WE'RE IN!

In this episode of WE'RE IN, host Josh Mason sits down with Teri Green, VP of Technology at Elevate and CIO/CISO at Light Technology Solutions. Teri breaks down her proprietary TEST Framework (Touch, Execute, Store, Trust)-a practical toolset for CISOs to evaluate AI risk beyond simple vulnerabilities. They discuss why humans remain the greatest vector in the age of AI, how to teach digital citizenship to the next generation, and why the basics of security still apply even as we move toward a quantum future. Timestamps: [00:00] Welcome, meet Teri Green [00:43] Cybersecurity Origin Story [01:44] Degrees and Certifications [02:34] Career Path and Leadership [03:28] TEST AI Risk Framework [05:30] AI Trust and Human Factor [06:53] Teaching AI Ethics to Kids [08:34] Governance Outpaced by AI [09:42] Upcoming Talks and Takeaways [12:37] Learning AI and Plain Language [16:17] AI Already in Your Org [18:13] Where to Follow Terry [18:58] Closing and Thanks Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of WE’RE IN, Josh Mason sits down with Sayaan Alam, a Level 5 Synack Red Team (SRT) member who started his hacking journey at 14 years old. Sayaan shares his story of how he became the second-youngest researcher onboarded to the SRT and how he climbed the ranks to become recognized on the Synack Acropolis. Timestamps: 00:54 Meet Sayaan: Starting Bug Bounties at 14 01:33 Joining the Synack Red Team (SRT) 03:18 SRT Onboarding Process 04:41 Climbing the Tiers: From Level 1 to Level 5 05:42 Why Synack is Different from Other Platforms 06:30 Improving Professional Pentesting Skills 06:58 Finding Patterns in Client Architectures 08:32 The AI Chatbot Vulnerability: SSRF Case Study 10:57 Remediation Advice for AI File Handling 11:58 Trends in AI Chatbot Security & Stored XSS 13:12 Thoughts on Sara: The Synack Autonomous Red Agent 14:29 How to Connect with Sayaan 15:07 Outro and Closing Remarks Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

This conversation explores how AI is transforming the offensive security landscape, focusing on the rise of AI-driven vulnerabilities, the evolution of pen testing, and the integration of human and AI efforts in cybersecurity. The discussion highlights the importance of adapting to new threats and the role of Synack's Autonomous Red Agent in enhancing vulnerability detection and remediation processes.Timestamps04:51Traditional vs. Modern Pen Testing Approaches07:55The Role of Human Analysts in AI-Driven Security10:57Introducing Sara Pentest: A New Era in Testing13:16Executing a Sara Pentest: A Step-by-Step Guide20:13Real-Time Insights from Sara Pentest23:20Technical Difficulties and Collaboration23:25Exploring Pen Test Engagements27:00Successful Pen Test Outcomes and Future Implications Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Synack Red Team member Bloodtyper reveals his journey from the DMZ to discovering critical AI prompt injection vulnerabilities. Learn how he creates bug bounty reports that get accepted, as well as other golden nuggets of advice to learn and grow your penetration testing skills.CHAPTERS:0:00 Introduction01:03 Military Origins & The DMZ01:58 Hacker Origin Story04:06 Transitioning from Infantry to Tech07:22 Joining the Synack Red Team (SRT)08:04 Learning with Hack The Box09:52 Bug Bounty Reporting Strategy12:14 Synack Vuln Ops16:03 Advice for New Pentesters18:44 AI Prompt Injection Deep Dive21:35 Retesting & Patch Verification23:25 How to Improve Patching26:02 Advice to Learn Cyber Security Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Adam Logue, Independent Security Researcher and Synack Red Teamer, discusses his experiences with responsible disclosure and bug bounty programs, and provides a fascinating technical deep dive into a vulnerability he found in Microsoft 365 Copilot during a client-facing engagement.Timestamps:00:49 - Adam's background with responsible disclosure and bug bounty programs04:33 - Description of M365 vulnerability12:34 - Demo of the vulnerability17:53 - How to pentest AI20:45 - Getting started in pentesting23:07 - Benefits of hacking with Synack Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Blake and Cynthia take an in-depth look at the evolving ransomware threat landscape, the interplay between government and private sector in cybersecurity, and the challenges and opportunities presented by new technologies like AI.Timestamps: 00:19 - Halcyon’s Ransomware Research Center07:24 - Actors behind ransomware campaigns11:22 - Will AI help offense or defense? 17:29 - Known vulnerabilities21:10 - Where do you fall on ransomware payments?28:24 - How to stop bad actors30:44 - Guest fun fact Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Rob and Blake discuss vulnerability and exploit discover in the age of AI and increasingly intelligent cyber threats. Rob Lee is the Chief of Research and Head of Faculty at SANS Institute and runs his own consulting business specializing in information security, incident response, threat hunting, and digital forensics. With more than 20 years of experience in digital forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response, he is known as “The Godfather of DFIR”. Rob co-authored the book Know Your Enemy, 2nd Edition, and is course co-author of FOR500: Windows Forensic Analysis and FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics.Rob graduated from the U.S. Air Force Academy and served as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information operations. Later, he was a member of the Air Force Office of Special Investigations (AFOSI) where he led a team conducting computer crime investigations, incident response, and computer forensics. