Cyber Security Interviews

Frank Downs is the director of cybersecurity practices at ISACA. Frank, a 14-year cybersecurity specialist, graduated with a bachelor’s degree in English from the University of Maryland, after which he promptly joined the US Department of Defense as a subject matter expert, working with computer networks on a daily basis. Realizing that English and cybersecurity were two very different concepts, he proceeded to obtain a master’s degree in cybersecurity from UMBC, after a pit stop at Johns Hopkins to obtain a master’s degree in Government.Eventually, Frank decided to ease the learning process for individuals transitioning from non-technical backgrounds into cybersecurity by becoming a full-time Intelligence and Operations Consultant for multiple federal law enforcement and intelligence agencies.In this episode, we discuss starting in another industry before the DoD, packet capture analysis, doing the work no one else wants to do, knowing when to move into new roles, non-traditional backgrounds, training and certifications, COBIT, and so much more.LinkedInFrankDowns.comISACA 

Lesley Carhart is a Principal Threat Analyst at the Threat Operations Center at Dragos. She is recognized as a subject matter expert in cybersecurity, incident response, and digital forensics, regularly speaking at conferences and universities. She has spent the last 11 years of her 20+ year IT career specializing in information security, with a heavy focus on response to nation-state adversary attacks. Prior to Dragos, she was the incident response team lead at Motorola Solutions, performing digital forensics and incident handling services for both enterprise and public safety customers.In 2017, Lesley was named a “Top Woman in Cybersecurity” by Cyberscoop news and received the Guidance Enfuse conference “Women in Technology” award. She holds a Bachelor’s Degree in Network Technologies from DePaul University, A.A.S. in Avionics Systems and Electronics Systems, GIAC GCIH, GREM, GCFA, and GCFE certifications, and currently serves as a Cyber Systems NCO in the US Air Force Reserves.In her free time, Lesley co-organizes resume and interview clinics at several cybersecurity conferences, blogs, and tweets prolifically about infosec, and is a youth martial arts instructor.In this episode, we discuss her early mentors, mentoring, writing resumes, starting as a coder, organizational missions, ICS security, electronic voting, submitting CFPs, and so much more.Where you can find Lesley:LinkedInBlogYouTubeTwitter

Brian Martin (a.k.a. Jericho) has been poking about the hacker and security scene for over 22 years, building valuable skills such as skepticism and anger management. As a hacker-turned-security whore, Jericho has a great perspective to offer an unsolicited opinion on just about any security topic. A long-time advocate of advancing the field, sometimes by any means necessary, he thinks the idea of ‘forward-thinking’ is quaint; we’re supposed to be thinking that way all the time. No degree, no certifications, just the willingness to say things many in this dismal industry are thinking, but unwilling to say themselves. He remains a champion of security industry integrity and small misunderstood creatures. In this episode, we discuss starting as a phreak and phone systems, BBS hacking forums, sharing knowledge, calling people out, cybersecurity skill shortages, understanding the adversaries mindset, PCI compliance, and so much more. Where you can find Brian: LinkedIn attrition.org Twitter  

Bill Conner is the President and CEO of SonicWall. Bill has lead key divisions of AT&T, took Nortel into the $9 billion acquisition of Bay Networks, worked to secure digital identities with Entrust, and brought secure communications and privacy from the consumer to the enterprise through mobile and cloud with Silent Circle. Bill also created and hosted “Hacked” for SiriusXM’s business radio. He has been recognized with several awards including Marketing Computers “Marketer of the Year,” Tech Titans “Corporate CEO of the Year,” Federal Computer’s “Top 100 Award,” and the “National Youth Science Camp Alumnus of the Year.” In this episode, we discuss starting in encryption, security for the SMB market, advanced malware, threat intel, cloud security, breaking SSL in the enterprise, network basics for IoT, governments backdooring encryption, and so much more. Where you can find Bill: LinkedIn Twitter SonicWall Blog

Bernard Harguindeguy is the Chief Technology Officer & General Manager Intelligence from Ping Identity. Bernard joined Ping in June 2018 through the acquisition of Elastic Beam, where he was the CEO and founder. His work at Elastic Beam revolutionized the use of AI to protect API infrastructures from cyber attacks and deliver deep insight into API access and usage. Bernard earned an MS in Engineering Management from Stanford University and a BS in Electrical Engineering from the University of California Irvine where he was inducted into the Engineering Hall of Fame. In this episode, we discuss starting in email security, identity as the perimeter, API security, selling to the C suite, how AI will help security, IoT security, and so much more. Where you can find Bernard: LinkedIn Twitter Ping  

Vinny Sakore joined the NetDiligence team in 2017 as their Chief Technology Officer. Prior to joining NetDiligence Vinny served as Verizon’s HIPAA Security Officer. His previous experience includes stints as Chief Technology Officer for two healthcare technology companies. Vinny is a featured speaker nationally and internationally on the topics of Cyber Risk, Mobile Technology, and Information Security. He is a regular presenter at organizations and events such as the NetDiligence Cyber Risk forums, Information Security Forum (ISF), International Association of Privacy Professionals (IAPP), Healthcare Information Management Systems and Society (HIMSS), and the Risk Information Management Society (RIMS). Vinny has been quoted in numerous publications, including CSO Online, Wall Street Journal, and Information Security Magazine. He serves on a number of not-for-profit boards and also teaches cybersecurity courses at Messiah College. In this episode, we discuss the difference between privacy and security, talking to the board about cybersecurity, preparing for the cyber tsunami, government regulation, threat intel, aggregating insurance data, and so much more. Where you can find Vinny: LinkedIn Twitter Blog

