Episodes
-
Daniel DeCloss is Founder and CEO of PlexTrac and has over 15 years of experience in Cybersecurity. Dan started his career in the Department of Defense then moved to private sector consulting where he worked at companies like Veracode as a Principal Consultant in Penetration Testing.
He also served as a Principal Security Engineer for the Mayo Clinic and a Sr. Security Advisor for Anthem. Prior to PlexTrac, Dan was the Director of Cybersecurity at Scentsy where he built the security program fro infancy into a best-in-class-program.
Dan has a Master's Degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Dan holds the OSCP and CISSP certifications.
LinkedIn: https://www.linkedin.com/in/ddecloss/
Twitter: @wh33lhouse
-
Michael Manrod, CISO at Grand Canyon Education
Mike Manrod, MSISE, CCSBA, CSSBB, CISSP, Chief Information Security Officer--Mike presently serves as the Chief Information Security Officer for Grand Canyon Education, responsible for leading the security team and formulating the vision and strategy for protecting students, staff and information assets across the enterprise.
Previous experiences include serving as a threat prevention expert for Check Point and working as a consultant and analyst for other large enterprise customers.
He is also a co-author/contributor for the joint book project, Understanding New Security Threats published by Routledge in 2019.
When not exploring the implications of the rapidly evolving threat landscape or the convergence between cognitive psychology and machine learning, he spends time playing video games with his kids, practicing martial arts and cooking.
LinkedIn: https://www.linkedin.com/in/manrod/
Twitter: @CroodSolutions
-
Missing episodes?
-
Anu Kukar is an industry award winner, international keynote speaker and diverse executive with 20 years of experience in both consulting and industry. She has spoken 60+ events, published articles and been a guest on podcasts globally across 9 countries. She shares insights and provides practical tips through her unique storytelling whilst taking the audience on a virtual around the world tour. Anu has worked across and within Critical Infrastructure – energy, utilities, telecommunication, media and financial services.
LinkedIn: www.linkedin/com/in/anukukar
Switch2Cyber Campaign: https://www.linkedin.com/company/switch2cyber/ (in collaboration with Cyber Future Foundation, Whole Cyber Human Initiative and many more)
-
Alex Rhodes is a Cybersecurity Research Engineer and Space Cyber affluent. He also serves on the board of advisors and as Youth and Community Director for Whole Cyber Human Initiative. He's retired from the U.S. Army in 2018 as the Assistant Special Agent in Charge of the Digital Forensics Research Branch for the Army Criminal Investigative Division, (USACIDC). In addition to conducting digital forensics and felony investigations for the Army, he spent 5 years as a Russian Linguist and about 2 years as a Satellite Communications Specialist.
After retiring from the Army, he worked for Lockheed Martin as a cybersecurity professional where he was awarded with the 2020 Technical Innovation Award for a classified cybersecurity project.
Alex’s next assignment was with Peraton where he used his previous experience to assist with completely rebuilding and revamping the cybersecurity program for the 62nd Cybersecurity Squadron, U.S. Space Force. While working on an assignment to help secure satellite platforms, Alex wrote a research paper highlighting the vulnerabilities inherent within the Telemetry and Commanding (TT&C) system of a satellite.
Currently, Alex is working as an Information Systems Security Engineer and cybersecurity researcher for Stephenson Technologies Corporation. He has co-authored a research paper into the HiveNightmare vulnerability with Paul Cummings. Currently, he is researching vulnerabilities inherent in a system of systems and critical infrastructure systems.
Alex has numerous military and civilian awards over the last 20 years. He has an Associates in Russian Language from the Defense Language Institute, Foreign Language Center, a Bachelor’s of Science in Russian Studies from Excelsior College, and a Masters of Science in Cybersecurity with a focus in Information Assurance from Excelsior College.
LinkedIn: https://www.linkedin.com/in/alexrhodes79/
Whole Cyber Human Initiative Non-Profit: https://www.wholecyberhumaninitiative.org/
-
About Valmiki Mukherjee:
Valmiki (Val) is Chairman and Founder of Cyber Future Foundation and a globally recognized expert in the cyber and cloud security industry with a focus on innovation and collaboration to address the Information Security needs of the future. He previously served as an Executive Director in the Cyber Advisory Services at EY. For several years, Val has served as a trusted advisor to a number of the top Fortune 500 C-Level executives, public agency leaders and education institution management teams.
Val is considered as an original thought leader in the domain of Cyber Peace and in 2014 established the Cyber Peace Alliance, a global think/do tank of cybersecurity and policy experts advancing the concept of a secure and trusted Cyberspace. Val founded Cyber Future Foundation and its Constituents including the Cyber Peace Alliance to take the initiative forward.
