Cyber Security Interviews

Lance Spitzner is the Director of the SANS Security Awareness program. Lance has over 20 years of security experience in cyber threat research, awareness, and training.He invented the concept of honeynets, founded the Honeynet Project, and published three security books. Lance has worked and consulted in over 25 countries and helped over 350 organizations plan, maintain, and measure their security awareness programs. In addition, Lance is a member of the Board of Directors for the National Cyber Security Alliance, frequent presenter, serial tweeter, and works on numerous community security projects. Before working in information security, Lance served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois.In this episode we discuss moving from technical to human security controls, designing a effective security awareness program, changing human behavior, metrics to use in awareness programs, what is different with IoT and security, the 2017 SANS Security Awareness report, picking organizational leads for training programs, and so much more.Where you can find Lance:LinkedInTwitterBlogSecuring the HumanOUCH! Newsletter

Casey Ellis is founder and CEO of Bugcrowd. He started life in infosec as pentester, moved to the dark side of solutions architecture and sales, and finally landed as a career entrepreneur. He’s been in the industry for 15 years, working with clients ranging from startups to government to multinationals, and awkwardly straddles the fence of the technical and business sides of information security.Casey pioneered the Bug Bounty as-a-Service model launching the first programs on Bugcrowd in 2012, and has presented at Blackhat, Defcon, Derbycon, SOURCE Boston, AISA National, and many others. He is happy as long as he's got a problem to solve, an opportunity to develop, a kick ass group of people to bring along for the ride, and free reign on t-shirt designs.In this episode we discuss fixing the Internet, bug bounty programs, designing software with security in mind, IoT security, changing security training and recruitment, responsible disclosure, entrepreneurship and starting a company, and so much more.Where you can find Casey:LinkedInTwitterBlog

Rob Reck and Alex Wood are both seasoned security professionals in the Denver, CO area and hosts of their own podcast, Colorado = Security.Rob is the Chief Information Security Officer at Ping Identity. In addition to his job at Ping Identity, Robb is an active member of the Colorado security community. In early 2017 he co-founded the Colorado = Security podcast with Alex. Robb serves on the board for the mountain region’s largest security conference, Rocky Mountain Information Security Conference and he recently ended his term as President of ISSA Denver, the largest ISSA chapter in the world.Alex is the Chief Information Security Officer for Pulte Financial Services and has over 18 years of experience in information security. Previously he has had managerial, program, and technical roles at several major companies in different verticals. Additionally, Alex has served on the Board of Directors for ISSA International and is a host of the Colorado = Security podcast. Alex is a CISSP and has a MAS in Information Security from the University of Denver.In this episode we discuss volunteering in the cyber security community, the local Denver security community, security leadership, recruiting outside of traditional, the importance of IR planning, selling security within an organization, and so more.Colorado = Security WebsiteWhere you can find Rob:LinkedInTwitterBlogWhere you can find Alex:LinkedInTwitter 

This is another short podcast before we get back into full interviews next week.In this episode, I explore the concept of Independence. In the US, this week we are celebrating Independence Day. This got me thinking about what that means in my business experience. I wanted to share a few observations for those who are thinking about going out on their own either as an independent contractor or to start their own business.Please take a listen and let me and other listeners know of any tips or experiences you may have had if you were working independently or started a business.Also, go back and listen to episodes with David Cowen and Hal Pomeranz. Both have taken the independent route and have shared advice in their episodes.I hope everyone celebrating July 4th has a safe and fun holiday. Please subscribe so you don't miss any episodes. Next week, we are back to interviews with leaders and experts in cyber security.

So many of you are wondering why the break in Cyber Security Interviews.There is a bit of a story that goes along with it. I wanted to share this story because I think sheds light into life and career changes that others can learn from. Sharing stories on careers and challenges is a big part of this podcast. Many people can feel alone in their cyber security journeys and I some of the struggles that I have been going through lately can allow those going through their own challenges feel connected and hopefully cope with uncertainty.I know there are others out there that have gone through some major life and career challenges. Know you are not alone, and you can get through it.So the podcast is firing back-up. Look for some great interviews in the coming weeks. I greatly appreciate all of the listener support and feed back I receive. It has definitely helped me recently.So please take a listen to this episode and stay tuned for the next round of episodes!

