at it. You don't have to be a software engineer, but if you're an IT professional and you don't even understand the basics of coding, it's going to limit your capability because the best pentesters I know write scripts." Related links:* https://manicode.com/* https://owasp.org/www-project-top-ten/* https://owasp.org/www-project-application-security-verification-standard/* https://www.synack.com/

Alex Holden has a knack for tracking Russian cyber criminals. The Ukrainian-born cybersecurity expert understands what it takes to infiltrate ransomware outfits, learn their secrets and help organizations protect themselves against their tactics. Beyond that, his firm is responsible for detecting some of the biggest breaches in recent history. In this episode, Alex talks about his approach to tracking the world's most notorious criminal hackers, the current cyber threat in Eastern Europe and his own journey from Kyiv to the American midwest. Why should listen:* Get the inside story of how the Conti ransomware gang and other Eastern European cybercrime syndicates operate.* Hear about how the current Ukrainian War could shift the cyber threat landscape.* Discover how one of the leading threat intelligence researchers uncovered some of the biggest data breaches in history.Key quotes:* "Russia knows how to wage cyber warfare. And they continuously keep showing us that they can ... So I think Russia is in [a] very powerful position to flex their cyber muscle to do damage."* "We are watching a huge change in the cybersecurity threat landscape in Eastern Europe. Ukrainian cybercrime is not dead. They're still doing certain things in the western part of Ukraine. Some of them are moving into Eastern Europe ... The same is happening in Russia. Cyber criminals are afraid that the recent crackdown of the Russian government against them will continue." * "If you are at all interested in threat intelligence or in cybersecurity, I would recommend sitting down and reading [the Conti leaks] because you're going to see how the real criminals work, how they think, how they evolve and how the everyday gang works."Links:* https://holdsecurity.com/* https://www.synack.com/

There's a flood of cybersecurity news as a result of the Ukraine War as well as Washington's recent efforts to compel organizations to report cyberattacks to federal officials. In this episode, Trey Herr and Emma Schroeder of the Atlantic Council's Cyber Statecraft Initiative break it all down. They explore the consequences of an escalating digital battlefield in Europe, whether a hack could bring NATO into the war and strategies for creating more consensus within the tangled and complicated realm of cyber policy.  Why you should listen:* Understand what's at stake as cyber warriors do battle on both sides of the the Ukraine War. * Lean about some potential consequences of a destructive hack in Europe and whether that could even draw NATO into the war.* Hear what Washington is doing to obtain better insights and actionable intelligence that could improve cybersecurity defenses.   Key quotes:* "Cybersecurity generally is not a good state of affairs. So I think we are going to see some regulatory changes that make it much harder for certain classes of companies to operate because they've grown up around this inefficient system."* "The physical military invasion [into Ukraine] has not necessitated sophisticated cyber support from the Russians. What's been more important in the information space is misinformation [and] disinformation."*  "You've got a lot of [outside hackers] tripping over systems to try to find some kind of way in to do something. And the challenge is that's not really strategic. You don't have any of these groups plugged into the target selection and intelligence collection processes that Western agencies have."Links:* https://www.atlanticcouncil.org/* https://www.atlanticcouncil.org/programs/scowcroft-center-for-strategy-and-security/cyber-statecraft-initiative/* https://www.atlanticcouncil.org/thecybermoonshot/* https://www.synack.com/

Gabriella Coleman, a Harvard University anthropology professor, describes how she immersed  herself in hacker culture and eventually became embedded in the shadowy and mercurial world of Anonymous, the hacktivist collective she chronicled in her 2015 book, "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous." This is such a fascinating episode that explores the often misunderstood history of hacking and how many in this community went from outside agitators to mainstream security researchers.-------Why you should listen:* Get a better understanding of the history of Anonymous and the role it played in shaping online protests and whistleblowing.* Hear about some of the earliest hacking communities such as the free software hackers and efforts to archive their early writings and magazines.* Get an anthropological perspective on how hackers have evolved from the fringes of the tech world to among the most influential voices in cybersecurity.-------Key quotes: * "There's now a new narrative that there was a single founder of Anonymous, the trolls and the early hacktivists. And that's just wrong in terms of historical record."* "I'm not surprised that hackers were at the forefront of establishing the protocols for the security industry."* "The moment you cower, the moment you're not willing to speak up, that's the minute that I think ... the hacker spirit is dead and can't be effective in initiating change."-------Links:* https://www.synack.com/* https://gabriellacoleman.org/* https://datasociety.net/library/wearing-many-hats-the-rise-of-the-professional-security-hacker/