Val is known for his Commitment to the information security professional community and is constantly engaged as a leader and contributor within many standards initiatives, security alliances and consortium. He also serves as the Global Co-chair of Cloud Security Alliance's IAM domain. Val is also the Founder and Current Chairman of CSA North Texas which in a couple of years has grown to be a significant contributor to the global Cloud Security domains. He also addresses graduate classes at leading schools on Information Security, Risk Management and Cloud Security.
Show Highlights:
Cyber is a complex issue, you cannot just solve for it with academic knowledge, you need to have hands-on experience. Getting someone the hands-on experience is a problem, that’s why it’s a risk with entry level – this causes issues and problems.We need a constructive way to get these people meaningful hands-on experience and work.There has to be a pathway between academic learning, fundamental knowledge, so their base is strong. We need to build this in as much 'Left Shift' as possible and make sure that the digital citizens of tomorrow and of today get this experience for the workforce.To stand up a team like this in some organizations can be quite costly.Why don’t we shift it towards the final years of education and community experience so that they get that experience then. This is what my new Cybersecurity Venture will focus on.This is why Cyber Talent Week (April 22, 2022) is so imperative.Apprenticeship is a great model. The way the system is set up now makes it very hard to set this up – this is what we are changing.Social good can happen and commercial success can happen – they have to be together.LinkedIn: https://www.linkedin.com/in/valmikim
Twitter: https://twitter.com/valmikim
Cyber Future Foundation: https://cyberfuturefoundation.org/index.html
Cyber Talent Week: https://cybertalentweek22.eventbrite.com/
-
About Michael Gregg:
Michael Gregg is the state of North Dakota’s Chief Information Security Officer. The state CISO is responsible for establishing and leading the strategic direction of cyber security for the state and advising the governor and legislators on key cyber issues.
With Michael’s cyber experience span being over a period of two decades, he has been a pioneer of helping people interested in becoming IT professionals as well as seasoned IT professionals achieve by sharing knowledge by means of authoring over 25 IT cyber security books, including: Inside Network Security Assessment, Hack the Stack, CISSP Exam Cram2, Build Your Own Network Security Lab ,and Certified Ethical Hacker Exam Prep2. He has developed high-level security classes and has been featured in newspapers, magazines, and on news programs such as MSNBC, The New York Times, Fox News, CBS News, etc. He enjoys contributing his time and talents where there is a need to help others learn and grow by holding board, committee, and advisory positions for non-profit organizations.
Michael is also a faculty member of Villanova University and creator of several of their security programs. He also serves as a site expert for four TechTarget sites, including SearchNetworking, SearchSecurity, SearchMobileNetworking, and SearchSmallBiz. He is a board member of a Houston area Habitat for Humanity.
He holds a Bachelors degree, Masters degree, and many security certifications.
LinkedIn: https://www.linkedin.com/in/michaelgregg01
NDIT: https://www.linkedin.com/company/ndgovndit
Episode Highlights:
Volunteer to get skillsLeadership is not a title, it’s what you doGoing to the gym is like doing security – It’s ongoingVendor Partnerships – Looking for win-winGive effective feedbackFocus on CollaborationAdvice - Be Honest, Humble, and HungryGET THE PRENUP!
-
About Christophe Foulon:
Christophe Foulon, senior manager and cybersecurity consultant at F10 FinTech, brings over 15 years of experience as a CISO, vCISO, information security manager, adjunct professor, author, and cybersecurity strategist with a passion for customer service, process improvement, and information security. He also has spent more than 10 years leading, coaching, and mentoring people.
As a security practitioner, Christophe is focused on helping businesses tackle their cybersecurity risks while minimizing friction, resulting in increased resiliency, and helping to secure people and processes with a solid understanding of the technology involved. He gives back by producing a podcast, “Breaking into Cybersecurity,” focused on helping people who are trying to transition into the cybersecurity industry by sharing the stories of those who have done it in the past 5 years to inspire those looking to do it now. Christophe holds a Master of Science in Information Technology, Information Assurance, and Cybersecurity, a graduate certificate in Information Systems, and a bachelor's degree in Business Administration/Information Systems from Walden University.
He gives back to the community serving as a Career Coach, Adjunct Professor, Author, and Mentor among the Evolutionary Skills Development Network Discord server. Additionally, he joins as volunteer guest speaker to the Veterans Breaking into IT/Cybersecurity Mentorship monthly events.
LinkedIn: https://www.linkedin.com/in/christophefoulon
Twitter: https://twitter.com/chris_foulon?s=21
Breaking into Cybersecurity Podcast: https://m.youtube.com/c/BreakingIntoCybersecurity
-
About Shefali Mookencherry
Shefali Mookencherry is CISO at Edward-Elmhurst Health, has extensive experience in healthcare cybersecurity, HIPAA, PCI, Promoting Interoperability and revenue cycle areas, including 30+ years in the healthcare industry, with fifteen spent in senior management positions.
