Podcasts about NowSecure

Katie Bochnowski is the Senior Vice President of Customer Success & Services at NowSecure. Katie shares her journey from studying cyber forensics at Purdue University to becoming an expert in mobile app security and forensics. She discusses the impactful work her team does in securing mobile apps, especially in the medtech industry. Katie also offers valuable advice on building relationships within organizations, the importance of security best practices, and staying curious as a professional.  Guest links: https://www.linkedin.com/in/katiestrzempka/ | https://www.nowsecure.com/ Charity supported: Save the Children Interested in being a guest on the show or have feedback to share? Email us at theleadingdifference@velentium.com.  PRODUCTION CREDITS Host & Editor: Lindsey Dinneen Producer: Velentium Medical   EPISODE TRANSCRIPT Episode 070 - Katie Bochnowski [00:00:00] Lindsey Dinneen: Hi, I'm Lindsey and I'm talking with MedTech industry leaders on how they change lives for a better world. [00:00:09] Diane Bouis: The inventions and technologies are fascinating and so are the people who work with them. [00:00:15] Frank Jaskulke: There was a period of time where I realized, fundamentally, my job was to go hang out with really smart people that are saving lives and then do work that would help them save more lives. [00:00:28] Diane Bouis: I got into the business to save lives and it is incredibly motivating to work with people who are in that same business, saving or improving lives. [00:00:38] Duane Mancini: What better industry than where I get to wake up every day and just save people's lives. [00:00:42] Lindsey Dinneen: These are extraordinary people doing extraordinary work, and this is The Leading Difference. Hello, and welcome back to another episode of The Leading Difference podcast. I'm your host, Lindsey, and today I am absolutely delighted to introduce you to my guest, Katie Bochnowski. Katie is Senior Vice President of Customer Success and Services at NowSecure co-author of the book, "iPhone and iOS Forensics," and a recognized expert in mobile forensics and app security testing. Katie holds a master's in Cyber Forensics and Bachelor's of Science and Computer Technology from Purdue University. In her current role, Katie oversees customer support, onboarding and success departments, as well as the mobile AppSec Professional Services Organization that is responsible for pen testing, training, and consulting. All right. Well, welcome. Thank you so much for being here. I'm so delighted to speak with you today. [00:01:37] Katie Bochnowski: Awesome. I'm really happy to be here. [00:01:39] Lindsey Dinneen: Excellent. Well, I would love, if you wouldn't mind just starting off by telling us a little bit about yourself, your background, and what led you to medtech. [00:01:48] Katie Bochnowski: Awesome. Sure. So, I'm Katie Bochnowski. I work for a company called NowSecure. My background, dating back many years to school is in computer technology and more specifically cyber forensics. Where I am now is mobile app security. How I got into that industry is, is really from that forensic background. Our company used to do data recovery and forensic investigations on mobile devices, and we kind of quickly realized that mobile apps are storing a lot of data. So we shifted into proactively working with organizations to secure those apps that reside on devices. And in terms of medtech, obviously you can probably make that connection, but we began working closely with first, companies that really care about the data that's being stored, and transmitted on those apps, which absolutely includes medtech industry. [00:02:43] Lindsey Dinneen: Awesome. Okay, so going back a little bit. So when you were first deciding on college paths and career paths and all those lovely things, what drew you to where you ended up? [00:02:55] Katie Bochnowski: You know, I don't have a great, like "aha" moment for this question. It was just one of those things. I grew up, I had a computer in my house. I did Typing Tutor when I was really young on MS Dos, and I just always en enjoyed that. I had a friend in high school and we both got interested in making our own website with HTML. So, it was just enjoying being around computers and also tinkering to figure out what was wrong with something from a technology perspective. Purdue is where I attended. Purdue had a more generic computer technology degree that I didn't have to know exactly what I wanted to do. You could try different paths, so that's kind of what got me into it. It's not like I knew I wanted to do that my whole life, but I never really went back or questioned it. I always just kind of enjoyed it along the way. [00:03:45] Lindsey Dinneen: Yeah. Excellent. Okay, so the phrase cyber forensics is just exciting. So, can you dive a little bit more into exactly what that means and entails and what it looks like? [00:03:57] Katie Bochnowski: Yeah, absolutely. So, it is exciting- -so much so, in fact, that my senior year of college, the very first time they offered this class, it was called Cyber Forensics, it was an elective and it sounded amazing. And, it was amazing. It was really cool. We went through from start to finish, how you collect evidence from a computer and technology perspective, how you keep it pristine, how you collect the data off of it. We even got to work with local law enforcement as part of an internship to do all that, so I was very lucky in that my very last semester of my four years, they offered this and I just really, really liked it. It always was there in the back of my mind. So yeah, cyber forensics is really the collective of all things digital, which is everything, now. I don't do, necessarily, that work anymore, but I can't even imagine all of the data collection off of Alexas and, and all of those devices. But yeah, that's, that's kind of how I got into that. [00:04:56] Lindsey Dinneen: Wow, that's really cool. Yeah. So, okay, so talking about this data collection and all of these things, I'm curious, what are maybe one or two things that just really surprised you when you started getting into the industry and doing the work? [00:05:11] Katie Bochnowski: I know people always said this, and it shouldn't have been a surprise, but when I first started working for NowSecure-- which was actually called Via Forensics back in the day when I first started-- we worked on a lot of individual cases, so people saying, " Can you recover my deleted text messages, and pictures..." and things like that, and the amount of data that really does reside on those devices still after you delete them, going back months, years. So, I don't know if that's still the case now. I don't know if they do a better job of that, but that was surprising to us. What was also surprising was how much apps are storing and transmitting data on those devices when you don't think about it. So a lot of these cases that we would work on, they would focus so much on voicemails, emails, photos, and text messages, but nobody ever said, "Hey, can you go check the Facebook app or the Messenger app you're using?" That was something we realized pretty quickly, and were shocked to see-- this was 15 years ago-- how many apps were storing incredibly sensitive information on those devices. [00:06:20] Lindsey Dinneen: Yeah. And so now that there's more awareness of this and