Podcasts about aj yawn

Blake and David meet up with AJ Yawn, partner at Armanino LLP, about Armanino's new tool, Audit Ally, which streamlines and automates SOC 2 audits. They discuss the growing trend of tech companies entering the audit space and commoditizing services like SOC 2 audits, and explore how Audit Ally aims to help accounting firms compete on price and quality by utilizing AI and machine learning.Meet Our Guest, AJ YawnLinkedIn: https://www.armanino.com/company/people/aj-yawnLearn about about Audit Ally Need CPE?Get CPE for listening to podcasts with Earmark: https://earmarkcpe.comSubscribe to the Earmark Podcast: https://podcast.earmarkcpe.comGet in TouchThanks for listening and the great reviews! We appreciate you! Follow and tweet @BlakeTOliver and @DavidLeary. Find us on Facebook and Instagram. If you like what you hear, please do us a favor and write a review on Apple Podcasts or Podchaser. Call us and leave a voicemail; maybe we'll play it on the show. DIAL (202) 695-1040.SponsorshipsAre you interested in sponsoring the Cloud Accounting Podcast? For details, read the prospectus.Need Accounting Conference Info? Check out our new website - accountingconferences.comLimited edition shirts, stickers, and other necessitiesTeePublic Store: http://cloudacctpod.link/merchSubscribeApple Podcasts: http://cloudacctpod.link/ApplePodcastsYouTube: https://www.youtube.com/@TheAccountingPodcastSpotify: http://cloudacctpod.link/SpotifyPodchaser: http://cloudacctpod.link/podchaserStitcher: http://cloudacctpod.link/StitcherOvercast: http://cloudacctpod.link/OvercastClassifiedsWant to get the word out about your newsletter, webinar, party, Facebook group, podcast, e-book, job posting, or that fancy Excel macro you just created? Let the listeners of The Accounting Podcast know by running a classified ad. Go here to create your classified ad: https://cloudacctpod.link/RunClassifiedAdTranscriptsThe full transcript for this episode is available by clicking on the Transcript tab at the top of this page

From a Division 1 college athlete to a US Army officer to cybersecurity company founder to now a partner at a Top 20 CPA firm, AJ Yawn has experienced as many setbacks as successes. AJ has been recognized as a LinkedIn Top Voice in regard to mental health and is joining us today to talk about taking care of your mental health, lessons he's learned from founding a start-up company and how he landed a role as a partner in an accounting and business consulting firm despite not having either in his background. When AJ decided he wanted to separate from the military, the first person he called was his dad. His father had built a career in the US Marine Corps and gave some great advice to his son. He told him he needed an exit plan and at least 18 months to transition effectively. With both a master's degree and the rank of captain, AJ was confident he could get a job right away. His dad challenged him to apply for a few jobs and test the waters. No one emailed or called him back. He knew that his dad was right and spent 2016 focused on earning certifications, networking and translating his military skills to the civilian sector. His hard work paid off, and he landed a great job coming out of the military. In addition to overhauling his resume, AJ believes the certifications he earned helped him gain legitimacy with hiring managers. With so many certification options, AJ researched job postings to learn which credentials were critical to land a role in his chosen field. Looking at job postings 18-24 months before leaving the military can have a huge impact on the way you prepare for your transition. While a senior in high school, AJ was recruited to play Division 1 basketball for Florida State University. After breaking both of his ankles and losing his D1 scholarship, AJ was still determined to earn a degree from FSU. Looking for a new identity, AJ made the decision to become an officer through ROTC. AJ has no regrets about joining the US Army and credits his service to his ability to lead. Even during trials, AJ holds a firm belief that all of the good and bad experiences of life are for the benefit of his growth. It was only after starting his own business that AJ began to focus on his mental health. He regularly meditates, reads and takes time for himself. Sharing his knowledge and experiences on LinkedIn, he has empowered other people to make positive lifestyle changes. In the same way that someone trains physically for a marathon, AJ believes mental health should be worked on daily. AJ started his own cybersecurity company, ByteChek, and credits the lessons learned from that experience to helping him land a partner role in a Top 20 CPA firm. AJ is not a CPA and did not major in business. People often think starting their own business will alleviate the pressures of working for someone. As a business owner, you work for your employees, customers and investors. AJ championed the SkillBridge program and brought on several interns to gain experience in the industry. He encourages other companies to offer the SkillBridge internship. In this unique program, the company does not have to pay the service member and is essentially able to try out a potential employee for up to 6 months. On the flip side, the service member gains valuable experience. Subscribe to our YouTube channel at https://tinyurl.com/llforvets22. You can connect with AJ on LinkedIn at: https://www.linkedin.com/in/ajyawn/.SUBSCRIBE & LEAVE A FIVE-STAR REVIEW and share this with other veterans who might need help as they transition from the military!

As a Founder, it's easy to get lost in the day-t0-day chaos of growing your startup. Often, you end up taking shortcuts and sacrificing the well-being of yourself and your team — to the detriment of your company as a whole. Our guest today, AJ Yawn, Founder and CEO at ByteChek shares detailed suggestions on how to build a strong company culture and how you, as a founder, can optimize your mental health to set yourself up for success. Join as we discuss: Culture — why focusing on it early pays off with your teamThe 32-hour work week and the impact it has had on ByteChek's culture and productivity The importance of self-care — mental well-being and other healthy habits for foundersIdeas for a winning morning routine to set your day up for success

Breaking: US unseals three cases against Chinese intelligence officers. CISA says Daixin Team ransomware is an active threat. The FBI warns of Iranian threat group's activity. Meanwhile the Iranian nuclear agency says its email was hacked. Norway is concerned about threats to oil and gas infrastructure. A drop in ransomware correlates with Russia's hybrid war. Ann Johnson from Afternoon Cyber Tea speaks with AJ Yawn from ByteChek about breaking into the cybersecurity industry. Josh Ray from Accenture describes threats to the satellite industry. And cyber offense may be proving harder than thought. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/204 Selected reading. CISA Alert AA22-294A – #StopRansomware: Daixin Team. (CyberWire) #StopRansomware: Daixin Team (CISA) CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware (The Hacker News) Iranian Cyber Group Emennet Pasargad Conducting Hack-and-Leak Operations Using False-Flag Personas (FBI) FBI warns Iranian hackers active ahead of the U.S. midterms (NBC News) FBI Warns of Attacks From Iranian Threat Group Emennet Pasargad (Decipher) Iran Hackers Behind Attempt on US Election Are Still Active (Gov Info Security) FBI warns of ‘hack-and-leak' operations from group based in Iran (The Record by Recorded Future) Iran's Atomic Energy Agency Says Its E-Mail Server Was Hacked (RadioFreeEurope/RadioLiberty) Iran says ‘specific foreign country' behind hacktivist leak of atomic energy emails (The Record by Recorded Future) Iran's Top Nuclear Agency Says Its Email Servers Were Hacked (Bloomberg)  Ukraine Could Still Face Cyberattacks, Experts Say (CNET) Fears over Russian threat to Norway's energy infrastructure (AP NEWS) Norway PM: Russia poses ‘real and serious' cyber threat to oil and gas industry (The Record by Recorded Future)  Ukraine war cuts ransomware as Kremlin co-opts hackers (The Telegraph)  Q&A: Kenneth Geers on the cyber war between Ukraine and Russia (The Record by Recorded Future)

CHECK OUT https://www.bytechek.com/ Buy Courses at https://bit.ly/firsttriptoAfrica Book Time https://linktr.ee/kellenkash --- Send in a voice message: https://anchor.fm/diversifiedgame/message Support this podcast: https://anchor.fm/diversifiedgame/support

AJ Yawn, Co-Founder and CEO at ByteChek, and a Founding Board Member of the National Association of Black Compliance and Risk Management Professionals, joins Ann this week on Afternoon Cyber Tea to unpack this issue. With more than 700,000 open cybersecurity jobs in the US alone, the cyber industry faces a critical talent shortage. Yet, with this opportunity, many still find it challenging to break into the industry. Ann and AJ discuss the importance of sourcing from broader pools of talent, what skills business leaders should really be looking for, programs and communities that people looking to get into cyber security should be aware of, and how AJ thinks we can drive awareness of the wide variety of roles available in the industry.   In This Episode You Will Learn:       Specific qualities and mindsets that lead to a successful career in cyber  Why it's essential to attract more diverse talent  How someone early in their career can market themselves to potential employers     Some Questions We Ask:      What specific courses or certifications are essential for people to be thinking about?  How can the education system prepare people for careers in cyber?  Why have employers had such a high bar of entry into their cyber programs?     Resources:     View AJ Yawn on LinkedIn  View Ann Johnson on LinkedIn       Related Microsoft Podcasts:                   Listen to: Uncovering Hidden Risks    Listen to: Security Unlocked     Listen to: Security Unlocked: CISO Series with Bret Arsenault           Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of The CyberWire Network.    