She is currently a CISO, who is responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.
She has conducted HIPAA IT Security Risk Analyses/Assessments for various organizations that wished to be compliant with HIPAA and/or Promoting Interoperability measures/requirements. Shefali has worked with small practices/vendors to larger integrated delivery networks/health systems and academic institutions. Furthermore, Shefali teaches graduate students at a local University about HIPAA, health insurance exchanges, healthcare reform, and IT security.
LinkedIn: https://www.linkedin.com/in/shefali-mookencherry-aa1a4878/
Book: Grandpa Blueberry Adventures: A Walk Through Blueberry Meadow
-
John Bambenek - Principal Threat Hunter at Netenrich; Chief Architect of the Cyber Panopticon; Incident Handler for Internet Storm Center
About John Bambenek:
John Bambenek is an information security practitioner from Champaign, Illinois. As a graduate from the University of Illinois with a B.A. in Theoretical Astrophysics (emphasis in extragalactic astrophysics) and a minor in Mathematics, he has been employed as a project manager at Cap Gemini Ernst and Young, where he provided consulting services to numerous Fortune 500 firms. He continues to provide his expertise to the SANS Institute by authoring published course materials and exams. He also operates the charitable Tumaini Foundation, which provides funds and other needed resources to Tanzanian schools for AIDS orphans. He is also known for his current work in spyware and botnet technology, and their use concerning identity theft. He is also a volunteer as an incident handler for the Internet Storm Center, and his research has been cited in various media venues such as the New York Times and the Washington Post.
Twitter: https://twitter.com/bambenek
LinkedIn: https://www.linkedin.com/in/johnbambenek/
-
CHRISTOPHER RUSSELL, CISO, tZERO Group
About Christopher Russell:
Christopher Russell is the Chief Information Security Officer for tZERO. Apart from holding a master’s degree in cybersecurity, he also has several certifications in cloud security, endpoint detection and response, SIEM, NGFWs, and blockchain. He has a background as a human intelligence (HUMINT) collector for the U.S. Army and as a combat Veteran. Christopher graduated from the Defense Language Institute with a specialization in Arabic.
Christopher Russell is the Head of Information Security for tZERO Group Inc. He has a Masters Degree in Cybersecurity and numerous certifications and experience in cloud security, endpoint detection and response, SIEM and blockchain. He is a combat Veteran of the US Army, where he was a human intelligence (HUMINT) collector who graduated from the Defense Language Institute, for Arabic.
Chris is also Advisory Council member at NightDragon, a venture capital firm investing in and advising late-state and growth companies, providing a platform of growth for the next-generation of cybersecurity, safety, security and privacy companies.
Connect with Chris on Twitter or LinkedIn
Episode Highlights:
00:00 - Background and First CISO Role
Hard to leave CriticalStart / CyberOne Personal interest in blockchain and FinTech3:03 - Path into Cybersecurity
Cybersecurity is second career First career was in Intelligence - really enjoyed it, did meaningful and exciting work oversees Learned Arabic at Defense Language Institute Was in Middle East as long as they could keep me there Getting into Systems (human operations - debriefings, extracting information from people) was easy for him. He had an 'a-ha' moment that this is where it's at - Information Systems. He hit the books, self-studied, went back to school with GI bill - went through courses, spinning stuff up and tinkering to have enough of a background to function. Had basic networking skills and sensitized to it already. Got his Masters5:59 - First Job at AT&T
Low paying, but learned a lot in networkingCould make his own Cat 5 and troubleshoot a network to round out his background6:18 - First Engineering Role in Cybersecurity
Still felt like I knew nothing Stayed late, constant research, networking, put in the effort early on His military background helped him with the detect part and making it make sense to the right people - being able to articulate. Mentoring - he created a mind map with all the different stuff you can do in cybersecurity. Start with Security Engineer, then into Security Architect, then Cloud Architect, then pivot into leadership, for example. If goal is to be a CISO - yes, you can get there from Analyst14:53 - Using Intuition in Cybersecurity (is he going to host a podcast on this topic soon)?
"This is something near and dear to my heart - I feel like I get data from things and situations on a different frequency than most and can quickly address problems."In Intelligence this was invaluable and it helped him get a lot of success there In cybersecurity it's not much different - there's a lot of people like this - we have quirkiness and different personalities in cyber, high on IQ side and they have high intuition - they just know where to go and look for problems and answers.... -
VALARIE FINDLAY, President / Chief Scientist, TIGIR Secure
About Valarie Findlay:
Professionally, Valarie has over twenty years in national security, intelligence and threat analysis for US and Canadian governments.
From this experience, she developed the methodology and functionality for TIGIR to meet a growing risk assessment and compliance need in public and private sector.