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this bonus episode, Blake, Sharon Mandell and Mark Kuhr have a discussion about the impact of agentic AI in cybersecurity, focusing on both threats and opportunities. They touch on the rise of AI-enabled cyberattacks and how adversarial and generative AI are being leveraged by attackers, as well as the dual-use nature of AI. How can it can be both a threat and a tool for defenders? Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Jim Langevin, former chair of the Congressional Cyber Caucus and Democratic Congressman from Rhode Island, reflects on his belief that cybersecurity remains a bipartisan issue. He emphasizes the importance of collaboration between government and the private sector, and the potential of artificial intelligence in enhancing cybersecurity.Timestamps:01:05 - About Rep. Langevin04:08 - Building a hacker-friendly congress09:53 - Cybersecurity as a bipartisan issue15:39 - Trying to predict the future19:44 - AI and cyber defenseFind Blake on LinkedInFind Rep Langevin on LinkedIn Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Paul Mote, Vice President, Solutions Architects at Synack, discusses if we're ready to embrace AI in a world of ever-evolving threats. Who will AI help more, attackers or defenders?TIMESTAMPS:00:35 - What is a solutions architect?02:56 - Advancing threats13:32 - Are we ready to embrace AI? 20:58 - What’s real, what’s not?25:03 - Find Paul Mote on LinkedIn Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Lea Kissner, CISO of LinkedIn, describes the dangers of perverse metrics, the importance of phishing-resistant technologies, and the ongoing challenge of recruiting and retaining top talent in the field. Lea also explains how they deal with complex privacy issues at scale every day. Lea and Blake also touch on LinkedIn's efforts to balance security with user privacy preferences, and the evolving threat landscape posed by AI.Find Lea on LinkedInFind Blake on LinkedInFollow WE'RE IN! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Mike Witt, NASA's Senior Agency Information Security Officer and Chief Information Security Officer for Cybersecurity and Privacy, has a long history of public service. In addition to serving 10 years in the U.S. Army, Mike was the director of the United States Computer Emergency Readiness Team (US-CERT) at the Department of Homeland Security and a key cybersecurity official at the IRS. Now, he’s leading NASA’s efforts to secure spaceflight centers nationwide and their missions to the final frontier.Tune in to the latest episode of WE’RE IN! to hear more about how NASA balances its out-of-this-world mission with real-world concerns about cybersecurity resulting from increased activity from other space agencies and commercial interests alike.Listen to learn more about: How NASA responded to the Log4j vulnerabilities revealed in 2021Why the SAISO position was created How NASA’s stellar reputation helps it address the cybersecurity talent shortage Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Lieutenant General Lori Reynolds' (Ret., USMC) career journey from a Naval Academy graduate to a key figure in cybersecurity and information warfare illustrates the progression of military communications and cyber operations. Initially commissioned as a Marine Corps communications officer in 1986, Lori’s career took her from managing traditional radio communications to leading the Marine Corps Cyberspace Command. Tune in to hear how she played an important part in integrating cyber operations into the Marine Corps' combined arms approach and later spearheaded efforts to create a comprehensive information warfighting function.Listen to learn more about: How China's cyber operations have become more sophisticated, quiet and focused on long-term strategic positioningWhy the threat now extends beyond cyberattacks to include technological exports and influence operations How Russia and other state actors are also engaged in hybrid warfare, operating below the threshold of conventional conflict Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The Department of Defense Cyber Crime Center (DC3) operates a Vulnerability Disclosure Program (VDP) that handles critical cybersecurity issues reported by the public, including using an actual red phone for urgent matters. In the latest episode of WE’RE IN!, Melissa Vice, director of DC3’s VDP, describes how they respond to cyberthreats and collaborate with other groups within the center, such as the Operation Enablement Directorate and cyber forensics laboratory. Tune in to hear how the program, which began in 2016 following a successful bug bounty event, has processed over 53,000 reports, 56% of which were actionable, and resulted in nearly 30,000 remediated vulnerabilities.Listen to learn more about:Why VDP has been recognized by the government as a reliable and economical cybersecurity strategy How Melissa and her team handled the notorious Log4j vulnerabilityHow DC3 has explored the use of AI and machine learning to enhance capabilities and scale operations Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Hear from this season’s guests for their thoughts and predictions on AI and cybersecurity. We took sound bites from a range of WE’RE IN! interviewees, whose opinions on AI vary from thinking it’s overblown to being cautiously curious. Tune into this episode to better understand AI’s seismic effects on the infosec industry. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Bill Dunnion, chief information security officer at global telecommunications company Mitel, is well-versed in the critical nature of telecom infrastructure and the devices that support it. He’s also keenly aware of how his role as CISO is under increasing scrutiny from regulators around the world and in Canada, where Mitel is based. In this episode of WE’RE IN!, Bill expresses skepticism about AI, preferring the term "machine learning" for most current applications, but he acknowledges its potential benefits, such as improving threat detection.Listen to hear more about: How Bill's diverse background in telecom, IT, and security has provided him with a well-rounded perspective to approach his CISO roleWhy the integration of voice, data, and collaboration tools in enterprise communications presents new cybersecurity challengesWhy security awareness is crucial for both professional and personal life Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Jen, a former military professional turned hacker, shares her journey into cybersecurity and her experiences with the Synack Red Team in the latest episode of WE’RE IN! She transitioned from fixing security issues to actively seeking vulnerabilities, inspired by her brother and motivated by her experiences at the storied hacker conference, DEF CON. Jen emphasizes the importance of skill development and preparation for women entering the male-dominated cybersecurity field, and discusses her preferred hacking tools and techniques.In this episode of WE’RE IN!, Jennifer gives her take on AI in penetration testing, suggesting it should be used as a tool for initial reconnaissance but not for exploiting vulnerabilities. Listen to hear more about: Why all of Jennifer’s smart home devices’ warranties are voidedHow anyone can be a hacker by following the Open Source Intelligence methodology to find vulnerabilitiesThe importance of producing high-quality work and going above and beyond to gain trust in the pentesting industry Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Sara Mosley, technical director for the Bureau of Diplomatic Security's Cybersecurity and Technology Services, works with the U.S. State Department to help identify threats and potential compromises. In her role, she advocates for a Zero Trust approach that focuses on protecting critical data rather than trying to secure everything equally. She recommends balancing security measures with mission needs to prevent users from circumventing security protocols.In this episode of WE’RE IN!, Sara underlines the importance of collaboration between IT and security teams to adequately protect data and address relevant threats in anticipation of the September deadline for federal Zero Trust compliance.Listen to hear more about:The role of the private sector in adopting Zero Trust frameworks and providing security toolsPreparing for emerging technologies like quantum computing and their accelerated development due to AI advancementsWhy Sara believes hackers will initially benefit more from AI advancements than defenders Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Cybersecurity has a complexity problem. A tangled web of technical, psychological, economic and geopolitical factors enable and motivate malicious actors. Michael Daniel, CEO and president of the Cyber Threat Alliance, is helping public and private organizations decode these complex motivations with information sharing, including the Ransomware Task Force. In this episode of WE’RE IN!, Michael elaborates on his "immune system" approach for the internet, a strategy where threats are quickly identified and neutralized. But this requires robust – and highly trusted – information sharing between groups. Listen to hear more about:The threat assessment for the 2024 Paris Olympics, highlighting potential threats from Russia and AzerbaijanThe need for more resilient software systems that can degrade gracefully rather than catastrophically failMichael’s thoughts on industry diversification and the value of different viewpoints in tackling cybersecurity challenges Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Anand Prakash on cloud security startups and next-gen hacking Anand Prakash, founder of startup PingSafe, shares his insights on building a successful cybersecurity business and his experience as a top bug bounty hunter. He emphasizes the importance of fast execution, accountability and learning from mistakes when growing the company acquired by SentinelOne, where he’s now a senior director of product management. In the latest episode of WE’RE IN!, Anand touches on India's prominence in global tech – particularly in security research and bug bounty programs – and he shares his personal journey into cybersecurity, which began with a curiosity about hacking at a young age in cyber cafes. Listen to hear more about: How bug bounty programs have evolved, with companies now more open to ethical hacking due to increased awareness of data breachesThe viability of government efforts to reduce entire classes of vulnerabilities like SQLiIf AI is effective in improving red teaming and bug bounty hunting Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Ads Dawson, release lead and founding member for the Open Web Application Security Project (OWASP) Top 10 for Large Language Model Applications project, has no shortage of opinions on securing generative artificial intelligence (GenAI) and LLMs. With rapid adoption across the tech industry, GenAI and LLMs are dominating the conversation in the infosec community. But Ads says the security approach is similar to other attack vectors like APIs. First, you need to understand the context of AI-related vulnerabilities and how an attacker might approach hacking a particular AI model. In the latest episode of WE’RE IN!, Ads talks about including threat modeling from the design phase when integrating GenAI into applications, and how he uses AI in his red teaming and application security work. Listen to hear more about: The misuse of AI, such as creating deep fakes for financial gain or manipulating