Andrew Alaniz, Director of Technology & Risk at Freddie Mac, joins me on a journey through the essentials of cybersecurity leadership. With years of experience in the industry, I picked Andrew's brain on what leadership really looks like, and how it differs from being a manager. Focusing on empathy and understanding for the people we lead, Andrew explains how to earn trust from the people around you, inspire collaboration between employees in remote work settings, and create safe spaces where no one has to leave “life” at the office door.    Timecoded Guide: [00:00] Connecting with the people behind cyber technology [05:22] Starting a cyber career with less barriers to entry [14:35] Building empathy and earning trust as a leader [21:52] Cyber career burnout and employee safe spaces [31:59] Actions speaking louder than words when leading employees What is the importance of empathy in leadership? Many people want to be a better leader in their workplace, but Andrew understands that a true leader leads with empathy. Real leadership cannot be earned from a place of selfishness and real trust can't be bought. Understanding others, caring about their lives, and opening yourself up to be a safe space builds the foundation of trust and empathy between you and the people you're leading. There is no “hack” to better leadership or a stronger team performance. Better performances are born from knowing your team and caring about them as employees and as people, with rich lives inside and outside of work.  “I think that empathy is maybe the utmost requirement for an effective leader. You can take trust, you can buy trust, and you can earn trust. The only way trust is sustainable is if it's earned, and empathy is really essential to that.”   When people think about work-life balance, especially in cyber, what does that mean? The concept of work-life balance has become a daily conversation for leaders around the world, and Andrew encourages us to rethink what we may see as a balance. While everyone deserves a life outside of work, life doesn't end when you've stepped inside an office or logged onto your computer for the day. A balance needs to happen and life outside of work has to be respected, but employees shouldn't feel afraid to be open about their lives during the workday. Instead, everyone on your team should feel empowered and respected to do their jobs without carrying the baggage of work home with them, or feeling the stress of not being able to share their lives with their coworkers when they're at the office.  “[Leaders have to] empower our teams to feel safe about that work-life balance. I think that's important. There's a lot of places where there's a fear of, ‘I've got to keep life separate,' but the reality is, you can't.”   Do you think it's on the leaders to have visibility into their employees' lives and to help manage burnout?  Everyone in cyber fears losing an employee or even their own job success to burnout. However, career burnout is preventable and Andrew wants leaders to know that they can help prevent it. We didn't get to the staffing gap we're in today without leaders and managers pushing employees too hard for too long. Taking us back to the concept of empathy, Andrew explains that he wants his people to feel empowered and encouraged to do what they need to do to thrive at work. Adopting a “Yes, but” approach helps Andrew and his team acknowledge that there are sacrifices that have to be made in order to take on more projects without ruining work boundaries or causing employee burnout.  “Customer service is one of my top priorities. Quality is my second priority, but we're going to be a culture of ‘Yes, but.' ‘Yes, but,' is the idea that, yes, I can absolutely get to that, but right now it's going to take me two weeks to get to it, or whatever that may be.”    Where do you sit in the debate between remote work and the return to offices? Remote cybersecurity positions increased tenfold during the COVID-19 pandemic, but many employees are now seeking a return to the office or a hybrid working position for their employees. Considering he's a director himself, I was curious as to how Andrew views security professionals working remotely. According to Andrew, we don't have to head back to the office yet (or ever) if we don't want to, but we do have to encourage remote collaboration and personal connection between our employees and ourselves. Taking advantage of Zoom, Teams, and chat channels like Slack from a less professional standpoint might open up the opportunity for employees to talk just like they would in an office— sometimes about work, but other times about life, events, or new ideas.  “There's a difference between remote work and remote collaboration. A lot of companies have remote work down, but remote collaboration is completely different. People accidentally collaborated constantly in the office.” --------- Links: Keep up with our guest, Andrew Alaniz, on LinkedIn. Connect with AJ Yawn on LinkedIn and Twitter Follow ByteChek on LinkedIn and Twitter, or learn more about ByteChek on their website Listen to more from the Hacker Valley Studio and To Comply or Not to Comply

Danny Ortiz and Manny Larcher discuss life, family, money, creativity, relationships and sports. They are helping individuals grow holistically and creating a Platform to share true authentic stories with others. Email us at:  itsbiggerthanbusiness@gmail.com

I invite Val Dobrushkin, Director of Risk & Compliance at Noname Security, into the studio this week to tap into his openness and transparency around his role as a security leader and his personal mental health journey. As compliance professionals, Val and I cover the technical side of his career, including his opinions and experiences with SOC 2, ISO, and GRC. As friends, Val and I dive deep into the difficult topics of workplace stress, labor shortages, career burnout, and mindfulness. Timecoded Guide: [00:00] Framework preferences & the benefits of SOC 2 vs ISO [07:06] Compliance & security from a business perspective [13:52] Cybersecurity labor shortages & tech skill gaps [16:50] Workplace stress & the struggle of cyber career burnout [21:15] Mental health advice for security practitioners    Do you think GRC is a good entry point for cybersecurity?  Much like myself, Val is a firm believer in GRC as a solid entry point in the cyber security industry. Junior security practitioners need an area where they're exposed to a variety of positions and functions, and Val sees endless training opportunities for a young professional looking to get their start in GRC. Repeatable processes and teachable functions show entry-level cyber employees the value of compliance and how what we do as cyber professionals impacts the businesses we work with. “When you rise up the ladder, you may feel like those standard beginning steps are tiring from having done them for many years, but it's those things that are easy to pick up. They're easily repeatable, and a very quick intro to say, ‘Hey, this is what this does for the business. There's some value in it.'”    How do we solve the cybersecurity labor shortages and skill gaps?  Anyone working in the industry understands the stress of the cyber workforce gap and how it has impacted both understaffed tech companies and overworked cybersecurity practitioners, especially in the wake of the covid-19 pandemic. With so much conversation around cybersecurity talent shortages, I asked Val where he saw potential for solutions. His advice fell on the shoulders of cyber industry leaders, urging them to acknowledge the security skills gap and the staffing issues taking place. Without acknowledgement, Val warns that leaders will not set themselves up for success when welcoming new security professionals to the workforce or training industry outsiders in new positions.  “When we hire somebody, we can give them a set title, a set function. At the same time, we also have to leave them room so they can grow and do something more, something better, something different.”   Why do you think we're seeing cybersecurity professionals burning out? Not only are cyber staffing shortages weighing on us, but cybersecurity professionals are burning out at rapid rates. The great resignation feels far from over for many companies, and I have seen security personnel quickly burn out and leave the industry entirely. Considering Val's vulnerability about mental health, he is quick to sympathize with those skilled workers feeling too exhausted to continue their roles. Security practitioners are often undervalued when businesses see cybersecurity as an expense, not something that can potentially save their business. Undervaluing combined with a lack of cohesiveness in teams and a lack of new opportunities, we are looking at a potential mental health crisis in cyber. “Security is not usually appreciated. Things go wrong and then, security is often blamed for not fixing things beforehand, or not building these things right. There's always a lot of pressure…It's really hard to compete.”   Can you tell me about your personal mental health journey and how it has impacted your cyber career and company? Immigrating to America at a young age and pushing himself hard in his career led to Val learning his lesson about mental health the hard way. After struggling with depression throughout his adulthood and managing his mental health through mindfulness and spirituality, Val focuses more of his energy now on showing others the value of lifting yourself up. While focusing too hard on societal and career expectations led to Val's personal burn out, he's come out the other side of many of his mental health struggles with clarity and consciousness about what others are going through, as well as a motivation to guide others on a healthier mental health journey. “I learned early on in my career, when I had my first subordinates, that when people were underperforming, it wasn't because they were bad or they weren't skilled, there was something else going on. Once we were able to figure out what that something else was, they performed well above my expectations.” --------- Links: Keep up with our guest, Val Dobrushkin, on LinkedIn Learn more about Noname Security on their website and LinkedIn. Connect with AJ Yawn on LinkedIn and Twitter Follow ByteChek on LinkedIn and Twitter, or learn more about ByteChek on their website Listen to more from the Hacker Valley Studio and To Comply or Not to Comply

#CISOThursday - Breaking into Cybersecurity: AJ Yawn 7/7/22 https://www.linkedin.com/in/ajyawn/ It's really a conversation about what they did before, why did they pivot into cyber, what was the process they went through Breaking Into Cybersecurity, how do you keep up, and advice/tips/tricks along the way. About Breaking Into Cybersecurity: This series was created by Renee Small & Christophe Foulon to share stories of how the most recent cybersecurity professionals are breaking into the industry. Our special editions are us talking to experts in their fields and cyber gurus who share their experiences of helping others break-in. #cybersecurity #breakingintocybersecurity #informationsecurity #JamesAzar #ChrisFoulon #ReneeSmall #InfoSecHires Check out our new books: Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUI Hack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com//dp/1801816638/ _________________________________________ About the hosts: Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/ Download a free copy of her book at magnetichiring.com/book Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over 10 years as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach. https://www.linkedin.com/in/christophefoulon/ Find out more about CPF-Coaching at https://cpf-coaching.com - Website: https://www.cyberhubpodcast.com/breakingintocybersecurity - Podcast: https://anchor.fm/breakingintocybersecurity - YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity - Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/ - Twitter: https://twitter.com/BreakintoCyber - Twitch: https://www.twitch.tv/breakingintocybersecurity --- Send in a voice message: https://anchor.fm/breakingintocybersecurity/message Support this podcast: https://anchor.fm/breakingintocybersecurity/support

