Cyber Security Interviews

By Douglas A. Brush | Weekly Interviews w/ InfoSec Pros

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Tech News

Open in Apple Podcasts

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 289
Reviews: 1

 Nov 11, 2018
This podcast seems to found the balance needed for people trying to get into the field. Very informative and just the right amount of technical information


There is “no one way” to start and stay in the field of cyber security. Whether you are involved from the military, law enforcement, consulting, or IT services, it doesn’t matter. I have had countless discussions for years with other professionals online, at conferences, or over drinks, which have changed the way I think about cyber security. That is where this podcast comes in. What if I can capture those moments and frank discussions? I want to share the stories from other cyber security leaders and influencers so everyone can learn from their respective journeys and challenges. Why did they take the path they did? Who were their mentors? How did they tackle some of their biggest career challenges? By hearing how the industry leaders and influencers got to where they are and how they overcame some of the problems they faced, I hope to shed light on the path for other professionals. I will discover what motivates them, explore their journey in cyber security, and discuss where they think the industry is going.

Episode Date
#122 – Leeann Nicolo: Go For It
23:55 (Leeann Nicolo) is the Incident Response lead at (The Coalition) and specializes in digital forensics and cyber investigations. She has conducted investigations into ransomware, phishing, hacking, data breaches, trade secret theft, and employee malfeasance. Leeann has investigated thousands of digital devices and has extensive subject matter expertise in Windows enterprise forensics, mobile device forensics, business email compromise, cloud security, and ransomware. Prior to joining Coalition, Leeann worked at (Kivu Consulting) in Denver and (Kraft Kennedy) in New York City overseeing complex cyber investigations and discovery matters for law firms and large multinational corporate clients. She conducted her undergraduate studies at the University of Albany in Information Systems, then achieved my (Masters of Science in Cybersecurity at Pace University). She is also a (SANS Lethal Forensicator Coin Holder) and on the GIAC Advisory Board. In this episode, we discuss her start in information technology, how she made the move to cybersecurity, the discrimination she has faced in the industry, becoming a manager, strong women role models, mentoring others, and so much more. Where you can find Leeann: (LinkedIn) (The Coalition) (Wall Street Journal)
Jul 19, 2021
#121 – Shannon Brazil: Teach Business to Tech People
37:06 (Shannon Brazil )is a Senior Cyber Security Specialist working within a CIRT of a Canadian Fortune 500. She has been in IT for over 12 years, with the last three years in Cybercrime investigations with law enforcement and recently moving into the private sector to focus on Digital Forensic analysis and investigations and Incident Response. As a hobby, Shannon dives into OSINT CTFs, helps promote young women to enter the STEM industry through Technovation - an innovative program for young entrepreneurs, and offers mentorship to those looking to venture into Cyber Security. She is also a course designer and developer with her local college that aims to arm the new generations with tactics, techniques, and knowledge in becoming experts in Digital Forensics and Investigations. In this episode, we discuss starting as a chef, skills learned from culinary arts, moving from IT to investigations, burnout and self-care, mentors she follows, why she mentors others, diversity and inclusion, and so much more. Where you can find Shannon: (LinkedIn) (Twitter) Website
Jun 28, 2021
#120 – Cimone Wright-Hamor: Cybersecurity Is An Applied Field
35:22 (Cimone Wright-Hamor) works at (Pacific Northwest National Laboratory) (PNNL) as a cybersecurity researcher while pursuing a Ph.D. in Computer Engineering at Iowa State University. She has spent the last decade of her life interning at a variety of organizations. She has had ten internships at more than six different organizations, including public and private industries ranging from Fortune 500 companies like (Microsoft) to successful startups such as (Smart-Ag), state government, and national laboratories. Cimone has spent the last five years of her career working in the cybersecurity field. While completing research, she has helped protect the infrastructure for the State of Iowa and ensured that startup companies are developing software with security in mind. In this episode, we discuss getting started in information security due to responding to an incident, an early upbringing which prepared her for cybersecurity, bridging theory to engineering, teaming with dev and security teams, the importance of project updates, increasing diversity in the industry, and so much more. Where you can find Cimone: (LinkedIn) (blackcomputeHER) (PNNL)
Jun 21, 2021
#119 – Jenna Waters: This Is My Team
47:36 (Jenna Waters )is a Cybersecurity Consultant at (True Digital Security) where she specializes in information security program development, industry compliance assessments, threat intelligence, and cloud security controls. She is an experienced professional who consults with companies across multiple industries in achieving security-related best practices and/or regulatory compliance objectives related to risk management and compliance frameworks, and various privacy laws throughout the United States. Jenna began her career in the United States Navy working under the (U.S. Fleet Cyber Command at the Naval Intelligence Operations Center (NIOC)) and with the National Security Agency (NSA). Afterward, she graduated from the (University of Tulsa )with a degree in Computer Information Systems. Jenna is passionate about sharing her knowledge of cybersecurity with business owners, public policy leaders, and healthcare, financial, and tech industry members. When she isn’t busy helping her clients protect their customers’ data, Jenna is a voracious reader, aspiring hobbyist, and dog mom of two. In this episode, we discuss starting cybersecurity with the U.S. Navy, tying spoken languages to coding languages, leading and managing people, building an information security program, getting leadership buy-in, using frameworks for resiliency, diversity and inclusion, and so much more. Where you can find Jenna: (LinkedIn) (Twitter) (Blog)
Jun 14, 2021
#118 – Nato Riley: Reinvent Reality and Reinvent the World
55:02 (Nato Riley) is an Integrations Engineer at (Blumira) and the Co-founder of (Cloud Underground). Nato provides infrastructure, code, and security across all his efforts and is focused on helping Blumira build the most effective and efficient SIEM on the market for small to mid-sized businesses. He is the host of the “Nato as Code” and the " (Cloud Underground)" productions on YouTube, the creator and maintainer of the Olympiad platform, and the founder of (notiaPoint) (now known as (Cloud Underground)). In this episode, we discuss starting in technology repairing computers, going to school for public speaking, finding passion in information security, trying too hard to pass certification tests, going out on his own, mentorships, burnout, diversity, and so much more. Where you can find Nato: (LinkedIn) (Twitter) (Nato as Code - YouTube) (Cloud Undeground - YouTube)
Jun 07, 2021
#117 – Sara Avery: Go After What You Want
53:47 (Sara Avery) is a Regional Sales Manager at (Zscaler). She has held various positions over the past 20 years in the Information Technology field and discovered her passion for information security 15 years ago. Her career has largely been spent in sales and account management with a laser focus on my customer's success. Sara's tenured experience in cybersecurity has given her a strong understanding of the complex technology and intelligence required to keep enterprises secure. From a young age, she was raised to be a strong female and leader. Her mother, along with other trailblazing women, campaigned to start the Equal Rights Amendment in Colorado in the early 1970s. With a passion for helping others, Sara wanted to start a group that would help, mentor, learn and guide women and founded (Women in Cyber Security, ISSA Denver). Her vision was to find a way to inspire and support women in all areas of information security, as well as develop and mentor the younger female generation for the future of the dynamic and ever-changing world of information security. In this episode, we discuss her early start with Y2K, why she helped start Women In Security with the Denver ISSA chapter, the evolution of communications with workstyles, getting young girls into STEM, how she is championing equality at work, dealing with gaslighting, mansplaining, and microaggressions, removing the stigma of "the hacker," and so much more! Where you can find Sara: (LinkedIn) (Women In Security - ISSA Denver)
Mar 15, 2021
#116 – Jennifer Brown: This Is A Wakeup Call
57:46 (Jennifer Brown) is an award-winning entrepreneur, (speaker), diversity and inclusion consultant, and author. As the successful founder, president, and (CEO of Jennifer Brown Consulting), headquartered in New York City, Jennifer is responsible for designing workplace strategies that have been implemented by some of the biggest companies and nonprofits in the world. She has harnessed more than 14 years of experience as a world-renowned diversity and inclusion expert through consulting work, keynoting, and thought leadership. Jennifer has spoken at many top conferences and events such as the International Diversity Forum, the Global D&I Summit, the Forum for Workplace Inclusion, the NGLCC International Business & Leadership Conference, the Out & Equal Workplace Summit, Emerging Women, as well as at organizations such as the Bill and Melinda Gates Foundation, the NBA, Google, IBM, and more. She is the bestselling author of; (Inclusion: Diversity, The New Workplace and The Will to Change) and a new book; (How To Be An Inclusive Leader: Your Role in Creating Cultures of Belonging Where Everyone Can Thrive). Jennifer is the host of the popular weekly podcast, (The Will to Change), which uncovers true stories of diversity and inclusion. In this episode, we discuss being an ally to underrepresented groups, biases in the workplace, how the COVID crisis has shed a light on diversity, how leadership needs to change the culture, removing harmful processes, finding diverse mentors, the risks to business by not embracing diversity, and so much more. Where to find Jennifer: (LinkedIn) (Twitter) (Amazon) (Blog and Website)
Mar 01, 2021
#115 – Alyssa Miller: We Are Lacking Empathy
50:56 (Alyssa Miller) leads the security strategy for (S&P Global Ratings) as Business Information Security Officer (BISO), connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust. A native of Milwaukee, Alyssa began her IT career as a programmer for a Wisconsin-based financial software provider. Her security passion quickly shaped her career as she moved into a leadership role within the ethical hacking team, conducting penetration testing and application assessments along with her team. As a hacker, Alyssa has a passion for security that she evangelizes to business leaders and industry audiences through her work as a cybersecurity professional and through her various public speaking engagements. When not engaged in security research and advocacy, she is also an accomplished soccer referee, guitarist, and photographer. In this episode, we discuss why she misses conferences, starting with computers at an early age, diversity, equity, and inclusion, the discrimination she has faced, the lack of understanding of privilege, discriminatory hiring practices, how to be an ally, and so much more! Where you can find Alyssa: (LinkedIn) (Twitter) (Alyssa In-Security) (Thinkers360)
Feb 22, 2021
#114 – Chloé Messdaghi: How Can We Do Better
51:47 (Chloé Messdaghi) is the Chief Strategist at (Point3 Security). In addition to her passion for keeping people safe and empowered both on and offline, she is also interested in increasing the numbers of marginalized genders in information security. She is the Co-Founder of (Women of Security (WoSEC)) and (Hacking is NOT a Crime) and the Founder of (WeAreHackerz (WomenHackerz)). Chloé is a keynote speaker at major information security conferences and events and serves as a trusted source for national and sector reporters and editors. She holds a master of science (MS) from the University of Edinburgh, and a BA in international relations from the University of California, Davis, as well as a certificate in entrepreneurship from Wharton and other professional certificates. In this episode, we discuss the adjustment to conferences from home, feeling unwelcome in cybersecurity as a woman, pivotal moments that kept her in security, making real changes in diversity, equity, and inclusion, how biases develop, removing the bro-culture in management, changing the perceptions of hackers, and so much more! Where you can find Chloé: (LinkedIn) (Twitter) (Personal Page)
Feb 15, 2021
#113 – Julian Waits: Diversity of Thought
55:50 (Julian Waits) is the general manager of cybersecurity at (Devo Technology). He has over 30 years of experience in senior leadership roles at technology companies, specializing in security, risk, and threat detection. He serves on several industry boards, including the (International Consortium of Minority Cybersecurity Professionals (ICMCP)) and (National Cybersecurity STEM Education (NICE)), promoting the development of the next generation of cybersecurity professionals. In this episode, we discuss missing travel, working more in COVID-19, recruiting from non-traditional places, diversity, equity, and inclusion, his start in music before technology, changing people's understanding of differences, removing unconscious biases, his mentors, why language matters, and so much more! Where you can find Julian: (LinkedIn) (Twitter)
Feb 08, 2021
#112: Douglas Brush – Pain Is Inevitable, Suffering Is Optional
This is the last episode in the five-part series on mental health, self-care, and neurodiversity. This will not be the last time I speak about these issues on the podcast. I encourage everyone to take these issues seriously and help remove stigmas and champion differences in the way our brains work. Cybersecurity professionals spend most of their day focused on the health and wellbeing of the environments in their care. However, the cost of reducing risk and keeping our networks safe often comes at the price of our professionals' mental health. Many InfoSec professionals burn out, suffer from anxiety and depression, and turn to unhealthy coping mechanisms, which further exacerbate underlying psychological and physical health issues. This is an abridged version of one of my public presentations on mental health. My goal is to alleviate the stigma around mental health and stress the importance of open and frank dialogs about this serious issue impacting our community. I will share my journey, reverse engineer the stigma of mental health in business, and look at ways we can hack mental health in productive and meaningful ways. Episode Disclaimer: This podcast's information is not intended or implied as a substitute for professional medical advice, diagnosis, or treatment. We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.
Feb 01, 2021
#111 – Danny Akacki: Work Worth Doing
01:03:56 (Danny Akacki) is just a storyteller perpetually looking for a stage. He loves nothing more than attending conferences, giving talks, writing blogs, and finding new ways to reach as many people as he can to educate about cybersecurity. For him, there is no greater satisfaction than community building. Danny has been fortunate enough to spend his career in Defense, learning from some of the best in the business, including teams at Mandiant, GE capital & most recently as a Technology Advocate with Splunk. He loves what he does and the people he gets to do it with. In this episode, we discuss his mental health journey, adjusting to a new role during COVID-19, finding outlets for stress release, if mental health issues are worse in cybersecurity, neurodiversity, PTSD, and so much more. Where you can find Danny: LinkedIn (Twitter) (YouTube) (Twitch) Episode Disclaimer: This podcast's information is not intended or implied as a substitute for professional medical advice, diagnosis, or treatment. We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.
Jan 25, 2021
#110 – Ryan Louie: Security Starts In the Mind
47:30 (Ryan K. Louie), MD, Ph.D. is a board-certified psychiatrist focusing on the mental health impact of cybersecurity, and the psychiatry of entrepreneurship. Ryan received his MD and Ph.D. degrees from the Stanford University School of Medicine and completed residency training in psychiatry at the University of Hawaii Department of Psychiatry. Ryan completed an internship with the Office of International Health and Biodefense at the US Department of State and was the recipient of a Fulbright Fellowship to Japan. Ryan has published academic articles in psychiatry and cell biology and is the inventor of the patented microtubule lumen-cast nanowire technology. In this episode, we discuss the stigmas of mental health, coping skills, the economic costs for not addressing mental health, neurodiversity, handling COVID-19 stress, removing job pressures in information security, and so much more! Where you can find Ryan: (LinkedIn) (Twitter) Episode Disclaimer: This podcast's information is not intended or implied as a substitute for professional medical advice, diagnosis, or treatment. We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.
Jan 18, 2021
#109 – Amanda Berlin: Happier People Stay Longer
49:13 (Amanda Berlin) is the Lead Incident Detection Engineer for (Blumira) and the CEO and owner of the nonprofit corporation (Mental Health Hackers). She is the author of a Blue Team best practices book called " (Defensive Security Handbook: Best Practices for Securing Infrastructure)” with Lee Brotherston through O'Reilly Media. She is a co-host on the (Brakeing Down Security podcast) and writes for several blogs. Amanda is an avid volunteer and mental health advocate. She has presented at a large number of conventions, meetings, and industry events such as DerbyCon, O’Reilly Security, GrrCon, and DEFCON. In this episode, we discuss her start in help desk, speaking amount mental health, depression and anxiety, men's reluctance to report health issues, neurodiversity, how organizations can encourage self-care, using medication, the Mental Health Hackers organization, and so much more. Where you can find Amanda: (LinkedIn) (Twitter - InfoSystir) (Twitter - Mental Health Hackers) (Mental Health Hackers) (Brakeing Down Security Podcast) Episode Disclaimer: This podcast's information is not intended or implied as a substitute for professional medical advice, diagnosis, or treatment. We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.
Jan 11, 2021
#108 – Bill Hudenko: The Mind Body Connection
Bill Hudenko, Ph.D. has significant experience in the fields of both mental health and technology. Dr. Hudenko is a licensed psychologist, a researcher, and a professor who holds a joint appointment as a faculty member at (Dartmouth's Department of Psychological and Brain Sciences) and (Dartmouth’s Geisel School of Medicine).  His research focuses on the use of technology to improve mental health delivery and patient outcomes. Dr. Hudenko is also an experienced software engineer and former database administrator for the National Center for Post-Traumatic Stress Disorder. Dr. Hudenko is currently the CEO of (Trusst Health Inc.), a company devoted to providing high quality, affordable remote psychotherapy via messaging. In this episode, we discuss his background in brain and computer sciences, the intersection of technology and mental health, our brains' development, neurodiversity, mental health stigma, decision making, and so much more! Where you can find Bill: LinkedIn (Dartmouth's Department of Psychological and Brain Sciences) (Dartmouth’s Geisel School of Medicine) Episode Disclaimer: This podcast's information is not intended or implied to be a substitute for professional medical advice, diagnosis, or treatment. We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.