powerful systems like the stock market The role of governments in securing the AI space and the concept of “safe” AIHow the infosec community can contribute to OWASP frameworks Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Integrating security into the product development lifecycle is a tall order for any industry. It’s particularly challenging for healthcare, with its wide range of critical needs from HVAC systems to medical devices. Kevin Tambascio, director of cybersecurity data and application protection at Cleveland Clinic, juggles the need for constant vigilance and staying updated on fast-moving threats to hospitals.In the latest episode of WE’RE IN!, Kevin discusses the importance of compliance and risk assessment, noting that while compliance with rules like HIPAA is crucial, it's equally important to pressure test controls against real-world threats. Ransomware targeting hospital data is the primary threat, while phishing and potential abuse of generative AI also pose significant risks. Listen to hear more about: The benefits of forming an AI task force to enact safe and responsible procedures while enabling clinicians and researchers to explore AI’s potentialEffectively communicating cyber threats to non-technical staff by relating them to potential impacts on patient safety and business operationsApplication security in healthcare; applications often have access to sensitive patient health information and can be potential entry points for cyber threats Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Cybersecurity organizations tend to have unrealistic hiring expectations, according to Tennisha Martin, founder and executive director of the training-focused nonprofit BlackGirlsHack. That can make it hard for would-be candidates to stand out and contribute to solving urgent cybersecurity challenges.In the latest episode of WE’RE IN!, Tennisha unpacks the important work of The BlackGirlsHack Foundation, which provides training resources and cybersecurity education to underserved communities. That includes giving Black children avenues to complete cybersecurity certifications and snag their first jobs in the industry. “Part of the reason why I started BlackGirlsHack was because I was a black girl that was trying to get into cyber security and I was like, hey, I've got a whole bunch of degrees and years of experience and certifications, and if I'm having a hard time, I know that the people who are fresh out of high school, for example, may be having a hard time as well,” she said.Listen to hear more about:How recently reported corporate cutbacks in DEI initiatives are impacting the work of organizations like BlackGirlsHackHow Tennisha came to be nicknamed “mother of hackers”Why gamifying cybersecurity can be key to building the next generation of cyber talent Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

A first-of-its-kind 2016 cyberattack on Ukraine’s power grid was a wake-up call for countries around the world to shore up protection of vulnerable energy resources. Mara Winn, Deputy Director for Preparedness, Policy, and Risk Analysis at the Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response (CESER), is in charge of acting on just that. From securing electric vehicles to safeguarding electric substations, Mara and her team help to ensure the resilience of the energy sector against cyber, physical and climate-based disruptions.Mara takes a holistic approach to risk management, considering both physical and cyber threats. In the latest episode of WE’RE IN!, she cautions against focusing too much on the "flashy object of the day" and describes why she imbues diversity in risk management for the best outcomes.Listen to hear more about: Why early implementation of security measures in product development is necessary for distributed energy resources like solar, wind and battery technologiesHow to educate investors, entrepreneurs and designers about understanding the full risk picture in business decisionsThe role of the National Association of Regulatory Utility Commissioners and the Federal Power Act in defining federal and state responsibilities in the energy system Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Amy Chang, a resident senior fellow for Cybersecurity and Emerging Threats at the R Street Institute, has many tough problems to consider, from election security to adversarial AI attacks to the geopolitical implications of cyberwarfare. In a world rife with hot takes, she pursues a balanced approach to answering these weighty issues—nothing is an assumed outcome. In this episode of WE’RE IN!, Amy provides insights into the potential cybersecurity policies of both the Trump and Biden administrations after the next presidential election, and how AI has the potential for more than just super-powered hacking. In a recently published paper, she and a colleague detailed consequences like inaccurate medical diagnoses or even manipulation of financial markets.Listen to hear more about: The role of cybersecurity in the innovation race between China and the U.S.The effectiveness of “name and shame” tactics more than a decade after the release of Mandiant’s landmark APT 1 report Why bipartisan support for cybersecurity measures may not equate to trust in the election security space Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Dr. Mark Kuhr, a former National Security Agency employee, faced a host of challenges when he co-founded Synack with CEO Jay Kaplan in 2013. As CTO for the security testing company, Mark has led Synack through dramatic growth while working to shift the mindset of some cybersecurity practitioners. For instance, the Synack platform, featuring access to security researchers around the globe, initially faced