Cyber Security & Cloud Podcast

  Stephanie Dannan is an application security all rounder,  and the Head of Application Security at Markel. She is a shining example of someone getting into Cyber Security without direct experience in the field and without a robust technical understanding of application development. Her background is in behavioural health, and she got a master's degree in professional counselling. In this episode, Stephanie shares valuable advice for anyone considering a career in cyber security.    The episode is brought to you by AppSec Phoenix Ltd with the Phoenix platform, you can make Vulnerability management for software and organization SMART.  Follow the tag #appsecsmart https://www.appsecphoenix.com to get a free 30-day licence quoting CSCP https://landing.appsecphoenix.com/register   0:00 Introductions 2:40 Unusual journey into cyber security 6:30 Intro to application security 8:30 State of the industry, not enough entry level positions   11:20 Communication with developers 17:44 Technical language barrier, technical or not 20:46 Advise for getting into field 25:14 Funny password story 27:14 Discussing risk 32:22 Final positive message 34:42 Connect with Stephanie 35:50 Outro    Stephanie Dannan https://www.linkedin.com/in/stephaniedannan/      Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/   

  Brook Schoenfield is an Elder AppSec Diplomat, the author of seven books about software security and AppSec, a researcher, the builder and leader of four AppSec programs at major tech companies, and a Master Security Architect for consultancies. Brook talks about his long career path, concerns and hopes for the industry, and the importance of threat modelling. There are 27-28 million programmers on Earth, but Brook fears that only a million work in security.    The episode is brought to you by AppSec Phoenix Ltd with the Phoenix Security Cloud Platform, you can make vulnerability management for software and cloud SMART.  Follow the tag #appsecsmart https://www.appsecphoenix.com Get access today: https://appsecphoenix.com/demo    0:00 Introductions 4:00 27-28 mil programmers need for security 6:30 No silver bullet in software security 8:55 Brook’s career path into security 13:10 Bugs aren’t going anywhere 15:00 Next generation of InfoSec 21:06 Threat modelling, dynamic risk assessment 26:05 Story of threat modelling 28:06 Threat modelling tools 29:40 Beyond functionality, malicious attackers 32:30 Communicating with management 37:50 Tipping point, integrity 41:56 Final positive message 47:33 Outro    Brook Schoenfield Linkedin: https://linkedin.com/in/brookschoenfield  https://brookschoenfield.com Twitter @BrkSchoenfield   Mentioned https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Linkedin: https://linkedin.com/in/fracipo  Twitter @FrankSEC42 #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/   

  Walter Haydock was a Military Officer and worked on Capitol Hill investigating the Department of Homeland Security before going to business school and eventually getting into cybersecurity. Nowadays, he builds software startup security programs to accelerate sales and renewals. He also runs a blog about the industry and is a Fellow at the Center for Security and Emerging Technology. On the podcast with Francesco, they discuss vulnerability and asset management, tools for security triage, and the future of cybersecurity.    The episode is brought to you by AppSec Phoenix Ltd with the Phoenix platform, you can make Vulnerability management for software and organization SMART.  Follow the tag #appsecsmart https://www.appsecphoenix.com to get a free 30-day licence quoting CSCP https://landing.appsecphoenix.com/register   0:00 Introductions 2:11 Starting in cybersecurity 4:45 Background in government/military 7:30 Crisis management 8:55 4 techniques of risk management 10:40 Vulnerability management 15:30 Communicate risk to leaders 18:30 Are we headed in the right direction 18:50 Exploit Prediction Scoring System (EPSS) 22:22 Tools for triage 26:00 Asset management 28:46 New generation of security professionals 32:00 Qualitative VS Quantitative approach to risk 37:25 Calculating risk 38:16 Three pieces of advice 41:20 Closing words and get connected 42:55 Outro    Walter Haydock https://www.linkedin.com/in/walter-haydock/ https://haydock.substack.com Twitter @Walter_Haydock   Mentioned Exploit Prediction Scoring System (EPSS) mend.io      Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/   

