Daniel Ayala continues his interview of me. In this fifth part, we will discuss the start-up resources we provided in our Hang Out A Shingle presentation, what I am doing with Accel Consulting, selling to CISOs, tips to avoid when presenting cyber services, the selling to CISOs Master Class we are developing, and so much more!

Daniel Ayala continues his interview of me. In this fourth part, we will discuss my first forensic litigation case, the importance of data governance, the myth of cyber, why I am tired of cybersecurity conferences, and so much more!

Daniel Ayala continues his interview of me. In this third part, we will discuss what I am doing as a Special Master and Court Appointed Neutral, the reasons I think there will be a continued convergence of legal, cybersecurity, and data privacy, why I decided to start another consulting firm, data valuation, and so much more!

Daniel Ayala continues his interview of me. In this second part, we will discuss how I got started in the industry, defining moments of my career, my first computer, early entrepreneurship, characteristics I look for in professionals, the toxic cybersecurity gatekeeping, and so much more!

A lot has happened in my life over the past 18 months. I have endured death, despair, divorce, and car theft, to name a few traumatic events that made me take a break from several endeavors.

However, it has allowed me to reprioritize many things to understand where I am now and where I want to go.

This is the first of several episodes where Daniel Ayala interviews me. In this first part, we will cover mental resiliency, the importance of taking time off, how to be your best, and so much more!

Prior to joining Coalition, Leeann worked at Kivu Consulting in Denver and Kraft Kennedy in New York City overseeing complex cyber investigations and discovery matters for law firms and large multinational corporate clients. She conducted her undergraduate studies at the University of Albany in Information Systems, then achieved my Masters of Science in Cybersecurity at Pace University. She is also a SANS Lethal Forensicator Coin Holder and on the GIAC Advisory Board.

In this episode, we discuss her start in information technology, how she made the move to cybersecurity, the discrimination she has faced in the industry, becoming a manager, strong women role models, mentoring others, and so much more.

Where you can find Leeann:

• LinkedIn
• The Coalition
• Wall Street Journal

As a hobby, Shannon dives into OSINT CTFs, helps promote young women to enter the STEM industry through Technovation - an innovative program for young entrepreneurs, and offers mentorship to those looking to venture into Cyber Security. She is also a course designer and developer with her local college that aims to arm the new generations with tactics, techniques, and knowledge in becoming experts in Digital Forensics and Investigations.

In this episode, we discuss starting as a chef, skills learned from culinary arts, moving from IT to investigations, burnout and self-care, mentors she follows, why she mentors others, diversity and inclusion, and so much more.

Where you can find Shannon:

• LinkedIn
• Twitter
• Website

Cimone has spent the last five years of her career working in the cybersecurity field. While completing research, she has helped protect the infrastructure for the State of Iowa and ensured that startup companies are developing software with security in mind.

In this episode, we discuss getting started in information security due to responding to an incident, an early upbringing which prepared her for cybersecurity, bridging theory to engineering, teaming with dev and security teams, the importance of project updates, increasing diversity in the industry, and so much more.

Where you can find Cimone:

• LinkedIn
• blackcomputeHER
• PNNL

Jenna began her career in the United States Navy working under the U.S. Fleet Cyber Command at the Naval Intelligence Operations Center (NIOC) and with the National Security Agency (NSA). Afterward, she graduated from the University of Tulsa with a degree in Computer Information Systems. Jenna is passionate about sharing her knowledge of cybersecurity with business owners, public policy leaders, and healthcare, financial, and tech industry members. When she isn’t busy helping her clients protect their customers’ data, Jenna is a voracious reader, aspiring hobbyist, and dog mom of two.

In this episode, we discuss starting cybersecurity with the U.S. Navy, tying spoken languages to coding languages, leading and managing people, building an information security program, getting leadership buy-in, using frameworks for resiliency, diversity and inclusion, and so much more.

Where you can find Jenna:

• LinkedIn
• Twitter
• Blog

He is the host of the “Nato as Code” and the "Cloud Underground" productions on YouTube, the creator and maintainer of the Olympiad platform, and the founder of notiaPoint (now known as Cloud Underground).

In this episode, we discuss starting in technology repairing computers, going to school for public speaking, finding passion in information security, trying too hard to pass certification tests, going out on his own, mentorships, burnout, diversity, and so much more.

Where you can find Nato:

• LinkedIn
• Twitter
• Nato as Code - YouTube
• Cloud Undeground - YouTube

From a young age, she was raised to be a strong female and leader. Her mother, along with other trailblazing women, campaigned to start the Equal Rights Amendment in Colorado in the early 1970s. With a passion for helping others, Sara wanted to start a group that would help, mentor, learn and guide women and founded Women in Cyber Security, ISSA Denver. Her vision was to find a way to inspire and support women in all areas of information security, as well as develop and mentor the younger female generation for the future of the dynamic and ever-changing world of information security.

In this episode, we discuss her early start with Y2K, why she helped start Women In Security with the Denver ISSA chapter, the evolution of communications with workstyles, getting young girls into STEM, how she is championing equality at work, dealing with gaslighting, mansplaining, and microaggressions, removing the stigma of "the hacker," and so much more!

Where you can find Sara:

• LinkedIn
• Women In Security - ISSA Denver

Jennifer has spoken at many top conferences and events such as the International Diversity Forum, the Global D&I Summit, the Forum for Workplace Inclusion, the NGLCC International Business & Leadership Conference, the Out & Equal Workplace Summit, Emerging Women, as well as at organizations such as the Bill and Melinda Gates Foundation, the NBA, Google, IBM, and more.

She is the bestselling author of; Inclusion: Diversity, The New Workplace and The Will to Change and a new book; How To Be An Inclusive Leader: Your Role in Creating Cultures of Belonging Where Everyone Can Thrive.

Jennifer is the host of the popular weekly podcast, The Will to Change, which uncovers true stories of diversity and inclusion.

In this episode, we discuss being an ally to underrepresented groups, biases in the workplace, how the COVID crisis has shed a light on diversity, how leadership needs to change the culture, removing harmful processes, finding diverse mentors, the risks to business by not embracing diversity, and so much more.

Where to find Jennifer:

• LinkedIn
• Twitter
• Amazon
• Blog and Website

A native of Milwaukee, Alyssa began her IT career as a programmer for a Wisconsin-based financial software provider. Her security passion quickly shaped her career as she moved into a leadership role within the ethical hacking team, conducting penetration testing and application assessments along with her team.

As a hacker, Alyssa has a passion for security that she evangelizes to business leaders and industry audiences through her work as a cybersecurity professional and through her various public speaking engagements. When not engaged in security research and advocacy, she is also an accomplished soccer referee, guitarist, and photographer.

In this episode, we discuss why she misses conferences, starting with computers at an early age, diversity, equity, and inclusion, the discrimination she has faced, the lack of understanding of privilege, discriminatory hiring practices, how to be an ally, and so much more!

Where you can find Alyssa:

• LinkedIn
• Twitter
• Alyssa In-Security
• Thinkers360

Chloé is a keynote speaker at major information security conferences and events and serves as a trusted source for national and sector reporters and editors. She holds a master of science (MS) from the University of Edinburgh, and a BA in international relations from the University of California, Davis, as well as a certificate in entrepreneurship from Wharton and other professional certificates.

In this episode, we discuss the adjustment to conferences from home, feeling unwelcome in cybersecurity as a woman, pivotal moments that kept her in security, making real changes in diversity, equity, and inclusion, how biases develop, removing the bro-culture in management, changing the perceptions of hackers, and so much more!

Where you can find Chloé:

• LinkedIn
• Twitter
• Personal Page

He serves on several industry boards, including the International Consortium of Minority Cybersecurity Professionals (ICMCP) and National Cybersecurity STEM Education (NICE), promoting the development of the next generation of cybersecurity professionals.

In this episode, we discuss missing travel, working more in COVID-19, recruiting from non-traditional places, diversity, equity, and inclusion, his start in music before technology, changing people's understanding of differences, removing unconscious biases, his mentors, why language matters, and so much more!

Where you can find Julian:

• LinkedIn
• Twitter

Cybersecurity professionals spend most of their day focused on the health and wellbeing of the environments in their care. However, the cost of reducing risk and keeping our networks safe often comes at the price of our professionals' mental health. Many InfoSec professionals burn out, suffer from anxiety and depression, and turn to unhealthy coping mechanisms, which further exacerbate underlying psychological and physical health issues.

This is an abridged version of one of my public presentations on mental health. My goal is to alleviate the stigma around mental health and stress the importance of open and frank dialogs about this serious issue impacting our community. I will share my journey, reverse engineer the stigma of mental health in business, and look at ways we can hack mental health in productive and meaningful ways.

Episode Disclaimer:

This podcast's information is not intended or implied as a substitute for professional medical advice, diagnosis, or treatment.

We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan.

NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.

Danny has been fortunate enough to spend his career in Defense, learning from some of the best in the business, including teams at Mandiant, GE capital & most recently as a Technology Advocate with Splunk. He loves what he does and the people he gets to do it with.

In this episode, we discuss his mental health journey, adjusting to a new role during COVID-19, finding outlets for stress release, if mental health issues are worse in cybersecurity, neurodiversity, PTSD, and so much more.

Where you can find Danny:

• LinkedIn
• Twitter
• YouTube
• Twitch

Episode Disclaimer:

This podcast's information is not intended or implied as a substitute for professional medical advice, diagnosis, or treatment.

We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan.

NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.

Ryan completed an internship with the Office of International Health and Biodefense at the US Department of State and was the recipient of a Fulbright Fellowship to Japan. Ryan has published academic articles in psychiatry and cell biology and is the inventor of the patented microtubule lumen-cast nanowire technology.

In this episode, we discuss the stigmas of mental health, coping skills, the economic costs for not addressing mental health, neurodiversity, handling COVID-19 stress, removing job pressures in information security, and so much more!

Where you can find Ryan:

• LinkedIn
• Twitter

Episode Disclaimer:

This podcast's information is not intended or implied as a substitute for professional medical advice, diagnosis, or treatment.

We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan.

NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.

Amanda is an avid volunteer and mental health advocate. She has presented at a large number of conventions, meetings, and industry events such as DerbyCon, O’Reilly Security, GrrCon, and DEFCON.

In this episode, we discuss her start in help desk, speaking amount mental health, depression and anxiety, men's reluctance to report health issues, neurodiversity, how organizations can encourage self-care, using medication, the Mental Health Hackers organization, and so much more.

Where you can find Amanda:

• LinkedIn
• Twitter - InfoSystir
• Twitter - Mental Health Hackers
• Mental Health Hackers
• Brakeing Down Security Podcast

Episode Disclaimer:

This podcast's information is not intended or implied as a substitute for professional medical advice, diagnosis, or treatment.

We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan.

NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.

His research focuses on the use of technology to improve mental health delivery and patient outcomes. Dr. Hudenko is also an experienced software engineer and former database administrator for the National Center for Post-Traumatic Stress Disorder. Dr. Hudenko is currently the CEO of Trusst Health Inc., a company devoted to providing high quality, affordable remote psychotherapy via messaging.

In this episode, we discuss his background in brain and computer sciences, the intersection of technology and mental health, our brains' development, neurodiversity, mental health stigma, decision making, and so much more!

Where you can find Bill:

• LinkedIn
• Dartmouth's Department of Psychological and Brain Sciences
• Dartmouth’s Geisel School of Medicine

Episode Disclaimer:

This podcast's information is not intended or implied to be a substitute for professional medical advice, diagnosis, or treatment.

We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan.

NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.

Daniel has also served in roles supporting the U.S. government in security architecture, engineering, and offensive operations as a Security Engineer and Red Team Leader. He supported the U.S. Special Operations Command (USSOCOM) on red teaming and digital warfare operations, and the U.S. Army on the Wargaming Cyber Effects on Soldiers’ Decision-Making project.

In this episode, we discuss adapting to COVID-19, focusing on red teaming, cloud security architecture, responsible vulnerability disclosure, ICS security, compliance versus security, his work with the US military and cybersecurity, diversity in information security, and so much more!

Where you can find Daniel:

• LinkedIn
• Bishop Fox Blog

Jasson received a bachelor’s degree in computer engineering from The University of Texas at Austin and a Ph.D. in computer engineering from Texas A&M University.

In this episode, we discuss adjusting to COVID-19, his start in VoIP, third party security management, security without passwords, why you are a target, the role of a CTO, using the right language in security, start-up hiring, and so much more!

