WE'RE IN!

Melanie Teplinsky fell in love with cryptography at an early age, which led her to landing her first job at the National Security Agency at 16. From there, she found her niche in cybersecurity at the intersection of technology and the law. As a senior fellow at American University in the Law Tech, Law, and Security Program, Melanie helps craft cybersecurity policies that scale and attempt to solve big, societal problems. First, she has to understand how cybersecurity technology and models, such as zero trust, are implemented at companies and organizations of all sizes. Then, she applies those principles to existing laws and government mandates to understand the pitfalls and gaps. Between her early start in cyber and national policy-making, Melanie has a unique perspective to share with the infosec community. Listen to the episode to hear more about: * How cybersecurity policy can transform small- and medium-size businesses’ approach to zero trust * Why protecting innovation efforts at universities and small companies is paramount for the cybersecurity industry* The positive outcomes from collaboration between the public and private sectors Links: * https://www.wcl.american.edu/impact/initiatives-programs/techlaw/our-team/melanie-teplinsky/* https://www.atlanticcouncil.org/in-depth-research-reports/report/cybersecurity-for-innovative-small-and-medium-enterprises-and-academia/* https://www.synack.com/* https://readme.security/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Zinet Kemal is an infosec powerhouse. After emigrating from Ethiopia to Minnesota with her husband, she started her life over. She left behind her community and career as a lawyer and dived into the world of information security. She has since become a children’s book author and works as a cloud security engineer for Best Buy, while raising her four kids and completing her master’s degree in cybersecurity from Georgia Tech University. In the latest episode of WE’RE IN!, Zinet shares how she published two children’s books during the pandemic, “Proud in Her Hijab” and “Oh, No ... Hacked Again!: A Story About Online Safety,” and about her work with Black Girls in Cyber. Listen to the episode to hear more about: * How you can teach kids (and grandparents) about cybersecurity *Zinet’s journey from immigrant to best selling author *The power of diversity in cybersecurity Links: *https://zinetkemal.com/*https://www.synack.com/*https://readme.security/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Sean Zadig has plenty to be paranoid about. The internet is a frightening place, and Yahoo’s Paranoids–the name for the company’s infosec team–have their work cut out for them protecting Yahoo’s more than one billion global users.As vice president, chief information security officer and “Chief Paranoid” for Yahoo, Sean is charged with keeping sensitive company data safe from an onslaught of cyberthreats, working collaboratively across all Yahoo’s media and technology brands.In the latest WE’RE IN! episode, Sean speaks to the need for balance in security messaging and shares how he addresses risks like Log4j. It takes patience and finesse to build a strong culture of security in any organization, let alone a global tech and media company with thousands of employees. “It's important to not shame people, so you don't want to say, ‘how could you miss this?’ Or, ‘what happened? Why, why did you commit that code?’” Sean says. “Instead, we use it as a learning experience.” Tune in to discover how Sean keeps Yahoo on the right track and hear more about:* Yahoo’s approach to bug bounties and pentesting* His unlikely path to security leadership– “It was never my career aspiration to become a CISO”* Sean’s focus on examining what motivates the attackers targeting Yahoo every day Links: * https://www.yahooinc.com/technology/paranoids-blog/* https://www.synack.com/* https://readme.security/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Four years ago, Jack Rhysider quit his job as a security engineer to move full time into the storytelling business. His podcast, Darknet Diaries, now boasts tens of millions of total downloads and has explored cybersecurity topics from Stuxnet to the collapse of cryptocurrency exchange Mt. Gox.Building Darknet Diaries into a successful show was no cakewalk. In the latest episode of WE’RE IN!, Jack shares his experience putting on a great podcast, from ideation and guest selection all the way to monetization and fielding calls from Hollywood producers.“Don’t think about how big of an audience you have,” he said. “You need to find the right person in your head, of who would love this show, and just deliver it to them in a great way.”---------Even if you’re not a podcast creator, there are plenty of reasons to listen:* Glean Jack’s insights into the creative process, including the importance of self-reflection and listening with “fresh ears”* Hear how he navigates constant deadline pressure while avoiding burnout* Learn the secrets behind the most suspenseful moments in any great story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Tracy Maleeff led a successful career transition into the tech and cybersecurity world nearly seven years ago. Now a security researcher with the Krebs Stamos Group, the former librarian still uses her hard-won open source intelligence skills to sort through a deluge of cybersecurity information for clients and for subscribers of her free InfoSecSherpa news roundups.In the latest WE’RE IN! episode, she speaks to the importance of having diverse perspectives at the table when it comes to cybersecurity and warns of a disconnect between tech hiring managers and HR departments.