Renaud Deraison is known in the global security community as the father of the Nessus vulnerability scanner. His original creation, Nessus, celebrated its 15th anniversary in 2013 and is considered the de facto standard for vulnerability scanning worldwide. Renaud co-founded Tenable Network Security in 2002. As Chief Technology Officer, he drives product strategy and development. Before Tenable, Renaud was the primary author of the Nessus vulnerability scanner – releasing the first version of Nessus when he was 17. Renaud continues to contribute to the global security community; he is the author of three patents related to network scanning and security and has published his work in books and magazines. In this episode, we discuss building the first version of Nessus when he was a teenager, getting the basics right, challenges with the cloud, IoT and embedded devices security, responsible vulnerability disclosure, and so much more. Where you can find Renaud: LinkedIn Tenable Dark Reading: The Argument for Risk-Based Security

Lorrie Faith Cranor, IEEE Fellow, is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company. She has authored over 150 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability and founded the Symposium On Usable Privacy and Security (SOUPS). In this episode, we discuss the difference between privacy and security, lawmakers and technologists working together, founding Wombat security, the famous “password dress,” what makes a good password policy, IoT nutrition labels, and so much more. Where you can find Lorrie: LinkedIn Twitter Carnegie Mellon University IEEE

Ben Johnson is CTO and co-founder of Obsidian Security. Prior to founding Obsidian, he co-founded Carbon Black and most recently served as the company’s Chief Security Strategist. As the company’s original CTO, he led efforts to create the powerful capabilities that helped define the next-generation endpoint security space. Prior to Carbon Black, Ben was an NSA computer scientist and later worked as a cyber engineer in an advanced intrusion operations division for the intelligence community. Ben is active in the cybersecurity community, where he is a technical advisor to the US FISA Court and sits on boards of multiple security startups. Johnson earned a bachelor’s degree in computer science from the University of Chicago and a master’s degree in computer science from Johns Hopkins University. In this episode we discuss starting with the NSA, starting Carbon Black, focusing on the endpoint, identity security, government compliance, why everyone is in sales, picking your founder team, and so much more. Where you can find Ben: LinkedIn Twitter Obsidian Blog    

Deborah Blyth is the Chief Information Security Officer (CISO) State of Colorado, Governor’s Office of Information Technology. In August 2014, Deborah Blyth became the state’s new CISO, bringing a diverse 25-year technology background including 14 years of information security experience. As the CISO, she serves as the point of contact for all information security initiatives in Colorado, informing the Secretary of Technology & Chief Information Officer and executive agency leadership on security risks and impacts of policy and management decisions on IT-related initiatives. Before joining the state of Colorado, Deborah led the Information Technology Security and Compliance programs at TeleTech and Travelport. Deborah is a Colorado native and graduated Summa cum Laude with a Bachelor of Science degree from Regis University. In this episode, we discuss her start in IT and her passion for technology, changes from the board and C-suite, the CDOT attack, the importance of having an IR plan in place, leveraging change management for security, managing priorities, cloud security, and so much more. Where you can find Deborah: LinkedIn Governor’s Office of Information Technology

Fred Kneip is the CEO and Founder of CyberGRX. Since founding the company in 2015, Fred has led the creation of the world’s first global third-party cyber risk management (TPCRM) exchange. During his tenure at CyberGRX, Fred has been responsible for the overall direction of the company and as the company’s chief strategist, for securing global partnerships, leading investments and overseeing management and corporate execution. Prior to CyberGRX, Fred led the Security and Compliance Departments at Bridgewater Associates, an investment management firm overseeing about $160 billion for 350 of the largest and most sophisticated global institutional clients. Fred holds a BSE in Civil Engineering from Princeton University and an MBA from Columbia Business School. In this episode we discuss the growing Denver cybersecurity scene, starting in compliance, managing supply chain and vendor risk, current and upcoming regulations, compliance versus security, benchmarking, and so much more. Where you can find Fred: LinkedIn Twitter Blog

Alissa Torres is a SANS analyst and Principal SANS instructor specializing in advanced digital forensics and incident response (DFIR). Alissa was recognized by SC Magazine as one of its "2016 Women to Watch." and a recipient of the Enfuse 2018 Difference Makers Award for her efforts in educational outreach.She has more than 15 years of experience in computer and network security that spans government, academic, and corporate environments. Her current role as Founder and Senior Consultant at Sibertor Forensics, a security operations and incident response consulting company, provides daily challenges “in the trenches” and demands constant technical growth. Alissa is a frequent presenter at industry conferences (RSA, BSides, Shmoocon, Enfuse) and has taught hundreds of security professionals over the last 5 years in more than 12 countries. As the lead author of the SANS FOR526 Advanced Memory Forensics and Threat Detection course, she is passionate about memory management and forensic artifact hunting.In this episode we discuss, being confused with Heather Mahalik, running a helpdesk, file system forensics, memory forensics, balancing blue teams and red teams, when to add threat hunting to your program, the value of certifications, balancing work and life, keeping skills current, and so much more.Where you can find Alissa:LinkedInTwitterSANS