Alex Kreilein and David Odom are both Managing Partners at SecureSet Accelerator. SecureSet is a Denver, CO based firm which is a startup accelerator (SecureSet Accelerator) taking on the lack of novel and quality products in the information security field.In addition to overseeing the SecureSet Accelerator, Alex is also the Cofounder of SecureSet and the companies former CTO. He served as a Tech Strategist for the Department of Homeland Security, Guest Researcher to the National Institute of Standards and Technology, and Legislative Assistant to the US Congress. He served on the Integrated Task Force for the NIST Cybersecurity Framework and serves on the board of a number of security startups. Alex has an M.S. from CU Boulder School of Engineering and Applied Science and an M.A. from the US Naval War College. He is a Fellow with the New America Foundation’s Cybersecurity Initiative and was a speaker at DEFCON 2016.David is a Managing Partner of the SecureSet Accelerator, focusing on Venture Operations. David spent the past 20+ years engaged with leading edge startups, vibrant thought leaders, and imaginative technologists. He remains active as an advisor and mentor for early stage cyber security startups and university systems.In this episode we discuss investing in cyber security companies, tips for starting a new company, how to make better information security products, cyber security education that works, the machine learning and AI buzzwords, Denver, CO's growing cyber security community, how the government can help improve cyber security, and so much more.Where you can find Alex:LinkedInTwitterSecureSet BlogWhere you can find David:LinkedInTwitterSecureSet Facebook

Troy Hunt is an internationally recognized cyber security researcher, speaker, blogger, and instructor. He is the author of many top-rating security courses for web developers on Pluralsight and is a Microsoft Regional Director and a six time Microsoft Most Valued Professional (MVP) specializing in online security and cloud development.Prior to becoming an independent security consultant, Troy worked at Pfizer with the last seven years being responsible for application architecture in the Asia Pacific region. This time spent in a large corporate environment gave him huge exposure to all aspects of technology as well as the diverse cultures his role spanned. Many of the things he teaches in post-corporate life are based on these experiences, particularly as a result of working with a large number of outsourcing vendors across the globe.Troy is most famously know for creating the the Have I been pwned? (HIBP) website, a free service that aggregates data breaches and helps people establish if they've been impacted by malicious activity on the web. As well as being a useful service for the security community, HIBP has given him an avenue to ship code that runs at scale on Microsoft's Azure cloud platform. Troy has been featured in a number of articles with publications including Forbes, TIME magazine, Mashable, PCWorld, ZDNet and Yahoo! Tech.In this episode we discuss teaching developers security, learning on your own, becoming an instructor, cyber security in enterprise organizations, budgeting for security, building a personal brand, and so much more.Where you can find Troy:TroyHunt.comLinkedInTwitterYouTubePluralsightHave I been pwned?

Jad Saliba is the founder and CTO of Magnet Forensics, a leading digital forensics company. Jad guides the organization to create products that meet the needs of customers from law enforcement, consultancies, or the corporate world. A former digital forensics investigator with a background in computer science, Jad can uniquely identify issues faced by forensics professionals and apply new ways of using technology to solve these problems.Prior to starting Magnet Forensics, Jad spent seven years with the Waterloo Regional Police Service. While with the police department, Jad was responsible for recovering Internet evidence from computers to support the force's investigations. He then developed Internet Evidence Finder which quickly became one of the most popular digital forensic tools for law enforcement and commercial practitioners.Jad is a recognized digital forensics speaker at industry events including: CEIC, Crimes Against Children Conference, EuroForensics, F3, HTCIA, ICDDF, SANS, and the Canadian Police College. Jad holds a Diploma in Computer Science and Network Security from Mohawk College (Hamilton, Canada).In this episode we discuss the Operation Underground Railroad sting, being a police officer vs. running a business, the most important skill an investigator needs, his favorite tool outside of his, cloud forensics, and so much more.Where you can find Jad:LinkedInTwitterMagenet Forensic Blog 

Theresa Payton is one of the nation’s leading experts in cybersecurity and IT strategy. As CEO of Fortalice Solutions, an industry-leading security consulting company, and co-founder of Dark Cubed, a cybersecurity product company, Theresa is a proven leader and influencer who works with clients and colleagues to uncover strategic opportunities and identify new and emerging threats.Theresa began her career in financial services, where she coupled her deep understanding of technology systems with visionary leadership, executing complex IT strategies and winning new business. Following executive roles Bank of America and Wachovia, Theresa served as the first female chief information officer at the White House, overseeing IT operations for President George W. Bush and his staff.In 2015, Theresa was named a William J. Clinton distinguished lecturer by the Clinton School of Public Service. She is the author of several publications on IT strategy and cybersecurity and a frequent speaker on IT risk. In 2014 she co-authored, with Ted Claypoole, the book Privacy in the Age of Big Data: Recognizing Threats, Defending Your Rights, and Protecting Your Family, which was subsequently featured on the Daily Show with John Stewart.Among her numerous accolades and recognitions, Theresa was named one of the top 25 Most Influential People in Security by Security Magazine and One of Infosec’s Rising Stars and Hidden Gems by Tripwire. In 2005 she was honored as Charlotte, NC’s Woman of the Year.In this episode we discuss managing risk, communicating with business owners about security, why security needs to be designed around the human, her role at the White House, privacy vs. security, how the government can help with cyber security, and so much more.Where you can find Theresa:LinkedInTwitterFortalice BlogCBS 

