Organized collection of books or other information resources
POPULARITY
Join us on this new episode of HR Like a Boss, where John sits down with Jocelyn King, CEO and founder of Virgil HR, to discuss her unique journey from HR generalist to tech entrepreneur. Jocelyn shares how her deep HR experience shaped the creation of a cutting-edge compliance platform and what it takes to scale both teams and technology in today's fast-paced business world. The conversation dives into the evolving strategic role of HR, the power of mentorship, and how tech can be a game-changer for compliance and growth. Whether you're navigating a startup or building partnerships at the executive level, this episode offers a roadmap for making a bigger impact through innovation and relationships.ABOUT JOCELYNJocelyn King, SHRM-SCP is the CEO and Founder of VirgilHR, a SaaS solution that empowers HR professionals to make smart, compliant employment and labor law decisions in real-time. HR has been the passion and focus of Jocelyn's entire career as she's supported high-growth technology start-ups and public companies throughout her tenure. She defines herself as a true HR generalist and has touched on all aspects of HR in her more senior roles. Jocelyn has strong expertise in creating and executing HR strategy, managing employee relations for multi-state and global organizations, developing a diverse and high-performing work culture, owning organization development and change management, and crafting the total reward, talent development, and talent acquisition strategies. In addition to HR, what has also remained consistent in her career has been technology. Jocelyn has worked for technology companies most of her career and, as an HR executive, has had the privilege of supporting executives and departments in all functions across the organizations. In her role as CEO for VirgilHR, she's displayed proven success in building a venture-backed technology company from the ground up. She has held previous roles as the Vice President of People, North America for Ocado Group, as well as Vice President of People for Cybrary, a Series-C start up. She's spent a majority of her career working with a range of tech companies from Pre-Seed to Post-IPO. Jocelyn earned her bachelor's degree in Liberal Studies from Georgetown University.
In this episode of the PowerShell Podcast, we are thrilled to host Jeff Brown, a seasoned educator and PowerShell enthusiast. Jeff takes us on a journey spanning nearly two decades of his prolific blog writing, revealing how it shaped his career trajectory. Delving into the importance of certifications, Jeff emphasizes their role as a structured pathway for acquiring new skills and advancing in the tech industry. We explore Jeff's transition from Azure Engineer to the dynamic realm of DevOps, uncovering valuable insights along the way. Join us as Jeff shares his wealth of experience, offering invaluable advice and perspectives for aspiring IT professionals and seasoned experts alike. Guest Bio and links: Jeff Brown is 16+ year veteran of the IT industry working with Windows Server, Office 365, Azure, and PowerShell. He is an active blogger and course creator for companies like CloudSkills, Cybrary, and PluralSight. He currently works as a DevOps Engineer focusing on Azure Cloud and Terraform. Watch The PowerShell Podcast on YouTube: https://www.youtube.com/watch?v=2kaOMe2ZP7w https://discord.gg/pdq https://jdhitsolutions.com/blog/powershell/9343/github-scripting-challenge-solution/ https://o365reports.com/2024/03/14/creating-a-free-microsoft-365-e5-developer-tenant-is-no-longer-possible/ https://www.thelazyadministrator.com/2024/03/22/getting-started-with-github-copilot-in-the-cli/ https://www.pdq.com/blog/how-to-manage-powershell-secrets-with-secretsmanagement/ https://www.youtube.com/watch?v=5ucSdX39zZU
**DISCLAIMER: All of our opinions are our own. They do not represent, nor are they affiliated with the interests and beliefs of the companies we work for. **The Cyber Queens Podcast is back with an exciting episode focused on breaking into the cybersecurity industry. Join the Cyber Queens as they chat with Mackenzie Wartenberger about her journey into the world of cyber and how she was able to make a successful career change. Mack shares her experience as the first recipient of the GRC Accelerator Train-To-Hire Program at Aquia Inc. This 6-month-long program provides paid apprenticeships, training materials, and dedicated mentorship to individuals who may not have the means to access further education or qualify for a cybersecurity job.The Cyber Queens and Mack break down the common misconception that one needs to be technical to enter the cybersecurity field. You will hear Mack share her inspiring story of how she broke into cyber, along with the reasons why she chose this field. The Cyber Queens also share their own experiences and backstories of how they ended up in this wonderful industry. Finally, they discuss Mack's next steps and offer insights on how you can replicate her success.Tune in to The Cyber Queens Podcast to learn more about breaking into the cybersecurity industry and how to close the gender/diversity gap that cyber is experiencing.Key Topics:Mack's Before & After Cyber JourneyWhy Mack Chose The Cyber Security FieldHow Mack Found A Cyber Opportunity & Breaking InAquia Inc GRC Accelerator Train-To-Hire ProgramMack's Pre-technical Interview Processes & SelectionSo You've Landed Your First Cyber Gig….How Did You Learn?Soft Skills & How They Apply To A Cyber CareerWhat's Next For Mack?01:52 – Mack's Before & After Cyber Journey05:05 – Why Mack Chose The Cyber Security Field07:14 – Careers Before Cyber10:25 – Breaking Into Cyber Cold…..The How To's From Mack 11:45 – GRC Accelerator Train-To-Hire Program at Aquia Inc.12:55 – Networking Is KEY14:32 – The Right Mindset Can Set You Up For Success14:40 – Knowing Your Strengths Can Help You Navigate 17:30 – In Cyber You Will Not Know Everything & That Is OK20:07 – Entering Cyber Doesn't Require Stepping Into A Super Technical Role, It Can Be GRC Or Compliance25:00 – Soft Skills Can Help You In A Cyber Career25:16 - Aquia Inc. GRC Accelerator Train-To-Hire Program36:50 – Final TakeawaysSources:Aquia Inc.: https://www.aquia.us/ Aquia Inc. GRC Accelerator Train-To-Hire Program: https://tinyurl.com/mr3yzxwv What Is A Security Analyst?: https://tinyurl.com/yeykz99s What Is A Compliance Analyst?: https://tinyurl.com/2rzuwjkz SOC Audit: https://tinyurl.com/2wuuxscc What Is GRC?: https://tinyurl.com/225j9yyz What Is Kubernetes?: https://www.ibm.com/topics/kubernetes What Is NMAP?: https://tinyurl.com/bdfhrjfe What Is CISA?: https://www.cisa.gov/about What Is The Red Team?: https://tinyurl.com/2xttz2wm CompTIA Security+ Certification https://www.comptia.org/certifications/security What Is Python?: https://tinyurl.com/4d65nprs Cybrary: https://tinyurl.com/4ames68c Mackenzie Wartenberger – LinkedIn https://www.linkedin.com/in/mackenzie-wartenberger/ Get in Touch: Maril Vernon - @SheWhoHacks Erika Eakins - @ErikaEakins Amber DeVilbiss - @EngineerAmber Queens Twitter - @TheCyberQueens Queens LinkedIn Calls to Action: Subscribe to our newsletter for exclusive insight and new episodes! If you love us- share us!