Where you can find Jasson:

• LinkedIn
• Twitter
• Blog

John speaks at security conferences such as BsidesNoVA, to students at colleges such as the University of North Carolina Greensboro, and other events like the SANS Holiday Hack Challenge/KringleCon. He is an online YouTube personality showcasing programming tutorials, cybersecurity guides, and CTF video walkthroughs.

In this episode, we discuss how he started in pen-testing, contributing to the community, pen-testing vs purple teaming, setting the rules for engagement, solving the same problems, diversity and inclusion, and so much more.

Where you can find John:

• LinkedIn
• Twitter
• YouTube
• GitHub

David is a recognized authority in the field of applied cryptography; he’s spoken at large security conferences like Black Hat and DEF CON and has delivered cryptography training sessions in the industry. He is the author of the soon-to-be-published Real-World Cryptography book.

In this episode, we discuss why he focused on cryptography, the evolution of blockchain, his contributions to TLS, the Noise Protocol Framework, quantum computing, why he wrote a book on crypto, presenting and teaching cryptography, sanitizing data, and so much more!

Where you can find David:

• LinkedIn
• Twitter
• Real-Word Cryptography
• Cryptologie.net
• Noiseprotocol.org

Jeff also serves on the board for Webaroo and the Seattle Symphony. He was the chairman of the board for Lockdown Networks, which was sold to McAfee in 2008. Hussey received a BA in Finance from SPU and an MBA from the University of Washington.

In this episode, we discuss adjusting to a remote workforce with a start-up, founding F5 Networks, developing a userbase community, tips for information security product success, IoT and OT cybersecurity, the Host Identity Protocol, healthcare security, prioritizing efforts as a founder, what gets him out of the bed in the morning, and so much more!

Where you can find Jeff:

• LinkedIn
• Tempered

Before joining IronNet, John founded Sienna Group, a firm dedicated to providing data protection solutions to enterprise organizations, and has held executive roles in the healthcare industry.

In this episode, we discuss healthcare security, compliance versus security, HIPAA regulation and privacy, intellectual property protection, real-time information sharing, ransomware in hospitals, recommendations for new CISOs, and so much more!

Where you can find John:

• LinkedIn
• IronNet Blog

As former CTO at Lumeta Corporation and RedSeal Networks, Brandon led technical and field development in network security, vulnerability, and risk. He’s also held key practitioner roles focused in security architecture, penetration testing, networking, and data center operations. Brandon holds an MS degree from Northwestern University and a BS degree from the University of Illinois at Chicago.

In this episode, we discuss adapting to COVID, accidentally getting into security, designing the intelligent SOC, a risk-based approach to information security, measuring cybersecurity outcomes, cyber insurance, risk management frameworks, and so much more!

Where you can find Brandon:

• LinkedIn
• Twitter
• Netenrich Blog

Douglas Brush is an information security executive with over 26 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, Douglas has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues. He also serves as a federally court-appointed Special Master and neutral expert in high profile litigation matters involving privacy, security, and eDiscovery.

Currently, he is at Splunk where he works with Fortune 500 organizations to improve their security operations and reduce business risk from cyber-attacks.

He is also the founder and host of Cyber Security Interviews, a popular information security podcast.

In this episode, we discuss why I started the podcast, impostor syndrome, guests I would like to have on the show, my focus on mental health and diversity, important soft skills, talents versus skills, what's in my fridge, and so much more!

Before Gusto, Lee spent more than 15 years leading global information security and privacy efforts at large financial services companies and technology startups, most recently as Square's Head of Information Security. He previously held senior security and privacy roles at Bank of America, NetSuite, and Twilio. Lee was born and raised in Mississippi and holds a bachelor's degree in computer engineering from the University of Oklahoma.

In this episode, we discuss COVID response, three-dimensional communications, security as an enabler, integrating security and engineering teams, the information security skills shortage, diversity and inclusion in cybersecurity, his early mentors, and so much more.

Where you can find Flee:

• LinkedIn
• Twitter

She has a Bachelor of Science degree in Computer Science from Spelman College, where she was a member of the National Society of Black Engineers, the Association for Computing Machinery, and SpelBots.

In this episode, we discuss working with product teams remotely, moving from IT to information security, securing remote access, diversity and inclusion in cybersecurity, mentoring others, self-care and mental health, new threats due to COVID, and so much more.

Where you can find Andrea:

• LinkedIn
• Centrify Blog

Prior to starting Rumble, HD was best known as the founder of the Metasploit Project, the foremost open-source exploit development framework, and continues to be a prolific researcher and occasional speaker at security events.

In this episode, we discuss starting with BBSs back in the day, starting the Metasploit project, project Sonar, his development of Rumble Networks, securing home networks, fingerprinting networks, jump boxes in IoT networks, and so much more.

Where you can find HD:

• LinkedIn
• Twitter
• Blog

Despite having held a range of leadership positions in security technology— including VP of Product Strategy at STEALTHbits and Director of Research & Products at WhiteHat Security—Gabe considers his most valuable experience to be the time he spent on the ground as a security practitioner. Thanks to his intimate understanding of the real issues security professionals face on the front lines, he’s able to identify the core of the problem and create innovative solutions that push data security technology forward.

In this episode, we discuss his early starts with the 2600 meet-ups, privacy versus security, speaking to executives in their language, cloud security, information security skills shortages, training legal teams for cyber, how to get started in cybersecurity, and so much more.

Where you can find Gabe:

• LinkedIn
• Twitter
• Spirion Blog & Podcast

Before Acceptto, Shahrokh was a senior principal technologist contributing to Intel Corporation for 25 years in a variety of leadership positions where he architected and led multiple billion-dollar product initiatives.

In this episode, we discuss evolving authentication, SSO and MFA challenges, anomalous behavior detection, enforcing least privilege, his time with Intel, AI and ML, multi-cloud security, securing home users, and so much more.

Where you can find Shahrokh:

• LinkedIn
• Twitter
• Acceptto

Deb has more than 25 years of information technology experience spanning numerous industries, with an in-depth focus on government and public services, life sciences and health care, and financial services.

Deb received a bachelor’s degree in Finance at Virginia Tech and a master’s degree in Information Technology at George Washington University. She serves on Virginia Tech’s Business Information Technology and Masters in Information Technology Advisory Boards is a self-proclaimed fitness junky and avid traveler and trains service dogs with the Guide Dog Foundation in her spare time.

In this episode, we discuss mental health awareness, her 1-3-5-15 routine, working with clients remotely, COVID-19 cybersecurity spend, securing home networks, diversity in the cyber workplace, The Guide Dog Foundation, and so much more.

Where you can find Deb:

• LinkedIn
• Twitter
• Deloitte Bio
• Guide Dog Foundation

Chris Bisnett is a veteran information security researcher with more than a decade of experience in offensive and defensive cyber operations. While serving with the NSA RedTeam, he attacked government networks and systems to identify and remedy vulnerabilities. Chris is also a recognized Black Hat conference trainer and has taught his “Fuzzing For Vulnerabilities” course at several events around the world. Before founding Huntress Labs, Chris co-founded LegalConfirm, LLC, where he led product design and development until the company was acquired in 2014.

In this episode, we discuss incident response planning, their early starts in offensive theaters, red teaming, Ransomware-as-a-Service, small business and enterprise threats, breaking bad news to clients, holding leadership accountable, hacking back, tips and resources for start-ups, warnings for founders, and so much more.

(Note: If you are interested in start-ups and being a founder, Daniel Ayala and I created a regularly updated blog for founders and start-ups: Hang Out A Shingle – Starting Your Cybersecurity Company.

Where you can find Kyle and Chris:

• LinkedIn - Kyle
• LinkedIn - Chris
• Twitter - Kyle
• Twitter - Chris
• Huntress Blog

With deep operational experience in the DevOps, Cybersecurity, IT Ops, & Big Data spaces, Jack leads Cowbell to execute on its vision of bridging the cyber insurability gap. Jack also serves as a governing board member of Brighter Children, a non-profit organization.

In this episode, we discuss the importance of cyber insurance, risk management, the difference between cyber insurance vs other insurance products, the risks COVID-19 pose to small businesses, right-sizing cyber insurance policies, industries that are targets for attackers, and so much more.

Where you can find Jack:

• LinkedIn
• Twitter
• Cowbell Cyber Blog

Throughout his 24 year career, he has led security organizations large and small in banking and financial services, pharmaceutical, information, library, and technology companies around the world, taught university-level courses, and both writes and regularly speaks on the topics of security, privacy, data ethics, and compliance.

In this episode, we discuss remote working, being a virtual CISO, compliance vs. security vs. privacy, application development security, creating a culture of security, communication skills, giving back to the community, mentoring others, mental health, and so much more!

Where you can find Daniel:

• LinkedIn
• Twitter
• MentorCore
• Secratic
• Blog
• Hang Out A Shingle: Starting Your Own Cybersecurity Company

Before its acquisition by Symantec, Anthony was CEO & Founder of Appthority, a leading Mobile Security startup, and winner of the “Most Innovative Company of the Year” award at the RSA Conference.

In this episode, we discuss managing a remote team, web application security, DevSec, responsible vulnerability disclosure, Artificial Intelligence (AI), how to focus your career, being a founder, and so much more!

Where you can find Anthony:

• LinkedIn
• WhiteHat Blog

Ed is the former CISO of Orbitz and former Vice President, Corporate Information Security at Bank of America. He is an advisor to Dascena and former advisor to SecurityScoreboard.com, Dharma, and Society of Payment Security Professionals. Ed is a contributing author to the book, Beautiful Security. He is also a frequent speaker at industry conferences such as RSA, BlackHat, and many others.

In this episode, we discuss vulnerability management maturity, how to focus on remediation, inventory management, securing cloud services, IoT devices in the enterprise, entrepreneurship, hiring the right people, and so much more.

Where you can find Ed:

• LinkedIn
• Twitter
• Kenna Security Blog

Mikko has written on his research for the New York Times, Wired, and Scientific American, and he frequently appears on international TV. He has lectured at the universities of Stanford, Oxford, and Cambridge. He was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list.

Mikko sits on the advisory boards of t2 and Social Safeguard and in the advisory panel for the Monetary Authority of Singapore.

In this episode, we discuss his early starts in information security, the rebirth of TELNET, security by design, the difference between privacy and security, mobile device security, IoT security, election security, and so much more.

Where you find Mikko:

• LinkedIn
• Twitter
• F-Secure Blog
• HBO - Kill Chain: The Cyber War on America’s Elections

Stephen has deep experience working with legal, privacy, and audit staff to improve cybersecurity and demonstrate greater organizational relevance. He has been a Member of the Advisory Board at SecureAuth Corporation since July 2017.

In this episode, we discuss adopting SOCs for remote operations, shifting focus to credentials, SOAR, attacker attribution, threat intelligence, post-Covid-19 IT changes, and so much more.

Where you can find Stephen:

• LinkedIn
• The New CISO Podcast
• Exabeam Blog

David was the co-founder of DerbyCon; a large-scale conference started in Louisville, Kentucky. Before the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence-related missions.

David is frequently interviewed by news organizations, including CNN, Fox News, MSNBC, CNBC, and BBC World News. He has testified in front of Congress on two occasions on the security around government websites.

In this episode, we discuss the shift to virtual conferences, Zoom vulnerabilities, responsible vulnerability disclosure, the importance of communication skills, giving back to the community, mental health, working from home, and so much more.

Where you can find David:

• LinkedIn
• Twitter
• TrustedSec Blog
• TrustedSec Public Slack

John has consulted and taught hundreds of organizations in the areas of cybersecurity, regulatory compliance, and penetration testing. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks. He is also an experienced speaker, having done presentations to the FBI, NASA, the NSA, and at various industry conferences. 

John also co-hosts Security Weekly, the world's largest information security podcast; co-authored Offensive Countermeasures: The Art of Active Defense; and writes loud rock music and makes various futile attempts at fly-fishing.

In this episode, we discuss remote workers in the Covid-19 pandemic, validating VPN targets in pen tests, cloud security, developing SANS course material, how to choose what to give away, planning conferences, threat hunting, keeping up with new vulnerabilities, mental health, and so much more.

Where you can find John:

• LinkedIn
• Twitter
• BHIS Blog
• Security Weekly Podcast

Adam received his Ph.D. in experimental particle physics from Princeton University. As an award-winning member of the CMS collaboration at the Large Hadron Collider, he was an integral part of developing the online and offline analysis systems that lead to the discovery of the Higgs Boson.

In this episode, we discuss starting in particle physics, data science, communication skills, process automation, managing attack surface areas, and so much more.

