In this episode, we catch up with @mubix (Rob Fuller), a is red teamer turned purple teamer. He started his career in the United States Marine Corps working with explosives and has gone on to have a highly successful career in the security industry working at companies like Rapid7, GE, Uber, Cruise Automation and now Balck Hills Information Security, as well as contributing back in many ways to the security community and speaking at many conferences around the world.
Mubix shares his journey, stories along the way, as well as going deeper into both red and purple teaming.
In this episode, we catch up with Michael Skelton (@Codingo) Global Head of Security Operations and Researcher Enablement at Bugcrowd.
Codingo has a non-traditional career path and he shares his journey on how he got to where he is, including the challenges of breaking into the infosec industry. As someone who got to be a Top 20 bug hunter on Bugcrowd and now the Global Head of Security Operations and Researcher Enablement at Bugcrowd, Codingo shares not only career advice but also tips on bug bounties.
In this episode, we catch up with Chloé Messdaghi, VP of Strategy at Point3 Security.
Chloé is a humanitarian Advocate in the Cybersecurity space. She started her career in marketing but got the opportunity to move into infosec in 2017. Chloé shares some of the experiences that led her to nearly quit the industry but instead has gone on to become a voice in the community. As well as speaking many conferences, Chloé is the founder of WeAreHackerz (formerly known as WomenHackerz) & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine's The Uncommon Journey, and runs the Hacker Book Club.
In this episode, we catch up with Baptiste Robert, who goes by the handle @fs0c131y.
Baptiste is a Security Researcher based in France with a big focus on android. We walk through his journey from graduating with a network and telecommunication to finding vulnerabilities and creating a large following.
We also cover how has a security researcher, Baptise finds his projects and his plans for the future around battling disinformation.
In this episode, we catch up with Shubs (Shubham Shah, @infosec_au, @notnaffy), CTO of Assetnote.
A passion for hacking grew early in Shubs' life. He was demonstrating good skills in hacking but faced with a tough decision at an early age. Follow his parents wishes and attend university or his own path and get a job.
We talk through Shubs's incredible journey which saw him land his first job in the industry at 17 years old, his success in bug bounties and going on to co-found the company Assetnote.
Shubs also shares some practical tips for aspiring hackers and bug bounty hunters.
Recommended blog by Shubs on bug bounties - High frequency security bug hunting: 120 days, 120 bugs
In this episode, we catch up with Brendan Seerup, or sometimes better known as SparkleOps.
Brendan is currently a Senior Security Advisor at REA Group, but less than 5 years ago he was working as a Quality Assurance Manager. Brendan talks about how he always saw security as part of QA, hardware hacking and how he went from not presenting to speaking at six security cons in a year.
He gives practical advice for people with a similar background and talks about what the future looks like and how he can make an even bigger impact combining his skills and experience.
In this episode, we catch up with Mike Monnik, CTO of DroneSec, offensive security professional and Co-organiser of SecTalks Melbourne.
Mike was advised early in his career to pick up a specialist area. That area turned out to be drones, and a passion was formed. Starting as a side hustle and whilst working as a penetration tester, Mike started building a (not-for-profit) drone security company. This eventually turned into a business and Mike walks us through this story and what the drone security industry looks like.
He discusses what the future could look like for the industry and how others who share a similar passion could pivot into a full-time role in drone security.
Here are some resources Mike recommends:
DroneSec UAV Threat Intel Platform: https://dronesec.com/pages/notify
CREST ASSURE Program: https://www.crest-approved.org/assure/index.html
Christchurch Mosque shooter used drones to surveil target site: https://www.stuff.co.nz/national/christchurch-shooting/122232602/christchurch-mosque-terrorist-used-drone-over-mosque-before-march-15-attack
ISIS fighter killed by own drone: https://www.thesun.co.uk/news/9797095/isis-fighter-killed-by-drone-bomb/
Gangs using drones to infect pig pens: https://www.businessinsider.com/chinese-gangs-are-spreading-african-swine-fever-to-profit-2019-12?r=AU&IR=T (editors note: swine flu not bird flu as mentioned in the podcast)
Pig pen farms disrupt aviation with drone jammers: https://www.reuters.com/article/us-china-swinefever/commercial-pig-farm-in-china-jams-drone-signal-to-combat-swine-fever-crooks-idUSKBN1YO0JE
Cartels using drones as temporary airstrips: https://www.washingtonpost.com/world/2020/07/05/guatemala-cocaine-trafficking-laguna-del-tigre/
A journalist uses a drone to exfiltrate hard drives: https://www.bbc.com/news/technology-49689833
Researchers use drone projectors to disrupt smart vehicles: https://thenextweb.com/cars/2020/02/05/teslas-autopilot-dangerously-fooled-by-drone-mounted-projectors/
DJI Bug Bounty Program: https://security.dji.com/policy
In this episode, we catch up with Iain Dickson, ComfyCon AU Founder, Cyber Technical Lead for Leidos Australia.