Jan 04, 2021
#107 – Daniel Wood: We Don’t Have Enough Skilled People
38:00 (Daniel Wood )is the Associate Vice President of Consulting at (Bishop Fox), where he leads all service lines, develops strategic initiatives, and has established the Applied Research and Development program. Daniel has over 15 years of experience in cybersecurity and is a subject matter expert in red teaming, insider threat, and counterintelligence. Daniel was previously the manager of security engineering and technology at Bridgewater Associates, where he shaped the strategic direction of technology for the firm and oversaw technical security assessments of Bridgewater’s international office expansions. Daniel has also served in roles supporting the U.S. government in security architecture, engineering, and offensive operations as a Security Engineer and Red Team Leader. He supported the U.S. Special Operations Command (USSOCOM) on red teaming and digital warfare operations, and the U.S. Army on the Wargaming Cyber Effects on Soldiers’ Decision-Making project. In this episode, we discuss adapting to COVID-19, focusing on red teaming, cloud security architecture, responsible vulnerability disclosure, ICS security, compliance versus security, his work with the US military and cybersecurity, diversity in information security, and so much more! Where you can find Daniel: (LinkedIn) (Bishop Fox Blog)
Dec 28, 2020
#106 – Jasson Casey: Hire Missionaries, Not Mercanaries
48:06 (Jasson Casey) is the CTO of Beyond Identity, a passwordless identity management provider. He also serves as a Fellow in CyberSecurity with the (Center for Strategic and International Studies) (CSIS) and the (National Security Institute )(NSI). Previously, Jasson was CTO of (SecurityScorecard), VP of Engineering at (IronNet Cybersecurity), Founder and Executive Director of (Flowgrammable) and Compiled Networks, and served in other technical and executive roles. Jasson received a bachelor’s degree in computer engineering from The University of Texas at Austin and a Ph.D. in computer engineering from Texas A&M University. In this episode, we discuss adjusting to COVID-19, his start in VoIP, third party security management, security without passwords, why you are a target, the role of a CTO, using the right language in security, start-up hiring, and so much more! Where you can find Jasson: (LinkedIn) (Twitter) (Blog)
Dec 21, 2020
#105 – John Hammond: Raise The Cyber Security Poverty Line
38:24 (John Hammond) is a Security Researcher at (Huntress) as well as a cybersecurity instructor, developer, red teamer, and CTF enthusiast. John is a former (Department of Defense Cyber Training Academy) curriculum developer and teacher for the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages and the adversarial mindset. He personally developed training material and infosec challenges for events such as PicoCTF and the "Capture the Packet" competition at (DEFCON) US. John speaks at security conferences such as (BsidesNoVA), to students at colleges such as the University of North Carolina Greensboro, and other events like the (SANS Holiday Hack Challenge/)KringleCon. He is an online (YouTube personality) showcasing programming tutorials, cybersecurity guides, and CTF video walkthroughs. In this episode, we discuss how he started in pen-testing, contributing to the community, pen-testing vs purple teaming, setting the rules for engagement, solving the same problems, diversity and inclusion, and so much more. Where you can find John: (LinkedIn) (Twitter) (YouTube) (GitHub)
Dec 14, 2020
#104 – David Wong: Many Layers of Complexity
43:24 (David Wong) is a security engineer working on the (libra Blockchain) at Facebook. He is an active contributor to internet standards like Transport Layer Security and to the applied cryptography research community. David is a recognized authority in the field of applied cryptography; he’s spoken at large security conferences like Black Hat and (DEF CON) and has delivered cryptography training sessions in the industry. He is the author of the soon-to-be-published (Real-World Cryptography book). In this episode, we discuss why he focused on cryptography, the evolution of blockchain, his contributions to TLS, the Noise Protocol Framework, quantum computing, why he wrote a book on crypto, presenting and teaching cryptography, sanitizing data, and so much more! Where you can find David: (LinkedIn) (Twitter) (Real-Word Cryptography) ( (
Dec 07, 2020
#103 – Jeff Hussey: Try Not To Make More Than One Mistake In a Row
47:18 (Jeff Hussey) is the President and CEO of (Tempered). Jeff, the founder of (F5 Networks), is an accomplished entrepreneur with a proven track record in the networking and security markets. He maintains several board positions across a variety of technology, nonprofit and philanthropic organizations and currently is the chairman of the board for Carena and chairman and co-owner of (Ecofiltro) and (PuraVidaCreateGood). Jeff also serves on the board for Webaroo and the Seattle Symphony. He was the chairman of the board for Lockdown Networks, which was sold to McAfee in 2008. Hussey received a BA in Finance from SPU and an MBA from the University of Washington. In this episode, we discuss adjusting to a remote workforce with a start-up, founding F5 Networks, developing a userbase community, tips for information security product success, IoT and OT cybersecurity, the (Host Identity Protocol), healthcare security, prioritizing efforts as a founder, what gets him out of the bed in the morning, and so much more! Where you can find Jeff: (LinkedIn) (Tempered)
Nov 30, 2020
#102 – John Ford: Keeping The Organization Informed
John Ford is the Cybersecurity Strategist at (IronNet) and is an information security veteran with over twenty years in a wide variety of roles. Prior to IronNet, John was CISO for ConnectWise, the global leader in providing software solutions for Managed Services Providers. In this role, he was accountable for customer-facing security activities, product security, and served as an advisor to the CEO and leadership team. Before joining IronNet, John founded Sienna Group, a firm dedicated to providing data protection solutions to enterprise organizations, and has held executive roles in the healthcare industry. In this episode, we discuss healthcare security, compliance versus security, HIPAA regulation and privacy, intellectual property protection, real-time information sharing, ransomware in hospitals, recommendations for new CISOs, and so much more! Where you can find John: (LinkedIn) (IronNet Blog)
Nov 23, 2020
#101 – Brandon Hoffman: Align Security To Business Outcomes
38:50 (Brandon Hoffman) is the CISO & Head of Security Strategy at (Netenrich). Brandon is an admired security executive responsible for Netenrich’s technical sales and security strategy for both the company and its customers. Most recently, he oversaw solution architecture for (Intel 471)’s dark web threat intelligence business. As former CTO at (Lumeta Corporation) and (RedSeal Networks), Brandon led technical and field development in network security, vulnerability, and risk. He’s also held key practitioner roles focused in security architecture, penetration testing, networking, and data center operations. Brandon holds an MS degree from Northwestern University and a BS degree from the University of Illinois at Chicago. In this episode, we discuss adapting to COVID, accidentally getting into security, designing the intelligent SOC, a risk-based approach to information security, measuring cybersecurity outcomes, cyber insurance, risk management frameworks, and so much more! Where you can find Brandon: (LinkedIn) (Twitter) (Netenrich Blog)
Nov 16, 2020
#100 – Douglas Brush: Cybersecurity Is Psychological
This is a special episode where we celebrate the 100th episode of the Cyber Security Interviews podcast! In this episode, I have the mic turned back on me by a past guest, great friend, and an amazing asset to the community, (Nadean Tanner). She crowdsourced some questions, but head plenty of her own as well as we did this Ask Me Anything special episode. Douglas Brush is an information security executive with over 26 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, Douglas has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues. He also serves as a federally court-appointed Special Master and neutral expert in high profile litigation matters involving privacy, security, and eDiscovery. Currently, he is at Splunk where he works with Fortune 500 organizations to improve their security operations and reduce business risk from cyber-attacks. He is also the founder and host of (Cyber Security Interviews), a popular information security podcast. In this episode, we discuss why I started the podcast, impostor syndrome, guests I would like to have on the show, my focus on mental health and diversity, important soft skills, talents versus skills, what's in my fridge, and so much more!
Nov 09, 2020
#099 – Fredrick Lee (Flee): Security Should Be Lovable
01:04:22 (Fredrick "Flee" Lee) is the Chief Security Officer at (Gusto), where he leads information and physical security strategies including consumer protection, compliance, governance, and risk. Before Gusto, Lee spent more than 15 years leading global information security and privacy efforts at large financial services companies and technology startups, most recently as Square's Head of Information Security. He previously held senior security and privacy roles at Bank of America, NetSuite, and Twilio. Lee was born and raised in Mississippi and holds a bachelor's degree in computer engineering from the University of Oklahoma. In this episode, we discuss COVID response, three-dimensional communications, security as an enabler, integrating security and engineering teams, the information security skills shortage, diversity and inclusion in cybersecurity, his early mentors, and so much more. Where you can find Flee: (LinkedIn) (Twitter)
Aug 24, 2020
#098 – Andrea Roberson: Reach Out to Others
35:19 (Andrea Roberson) is a product manager at Centrify Corporation, where she directs the product roadmap for Centrify Privileged Access Service. She was previously a technical support engineer at the company for almost two years and has held several engineering and support roles during her career including at Google and Apple. She has a Bachelor of Science degree in Computer Science from Spelman College, where she was a member of the (National Society of Black Engineers), the (Association for Computing Machinery), and (SpelBots). In this episode, we discuss working with product teams remotely, moving from IT to information security, securing remote access, diversity and inclusion in cybersecurity, mentoring others, self-care and mental health, new threats due to COVID, and so much more. Where you can find Andrea: (LinkedIn) (Centrify Blog)
Aug 10, 2020
#097 – HD Moore: The New Normal
35:43 (HD Moore) is the founder and CEO of (Rumble Network Discovery); a platform designed to make asset inventory quick and easy by combining active scanning with innovative research. Prior to starting Rumble, HD was best known as the founder of the (Metasploit Project), the foremost open-source exploit development framework, and continues to be a prolific researcher and occasional speaker at security events. In this episode, we discuss starting with BBSs back in the day, starting the Metasploit project, (project Sonar), his development of Rumble Networks, securing home networks, fingerprinting networks, jump boxes in IoT networks, and so much more. Where you can find HD: (LinkedIn) (Twitter) (Blog)
Aug 03, 2020
#096 – Gabe Gumbs: Data Is An Asset
38:12 (Gabe Gumbs) has a deep-rooted passion for technology, information security, and problem-solving. As Chief Innovation Officer of (Spirion)—a leader in rapid identification and protection of sensitive data—he’s channeling that passion to make the digital world a safer place. Wielding a unique mix of technical vision, marketing, and business acumen, Gabe is shaping the future of data security and protecting the sensitive personal data of customers, colleagues, and communities around the world. Despite having held a range of leadership positions in security technology— including VP of Product Strategy at STEALTHbits and Director of Research & Products at WhiteHat Security—Gabe considers his most valuable experience to be the time he spent on the ground as a security practitioner. Thanks to his intimate understanding of the real issues security professionals face on the front lines, he’s able to identify the core of the problem and create innovative solutions that push data security technology forward. In this episode, we discuss his early starts with the (2600 meet-ups), privacy versus security, speaking to executives in their language, cloud security, information security skills shortages, training legal teams for cyber, how to get started in cybersecurity, and so much more. Where you can find Gabe: (LinkedIn) (Twitter) (Spirion Blog & Podcast)
Jul 20, 2020
#095 – Shahrokh Shahidzadeh: Education Is a Big Part of IT
38:08 (Shahrokh Shahidzadeh) is the CEO of (Acceptto). Shahrokh is a seasoned technologist and leader with 29 years of contribution to modern computer architecture, device identity, platform trust elevation, large IoT initiatives, and ambient intelligence research with more than 25 issued and pending patents. Before Acceptto, Shahrokh was a senior principal technologist contributing to Intel Corporation for 25 years in a variety of leadership positions where he architected and led multiple billion-dollar product initiatives. In this episode, we discuss evolving authentication, SSO and MFA challenges, anomalous behavior detection, enforcing least privilege, his time with Intel, AI and ML, multi-cloud security, securing home users, and so much more. Where you can find Shahrokh: (LinkedIn) (Twitter) (Acceptto)
Jul 13, 2020
#094 – Deborah Golden: How Can I Support You Today
46:12 (Deborah Golden) is the US Cyber & Strategic Risk leader for (Deloitte Risk & Financial Advisory). In the prior six years, Deborah served as the Government & Public Services (GPS) Cyber Risk Services leader, as well as the GPS Advisory Market Offering leader, GPS Empowered Well-Being leader and the lead principal for a major federal government health care provider. Deb has more than 25 years of information technology experience spanning numerous industries, with an in-depth focus on government and public services, life sciences and health care, and financial services. Deb received a bachelor’s degree in Finance at Virginia Tech and a master’s degree in Information Technology at George Washington University. She serves on Virginia Tech’s Business Information Technology and Masters in Information Technology Advisory Boards is a self-proclaimed fitness junky and avid traveler and trains service dogs with the (Guide Dog Foundation) in her spare time. In this episode, we discuss mental health awareness, her 1-3-5-15 routine, working with clients remotely, COVID-19 cybersecurity spend, securing home networks, diversity in the cyber workplace, The Guide Dog Foundation, and so much more. Where you can find Deb: (LinkedIn) (Twitter) (Deloitte Bio) (Guide Dog Foundation)
Jul 06, 2020
#093 – Kyle Hanslovan & Chris Bisnett: Crimeware Is a Business
52:30 (Kyle Hanslovan) comes to (Huntress Labs) from the U.S. Intelligence Community, where he supported defensive and offensive cyber operations for the past decade. He previously co-founded the defense consulting firm StrategicIO and actively participates in the ethical hacking community as a Black Hat conference trainer, STEM mentor, and Def Con CTF champion. Additionally, he serves in the Maryland Air National Guard as a Cyber Warfare Operator. (Chris Bisnett) is a veteran information security researcher with more than a decade of experience in offensive and defensive cyber operations. While serving with the NSA RedTeam, he attacked government networks and systems to identify and remedy vulnerabilities. Chris is also a recognized Black Hat conference trainer and has taught his “ (Fuzzing For Vulnerabilities)” course at several events around the world. Before founding Huntress Labs, Chris co-founded LegalConfirm, LLC, where he led product design and development until the company was acquired in 2014. In this episode, we discuss incident response planning, their early starts in offensive theaters, red teaming, Ransomware-as-a-Service, small business and enterprise threats, breaking bad news to clients, holding leadership accountable, hacking back, tips and resources for start-ups, warnings for founders, and so much more. (Note: If you are interested in start-ups and being a founder, (Daniel Ayala) and I created a regularly updated blog for founders and start-ups: (Hang Out A Shingle – Starting Your Cybersecurity Company). Where you can find Kyle and Chris: (LinkedIn - Kyle) (LinkedIn - Chris) (Twitter - Kyle) (Twitter - Chris) (Huntress Blog)
Jun 29, 2020
#092 – Jack Kudale: You Gotta Have More Cowbell
51:19 (Jack Kudale) is Founder and CEO at (Cowbell Cyber) with over two decades of business executive experience. Previous senior roles include COO at Cavirin, CEO at Lacework, both cloud security startups; SnapLogic, a leader in hybrid cloud integration; and CA Technologies, where Jack led DevOps sales for the Fortune 500 leader. With deep operational experience in the DevOps, Cybersecurity, IT Ops, & Big Data spaces, Jack leads Cowbell to execute on its vision of bridging the cyber insurability gap. Jack also serves as a governing board member of (Brighter Children), a non-profit organization. In this episode, we discuss the importance of cyber insurance, risk management, the difference between cyber insurance vs other insurance products, the risks COVID-19 pose to small businesses, right-sizing cyber insurance policies, industries that are targets for attackers, and so much more. Where you can find Jack: (LinkedIn) (Twitter) (Cowbell Cyber Blog)
Jun 22, 2020
#091 – Daniel Ayala: Does This Help Us
57:38 (Daniel Ayala) is the Founder, and Managing Partner for (Secratic), a strategic information security, and privacy consultancy focused on helping companies protect data and information, and be prepared before incidents happen. Daniel is also currently serving as the Interim Chief Information Security Officer for Michigan State University. Throughout his 24 year career, he has led security organizations large and small in banking and financial services, pharmaceutical, information, library, and technology companies around the world, taught university-level courses, and both writes and regularly speaks on the topics of security, privacy, data ethics, and compliance. In this episode, we discuss remote working, being a virtual CISO, compliance vs. security vs. privacy, application development security, creating a culture of security, communication skills, giving back to the community, mentoring others, mental health, and so much more! Where you can find Daniel: (LinkedIn) (Twitter) (MentorCore) (Secratic) (Blog) (Hang Out A Shingle: Starting Your Own Cybersecurity Company)
Jun 15, 2020
#090 – Anthony Bettini: Building What No One Else Has
38:53 (Anthony Bettini) is the CTO for (WhiteHat Security), the leader in Application Security, enabling businesses to protect critical data, ensure compliance, and manage risk. Previously, Anthony ran Tenable Research where Anthony joined via Tenable’s acquisition of FlawCheck – a leading Container Security startup where Anthony was the CEO & Founder. Before its acquisition by Symantec, Anthony was CEO & Founder of Appthority, a leading Mobile Security startup, and winner of the “Most Innovative Company of the Year” award at the RSA Conference. In this episode, we discuss managing a remote team, web application security, DevSec, responsible vulnerability disclosure, Artificial Intelligence (AI), how to focus your career, being a founder, and so much more! Where you can find Anthony: (LinkedIn) (WhiteHat Blog)