Why is the geopolitical landscape critical to cybersecurity strategy? CISO Mark Houpt breaks it down in this episode. Mark also shares his advice to the college and high school students he mentors, how to approach the ever-changing nature of cybersecurity, and how to think about a college education.Mark Houpt is the CISO at DataBank. Previously he held senior security roles at organizations including State Farm, Lincoln Christian University, and Sallie Mae. Mark served in the US Navy from 1991 to 1999. Mark Houpt on LinkedIn: https://www.linkedin.com/in/mark-houpt/ Mark's recommended list of classes:- Microsoft CISO Workshop: https://learn.microsoft.com/en-us/security/ciso-workshop/ciso-workshop - Ascend Education: https://ascendeducation.com/monthly-subscription/ - Amazon Cybersecurity Awareness Training: https://learnsecurity.amazon.com/en/index.html - Center for Development of Security Excellence: https://www.cdse.edu - ISC2 -Certified in Cybersecurity: https://www.isc2.org/1mcc - Cisco Networking Academy: https://skillsforall.com/course/introduction-to-cybersecurity - Cyberbit Remote Training: https://go.cyberbit.com/100k-worth-of-free-remote-cyber-range-training/?utm_source=nist_website&utm_medium=list&utm_campaign=free-remote-soc-team-training-nam - StationX - 12 Month Trial: https://www.cybersecurityjobs.com/csj-training-fund/ - Cyber Training 365: https://www.cybertraining365.com/cybertraining/FreeClasses - Cyber Skyline Professional: https://cyberskyline.com/professional/purchase - Cybrary: https://www.cybrary.it - EC.Council: https://www.eccouncil.org/cybersecurity-exchange/free-cybersecurity-resources-2022/ - Elastic: https://www.elastic.co/training/free - Evolve Academy: https://www.academy.evolvesecurity.com/cybersecurity-fundamentals - Federal Virtual Training: https://fedvte.usalearning.gov
Etan Basseri is a product manager on Microsoft's Identity Security team, working to prevent and detect identity compromise. During the course of his career, he's held a range of roles across law, business development, consulting and product, so he frequently advises and mentors others on their career development. LinkedIn: https://www.linkedin.com/in/basseri/ Career Walking Decks 101: https://kkarenism.com/career-walking-decks-101/ Microsoft Software & Systems Academy (MSSA) – Microsoft Military Affairs: https://military.microsoft.com/mssa/ Cybrary: https://www.cybrary.it/info/homepaged/ SANS Institute: https://www.sans.org/mlp/2/ (ISC)2: https://www.isc2.org Pluralsight: https://www.pluralsight.com
This week, Cami Ragano, VP of Marketing at SightGain, joins Maria and Gianna to share her expertise as a marketing leader managing SDRs so that SDRs over-achieve their goals! In fact, Cami's SDR program has helped SightGain achieve significant increases in: Demos Booked: ⬆ Demos Complete: ⬆ Pipeline Growth: ⬆ From Washington DC to Australia to London, Cami has led digital demand generation and brand campaigns that touch nearly every corner of the globe. With a focus on start-up cybersecurity SaaS enterprise software, she has built a career around innovative digital marketing campaigns and customer-focused events that drive revenue. Prior to joining SightGain, Cami was a marketing and business development leader at Cybrary, Endgame, Invincea (acquired by Sophos), and Risk Analytics—where she developed go-to-market strategies that disrupted and dominated the cybersecurity industry. Cami graduated from Radford University with a B.S. in Communications specializing in Public Relations and a minor in Marketing. In her free time she enjoys spending time with her wife and three golden doodles in Richmond, VA hiking, exploring, and brewery hopping. Connect with Cami on LinkedIn. Visit the SightGain website or the company LinkedIn page. Follow Gianna on LinkedIn. Catch up with Maria on LinkedIn. Join the Cybersecurity Marketing Society on our website, and keep up with us on Twitter.
Ron Gula built a multi-billion dollar business that went public. Now he is helping other founders make their startups succeed as an investor. His venture, Gula Tech Ventures, has invested in companies like Second Front Systems, North American Wave Engine Corporation, Cybrary, and ShardSecure.
Do you want world-class cybersecurity training at your fingertips? Get it with Cybrary. With an accessible, affordable platform that provides guided pathways, threat-informed training, and certification preparation, Cybrary fully equips cybersecurity professionals at every stage in their careers to skill up and confidently mitigate threats. Learn more at https://cybrary.it
In part 2 of our Quantum-focused series, the Cybrary Podcast welcomes back Ron Lewis, VP of Customer Success and Innovation at Patero. We've explored how quantum computing impacts cybersecurity professionals as both a threat to encryption and as a machine learning tool. In this episode, Ron shares his deep wealth of knowledge on the "Q's of Quantum" and the history of the field of study around Quantum Random Number Generation (QRNG). Discover Patero! Learn more about the quantum threat! See the research from NIST: ~NIST Announces First Four Quantum-Resistant Cryptographic Algorithms Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
Who knew that casual livestream ethical hacking could lead to a full-time content creation career? The one-and-only Ben Sadeghipour aka NahamSec takes us down memory lane from the time he studied computer science and digital marketing in college to the moment he saw a promising future in bug bounty hunting. Get into the livestream hacker's mindset in this fun conversation about mentorship and community building in the cybersecurity space! Follow NahamSec! ~Twitter ~YouTube ~Twitch Consider Donating to the The Leukemia & Lymphoma Society® (LLS) Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
What were the biggest cybersecurity trends of 2022, and which types of threats do experts predict we should prepare for in 2023? Dan Lohrmann, Field CISO with Presidio, returns to the 401 Access Denied Podcast to provide a consolidated perspective on all the trends from an eventful year. From the war in Ukraine to the rise in cyber mercenary attacks, hacktivism, cloud hacks, and deepfakes, we're welcoming 2023 with a careful review of all the most memorable topics! Read Dan's article on "The Top 23 Security Predictions for 2023" ~The Top 23 Security Predictions for 2023 Part 1 Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
Could an AI chatbot like ChatGPT help you co-author the next great cyberpunk novel? Or craft a phishing email and generate sock puppets - for ethical hacking research, of course! Join our security research team - incident responder Marc Balingit and adversary emulator Matt Mullins - as we wade into the fun (and sometimes ethically ambiguous) areas of AI tech in cybersecurity. Keep the conversation going as we explore how AI tools can impact productivity, learning, skill shortages, and more. Check out the podcast on Youtube to wat ch Will, Matt, and Marc demo ChatGPT. Explore ChatGPT in Cybrary's FREE challenge activity! Read all about the potential impact of A.I. chatbots on the cybersecurity world! Learn more about OpenAI on their website! See How OpenAI became an AWS Certified Cloud Practitioner! Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
Cloud services have made it easier for users to stay connected and access resources from anywhere. But how can we reduce the security risks resulting from on-premises-to-cloud infrastructure migration? Security researcher Carlos Polop returns to the 401 Access Denied Podcast to expose the most unexpected cloud security flaws commonly leveraged by adversaries. From tackling misconfigurations to enhancing security controls, we cover top risk mitigation strategies recommended by cloud penetration testers! Follow Carlos! (and join his Discord community!) ~Github ~Twitter Check out Carlos' latest book on cloud hack tricks ~Hacktricks Cloud Learn more about Carlos's priviledge escalation tool ~Purple Panda Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
Cybersecurity needs dynamic minds to keep up with ever-evolving threats. How can managers foster an inclusive workforce that celebrates diversity of thought? Scott Gibson, Chief Strategy Officer at Melwood, discusses how a "double empathetic" approach can help security leaders improve sourcing best practices and meet their employees where they're at. Hear more about the steps that neurodivergent people can take to build their career-ready skills and succeed in cybersecurity. Learn more about Melwood and the abilIT program! Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
Ethical hackers are motivated to make society safer, but how can they ensure that they are following the law? This episode of the 401 Access Denied Podcast explores all the gray areas of vulnerability disclosure policies, copyright laws, and end-user license agreements. Learn essential hacker safety tips from our hosts, Joe Carson and Chloé Messdaghi! Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
The quantum computing revolution is a hot topic in the technology world, but how exactly does it impact cybersecurity professionals? To what extent does quantum computing pose a threat to encryption, and how long do we have to prepare for it? Ron Lewis, VP of Customer Success and Innovation at Patero, helps us find a pragmatic approach to post-quantum resiliency. In the first episode of our Quantum and Cyber podcast series with Patero, you'll learn all about how to differentiate Shor's algorithm from Grover's, navigate the cryptographic saga of Bob and Alice, and realistically quantify post-quantum risks. Discover Patero! Learn more about the quantum threat! See the research from NIST: ~NIST Announces First Four Quantum-Resistant Cryptographic Algorithms Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
