Episodes
-
Colin Domoney, CTO and co-founder of Thinking of U, shares his career journey in cybersecurity and his expertise in API security. He started as a kid building electronics and crypto systems, which led him to develop battle-hardened defense systems. He gravitated towards software and eventually got into AppSec, diving into the deep end and fixing a million AppSec vulnerabilities. Colin emphasizes the importance of developers having security skills and offers advice on how to build something cool that is also secure. He discusses the unique challenges and opportunities in API security and the role of AI in the industry.Takeaways
Developers with security skills are highly sought after in the industry.API security requires a different approach compared to standard web app security.API security encompasses a wide range of tools and techniques, from shift left to runtime protection.Colin's book, Defending APIs, is aimed at anyone tasked with defending APIs, with a focus on developers.AI is a powerful tool that accelerates learning and problem-solving in various areas, including cybersecurity.AI creates both opportunities and challenges in the industry, and it is important to stay informed and adapt to its impact. -
Summary:
In this episode, Gene discusses management principles and leadership strategies for senior leaders and aspiring entrepreneurs with Tom Heiser, previously CEO of ClickSoftware, EVP at EMC, and President at RSA the cyber division of EMC. They cover topics such as opening the aperture, balancing strategy and tactics, embracing change, connecting the dots, and more. The conversation emphasizes the importance of learning from tough times, setting a clear vision, and problem-solving with a positive mindset.Takeaways
Balancing strategy and tactics is crucial for success in leadership roles.Embracing change and learning from tough times are essential for personal and professional growth.The rule of 15 degrees emphasizes the importance of iteration and continuous improvement in business strategies.Asking 'why' five times to find the root cause is a valuable problem-solving technique.Maintaining a positive mindset and focusing on the achievable is key to overcoming challenges in leadership and business.Setting a clear vision and connecting the dots between current state and desired state is essential for success in business and leadership. -
Missing episodes?
-
Jim Alkove, CEO and co-founder of Olaria, shares his career journey and insights on cybersecurity training and becoming a board advisor. He emphasizes the importance of starting at the beginning and gaining experience in software engineering during his time at Microsoft. Alkove highlights the need for a more diverse pool of candidates and situational training to meet the workforce demands of the cybersecurity industry. He also discusses the significance of company culture and values in building successful teams. Alkove provides advice on moving laterally to gain broader skills and transitioning to advisory roles in early-stage companies.
Key Takeaways
Move laterally to gain broader skillsets while in early-stage of careers.Training needs to be more accessible to a diverse pool of candidates in order to meet the demands of the cybersecurity industry.Company culture and values are crucial in building successful teams.Write down your goals, be humble, and be open to learning and criticism. -
In this episode, Gene Fay interviews Ed Adams, President and CEO at Security Innovation, about his journey into cybersecurity and his work in advancing software security practices. Ed shares his story of transitioning from quality assurance in software at Rational Software to founding Security Innovation, a company focused on application security and training. Ed also dives into his book, See Yourself in Cybersecurity Careers Beyond Hacking, which highlights the many career paths available in the cybersecurity industry beyond hands-on keyboard roles. He discusses the cybersecurity talent shortage, particularly how it affects underrepresented groups, and the need for organizations to rethink how they hire and retain talent.
Takeaways:
There are many ways to start a career in cybersecurity, even from non-technical backgrounds.Security is an integral part of software quality can help developers and organizations create more secure, reliable applications.The book, See Yourself in Cybersecurity Careers Beyond Hacking, focuses on educating the next generation of cybersecurity professionals and promoting diversity in the field.The cybersecurity talent shortage is not about the lack of skilled individuals, but about outdated hiring practices and insufficient investment in talent development. -
In this episode, Gene Fay interviews Sammy Migues, Principal at Imbricate Security, about his journey into cybersecurity and his work on the Building Security in Maturity Model (BSIMM). Sammy shares his experience starting in computer science in the late 1970s and how he became a computer security professional. He explains the motivation behind creating the BSIMM and how it helps organizations measure and improve their software security practices. Sammy also discusses the trifecta for career success, which includes setting a strategy, translating business objectives into actionable steps, and contextualizing skills within the organization. Finally, Sammy shares his thoughts on the cybersecurity shortage and the challenges in hiring and retaining skilled professionals.
