eXecutive Security

Etan Basseri is a product manager on Microsoft's Identity Security team, working to prevent and detect identity compromise. During the course of his career, he’s held a range of roles across law, business development, consulting and product, so he frequently advises and mentors others on their career development. LinkedIn: https://www.linkedin.com/in/basseri/ Career Walking Decks 101: https://kkarenism.com/career-walking-decks-101/ Microsoft Software & Systems Academy (MSSA) – Microsoft Military Affairs: https://military.microsoft.com/mssa/ Cybrary: https://www.cybrary.it/info/homepaged/ SANS Institute: https://www.sans.org/mlp/2/ (ISC)2: https://www.isc2.org Pluralsight: https://www.pluralsight.com

New to RSA? Gene offers a few quick tips and some advice on navigating this massive cybersecurity conference for the first time.

Neil is currently ThreatX’s SOC manager and has 15 years of experience in roles from user support to leading security programs. He has expertise in security architecture and cybersecurity best practices and is an active member of the security community. He has delivered lectures at DEF CON, OWASP, and local security meetups. Neil also acts as an adjunct lecturer on Software Engineering at Indiana University. Defcon: https://defcon.org BSides: http://www.securitybsides.com/w/page/12194156/FrontPage Neil Weitzel LinkedIn: https://www.linkedin.com/in/neilweitzel/

Edward Amoroso is the founder and CEO of Tag InfoSphere. He also teaches courses on cybersecurity at NYU and the Stevens Institute of Technology. Previously, he was the CISO of AT&T for many years. Tag Cyber: https://www.tag-cyber.com Cybrary: https://www.cybrary.it SANS: https://www.sans.org Coursera: https://www.coursera.org Edward Amoroso LinkedIn: https://www.linkedin.com/in/edward-amoroso/

The SVP of Business Development and Strategic Alliances at Rapid7, Julian Waits has had a long and impressive career in the cybersecurity industry. He has held positions from software developer to field systems engineer, M&A director, Sales VP, and CEO. Cyversity: https://www.cyversity.orISAC: https://www.it-isac.org SANS: https://www.sans.org Julian Waits LinkedIn: https://www.linkedin.com/in/julianwaits/

David Craigen is the BU Information Security Officer, North America and Canada at TK Elevator. Previously, he held senior security leadership positions at several organizations, including Quikrete, BioIQ, and MiMedx. LinkedIn: https://www.linkedin.com/in/davidcraigen/

Bruce Schneier is an internationally renowned security technologist, called a “security guru” by the Economist. He is the New York Times best-selling author of 14 books -- including A Hacker’s Mind -- as well as hundreds of articles, essays, and academic papers. His influential newsletter Crypto-Gram and blog Schneier on Security are read by over 250,000 people. Schneier is a fellow at the Berkman-Klein Center for Internet and Society at Harvard University, a Lecturer in Public Policy at the Harvard Kennedy School, a board member of the Electronic Frontier Foundation and AccessNow, and an advisory board member of EPIC and VerifiedVoting.org. He is the Chief of Security Architecture at Inrupt, Inc. Schneier on Security blog: https://www.schneier.com Cryto-Gram newsletter: https://www.schneier.com/crypto-gram/ About A Hacker’s Mind: https://www.schneier.com/books/a-hackers-mind/

Having clear goals and a way to keep yourself accountable is often the key to success. Gene Fay has developed a system to keep himself focused on his yearly goals, and it involves a sticky note. Get his tips on goal setting in this Tips and Techniques episode.

Connie Matthews Reynolds is the founder and CEO of ReynCon Educational Services and Training, which brings together security practitioners and individuals who want to build their skills, whether new to our field, or building skills for growth or a more cross-functional skill set. She is also a founding member of EmpoWE-R Women of Information Security and the president of the Central Ohio ISSA. Information Systems Security Association (ISSA): https://www.issa.org EmpoWE-R Women of Infosec: https://www.empower-infosec.org ReynCon Education Services & Training: https://www.reynconsecurity.com LinkedIn: https://www.linkedin.com/in/conniematthews/

Phone scam recording: https://www.youtube.com/@CPHarding

Robert D. Rodriguez is the Chairman & Founder of SINET and a Venture Partner at SineWave Ventures. Previously, Robert advised and coordinated the public - private sector outreach for The Department of Homeland Security and other institutions, and served 22 years as a Special Agent with the United States Secret Service. https://www.linkedin.com/in/rdrod/ https://www.security-innovation.org