  Jonathan Slater is one of three Co-founders at Capslock, a cyber security education start-up tackling the cybersecurity skills gap and helping adults re-skill. CAPSLOCK has raised over £1m pre-seed funding and re-skilled over 200 UK adults in cyber security in 2021.  Jonathan's previous career as a recruiter made him realise there was a gap in the market and he sat down with the other two female co-founders and started capslock. To note capslock is one of the rare startups, luckily more and more common, that is made for more than 50% by a female cofounder.   The episode is brought to you by AppSec Phoenix Ltd with the Phoenix platform you can make Vulnerability management for software and organization SMART.  Follow the tag #appsecsmart https://www.appsecphoenix.com get a free 30-day licence quoting CSCP https://landing.appsecphoenix.com/register Capslock Team 0.00           Introduction 0.35           Jonathan’s background 1.04           Welcome Jonathan 3.30           The state of the industry 6.30           Education catch up 7.35           The importance of soft skills 10.05         Gender diversity and unconscious bias 16.36         Measuring potential 18.40         Team based learning/diversity of thought 23.00         The curriculum 26.15         Cyber – the multidisciplinary field 27.35         Avoiding career redundancy 29.15         Start-up life 30.24         Working remotely 31.08         Maintaining good mental health 32.48         Positive message 33.50         Conclusion   Jonathan Slater   https://www.linkedin.com/company/capslockuk https://www.facebook.com/CAPSLOCKCyber/ @CAPSLOCKcyber for IG + Twitter     Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/   

  Liran Tal is a Developer, Full stack, who joined forces with security professionals to fight the good battle. Github Star, Published author, DevRel and wearer of Yoda hat (hear more in the podcast)   The episode is brought you by AppSec Phoenix Ltd with the Phoenix platform you can make Vulnerability management for software and organization SMART.  Follow the tag #appsecsmart https://www.appsecphoenix.com get a free 30-day licence quoting CSCP https://landing.appsecphoenix.com/register   0.00          Introduction 0.38          LiRan’s background 1.23          Welcome LiRan 3.10          What’s with the hat? 4.15          Getting involved in the industry/ stumbling across cyber security 6.33          Cyber security is a mindset 7.20          Open source security 10.22        How organisations see through a sea of data 13.16        Infrastructure risk 14.18        The responsibility of a developer 18.41       The true core of DevSecOps – the speed of development 21.06       Risk tolerance/Investing in security 22.58       Quantifying risk 25.28       Security is a must 27.00       A systematic approach to security 30.30       Auto-remediation vs. Manual assessment 34.01       Positive message 35.10       The Big Fix 36.00        Connect with LiRan 36.23        Conclusion   Tinesh Chayya   https://www.linkedin.com/in/talliran/  https://twitter.com/liran_tal    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/   

  Tinesh Chhaya is a cybersecurity specialist, a veteran in the industry and CEO of Decipher Cyber - Jenny. Tinesh has 15 years of successful Chief Revenue Officer/cyber corporate and 5 years of start-up entrepreneurial cyber experience. He has built and exited 2 start-ups and currently sits on the board as an advisor to startups within Cyber, EdTech, Software Development and Social Tech.   The episode is brought you by AppSec Phoenix Ltd with the Phoenix platform you can make Vulnerability management for software and organization SMART.  Follow the tag #appsecsmart https://www.appsecphoenix.com get a free 30-day licence quoting CSCP https://landing.appsecphoenix.com/register   0.00          Introduction 0.41          Tinesh’s background 1.39          Welcome Tinesh 2.04          Tinesh’s view on the market 3.10          Cyber security start-ups 5.22          The hot-bed of cyber investment 5.48          4 main areas of cyber searched for 9.55          Differences across the world 12.50        Partnering up with big names 21.34        The mentorship group 22.03        The absence of an accelerator 23.05        Strong community 25.37        The mental struggle 32.08        Failure and resiliency 33.19        Support mechanisms (the importance of a strong team) 35.20        Celebrating successes and failures 36.02        Positive message 37.30        Thank you 37.35        Connect with Tinesh 38.34        Conclusion   Tinesh Chayya   https://www.linkedin.com/in/tinesh-chhaya-07623097/  https://deciphercyber.com/    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/   