#CISOThursday - Breaking into Cybersecurity: AJ Yawn 7/7/22 https://www.linkedin.com/in/ajyawn/  It's really a conversation about what they did before, why did they pivot into cyber, what was the process they went through Breaking Into Cybersecurity, how do you keep up, and advice/tips/tricks along the way.  About Breaking Into Cybersecurity: This series was created by Renee Small & Christophe Foulon to share stories of how the most recent cybersecurity professionals are breaking into the industry. Our special editions are us talking to experts in their fields and cyber gurus who share their experiences of helping others break-in.  #cybersecurity #breakingintocybersecurity #informationsecurity #JamesAzar #ChrisFoulon #ReneeSmall #InfoSecHires  Check out our new books: Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUI Hack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com//dp/1801816638/ _________________________________________  About the hosts:     Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/  Download a free copy of her book at magnetichiring.com/book  Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over 10 years as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach.  https://www.linkedin.com/in/christophefoulon/  Find out more about CPF-Coaching at https://cpf-coaching.com  - Website: https://www.cyberhubpodcast.com/breakingintocybersecurity - Podcast: https://anchor.fm/breakingintocybersecurity - YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity - Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/ - Twitter: https://twitter.com/BreakintoCyber - Twitch: https://www.twitch.tv/breakingintocybersecurity

I invite Corey Quinn to take a break from his podcast hosting role and join me on the opposite side of the table on To Comply or Not to Comply this week. As the Cloud Economist at the Duckbill Group, writer of the Last Week in AWS newsletter, and host of the podcast Screaming in the Cloud, Corey is an expert in Amazon Web Services (AWS). Corey joins me in this episode to talk about developing his business focus, being profiled by the New York Times, and making the decision to invest in my startup, ByteChek.   Timecoded Guide: [04:23] Finding a business niche and understanding the value of the Duckbill Group's AWS expertise  [11:56] Explaining where the humor of Last Week in AWS comes from and how Corey keeps a lighthearted yet snarky and amusing perspective on AWS issues  [18:10] Delving into Corey's vision for the investment portion of his career and what his motivations were for becoming an investor in ByteChek [26:42] Being featured in the New York Times and explaining the reactions that both he and others had to the article about him [29:34] Noticing the role that fatherhood has had in his career and how Corey has learned to better prioritize his schedule and his family    How did you develop the focus on AWS for the Duckbill Group? Although I point out the criticisms specialists in tech often receive, Corey is quick to defend the Duckbill Group's focus on AWS. His reasoning? It pays well and it's a very important problem to fix. It might seem like a source of strength to be a jack of all trades or a generalist, but Corey says that there's rarely a market for generalists. Instead, people and companies alike approach specialists to solve their problems, wanting to pay the money for their expertise rather than take a chance on someone they only knows a general overview of their issue or problem. “People don't want to reach out with expensive problems to generalists. They want to reach out to someone who they believe specializes in the exact problem they deal with and that they want to get solved.”    What is the feedback like for your Last Week in AWS newsletter? Corey's Last Week in AWS newsletter has developed a really decent following over the span of his career, starting only as a fun way to share news and skyrocketing from there. Even with the increased popularity of his newsletter, Corey's surprising news is that he actually rarely receives email feedback from subscribers. He receives positive feedback in-person, especially from peers enjoying his takes on the latest developments and finding humor in the snarky statements he makes, but Corey finds that email responses and feedback are hardly the norm for him, only receiving the occasional typo correction.  “Increasingly, I find that when people have problems with what I write, the easiest way to fix that is to have a conversation with them and add a little context. Sometimes I'm wrong, sometimes I'm not, but it's always a conversation that leads to better outcomes as a result.”   What was that experience like, to be in the New York Times, talking just about who you are and what you bring to the space? Although Corey has a following in the AWS space, it was a big surprise to him for the New York Times to reach out for a profile on him and it provided him with an incredible perspective of the impact of what he does not only with Duckbill Group, but with everything involved in Last Week in AWS. This was a source of stress for Corey, who definitely worried about what would come from such a high-profile publication covering his occasionally snarky work, but he's been incredibly pleased with the response so far and hopes it continues to elevate his platform and spreads the words about the common issues of AWS “Believe me, I deserve a lot of criticism for the things I say and do, but it was a really interesting experience, start to finish. I didn't expect it to get the level of attention that it did. I didn't expect the positive business outcomes that came out of it, and I'll be forever grateful.”   Why are you open to sharing your fatherhood journey with folks out there and how has being a father played a role in your career? As a father myself, Corey's dedication and care towards his two children inspires me to continue to share my journey through fatherhood out in the open. While motherhood has become an increasingly visible talking point as we discuss tech work environments, fatherhood can also have a massive impact on the decisions we choose in our careers. For Corey, he's quick to admit that his fatherhood informs his decisions to unplug from his work on the weekend. He's willing to set strict boundaries with himself about when he's working and when he's not, especially when it means he can be there for his children as they grow up. “There's always going to be another RSA coming to town, or there's always going to be another event where I'm invited to keynote, but I'm not going to get these years of having young kids back. I want to spend time with them as they grow up.”  --------- Links: Keep up with our guest, Corey Quinn, on LinkedIn, Twitter, the Last Week in AWS website, and the Duckbill Group website Read the New York Times article about Corey Quinn and check out Corey's podcast, Screaming in the Cloud Connect with AJ Yawn on LinkedIn and Twitter Follow ByteChek on LinkedIn and Twitter, or learn more about ByteChek on their website Listen to more from the Hacker Valley Studio and To Comply or Not to Comply

In this episode of The TechTual Talk we discuss why you should automate your IT Audits with the CEO of ByteChek AJ YawnAJ Yawn is the Founder and CEO at ByteChek, a cybersecurity compliance automation SaaS company and a Founding Board Member of the National Association of Black Compliance and Risk Management Professionals (NABCRMP). AJ has earned the CISSP, 6 AWS certifications including the AWS Solutions Architect-Professional and AWS Security-Specialty. Prior to ByteChek, AJ spent over a decade in the cybersecurity industry both in the US Army and as a consultant. He is a regular speaker at SANS Cloud Security curriculum events such as BIPOC in Cloud Forum and CloudSecNext Summit, and can be found teaching the SANS Institute SEC557: Continuous Automation for Enterprise and Cloud Compliance.   SANS: https://www.sans.org/profiles/aj-yawn/ AJ's LinkedIn: https://www.linkedin.com/in/ajyawn/ Join the patreon: https://patreon.com/techtualchatterCheck out the youtube channel: https://youtube.com/techtualchatterGrab my ebook: https://techtualconsulting.com/digitalproductsCheck out my resume services: https://techualconsulting.com/offeringsFollow me on the rest of my socials: https://techtualconsulting.start.page/SANS: https://www.sans.org/profiles/aj-yawn/AJ's LinkedIn: https://www.linkedin.com/in/ajyawn/ Why ByteChek? : https://www.bytechek.com/why-soc2-with-bytechekSupport the show

Today, we will be talking for a 2nd time with our good friend, AJ Yawn. AJ is the Founder and CEO at ByteChek, an automated cybersecurity compliance platform company based in Miami, FL. AJ shares about what it's like getting $3 million in VC funding, mental health, running a fast growing cybersecurity company and more. For more information please visit www.bytechek.com. At Tech & Main, we want to be YOUR technology partner. Let our 20+ years of expertise help you achieve the outcomes that are best for your business: cybersecurity, cloud, SD-WAN and data center. We have engineers and project managers available to assist you. Call our office at 678-575-8515, email us at info@techandmain.com or visit us at www.techandmain.com. --- Send in a voice message: https://anchor.fm/techandmain/message

AJ Yawn | Founder | ByteChekByteCheck is all about making compliance suck less. Simplify compliance with their advanced and easy-to-use compliance platform. AJ and his team are building something special that we'll be highlighting throughout this conversation.Support the show (https://www.buymeacoffee.com/kgroom)

“The people who make it and end up being successful, are the people who stick with the problem the longest” - Ariana “The Techie” Have you ever had a vision so clear in your mind that you remained steadfast in your pursuit, despite your less than ideal circumstances? As a 26 year-old black woman and solo founder of Mueshi - a Web3 NFT marketplace for fine art - Ariana ‘The Techie” has had to overcome all odds.   In this episode of To Comply Or Not To Comply, Ariana joins host AJ Yawn to share: Her founder's journey - from ideation to conception  What motivates her to ‘stay the course' Representation in tech, or lack thereof Her advice for aspiring entrepreneurs and founders A VERY special announcement! This episode is full of inspiration and motivation to those in pursuit of greatness and we cannot wait for you to hear it!   Guest Bio: Ariana is a Software Engineer by trade and Founder of Mueshi - a Web3 NFT marketplace for fine and contemporary art. Her special interests include: Web & Mobile Applications, and BlockChain Development (NFT's and smart contracts).   Links: Stay in touch with Ariana on LinkedIn and Twitter and learn more about Mueshi! Connect with AJ Yawn on  LinkedIn and Twitter  Follow ByteChek on LinkedIn and Twitter or learn more about ByteChek on their website. Listen to more from Hacker Valley Media and To Comply Or Not To Comply!  