Hayley Roberts has been a tech executive for many years, and has been the CEO of Distology, an IT security distributor based in the UK, since 2015. LinkedIn: https://www.linkedin.com/in/hayley-roberts-69b5562/ Distology: https://www.distology.com

Akira Brand is an experienced developer who has worked in Developer Relations for the past several years, most recently with Bright Security. LinkedIn: https://www.linkedin.com/in/akirabrand/ Artists Who Code: https://www.linkedin.com/company/artistswhocode/ Bright Security: https://brightsec.com

In this Tips and Techniques episode, eXecutive Security podcast host Gene Fay shares his advice and best practices for networking. Learning how to make the best of networking events is a powerful life skill that plays a big role in career success. With in-person events making a strong comeback post-pandemic, those early and not-so-early in their careers will find Gene’s practical tips valuable.

Zenobia Godschalk has worked closely with many cybersecurity companies over the years as the founder of ZAG Communications, a PR and marketing firm serving technology companies, and is now SVP of Communications for Hedera. She also does a lot of philanthropic work in the technology space. LinkedIn: https://www.linkedin.com/in/zenobiaaustingodschalk/Dark Reading Article: https://www.darkreading.com/remote-workforce/senior-level-women-leaders-cybersecurity-nonprofitForte Group: https://forte-group.org/home-our-missionAndreessen Horowitz: https://a16z.com

Jenn Reed has more than 25 years of product management and engineering experience in cloud networking infrastructure, security, governance, risk, and compliance across both the private and public sectors. She is currently Principal Partner SA, SPE at AWS and was formerly CISO at Aviatrix. Jenn served her country in the U.S. Marine Corps from 1995-2000 and again in 2003 during the Iraq war. LinkedIn: https://www.linkedin.com/in/jennsreed/

Brian Castagna is the CISO at Seven Bridges, a leading biomedical data company. He is an experienced and skilled information security leader who has held security leadership positions at several organizations including Acquia and Oracle. LinkedIn: https://www.linkedin.com/in/brian-castagna-1890544/

Ramachandra Hegde is a senior executive with over 24 years of experience, including 12 years in global CISO roles, including with a Fortune 300 manufacturing multinational and a global professional services firm. He is currently senior vice president and CISO at Genpact. LinkedIn: https://www.linkedin.com/in/ramkhegde/

Dan Schiappa, the chief product officer at Arctic Wolf, has been a technology leader for many years at organizations including Sophos, RSA Security, and Microsoft.LinkedIn: https://www.linkedin.com/in/daniel-schiappa-bbb1062/University of Central Florida News: https://www.ucf.edu/news/cybersecurity-team-wins-4th-national-championship/Arctic Wolf: https://arcticwolf.com/company/careers/

Richard Ford is an experienced cybersecurity and technology leader. Currently the Chief Technology Officer at Praetorian, he has held leadership positions at many organizations, including Cyren, Forcepoint, and Raytheon. Richard also has a Ph.D. in Physics from the University of Oxford. Personal LinkedIn: https://www.linkedin.com/in/dr-ford/ Praetorian LinkedIn: https://www.linkedin.com/company/praetorian/ ISC2: https://www.isc2.org BSides: https://bsideslv.org

Lauren is just starting her career in cybersecurity. She has a bachelor’s degree in cybersecurity from Champlain College and is a SOC Analyst at ThreatX.LinkedIn: https://www.linkedin.com/in/laurencampanara/

Ray has more than 15 years of experience in the information security space and is currently CISO at Inspectiv. He has held leadership positions at numerous organizations including, Cobalt.io, Amazon, Proofpoint, and Cisco. LinkedIn: https://www.linkedin.com/in/ray-espinoza-b399821/ Black Girls in Cyber: https://www.blackgirlsincyber.com

Maarten Van Horenbeeck, who is the chief information security officer at Zendesk, has more than 15 years of experience managing security organizations, which includes building the cybersecurity-threat intelligence team at Amazon, and working on the security teams at Google and Microsoft. He is also a former board member and Chairman of the Forum of Incident Response and Security Teams (FIRST). LinkedIn: https://www.linkedin.com/in/maartenv/Chaos Computer Club: https://en.wikipedia.org/wiki/Chaos_Computer_Club NIST: https://www.nist.gov MITRE: https://www.mitre.org Rand Institute: https://www.rand.org FIRST: https://www.first.org Cloud Security Alliance: https://cloudsecurityalliance.org