The art of hacking is often synonymous with high-profile cybercrime. But how can the cybersecurity and penetration testing community help more crafty hackers go from breaking bad to breaking good? Phil Wylie, author of "The Pentester Blueprint," joins Joe Carson and Chloé Messdaghi to discuss innovative ways of fostering a safe, supportive, and rewarding culture among ethical hackers. We explore how effective mentorship, gamified bug bounty challenges, and free training opportunities can positively impact cybersecurity job recruitment and satisfaction. Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
Some threat actor groups pursue state-sponsored espionage, and others conduct financially-motivated cyberattacks. APT41, also known as Double Dragon, happens to do both! Our adversary emulator and self-described Chief Thief, Matt Mullins, teams up with defensive security freelancer, Chris Daywalt, to discuss their latest threat actor campaign emulating APT41. Get caught up in the cat-and-mouse game between red and blue teamers in this conversation on reducing risk, enhancing alerts, and exploring realistic simulations! Start the Double Trouble with Double Dragon Threat Actor Campaign to detect TTPs leveraged by real-world threat actor group, APT41! Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
When threat actors target enterprise security environments, they often seek to compromise the accounts with the most privileged access. How can organizations minimize security risks in a world where remote account access is growing? George Eapen, Group Chief Information Officer at Petrofac, discusses important strategies for reducing risk and increasing resilience in the face of threats like ransomware attacks. Learn more about how layered security controls, privileged access management, and employee training can foster a positive organizational security culture. Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
Interested in switching your career to cybersecurity, but don't know where to start? Need to brush up on your cyber basics? In this episode of the Cybrary Podcast, we are joined by our very own course managers Sara Faradji and Jenn Barnabee. Jenn goes into detail on the making of her new Entry-Level Cybersecurity Training (ELCT) course that is intended for absolute beginners with no prior knowledge of the industry! Get the inside scoop on how you can gain the foundational knowledge to take the next step towards your cybersecurity career or goals. Check out Jenn's Entry-Level Cybersecurity Training course at Cybrary! Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
Learn more about Cybrary! Feeling fatigued from all the fear and uncertainty surrounding cybersecurity news? Take a breather in this engaging podcast conversation with Ian Murphy, founder of CyberOff and affectionately known as "The Monty Python of Cyber"! Join in the fun as Ian breaks down the complexities of cybersecurity to focus on the value of human impact, bravery, and connectedness in this dynamic field. Check out CyberOff! Connect with Ian! ~LinkedIn Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube Jump-start you cybersecurity career today at Cybrary!
Have you ever thought about pursuing a cybersecurity career, but you don't imagine yourself as a "tech person"? Tennisha Martin, founder and Executive Director of Black Girls Hack, discusses strategies for both front and backdoor entrances into the dynamic world of cybersecurity. Learn how to take advantage of networking, resume review, and hands-on training opportunities so that you can see yourself in cyber! Join Black Girls Hack! ~Black Girls Hack Website Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
A skill shortage is pervading the cybersecurity industry. But what is the root cause of the problem, and how can employers fill more job roles? Dave Kennedy, CEO and founder of TrustedSec, and Chloé Messdaghi, Chief Impact Officer at Cybrary, discuss hiring and training best practices in the security world. Learn how you can break into the cybersecurity field from any educational or technical background! Follow Dave Kennedy! ~LinkedIn Follow us on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn Jump-start you cybersecurity career today at Cybrary!
When it comes to vulnerability disclosure, there can be a lot of unknowns. What is the first step in safely reporting? How can global bug bounty hunters better understand the specialized legalese in disclosure policies? Casey Ellis, Founder and CTO of Bugcrowd, addresses the importance of standardizing vulnerability disclosure policy language. Join in the de-villainization of ethical hackers and bug bounty hunters with Casey and the Cybrary team at Black Hat! Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
How did Tracy Z. Maleeff (aka InfoSecSherpa) pivot from a library science job into a cybersecurity research career? What first steps can other liberal arts majors take on their potential path toward the information security field? Find your niche in the security world with Tracy's tips on leveraging diverse skill sets to help solve complex security problems. Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
With the Great Resignation looming, what can security leaders do to empower their teams? How does effective training help shatter glass ceilings? Lance James, CEO of Unit 221B, shares his methodology for boosting team confidence and capability. Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Cybrary has been hard at work building a custom lab experience designed to prepare your security teams to succeed. Get the inside scoop on Cybrary's SOC Analyst Assessment from Senior Product Manager Ned Hinman. Learn how you evaluate your team's skill development with a high-fidelity, immersive assessment. Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Ron is President at Gula Tech Adventures, which focuses on cyber technology, cyber policy and recruiting more people to the cyber workforce. Since 2017, GTA has invested in dozens of cyber start-ups and funds and supported multiple cyber nonprofits and projects. From 2002 to 2016, Ron was the co-founder and CEO of Tenable Network Security. He helped grow the company to 20,000 customers, raise $300m in venture capital and grow revenues to $100m, setting up the company for an IPO in 2018. Prior to Tenable, Ron was a cyber industry pioneer and developed one of the first commercial network intrusion detection systems called Dragon, ran risk mitigation for the first cloud company, was deploying network honeypots in the mid 90s for the DOD and was a penetration tester for the NSA and got to participate in some of the nation's first cyber exercises. Ron was also a captain in the Air Force. LinkedIn: https://www.linkedin.com/in/rongula/ Gula Tech Adventures: https://www.gula.tech Cybrary, Free Cybersecurity Training and Career Development: https://www.cybrary.it/ SANS Institute: https://www.sans.org
In the Enterprise Security News: BlackRock drops $250M into Acronis, Talon raises a massive $100M Series A to make Enterprise Browsers a thing, Cybrary raises $25M, Ghost Security comes out of stealth, Netskope acquires Infiot, Thoma Bravo acquires Ping Identity TLP 2.0, Thought Leadering, And Winamp is back! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw283
In the Enterprise Security News: BlackRock drops $250M into Acronis, Talon raises a massive $100M Series A to make Enterprise Browsers a thing, Cybrary raises $25M, Ghost Security comes out of stealth, Netskope acquires Infiot, Thoma Bravo acquires Ping Identity TLP 2.0, Thought Leadering, And Winamp is back! The pandemic forced us to rethink our IT environment as office workers went remote, outside the traditional framework of enterprise connectivity and security. This conversation will focus on top security concerns, costs, and containment strategies that 1,100 IT/security workers in 11 countries shared in a global report Infoblox sponsored to understand how organizations are addressing the new workplace. Segment Resources: https://blogs.infoblox.com/security/1100-it-pros-spotlight-the-security-hazards-of-hybrid-work/ Secure Access Service Edge (SASE)/Secure Service Edge(SSE) has quickly become part of day-to-day lexicon. But what exactly is SASE/SSE and will it make enterprise data more secure? How will organizations secure their data in a cloud-first world when the user and information are completely outside the enterprise boundary? How SASE frameworks compares to traditional network protection, such as Secure Web Gateway, Next gen Firewalls, Remote Access and DLP. Segment Resources: https://www.brighttalk.com/webcast/288/508560 https://www.brighttalk.com/webcast/288/538266 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw283