people are maybe, hopefully taking a little bit more ownership of even their own awareness and education with all of it, what do you see are the changes and shifts towards better protection? [00:06:38] Katie Bochnowski: Yeah. Great question. So there's a couple things: One, people are more aware, so they are leveraging the best practices really for these things. So there's places you should and shouldn't store data on devices, and you should use encryption for sensitive information and encryption that can't easily be broken into. The platforms themselves, too--Android, iOS-- have also made improvements in protecting those sandboxes. But, it's not everything, so you absolutely still have to be mindful of that. A lot of organizations like medtech companies and financial organizations do add a lot of those extra protections. But a lot of people don't, still. They're not either, don't think about it as much or aren't aware of it. And then the other thing that we see is everyone could have, you know, a hundred percent perfect intentions in storing and protecting that data, but you make a mistake, or you accidentally leave a debug flag on or something like that, where this information still can be accessed even though developers and security organizations are following the best practices there. [00:07:51] Lindsey Dinneen: Hmm. Yeah. So as you look toward the future of device security in general and cybersecurity, what are you looking forward to in terms of improvements, and hope for the future? Because I know there's a lot of things to worry about, just in life. But, what are some of the things that you're hopeful about? [00:08:11] Katie Bochnowski: Yeah. I'm hopeful for the--I'm going to call it the camaraderie--we're seeing between security and development groups. Not that there was argument or debate between them before-- there probably was a little bit-- but we are seeing a lot more organizations have what they refer to as a Security Champions Program, which brings those groups together. Security used to be seen, and probably in a lot of cases still, is seen as that blocker. Developers are being rushed and pushed to release features quickly. They have deadlines, timelines, and then if security finds an issue, it has to go back to the drawing board to remediate. But, with these programs, we're seeing either a development group that has a security champion there, or just teams kind of melding together a little bit more to build that testing earlier on. That's a trend we're seeing increase more and more. And, I believe that's going to only continue because it's just the right thing to do for everyone all around. [00:09:12] Lindsey Dinneen: Yeah, and that collaboration piece is so critical to eventual success, or hopefully even shorter-term success, like said, so that there's not as many iterations. It's like, "No, let's just integrate and do this from the start well together." Yeah. [00:09:27] Katie Bochnowski: Yep. [00:09:27] Lindsey Dinneen: Cool. Okay, so, you started with NowSecure, and then eventually you got your first medtech client. Could you talk about that experience? [00:09:36] Katie Bochnowski: Yeah, absolutely. Actually, before I even started with NowSecure, I worked for a Fortune 100 company in their security department doing firewall rule management. And, it was all good and everything, but I remember thinking throughout my career, I'm the type of person that likes to do things meaningful, making an impact on people. So, for many years, I was like, "Okay, what am I doing? I'm just executing firewall rules, I'm recovering data..." That's why the forensic work was so appealing to me because you were actually helping assist with investigations that mattered. Then, getting into the mobile app security industry was certainly important, but it took it to a whole new level for me when we got our first medtech client. I remember going on site and seeing some of the things that the apps can do in conjunction with medical devices, implants, et cetera, and thinking, "If you get this wrong, this can impact a human life." That helped bring all of this to a whole new level, and it's something I talk about internally within our organization as well to help people understand how meaningful it is --what we do, what the medtech industry does, and how important it is to get security right. It's just helped me with a new perspective. I love working with our medtech industry clients. It's contagious to be around them and see how much they care about what they do, and, how important it is to their lives --makes an impact on the way I work as well, then. [00:11:06] Lindsey Dinneen: Yeah, I love that. I think that's so true. I get so inspired by even just talking with these incredible founders, their devices and their heart behind why they're doing what they're doing. It's not an easy road so choosing to do so, and then hearing that passion is what drives them sometimes in those crazy late nights, early mornings, hassle in between, you know? So you started getting medtech clients, and now you've developed a niche offering for that group. I'm wondering, what are some of the common themes that you see companies maybe aren't aware to consider when they're starting their development of their devices and apps? And, perhaps just some general advice: What should people be on the lookout for? [00:11:50] Katie Bochnowski: Yeah, so I guess you-- I shouldn't say unique, but specific to organizations like medtech industry or, financial or healthcare and the apps they build-- is that highly sensitive information. And so I guess my advice and the thing I would point out that I see in those types of applications is not only, of course, best security practices and understanding what's unique in mobile is super important because web apps have been developed for many, many years. Mobile apps now have been many years, but people don't necessarily know that it is unique in the way that they are developed and the different attack surface, right? You have the local device attack surface. You have the attack surface of other apps that could be malicious that are installed on that device. So, understanding what those mobile unique security best practices are is my number one piece of advice for developers. Number two would then be multiple layers of security protection. So, developing a secure app is one part of it, and a very important part of it. What we see is a lot of organizations sometimes are dependent on either the protections of the device OS itself--the Android OS protections or iOS protections. And, there are tools out there that offer protections like tamper detection: If you detect the app is being tampered with, don't launch it. If you detect the app is installed on an exploited, rooted, jailbroken device, don't launch it. Or, don't allow login. Those are important, but those can be bypassed and so I say multiple layers of protection. I'm not against those protections. I think they're very important. I think you should do them, but you should also assume in some cases they can be bypassed, and you need to have that foundational security in the way you develop your applications. [00:13:48] Lindsey Dinneen: Yeah. So, you've had a really interesting career so far, and I'm sure you've seen a lot of things over the years. What are some moments that really stand out to you, especially with your medtech clients, as, as hitting