“Companies keep hunting for unicorns when they really just need to pay attention to the squirrels at the base of the tree,” Maleeff said.---------Here are a few more reasons to listen:* Discover Tracy’s tips for breaking into the cybersecurity industry from other professions: She once helped a mechanic launch a career in pentesting* Learn how she’s used Twitter to advance her own cybersecurity career* Hear about out her favorite episode of Keeping up with the Kardashians – and yes, there is an infosec connection!---------Links:* https://infosecsherpa.medium.com/* https://www.ks.group/* https://www.synack.com/* https://readme.security/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Beau Woods knows firsthand how every moment counts when it comes to medical cybersecurity. He launched his career in a hospital, where it wasn’t always possible for doctors to punch in complex passwords or spare a second thought for cybersecurity. Beau went on to found I Am the Cavalry, a group of cyber ambassadors dedicated to improving the security of devices ranging from pacemakers to connected door locks.In his current role as senior advisor for the Cybersecurity and Infrastructure Security Agency, Beau helps fill gaps in U.S. cyber defenses by boosting organizations that may not have the resources or knowledge needed to secure critical connected equipment like insulin pumps.“If you can get ahead of things and help them to build better procurement processes, help them to identify more securable technologies that have better business models, that will have greater longevity, then you can stop the flow of inbound, insecurable devices and – over the next decade or two – eventually that cyber hygiene tide line can rise,” he said in this episode of WE’RE IN!----------Here are a few more reasons to tune in:* Learn Beau’s tips for making cybersecurity issues more engaging, from gamification to building empathy* Hear about his unconventional career path from psychology to security* Build awareness on the state of healthcare cybersecurity and CISA’s role in government----------Links:* https://www.cisa.gov/* https://iamthecavalry.org/* https://www.synack.com/* https://readme.security/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Dragos CEO and founder Robert M. Lee has been talking about cybersecurity risks to critical infrastructure long before threats to utility operators and water plants were making headlines. In this episode of WE'RE IN!, he discusses the ongoing dangers to the grid from nation-state hackers and ransomware gangs, but also the progress the U.S. is making to better secure its most vulnerable assets. And there's also a great conversation about pay transparency that anyone working in infosec will want to hear. A few more reasons to listen:*It's a candid and sobering interview with one of the world's leading experts on industrial cybersecurity.*You might be surprised how Dragos approaches pay transparency, hiring and job interviews. *Better understand how critical infrastructure operators should approach cybersecurity differently from enterprise technology. Key quotes:* "If you are an oil and gas pipeline or a manufacturing company, and you haven't had ransomware scenarios at a board level with an understanding of what you're doing specifically in OT, your liability and your lawsuit is going to be bad."* "One hundred percent of our engineers are in the United States. We don't outsource anything where they're related to our product, because if we're deploying software into nuclear power plants and similar, I'd like control of the supply chain."* "We've been talking about cyber at a presidential, international leader, board level for a long time. But they never knew they needed to differentiate between IT and OT. And now they're realizing all the resources have been spent on the non-revenue generating side of the business and they're going, "Holy crap! What's our OT cybersecurity strategy?" Links:* https://www.dragos.com/* https://www.synack.com/* https://readme.security/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Jim Manico is full of opinions. The founder of Manicode Security has advice on how to use the OWASP Top 10, on secure coding and especially on the OWASP Application Security Verification Standard (ASVS). He has advice for people starting out in security and all around thoughts on what it means to be a decent person. Jim is definitely one of those! He's also an educator, author, investor and entrepreneur. There are so many reasons to listen to this episode. Here are just a few: * Hear from one of the leading educators focused on helping developers code securely. * Learn more about all the important projects and initiatives happening at OWASP.