Colin Domoney, CTO and co-founder of Thinking of U, shares his career journey in cybersecurity and his expertise in API security. He started as a kid building electronics and crypto systems, which led him to develop battle-hardened defense systems. He gravitated towards software and eventually got into AppSec, diving into the deep end and fixing a million AppSec vulnerabilities. Colin emphasizes the importance of developers having security skills and offers advice on how to build something cool that is also secure. He discusses the unique challenges and opportunities in API security and the role of AI in the industry.TakeawaysDevelopers with security skills are highly sought after in the industry.API security requires a different approach compared to standard web app security.API security encompasses a wide range of tools and techniques, from shift left to runtime protection.Colin's book, Defending APIs, is aimed at anyone tasked with defending APIs, with a focus on developers.AI is a powerful tool that accelerates learning and problem-solving in various areas, including cybersecurity.AI creates both opportunities and challenges in the industry, and it is important to stay informed and adapt to its impact.

Summary:In this episode, Gene discusses management principles and leadership strategies for senior leaders and aspiring entrepreneurs with Tom Heiser, previously CEO of ClickSoftware, EVP at EMC, and President at RSA the cyber division of EMC. They cover topics such as opening the aperture, balancing strategy and tactics, embracing change, connecting the dots, and more. The conversation emphasizes the importance of learning from tough times, setting a clear vision, and problem-solving with a positive mindset.TakeawaysBalancing strategy and tactics is crucial for success in leadership roles.Embracing change and learning from tough times are essential for personal and professional growth.The rule of 15 degrees emphasizes the importance of iteration and continuous improvement in business strategies.Asking 'why' five times to find the root cause is a valuable problem-solving technique.Maintaining a positive mindset and focusing on the achievable is key to overcoming challenges in leadership and business.Setting a clear vision and connecting the dots between current state and desired state is essential for success in business and leadership.

Jim Alkove, CEO and co-founder of Olaria, shares his career journey and insights on cybersecurity training and becoming a board advisor. He emphasizes the importance of starting at the beginning and gaining experience in software engineering during his time at Microsoft. Alkove highlights the need for a more diverse pool of candidates and situational training to meet the workforce demands of the cybersecurity industry. He also discusses the significance of company culture and values in building successful teams. Alkove provides advice on moving laterally to gain broader skills and transitioning to advisory roles in early-stage companies.Key TakeawaysMove laterally to gain broader skillsets while in early-stage of careers.Training needs to be more accessible to a diverse pool of candidates in order to meet the demands of the cybersecurity industry.Company culture and values are crucial in building successful teams.Write down your goals, be humble, and be open to learning and criticism.

In this episode, Gene Fay interviews Ed Adams, President and CEO at Security Innovation, about his journey into cybersecurity and his work in advancing software security practices. Ed shares his story of transitioning from quality assurance in software at Rational Software to founding Security Innovation, a company focused on application security and training. Ed also dives into his book, See Yourself in Cybersecurity Careers Beyond Hacking, which highlights the many career paths available in the cybersecurity industry beyond hands-on keyboard roles. He discusses the cybersecurity talent shortage, particularly how it affects underrepresented groups, and the need for organizations to rethink how they hire and retain talent.Takeaways:There are many ways to start a career in cybersecurity, even from non-technical backgrounds.Security is an integral part of software quality can help developers and organizations create more secure, reliable applications.The book, See Yourself in Cybersecurity Careers Beyond Hacking, focuses on educating the next generation of cybersecurity professionals and promoting diversity in the field.The cybersecurity talent shortage is not about the lack of skilled individuals, but about outdated hiring practices and insufficient investment in talent development.

In this episode, Gene Fay interviews Sammy Migues, Principal at Imbricate Security, about his journey into cybersecurity and his work on the Building Security in Maturity Model (BSIMM). Sammy shares his experience starting in computer science in the late 1970s and how he became a computer security professional. He explains the motivation behind creating the BSIMM and how it helps organizations measure and improve their software security practices. Sammy also discusses the trifecta for career success, which includes setting a strategy, translating business objectives into actionable steps, and contextualizing skills within the organization. Finally, Sammy shares his thoughts on the cybersecurity shortage and the challenges in hiring and retaining skilled professionals.TakeawaysStarting a career in cybersecurity can begin with a degree in computer science and a willingness to adapt and learn as the industry evolves.The Building Security in Maturity Model (BSIM) is a framework that helps organizations measure and improve their software security practices.The trifecta for career success in management includes setting a strategy, translating business objectives into actionable steps, and contextualizing skills within the organization.The cybersecurity shortage is not just a lack of professionals, but also a result of challenging hiring processes and unrealistic job requirements.

Summary:In this episode, Gene Fay interviews Jeff Hudesman, CISO at Pinwheel, about his career in cybersecurity. Jeff shares his journey from starting as an intern at Memorial Sloan Kettering Cancer Center to working at Sony and eventually joining Pinwheel. He discusses the differences between working in large companies like Sony and startups, highlighting the ability to be impactful and the agility of startups. Jeff also shares an anecdote about a security incident at a water treatment facility and emphasizes the importance of planning in cybersecurity.Takeaways:Working in both large companies and startups can provide valuable experiences in cybersecurity.Startups offer the opportunity to be impactful and make a significant difference.Cybersecurity incidents can occur even in critical infrastructure facilities like water treatment plants.Planning is indispensable in cybersecurity, as threats are dynamic and constantly changing.

Omer Cohen CISO of Descope shares his career story, highlights include:Joy in the constant variety of work in incident responseBenefits of a mature approach to cybersecurity as a start-upSeeing his work in cybersecurity result in a real-world impact and the arrest and prosecution of cybercriminalsB-Sides and the fun of small in person meet-ups

Cybersecurity recruiter Kyle McIntyre offers unique guidance based on his work as a retained search specialist working with hiring managers (VPs & C-Levels) in the cybersecurity industry in this episode. He and Gene discuss: How to conduct preliminary research on potential employers and career pathsHow to reverse engineer desirable backgrounds to demystify potential career pathsTips on crafting effective & thoughtful outreach to hiring managersAdvice on optimizing your resume & profile for breaking into cyber with no prior industry experienceHow to manage imposter syndrome, anxiety and self-doubt during a job searchMoreKyle McIntyre on LinkedIn: https://www.linkedin.com/in/thekylemcintyre/

In this episode, Gene Fay interviews Tom Heiser about his journey and shares tenets for managing oneself. The conversation covers topics such as execution, accountability, expressing passion, doing the best job possible, getting outside one's comfort zone, and focusing on what one can control.TakeawaysExecution is key to success. Just do it.Accountability is important in personal and professional growth.Expressing passion and committing to one's work leads to fulfillment and success.Doing the best job possible is a pathway to career advancement.Getting outside one's comfort zone fosters personal and professional growth.Focus on what you can control and be present in the current situation.

Neil Bahadur, Head of Product in Cybersecurity at Wells Fargo, developed a unique and valuable perspective by switching from security to business development and back to security. In this episode, he and Gene discuss that transition and what he learned from it. They also discuss cybersecurity trends those new to the industry should be aware of, and more.Neil Bahadur on LinkedIn: https://www.linkedin.com/in/neilbahadur/