Hal Pomeranz is the Founder and Principal Consultant for Deer Run Associates with over 25 years of cyber security experience. As a digital forensic investigator, Hal has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime, and malicious software infrastructures. He has worked with law enforcement agencies in the United States and Europe, and with global corporations.While perfectly at home in the Windows and Mac forensics world, Hal is a recognized expert in the analysis of Linux and Unix systems, and has made key contributions in this domain. His EXT3 file recovery tools were the direct result of an investigation, recovering data that led to multiple indictments and successful prosecutions. His research on EXT4 file system forensics provided a basis for the development of open source forensic support for this file system. Hal has also contributed a popular tool for automating Linux memory acquisition and analysis.Hal is a SANS Faculty Fellow and SANS' longest tenured instructor and primary instructor for the Securing Linux/Unix (SEC506) course. Hals is also a regular contributor to the SANS Digital Forensics and Incident Response blog and co-author of the Command Line Kung Fu blog.In this episode we discuss Linux and Unix forensics, his start at Bell Labs, helping others in the industry, data enterprises should collect, running your own security firm, and so much more.Where you can find Hal:LinkedInTwitterGitHubRighteous ITCommand Line Kung FuSANSDeer Run Associates 

In this episode I am speaking with Marie Hattar and David Ginsburg. This is also my first podcast episode with two guests.Marie is the CMO at IXIA and is responsible for their brand and global marketing efforts. Marie has more than 20 years of marketing leadership experience spanning the security, routing, switching, telecom and mobility markets. Before joining Ixia, Marie was CMO at Check Point Software Technologies where she reestablished the company as the leading end-to-end security vendor. Prior to that, she was Vice President at Cisco where she led the company’s enterprise networking and security portfolio.David is the VP of Marketing for Cavirin. Dave has over 25 years of experience spanning corporate and product marketing, product management, digital marketing, and marketing automation. Previous roles included CMO at Teridion, Pluribus, Extreme, and Riverstone Networks as well as senior marketing leadership positions at Nortel and Cisco. His expertise spans information security, networking, cloud deployments, and SaaS.I really enjoyed this conversation with them. They are both very technical, but can bridge the gap between the technical teams and the C suite. In this episode we discussed how the industry got to where it is now, the pluses and minuses of using FUD to get peoples attention, how marketing teams can be security enablers within an organization, and advice for companies coming to market in the information security space, and so much more.Where you can find Marie:Ixia BlogLinkedInTwitterWhere you can find Dave:Cavirin BlogLinkedInTwitter

Kristin Lovejoy is the CEO of BluVector. Prior to her role at BluVector, she served as general manager of IBM’s Security Services Division, charged with development and delivery of managed and professional security services to IBM clients worldwide. In addition, she served as IBM's Global CISO and VP of IT Risk.Kris is a recognized expert in the field on security, risk, compliance and governance, with appearances in Forbes, CNBC, NPR and USA Today. Within the past five years she has been recognized as 2015 SC Magazine Top 25 Security Managers, 2014 SC Magazine Power Player, 2012 Compass Award Winner by CSO Magazine, one of E-Week’s 2012 “Top Women in Information Security That Everyone Should Know”, Top 25 CTO by InfoWorld, as Top 25 Most Influential Security Executives by Security Magazine. She also holds U.S. and EU patents for Object Oriented Risk Management Models and Methods. Additionally, she is a member of numerous external boards and advisory panels, including SC Magazine’s Editorial Board and Grotech Ventures.In this episode we discuss her start information security and risk, what worries her about the RSA conference, AI and Machine Learning - and what it means for security, emerging threats, advice for CISOs, communicating risk management, and so much more.Where you can find Kris:LinkedInTwitterHITBGSEC 2015 - Kristin Lovejoy - Keynote: Security vs Privacy

Cris Thomas (aka Space Rogue) is a strategist for Tenable. With more than two decades of experience, he commands an uncanny ability to link disparate events, read between the lines and distill complex, technical information into readily understandable, accessible and actionable intelligence.Cris is a founding member of L0pht Heavy Industries, a hacker think tank from the late '90s and has testified before the U.S. Senate Committee on Homeland Security and Governmental Affairs. He has also been interviewed for his security expertise by media organizations such as Wired, MSNBC, CNBC and even MTV. Before joining Tenable, he created the Hacker News Network and produced the SpiderLabs Radio weekly news podcast. As a strategist for Tenable, Cris helps clients understand how to apply the unique advantages of continuous monitoring as well as how to meet compliance and security challenges.I have been following Space Rogue's work since the 90's and am delighted to have him on the show. I encourage people to go back and watch the famous testimony from Cris and the rest of L0pht from almost 20 years ago. It's scary that so many of the issues called out then, still exist today.In this episode we discuss CyberSquirrel1, FUD and cyber war, the growth of the RSA conference, the start of L0pht heavy industries, L0pht's famous testimony before congress, security basics, and much more.Where you can find Cris:LinkedInSpacerogue.netTwitterCyberSquirrel1Tenable BlogPlus, everyone should just watch this. It's almost 20 years old and it still is very relevant.[embed]https://www.youtube.com/watch?v=VVJldn_MmMY[/embed]