Jun 08, 2020
#089 – Ed Bellis: Complexity is the Enemy
41:36 (Ed Bellis) is a security industry veteran and expert and was once named “Information Security Executive of the Year”. He currently serves as the Chief Technology Officer and Co-founder of (Kenna Security). He founded Kenna Security to deliver a data-driven risk-based approach to remediation and help IT teams prioritize and thwart would-be security threats. Ed is the former CISO of Orbitz and former Vice President, Corporate Information Security at Bank of America. He is an advisor to Dascena and former advisor to, Dharma, and Society of Payment Security Professionals. Ed is a contributing author to the book, (Beautiful Security). He is also a frequent speaker at industry conferences such as RSA, BlackHat, and many others. In this episode, we discuss vulnerability management maturity, how to focus on remediation, inventory management, securing cloud services, IoT devices in the enterprise, entrepreneurship, hiring the right people, and so much more. Where you can find Ed: (LinkedIn) (Twitter) (Kenna Security Blog)
Jun 01, 2020
#088 – Mikko Hyppönen: You Might Have an Enemy In the Future
50:21 (Mikko Hypponen) is a global security expert and has worked at F-Secure since 1991. Currently, he serves as (F-Secure's) Chief Research Officer. Mikko has written on his research for the (New York Times, Wired, and Scientific American), and he frequently appears on international TV. He has lectured at the universities of Stanford, Oxford, and Cambridge. He was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list. Mikko sits on the advisory boards of t2 and Social Safeguard and in the advisory panel for the Monetary Authority of Singapore. In this episode, we discuss his early starts in information security, the rebirth of TELNET, security by design, the difference between privacy and security, mobile device security, IoT security, election security, and so much more. Where you find Mikko: (LinkedIn) (Twitter) (F-Secure Blog) (HBO - Kill Chain: The Cyber War on America’s Elections)
May 25, 2020
#087 – Steve Moore: It’s a Balancing Act
51:20 (Stephen Moore) is a Vice President and the Chief Security Strategist at (Exabeam) and is also the host of (The New CISO podcast). Stephen has more than 15 years of experience in information security, intrusion analysis, threat intelligence, security architecture, and web infrastructure design. Before joining Exabeam, Stephen spent more than seven years at Anthem in a variety of cybersecurity practitioner and leadership roles. He played a leading role in the response and remediation of the data breach announced in 2015. Stephen has deep experience working with legal, privacy, and audit staff to improve cybersecurity and demonstrate greater organizational relevance. He has been a Member of the Advisory Board at SecureAuth Corporation since July 2017. In this episode, we discuss adopting SOCs for remote operations, shifting focus to credentials, SOAR, attacker attribution, threat intelligence, post-Covid-19 IT changes, and so much more. Where you can find Stephen: (LinkedIn) (The New CISO Podcast) (Exabeam Blog)
May 18, 2020
#086 – Dave Kennedy: The Basics Are Still Challenging
46:14 (David Kennedy) is the founder of (Binary Defense) and (TrustedSec). Both organizations focus on the betterment of the security industry. David also served as a board of director for the ISC2 organization. David was the former CSO for a Diebold Incorporated, where he ran the entire INFOSEC program. David is a co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the (Social-Engineer Toolkit )(SET), Artillery, Unicorn, PenTesters Framework, and several popular open-source tools.  David was the co-founder of (DerbyCon); a large-scale conference started in Louisville, Kentucky. Before the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence-related missions. David is frequently interviewed by news organizations, including CNN, Fox News, MSNBC, CNBC, and BBC World News. He has testified in front of Congress on two occasions on the security around government websites. In this episode, we discuss the shift to virtual conferences, Zoom vulnerabilities, responsible vulnerability disclosure, the importance of communication skills, giving back to the community, mental health, working from home, and so much more. Where you can find David: (LinkedIn) (Twitter) (TrustedSec Blog) (TrustedSec Public Slack)
May 11, 2020
#085 – John Strand: Making the Industry Better
46:20 (John Strand) is the owner of (Black Hills Information Security), a firm specializing in penetration testing, Active Defense, and Hunt Teaming services. He is also the CTO of (Active Countermeasures), a firm dedicated to tracking advanced attackers inside and outside your network. John has consulted and taught hundreds of organizations in the areas of cybersecurity, regulatory compliance, and penetration testing. John is a contributor to the industry shaping (Penetration Testing Execution Standard) and 20 Critical Controls frameworks. He is also an experienced speaker, having done presentations to the FBI, NASA, the NSA, and at various industry conferences.  John also co-hosts (Security Weekly), the world's largest information security podcast; co-authored (Offensive Countermeasures: The Art of Active Defense;) and writes loud rock music and makes various futile attempts at fly-fishing. In this episode, we discuss remote workers in the Covid-19 pandemic, validating VPN targets in pen tests, cloud security, developing SANS course material, how to choose what to give away, planning conferences, threat hunting, keeping up with new vulnerabilities, mental health, and so much more. Where you can find John: (LinkedIn) (Twitter) (BHIS Blog) (Security Weekly Podcast)
May 04, 2020
#084 – Adam Hunt: A Game We Play
30:44 (Adam Hunt) is the CTO and Chief Data Scientist at (RiskIQ). As Chief Data Scientist, Adam leads the data science, data engineering, and research teams at RiskIQ. Adam pioneers research automating the detection of adversarial attacks across disparate digital channels, including email, web, mobile, social media. Adam also has received patents for identifying new external threats using machine learning. Adam received his Ph.D. in experimental particle physics from Princeton University. As an award-winning member of the CMS collaboration at the (Large Hadron Collider), he was an integral part of developing the online and offline analysis systems that lead to the discovery of the Higgs Boson. In this episode, we discuss starting in particle physics, data science, communication skills, process automation, managing attack surface areas, and so much more. Where you can find Adam: (LinkedIn) (Twitter) (RiskIQ)
Mar 23, 2020
#083 – Nate Fick: Give Teams Autonomy
Nate Fick is the General Manager of (Elastic Security )and former CEO of Endgame. He is also an Operating Partner at Bessemer Venture Partners. Before joining Endgame, Nate was CEO of the Center for a New American Security. He led Marine Corps infantry and reconnaissance units in combat in Afghanistan and Iraq. His book about that experience, (One Bullet Away), was a New York Times bestseller, a Washington Post "Best Book of the Year," and one of the Military Times' "Best Military Books of the Decade.” Nate is a graduate of Dartmouth College, the Harvard Kennedy School, and the Harvard Business School. Nate serves as a Trustee of Dartmouth, and on the Military & Veterans Advisory Council of JPMorgan Chase & Co. He is a member of the Young Presidents’ Organization and a life member of the Council on Foreign Relations and Trout Unlimited. In this episode, we discuss leadership, lessons learned in the Marines, cyberwar, information sharing, government policies, finding the signals in the noise, resource management, and so much more! Where you can find Nate: (LinkedIn) (Twitter) (Elastic Blog)
Feb 17, 2020
#082 – Jamil Jaffer: Not All Nation-state Activity Is the Same
37:21 (Jamil Jaffer) is Senior Vice President for Strategy, Partnerships & Corporate Development at (IronNet), a startup technology firm founded by former National Security Agency (NSA) Director Gen. Keith Alexander (ret.). Prior to joining IronNet, Jamil served as the Chief Counsel and Senior Advisor for the Senate Foreign Relations Committee and Senior Counsel to the House Intelligence Committee where he led the committee’s oversight of NSA surveillance and wrote the original version of the Cybersecurity Information Sharing Act (CISA) signed into law in 2015. He also worked in the White House during the Bush Administration as an Associate Counsel to the President and in the Justice Department where he led the National Security Division's work on the President's Comprehensive National Cybersecurity Initiative. Jamil is also an Assistant Professor of Law and Director of the National Security Law & Policy Program at the Antonin Scalia Law School at George Mason University and a Visiting Fellow at Stanford University’s Hoover Institution. In this episode, we discuss starting as in legal, government's role in cybersecurity, information sharing with real-time collaboration, automation, trend spotting, impacts to small businesses, cyberwar, and so much more. Where you can find Jamil: (LinkedIn) (Twitter) (IronNet)
Feb 10, 2020
#081 – James Patchett: Make Small Businesses Safe
34:58 (James Patchett) is the President and CEO of the (New York City Economic Development Corporation). James has spent his career building stronger cities through investments in affordable housing, innovation, and 21st-century infrastructure. During his tenure, he has overseen some of the city’s most ambitious projects, including launching a citywide ferry system, developing Mayor de Blasio’s 100,000 jobs plan, and optimizing NYCEDC’s 60 million square feet of real estate. Prior to his appointment as NYCEDC President in 2016, James served as chief of staff to Deputy Mayor for Housing and Economic Development Alicia Glen, where he helped oversee more than 25 city agencies and played a pivotal role in preserving thousands of affordable homes. James holds a BA in Economics from Amherst College and an MBA from Stanford University. In this episode, we discuss NYC building a cyber army, economic development through cyber, business accelerators, matching inventors with business coaches, NYC's talent pool, and so much more. Where you can find James: (LinkedIn) (Twitter) (NYCEDC)
Jan 20, 2020
#080 – Heather Mahalik: Earn The Tool
37:49 (Heather Mahalik) is the Senior Director of Digital Intelligence at Cellebrite and a Senior Instructor, author and course lead for FOR585: Smartphone Forensic Analysis In-Depth. To say that digital forensics is central to Heather's life is quite an understatement. Heather has worked on high-stress and high-profile cases, investigating everything from child exploitation to media associated with terrorism. She has helped law enforcement, eDiscovery firms, military, and the federal government extract and manually decode artifacts used in solving investigations around the world. Heather began working in digital forensics in 2002, and has been focused on mobile forensics since 2010 - there's hardly a device or platform she hasn't researched or examined or a commercial tool she hasn't used. She also maintains Heather is the co-author of Practical Mobile Forensics (1st -4th editions), currently a best seller from Pack't Publishing. In this episode, we discuss coming back to law enforcement, cloud forensics, what drives her research, early mentors, the start of cellphone forensics, mobile device threats, developing presentations, and so much more! Where you can find Heather: (Twitter) (LinkedIn) (SANS) (Blog)
Jan 13, 2020
#079 – Mari DeGrazia: Not Just One Technology
44:39 (Mari DeGrazia) is a Senior Vice President in the Cyber Risk practice of Kroll, a division of Duff & Phelps. Over the course of a 12-year career in the computer industry, Mari has become a leader within the digital forensics community. Mari joined Kroll from Verizon Enterprises where she served as Case Lead on various network intrusion and data breach investigations. Mari is a strong believer in giving back to the forensic community and has written and released numerous programs/scripts, two of which are used in SANS training. In addition, she has presented her research at several industry conferences, published articles in eForensics Magazine, and was the technical editor for Windows Registry Forensics S.E. In this episode, we discuss starting in IT, balancing work and family, self-training, the importance of the DFIR community, cross-training, using AI for detection, cloud security, giving back to the industry, and so much more. Where you can find Mari: (LinkedIn) (Twitter) (Blog) (GitHub)
Jan 06, 2020
#078 – Nadean Tanner: Boil It Down
When my 7-year-old introduced me to his second-grade class, he put it best: "My Mom teaches the good guys how to keep the bad guys out of their computers. She has a blue lightsaber." - Nadean Tanner (Nadean Tanner) is the Senior Manager of Technical Education Programs at (Puppet). She is responsible for all things product training from working with internal knowledge sources and the instructional design team to produce modern, engaging knowledge assets to delivering online and onsite classroom sessions.  Nadean is an experienced instructor and speaker with nearly 20 years' experience in information technology and security training delivery and development. At Rapid7, she taught vulnerability management and network and application assault as well as SQL, Ruby, and API. Before Rapid 7, Nadean taught Security Analytics and Advanced Security Operations Center Management for RSA. She taught cybersecurity and information assurance 8570 classes for the Department of Defense including CISSP at Fort Gordon, Fort Carson, and the Pentagon, and she developed and taught graduate-level computer science courses at Louisiana State University for six years. In this episode, we discuss teaching and traveling, communicating technical terms, talking about the basics, writing a book, teaching with humility, knowing when you are an expert, and so much more. Where you can find Nadean: (LinkedIn) (Website) (Amazon)
Dec 16, 2019
#077 – Frank Downs: Know When To Leave
48:12 (Frank Downs) is the director of cybersecurity practices at (ISACA). Frank, a 14-year cybersecurity specialist, graduated with a bachelor’s degree in English from the University of Maryland, after which he promptly joined the US Department of Defense as a subject matter expert, working with computer networks on a daily basis. Realizing that English and cybersecurity were two very different concepts, he proceeded to obtain a master’s degree in cybersecurity from UMBC, after a pit stop at Johns Hopkins to obtain a master’s degree in Government. Eventually, Frank decided to ease the learning process for individuals transitioning from non-technical backgrounds into cybersecurity by becoming a full-time Intelligence and Operations Consultant for multiple federal law enforcement and intelligence agencies. In this episode, we discuss starting in another industry before the DoD, packet capture analysis, doing the work no one else wants to do, knowing when to move into new roles, non-traditional backgrounds, training and certifications, COBIT, and so much more. (LinkedIn) ( (ISACA)  
Dec 10, 2019
#076 – Lesley Carhart: You’ve Got to Play the Game
45:12 (Lesley Carhart) is a Principal Threat Analyst at the Threat Operations Center at (Dragos). She is recognized as a subject matter expert in cybersecurity, incident response, and digital forensics, regularly speaking at conferences and universities. She has spent the last 11 years of her 20+ year IT career specializing in information security, with a heavy focus on response to nation-state adversary attacks. Prior to Dragos, she was the incident response team lead at Motorola Solutions, performing digital forensics and incident handling services for both enterprise and public safety customers. In 2017, Lesley was named a (“Top Woman in Cybersecurity”) by Cyberscoop news and received the Guidance Enfuse conference “Women in Technology” award. She holds a Bachelor’s Degree in Network Technologies from DePaul University, A.A.S. in Avionics Systems and Electronics Systems, GIAC GCIH, GREM, GCFA, and GCFE certifications, and currently serves as a Cyber Systems NCO in the US Air Force Reserves. In her free time, Lesley co-organizes resume and interview clinics at several cybersecurity conferences, blogs, and tweets prolifically about infosec, and is a youth martial arts instructor. In this episode, we discuss her early mentors, mentoring, writing resumes, starting as a coder, organizational missions, ICS security, electronic voting, submitting CFPs, and so much more. Where you can find Lesley: (LinkedIn) (Blog) (YouTube) (Twitter)
Sep 30, 2019
#075 – Brian Martin (Jericho): The Hacker Mindset
Brian Martin (a.k.a. Jericho) has been poking about the hacker and security scene for over 22 years, building valuable skills such as skepticism and anger management. As a hacker-turned-security whore, Jericho has a great perspective to offer an unsolicited opinion on just about any security topic. A long-time advocate of advancing the field, sometimes by any means necessary, he thinks the idea of ‘forward-thinking’ is quaint; we’re supposed to be thinking that way all the time. No degree, no certifications, just the willingness to say things many in this dismal industry are thinking, but unwilling to say themselves. He remains a champion of security industry integrity and small misunderstood creatures. In this episode, we discuss starting as a phreak and phone systems, BBS hacking forums, sharing knowledge, calling people out, cybersecurity skill shortages, understanding the adversaries mindset, PCI compliance, and so much more. Where you can find Brian: (LinkedIn) ( (Twitter)  
Sep 23, 2019
#074 – Bill Conner: You Cannot Have Privacy Without Security
42:35 (Bill Conner) is the President and CEO of (SonicWall). Bill has lead key divisions of AT&T, took Nortel into the $9 billion acquisition of Bay Networks, worked to secure digital identities with Entrust, and brought secure communications and privacy from the consumer to the enterprise through mobile and cloud with Silent Circle. Bill also created and hosted “Hacked” for SiriusXM’s business radio. He has been recognized with several awards including Marketing Computers “Marketer of the Year,” Tech Titans “Corporate CEO of the Year,” Federal Computer’s “Top 100 Award,” and the “National Youth Science Camp Alumnus of the Year.” In this episode, we discuss starting in encryption, security for the SMB market, advanced malware, threat intel, cloud security, breaking SSL in the enterprise, network basics for IoT, governments backdooring encryption, and so much more. Where you can find Bill: (LinkedIn) (Twitter) (SonicWall Blog)
Sep 16, 2019
#073 – Bernard Harguindeguy: Identity Is The Keystone
40:00 (Bernard Harguindeguy) is the Chief Technology Officer & General Manager Intelligence from (Ping Identity). Bernard joined Ping in June 2018 through the acquisition of Elastic Beam, where he was the CEO and founder. His work at Elastic Beam revolutionized the use of AI to protect API infrastructures from cyber attacks and deliver deep insight into API access and usage. Bernard earned an MS in Engineering Management from Stanford University and a BS in Electrical Engineering from the University of California Irvine where he was inducted into the (Engineering Hall of Fame). In this episode, we discuss starting in email security, identity as the perimeter, API security, selling to the C suite, how AI will help security, IoT security, and so much more. Where you can find Bernard: (LinkedIn) (Twitter) (Ping)  