Lizzie Cookson is an Associate Director of Cyber Investigations at Kivu Consulting. She specializes in cyber extortion and threat intelligence with a focus on attacker negotiations, threat actor profiling, and data breach remediation. Lizzie’s case work has included network intrusions, e-commerce compromise, business email compromise, wire/tax fraud, employee misconduct, and over 150 cyber extortion investigations.Lizzie has over six years’ experience in legal services, incident response, and digital forensics. Prior to joining Kivu, she worked in regulatory roles at law firms in Massachusetts and Washington, DC while earning her graduate degree in digital forensics.In this episode we discuss getting started in information security, how attackers have changed, ransomware changes, Ransomware-as-a-Service, banking trojans, types of cyber criminals, getting started with ransomware response, and so much more.Where you can find Lizzie:LinkedInBlog

Georgia Weidman is the founder and CTO of Shevirah and is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, author, and angel investor. She holds a MS in computer science as well as holding CISSP, CEH, and OSCP certifications.Her work in the field of smartphone exploitation has been featured internationally in print and on television including ABC World News Tonight, The New York Times, NBC Nightly News, and The Washington Post. She has presented or conducted training around the world including venues such as the NSA, West Point, and Black Hat. She was awarded a DARPA Cyber Fast Track grant for her work in mobile device security culminating in the release of the open source project, the Smartphone Pentest Framework (SPF). She is the author of Penetration Testing: A Hands-On Introduction to Hacking and the recipient of the 2015 Women’s Society of CyberJutsu Pentest Ninja award.In this episode we discuss, her early red team days, where to get direction when starting in the industry, pen testing steps, founding a start-up, mobile device security, cybersecurity lion repellent, and so much more.Where you an find Georgia:LinkedInTwitterBulb Security 

Dean Sysman, is the CEO and co-founder, Axonius. Dean is a world renowned expert in cybersecurity and has been honored with being in the Forbes 30 Under 30 Israel 2017 list. Before founding Axonius, Dean co-founded Cymmetria, A YC-backed cyber deception company with Fortune 500 customers. He has spoken at major conferences including Blackhat, Defcon, CCC and more. He is an alumnus of an elite unit in the Israeli Intelligence Corps, where he served for 5 years as a team leader and officer.Dean is a graduate of the special "Etgar" program, where he earned his B.Sc in computer science at the age of 19. In 2005, Dean was part of the gold medal winning team in the international Robotic Olympics in South Korea. Dean enjoys playing poker and reading existential philosophy.In this episode we discuss, his start in infosec in Israel, being a founder, measuring security effectiveness, cyber security fundamentals, hiring the right people, participating in the community, and so much more.Where you can find Dean:LinkedInTwitterBlog 

Chad Loder is the CEO and co-founder of Habitu8, a Los Angeles-based cyber security startup that's transforming the security awareness industry away from its traditional "training-centric" approach to an approach that is based on measurable risk reduction through influencing and measuring key employee behaviors.Prior to Habitu8, Chad was co-founder and VP of Engineering at Rapid7, which he helped bring to a $900M IPO in 2015. Chad has also worked as a public company CISO and a strategic advisor to several security startups.In this episode we discuss his start with phreaking, starting Rapid7, the focus on the human element in infosec, mistakes users make, how to measure your programs success, how people learn security, being a founder, and so much more.Where you can find Chad:LinkedInTwitterBlog

Yonathan Klijnsma is a threat researcher at RiskIQ, leading threat response and analysis efforts with the help of RiskIQ's expansive data set. Both his work and hobbies focus on threat intelligence in the form of profiling threat actors as well as analyzing and taking apart the means by which digital crime groups work.Outside of work Yonathan likes taking things apart and figuring out how they work; be it physical devices or digital like malware or ransomware. He is a regular presenter at industry conferences such as DEF CON and is quoted in Wired, Fox News, C|NET, and Krebs on Security to name a few.In this episode we discuss his start in information security, his current security research, Magecart, web application security, website asset management, supply chain security, and so much more.Where you can find Yonathan:LinkedInTwitterRiskIQ BlogGitHub 

Mike Johnson is the CISO of Lyft, where he is responsible for Security, Data Privacy, and a few other key areas he can't talk about. He's been in the security field long enough to be able to use "decades" as a measure. In his time he's seen things, heard things, and shared his opinion on a great many things.Prior to becoming Lyft's first CISO, he was at Salesforce working in various information security roles.In this episode we discuss being an organizations first CISO, building a world class detection and response team, securing a development team, building security culture, data privacy, cyber security as a team sport, looking for non traditional skills, and so much more.Where you can find Mike:LinkedInWall Street Journal: Lyft Hires First CISO

Jacob Williams is the Founder and President of Rendition Infosec. Jake started his information security career doing classified work with the U.S. government and was awarded the National Security Agency (NSA) Exceptional Civilian Service Award, which is given to fewer than 20 people annually. He's been involved in high-profile public sector cases including the malware analysis for the 2015 cyber attack on the Ukraine power grid. He's also tackled a variety of cases in the private sector.Jake is a certified SANS instructor and co-author of FOR526: Memory Forensics In-Depth and FOR578: Cyber Threat Intelligence teaches a variety of other classes for SANS (SEC503, SEC504, SEC660, SEC760, FOR508, FOR526, FOR578, FOR610).Given his accomplishments, it should come as no surprise that Jake lives, sleeps, and breathes Infosec. He's a regular speaker at industry conferences including DC3, BSides (including BSides Las Vegas), DEFCON, Blackhat, Shmoocon, EnFuse, ISSA Summits, ISACA Summits, SANS Summits, and Distributech. He has also presented security topics to a number of Fortune 100 executives. Jake is also a two-time victor at the annual DC3 Digital Forensics Challenge.In this episode we discuss his passion for cyber security, changes in the industry, threat hunting vs. incident response, development of soft skills, AI and machine learning, holding back vulnerability disclosure, and so much more.Where you can find Jake:LinkedInTwitterRendition InfoSecSANS

Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Josh previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research, analyst, & strategy roles. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure.Josh's unique approach to security in the context of human factors, adversary motivations, and social impact, has helped position him as one of the most trusted names in security. He also serves as an adjunct faculty for Carnegie Mellon’s Heinz College and on the Congressional Task Force for Healthcare Industry Cybersecurity.In this episode we discuss his start in information security, being a super hero, the start of I am The Cavalry, cyber security and public safety, government vs. hackers, IoT security, looking for non-traditional cyber skills, and so much more.Where you can find Josh:LinkedInTwitterI am The Cavalry

Ron Gula is the President of Gula Tech Adventures. Ron started his cybersecurity career as a network penetration tester for the NSA. At BBN, he developed network honeypots to lure hackers and he ran US Internetworking's team of penetration testers and incident responders. As CTO of Network Security Wizards, Ron pioneered the art of network security monitoring and produced the Dragon Intrusion Detection System which was recognized as a market leader by Gartner in 2001. As CEO and co-founder of Tenable Network Security, Ron led the company's rapid growth and product vision from 2002 through 2016. He helped them scale to more than 20,000 customers worldwide, raise $300m in venture capital and achieve revenues in excess of $100m annually. Currently, Ron is President at Gula Tech Adventures which focuses on investing and advisement of cyber-security companies.In this episode we discuss starting in security in the 1990's at the NSA, starting Tenable and its growth to IPO, different start-up spaces, where he gets involved in start-ups, advice he gives to founders, what he looks for to invest in, where he sees the cyber security market going, and so much more.Where you can find Ron:LinkedInTwitterBlog

This is a special episode where my guests actually turn the mics and spotlight on me. In this episode, I speak with Kristopher Wasserman and Ricky Brooman, both governance and eDiscovery experts that wanted to get deeper knowledge about cyber security. We discuss how folks in the litigation and eDiscovery world can help, compliment, and jump ship to cyber security. Additionally, we discuss what is similar and different in how organizations respond to government inquires, data breaches, and litigation.Kristopher brings over 12 years of experience to his role as Vice President and Senior Consultant at D4. Kris oversees a team of Discovery Engineers that provide technical expertise and guidance to clients to develop defensible cost-effective solutions that involve managing data that may be used as evidence.Ricky is a Litigation Support Project Manager at Saul Ewing Arnstein & Lehr LLP. In this capacity, he consults clients on best practices for information governance and electronic discovery, and manages all phases of the EDRM for litigation matters. Ricky is also a member of ILTA's Program Planning Counsel.I hope you enjoy this special episode of Cyber Security Interviews.

Mark Greisiger has led NetDiligence, a Cyber Risk Assessment and Data Breach Services company, since its inception in 2001. During that time, Mark has been responsible for the creation of highly-focused services that are used by leading cyber liability insurers in the U.S. and U.K. to support both loss-control and education objectives.Prior to joining NetDiligence, Mark spent 12 years in the insurance industry, primarily with CIGNA P&C, where he created the first generation of cyber risk insurance. Mark is also a frequently published contributor to various insurance & risk management publications and a sought-after speaker on the topic of cyber risk and liability.In this episode we discuss cyber risk insurance, right sizing cyber insurance, gathering the metrics for breaches, the costs of breaches, the impact to SMB's, GDPR, data privacy, and so much more.Where you can find Mark:LinkedInTwitterNetDiligence 

Brian Vecci is the Technical Evangelist at Varonis where he supports a wide range of security initiatives by helping Varonis’ customers and employees get the most out of the company’s products to tackle today’s biggest security challenges.In his 20-year technical career, Brian served as a developer, tech architect, engineer and product manager for companies in financial services, legal, and cybersecurity. Brian joined Varonis in 2010 as director of education and development. Before joining Varonis, Brian worked on systems architecture at UBS. He holds a CISSP certification and frequently presents on topics related to security and technology. He has been quoted in news sources ranging from The Financial Times to Dark Reading and has made multiple appearances on CNBC.In this episode we discuss his start on help desk and his move to developer, his current role as evangelist, using the word cyber, information governance and the value of data, GDPR, the future of data privacy, and so much more.Where you can find Brian:LinkedInTwitterBlog

Cameron Williams is the Founder and CTO of OverWatchID. Cam has more than 22 years of experience as a leader in the cyber security industry. He has led breach mitigation and designed security solutions/countermeasures for leading global companies such as IBM, Boeing, Sony, BP, Chase and Washington Mutual. He has designed and built a multitude of access management systems including privileged access management, identity access management (SSO, SAML, OAuth and Federation) and cloud access security brokering systems.Prior to cofounding OverWatchID, Cameron was VP Engineering at IntelliSecure, where he led the development of a next generation MSSP platform including multi-tenant PAM, correlation engine (SIEM software), deployment automation, and application monitoring systems.In this episode we discuss the alphabet soup of identity and access management, cloud security, maturing the trust model, the problems he is trying to solve, why he switched to IT from pre-med, automation and orchestration, and so much more.Where you can find Cam:LinkedInOverWatchID