The RSA Conference (or "RSAC") held annually in San Francisco, CA has become one of the largest information security conferences. I was able to get a press pass to the event this year and was pitched heavily for product focused interviews. Most I kindly declined, but there were a few people I did connect with and recorded some great conversations which I will post in the coming weeks.I recorded episodes with:Cris Thomas (aka Space Rogue), Strategist for Tenable Network Security Kristin Lovejoy, CEO of BluVectorAnd my first two person interview with Marie Hattar, CMO of IXIA and David Ginsburg, VP Marketing at Cavirin SystemsI really enjoyed my conversations with each of them and look forward to your feedback. Please make sure you are subscribed here so you don't miss any episodes.In the interim, please listen to this short episode on my take of the event.Thanks! 

Dr. Gary McGraw is the Vice President of Security Technology at Synopsys (SNPS). Gary quite literally helped create the field of software security. He is a globally recognized authority on software security&nbsp;and the author of several bestselling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books. He is&nbsp;also the editor of the Addison-Wesley Software Security series. Gary&nbsp;has also written over 100 peer-reviewed scientific publications, authors a periodic security column for SearchSecurity, is frequently quoted in the press, and regularly speaks at major cyber security conferences. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Max Financial, NTrepid, and Ravenwhite. He has also served as Advisor to Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye).Gary holds a dual PhD in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors. He also produces and hosts his own the monthly podcast, the&nbsp;Silver Bullet Security Podcast for IEEE Security &amp; Privacy Magazine (syndicated by SearchSecurity).Gary is also a self described "alpha geek" and a pioneer in the field of computer security. However, Gary also is a big proponent of life out side of tech. He lives on a farmhouse in Virginia, collects art, plays several musical instruments, an experienced cook, and shares a hobby of mine,&nbsp;craft cocktails. I am truly honored to have him on the show.In this episode we discuss craft cocktails, his Shmoocon 2017 key note, building in software security, the BSIMM project, breakers as builders, leadership in infosec, cyber security in the media, government relations,&nbsp;<a...

Cindy Murphy served in law enforcement&nbsp;&nbsp;for more than thirty years&nbsp;(twenty-five of those years at the Madison Police Department in Wisconsin) before leaving the force to&nbsp;launch Gillware Digital Forensics, where she is co-owner and serves as president and lead examiner. Her peers have called her "one of the most dedicated people in the field of digital forensics." Cindy has also been teaching digital forensics since 2002, is a certified SANS&nbsp;instructor and helped develop the SANS Mobile Device and Advanced Smartphone Forensics courses. Her extensive experience has given her both the real-world experience and the foundation in training that it takes to excel in the mobile forensics field and share her knowledge with others.Throughout her career, Cindy has always looked for opportunities to help in meaningful ways. In one notable case, experts spent a year trying to unlock the phone of a 16-year-old girl who was killed in a tragic traffic accident. As the family prepared to spread the girl's ashes in a ceremony a year after her death, Cindy was given the victim's locked phone. She was able to unlock it, enabling the family to see their daughter's last photos. The family sent Cindy a thank you note that said: "We so appreciate this opportunity you've given us to hold onto a piece of our daughter's life we were sure was lost to us." This is just one example how digital forensics, and a good examiner, can have a tremendously positive impact in peoples lives.Cindy has also developed the&nbsp;"Fraternal Clone Method" for Cell Phones, a&nbsp;Forensic 4Cast Forensic Examiner of the Year Award winner, a&nbsp;SANS People Who Made a Difference in Security Award winner, and was named a 2016&nbsp;Women of Influence in IT Security by SC Magazine. She is also one of the nicest and most&nbsp;approachable&nbsp;people in the cyber security and digital forensic industry.In this interview we&nbsp;discuss starting digital forensics in law enforcement, how she started with mobile forensics in the early 2000's, moving from law enforcement to the private sector, the concerns she has with mobile phones, mobile malware, recruiting and retaining women in DF/IR, developing SANS mobile forensics courses, and much more.I hope you enjoy this discussion. Please leave your comments below!Where you can find Cindy:LinkedInTwitterGillware Digital ForensicsSANS