In this episode, Micah Hoffman talks about his career in Open Source Intelligence (OSINT) and the value it has for investigations, cybersecurity and understanding how information is weaponized. He also gets into strategies for safeguarding personal privacy in the face of increasing digital surveillance. This episode will have you thinking twice about what you post on social media!Why you should listen:* Hear from one of the leading Open Source Intelligence researchers working today.* Learn about the value of OSINT for offensive and defensive cybersecurity.* Get a better understanding of all the privacy risks from fitness trackers, apps, shopping online and social media.  Key quotes:* "OSINT is a reconnaissance skill. It's all about that preparation work that needs to be done before you do anything in cyber, whether it's attacking or defending."  * "Once things are on the internet -- or once things are even collected, not necessarily on the internet -- you've lost control of it."* "The reality is that we give up our privacy every single time we use an app, every single time we choose to purchase something."Links:* https://www.spotlight-infosec.com/* https://osintcurio.us/* https://www.synack.com/

Nicolas Chaillan, former Air Force Chief Software Officer, resigned from the DoD over frustrations with what he called a lack of innovation, collaboration and agility. He gets into those issues and talks about how the U.S. can invest more in technology to compete with China in artificial intelligence and cybersecurity.  ---------Why you should listen:* Nicolas offers a candid and controversial view of the military's approach to the growing technological threat from China.* He outlines his view for a Pentagon that is more agile, collaborative and competitive. * Hear from a former DoD insider about some of the institutional barriers that can hinder innovation and software advancements.  ---------Key quotes:* "In 10, 15, 20 years from now, America as we know it and the value we have and the freedom we enjoy will be at risk of going away if China dominates in AI like they are doing now."* "TikTok is effectively an intelligence weapon of China on US citizens right now."* "We don't see a lot of training and implementation of Agile at all in the DoD, which really leads to the inability to move at the pace of relevance and tremendous waste of taxpayer money."---------* https://www.synack.com/* https://www.linkedin.com/in/nicolaschaillan/* https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-chaillan/* https://ama.preventbreach.com/register

In this episode, Phillip Wylie talks about his journey from pro wrestling to pentesting and what motivated him to start teaching, mentoring and giving back to the infosec community. It's an inspirational story for veterans in the field and newbies alike. Phillip not only talks about his work helping others get started in ethical hacking, but the value of truly understanding the mind of the adversary. -------Why you should listen:* Phllip's story is both educational and inspirational -- worthwhile for anyone interested or involved in cybersecurity. * Learn something from one of the most prolific cybersecurity speakers and educators. * Get a better understanding of ethical hacking and the value of offensive security testing.-------Key quotes:* "Once you learn how to pentest, your whole world changes."* "For people that have been in the industry for a while, listen to the new folks. I learned a lot from my students."* "If you can help people succeed, that's even more rewarding than personal success."-------Links:* www.synack.com* https://twitter.com/PhillipWylie* https://www.youtube.com/c/ThePwnSchoolProject* https://www.itspmagazine.com/the-hacker-factory-podcast