skepticism—a group of essentially strangers pentesting enterprise networks? Not the most convincing argument for CISOs. But through a trust-but-verify approach, Synack’s take on security testing has risen to prominence in the industry. In this episode of WE’RE IN!, Mark explains how he recruited a community of global top hackers to join the burgeoning Synack Red Team – and what’s at stake as AI capabilities ramp up for attackers and defenders alike. Listen to hear more about:Mark’s predictions about the use of AI for offensive operations, including selecting targets and applying exploitsSynack’s FedRAMP Moderate Authorized status and how other organizations can secure approval to work with sensitive government dataHow the integration of AI in cybersecurity is increasing the pressure on organizations to patch and mitigate vulnerabilities faster Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of WE’RE IN!, Anthony Newman, executive director at Research and Education Networks Information Sharing and Analysis Center (REN-ISAC), highlights the need for protecting research infrastructure in higher education, dealing with credential dumps and monitoring the dark web for potential threats. He also discusses the challenges faced in higher education, such as securing a diverse range of resources, navigating risks posed by a litany of third-party vendors and recovering quickly from breaches. Anthony also digs into the impact of AI in the cybersecurity landscape, emphasizing the need for trust and the potential benefits of automation. Listen to hear more about:How REN-ISAC supports its 700 member institutions within the higher education and research communityThe role of trust and threat intelligence in higher educationThe nature of advanced, persistent threats to research facilities, including China-linked cyberespionage Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Dennis Fisher, editor-in-chief at Decipher, reflects on his journalism career covering cybersecurity for more than two decades in the latest episode of the WE’RE IN! cybersecurity podcast. He began in 2000, covering email before transitioning to security. Soon his focus shifted to vulnerability reporting, including blockbuster bugs in Windows and Internet Explorer. This led to Microsoft's trustworthy computing memo and significant changes in the software industry. Dennis also discusses the challenges of cybersecurity journalism and the importance of democratizing information. Listen to hear more about:The overlap between cybercrime and traditional organized crime and the impact of cryptocurrencyDennis’s interest in crime novels and the challenges of incorporating his background into his own booksThe surprising topic Dennis would cover if he wasn’t focused on security Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Jason Loomis, Chief Information Security Officer at Freshworks, emphasizes the human side of cybersecurity and the importance of effective leadership. New CISOs should make an effort to understand not just existing security controls, but also the team dynamics at any new organization they’re helping to protect. The human element all too often goes unnoticed, according to Jason. In this WE’RE IN! episode, Jason discusses the need for strong communication skills and the ability to engage every employee in cybersecurity practices. Listen to hear more about:Why basic security controls and understanding context are crucial in cybersecurityHow to “sit down, be quiet and listen” rather than try to fix everything immediately in a new cybersecurity leadership role What AI means for the risk of future cyberattacks Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Season 3 Episode 3 Sarah Armstrong-Smith on understanding the attacker mindsetSarah Armstrong-Smith, Chief Security Advisor at Microsoft and a cyber security author, discusses her role in improving cyber postures and staying ahead of threats. She explains how Microsoft uses machine learning in their threat intelligence and what's next with the onset of generative AI. She also highlights the importance of understanding the risks and consequences of AI technology, as well as the need for CISOs to embrace new technologies while ensuring accountability. In this WE’RE IN! episode, Sarah emphasizes the significance of diversity in the cybersecurity workforce and the need for organizations to foster a culture that encourages diverse perspectives. Listen to hear more about:Understanding and addressing the unique cyber challenges of different sectors and countries Balancing the threat landscape with available resourcesThe human aspect of security and understanding the motivations of attackersLinks: Find Sarah on LinkedInFind Blake on LinkedIn Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The financial services industry is among the most sought-after targets for cyberattacks. When malicious actors steal data, it’s often just a means to a cash-rich (or bitcoin) end. Andreas Wuchner, advisor to many security startups and a formative contributor to Switzerland's National Financial Services Information Sharing and Analysis Center, has a thought or two on how to build cyber resiliency in critical banking institutions.In the latest episode of WE’RE IN!, Andreas challenges some status quo ideas in the industry, like: Is there really a cybersecurity talent gap? And he gets real about how AI can help unleash more capacity and productivity for security teams if paired with rigorous cyber standards.