home that, "Wow, I am in the right place at the right time, making an impact." [00:14:09] Katie Bochnowski: I think it's hard because it's not like there's one single moment. Because what you want to avoid in this industry is a breach, is something like this "oh my gosh," this big negative moment. And so honestly, it's seeing the organizations we work with, not having that happen. When you do see a breach that might be mobile-specific, I immediately jump in and see, "Okay, what happened? How did they exploit this? What was the actual vulnerability that led to this?" We check for that, and we help our customers test for that and knowing, "Okay, whew. They're covered." And we see that kind of stuff all the time. So I don't have, necessarily, a big moment, but I do have those moments along the way where it's like, you see something in the news, and you are not surprised by the way that was exploited. It's something that is foundational to mobile app security, and you know your customers are protected. [00:15:09] Lindsey Dinneen: Yeah. Well, that's a really good reminder in general because sometimes you get those big, crazy, sort of in-your-face moments that are going, "Yes, okay, I know why I'm here." But then, those don't happen all that much, usually. So having those little encouragements along the way of, "No, you're on the right path, you're doing the right things is incredibly... [00:15:30] Katie Bochnowski: It's funny; it actually reminds me of sometimes we'll work with customers and they'll use our products or services--and, they'll be upset because we haven't found anything in a certain amount of time. Seriously. And they're like, "You must not be testing enough" or " You haven't found anything high risk in six months." Sometimes, we have to remind them that's good. "Green is good," is what we always say. "Green is good." And, of course you want to check and make sure you're doing everything, in depth as possible. But, if you do a full two-week pen test and nothing big is found, that's good. You're doing a great job. So, take the win. Green is good. [00:16:07] Lindsey Dinneen: Green is good. I love it. Words to live by. You have had a really interesting trajectory even through NowSecure, but throughout your career and you've stepped into different kinds of leadership roles. I'm wondering how has that evolution been for you as a leader? What are some of your key takeaways that you've discovered work really well, and maybe some lessons learned? [00:16:29] Katie Bochnowski: Yeah, so I was not the person coming out of college that said, "I want to get my MBA, I want to be a CEO, I want to be, you know, high up in an organization." I just knew I liked computer technology, I liked tinkering--that kind of stuff. So I wanted to do things that were interesting. Via forensics, and now, NowSecure really was amazing for me because I got to do all of that. I got to grow with the company. I was really the first employee with the co-founder here, and as the company grew, I naturally started developing the managerial and the leadership roles as we hired more people and got more clients. So for me, I learned on the job, along the way, and when I think about it, I see people that are very ambitious to be a manager and, that's okay too. The best leaders that I've seen have been leaders that have naturally and organically developed a mutual respect, trust, and collaboration with their teams, seeing them as partners and peers and not someone to delegate things to in an authoritative way. And that's not just necessarily from a managerial perspective, because I see individual contributors, on my team for example, that exhibit amazing leadership skills, developing those relationships with other departments. And when you do that, you get-- I don't mean this in the way it's gonna sound, but you get people to do things for you because they want to, because they want to support you. And so that's what I always like to focus on is, just building those relationships, having empathy for other people. And, of course there's delegation that comes with that, but when you do that, then they want to do that for you or for the organization because you've, you've built that foundation. [00:18:20] Lindsey Dinneen: Yes. That's great advice. I really appreciate that. There were several things in there that, stood out to me. One of them was your comment about even individual contributors can be leaders, so even if you are not technically in a managerial role, or you don't have anyone working underneath you at the moment, doesn't mean you can't develop those skill sets and lead yourself and lead your own direction. So I think that's a really important note. And, something to give a little bit of perhaps inspiration, too. So if you want to be in that leadership role at some point, but you're not there yet, doesn't mean you can't build the skills along the way. [00:18:54] Katie Bochnowski: Yeah, absolutely. And I think about, I, I have heard people in the past say, "Oh, I can't go ask them to do something. I don't have the authority to do that." I hear that a lot. " I'm not their manager. I can't tell them to do that." And then there's people that don't even think that way, and just build that relationship and get others to collaborate and work with them. Those are the natural leaders that managers are going to see and want to promote to be the next manager. Right? So, if I'm gonna give another piece of advice, it would say, never say, "I don't have the authority, or I don't have the power to do that." Or "It's above my pay grade" is something that I'm like, "Oh, don't say that," because nothing is. You just need to learn to work with others to figure out how to do that. [00:19:41] Lindsey Dinneen: Yeah, and I think you're absolutely right about relationship building and collaboration being such a key to success in general. I mean, I think about all of the opportunities that are created and these sort of magical, what feel like magical, synergistic moments that happen, but they're not magical. They're because of intentionally cultivating these relationships. So yeah, I love that. And then helping people come up alongside you. So that's actually a concept I'd love to hear about your experience, either as a mentor or mentee, or anything like that that you've experienced that has really been inspirational to you. [00:20:18] Katie Bochnowski: Yeah. Well, I guess I have maybe two examples. I had someone that was working on my team many years ago and, again, we worked very closely as, I saw him as a partner and he got to a place basically at the organization where I would always tell him, "We could switch jobs, and you could do this and I could report to you and it doesn't matter," because I saw him grow that quickly. And he is now in another position that's probably double my pay and I don't know. But that's... you want to see that. And, some people might be threatened by that, but you shouldn't be, if you are doing the right thing because you want to see people grow into those roles. I don't know if this directly answers your question, but there is a leader who's a CEO of another organization who I have always looked up to, and I just see this is exactly how she leads. You know, everybody respects her. Everybody wants to support her and her mission at her company. Even when you're not working at her company like me, you just see the