Jeremiah Grossman is the CEO of Bit Discovery. Jeremiah's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names.Since Jeremiah earned a Brazilian Jiu-Jitsu black belt, the media has described him as "the embodiment of converged IT and physical security.” In 2001, Jeremiah founded WhiteHat Security, which today has one of the largest professional hacking armies on the planet. Jeremiah has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for privately informing them of weaknesses in their systems -- a polite way of saying, ‘hacking them'.In this episode we discuss RSAC 2018, starting in infosec, web application vulnerabilities, what to look for in application security developers, building security development metrics, why you need to inventory websites, making time to contribute to the community, and so much more.Where you can find Jer:LinkedInTwitterBlogJeremiahgrossman.com

Robert M. Lee is the CEO and Founder of the industrial (ICS/IIoT) cyber security company Dragos, Inc. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcode’s Influencers, awarded EnergySec’s Cyber Security Professional of the Year (2015), and inducted into Forbes’ 30 under 30 for Enterprise Technology (2016).A passionate educator, Robert is the course author of SANS ICS515 – “ICS Active Defense and Incident Response” with its accompanying GIAC certification GRID and the lead-author of SANS FOR578 – “Cyber Threat Intelligence” with its accompanying GIAC GCTI certification.Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission.In this episode we discuss threat hunting, SCADA/ICS, IIoT, IoT security, his start in cyber security, the 2015 Ukrainian power grid attack, starting and teaching a SANS ICS class, advice he would give someone starting in the industry, and HACKNYC, and so much more.Where you can find Robert:LinkedInTwitterBlog

Chris Roberts is the Chief Security Architect at Acalvio and is regarded as one of the world’s foremost experts on counter threat intelligence within the cyber security industry.At Acalvio, Chris helps drive Technology Innovation and Product Leadership. In addition, Roberts directs a portfolio of services within Acalvio designed to improve the physical and digital security posture of both enterprise, industrial and government clients.(In English) Acalvio has given him the opportunity to help shape the next generation of deception platforms, allowed him to spend time doing R&D...and he still gets to break into companies and help them with their maturity modeling and overall solutions within the security industry.For the 50th episode, I couldn't have picked a better guest and this was my favorite interview to date. We discuss scotch tasting and food, and how that relates to infosec, building a better cyber security community, learning from past mistakes, why giving back to the community is so important, why the new generation needs to make their own mistakes, the word hacker, and so much more.Where you can find Chris:LinkedInTwitterThe Googles

Keith McCammon is the Chief Security Officer and Co-founder of Red Canary in Denver, CO. Keith runs Red Canary’s Security Operations Center and leads a group of expert analysts that monitor a continuous stream of potential attacks detected in their customers’ environments.Keith is a known expert in offensive cyber computing and defensive IT security from his background as Director of Commercial Security at Kyrus and Executive Director of Information Technology at ManTech.In this episode we discuss his training and start in technology, working in the government space, founding and growing a cyber security firm, the problems he is trying to solve, scaling analysis, securing the cloud, solving the talent shortage problem, and so much more.Where you can find Keith:LinkedInTwitterBlogGitHub

Tom Brennan is the Founder of Proactive Risk with two decades of hands on the keyboard experience building, breaking and defending data for clients worldwide. He is a an alumni of McAfee, Intel Security, SafeCode, Trustwave, WhiteHat, ADP, Datek Online, and the United States Marines. Tom served the OWASP Foundation as an elected member of the Global Board of Directors for ten years. He also founded the New Jersey OWASP Chapter and grew the New York City as President for thirteen Years.Today, Tom is associated with CREST International as its elected Chairman of the Americas Board and participates as technical advisor for New Jersey Institute of Technology, County College of Morris, Morris County Economic Development Corporation, Rockaway Township Official, and is a member of the CERT team.In this episode we discuss his start in information security, building secure software, giving back to the cyber security community, mentors he has had, recommendations he gives to people starting in infosec, starting the HACKNYC conference, and so much more.Where you can find Tom:LinkedInTwitterOWASPHACKNYC

Cody Cornell is the Founder and CEO of Swimlane. Cody is responsible for the strategic direction of Swimlane and the development of it’s security operations management platform. Collaborating with industry leading technology vendors, he works to identify opportunities to streamline and automate security activities saving customer operations costs and reducing risk.In 2011, Cody co-founded Phoenix Data Security Inc., a focused cyber security professional services organization. Prior to Phoenix Data Security, he began his career in the U.S. Coast Guard, spent 15 years in IT and security including roles with the U.S. Defense Information Systems Agency (DISA), the Department of Homeland Security (DHS), American Express, and IBM Global Business Services. Cody has presented at information security forums such as the Secret Service Electronic Crimes Task Force, the DHS Security Subcommittee on Privacy and National Public Radio (NPR), as well as to many industry associations such as (ISC)2, ISACA and ISSA.In this episode we discuss his start in information security, mentors he has had along the way, why he is building a business in Colorado, founding a information security company and the problems he is trying to solve, cyber security automation, so much more.Where you can find Cody:LinkedInTwitterSwimlane Blog

Bret Fund is the CEO of SecureSet. As a founder of the business in 2014, he has led the growth of the organization from startup to multiple programs and campuses. He oversees the growth, strategy and financial operations for the company.As a former professor, Bret has a great passion for and a strong executional focus on providing students with a quality education and success in the placement process. He formerly served as an Assistant Professor at the University of Colorado–Boulder and was the Executive Director for the Deming Center Venture Fund there.In this episode we discuss cyber security education, filling the demand for cyber talent, the benefits of hiring people making a career change to information secuirty, the Denver, CO cyber security scene, giving back to the community, getting outside of your comfort zone, and so much more.Where you can find Bret:LinkedInTwitterSecureSet