Kim Zetter is a former staff writer at WIRED and author of the seminal cybersecurity book “Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.” Her work has appeared in The New York Times, POLITICO, The Washington Post and regularly in her Substack newsletter, “Zero Day.” In this episode, Kim talks about her approach to reporting, what sparked her Stuxnet investigation and how the discovery of that malware fundamentally altered our global cybersecurity conversation.Why you should listen:* Hear from one of the most influential and knowledgeable journalists writing about cybersecurity today.* Get her take on some of the biggest security stories of 2021 such as Colonial Pipeline and the Pegasus Project.* Learn more about the key policy debates around election security and critical infrastructure protections.Key Quotes:* “Stuxnet really helped shine a light on industrial control systems as a target.”* “We focus too much on the stuff that makes the headlines and completely ignore the innocuous things that you're downloading onto your phone .... Those things are spying on you, as well.”* “The Obama administration was the first administration to [make] cyber a priority, but they didn't really put critical infrastructure as a priority in the sense of using the government's weight to force security on critical infrastructure. We're actually only seeing that in this last year … in the wake of Colonial Pipeline.”* “When we saw Russia trying to interfere in 2016, that woke up DHS that someone, somewhere needed to have some kind of influence over election officials.”Links:* www.synack.com* https://zetter.substack.com/* https://www.nytimes.com/2018/09/26/magazine/election-security-crisis-midterms.html

Defense Digital Service Acting Director Katie Olson heads up a team of about 80 technologists working on some of the toughest challenges facing the U.S. Department of Defense. Since Katie started leading the team, often called the Pentagon's “SWAT team of nerds," it has increasingly focused on the threat from drones, cybersecurity risks in space and the consequences of climate change. In this episode, Katie talks about this cutting-edge work, how DDS helped the Pentagon reduce the impact of COVID-19 and what big issues her team will tackle next. -------Why you should listen:* Learn about some of the most cutting-edge work going on inside the Pentagon.* Better understand emerging threats such as drones and risks associated with climate change.* Hear how DDS helped the military rapidly deploy technology to reduce the spread of COVID-19.-------Key Quotes:* "What I've seen shifting in my time here is making security researchers the good guys."* “Facilitated by the pandemic, we are seeing just increased awareness and attention to cybersecurity.”* “It would be better for us to check our defenses first before we have some kind of major breach.”*  “For those white hat hackers who want to contribute to national security, [there's] a huge opportunity.”-------Related Links:www.synack.comhttps://www.dds.mil/https://www.synack.com/blog/3-years-of-hack-the-pentagon/https://www.usds.gov/projects/hack-the-pentagon

Earlier this year, the Electronic Frontier Foundation named Matt Mitchell, founder of CryptoHarlem, one of its 2021 Pioneer Award winners for his groundbreaking work to protect Black communities from surveillance. In this episode, Matt talks about what led him to apply his hacking skills to social justice causes and how that led to his role today as a Technology Fellow for the BUILD program at the Ford Foundation. Matt also discusses what Twitch can do to safeguard creators and the steps anyone can take to better protect themselves online. --------Why you should listen:* Hear from a hacker working on the frontlines of today's most important racial justice issues.* Better understand the state of digital surveillance in Black communities.* Hear about what steps platforms such as Twitch can take to better protect creators.* Learn the three things everyone online should do to better protect themselves on the internet.* Discover where “Mr. Robot” placed an elusive CryptoHarlem Easter egg.--------Key Quotes:* “It's really about taking the skill that we have and applying it toward something bigger than yourself.”* “Under the lens of a surveyor, who's always looking for wrongs, you'll find what you're looking for all the time.”* “We sometimes confuse public safety with surveillance.”* “I'm pretty realistic. If you look at the number of cyberattacks that came from sticky notes on personal computers, it's zero. But don't put a sticky note on the nuclear codes.” --------Related Links:* Synack.com* https://www.cryptoharlem.com/* https://www.fordfoundation.org/* https://calyxinstitute.org/

Alyssa Miller, Business Information Security Officer at S&P Global Ratings and author of the forthcoming book, “Cyber Defenders' Career Guide, is one of the most provocative, unfiltered and interesting voices in the cybersecurity community. She's essential reading on infosec Twitter and a regular draw at conferences around the world. In this episode, she dives into all sorts of issues in the cybersecurity community, from incoherent job postings to a lack of diversity—she covers it all. Tune in to find out how you can best address these problems and also learn how to reach out of your comfort zone and forge your own path to success. --------Why you should listen:* Figure out why most cybersecurity job postings “suck” and how the industry can help fix the issue.* Learn how to address key issues that come up during a cybersecurity job hunt.* Identify how to maximize opportunities for personal growth and realize your potential in the infosec community.* Understand how to be a better ally to underrepresented groups in the cybersecurity community.* Hear about the value of diversity and inclusion in cybersecurity. --------Key Quotes:* “Read the narrative at the beginning of the job description. If that sounds like something you can do and something you can learn and grow in, apply. The very worst thing they can do is tell you no."* "The difference between you experiencing success or not is in how you respond to opportunities. Do you take those moments and go after them or do you let them go by the wayside."* “If we want to be better at cybersecurity, having diversity matters.”* "You don't get diversity of thought by having 20 heterosexual white males sitting in a room talking about how to build cybersecurity defenses."--------Related Links:* Synack.com* https://www.synack.com/lp/cloud-security-solutions/*https://twitter.com/AlyssaM_InfoSec?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor* https://alyssasec.com/