way she leads and the way she has built relationships throughout all of the employees in her organization. It's just something that I aspire to. [00:21:27] Lindsey Dinneen: Yeah, absolutely. And sometimes it's really helpful 'cause you'll get your share of... well I think most people at least have had the experience of getting their share of people in leadership roles that they would maybe not wish to emulate. So getting to be inspired by the people who are doing it correctly is is lovely. Yeah. Yeah. I love that. What is your number one, if you could boil it down, piece of advice for ordinary folks who are looking to up their own security game and just be more aware. [00:22:04] Katie Bochnowski: Be curious; don't wait for someone to show you or teach you how to do something. Part of what I oversee is managing a group of mobile app pen testers, and the best pen testers that I've seen are not the ones that have tons of experience or skill. It's actually, we've had two interns come straight out of school, come in and just dive into things without being asked, and just go figure it out and learn. And so be curious. Go try online exams and labs, even if you have no clue what you're doing, just try it, research and figure it out, and be curious. And I guess that's my biggest thing. [00:22:45] Lindsey Dinneen: I love it. Yeah. Curiosity gets you far in life. Yeah. I love that. Okay, so pivoting the conversation a little bit, just for fun. Imagine that you were to be offered a million dollars to teach a masterclass on anything you want. It doesn't have to be in your industry, but it could be. What would you choose to teach? [00:23:07] Katie Bochnowski: Okay, this might take a nerdy turn. [00:23:11] Lindsey Dinneen: Excellent. [00:23:12] Katie Bochnowski: And I would need a lot of education or somebody else who's an expert in this to actually teach the class. But, I've personally gotten really interested the last couple years into brain health, neuroplasticity, managing stress, and the importance of it. And, this is from a personal situation that I went through and not really understanding how just everyday, little stressors--I never saw myself as a highly stressed person. I was actually quite the opposite--but, when you internalize a lot of, just like I said, everyday stressors, doesn't have to be anything big-- arguing with my daughter every morning to get dressed before school has an impact on your body and your brain health. And it started having physical symptoms in me that got scary, right? I don't need to dive into that, but from that, it helped me in meeting with a bunch of health experts and learning that what an impact your brain health really has on you. So if I could go back and teach some of the exercises that I was given--super simple things like these little games on your app that just help work different areas of your brain that you don't normally work. When you get into a routine at work, and every morning you wake up, send your kid to school, sit down at your desk, do the same meetings, emails, you have the same routine every day--you don't have, just a change in your routine, or try new hobbies, things like that, then your brain doesn't grow and, and that affects your health, and your mood, and all of that. I've just learned so much about that, and I remember getting to a point where I was like, "Why isn't this a class, a required class, in high school, college, and beyond. It should be part of onboarding at every job. So I guess that's my answer. I don't think I'm quite qualified to teach it, but I'd love to attend it. [00:25:14] Lindsey Dinneen: There you go. You can facilitate it. How about that? [00:25:16] Katie Bochnowski: Yeah. [00:25:17] Lindsey Dinneen: Excellent. Excellent. Yeah, and how do you wish to be remembered after you leave this world? [00:25:24] Katie Bochnowski: Oh, this is the hard one for me. I think it's probably a cliche answer, but just, you know, caring for others, doing things for others, being kind-- just being a good person... [00:25:38] Lindsey Dinneen: Yeah. [00:25:38] Katie Bochnowski: ...is really all I want. [00:25:40] Lindsey Dinneen: Yeah. Very nice. And then final question. What is one thing that makes you smile every time you see or think about it? [00:25:50] Katie Bochnowski: Oh, this is also gonna be probably a common answer--my daughter, my daughter, who is six, going on 16, very much a teenager, but I remember a friend of mine telling me 'cause I remember asking her, when your child grows up, isn't it so sad that, oh, they're no longer a baby, they're no longer one, like to see them grow up. And she said, "Well, maybe a little bit. Each stage is something so new that you're so proud of, of what they've developed and grown that you don't even really think about that." Oh, and it's so true. It's just seeing her read and seeing her-- she's going to be a future leader. I guarantee it. [00:26:27] Lindsey Dinneen: Yay! [00:26:28] Katie Bochnowski: Just the way I've seen her, and so just seeing that, that pride overcomes any kind of, oh, I miss that one. But, of course, I still miss her when she was a baby. But, yeah, so that makes me smile. That and yoga! [00:26:42] Lindsey Dinneen: Yes. Yoga is so wonderful. I mean. Yeah. And speaking of ways to help de-stress, calm down a bit. Yeah. [00:26:51] Katie Bochnowski: It has helped me dramatically, for sure. So... [00:26:53] Lindsey Dinneen: Excellent. Excellent. Well, it has been a true pleasure and honor to have you here today, Katie. So thank you so much for spending a little bit of time, and we are so honored to be making a donation on your behalf as a thank you for your time today to Save the Children, which works to end the cycle of poverty by ensuring communities have the resources to provide children with a healthy, educational, and safe environment. So thank you so much for choosing that charity to support, and also thank you for continuing to work to change lives for a better world. We're grateful, and I wish you the most amazing continued success. [00:27:33] Katie Bochnowski: Thank you for having me. This was awesome. I appreciate it. [00:27:37] Lindsey Dinneen: Awesome. And yeah. Thank you also to our listeners for tuning in, and if you're feeling as inspired as I am right now, I'd love it if you shared an episode with a colleague or two, and we'll catch you next time. [00:27:52] Dan Purvis: The Leading Difference is brought to you by Velentium Medical. Velentium Medical is a full service CDMO, serving medtech clients worldwide to securely design, manufacture, and test class two and class three medical devices. Velentium Medical's four units include research and development-- pairing electronic and mechanical design, embedded firmware, mobile app development, and cloud systems with the human factor studies and systems engineering necessary to streamline medical device regulatory approval; contract manufacturing-- building medical products at the prototype, clinical, and commercial levels in the US, as well as in low cost regions in 1345 certified and FDA registered Class VII clean rooms; cybersecurity-- generating the 12 cybersecurity design artifacts required for FDA submission; and automated test systems, assuring that every device produced is exactly the same as the device that was approved. Visit VelentiumMedical.com to explore how we can work together to change lives for a better world.

