American model
POPULARITY
Parenting a picky eater can be quite challenging. In this video, I interview dietitian Alyssa Miller on how you can start to reverse picky eating and get your child to actually eat what you make for them.Yes, that is possible!Alyssa is a dietitian that specializes in helping parents raise happy, healthy, and independent eaters.
The Mindful Business Security Show is a call-in radio style podcast for small business leaders. Join our hosts as they take questions from business leaders like you! On this episode, Accidental CISO is joined by guest host Alyssa Miller. Alyssa is the CISO of a multi-billion-dollar global company, board member, conference organizer, author, and speaker. Blending her deep technical expertise with sharp business acumen, she has taken her passion for hacking and turned it into a very successful 28-year career in the industry. During the episode, Alyssa mentioned a TEDx talk that she gave about sustainability in cybersecurity careers. A video recording of the talk is available on YouTube. You can connect with Alyssa on Bluesky: @alyssam-infosec.com, LinkedIn, or via her website, https://alyssasec.com. Are you struggling with how to deal with Cybersecurity, Information Security, or Risk Management in your organization? Be a caller on a future episode of the show. Visit our podcast page and sign up now! Show Merch: https://shop.mindfulsmbshow.com/ Website: https://www.focivity.com/podcast Twitter: @mindfulsmbshow Hosted by: @AccidentalCISO Produced by: @Focivity Theme music by Michael Kobrin.
In this episode of The Flying Midwest Podcast, we sit down with Alyssa Miller, a passionate and driven pilot who logged an impressive 1,000 flight hours in just three years. But her story goes far beyond the numbers—Alyssa has used her pilot certificate as a tool for good, dedicating her time and talents to humanitarian flying missions across the country.From providing disaster relief flights after Hurricane Helene in North Carolina, to flying rescue animals for Pilots N Paws, and transporting patients to life-saving medical appointments, Alyssa shares her incredible journey and how aviation has become her platform for purpose.We dive into:
Please enjoy this encore episode of Career Notes. Business Information Security Officer at S&P Global Ratings, Alyssa Miller, joins us to talk about her journey to become a champion to create a welcoming nature and acceptance of diversity in the cybersecurity community. Starting her first full-time tech position while still in college, Alyssa noted the culture shock being in both worlds. Entering as a programmer and then moving to pen testing where she got her start in security, Alyssa grew into a leader who is committed to elevating those around her. Some stumbling blocks along the way gave her pause and helped point her in her current role where Alyssa works to bring more diverse views to improve the problem-solving in the space, something she sees as a key to success for the industry. We thank Alyssa for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Please enjoy this encore episode of Career Notes. Business Information Security Officer at S&P Global Ratings, Alyssa Miller, joins us to talk about her journey to become a champion to create a welcoming nature and acceptance of diversity in the cybersecurity community. Starting her first full-time tech position while still in college, Alyssa noted the culture shock being in both worlds. Entering as a programmer and then moving to pen testing where she got her start in security, Alyssa grew into a leader who is committed to elevating those around her. Some stumbling blocks along the way gave her pause and helped point her in her current role where Alyssa works to bring more diverse views to improve the problem-solving in the space, something she sees as a key to success for the industry. We thank Alyssa for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
The holidays are finally here, and our taste buds are watering thinking about the delicious foods and desserts about to be spread across the table. One food that may not be talked about enough is sweet potatoes, a superfood packed with nutrients and vitamins. We visit with Helena representatives James DeMoss, Blade Hodges and Madison Lachney from Louisiana to learn how these edible roots are grown in their region. (02:01) Then, Mississippi State University graduate student Alyssa Miller discusses her herbicide research on sweet potato production (15:22) before Jody Lawrence provides a commodity market update. (30:40) Follow Helena Agri on social media to stay informed: Facebook: https://bit.ly/3pq8XVJ Instagram: https://bit.ly/347QAO8 X: https://bit.ly/3hwvWdG LinkedIn: https://bit.ly/3pwWLTh YouTube: https://bit.ly/35pLLQJ
Ever found yourself exasperated at the dinner table, wondering how to coax your child into trying something new? Our guest, Alyssa Miller of @nutrition.for.littles, a seasoned registered dietitian and picky eating specialist, reveals secrets for navigating the often challenging landscape of picky eating. We'll explore the root causes behind stubborn eating habits and provide actionable advice on how to influence positive change. Alyssa and I discuss strategies to introduce new foods without pressure, fostering a supportive environment where children can develop healthy, intuitive eating habits. It's never too late to reshape a child's eating patterns!Check out Alyssa's free workshop Find Alyssa on Instagram @nutrition.for.littles xoxo,RachelWhere to find me:Instagram: @heyrachelcoonsTikTok: @heyrachelcoonsWhat kind of grocery shopper are you? Take my free quiz Learn how to save hundreds on groceries! Join my FREE live training Check out my grocery savings guide
On today's podcast, I'm excited to have my friend Alyssa Miller, a registered dietitian, and picky eating expert, join us! She's sharing her super helpful tips on handling picky eaters and guiding our kids toward a healthier relationship with food. Alyssa's all about keeping things practical and low-stress, focusing on creating a positive vibe around mealtime. If you've ever found yourself in a food battle with your kids, you won't want to miss this episode—it's packed with easy-to-follow advice to help your little ones try new foods without the struggle!Find show notes at bicepsafterbabies.com/338Follow me on Instagram and Tiktok!Links:Alyssa Miller's Podcast, InstagramFree Class Registration and Coursebicepsafterbabies.com/insider
Mirror mirror on the wall, which version of Candyman will be my downfall? Our 2nd installment of Take 2 June is taking us to the other side of the medicine cabinet as we revisit Cabrini Green in 2021's Candyman. ***CONTENT WARNING: discussions of racial violence, police brutality, suicide Follow us on Instagram at @thewhorrorspodcast Email us at thewhorrorspodcast@gmail.com Artwork by Gabrielle Fatula (gabrielle@gabriellefatula.com) Music: Epic Industrial Music Trailer by SeverMusicProd Standard Music License Sources: Candyman 2021 IMDB https://www.imdb.com/title/tt9347730/trivia/ Candyman 2021 Wiki: https://en.wikipedia.org/wiki/Candyman_(2021_film) How “Candyman” Fails Black Women and Femmes by Jessica Lanay : https://electricliterature.com/how-candyman-fails-black-women-and-femmes/ Nia DaCosta Breaks Down the Silhouette Stories from 'Candyman' by Alyssa Miller: https://nofilmschool.com/dacosta-breaks-down-candyman-shadow-puppetry They Came in Through the Bathroom Mirror: A Murder in the Projects by Steve Bogira: https://chicagoreader.com/news-politics/they-came-in-through-the-bathroom-mirror/
Corey sit's down with Alyssa Miller, the CISO at Epic Global, for a discussion that cuts through the noise of the technology world in this episode of Screaming in The Cloud. Alyssa celebrates her personal journey to becoming a licensed pilot and invaluable insights into the current state and future of AI, cloud computing, and security. This episode ventures beyond the typical tech hype, offering a critical look at the realities of AI, the strategic considerations behind cloud computing at Epic Global, and the importance of explainability in AI within regulated industries. Additionally, Alyssa and Corey highlight the cyclical nature of tech hype, the misconceptions surrounding AI's capabilities, and the impact of startup culture on genuine innovation. Show Highlights: (00:00) Introduction the episode (01:33) Corey celebrates Alyssa Miller getting her general aviation license .(04:10) Considerations of cloud computing at Epic Global.(06:45) The hype and reality of AI in today's tech landscape.(11:49) Alyssa on the importance of explainability in AI within regulated industries.(14:21) Debunking myths about AI surpassing human intelligence.(19:30) The cyclical nature of tech hype, exemplified by blockchain and AI.(24:58) Critique of startup culture and its influence on technology adoption.(29:01) Alyssa and Corey discuss how tech trends often fail to meet their initial hype.(31:57) Where to find Alyssa Miller online for more insights.About Alyssa:Alyssa directs the security strategy for S&P Global Ratings as Business Information Security Officer (BISO), connecting corporate security objectives to business initiatives. Additionally, she shares her message about evolving the way people think about and approach security, privacy and trust through speaking engagements at various conferences and other events. When not engaged in security research and advocacy, she is also an accomplished soccer referee, guitarist and photographer.Links referenced: Alyssa Miller's LinkedIn Profile: https://www.linkedin.com/in/alyssam-infosec/Epic Global's Website: https://www.epiqglobal.com/en-usAlyssa's Aviation Journey: https://www.linkedin.com/posts/alyssam-infosec_i-landed-at-ohare-kord-in-my-cherokee-activity-7079088781575811074-ZsSx?utm_source=share&utm_medium=member_desktop
In this episode, special guest Alyssa Miller joins the hosts for an insightful and entertaining conversation covering a broad range of topics from social engineering anecdotes involving Kevin Johnson to Alyssa's journey in aviation and being a pilot. They discuss the challenges within the cybersecurity industry, including the transition to cloud computing and the neglect […] The post Alyssa Miller: Charting the Course Through InfoSec and Aviation appeared first on Shared Security Podcast.