Where you can find Adam:

• LinkedIn
• Twitter
• RiskIQ

Nate is a graduate of Dartmouth College, the Harvard Kennedy School, and the Harvard Business School. Nate serves as a Trustee of Dartmouth, and on the Military & Veterans Advisory Council of JPMorgan Chase & Co. He is a member of the Young Presidents’ Organization and a life member of the Council on Foreign Relations and Trout Unlimited.

In this episode, we discuss leadership, lessons learned in the Marines, cyberwar, information sharing, government policies, finding the signals in the noise, resource management, and so much more!

Where you can find Nate:

• LinkedIn
• Twitter
• Elastic Blog

Prior to joining IronNet, Jamil served as the Chief Counsel and Senior Advisor for the Senate Foreign Relations Committee and Senior Counsel to the House Intelligence Committee where he led the committee’s oversight of NSA surveillance and wrote the original version of the Cybersecurity Information Sharing Act (CISA) signed into law in 2015. He also worked in the White House during the Bush Administration as an Associate Counsel to the President and in the Justice Department where he led the National Security Division's work on the President's Comprehensive National Cybersecurity Initiative.

Jamil is also an Assistant Professor of Law and Director of the National Security Law & Policy Program at the Antonin Scalia Law School at George Mason University and a Visiting Fellow at Stanford University’s Hoover Institution.

In this episode, we discuss starting as in legal, government's role in cybersecurity, information sharing with real-time collaboration, automation, trend spotting, impacts to small businesses, cyberwar, and so much more.

Where you can find Jamil:

• LinkedIn
• Twitter
• IronNet

During his tenure, he has overseen some of the city’s most ambitious projects, including launching a citywide ferry system, developing Mayor de Blasio’s 100,000 jobs plan, and optimizing NYCEDC’s 60 million square feet of real estate.

Prior to his appointment as NYCEDC President in 2016, James served as chief of staff to Deputy Mayor for Housing and Economic Development Alicia Glen, where he helped oversee more than 25 city agencies and played a pivotal role in preserving thousands of affordable homes. James holds a BA in Economics from Amherst College and an MBA from Stanford University.

In this episode, we discuss NYC building a cyber army, economic development through cyber, business accelerators, matching inventors with business coaches, NYC's talent pool, and so much more.

Where you can find James:

• LinkedIn
• Twitter
• NYCEDC

Heather began working in digital forensics in 2002, and has been focused on mobile forensics since 2010 - there's hardly a device or platform she hasn't researched or examined or a commercial tool she hasn't used. She also maintains www.smarterforensics.com. Heather is the co-author of Practical Mobile Forensics (1st -4th editions), currently a best seller from Pack't Publishing.

In this episode, we discuss coming back to law enforcement, cloud forensics, what drives her research, early mentors, the start of cellphone forensics, mobile device threats, developing presentations, and so much more!

Where you can find Heather:

• Twitter
• LinkedIn
• SANS
• Blog

Mari is a strong believer in giving back to the forensic community and has written and released numerous programs/scripts, two of which are used in SANS training. In addition, she has presented her research at several industry conferences, published articles in eForensics Magazine, and was the technical editor for Windows Registry Forensics S.E.

In this episode, we discuss starting in IT, balancing work and family, self-training, the importance of the DFIR community, cross-training, using AI for detection, cloud security, giving back to the industry, and so much more.

Where you can find Mari:

• LinkedIn
• Twitter
• Blog
• GitHub

- Nadean Tanner

Nadean Tanner is the Senior Manager of Technical Education Programs at Puppet. She is responsible for all things product training from working with internal knowledge sources and the instructional design team to produce modern, engaging knowledge assets to delivering online and onsite classroom sessions. 

Nadean is an experienced instructor and speaker with nearly 20 years' experience in information technology and security training delivery and development. At Rapid7, she taught vulnerability management and network and application assault as well as SQL, Ruby, and API. Before Rapid 7, Nadean taught Security Analytics and Advanced Security Operations Center Management for RSA. She taught cybersecurity and information assurance 8570 classes for the Department of Defense including CISSP at Fort Gordon, Fort Carson, and the Pentagon, and she developed and taught graduate-level computer science courses at Louisiana State University for six years.

In this episode, we discuss teaching and traveling, communicating technical terms, talking about the basics, writing a book, teaching with humility, knowing when you are an expert, and so much more.

Where you can find Nadean:

• LinkedIn
• Website
• Amazon

Eventually, Frank decided to ease the learning process for individuals transitioning from non-technical backgrounds into cybersecurity by becoming a full-time Intelligence and Operations Consultant for multiple federal law enforcement and intelligence agencies.

In this episode, we discuss starting in another industry before the DoD, packet capture analysis, doing the work no one else wants to do, knowing when to move into new roles, non-traditional backgrounds, training and certifications, COBIT, and so much more.

• LinkedIn
• FrankDowns.com
• ISACA

In 2017, Lesley was named a “Top Woman in Cybersecurity” by Cyberscoop news and received the Guidance Enfuse conference “Women in Technology” award. She holds a Bachelor’s Degree in Network Technologies from DePaul University, A.A.S. in Avionics Systems and Electronics Systems, GIAC GCIH, GREM, GCFA, and GCFE certifications, and currently serves as a Cyber Systems NCO in the US Air Force Reserves.

In her free time, Lesley co-organizes resume and interview clinics at several cybersecurity conferences, blogs, and tweets prolifically about infosec, and is a youth martial arts instructor.

In this episode, we discuss her early mentors, mentoring, writing resumes, starting as a coder, organizational missions, ICS security, electronic voting, submitting CFPs, and so much more.

Where you can find Lesley:

• LinkedIn
• Blog
• YouTube
• Twitter

No degree, no certifications, just the willingness to say things many in this dismal industry are thinking, but unwilling to say themselves. He remains a champion of security industry integrity and small misunderstood creatures.

In this episode, we discuss starting as a phreak and phone systems, BBS hacking forums, sharing knowledge, calling people out, cybersecurity skill shortages, understanding the adversaries mindset, PCI compliance, and so much more.

Where you can find Brian:

• LinkedIn
• attrition.org
• Twitter

Bill also created and hosted “Hacked” for SiriusXM’s business radio. He has been recognized with several awards including Marketing Computers “Marketer of the Year,” Tech Titans “Corporate CEO of the Year,” Federal Computer’s “Top 100 Award,” and the “National Youth Science Camp Alumnus of the Year.”

In this episode, we discuss starting in encryption, security for the SMB market, advanced malware, threat intel, cloud security, breaking SSL in the enterprise, network basics for IoT, governments backdooring encryption, and so much more.

Where you can find Bill:

• LinkedIn
• Twitter
• SonicWall Blog

Bernard earned an MS in Engineering Management from Stanford University and a BS in Electrical Engineering from the University of California Irvine where he was inducted into the Engineering Hall of Fame.

In this episode, we discuss starting in email security, identity as the perimeter, API security, selling to the C suite, how AI will help security, IoT security, and so much more.

Where you can find Bernard:

• LinkedIn
• Twitter
• Ping

Vinny is a featured speaker nationally and internationally on the topics of Cyber Risk, Mobile Technology, and Information Security. He is a regular presenter at organizations and events such as the NetDiligence Cyber Risk forums, Information Security Forum (ISF), International Association of Privacy Professionals (IAPP), Healthcare Information Management Systems and Society (HIMSS), and the Risk Information Management Society (RIMS). Vinny has been quoted in numerous publications, including CSO Online, Wall Street Journal, and Information Security Magazine.

He serves on a number of not-for-profit boards and also teaches cybersecurity courses at Messiah College.

In this episode, we discuss the difference between privacy and security, talking to the board about cybersecurity, preparing for the cyber tsunami, government regulation, threat intel, aggregating insurance data, and so much more.

Where you can find Vinny:

• LinkedIn
• Twitter
• Blog

Renaud co-founded Tenable Network Security in 2002. As Chief Technology Officer, he drives product strategy and development. Before Tenable, Renaud was the primary author of the Nessus vulnerability scanner – releasing the first version of Nessus when he was 17.

Renaud continues to contribute to the global security community; he is the author of three patents related to network scanning and security and has published his work in books and magazines.

In this episode, we discuss building the first version of Nessus when he was a teenager, getting the basics right, challenges with the cloud, IoT and embedded devices security, responsible vulnerability disclosure, and so much more.

Where you can find Renaud:

• LinkedIn
• Tenable
• Dark Reading: The Argument for Risk-Based Security

She has authored over 150 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability and founded the Symposium On Usable Privacy and Security (SOUPS).

In this episode, we discuss the difference between privacy and security, lawmakers and technologists working together, founding Wombat security, the famous “password dress,” what makes a good password policy, IoT nutrition labels, and so much more.

Where you can find Lorrie:

• LinkedIn
• Twitter
• Carnegie Mellon University
• IEEE

Ben is active in the cybersecurity community, where he is a technical advisor to the US FISA Court and sits on boards of multiple security startups. Johnson earned a bachelor’s degree in computer science from the University of Chicago and a master’s degree in computer science from Johns Hopkins University.

In this episode we discuss starting with the NSA, starting Carbon Black, focusing on the endpoint, identity security, government compliance, why everyone is in sales, picking your founder team, and so much more.

Where you can find Ben:

• LinkedIn
• Twitter
• Obsidian Blog

Before joining the state of Colorado, Deborah led the Information Technology Security and Compliance programs at TeleTech and Travelport. Deborah is a Colorado native and graduated Summa cum Laude with a Bachelor of Science degree from Regis University.

In this episode, we discuss her start in IT and her passion for technology, changes from the board and C-suite, the CDOT attack, the importance of having an IR plan in place, leveraging change management for security, managing priorities, cloud security, and so much more.

Where you can find Deborah:

• LinkedIn
• Governor’s Office of Information Technology

Prior to CyberGRX, Fred led the Security and Compliance Departments at Bridgewater Associates, an investment management firm overseeing about $160 billion for 350 of the largest and most sophisticated global institutional clients. Fred holds a BSE in Civil Engineering from Princeton University and an MBA from Columbia Business School.

In this episode we discuss the growing Denver cybersecurity scene, starting in compliance, managing supply chain and vendor risk, current and upcoming regulations, compliance versus security, benchmarking, and so much more.

Where you can find Fred:

• LinkedIn
• Twitter
• Blog

She has more than 15 years of experience in computer and network security that spans government, academic, and corporate environments. Her current role as Founder and Senior Consultant at Sibertor Forensics, a security operations and incident response consulting company, provides daily challenges “in the trenches” and demands constant technical growth. Alissa is a frequent presenter at industry conferences (RSA, BSides, Shmoocon, Enfuse) and has taught hundreds of security professionals over the last 5 years in more than 12 countries. As the lead author of the SANS FOR526 Advanced Memory Forensics and Threat Detection course, she is passionate about memory management and forensic artifact hunting.

In this episode we discuss, being confused with Heather Mahalik, running a helpdesk, file system forensics, memory forensics, balancing blue teams and red teams, when to add threat hunting to your program, the value of certifications, balancing work and life, keeping skills current, and so much more.

Where you can find Alissa:

• LinkedIn
• Twitter
• SANS

Lizzie has over six years’ experience in legal services, incident response, and digital forensics. Prior to joining Kivu, she worked in regulatory roles at law firms in Massachusetts and Washington, DC while earning her graduate degree in digital forensics.

In this episode we discuss getting started in information security, how attackers have changed, ransomware changes, Ransomware-as-a-Service, banking trojans, types of cyber criminals, getting started with ransomware response, and so much more.

Where you can find Lizzie:

• LinkedIn
• Blog

Her work in the field of smartphone exploitation has been featured internationally in print and on television including ABC World News Tonight, The New York Times, NBC Nightly News, and The Washington Post. She has presented or conducted training around the world including venues such as the NSA, West Point, and Black Hat. She was awarded a DARPA Cyber Fast Track grant for her work in mobile device security culminating in the release of the open source project, the Smartphone Pentest Framework (SPF). She is the author of Penetration Testing: A Hands-On Introduction to Hacking and the recipient of the 2015 Women’s Society of CyberJutsu Pentest Ninja award.

In this episode we discuss, her early red team days, where to get direction when starting in the industry, pen testing steps, founding a start-up, mobile device security, cybersecurity lion repellent, and so much more.

Where you an find Georgia:

• LinkedIn
• Twitter
• Bulb Security

Dean is a graduate of the special "Etgar" program, where he earned his B.Sc in computer science at the age of 19. In 2005, Dean was part of the gold medal winning team in the international Robotic Olympics in South Korea. Dean enjoys playing poker and reading existential philosophy.