Aug 19, 2019
#072 – Vinny Sakore: This Was Crime
39:05 (Vinny Sakore) joined the (NetDiligence) team in 2017 as their Chief Technology Officer. Prior to joining NetDiligence Vinny served as Verizon’s HIPAA Security Officer. His previous experience includes stints as Chief Technology Officer for two healthcare technology companies. Vinny is a featured speaker nationally and internationally on the topics of Cyber Risk, Mobile Technology, and Information Security. He is a regular presenter at organizations and events such as the NetDiligence Cyber Risk forums, Information Security Forum (ISF), International Association of Privacy Professionals (IAPP), Healthcare Information Management Systems and Society (HIMSS), and the Risk Information Management Society (RIMS). Vinny has been quoted in numerous publications, including CSO Online, Wall Street Journal, and Information Security Magazine. He serves on a number of not-for-profit boards and also teaches cybersecurity courses at Messiah College. In this episode, we discuss the difference between privacy and security, talking to the board about cybersecurity, preparing for the cyber tsunami, government regulation, threat intel, aggregating insurance data, and so much more. Where you can find Vinny: (LinkedIn) (Twitter) (Blog)
Jul 08, 2019
#071 – Renaud Deraison: Complexity Breeds Insecurity
26:47 (Renaud Deraison) is known in the global security community as the father of the Nessus vulnerability scanner. His original creation, (Nessus), celebrated its 15th anniversary in 2013 and is considered the de facto standard for vulnerability scanning worldwide. Renaud co-founded (Tenable Network Security) in 2002. As Chief Technology Officer, he drives product strategy and development. Before Tenable, Renaud was the primary author of the Nessus vulnerability scanner – releasing the first version of Nessus when he was 17. Renaud continues to contribute to the global security community; he is the author of three patents related to network scanning and security and has published his work in books and magazines. In this episode, we discuss building the first version of Nessus when he was a teenager, getting the basics right, challenges with the cloud, IoT and embedded devices security, responsible vulnerability disclosure, and so much more. Where you can find Renaud: (LinkedIn) (Tenable) (Dark Reading: The Argument for Risk-Based Security)
May 27, 2019
#070 – Lorrie Cranor: Help Open The Doors
29:14 (Lorrie Faith Cranor), (IEEE Fellow), is the Director and Bosch Distinguished Professor in (Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University). She also directs the (CyLab Usable Privacy and Security Laboratory (CUPS) )and co-directs the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of (Wombat Security Technologies, Inc), a security awareness training company. She has authored over 150 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability and founded the Symposium On Usable Privacy and Security (SOUPS). In this episode, we discuss the difference between privacy and security, lawmakers and technologists working together, founding Wombat security, the famous “password dress,” what makes a good password policy, IoT nutrition labels, and so much more. Where you can find Lorrie: (LinkedIn) (Twitter) (Carnegie Mellon University) (IEEE)
May 20, 2019
#069 – Ben Johnson: Break Down The Problems
51:20 (Ben Johnson) is CTO and co-founder of (Obsidian Security). Prior to founding Obsidian, he co-founded (Carbon Black) and most recently served as the company’s Chief Security Strategist. As the company’s original CTO, he led efforts to create the powerful capabilities that helped define the next-generation endpoint security space. Prior to Carbon Black, Ben was an NSA computer scientist and later worked as a cyber engineer in an advanced intrusion operations division for the intelligence community. Ben is active in the cybersecurity community, where he is a (technical advisor to the US FISA Court )and sits on boards of multiple security startups. Johnson earned a bachelor’s degree in computer science from the University of Chicago and a master’s degree in computer science from Johns Hopkins University. In this episode we discuss starting with the NSA, starting Carbon Black, focusing on the endpoint, identity security, government compliance, why everyone is in sales, picking your founder team, and so much more. Where you can find Ben: (LinkedIn) (Twitter) (Obsidian Blog)    
May 06, 2019
#068 – Deborah Blyth: Security Is Everybody’s Job
44:51 (Deborah Blyth) is the Chief Information Security Officer (CISO) (State of Colorado, Governor’s Office of Information Technology). In August 2014, Deborah Blyth became the state’s new CISO, bringing a diverse 25-year technology background including 14 years of information security experience. As the CISO, she serves as the point of contact for all information security initiatives in Colorado, informing the Secretary of Technology & Chief Information Officer and executive agency leadership on security risks and impacts of policy and management decisions on IT-related initiatives. Before joining the state of Colorado, Deborah led the Information Technology Security and Compliance programs at TeleTech and Travelport. Deborah is a Colorado native and graduated Summa cum Laude with a Bachelor of Science degree from Regis University. In this episode, we discuss her start in IT and her passion for technology, changes from the board and C-suite, the (CDOT attack), the importance of having an IR plan in place, leveraging change management for security, managing priorities, cloud security, and so much more. Where you can find Deborah: (LinkedIn) (Governor’s Office of Information Technology)
Apr 29, 2019
#067 – Fred Kneip: Compliance Doesn’t Equal Security
48:12 (Fred Kneip) is the CEO and Founder of (CyberGRX). Since founding the company in 2015, Fred has led the creation of the world’s first global third-party cyber risk management (TPCRM) exchange. During his tenure at CyberGRX, Fred has been responsible for the overall direction of the company and as the company’s chief strategist, for securing global partnerships, leading investments and overseeing management and corporate execution. Prior to CyberGRX, Fred led the Security and Compliance Departments at Bridgewater Associates, an investment management firm overseeing about $160 billion for 350 of the largest and most sophisticated global institutional clients. Fred holds a BSE in Civil Engineering from Princeton University and an MBA from Columbia Business School. In this episode we discuss the growing Denver cybersecurity scene, starting in compliance, managing supply chain and vendor risk, current and upcoming regulations, compliance versus security, benchmarking, and so much more. Where you can find Fred: (LinkedIn) (Twitter) (Blog)
Apr 22, 2019
#066 – Alissa Torres: A Well Balanced Approach
39:10 (Alissa Torres) is a SANS analyst and (Principal SANS instructor) specializing in advanced digital forensics and incident response (DFIR). Alissa was recognized by (SC Magazine as one of its "2016 Women to Watch.") and a recipient of the Enfuse 2018 Difference Makers Award for her efforts in educational outreach. She has more than 15 years of experience in computer and network security that spans government, academic, and corporate environments. Her current role as Founder and Senior Consultant at (Sibertor Forensics), a security operations and incident response consulting company, provides daily challenges “in the trenches” and demands constant technical growth. Alissa is a frequent presenter at industry conferences (RSA, BSides, Shmoocon, Enfuse) and has taught hundreds of security professionals over the last 5 years in more than 12 countries. As the lead author of the (SANS FOR526 Advanced Memory Forensics and Threat Detection) course, she is passionate about memory management and forensic artifact hunting. In this episode we discuss, being confused with (Heather Mahalik), running a helpdesk, file system forensics, memory forensics, balancing blue teams and red teams, when to add threat hunting to your program, the value of certifications, balancing work and life, keeping skills current, and so much more. Where you can find Alissa: (LinkedIn) (Twitter) (SANS)
Apr 15, 2019
#065 – Lizzie Cookson: Attackers Adapt With Us
41:11 (Lizzie Cookson) is an Associate Director of Cyber Investigations at (Kivu Consulting). She specializes in cyber extortion and threat intelligence with a focus on attacker negotiations, threat actor profiling, and data breach remediation. Lizzie’s case work has included network intrusions, e-commerce compromise, business email compromise, wire/tax fraud, employee misconduct, and over 150 cyber extortion investigations. Lizzie has over six years’ experience in legal services, incident response, and digital forensics. Prior to joining Kivu, she worked in regulatory roles at law firms in Massachusetts and Washington, DC while earning her graduate degree in digital forensics. In this episode we discuss getting started in information security, how attackers have changed, ransomware changes, Ransomware-as-a-Service, banking trojans, types of cyber criminals, getting started with ransomware response, and so much more. Where you can find Lizzie: (LinkedIn) (Blog)
Apr 08, 2019
#064 – Georgia Weidman: Cyber Security Lion Repellent
45:35 (Georgia Weidman) is the founder and CTO of (Shevirah) and is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, author, and angel investor. She holds a MS in computer science as well as holding CISSP, CEH, and OSCP certifications. Her work in the field of smartphone exploitation has been featured internationally in print and on television including ABC World News Tonight, The New York Times, NBC Nightly News, and The Washington Post. She has presented or conducted training around the world including venues such as the NSA, West Point, and Black Hat. She was awarded a DARPA Cyber Fast Track grant for her work in mobile device security culminating in the release of the open source project, the (Smartphone Pentest Framework (SPF)). She is the author of (Penetration Testing: A Hands-On Introduction to Hacking) and the recipient of the 2015 Women’s Society of CyberJutsu Pentest Ninja award. In this episode we discuss, her early red team days, where to get direction when starting in the industry, pen testing steps, founding a start-up, mobile device security, (cybersecurity lion repellent), and so much more. Where you an find Georgia: (LinkedIn) (Twitter) (Bulb Security)  
Apr 01, 2019
#063 – Dean Sysman: You Are Swamped With Data
32:20 (Dean Sysman), is the CEO and co-founder, (Axonius). Dean is a world renowned expert in cybersecurity and has been honored with being in the Forbes 30 Under 30 Israel 2017 list. Before founding Axonius, Dean co-founded (Cymmetria), A YC-backed cyber deception company with Fortune 500 customers. He has spoken at major conferences including Blackhat, Defcon, CCC and more. He is an alumnus of an elite unit in the Israeli Intelligence Corps, where he served for 5 years as a team leader and officer. Dean is a graduate of the special "Etgar" program, where he earned his B.Sc in computer science at the age of 19. In 2005, Dean was part of the gold medal winning team in the international Robotic Olympics in South Korea. Dean enjoys playing poker and reading existential philosophy. In this episode we discuss, his start in infosec in Israel, being a founder, measuring security effectiveness, cyber security fundamentals, hiring the right people, participating in the community, and so much more. Where you can find Dean: (LinkedIn) (Twitter) (Blog)  
Mar 25, 2019
#062 – Chad Loder: Just Because It’s Basic, Doesn’t Mean It’s Easy
39:11 (Chad Loder) is the CEO and co-founder of (Habitu8), a Los Angeles-based cyber security startup that's transforming the security awareness industry away from its traditional "training-centric" approach to an approach that is based on measurable risk reduction through influencing and measuring key employee behaviors. Prior to Habitu8, Chad was co-founder and VP of Engineering at (Rapid7), which he helped bring to a $900M IPO in 2015. Chad has also worked as a public company CISO and a strategic advisor to several security startups. In this episode we discuss his start with phreaking, starting Rapid7, the focus on the human element in infosec, mistakes users make, how to measure your programs success, how people learn security, being a founder, and so much more. Where you can find Chad: (LinkedIn) (Twitter) (Blog)
Dec 10, 2018
#061 – Yonathan Klijnsma: If They Get Compromised, You Get Compromised
43:27 (Yonathan Klijnsma) is a threat researcher at (RiskIQ), leading threat response and analysis efforts with the help of RiskIQ's expansive data set. Both his work and hobbies focus on threat intelligence in the form of profiling threat actors as well as analyzing and taking apart the means by which digital crime groups work. Outside of work Yonathan likes taking things apart and figuring out how they work; be it physical devices or digital like malware or ransomware. He is a regular presenter at industry conferences such as (DEF CON) and is quoted in (Wired), (Fox News), (C|NET), and (Krebs on Security) to name a few. In this episode we discuss his start in information security, his current security research, Magecart, web application security, website asset management, supply chain security, and so much more. Where you can find Yonathan: (LinkedIn) (Twitter) (RiskIQ Blog) (GitHub)  
Dec 03, 2018
#060 – Mike Johnson: Let’s Do The Right Thing
48:51 (Mike Johnson) is the (CISO of Lyft), where he is responsible for Security, Data Privacy, and a few other key areas he can't talk about. He's been in the security field long enough to be able to use "decades" as a measure. In his time he's seen things, heard things, and shared his opinion on a great many things. Prior to becoming (Lyft's first CISO), he was at Salesforce working in various information security roles. In this episode we discuss being an organizations first CISO, building a world class detection and response team, securing a development team, building security culture, data privacy, cyber security as a team sport, looking for non traditional skills, and so much more. Where you can find Mike: (LinkedIn) (Wall Street Journal: Lyft Hires First CISO)
Sep 24, 2018
#059 – Jacob Williams: What Didn’t We Catch
45:28 (Jacob Williams) is the Founder and President of (Rendition Infosec). Jake started his information security career doing classified work with the U.S. government and was awarded the National Security Agency (NSA) Exceptional Civilian Service Award, which is given to fewer than 20 people annually. He's been involved in high-profile public sector cases including the malware analysis for the 2015 cyber attack on the Ukraine power grid. He's also tackled a variety of cases in the private sector. Jake is a certified SANS instructor and co-author of (FOR526: Memory Forensics In-Depth) and (FOR578: Cyber Threat Intelligence) teaches a variety of other classes for SANS (SEC503, SEC504, SEC660, SEC760, FOR508, FOR526, FOR578, FOR610). Given his accomplishments, it should come as no surprise that Jake lives, sleeps, and breathes Infosec. He's a regular speaker at industry conferences including DC3, BSides (including BSides Las Vegas), DEFCON, Blackhat, Shmoocon, EnFuse, ISSA Summits, ISACA Summits, SANS Summits, and Distributech. He has also presented security topics to a number of Fortune 100 executives. Jake is also a two-time victor at the annual DC3 Digital Forensics Challenge. In this episode we discuss his passion for cyber security, changes in the industry, threat hunting vs. incident response, development of soft skills, AI and machine learning, holding back vulnerability disclosure, and so much more. Where you can find Jake: (LinkedIn) (Twitter) (Rendition InfoSec) (SANS)
Sep 17, 2018
#058 – Josh Corman: The Absence of Good
42:29 (Joshua Corman) is a Founder of (I am The Cavalry (dot org)) and CSO for (PTC). Josh previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research, analyst, & strategy roles. He co-founded RuggedSoftware and (IamTheCavalry) to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations, and social impact, has helped position him as one of the most trusted names in security. He also serves as an adjunct faculty for Carnegie Mellon’s Heinz College and on the Congressional Task Force for Healthcare Industry Cybersecurity. In this episode we discuss his start in information security, being a super hero, the start of I am The Cavalry, cyber security and public safety, government vs. hackers, IoT security, looking for non-traditional cyber skills, and so much more. Where you can find Josh: (LinkedIn) (Twitter) (I am The Cavalry)
Sep 10, 2018
#057 – Ron Gula: Encourage People To Be Entrepreneurs
36:37 (Ron Gula) is the President of (Gula Tech Adventures). Ron started his cybersecurity career as a network penetration tester for the NSA. At BBN, he developed network honeypots to lure hackers and he ran US Internetworking's team of penetration testers and incident responders. As CTO of Network Security Wizards, Ron pioneered the art of network security monitoring and produced the Dragon Intrusion Detection System which was recognized as a market leader by Gartner in 2001. As CEO and co-founder of Tenable Network Security, Ron led the company's rapid growth and product vision from 2002 through 2016. He helped them scale to more than 20,000 customers worldwide, raise $300m in venture capital and achieve revenues in excess of $100m annually. Currently, Ron is President at Gula Tech Adventures which focuses on investing and advisement of cyber-security companies. In this episode we discuss starting in security in the 1990's at the NSA, starting Tenable and its growth to IPO, different start-up spaces, where he gets involved in start-ups, advice he gives to founders, what he looks for to invest in, where he sees the cyber security market going, and so much more. Where you can find Ron: (LinkedIn) (Twitter) (Blog)
Jul 23, 2018
#056 – It’s Just Data!
This is a special episode where my guests actually turn the mics and spotlight on me. In this episode, I speak with (Kristopher Wasserman) and (Ricky Brooman), both governance and eDiscovery experts that wanted to get deeper knowledge about cyber security. We discuss how folks in the litigation and eDiscovery world can help, compliment, and jump ship to cyber security. Additionally, we discuss what is similar and different in how organizations respond to government inquires, data breaches, and litigation. Kristopher brings over 12 years of experience to his role as Vice President and Senior Consultant at D4. Kris oversees a team of Discovery Engineers that provide technical expertise and guidance to clients to develop defensible cost-effective solutions that involve managing data that may be used as evidence. Ricky is a Litigation Support Project Manager at Saul Ewing Arnstein & Lehr LLP. In this capacity, he consults clients on best practices for information governance and electronic discovery, and manages all phases of the EDRM for litigation matters. Ricky is also a member of ILTA's Program Planning Counsel. I hope you enjoy this special episode of Cyber Security Interviews.