Are you a person who will touch a wall that has a wet paint sign on it? In this week's episode, Brooke talks with Alyssa Miller about mom health and kid health. We talk about sweets and how our relationship to sweets can impact our children's relationship with sweets. As well as talk about starting solids and so much more. You can follow Alyssa on Instagram @nutrition.for.littles. You can check out her podcast Nutrition for Littles Podcast, click here. Today we dig into: [3:42] : Brooke and Alyssa share about how your health is related to your kids health [6:48] : How you were raised and how you talk about food and your body [9:17] : Fear of sweets and what we pass on to our kids [22:47] : Starting solids and exposing them to a variety of foods [30:51] : Your reaction at the table is the most important [33:28] : Last minute advice Click Here to Join the Free Workshop: How to Feel Like Yourself Again Postpartum & Reach Your Healthiest Weight without Sacrificing Your Favorite Foods or Milk Supply
Another Goddamn Horror Podcast was lucky enough to be invited to one of the top stand-up comedy festivals in this country; Altercation Fest! So Ryan and Jonas (Graham was busy cutting the sleeves off of his shirts and missed his flight)headed down to Austin to talk horror with some of our favorite comedians and Austin locals! We sat down with Austin horror expert Alyssa Miller to talk about everything from Creature From The Black Lagoon to the happy-go-lucky August Underground trilogy. We also talk with all-around awesome human Quinn Walker and talk favorite kills. We chat with legendary stand-up and former Man Show Writer Andy Andrist(his opinions are his own :))about Psycho 3. And top it all off with Santa Cruz comedian Mac Ruiz and chat about found footage favorite 'As Above So Below'. What an amazing weekend in Texas! Lots of laughs and maybe a few tears. And waaaay too much BBQ. Dig in folks!
Alyssa Miller is a hacker who, in her pre-teens, bought her first computer and hacked her way into a paid dial-up community platform. She grew up in hacker culture, finding her hacker family in IRC channels during her adolescent years. While IT was not her original career plan, she ended up working as a developer and later a penetration tester in the financial services industry. As she moved into consulting, her focus on defending technology systems and personal privacy grew to the point where she was advising fortune 100 companies on how to build comprehensive security programs.Alyssa is now the CISO at New York based Epiq Global. Still very much a hacker to this day, she's built on that identity to grow her career. She is an internationally recognized public speaker and author of “Cybersecurity Career Guide”. She's an advocate for helping others make a career out of their passion for hacking and security in general. She's also a proponent for the open sharing of ideas and perspectives on improving our technologically connected world. You can find Alyssa Miller on the following sites: Twitter Mastodon Here are some links provided by Alyssa Miller: Alyssa's Book PLEASE SUBSCRIBE TO THE PODCAST Spotify: http://isaacl.dev/podcast-spotify Apple Podcasts: http://isaacl.dev/podcast-apple Google Podcasts: http://isaacl.dev/podcast-google RSS: http://isaacl.dev/podcast-rss You can check out more episodes of Coffee and Open Source on https://www.coffeeandopensource.com Coffee and Open Source is hosted by Isaac Levin (https://twitter.com/isaacrlevin) --- Support this podcast: https://podcasters.spotify.com/pod/show/coffeandopensource/support
Guest: Kevin JohnsonOn Twitter | https://twitter.com/secureideasOn LinkedIn | https://www.linkedin.com/in/kevinjohnson/On Mastodon | https://infosec.exchange/@secureideas________________________________Host: Alyssa MillerOn ITSPmagazine
Guest: Kevin JohnsonOn Twitter | https://twitter.com/secureideasOn LinkedIn | https://www.linkedin.com/in/kevinjohnson/On Mastodon | https://infosec.exchange/@secureideas________________________________Host: Alyssa MillerOn ITSPmagazine
Guest: Jason HaddixOn Twitter | https://twitter.com/JhaddixOn LinkedIn | https://www.linkedin.com/in/jhaddix/________________________________Host: Alyssa MillerOn ITSPmagazine
Guest: Jason HaddixOn Twitter | https://twitter.com/JhaddixOn LinkedIn | https://www.linkedin.com/in/jhaddix/________________________________Host: Alyssa MillerOn ITSPmagazine
-when we align with our souls purpose, our truest friendships are found as well -knowing when to let go/surrendering to death -the womb as truth teller -from self abandonment to self attunement -allowing ourselves to be in the unknown -the psychedelic space of being in the body -what is disassociation? -importance of integration -cultivating safety by moving slow, pacing ourselves, and being embodies -taking responsibility and holding respect for privilege -expanding our nervous systems capacity through taking a reset, focusing on sleep and remineralizing the body -fear + resistance around shifting away from the grind -tapping into the free medicine that's available to us all around -the power of prayer to transform our lives -a divine encounter with Vervain -finding belonging through connection to the plants -awareness of black and white thinking -the birth of subterranean -moving through rupture in relationship SUBTARRANEAN CODE: WEAVING Lyss IG: @bladesmother Emmas IG @_guidedbylove Alyssas Website: Mobb.love https://www.mobb.love/newsletter http://Patreon.com/MotherofBlades https://mobbotanicals.square.site/product/healing-foods-e-book-audio/501?cp=true&sa=true&sbp=false&q=false
Guest: Liz MillerOn Twitter | https://twitter.com/lizkmillerOn LinkedIn | https://www.linkedin.com/in/lizkmiller/________________________________Host: Alyssa MillerOn ITSPmagazine
Guest: Liz MillerOn Twitter | https://twitter.com/lizkmillerOn LinkedIn | https://www.linkedin.com/in/lizkmiller/________________________________Host: Alyssa MillerOn ITSPmagazine
You would think that as a software architect that focuses on DevSecOps and being secure by design, that I would've attended an RSA conference before 2022. What is RSAC? It's the preeminent cybersecurity conference in the world. 2022 was my first, and I was hooked from the time I landed. This conference is known for its sense of community and inclusion and the willingness of industry cybersecurity experts to share their experienced stories.In looking over the schedule, a few talks caught my eye, and one in particular stood out: A talk by somebody named Alyssa Miller that included ideas on how to use threat modeling exercises as a way to build team culture. This is a technique that I had been using. Time to listen. As I snuck in the back a little late and trying to make my lemon yellow blazer slightly less visible, Alyssa Miller took the stage in what I can only describe as the most high powered thigh-high pink boots I have ever seen. Now, THIS was a woman I had to know. She dove into her content and I found myself nodding along and being that person that takes pictures of the slides. I gobbled up the content and more. Alyssa exudes an energy that is hard to describe and one that I was clearly benefiting from. This is a powerful voice for transparency and authenticity in cybersecurity who started out as that hacker kid and continues to be a lifelong hacker. Her "I'm just going to be who I am" mentality has made her a rising star in the cybersecurity world. Perhaps that stems from that no nonsense culture from being brought up in the Midwest. Alyssa was born and raised in Milwaukee, Wisconsin. Her father was a Comptroller for a small HVAC company called Iron Fireman. It was founded in 1917. Applying that Midwest practical mindset for him meant utilizing the most accessible technology available. He seemed to love it and was up to the challenge of supporting his company's upgrade of their computer systems. It was the early 1980s, and as his colleagues took their winter holiday, Alyssa's father brought home that new computer system and a precocious four-year-old got her first taste of the world of tech.