In this episode we discuss, his start in infosec in Israel, being a founder, measuring security effectiveness, cyber security fundamentals, hiring the right people, participating in the community, and so much more.

Where you can find Dean:

• LinkedIn
• Twitter
• Blog

Prior to Habitu8, Chad was co-founder and VP of Engineering at Rapid7, which he helped bring to a $900M IPO in 2015. Chad has also worked as a public company CISO and a strategic advisor to several security startups.

In this episode we discuss his start with phreaking, starting Rapid7, the focus on the human element in infosec, mistakes users make, how to measure your programs success, how people learn security, being a founder, and so much more.

Where you can find Chad:

• LinkedIn
• Twitter
• Blog

Outside of work Yonathan likes taking things apart and figuring out how they work; be it physical devices or digital like malware or ransomware. He is a regular presenter at industry conferences such as DEF CON and is quoted in Wired, Fox News, C|NET, and Krebs on Security to name a few.

In this episode we discuss his start in information security, his current security research, Magecart, web application security, website asset management, supply chain security, and so much more.

Where you can find Yonathan:

• LinkedIn
• Twitter
• RiskIQ Blog
• GitHub

Prior to becoming Lyft's first CISO, he was at Salesforce working in various information security roles.

In this episode we discuss being an organizations first CISO, building a world class detection and response team, securing a development team, building security culture, data privacy, cyber security as a team sport, looking for non traditional skills, and so much more.

Where you can find Mike:

• LinkedIn
• Wall Street Journal: Lyft Hires First CISO

Jake is a certified SANS instructor and co-author of FOR526: Memory Forensics In-Depth and FOR578: Cyber Threat Intelligence teaches a variety of other classes for SANS (SEC503, SEC504, SEC660, SEC760, FOR508, FOR526, FOR578, FOR610).

Given his accomplishments, it should come as no surprise that Jake lives, sleeps, and breathes Infosec. He's a regular speaker at industry conferences including DC3, BSides (including BSides Las Vegas), DEFCON, Blackhat, Shmoocon, EnFuse, ISSA Summits, ISACA Summits, SANS Summits, and Distributech. He has also presented security topics to a number of Fortune 100 executives. Jake is also a two-time victor at the annual DC3 Digital Forensics Challenge.

In this episode we discuss his passion for cyber security, changes in the industry, threat hunting vs. incident response, development of soft skills, AI and machine learning, holding back vulnerability disclosure, and so much more.

Where you can find Jake:

• LinkedIn
• Twitter
• Rendition InfoSec
• SANS

Josh's unique approach to security in the context of human factors, adversary motivations, and social impact, has helped position him as one of the most trusted names in security. He also serves as an adjunct faculty for Carnegie Mellon’s Heinz College and on the Congressional Task Force for Healthcare Industry Cybersecurity.

In this episode we discuss his start in information security, being a super hero, the start of I am The Cavalry, cyber security and public safety, government vs. hackers, IoT security, looking for non-traditional cyber skills, and so much more.

Where you can find Josh:

• LinkedIn
• Twitter
• I am The Cavalry

In this episode we discuss starting in security in the 1990's at the NSA, starting Tenable and its growth to IPO, different start-up spaces, where he gets involved in start-ups, advice he gives to founders, what he looks for to invest in, where he sees the cyber security market going, and so much more.

Where you can find Ron:

• LinkedIn
• Twitter
• Blog

Kristopher brings over 12 years of experience to his role as Vice President and Senior Consultant at D4. Kris oversees a team of Discovery Engineers that provide technical expertise and guidance to clients to develop defensible cost-effective solutions that involve managing data that may be used as evidence.

Ricky is a Litigation Support Project Manager at Saul Ewing Arnstein & Lehr LLP. In this capacity, he consults clients on best practices for information governance and electronic discovery, and manages all phases of the EDRM for litigation matters. Ricky is also a member of ILTA's Program Planning Counsel.

I hope you enjoy this special episode of Cyber Security Interviews.

Prior to joining NetDiligence, Mark spent 12 years in the insurance industry, primarily with CIGNA P&C, where he created the first generation of cyber risk insurance. Mark is also a frequently published contributor to various insurance & risk management publications and a sought-after speaker on the topic of cyber risk and liability.

In this episode we discuss cyber risk insurance, right sizing cyber insurance, gathering the metrics for breaches, the costs of breaches, the impact to SMB's, GDPR, data privacy, and so much more.

Where you can find Mark:

• LinkedIn
• Twitter
• NetDiligence

In his 20-year technical career, Brian served as a developer, tech architect, engineer and product manager for companies in financial services, legal, and cybersecurity. Brian joined Varonis in 2010 as director of education and development. Before joining Varonis, Brian worked on systems architecture at UBS. He holds a CISSP certification and frequently presents on topics related to security and technology. He has been quoted in news sources ranging from The Financial Times to Dark Reading and has made multiple appearances on CNBC.

In this episode we discuss his start on help desk and his move to developer, his current role as evangelist, using the word cyber, information governance and the value of data, GDPR, the future of data privacy, and so much more.

Where you can find Brian:

• LinkedIn
• Twitter
• Blog

Prior to cofounding OverWatchID, Cameron was VP Engineering at IntelliSecure, where he led the development of a next generation MSSP platform including multi-tenant PAM, correlation engine (SIEM software), deployment automation, and application monitoring systems.

In this episode we discuss the alphabet soup of identity and access management, cloud security, maturing the trust model, the problems he is trying to solve, why he switched to IT from pre-med, automation and orchestration, and so much more.

Where you can find Cam:

• LinkedIn
• OverWatchID

Since Jeremiah earned a Brazilian Jiu-Jitsu black belt, the media has described him as "the embodiment of converged IT and physical security.” In 2001, Jeremiah founded WhiteHat Security, which today has one of the largest professional hacking armies on the planet. Jeremiah has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for privately informing them of weaknesses in their systems -- a polite way of saying, ‘hacking them'.

In this episode we discuss RSAC 2018, starting in infosec, web application vulnerabilities, what to look for in application security developers, building security development metrics, why you need to inventory websites, making time to contribute to the community, and so much more.

Where you can find Jer:

• LinkedIn
• Twitter
• Blog
• Jeremiahgrossman.com

A passionate educator, Robert is the course author of SANS ICS515 – “ICS Active Defense and Incident Response” with its accompanying GIAC certification GRID and the lead-author of SANS FOR578 – “Cyber Threat Intelligence” with its accompanying GIAC GCTI certification.

Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission.

In this episode we discuss threat hunting, SCADA/ICS, IIoT, IoT security, his start in cyber security, the 2015 Ukrainian power grid attack, starting and teaching a SANS ICS class, advice he would give someone starting in the industry, and HACKNYC, and so much more.

Where you can find Robert:

• LinkedIn
• Twitter
• Blog

At Acalvio, Chris helps drive Technology Innovation and Product Leadership. In addition, Roberts directs a portfolio of services within Acalvio designed to improve the physical and digital security posture of both enterprise, industrial and government clients.

(In English) Acalvio has given him the opportunity to help shape the next generation of deception platforms, allowed him to spend time doing R&D...and he still gets to break into companies and help them with their maturity modeling and overall solutions within the security industry.

For the 50th episode, I couldn't have picked a better guest and this was my favorite interview to date. We discuss scotch tasting and food, and how that relates to infosec, building a better cyber security community, learning from past mistakes, why giving back to the community is so important, why the new generation needs to make their own mistakes, the word hacker, and so much more.

Where you can find Chris:

• LinkedIn
• Twitter
• The Googles

Keith is a known expert in offensive cyber computing and defensive IT security from his background as Director of Commercial Security at Kyrus and Executive Director of Information Technology at ManTech.

In this episode we discuss his training and start in technology, working in the government space, founding and growing a cyber security firm, the problems he is trying to solve, scaling analysis, securing the cloud, solving the talent shortage problem, and so much more.

Where you can find Keith:

• LinkedIn
• Twitter
• Blog
• GitHub

Today, Tom is associated with CREST International as its elected Chairman of the Americas Board and participates as technical advisor for New Jersey Institute of Technology, County College of Morris, Morris County Economic Development Corporation, Rockaway Township Official, and is a member of the CERT team.

In this episode we discuss his start in information security, building secure software, giving back to the cyber security community, mentors he has had, recommendations he gives to people starting in infosec, starting the HACKNYC conference, and so much more.

Where you can find Tom:

• LinkedIn
• Twitter
• OWASP
• HACKNYC

In 2011, Cody co-founded Phoenix Data Security Inc., a focused cyber security professional services organization. Prior to Phoenix Data Security, he began his career in the U.S. Coast Guard, spent 15 years in IT and security including roles with the U.S. Defense Information Systems Agency (DISA), the Department of Homeland Security (DHS), American Express, and IBM Global Business Services. Cody has presented at information security forums such as the Secret Service Electronic Crimes Task Force, the DHS Security Subcommittee on Privacy and National Public Radio (NPR), as well as to many industry associations such as (ISC)2, ISACA and ISSA.

In this episode we discuss his start in information security, mentors he has had along the way, why he is building a business in Colorado, founding a information security company and the problems he is trying to solve, cyber security automation, so much more.

Where you can find Cody:

• LinkedIn
• Twitter
• Swimlane Blog

As a former professor, Bret has a great passion for and a strong executional focus on providing students with a quality education and success in the placement process. He formerly served as an Assistant Professor at the University of Colorado–Boulder and was the Executive Director for the Deming Center Venture Fund there.

In this episode we discuss cyber security education, filling the demand for cyber talent, the benefits of hiring people making a career change to information secuirty, the Denver, CO cyber security scene, giving back to the community, getting outside of your comfort zone, and so much more.

Where you can find Bret:

• LinkedIn
• Twitter
• SecureSet

In his previous life, Kristinn worked as an incident response and forensics consultant in Iceland. Kristinn holds an M.Sc. from Institut National des Telecommunications (INT, now Telecom & Management) school from Paris and a B.Sc. in computer and electronic engineering from the University of Iceland.

In this episode we discuss moving to the US to do DFIR for Google, his start in sys admin and how forensics became his calling, the development of Log2Timeline and Plaso, the DFIR support community, automating as much as you can, moving to management, and so much more

Where you can find Kristinn:

• LinkedIn
• Twitter
• Blog

Prior to joining LogRhythm, James was the Director of Security Informatics at Mayo Clinic where he had oversight of Threat Intelligence, Incident Response, Security Operations, and the Offensive Security groups. Prior to Mayo, James served as a Senior Manager at MANDIANT, where he led professional services and incident response engagements. He led criminal and national security related investigations at the city, state and federal levels, including those involving the theft of credit card information and Advanced Persistent Threats (APT).

James is a sought-after and frequent speaker at cybersecurity events and is a noted author of several cyber security publications. He holds a Bachelor of Science degree in Computer Information Systems from Walden University, an MBA from the University of Minnesota’s Carlson School of Management, and is a Certified Information Systems Security Professional (CISSP.)

In this episode we discuss the Colorado cyber security scene, solving CISO painpoints, thoughts on certifications, what to look for when hiring talent, where to find talent, the importance of networking, automating workflows, and so much more.

Where you can find James:

• LinkedIn
• Twitter
• LogRhythm blog

Prior to joining Norton Rose Fulbright, David co-founded InfoLawGroup LLP, a law firm focusing on information technology, privacy, security and IP-related law. David and InfoLawGroup successfully served a wide assortment of US and foreign clients from large Fortune 500 multinationals, retailers, hotels and restaurants, sophisticated technology companies, financial institutions, and more.

David is a Certified Information Privacy Professional through the International Association of Privacy Professionals and previously served as a Co-Chair of the American Bar Association's Information Security Committee and was also Co-Chair of the PCI Legal Risk and Liability Working Group. He has spoken and written frequently concerning technology, privacy and data security legal issues, and is frequently cited as an expert in the press and otherwise.

In this episode we discuss transitioning from litigation into data privacy and cyber security, starting a cyber focused law firm, the role of legal in a data breach, how to perform effective tabletop exercises, when to bring in law enforcement to an incident, breach threats to small and medium sizes businesses, and so much more.

Where you can find Dave:

• LinkedIn
• Blog

A few disclaimers on this episode as well. For purposes of certain state ethics rules, this episode may constitute attorney advertising. This website and this episode does not constitute legal advice or create attorney-client relationship. Please be sure to contact your legal representatives with any legal questions.