Takeaways
Starting a career in cybersecurity can begin with a degree in computer science and a willingness to adapt and learn as the industry evolves.The Building Security in Maturity Model (BSIM) is a framework that helps organizations measure and improve their software security practices.The trifecta for career success in management includes setting a strategy, translating business objectives into actionable steps, and contextualizing skills within the organization.The cybersecurity shortage is not just a lack of professionals, but also a result of challenging hiring processes and unrealistic job requirements. -
Summary:
In this episode, Gene Fay interviews Jeff Hudesman, CISO at Pinwheel, about his career in cybersecurity. Jeff shares his journey from starting as an intern at Memorial Sloan Kettering Cancer Center to working at Sony and eventually joining Pinwheel. He discusses the differences between working in large companies like Sony and startups, highlighting the ability to be impactful and the agility of startups. Jeff also shares an anecdote about a security incident at a water treatment facility and emphasizes the importance of planning in cybersecurity.Takeaways:
Working in both large companies and startups can provide valuable experiences in cybersecurity.Startups offer the opportunity to be impactful and make a significant difference.Cybersecurity incidents can occur even in critical infrastructure facilities like water treatment plants.Planning is indispensable in cybersecurity, as threats are dynamic and constantly changing. -
Omer Cohen CISO of Descope shares his career story, highlights include:
Joy in the constant variety of work in incident responseBenefits of a mature approach to cybersecurity as a start-upSeeing his work in cybersecurity result in a real-world impact and the arrest and prosecution of cybercriminalsB-Sides and the fun of small in person meet-ups -
Cybersecurity recruiter Kyle McIntyre offers unique guidance based on his work as a retained search specialist working with hiring managers (VPs & C-Levels) in the cybersecurity industry in this episode. He and Gene discuss:
How to conduct preliminary research on potential employers and career pathsHow to reverse engineer desirable backgrounds to demystify potential career pathsTips on crafting effective & thoughtful outreach to hiring managersAdvice on optimizing your resume & profile for breaking into cyber with no prior industry experienceHow to manage imposter syndrome, anxiety and self-doubt during a job searchMoreKyle McIntyre on LinkedIn: https://www.linkedin.com/in/thekylemcintyre/
-
In this episode, Gene Fay interviews Tom Heiser about his journey and shares tenets for managing oneself. The conversation covers topics such as execution, accountability, expressing passion, doing the best job possible, getting outside one's comfort zone, and focusing on what one can control.
Takeaways
Execution is key to success. Just do it.
Accountability is important in personal and professional growth.
Expressing passion and committing to one's work leads to fulfillment and success.
Doing the best job possible is a pathway to career advancement.
Getting outside one's comfort zone fosters personal and professional growth.
Focus on what you can control and be present in the current situation. -
Neil Bahadur, Head of Product in Cybersecurity at Wells Fargo, developed a unique and valuable perspective by switching from security to business development and back to security.
In this episode, he and Gene discuss that transition and what he learned from it. They also discuss cybersecurity trends those new to the industry should be aware of, and more.
Neil Bahadur on LinkedIn: https://www.linkedin.com/in/neilbahadur/
-
One of the most important parts of being a cybersecurity professional is knowing how to ask the right questions, says CISO Aaron Katz.
Aaron started his career as a consultant, and says that's where he honed his question skills. He thinks all aspiring cybersecurity pros should start out with consulting gigs – you learn the business side and what questions to ask, plus get a feel for cybersecurity as a whole, rather than just one tool or product.He and Gene talk about this career path, plus his journey to CISO, why hiring managers are not good at finding cybersecurity candidates, and more.