Jul 16, 2018
#055 – Mark Greisiger: What Could a Future Breach Cost Me
18:44 (Mark Greisiger) has led (NetDiligence), a Cyber Risk Assessment and Data Breach Services company, since its inception in 2001. During that time, Mark has been responsible for the creation of highly-focused services that are used by leading cyber liability insurers in the U.S. and U.K. to support both loss-control and education objectives. Prior to joining NetDiligence, Mark spent 12 years in the insurance industry, primarily with CIGNA P&C, where he created the first generation of cyber risk insurance. Mark is also a frequently published contributor to various insurance & risk management publications and a sought-after speaker on the topic of cyber risk and liability. In this episode we discuss cyber risk insurance, right sizing cyber insurance, gathering the metrics for breaches, the costs of breaches, the impact to SMB's, GDPR, data privacy, and so much more. Where you can find Mark: (LinkedIn) (Twitter) (NetDiligence)  
Jun 25, 2018
#054 – Brian Vecci: Understanding the Value of What We Have
45:30 (Brian Vecci) is the Technical Evangelist at (Varonis) where he supports a wide range of security initiatives by helping Varonis’ customers and employees get the most out of the company’s products to tackle today’s biggest security challenges. In his 20-year technical career, Brian served as a developer, tech architect, engineer and product manager for companies in financial services, legal, and cybersecurity. Brian joined Varonis in 2010 as director of education and development. Before joining Varonis, Brian worked on systems architecture at UBS. He holds a CISSP certification and frequently presents on topics related to security and technology. He has been quoted in news sources ranging from The Financial Times to (Dark Reading) and has made multiple appearances on (CNBC). In this episode we discuss his start on help desk and his move to developer, his current role as evangelist, using the word cyber, information governance and the value of data, GDPR, the future of data privacy, and so much more. Where you can find Brian: (LinkedIn) (Twitter) (Blog)
Jun 20, 2018
#053 – Cameron Williams: Make Your Day Easier
42:57 (Cameron Williams) is the Founder and CTO of (OverWatchID). Cam has more than 22 years of experience as a leader in the cyber security industry. He has led breach mitigation and designed security solutions/countermeasures for leading global companies such as IBM, Boeing, Sony, BP, Chase and Washington Mutual. He has designed and built a multitude of access management systems including privileged access management, identity access management (SSO, SAML, OAuth and Federation) and cloud access security brokering systems. Prior to cofounding OverWatchID, Cameron was VP Engineering at IntelliSecure, where he led the development of a next generation MSSP platform including multi-tenant PAM, correlation engine (SIEM software), deployment automation, and application monitoring systems. In this episode we discuss the alphabet soup of identity and access management, cloud security, maturing the trust model, the problems he is trying to solve, why he switched to IT from pre-med, automation and orchestration, and so much more. Where you can find Cam: (LinkedIn) (OverWatchID)
May 14, 2018
#052 – Jeremiah Grossman: The Cavalry Is Not Coming
33:37 (Jeremiah Grossman) is the CEO of (Bit Discovery). Jeremiah's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. Since Jeremiah earned a Brazilian Jiu-Jitsu black belt, the media has described him as "the embodiment of converged IT and physical security.” In 2001, Jeremiah founded (WhiteHat Security), which today has one of the largest professional hacking armies on the planet. Jeremiah has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for privately informing them of weaknesses in their systems -- a polite way of saying, ‘hacking them'. In this episode we discuss RSAC 2018, starting in infosec, web application vulnerabilities, what to look for in application security developers, building security development metrics, why you need to inventory websites, making time to contribute to the community, and so much more. Where you can find Jer: (LinkedIn) (Twitter) (Blog) (
Apr 30, 2018
#051 – Robert M. Lee: The Adversary’s Ability to Change Their Trade Craft is Difficult
52:14 (Robert M. Lee) is the CEO and Founder of the industrial (ICS/IIoT) cyber security company ( Dragos, Inc). He is also a non-resident National Cybersecurity Fellow at (New America) focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of (Passcode’s Influencers), awarded EnergySec’s Cyber Security Professional of the Year (2015), and inducted into (Forbes’ 30 under 30) for Enterprise Technology (2016). A passionate educator, Robert is the course author of (SANS ICS515) – “ICS Active Defense and Incident Response” with its accompanying GIAC certification GRID and the lead-author of (SANS FOR578) – “Cyber Threat Intelligence” with its accompanying GIAC GCTI certification. Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. In this episode we discuss threat hunting, SCADA/ICS, IIoT, IoT security, his start in cyber security, the (2015 Ukrainian power grid attack), starting and teaching a SANS ICS class, advice he would give someone starting in the industry, and (HACKNYC), and so much more. Where you can find Robert: (LinkedIn) (Twitter) (Blog)
Apr 24, 2018
#050 – Chris Roberts: Make New Mistakes
46:58 (Chris Roberts) is the Chief Security Architect at (Acalvio) and is regarded as one of the world’s foremost experts on counter threat intelligence within the cyber security industry. At Acalvio, Chris helps drive Technology Innovation and Product Leadership. In addition, Roberts directs a portfolio of services within Acalvio designed to improve the physical and digital security posture of both enterprise, industrial and government clients. (In English) Acalvio has given him the opportunity to help shape the next generation of deception platforms, allowed him to spend time doing R&D...and he still gets to break into companies and help them with their maturity modeling and overall solutions within the security industry. For the 50th episode, I couldn't have picked a better guest and this was my favorite interview to date. We discuss scotch tasting and food, and how that relates to infosec, building a better cyber security community, learning from past mistakes, why giving back to the community is so important, why the new generation needs to make their own mistakes, the word hacker, and so much more. Where you can find Chris: (LinkedIn) (Twitter) (The Googles)
Apr 09, 2018
#049 – Keith McCammon: We Have An Analysis Problem
48:04 (Keith McCammon) is the Chief Security Officer and Co-founder of (Red Canary) in Denver, CO. Keith runs Red Canary’s Security Operations Center and leads a group of expert analysts that monitor a continuous stream of potential attacks detected in their customers’ environments. Keith is a known expert in offensive cyber computing and defensive IT security from his background as Director of Commercial Security at Kyrus and Executive Director of Information Technology at ManTech. In this episode we discuss his training and start in technology, working in the government space, founding and growing a cyber security firm, the problems he is trying to solve, scaling analysis, securing the cloud, solving the talent shortage problem, and so much more. Where you can find Keith: (LinkedIn) (Twitter) (Blog) (GitHub)
Apr 02, 2018
#048 – Tom Brennan: Engage the Community In a Positive Way
40:53 (Tom Brennan) is the Founder of (Proactive Risk) with two decades of hands on the keyboard experience building, breaking and defending data for clients worldwide. He is a an alumni of McAfee, Intel Security, SafeCode, Trustwave, WhiteHat, ADP, Datek Online, and the United States Marines. Tom served the (OWASP) Foundation as an elected member of the Global Board of Directors for ten years. He also founded the New Jersey OWASP Chapter and grew the New York City as President for thirteen Years. Today, Tom is associated with (CREST International) as its elected Chairman of the Americas Board and participates as technical advisor for New Jersey Institute of Technology, County College of Morris, Morris County Economic Development Corporation, Rockaway Township Official, and is a member of the CERT team. In this episode we discuss his start in information security, building secure software, giving back to the cyber security community, mentors he has had, recommendations he gives to people starting in infosec, starting the (HACKNYC) conference, and so much more. Where you can find Tom: (LinkedIn) (Twitter) (OWASP) (HACKNYC)
Mar 26, 2018
#047 – Cody Cornell: Allow People to Focus on Interesting Things
30:22 (Cody Cornell) is the Founder and CEO of (Swimlane). Cody is responsible for the strategic direction of Swimlane and the development of it’s security operations management platform. Collaborating with industry leading technology vendors, he works to identify opportunities to streamline and automate security activities saving customer operations costs and reducing risk. In 2011, Cody co-founded Phoenix Data Security Inc., a focused cyber security professional services organization. Prior to Phoenix Data Security, he began his career in the U.S. Coast Guard, spent 15 years in IT and security including roles with the U.S. Defense Information Systems Agency (DISA), the Department of Homeland Security (DHS), American Express, and IBM Global Business Services. Cody has presented at information security forums such as the Secret Service Electronic Crimes Task Force, the DHS Security Subcommittee on Privacy and National Public Radio (NPR), as well as to many industry associations such as (ISC)2, ISACA and ISSA. In this episode we discuss his start in information security, mentors he has had along the way, why he is building a business in Colorado, founding a information security company and the problems he is trying to solve, cyber security automation, so much more. Where you can find Cody: (LinkedIn) (Twitter) (Swimlane Blog)
Mar 19, 2018
#046 – Bret Fund: Trying To Solve the Talent Gap Problem
39:40 (Bret Fund) is the CEO of (SecureSet). As a founder of the business in 2014, he has led the growth of the organization from startup to multiple programs and campuses. He oversees the growth, strategy and financial operations for the company. As a former professor, Bret has a great passion for and a strong executional focus on providing students with a quality education and success in the placement process. He formerly served as an Assistant Professor at the University of Colorado–Boulder and was the Executive Director for the Deming Center Venture Fund there. In this episode we discuss cyber security education, filling the demand for cyber talent, the benefits of hiring people making a career change to information secuirty, the Denver, CO cyber security scene, giving back to the community, getting outside of your comfort zone, and so much more. Where you can find Bret: (LinkedIn) (Twitter) (SecureSet)
Mar 05, 2018
#045 – Kristinn Gudjonsson: You Don’t Want Analysts Spending All Their Time Extracting Data
32:51 (Kristinn Gudjonsson) is a manager with the Detection & Response team at (Google), where he has been for the last 6 1/2 years. Kristinn joined Google in 2011 as part of the incident response team, investigating and responding to security incidents, before making the move to management, where he now oversees the digital forensics and incident management teams in Sunnyvale, CA. Prior to his management adventures, Kristinn was known to dabble into coding, focusing on tools like (Log2Timeline) and (Plaso). In his previous life, Kristinn worked as an incident response and forensics consultant in Iceland. Kristinn holds an M.Sc. from Institut National des Telecommunications (INT, now Telecom & Management) school from Paris and a B.Sc. in computer and electronic engineering from the University of Iceland. In this episode we discuss moving to the US to do DFIR for Google, his start in sys admin and how forensics became his calling, the development of (Log2Timeline) and (Plaso), the DFIR support community, automating as much as you can, moving to management, and so much more Where you can find Kristinn: (LinkedIn) (Twitter) (Blog)
Feb 26, 2018
#044 – James Carder: Automate As Much As You Can
37:56 (James Carder) is the CISO of (LogRythm) and brings more than 19 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. Government. At LogRhythm, he develops and maintains the company’s security governance model and risk strategies, protects the confidentiality, integrity, and availability of information assets, oversees both threat and vulnerability management as well as the Security Operations Center (SOC). He also directs the mission and strategic vision for the LogRhythm Labs machine data intelligence, threat and compliance research teams. Prior to joining LogRhythm, James was the Director of Security Informatics at Mayo Clinic where he had oversight of Threat Intelligence, Incident Response, Security Operations, and the Offensive Security groups. Prior to Mayo, James served as a Senior Manager at MANDIANT, where he led professional services and incident response engagements. He led criminal and national security related investigations at the city, state and federal levels, including those involving the theft of credit card information and Advanced Persistent Threats (APT). James is a sought-after and frequent speaker at cybersecurity events and is a noted author of several cyber security publications. He holds a Bachelor of Science degree in Computer Information Systems from Walden University, an MBA from the University of Minnesota’s Carlson School of Management, and is a Certified Information Systems Security Professional (CISSP.) In this episode we discuss the Colorado cyber security scene, solving CISO painpoints, thoughts on certifications, what to look for when hiring talent, where to find talent, the importance of networking, automating workflows, and so much more. Where you can find James: (LinkedIn) (Twitter) (LogRhythm blog)
Feb 19, 2018
#043 – David Navetta: The Year Of the Phishing Attack
45:47 (David Navetta) is a US co-chair of (Norton Rose Fulbright's Data Protection, Privacy and Cybersecurity) practice group. David focuses on technology, privacy, information security and intellectual property law. His work ranges from compliance and transactional work to breach notification, regulatory response and litigation. David currently serves as "breach coach" or is on the approved panel for numerous cyber insurance carriers and companies, and has helped dozens of companies across multiple industries respond to data security breaches. Prior to joining Norton Rose Fulbright, David co-founded (InfoLawGroup LLP), a law firm focusing on information technology, privacy, security and IP-related law. David and InfoLawGroup successfully served a wide assortment of US and foreign clients from large Fortune 500 multinationals, retailers, hotels and restaurants, sophisticated technology companies, financial institutions, and more. David is a Certified Information Privacy Professional through the (International Association of Privacy Professionals) and previously served as a Co-Chair of the (American Bar Association's) Information Security Committee and was also Co-Chair of the PCI Legal Risk and Liability Working Group. He has spoken and written frequently concerning technology, privacy and data security legal issues, and is frequently cited as an expert in the press and otherwise. In this episode we discuss transitioning from litigation into data privacy and cyber security, starting a cyber focused law firm, the role of legal in a data breach, how to perform effective tabletop exercises, when to bring in law enforcement to an incident, breach threats to small and medium sizes businesses, and so much more. Where you can find Dave: (LinkedIn) (Blog) A few disclaimers on this episode as well. For purposes of certain state ethics rules, this episode may constitute attorney advertising. This website and this episode does not constitute legal advice or create attorney-client relationship. Please be sure to contact your legal representatives with any legal questions.