* Get Jim's perspective on how organizations can best implement DevSecOps. Key quotes: * "Honestly, you shouldn't be basing a security program on the OWASP Top 10. The Top 10 is meant for one purpose only: awareness. This is not just my opinion. This is actually codified in the introduction of the Top 10."* "Being a decent human being, being a community supporter, trying to help people out, giving free talks: you can call it being a decent person, but it's also a good life and business strategy."* "Learn how to f-ing code. And you don't have to be an expert at it. You don't have to be a software engineer, but if you're an IT professional and you don't even understand the basics of coding, it's going to limit your capability because the best pentesters I know write scripts." Related links:* https://manicode.com/* https://owasp.org/www-project-top-ten/* https://owasp.org/www-project-application-security-verification-standard/* https://www.synack.com/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Alex Holden has a knack for tracking Russian cyber criminals. The Ukrainian-born cybersecurity expert understands what it takes to infiltrate ransomware outfits, learn their secrets and help organizations protect themselves against their tactics. Beyond that, his firm is responsible for detecting some of the biggest breaches in recent history. In this episode, Alex talks about his approach to tracking the world's most notorious criminal hackers, the current cyber threat in Eastern Europe and his own journey from Kyiv to the American midwest. Why should listen:* Get the inside story of how the Conti ransomware gang and other Eastern European cybercrime syndicates operate.* Hear about how the current Ukrainian War could shift the cyber threat landscape.* Discover how one of the leading threat intelligence researchers uncovered some of the biggest data breaches in history.Key quotes:* "Russia knows how to wage cyber warfare. And they continuously keep showing us that they can ... So I think Russia is in [a] very powerful position to flex their cyber muscle to do damage."* "We are watching a huge change in the cybersecurity threat landscape in Eastern Europe. Ukrainian cybercrime is not dead. They're still doing certain things in the western part of Ukraine. Some of them are moving into Eastern Europe ... The same is happening in Russia. Cyber criminals are afraid that the recent crackdown of the Russian government against them will continue." * "If you are at all interested in threat intelligence or in cybersecurity, I would recommend sitting down and reading [the Conti leaks] because you're going to see how the real criminals work, how they think, how they evolve and how the everyday gang works."Links:* https://holdsecurity.com/* https://www.synack.com/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

There's a flood of cybersecurity news as a result of the Ukraine War as well as Washington's recent efforts to compel organizations to report cyberattacks to federal officials. In this episode, Trey Herr and Emma Schroeder of the Atlantic Council’s Cyber Statecraft Initiative break it all down. They explore the consequences of an escalating digital battlefield in Europe, whether a hack could bring NATO into the war and strategies for creating more consensus within the tangled and complicated realm of cyber policy. Why you should listen:* Understand what's at stake as cyber warriors do battle on both sides of the the Ukraine War. * Lean about some potential consequences of a destructive hack in Europe and whether that could even draw NATO into the war.* Hear what Washington is doing to obtain better insights and actionable intelligence that could improve cybersecurity defenses. Key quotes:* "Cybersecurity generally is not a good state of affairs. So I think we are going to see some regulatory changes that make it much harder for certain classes of companies to operate because they've grown up around this inefficient system."* "The physical military invasion [into Ukraine] has not necessitated sophisticated cyber support from the Russians. What's been more important in the information space is misinformation [and] disinformation."* "You've got a lot of [outside hackers] tripping over systems to try to find some kind of way in to do something. And the challenge is that's not really strategic. You don't have any of these groups plugged into the target selection and intelligence collection processes that Western agencies have."Links:* https://www.atlanticcouncil.org/* https://www.atlanticcouncil.org/programs/scowcroft-center-for-strategy-and-security/cyber-statecraft-initiative/* https://www.atlanticcouncil.org/thecybermoonshot/* https://www.synack.com/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Gabriella Coleman, a Harvard University anthropology professor, describes how she immersed herself in hacker culture and eventually became embedded in the shadowy and mercurial world of Anonymous, the hacktivist collective she chronicled in her 2015 book, "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous." This is such a fascinating episode that explores the often misunderstood history of hacking and how many in this community went from outside agitators to mainstream security researchers.