Scott Schober is the President and CEO of Berkeley Varitronics Systems (BVS), a 44 year-old company and leading provider&nbsp;of advanced, world-class wireless test and security solutions.&nbsp;Scott&nbsp;starting with BVS in 1989 and the company’s product line of wireless test and security instruments has increased to over 100 products with a core focus on Wi-Fi, Cellular, WiMAX, LTE, IoT as well as other&nbsp;advanced radio devices. As an experienced software engineer, Scott has developed cellular test instruments used for measuring, optimizing&nbsp;and plotting signal coverage, primarily for the initial cellular build-out throughout the United States. Scott’s recent focus has been development of BVS’ cell phone detection tools, used to enforce a "no cell phone policy" in various markets including government, corporate, military, educational, correctional and law&nbsp;enforcement. Thousands of these security tools have been deployed throughout every state in the U.S. and around the world.Scott&nbsp;is a highly sought after subject expert on the topic of cyber security and wireless&nbsp;technology for media appearances and commentary. He is often seen on ABC News,&nbsp;Bloomberg TV, Al Jazeera America, CBS This Morning News, CCTV America, CNBC, CNN, Fox Business, Fox News, Good Morning America, Inside Edition,&nbsp;MSNBC and many more.&nbsp;His precautionary advice is heard on dozens of radio stations such as National Public Radio, Sirius XM Radio, Bloomberg Radio, and The&nbsp;Peggy Smedley Show. He regularly presents on visionary issues at conferences around the globe discussing wireless technology and its role in the current cyber security breaches along with his vision for best practices to stay safe in the future.&nbsp;Scott has been interviewed in WSJ, Forbes, Fortune, Success, NY Daily&nbsp;News, Newsweek, USA Today, and The New York Times.In his latest book, Hacked Again, Scott&nbsp;explores the ins and outs of&nbsp;his experience when&nbsp;his own small business was hacked. Several times. In this eye opening book, he details mayhem and tries understand the motives behind his being hacked.In this interview we will discuss his experience being hacked, the importance of layer security, how to improve IoT security, drone security, common themes in big breaches, cyber security education, finding your niche, and much more.&nbsp;I hope you enjoy this discussion. Please leave your comments below!&nbsp;Where you can find Scott:Hacked Again (Amazon)LinkedInTwitterBlogHackEd&nbsp;

Early each year, for the past 12 years, the hacker conference ShmooCon takes place in Washington, DC. This year I was honored and fortunate to get a press pass to this sold out event which the organizers call, "an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues."It was a great time and in this episode I will recap my experience&nbsp;over the three days.More ShmooCon information:ShmooCon WebsiteTwitterShmooConPuzzleShmooganographyThank you to ShmooCon and the organizers for letting me be part of this event!

Defined by his peers as a “passionate, experienced and visionary individual who is always striving to improve himself,” Ismael Valenzuela is one of the few individuals that has done almost all in the InfoSec arena, from founding one of the first IT Security companies in Spain to managing a distributed CERT across the world as well as teaching for highly reputed institutions such as SANS, BSi or the Spanish National Center of Intelligence.His command of both the business and technical aspects of information security has allowed him to specialize in building and boosting highly technical security teams and successful security businesses across North America, EMEA, India and Australia in the last 15 years.As a top cybersecurity expert with strong technical background and deep knowledge of penetration testing, security architectures, intrusion detection and computer forensics, Ismael has provided security consultancy, advice and guidance to large government and private organisations, including major EU Institutions and US Government Agencies.Prior to joining Foundstone Services at Intel Security, Ismael worked as Global IT Security Manager for iSOFT Group Ltd, one of the world’s largest providers of healthcare IT solutions, focusing on establishing and managing the IT Security program in more than 40 countries while providing risk-driven strategic planning, defining an ISO 27001 compliant policy framework and working with the applications team to ensure that security was embedded into their SDLC.Author of security articles for Hakin9, INSECURE Magazine and the SANS Forensics Blog, Ismael also serves on the GIAC Advisory Board and is a Community SANS Instructor.He holds a Bachelor's degree in Computer Science from the University of Malaga, is certified in Business Administration, and holds numerous professional certifications including the highly regarded GIAC Security Expert (GSE #132) any many others from GIAC, ISC2 and ISACA.In this interview we will discuss learning security on his own, scoping penetration testing projects, security in the healthcare industry, running&nbsp;international&nbsp;teams, how to drive an internal security&nbsp;culture, developing internal training programs, threat hunting and his rastrea2r threat hunting tool, lessons learned&nbsp;from&nbsp;his IR work, and much more.I hope you enjoy this discussion. Please leave your comments below!Where you can find Ismael:LinkedInTwitterSANS BlogBlogGitHub