Nov 27, 2017
#042 – Jared Coseglia: Those Numbers Are Real
43:01 (Jared Michael Coseglia), founder and CEO of (TRU Staffing Partners), has over fourteen years of experience representing talent in e-discovery and cybersecurity. He has successfully placed over 2500 professionals in full-time and temporary positions at the Fortune 1000, AmLaw 200, Cyber 500, Big Four, and throughout the ESI and cyber consultancy, service provider and software community. His ability to identify, deliver, mentor, and help retain talent has given him the privilege of quickly becoming the globally recognized “go-to” individual for clients and candidates in need of staffing solutions or career guidance and management in cybersecurity. Jared's unique style of representation, vast network of relationships, and subject matter expertise has helped earn him and TRU a host of awards including ranking on the (Inc. 5000 Fastest Growing Private Companies in America) two years in a row. Jared was awarded Best Reviewed e-Discovery Session at Enfuse 2017 for his lecture and Q&A on (“Transitioning Your Career from ESI to Cybersecurity.”) In this episode we discuss the commonalities between the eDiscovery a decade ago and the cyber security now, the cyber security talent gap and the numbers we hear, how to hire quality information security professionals, the drain on the federal talent pool, when to get kids involved in cyber security, security training, and so much more. Where you can find Jared: (LinkedIn) (Twitter) (Blog)
Nov 20, 2017
#041 – Andrew Hay: Creative Solutions to Hard Problems
36:09 (Andrew Hay) is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for (LEO Cyber Security), he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. Prior to LEO, Andrew served as the Chief Information Security Officer (CISO) at (DataGravity, Inc.), where he advocated for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy. Before that, he served as the Director of Research at (OpenDNS) where he led the research efforts for the company. Prior to joining OpenDNS he was the Director of Applied Security Research and Chief Evangelist at (CloudPassage, Inc.) (In this episode we discuss his start in dial-up text support, the role of the CISO, security in a start-up, the landscape of security solutions, managing his speaking engagements, speaking as edu-tainment, cloud forensics, and so much more.) (Where you can find Andrew:) (LinkedIn) (Twitter) (GitHub) (Blog)
Nov 13, 2017
#040 – Michelangelo Sidagni: One Size Doesn’t Fit All
39:58 (Michelangelo Sidagni) serves as Chief Technology Officer leading technical development, security research, and operations for (NopSec). Prior to NopSec, Michelangelo was the Director of IT Security Services at Ciphertechs and served as a lead internal security consultant at Blue Cross Blue Shield advising on HIPAA security compliance and privacy initiatives. Michelangelo holds numerous professional certifications in information security including CISSP, CISA, and CIA and is a frequent speaker at information security events around the country. He holds a Master’s of Business Administration from the University of Pavia – Italy. In this episode we discuss his start in infosec audits, his transition to entrepreneur, the difference between vulnerability assessments and penetration testing, building a vulnerability management platform, rating vulnerabilities, change management, trends in security, and so much more. Where you can find Michelangelo: (LinkedIn) (Twitter) (NopSec Blog)
Nov 06, 2017
#039 – James Tarala: What Does the Risk Really Look Like
47:14 (James Tarala) is a principal consultant with Enclave Security and is based out of Venice, Florida. James Tarala has been a speaker with the (SANS Institute), the (Institute of Applied Network Security) (IANS), and the Center for Internet Security for over 20 years. He has spoken at (RSA) for numerous years and has enjoyed the chance to bring the experiences from working hands on with organizations into RSA sessions. James has spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often performs independent security audits and assists internal audit groups in developing their internal audit programs. He has provided valuable resources for information security professionals through (Audit Scripts), a child project of Enclave Security. James completed his undergraduate studies at Philadelphia Biblical University, his graduate work at the University of Maryland, and holds numerous professional certifications. In this episode we discuss sys admin start, starting his own consulting firm, security frameworks, the CIS Critical Security Controls. cyber security auditing and managing risk, the best use of check lists, teaching for SANS, and so much more. Where you can find James: (LinkedIn) (Twitter) (Audit Scripts Blog)  
Oct 30, 2017
#038 – Eric Conrad: You Need To Be Interested Beyond 9 to 5
SANS Senior Instructor (Eric Conrad) is the lead author of (SANS MGT414: SANS Training Program for CISSP® Certification), and coauthor of both (SANS SEC511: Continuous Monitoring and Security Operations) and (SANS SEC542: Web App Penetration Testing and Ethical Hacking). He is also the lead author of the books the (CISSP Study Guide), and the (Eleventh Hour CISSP: Study Guide). Eric's career began in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and health care. He is now CTO of (Backshore Communications), a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a master of science degree in information security engineering. In addition to the CISSP, he holds the prestigious (GIAC Security Expert (GSE)) certification as well as the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. Eric also blogs about information security at ( In this episode we discuss starting in IT before there was infosec, the value of certifications, making blue teams sexy again, teaching for (SANS), what makes a good cyber security professional, threat hunting, the importance of PowerShell, (DeepBlueCLI), and so much more. Where you can find Eric: (LinkedIn) (Twitter) (Blog) (SANS) (GitHub) (Amazon)
Oct 09, 2017
#037 – Johannes Ullrich: Solving That Puzzle In Your Network
40:55 (Dr. Johannes Ullrich) is currently responsible for the (SANS Internet Storm Center (ISC)) and the (GIAC Gold program). In 2000, he founded (, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a PhD in physics from SUNY Albany and is based in Jacksonville, Florida. His (daily podcast) summarizes current security news in a concise format. In this episode we discuss his start in physics and switch to cyber security, building the SANS Internet Storm Center, security challenges posed by the cloud, (teaching for SANS), AI and machine learning, IoT security, and so much more. Where you can find Johannes: (LinkedIn) (Twitter) (SANS Internet Storm Center)
Oct 03, 2017
#036 – Jorge Orchilles: Offense Informs Defense
46:54 (Jorge Orchilles), author of (Microsoft Windows 7 Administrator’s Reference), holds a Masters of Science in Management Information Systems from Florida International University, leads a security team in a large financial institution, and serves on the board of the Information Systems Security Association South Florida Chapter. Jorge has been involved in the Information Technology field since 2001. Realizing his passion for IT, he founded The Business Strategy Partners – IT Consultants branch in 2002 and eventually went on to (Terremark (now Verizon)) as a system administrator. He developed a interest in Information Security and was eventually promoted to a Security Operations Center (SOC) Analyst position. After a year of defending critical infrastructure for federal and commercial customers, he moved to an offensive analyst position with a large financial institution where he now manages the Advanced Penetration Testing & Vulnerability Assessments team. In this episode we discuss his early IT system admin roots, the transition from consultant to enterprise security manager, his mentors, what he looks for in a security professional, giving back to the community, teaching for (SANS), and so much more. Where you can find Jorge: (LinkedIn) (Twitter) (Personal Website) (Amazon) (SANS)
Sep 25, 2017
#035 – David Kovar: Where Is the Best Application of Your Skill Set
52:42 (David Kovar) is the President and founder of (Kovar & Associates) where he leads the development of URSA – (Unmanned & Robotics Systems Analysis) – a suite of tools designed to collect, integrate, analyze, and present UAV related data for many purposes including fleet management, criminal investigations, failure analysis, and predictive analysis. He also leads the firm’s consulting practice which addresses UAV cyber security and UAV threat management. David founded the practice of UAV forensics in 2015 and is one of the leading practitioners in the country. David has worked in digital forensics and cyber security since the mid 90’s and, prior to founding his own company, led EY’s U.S. incident response program. David earned a BA from Dartmouth in Computer Science and will receive an MA from the Fletcher School at Tufts in International Affairs this summer. David’s Master’s thesis is entitled “Defending Against UAVs Operated by Non-State Actors”. David is a rated pilot, is the Advocacy Director for the (National Association of Search and Rescue) where he writes UAV policy papers and develops presentations on UAVs in SAR for various audiences, and is working on SAR UAV standards for (ASTM). In this episode we discuss his early transition from IT to information security, good incident response planning, team building and communications, the development of (analyzeMFT), giving back to the community, the emerging drone security and analysis field, founding a cyber security company, and so much more. Where you can find David: (LinkedIn) (Twitter) (Kovar & Associates Blog) (Personal Blog) (GitHub - analyzeMFT)
Sep 18, 2017
#034 – Harlan Carvey: You Have To Apply the Data To Your Theory
01:00:56 (Harlan Carvey) is currently the Director of Intelligence Integration at (Nuix). Harlan has been involved in information security for 28 years, which began during his military career. After leaving active duty 20 years ago, he started in consulting, performing vulnerability assessments and penetration testing. From there, it was a natural progression to digital forensics and incident response services. Harlan is an accomplished public speaker and a prolific author. He is the author of several open source tools, including (RegRipper), and is the author of the (WindowsIR blog). In this episode we discuss his start in information security, windows registry forensics, new artifacts, the importance of communications, mistakes examiners make, ransomware, the commonalities between information security and home beer brewing, so much more. Where you can find Harlan: (LinkedIn) (Twitter) (WindowsIR Blog)
Sep 11, 2017
#033 – Perry Carpenter: Security Culture Management
45:25 (Perry Carpenter) currently serves as Chief Evangelist and Strategy Officer for (KnowBe4). Previously, Perry led security awareness, security culture management, and anti-phishing behavior management research at (Gartner Research), in addition to covering areas of IAM strategy, CISO Program Management mentoring, and Technology Service Provider success strategies. With a long career as a security professional and researcher, Perry has broad experience in North America and Europe, providing security consulting and advisory services for many of the best-known global brands. His passion is helping people make better security decisions by applying strategic behavior and culture management practices to the intersection of technology and humanity. Perry holds a Master of Science in Information Assurance (MSIA) from Norwich University in Vermont and is a Certified Chief Information Security Officer (C|CISO). In this episode we discuss his focus on the human side of information security, building a security culture, working with famous hacker Kevin Mitnick, rewarding users for reporting, changing user's behavior, how CISO's can effect change and evaluate products, and so much more. Where you can find Perry: (LinkedIn) (Twitter) (The Mind Spy Guy )
Sep 04, 2017
#032 – Ryan Kalember: We’ve Moved From Mass Surveillance to Targeted Attacks
52:05 (Ryan Kalember) has over 15-years of experience in the information security industry. Ryan currently leads cybersecurity strategy for (Proofpoint) and is a sought-out expert for media commentary on breaches and best practices for enterprises as well as consumers. He joined Proofpoint from WatchDox where he served as chief marketing officer and was responsible for successfully building and leading the marketing team through the company’s acquisition by Blackberry. Prior to WatchDox, Ryan was instrumental in running solutions across Hewlett-Packard’s portfolio of security products. He has also held a variety of marketing leadership positions at ArcSight and VeriSign including EMEA regional manager. Ryan received his bachelor's degree from Stanford University, where he studied fault tolerance, cryptography, and authentication algorithms. In this episode we discuss his start in cyber security, his transition to marketing and product management, the importance of communication skills, the changing role of the CISO, AI and machine learning, the malware research his team does, the spread of ransomware, and so much more. Where you can find Ryan: (LinkedIn) (Twitter) (Proofpoint Blog)
Aug 28, 2017
#031 – Jobert Abma: All Bugs Are Shallow
49:57 (Jobert Abma) is a co-founder and technical lead at (HackerOne), one of the leading bug bounty service platforms. He is an avid hacker, developer and advocate for transparent and safe vulnerability disclosure. He and co-founder (Michiel Prins) have been named one of (Forbes 30 under 30 for 2017 in tech). As a hacker himself, Jobert has reported critical vulnerabilities to GitLab, Yahoo, Slack, Snapchat among others. Before founding HackerOne, he was a successful penetration tester for a company he founded with customers included: Twitter, Facebook, Evernote and Airbnb, among others. He studied Computer Science at Hanze University Groningen. In this episode we discuss his early hacking days, how he turned hacking into a job, why he started HackerOne, secure software development, lessons learned as a founder, Internet of Things vulnerabilities, and so much more. Where you can find Jobert: (LinkedIn) (Twitter) (HackerOne) (GitHub)
Aug 21, 2017
#030 – Joseph Carson: We Need a People-Centric Approach
54:36 (Joseph Carson) is a cyber security professional and ethical hacker with more than 25 years’ experience in enterprise security specializing in blockchain, endpoint security, network security, application security & virtualization, access controls, and privileged account management. He currently serves as Chief Security Scientist at (Thycotic). Joseph is a Certified Information Systems Security Professional (CISSP), active member of the cyber security community, frequent speaker at cyber security conferences globally, and is often quoted and contributes to global cyber security publications. He is also the author of (Privileged Account Management for Dummies). Joseph regularly shares his knowledge and experience by giving workshops on vulnerabilities assessments, patch management best practices, and the evolving cyber security perimeter and the EU General Data Protection Regulation. In this episode we discuss his transition from IT to cyber security, privacy vs. security, international information security, IoT privacy, credential management, why you shouldn't blame the users, people-centric security, hiring information security professionals, cyber security metrics, and so much more. Where you can find Joe: (LinkedIn) (Twitter) (Thycotic Blog)
Aug 14, 2017
#029 – Don’t Hire Security Consultants
This is a solo episode between interviews. I have been doing IT and security consulting for a long time. Over this time, I have noticed a few things that are worth noting when hiring a security consultant. In fact, I would say until you perform some basics and perform some due diligence on your own, don't hire me or any other security consultant. Yes, this seems a little counter intuitive for me to say, "Don't hire me," but there are many common elements I see in environment after environment both on the proactive and responsive engagements. This episode will touch on some of these elements and is by no means all inclusive. The take away is to get to know thy self and do your home work!  
Aug 07, 2017
#028 – Brett Shavers: It’s Not the Machine, But the Examiner
48:05 (Brett Shavers) is a consultant to corporations and government agencies in computer related cases as well as being the author of " (Placing the Suspect Behind the Keyboard)", co-author of " (Hiding Behind the Keyboard)" and co-author of the “ (X-Ways Forensics Practitioner's Guide)." Brett began his career as a digital forensics investigator in law enforcement and was trained by the Federal Law Enforcement Training Center, the US Department of Homeland Security, the (National White Collar Crime Center), and a multitude of forensic software manufacturers. Brett has taught over 1,000 persons in law enforcement, colleges, and law firms in topics including high tech investigative methods and forensic analysis and gives presentations on high-tech investigations regularly. His prior law enforcement duties included assignments in state and federal task forces, with investigations spanning multiple countries and states where his cases targeted career criminals and international criminal organizations. In this episode we discuss starting forensics in law enforcement, his approaches to investigations, what makes a good DFIR examiner, forensic tools, Windows FE, book writing advice, IoT surveillance, and so much more. Where you can find Brett: (Web) (Twitter) (Keybase) (Amazon) (DFIR Online Training)
Jul 31, 2017
#027 – Lance Spitzner: What Behaviors Do We Care About
44:50 (Lance Spitzner) is the Director of the (SANS Security Awareness) program. Lance has over 20 years of security experience in cyber threat research, awareness, and training. He invented the concept of honeynets, founded the (Honeynet Project), and published three (security books). Lance has worked and consulted in over 25 countries and helped over 350 organizations plan, maintain, and measure their security awareness programs. In addition, Lance is a member of the Board of Directors for the (National Cyber Security Alliance), frequent presenter, serial tweeter, and works on numerous community security projects. Before working in information security, Lance served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois. In this episode we discuss moving from technical to human security controls, designing a effective security awareness program, changing human behavior, metrics to use in awareness programs, what is different with IoT and security, the (2017 SANS Security Awareness report), picking organizational leads for training programs, and so much more. Where you can find Lance: (LinkedIn) (Twitter) (Blog) (Securing the Human) (OUCH! Newsletter)
Jul 24, 2017
#026 – Casey Ellis: I Enjoy Thinking Like a Criminal
33:56 (Casey Ellis) is founder and CEO of (Bugcrowd). He started life in infosec as pentester, moved to the dark side of solutions architecture and sales, and finally landed as a career entrepreneur. He’s been in the industry for 15 years, working with clients ranging from startups to government to multinationals, and awkwardly straddles the fence of the technical and business sides of information security. Casey pioneered the Bug Bounty as-a-Service model launching the first programs on Bugcrowd in 2012, and has presented at Blackhat, Defcon, Derbycon, SOURCE Boston, AISA National, and many others. He is happy as long as he's got a problem to solve, an opportunity to develop, a kick ass group of people to bring along for the ride, and free reign on t-shirt designs. In this episode we discuss fixing the Internet, bug bounty programs, designing software with security in mind, IoT security, changing security training and recruitment, responsible disclosure, entrepreneurship and starting a company, and so much more. Where you can find Casey: (LinkedIn) (Twitter) (Blog)
Jul 17, 2017
#025 – Robb Reck & Alex Wood: We Need To Understand the Technology We are Securing
45:22 (Rob Reck) and Alex Wood are both seasoned security professionals in the Denver, CO area and hosts of their own podcast, (Colorado = Security). Rob is the Chief Information Security Officer at (Ping Identity). In addition to his job at Ping Identity, Robb is an active member of the Colorado security community. In early 2017 he co-founded the Colorado = Security podcast with Alex. Robb serves on the board for the mountain region’s largest security conference, (Rocky Mountain Information Security Conference) and he recently ended his term as President of (ISSA Denver), the largest ISSA chapter in the world. Alex is the Chief Information Security Officer for (Pulte Financial Services) and has over 18 years of experience in information security. Previously he has had managerial, program, and technical roles at several major companies in different verticals. Additionally, Alex has served on the Board of Directors for ISSA International and is a host of the Colorado = Security podcast. Alex is a CISSP and has a MAS in Information Security from the (University of Denver). In this episode we discuss volunteering in the cyber security community, the local Denver security community, security leadership, recruiting outside of traditional, the importance of IR planning, selling security within an organization, and so more. (Colorado = Security Website) Where you can find Rob: (LinkedIn) (Twitter) (Blog) Where you can find Alex: (LinkedIn) (Twitter)  
Jul 10, 2017
#024 – Independence
This is another short podcast before we get back into full interviews next week. In this episode, I explore the concept of Independence. In the US, this week we are celebrating Independence Day. This got me thinking about what that means in my business experience. I wanted to share a few observations for those who are thinking about going out on their own either as an independent contractor or to start their own business. Please take a listen and let me and other listeners know of any tips or experiences you may have had if you were working independently or started a business. Also, go back and listen to episodes with (David Cowen) and (Hal Pomeranz). Both have taken the independent route and have shared advice in their episodes. I hope everyone celebrating July 4th has a safe and fun holiday. Please subscribe so you don't miss any episodes. Next week, we are back to interviews with leaders and experts in cyber security.
Jul 03, 2017
#023 – Coming Back
So many of you are wondering why the break in Cyber Security Interviews. There is a bit of a story that goes along with it. I wanted to share this story because I think sheds light into life and career changes that others can learn from. Sharing stories on careers and challenges is a big part of this podcast. Many people can feel alone in their cyber security journeys and I some of the struggles that I have been going through lately can allow those going through their own challenges feel connected and hopefully cope with uncertainty. I know there are others out there that have gone through some major life and career challenges. Know you are not alone, and you can get through it. So the podcast is firing back-up. Look for some great interviews in the coming weeks. I greatly appreciate all of the listener support and feed back I receive. It has definitely helped me recently. So please take a listen to this episode and stay tuned for the next round of episodes!