-------Why you should listen:* Get a better understanding of the history of Anonymous and the role it played in shaping online protests and whistleblowing.* Hear about some of the earliest hacking communities such as the free software hackers and efforts to archive their early writings and magazines.* Get an anthropological perspective on how hackers have evolved from the fringes of the tech world to among the most influential voices in cybersecurity.-------Key quotes: * "There's now a new narrative that there was a single founder of Anonymous, the trolls and the early hacktivists. And that's just wrong in terms of historical record."* "I'm not surprised that hackers were at the forefront of establishing the protocols for the security industry."* "The moment you cower, the moment you're not willing to speak up, that's the minute that I think ... the hacker spirit is dead and can't be effective in initiating change."-------Links:* https://www.synack.com/* https://gabriellacoleman.org/* https://datasociety.net/library/wearing-many-hats-the-rise-of-the-professional-security-hacker/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, Micah Hoffman talks about his career in Open Source Intelligence (OSINT) and the value it has for investigations, cybersecurity and understanding how information is weaponized. He also gets into strategies for safeguarding personal privacy in the face of increasing digital surveillance. This episode will have you thinking twice about what you post on social media!Why you should listen:* Hear from one of the leading Open Source Intelligence researchers working today.* Learn about the value of OSINT for offensive and defensive cybersecurity.* Get a better understanding of all the privacy risks from fitness trackers, apps, shopping online and social media. Key quotes:* "OSINT is a reconnaissance skill. It's all about that preparation work that needs to be done before you do anything in cyber, whether it's attacking or defending." * "Once things are on the internet -- or once things are even collected, not necessarily on the internet -- you've lost control of it."* "The reality is that we give up our privacy every single time we use an app, every single time we choose to purchase something."Links:* https://www.spotlight-infosec.com/* https://osintcurio.us/* https://www.synack.com/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Nicolas Chaillan, former Air Force Chief Software Officer, resigned from the DoD over frustrations with what he called a lack of innovation, collaboration and agility. He gets into those issues and talks about how the U.S. can invest more in technology to compete with China in artificial intelligence and cybersecurity. ---------Why you should listen:* Nicolas offers a candid and controversial view of the military's approach to the growing technological threat from China.* He outlines his view for a Pentagon that is more agile, collaborative and competitive. * Hear from a former DoD insider about some of the institutional barriers that can hinder innovation and software advancements. ---------Key quotes:* "In 10, 15, 20 years from now, America as we know it and the value we have and the freedom we enjoy will be at risk of going away if China dominates in AI like they are doing now."* "TikTok is effectively an intelligence weapon of China on US citizens right now."* "We don't see a lot of training and implementation of Agile at all in the DoD, which really leads to the inability to move at the pace of relevance and tremendous waste of taxpayer money."---------* https://www.synack.com/* https://www.linkedin.com/in/nicolaschaillan/* https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-chaillan/* https://ama.preventbreach.com/register Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, Phillip Wylie talks about his journey from pro wrestling to pentesting and what motivated him to start teaching, mentoring and giving back to the infosec community. It's an inspirational story for veterans in the field and newbies alike. Phillip not only talks about his work helping others get started in ethical hacking, but the value of truly understanding the mind of the adversary. -------Why you should listen:* Phllip's story is both educational and inspirational -- worthwhile for anyone interested or involved in cybersecurity. * Learn something from one of the most prolific cybersecurity speakers and educators. * Get a better understanding of ethical hacking and the value of offensive security testing.-------Key quotes:* "Once you learn how to pentest, your whole world changes."* "For people that have been in the industry for a while, listen to the new folks. I learned a lot from my students."* "If you can help people succeed, that's even more rewarding than personal success."-------Links:* www.synack.com* https://twitter.com/PhillipWylie* https://www.youtube.com/c/ThePwnSchoolProject* https://www.itspmagazine.com/the-hacker-factory-podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Kim Zetter is a former staff writer at WIRED and author of the seminal cybersecurity book “Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon.” Her work has appeared in The New York Times, POLITICO, The Washington Post and regularly in her Substack newsletter, “Zero Day.” In this episode, Kim talks about her approach to reporting, what sparked her Stuxnet investigation and how the discovery of that malware fundamentally altered our global cybersecurity conversation.Why you should listen:* Hear from one of the most influential and knowledgeable journalists writing about cybersecurity today.