Corey's livetweet: https://twitter.com/quinnypig Eric Hammond's old article: https://alestic.com/2014/09/aws-root-password/ Lightspin found a vulnerability: https://blog.lightspin.io/aws-rds-critical-security-vulnerability Expel's incident report: https://expel.com/blog/incident-report-from-cli-to-console-chasing-an-attacker-in-aws/ Rhino Security Labs found a CVE in the AWS VPN Client: https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/ DarkReading's profile of AJ Yawn: https://www.darkreading.com/edge-articles/bytechek-founder-aj-yawn-brings-discipline-to-everything-he-does NotGitBleed: https://www.notgitbleed.com/ AWS Security Bulletins:  https://aws.amazon.com/security/security-bulletins/AWS-2022-005/ https://aws.amazon.com/security/security-bulletins/AWS-2022-004/ gimme-aws-creds: https://github.com/Nike-Inc/gimme-aws-creds Chamber: https://github.com/segmentio/chamber #lastweekinaws slack channel: https://og-aws-slack.lexikon.io/

Admittedly, we've interviewed some interesting folks on this show – but not too many AS interesting as former Florida State basketball player, Army veteran, cybersecurity expert and social media influencer AJ Yawn.Yeah, that's a lot.AJ's journey from military brat to influencer, with stops at the NCAA's Sweet 16  and the 82nd Airborne Division, really demonstrates how mindset and focus can help us change dreams to goals – and goals into accomplishments.  From achieving his goal as a scholarship athlete at Florida State to funding his company with nearly all black investors, AJ's story is inspiring, as is his honesty and transparency. Looking to Live Life on the Offense? AJ has lessons.Check out AJ's LinkedIn account, and follow him on Twitter.If you enjoyed this episode of Always in Pursuit, please share with a couple of your friends and leave us a review on whatever platform you use. Also find out more about AIP and the team at www.alwaysinpursuit.org. Thank you for tuning in to the show!Check out our amazing Sponsors Adyton PBC and Learn more about MUSTR app which is streamlining systems for leaders across the Department of Defense! 

With a looming skills/people gap in cybersecurity and technology growing at an alarming rate, we need cybersecurity professionals now more than ever before. As cyber threats become increasingly complex, the need for diverse minds and talent is a mission critical issue. In this episode, AJ is joined by Chandler Malone to talk about the state of diversity in cyber – or lack thereof, and the highs and lows of being startup founders in the space.   Guest Bio: Chandler Malone is a three time entrepreneur who is now building Bootup and investing in early stage companies through Atento Capital. His journey began as a college student, building an events business that hosted shows for Billboard top 10 artists including the Chainsmokers before launching his first software company, The Moves, which he exited in 2019. Chandler has a passion for helping underrepresented entrepreneurs and using technology to improve quality of life. Chandler serves as an Investor in Residence at Washington University in St. Louis and a board member at Urban Coders Guild. Links: Stay in touch with Chandler Malone on LinkedIn  and Twitter Connect with AJ Yawn on LinkedIn and Twitter Learn about ByteChek Hear more from shows from Hacker Valley Media

In this episode of the Transition, I interview A.J. Yawn, a former Division1 basketball Player from Florida State University, Army Captain, and Co-Founder of ByteChek, an early stage B2B Saas Company that builds, manages, and assesses a company's cybersecurity program to build trust with customers and unlock sales. On the show, AJ opens up his journey to raise capital for ByteChek, the importance of family and mental health, and the lessons he's learned building his first startup. Be sure to subscribe to the Transition Newsletter on Substack here: https://bit.ly/37Bb8Ne Apply For The Breaking Barriers in Entrepreneurship Workshop Series here: https://bunkerlabs.org/breaking-barriers/ Learn more about ByteChek here: https://www.bytechek.com

AJ: Co-founder and CEO at ByteChek - "making compliance suck less" Founding Board Member of the National Association of Black Compliance and Risk Management Professionals LinkedIn Top Voice in 2020 SANS Instructor Listen to the episode for our discussion ranging from his dreams to be in the NBA, his experience with compliance challenges, and his revelation that startup founders do not necessarily have to be geniuses. https://www.bytechek.com/

Today on That Tech Pod, Laura and Gabi chat with AJ Yawn. AJ Yawn is the Co-Founder and CEO at ByteChek. AJ has earned 6 AWS certifications including the AWS Solutions Architect-Professional and AWS Security-Specialty. Prior to ByteChek, AJ spent over a decade in the cybersecurity industry both in the US Army and as a consultant. He is a regular speaker at SANS Cloud Security curriculum events such as BIPOC in Cloud Forum and CloudSecNext Summit, and can be found teaching SEC557: Continuous Automation for Enterprise and Cloud Compliance. Follow That Tech Pod: Twitter-@thattechpod LinkedIn: LinkedIn.com/thattechpodwebsite: thattechpod.com

AJ Yawn joins us for this episode of the CISO Dojo Podcast. AJ Yawn is a seasoned cloud security professional that possesses over a decade of senior information security experience with extensive experience managing a wide range of cybersecurity compliance assessments (SOC 2, ISO 27001, HIPAA, etc.) for a variety of SaaS, IaaS, and PaaS providers. AJ advises startups on cloud security and serves on the Board of Directors of the ISC2 Miami chapter as the Education Chair, he is also a Founding Board member of the National Association of Black Compliance and Risk Management professions, regularly speaks on information security podcasts, events, and he contributes blogs and articles to the information security community including publications such as CISOMag, InfosecMag, HackerNoon, and ISC2. https://www.linkedin.com/in/ajyawn/ @AjYawn