Born in Ottawa, Canada, Valarie has a Masters in Terrorism Studies, a Masters in Sociology and is currently writing her doctoral thesis on terrorism as a social phenomenon. She is also a member of IALEIA, CAPIA and several other intelligence and cyber-related committees.
TIGIR’s US and Canadian patent was filed in 2015, and development proceeded on the beta and prototype, garnering positive reviews and user acceptance. The full version is about to be release in early 2022. The US patent was issued in 2020 and the Canadian patent is in examinations. A continuation has also been filed to extend and protect the IP.
Through her extensive network as a member of the Canadian Assoc. Chiefs of Police/CATA, eCrime Cyber Council, the American Society for Evidence-Based Policing (ASEBP), AFCEA Cyber Committee (Washington DC) and as a research fellow with the National Police Foundation, her software solution has received positive feedback.
LinkedIn: Valarie Findlay
Twitter: JaneVMoneypenny
Episode Highlights:
00:00 - Background and how Val got into Cybersecurity
Started in IT during the dot-com boom and "cut my professional teeth with Nortel" Was quickly rolled into IT security and IT forensicsSpent several years in Austin, TX and in Linux Returned to Canada Moved into Military and enforcement in early 2000s and "found my calling" Thrived in the area of National Intelligence and worked with some amazing people and recognized what she thinks is one of our biggest challenges in cybersecurity5:18 - Entrepreneurship
"I'm a reluctant entrepreneur" Most comfortable dealing with my colleagues and solving problems - there is benefit to having soft skills In cybersecurity, it can be a very difficult challenge to get others to understand if they don't work in that field. It's a difficult concept to market as a CEO8:35 - Females in Cybersecurity - Struggle and Biases and Overcoming these
We need to call it out and hold others accountable Have the conversations privately and these things have to be talked about and addressed Works in Canada - one of the most controversial organizations where we have a crisis of how our genders treat each other, and the diversity and respect These things have to be addressed and brought head-on. The key to it is address it and calling it out immediately - we have to have our story heard. "Business is business - we're all in this to make a difference, make money, and build companies - doesn't matter whether we're male or female."11:50 - Working with Investors
Speak the same language Demonstrate expert knowledge Always a shred of doubt when dealing with someone not from cybersecurity - you're really in a position of having to prove yourself, prove the technology and the viability of what you claim your technology does. Fortunate because "I have a U.S. patent." Canadian examinations happening now (at time of recording - December 2021)21:10...
-
Dr. Chase Cunningham is the Chief Security Strategy Officer (CSO) at Ericom Software. Previously he was Principal Analyst at Forrester serving Security and Risk professionals.
Prior to Forrester Research, Chase was the director of cyber threat intelligence with Armor, where he designed and managed the cloud security and intelligence engine for their enterprise customers.
A retired US Navy chief with more than 20 years' experience in cyber forensics and cyber analytic operations, Chase has past operations experience, stemming from time spent in work centers within the NSA, CIA, FBI, and other government agencies. In those roles, he helped clients operationalize security controls; install and leverage encryption and analytic systems; and grow and optimize their security operations command systems and centers.
LinkedIn: https://www.linkedin.com/in/dr-chase-cunningham/
Twitter: https://twitter.com/CynjaChaseC
Author of Cybersecurity Books for kids and adults: https://www.amazon.com/Chase-Cunningham/e/B00I2PHD3W?ref=sr_ntt_srch_lnk_2&qid=1643855110&sr=1-2
DrZeroTrust Podcast: https://podcasts.apple.com/us/podcast/drzerotrust/id1570251081
-
About Paul Cummings:
Visionary Paul Cummings is a retired 20-year US Navy Information Systems Technology Chief, currently working as an Information Systems Security Engineer and Cyber Security Research Engineer for Stephenson Technologies Corporation. He brings a comprehensive background in executive-level planning, managing IT and Cyber Security teams, and program management derived from both global and domestic maritime operations.
Mr. Cummings has led 15 Navy War Fighting Ships and 176 Information Security Managers and Security Network Engineers to support over 7,000 enterprise users, enforced a 95% patch management and hardening efficiency for five consecutive years with less than 24 hours of critical service downtime. Built and Established a 38-person Cyber Protection Team and managed a $6M training budget that led the team to be fully qualified a year ahead of schedule and successfully led a large-scale incident response operation which was awarded the Department of the Navy IT Team Excellence Award for 2017. He has helped realign budget for personnel by forecasting Life Cycle Ends and computer system upgrades. Paul’s career is supported by CompTIA CASP, and he is the recipient of multiple awards for outstanding performance and professionalism.
