Episodios
-
In Episode 16 of Champions of Security, Jacob Garrison interviews Michael Tayo (U.S. Bank) & Parveen Singh.
Michael is an Assistant Vice President and Principal Information Security Engineer at U.S. Bank where he is responsible for providing visionary guidance for the enhancement of cloud and application security product offerings. With over 10 years of experience as an Information Security Professional, Michael specializes in designing and deploying cutting-edge security solutions to enhance cloud security posture, prevent cyber-attacks, and mitigate risks to help organizations remain secure throughout the digital transformation. He is a security evangelist and author with his most recent feature being Collaborative Security to Defend the Modern Threat Landscape.
Parveen is a Cloud Consultant specializing in Microsoft Azure services. He helps companies use the cloud effectively and efficiently while also keeping the security-first mindset and saving costs. He’s worked with government, software development, retail, e-learning and education organizations by helping them migrate and secure their IT infrastructure. He runs a blog at parveensingh.com and also helps IT enthusiasts find their next IT role and upskill to grow in the cloud field.
Michael, Parveen, and Jacob talk about:
↳ Deeply understanding the shared responsibility model
↳ Determining the appropriate amount of outside help
↳ Learning cloud services one step at a time
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 15, Jacob Garrison interviews Amanda Alvarez (Trace3) & Brook Schoenfield (Resilient Software Security & True Positives).
Amanda Alvarez is a DevSecOps Architect consultant at Trace3 with a passion for helping people learn more about software security. She is a highly-motivated practitioner who enjoys creating developer-oriented solutions with an emphasis on increasing effective feedback loops to help companies balance agility with security. Her mission is to spread awareness on scalable and sustainable software security programs so that people and their data remain protected from evolving threats. Outside of continuously learning more about cyber security, she enjoys gardening and hiking the mountains of Colorado.
Brook Schoenfield has authored six security books, taught 100’s of security architects, and 1000’s have attended his threat modelling trainings. He was the technical lead for five software security programs and 4 consulting practices. Brook is currently the CTO of Resilient Software Security and True Positives' Chief Software Security Strategist. He helps organizations and technical leaders improve their software security practices. He also teaches at the University of Montana.
Amanda, Brook, and Jacob talked about:
↳ Never trust and always verify
↳ Design for secure-by-default
↳ Security being a moving target
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
¿Faltan episodios?
-
In Episode 14 of Champions of Security, Jacob Garrison interviews Jeevan Singh (Director of Product Security at Twilio) and Abdul Wahab.
Jeevan enjoys building security culture within organizations and educating staff on security best practices. Jeevan is responsible for a wide variety of tasks including architecting security programs, driving security strategy and mentoring and growing security engineers and managers. Before life in the security space, Jeevan had a wide variety of development and leadership roles over the past 20 years.
Abdul Wahab is a Senior Tech Lead who loves growing engineering teams that are inquisitive, hungry to learn, and deliver lasting business solutions. When he's not doing that, he writes tech articles & tutorials via Medium to teach and give back to the global Software community, and bake cakes & pizzas.
They talk about:
↳ Celebrating security wins company-wide↳ Collaborating with engineering for stakeholder support
↳ Offering the carrot before resorting to the stickAnd so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 13 of Champions of Security, Jacob Garrison interviews Jeremiah Salamon and Tony Quadros.
Jeremiah Salamon is the Information Security Director at one of the nation’s premier law firms. He has over a decade of experience in Security Operations, Security Architecture and Engineering, and Governance, Risk & Compliance working in small businesses and large enterprise environments with regulated data. Regardless of the size or complexities of the organization, Jeremiah has successfully influenced positive security culture and helped grow security teams.
Tony Quadros is a 10+ year veteran of the cyber security vendor landscape focusing on application security. He's helped numerous enterprises, including the largest social media and insurance companies in the world, continuously improve their application security programs to ensure the software we use daily is as secure as possible.
Jeremiah, Tony, and Jacob talked about:
↳ Leveraging the security community for engaging events
↳ Driving attendance through word of mouth
↳ Using Meetup for member retention
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 12 of Champions of Security, Jacob Garrison interviews Sean Wright, Principal Application Security Engineer at Featurespace.