In this episode, Stephanie Wong, head of Google Cloud Developer Engagement, explores Google's security culture, why it conducts “blameless” postmortems after security testing and how it's working to dispel lingering misconceptions about the cloud. She also talks about her journey in Silicon Valley and how her experiences winning pageants such as Miss Asian North America 2020 helped her become one of today's most visible technology content gurus. Why you should listen:* Learn how to build an effective cybersecurity culture within your organization.* Get the inside scoop on the security precautions that Google takes with its physical data center.* Hear about what Google is doing to overcome misperceptions about cloud security.* Figure out how to conduct security postmortems the Google way. * If you don't know about the "pancake principle," you'll find out why it matters, and how it can work for you. Key Quotes:* "It's become really clear that remote work will be a very defining characteristic of the new normal and modernizing security is going to be imperative."* "Our teams are really horrified by network-based security because network-based security is hackable, even with two factor authentication."* “It's all about empowering [users] so that they can be the ones to flag suspicious activity, websites, and phishing in emails."* "Being in Silicon valley, we're often in a bubble where we assume that a lot of people already understand the value of [the cloud] and how it can actually increase your security posture overall."* "It's all about blameless postmortems and a blameless culture. No pointing fingers. If something goes wrong, it's all about how can we improve it." Related Links:* Synack.com* https://www.synack.com/lp/cloud-security-solutions/* https://twitter.com/stephr_wong * https://bit.ly/2Vkckh5 (Stephanie's Youtube Page) * https://www.stephrwong.com/about

Cory Doctorow, activist, journalist, and author who wrote the influential Little Brother cyberpunk series, gets into some big issues like surveillance capitalism and his work with the Electronic Frontier Foundation. He doesn't hold anything back.--------Why you should listen:* Hear from one of the smartest and most engaged technologists today on how technology can be used both for malicious purposes or for good.* Consider how bias can be built into code and have real-world implications. * Listen to Cory's view on tech monopolies and his proposals for reversing their power over users and the internet more broadly.* Better understand why independent security research might seem counterintuitive to many people. * Hear the author of one most influential cyberpunk series discuss the origins of his latest book, Attack Surface.--------Key Quotes:* “Wishful thinking isn't going to solve real-world technical security issues.”* “It's so important that we build safeguards against our own frailty.”* “Tech has become a kind of dangerous monoculture ...technologically dangerous because a breach or a defect in a system has consequences for hundreds of millions, if not billions of users.”* “Monopoly is a really bad tool for protecting privacy because monopoly only protects privacy where privacy is in the interests of the monopolist.”* "We should hold everyone to account for being good privacy actors by having a privacy law -- a real, no fooling privacy law."* "One of the things that we need to take consideration of is that the security apocalypse is here. It's just not evenly distributed."--------Related Links:* Synack.com * https://www.linkedin.com/company/synack-inc-* https://twitter.com/synack* https://craphound.com/* https://pluralistic.net/* https://twitter.com/doctorow