His dedication to the success of others has led him to establish Veterans Breaking into IT/Cybersecurity Mentorship Campaign, an organization where he hosts monthly engagements with transitioning service members, veterans, military spouses, and aspiring civilian professionals found on YouTube under Paul Cummings Veterans Breaking into IT Cyber. He actively volunteers with Vets2Industry, Npower, Evolutionary Skills Development Network Discord, and Vicious Vineyards Discord.
Career is supported by CompTIA CASP and receipt of personal achievements awards: Defense Meritorious Service Medal, the Joint Service Achievement Medal, the Navy Commendation Medal (3 awards), Navy Achievement Medal (4 awards), and the Navy Good Conduct Medal (5 awards), Military Outstanding Volunteer Service Medal, and Department of the Navy IT Excellence Award 2017.
LinkedIn: https://www.linkedin.com/in/paul-cummings/
WCHI: https://www.wholecyberhumaninitiative.org/
Episode Highlights:
00:00 - Background and How Paul Got Into Cybersecurity
Uncle was his recruiterWas bored of the 9 to 5 jobsTook ASVAB Started as a computer repairman, moved to help desk than ISSMIntro to cyber was in Iceland with an introduction to Red and Blue Teams5:30 - Assignment in Iraq
16:00 - Complaints on Certifications
Certifications and the demands around having them Difference between military and civilian requirementsWhat happened to the CISSP?25:00 - Importance of STEM
Middle School and High School - Why not get a monitor, computer and raspberry Pi?Colleges - Very few doing it, but failing globally - Defining Cyber in ITCollege classes requiring classes that are not needed....follow the money31:00 - The different options in Cybersecurity
Do personality tests and Cybersecurity tests37:00 - Transitioning and Recommendations
Focus on skills that compliment where you know For those in transition, look at the the people in your... -
Josh Mason is the CEO and Founder of Cyber Supply Drop. He runs giveaways that provide participants with free vouchers for training and certification exams. He’s also a Red Team instructor at INE, a huge advocate and mentor to veterans breaking into cyber, and a very active contributor in the community.
He’s also an instructor for WithYouWithMe, an Australian company which helps people without a tech background get jobs in tech, and on the Board of Advisors for non-profit, Whole Cyber Human Initiative.
Josh sheds light on the best, most cost and time efficient ways to break through the barriers in the industry.
Josh has 10 years of military experience, as an Air Force pilot and cyber warfare officer.
His work at the 1 Special Operations Communications Squadron ensured mission continuity on the busiest Air Force Special Operations Command base and at deployed locations across the globe.
As a cybersecurity instructor for Jacobs at the Department of Defense Cyber Crime Center, Josh trained hundreds of US DoD cybersecurity operators and special agents in Cyber Threat Emulation, Digital Forensics and Incident Response, and Threat Hunting.
As a cybersecurity evangelist, Josh points prospective and active cyber professionals at valuable training and resources, with a focus on free and highly-accessible content.
He’s a Cyber Warrior, husband and father of two little ones.
Diary Highlights:
0:00 - Intro & Background
· Training background, Military
· Mentor
· WithYouWithMe - Mentor, training up veterans and mil spouses to get into jobs
· Cyber Supply Drop, Red Team Instructor for INE
· Transitioning from Military to Civilian Life and job
· Leader suggested that cybersecurity wasn't for him
· Went into teaching on operations with some cybersecurity, loved instructing
· Once leaving the military, didn't have an idea on what to do, signed with DOD SkillBridge Internship.
· Learned Project Management
· Looked at LinkedIn connections - Reached out to a connection from Navy and had commonality of going through program.
10:00 - Speaking and Engaging
· Special forces training helping to interview
· Shout out to military veterans
· Taught critical thinking skills, instructions vs giving goal to solve
· Similar to business, give the team to solve their own problem and empower
· Veterans are used to being empowered and to think. If there is a failure, it's ok to ask for help. Failure is part of the experience to learn.
· Failure is acceptable
· Josh's story: In Afghanistan, plane wasn't starting, looked at the challenges with engine problems. In the end, worked through the process.
22:00 - Teams & CISO roles
· Talks about the ideal teams
· The newness of CISO role and role of cybersecurity
· There is an older school
24:50 - Being Told No
· When the Commander told him to reconsider cybersecurity, was no longer a pilot
· Josh realized he wasn't doing his "dream job"
· Looked at the limitations of being effective and limitations of empowerment in military hierarchy
· SkillBridge was effectively a Leadership Laboratory
· Helpful to look at building the next generation leadership
29:00 - Applying to Parenthood
· Primary goal is to be father and husband first
· All activities is to drive family harmony
· Met his wife there and she's accomplished in her own right
Final Thoughts:
Give your people a chance to grow and fail. Accept the...