Dr. Darren Hayes is the Director of Cybersecurity and an Assistant Professor at Pace University, New York and a leading expert in the field of digital forensics and cyber security. In 2013, he was listed as one of the Top 10 Computer Forensics Professors, by Forensics Colleges. He has developed four distinct courses in digital forensics, at Pace University, at the undergraduate and graduate levels. Also through Pace, Darren continually conducts research to&nbsp;support of law enforcement agencies both domestically and internationally. He has successfully been awarded grants, in the field of computer forensics, by the Department of Defense, National Science Foundation and other notable foundations. Daren is also a professional consultant in computer forensics and cyber law for the Department of Education in New York.For a number of years, Hayes has served on the Board of the High Technology Crime Investigation Association (HTCIA) Northeast Chapter and was the President of the HTCIA Northeast. Currently, he&nbsp;serves as Second Vice President of the HTCIA Northeast.Darren is also an accomplished author with numerous peer-reviewed articles on computer forensics. He has co-authored two textbooks and published “A Practical Guide to Computer Forensics Investigations”. Darren has appeared on&nbsp;numerous media and news outlets such as Bloomberg Television, The Street and Fox 5 News and been quoted by CNN, The Guardian (UK), The Times (UK), Wall Street Journal, Financial Times, Forbes, Investor’s Business Daily, MarketWatch, CNBC, ABC News, Forensic Magazine, SC Magazine, PC Magazine, USA Today, Washington Post, New York Post, Daily News and Wired News (to name but a few!). He has also been invited to lecture for the Harvard Business Review, University College Dublin and, more recently, was Visiting Professor at Sapienza University, Rome, Italy.In this interview we will discuss how he supports law enforcement, developing teaching skills, the importance of problem solving abilities, the challenges when authoring books, misinformation in the media, his involvement with HTCIA, gender roles in information security, foundational skills necessary to be good in information security, immigration challenges, real world physical threats from cyber attacks, the growth of ransomware, the "brain drain" in the government sector, how to learn cyber security on a budget, and much more.I hope you enjoy this discussion. Please leave your comments below!Where you can find Darren:LinkedInTwitterPace UniversityA Practical Guide to Computer Forensics Investigations&nbsp;

This is going to be the second holiday break episode and the first of 2017.In this episode, I am taking a quick look back at the first five episodes with my guests&nbsp;to date:Chris PogueDavid CowenLenny ZeltserNicholas PercocoMorgan WrightEach of these cyber security professionals have had their own, unique journeys to get where they are. In each interview, I learned a lot about them as individuals, but also got their perspectives on a variety of topics that influence the industry as well as some valuable advice.Thanks everyone for listening to the first episodes of Cyber Security Interviews. I hope you are all getting some valuable insight to the industry as well as some sage advice.Next week we are back with our regular schedule of interviews with top cyber security pros. Have a safe and happy new year everyone, I look forward to speaking to you all soon.Remember to sign up here for email notifications of new episodes.

This is going to be one of two special holiday break episodes as we end out the year. We will be returning to our regular interviews with top security experts right after the start of the new year.In this episode, I reflect on 2016 and cyber security. It was an interesting year and information security took a spot light more than I could remember for years past (and probably more than I could have imagined a year ago). Even“hackers” even took runner up as Time’s 2016 Person of the Year!I will talk about:The cyber-attacks against the Ukrainian Critical Infrastructure, also known as Black EnergyThe Central Bank of Bangladesh heistThe Panama PapersThe Internet of Things, Distributed Denial of Service attacks against Dyn DNSYahoo's breachThe email hack of the Democratic National PartyI wish everyone a safe and happy holiday season this year. Next week I am going to take a quick look back at the first five episodes and some of the lessons I learned from my guests.Thanks, I look forward to speaking to you all soon!

Morgan Wright is an internationally recognized expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. His landmark testimony before Congress on Healthcare.gov changed how the government collected personally identifiable information. He has made hundreds of appearances on national news, radio, print and web, and has spoken to audiences around the world about cyber security.Previously Morgan was a Senior Advisor in the US State Department Antiterrorism Assistance Program and Senior Law Enforcement Advisor for the 2012 Republican National Convention. In addition to 18 years in state and local law enforcement, Morgan has developed solutions in defense, justice and intelligence for the largest technology companies in the world.&nbsp;He has trained over 2,000 law enforcement officers in the investigation of computer crime, including one year training the FBI on internet investigations. He has also taught behavioral analysis interviewing at the National Security Agency.A highly seasoned interviewer and moderator, Morgan has over 400 appearances on national news shows. In his interviews, he always tries to inspire, inform and entertain with just the right amount of humor and wit.In this interview we discuss cyber security in the 2016 Presidential election, accountability in cyber security and the failure of leadership, investing in people, machine learning, cyber warfare, insider threats, compliance versus security, on the job training, the importance of communication skills, productivity tips and personal development, and much more.I hope you enjoy this discussion. Please leave your comments below!Where you can find Morgan:LinkedInTwittermorganwright.usidentitysecurity.commorgan.thinkific.com/courses/passwords