In this episode, Nick Merrill, a research fellow at the UC Berkeley Center for Long-Term Cybersecurity, makes a cybersecurity case for nationalizing major CDNs such as Cloudflare, issues some pretty stark warnings about the dangers of machine learning, and digs into why stereotypical images of hackers in hoodies doesn't help anyone. His viewpoints are sobering if not controversial and worth listening to for anyone who cares about the future of the global internet. ---------Why you should listen:* Get a fresh perspective on some of the biggest risks to the global web: unchecked algorithmic bias, the risk of attacks on massive CDNs, and the growing internet fragmentation.* Consider some of the boldest ideas from one of the sharpest thinkers when it comes to how policymakers can make fundamental changes to protect the internet.* Hear Nick's take on why art matters in cybersecurity -- and why stereotypical images of hackers in hoodies harm the public's perceptions of information security. * Learn more about Fairness, Accountability and Transparency in Machine Learning and the growing movement to look more critically at the hidden algorithms that control the internet and much of technology today. * Consider how ransomware takedowns and other large-scale cyberattacks such as Colonial Pipeline erode public trust in technology.* Get a better understanding of why diversity in the cybersecurity industry matters when it comes to identifying real-world threats.---------Key Quotes:* “That power over the internet is like a huge strategic asset for the U.S. It's analogous to controlling global trade.”* “Imagine a Stuxnet level attack on Cloudflare.”* “I would nationalize Cloudflare. I would make it like a national publicly-run utility company.”* “This word ‘hacker' got so diluted. It means different things to different people. And it became this totally useless way for describing what's actually happening in security.” * “The future of cybersecurity … is the future of machine learning.”* “The real risk of ransomware is just that it freaks people out.” ---------Related Links:* Synack.com* https://nickmerrill.substack.com/about* iSchool (Berkeley) Bio* https://www.synack.com/lp/enterprise-security-testing-101* https://cltc.berkeley.edu/* https://daylight.berkeley.edu/* https://www.codedbias.com/* https://www.fatml.org/

Ryan Rutan has worked in tech support, as a computer repairman, application developer, software engineer, entrepreneur, and head of community…and most recently, fiction writer. Listen to this episode to hear what inspired Fork This Life, a novel that follows the life of a teenager growing up with the early internet of the 90s who eventually gets into hacking, and how it relates to today's cybersecurity challenges.--------Why You Should Listen:Hear about Ryan's approach to hacking the fiction writing process.* Get the inside story of how working in tech support informed Ryan's career in cybersecurity. * Nerd out on nostalgia about the nineties tech scene.* Pick up tips for developing your creative voice.  * Get tips for how you can help spread a culture of good security hygiene. --------Key Quotes:* “I'm a technical person, therefore I create.” * “I need a computer but why? I want to get online, but why? Everyone knew they needed it and wanted it but they didn't know why.”* “The people who know and understand what it means to keep things secure... It's incumbent upon them to pay if forward as much as possible.” * “Security back in the 90s.. your death was going to come from a swift sledgehammer to the head...now it's death by a thousand cuts from a million different websites.” --------Related Links:* Synack.com* https://www.synack.com/lp/enterprise-security-testing-101/* Forkthislife.com* https://twitter.com/ryanrutan

In this episode, Girl Security CEO Lauren Bean Buitta discusses the importance of supporting, encouraging, and training girls for careers in cybersecurity. She gets into why it's so critical to create — and protect — pathways for young women in order to build a more diverse industry, and why that really matters when it comes to making tough national security decisions that affect the entire population. She also describes her journey into security, and what led her to start Girl Security in the first place. ----------Why You Should Listen:* To better understand the value of gender diversity in cybersecurity.* Learn how to create trauma-informed programming that builds trust and understanding.* Discover how you can help develop new pathways for underrepresented cybersecurity talent.* Hear Lauren's take on how identity can inform security decisions.----------5 Key Quotes:* “Everyone's identity has a place in a discussion about national security because it's the most consequential field in the world.”* “What we are seeing in in our country is evidence of how long it takes to uproot any kind of systemic discrimination.”* “We are cultivating a generation of girls and women who will hopefully be more well represented in the short, near and long term and we hope that that results in more equitable national security policies of which cyber is so crucial”* “Girls and women from childhood live in a world in which they are taught to fear everything … and we do a really good job at keeping ourselves secure.”* “We don't know what a national security field would look like where there's gender parody. What would national security look like if women were co-equally represented? I want to see what that world looks like.”----------Related Links:* Synack.com  * https://www.synack.com/were-in-synack-podcast/* https://www.girlsecurity.org/about* https://www.linkedin.com/in/lauren-bean-buitta/* https://www.synack.com/trust-report/* https://www.synack.com/lp/enterprise-security-testing-101/