Guest: Adam ShostackOn Twitter | https://twitter.com/done_with_thatOn LinkedIn | https://www.linkedin.com/in/shostack/On Mastodon | infosec.exchange/@adamshostack________________________________Host: Alyssa MillerOn ITSPmagazine
Guest: Maril Vernon, Co-founder of The Cyber Queens Podcast | Chief Operating Officer at Teach Kids Tech On Twitter | https://twitter.com/shewhohacksOn LinkedIn | https://www.linkedin.com/in/marilvernon/____________________________Host: Alyssa Miller, Host of Securing Bridges PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/alyssa-miller____________________________This Episode's SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesExplore the importance of inspiring young minds in tech, the challenges faced in connecting kids to the world of cybersecurity, and how making personal connections can make all the difference.The conversation revolves around the importance of inspiring children, specifically girls, to pursue careers in technology and cybersecurity. The discussion highlights the critical time frame of capturing their interest by fourth grade, the development of proprietary curriculum for elementary, middle, and high school levels, and the search for corporate sponsorship partners to scale the program. The conversation reveals that one of the challenges faced is providing ongoing access to resources and mentorship for continued skill development, requiring buy-in from schools and teachers.The conversation explores how to spark interest in cybersecurity among kids, comparing it to a game of cops and robbers. By using simple concepts like hiding a computer and protecting it with a firewall, Alyssa and Maril aim to ignite curiosity and foster a sense of responsibility in protecting digital assets. They also discuss the different ways individuals can help the mission, from sharing and spreading awareness to volunteering their skills for content development and program execution.This episode also explores the challenges faced when interacting with vendors in the tech industry. The speakers emphasize the importance of personal connections and focusing on the 'why' instead of the 'how' when engaging with potential customers. They share their experiences walking through the Expo hall at RSA Conference, highlighting the qualities that draw them towards particular vendors and the importance of establishing genuine connections.____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?
Guest: Chris Roberts, CISO, Boom Supersonic [@boomaero]On Twitter | https://twitter.com/Sidragon1On LinkedIn | https://www.linkedin.com/in/sidragon1/________________________________Host: Alyssa MillerOn ITSPmagazine
Guest: Jess Vachon, Chief Information Security Officer, Context Labs BV [@contextlabsbv]On Mastodon | https://infosec.exchange/@infosec_jessOn Twitter | https://twitter.com/infosec_jessOn LinkedIn | https://www.linkedin.com/in/jessvachon1/________________________________Host: Alyssa MillerOn ITSPmagazine
Guest: Kayla Williams, CISO, Devo [@devo_inc] and co-host of the Locked Down Podcast on ITSPmagazineOn ITSPmagazine
Guest: Jerry Bell, VP and CISO, IBM Public Cloud [@IBM | @IBMcloud] and founder & co-host of the Defensive Security Podcast [@defensivesec]On Mastodon | https://infosec.exchange/@jerryOn Twitter | https://twitter.com/MaliciouslinkOn LinkedIn | https://www.linkedin.com/in/maliciouslink/InfoSec.Exchange | https://infosec.exchange/home________________________________Host: Alyssa MillerOn ITSPmagazine
On today's episode, No Film School founder Ryan Koo, writer Alyssa Miller, and podcast co-host GG Hawkins discuss their favorite aspects of Sundance 2023. They discuss the most impactful films they watched, the nature of networking at the festival, and the exciting film acquisitions that occurred. In this episode, we talk about… Sundance films that we loved Mutual exhaustion and excitement everyone experienced at Sundance Understanding the currency of human emotion How, without Sundance, it would be difficult for certain films to be made Why you don't need a full scale production to make a brilliant film Having to navigate relationships in the industry with a guard up The value in making connections in such a concentrated amount of time Multiple $20 million acquisitions for independent filmmakers Memorable Quotes “Diversity in emotion. The entirety of the human experience is found in this slate.” [1:32] “The currency of human emotion…will probably be one of the hardest things for A.I. to define.” [10:20] “Wow! Movies are so alive and well. Independent film is so alive and well.” [29:21] “You really bond when you're freezing.” [30:26] “You are your own business as a filmmaker, and you have to be making these connections.” [37:50] Find No Film School everywhere: On the Web https://nofilmschool.com/ Facebook https://www.facebook.com/nofilmschool Twitter https://twitter.com/nofilmschool YouTube https://www.youtube.com/user/nofilmschool Instagram https://www.instagram.com/nofilmschool Get your questions answered on the podcast by emailing editor@nofilmschool.com! Learn more about your ad choices. Visit podcastchoices.com/adchoices
Guest: Tricia Howard, Senior Technical Writer II at Akamai Technologies [@Akamai]On Mastodon | https://infosec.exchange/@triciakickssaasOn Twitter | https://twitter.com/TriciaKicksSaaSOn LinkedIn | http://linkedin.com/in/triciakickssaasWebsite | https://triciakickssaas.com/________________________________Host: Alyssa MillerOn ITSPmagazine
No Film School writers, Alyssa Miller, GG Hawkins, and Ryan Koo discuss the opening weekend of the 2023 Sundance Film Festival in Park City, Utah. We share why it has been so great to be back at Sundance in person. Also, we speak to a Powderkeg development executive about the future of indie films. In this episode, we talk about… The difficulty in choosing what to go to due to all the options Approaching your Sundance experience as if you are a character in a script Sharing our various objectives and goals for the festival Theories on the budget cuts Sundance has made The lack of distribution of the films at the festival Appreciating the happy energy of filmmakers at Sundance Powderkeg's purpose for going to the festival How important it is to build relationships in this industry Staying true to your voice by not chasing mandates Memorable Quotes “It's so hard to watch a movie in the middle of your work day and feel like you're actually at a festival.” [0:50] “Part of the filmmaker experience at Sundance is knowing where you sit in the pecking order.” [4:30] “Even if you have a film in the festival, it doesn't mean you're getting into the party.” [8:07] “The reality of Sundance is ditch or be ditched. And it's gonna happen to you and you just have to accept it and go with the flow.” [8:19] “Be honest, be authentic and put yourself out there.” [35:05] Mentioned Adobe Alyssa Miller GG Hawkins Ryan Koo Powderkeg Find No Film School everywhere: On the Web https://nofilmschool.com/ Facebook https://www.facebook.com/nofilmschool Twitter https://twitter.com/nofilmschool YouTube https://www.youtube.com/user/nofilmschool Instagram https://www.instagram.com/nofilmschool Get your questions answered on the podcast by emailing editor@nofilmschool.com! Learn more about your ad choices. Visit podcastchoices.com/adchoices
GuestHelen PattonChief Information Security Officer, Cisco Security Business Group [@CiscoSecure], Cisco [@Cisco]On Mastodon | https://infosec.exchange/@cisohelenOn Twitter | https://twitter.com/CisoHelenOn LinkedIn | https://www.linkedin.com/in/helenpatton/Website | https://www.cisohelen.com/HostAlyssa MillerOn ITSPmagazine
GuestBill DiekmannBISO, Director of Security and Architecture at Cupertino Electric [@CupertinoEl]On Mastodon | https://infosec.exchange/@bdiekmannOn Twitter | https://twitter.com/bdiekmannOn LinkedIn | https://www.linkedin.com/in/bdiekmann/HostAlyssa MillerOn ITSPmagazine
Dr. Elana interviews Alyssa from Nutrition for Littles. Alyssa is a registered dietitian, picky eating specialist, and mom of three who understands feeding picky kids is no easy task. She believes in using gentle approaches to help kids eat more foods and balance their diet. She has been a practicing dietitian for nearly 10 years. She is the founder of Nutrition for Littles, host of the Nutrition for Littles podcast, and creator of Table Talk, the picky eating course that teaches you to be the feeding expert in your home. Her work has been featured on Good Morning America, The Huffpost, Eating Well, The Every Mom Blog, Peanut app, Big Little Feelings course and many more. She is passionate about helping families enjoy mealtimes and nourish their growing family. In today's episode, they discussed some of the biggest mistakes parents make around picky eating, some easy first steps in reversing picky eating, the philosophy behind the division of responsility, and how to make meal time more enjoyable, especially when nothing seems to be working! If you are interested in Alyssa's program, Table Talk, to learn more tips and techniques, use code DOCTORMOM for $50 off! Topics Discussed: Some of the biggest mistakes parents make around picky eating Easy first steps in reversing picky eating The philosophy behind the division of responsibility - it is not just a free for all there are boundaries! How to make mealtime more enjoyable, especially