Jun 26, 2017
#022 – Alex Kreilein & David Odom: The Problems In the Industry
56:41 (Alex Kreilein) and (David Odom) are both Managing Partners at (SecureSet Accelerator). SecureSet is a Denver, CO based firm which is a startup accelerator ( (SecureSet Accelerator)) taking on the lack of novel and quality products in the information security field. In addition to overseeing the SecureSet Accelerator, Alex is also the Cofounder of SecureSet and the companies former CTO. He served as a Tech Strategist for the Department of Homeland Security, Guest Researcher to the National Institute of Standards and Technology, and Legislative Assistant to the US Congress. He served on the Integrated Task Force for the (NIST Cybersecurity Framework) and serves on the board of a number of security startups. Alex has an M.S. from (CU Boulder School of Engineering) and Applied Science and an M.A. from the US Naval War College. He is a Fellow with the (New America Foundation’s Cybersecurity Initiative )and was a speaker at (DEFCON 2016). David is a Managing Partner of the SecureSet Accelerator, focusing on Venture Operations. David spent the past 20+ years engaged with leading edge startups, vibrant thought leaders, and imaginative technologists. He remains active as an advisor and mentor for early stage cyber security startups and university systems. In this episode we discuss investing in cyber security companies, tips for starting a new company, how to make better information security products, cyber security education that works, the machine learning and AI buzzwords, Denver, CO's growing cyber security community, how the government can help improve cyber security, and so much more. Where you can find Alex: (LinkedIn) (Twitter) (SecureSet Blog) Where you can find David: (LinkedIn) (Twitter) (SecureSet Facebook)
Apr 24, 2017
#021 – Troy Hunt: It’s Fun to Build Stuff
43:26 (Troy Hunt) is an internationally recognized (cyber security researcher), (speaker), (blogger), and (instructor). He is the author of many top-rating security courses for web developers on (Pluralsight )and is a Microsoft Regional Director and a six time (Microsoft Most Valued Professional (MVP)) specializing in online security and cloud development. Prior to becoming an independent security consultant, Troy worked at Pfizer with the last seven years being responsible for application architecture in the Asia Pacific region. This time spent in a large corporate environment gave him huge exposure to all aspects of technology as well as the diverse cultures his role spanned. Many of the things he teaches in post-corporate life are based on these experiences, particularly as a result of working with a large number of outsourcing vendors across the globe. Troy is most famously know for creating the the (Have I been pwned? (HIBP) website), a free service that aggregates data breaches and helps people establish if they've been impacted by malicious activity on the web. As well as being a useful service for the security community, HIBP has given him an avenue to ship code that runs at scale on Microsoft's Azure cloud platform. Troy has been featured in a number of articles with publications including Forbes, TIME magazine, Mashable, PCWorld, ZDNet and Yahoo! Tech. In this episode we discuss teaching developers security, learning on your own, becoming an instructor, cyber security in enterprise organizations, budgeting for security, building a personal brand, and so much more. Where you can find Troy: ( (LinkedIn) (Twitter) (YouTube) (Pluralsight) (Have I been pwned?)
Apr 17, 2017
#020 – Jad Saliba: The Thirst For Knowledge
43:50 (Jad Saliba) is the founder and CTO of (Magnet Forensics), a leading digital forensics company. Jad guides the organization to create products that meet the needs of customers from law enforcement, consultancies, or the corporate world. A former digital forensics investigator with a background in computer science, Jad can uniquely identify issues faced by forensics professionals and apply new ways of using technology to solve these problems. Prior to starting Magnet Forensics, Jad spent seven years with the Waterloo Regional Police Service. While with the police department, Jad was responsible for recovering Internet evidence from computers to support the force's investigations. He then developed Internet Evidence Finder which quickly became one of the most popular digital forensic tools for law enforcement and commercial practitioners. Jad is a recognized digital forensics speaker at industry events including: CEIC, Crimes Against Children Conference, EuroForensics, F3, HTCIA, ICDDF, SANS, and the Canadian Police College. Jad holds a Diploma in Computer Science and Network Security from Mohawk College (Hamilton, Canada). In this episode we discuss the Operation Underground Railroad sting, being a police officer vs. running a business, the most important skill an investigator needs, his favorite tool outside of his, cloud forensics, and so much more. Where you can find Jad: (LinkedIn) (Twitter) (Magenet Forensic Blog)  
Apr 10, 2017
#019 – Theresa Payton: Design For the Human
53:23 (Theresa Payton) is one of the nation’s leading experts in cybersecurity and IT strategy. As CEO of (Fortalice Solutions), an industry-leading security consulting company, and co-founder of (Dark Cubed), a cybersecurity product company, Theresa is a proven leader and influencer who works with clients and colleagues to uncover strategic opportunities and identify new and emerging threats. Theresa began her career in financial services, where she coupled her deep understanding of technology systems with visionary leadership, executing complex IT strategies and winning new business. Following executive roles Bank of America and Wachovia, Theresa served as the first female chief information officer at the White House, overseeing IT operations for President George W. Bush and his staff. In 2015, Theresa was named a William J. Clinton distinguished lecturer by the Clinton School of Public Service. She is the author of several publications on IT strategy and cybersecurity and a frequent speaker on IT risk. In 2014 she co-authored, with Ted Claypoole, the book (Privacy in the Age of Big Data: Recognizing Threats, Defending Your Rights, and Protecting Your Family), which was subsequently featured on the (Daily Show with John Stewart). Among her numerous accolades and recognitions, Theresa was named one of the top (25 Most Influential People in Security) by Security Magazine and One of (Infosec’s Rising Stars and Hidden Gems) by Tripwire. In 2005 she was honored as Charlotte, NC’s Woman of the Year. In this episode we discuss managing risk, communicating with business owners about security, why security needs to be designed around the human, her role at the White House, privacy vs. security, how the government can help with cyber security, and so much more. Where you can find Theresa: (LinkedIn) (Twitter) (Fortalice Blog) (CBS)  
Apr 03, 2017
#018 – Hal Pomeranz: Take a Deep Breath and Relax
50:46 (Hal Pomeranz) is the Founder and Principal Consultant for (Deer Run Associates) with over 25 years of cyber security experience. As a digital forensic investigator, Hal has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime, and malicious software infrastructures. He has worked with law enforcement agencies in the United States and Europe, and with global corporations. While perfectly at home in the Windows and Mac forensics world, Hal is a recognized expert in the analysis of Linux and Unix systems, and has made key contributions in this domain. His (EXT3 file recovery tools) were the direct result of an investigation, recovering data that led to multiple indictments and successful prosecutions. His research on EXT4 file system forensics provided a basis for the development of open source forensic support for this file system. Hal has also contributed a popular tool for automating Linux memory acquisition and analysis. Hal is a SANS Faculty Fellow and SANS' longest tenured instructor and primary instructor for the (Securing Linux/Unix (SEC506) course). Hals is also a regular contributor to the SANS Digital Forensics and Incident Response blog and co-author of the (Command Line Kung Fu blog). In this episode we discuss Linux and Unix forensics, his start at Bell Labs, helping others in the industry, data enterprises should collect, running your own security firm, and so much more. Where you can find Hal: (LinkedIn) (Twitter) (GitHub) (Righteous IT) (Command Line Kung Fu) (SANS) (Deer Run Associates )
Mar 20, 2017
#017 – Marie Hattar & Dave Ginsburg: What Keeps the CISO Up at Night
In this episode I am speaking with (Marie Hattar) and (David Ginsburg). This is also my first podcast episode with two guests. Marie is the CMO at (IXIA) and is responsible for their brand and global marketing efforts. Marie has more than 20 years of marketing leadership experience spanning the security, routing, switching, telecom and mobility markets. Before joining Ixia, Marie was CMO at (Check Point Software Technologies) where she reestablished the company as the leading end-to-end security vendor. Prior to that, she was Vice President at (Cisco) where she led the company’s enterprise networking and security portfolio. David is the VP of Marketing for (Cavirin). Dave has over 25 years of experience spanning corporate and product marketing, product management, digital marketing, and marketing automation. Previous roles included CMO at (Teridion), (Pluribus), (Extreme), and Riverstone Networks as well as senior marketing leadership positions at Nortel and Cisco. His expertise spans information security, networking, cloud deployments, and SaaS. I really enjoyed this conversation with them. They are both very technical, but can bridge the gap between the technical teams and the C suite. In this episode we discussed how the industry got to where it is now, the pluses and minuses of using FUD to get peoples attention, how marketing teams can be security enablers within an organization, and advice for companies coming to market in the information security space, and so much more. Where you can find Marie: (Ixia Blog) (LinkedIn) (Twitter) Where you can find Dave: (Cavirin Blog) (LinkedIn) (Twitter)
Mar 13, 2017
#016 – Kristin Lovejoy: Security Is a Team Sport
52:11 (Kristin Lovejoy) is the CEO of (BluVector). Prior to her role at BluVector, she served as general manager of IBM’s Security Services Division, charged with development and delivery of managed and professional security services to IBM clients worldwide. In addition, she served as IBM's Global CISO and VP of IT Risk. Kris is a recognized expert in the field on security, risk, compliance and governance, with appearances in Forbes, CNBC, NPR and USA Today. Within the past five years she has been recognized as 2015 SC Magazine Top 25 Security Managers, 2014 SC Magazine Power Player, 2012 Compass Award Winner by CSO Magazine, one of E-Week’s 2012 “Top Women in Information Security That Everyone Should Know”, Top 25 CTO by InfoWorld, as Top 25 Most Influential Security Executives by Security Magazine. She also holds U.S. and EU patents for Object Oriented Risk Management Models and Methods. Additionally, she is a member of numerous external boards and advisory panels, including (SC Magazine’s Editorial Board) and (Grotech Ventures). In this episode we discuss her start information security and risk, what worries her about the RSA conference, AI and Machine Learning - and what it means for security, emerging threats, advice for CISOs, communicating risk management, and so much more. Where you can find Kris: (LinkedIn) (Twitter) (HITBGSEC 2015 - Kristin Lovejoy - Keynote: Security vs Privacy)
Mar 06, 2017
#015 – Cris Thomas (aka Space Rogue): This Isn’t a New Problem
30:32 (Cris Thomas) (aka Space Rogue) is a strategist for (Tenable). With more than two decades of experience, he commands an uncanny ability to link disparate events, read between the lines and distill complex, technical information into readily understandable, accessible and actionable intelligence. Cris is a founding member of (L0pht Heavy Industries), a hacker think tank from the late '90s and has (testified before the U.S. Senate Committee on Homeland Security and Governmental Affairs). He has also been interviewed for his security expertise by media organizations such as Wired, MSNBC, CNBC and even MTV. Before joining Tenable, he created the ( Hacker News Network) and produced the (SpiderLabs) Radio weekly news podcast. As a (strategist for Tenable), Cris helps clients understand how to apply the unique advantages of continuous monitoring as well as how to meet compliance and security challenges. I have been following Space Rogue's work since the 90's and am delighted to have him on the show. I encourage people to go back and watch the famous testimony from Cris and the rest of L0pht from almost 20 years ago. It's scary that so many of the issues called out then, still exist today. In this episode we discuss (CyberSquirrel1), FUD and cyber war, the growth of the (RSA conference), the start of L0pht heavy industries, L0pht's famous testimony before congress, security basics, and much more. Where you can find Cris: (LinkedIn) ( (Twitter) (CyberSquirrel1) (Tenable Blog) Plus, everyone should just watch this. It's almost 20 years old and it still is very relevant. [embed][/embed]
Feb 27, 2017
#014 – RSA Conference 2017
The (RSA Conference) (or "RSAC") held annually in San Francisco, CA has become one of the largest information security conferences. I was able to get a press pass to the event this year and was pitched heavily for product focused interviews. Most I kindly declined, but there were a few people I did connect with and recorded some great conversations which I will post in the coming weeks. I recorded episodes with: (Cris Thomas (aka Space Rogue)), Strategist for (Tenable Network Security) ( Kristin Lovejoy), CEO of (BluVector) And my first two person interview with (Marie Hattar), CMO of (IXIA )and (David Ginsburg), VP Marketing at (Cavirin Systems) I really enjoyed my conversations with each of them and look forward to your feedback. Please make sure you are (subscribed here) so you don't miss any episodes. In the interim, please listen to this short episode on my take of the event. Thanks!  
Feb 20, 2017
#013 – Gary McGraw: Security Is Hard Work
Dr. Gary McGraw is the Vice President of Security Technology at (Synopsys) (SNPS). Gary quite literally helped create the field of software security. He is a globally recognized authority on software security and the author of several bestselling books on this topic. His titles include (Software Security), (Exploiting Software), (Building Secure Software), (Java Security), (Exploiting Online Games), and (6 other books). He is also the editor of the (Addison-Wesley Software Security) series. Gary has also written over 100 peer-reviewed scientific publications, authors a periodic security column for (SearchSecurity), is frequently quoted in the press, and regularly speaks at major cyber security conferences. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Max Financial, NTrepid, and Ravenwhite. He has also served as Advisor to Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye). Gary holds a dual PhD in Cognitive Science and Computer Science from Indiana University where he serves on the (Dean’s Advisory Council for the School of Informatics). Gary served on the (IEEE Computer Society Board of Governors). He also produces and hosts his own the monthly podcast, the (Silver Bullet Security Podcast) for IEEE Security & Privacy Magazine (syndicated by SearchSecurity). Gary is also a self described "alpha geek" and a pioneer in the field of computer security. However, Gary also is a big proponent of life out side of tech. He lives on a farmhouse in Virginia, collects art, plays several musical instruments, an experienced cook, and shares a hobby of mine, craft cocktails. I am truly honored to have him on the show. In this episode we discuss (craft cocktails), his (Shmoocon 2017) key note, building in software security, (the BSIMM project), breakers as builders, leadership in infosec, cyber security in the media, government relations, (the NASCAR effect), (giving back to your community), and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find Gary: ( (Twitter) (Cigital Blog) Books:...
Feb 13, 2017
#012 – Cindy Murphy: Learn How To Learn
01:05:07 (Cindy Murphy) served in law enforcement  for more than thirty years (twenty-five of those years at the Madison Police Department in Wisconsin) before leaving the force to launch (Gillware Digital Forensics), where she is co-owner and serves as president and lead examiner. Her peers have called her "one of the most dedicated people in the field of digital forensics." Cindy has also been teaching digital forensics since 2002, is a certified (SANS instructor) and helped develop the SANS Mobile Device and (Advanced Smartphone Forensics courses). Her extensive experience has given her both the real-world experience and the foundation in training that it takes to excel in the mobile forensics field and share her knowledge with others. Throughout her career, Cindy has always looked for opportunities to help in meaningful ways. In one notable case, experts spent a year trying to unlock the phone of a 16-year-old girl who was killed in a tragic traffic accident. As the family prepared to spread the girl's ashes in a ceremony a year after her death, Cindy was given the victim's locked phone. She was able to unlock it, enabling the family to see their daughter's last photos. The family sent Cindy a thank you note that said: "We so appreciate this opportunity you've given us to hold onto a piece of our daughter's life we were sure was lost to us." This is just one example how digital forensics, and a good examiner, can have a tremendously positive impact in peoples lives. Cindy has also developed the " (Fraternal Clone Method)" for Cell Phones, a (Forensic 4Cast Forensic Examiner of the Year Award) winner, a (SANS People Who Made a Difference in Security Award) winner, and was named a (2016 Women of Influence in IT Security by SC Magazine). She is also one of the nicest and most approachable people in the cyber security and digital forensic industry. In this interview we discuss starting digital forensics in law enforcement, how she started with mobile forensics in the early 2000's, moving from law enforcement to the private sector, the concerns she has with mobile phones, mobile malware, recruiting and retaining women in DF/IR, developing SANS mobile forensics courses, and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find Cindy: (LinkedIn) (Twitter) (Gillware Digital Forensics) (SANS)
Feb 06, 2017
#011 – Scott Schober: What Makes It Work
41:55 (Scott Schober) is the President and CEO of (Berkeley Varitronics Systems) (BVS), a 44 year-old company and leading provider of advanced, world-class wireless test and security solutions. Scott starting with BVS in 1989 and the company’s product line of wireless test and security instruments has increased to over 100 products with a core focus on Wi-Fi, Cellular, WiMAX, LTE, IoT as well as other advanced radio devices. As an experienced software engineer, Scott has developed cellular test instruments used for measuring, optimizing and plotting signal coverage, primarily for the initial cellular build-out throughout the United States. Scott’s recent focus has been development of BVS’ cell phone detection tools, used to enforce a "no cell phone policy" in various markets including government, corporate, military, educational, correctional and law enforcement. Thousands of these security tools have been deployed throughout every state in the U.S. and around the world. Scott is a highly sought after subject expert on the topic of cyber security and wireless technology for media appearances and commentary. He is often seen on ABC News, Bloomberg TV, Al Jazeera America, CBS This Morning News, CCTV America, CNBC, CNN, Fox Business, Fox News, Good Morning America, Inside Edition, MSNBC and many more. His precautionary advice is heard on dozens of radio stations such as National Public Radio, Sirius XM Radio, Bloomberg Radio, and The Peggy Smedley Show. He regularly presents on visionary issues at conferences around the globe discussing wireless technology and its role in the current cyber security breaches along with his vision for best practices to stay safe in the future. Scott has been interviewed in WSJ, Forbes, Fortune, Success, NY Daily News, Newsweek, USA Today, and The New York Times. In his latest book, (Hacked Again), Scott explores the ins and outs of his experience when his own small business was hacked. Several times. In this eye opening book, he details mayhem and tries understand the motives behind his being hacked. In this interview we will discuss his experience being hacked, the importance of layer security, how to improve IoT security, drone security, common themes in big breaches, cyber security education, finding your niche, and much more.   I hope you enjoy this discussion. Please leave your comments below!   Where you can find Scott: (Hacked Again (Amazon)) (LinkedIn) (Twitter) (Blog) (HackEd)  
Jan 30, 2017
#010 – ShmooCon 12 (2017)
Early each year, for the past 12 years, the hacker conference (ShmooCon) takes place in Washington, DC. This year I was honored and fortunate to get a press pass to this sold out event which the organizers call, "an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues." It was a great time and in this episode I will recap my experience over the three days. More ShmooCon information: (ShmooCon Website) (Twitter) (ShmooConPuzzle) (Shmooganography) Thank you to ShmooCon and the organizers for letting me be part of this event!