Kristinn Gudjonsson is a manager with the Detection & Response team at Google, where he has been for the last 6 1/2 years. Kristinn joined Google in 2011 as part of the incident response team, investigating and responding to security incidents, before making the move to management, where he now oversees the digital forensics and incident management teams in Sunnyvale, CA. Prior to his management adventures, Kristinn was known to dabble into coding, focusing on tools like Log2Timeline and Plaso.In his previous life, Kristinn worked as an incident response and forensics consultant in Iceland. Kristinn holds an M.Sc. from Institut National des Telecommunications (INT, now Telecom & Management) school from Paris and a B.Sc. in computer and electronic engineering from the University of Iceland.In this episode we discuss moving to the US to do DFIR for Google, his start in sys admin and how forensics became his calling, the development of Log2Timeline and Plaso, the DFIR support community, automating as much as you can, moving to management, and so much moreWhere you can find Kristinn:LinkedInTwitterBlog

James Carder is the CISO of LogRythm and brings more than 19 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. Government. At LogRhythm, he develops and maintains the company’s security governance model and risk strategies, protects the confidentiality, integrity, and availability of information assets, oversees both threat and vulnerability management as well as the Security Operations Center (SOC). He also directs the mission and strategic vision for the LogRhythm Labs machine data intelligence, threat and compliance research teams.Prior to joining LogRhythm, James was the Director of Security Informatics at Mayo Clinic where he had oversight of Threat Intelligence, Incident Response, Security Operations, and the Offensive Security groups. Prior to Mayo, James served as a Senior Manager at MANDIANT, where he led professional services and incident response engagements. He led criminal and national security related investigations at the city, state and federal levels, including those involving the theft of credit card information and Advanced Persistent Threats (APT).James is a sought-after and frequent speaker at cybersecurity events and is a noted author of several cyber security publications. He holds a Bachelor of Science degree in Computer Information Systems from Walden University, an MBA from the University of Minnesota’s Carlson School of Management, and is a Certified Information Systems Security Professional (CISSP.)In this episode we discuss the Colorado cyber security scene, solving CISO painpoints, thoughts on certifications, what to look for when hiring talent, where to find talent, the importance of networking, automating workflows, and so much more.Where you can find James:LinkedInTwitterLogRhythm blog

David Navetta is a US co-chair of Norton Rose Fulbright's Data Protection, Privacy and Cybersecurity practice group. David focuses on technology, privacy, information security and intellectual property law. His work ranges from compliance and transactional work to breach notification, regulatory response and litigation. David currently serves as "breach coach" or is on the approved panel for numerous cyber insurance carriers and companies, and has helped dozens of companies across multiple industries respond to data security breaches.Prior to joining Norton Rose Fulbright, David co-founded InfoLawGroup LLP, a law firm focusing on information technology, privacy, security and IP-related law. David and InfoLawGroup successfully served a wide assortment of US and foreign clients from large Fortune 500 multinationals, retailers, hotels and restaurants, sophisticated technology companies, financial institutions, and more.David is a Certified Information Privacy Professional through the International Association of Privacy Professionals and previously served as a Co-Chair of the American Bar Association's Information Security Committee and was also Co-Chair of the PCI Legal Risk and Liability Working Group. He has spoken and written frequently concerning technology, privacy and data security legal issues, and is frequently cited as an expert in the press and otherwise.In this episode we discuss transitioning from litigation into data privacy and cyber security, starting a cyber focused law firm, the role of legal in a data breach, how to perform effective tabletop exercises, when to bring in law enforcement to an incident, breach threats to small and medium sizes businesses, and so much more.Where you can find Dave:LinkedInBlogA few disclaimers on this episode as well. For purposes of certain state ethics rules, this episode may constitute attorney advertising. This website and this episode does not constitute legal advice or create attorney-client relationship. Please be sure to contact your legal representatives with any legal questions.

Jared Michael Coseglia, founder and CEO of TRU Staffing Partners, has over fourteen years of experience representing talent in e-discovery and cybersecurity. He has successfully placed over 2500 professionals in full-time and temporary positions at the Fortune 1000, AmLaw 200, Cyber 500, Big Four, and throughout the ESI and cyber consultancy, service provider and software community.His ability to identify, deliver, mentor, and help retain talent has given him the privilege of quickly becoming the globally recognized “go-to” individual for clients and candidates in need of staffing solutions or career guidance and management in cybersecurity. Jared's unique style of representation, vast network of relationships, and subject matter expertise has helped earn him and TRU a host of awards including ranking on the Inc. 5000 Fastest Growing Private Companies in America two years in a row. Jared was awarded Best Reviewed e-Discovery Session at Enfuse 2017 for his lecture and Q&A on “Transitioning Your Career from ESI to Cybersecurity.”In this episode we discuss the commonalities between the eDiscovery a decade ago and the cyber security now, the cyber security talent gap and the numbers we hear, how to hire quality information security professionals, the drain on the federal talent pool, when to get kids involved in cyber security, security training, and so much more.Where you can find Jared:LinkedInTwitterBlog

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company.Prior to LEO, Andrew served as the Chief Information Security Officer (CISO) at DataGravity, Inc., where he advocated for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy. Before that, he served as the Director of Research at OpenDNS where he led the research efforts for the company. Prior to joining OpenDNS he was the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc.In this episode we discuss his start in dial-up text support, the role of the CISO, security in a start-up, the landscape of security solutions, managing his speaking engagements, speaking as edu-tainment, cloud forensics, and so much more.Where you can find Andrew:LinkedInTwitterGitHubBlog