when nothing seems to be working! The value of trusting our kids and letting them take the lead Show Notes: Check out Alyssa's Instagram Get Alyssa's Free Picky Eating Guide Listen to Alyssa's Nutrition for Littles Podcast Table Talk Program Click here to learn more about Dr. Elana Roumell's Doctor Mom Membership, a membership designed for moms who want to be their child's number one health advocate! Click here to learn more about Steph Greunke, RD's online nutrition program and community, Postpartum Reset, an intimate private community and online roadmap for any mama (or mama-to-be) who feels stuck, alone, and depleted and wants to learn how to thrive in motherhood. Click here to learn more about Dr. Elana Roumell's Doctor Mom Membership, a membership designed for moms who want to be their child's number one health advocate! Click here to learn more about Steph Greunke, RD's online nutrition program and community, Postpartum Reset, an intimate private community and online roadmap for any mama (or mama-to-be) who feels stuck, alone, and depleted and wants to learn how to thrive in motherhood. Listen to today's episode on our website Alyssa is a registered dietitian, picky eating specialist and mom of three who understands feeding picky kids is no easy task. She believes in using gentle approaches to help kids eat more foods and balance their diet. She is a graduate of MSU Denver, completed her supervised practice at Mayo Clinic and has been a practicing dietitian for nearly 10 years. She is the founder of Nutrition for Littles, host of the Nutrition for Littles podcast, and creator of Table Talk, the picky eating course that teaches you to be the feeding expert in your home. Her work has been featured on Good Morning America, The Huffpost, Eating Well, The Every Mom Blog, Peanut app, Big Little Feelings course and many more. She is passionate about helping families enjoy mealtimes and nourish their growing family. This Episode's Sponsors Enjoy the health benefits of PaleoValley's products such as their supplements, superfood bars and meat sticks. Receive 15% off your purchase by using code DOCTORMOM at checkout or head to paleovalley.com/doctormom Discover for yourself why Needed is trusted by women's health practitioners and mamas alike to support optimal pregnancy outcomes. Try their 4 Part Complete Nutrition plan which includes a Prenatal Multi, Omega-3, Collagen Protein, and Pre/Probiotic. To get started, head to thisisneeded.com, and use code DOCTORMOM100 for $100 off your first 3 months of Needed's Complete Plan! Active Skin Repair is a must-have for everyone to keep themselves and their families healthy and clean. Keep a bottle in the car to spray your face after removing your mask, a bottle in your medicine cabinet to replace your toxic first aid products, and one in your outdoor pack for whatever life throws at you. Use code DOCTORMOM to receive 20% off your order + free shipping (with $35 minimum purchase). Visit BLDGActive.com to order. INTRODUCE YOURSELF to Steph and Dr. Elana on Instagram. They can't wait to meet you! @stephgreunke @drelanaroumell Please remember that the views and ideas presented on this podcast are for informational purposes only. All information presented on this podcast is for informational purposes and not intended to serve as a substitute for the consultation, diagnosis, and/or medical treatment of a healthcare provider. Consult with your healthcare provider before starting any diet, supplement regimen, or to determine the appropriateness of the information shared on this podcast, or if you have any questions regarding your treatment plan.
GuestJosh NickelsCyber Security Engineer at Dematic [@DematicGlobal]On Mastodon | https://infosec.exchange/@ImlordoftheringOn Twitter | https://twitter.com/imlordoftheringOn LinkedIn | https://www.linkedin.com/in/josh-nickels/HostAlyssa MillerOn ITSPmagazine
GuestGina YaconeCISO (Advisory) at Trace3 [@trace3]On Twitter | https://twitter.com/gina_yaconeOn LinkedIn | https://www.linkedin.com/in/ginayacone/HostAlyssa MillerOn ITSPmagazine
GuestMaril Vernon"One Woman Purple Team" | Co-founder of The Cyber Queens Podcast | Purple Team Lead/Sr SE | Social Engineer | Physical Pentest | CTI | Administrative Officer- Offensive Ops @ CSFI | MSCSIAOn Twitter | https://twitter.com/shewhohacksOn LinkedIn | https://www.linkedin.com/in/marilvernon/HostAlyssa MillerOn ITSPmagazine
GuestLesley CarhartDirector of ICS Cybersecurity Incident Response at Dragos [@DragosInc]On Twitter | https://twitter.com/hacks4pancakesOn LinkedIn | https://www.linkedin.com/in/lcarhart/Website | https://tisiphone.net/HostAlyssa MillerOn ITSPmagazine
GuestEric J. Belardo, The "Cyber Papa"Founder at Raices Cyber Org [@RaicesCyberOrg]On Twitter | https://twitter.com/ebelardo73On LinkedIn | https://www.linkedin.com/in/ebelardo/On YouTube | https://www.youtube.com/EricBelardoCyberHostAlyssa MillerOn ITSPmagazine
HostAlyssa MillerOn ITSPmagazine
GuestPhil SwaimOn Twitter | https://twitter.com/0DDJ0BBOn LinkedIn | https://www.linkedin.com/in/phillipswaim/HostAlyssa MillerOn ITSPmagazine
Today's guest is Derrick @CanBusDutch. They talk about embedded systems security, in particular in vehicles (i.e. CAN Bus architectures).________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestFordOn Twitter | https://twitter.com/wrentreeco________________________________HostAlyssa MillerOn ITSPmagazine
Today's guest is Ford @wrentreeco.________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestFordOn Twitter | https://twitter.com/wrentreeco________________________________HostAlyssa MillerOn ITSPmagazine
Today's guest is award-winning author, Stefani Goerlich.________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestStefani GoerlichAuthor and Clinician focusing on Gender, Sexuality and Relationship DiversitiesOn LinkedIn | https://www.linkedin.com/in/sgoerlich/On Twitter | https://twitter.com/Tzefira_Neviah________________________________HostAlyssa MillerOn ITSPmagazine
Today's guest is Frank McGovern. Larry talks about the role of the security architect and the Blue Team Con event.________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestFrank McGovernCybersecurity Architect at StoneX Group [@StoneX_Official] and Founder at Blue Team Con [@BlueTeamCon]On LinkedIn | https://www.linkedin.com/in/frankmcgovern/On Twitter | https://twitter.com/FrankMcG________________________________HostAlyssa MillerOn ITSPmagazine
This is a follow-up to Season 2, episode 4 –Bridging the Cyber Skills Gap. Many listeners contacted me saying that they loved the episode, but wished that I'd put more focus on people trying to find a career in cybersecurity later in life. So, consider this episode a Bridging the Cyber Skills Gap Part 2. We'll hear the stories of several people who've come to cybersecurity a bit later in life. This episode features interviews with Alethe Denis, Tracy Z. Maleeff (a.k.a. InfoSec Sherpa), Phillip Wylie, Lisa Plaggemier, Naomi Buckwalter, and Alyssa Miller. Guests: Alethe Denis (LinkedIn) (Twitter) (LinkTree) Tracy Z. Maleeff (a.k.a. InfoSec Sherpa) (LinkedIn) (Twitter) Phillip Wylie (LinkedIn) (Twitter) (Medium) Lisa Plaggemier (LinkedIn) (Twitter) Naomi Buckwalter (LinkedIn) Alyssa Miller (LinkedIn) (Twitter) (Website) Books & Resources: The Cybersecurity Career Guide, by Alyssa Miller The Pentester BluePrint: Starting a Career as an Ethical Hacker, by Phillip Wylie The Hacker Factory Podcast | With Phillip Wylie Building the Next Generation of Cybersecurity Professionals, LinkedIn Learning course from Naomi Buckwalter 8Li: Fun and Games: Lock Picking, Capture the Flag Contests, Simulations, and More How to Break Into Cybersecurity, article by Katlyn Gallo Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com
Today's guest is Larry Whitseside Jr.Larry talks about his team at a new job trying to give him admin access and he had to say no. It's refreshing in leadership roles to be able to say, "Nope, there's no reason I should have admin." A nod to having skilled teams you trust.________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestLarry Whiteside Jr.Chief Security Officer at Women's Care and Co-Founder / President at Cyversity [@OneCyversity]On LinkedIn | https://www.linkedin.com/in/larrywhitesidejr/On Twitter | https://twitter.com/LarryWhiteside________________________________HostAlyssa MillerOn ITSPmagazine
Today's guest is Kevin Jackson.________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestKevin JacksonChief Executive Officer at Level 6 Cybersecurity [@Level6Cyber]On LinkedIn | https://www.linkedin.com/in/kevin-jackson-485b327/On Twitter | https://twitter.com/kevinj_cyber1________________________________HostAlyssa MillerOn ITSPmagazine
Alyssa Miller is a life-long hacker and experienced security executive. She has a passion for security which she advocates to fellow business leaders and industry audiences both as a high-level cyber security professional and through her presence in the security community. She blends a unique mix of technical expertise and executive experience to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change the way we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust.We discuss her own journey into Security, breaking into cybersecurity a ground level, advice for career transitioners, the unwritten educational elements, Certs, training, mentorship, networking groups and of course her new book. Kyle schools us with a “Class Act”.Support the show