* Get her take on some of the biggest security stories of 2021 such as Colonial Pipeline and the Pegasus Project.* Learn more about the key policy debates around election security and critical infrastructure protections.Key Quotes:* “Stuxnet really helped shine a light on industrial control systems as a target.”* “We focus too much on the stuff that makes the headlines and completely ignore the innocuous things that you’re downloading onto your phone .... Those things are spying on you, as well.”* “The Obama administration was the first administration to [make] cyber a priority, but they didn't really put critical infrastructure as a priority in the sense of using the government's weight to force security on critical infrastructure. We're actually only seeing that in this last year … in the wake of Colonial Pipeline.”* “When we saw Russia trying to interfere in 2016, that woke up DHS that someone, somewhere needed to have some kind of influence over election officials.”Links:* www.synack.com* https://zetter.substack.com/* https://www.nytimes.com/2018/09/26/magazine/election-security-crisis-midterms.html Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Defense Digital Service Acting Director Katie Olson heads up a team of about 80 technologists working on some of the toughest challenges facing the U.S. Department of Defense. Since Katie started leading the team, often called the Pentagon’s “SWAT team of nerds," it has increasingly focused on the threat from drones, cybersecurity risks in space and the consequences of climate change. In this episode, Katie talks about this cutting-edge work, how DDS helped the Pentagon reduce the impact of COVID-19 and what big issues her team will tackle next. -------Why you should listen:* Learn about some of the most cutting-edge work going on inside the Pentagon.* Better understand emerging threats such as drones and risks associated with climate change.* Hear how DDS helped the military rapidly deploy technology to reduce the spread of COVID-19.-------Key Quotes:* "What I've seen shifting in my time here is making security researchers the good guys."* “Facilitated by the pandemic, we are seeing just increased awareness and attention to cybersecurity.”* “It would be better for us to check our defenses first before we have some kind of major breach.”* “For those white hat hackers who want to contribute to national security, [there’s] a huge opportunity.”-------Related Links:www.synack.comhttps://www.dds.mil/https://www.synack.com/blog/3-years-of-hack-the-pentagon/https://www.usds.gov/projects/hack-the-pentagon Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Earlier this year, the Electronic Frontier Foundation named Matt Mitchell, founder of CryptoHarlem, one of its 2021 Pioneer Award winners for his groundbreaking work to protect Black communities from surveillance. In this episode, Matt talks about what led him to apply his hacking skills to social justice causes and how that led to his role today as a Technology Fellow for the BUILD program at the Ford Foundation. Matt also discusses what Twitch can do to safeguard creators and the steps anyone can take to better protect themselves online. --------Why you should listen:* Hear from a hacker working on the frontlines of today’s most important racial justice issues.* Better understand the state of digital surveillance in Black communities.* Hear about what steps platforms such as Twitch can take to better protect creators.* Learn the three things everyone online should do to better protect themselves on the internet.* Discover where “Mr. Robot” placed an elusive CryptoHarlem Easter egg.--------Key Quotes:* “It's really about taking the skill that we have and applying it toward something bigger than yourself.”* “Under the lens of a surveyor, who’s always looking for wrongs, you’ll find what you’re looking for all the time.”* “We sometimes confuse public safety with surveillance.”* “I'm pretty realistic. If you look at the number of cyberattacks that came from sticky notes on personal computers, it’s zero. But don’t put a sticky note on the nuclear codes.” --------Related Links:* Synack.com* https://www.cryptoharlem.com/* https://www.fordfoundation.org/* https://calyxinstitute.org/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Alyssa Miller, Business Information Security Officer at S&P Global Ratings and author of the forthcoming book, “Cyber Defenders' Career Guide, is one of the most provocative, unfiltered and interesting voices in the cybersecurity community. She’s essential reading on infosec Twitter and a regular draw at conferences around the world. In this episode, she dives into all sorts of issues in the cybersecurity community, from incoherent job postings to a lack of diversity—she covers it all. Tune in to find out how you can best address these problems and also learn how to reach out of your comfort zone and forge your own path to success. --------Why you should listen:* Figure out why most cybersecurity job postings “suck” and how the industry can help fix the issue.