----------Listen to learn more about:* Translating cyber for the C-suite* How to achieve cyber resiliency* Forming a worthwhile customer advisory board Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Securing a startup valued in the billions of dollars is no small feat. According to Ryan Kazanciyan, CISO at Wiz, it’s all about process. His previous experience with companies like Mandiant and Meta rounded out his security background. Using his experience from large enterprises, Ryan takes a considered approach to securing a startup.The cloud security company has an existing ethos of security first, so Ryan and his team are equipped to tackle old and new security challenges alike, from run-of-the-mill phishing attacks to sophisticated AI-enabled threats.----------Listen to learn more about:* His time consulting on the hacker TV series Mr. Robot* Ryan’s thoughts on balancing privacy, security and convenience * Lessons from his heavy-hitting cyber career Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Ready to hear from top cybersecurity newsmakers, executives and storytellers? Eager for advice on how to launch a successful cyber career? Curious about hacking threats that seem to grow more menacing by the day? Get ready for Season 3 of WE'RE IN!Hosted by Synack's Head of Communications and longtime cybersecurity journalist Blake Thompson Heuer (Sobczak), WE'RE IN! takes you inside the brightest minds in cybersecurity for unique insights and colorful stories from the front lines of our digital transformation. Don't miss the latest season of this breakout podcast, sponsored by Synack! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The next generation of cybersecurity leaders have a vision for the future of cybersecurity. Facing advanced nation-state threats, the breakneck speed of tech innovation and a deluge of zero days, Lauren Zabierek is moving the dial on workforce diversity to tackle these challenges. Lauren, senior policy advisor for Cybersecurity and Infrastructure Security Agency and co-founder of #ShareTheMicInCyber, is also helping organizations “shift left” by integrating security principles into the innovation process. Don’t miss the latest episode of WE’RE IN! to hear Lauren’s insights into why cybersecurity job descriptions are broken and how talking to everyday people can build the pipeline of cyber talent.----------Listen to learn more about: * Which cybersecurity story she’d like to see made into a Christopher Nolan movie* Why she believes “diversity is national security”* How she ended up with Ms. magazine bylines Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Pentesting is in Jeremiah Roe’s DNA. He has worked for a traditional pentesting consultancy, conducted clever physical penetration tests over the years (as documented in his episode on the Darknet Diaries podcast), and he now finds himself at the cutting edge of security testing as field CISO for North America at Synack.Jeremiah is a fan of escape rooms and brings his creativity and strategic thinking to some of the cybersecurity industry’s toughest challenges. Don’t miss the latest episode of WE’RE IN! to hear Jeremiah weigh in on topics such as:----------Listen to learn more about: * Budding API security challenges and how to address them* Techniques for transitioning from the armed services to a role in cybersecurity* How to think like an attacker to conquer high-risk vulnerabilities Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The operational technology (OT) computer networks that support life as we know it are increasingly coming under threat. But despite the proliferation of malware aimed at critical infrastructure, Danielle Jablanski isn’t running for the hills. As an OT cybersecurity strategist for Nozomi Networks, Danielle helps critical infrastructure organizations understand and prioritize digital risks, whether they stem from a lack of visibility into industrial environments or a sophisticated cyberattack from a foreign nation-state. Don’t miss the latest episode of WE’RE IN! to hear Danielle’s insights into industrial control systems (ICS) risk management, including the recently disclosed COSMICENERGY ICS-focused cyberthreat. ----------Listen to learn more about: * What makes the ICS security field “niche but not nebulous”* How Danielle’s background in nuclear weapons policy informs her approach to cyber incident planning* Why so few critical infrastructure operators know where equipment with known vulnerabilities may exist on their networks* Hacking satellites in space Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Application programming interfaces (APIs) are taking over the internet. APIs now make up 83% of internet traffic because they help applications communicate with each other via API calls. And they’re a critical threat vector for companies. Corey Ball, author of “Hacking APIs,” saw the API takeover happening and realized there was a gap in security training and tactics. He founded APIsec University, which offers online courses to help level up the infosec community’s API security testing skills. APIs are essentially direct links to a company’s database, a valuable target for a malicious actor, and their flaws can be difficult to detect without proper documentation and thorough analysis. Security teams are just getting started tackling API security and Corey outlines how they can get started and which executives, including the board of directors, need to be aware of their API attack surface. ----------Listen to learn more about: * His favorite API vulnerability * Why generic security scanners can’t detect API security flaws * The future of API security Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Power and energy security strategist Emma Stewart is always on the lookout for what’s next in the U.S. electric grid, whether that be an influx of renewable energy or cyberattacks by malicious hackers. Her engineering background helps her understand how things work so she can break them to build them again, but stronger. Emma has announced she’s joining Idaho National Laboratory as Chief Power Grid Scientist and Research Strategist in the lab’s National and Homeland Security Directorate, putting her on the forefront of efforts to keep Americans’ electricity networks resilient in the face of cyberthreats. Emma previously worked as Chief Scientist for the National Rural Electric Cooperative Association, which represents the nation’s roughly 900 non-profit electric co-ops. Because rural infrastructure can lack the same level of funding or support compared to bigger electric companies, she often had to puzzle over how to fortify distributed resources from nation-state cyberthreats.