-
Dr. Bonime-Blanc spent two decades as a c-suite global corporate executive at Bertelsmann, Verint, and PSEG overseeing legal, governance, risk, ethics, corporate responsibility, crisis management, compliance, audit, InfoSec and environmental health and safety, among other functions. She began her career as an international corporate lawyer at Cleary Gottlieb, was born and raised in Europe and is multi-lingual.
She serves on several Boards and Advisory Boards including Greenward Partners (a Spanish green energy firm), Ethical Intelligence (an EU-based AI ethics firm), ProtectedBy.AI (A US based AI cybersecurity firm), Epic Theatre Ensemble (a NYC nonprofit), the NACD New Jersey Chapter and NYU Stern-based think tank, Ethical Systems. She also serves as a Governance Mentor at Plug & Play Tech Centre, a global start-up eco-system. She is a NACD Board Leadership Fellow and Governance faculty and holds the Carnegie Mellon CERT Certification in Cyber-Risk Oversight.
Andrea is a global speaker, including at Davos, and appears regularly on Bloomberg TV, Yahoo Finance, Cheddar and other media. She is faculty at NYU’s Center for Global Affairs Masters program teaching “Cyber Leadership, Risk Oversight and Resilience”. She is an extensively published author of many articles and several books including The Reputation Risk Handbook, Emerging Practices in Cyber-Risk Governance and The Artificial Intelligence Imperative. Her latest book, Gloom to Boom: How Leaders Transform Risk into Resilience and Value (Routledge 2020) debuted as an Amazon #1 Hot Release in Business Ethics and Game Theory. She serves on the board of directors at Cyber Future Foundation, a non-profit and think tank of doers and executives. She lives in New York City with her family and is an avid photographer and artist.
About This Discussion:
Highlights:
0:00 - Intros & How did Andrea Get into GRC and Ethics?
WHY GRC?Started out life as a lawyer at a start upMoved to be Crisis Management, Became the person that got the non-financial issuesY2K was her first contact to prepare the team and IT people and coordinateGrew Up in Germany and Spain, came to US at 17Social Sciences have always interested Andrea7:40 - Crisis of The Week - Launching her own business
Frustrated with the corporate world on corporate responsibilities, GRC, Cyber issues, etcSaw opportunity to be an outside advisor across multiple industries for clients who really careNotably, clients are doing the right things and want to do better12:00 - Legal Background and Cybersecurity
Legal background and how it helps differentiate to adviseDon't consider herself as "narrow" but looking at situational awarenessMoving from legal to strategic consultantWorld have a perception that lawyersProcess is commonality in legal and cybersecurity industries - Andrea's German Mom help instill discipline and rigor to establish processKeep learning and helps to drive for themselves or others19:00 - Difference between GRC and Security
There is a parallel threads between GRC and Security communitiesBig push in cybersecurity for CISO to be on the C-suite and BoardsAndrea argues that not all CISOs are equal, so multiple backgrounds, though good, the CISO needs to have a broad view.CISO runs risk of being relegated as a focused expert versus an equal peer who speaks the language of business and CRG, Cybersecurity, etc.22:52- TALENT Question and GRC
Cybersecurity is so broad and multi-faceted, so different ways of thinking is welcome in GRCFinding solutions in the world that is dynamic and be... -
Lola Obamehinti has a background in journalism and technology. Lola is Business Ethics Officer, Security Awareness & Training Lead at eBay.
She graduated with a BA in Journalism from SMU and obtained an MS in Information Science from UNT in 2017. Currently, Lola is the Global Information Security Training & Communications Lead and a Business Ethics Officer at eBay. She is also the Founder of Nigerian Techie and the Founder of the Tech with Style club on Clubhouse where she hosts daily discussions about tech, culture and current events as well as manage the club's online community of over 1,400 members. Additionally, she is a freelance TV Host and keynote speaker who specializes in discussing travel, finance and technology topics. Some of the media outlets she has been featured in are The Wall Street Journal, Yahoo Finance, Salesforce Trailhead LIVE, Silicon Valley Business Journal, and Cybercrime Magazine. She is also passionate about creating opportunities for historically excluded individuals in the tech industry.