About AlyssaAlyssa Miller, Business Information Security Officer (BISO) for S&P Global, is the global executive leader for cyber security across the Ratings division, connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how security professionals of all levels work with our non-security partners throughout the business.A life-long hacker, Alyssa has a passion for technology and security. She bought her first computer herself at age 12 and quickly learned techniques for hacking modem communications and software. Her serendipitous career journey began as a software developer which enabled her to pivot into security roles. Beginning as a penetration tester, her last 16 years have seen her grow as a security leader with experience across a variety of organizations. She regularly advocates for improved security practices and shares her research with business leaders and industry audiences through her international public speaking engagements, online content, and other media appearances.Links Referenced: Cybersecurity Career Guide: https://alyssa.link/book A-L-Y-S-S-A dot link—L-I-N-K slash book: https://alyssa.link/book Twitter: https://twitter.com/AlyssaM_InfoSec alyssasec.com: https://alyssasec.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at Vultr. Optimized cloud compute plans have landed at Vultr to deliver lightning-fast processing power, courtesy of third-gen AMD EPYC processors without the IO or hardware limitations of a traditional multi-tenant cloud server. Starting at just 28 bucks a month, users can deploy general-purpose, CPU, memory, or storage optimized cloud instances in more than 20 locations across five continents. Without looking, I know that once again, Antarctica has gotten the short end of the stick. Launch your Vultr optimized compute instance in 60 seconds or less on your choice of included operating systems, or bring your own. It's time to ditch convoluted and unpredictable giant tech company billing practices and say goodbye to noisy neighbors and egregious egress forever. Vultr delivers the power of the cloud with none of the bloat. Screaming in the Cloud listeners can try Vultr for free today with a $150 in credit when they visit getvultr.com/screaming. That's G-E-T-V-U-L-T-R dot com slash screaming. My thanks to them for sponsoring this ridiculous podcast.Corey: This episode is sponsored in part by Honeycomb. When production is running slow, it's hard to know where problems originate. Is it your application code, users, or the underlying systems? I've got five bucks on DNS, personally. Why scroll through endless dashboards while dealing with alert floods, going from tool to tool to tool that you employ, guessing at which puzzle pieces matter? Context switching and tool sprawl are slowly killing both your team and your business. You should care more about one of those than the other; which one is up to you. Drop the separate pillars and enter a world of getting one unified understanding of the one thing driving your business: production. With Honeycomb, you guess less and know more. Try it for free at honeycomb.io/screaminginthecloud. Observability: it's more than just hipster monitoring.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. One of the problems that many folks experience in the course of their career, regardless of what direction they're in, is the curse of high expectations. And there's no escaping for that. Think about CISOs for example, the C-I-S-O, the Chief Information Security Officer.It's generally a C-level role. Well, what's better than a C in the academic world? That's right, a B. My guest today is breaking that mold. Alyssa Miller is the BISO—B-I-S-O—at S&P Global. Alyssa, thank you for joining me to suffer my slings and arrows—Alyssa: [laugh].Corey: —as we go through a conversation that is certain to be no less ridiculous than it has begun to be already.Alyssa: I mean, I'm good with ridiculous, but thanks for having me on. This is awesome. I'm really excited to be here.Corey: Great. What the heck's BISO?Alyssa: [laugh]. I never get that question. So, this is—Corey: “No one's ever asked me that before.” [crosstalk 00:03:38]—Alyssa: Right?Corey: —the same thing as, “Do you know you're really tall?” “No, you're kidding.” Same type of story. But I wasn't clear. That means I'm really the only person left wondering.Alyssa: Exactly. I mean, I wrote a whole blog on it the day I got the job, right? So, Business Information Security Officer, Basically what it means is I am like the CISO but for my division, the Ratings Division at S&P Global. So, I lead our cyber security efforts within that division, work closely with our information security teams, our corporate IT teams, whatever, but I don't report to them; I report into the business line.I'm in the divisional CTO's org structure. And so, I'm the one bridging that gap between that business side where hey, we make all the money and that corporate InfoSec side where hey, we're trying to protect all the things, and there's usually that little bit of a gap where they don't always connect. That's me building the bridge across that.Corey: Someone who speaks both security and business is honestly in a bit of rare supply these days. I mean, when I started my Thursday newsletter podcast nonsense Last Week in AWS: Security, the problem I kept smacking into was everything I saw was on one side of that divide or the other. There was the folks who have the word security in their job title, and there tends to be this hidden language of corporate speak. It's a dialect I don't fully understand. And then you have the community side of actual security practitioners who are doing amazing work, but also have a cultural problem that more or less distills down to being an awful lot of shitheads in them there waters.And I wanted something that was neither of those and also wasn't vendor captured, which is why I decided to start storytelling in that space. But increasingly, I'm seeing that there's a significant problem with people who are able to contextualize security in the context of business. Because if you're secure enough, you can stop all work from ever happening, whereas if you're pure business side and only care about feature velocity and the rest, like, “Well, what happens if we get breached?” It's, “Oh, don't worry, I have my resume up to date.” Not the most reassuring answer to give people. You have to be able to figure out where that line lies. And it seems like that figuring out where that line is, is more or less your entire stock-in-trade.Alyssa: Oh absolutely, yeah. I mean, I can remember my earliest days as a developer, my cynical attitude towards security myself was, you know, their Utopia would be an impenetrable room full of servers that have no connections to anything, right? Like that would be wildly secure, yet completely useless. And so yeah, then I got into security and now I was one of them. And, you know, it's one of those things, you sit in, say a board meeting sometime and you listen to a CISO, a typical CISO talk to the board, and they just don't get it.Like, there's so much, “Hey, we're implementing this technology and we're doing this thing, and here's our vulnerability counts, and here's how many are overdue.” And none of that means anything. I mean, I actually had a board member ask me once, “What is a CISO?” I kid you not. Like, that's where they're at.Like, so don't tell them what you're doing, but tell them why connected back to, like, “Hey, the business needs this and this, and in order to do it, we've got to make sure it's secure, so we're going to implement these couple of things. And here's the roadmap of how we get from where we are right now to where we need to be so they can launch that new service or product,” or whatever the hell it is that they're going to do.Corey: It feels like security is right up there with accounting, in the sense of fields of endeavor where you don't want someone with too much personality involved. Because if the CISO's sitting there talking to the board, it's like, “So, what do you do here, exactly?” And the answer is the honest, “Hey, remember last month how we were in The New York Times for that giant data breach?” And they do a split take, “No, no, I don't.” “Exactly. You're welcome.” On some level, it is kind of honest, but it also does not instill confidence when you're that cavalier with the description of what it is you do here.Alyssa: Oh there's—Corey: At least there's some corners. I prefer—Alyssa: —there's so much—Corey: —places where that goes over well, but that's me.Alyssa: Yeah. But there's so much of that too, right? Like, here's the one I love. “Well, you know, it's not if you get breached, it's when. Oh, by the way, give me millions and millions of dollars, so I can make sure we don't get breached.”But wait, you just told me we're going to get breached no matter what we do. [laugh]. We do that in security. Like, and then you wonder why they don't give you funding for the initiative. Like, “Hello?” You know?And that's the thing that gets me it's like, can we just sit back and understand, like, how do you message to these people? Yeah I mean, you bring up the accounting thing; the funny