Defcon: https://defcon.org Black Hat: https://www.blackhat.com

Jim Routh has a long history in technology and cybersecurity as a leader and management consultant. He was formerly a cybersecurity leader for many large companies including MassMutual, CVS Health, Aetna, and JP Morgan Chase. He is also the former Board Chair for the Health Information Sharing & Analysis Center (H-ISAC) where he served for five years and former Board member for the Financial Services Information Sharing & Analysis Center (FS-ISAC). Jim currently sits on several Boards and acts as an advisor for several cybersecurity companies and venture funds. Jim brings to the boards a vast business and technology background and is considered a digital and cyber security industry expert and thought leader. Finally, Jim is an ICIT Fellow and an Adjunct Faculty member for NYU.The Role of Cybersecurity Leaders as Educators: https://icitech.org/wp-content/uploads/2022/03/ICIT-Fellow-Perspective-The-Role-of-Cybersecurity-Leaders-as-Educators.pdfLinkedIn: https://www.linkedin.com/in/jmrouth/ Jim Routh's Book List:Cybersecurity and Cyberwar by Singer and Friedman Dark Territory by Kaplan The Perfect Weapon by Sanger Sandworm by Greenberg The Cuckoo’s Egg by Stoll Spam Nation by Krebs Future Crimes by Goodman Data and Goliath by Schneier Confront and Conceal by Sanger The Fifth Domain by Clarke America the Vulnerable by Brenner The Code Book by Singh Algorithms to Live By by Christian and Griffiths Your Government Failed You by Clarke Sting of the Drone by Clarke Countdown to Zero Day by Zetter Software Security: Building Security In by McGraw @War by Harris Fight Fire With Fire by Tarun Kingpin by Poulsen The Age of Surveillance Capitalism by Zuboff The Internet in Everything by DeNardis Senior Cyber by Schober CISO Compass by Fitzgerald This Is How They Tell Me the World Ends by Perlroth Crimedotcom by White Big Breaches by Daswani and Elbayadi Innovating in a Secret World by Srivastava Cyber Mayday by Lohrmann and Tan Navigating the Cybersecurity Career Path by Patton Tribe of Hackers by Carey and Jin The PtaaS Book by Wong CyberJutsu by McCarty Cyber Defense Matrix by Yu Shape by Ellenberg So You Want to Talk About Race by Oluo White Fragility by Diangelo Hos to Be an Antiracist by Kendi

Ron is President at Gula Tech Adventures, which focuses on cyber technology, cyber policy and recruiting more people to the cyber workforce. Since 2017, GTA has invested in dozens of cyber start-ups and funds and supported multiple cyber nonprofits and projects. From 2002 to 2016, Ron was the co-founder and CEO of Tenable Network Security. He helped grow the company to 20,000 customers, raise $300m in venture capital and grow revenues to $100m, setting up the company for an IPO in 2018. Prior to Tenable, Ron was a cyber industry pioneer and developed one of the first commercial network intrusion detection systems called Dragon, ran risk mitigation for the first cloud company, was deploying network honeypots in the mid 90s for the DOD and was a penetration tester for the NSA and got to participate in some of the nation's first cyber exercises. Ron was also a captain in the Air Force. LinkedIn: https://www.linkedin.com/in/rongula/ Gula Tech Adventures: https://www.gula.tech Cybrary, Free Cybersecurity Training and Career Development: https://www.cybrary.it/ SANS Institute: https://www.sans.org

Bill Brown is an accomplished information technology and information security leader with experience leading M&A Security Due Diligence Response and Remediation, and leading global teams in start-up, mid-size, and Fortune 1000 companies. Currently he is CISO and CIO at Abacus Insights and an advisory board member to ThreatWarrior. He has also held security leadership positions in ClickSoftware, Houghton Mifflin Harcourt, Veracode, and Iron Mountain. LinkedIn: https://www.linkedin.com/in/billbrownusa/ HIPPA: https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act Hiitrust: https://en.wikipedia.org/wiki/HITRUST PII: https://www.techtarget.com/searchsecurity/definition/personally-identifiable-information-PII Cyber Warrior: https://www.cyberwarrior.com/ Cloud Security Alliance: https://success.impartner.com/English/Customer/home.aspx