Michelangelo Sidagni serves as Chief Technology Officer leading technical development, security research, and operations for NopSec. Prior to NopSec, Michelangelo was the Director of IT Security Services at Ciphertechs and served as a lead internal security consultant at Blue Cross Blue Shield advising on HIPAA security compliance and privacy initiatives.Michelangelo holds numerous professional certifications in information security including CISSP, CISA, and CIA and is a frequent speaker at information security events around the country. He holds a Master’s of Business Administration from the University of Pavia – Italy.In this episode we discuss his start in infosec audits, his transition to entrepreneur, the difference between vulnerability assessments and penetration testing, building a vulnerability management platform, rating vulnerabilities, change management, trends in security, and so much more.Where you can find Michelangelo:LinkedInTwitterNopSec Blog

James Tarala is a principal consultant with Enclave Security and is based out of Venice, Florida. James Tarala has been a speaker with the SANS Institute, the Institute of Applied Network Security (IANS), and the Center for Internet Security for over 20 years. He has spoken at RSA for numerous years and has enjoyed the chance to bring the experiences from working hands on with organizations into RSA sessions.James has spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often performs independent security audits and assists internal audit groups in developing their internal audit programs. He has provided valuable resources for information security professionals through Audit Scripts, a child project of Enclave Security. James completed his undergraduate studies at Philadelphia Biblical University, his graduate work at the University of Maryland, and holds numerous professional certifications.In this episode we discuss sys admin start, starting his own consulting firm, security frameworks, the CIS Critical Security Controls. cyber security auditing and managing risk, the best use of check lists, teaching for SANS, and so much more.Where you can find James:LinkedInTwitterAudit Scripts Blog 

SANS Senior Instructor Eric Conrad is the lead author of SANS MGT414: SANS Training Program for CISSP® Certification, and coauthor of both SANS SEC511: Continuous Monitoring and Security Operations and SANS SEC542: Web App Penetration Testing and Ethical Hacking. He is also the lead author of the books the CISSP Study Guide, and the Eleventh Hour CISSP: Study Guide.Eric's career began in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and health care. He is now CTO of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a master of science degree in information security engineering. In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. Eric also blogs about information security at www.ericconrad.com.In this episode we discuss starting in IT before there was infosec, the value of certifications, making blue teams sexy again, teaching for SANS, what makes a good cyber security professional, threat hunting, the importance of PowerShell, DeepBlueCLI, and so much more.Where you can find Eric:LinkedInTwitterBlogSANSGitHubAmazon

Dr. Johannes Ullrich is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. In 2000, he founded DShield.org, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist.Johannes holds a PhD in physics from SUNY Albany and is based in Jacksonville, Florida. His daily podcast summarizes current security news in a concise format.In this episode we discuss his start in physics and switch to cyber security, building the SANS Internet Storm Center, security challenges posed by the cloud, teaching for SANS, AI and machine learning, IoT security, and so much more.Where you can find Johannes:LinkedInTwitterSANS Internet Storm Center

Jorge Orchilles, author of Microsoft Windows 7 Administrator’s Reference, holds a Masters of Science in Management Information Systems from Florida International University, leads a security team in a large financial institution, and serves on the board of the Information Systems Security Association South Florida Chapter.Jorge has been involved in the Information Technology field since 2001. Realizing his passion for IT, he founded The Business Strategy Partners – IT Consultants branch in 2002 and eventually went on to Terremark (now Verizon) as a system administrator. He developed a interest in Information Security and was eventually promoted to a Security Operations Center (SOC) Analyst position. After a year of defending critical infrastructure for federal and commercial customers, he moved to an offensive analyst position with a large financial institution where he now manages the Advanced Penetration Testing & Vulnerability Assessments team.In this episode we discuss his early IT system admin roots, the transition from consultant to enterprise security manager, his mentors, what he looks for in a security professional, giving back to the community, teaching for SANS, and so much more.Where you can find Jorge:LinkedInTwitterPersonal WebsiteAmazonSANS

David Kovar is the President and founder of Kovar & Associates where he leads the development of URSA – Unmanned & Robotics Systems Analysis – a suite of tools designed to collect, integrate, analyze, and present UAV related data for many purposes including fleet management, criminal investigations, failure analysis, and predictive analysis. He also leads the firm’s consulting practice which addresses UAV cyber security and UAV threat management.David founded the practice of UAV forensics in 2015 and is one of the leading practitioners in the country. David has worked in digital forensics and cyber security since the mid 90’s and, prior to founding his own company, led EY’s U.S. incident response program.David earned a BA from Dartmouth in Computer Science and will receive an MA from the Fletcher School at Tufts in International Affairs this summer. David’s Master’s thesis is entitled “Defending Against UAVs Operated by Non-State Actors”.David is a rated pilot, is the Advocacy Director for the National Association of Search and Rescue where he writes UAV policy papers and develops presentations on UAVs in SAR for various audiences, and is working on SAR UAV standards for ASTM.In this episode we discuss his early transition from IT to information security, good incident response planning, team building and communications, the development of analyzeMFT, giving back to the community, the emerging drone security and analysis field, founding a cyber security company, and so much more.Where you can find David:LinkedInTwitterKovar & Associates BlogPersonal BlogGitHub - analyzeMFT