----------Listen to this episode to hear more about: * How cyber mutual assistance programs can help level the playing field in the fight against adversaries * Emma’s cancer survivorship * Takeaways from the S4 industrial cybersecurity conference in Miami Beach, where Emma was a speaker Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

As Chief Information Security Officer for NYC, Kelly Moan is on the front lines protecting New Yorkers from the latest cyberthreats. She juggles everything from implementing zero-trust security models to helping state agencies fend off sophisticated hacking attempts. Don’t miss the latest episode of WE’RE IN! in which Kelly opens up about her professional history and shares tips for anyone interested in supporting their own communities through pursuing a career in cybersecurity. Her office has worked to foster the next generation of cyber talent through efforts like the New York City Cyber Academy program. “The really amazing thing about the profession in general is you don't need a degree,” Kelly says. “If you have access to the internet and you have access to a technology product like a mobile phone, a laptop– there's so much out there and open source that, if you really want to, you can start learning.”-------Tune in to hear more about: * Why cloud security is such a top-of-mind concern for CISOs * New York’s first-of-its-kind Joint Security Operations Center* Kelly’s approach to ensuring “diversity of experience” in the infosec field Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Hacker Cris Thomas – better known by his old bulletin board system handle Space Rogue – has witnessed the infosec community grow from a hodgepodge network of hacking collectives to a multibillion dollar industry. Space Rogue was a member of the L0pht Heavy Industries hacker group that made its name poking holes in premier products from burgeoning tech giants like Microsoft and Oracle. Now Global Lead of Policy and Special Initiatives at IBM, he is also author of a new memoir recounting his experiences from the “magical hacker scene” of the 1990s, Space Rogue: How the Hackers Known As L0pht Changed the World. In the latest episode of WE’RE IN!, Space Rogue shares his side of the story from L0pht’s influential May 1998 testimony before Congress, in which the hackers warned of glaring security vulnerabilities that remain relevant to this day. --------Tune in to hear more from Space Rogue on: * Tales from early meetings of the famous hacker quarterly 2600 * The value of college versus certifications for anyone seeking to launch an infosec career* The fragility of the modern internet Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Morgan Adamski wants to talk to you about cyberthreats. As chief of the National Security Agency’s Cybersecurity Collaboration Center, she’s responsible for bringing highly sensitive threat information out from behind the walls of Fort Meade and onto the desks of defense industry leaders who can use it. In the latest episode of WE’RE IN!, Morgan shares how she helped build the CCC into a vital public-private conduit for cyber intelligence, rewriting existing NSA operating models along the way.“We knew that it was important to be able to have this type of direct engagement, because we knew the only way to really counter a nation-state actor is to get ahead of it,” Adamski said of the CCC’s “fast and furious” history. --------Tune in to hear Adamski’s thoughts on: * Strategies for getting more women involved in the cybersecurity field * The Biden administration’s new National Cybersecurity Strategy* The importance of being part of something bigger than yourself Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In Nicole Perlroth’s blockbuster 2021 book, “This Is How They Tell Me the World Ends,” the former New York Times journalist conveys cybersecurity experts’ mounting anxiety about increasingly dangerous digital threats. From spyware to ransomware, the black market for cyber tools that skirt the law is lucrative and often poorly understood. Nicole points to catastrophic cyberattacks like NotPetya, a 2017 ransomware look-alike that attempted to obliterate Ukraine’s critical infrastructure before causing billions of dollars in damages worldwide. But even with geopolitical tensions now at a fever pitch, Nicole, now a cybersecurity advisor and investor, explains why “mutually assured digital destruction” has so far helped stave off major attacks on U.S. critical infrastructure. ---------Also covered in the podcast: * The importance of educating board members about cybersecurity * What constitutes a cyber weapon* Why Nicole is optimistic about the future of ransomware Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Hudney Piquant kicked off his cybersecurity career working for a startup out of a garage in Michigan. He has since uncovered critical vulnerabilities as a Synack Red Team member, joined Synack full time as a solutions architect and been honored with a Most Inspiring Up And Comer award by CyberScoop last fall. Tune into the latest episode of WE’RE IN! to hear Hudney