In this episode, author, hacker, entrepreneur, and content creator Alissa Knight reveals her journey from “bullied computer nerd” to federal cybersecurity contractor to famed car hacker. She gets real about the risk of APIs, offers up some must-hear advice for anyone getting into cybersecurity, and delivers candid views about the infosec industry as a whole. -------Why you should listen:* Get inside the head of one of the most provocative and interesting cybersecurity influencers today.* Hear about her work with federal agencies to help secure the future of transportation.* Learn more about the urgent need for better Application Programming Interface (API) security.* Get new insights into the growing threat to health care organizations and financial institutions.* Hear Alissa's take on how cybersecurity companies can improve their approach to content and marketing.-------Key Quotes: * “I care more about the adversary that can hack my car from her living room. I care more about the hacker that can take remote control of my car that I'm driving around in my family with, from anywhere.”* “Okay. Yes. I can take remote control of this vehicle. I can move the steering wheel. I can push the brakes.”* “You would be shocked if I told you how endemic [it is in] the industry to hard-code not only tokens, keys, and credentials like usernames and passwords and to apps for their own APIs, but also third-party APIs like payment processors.”* “The plumbing for our entire financial system and healthcare system is APIs...that data is worth more than oil, right? So hackers are shifting their attention to hacking APIs.”-------Related Links:* Alissa Knight's Twitter: @alissaknight * Knight Ink Media: ​​https://knightinkmedia.com/* Alissa Knight's Website: https://www.alissaknight.com/* Official Trailer: Law Enforcement Vehicle Hack: https://www.youtube.com/watch?v=Soj3P3S3i_o* Synack Website: Synack.com * Synack Trust Report: https://www.synack.com/trust-report/* Jeremiah Roe's Twitter: ​​@c1ph3rflux* Bella DeShantz-Cook's Twitter: @bellarosedc* Black Hat Events: https://go.synack.com/black-hat-events-2021

Why you should listen:Hackers are targeting critical infrastructure and there's an urgent need for smarter cybersecurity defenses to protect Operational Technology. The best practices to defend against attacks on utilities.Why there is no such thing as “taking down the whole US grid.”Five Key Quotes: “How can you secure what you don't even know you have? If you don't even know what you have down to some level of detail...you're not going to be in a good position to defend it.”  - Andy Bochman “The most senior person with the word cyber in their title ideally is at least at the VP level.” - Andy Bochman “You have to not only understand how the attacker can gain access to your network but ultimately gain access to the accounts that are most valuable – where are those crown jewel accounts?” - Sarah Freeman“IT and OT needs to be merged …the problem is cyber is here to stay and everybody needs to take part in this security process.” - Sarah Freeman“The government is most interested in who conducted the attack... The fact that there are two parties here with differing interests is a core issue.” - Sarah FreemanRelated Links:Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE) 1st Editionhttps://hbr.org/2018/05/internet-insecurityhttps://medium.com/cxo-magazine/the-missing-chief-security-officer-11979a54fbf9https://www.synack.com/LinkedIn: Andy BochmanSarah FreemanTwitter:@andybochman

News about cyberattacks and data breaches is relentless and overwhelming. We're drowning in stories about ransomware and the latest digital threats. But we don't hear enough about the people fighting on the frontlines of information security, the researchers making us more secure and the pioneers doing the hard work to fix today's cybersecurity crisis. We launched WE'RE IN! to tell those stories. You'll hear directly from hackers, security pioneers and technologists working in the trenches of cybersecurity. They'll share their strategies, tactics and solutions for today's tough problems. We'll also go inside the cybersecurity community to talk about the issues and challenges in the industry. You'll hear from some of the most prominent, interesting and provocative people in the field about their journeys in this community, and what it's like on the inside.WE'RE IN! is for anyone who cares about cybersecurity. It's for anyone who wants to go beyond the headlines. It's for anyone who wants to drive change. We're all facing the cybersecurity dilemma together -- and together we can solve it. Join the conversation on WE'RE IN!