thing is, at least all of them understand some level of accounting because most of them have MBAs and business degrees where they had to do some accounting. They didn't go through cyber security in their MBA program.So, one of my favorite questions on Twitter once was somebody asked me, you know, if I want to get into cyber security leadership, what is the one thing that I should focus on or what skills should I study? I said, “Go study MBA concepts.” Like, forget all the cyber security stuff. You probably have plenty of that technolog—go understand what they learn in MBA programs. And if you can start to speak that language, that's going to pay dividends for bridging that gap.Corey: So, you don't look like the traditional slovenly computer geek showing up at those meetings who does not know how to sound as if they belong in the room. Like, it's unfair, on some level, and I used to have bitter angst about that. Like, “Why should how I dress matter how people perceive me?” Yeah, in an absolute sense you're absolutely right, however, I can talk about the way the world is or the way I wish it were and there has to be a bit of a divide there.Alyssa: Oh, for sure. Yeah. I mean, you can't deny that you have to be prepared for the audience you're walking into. Now, I work in big conservative financial services on Wall Street. You know, and I had this conversation with a prominent member of our community when I started the job.I'm like, “Boy, I guess I can't really put stickers on my laptop. I'm going to have to get, you know, a protector or something to put stickers on.” Because the last thing I want to do is go into a boardroom with my laptop and whip out a bunch of hacker stickers on the backside of my laptop. Like, in a lot of spaces that will work, but you can't really do that when you're, you know, at, you know, the executive level and you're in a conservative, financial [unintelligible 00:10:16]. It just, I would love to say they should deal with that, I should be able to have pink hair, and you know, face tattoos and everything else, but the reality is, yeah, I can do all that, but these are still human beings who are going to react to that.And it's the same when talking about cyber security, then. Like, I have to understand as a security practitioner that all they know about cyber security is it's big and scary. It's the thing that keeps them up at night. I've had board members tell me exactly that. And so, how do I make it a little less scary, or at least get them to have some confidence in me that I'll, like, carry the shield in front of them and protect them. Like, that's my job. That's why I'm there.Corey: When I was starting my consultancy five years ago, I was trying to make a choice between something in the security cloud direction or the cost cloud direction. And one of the things that absolutely tipped the balance for me was the fact that the AWS bill is very much a business-hours-only problem. No one calls me at two in the morning screaming their head off. Usually. But there's a lot of alignment between those two directions in that you can spend all your time and energy fixing security issues and/or reducing the bill, but past a certain point, knock it off and go do the thing that your company is actually there to do.And you want to be responsible to a point on those things, but you don't want it to be the end-all-be-all because the logical outcome of all of that, if you keep going, is your company runs out of money and dies because you're not going to either cost optimize or security optimize your business to its next milestone. And weighing those things is challenging. Now, too many people hear that and think, “See, I don't have to worry about those things at all.” It's, “Oh, you will sooner or later. I promise.”Alyssa: So, here's the fallacy in that. There is this assumption that everything we do in security is going to hamper the business in some way and so we have to temper that, right? Like, you're not wrong. And we talked about before, right? You know, security in a traditional sense, like, we could do all of the puristic things and end up just, like, screeching the world to a halt.But the reality is, we can do security in a way that actually grows the business, that actually creates revenue, or I should say enables the creation of revenue in that, you know, we can empower the business to do more things and to be more innovative by how we approach security in the organization. And that's the big thing that we miss in security is, like, look, yes, we will always be a quote-unquote, “Cost center,” right? I mean, we in security don't—unless you work for a security organization—we're not getting revenue attributed to us, we're not creating revenue. But we are enabling those people who can if we approach it right.Corey: Well, the Red Team might if they go a little off-script, but that's neither here nor there.Alyssa: I—yeah, I mean, I've had that question. “Like, couldn't we just sell resell our Red Team services?” No. No. That's not our core [crosstalk 00:13:14]Corey: Oh, I was going the other direction. Like, oh, we're just going to start extorting other businesses because we got bored this week. I'm kidding. I'm kidding. Please don't do an investigation, any law enforcement—Alyssa: I was going to say, I think my [crosstalk 00:13:22]—Corey: —folks that happen to be listening to this.Alyssa: [crosstalk 00:13:24] is calling me right now. They're want to know what I'm [laugh] talking about. But no—Corey: They have some inquiries they would like you to assist them with and they're not really asking.Alyssa: Yeah, yeah, they're good at that. No, I love them, though. They're great. [laugh]. But no, seriously, like, I mean, we always think about it that way because—and then we wonder why do we have the reputation of, you know, the Department of No.Well, because we kind of look at it that way ourselves; we don't really look at, like how can we be a part of the answer? Like, when we look at, like, DevSecOps, for instance. Okay, I want to bring security into my pipeline. So, what do we say? “Oh, shared responsibility. That's a DevOps thing.” So, that means security is everybody's responsibility. Full stop.Corey: Right. It's a—Alyssa: Well—Corey: And there, I agree with you wholeheartedly. Cost is—Alyssa: But—Corey: —aligned with this. It has to be easier to do it the right way than to just go off half-baked and do it yourself off the blessed path. And that—Alyssa: So there—Corey: —means there's that you cannot make it harder to do the right thing; you have to make it easier because you will not win against human psychology. Depending on someone when they're done with an experiment to manually go in and turn things off. It will not happen. And my argument has been that security and cost are aligned constantly because the best way to secure something and save money on at the same time is to turn that shit off. You wouldn't think it would be that simple, but yet here we are.Alyssa: But see, here's the thing. This is what kills me. It's so arrogant of security people to look at it and say that right? Because shared responsibility means shared. Okay, that means we have responsibilities we're going to share. Everybody is responsible for security, yes.Our developers have responsibilities now that we have to take a share in as well, which is get that shit to production fast. Period. That is their goal. How fast can I pop user stories off the backlog and get them to deployment? My SRE is on the ops side. They're, like, “We just got to keep that stuff running. That's all we that's our primary focus.”So, the whole point of DevOps and DevSecOps was everybody's responsible for every part of that, so if I'm bringing security into that message, I, as security, have to be responsible for site's stability; I, in security, have to be responsible for efficient deployment and the speed of that pipeline. And that's the part that we miss.Corey: This episode is sponsored in parts by our friend EnterpriseDB. EnterpriseDB has been powering enterprise applications with PostgreSQL for 15 years. And now EnterpriseDB has you covered wherever you deploy PostgreSQL on-premises, private cloud, and they just announced a fully-managed service on AWS and Azure called BigAnimal, all one word. Don't leave managing your database to your cloud vendor because they're too busy launching another half-dozen managed databases to focus on any one of them that they didn't build themselves. Instead, work with the experts over at EnterpriseDB. They can save you time and money, they can even help you migrate legacy applications—including Oracle—to the cloud. To learn more, try BigAnimal for free. Go to biganimal.com/snark, and tell them Corey sent you.Corey: I think you might be the first person I've ever spoken to that has that particular take on the shared responsibility model. Normally, when I hear it, it's on stage from an AWS employee doing a 45-minute song-and-dance about what the secured responsibility model is, and generally, that is interpreted as, “If you get breached, it's your fault, not ours.”Alyssa: [laugh].Corey: Now, you can't necessarily say it that directly to someone who has just suffered a security incident, which is why it takes 45 minutes and slides and diagrams and excel sheets and the rest. But that is what it fundamentally