* Learn how to address key issues that come up during a cybersecurity job hunt.* Identify how to maximize opportunities for personal growth and realize your potential in the infosec community.* Understand how to be a better ally to underrepresented groups in the cybersecurity community.* Hear about the value of diversity and inclusion in cybersecurity. --------Key Quotes:* “Read the narrative at the beginning of the job description. If that sounds like something you can do and something you can learn and grow in, apply. The very worst thing they can do is tell you no."* "The difference between you experiencing success or not is in how you respond to opportunities. Do you take those moments and go after them or do you let them go by the wayside."* “If we want to be better at cybersecurity, having diversity matters.”* "You don't get diversity of thought by having 20 heterosexual white males sitting in a room talking about how to build cybersecurity defenses."--------Related Links:* Synack.com* https://www.synack.com/lp/cloud-security-solutions/*https://twitter.com/AlyssaM_InfoSec?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor* https://alyssasec.com/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, Stephanie Wong, head of Google Cloud Developer Engagement, explores Google’s security culture, why it conducts “blameless” postmortems after security testing and how it’s working to dispel lingering misconceptions about the cloud. She also talks about her journey in Silicon Valley and how her experiences winning pageants such as Miss Asian North America 2020 helped her become one of today’s most visible technology content gurus. Why you should listen:* Learn how to build an effective cybersecurity culture within your organization.* Get the inside scoop on the security precautions that Google takes with its physical data center.* Hear about what Google is doing to overcome misperceptions about cloud security.* Figure out how to conduct security postmortems the Google way. * If you don't know about the "pancake principle," you'll find out why it matters, and how it can work for you. Key Quotes:* "It's become really clear that remote work will be a very defining characteristic of the new normal and modernizing security is going to be imperative."* "Our teams are really horrified by network-based security because network-based security is hackable, even with two factor authentication."* “It's all about empowering [users] so that they can be the ones to flag suspicious activity, websites, and phishing in emails."* "Being in Silicon valley, we're often in a bubble where we assume that a lot of people already understand the value of [the cloud] and how it can actually increase your security posture overall."* "It's all about blameless postmortems and a blameless culture. No pointing fingers. If something goes wrong, it's all about how can we improve it." Related Links:* Synack.com* https://www.synack.com/lp/cloud-security-solutions/* https://twitter.com/stephr_wong * https://bit.ly/2Vkckh5 (Stephanie’s Youtube Page) * https://www.stephrwong.com/about Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Cory Doctorow, activist, journalist, and author who wrote the influential Little Brother cyberpunk series, gets into some big issues like surveillance capitalism and his work with the Electronic Frontier Foundation. He doesn’t hold anything back.--------Why you should listen:* Hear from one of the smartest and most engaged technologists today on how technology can be used both for malicious purposes or for good.* Consider how bias can be built into code and have real-world implications. * Listen to Cory’s view on tech monopolies and his proposals for reversing their power over users and the internet more broadly.* Better understand why independent security research might seem counterintuitive to many people. * Hear the author of one most influential cyberpunk series discuss the origins of his latest book, Attack Surface.--------Key Quotes:* “Wishful thinking isn’t going to solve real-world technical security issues.”* “It’s so important that we build safeguards against our own frailty.”* “Tech has become a kind of dangerous monoculture ...technologically dangerous because a breach or a defect in a system has consequences for hundreds of millions, if not billions of users.”* “Monopoly is a really bad tool for protecting privacy because monopoly only protects privacy where privacy is in the interests of the monopolist.”* "We should hold everyone to account for being good privacy actors by having a privacy law -- a real, no fooling privacy law."* "One of the things that we need to take consideration of is that the security apocalypse is here. It's just not evenly distributed."