Jan 23, 2017
#009 – Ismael Valenzuela: Let’s See What Happens
Defined by his peers as a “passionate, experienced and visionary individual who is always striving to improve himself,” (Ismael Valenzuela) is one of the few individuals that has done almost all in the InfoSec arena, from founding one of the first IT Security companies in Spain to managing a distributed CERT across the world as well as teaching for highly reputed institutions such as (SANS), BSi or the Spanish National Center of Intelligence. His command of both the business and technical aspects of information security has allowed him to specialize in building and boosting highly technical security teams and successful security businesses across North America, EMEA, India and Australia in the last 15 years. As a top cybersecurity expert with strong technical background and deep knowledge of penetration testing, security architectures, intrusion detection and computer forensics, Ismael has provided security consultancy, advice and guidance to large government and private organisations, including major EU Institutions and US Government Agencies. Prior to joining (Foundstone Services) at (Intel Security), Ismael worked as Global IT Security Manager for (iSOFT Group Ltd), one of the world’s largest providers of healthcare IT solutions, focusing on establishing and managing the IT Security program in more than 40 countries while providing risk-driven strategic planning, defining an ISO 27001 compliant policy framework and working with the applications team to ensure that security was embedded into their SDLC. Author of security articles for Hakin9, INSECURE Magazine and the (SANS Forensics Blog), Ismael also serves on the GIAC Advisory Board and is a Community SANS Instructor. He holds a Bachelor's degree in Computer Science from the University of Malaga, is certified in Business Administration, and holds numerous professional certifications including the highly regarded (GIAC Security Expert) (GSE #132) any many others from (GIAC), (ISC2 )and (ISACA). In this interview we will discuss learning security on his own, scoping penetration testing projects, security in the healthcare industry, running international teams, how to drive an internal security culture, developing internal training programs, threat hunting and his (rastrea2r) threat hunting tool, lessons learned from his IR work, and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find Ismael: (LinkedIn) (Twitter) (SANS Blog) (Blog) (GitHub)
Jan 16, 2017
#008 – Darren Hayes: Be Cautious and Think It Through
Dr. Darren Hayes is the Director of Cybersecurity and an Assistant Professor at (Pace University), New York and a leading expert in the field of digital forensics and cyber security. In 2013, he was listed as one of the (Top 10 Computer Forensics Professors, by Forensics Colleges). He has developed four distinct courses in digital forensics, at Pace University, at the undergraduate and graduate levels. Also through Pace, Darren continually conducts research to support of law enforcement agencies both domestically and internationally. He has successfully been awarded grants, in the field of computer forensics, by the Department of Defense, National Science Foundation and other notable foundations. Daren is also a professional consultant in computer forensics and cyber law for the Department of Education in New York. For a number of years, Hayes has served on the Board of the High Technology Crime Investigation Association (HTCIA) Northeast Chapter and was the President of the HTCIA Northeast. Currently, he serves as Second Vice President of the HTCIA Northeast. Darren is also an accomplished author with numerous peer-reviewed articles on computer forensics. He has co-authored two textbooks and published “ (A Practical Guide to Computer Forensics Investigations)”. Darren has appeared on numerous media and news outlets such as Bloomberg Television, The Street and Fox 5 News and been quoted by CNN, The Guardian (UK), The Times (UK), Wall Street Journal, Financial Times, Forbes, Investor’s Business Daily, MarketWatch, CNBC, ABC News, Forensic Magazine, SC Magazine, PC Magazine, USA Today, Washington Post, New York Post, Daily News and Wired News (to name but a few!). He has also been invited to lecture for the Harvard Business Review, University College Dublin and, more recently, was Visiting Professor at Sapienza University, Rome, Italy. In this interview we will discuss how he supports law enforcement, developing teaching skills, the importance of problem solving abilities, the challenges when authoring books, misinformation in the media, his involvement with HTCIA, gender roles in information security, foundational skills necessary to be good in information security, immigration challenges, real world physical threats from cyber attacks, the growth of ransomware, the "brain drain" in the government sector, how to learn cyber security on a budget, and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find Darren: (LinkedIn) (Twitter) (Pace University) (A Practical Guide to Computer Forensics Investigations)  
Jan 09, 2017
#007 – What I Am Learning So Far
This is going to be the second holiday break episode and the first of 2017. In this episode, I am taking a quick look back at the (first five episodes) with my guests to date: (Chris Pogue) (David Cowen) (Lenny Zeltser) (Nicholas Percoco) (Morgan Wright) Each of these cyber security professionals have had their own, unique journeys to get where they are. In each interview, I learned a lot about them as individuals, but also got their perspectives on a variety of topics that influence the industry as well as some valuable advice. Thanks everyone for listening to the first episodes of Cyber Security Interviews. I hope you are all getting some valuable insight to the industry as well as some sage advice. Next week we are back with our regular schedule of interviews with top cyber security pros. Have a safe and happy new year everyone, I look forward to speaking to you all soon. Remember to (sign up here) for email notifications of new episodes.
Jan 02, 2017
#006 – 2016: A Look Back Through the Year
This is going to be one of two special holiday break episodes as we end out the year. We will be returning to our regular interviews with top security experts right after the start of the new year. In this episode, I reflect on 2016 and cyber security. It was an interesting year and information security took a spot light more than I could remember for years past (and probably more than I could have imagined a year ago). Even“hackers” even took runner up as (Time’s 2016 Person of the Year)! I will talk about: The cyber-attacks against the (Ukrainian Critical Infrastructure), also known as Black Energy The (Central Bank of Bangladesh heist) The (Panama Papers) The Internet of Things, (Distributed Denial of Service attacks against Dyn DNS) (Yahoo's breach) The email (hack of the Democratic National Party) I wish everyone a safe and happy holiday season this year. Next week I am going to take a quick look back at the (first five episodes) and some of the lessons I learned from my guests. Thanks, I look forward to speaking to you all soon!
Dec 26, 2016
#005 – Morgan Wright: The Rule of Threes
01:15:50 (Morgan Wright) is an internationally recognized expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. His landmark (testimony before Congress on changed how the government collected personally identifiable information. He has made hundreds of appearances on national news, radio, print and web, and has spoken to audiences around the world about cyber security. Previously Morgan was a Senior Advisor in the US State Department Antiterrorism Assistance Program and Senior Law Enforcement Advisor for the 2012 Republican National Convention. In addition to 18 years in state and local law enforcement, Morgan has developed solutions in defense, justice and intelligence for the largest technology companies in the world. He has trained over 2,000 law enforcement officers in the investigation of computer crime, including one year training the FBI on internet investigations. He has also taught behavioral analysis interviewing at the National Security Agency. A highly seasoned interviewer and moderator, Morgan has over 400 appearances on national news shows. In his interviews, he always tries to inspire, inform and entertain with just the right amount of humor and wit. In this interview we discuss cyber security in the 2016 Presidential election, accountability in cyber security and the failure of leadership, investing in people, machine learning, cyber warfare, insider threats, compliance versus security, on the job training, the importance of communication skills, productivity tips and personal development, and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find Morgan: (LinkedIn) (Twitter) ( ( (
Dec 19, 2016
#004 – Nicholas Percoco: Don’t Second Guess Yourself
01:26:11 (Nicholas Percoco) has more than 19 years of information security experience and is currently the Chief Information Security Officer at (Uptake). Prior to Uptake, Nicholas was the Vice President of Global Services at (Rapid7). Nick has also been a Director at KPMG and the head of SpiderLabs at (Trustwave )where he led more than 2000 incident response and forensic investigations globally, ran thousands of ethical hacking & application security tests for clients, and conducted bleeding-edge security research to improve Trustwave's products. Before Trustwave, Nick ran the security consulting practices at VeriSign, & Internet Security Systems. In 2004, he drafted an application security framework that became known as the Payment Application Best Practices (PABP). In 2008, this framework was adopted as a global standard called Payment Application Data Security Standard (PA-DSS). As a speaker, he has provided unique insight around security breaches, malware, mobile security and InfoSec trends to public ( (Black Hat), (DEFCON), and (OWASP)) & private audiences (Including DHS, US-CERT, Interpol, United States Secret Service) throughout the world. Nick's research has been featured by media including: The Washington Post, eWeek, PC World, CNET, Wired, Network World, Dark Reading, Fox News, USA Today, Forbes, Computerworld, CSO Magazine, CNN, The Times of London, NPR, Gizmodo, Fast Company, Financial Times & The Wall Street Journal. Nick is also the creator of (THOTCON) (a hacking conference held in Chicago each year), & co-founder of (The Cavalry) movement. In this interview we discuss his early start with computers, what is a hacker, developing a methodology for penetration testing, how he developed the SpiderLabs name, analytics and automation, when you should evaluate opportunities, moving past the fear of public speaking, his personal "drink-a-different-beer-a-day" contest, research and public disclosure of vulnerabilities, how to secure Internet connected devices, where he recruits talent, and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find Nick: (LinkedIn) (Twitter) (THOTCON) (I am the Cavalry)
Dec 12, 2016
#003 – Lenny Zeltser: You Can Never Know Everything
01:10:40 (Lenny Zeltser) is a seasoned business and tech leader with extensive information security expertise. As a product portfolio owner at a Fortune 500 company, he delivers the financial success and expansion of his orgnization's security services and SaaS products. He has also been a national lead of the security consulting practice at Savvis (acquired by CenturyLink), where he managed the US team of service professionals, aligning their expertise to the firm’s cloud solutions. Lenny helps shape global infosec practices by teaching incident response and malware defenses at (SANS Institute) and by sharing knowledge through writing, public speaking and community projects. He has earned the prestigious GIAC Security Expert professional designation and developed the Linux toolkit (REMnux), which is used by malware analysts throughout the world. Lenny is on the Board of Directors of (SANS Technology Institute) and on the Advisory Board of (Minerva Labs). Lenny’s approaches to business and technology are built upon his work experience, independent research, as well as a Computer Science degree from the University of Pennsylvania and an MBA degree from MIT Sloan. His expertise is strongest at the intersection of business, technology, and information security, and spans incident response, infosec cloud services and business strategy. To get a sense for Lenny’s thought process and knowledge areas, take a look at his (blog). In this interview we will discuss why he is passionate about security, stagnating in information security and going back to grad school, public speaking, who has inspired him, his personal challenge asking for advice, early failures in technology, why he developed REMnux to make malware analysis accessible to as many people as possible, cloud security, writing better job descriptions, refining communication skills to technical and non-technical audiences, how to use certifications as a signaling mechanism, building industry relationships, and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find Lenny: (LinkedIn) (Twitter) (Lenny's Blog) (REMnux)
Dec 05, 2016
#002 – David Cowen: Standing On the Shoulders of Giants
01:17:47 (David Cowen) has more than sixteen years of experience in the areas of security integration, architecture, assessment, programming, forensic analysis and investigations. He started out as a penetration tester then moved to digital forensics. Currently, he is a partner at (G-C Partners, LLC), a full service digital forensics investigation company, and has experience working in a variety of environments ranging from high security military installations to large/small private sector companies. David is also one of the most passionate and active contributors within the cyber security and forensic communities. I look at David's contributions and think he doesn't sleep and/or someone in Dallas, TX there is cloning facility that has produced David Cowens versions 2 -5 which are all running around outputting awesome contributions to the community (yes, like the movie (Multiplicity)). Here is just a short list of what David' does to give back to the industry: Regular speaker at conferences such as (OSDFCon) Ran his blog, (Hacking Exposed Computer Forensics), daily which included a weekly forensic challenge Is a Red Team Captain for the (National Collegiate Cyber Defense Competition) Has his own regular video podcast, (Forensic Lunch ) Author of (Computer Forensics: InfoSec Pro Guide) Co-author of (Hacking Exposed: Computer Forensics) Co-author of (Anti-Hacker Tool Kit, Third Edition) Is a (SANS Institute Certified Instructor) Developed (TriForce ANJP), forensic software for parsing NTFS journals (also working on (HFS+ capabilities)) He is also a two-time (Forensic 4cast) award winner for both Digital Forensic Article of the Year and Digital Forensic Blog of the year. When he is not doing all of this, he is also a family man and BBQ aficionado. Nope. Zero chance this is one person. In this interview we will discuss how he has accomplished all of this, why he loves being an expert witness, why he moved from pen tester to forensicator, his inspiration to start programming, his favorite type of investigation and the questions to ask, how to hire good talent, what it took to develop TriForce ANJP and how it was a community effort, how no one stands on their own in the industry, and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find David: (LinkedIn) (Twitter) (Hacking Exposed Computer Forensics) (Forensic Lunch )
Nov 23, 2016
#001 – Chris Pogue: Like a Chihuahua On a Pork Chop
48:56 (Chris Pogue), Chief Information Security Officer at (Nuix), has more than fifteen years’ experience and 2,000 breach investigations under his belt. Over his career, Chris has led multiple professional security services organizations and corporate security initiatives to investigate thousands of security breaches worldwide. His extensive experience is drawn from careers as a cyber crimes investigator, ethical hacker, military officer, and law enforcement and military instructor. In 2010, Chris was named a (SANS Thought Leader), ran an award-winning security blog ( (The Digital Standard)), and has contributed to multiple security publications. Chris holds a Master's Degree in Information Security and is also an adjunct cyber security professor at Southern Utah University. He also was a contributing author for (Data Breach Preparation and Response: Breaches are Certain, Impact is Not). Chris is just one of those guys in cyber security I knew I had to have on the show out of the gate. He is an extremely bright guy and very passionate about information security. He is also pleasure to talk to. He coined the methodology and term " (Sniper Forensics)" a few years back, and it had a huge impact on the way I approach digital forensic investigations. In this interview we discuss his military background, his start as a penetration tester, his transition from tech to executive, (books that have influenced him), using the scientific method, the merger of cyber crime and physical crime, training cyber security staff, the importance of communication skills, cognitive biases and (Parkinson's Law of Triviality), and much more. I hope you enjoy this discussion. Please leave your comments below Where you can find Chris: (LinkedIn) (Twitter) (The Digital Standard) (Nuix Blog)  
Nov 23, 2016
#000 – Douglas A. Brush: You’re Always a Student – You Never Stop Learning
Before we tackle the hearts and minds of some of the leaders and influencers in cyber security, I wanted to provide a little background about me and how I got started in cyber security. As far back as I can remember, I always wanted to be a hacker. In 1981, at an impressionable age five, I plopped down in front of a (Texas Instruments TI99/4A computer). It had a whopping 3MHz CPU, 16K of RAM, and 16 colors. My parents got one for the home and I mostly used it to play video games. My favorite game was (Hunt the Wumpus). At some point, I came across (Compute!) magazine that had instructional pages of BASIC, spaghetti code programs that you could use to run on your computer. After hours of painstakingly transcribing lines and lines of GOTO commands into the TI99, I would have a small colored box bounce from one side of the screen to the other. Then back again. #Fun. [caption id="attachment_1332" align="alignleft" width="173"]“Hi sugar. After you store my 'portable' computer, can you please light my Pall Mall and fetch me a double Alabama Slammer?" Image source: (Oldcomputers)[/caption] The Reagan 1980's roared on and computers gained greater adoption in the business community, particularly in finance and accounting. However, computers for the general public consumption were still in their infancy. Glorified calculators with some generic word processing capabilities. Then movies like Tron and War Games came out. Whoa. They depicted the anti-heros as computer users, but different. They were hacker misfits, but cool in their own way. They could command computers to do powerful things. I wanted to do that. My parents continued to bring technology into the home (they were leading communication consultants and authors) including new computers to play with, break, and hopefully, repair. In the summer of 1983 we made the investment in a (Compaq Portable Plus). This was also a deciding point because it set me down the IBM/PC market path (sorry Apple). Mind you, this beast of plastic and metal was marketed as "portable" at 28 pounds. Nine-inch monochrome monitor and detachable keyboard? Heck yeah I'll travel with this thing! And we did! The real selling point to me on this computer was WordPerfect 3 with the spell checking feature and a printer. No longer was I chained to homework assignments of handwritten drafts! I was able to write a book report on birds, it showed me how horrid my spelling was, and I could print it. Sold. However, my final submission caused a certain amount of controversy with my teacher. She accused my parents of writing this masterpiece. With Kerouac-esque lines like "Cardinals are red," I can see the confusion. She simply couldn’t understand how a kid could use a computer to write a paper. This resulted in my parents meeting with the teacher and principal to explain how I could possibly do such a thing. Luckily things started to change and computers were becoming more mainstream. They were more and more likely to be common appliances in the home. “I asked for a car, I got a computer. How’s that for being born under a bad sign.”– Ferris Buller   [caption id="attachment_1333" align="alignleft" width="568"] ()A MUD. By Source, Fair use, ([/caption] In the late 1980’s, we started using CompuServe and then Prodigy. A whole other world with computers opened up. Computers, and me, were now connected to people all over. I could chat and play text based online games. Hardly worth PewDiePie commentary, but it was fun to explore these (MUD's (Multi-User Dungeons)). For those old enough to...
Nov 22, 2016