Harlan Carvey is currently the Director of Intelligence Integration at Nuix.Harlan has been involved in information security for 28 years, which began during his military career. After leaving active duty 20 years ago, he started in consulting, performing vulnerability assessments and penetration testing. From there, it was a natural progression to digital forensics and incident response services.Harlan is an accomplished public speaker and a prolific author. He is the author of several open source tools, including RegRipper, and is the author of the WindowsIR blog.In this episode we discuss his start in information security, windows registry forensics, new artifacts, the importance of communications, mistakes examiners make, ransomware, the commonalities between information security and home beer brewing, so much more.Where you can find Harlan:LinkedInTwitterWindowsIR Blog

Perry Carpenter currently serves as Chief Evangelist and Strategy Officer for KnowBe4.Previously, Perry led security awareness, security culture management, and anti-phishing behavior management research at Gartner Research, in addition to covering areas of IAM strategy, CISO Program Management mentoring, and Technology Service Provider success strategies.With a long career as a security professional and researcher, Perry has broad experience in North America and Europe, providing security consulting and advisory services for many of the best-known global brands. His passion is helping people make better security decisions by applying strategic behavior and culture management practices to the intersection of technology and humanity.Perry holds a Master of Science in Information Assurance (MSIA) from Norwich University in Vermont and is a Certified Chief Information Security Officer (C|CISO).In this episode we discuss his focus on the human side of information security, building a security culture, working with famous hacker Kevin Mitnick, rewarding users for reporting, changing user's behavior, how CISO's can effect change and evaluate products, and so much more.Where you can find Perry:LinkedInTwitterThe Mind Spy Guy 

Ryan Kalember has over 15-years of experience in the information security industry. Ryan currently leads cybersecurity strategy for Proofpoint and is a sought-out expert for media commentary on breaches and best practices for enterprises as well as consumers. He joined Proofpoint from WatchDox where he served as chief marketing officer and was responsible for successfully building and leading the marketing team through the company’s acquisition by Blackberry.Prior to WatchDox, Ryan was instrumental in running solutions across Hewlett-Packard’s portfolio of security products. He has also held a variety of marketing leadership positions at ArcSight and VeriSign including EMEA regional manager. Ryan received his bachelor's degree from Stanford University, where he studied fault tolerance, cryptography, and authentication algorithms.In this episode we discuss his start in cyber security, his transition to marketing and product management, the importance of communication skills, the changing role of the CISO, AI and machine learning, the malware research his team does, the spread of ransomware, and so much more.Where you can find Ryan:LinkedInTwitterProofpoint Blog

Jobert Abma is a co-founder and technical lead at HackerOne, one of the leading bug bounty service platforms. He is an avid hacker, developer and advocate for transparent and safe vulnerability disclosure. He and co-founder Michiel Prins have been named one of Forbes 30 under 30 for 2017 in tech.As a hacker himself, Jobert has reported critical vulnerabilities to GitLab, Yahoo, Slack, Snapchat among others. Before founding HackerOne, he was a successful penetration tester for a company he founded with customers included: Twitter, Facebook, Evernote and Airbnb, among others. He studied Computer Science at Hanze University Groningen.In this episode we discuss his early hacking days, how he turned hacking into a job, why he started HackerOne, secure software development, lessons learned as a founder, Internet of Things vulnerabilities, and so much more.Where you can find Jobert:LinkedInTwitterHackerOneGitHub

Joseph Carson is a cyber security professional and ethical hacker with more than 25 years’ experience in enterprise security specializing in blockchain, endpoint security, network security, application security & virtualization, access controls, and privileged account management. He currently serves as Chief Security Scientist at Thycotic.Joseph is a Certified Information Systems Security Professional (CISSP), active member of the cyber security community, frequent speaker at cyber security conferences globally, and is often quoted and contributes to global cyber security publications. He is also the author of Privileged Account Management for Dummies.Joseph regularly shares his knowledge and experience by giving workshops on vulnerabilities assessments, patch management best practices, and the evolving cyber security perimeter and the EU General Data Protection Regulation.In this episode we discuss his transition from IT to cyber security, privacy vs. security, international information security, IoT privacy, credential management, why you shouldn't blame the users, people-centric security, hiring information security professionals, cyber security metrics, and so much more.Where you can find Joe:LinkedInTwitterThycotic Blog

This is a solo episode between interviews.I have been doing IT and security consulting for a long time. Over this time, I have noticed a few things that are worth noting when hiring a security consultant. In fact, I would say until you perform some basics and perform some due diligence on your own, don't hire me or any other security consultant. Yes, this seems a little counter intuitive for me to say, "Don't hire me," but there are many common elements I see in environment after environment both on the proactive and responsive engagements.This episode will touch on some of these elements and is by no means all inclusive.The take away is to get to know thy self and do your home work! 

Brett Shavers is a consultant to corporations and government agencies in computer related cases as well as being the author of "Placing the Suspect Behind the Keyboard", co-author of "Hiding Behind the Keyboard" and co-author of the “X-Ways Forensics Practitioner's Guide."Brett began his career as a digital forensics investigator in law enforcement and was trained by the Federal Law Enforcement Training Center, the US Department of Homeland Security, the National White Collar Crime Center, and a multitude of forensic software manufacturers. Brett has taught over 1,000 persons in law enforcement, colleges, and law firms in topics including high tech investigative methods and forensic analysis and gives presentations on high-tech investigations regularly.His prior law enforcement duties included assignments in state and federal task forces, with investigations spanning multiple countries and states where his cases targeted career criminals and international criminal organizations.In this episode we discuss starting forensics in law enforcement, his approaches to investigations, what makes a good DFIR examiner, forensic tools, Windows FE, book writing advice, IoT surveillance, and so much more.Where you can find Brett:WebTwitterKeybaseAmazonDFIR Online Training