--------Related Links:* Synack.com * https://www.linkedin.com/company/synack-inc-* https://twitter.com/synack* https://craphound.com/* https://pluralistic.net/* https://twitter.com/doctorow Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, Nick Merrill, a research fellow at the UC Berkeley Center for Long-Term Cybersecurity, makes a cybersecurity case for nationalizing major CDNs such as Cloudflare, issues some pretty stark warnings about the dangers of machine learning, and digs into why stereotypical images of hackers in hoodies doesn’t help anyone. His viewpoints are sobering if not controversial and worth listening to for anyone who cares about the future of the global internet. ---------Why you should listen:* Get a fresh perspective on some of the biggest risks to the global web: unchecked algorithmic bias, the risk of attacks on massive CDNs, and the growing internet fragmentation.* Consider some of the boldest ideas from one of the sharpest thinkers when it comes to how policymakers can make fundamental changes to protect the internet.* Hear Nick’s take on why art matters in cybersecurity -- and why stereotypical images of hackers in hoodies harm the public’s perceptions of information security. * Learn more about Fairness, Accountability and Transparency in Machine Learning and the growing movement to look more critically at the hidden algorithms that control the internet and much of technology today. * Consider how ransomware takedowns and other large-scale cyberattacks such as Colonial Pipeline erode public trust in technology.* Get a better understanding of why diversity in the cybersecurity industry matters when it comes to identifying real-world threats.---------Key Quotes:* “That power over the internet is like a huge strategic asset for the U.S. It's analogous to controlling global trade.”* “Imagine a Stuxnet level attack on Cloudflare.”* “I would nationalize Cloudflare. I would make it like a national publicly-run utility company.”* “This word ‘hacker’ got so diluted. It means different things to different people. And it became this totally useless way for describing what's actually happening in security.” * “The future of cybersecurity … is the future of machine learning.”* “The real risk of ransomware is just that it freaks people out.” ---------Related Links:* Synack.com* https://nickmerrill.substack.com/about* iSchool (Berkeley) Bio* https://www.synack.com/lp/enterprise-security-testing-101* https://cltc.berkeley.edu/* https://daylight.berkeley.edu/* https://www.codedbias.com/* https://www.fatml.org/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Ryan Rutan has worked in tech support, as a computer repairman, application developer, software engineer, entrepreneur, and head of community…and most recently, fiction writer. Listen to this episode to hear what inspired Fork This Life, a novel that follows the life of a teenager growing up with the early internet of the 90s who eventually gets into hacking, and how it relates to today’s cybersecurity challenges.--------Why You Should Listen:Hear about Ryan’s approach to hacking the fiction writing process.* Get the inside story of how working in tech support informed Ryan’s career in cybersecurity. * Nerd out on nostalgia about the nineties tech scene.* Pick up tips for developing your creative voice. * Get tips for how you can help spread a culture of good security hygiene. --------Key Quotes:* “I’m a technical person, therefore I create.” * “I need a computer but why? I want to get online, but why? Everyone knew they needed it and wanted it but they didn’t know why.”* “The people who know and understand what it means to keep things secure... It’s incumbent upon them to pay if forward as much as possible.” * “Security back in the 90s.. your death was going to come from a swift sledgehammer to the head...now it’s death by a thousand cuts from a million different websites.” --------Related Links:* Synack.com* https://www.synack.com/lp/enterprise-security-testing-101/* Forkthislife.com* https://twitter.com/ryanrutan Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, Girl Security CEO Lauren Bean Buitta discusses the importance of supporting, encouraging, and training girls for careers in cybersecurity. She gets into why it's so critical to create — and protect — pathways for young women in order to build a more diverse industry, and why that really matters when it comes to making tough national security decisions that affect the entire population. She also describes her journey into security, and what led her to start Girl Security in the first place. ----------Why You Should Listen:* To better understand the value of gender diversity in cybersecurity.* Learn how to create trauma-informed programming that builds trust and understanding.* Discover how you can help develop new pathways for underrepresented cybersecurity talent.* Hear Lauren’s take on how identity can inform security decisions.----------5 Key Quotes:* “Everyone’s identity has a place in a discussion about national security because it's the most consequential field in the world.”* “What we are seeing in in our country is evidence of how long it takes to uproot any kind of systemic discrimination.”* “We are cultivating a generation of girls and women who will hopefully be more well represented in the short, near and long term and we hope that that results in more equitable national security policies of which cyber is so crucial”* “Girls and women from childhood live in a world in which they are taught to fear everything … and we do a really good job at keeping ourselves secure.”