His ability to identify, deliver, mentor, and help retain talent has given him the privilege of quickly becoming the globally recognized “go-to” individual for clients and candidates in need of staffing solutions or career guidance and management in cybersecurity. Jared's unique style of representation, vast network of relationships, and subject matter expertise has helped earn him and TRU a host of awards including ranking on the Inc. 5000 Fastest Growing Private Companies in America two years in a row. Jared was awarded Best Reviewed e-Discovery Session at Enfuse 2017 for his lecture and Q&A on “Transitioning Your Career from ESI to Cybersecurity.”

In this episode we discuss the commonalities between the eDiscovery a decade ago and the cyber security now, the cyber security talent gap and the numbers we hear, how to hire quality information security professionals, the drain on the federal talent pool, when to get kids involved in cyber security, security training, and so much more.

Where you can find Jared:

• LinkedIn
• Twitter
• Blog

Prior to LEO, Andrew served as the Chief Information Security Officer (CISO) at DataGravity, Inc., where he advocated for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy. Before that, he served as the Director of Research at OpenDNS where he led the research efforts for the company. Prior to joining OpenDNS he was the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc.

In this episode we discuss his start in dial-up text support, the role of the CISO, security in a start-up, the landscape of security solutions, managing his speaking engagements, speaking as edu-tainment, cloud forensics, and so much more.

Where you can find Andrew:

• LinkedIn
• Twitter
• GitHub
• Blog

Michelangelo holds numerous professional certifications in information security including CISSP, CISA, and CIA and is a frequent speaker at information security events around the country. He holds a Master’s of Business Administration from the University of Pavia – Italy.

In this episode we discuss his start in infosec audits, his transition to entrepreneur, the difference between vulnerability assessments and penetration testing, building a vulnerability management platform, rating vulnerabilities, change management, trends in security, and so much more.

Where you can find Michelangelo:

• LinkedIn
• Twitter
• NopSec Blog

James has spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often performs independent security audits and assists internal audit groups in developing their internal audit programs. He has provided valuable resources for information security professionals through Audit Scripts, a child project of Enclave Security. James completed his undergraduate studies at Philadelphia Biblical University, his graduate work at the University of Maryland, and holds numerous professional certifications.

In this episode we discuss sys admin start, starting his own consulting firm, security frameworks, the CIS Critical Security Controls. cyber security auditing and managing risk, the best use of check lists, teaching for SANS, and so much more.

Where you can find James:

• LinkedIn
• Twitter
• Audit Scripts Blog

Eric's career began in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and health care. He is now CTO of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a master of science degree in information security engineering. In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. Eric also blogs about information security at www.ericconrad.com.

In this episode we discuss starting in IT before there was infosec, the value of certifications, making blue teams sexy again, teaching for SANS, what makes a good cyber security professional, threat hunting, the importance of PowerShell, DeepBlueCLI, and so much more.

Where you can find Eric:

• LinkedIn
• Twitter
• Blog
• SANS
• GitHub
• Amazon

Johannes holds a PhD in physics from SUNY Albany and is based in Jacksonville, Florida. His daily podcast summarizes current security news in a concise format.

In this episode we discuss his start in physics and switch to cyber security, building the SANS Internet Storm Center, security challenges posed by the cloud, teaching for SANS, AI and machine learning, IoT security, and so much more.

Where you can find Johannes:

• LinkedIn
• Twitter
• SANS Internet Storm Center

Jorge has been involved in the Information Technology field since 2001. Realizing his passion for IT, he founded The Business Strategy Partners – IT Consultants branch in 2002 and eventually went on to Terremark (now Verizon) as a system administrator. He developed a interest in Information Security and was eventually promoted to a Security Operations Center (SOC) Analyst position. After a year of defending critical infrastructure for federal and commercial customers, he moved to an offensive analyst position with a large financial institution where he now manages the Advanced Penetration Testing & Vulnerability Assessments team.

In this episode we discuss his early IT system admin roots, the transition from consultant to enterprise security manager, his mentors, what he looks for in a security professional, giving back to the community, teaching for SANS, and so much more.

Where you can find Jorge:

• LinkedIn
• Twitter
• Personal Website
• Amazon
• SANS

David founded the practice of UAV forensics in 2015 and is one of the leading practitioners in the country. David has worked in digital forensics and cyber security since the mid 90’s and, prior to founding his own company, led EY’s U.S. incident response program.

David earned a BA from Dartmouth in Computer Science and will receive an MA from the Fletcher School at Tufts in International Affairs this summer. David’s Master’s thesis is entitled “Defending Against UAVs Operated by Non-State Actors”.

David is a rated pilot, is the Advocacy Director for the National Association of Search and Rescue where he writes UAV policy papers and develops presentations on UAVs in SAR for various audiences, and is working on SAR UAV standards for ASTM.

In this episode we discuss his early transition from IT to information security, good incident response planning, team building and communications, the development of analyzeMFT, giving back to the community, the emerging drone security and analysis field, founding a cyber security company, and so much more.

Where you can find David:

• LinkedIn
• Twitter
• Kovar & Associates Blog
• Personal Blog
• GitHub - analyzeMFT

Harlan has been involved in information security for 28 years, which began during his military career. After leaving active duty 20 years ago, he started in consulting, performing vulnerability assessments and penetration testing. From there, it was a natural progression to digital forensics and incident response services.

Harlan is an accomplished public speaker and a prolific author. He is the author of several open source tools, including RegRipper, and is the author of the WindowsIR blog.

In this episode we discuss his start in information security, windows registry forensics, new artifacts, the importance of communications, mistakes examiners make, ransomware, the commonalities between information security and home beer brewing, so much more.

Where you can find Harlan:

• LinkedIn
• Twitter
• WindowsIR Blog

Previously, Perry led security awareness, security culture management, and anti-phishing behavior management research at Gartner Research, in addition to covering areas of IAM strategy, CISO Program Management mentoring, and Technology Service Provider success strategies.

With a long career as a security professional and researcher, Perry has broad experience in North America and Europe, providing security consulting and advisory services for many of the best-known global brands. His passion is helping people make better security decisions by applying strategic behavior and culture management practices to the intersection of technology and humanity.

Perry holds a Master of Science in Information Assurance (MSIA) from Norwich University in Vermont and is a Certified Chief Information Security Officer (C|CISO).

In this episode we discuss his focus on the human side of information security, building a security culture, working with famous hacker Kevin Mitnick, rewarding users for reporting, changing user's behavior, how CISO's can effect change and evaluate products, and so much more.

Where you can find Perry:

• LinkedIn
• Twitter
• The Mind Spy Guy 

Prior to WatchDox, Ryan was instrumental in running solutions across Hewlett-Packard’s portfolio of security products. He has also held a variety of marketing leadership positions at ArcSight and VeriSign including EMEA regional manager. Ryan received his bachelor's degree from Stanford University, where he studied fault tolerance, cryptography, and authentication algorithms.

In this episode we discuss his start in cyber security, his transition to marketing and product management, the importance of communication skills, the changing role of the CISO, AI and machine learning, the malware research his team does, the spread of ransomware, and so much more.

Where you can find Ryan:

• LinkedIn
• Twitter
• Proofpoint Blog

As a hacker himself, Jobert has reported critical vulnerabilities to GitLab, Yahoo, Slack, Snapchat among others. Before founding HackerOne, he was a successful penetration tester for a company he founded with customers included: Twitter, Facebook, Evernote and Airbnb, among others. He studied Computer Science at Hanze University Groningen.

In this episode we discuss his early hacking days, how he turned hacking into a job, why he started HackerOne, secure software development, lessons learned as a founder, Internet of Things vulnerabilities, and so much more.

Where you can find Jobert:

• LinkedIn
• Twitter
• HackerOne
• GitHub

Joseph is a Certified Information Systems Security Professional (CISSP), active member of the cyber security community, frequent speaker at cyber security conferences globally, and is often quoted and contributes to global cyber security publications. He is also the author of Privileged Account Management for Dummies.

Joseph regularly shares his knowledge and experience by giving workshops on vulnerabilities assessments, patch management best practices, and the evolving cyber security perimeter and the EU General Data Protection Regulation.

In this episode we discuss his transition from IT to cyber security, privacy vs. security, international information security, IoT privacy, credential management, why you shouldn't blame the users, people-centric security, hiring information security professionals, cyber security metrics, and so much more.

Where you can find Joe:

• LinkedIn
• Twitter
• Thycotic Blog

I have been doing IT and security consulting for a long time. Over this time, I have noticed a few things that are worth noting when hiring a security consultant. In fact, I would say until you perform some basics and perform some due diligence on your own, don't hire me or any other security consultant. Yes, this seems a little counter intuitive for me to say, "Don't hire me," but there are many common elements I see in environment after environment both on the proactive and responsive engagements.

This episode will touch on some of these elements and is by no means all inclusive.

The take away is to get to know thy self and do your home work!

Brett began his career as a digital forensics investigator in law enforcement and was trained by the Federal Law Enforcement Training Center, the US Department of Homeland Security, the National White Collar Crime Center, and a multitude of forensic software manufacturers. Brett has taught over 1,000 persons in law enforcement, colleges, and law firms in topics including high tech investigative methods and forensic analysis and gives presentations on high-tech investigations regularly.

His prior law enforcement duties included assignments in state and federal task forces, with investigations spanning multiple countries and states where his cases targeted career criminals and international criminal organizations.

In this episode we discuss starting forensics in law enforcement, his approaches to investigations, what makes a good DFIR examiner, forensic tools, Windows FE, book writing advice, IoT surveillance, and so much more.

Where you can find Brett:

• Web
• Twitter
• Keybase
• Amazon
• DFIR Online Training

He invented the concept of honeynets, founded the Honeynet Project, and published three security books. Lance has worked and consulted in over 25 countries and helped over 350 organizations plan, maintain, and measure their security awareness programs. In addition, Lance is a member of the Board of Directors for the National Cyber Security Alliance, frequent presenter, serial tweeter, and works on numerous community security projects. Before working in information security, Lance served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois.

In this episode we discuss moving from technical to human security controls, designing a effective security awareness program, changing human behavior, metrics to use in awareness programs, what is different with IoT and security, the 2017 SANS Security Awareness report, picking organizational leads for training programs, and so much more.

Where you can find Lance:

• LinkedIn
• Twitter
• Blog
• Securing the Human
• OUCH! Newsletter

Casey pioneered the Bug Bounty as-a-Service model launching the first programs on Bugcrowd in 2012, and has presented at Blackhat, Defcon, Derbycon, SOURCE Boston, AISA National, and many others. He is happy as long as he's got a problem to solve, an opportunity to develop, a kick ass group of people to bring along for the ride, and free reign on t-shirt designs.

In this episode we discuss fixing the Internet, bug bounty programs, designing software with security in mind, IoT security, changing security training and recruitment, responsible disclosure, entrepreneurship and starting a company, and so much more.

Where you can find Casey:

• LinkedIn
• Twitter
• Blog

Rob is the Chief Information Security Officer at Ping Identity. In addition to his job at Ping Identity, Robb is an active member of the Colorado security community. In early 2017 he co-founded the Colorado = Security podcast with Alex. Robb serves on the board for the mountain region’s largest security conference, Rocky Mountain Information Security Conference and he recently ended his term as President of ISSA Denver, the largest ISSA chapter in the world.

Alex is the Chief Information Security Officer for Pulte Financial Services and has over 18 years of experience in information security. Previously he has had managerial, program, and technical roles at several major companies in different verticals. Additionally, Alex has served on the Board of Directors for ISSA International and is a host of the Colorado = Security podcast. Alex is a CISSP and has a MAS in Information Security from the University of Denver.

In this episode we discuss volunteering in the cyber security community, the local Denver security community, security leadership, recruiting outside of traditional, the importance of IR planning, selling security within an organization, and so more.

Colorado = Security Website

Where you can find Rob:

• LinkedIn
• Twitter
• Blog

Where you can find Alex:

• LinkedIn
• Twitter

In this episode, I explore the concept of Independence. In the US, this week we are celebrating Independence Day. This got me thinking about what that means in my business experience. I wanted to share a few observations for those who are thinking about going out on their own either as an independent contractor or to start their own business.

Please take a listen and let me and other listeners know of any tips or experiences you may have had if you were working independently or started a business.

Also, go back and listen to episodes with David Cowen and Hal Pomeranz. Both have taken the independent route and have shared advice in their episodes.