Nicholas Percoco has more than 19 years of information security experience and is currently the Chief Information Security Officer at Uptake.Prior to Uptake, Nicholas was the Vice President of Global Services at Rapid7. Nick has also been a Director at KPMG and the head of SpiderLabs at Trustwave where he led more than 2000 incident response and forensic investigations globally, ran thousands of ethical hacking &amp; application security tests for clients, and conducted bleeding-edge security research to improve Trustwave's products.Before Trustwave, Nick ran the security consulting practices at VeriSign, &amp; Internet Security Systems. In 2004, he drafted an application security framework that became known as the Payment Application Best Practices (PABP). In 2008, this framework was adopted as a global standard called Payment Application Data Security Standard (PA-DSS).As a speaker, he has provided unique insight around security breaches, malware, mobile security and InfoSec trends to public (Black Hat, DEFCON, and OWASP) &amp; private audiences (Including DHS, US-CERT, Interpol, United States Secret Service) throughout the world.Nick's research has been featured by media including: The Washington Post, eWeek, PC World, CNET, Wired, Network World, Dark Reading, Fox News, USA Today, Forbes, Computerworld, CSO Magazine, CNN, The Times of London, NPR, Gizmodo, Fast Company, Financial Times &amp; The Wall Street Journal.Nick is also&nbsp;the creator of THOTCON (a hacking conference held in Chicago each year), &amp; co-founder of The Cavalry movement.In this interview we discuss his early start with computers, what is a hacker,&nbsp;developing a methodology for penetration testing, how he developed the SpiderLabs name,&nbsp;analytics and automation, when you should evaluate opportunities,&nbsp;moving past the fear of public speaking, his personal "drink-a-different-beer-a-day" contest, research and public disclosure of vulnerabilities, how to secure Internet connected devices, where he recruits talent, and much more.I hope you enjoy this discussion. Please leave your comments below!Where you can find Nick:LinkedInTwitterTHOTCONI am the Cavalry

Lenny Zeltser is a seasoned business and tech leader with extensive information security expertise. As a product portfolio owner at a Fortune 500 company, he delivers the financial success and expansion of his orgnization's security services and SaaS products. He has also been a national lead of the security consulting practice at Savvis (acquired by CenturyLink), where he managed the US team of service professionals, aligning their expertise to the firm’s cloud solutions.Lenny helps shape global infosec practices by teaching incident response and malware defenses at SANS Institute and by sharing knowledge through writing, public speaking and community projects. He has earned the prestigious GIAC Security Expert professional designation and developed the Linux toolkit REMnux, which is used by malware analysts throughout the world. Lenny is on the Board of Directors of SANS Technology Institute and on the Advisory Board of Minerva Labs.Lenny’s approaches to business and technology are built upon his work experience, independent research, as well as a Computer Science degree from the University of Pennsylvania and an MBA degree from MIT Sloan. His expertise is strongest at the intersection of business, technology, and information security, and spans incident response, infosec cloud services and business strategy. To get a sense for Lenny’s thought process and knowledge areas, take a look at his blog.In this interview we will discuss&nbsp;why he is passionate about security, stagnating in information security and going back to grad school, public speaking, who has inspired him, his personal challenge asking for advice, early failures in technology, why he developed REMnux to make malware analysis accessible to as many people as possible, cloud security, writing better job descriptions, refining communication skills to technical and non-technical audiences, how to use certifications as a signaling mechanism, building industry relationships, and much more.I hope you enjoy this discussion. Please leave your comments below!Where you can find Lenny:LinkedInTwitterLenny's BlogREMnux

David Cowen has more than sixteen years of experience in the areas of security integration, architecture, assessment, programming, forensic analysis and investigations. He started out as a penetration tester then&nbsp;moved to digital forensics. Currently, he&nbsp;is a partner at G-C Partners, LLC, a full service digital forensics investigation company, and has experience working in a variety of environments ranging from high security military installations to large/small private sector companies.David is also one of the most passionate&nbsp;and active contributors within the cyber security and&nbsp;forensic communities. I&nbsp;look at David's contributions and think he doesn't sleep and/or someone in Dallas, TX there is cloning facility that has produced David Cowens versions 2 -5 which are all running around outputting awesome contributions to the community (yes, like the movie Multiplicity).Here is just a short list of what David' does to give back to the&nbsp;industry:Regular speaker at conferences such as OSDFConRan his blog, Hacking Exposed Computer Forensics, daily&nbsp;which included a weekly forensic challengeIs a Red Team Captain for the National Collegiate Cyber Defense CompetitionHas his own regular video podcast, Forensic Lunch&nbsp;Author of Computer Forensics: InfoSec Pro GuideCo-author of Hacking Exposed: Computer ForensicsCo-author of&nbsp;Anti-Hacker Tool Kit, Third EditionIs a SANS Institute Certified&nbsp;InstructorDeveloped TriForce ANJP, forensic software for parsing NTFS journals (also working on HFS+ capabilities)He is also&nbsp;a two-time Forensic 4cast award winner for both Digital Forensic Article of the Year and Digital Forensic Blog of the year.When he is not doing all of this, he is also a family man and BBQ aficionado.Nope. Zero chance this is one person.In this interview we will discuss how he has accomplished all of this, why he loves being an expert witness, why he moved from pen tester to&nbsp;forensicator, his inspiration to start programming, his favorite type of investigation and the questions to ask, how to hire good talent, what it took to develop TriForce ANJP and how it was a community effort, how no one stands on their own in the industry, and much more.I hope you enjoy this discussion. Please leave your comments below!Where you can find David:LinkedInTwitterHacking Exposed Computer ForensicsForensic Lunch&nbsp;