In the Enterprise Security News: BlackRock drops $250M into Acronis, Talon raises a massive $100M Series A to make Enterprise Browsers a thing, Cybrary raises $25M, Ghost Security comes out of stealth, Netskope acquires Infiot, Thoma Bravo acquires Ping Identity TLP 2.0, Thought Leadering, And Winamp is back! The pandemic forced us to rethink our IT environment as office workers went remote, outside the traditional framework of enterprise connectivity and security. This conversation will focus on top security concerns, costs, and containment strategies that 1,100 IT/security workers in 11 countries shared in a global report Infoblox sponsored to understand how organizations are addressing the new workplace. Segment Resources: https://blogs.infoblox.com/security/1100-it-pros-spotlight-the-security-hazards-of-hybrid-work/ Secure Access Service Edge (SASE)/Secure Service Edge(SSE) has quickly become part of day-to-day lexicon. But what exactly is SASE/SSE and will it make enterprise data more secure? How will organizations secure their data in a cloud-first world when the user and information are completely outside the enterprise boundary? How SASE frameworks compares to traditional network protection, such as Secure Web Gateway, Next gen Firewalls, Remote Access and DLP. Segment Resources: https://www.brighttalk.com/webcast/288/508560 https://www.brighttalk.com/webcast/288/538266 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw283
In the Enterprise Security News: BlackRock drops $250M into Acronis, Talon raises a massive $100M Series A to make Enterprise Browsers a thing, Cybrary raises $25M, Ghost Security comes out of stealth, Netskope acquires Infiot, Thoma Bravo acquires Ping Identity TLP 2.0, Thought Leadering, And Winamp is back! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw283
With companies migrating to cloud environments amidst a continued influx of remote and hybrid workspaces, it's essential to keep your data secure. Nick Lumsden, co-founder and CTO of Tenacity Cloud, helps organizations to improve their foundational AWS cloud security. In a world where you can quickly make software changes, how can you maintain asset visibility and ensure compliance? Listen to Nick's insights on cost-effective cloud security management best practices. Connect with Nick! ~LinkedIn Check out Tenacity Cloud ~Company Website Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
When the next zero-day vulnerability hits, how can your security team prepare to detect and respond to the latest threats? In what ways can your organization reduce risk in a dynamic threat landscape? Our Cybrary Threat Intelligence Group (CTIG) is here to jumpstart the conversation on grounding your security training and decision-making on actionable research. Hear our CTIG experts, Ryan English and Matt Mullins, discuss the latest intel on the Follina vulnerability (CVE-2022-30190), the ZuoRAT report from Black Lotus Labs, and evolving tactics from initial access brokers like Prophet Spider. Take Matt's training course on the Follina vulnerability: ~https://www.cybrary.it/course/cve-series-follina-cve-2022-30190/ Subscribe to our forthcoming course campaign to detect behaviors of real-world initial access brokers: ~https://www.cybrary.it/catalog/spinning-a-web-shell-for-initial-access/ Check out the report on ZuoRat from the Cybray Threat Intelligence Group (CTIG): ~https://www.cybrary.it/blog/ctig-coverage-of-black-lotus-labs-zuorat-report/ Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Security conference season is back in full swing, and Cybrary is here to bring you all the highlights! Our Senior Product Manager, Ned Hinman, shares key takeaways from the Infosecurity Europe Conference in June of 2022. Hear what security leaders organizations like ISC2 are saying about strategies for bridging skills gaps, attracting new talent, and approaching cybersecurity as a psychological challenge. Read the Psychology of Intelligence Analysis Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
As cybersecurity teams become more advanced, adversaries get craftier. That's why Cybrary's blue teamer Owen Dubiel and red teamer Matt Mullins joined forces to develop purple team training campaigns based on real-world threats. Their latest campaign explores how threat actors like FIN10 extort organizations by threatening to expose their stolen data publicly. Hear all about how Owen and Matt created training exercises to help you improve your situational awareness and detection strategies. Think you have what it takes to enhance your detections to pinpoint each step in FIN10's attack kill chain? Enroll now in our Exfiltration and Extortion campaign, where you'll gain expert insights on real-world threat actor behavior and detect the malicious activity yourself in a virtual lab. Enroll now in our new Exfiltration and Extortion Campaign! Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Acclaimed cybersecurity power player Chloé Messdaghi is making big moves in her new role as Cybrary's Head of Impact. In this episode of the Cybrary podcast, she discusses commonsense approaches to minimizing bias and cultivating inclusivity in the security industry. How can organizations mitigate not only dynamic cyber risks, but also the revolving door of employee turnover? What can effective leaders do to prioritize the value of security teams and invest in their continued growth? Listen to Chloé's advice on developing a human-centered perspective in security management and workplace culture. Connect with Chloe! ~LinkedIn Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Where can organizations find specialized candidates for millions of unfilled security jobs? How can the right approach to training help increase employee retention and close the notorious cybersecurity skills gap? Kevin Hanes, CEO of Cybrary, shares why investing in people is a vital part of reducing risk. Learn how you can effectively prioritize diversity in the hiring process and support the growth of people who value the continuous educational journey that is cybersecurity. Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
How can purple teaming benefit your organization? When red teamers like Matt Mullins collaborate with blue teamers like Owen Dubiel, you know you'll get a thorough and cost-effective assessment of your security environment. Listen to Matt and Owen share their strategies for successful purple teaming design and implementation. Plus, hear about their new Cybrary course campaign where you'll learn real-world adversary techniques before enhancing detections. Check Owen and Matt's Threat Actor Campaign series, where you'll learn the tactics and techniques used by real-world adversaries! ~Threat Actor Campaigns Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Ransomware attacks impacted 66% of organizations in 2021. As threat actor groups like FIN7 take advantage of expanded networks, security weaknesses, and human trust, it's more important than ever to keep up with their level of prowess. Cybrary's "enterprise defender," Owen Dubiel, and "chief thief," Matt Mullins, discuss how their cybersecurity work experiences informed their Ransomware for Financial Gain course series modeled after FIN7's techniques. Follow each part of their attack scenario that lets you emulate adversaries before enhancing your detections to reduce your risk of being the next ransomware victim. Why choose between the red and blue teams when you can do both? Check Owen and Matt's Threat Actor Campaign series, where you'll learn the tactics and techniques used by real-world adversaries! ~Threat Actor Campaigns Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Ready to get hands-on with Cybrary's ten bite-sized OWASP Top 10 courses? Legendary instructor and penetration tester, Clint Kehr, shares what you can expect in his scenario-based training courses that prepare you to exploit real-world web application vulnerabilities. Hear what's new in the 2021 OWASP Top Ten List, including category revisions, position ranking adjustments, and a whole lot of freshly-mapped CWEs. Plus, learn how Clint and the CyDefe team worked to bring you custom lab exercises that challenge you to think like a pen tester. Enroll in all of Clint's phenomenal OWASP Top 10: 2021 courses! ~A01:2021 - Broken Access Control ~A02:2021 - Cryptographic Failures ~A03:2021 - Injection ~A04:2021 - Insecure Design ~A05:2021 - Security Misconfiguration ~A06:2021 - Vulnerable and Outdated Components ~A07:2021 - Identification and Authentication Failures ~A08:2021 - Software and Data Integrity Failures ~A09:2021 - Security Logging and Monitoring Failures ~A10:2021 - Server-Side Request Forgery (SSRF) Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
The Okta security breach has gained considerable attention since the company's public disclosure of the attack on March 22nd, 2022. As debates continue on the timeliness and effectiveness of the organization's response, we at Cybrary want to elevate the discourse on how to foster smart, sustainable, and empathetic approaches to cybersecurity risk management. On this episode of the Cybrary Podcast, listen to the thoughtful advice of Cybrary's CEO, Kevin Hanes, and Senior Director of Content, Will Carlson, as they discuss how all organizational stakeholders can align on incident response strategies. Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
In this episode, Rachael is joined by Ryann Morrow, Senior Director, Sales Development at Cybrary, a cyber security professional development platform that provides IT and security professionals with the knowledge and skills to achieve their career goals. Ryann joined Cybrary in 2019 and in 2020, Cybrary won an OpsStars Award for Highest ROI Program of the Year for driving a 133% increase in pipeline in just one quarter after a major project to automate their go-to-market processes. In this episode, Ryann shares how she took her sales development team from survival mode to a thriving organization, by aligning with big picture business goals.