About AJAJ Yawn is a seasoned cloud security professional that possesses over a decade of senior information security experience with extensive experience managing a wide range of cybersecurity compliance assessments (SOC 2, ISO 27001, HIPAA, etc.) for a variety of SaaS, IaaS, and PaaS providers.AJ advises startups on cloud security and serves on the Board of Directors of the ISC2 Miami chapter as the Education Chair, he is also a Founding Board member of the National Association of Black Compliance and Risk Management professions, regularly speaks on information security podcasts, events, and he contributes blogs and articles to the information security community including publications such as CISOMag, InfosecMag, HackerNoon, and ISC2.Before Bytechek, AJ served as a senior member of national cybersecurity professional services firm SOC-ISO-Healthcare compliance practice. AJ helped grow the practice from a 9 person team to over 100 team members serving clients all over the world. AJ also spent over five years on active duty in the United States Army, earning the rank of Captain.AJ is relentlessly committed to learning and encouraging others around him to improve themselves. He leads by example and has earned several industry-recognized certifications, including the AWS Certified Solutions Architect-Professional, CISSP, AWS Certified Security Specialty, AWS Certified Solutions Architect-Associate, and PMP. AJ is also involved with the AWS training and certification department, volunteering with the AWS Certification Examination Subject Matter Expert program.AJ graduated from Georgetown University with a Master of Science in Technology Management and from Florida State University with a Bachelor of Science in Social Science. While at Florida State, AJ played on the Florida State University Men's basketball team participating in back to back trips to the NCAA tournament playing under Coach Leonard Hamilton.Links: ByteChek: https://www.bytechek.com/ Blog post, Everything You Need to Know About SOC 2 Trust Service Criteria CC6.0 (Logical and Physical Access Controls): https://help.bytechek.com/en/articles/4567289-everything-you-need-to-know-about-soc-2-trust-service-criteria-cc6-0-logical-and-physical-access-controls LinkedIn: https://www.linkedin.com/in/ajyawn/ Twitter: https://twitter.com/AjYawn TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Cloud Economist Corey Quinn. This weekly show features conversations with people doing interesting work in the world of Cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It's an awesome approach. I've used something similar for years. Check them out. But wait, there's more. They also have an enterprise option that you should be very much aware of canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It's awesome. If you don't do something like this, you're likely to find out that you've gotten breached, the hard way. Take a look at this. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That's canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I'm a big fan of this. More from them in the coming weeks.Corey: This episode is sponsored in part by our friends at Lumigo. If you've built anything from serverless, you know that if there's one thing that can be said universally about these applications, it's that it turns every outage into a murder mystery. Lumigo helps make sense of all of the various functions that wind up tying together to build applications. It offers one-click distributed tracing so you can effortlessly find and fix issues in your serverless and microservices environment. You've created more problems for yourself; make one of them go away. To learn more, visit lumigo.io.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I'm joined this week by AJ Yawn, co-founder, and CEO of ByteChek. AJ, thanks for joining me.AJ: Thanks for having me on, Corey. Really excited about the conversation.Corey: So, what is ByteChek? It sounds like it's one of those things—‘byte' spelled as in computer term, not teeth, and ‘chek' without a second C in it because frugality looms everywhere, and we save money where we can by sometimes not buying the extra letter or vowel. So, what is ByteChek?AJ: Exactly. You get it. ByteChek is a cybersecurity compliance software company, built with one goal in mind: make compliance suck less. And the way that we do that is by automating the worst part of compliance, which is evidence collection and taking out a lot of the subjective nature of dealing with an audit by connecting directly where the evidence lives and focusing on security.Corey: That sound you hear is Pandora's Box creaking open because back before I started focusing on AWS bills, I spent a few months doing a deep dive PCI project for workloads going into AWS because previously I've worked in regulated industries a fair bit. I've been a SOC 2 control owner, I've gone through the PCI process multiple times, I've dabbled with HIPAA as a consultant. And I thought, “Huh, there might be a business need here.” And it turns out, yeah, there really is.The problem for me is that the work made me want to die. I found it depressing; it was dull; it was a whole lot of hurry up and wait. And that didn't align with how I approach the world, so I immediately got the hell out of there. You apparently have a better perspective on, you know, delivering things companies need and don't need to have constant novel entertainment every 30 seconds. So, how did you start down this path, and what set you on this road?AJ: Yeah, great question. I started in the army as a information security officer, worked in a variety of different capacities. And when I left the military—mainly because I didn't like sleeping outside anymore—I got into cybersecurity compliance consulting. And that's where I got first into compliance and seeing the backwards way that we would do things with old document requests and screenshots. And I enjoyed the process because there was a reason for it, like you said.There's a business value to this, going through this compliance assessments. So, I knew they were important, but I hated the way we were doing it. And while there, I just got exposed to so many companies that had to go through this, and I just thought there was a better way. Like, typical entrepreneur story, right? You see a problem and you're like, “There has to be a better way than grabbing screenshots of the EC2 console.” And set out to build a product to do that, to just solve that problem that I saw on a regular basis. And I tell people all the time, I was complicit in making compliance stuff before. I was in that role and doing the things that I think sucked and not focused on security. And that's what we're solving here at ByteChek.Corey: So, I've dabbled in it and sort of recoiled in horror. You've gone into this to the point where you are not only handling it for customers but in order to build software that goes in a positive direction, you have to be deeply steeped in this yourself. As you're going down this process, what was your build process like? Were you talking to auditors? Were you talking to companies who had to deal with auditors? What aspects of the problem did you approach this from?AJ: It's really both aspects. And that's where I think it's just a really unique perspective I have because I've talked with a lot of auditors; I was an auditor and worked with auditors' hand-in-hand and I understood the challenges of being an auditor, and the speed that you have to move when you're in the consulting industry. But I also talked to a lot of customers because those were the people I dealt with on a regular basis, both from a sales perspective and from, you know, sitting there with the CTOs trying to figure out how to design a secure solution in AWS. So, I took it from the approach of you can't automate compliance; you can't fix the audit problem by only focusing on one side of the table, which is what currently happens where one side of the table is the client, then you get to automate evidence collection. But if the auditors can't use that information that you've automated, then it's still a bad process for both people. So, I took the approach of thinking about this from both, “How do I make this easier for auditors but also make it easier for the clients that are forced to undergo these audits?”Corey: From a lot of perspectives, having compliance achieved, regardless of whether it's PCI, whether it's HIPAA, whether it's SOC 2, et cetera, et cetera, et cetera, the reason that a companies go through it is that it's an attestation that they are, for better or worse, doing the right things. In some cases, it's a requirement to operate in a regulated industry. In other cases, it's required to process credit card transactions, which is kind of every industry, and in still others, it's an easy shorthand way of saying that we're not complete rank amateurs at these things, so as a result, we're going to just pass over the result of our most recent SOC 2 audit to our prospective client, and suddenly, their security folks can relax and not send over weeks of questionnaires on the security front. That means that, for some folks, this is more or less a box-checking exercise rather than an actual good-faith effort to improve processes and posture.AJ: Correct. And I think that's actually the problem with compliance is it's looked at as a check-the-box exercise, and that's why there's no security value out of it. That's why you can pick up a SOC 2 report for someone that's hosted on AWS, and you don't see any mention of S3 buckets. You can do a ctrl+F, and you literally don't see anything in a security evaluation about S3 buckets, which is just insane if you know anything about security on AWS. And I think it's because of what you just described, Corey; they're often asked to do this by a regulator, or by a customer, or by a vendor, and the result is, “Hurry up and get this report so that we can close this deal,”—or we can get to the next level with this customer, or with this investor, whatever it may be—instead of, let's go through this, let's have an auditor come in and look at our environment to improve it, to improve this security, which is where I hope the industry can get to because audits aren't going anywhere; people are going to continue to do them and spend thousands of dollars on them, so there should be some security value out of them, in my opinion.Corey: I love using encrypting data at rest as an example of things that make varying amounts of sense because, sure, on your company laptops, if someone steals an employee's laptop from a coffee shop, or from the back of their car one night, yeah, you kind of want the exposure to the company to be limited to replacing the hardware. I mean, even here at The Duckbill Group, where we are not regulated, we've gone through no formal audits, we do have controls in place to ensure that all company laptops have disk encryption turned on. It makes sense from that perspective. And in the data center, it was also important because there were a few notable heists where someone either improperly disposed drives and corporate data wound up on eBay or someone in one notable instance drove a truck through the side of the data center wall, pulled a rack into the bed of the truck and took off, which is kind of impressive [laugh] no matter how you slice it. But in the context of a hyperscale cloud provider like AWS, you're not going to be able to break into their data centers, steal a drive—and of course, it has to be the right collection of drives and the right machines—and then find out how to wind up reassembling that data later.It's just not a viable attack strategy. Now, you can spend days arguing with auditors around something like that, or you can check the box ‘encrypt at rest' and move on. And very often, that is the better path. I'm not going to argue with auditors about that. I'm going to bend the knee, check the box, and get back to doing the business thing that I care about. That is a reasonable approach, is it not?AJ: It is, but I think that's the fault of the auditor because good security requires context. You can't just apply a standard set of controls to every organization, as you're describing, where I would much rather the auditor care about, “Are there any public S3 buckets? What are the security group situation like on that account? How are they managing their users? How are they storing credentials there in the cloud environment as well?Are they using multiple accounts?” So, many other things to care about other than protecting whether or not someone will be able to pull off the heist of the [laugh] 21st century. So, I think from a customer perspective, it's the right model: don't waste time arguing points with your auditors, but on the flip side, find an auditor that has more technical knowledge that can understand context, because security work requires good context and audits require context. And that's the problem with audits now; we're using one framework or several frameworks to apply to every organization. And I've been in the consulting space, like you, Corey, for a while. I have not seen the same environment in any customers. Every customer is different. Every customer has a different setup, so it doesn't make sense to say every control should apply to every company.Corey: And it feels on some level like you wind up getting staff accustomed to treating it as a box-checking exercise. “Right, it's dumb that we wind up having to encrypt S3 buckets, but it's for the audit to just check the box and move on.” So, people do it, then they move on to the next item, which is, “Okay, great. Are there any public S3 buckets?” And they treat it with the same, “Yeah, whatever. It's for the audit,” box-checking approach? No, no, that one's actually serious. You should invest significant effort and time into making sure that it's right.AJ: Exactly. Exactly. And that's where the value of a true compliance assessment that is focused on security comes into play because it's no longer about checking the box, it's like, “Hey, there's a weakness here. A weakness that you probably should have identified. So, let's go fix the weakness, but let's talk about your process to find those weaknesses and then hopefully use some automation to remediate them.”Because a lot of the issues in the cloud you can trace back to why was there not a control in place to prevent this or detect this? And it's sad that compliance assessments are not the thing that can catch those, that are not the other safeguard in place to identify those. And it's because we are treating the entire thing like a check-the-box exercise and not pulling out those items that really matter, and that's just focusing on security. Which is ultimately what these compliance reports are proving: customers are asking for these reports because they want to know if their data is going to be secure. And that's what the report is supposed to do, but on the flip side, everyone knows the organization may not be taking it that serious, and they may be treating it like a check-the-box exercise.Corey: So, while I have you here, we'll divert for a minute because I'm legitimately curious about this one. At a scale of legitimate security concern to, “This is a check-the-box exercise,” where do things like rotating passwords every 60 days or rotating IAM credentials every 90 days fall?AJ: I think it again depends on the organization. I don't think that you need to rotate passwords regularly, personally. I don't know how strong of a control that is if people are doing that, because they're just going to start to make things up that are easy—Corey: Put the number at the end and increment by one every time. Great. Good work.AJ: Yep. So, I think again, it just depends on your organization and what the organization is doing. If you're talking about managing IAM access keys and rotating those, are your engineers even using the CLI? Are they using their access keys? Because if they're not, what are you rotating?You're just rotating [laugh] stale keys that have never been used. Or if you don't even have any IAM users, maybe you're using SSO and they're all using Okta or something else and they're using an IAM role to come in there. So, it's just—again, it's context. And I think the problem is, a lot of folks don't understand AWS or they don't understand the cloud. And when I say, folks, I mean auditors.They don't understand that, so they're just going to ask for everything. “Did you rotate your passwords? Did you do this? Did you do that?” And it may not even make sense for you based off of your environment, but again, is it worth the fight with the auditor, or do you just give them whatever they want and so you can go about your way, whether or not it's a legit security concern?Corey: Yeah. At some point, it's not worth fighting with auditors, but if you find yourself wanting to fight the auditor all the time, at some level, you start to really resent the auditor that you have. To put that slightly more succinctly, how do you deal with non-technical auditors who don't understand your environment—what they're looking at—without strangling them?AJ: Great question. I think it goes back to before you hire your auditor. Oftentimes, in the sales process, there's questions around, “Who's come from the Big Four on your staff?” Or, “What control frameworks do you all specialize in?” Or, “How long will this take? How much will it cost?” But there's very rarely any questions of, “Who on your staff knows AWS?”And it's similar to going to the doctor: you wouldn't go to an eye doctor to get foot surgery. So, you shouldn't go to an auditor who has never seen AWS, that doesn't know what EC2 is, to evaluate your AWS environment. So, I think organizations have to start asking the right questions during the sales process. And it's not about price or time or anything like that when you're assessing who you're going to work with from an auditing firm. It's, are they qualified to actually evaluate the threats facing your organization so that you don't get asked the stupid question.If you're hosted on AWS, you shouldn't be getting asked where are your firewall configurations. They should understand what security groups are and how they work. So, there's just a level of knowledge that should be expected from the organization side. And I would say, if you're working with a current auditor that you're having those issues with, continue to ask the hard questions. Auditors that are not technical—I have a blog post on our website, and it says this is the section your auditors are the most scared of, and it's the logical access section of your SOC 2 report.And auditors that are not technical run away from that section. So, just keep asking the hard questions, and they'll either have to get the knowledge or they realize they're not qualified to do the assessment and the marriage will split up kind of naturally from there. But I think it goes back to the initial process of getting your auditor. Don't worry about cost or time, worry about their technical skills and if they're qualified to assess your environment.Corey: And in 2021, that's a very different story than it was the first few times I encountered auditors discovering the new era. At a startup, the auditor shows up. “Great, how do we get access to your Active Directory?” “Yeah, we don't have one of those.” “Okay, how do we get on the internet here?” “Oh, here's the wireless password.” “Wait, there's not a separate guest network?” “That's