Iain walks us through a presentation on the origins of Hackers and defines the different types of threat actors,
In this episode, we catch up with Claire Pales.
Claire is the Director and Founder of 27 Lanterns, author of The Secure CIO book, host of The Secure CIO podcast and mum of four. We cover Claire's unique insight as she comes from a security leadership background and now advises organisations in hiring their first CISO.
We also discuss the challenges of coming back to Australia with overseas experience.
In this episode, we catch up with Ofer Schreiber, Partner & Head of Israel Office at the American-Israeli venture capital firm, YL Ventures.
We talk about the cybersecurity from the lens of a venture capital firm. Ofer shares his unique background and experience having come through Unit 8200 and now looks at and manages investments on the behalf of YL Ventures.
Ofer talks about what his firm looks for when investing in entrepreneurs and provides advice for people who aspire to build the next cybersecurity startup.
In this episode, we catch up with Steve Katz, the World's first CISO.
Steve became the CISO of Citigroup in 1995. We discuss Steve's journey leading up to the role, how it came about and with no blueprint to follow, what he did in the job.
We also discuss Steve's approach to how he dealt with boards and there is plenty of advice for current and future CISOs.
In this episode, we catch up with Craig Templeton, CISO & GM Technology Platforms at REA Group.
Craig is very open about the role of a CISO and what his job looks like. He shares advice to people wanting to progress in their career and the experiences that helped him get to where he is today.
In this episode, we catch up with one of the original co-founders and organisers of BSides.
Jack talks about the origins and growth of BSides, what makes a BSides conference so unique and what it takes to run a conference.
We also hear Jack's thoughts on the current state of conferences during a global pandemic and what the future looks like for BSides.
Wendy Zenone quit her job as an aesthetician at 38, learnt to code and has progressed to working at her dream company, Netflix.
We have a fun chat discussing Wendy's journey from a very non IT role, learning to code, being a mom, landing her first job in security to where she is today.
Wendy shares her experience, tips for others wanting to move into the industry as well as advice on interviewing and the value of perseverance.
In this episode, we catch up with Security Researcher, pentester, trainer and Principal Security Engineer Eldar Marcussen.
Eldar built the source code auditing tool graudit (grep rough audit). We discuss what it's like to build a tool and some of the unknowing benefits it's led to in his career.
Eldar also shares advice for any aspiring pentesters.
Bobby Stoskopf is a Security Manager at Mailchimp, a company where he started as a Customer Support Agent.
We discuss Bobby's journey and how he became the company's first security employee and help build a security team.
Bobby also shares tips from a hiring manager's perspective.
In this episode, we catch up with Zachary Mikus a Threat Detection Engineer.
Zach left school at a young age, worked in his family business as a landscape gardener, become a cook and is now working hunting bots. Zach shares his personal story about how he got his break into the industry, working in a SOC for one of Australia's largest banks and what he does in his current role.
We discussed the skills Zach used working in a SOC and what he uses to hunt bots. Zach is passionate about supporting others and advises on what others can do to help in their career.
We catch up with Prashant Venkatesh, a specialist in Application Security and an OWASP Bay Area Chapter Lead.
With over 10 years of experience in building teams and uplifting environments in Application Security, we discuss what Application Security means to Venkatesh, how he got started in the area, how others can get started and advice for organizations that want to increase their security.
In this episode, we speak with Afterpay CISO Marc Bown.
Marc's career started on the technical side as a Penetration Tester and has progressed to become CISO for one of the fastest-growing e-commerce payment companies in the market.
We discuss the differences between working in the Bay Area and Australia, how he moved in his career and share advice for aspiring CISOs.
In this episode, we catch up with Maxie Reynolds, a specialist in Social Engineering.
Maxie left Scotland at a relatively young age and has gone on to work around the world. She worked offshore on oil rigs, become a penetration tester at a big four consulting company, started her own business and is now working as a Social Engineering Consultant.
We get to hear what about the type of engagements Maxie has worked on, the skills involved and advice for others wanting to learn about social engineering.