I hope everyone celebrating July 4th has a safe and fun holiday. Please subscribe so you don't miss any episodes. Next week, we are back to interviews with leaders and experts in cyber security.

There is a bit of a story that goes along with it. I wanted to share this story because I think sheds light into life and career changes that others can learn from. Sharing stories on careers and challenges is a big part of this podcast. Many people can feel alone in their cyber security journeys and I some of the struggles that I have been going through lately can allow those going through their own challenges feel connected and hopefully cope with uncertainty.

I know there are others out there that have gone through some major life and career challenges. Know you are not alone, and you can get through it.

So the podcast is firing back-up. Look for some great interviews in the coming weeks. I greatly appreciate all of the listener support and feed back I receive. It has definitely helped me recently.

So please take a listen to this episode and stay tuned for the next round of episodes!

In addition to overseeing the SecureSet Accelerator, Alex is also the Cofounder of SecureSet and the companies former CTO. He served as a Tech Strategist for the Department of Homeland Security, Guest Researcher to the National Institute of Standards and Technology, and Legislative Assistant to the US Congress. He served on the Integrated Task Force for the NIST Cybersecurity Framework and serves on the board of a number of security startups. Alex has an M.S. from CU Boulder School of Engineering and Applied Science and an M.A. from the US Naval War College. He is a Fellow with the New America Foundation’s Cybersecurity Initiative and was a speaker at DEFCON 2016.

David is a Managing Partner of the SecureSet Accelerator, focusing on Venture Operations. David spent the past 20+ years engaged with leading edge startups, vibrant thought leaders, and imaginative technologists. He remains active as an advisor and mentor for early stage cyber security startups and university systems.

In this episode we discuss investing in cyber security companies, tips for starting a new company, how to make better information security products, cyber security education that works, the machine learning and AI buzzwords, Denver, CO's growing cyber security community, how the government can help improve cyber security, and so much more.

Where you can find Alex:

• LinkedIn
• Twitter
• SecureSet Blog

Where you can find David:

• LinkedIn
• Twitter
• SecureSet Facebook

Prior to becoming an independent security consultant, Troy worked at Pfizer with the last seven years being responsible for application architecture in the Asia Pacific region. This time spent in a large corporate environment gave him huge exposure to all aspects of technology as well as the diverse cultures his role spanned. Many of the things he teaches in post-corporate life are based on these experiences, particularly as a result of working with a large number of outsourcing vendors across the globe.

Troy is most famously know for creating the the Have I been pwned? (HIBP) website, a free service that aggregates data breaches and helps people establish if they've been impacted by malicious activity on the web. As well as being a useful service for the security community, HIBP has given him an avenue to ship code that runs at scale on Microsoft's Azure cloud platform. Troy has been featured in a number of articles with publications including Forbes, TIME magazine, Mashable, PCWorld, ZDNet and Yahoo! Tech.

In this episode we discuss teaching developers security, learning on your own, becoming an instructor, cyber security in enterprise organizations, budgeting for security, building a personal brand, and so much more.

Where you can find Troy:

• TroyHunt.com
• LinkedIn
• Twitter
• YouTube
• Pluralsight
• Have I been pwned?

Prior to starting Magnet Forensics, Jad spent seven years with the Waterloo Regional Police Service. While with the police department, Jad was responsible for recovering Internet evidence from computers to support the force's investigations. He then developed Internet Evidence Finder which quickly became one of the most popular digital forensic tools for law enforcement and commercial practitioners.

Jad is a recognized digital forensics speaker at industry events including: CEIC, Crimes Against Children Conference, EuroForensics, F3, HTCIA, ICDDF, SANS, and the Canadian Police College. Jad holds a Diploma in Computer Science and Network Security from Mohawk College (Hamilton, Canada).

In this episode we discuss the Operation Underground Railroad sting, being a police officer vs. running a business, the most important skill an investigator needs, his favorite tool outside of his, cloud forensics, and so much more.

Where you can find Jad:

• LinkedIn
• Twitter
• Magenet Forensic Blog

Theresa began her career in financial services, where she coupled her deep understanding of technology systems with visionary leadership, executing complex IT strategies and winning new business. Following executive roles Bank of America and Wachovia, Theresa served as the first female chief information officer at the White House, overseeing IT operations for President George W. Bush and his staff.

In 2015, Theresa was named a William J. Clinton distinguished lecturer by the Clinton School of Public Service. She is the author of several publications on IT strategy and cybersecurity and a frequent speaker on IT risk. In 2014 she co-authored, with Ted Claypoole, the book Privacy in the Age of Big Data: Recognizing Threats, Defending Your Rights, and Protecting Your Family, which was subsequently featured on the Daily Show with John Stewart.

Among her numerous accolades and recognitions, Theresa was named one of the top 25 Most Influential People in Security by Security Magazine and One of Infosec’s Rising Stars and Hidden Gems by Tripwire. In 2005 she was honored as Charlotte, NC’s Woman of the Year.

In this episode we discuss managing risk, communicating with business owners about security, why security needs to be designed around the human, her role at the White House, privacy vs. security, how the government can help with cyber security, and so much more.

Where you can find Theresa:

• LinkedIn
• Twitter
• Fortalice Blog
• CBS

While perfectly at home in the Windows and Mac forensics world, Hal is a recognized expert in the analysis of Linux and Unix systems, and has made key contributions in this domain. His EXT3 file recovery tools were the direct result of an investigation, recovering data that led to multiple indictments and successful prosecutions. His research on EXT4 file system forensics provided a basis for the development of open source forensic support for this file system. Hal has also contributed a popular tool for automating Linux memory acquisition and analysis.

Hal is a SANS Faculty Fellow and SANS' longest tenured instructor and primary instructor for the Securing Linux/Unix (SEC506) course. Hals is also a regular contributor to the SANS Digital Forensics and Incident Response blog and co-author of the Command Line Kung Fu blog.

In this episode we discuss Linux and Unix forensics, his start at Bell Labs, helping others in the industry, data enterprises should collect, running your own security firm, and so much more.

Where you can find Hal:

• LinkedIn
• Twitter
• GitHub
• Righteous IT
• Command Line Kung Fu
• SANS
• Deer Run Associates 

Marie is the CMO at IXIA and is responsible for their brand and global marketing efforts. Marie has more than 20 years of marketing leadership experience spanning the security, routing, switching, telecom and mobility markets. Before joining Ixia, Marie was CMO at Check Point Software Technologies where she reestablished the company as the leading end-to-end security vendor. Prior to that, she was Vice President at Cisco where she led the company’s enterprise networking and security portfolio.

David is the VP of Marketing for Cavirin. Dave has over 25 years of experience spanning corporate and product marketing, product management, digital marketing, and marketing automation. Previous roles included CMO at Teridion, Pluribus, Extreme, and Riverstone Networks as well as senior marketing leadership positions at Nortel and Cisco. His expertise spans information security, networking, cloud deployments, and SaaS.

I really enjoyed this conversation with them. They are both very technical, but can bridge the gap between the technical teams and the C suite. In this episode we discussed how the industry got to where it is now, the pluses and minuses of using FUD to get peoples attention, how marketing teams can be security enablers within an organization, and advice for companies coming to market in the information security space, and so much more.

Where you can find Marie:

• Ixia Blog
• LinkedIn
• Twitter

Where you can find Dave:

• Cavirin Blog
• LinkedIn
• Twitter

Kris is a recognized expert in the field on security, risk, compliance and governance, with appearances in Forbes, CNBC, NPR and USA Today. Within the past five years she has been recognized as 2015 SC Magazine Top 25 Security Managers, 2014 SC Magazine Power Player, 2012 Compass Award Winner by CSO Magazine, one of E-Week’s 2012 “Top Women in Information Security That Everyone Should Know”, Top 25 CTO by InfoWorld, as Top 25 Most Influential Security Executives by Security Magazine. She also holds U.S. and EU patents for Object Oriented Risk Management Models and Methods. Additionally, she is a member of numerous external boards and advisory panels, including SC Magazine’s Editorial Board and Grotech Ventures.

In this episode we discuss her start information security and risk, what worries her about the RSA conference, AI and Machine Learning - and what it means for security, emerging threats, advice for CISOs, communicating risk management, and so much more.

Where you can find Kris:

• LinkedIn
• Twitter
• HITBGSEC 2015 - Kristin Lovejoy - Keynote: Security vs Privacy

Cris is a founding member of L0pht Heavy Industries, a hacker think tank from the late '90s and has testified before the U.S. Senate Committee on Homeland Security and Governmental Affairs. He has also been interviewed for his security expertise by media organizations such as Wired, MSNBC, CNBC and even MTV. Before joining Tenable, he created the Hacker News Network and produced the SpiderLabs Radio weekly news podcast. As a strategist for Tenable, Cris helps clients understand how to apply the unique advantages of continuous monitoring as well as how to meet compliance and security challenges.

I have been following Space Rogue's work since the 90's and am delighted to have him on the show. I encourage people to go back and watch the famous testimony from Cris and the rest of L0pht from almost 20 years ago. It's scary that so many of the issues called out then, still exist today.

In this episode we discuss CyberSquirrel1, FUD and cyber war, the growth of the RSA conference, the start of L0pht heavy industries, L0pht's famous testimony before congress, security basics, and much more.

Where you can find Cris:

• LinkedIn
• Spacerogue.net
• Twitter
• CyberSquirrel1
• Tenable Blog

Plus, everyone should just watch this. It's almost 20 years old and it still is very relevant.

[embed]https://www.youtube.com/watch?v=VVJldn_MmMY[/embed]

I recorded episodes with:

• Cris Thomas (aka Space Rogue), Strategist for Tenable Network Security
• Kristin Lovejoy, CEO of BluVector
• And my first two person interview with Marie Hattar, CMO of IXIA and David Ginsburg, VP Marketing at Cavirin Systems

I really enjoyed my conversations with each of them and look forward to your feedback. Please make sure you are subscribed here so you don't miss any episodes.

In the interim, please listen to this short episode on my take of the event.

Thanks!

Gary holds a dual PhD in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors. He also produces and hosts his own the monthly podcast, the Silver Bullet Security Podcast for IEEE Security & Privacy Magazine (syndicated by SearchSecurity).

Gary is also a self described "alpha geek" and a pioneer in the field of computer security. However, Gary also is a big proponent of life out side of tech. He lives on a farmhouse in Virginia, collects art, plays several musical instruments, an experienced cook, and shares a hobby of mine, craft cocktails. I am truly honored to have him on the show.

In this episode we discuss craft cocktails, his Shmoocon 2017 key note, building in software security, the BSIMM project, breakers as builders, leadership in infosec, cyber security in the media, government relations, Dr. Gary McGraw is the Vice President of Security Technology at Synopsys (SNPS). Gary quite literally helped create the field of software security. He is a globally recognized authority on software security and the author of several bestselling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books. He is also the editor of the Addison-Wesley Software Security series. Gary has also written over 100 peer-reviewed scientific publications, authors a periodic security column for SearchSecurity, is frequently quoted in the press, and regularly speaks at major cyber security conferences. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Max Financial, NTrepid, and Ravenwhite. He has also served as Advisor to Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye).

Gary holds a dual PhD in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors. He also produces and hosts his own the monthly podcast, the Silver Bullet Security Podcast for IEEE Security & Privacy Magazine (syndicated by SearchSecurity).

Gary is also a self described "alpha geek" and a pioneer in the field of computer security. However, Gary also is a big proponent of life out side of tech. He lives on a farmhouse in Virginia, collects art, plays several musical instruments, an experienced cook, and shares a hobby of mine, craft cocktails. I am truly honored to have him on the show.

In this episode we discuss craft cocktails, his Shmoocon 2017 key note, building in software security, the BSIMM project, breakers as builders, leadership in infosec, cyber security in the media, government relations, the NASCAR effect, giving back to your community, and much more.

I hope you enjoy this discussion. Please leave your comments below!

Where you can find Gary:

• GaryMcgraw.com
• Twitter
• Cigital Blog

Books:

• Software Security
• Exploiting Software
• Building Secure Software
• Java Security
• Exploiting Online Games
• Amazon author page for Gary

The Liberal Cocktail

1 1⁄2 oz Rye

1⁄2 oz Sweet vermouth

1⁄4 oz Amer Picon (Note: email me for substitution reccomendations)

1 ds Orange bitters

Instructions:

Stir, strain, straight up, cocktail glass

Throughout her career, Cindy has always looked for opportunities to help in meaningful ways. In one notable case, experts spent a year trying to unlock the phone of a 16-year-old girl who was killed in a tragic traffic accident. As the family prepared to spread the girl's ashes in a ceremony a year after her death, Cindy was given the victim's locked phone. She was able to unlock it, enabling the family to see their daughter's last photos. The family sent Cindy a thank you note that said: "We so appreciate this opportunity you've given us to hold onto a piece of our daughter's life we were sure was lost to us." This is just one example how digital forensics, and a good examiner, can have a tremendously positive impact in peoples lives.