During unprecedented times when cyber and kinetic military actions coalesce, what can we learn about the evolving nature of warfare? Mike McLellan and Rafe Pilling join us from the Counter Threat Unit at Secureworks to discuss the latest cyberattacks in Ukraine. What is distinctive about these emergent types of wiper malware, and how can we better discern the objectives of threat actors? Get advice from the security research experts about how your organization can enhance defenses and incident response planning in the face of new threats. Read more about this subject in our blog post: ~Cyberwarfare: Evolution and Impact on the Russia-Ukraine Conflict Check out Cybrary Now!!! ~Cybrary Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Come on over to the dark side with Matt Mullins, the red teamer and penetration tester who is here to help you think like an adversary. Cybrary Course Manager Jenn Barnabee talks with Matt about his Cybrary courses that teach you how to exploit and mitigate the latest critical vulnerabilities, including Log4j, HiveNightmare, and more. Considering a path forward in offensive security? Then you'll love hearing about how Matt's career aspirations evolved from Buddhism studies to the "Help Desk Farm" to penetration testing. From zen to ZAP, he has a lot to share about taking risks and learning new tools! Enroll now in Matt's Cybrary courses! ~Exploitation and Mitigation: Log4j CVE-2021-44228 ~Exploitation and Mitigation: HiveNightmare (CVE-2021-36934) ~Exploitation and Mitigation: InstallerFileTakeOver (CVE-2021-41379) ~Exploitation and Mitigation: MSHTML Vulnerability (CVE-2021-40444) ~Cybrary's MITRE ATT&CK TTP Course: SSH Authorized Keys Check out Cybrary Now!!! ~Cybrary Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Ready to defend your organization against the widespread PolicyKit vulnerability that experts are comparing to the Log4j flaw? In this episode of the Cybrary Podcast, Raymond Evans, CEO of CyDefe Labs, discusses his latest Cybrary course on Polkit CVE-2021-4034. By exploiting this flaw, just how easy is it to gain root access on a target system? What can we learn from this vulnerability about the value of penetration testers and open-source software? Find out in this podcast and in Ray's course! Enroll now in Ray's newest course! ~Exploitation and Mitigation: Polkit CVE-2021-4034 Learn more about Cybrary's partnership with CyDefe: ~https://www.cybrary.it/catalog/vendor/cydefe/ Follow CyDefe Labs on Social Media! ~Twitter Check out Cybrary Now!!! ~Cybrary Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Should we be remote? In an office? Is hybrid the answer? These questions have been dominating business news and keeping senior leaders up at night for months. There's no clear answer or one-size-fits-all solution, but we can learn from the leaders that are managing workplace policy decisions today. The latest episode of On Connection features three executives that have led very different approaches to this challenge: Chris Hanslik led an early return to the office for BoyarMiller, a Houston-based law firm. Kevin Hanes has been managing what a hybrid solution looks like for the cybersecurity platform Cybrary. And Sté Crispino leads Tribo, a Sao Paolo-based consulting firm that has always been remote, and she has a few things to say about building a strong culture in a virtual world. View the show notes for this episode, along with bios for our guests, here: https://bit.ly/3BjKHbR
In this week's episode, Nick Moran, the Founder and General Partner at New Stack Ventures, shares his insights into his firm's focus: investing in outsiders. Nick gives authentic examples, explains what he looks for in founders and why it's different from other Silicon Valley venture capital firms.In this episode, you will learn:[2:23] Getting into venture capital as an outsider[6:05] Why having creative insights is more important than building the standard Silicon Valley profile to attract investors[10:07] Is commitment to the problem combined with flexibility to customers' needs the sure-shot to startup success?[23:21] How can founders prepare for the first meeting with New Stack Ventures?Non-profit that Nick is passionate about: Wounded Warriors ProjectAbout Guest SpeakerNick Moran is the Founder and General Partner at New Stack Ventures. Nick is a proud supporter and evangelist for early-stage startups that don't fit the traditional Silicon Valley profile. He has held positions in mergers and acquisitions, strategy, and product management. He also hosts The Full Ratchet, a podcast where he interviews fellow investors and venture capital experts. Nick's passionate about non-profit organizations affiliated with veteran affairs and helping PTSD veterans.About New Stack VenturesNew Stack Ventures is a Chicago-based early-stage venture capital firm that invests in 'outsiders' - mission-driven founders with an irrational commitment to their cause regardless of location or circumstance. Its portfolio includes Cybrary, Scope AR, Tovala, Tripscout, Pliant.io, Hologram, Regroup, XILO, Urban Sky, phood, Shotcall, and Fairmarkit.Next Week's EpisodeComing up next week Tuesday in Episode 66, we invite a special guest, David Forsberg, Managing Partner at Ascent Energy Ventures, to chat about investing in innovations and imagining a more automated and digital energy industry.Subscribe to our podcast and stay tuned for our next episode that will drop next Tuesday.Follow us: Twitter | Linkedin | Instagram | Facebook
Today we are talking to Michael Gruen, the VP of Engineering at Cybrary. And we discuss building an engineering team from the ground up, how communication through Slack can lead to misunderstandings, and the personal side of the people you work with. All of this, right here, right now on the Modern CTO Podcast!