Sean Wright is a veteran application security engineer with software development roots. Within security, he has a particular interest in TLS encryption and supply chain attacks. He believes security teams must be business enablers with a focus on efficiency.
Sean and Jacob talk about:
↳ Manual code reviews being unscalable
↳ How transitive dependencies put you at risk
↳ Security teams needing to be business enablers
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 11 of Champions of Security, Jacob Garrison interviews Shanief Webb, Manager of Detection & Response at Okta.
Shanief is well-versed in the disciplines of computer science, cybersecurity, and digital forensics. He has over 8 years of diverse cybersecurity experience working for the FBI, Google, Cox Communications, IBM, Slack, Dropbox, and now Okta.
Shanief and Jacob talk about:
↳ Thoroughly resolving security incidents during post-mortems
↳ Detection-as-Code reducing the cost of false positives
↳ Practitioners can help others overcome security gatekeepers
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 10 of Champions of Security, Jacob Garrison hosts a live Q&A with Chris Romeo, CEO and Co-founder of Kerr Ventures, and Dustin Lehr, Head of Platform Security at Fivetran.
Dustin and Chris have each built thriving security champions programs - and today they’re helping the audience overcome objections.
They talk about:
↳ The necessary characteristics of a security champions program leader
↳ Designing a sustainable program
↳ Winning support from upper management
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 9 of Champions of Security, Jacob Garrison interviews Walter Haydock, Founder & CEO of StackAware, a cybersecurity risk management and communication platform.
Walter is also the author of the blog Deploying Securely. Previously, he was a Director of Product Management at Privacera - a data governance startup backed by Accel and Insight Partners - as well as PTC - where he helped to secure the company’s industrial IoT product lines. Before entering the private sector, he served as a professional staff member for the Homeland Security Committee of the U.S. House of Representatives, as an analyst at the National Counterterrorism Center, and as a reconnaissance and intelligence officer in the Marine Corps.
Check out Walter's AI Security Course and Generative AI security policy template:
↳ https://maven.com/harness-ai/ai-security
↳ https://www.blog.deploy-securely.com/p/deploying-securely-with-chatgpt
Walter and Jacob talk about:
↳ Business executives owning AI Security Risk
↳ Vendor management including artificial intelligence use
↳ AI security regulation's arrival
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 8 of Champions of Security, Jacob Garrison interviews Micah Jackson, Sr. Red Team Engineer at VF Corporation.
Micah Jackson is a Senior Red Team Engineer who was an application security lead when we filmed this episode. He’s a hacker who enjoys breaking things and building them back stronger. As a security enthusiast, he enjoys diving into every facet of security, from firewalls to malware reverse engineering.
Micah and Jacob talk about:
↳ Finding a cybersecurity mentor
↳ Not being afraid to say "I don't know"
↳ Leveraging adversary knowledge from outside sources
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 7 of Champions of Security, Jacob Garrison interviews Tom Kanan, Sr. Strategic Account Executive at Cobalt.
Tom is a nine-year veteran of business-to-business security sales. He’s an active member of OWASP and the Cloud Security Alliance who believes in deeply understanding his customer’s business needs. Tom uses a customer-centric sales process that prioritizes quality over quality.
Tom and Jacob talk about:
↳ Salespeople see confidential data
↳ Scammers target salespeople during crises
↳ Reducing sales noise requires executive buy-in
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 6 of Champions of Security, Jacob Garrison interviews Rajendra Umadas, Head of InfoSec at ActBlue.
Raj leads the security team over at Actblue. Over the years, he has been lucky to work with some great people and in some truly interesting organizations. From his time pentesting and focusing on embedded systems security at The Intrepidus Group, to being a security engineer securing systems over at Etsy and Spotify, to starting and running platform security teams over at WeWork and Compass, he has had an opportunity to secure all the things across all the stacks. A thread that ties all of these experiences together for Raj, is being sure to lead and solve problems in a first principled manner root deeply in understanding the problems of his stakeholders. This ensures that he can avoiding security "best practices" implementations for "best practices" sake.