Chris Pogue, Chief Information Security Officer at Nuix, has more than fifteen years’ experience and 2,000 breach investigations under his belt. Over his career, Chris has led multiple professional security services organizations and corporate security initiatives to investigate thousands of security breaches worldwide.His extensive experience is drawn from careers as a cyber crimes investigator, ethical hacker, military officer, and law enforcement and military instructor. In 2010, Chris was named a SANS Thought Leader, ran an award-winning security blog (The Digital Standard), and has contributed to multiple security publications. Chris holds a Master's Degree in Information Security and is also an adjunct cyber security professor at Southern Utah University. He also was a contributing author for&nbsp;Data Breach Preparation and Response: Breaches are Certain, Impact is Not.Chris is just one of those guys in cyber security I knew I had to have on the show out of the gate. He is an extremely bright guy and very passionate about information security. He is also pleasure to talk to. He coined the methodology and term "Sniper Forensics" a few years back, and it had a huge impact on the way I approach digital forensic investigations.In this interview we discuss his military background, his start as a penetration tester, his transition from tech to executive, books that have influenced him, using the scientific method, the merger of cyber crime and physical crime, training cyber security staff, the importance of communication skills, cognitive biases and&nbsp;Parkinson's Law of Triviality, and much more.I hope you enjoy this discussion. Please leave your comments belowWhere you can find Chris:LinkedInTwitterThe Digital StandardNuix Blog&nbsp;

Before we tackle the hearts and minds of some of the leaders and influencers in cyber security, I wanted to provide a little background about me and how I got started in cyber security.As far back as I can remember, I always wanted to be a hacker.In 1981, at an impressionable age five, I plopped down in front of a Texas Instruments TI99/4A computer. It had a whopping 3MHz CPU, 16K of RAM, and 16 colors. My parents got one for the home and I mostly used it to play video games. My favorite game was Hunt the Wumpus.At some point, I came across Compute! magazine that had instructional pages of BASIC, spaghetti code programs that you could use to run on your computer. After hours of painstakingly transcribing lines and lines of GOTO commands into the TI99, I would have a small colored box bounce from one side of the screen to the other. Then back again. #Fun.[caption id="attachment_1332" align="alignleft" width="173"]“Hi sugar. After you store my 'portable' computer, can you please light my Pall Mall and fetch me a double Alabama Slammer?" Image source: Oldcomputers[/caption]The Reagan 1980's roared on and computers gained greater adoption in the business community, particularly in finance and accounting. However, computers for the general public consumption were still in their infancy. Glorified calculators with some generic word processing capabilities. Then movies like Tron and War Games came out. Whoa. They depicted the anti-heros as computer users, but different. They were hacker misfits, but cool in their own way. They could command computers to do powerful things. I wanted to do that.My parents continued to bring technology into the home (they&nbsp;were leading communication consultants and authors)&nbsp;including new computers to play with, break, and hopefully, repair. In the summer of 1983 we made the investment in a Compaq Portable Plus. This was also a deciding point because it set me down the IBM/PC market path (sorry Apple). Mind you, this beast of plastic and metal was marketed as "portable" at 28 pounds. Nine-inch monochrome monitor and detachable keyboard? Heck yeah I'll travel with this thing! And we did!The real selling point to me on this computer was WordPerfect 3 with the spell checking feature and a printer. No longer was I chained to homework assignments of handwritten drafts! I was able to write a book report on birds, it showed me how horrid my spelling was, and I could print it. Sold. However, my final submission caused a certain amount of controversy with my teacher. She accused my parents of writing this masterpiece. With Kerouac-esque lines like "Cardinals are red," I can see the confusion. She simply couldn’t understand how a kid could use a computer to write a paper. This resulted in my parents meeting&nbsp;with the teacher and principal to explain how I could possibly do such a thing.Luckily things started to change and computers were becoming more mainstream. They were more and more likely to be common appliances in the home.“I asked for a car, I got a computer. How’s that for being born under a bad sign.”– Ferris Buller&nbsp;[caption id="attachment_1333" align="alignleft" width="568"]A MUD. By Source, Fair use,...