Dawn Capelli, Head of OT-CERT at Dragos, unpacks the evolving risks to Operational Technology. From nation-state attacks on Ukraine's infrastructure to hacktivists targeting U.S. water systems, she explains the PIPEDREAM malware, the top five SANS critical OT controls, and how Dragos' OT-CERT program offers free resources to help organizations defend critical infrastructure now. Segment Resources: https://www.dragos.com/community/ This segment is sponsored by NowSecure. Visit https://cisostoriespodcast.com/nowsecure to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-216

We are excited to have Brian C Reed, chief mobility office at NowSecure, as a special guest on the Absolute AppSec podcast. Brian has specialized in mobile security, and his company NowSecure works to secure apps, train developers in safe mobile security engineering. As a piece of his work in mobile security, Brian has helped strengthen OWASP MASVS and ADA MASA standards. He also has experience in helping build go-to-market strategies or growth plans for a range of businesses. Be sure to tune in for the discussion and join our slack for further discussion.

In this episode of Shift with Elena Agar - I sit down with Devin Price. He is a passionate cybersecurity leader, writer, educator, and content creator with over eight years of professional technology experience. He holds a master's degree in Management Information Systems and has expertise in systems analysis, application security, penetration testing, and vulnerability management. For the past five years and counting, he has been working in the information security field helping organizations manage security risks. He is currently acting as a security technical program manager at Microsoft. In 2022, he was honored in the inaugural "Cybersecurity 40 under 40" class of 2022 by Top Cyber News Magazine. His thoughts on cybersecurity as well as his career in tech have been published in multiple publications, such as the United States Cybersecurity Magazine, Top Cyber News Magazine, and by NowSecure, Inc. In August 2023, Devin was accepted as a member of ForbesBLK, a Forbes community for Black entrepreneurs, professionals, leaders, and creatives. When he is not working, Devin enjoys speaking with both technology & cybersecurity professionals as well as those interested in breaking into either field on his "Talking Tech Podcast" YouTube channel." Check out his podcast: https://youtube.com/@TheTalkingTechPodcast?si=0GqbmX6bEbmnTmdO Connect with Devin on LinkedIn: https://www.linkedin.com/in/pricedevin/ In our engaging podcast episode, Devin Price, a distinguished cybersecurity leader and educator with over eight years of tech experience, delves into the dynamic world of cybersecurity. We explore his journey, expertise, and insights in areas such as systems analysis, application security, penetration testing, and vulnerability management. Devin, recently recognized in the "Cybersecurity 40 under 40," reveals the evolving landscape of cybersecurity and offers invaluable advice for both seasoned professionals and those aspiring to enter this field. Join us as we unravel the intricacies of cybersecurity and tap into Devin's wealth of knowledge to navigate this vital domain. About your host: From university lecture halls to global corporate boardrooms, Elena Agaragimova's journey epitomizes resilience. Her mission? To cultivate human potential, set up effective talent acquisition pipelines, and build transformative talent development programs. Elena doesn't merely train—she transforms. Whether engaging a bustling room of executives or leading a virtual session for tech aficionados, her insights ignite change. Colleagues and clients praise her knack for driving growth and empowering others, ensuring both individuals and organizations flourish in the competitive business landscape. Her enthusiasm for cognitive science enriches her strategies, reflecting her deep belief in the untapped potential of the human mind. As a current enrollee in a Cognitive Neuroscience Graduate Program, Elena broadens her understanding of how people learn, aiming to maximize effectiveness both personally and professionally. When Elena takes the stage to speak, her message resonates with audiences from New York to Dubai. As an entrepreneur, Elena co-founded Bloom Youth, a tech education platform that arms the next generation with essential future-ready skills. She also launched Bessern, a tech solution focused on enhancing productivity and well-being within organizations. Elena also hosts two podcasts. Shift with Elena Agar serves as an extension of her first book, helping people overcome the inertia found in comfort zones to make meaningful shifts in their careers and lives. Confessions of a Career Coach offers lighter but insightful fare, providing a behind-the-scenes look at her world and dispensing valuable career advice. Connect with Elena: LinkedIn: https://www.linkedin.com/in/elenaagaragimova/ Instagram: https://www.instagram.com/elenaagaragimova/ --- Support this podcast: https://podcasters.spotify.com/pod/show/elenaagar/support

In this week's episode, host Natalie Pierce interviews Alberto Yépez, Co-Founder and Managing Director of Forgepoint Capital, a leading cybersecurity-focused venture capital firm, about incorporating environmental, social, and governance (ESG) initiatives into all they do, including the firm's investing principles.Our first episode of the year highlights the growing importance of ESG considerations in the venture capital industry and the steps that firms like Forgepoint Capital are taking to integrate these principles and initiatives into their investment strategies and operations. Forgepoint also provides examples in its portfolio like CyberCube, which is taking actionable steps towards ESG goals.To learn more, check out Forgepoint's blog on ESG and get a copy of Forgepoint's ESG Handbook.