Cindy has also developed the "Fraternal Clone Method" for Cell Phones, a Forensic 4Cast Forensic Examiner of the Year Award winner, a SANS People Who Made a Difference in Security Award winner, and was named a 2016 Women of Influence in IT Security by SC Magazine. She is also one of the nicest and most approachable people in the cyber security and digital forensic industry.

In this interview we discuss starting digital forensics in law enforcement, how she started with mobile forensics in the early 2000's, moving from law enforcement to the private sector, the concerns she has with mobile phones, mobile malware, recruiting and retaining women in DF/IR, developing SANS mobile forensics courses, and much more.

I hope you enjoy this discussion. Please leave your comments below!

Where you can find Cindy:

• LinkedIn
• Twitter
• Gillware Digital Forensics
• SANS

Scott is a highly sought after subject expert on the topic of cyber security and wireless technology for media appearances and commentary. He is often seen on ABC News, Bloomberg TV, Al Jazeera America, CBS This Morning News, CCTV America, CNBC, CNN, Fox Business, Fox News, Good Morning America, Inside Edition, MSNBC and many more. His precautionary advice is heard on dozens of radio stations such as National Public Radio, Sirius XM Radio, Bloomberg Radio, and The Peggy Smedley Show. He regularly presents on visionary issues at conferences around the globe discussing wireless technology and its role in the current cyber security breaches along with his vision for best practices to stay safe in the future. Scott has been interviewed in WSJ, Forbes, Fortune, Success, NY Daily News, Newsweek, USA Today, and The New York Times.

In his latest book, Hacked Again, Scott explores the ins and outs of his experience when his own small business was hacked. Several times. In this eye opening book, he details mayhem and tries understand the motives behind his being hacked.

In this interview we will discuss his experience being hacked, the importance of layer security, how to improve IoT security, drone security, common themes in big breaches, cyber security education, finding your niche, and much more.

I hope you enjoy this discussion. Please leave your comments below!

Where you can find Scott:

• Hacked Again (Amazon)
• LinkedIn
• Twitter
• Blog
• HackEd

It was a great time and in this episode I will recap my experience over the three days.

More ShmooCon information:

• ShmooCon Website
• Twitter
• ShmooConPuzzle
• Shmooganography

Thank you to ShmooCon and the organizers for letting me be part of this event!

His command of both the business and technical aspects of information security has allowed him to specialize in building and boosting highly technical security teams and successful security businesses across North America, EMEA, India and Australia in the last 15 years.

As a top cybersecurity expert with strong technical background and deep knowledge of penetration testing, security architectures, intrusion detection and computer forensics, Ismael has provided security consultancy, advice and guidance to large government and private organisations, including major EU Institutions and US Government Agencies.

Prior to joining Foundstone Services at Intel Security, Ismael worked as Global IT Security Manager for iSOFT Group Ltd, one of the world’s largest providers of healthcare IT solutions, focusing on establishing and managing the IT Security program in more than 40 countries while providing risk-driven strategic planning, defining an ISO 27001 compliant policy framework and working with the applications team to ensure that security was embedded into their SDLC.

Author of security articles for Hakin9, INSECURE Magazine and the SANS Forensics Blog, Ismael also serves on the GIAC Advisory Board and is a Community SANS Instructor.

He holds a Bachelor's degree in Computer Science from the University of Malaga, is certified in Business Administration, and holds numerous professional certifications including the highly regarded GIAC Security Expert (GSE #132) any many others from GIAC, ISC2 and ISACA.

In this interview we will discuss learning security on his own, scoping penetration testing projects, security in the healthcare industry, running international teams, how to drive an internal security culture, developing internal training programs, threat hunting and his rastrea2r threat hunting tool, lessons learned from his IR work, and much more.

I hope you enjoy this discussion. Please leave your comments below!

Where you can find Ismael:

• LinkedIn
• Twitter
• SANS Blog
• Blog
• GitHub

For a number of years, Hayes has served on the Board of the High Technology Crime Investigation Association (HTCIA) Northeast Chapter and was the President of the HTCIA Northeast. Currently, he serves as Second Vice President of the HTCIA Northeast.

Darren is also an accomplished author with numerous peer-reviewed articles on computer forensics. He has co-authored two textbooks and published “A Practical Guide to Computer Forensics Investigations”. Darren has appeared on numerous media and news outlets such as Bloomberg Television, The Street and Fox 5 News and been quoted by CNN, The Guardian (UK), The Times (UK), Wall Street Journal, Financial Times, Forbes, Investor’s Business Daily, MarketWatch, CNBC, ABC News, Forensic Magazine, SC Magazine, PC Magazine, USA Today, Washington Post, New York Post, Daily News and Wired News (to name but a few!). He has also been invited to lecture for the Harvard Business Review, University College Dublin and, more recently, was Visiting Professor at Sapienza University, Rome, Italy.

In this interview we will discuss how he supports law enforcement, developing teaching skills, the importance of problem solving abilities, the challenges when authoring books, misinformation in the media, his involvement with HTCIA, gender roles in information security, foundational skills necessary to be good in information security, immigration challenges, real world physical threats from cyber attacks, the growth of ransomware, the "brain drain" in the government sector, how to learn cyber security on a budget, and much more.

I hope you enjoy this discussion. Please leave your comments below!

Where you can find Darren:

• LinkedIn
• Twitter
• Pace University
• A Practical Guide to Computer Forensics Investigations

In this episode, I am taking a quick look back at the first five episodes with my guests to date:

• Chris Pogue
• David Cowen
• Lenny Zeltser
• Nicholas Percoco
• Morgan Wright

Each of these cyber security professionals have had their own, unique journeys to get where they are. In each interview, I learned a lot about them as individuals, but also got their perspectives on a variety of topics that influence the industry as well as some valuable advice.

Thanks everyone for listening to the first episodes of Cyber Security Interviews. I hope you are all getting some valuable insight to the industry as well as some sage advice.

Next week we are back with our regular schedule of interviews with top cyber security pros. Have a safe and happy new year everyone, I look forward to speaking to you all soon.

Remember to sign up here for email notifications of new episodes.

In this episode, I reflect on 2016 and cyber security. It was an interesting year and information security took a spot light more than I could remember for years past (and probably more than I could have imagined a year ago). Even“hackers” even took runner up as Time’s 2016 Person of the Year!

I will talk about:

• The cyber-attacks against the Ukrainian Critical Infrastructure, also known as Black Energy
• The Central Bank of Bangladesh heist
• The Panama Papers
• The Internet of Things, Distributed Denial of Service attacks against Dyn DNS
• Yahoo's breach
• The email hack of the Democratic National Party

I wish everyone a safe and happy holiday season this year. Next week I am going to take a quick look back at the first five episodes and some of the lessons I learned from my guests.

Thanks, I look forward to speaking to you all soon!

Previously Morgan was a Senior Advisor in the US State Department Antiterrorism Assistance Program and Senior Law Enforcement Advisor for the 2012 Republican National Convention. In addition to 18 years in state and local law enforcement, Morgan has developed solutions in defense, justice and intelligence for the largest technology companies in the world. He has trained over 2,000 law enforcement officers in the investigation of computer crime, including one year training the FBI on internet investigations. He has also taught behavioral analysis interviewing at the National Security Agency.

A highly seasoned interviewer and moderator, Morgan has over 400 appearances on national news shows. In his interviews, he always tries to inspire, inform and entertain with just the right amount of humor and wit.

In this interview we discuss cyber security in the 2016 Presidential election, accountability in cyber security and the failure of leadership, investing in people, machine learning, cyber warfare, insider threats, compliance versus security, on the job training, the importance of communication skills, productivity tips and personal development, and much more.

I hope you enjoy this discussion. Please leave your comments below!

Where you can find Morgan:

• LinkedIn
• Twitter
• morganwright.us
• identitysecurity.com
• morgan.thinkific.com/courses/passwords

Prior to Uptake, Nicholas was the Vice President of Global Services at Rapid7. Nick has also been a Director at KPMG and the head of SpiderLabs at Trustwave where he led more than 2000 incident response and forensic investigations globally, ran thousands of ethical hacking & application security tests for clients, and conducted bleeding-edge security research to improve Trustwave's products.

Before Trustwave, Nick ran the security consulting practices at VeriSign, & Internet Security Systems. In 2004, he drafted an application security framework that became known as the Payment Application Best Practices (PABP). In 2008, this framework was adopted as a global standard called Payment Application Data Security Standard (PA-DSS).

As a speaker, he has provided unique insight around security breaches, malware, mobile security and InfoSec trends to public (Black Hat, DEFCON, and OWASP) & private audiences (Including DHS, US-CERT, Interpol, United States Secret Service) throughout the world.

Nick's research has been featured by media including: The Washington Post, eWeek, PC World, CNET, Wired, Network World, Dark Reading, Fox News, USA Today, Forbes, Computerworld, CSO Magazine, CNN, The Times of London, NPR, Gizmodo, Fast Company, Financial Times & The Wall Street Journal.

Nick is also the creator of THOTCON (a hacking conference held in Chicago each year), & co-founder of The Cavalry movement.

In this interview we discuss his early start with computers, what is a hacker, developing a methodology for penetration testing, how he developed the SpiderLabs name, analytics and automation, when you should evaluate opportunities, moving past the fear of public speaking, his personal "drink-a-different-beer-a-day" contest, research and public disclosure of vulnerabilities, how to secure Internet connected devices, where he recruits talent, and much more.

I hope you enjoy this discussion. Please leave your comments below!

Where you can find Nick:

• LinkedIn
• Twitter
• THOTCON
• I am the Cavalry

Lenny helps shape global infosec practices by teaching incident response and malware defenses at SANS Institute and by sharing knowledge through writing, public speaking and community projects. He has earned the prestigious GIAC Security Expert professional designation and developed the Linux toolkit REMnux, which is used by malware analysts throughout the world. Lenny is on the Board of Directors of SANS Technology Institute and on the Advisory Board of Minerva Labs.

Lenny’s approaches to business and technology are built upon his work experience, independent research, as well as a Computer Science degree from the University of Pennsylvania and an MBA degree from MIT Sloan. His expertise is strongest at the intersection of business, technology, and information security, and spans incident response, infosec cloud services and business strategy. To get a sense for Lenny’s thought process and knowledge areas, take a look at his blog.

In this interview we will discuss why he is passionate about security, stagnating in information security and going back to grad school, public speaking, who has inspired him, his personal challenge asking for advice, early failures in technology, why he developed REMnux to make malware analysis accessible to as many people as possible, cloud security, writing better job descriptions, refining communication skills to technical and non-technical audiences, how to use certifications as a signaling mechanism, building industry relationships, and much more.

I hope you enjoy this discussion. Please leave your comments below!

Where you can find Lenny:

• LinkedIn
• Twitter
• Lenny's Blog
• REMnux

David is also one of the most passionate and active contributors within the cyber security and forensic communities. I look at David's contributions and think he doesn't sleep and/or someone in Dallas, TX there is cloning facility that has produced David Cowens versions 2 -5 which are all running around outputting awesome contributions to the community (yes, like the movie Multiplicity).

Here is just a short list of what David' does to give back to the industry:

• Regular speaker at conferences such as OSDFCon
• Ran his blog, Hacking Exposed Computer Forensics, daily which included a weekly forensic challenge
• Is a Red Team Captain for the National Collegiate Cyber Defense Competition
• Has his own regular video podcast, Forensic Lunch 
• Author of Computer Forensics: InfoSec Pro Guide
• Co-author of Hacking Exposed: Computer Forensics
• Co-author of Anti-Hacker Tool Kit, Third Edition
• Is a SANS Institute Certified Instructor
• Developed TriForce ANJP, forensic software for parsing NTFS journals (also working on HFS+ capabilities)

He is also a two-time Forensic 4cast award winner for both Digital Forensic Article of the Year and Digital Forensic Blog of the year.

When he is not doing all of this, he is also a family man and BBQ aficionado.

Nope. Zero chance this is one person.