Podcast: The Secure Communications Podcast (LS 25 · TOP 10% what is this?)Episode: Ron Gula: The Future of Quantum CryptographyPub date: 2020-07-09Quantum computing isn't a reality yet, but most experts concede it is not far away. When that day comes, threat actors will have the ability to decrypt data they've stolen years before -- unless that data is protected by quantum-resistant cryptography. On this week's episode of The Secure Communications Podcast, we talk with cybersecurity investor and policy expert Ron Gula about the promises of and challenges associated with quantum cryptography. In this episode Ron is President at Gula Tech Adventures, which focuses on cybersecurity technology, strategy and policy. Since 2017, GTA has invested in dozens of cyber start-ups and supported multiple cyber funds. From 2002 to 2016, Ron was the co-founder and CEO of Tenable Network Security. He helped grow the company to 20,000 customers, raise $300m in venture capital and grow revenues to $100m, setting up the company for an IPO in 2018. Prior to Tenable, Ron was a cyber industry pioneer and developed one of the first commercial network intrusion detection systems called Dragon, ran risk mitigation for the first cloud company, was deploying network honeypots in the mid 90s for the DOD and was a penetration tester for the NSA where he got to participate in some of the nation's first cyber exercises. Ron is involved in a variety of cyber nonprofits and think tanks including Defending Digital Campaigns, the Cyber Moonshot, the National Security Institute and the Wilson Center. Quick links Check out the Gula Tech Adventures website Follow Ron on LinkedIn Read Kathleen (00:08): Thank you for joining today's episode of The Secure Communications Podcast. I'm your host Kathleen Booth. And today my guest is Ron Gula. Ron was the founder, cofounder, I should say, and CEO of Tenable. Today he is the president and cofounder of Gula Tech Adventures. Ron, you have an unbelievable bio. You know, you've been on the board of so many different cybersecurity companies. You're an active investor. You are, have served as a global fellow at the Wilson center, an advisory board member for George Mason University's National Security Institute. You have such a fascinating perspective on the cybersecurity industry, you know, too much to name. If I went through your whole bio, we could spend the entire podcast on that. But, but I'm really excited to have you here and, and get your perspective on a topic that I think is really interesting, which is quantum cryptography. Ron (01:00): Thank you very much for the the kind introduction and thank you very much for having me on the podcast today. So quantum cryptography, I, I it's, that's a topic that people should be very, very afraid of. But unfortunately we're really not doing a whole lot about it right now. So you know, assuming your users know a good bit about cryptography already, I kind of look at this problem as if somebody's collecting all of your encrypted traffic. Can they use a quantum computer at some point in the future to somehow break that traffic? And you would think that because of that threat, perhaps from quantum computers, you know, that there'd be more investment here and more awareness, but there really hasn't been. Kathleen (01:43): So let's start out by talking about the timeline, because I think this is something that, well, it's certainly something that I find fascinating. And I don't know if, if everybody understands it and maybe this is one of the reasons for a lack of investment in it, you know? We don't have quantum computing yet. What is, what is your opinion as far as when you think that it will actually be usable? Ron (02:07): So it's, it's interesting. I, I've, I've gotten a chance to spend some time with quantum computing companies and I ask them, so, you know, I ask them, so when can we break crypto? You know, when can we solve certain kinds of other problems and whatnot? And typically there's not a good answer there. And, and, and I said, well, do you think anybody else has done it? And they typically say no, because as soon as somebody has figured out how to do it, all these people are going to disappear and go work for the CIA or the NSA or a bank or, or, or, or something like that. So I think it's really difficult to put a number on, is this like a next year thing or next decade thing? And the problem kind of also overlooks the fact that you've got to collect all this traffic. Ron (02:48): Now, if you think about, if you imagine that the NSA and our adversaries have an infinite amount of storage and have infinite points to collect our data, then, then this is a problem. But, you know, the reality is that we live in a world based on physics, and, you know, a lot of these things need to be stored and kept in places. And I don't think the average person's having, they're, they're, they're having more stuff stored on them in social media, then perhaps an adversary is going to, you know, kind of come after them and collect on them Kathleen (03:17): Now, and, and, you know, I'm not a highly technical cybersecurity expert. And so my understanding of quantum the risk associated with quantum computing is that, you know, we don't have to worry right now that somebody could use it to, you know, crack, crack into some of the most protected information we have, but someday it's going to be a possibility. And I think, you know, the average person might think, well, who cares? So someday we'll deal with it then. But I guess my understanding is it's, it's more, you know, we can have that data stolen now and it can be held and eventually compromised in the future when that capability does come online. Is that right? Ron (03:57): It is a good, a good application of that is imagine you have something today that a crypt, cryptography that we all use - the TLS, SSL TLS you know, basically the, the S in your HTTPS. Technically you should be able to go and, you know, go to a coffee shop and go visit your favorite, you know, Facebook website, that's got, that's protected by that kind of, of crypto. And even if it was collected, it's going to be hard to break. But if at some point in the future, you know, somebody does come along and have an easy to use quantum computing, you might be able to do that. Now it starts getting a little far fetched. Is there a coffee shop somewhere, of course, pre COVID or whatever, you know, but it's some place that we're all using, you know, publicly collectible traffic that we could then say, well, the one day Ron Gula came in and happened to check his bank account. Ron (04:49): I have those packets that are in there and all, all set to go, you know? It's, it's just, it's when you think of all the things you have to do to protect yourself online, you know, patch, two factor authentication. This, it's just not the top of list for most people. And if they want to, they can just use their own, you know, a VPN, a product that you guys offer, right? Where I've done my key exchange ahead of time. You know, granted, you might be able to collect those packets and, and do it, but now you're, you're still a much harder target than people who are just relying on the cryptography from the web applications that they're using. Kathleen (05:26): Yeah. And it seems like for the average person, the notion that somebody could steal my data now, and, you know, 10 years from now, they could crack into it, I would think, so what? Like, my credit card numbers will have changed by that point. Who knows if I'll be at the same bank? Like, it almost, it doesn't seem like much of a risk to me, but where I think it gets really scary is when you think about data leakage from a place like the NSA, which, which has been compromised, you know, and there has been information stolen out of there, and maybe somebody can't process it and get into it right now. But, but if 10 from now, they're able to discover the identities of certain people or, you know, different programs that the U S government has, that then becomes a truly frightening prospect it seems. Ron (06:08): It is. And again, it's hard to be a, you know, a cybersecurity pro, cyber security person and say like, this is just not that big of a deal. But for me, I used to be like, Hey, look, this is a big problem, right? Computer's gonna be a lot faster, whether they're quantum or not. And, but at the coffee shop, you know, with using your quantum resistant cryptography, chances are the, the, the 20 dollar lock on your house that you bought from Home Depot, somebody can bust through that and put, you know, sniffers in your house you know, but little bugs that can get the same kind of information that you're trying to protect. So the question is really is, you know, when you bring that over to a large enterprise, it's, it gets, it gets interesting. It's just not the number one thing that people are working on. Kathleen (06:53): So given that the differences in the kind of, the level of risk and the implications of a compromise, do you think that, where, where do you see most of the work coming from on, on quantum resistant cryptography? Is it, do you see a lot of it coming out of the government or being funded by the government, or do you see more of it coming out of the private sector? Ron (07:15): So, so the biggest innovation I've seen in quantum resistant sort of