Special Thanks to our podcast sponsor, NowSecure. On this episode, Brian Reed (Chief Mobility Officer at NowSecure) stops in to provide a world class education on Mobile Application Security. It's incredible to think that 70% of internet traffic is coming over mobile devices. Most of this traffic occurs via mobile applications so we need to understand mobile application security testing, before attackers show us how important it is. This episode will help you understand: What should you be doing to secure your mobile applications? Why managing a mobile device doesn't secure your application layer? How should you vet your mobile applications according to recommendations from OWASP References: NowSecure Academy provides free mobile application security training and certificate programs- https://academy.nowsecure.com/ Mobile app growth trends and security issues in the news- https://www.nowsecure.com/mobile-app-breach-news/ Snapshot of the current risk profile for mobile apps in your industry- https://mobilerisktracker.nowsecure.com/ App Defense Alliance https://appdefensealliance.dev/ Google Play Data Safety- https://blog.google/products/google-play/data-safety/ OWASP CycloneDX- https://owasp.org/www-project-cyclonedx/ OWASP MASVS- https://github.com/OWASP/owasp-masvs

Special Thanks to our podcast sponsor, NowSecure.  On this episode, Brian Reed (Chief Mobility Officer at NowSecure) stops in to provide a world class education on Mobile Application Security.  It's incredible to think that 70% of internet traffic is coming over mobile devices.  Most of this traffic occurs via mobile applications so we need to understand mobile application security testing, before attackers show us how important it is. This episode will help you understand: What should you be doing to secure your mobile applications? Why managing a mobile device doesn't secure your application layer? How should you vet your mobile applications according to recommendations from OWASP References: NowSecure Academy provides free mobile application security training and certificate programs- https://academy.nowsecure.com/  Mobile app growth trends and security issues in the news-  https://www.nowsecure.com/mobile-app-breach-news/  Snapshot of the current risk profile for mobile apps in your industry- https://mobilerisktracker.nowsecure.com/ App Defense Alliance https://appdefensealliance.dev/  Google Play Data Safety- https://blog.google/products/google-play/data-safety/   OWASP CycloneDX- https://owasp.org/www-project-cyclonedx/  OWASP MASVS- https://github.com/OWASP/owasp-masvs 

Networking. We all hear know we need to do it but what are some of the best practices?Unfortunately, most people only network when they need something..A new job, started a new business, etc…In reality, networking works best when you've built a network BEFORE you need it.  Today we're speaking with Devin Price, Security Analyst at NowSecure as he shares his best tips for networking properly.We'll unpack his mindset towards connecting with security professionals genuinely to establish quality relationships.You'll quickly connect with Devin's passion to help other break into Cyber with the skillsets they currently have. Let's get into it! You'll Learn:Devin's journey into Cyber SecurityHow to Network with relationships in mindHow to learn about leader you want to connect with BEFORE connectingHow to utilize LinkedIn to increase your chances of breaking into CyberTips on how NOT to sell to Security leaders How adding value increases trust with your networkFull show notes HereFind Devin's Blog Here

Today's guest is Kristi Rogers, Managing Partner & Co-Founder of Principal to Principal. Go Green or Go Blue?! In this episode, Kristi discusses her roles on the board of Qualys and NowSecure as well as her involvement in the Women's Foreign Policy Group. She shares about NowSecure's work with Peloton and how ubiquitous player Qualys is evolving, mobile application security, mobile application security, the complexity of software supply chain security, what the government can do to promote our security posture, what keeps her up at night, and as always, her toughest lesson learned. 

Brian discusses the risks of under-estimating mobile app security

Hello, I'm Marina. I am a technologist, mom, leadership coach, cruciverbalist and aquarian ;) UNBOSSED IS... “Paths To Success of Amazing Tech Women in Chicago” To interview the ONLY ~40 women CTOs (out of over 700+ CTOs) in the Chicago area To interview the few female CEOs of Tech companies in Chicago To interview women in critical political positions in Chicago To focus on other women in positions of Tech leadership in/from the Chicagoland area To inspire other women and help them see themselves in these positions, so that we can step toward closing the gender & racial gap in technology I welcome you to ask questions, participate, and join me as we explore these topics by emailing me at marina@unbossed.io or visiting www.unbossed.io Available on- Youtube:https://www.youtube.com/channel/UCDTz6_FepG04QTs1BjFLBjw/ Spotify: https://lnkd.in/eUhfH8E Apple Podcasts: https://lnkd.in/e7cWtBv Google Podcasts: https://lnkd.in/enjChPt And others.. Today's Episode: Interview with Amanda Lannert, CEO at Jellyvision Amanda Lannert is CEO of Jellyvision and has been a key figure in driving the company since its founding in 2001. Her focus at Jellyvision is on the company's strategy, improving processes to better scale operations, partnership development, and customer acquisition to continue fueling the company's growth. Under Amanda's leadership, Jellyvision has grown to serve more than 1500 mostly Fortune 1000 clients with ALEX, the most helpful employee decision support platform on the planet. In 2019, 18 million employees and $120 billion dollar's worth of premium decisions were entrusted to ALEX. Meanwhile, the company has been recognized as the Best Software Company and Best Culture by the Moxies, the Lighthouse winner by the ITA, a top 10 best place to work in Chicago by The Chicago Tribune and the #1 place for millennials to work in Chicago according to Crain's. Prior to joining Jellyvision, Amanda managed global brands for Kellogg's while at Leo Burnett, in addition to spending two years in a new business and new brand development think tank. She attended Haverford College and Edinburgh University. Amanda was named CEO of the Year at the Moxie Awards in 2014 and 2015, Woman in Tech in 2016, Woman of the Year for the Chicago Rotary Club of 2018, and was recognized as 2016's Industry Champion by the Illinois Technology Association. She has been profiled in the Chicago Tribune and Crain's. Amanda is also active in Chicago's startup community, serving as a board member of SpotHero, KnowledgeHound, NowSecure and Popular Pays, as a Council Member for the Zell Fellows Program at Kellogg, and as a member of ChicagoNEXT. She also serves as “Super Mentor” for Chicago incubators Impact Engine and TechStars, where she was also named Mentor of the Year. Amanda is quick to laugh and enjoys a good cupcake. Book Recommendations: The Culture Code: The Secrets of Highly Successful Groups - Daniel Coyle A Little Life: A Novel Audible Logo Audible Audiobook –Hanya Yanagihara --- Support this podcast: https://anchor.fm/marina-malaguti/support