James Carder is an experienced Chief Security Officer, research and development leader, cyber security services expert, and go to market executive with over 26 years in both corporate security and consulting for public and private companies across various industries, the Fortune 500, and U.S. Government. Currently, he is the Chief Security Officer at iOffice + SpaceIQ. James also served in the Air Force. LinkedIn: https://www.linkedin.com/in/carderj/ Twitter: https://twitter.com/carderjames ISSA: https://www.issa.org/OWASP: https://owasp.org/ Cloud Security Alliance: https://cloudsecurityalliance.org/ BSides: https://bsideslv.org/ U Minnesota Certificate Program: https://bootcamp.umn.edu/cybersecurity/

Ian Amit is an executive manager in the security and software industry with vast experience in multiple fields - from enterprise security, through retail, to end-user software, large back-end systems, corporate security policy, regulatory compliance, and strategy. He has spoken at various customer-focused seminars such as DEFCON, RSA, BlackHat, BSides, and many more. LinkedIn: https://www.linkedin.com/in/iamit/ DEFCON: https://defcon.orgBSides: https://bsideslv.org

Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and weekly podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech. She values diversity, inclusion, and kindness. LinkedIn: https://www.linkedin.com/in/tanya-janca/ Jobs in InfoSec: https://shehackspurple.ca/2022/01/01/jobs-in-information-security-infosec/ We Hack Purple Community: https://community.wehackpurple.com/ #CyberMentoringMonday: https://twitter.com/search?q=%23CyberMentoringMonday&src=typed_query&f=live

Chris Wysopal is Co-Founder and Chief Technology Officer at Veracode, which pioneered the concept of using automated static binary analysis to discover vulnerabilities in software. In the 1990’s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. Chris started his career as software engineer that first built commercial software and then migrated to the specialty of testing software for vulnerabilities. He has led highly productive and innovative software development teams and has performed product strategy and product management roles. Chris is a much sought-after expert on cybersecurity. He has been interviewed for most major technology and business publications, including New York Times, The Washington Post, WSJ, Forbes, Fortune, AP, Reuters, Newsweek, Dark Reading, MIT Tech Review, Wired, and many networks, including BBC, CNN, ABC, CBS, CNBC, PBS, Bloomberg, Fox News, and NPR. He has keynoted cybersecurity and technical conferences on 4 continents.Link: Chris Wysopal LinkedInLink: Cult of the Dead Cow by Joseph Menn

David McLeod is the VP, Chief Information Security Officer at Cox Enterprises. He is an experienced Chief Information Security Officer who has demonstrated success across multiple industries. David has extensive skills in Privacy, Enterprise Risk Management, IT Strategy and Governance, and Information Risk Management. David McLeod LinkedIn

Patti Titus is the Chief Privacy and Information Security Officer at Markel Corporation. She also serves on the Board of Directors for Black Kite and the Girl Scouts of the Commonwealth of Virginia. She was recognized as a 'Woman of Influence' by the Executive Women’s Forum in 2009 and the Silicon Valley Business Journal in 2013.Patti has held numerous leadership positions in the cybersecurity industry, including at Freddie Mac, Symantec, Unisys Corporation and the Transportation Security Administration within the Department of Homeland Security.Patricia's LinkedinSANS Institute

Eric Richard, SVP Engineering and CISO, HubspotLinkedinSANS Institute

Special thanks to Tom Quinn for joining us in this episode:Tom Quinn on LinkedinMomentumCyber: https://momentumcyber.com/ Girl Security: https://www.girlsecurity.org/

Hello and welcome to the eXecutive Security podcast where we talk to CISOs and other leaders in cybersecurity about a career in this industry, specifically how to get into it, and how to advance. My name is Gene Fay and I'm the CEO of ThreatX an API security company and the host of the eXecutive Security podcast.I started this podcast because of my two passions, cybersecurity and helping people find jobs in cyber. Over the last 17 years, I've been blessed to meet so many amazing people within this industry. People who taught me not only about cybersecurity, but how to be a great leader. For a while I've been thinking about how I can give back to the cybersecurity industry, which has been so good to me.Also, I've been thinking about what I've learned from great leaders in this space, and I can share this knowledge with a lot of people. So this [00:01:00] is how this podcast was started. If you were just thinking about getting into cybersecurity and want to learn how to get started, or if you're in the field and aspire to be a manager, VP, or CISO, this podcast is for you.I hope you enjoy it. If you have any suggestions on guests or topics you want us to cover in the future, please send me an email at genedotfayatthreatxdotcom. Thanks a lot and I hope you enjoy the podcast.