distills down to, and then you wind up pointing out security things that they've had that [unintelligible 00:17:11] security researchers have pointed out and they are very tight-lipped about those things. And it's, “Oh, it's not that you're otherworldly good at security; it's that you're great at getting people to shut up.” You know, not me, for whatever reason because I'm noisy and obnoxious, but most people who actually care about not getting fired from their jobs, generally don't want to go out there making big cloud companies look bad. Meanwhile, that's kind of my entire brand.Alyssa: I mean, it's all about lines of liability, right?Corey: Oh yeah.Alyssa: I mean, where am I liable, where am I not? And yeah, well, if I tell you you're responsible for security on all these things, and I can point to any part of that was part of the breach, well, hey, then it's out of my hands. I'm not liable. I did what I said I would; you didn't secure your stuff. Yeah, it's—and I mean, and some of that is to be fair.Like, I mean, okay, I'm going to host my stuff on your computer—the whole cloud is just somebody else's computer model is still ultimately true—but, yeah, I mean, I'm expecting you to provide me a stable and secure environment and then I'm going to deploy stuff on it, and you are expecting me to deploy things that are stable and secure as well. And so, when they say shared model or shared responsibility model, but it—really if you listen to that message, it's the exact opposite. They're telling you why it's a separate responsibility model. Here's our responsibilities; here's yours. Boom. It's not about shared; it's about separated.Corey: One of the most formative, I guess, contributors to my worldview was 13 years ago, I went on a date and met someone lovely. We got married. We've been together ever since, and she's an attorney. And it is been life-changing to understand a lot of that perspective, where it turns out when you're dealing with legal, they are not—and everyone says, “Oh, and the lawyers insisted on these things.”No, they didn't. A lawyer's entire role in a company is to identify risk, and then it is up to the business to make a decision around what is acceptable and what is not. If your lawyers ever insist on something, what that actually means in my experience is, you have said something profoundly ignorant that is one of those, like—that is—they're doing the legal equivalent of slapping the gun out of the toddler's hand of, “No, you cannot go and tweet that because you'll go to prison,” level of ridiculous nonsense where it is, “That will violate the law.” Everything else is different shades of the same answer: it depends. Here's what to consider.Alyssa: Yes.Corey: And then you choose—and the business chooses its own direction. So, when you have companies doing what appeared to be ridiculous things, like Oracle, for example, loves to begin every keynote with a disclaimer about how nothing they're about to say is true, the lawyers didn't insist on that—though they are the world's largest law firm, Kirkland Ellison. But instead, it's this entire story of given the risk and everything that we know about how we say things onstage and people gunning for us, yeah, we are going to [unintelligible 00:20:16] this disclaimer first. Most other tech companies do not do that exact thing, which I've got to say when you're sitting in the audience ready to see the new hotness that's about to get rolled out and it starts with a disclaimer, that is more or less corporate-speak for, “You are about to hear some bullshit,” in my experience.Alyssa: [laugh]. Yes. I mean and that's the thing, like, [clear throat], you know, we do deride legal teams a lot. And you know, I can find you plenty of security people who hate the fact that when you're breached, who's the first call you make? Well, it's your legal team.Why? Because they're the ones who are going to do everything in their power to limit the amount that you can get sued on the back-end for anything that got exposed, that you know, didn't meet service levels, whatever the heck else. And that all starts with legal privilege.Corey: They're reporting responsibilities. Guess who keeps up on what those regulatory requirements are? Spoiler, it's probably not you, whoever's listening to this, unless you're an attorney because that is their entire job.Alyssa: Yes, exactly. And, you know, work in a highly regulated environment—like mine—and you realize just how critical that is. Like, how do I know—I mean, there are times there's this whole discussion of how do you determine if something is a material impact or not? I don't want to be the one making that, and I'm glad I don't have to make that decision. Like, I'll tell you all the information, but yes, you lawyers, you compliance people, I want you to make the decision of if it's a material impact or not because as much as I understand about the business, y'all know way more about that stuff than I do.I can't say. I can only say, “Look, this is what it impacted. This is the data that was impacted. These are the potential exposures that occurred here. Please take that information now and figure out what that means, and is there any materiality to that that now we have to report that to the street.”Corey: Right, right. You can take my guesses on this or you can get it take an attorney's. I am a loud, confident-sounding white guy. Attorneys are regulated professionals who carry malpractice insurance. If they give wrong advice that is wrong enough in these scenarios, they can be sanctioned for it; they can lose their license to practice law.And there are challenges with the legal profession and how much of a gatekeeper the Bar Association is and the rest, but this is what it is [done 00:22:49] for itself. That is a regulated industry where they have continuing education requirements they need to certify in a test that certain things are true when they say it, whereas it turns out that I don't usually get people even following up on a tweet that didn't come true very often. There's a different level of scrutiny, there's a different level of professional bar it raises to, and it turns out that if you're going to be legally held to account for things you say, yeah, turns out a lot of your answers to are going to be flavors of, “It depends.”Alyssa: [laugh].Corey: Imagine that.Alyssa: Don't we do that all the time? I mean, “How critical is this?” “Well, you know, it depends on what kind of data, it depends on who the attacker is. It depends.” Yeah, I mean, that's our favorite word because no one wants to commit to an absolute, and nor should we, I mean, if we're speaking in hyperbole and absolutes, boy, we're doing all the things wrong in cyber.We got to understand, like, hey, there is nuance here. That's how you run—no business runs on absolutes and hyperbole. Well, maybe marketing sometimes, but that's a whole other story.Corey: Depends on if it's done well or terribly.Alyssa: [laugh]. Right. Exactly. “Hey, you can be unhackable. You can be breached-proof.” Oh, God.Corey: Like, what's your market strategy? We're going to paint a big freaking target in the front of the building. Like, I still don't know how Target the company was ever surprised by a data breach that they had when they have a frickin' bullseye as their logo.Alyssa: “Come get us.”Corey: It's, like, talk about poking the bear. But there we are.Alyssa: [unintelligible 00:24:21] no. I mean, hey, [unintelligible 00:24:23] like that was so long ago.Corey: It still casts a shadow.Alyssa: I know.Corey: People point to that as a great example of, like, “Well, what's going to happen if we get breached?” It's like, well look at Target because they wound up—like, their stock price a year later was above where it had been before and it seemed to have no lasting impact. Yeah, but they effectively replaced all of the execs, so you know, let's have some self-interest going on here by named officers of the company. It's, “Yeah, the company will be fine. Would you like to still be here what it is?”Alyssa: And how many lawsuits do you think happened that you never heard about because they got settled before they were filed?Corey: Oh, yes. There's a whole world of that.Alyssa: That's what's really interesting when people talk about, like, the cost of breach and stuff, it's like, we don't even know. We can't know because there is so much of that. I mean, think about it, any organization that gets breached, the first thing they're trying to do is keep as much of it out of the news as they can, and that includes the lawsuits. And so, you know, it's like, all right, well, “Hey, let's settle this before you ever file.”Okay, good. No one will ever know about that. That will never show up anywhere. It is going to show up on a balance sheet anywhere, right? I mean, it's there, but it's buried in big categories of lots of other things, and how are you ever going to track that back without, you know, like, a full-on audit of all of their accounting for that year? Yeah, it's—so I always kind of laugh when people start talking about that and they want to know, what's the average cost of a breach. I'm like, “There's no way to measure that. There is none.”Corey: It's not cheap, and the reputational damage gets annoying. I still give companies grief for these things all the time because