Brian Reed is Chief Mobility Officer at NowSecure. Brian has over 30 years in tech and 15 years in mobile, security, and apps dating back to the birth of mobile including BlackBerry, Good Technology, BoxTone, and MicroFocus. Brian joins us to discuss mobile application security, the good, the bad, and the ugly as we head into 2021. We discuss recent issues in mobile apps, mobile firewalls, mobile vs. web, and how AppSec is different in a mobile world. We hope you enjoy this conversation with…Brian Reed.

PEOPLEGuest: Alan Snyder, CEO, NowSecureHost: Anil Hemrajani, Founder of Startup SidekickTAKEAWAYSCulture is about mutual trust; you have to build and establish it as foundation.Culture expands out to be company’s values; i.e. how it interacts with employees, customers and partners.TIMELINE01:28 – Overview of NowSecure02:15 – What does culture mean? It’s about mutual trust, not an adversarial relationship.03:35 – What CEOs might encounter when they are brought in to turn things around; i.e. show me with actions than words.04:50 – How Alan prepares for a new role (hint: most of preparation comes on the job).06:36 – What are the first couple of things you do: cultural piece of building trust and building a successful business, simultaneously. 07:50 – Past stories on what Alan has encountered10:15 – How Alan to begins to execute on turning organizations (e.g. focus by doing less, built trust)12:18 – What’s a successful story of turning things around14:25 – Tough decisions Alan has had to make (e.g. letting go of people)16:37 – How this is similar to a pivot17:00 – Takeaways (see above)

Today we are talking to David, the CTO at NowSecure. And we discuss their mission to save the world from unsafe mobile applications, what CTOs should know about security, and what the future looks like for distributed computing. All of this, right here, right now, on the Modern CTO Podcast! Check them out at www.nowsecure.com !

#Brian Reed, Chief Mobility Officer at NowSecure As NowSecure Chief Mobility Officer, industry veteran Brian Reed brings over a 15 years of experience in mobile, security and risk including NowSecure, Good Technology, BlackBerry, BoxTone, and ZeroFOX working with Fortune 2000 global customers, mobile trailblazers and government agencies. With more than 25 years driving innovative solutions and securing customer success, Brian is a dynamic speaker and compelling storyteller who brings unique insights and global experience. Brian is a frequent speaker at events including DevOpsWorld, DevOps Days, RSA, OWASP, Droidcon, FS-ISAC, Gartner, Mobile World Congress, and numerous vertical industry events. Brian is a graduate of Duke University.

Has the mobile security industry had it all wrong for years? It has spent billions of dollars applying the concepts that work for PCs to mobile devices with little success. In this episode, Jon Prial talks to Andrew Hoog, the CEO and Co-Founder of NowSecure, a mobile security provider that helps enterprises secure their apps and their devices. They go deep into mobile security and what enterprises need to be doing to manage this growing area of risk. You'll hear about: -The security challenges with mobile devices (4:41) -The best ways to access mobile apps (6:43) -Dealing with the challenges of a bring-your-own-device strategy (9:00) -The four areas that drive risk in your phone (13:45) -Instant apps and the future of mobile security (19:58) -The role of trust in app adoption (23:38) -The importance of two-factor authentication (25:26) -What CEOs should be doing about security (32:30)

Brian Reed is the Chief Mobility Officer at NowSecure. Brian discusses mobile-app traffic now outpaces mobile web traffic, yet for many organizations mobile security drags behind web leaving businesses at risk. In fact, industry benchmarks show 85% of mobile apps have security issues and 72% have mobile privacy issues. As more organizations build mobile apps to engage with customers in delightful experiences and drive digital transformation, dev and security teams are looking for ways to ensure security and privacy are built in. The mobile app security techstack now includes tools purpose-built for mobile that automate testing and integrate into the SDLC. Let's enable the business to deliver secure mobile apps faster. To learn more about NowSecure, visit: https://securityweekly.com/nowsecure Full Show Notes: https://wiki.securityweekly.com/BSWEpisode142 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Brian Reed is the Chief Mobility Officer at NowSecure. Brian discusses mobile-app traffic now outpaces mobile web traffic, yet for many organizations mobile security drags behind web leaving businesses at risk. In fact, industry benchmarks show 85% of mobile apps have security issues and 72% have mobile privacy issues. As more organizations build mobile apps to engage with customers in delightful experiences and drive digital transformation, dev and security teams are looking for ways to ensure security and privacy are built in. The mobile app security techstack now includes tools purpose-built for mobile that automate testing and integrate into the SDLC. Let's enable the business to deliver secure mobile apps faster. To learn more about NowSecure, visit: https://securityweekly.com/nowsecure Full Show Notes: https://wiki.securityweekly.com/BSWEpisode142 Visit https://www.securityweekly.com/bsw for all the latest episodes!