Highlights
0:00 – Introductions and Backgrounds
Long round of way getting into cybersecurity with an undergrad degree in journalismReceived graduate degree in Information Science with specialist in Cybersecurity4:05 – eBay Responsibilities
Security awareness and communications working with CISO and CIO frequently and Chief Compliance Officer Recently named Business Ethics Officer for the organization - have to have executive presence to relate to the different levels of others7:18 – Only "black woman on my team"
8:18 – Perspectives on D&I
"D&I is not just a position - companies, especially tech companies need a clear roadmap to hire more historically excluded individuals - we are not really minorities, we are the global majority, into positions and create a path to executive levels."11:16 – Authentic Self and Females in Cybersecurity
Started Tech with Style on Clubhouse because of a WSJ article she was featured in to change the narrative of women in the tech industry. "I model on the side"21:32 – Next in Lola's Purview
Devoting her time to growing Tech and Style on Clubhouse - 1600 members (at the time of this recording) and started in April 2021Always thinking of new and innovative ways to make information security relevant and at the forefront of employees' mindsLinkedIn: https://www.linkedin.com/in/lolaobamehinti/
Fall 2021 Issue of North Texan (Alumni Magazine for University of North Texas): The Boys Club Gets a Reboot – https://northtexan.unt.edu/issues/2021-fall/boys-club-gets-reboot
-
George Finney, CSO at Southern Methodist University; Author of Well Aware: Master The Nine Cybersecurity Habits to Protect Your Future
George Finney is the Chief Security Officer (CSO) and Director of Digital Interests for Southern Methodist University. George works in a variety of areas at SMU including facilitating IT Security and Compliance, increasing Regulatory Awareness, streamlining the IT Contracts process, as well as advocacy for Open Source software and processes. George joined SMU in March of 2003 as a Network Engineer and worked on several major university IT initiatives, including evaluating Intrusion Detection Systems, implementing network-based packet capture devices and implementing and supporting Network Admission Control. He has developed and matured cybersecurity programs and is an expert in policy, awareness, compliance, operational management and the complex legal issues surrounding security with a talent for building partnerships.
Prior to joining SMU, George worked in the telecommunications industry for several years on Voice Over IP projects, Data Security Consulting, and in Network Operations.
In May of 2008, George completed his Juris Doctorate at Southern Methodist University's Dedman School of Law and is licensed to practice law in Texas.
George was recognized by Security Magazine as one of their top cybersecurity leaders in 2018 and is part of the Texas CISO Council, is a member of the Board of Directors for the Palo Alto Networks FUEL User Group, and is an Advisory Board Member for SecureWorld.
He holds a Juris Doctorate from Southern Methodist University and a Bachelor of Arts from St. John’s College and as well as multiple cybersecurity certifications including the CISSP, CISM, and CIPP.
George is a frequent speaker, and author of Well Aware: Master The Nine Cybersecurity Habits to Protect Your Future and No More Magic Wands: Transformative Cybersecurity Change for Everyone.
George earned a bachelor of arts degree in liberal arts in 1999 from St. John's College in Santa Fe. He spends most of his spare time cycling, writing novels, and working on short film projects.
Highlights:
0:00 - Introductions and Backgrounds
George was a liberal arts major in college, studying philosophy and literature. He wanted to be a stockbroker in college.3:00 – First Job at GTE in IT & Networking - Security Just Came as a Natural Part of it
“I jumped to start up - switched gears from networking to system administration. Inherited an environment that was always locked down. I taught myself security by studying how the previous admin had hardened all of our servers. From there it just ballooned out of control. Then I went to Law School.”
4:00 – Putting Yourself out there While Managing Privacy
Writing his book (Well Aware)!
5:10 - "Little ironic that I'm so focused on people, because when you write a book, you have to go into a cave and isolate yourself from other human beings for an excessive amount of time."
..."I was inspired to write the book... wanted to build a bridge with non-security folks, but who we rely on to be successful in our cybersecurity programs."
"Security Should Start to Get Easy - People Should Want to Work with Us and Help Empower Our Projects because it's Going to Help Not Just their Company, but it Will Accelerate Everyone's Career"
11:45 - "To get the security jobs, if you can demonstrate that you have worked on security projects, supported those things, this will set people apart. It's a personal part of every person's career trajectory."
20:00 - The Pepsi Challenge
"Back in the 80's Pepsi tried to compete... -
Steve Zalewski was formerly the Chief Information Security Officer at Levi Strauss & Co., a global leader in jeanswear. Prior to Levi Strauss & Co., Steve was the Managing Enterprise Security Architect responsible for cybersecurity critical infrastructure protection at Pacific Gas & Electric Company.
Earlier in his career, Steve has held leadership roles in healthcare security at Kaiser Permanente, and in data protection at Fujitsu, Vixel and DEC.
Steve is a huge proponent for maximal automation of cyber-risk mitigation and containment – people, processes, tools, whatever it takes. He has multiple patents in data protection and multi-processor operating system design and holds CISSP, CISM and CRISC security certifications.
Steve currently provides CISO, security consulting and security advisory services. These include:
• International cybersecurity advisor and trainer since 2017.