share his insights into getting started with the Synack Red Team, the importance of mentorship in the cybersecurity community and his “sixth sense” that helps him to find creative workarounds for tough security challenges. ---------More topics covered in the podcast:* Why we haven’t seen the last of the blockbuster Log4j vulnerability * The importance of applying an adversary’s perspective on your networks* How to build trust among professionals skeptical of ethical hackers Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the latest episode of WE’RE IN!, Selena Larson shares insights into malicious hackers and scammers she’s tracking as senior threat intelligence analyst for Proofpoint. Business email compromise, ransomware, sextortion, multi-factor authentication bypass techniques – dealing with the onslaught of modern cyberthreats “is very much like playing whack-a-mole,” she said. By unpacking attackers’ motivations and psychological profiles, defenders can train themselves and their teams to avoid falling into common traps. -------More reasons you should listen: * Hear Selena discuss what makes threat intelligence actionable, versus extra noise for a SOC* Find out about an alarming cyber espionage campaign that recently targeted journalists* Learn why Selena despises evil TOADs – “telephone-oriented attack delivery” attacks Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Philanthropist Craig Newmark is most famous for founding the classifieds site Craigslist nearly 30 years ago. But he’s recently earned praise in the cybersecurity community for pledging $50 million in early 2022 to support a cyber civil defense initiative through his namesake philanthropy. On the latest episode of WE’RE IN!, hear Craig describe what he means by cyber civil defense and listen to his candid thoughts on everything from quantum computing to the dangers of state-sponsored disinformation campaigns. He also shares insights into the philanthropic strategy driving many of his contributions to the field of cybersecurity and continuing education.----------Tune in to hear more about: * Challenges in fostering collaboration across the cybersecurity community, from the White House to organizations like the Aspen Institute’s Cybersecurity Group* How a “cybersecurity nutrition label” could empower consumers * Craig’s participation in the Whole Earth 'Lectronic Link, one of the oldest virtual communities Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Journalist Andy Greenberg is no stranger to the murky world of cryptocurrency. The senior writer for WIRED and longtime cybersecurity journalist was one of the last reporters to interact with pseudonymous Bitcoin founder Satoshi Nakamoto before they evidently ceased communications. In his new book, “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency,” Andy follows the gripping story of IRS special agent Tigran Gambaryan as he follows the money to zero in on some of the most mysterious and monstrous criminals in the cyber underground. -------Don’t miss the inaugural episode of WE’RE IN! Season 2 to hear more from Andy on: * How Tigran joined forces with expert investigators and cryptographers to jettison misconceptions about the anonymity of major cryptocurrencies, exposing alleged criminal masterminds in the process* The genesis of successful crypto tracing and analysis firms like Chainalysis* The twisted motivations of those who founded infamous dark web emporiums like AlphaBay and Silk Road-------Links: * https://andygreenberg.net/* https://www.wired.com/* https://www.synack.com/* https://readme.security/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Ready to hear from top cybersecurity newsmakers, executives and storytellers? Eager for advice on how to launch a successful cyber career? Curious about hacking threats that seem to grow more menacing by the day? Get ready for Season 2 of WE'RE IN! Co-hosted by Synack security operations engineer Bella DeShantz-Cook and longtime cybersecurity journalist Blake Sobczak, WE'RE IN! takes you inside the brightest minds in cybersecurity for unique insights and colorful stories from the front lines of our digital transformation. Don't miss the latest season of this breakout podcast, sponsored by Synack! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Application security maven Tanya Janca – AKA SheHacksPurple – is an accomplished author, pentester and onetime music festival organizer. But she’s perhaps best known as the founder of We Hack Purple, a community of security professionals dedicated to sharing useful cyber information including coding trainings and coursework. (Dynamic application security testing Bright Security acquired We Hack Purple earlier this year, bringing its own approach to the “shift left” dilemma of moving cybersecurity earlier in the software development cycle.)Tanya has spent much of her career in cybersecurity and IT empowering others to strengthen their own skills. With We Hack Purple, she built a community from the ground up, and she’s organized plenty of security talks and capture-the-flag tournaments along the way. Computer science can be a nebulous, wide-ranging field – Tanya has further helped people zero in on what they should focus on learning in the wide world of cybersecurity. -------Tune into the episode to hear more on: * The story behind Tanya’s bestselling book, “Alice and Bob Learn Application Security” * The qualities that make a good pentester: “You have to be very determined and detail oriented,” as Tanya put it* #cybermentoringmonday and the value of professional mentorship -------Links: * https://wehackpurple.com/* https://brightsec.com/* https://www.synack.com/* https://readme.security/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.