David X Martin is the CEO at DavidXMartin, LLC. He is passionate about helping business leaders sleep better at night by equipping them with critical cyber risk management tools that protect their enterprises while enhancing strategic business growth. David will be covering Critical Business Decision Making - IT vs Business Making. ***** Brian Reed is the Chief Mobility Officer at NowSecure. Brian discusses mobile-app traffic now outpaces mobile web traffic, yet for many organizations mobile security drags behind web leaving businesses at risk. In fact, industry benchmarks show 85% of mobile apps have security issues and 72% have mobile privacy issues. As more organizations build mobile apps to engage with customers in delightful experiences and drive digital transformation, dev and security teams are looking for ways to ensure security and privacy are built-in. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode142 Visit https://www.securityweekly.com/bsw for all the latest episodes!

David X Martin is the CEO at DavidXMartin, LLC. He is passionate about helping business leaders sleep better at night by equipping them with critical cyber risk management tools that protect their enterprises while enhancing strategic business growth. David will be covering Critical Business Decision Making - IT vs Business Making. ***** Brian Reed is the Chief Mobility Officer at NowSecure. Brian discusses mobile-app traffic now outpaces mobile web traffic, yet for many organizations mobile security drags behind web leaving businesses at risk. In fact, industry benchmarks show 85% of mobile apps have security issues and 72% have mobile privacy issues. As more organizations build mobile apps to engage with customers in delightful experiences and drive digital transformation, dev and security teams are looking for ways to ensure security and privacy are built-in. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode142 Visit https://www.securityweekly.com/bsw for all the latest episodes!

This week, in the Application Security News, HTTP/2 Denial of Service Advisory with seven vulns that affects the protocol implemented by several vendors, SSH certificate authentication for GitHub Enterprise Cloud works well with tools like Sharkey and BLESS, Polaris Points the Way to Kubernetes Best Practices, and much more! In our second segment, we air three pre-recorded interviews from Black Hat 2019, with Ameya Talwalker from Cequence, Mark Batchelor from PING Identity, and Michael Krueger from NowSecure!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode73 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

At Black Hat 2019, we interviewed: Ameya Talwalker from Cequence, Mark Batchelor from PING Identity, and Michael Krueger from NowSecure! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode73 Visit https://www.securityweekly.com/asw for all the latest episodes!

At Black Hat 2019, we interviewed: Ameya Talwalker from Cequence, Mark Batchelor from PING Identity, and Michael Krueger from NowSecure! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode73 Visit https://www.securityweekly.com/asw for all the latest episodes!

This week, in the Application Security News, HTTP/2 Denial of Service Advisory with seven vulns that affects the protocol implemented by several vendors, SSH certificate authentication for GitHub Enterprise Cloud works well with tools like Sharkey and BLESS, Polaris Points the Way to Kubernetes Best Practices, and much more! In our second segment, we air three pre-recorded interviews from Black Hat 2019, with Ameya Talwalker from Cequence, Mark Batchelor from PING Identity, and Michael Krueger from NowSecure!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode73 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

As per research to be released soon by the Brian Reed and his team at NowSecure, 10-15% of the top 50 apps in any category in your favorite mobile App Store have one or more critical vulnerabilities with a Common Vulnerability Scoring System (CVSS) score of 8 or higher. And we’re talking production apps from Fortune 500 companies here folks. How is this possible? According to Reed, a few things stand out: *There has been an increase in the use of 3rd-party libraries; this is coupled with an increase in the number of vulnerabilities in these libraries. *Companies are NOT updating and re-submitting their applications that use these libraries, even though the patches exist. *The above assumes that the company is aware of the vulnerabilities; many code-based assessment tools delivered through SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) models can’t get at the behavioral aspects uncovered via a binary assessment. When app developers work with NowSecure, they get the benefit of having a solution that leverages the mindset of an attacker. The behavioral-based assessment of the binary performed by NowSecure not only looks for vulnerabilities in the reverse-engineered source code, but also in how the application functions at runtime — which can present itself uniquely on different flavors and different versions of the mobile OS. As Reed explains, his clients can now hire creative people to use the tools available to them from NowSecure, enabling their analysts to tackle harder problems and their developers to focus on building better applications with automated testing that takes care of the security assessment part of their DevSecOps lifecycle.

NowSecure is a company that does pentesting against apps built for mobile devices. Not a new segment in the security sector, but certainly one that is lesser known to most. Are you sure the app you are using isn't spying or stealing information from you? NowSecure can help you be sure.

NowSecure is a company that does pentesting against apps built for mobile devices. Not a new segment in the security sector, but certainly one that is lesser known to most. Are you sure the app you are using isn't spying or stealing information from you? NowSecure can help you be sure.

Joni Trythall Head of Design at NowSecure joins Gary Rozanc to discuss how she became the multidisciplinary illustrator, designer, and front-end developer. Joni also cover the importance of learning on your own with such a weather of freely available resources. The conversation continues with Joni sharing how she got over the fear of being wrong, and getting students to retain some of their technical training through a regular writing habit.