right.” “Well, now I have privileged access because I'm on your network.”It's like, “Technically, that's true because if you weren't on this network, you wouldn't be able to print to that printer over there in the corner. But that's the only thing that it lets you do.” Everything else is identity-based, not IP address allow listing, so instead, it's purely just convenience to get the internet; you're about as privileged on this network as you would be at a Starbucks half a world away. And they look at you like you're an idiot. And that should have been the early warning sign that this was not going to be a typical audit conversation. Now, though in 2021, it feels like it's time to find a new auditor.AJ: Exactly. Yeah. Especially because organizations—unfortunately, last year security budgets were some of the things that were first cut when budgets were cut due to the global pandemic, S0—Corey: Well, I'm sure that'll have no lasting repercussions.AJ: Right. [laugh]. That's always a great decision. So compliance, that means compliance budgets have been significantly slashed because that's the first thing that gets cut is spending money on compliance activities. So, the cheaper option, oftentimes, is going to mean even less technical resources.Which is why I don't think manual audits, human audits are going to be a thing moving forward. I think companies are realizing that it doesn't make sense to go through a process, hire an auditor who's selling you on all this technical expertise, and then the staff that's showing up and assigned to your project has never seen inside the AWS console and truly doesn't even know what the cloud is. They think that iCloud on their phone is the only cloud that they're familiar with. And that's what happens; organizations are sold that they're going to get cybersecurity technical experts from these human auditors and then somebody shows up without that experience or expertise. So, you have to start to rely on tools, rely on technologies, and that can be native technologies in the cloud or third-party tools.But I don't think you can actually do a good audit in the cloud manually anyways, no matter how technical you are. I know a lot about AWS but I still couldn't do a great audit by myself in the cloud because auditing is time-based, you bill by the hour and it doesn't make sense for me to do all of those manual things that tools and technologies out there exist to do for us.Corey: So, you started a software company aimed at this problem, not a auditing firm and not a consulting company. How are you solving this via the magic of writing code?AJ: It's just connecting directly where the evidence lives. So, for AWS, I actually tried to do this in a non-software way prior, when I was just a typical auditor, and I was just asking our clients to provision us cross-account access to go in their environment with some security permissions to get evidence directly. And that didn't pass the sniff test at my consulting firm, even though some of the clients were open to it. But we built software to go out to the tools where the evidence directly lives and continuously assess the environment. So, that's AWS, that's GitHub, that Jira, that's all of the different tools where you normally collect this evidence, and instead of having to prove to auditors in a very manual fashion, by grabbing screenshots, you just simply connect using APIs to get the evidence directly from the source, which is more technically accurate.The way that auditing has been done in the past is using sampling methodologies and all these other outdated things, but that doesn't really assess if all of your data stores are configured in the right way; if you're actually backing up your data. It's me randomly picking one and saying, “Yes, you're good to go.” So, we connect directly where the evidence lives and hopefully get to a point where when you get a SOC 2 report, you know that a tool checked it. So, you know that the tool went out and looked at every single data store, or they went out and looked at every single EC2 instance, or security group, whatever it may be, and it wasn't dependent on how the auditor felt that day.Corey: This episode is sponsored in part by ChaosSearch. As basically everyone knows, trying to do log analytics at scale with an ELK stack is expensive, unstable, time-sucking, demeaning, and just basically all-around horrible. So why are you still doing it—or even thinking about it—when there's ChaosSearch? ChaosSearch is a fully managed scalable log analysis service that lets you add new workloads in minutes, and easily retain weeks, months, or years of data. With ChaosSearch you store, connect, and analyze and you're done. The data lives and stays within your S3 buckets, which means no managing servers, no data movement, and you can save up to 80 percent versus running an ELK stack the old-fashioned way. It's why companies like Equifax, HubSpot, Klarna, Alert Logic, and many more have all turned to ChaosSearch. So if you're tired of your ELK stacks falling over before it suffers, or of having your log analytics data retention squeezed by the cost, then try ChaosSearch today and tell them I sent you. To learn more, visit chaossearch.io.Corey: That sounds like it is almost too good to be true. And at first, my immediate response is, “This is amazing,” followed immediately by that's transitioning into anger, that, “Why isn't this a native thing that everyone offers?” I mean, to that end, AWS announced ‘Audit Manager' recently, which I haven't had the opportunity to dive into in any deep sense yet, because it's still brand new, and they decided to release it alongside 15,000 other things, but does that start getting a little bit closer to something companies need? Or is it a typical day-one first release of an Amazon service where, “Well, at least we know the direction you're heading in. We'll check back in two years.”AJ: Exactly. It's the day-one Amazon service release where, “Okay. AWS is getting into the audit space. That's good to know.” But right now, at its core, that AWS service, it's just not usable for audits, for several reasons.One, auditors cannot read the outputs of the information from Audit Manager. And it goes back to the earlier point where you can't automate compliance, you can't fix compliance if the auditors can't use the information because then they're going to go back to asking dumb questions and dumb evidence requests if they don't understand the information coming out of it. And it's just because of the output right now is a dump of JSON, essentially, in a Word document, for some strange reason.Corey: Okay, that is the perfect example right there of two worlds colliding. It's like, “Well, we're going to put JSON out of it because that's the language developers speak. Well, what do auditors prefer?” “I don't know, Microsoft Word?” “Okay, sounds good.” Even Microsoft Excel is a better answer than [laugh] that. And that is just… okay, that is just Looney Tunes awful.AJ: Yep. Yeah, exactly. And that's one problem. The other problem is, Audit Manager requires a compliance manager. If we think about that tool, a developer is not going to use Audit Manager; it's going to be somebody responsible for compliance.It requires them to go manually select every service that their company is using. A compliance manager, one, doesn't even know what the services are; they have no clue what some of these services are, two, how are they going to know if you're using Lambda randomly somewhere or, or a Systems Manager randomly somewhere, or Elastic Beanstalk's in one account or one region. Config here, config—they have to just go through and manually—and I'm like, “Well, that doesn't make any sense because AWS knows what services you're using. Why not just already have those selected and you pull those in scope?” So, the chances of something being excluded are extremely high because it's a really manual process for users to decide what are they actually assessing.And then lastly, the frameworks need a lot of work. Auditing is complex because their standards or regulations and all of that, and there's just a gap between what AWS has listed as a service that addresses a particular control that—there was a few times where I looked at Audit Manager and I had no clue what they were mapping to and why they're mapping. So, it's a typical day-one service; it has some gaps, but I like the direction it's going. I like the idea that an organization can go into their AWS console, hit to a dashboard, and say, “Am I meeting SOC 2?” Or“ am I meeting PCI?” I feel like this is a long time coming. I think you probably could have done it with Security Hub with less automation; you have to do some manual uploads there, but the long answer to say it has a long way to go there, Corey.Corey: I heard a couple of horror stories of, “Oh, my god, it's charging me $300 a day and I can't turn it off,” when it first launched. I assume that's been fixed by now because the screaming has stopped. I have to assume it was. But it was gnarly and surprising people with bills. And surprising people with things labeled ‘audit' is never a great plan.AJ: Right. Yeah, the pricing was a little ridiculous as well. And I didn't really understand the pricing model. But that's typical of a new AWS service, I never really understand. That's why I'm glad that you exist because I'm always confused at first about why things cost so much, but then if you give it some time, it starts to make a little bit more sense.Corey: Exactly. The first time you see a new pricing dimension, it's novel and exciting and more than a little scary, and you dive into it. But then it's just pattern recognition. It's, “Oh, it's one of these things again. Great.” It's why it lends itself to a consulting story.So, you were in the army for a while. And as you mentioned, you got tired of sleeping on the ground, so you went into corporate life. And you were at a national cybersecurity professional services firm for a while. What was it that finally made you, I guess, snap for lack of a better term and, “I'm going to start my own thing?” Because in my case, it was, “Well, okay. I get fired an awful lot. Maybe I should try setting out my own shingle because I really don't have another great option.” I don't get the sense, given your resume and pedigree, that that was your situation?AJ: Not quite. I surprisingly, don't do well with authority. So, a little bit I like to challenge things and question the norm often, which got me in trouble in the military, definitely got me in trouble in corporate life. But for me it was, I wanted to change; I wanted to innovate. I just kept seeing that there was a problem with what we were doing and how we were doing it, and I didn't feel like I had the ability to innovate.Innovating in a professional services firm is updating a Google Sheet, or adding a new Google Form and sending that off to a client. That's not really the innovation that I was looking to do. And I realized that if I wanted to create something that was going to solve this problem, I could go join one of the many startups out there that are out there trying to solve this problem, or I could just try to go do it myself and leverage my experience. And two worlds collided as far as timing and opportunity where I financially was in a position to take a chance like this, and I had the knowledge that I finally think I needed to feel comfortable going out on my own and just made the decision. I'm a pretty decisive person, and I decided that I was going to do it and just went with it.And despite going about this during the global pandemic, which presented its own challenges last year, getting this off the ground. But it was really—I collected a bunch of knowledge. I realized, maybe, two and a half years ago, actually, that I wanted to start my own business in this space, but I didn't know what I wanted to do just yet. I knew I wanted to do software, I didn't know how I wanted to do it, I didn't know how I was going to make it work. But I just decided to take my time and learn as much as I can.And once I felt like I acquired enough knowledge and there was really nothing else I could gain from not doing this on my own, and I knew I wasn't going to go join a startup to join them on this journey, it was a no-brainer just to pull the trigger.Corey: It seems to have worked out for you. I'm starting to see you folks crop up from time-to-time, things seem to be going well. How big are you?AJ: Yeah, we're doing well. We have a team of seven of us now, which is crazy to think about because I remember when it was just me and my co-founder staring at each other on Zoom every day and wondering if they're ever going to be anybody else on these [laugh] calls and talking to us. But it's going really well. We have early customers that are happy and that's all that I can ask for and they're not just happy silently; they're being really public about being happy about the platform, and about the process. And just working with people that get it and we're building a lot of momentum.I'm having a lot of fun on LinkedIn and doing a lot of marketing efforts there as well. So, it's been going well; it's been actually going better than expected, surprisingly, which I don't know, I'm a pretty optimistic entrepreneur and I thought things will go well, but it's much better than expected, which means I'm sleeping a lot less than I expected, as well.Corey: Yeah, at some point, when you find yourself on the startup train, it's one of those, “Oh, yeah. That's right. My health is in the gutter, my relationships are starting to implode around me.” Balance is key. And I think that that is something that we don't talk about enough in this world.There are periodically horrible tweets about how you should wind up focusing on your company, it should be the all-consuming thing that drives you at all hours of the day. And you check and, “Oh, who made that observation on Twitter? Oh, it's a VC.” And then you investigate the VC and huh, “You should only have one serious bet, it should be your all-consuming passion” says someone who's invested in a wide variety of different companies all at the same time, in the hopes that one of them succeeds. Huh.Almost like this person isn't taking the advice they're giving themselves and is incentivized to give that advice to others. Huh, how about that? And I know that's a cynical take, but it continues to annoy me when I see it. Where do you stand on the balance side of the equation?AJ: Yeah, I think balance is key. I work a lot, but I rest a lot too. And I spend—I really hold my mornings as my kind of sacred place, and I spend my mornings meditating, doing yoga, working out, and really just giving back to myself. And I encourage my team to do the same. And we don't just encourage it from just a, “Hey, you guys should do this,” but I talk to my team a lot about not taking ourselves too seriously.It's our number one core value. It's why our slogan is ‘make compliance suck less' because it's really my military background. We're not being shot at; we're sleeping at home every night. And while compliance and cybersecurity, it's really important, and we're protecting really important things, it's not that serious to go all-in and to not have balance, and not to take time off not to relax. I mean, a part of what we do at ByteChek is we have a 10% rule, which means 10% of the week, I encourage my team to spend it on themselves, whether that's doing meditation, going to take a nap.And these are work hours; you know, go out, play golf. I spent my 10% this morning playing golf during work hours. And I encourage all my team, every single week, spend four hours dedicated to yourself because there's nothing that we will be able to do as a company without the people here being correct and being mentally okay. And that's something that I learned a long time ago in the military. You spend a year away from home and you start to really realize what's important.And it's not your job. And that's the thing. We hire a lot of veterans here because of my veteran background, and I tell all the vets that come here when you're in the military, your job, your rank, and your day-to-day work is your identity. It's who you are. You're a Marine or you're a Soldier, or you're a Sailor; you're an Airman if that's a bad choice that you made. Sorry for my Air Force guys.Corey: Well, now there's a Spaceman story as well, I'm told. But I don't know if they call them spacemen or not, but remember, there's a new branch to consider. And we can't forget the Coast Guard either.AJ: If they don't call themselves Spacemen, that is their name from now on. We just made it, today. If I ever meet somebody in the Space Force, [laugh] I'm calling them the Spacemen. That is amazing. But I tell our interns that we bring from the military, you have to strip that away.You have to become an individual because ByteChek is not your identity. And it won't be your identity. And ByteChek's not my identity. It's something that I'm doing, and I am optimistic that it's going to work out and I really hope that it does. But if it doesn't, I'm going to be all right; my team is going to be all right and we're going to all continue to go on.And we just try to live that out every day because there's so many more important things going on in this world other than cybersecurity compliance, so we really shouldn't take ourselves too seriously. And that advice of just grinding it out, and that should be your only focus, that's only a recipe for disaster, in my opinion.Corey: AJ, thank you so much for taking the time to speak with me. If people want to hear more about what you have to say, where can they find you?AJ: They can find me on LinkedIn. That's my one spot that I'm currently on. I am going to pop on Twitter here pretty soon. I don't know when, but probably in the next few weeks or so. I've been encouraged by a lot of folks to join the tech community on Twitter, so I'll be there soon.But right now they can find me on LinkedIn. I give four hours back a week to mentoring, so if you hear this and you want to reach out, you want to chat with me, send me a message and I will send you a link to find time on my calendar to meet. I spend four hours every Friday mentoring, so I'm open to chat and help anyone. And when you see me on LinkedIn, you'll see me talking about diversity in cybersecurity because I think really the only way you can solve a cybersecurity skills shortage is by hiring more diverse individuals. So, come find me there, engage with me, talk to me; I'm a very open person and I like to meet new people. And that's where you can find me.Corey: Excellent. And we'll of course throw a link to your LinkedIn profile in the [show notes 00:29:44]. Thank you so much for taking the time to speak with me. It's really appreciated.AJ: Yeah, definitely. Thank you, Corey. This is kind of like a dream come true to be on this podcast that I've listened to a lot and talk about something that I'm passionate about. So, thanks for the opportunity.Corey: AJ Yawn, CEO and co-founder of ByteChek. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you hated this podcast, please leave a five-star review on your podcast platform of choice along with a comment that's embedded inside of a Word document.Announcer: This has been this week's episode of Screaming in the Cloud. You can also find more Corey at screaminginthecloud.com, or wherever fine snark is sold.This has been a HumblePod production. Stay humble.