it's—again, the breach is often about information of mine that I did not consciously choose to give to you and the, “Oh, I'm going to blame a third-party process.” No, no, you can outsource work, but not responsibility. You can't share that one.Alyssa: Ah, third-party diligence, uh, that seems to be a thing. You know, I think we're supposed to make sure our third parties are trustworthy and doing the right things too, right? I mean, it's—Corey: Best example I ever saw that was an article in the Wall Street Journal about the Pokemon company where they didn't name the vendor, but they said they declined to do business with them in part based upon their lax security policy around S3 buckets. That is the first and so far only time I have had an S3 Bucket Responsibility Award engraved and sent to their security director. Usually, it's the ignoble prize of the S3 Bucket Negligence Award, and there are oh so many of those.Alyssa: Oh, and it's hard, right? Because you're standing—I mean, I'm in that position a lot, right? You know, you're looking at a vendor and you've got the business saying, “God, we want to use this vendor. All their product is great.” And I'm sitting there saying, but, “Oh, my God, look at what they're doing. It's a mess. It's horrible. How do I how do we get around this?”And that's where, you know, you just have to kind of—I wish I could say no more, but at the end of the day, I know what that does. That just—okay, well, we'll go file an exception and we'll use it anyway. So, maybe instead, we sit and work on how to do this, or maybe there is an alternative vendor, but let's sort it out together. So yeah, I mean, I do applaud them. Like that's great to, like, be able to look at a vendor and say, “No, we ain't touching you because what you're doing over there is nuts.” And I think we're learning more and more how important that is, with a lot of the supply chain attacks.Corey: Actually, I'm worried about having emailed you, you're going to leak my email address when your inbox inevitably gets popped. Come on. It's awful stuff.Alyssa: Yeah, exactly. So, I mean, it's we there's—but like everything, it's a balance again, right? Like, how can we keep that business going and also make sure that their vendors—so that's where it just comes down to, like, okay, let's talk contracts now. So, now we're back to legal.Corey: We are. And if you talk to a lawyer and say, “I'm thinking about going to law school,” the answer is always the same. “No… don't do it.” Making it clear that is apparently a terrible life and professional decision, which of course, brings us to your most recent terrible life and professional decision. As we record this, we are reportedly weeks away from you having a physical copy in your hands of a book.And the segue there is because no one wants to write a book. Everyone wants to have written a book, but apparently—unless you start doing dodgy things and ghost-writing and exploiting people in the rest—one is a necessary prerequisite for the other. So, you've written a book. Tell me about it.Alyssa: Oof, well, first of all, spot on. I mean, I think there are people who really do, like, enjoy the act of writing a book—Corey: Oh, I don't have the attention span to write a tweet. People say, “Oh, you should write a book, Corey,” which I think is code for them saying, “You should shut up and go away for 18 months.” Like, yeah, I wish.Alyssa: Writing a book has been the most eye-opening experience of my life. And yeah, I'm not a hundred percent sure it's one I'll ever—I've joked with people already, like, I'll probably—if I ever want another book, I'll probably hire a ghostwriter. But no, I do have a book coming out: Cybersecurity Career Guide. You know, I looked at this cyber skills gap, blah, blah, blah, blah, blah, we hear about it, 4 million jobs are going to be left open.Whatever, great. Well, then how come none of these college grads can get hired? Why is there this glut of people who are trying to start careers in cyber security and we can't get them in?Corey: We don't have six months to train you, so we're going to spend nine months trying to fill the role with someone experienced?Alyssa: Exactly. So, 2020 I did a bunch of research into that because I'm like, I got to figure this out. Like, this is bizarre. How is this disconnect happening? I did some surveys. I did some interviews. I did some open-source research. Ended up doing a TED Talk based off of that—or TEDx Talk based off of that—and ultimately that led into this book. And so yeah, I mean, I just heard from the publisher yesterday, in fact that we're, like, in that last stage before they kick it out to the printers, and then it's like three weeks and I should have physical copies in my hands.Corey: I will be getting one when it finally comes out. I have an almost, I believe, perfect track record of having bought every book that a guest on this show has written.Alyssa: Well, I appreciate that.Corey: Although, God help me if I ever have someone, like, “So, what have you done?” “I've written 80 books.” Like, “Well, thank you, Stephen King. I'm about to go to have a big—you're going to see this number of the company revenue from orbit at this point with that many.” But yeah, it's impressive having written a book. It's—Alyssa: I mean, for me, it's the reward is already because there are a lot of people have—so my publisher does really cool thing they call it early acc—or electronic access program, and where there are people who bought the book almost a year ago now—which is kind of, I feel bad about that, but that's as much my publisher as it is me—but where they bought it a year ago and they've been able to read the draft copy of the book as I've been finishing the book. And I'm already hearing from them, like, you know, I'm hearing from people who really found some value from it and who, you know, have been recommending it other people who are trying to start careers and whatever. And it's like, that's where the reward is, right?Like, it was, it's hell writing a book. It was ten times worse during Covid. You know, my publisher even confirmed that for me that, like, look, yeah, you know, authors around the globe are having problems right now because this is not a good environment conducive to writing. But, yeah, I mean, it's rewarding to know that, like, all right, there's going to be this thing out there, that, you know, these pages that I wrote that are helping people get started in their careers, that are helping bring to light some of the real challenges of how we hire in cyber security and in tech in general. And so, that's the thing that's going to make it worthwhile. And so yeah, I'm super excited that it's looking like we're mere weeks now from this thing being shipped to people who have bought it.Corey: So, now it's racing, whether this gets published before the book does. So, we'll see. There is a bit of a production lag here because, you know, we have to make me look pretty and that takes a tremendous amount of effort.Alyssa: Oh, stop. Come on now. But it will be interesting to see. Like, that would actually be really cool if they came out at about the same time. Like, you know, I'm just saying.Corey: Yeah. We'll see how it goes. Where's the best place for people to find you if they want to learn more?Alyssa: About the book or in general?Corey: Both.Alyssa: So—Corey: Links will of course be in the [show notes 00:32:49]. Let's not kid ourselves here.Alyssa: The book is real easy. Go to Alyssa—A-L-Y-S-S-A, back here behind me for those of you seeing the video. Um—I can't point the right direction. There we go. That one. A-L-Y-S-S-A dot link—L-I-N-K slash book. It's that simple. It'll take you right to Manning's site, you can get in.Still in that early access program, so if you bought it today, you would still be able to start reading the draft versions of it. If you want to know more about me, honestly, the easiest way is to find me on Twitter. You can hear all the ridiculousness of flight school and barbecue and some security topics, too, once in a while. But at @alyssam_infosec. Or if you want to check out the website where I blog, every rare occasion, it's alyssasec.com.Corey: And all of that will be in the [show notes 00:33:41]. Thank you—Alyssa: There's a lot. [laugh].Corey: I'm looking forward to seeing it, too. Thank you so much for taking the time to deal with my nonsense today. I really appreciate it.Alyssa: Oh, that was nonsense? Are you kidding me? This was a great discussion. I really appreciate it.Corey: As have I. Thanks again for your time. It is always great to talk to people smarter than I am—which is, let's be clear, most people—Alyssa Miller, BISO at S&P Global. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice—or smash the like and subscribe button if this is on the YouTubes—whereas if you've hated the podcast, same thing, five-star review, platform of choice, smash both of the buttons, but also leave an angry comment, either on the YouTube video or on the podcast platform, saying that this was a waste of your time and what you didn't like about it because you don't need to read Alyssa's book; you're going to get a job the tried and true way, by printing out a copy of your resume and leaving it on the hiring manager's pillow in their home.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.