Chasing Entropy Podcast by 1Password

In this engaging chat, Thom Langford, EMEA CTO at Rapid7 and a two-time recovering CISO, reflects on his unique journey into cybersecurity. He shares insights on the emotional challenges faced in the field, including burnout and imposter syndrome, lightening the mood with humor and relatable stories. Thom emphasizes the importance of mentorship and community, while advocating for a more user-friendly approach to security that doesn't sacrifice fun. His outlook shows that serious topics can still have a playful twist, making learning enjoyable.

Allison Miller, a cybersecurity veteran and founder of Cartomancy Labs, shares her fascinating journey from childhood hacker to industry expert. She discusses how fraud reveals system weaknesses and emphasizes the importance of understanding payment and identity vulnerabilities. Allison also delves into the evolving role of AI in cybersecurity, highlighting its potential for detection and automation while addressing governance concerns. Her insights challenge organizations to enhance trust and security in a rapidly changing digital landscape.

Wendy Nather, a cybersecurity trailblazer known for her innovative concept of the 'security poverty line,' shares her unconventional career journey. She discusses her transition from Unix systems at a Swiss bank to pivotal CISO roles. Wendy emphasizes the need for empathy in cybersecurity leadership, arguing that understanding people is key to success. She highlights how resource constraints impact security practices and calls for a collaborative approach between security and business operations. Her insights inspire a more inclusive view of cybersecurity careers.

In a candid conversation, Adrian Sanabria, Principal Researcher at the Defenders Initiative and founder of Destroyed by Breach, shares his unconventional path from tech support to cybersecurity thought leader. He debunks common myths, arguing many industry 'best practices' are outdated and often ineffective. Adrian discusses the impact of emerging threats like Agentic AI, emphasizing the need for foundational problem-solving over hastily adopted innovations. His insights on mentorship and community engagement highlight the importance of empathy in tech support and broader cybersecurity.

Matt Johansen, a cybersecurity thought leader and founder of Vulnerable U, dives into his remarkable journey from a student's church pew to a leading voice in cybersecurity. He shares the pivotal moments that sparked his career through networking and mentors. Matt discusses the stark contrasts between agile startup environments and rigid corporate structures, highlighting challenges like shadow IT. With a passionate focus on mental health, he advocates for systemic changes to combat burnout and critiques the 'superhero culture' pervasive in the field.

Runa Sandvik, founder of security consulting firm Granite and a keen advocate for cybersecurity in high-risk spaces, joins the conversation. She shares her journey from hacking in Oslo to enhancing security at The New York Times, notably launching a whistleblower tip line. Runa discusses how cybersecurity pros can better support journalists through strong relationships and highlights critical initiatives. In a surprising twist, she reveals her research on hacking smart rifles, exposing alarming vulnerabilities. This conversation is a must-listen for anyone interested in digital security!

Rich Mogull, SVP of Cloud Security at Firemon and CEO of Securosis, shares his unique journey from being a paramedic to a cybersecurity expert. He discusses how lessons from managing physical disasters, like hurricanes, can enhance IT security incident response. The conversation digs into the concept of Black Swan events—unexpected crises that demand resilient strategies. Rich also emphasizes the value of early career opportunities and mentorship, urging cybersecurity professionals to cultivate adaptable, proactive responses to emerging threats.

Jennifer Leggio, a cybersecurity strategist and community builder, shares her journey from COO to Chief Strategy Officer, emphasizing that passion trumps titles. She discusses the origins of the Security Twits community on Twitter and the dangers of shadow IT in organizations. Communication is key in cybersecurity—responsible disclosure can prevent crises. Leggio also underscores the need to learn from past lessons, like patching and password hygiene, while encouraging newcomers to seek mentors and explore their passions for a fulfilling career.