    In episode 60, we chat with AJ Yawn about AWS security, compliance in the cloud, choosing an auditor and more. My 3 main takeaways were 1) How to make compliance not suck 2) How to automate security within an AWS environment and 3) What shared responsibility means when managing cloud infrastructure For more information, including the show notes check out: https://breachsense.io/podcast 

Compliance and audit checks can be painful, and that's before you introduce additional cloud services and technology. In this episode featuring AJ Yawn we discuss some incredibly useful and actionable cloud security concepts and tools that can help your team boost visibility and reduce user permissions to help prevent breaches before they happen. In addition, we discuss what a good compliance audit should be, and how to turn audits from painful to incredibly valuable.Resources mentioned in this episode:- AWS CloudTrail: https://aws.amazon.com/cloudtrail/- AWS Well-Architected Framework:https://aws.amazon.com/architecture/well-architected/ - AWS Config: https://aws.amazon.com/config - AWS Organizations:https://aws.amazon.com/organizations/ - AWS Service Control Policies (SCP): https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html Our Guest - AJ Yawn AJ Yawn is the Co-Founder and CEO of ByteChek. He is a seasoned cloud security professional that possesses over a decade of senior information security experience with extensive experience managing a wide range of cybersecurity compliance assessments (SOC 2, ISO 27001, HIPAA, etc.) for a variety of SaaS, IaaS, and PaaS providers.AJ advises startups on cloud security and serves on the Board of Directors of the ISC2 Miami chapter as the Education Chair, he is also a Founding Board member of the National Association of Black Compliance and Risk Management professions, regularly speaks on information security podcasts, events, and he contributes blogs and articles to the information security community including publications such as CISOMag, InfosecMag, HackerNoon, and ISC2.Sponsor's Note:Support for the Blueprint podcast comes from the SANS Institute.Are you looking for the best in-depth training for your cyber defense team? Look no further than SANS blue team curriculum courses!Whether you focus on network or host data, Windows or Linux, or even specialize in open source intel, SIEM, SOC, or defensive architecture, the SANS Blue Team curriculum has the course for you. From long-time classics like SEC503 Network Intrusion Detection to the newer SEC530 Defensible Security Architecture and Engineering and SEC487 Open Source Intelligence Gathering - we've got you covered, no matter what your specialty.With an extensive archive of free webcasts on the SANS site, and free online demos available for most courses, you can easily check out the SANS blue team catalog and see which course is the best fit for you and your team.Check out the constantly growing list of available courses at sansurl.com/blueteamopsFollow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn

Jerich Beason is joined by AJ Yawn, who is the co-founder and CEO of Bytechek, to explore the value of SOC2 certifications and review the merits of President Biden's latest executive order on cybersecurity. The article, authored by AJ, that is discussed in this episode can be found here:How law firms can demonstrate strong cybersecurity practices in CISO Magazine.Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

In this week's episode of the Between Two Divs podcast I chopped it up with AJ the CEO at ByteChek. We talked about how that got started and how the pandemic changed the trajectory of his career. Follow AJ @AjYawn on Twitter. You can find more information about ByteChek at https://www.bytechek.com/

AJ Yawn is LinkedIn's Top Voice 2020, a Veteran, and the Co-Founder and CEO at ByteCheck whose goal is to “make compliance suck less.” AJ shares what it takes to be a successful entrepreneur, taking calculated risks, and why you need to start taking advantage of LinkedIn right now before it's too late!  The episode is brought you by Security Phoenix Ltd with the AppSec Phoenix platform you can make Application Security and Software development finally easy. Follow the tag #appsecsmart https://www.securityphoenix.com get a free 30-day licence quoting CSCP https://landing.securityphoenix.com/alpha   0:38 Introducing AJ Yawn 3:57 Overview of the industry 7:06 Compliance and automation 10:50 From consulting to entrepreneur 13:35 Leaving the cooperate world 26:10 Networking on LinkedIn 33:00 Final Positive Message 47:00 Outro    AJ Yawn https://www.linkedin.com/in/ajyawn/ https://www.infosecurity-magazine.com/profile/aj-yawn/  https://www.bytechek.com     Cyber Security and Cloud Podcast #CSCP #cybermentoringmonday http://cybercloudpodcast.com  

In this episode of Tech Done Different, we hear from compliance expert AJ Yawn. Perhaps the most surprising takeaway from this dynamic chat with a guru in compliance? Security and compliance are not the same thing. Yet, done properly, compliance can be a powerful driver for security. Listen in to learn:why compliance reports should get better over time (and why a "clean report" is neither realistic nor a good thing)why cursory, scan-based "penetration testing" (meaning, really vulnerability scanning) does a disservice in many caseshow to get meaningful work done, in two steps: 1) meditate, and 2) the 90/90/1 Rulewhy to wake up earlyhow technology will shape the future of compliance testingwhy auditors should be advisors, not box-checkershow to vet auditors, and why different auditors are appropriate for different projects (and they're not all the same!)why you don't want auditors who have framework knowledge, but rather technical knowledgewhy compliance is not security (but security could be compliance)how to think about change, reassessments, and doing them soonerwhy the power of following up is "where you catch things"GuestAJ Yawn, CEO, ByteChek (@AjYawn on Twitter)HostTed HarringtonThis Episode's SponsorsIf you'd like to sponsor this or any other podcast episode on ITSPmagazine, you can learn more here: https://www.itspmagazine.com/podcast-series-sponsorshipsFor more podcast stories from Tech Done Different With Ted Harrington: https://www.itspmagazine.com/tech-done-different-podcastAre you interested in sponsoring an ITSPmagazine Channel?https://www.itspmagazine.com/podcast-series-sponsorshipsLearn more about Ted and his book at https://hackablebook.com

In this episode of Tech Done Different, we hear from compliance expert AJ Yawn. Perhaps the most surprising takeaway from this dynamic chat with a guru in compliance? Security and compliance are not the same thing. Yet, done properly, compliance can be a powerful driver for security. Listen in to learn:why compliance reports should get better over time (and why a "clean report" is neither realistic nor a good thing)why cursory, scan-based "penetration testing" (meaning, really vulnerability scanning) does a disservice in many caseshow to get meaningful work done, in two steps: 1) meditate, and 2) the 90/90/1 Rulewhy to wake up earlyhow technology will shape the future of compliance testingwhy auditors should be advisors, not box-checkershow to vet auditors, and why different auditors are appropriate for different projects (and they're not all the same!)why you don't want auditors who have framework knowledge, but rather technical knowledgewhy compliance is not security (but security could be compliance)how to think about change, reassessments, and doing them soonerwhy the power of following up is "where you catch things"GuestAJ Yawn, CEO, ByteChek (@AjYawn on Twitter)HostTed HarringtonThis Episode's SponsorsIf you'd like to sponsor this or any other podcast episode on ITSPmagazine, you can learn more here: https://www.itspmagazine.com/podcast-series-sponsorshipsFor more podcast stories from Tech Done Different With Ted Harrington: https://www.itspmagazine.com/tech-done-different-podcastAre you interested in sponsoring an ITSPmagazine Channel?https://www.itspmagazine.com/podcast-series-sponsorshipsLearn more about Ted and his book at https://hackablebook.com

On this episode of iPullRank's Rankable Podcast, Jarrett Thomas hosts AJ Yawn, CEO of ByteCheck, for our 5th LinkedIn All-Star Event.

This is a special series dedicated to the men and women who volunteered and served in uniform in their home nations. This special series is highlighting these men and women who have transitioned from the military to a successful civilian career in Information Security. In Each episode we discuss their service, how they transitioned to working as civilians in Information security and their successes and failures in that process.   Each day Sunday through Friday at 14:00 EST we will publish a new episode.   If you are looking to support Veterans and help them transition into infosec please contact us directly and we can add you to our network of organizations supporting Veterans. https://www.cyberhubpodcast.com/contactus   If you are a veteran seeking support and help with breaking into Cybersecurity please contact us here: https://www.cyberhubpodcast.com/contactus   Make sure to subscribe to our podcast and follow us on social media   **** James Azar Host of CyberHub Podcast James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen Here: https://linktr.ee/CISOtalk Listen here: https://linktr.ee/cyberhubpodcast

This is a special series dedicated to the men and women who volunteered and served in uniform in their home nations. This special series is highlighting these men and women who have transitioned from the military to a successful civilian career in Information Security. In Each episode we discuss their service, how they transitioned to working as civilians in Information security and their successes and failures in that process.   Each day Sunday through Friday at 14:00 EST we will publish a new episode.   If you are looking to support Veterans and help them transition into infosec please contact us directly and we can add you to our network of organizations supporting Veterans. https://www.cyberhubpodcast.com/contactus   If you are a veteran seeking support and help with breaking into Cybersecurity please contact us here: https://www.cyberhubpodcast.com/contactus   Make sure to subscribe to our podcast and follow us on social media   **** James Azar Host of CyberHub Podcast James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen Here: https://linktr.ee/CISOtalk Listen here: https://linktr.ee/cyberhubpodcast

Naomi Buckwalter, CISO extraordinaire & James J Azar, CISO Talk Podcast host is back. Our special guest this week is AJ Yawn. Join us for a lively conversation! About Breaking Into Cybersecurity: This series was created by Renee Small & ☁️ Christophe Foulon ☁️ to share stories of how the most recent cybersecurity professionals are breaking into the industry. Our special editions are us talking to experts in their fields and cyber gurus who share their experiences of helping others break in. #cybersecurity #breakingintocybersecurity #securitypeeps #informationsecurity #CISOTalk #CISOThursdays _________________________________________ About the hosts: Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/ Download a free copy of her book at: magnetichiring.com/book Christophe Foulon focuses on helping to secure people and process with a solid understanding of the technology involved. He has over 10 years as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, process, and information security by using a consultative approach. https://www.linkedin.com/in/christophefoulon/ https://cpfcoaching.wordpress.com Podcast Links: https://anchor.fm/breakingintocybersecurity https://www.youtube.com/playlist?list=PL2Td9LH7jZlAW9R5xMdwRPZH28Zi7pq3R --- Support this podcast: https://anchor.fm/breakingintocybersecurity/support