security is, is this concept of, of multipath communications or shredding. So if I'm going to go from point A to point B, and you're assuming that your adversary is collecting on you between those things, if you can take a thousand different routes, every second, you're going to minimize the amount of data that they can collect on you. And of course, they're on your computer. Your computer is compromised. It's not going to help you, but neither will quantum resistant cryptography. And similarly, you know, if you're worried about data at rest, and you've got a one MB file, if you had a, like a hashing algorithm or a way to just physically separate that file into many, many different places - a little bit on Amazon, a little bit on Google, a little bit on your USB drive - you know, whatever, whatever that combination is, an adversary would then not only have to be able to break, your crypto, like get access to all of that, that data, that data. So the strange thing is, I've been pitched a bunch of companies like this, and there's pretty cool things. And I just, haven't seen a lot of people jump on this because they're on this mindset that the future is basically endpoint cryptography, or endpoint computing and cloud computing. You know, there'll be no CASBs in the middle. There's no, it's just about that secure access between where I need to go and where I need to go. And they're not worried about, you know, making sure that it's crypto or quantum resistant at that point. Okay. Kathleen (08:37): What do you think is, needs to happen to change that? Ron (08:42): There's gotta be a little bit more, I think, demonstration of this. And unfortunately, you know, the demonstrations we are getting is that when we break crypto, it's usually a software bug, right? Someone's figured out a way that they can see the CPU, change a crypto algorithm, extract keys, extract that, that type of stuff. But the problem is, is that, you know, just doing basic cryptography is so hard. You really have to understand who has access to your keys. You have to rotate keys, you have to do all those things. And I always like to point out that a lot of people got into cybersecurity came out of the military. They were key custodians, right? They were the people who would re-key the point to point bulk encrypters. They would, they would do things like change the codes for, you know, for duress, the duties got protocols for changing these different things. And the commercial world, private citizens, they have no concept of that. Ron (09:29): Right? I mean, I, I know people who have bad passwords to get into their password manager, you know? It's like, that's not the point, you know? So, so that's my concern is that, you know, we've really got to level up, a lot of basic hygiene things before we go tackle this. Now don't get me wrong. If, if tomorrow you know, Facebook or, or, or, or Amazon, or, you know, whoever has got more advanced, you know, ways for us to authenticate and, you know, encrypt as we, as we connect to them, you know, I'm, I'm, I'm happy with that. But in the meantime, you know, I still recommend people, like, if you're concerned about this, you should be buying products like Attila. You should be buying products that where you control your own infrastructure and then make use of what you control, because you can't just control everything else. Kathleen (10:17): So who's, who's doing really interesting work in the field of quantum cryptography? Who's out there kind of at the cutting edge? Ron (10:26): So there's, it's a little bit like the supercomputers, right? And so they, they every, every month or so you hear, Oh, the Japanese have got the world's largest supercomputer or the Russians do, or the Chinese do. Right? So the quantum folks are doing, doing interesting things. So the quantum computing folks, you've got here in Maryland, you've got that. Everybody's got a project because there's such interesting things. And, you know, I get to watch a lot of science fiction and, and play a lot of science fiction. You know, like World Builders. I'm playing Expanding Universe 2 right now. And it's kind of like Civilization, right? And quantum computing is usually one of the things you unlock that gives your, your race or your species, you know, magical powers. The problem is that the promise of what the quantum community just hasn't, it hasn't delivered yet. I think if anybody has broken it, you know, or they haven't done a lot of a lot of practical things with it just yet, that we've, that we've seen. Kathleen (11:19): So do you think it will be broken at the nation state level or in the private sector? Ron (11:22): Yeah. These are very, these are it's um, so without trying to sound too negative, so venture capital people talk to each other and you know, why would you invest in this company? Why would you not invest in this company? And it really tracks, the quantum computing, it's really tracking like healthcare research, where it takes a long time. There's a lot of PhDs in involved. A lot of universities involved. A lot of research. I mean, this is not true trivial stuff that you're going to do in your, or your, your garage. You're talking, moving atoms your, and then getting them to do things, things, and compute. And it sounded like wasn't that what a chip is? Like, Oh, the science is a lot different. Ron (12:07): I was very lucky. One day I got to visit one of these, these super computing, quantum computing companies. And there was another visiting fellow and, and this person had been to like nine other places. I got to hear about all the different kinds of, I'm dated because it's only two years ago. But at the same time, this could be a 20 year journey before we have a practical computer that you can buy in your, your you know, in your house. And it reminds me of when you, when you go and you see these, these quantum computers, you, you're like, where's the computer? They don't look like computers. It's telling you, there's a couple of these organizations. Ron (12:50): They show basic things like, show me how to code the traveling salesman problems. And I'll, I'll get the look like, no, we're not, you know, we're not really there yet. It's something I think is, is worthwhile to do. And if we're going to talk, talk a bit about quantum encryption and a bit about, there's this third area about quantum communications, where you can basically encode you know, the photons, the wave lengths in a certain way. Possibly you can, you can change a quantum object here. Maybe you can, you can stimulate it moving on the other side of the universe as a form of communications. I would love to see that. Everything I've seen has been snake oil. So, you know, I'm all for that kind of stuff, but it's, it's, it's not ready for commoditization in prime time just yet. Kathleen (13:37): Yeah. Now how accessible, if, if somebody is concerned about this and they do want to take steps now to try and protect their data, how accessible is quantum resistant cryptography now? Ron (13:51): Well, one of the reasons, so it's very accessible. You know, one of the reasons that the venture capital community has not jumped on this, it's because the cryptography becomes an OEM type of type of market. And before, you know, I get jumped on for, not from you, but know my business model. There's nothing fundamentally wrong with that. Ron (14:20): I have to do similar things. I probably have been pitched the last three, four years, probably about maybe 10 or 11 different quantum crypto library companies, where they actually don't sell anything to a direct customer. They sell it as a third party. Like a you know, w which is the believer that it's the right thing, because, you know, photography is hard. What you want is you want a team of really, really smart people who that's, all they've done. They focused on the cryptography has been vetted by the U S government. You know, that, that that sort of approach, the problem is that if they're out there selling well, licensing a library, it's not a huge, a huge thing. Back in the late nineties, early two thousands, I remember that you know, ISS, for the product that they were doing, they switched to elliptic curve cryptography to you know, communicate with their agents. And it was more resistant and that kind of stuff. Didn't really make a lot of difference I think for, for, for people that were like, okay, that's cool. That's, that's, that's better crypto, but, you know, does that really make you a better, a better security? And you would think it would be, especially since people do break into security products, but the market didn't, the market could have cared less. They want easier to use products. They don't really want, you know, that kind of stuff, but that's kind of where we're at right now. Kathleen (15:31): That's so fascinating. I mean, I think it's, it kind of applies to a lot of security, the sense that, you know, while we know there are risks out there, we just choose not to protect against them. It's, you know, it's like buying insurance, it's the same principle. It'll never happen to me. It's not going to happen anytime soon. That sort of thing. So I'm, I'm curious to see, what's going to take place that will prompt more of an interest in this. Ron (15:54): Yeah, what's going to happen, in the United States, it's NIST. N I S T is the group that does