Raj and Jacob talk about:
↳ Security professionals needing to take care of themselves
↳ Adjusting your risk tolerance to increase productivity
↳ The traditional SDLC is now dead
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 5 of Champions of Security, Jacob Garrison interviews Soufiane Alami, Cyber Security Specialist at Ford Motor Company.
Soufiane Alami is an application security engineer at Ford Motors with a passion for cybersecurity. With his expertise in offensive security, he has been able to identify vulnerabilities and protect critical systems and data from cyber-attacks. In addition to his work at Ford, he also enjoys pursuing bug bounties and has been successful in finding and reporting vulnerabilities in various software applications. His commitment to cybersecurity has been recognized with his certifications from Offensive Security, Portswigger, and Cisco. Through his work and experiences, Soufiane strives to improve the security of our digital world and protect against cyber threats.
Soufiane and Jacob talk about:
↳ How cryptography is utilized in today’s cars.
↳ Specific attacks that defeat modern vehicle defenses.
↳ Managing security efforts across a vast global corporation.
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 4 of Champions of Security, Jacob Garrison interviews Justus Post, Principal Cybersecurity Architect at Bose.
Justus is a seasoned security professional who brings his Secure by Design philosophy everywhere he goes. If you’ve ever wondered how to build an effective relationship between security and development, or if you’re looking into transformation projects to level up your security posture, Justus is ready to share his wealth of knowledge with you.
Justus and Jacob talk about:
↳ It’s essential to take the initiative and learn security concepts independently - many resources are available.
↳ Companies can utilize lunch and learns to create a more robust security culture.
↳ Security practitioners must be able to make a business case for the technologies they need for their job.
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 3 of Champions of Security, Jacob Garrison interviews David Ethington, Information Security Architect at Paramount.
David has more than 20 years of experience as an IT Security Manager, intelligence officer, cybersecurity team leader, and senior security consultant, and IT Security Manager. David served in the United States Army, specializing in intelligence operations and cybersecurity. He was also a senior information security consultant, with extensive experience in penetration testing and auditing financial institutions. He was also previously the Security Manager for 3Degrees. He is currently working at Paramount as a Security Engineer. David has experience in both offensive and defensive cybersecurity, as well as systems administration and programming. He holds a bachelor’s degree in IT, and a master’s degree in Information Systems Engineering, as well as certifications such as CISSP, PNPT, Certified Ethical Hacker ITIL, and Project+. Previous certifications include Security+ and CCNA.
David and Jacob talk about:
↳ If you want to be in security, pick one specific branch and start learning the technical skills.
↳ Attackers look for common weaknesses - most attacks rely on simple mistakes.
↳ Companies must plan for compromise and adjust their permissions accordingly.
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 2 of Champions of Security, Jacob Garrison interviews Vimalathithan Rajasekaran, Security Architect at PROS.
Vimal began his career as a software developer before moving into application security. He led development efforts at Visa, Safeway, and United Airlines. He’s currently working as a security architect at PROS where he helps build security into the software development culture.
Vimal and Jacob talk about:
↳ Developers benefiting from a security influence early in their careers.
↳ Security teams should determine which developers care about security and then work with those individuals.
↳ If you want to break into security, learn the acronyms and industry terms.
And so much more!
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!
-
In Episode 1 of Champions of Security, Jacob Garrison interviews Andrés Mayhew, Sr. Manager SRE at Apixio.
Andrés brings over 25 years of experience with large scale Internet operations. He has worked in the trenches of Netscape, Napster, VeriSign, Rivian, and nearly a dozen start-ups. The teams he’s led have enabled developers to own their applications end-to-end through the entire software lifecycle. With an underlying mantra that “execution is a feature,” he has pushed development teams to consider a production-first mentality. This means considering the fault-tolerance, scaling, security, and costs requirements on equal terms as features and functionality. His work includes deploying, maintaining, and updating high traffic web properties while running with five 9's of availability. At VeriSign he was responsible for full-cycle development and implementation for core PKI infrastructure services which supported billions of daily transactions.
Andrés and Jacob talk about:
↳ Security and Operations teams needing to focus on their production environments continuously.
↳ Demonstrating how security is a value add rather than a cost center.
↳ Deployments continuing to change - stay tuned for the future of microservices.
And so much more.
Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe.
We hope you enjoy it!