In this interview we will discuss how he has accomplished all of this, why he loves being an expert witness, why he moved from pen tester to forensicator, his inspiration to start programming, his favorite type of investigation and the questions to ask, how to hire good talent, what it took to develop TriForce ANJP and how it was a community effort, how no one stands on their own in the industry, and much more.

I hope you enjoy this discussion. Please leave your comments below!

Where you can find David:

• LinkedIn
• Twitter
• Hacking Exposed Computer Forensics
• Forensic Lunch 

His extensive experience is drawn from careers as a cyber crimes investigator, ethical hacker, military officer, and law enforcement and military instructor. In 2010, Chris was named a SANS Thought Leader, ran an award-winning security blog (The Digital Standard), and has contributed to multiple security publications. Chris holds a Master's Degree in Information Security and is also an adjunct cyber security professor at Southern Utah University. He also was a contributing author for Data Breach Preparation and Response: Breaches are Certain, Impact is Not.

Chris is just one of those guys in cyber security I knew I had to have on the show out of the gate. He is an extremely bright guy and very passionate about information security. He is also pleasure to talk to. He coined the methodology and term "Sniper Forensics" a few years back, and it had a huge impact on the way I approach digital forensic investigations.

In this interview we discuss his military background, his start as a penetration tester, his transition from tech to executive, books that have influenced him, using the scientific method, the merger of cyber crime and physical crime, training cyber security staff, the importance of communication skills, cognitive biases and Parkinson's Law of Triviality, and much more.

I hope you enjoy this discussion. Please leave your comments below

Where you can find Chris:

• LinkedIn
• Twitter
• The Digital Standard
• Nuix Blog

As far back as I can remember, I always wanted to be a hacker.

In 1981, at an impressionable age five, I plopped down in front of a Texas Instruments TI99/4A computer. It had a whopping 3MHz CPU, 16K of RAM, and 16 colors. My parents got one for the home and I mostly used it to play video games. My favorite game was Hunt the Wumpus.

At some point, I came across Compute! magazine that had instructional pages of BASIC, spaghetti code programs that you could use to run on your computer. After hours of painstakingly transcribing lines and lines of GOTO commands into the TI99, I would have a small colored box bounce from one side of the screen to the other. Then back again. #Fun.

[caption id="attachment_1332" align="alignleft" width="173"]“Hi sugar. After you store my 'portable' computer, can you please light my Pall Mall and fetch me a double Alabama Slammer?" Image source: Oldcomputers[/caption]

The Reagan 1980's roared on and computers gained greater adoption in the business community, particularly in finance and accounting. However, computers for the general public consumption were still in their infancy. Glorified calculators with some generic word processing capabilities. Then movies like Tron and War Games came out. Whoa. They depicted the anti-heros as computer users, but different. They were hacker misfits, but cool in their own way. They could command computers to do powerful things. I wanted to do that.

My parents continued to bring technology into the home (they were leading communication consultants and authors) including new computers to play with, break, and hopefully, repair. In the summer of 1983 we made the investment in a Compaq Portable Plus. This was also a deciding point because it set me down the IBM/PC market path (sorry Apple). Mind you, this beast of plastic and metal was marketed as "portable" at 28 pounds. Nine-inch monochrome monitor and detachable keyboard? Heck yeah I'll travel with this thing! And we did!

The real selling point to me on this computer was WordPerfect 3 with the spell checking feature and a printer. No longer was I chained to homework assignments of handwritten drafts! I was able to write a book report on birds, it showed me how horrid my spelling was, and I could print it. Sold. However, my final submission caused a certain amount of controversy with my teacher. She accused my parents of writing this masterpiece. With Kerouac-esque lines like "Cardinals are red," I can see the confusion. She simply couldn’t understand how a kid could use a computer to write a paper. This resulted in my parents meeting with the teacher and principal to explain how I could possibly do such a thing.

Luckily things started to change and computers were becoming more mainstream. They were more and more likely to be common appliances in the home.

“I asked for a car, I got a computer. How’s that for being born under a bad sign.”– Ferris Buller

[caption id="attachment_1333" align="alignleft" width="568"]A MUD. By Source, Fair use,...]]>Before we tackle the hearts and minds of some of the leaders and influencers in cyber security, I wanted to provide a little background about me and how I got started in cyber security.

As far back as I can remember, I always wanted to be a hacker.

In 1981, at an impressionable age five, I plopped down in front of a Texas Instruments TI99/4A computer. It had a whopping 3MHz CPU, 16K of RAM, and 16 colors. My parents got one for the home and I mostly used it to play video games. My favorite game was Hunt the Wumpus.

At some point, I came across Compute! magazine that had instructional pages of BASIC, spaghetti code programs that you could use to run on your computer. After hours of painstakingly transcribing lines and lines of GOTO commands into the TI99, I would have a small colored box bounce from one side of the screen to the other. Then back again. #Fun.

[caption id="attachment_1332" align="alignleft" width="173"]“Hi sugar. After you store my 'portable' computer, can you please light my Pall Mall and fetch me a double Alabama Slammer?" Image source: Oldcomputers[/caption]

The Reagan 1980's roared on and computers gained greater adoption in the business community, particularly in finance and accounting. However, computers for the general public consumption were still in their infancy. Glorified calculators with some generic word processing capabilities. Then movies like Tron and War Games came out. Whoa. They depicted the anti-heros as computer users, but different. They were hacker misfits, but cool in their own way. They could command computers to do powerful things. I wanted to do that.

My parents continued to bring technology into the home (they were leading communication consultants and authors) including new computers to play with, break, and hopefully, repair. In the summer of 1983 we made the investment in a Compaq Portable Plus. This was also a deciding point because it set me down the IBM/PC market path (sorry Apple). Mind you, this beast of plastic and metal was marketed as "portable" at 28 pounds. Nine-inch monochrome monitor and detachable keyboard? Heck yeah I'll travel with this thing! And we did!

The real selling point to me on this computer was WordPerfect 3 with the spell checking feature and a printer. No longer was I chained to homework assignments of handwritten drafts! I was able to write a book report on birds, it showed me how horrid my spelling was, and I could print it. Sold. However, my final submission caused a certain amount of controversy with my teacher. She accused my parents of writing this masterpiece. With Kerouac-esque lines like "Cardinals are red," I can see the confusion. She simply couldn’t understand how a kid could use a computer to write a paper. This resulted in my parents meeting with the teacher and principal to explain how I could possibly do such a thing.

Luckily things started to change and computers were becoming more mainstream. They were more and more likely to be common appliances in the home.

“I asked for a car, I got a computer. How’s that for being born under a bad sign.”– Ferris Buller

[caption id="attachment_1333" align="alignleft" width="568"]A MUD. By Source, Fair use, Wikipedia.org[/caption]

In the late 1980’s, we started using CompuServe and then Prodigy. A whole other world with computers opened up. Computers, and me, were now connected to people all over. I could chat and play text based online games. Hardly worth PewDiePie commentary, but it was fun to explore these MUD's (Multi-User Dungeons).

For those old enough to remember, this also created some lessons in POTS and the North American Numbering Plan (NANP). For those not old enough to remember, for these services we had to find "local" numbers to have our computers dial into (yes on landline phones, now get off my lawn). If you didn't use a local number, the Bell carriers would charge you long distant charges per minute on top of the per minute charges of the online service. Whoops, sorry dad.

In early 1990's while in high school I became the "go to" family member and friend who could fix computers. "Doug, the stupid thing won't turn on." "Windows won't open." "I have no sound." I have edited my fair share of Autoexec.bat files and fixed paths in Config.sys files just to get computers to boot or play noises (Sound Blaster drivers anyone?).

At some point, we moved away from Prodigy and got on this new thing called the "Internet" with a local ISP. I wasn't limited to messaging users on closed systems or bulletin boards anymore. Now, I could email people with a publicly routable address and post and search Usenet forums. It was pretty cool to suddenly be able interact with people all over the world. I even saved my pennies to make the big jump to a 28.8k modem for some real speed!

After graduating high school, I was faced with a “do what you love” (computers) or “do what you should” (college) scenario. The options to combine the two scenarios at that particular time was not appealing. The big push for college computer science in the early/mid 1990’s was still focused around mainframe computers and COBOL programming. Um, no thanks. It was not appealing to get pushed towards what I felt was an antiquated architecture when home and small business PC’s were on an exponential rise, the Internet was gaining visibility, and LAN equipment prices were falling.

Through my parent’s communication consulting company, I gave presentations at business groups in Poughkeepsie, NY (IBM country![1]) about using the Internet and the World-Wide-Web to market and promote your business. After one of these talks, a gentleman came up to me and said, “Kid this is all great, but no one knows what the hell you are talking about. People and businesses need more general help with computers.” Good point. I took my college savings and started a computer consulting company called Computer House Calls. Business quickly took off and I grew a decent client base serving the Hudson Valley in New York. The best part was I was doing what I loved: troubleshooting and exploring technology.

I also started to get more interested in cyber security as well as hacker culture. I was very intrigued by the interplay between technology, law, activism, privacy, and security. I devoured books like the The Cuckoo's Egg and The Hacker Crackdown. I consumed back issues of 2600 and Phrack and regularly listened to Off the Hook (which as far as I can surmise, is the first “podcast”/radio show dedicated to cyber security). When the movie Sneakers came out, I wanted to be Robert Redford’s character Marty Bishop and run a team that would get paid to hack in to places.

I closely followed the exploits and (mis)adventures of hackers like Kevin Mitnick and Kevin Poulsen. I was amazed by what they were able to pull off. What was even more shocking was the fearful reaction they garnered from law enforcement and the media. When Mitnick was finally caught, the prosecution made claims that he could start a nuclear war by whistling into a payphone. To me, this demonstrated a huge disconnect with the public’s understanding of how to secure technology work, even while becoming voracious consumers of all things digital.

During the Internet bubble of the late 1990’s and into the early 2000’s I started and built various IT consulting companies with services around networking, desktops, support, web design, and home automation. I did a ton of malware and virus remediation for clients and was exposed to the various tools that let me see how these nasty pieces of software propagated and infected machines.

By the time the global financial crisis hit, I decided to focus exclusively on cyber security. It was (and still is) what I loved doing and the marketplace for these services was maturing. I started The Digital Forensic Group, a firm focused on digital forensics, incident response, electronic discovery, and security consulting. I then moved my practice to larger consulting firms to cover end to end security consulting. I have worked investigations involving computer hacking, insider threats, massive corporate espionage, and trade secret theft, as well as assisted clients improve their defenses by having me break into their networks.

Currently, I run an amazing “A” team of forensicators, penetration testers, security analysts, and data privacy experts. We provide a full range of cyber security and information governance consulting services to clients around the globe. Most importantly, I get to do what I am passionate about and love doing. Every day I get to be a hacker, solve complex problems, and help people achieve a better state of information security. It’s a dream come true.

However, as I look back on my journey and talk to others, I realize there is no “one way” to start and stay in the field of cyber security. Whether you are involved from the military, law enforcement, consulting, or IT services, it doesn’t matter. There is no one path. Additionally, that type of diversity of professionals only makes the industry stronger. We all need to learn from each other and share our experiences. There is not one person who knows it all.

I also love the willingness to help each other and the collaboration to solve problems from this diverse set of professionals in cyber security. There truly is a security “community.” Whether it is a technical problem or a career hurdle, there is someone else out there who has overcome that same obstacle. I have had countless discussions for years with other professionals online, at conferences, or over drinks, which have changed the way I think about cyber security. Sometimes, it was just enough to hear that I was not alone when mulling an opinion or thought.

So, that is where my idea to create this podcast started. What if I can capture those moments and frank discussions? I want to share the stories from other cyber security leaders and influencers so everyone can learn from their respective journeys and challenges. Why did they take the path they did? Who were their mentors? How did they tackle some of their biggest career challenges? Where do they think the industry is going?

By hearing how the industry leaders and influencers got to where they are and how they overcame some of the problems they faced, I hope to shed light on the path for other professionals. Also, the cyber security professionals I have come to know over the years are some of the funniest, intelligent, and most interesting people I have ever met. It has been very rewarding to get to know them want to share this experience with others.

So please join me as we meet the leaders and influencers in cyber security. I will discover what motivates them, explore their journey in cyber security, and discuss where they think the industry is going. Cyber Security Interviews will let listeners learn from the experts' stories and hear their opinions on what works (and doesn't) in cyber security.

Thank you, I look forward to hearing all of your stories.

- Douglas A. Brush

[1] I still have a weird vision of Lou Gerstner riding horseback through the Hudson Valley, dressed like the Marlboro man, corralling thousands mid-level mainframe production managers.