• Executive advisory board member for security startups, providing guidance to the executive leadership on sec
Steve is a frequent co-host with David Spark on the CISO Series podcast, Defense in Depth. He has also contributed to mentoring others answering their questions via the Reddit AMA Series – Ask a CISO Anything
Highlights:
0:00 - Introductions and Backgrounds
Steve highly recommends everyone takes a sabbatical8:14 – Brutal Truths
“it’s not get better; what we have now is over 4,000 products that a CISO can choose from as technology and those 4,000 products aren’t solving 4,000 problems – they are solving probably 10 classes of problems. …we are forgetting about the people and the process”15:15 – “I Learn to Understand the Perspectives of the Individual I’m Working with – the Win-Win”
25:36 - "Am I in the game of profit protection or loss prevention? In my mind, I was internally looking at that."
29:41 - "CISOs are maybe 15 years old as a concept; 10 years old as an operating model and in last 3 years, see it morphing yet again."
42:39 - It Takes a Village!
"We have a village and a child and it takes a village to raise a child - cybersecurity is very much like this.... we have a common enemy - bad guys are trying to attack the entire villages, so we have to raise the child - have to get better and act differently."LinkedIn: https://www.linkedin.com/in/szalewski/
Defense in Depth Podcast: https://cisoseries.com/defense-in-depth-cybersecurity-is-not-easy-to-get-into/
r/cybersecurity – Reddit: https://www.reddit.com/r/cybersecurity/comments/m1y256/ama_series_ask_a_ciso_anything/
-
About Our Diary Entry:
Diana Kelley’s security career spans over 30 years. She is Co-Founder and CTO of SecurityCurve and donates much of her time to volunteer work in the cybersecurity community, including serving on the ACM Ethics & Plagiarism Committee, as CTO and Board member at Sightline Security, Board member and Inclusion Working Group champion at WiCyS, Cybersecurity Committee Advisor at CompTIA, Advisory Council, Bartlett College of Science and Mathematics, Bridgewater State University, and RSAC US Program Committee.
Diana produces the #MyCyberWhy series and is the host of BrightTALK’s The (Security) Balancing Act and co-host of the Your Everyday Cyber podcast. Diana is also a Principal Consulting Analyst at TechVision Research and a member of The Analyst Syndicate. She was the Cybersecurity Field CTO for Microsoft, Global Executive Security Advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner), and a Manager at KPMG. She is a sought after keynote speaker, the co-author of the books Practical Cybersecurity Architecture and Cryptographic Libraries for Developers, has been a lecturer at Boston College's Masters program in cybersecurity, the EWF 2020 Executive of the Year, and one of Cybersecurity Ventures 100 Fascinating Females Fighting Cybercrime.
Diana Kelley recently joined Cyber Future Foundation as an Advisor.
Highlights:
0:00 - Introductions and Backgrounds
On how she does it all… “It takes a village – everything I do is in partnership with others”“I’m super hyper organized and that helps a lot – once I showed somebody my pantry and everything is labeled”Loves being back on the advisory side; has been at big companies for 8+ years – gives her balance working with smaller companies6:09 - “When you get to the really big companies, as things get scaled the complications grow exponentially – have legal requirements, regulatory needs based on the geo – people can get really siloed in their focus. CISO has to have some kind of a view…”
8:44 – Diana’s Perspective on Leadership.
Leadership – she’s been called “pushy,” but some people want to go in and get organized and bring people together.In college (she went to Boston College) and loved the radio station. They needed a general manager, and it was a student selected role; in her second year she decided to run for GM and she was the first woman! Years later when she was working in Cambridge and building out a team, she thought to herself “I could be a Vice President someday – she had been building towards this…Advice: think about what is natural for you and embrace the opportunity.Leaders don’t necessarily have to be managers21:09 - The Button Learning - @whataboutbunny on Instagram
41:04 - What Gets You Excited and Which Role in Cybersecurity?
There are CISOs presenting to boards – what is that you want to do in cyber?Look at people who are in those roles and reach out and talk to them – ask them what their job is like“I’ve learned so much by just asking people. For a while I was really curious – what’s a distinguished engineer…”Ask people what it’s like to be in their job and how did they get thereEngage with Diana Kelley:
LinkedIn: https://www.linkedin.com/in/dianakelleysecuritycurve/
Twitter: https://twitter.com/dianakelley14
The (Security) Balancing Act:
-
About Nick Werner:
Nick is an application security engineer and penetration tester and he is passionate about mentoring and helping others in the community break into cybersecurity. He has published a hand full of articles that discuss how to get your foot in the door, what skills are necessary for certain security positions, and how to gain those skills.
He is also a huge advocate of networking and reaching out to the right people to make opportunities happen instead of letting it come to you.
Nick is a very kind and passionate individual and you should reach out to him if you ever need help finding the right path or you just want to chat about security in general!
Contact Nick:
LinkedIn: https://www.linkedin.com/in/nick-werner-629122161/
Twitter: https://twitter.com/nicholaswernerr
Blog: https://nicholaswerner.medium.com
- Show more