that. You've probably heard of it. DES encryption and triple DES, and then there was AES encryption and, and NIST does bake offs the same way that the air force does bakeoffs, like we have the F22 Raptor aircraft. But, but what do we really want? And this has got a lot of input from the NSA. They got a lot of very, very smart mathematicians and they're baking off these algorithms. And you know, I haven't gotten a recent update, but almost every pitch I get is like, Oh, we're part of the bake off for NIST. We were, we won this, this, this part of it. That's great. That's awesome. Kathleen (16:45): Yeah. Demand just needs to follow, I guess. Ron (16:49): It is. It's, it's one of those things where you, you know, like, let's say I got a tip from somebody who had a breakthrough in, in cryptography. You almost don't want to touch that because historically, that's where, you know, something's wrong and you, you miss a leak, you miss some sort of entropy sort of, sort of where you can actually decrypt it. And now crypto is the NSA because they have enough people to do the peer review and, and literally red team it and attack it. And I think that's very apt in these kinds of things. If you're a small company, a 10 person company, and you're coming up with the next generation, you know, quantum resistant, crypto, great prov it. You know? Go to NIST. Go to all that stuff. And, and then even after that, what's your business model? Like, why is your crypto going to be that much better than, than, than everybody else? Kathleen (17:44): Yeah. Well, it sounds like the U S government will lead the way, at least in creating demand if, you know, for it to protect itself. And then, and then it sounds as though that that could roll out a form of standards or regulations that would eventually bleed into the private sector. Is that accurate? Ron (18:00): Yeah. It's, it's, it's, it's very accurate. Ron (18:12): There's like satellites, if you've did right. It's, it's there. But when you're, when you're in space and when you're, you're there, know that's, that's weight on that device. So, so there's believe it or not, you know, there's a really a need for just encrypting in general. And it can even be bad encryption, but there's a lot of stuff that's, un-encrypted, that's, that's, that's still going on today. Actually, we have more encryption everywhere that you know, we have a lot of other things that were, that are in the clear now, that are not so much in the clear. Kathleen (18:42): Yeah, yeah. It's fascinating. I was talking to somebody the other day about IOT and it sounds like that's one area that, that is incredibly vulnerable for that same reason. Ron (18:52): So not only with IOT, do we have an issue where the device itself might have not been coded securely, but the protocols that'd be an inline when, if you look at something like SMB version three, which is very enterprise ready and has all sorts of which of levels of, of cryptography, you know, kind of built into it, you know, you just don't see that, you know, and, and talk to the cloud and we're going to give you a web interface, or a mobile app to talk to that cloud, you're hardly ever, so we need to reverse engineer it. With like one of your portfolio companies, you know, Refirm Labs from DataTribe there, you know, they find tons of stuff in IOT devices, all, all the day. Encrypt, you know, can, can you encrypt that better? Can you keep it, what's being collected half the time? So, so that's kinda where I'm seeing that market at right now. Kathleen (19:53): Yeah. Now, switching gears, you are an investor, you, as you mentioned, you get pitched by a lot of companies. You see a lot of technology. Is there a particular cybersecurity technology that you're really excited about right now? Ron (20:12): My friend's at DataTribe have some of my favorite companies. So way, the way I like to talk about it, is that, you know, I've done two companies. I've done Network Security Wizards, which was a network intrusion detection company. We did Tenable Network Security, which is cyber, you know? Ron (20:36): And swim lane. And after I left Tenable as an investor, I really got to explore. There's Huntress Labs. Huntress Labs is really focused on the SMB and finding malware, or finding back doors, finding, you know, phishing, phishing targets, you know? I find that very exciting. It's not about just their detection is it better than, you know, a Crowdstrike or a Sentinel One. It does it. Cause when, when you're dealing with a dentist office, it's a such a different mindset than, you know, dealing with like a bank, you know? Where we're, where they've got, you know, so I'm enjoying stuff like that. I'm, I'm really enjoying a lot of the different ways we can solve some of these problems. Some of the things that, that we've invested in is like cyber education. So if you look at the work that we're doing with Cybrary and you extend that to people like Catalyte, you know, that's, that's really interesting. The ability to use AI and, and, and create, you know, developers and IT teams, or in Cybrary's case, you know, the development or the ability to really, you know, pull people either from you know, inner city, retiring veterans, just anybody who's got a, access to the, to the internet, you know, into the cyber you know, career is, is just, is just really, really fun stuff. Ron (22:05): So it's, I think my biggest frustration sometimes is I'll, we'll invest in a certain category and somebody will solve it a certain way. And then another company will come along and solve it almost completely differently. Then we're sort of like, okay, well, do we want to invest in both of these companies, because they're going after the same dollars. Kathleen (22:27): Yeah. Ron (22:34): On the cloud, like Cloud Flare, or are you going to be in like a contrast, you know, and those two completely different businesses, well, security, it gets, it gets in there. That's the world I get to live in. And I really enjoy helping people think through that. And you know, hopefully we're making a difference and invest in the second and third tier here. Kathleen (23:02): Well, I love that you're involved in so many different education organizations and, and trying to kind of bring up the next, the next generation of cybersecurity professionals. I also love that you've been in business with your wife for so many years. Fun fact, I owned a company for 11 years with my husband. And so I feel like we could have an entirely separate podcast episode just on, just on working with your spouse, but I think that's, that's fantastic. And I love that story about what you guys are doing. Ron (23:30): So it's, it's funny you know, a lot of people know our story. You know, Cindy didn't get sort of the cofounder or on the web sort of, sort of u, you know, I had it explained to me, if you look at the, just for example, the divorce rate, you know, that kind of stuff, there's just, there's a, there's a 50% chance one of you is going to get divorced and leave the company and it, and that's a real risk. I get it. I get it. Having said that though, now that we've been a lot more public about it, I'm finding like you, you, you did business with your husband. I'll find a, to a brother's team, you know, that, that, that are working together. Now, brothers don't get divorced, but you can have fallings out with your families and stuff like that. I find that if you can make it work, it can be a very, very strong thing. But whenever we do sort of like off the cuff marriage counseling or anything like that, it's not like, Hey, why don't you, you guys go start a business. That'll solve all your, you know, all your things. But, but yeah, no, glad that, glad you brought that up. Kathleen (24:35): Yeah. I think going into business with anyone is kind of like getting married. Like, you have to be a phenomenal communicator and you've got to talk about everything to make it work. I always say that my greatest accomplishment in life is that I'm still married after 11 years of business partnership. So you're right. It's, it's, it's great. You have a level of trust you can't get with somebody you know, somebody else, who's not your family, so fantastic. Well, I really appreciate you joining me for this episode. It was, it was fascinating. If somebody wants to learn more about you and some of the work you're doing, where should they look online? Ron (25:12): So we maintain a webpage at gula.tech. We have a list of all the portfolio companies, including the DataTribe companies like you guys. And you know, we blog a good bit about podcasts. I'll be putting this on our blog eventually. And then you know, if they want, I do, I do post pretty pro, a good bit on LinkedIn, a little bit, you know, business. You gotta keep it on LinkedIn, but I appreciate anybody that wants to look us up. So let us know. Kathleen (25:48): Fantastic. Well, I'll put those links in the show notes. And if you're listening and you enjoyed this episode, please consider leaving the podcast a review on Apple Podcasts or wherever you choose to listen. And we want to hear from you. If you have an idea for a future episode, tweet us at @Attilasecurity. Thanks for listening. And thank you, Ron. Ron (26:06): Thank you.The podcast and artwork embedded on this page are from Attila Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.