Aaron Katz on LinkedIn: https://www.linkedin.com/in/pendraggon87/ -
Ed Giles runs cybersecurity seminars for seniors, and wants to spread the word that it's a great way to both get your CPEs and give back to your community.
Ed and Gene talk about those seminars, plus Ed's journey from English major to cybersecurity professional, the importance of thinking about security as a business enabler, and more.
Ed Giles on LinkedIn: https://www.linkedin.com/in/evgiles/
-
How is AI going to change entry-level cybersecurity jobs? Gene and AgileBlue president Tony Pietrocola discuss in this episode.
They also talk about:
Tony's career and what AgileBlue doesHow AI will affect both cybersecurity and cybercrimeWhat he's looking for in internsTony Pietrocola on LinkedIn: https://www.linkedin.com/in/tonypietrocola/
AgileBlue: https://agileblue.com/ -
Want to start a career as a pen tester? Phillip Wylie literally wrote the book on the topic.
Gene and Phillip, co-author of The Pentester Blueprint: Starting a Career as an Ethical Hacker and host of the Phillip Wylie Show, have a wide-ranging and advice-filled conversation on:
His career journey and his podcastStarting a pen testing careerCollegiate Cyber Defense CompetitionsHow to leverage B-SidesMorePhillip Wylie on LinkedIn: https://www.linkedin.com/in/phillipwylie/
The Pentester Blueprint: https://www.amazon.com/Pentester-BluePrint-Your-Guide-Being/dp/1119684307 -
Kimberly Anstett has had a C-level cybersecurity position for about a decade. She's seen the CIO role transform, and shares her thoughts on that transformation in this episode.
She and Gene discuss her journey to CIO, how to inspire the next generation to embrace STEM careers, what she's looking for when hiring, and more.
Kimberly Anstett on LinkedIn: https://www.linkedin.com/in/kimberly-anstett-6b3a259/
-
Why should you work in cybersecurity? Because two things that aren't going away are tech and crime, says BlackBerry VP of Product Security Operations Christine Gadsby.
Christine and Gene talk about her journey from working in IT out of necessity to cybersecurity VP, how to reskill into cybersecurity, the Leadership Bench Program she developed at BlackBerry, her advice to those discouraged by the job hunt, and more.
Christine Gadsby on LinkedIn: https://www.linkedin.com/in/christinegadsby/Three Reasons Women Should Reskill to Work in Cybersecurity: https://blogs.blackberry.com/en/2023/03/3-reasons-women-should-reskill-to-work-in-cybersecurity
-
Jim Moran has had a long and varied cybersecurity career, and offers some fantastic advice for those just starting out.
He and Gene talk about cybersecurity careers, what he's looking for in entry-level candidates, how to find the best career path for you, and more.
Jim Moran on LinkedIn: https://www.linkedin.com/in/jim-moran-0b112925/ -
Diana Kelley feels strongly that community plays a critical role in all careers, but especially cybersecurity. She explains why in this episode.
She and Gene also talk about increasing the number of females in cybersecurity, what she looks for in entry level candidates, and more.
Diana Kelley on LinkedIn: https://www.linkedin.com/in/dianakelleysecuritycurve/
Executive Women's Forum: https://www.ewf-usa.com/
WICYS: https://www.wicys.org/ -
We talk a lot on this podcast about how to advance to the executive level within the cybersecurity field. But what if the C-level is not for you?
John Hammond is a security practitioner at heart and wants to stay that way. He shares his thoughts on building a practitioner career in this episode.
He and Gene also talk about his experience working for the Department of Defense and about John's prolific side job as a content creator.
John Hammond on LinkedIn: https://www.linkedin.com/in/johnhammond010/John Hammond on YouTube: https://www.youtube.com/johnhammond010
-
Want to make the transition from help desk to cybersecurity? Jeff Farinich has helped others make that transition and he shares his advice in this episode.
He and Gene also talk about the types of cybersecurity roles, what he looks for in entry level candidates, and more.
Jeff Farinich on LinkedIn: https://www.linkedin.com/in/jefffarinich/
- Show more