* “We don't know what a national security field would look like where there's gender parody. What would national security look like if women were co-equally represented? I want to see what that world looks like.”----------Related Links:* Synack.com * https://www.synack.com/were-in-synack-podcast/* https://www.girlsecurity.org/about* https://www.linkedin.com/in/lauren-bean-buitta/* https://www.synack.com/trust-report/* https://www.synack.com/lp/enterprise-security-testing-101/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode, author, hacker, entrepreneur, and content creator Alissa Knight reveals her journey from “bullied computer nerd” to federal cybersecurity contractor to famed car hacker. She gets real about the risk of APIs, offers up some must-hear advice for anyone getting into cybersecurity, and delivers candid views about the infosec industry as a whole. -------Why you should listen:* Get inside the head of one of the most provocative and interesting cybersecurity influencers today.* Hear about her work with federal agencies to help secure the future of transportation.* Learn more about the urgent need for better Application Programming Interface (API) security.* Get new insights into the growing threat to health care organizations and financial institutions.* Hear Alissa’s take on how cybersecurity companies can improve their approach to content and marketing.-------Key Quotes: * “I care more about the adversary that can hack my car from her living room. I care more about the hacker that can take remote control of my car that I'm driving around in my family with, from anywhere.”* “Okay. Yes. I can take remote control of this vehicle. I can move the steering wheel. I can push the brakes.”* “You would be shocked if I told you how endemic [it is in] the industry to hard-code not only tokens, keys, and credentials like usernames and passwords and to apps for their own APIs, but also third-party APIs like payment processors.”* “The plumbing for our entire financial system and healthcare system is APIs...that data is worth more than oil, right? So hackers are shifting their attention to hacking APIs.”-------Related Links:* Alissa Knight’s Twitter: @alissaknight * Knight Ink Media: ​​https://knightinkmedia.com/* Alissa Knight’s Website: https://www.alissaknight.com/* Official Trailer: Law Enforcement Vehicle Hack: https://www.youtube.com/watch?v=Soj3P3S3i_o* Synack Website: Synack.com * Synack Trust Report: https://www.synack.com/trust-report/* Jeremiah Roe’s Twitter: ​​@c1ph3rflux* Bella DeShantz-Cook’s Twitter: @bellarosedc* Black Hat Events: https://go.synack.com/black-hat-events-2021 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Why you should listen:Hackers are targeting critical infrastructure and there’s an urgent need for smarter cybersecurity defenses to protect Operational Technology. The best practices to defend against attacks on utilities.Why there is no such thing as “taking down the whole US grid.”Five Key Quotes: “How can you secure what you don’t even know you have? If you don’t even know what you have down to some level of detail...you’re not going to be in a good position to defend it.” - Andy Bochman “The most senior person with the word cyber in their title ideally is at least at the VP level.” - Andy Bochman “You have to not only understand how the attacker can gain access to your network but ultimately gain access to the accounts that are most valuable – where are those crown jewel accounts?” - Sarah Freeman“IT and OT needs to be merged …the problem is cyber is here to stay and everybody needs to take part in this security process.” - Sarah Freeman“The government is most interested in who conducted the attack... The fact that there are two parties here with differing interests is a core issue.” - Sarah FreemanRelated Links:Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE) 1st Editionhttps://hbr.org/2018/05/internet-insecurityhttps://medium.com/cxo-magazine/the-missing-chief-security-officer-11979a54fbf9https://www.synack.com/LinkedIn: Andy BochmanSarah FreemanTwitter:@andybochman Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

News about cyberattacks and data breaches is relentless and overwhelming. We're drowning in stories about ransomware and the latest digital threats. But we don't hear enough about the people fighting on the frontlines of information security, the researchers making us more secure and the pioneers doing the hard work to fix today’s cybersecurity crisis. We launched WE’RE IN! to tell those stories. You'll hear directly from hackers, security pioneers and technologists working in the trenches of cybersecurity. They’ll share their strategies, tactics and solutions for today's tough problems. We'll also go inside the cybersecurity community to talk about the issues and challenges in the industry. You'll hear from some of the most prominent, interesting and provocative people in the field about their journeys in this community, and what it’s like on the inside.WE'RE IN! is for anyone who cares about cybersecurity. It’s for anyone who wants to go beyond the headlines. It’s for anyone who wants to drive change. We're all facing the cybersecurity dilemma together -- and together we can solve it. Join the conversation on WE'RE IN! Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.