  Karissa Breen is Cyber Communications Specialist, Security Investigative Journalist, start-up advisor, entrepreneur, and podcast host based in Sydney. She quickly rose up in the cyber field getting promoted as a Cyber Reporting Analyst, then Pen Testing Engagement Lead then started her own company. She says that better marketing and communication skills would improve many issues in the field. They discuss diversity, women in cyber, soft skills, and how the industry is rapidly changing.    The episode is brought you by AppSec Phoenix Ltd with the Phoenix platform you can make Vulnerability management for software and organization SMART.  Follow the tag #appsecsmart https://www.appsecphoenix.com get a free 30-day licence quoting CSCP https://landing.appsecphoenix.com/register   0:00 Introduction 0:28 Karissa’s background 6:50 Promotions and rising up the ranks 8:46 Creating own company 9:50 Communicating technical terms 12:00 Lightbulb moment 16:05 Chaining role of security 17:50 Advise developing soft skills 20:27 Marketing 23:20 Women in cyber 29:10 Job requirements and diversity 33:40 Positive message 35:15 Connect with Karissa 36:09 Outro    Chris Foulon   Twitter @iamkarissabreen linkedin.com/in/karissabreen https://karissabreen.com Podcast— KBKAST    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/   

  Christophe Foulon is a cyber security practitioner, career coach, speaker, and currently the Sr Manager Cyber Security Consultant at (Undisclosed) and F10 Fintech. He is the co-host of “Breaking into Cybersecurity,” a podcast that encourages people from diverse backgrounds to consider a career in security. He volunteers with two non-profits, “Boots to Books” and “The Whole Cyber Human Initiative,” that benefit veterans and lessen the talent shortage in cyber. Chris shares why mentoring and giving back is important to him.    The episode is brought you by AppSec Phoenix Ltd with the Phoenix platform you can make Vulnerability management for software and organization SMART.  Follow the tag #appsecsmart https://www.appsecphoenix.com get a free 30-day licence quoting CSCP https://landing.appsecphoenix.com/register   0:00 Introduction 0:28 Chris’ background 2:33 Work with non-profits 5:02 Recruiting cyber workforce 8:20 Career possibilities in cyber 10:23 Veterans transition to a cuber career 12:20 Starting a podcast 15:50 Need to network 16:50 Advice for starting in security 19:15 Success stories 23:00 Mentoring 27:20 Positive Message 29:43 Connect with Chris 30:50 Outro    Chris Foulon https://linkedin.com/in/christophefoulon  Twitter @chris_foulon https://anchor.fm/breakingintocybersecurity https://youtube.com/c/BreakingIntoCybersecurity https://cpf-coaching.com https://www.boots2books.com https://www.wholecyberhumaninitiative.org   Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/   

  Is a pleasure to host again our good friend Jim. Jim Manico is an AppSec enthusiast, educator, the Manicode founder, an investor, Java Champion, and an OWASP leader. This passionate conversation revolves around the new OWASP Top 10, reference architecture, threat modelling, SMS authentication, and TLS certificates.    The episode is brought you by AppSec Phoenix Ltd with the Phoenix platform you can make Vulnerability management for software and organization SMART.  Follow the tag #appsecsmart https://www.appsecphoenix.com get a free 30-day licence quoting CSCP https://landing.appsecphoenix.com/register   0:00 Introduction 0:28 Jim’s background 1:50 OWASP Top 10 Old and New 4:05 Secure design and threat modelling 9:55 Reference architecture 14:15 Follow through and scale 16:30 Security bugs 18:13 Authentication 24:32 JWT 27:45 TLS certificates 31:50 Zero trust 32:14 Positive Message 33:50 Connect with Jim 35:00 Outro    Jim Manico Twitter @manicode linkedin.com/in/jmanico manicode.com   manicode.com    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/   

  Aladdin Almubayed is the AppSec Engineering Technical Lead at Robinhood, previously a Senior Security Software Engineer at Netflix. After getting his master in Jordan, he moved to Silicon Valley to work at Yahoo. Francesco and Aladdin discuss the evolving industry, fostering positive relationships with developers, and identifying organizations’ crown jewels.    The episode is brought you by AppSec Phoenix Ltd with the Phoenix platform you can make Vulnerability management for software and organization SMART.  Follow the tag #appsecsmart https://www.appsecphoenix.com get a free 30-day licence quoting CSCP https://landing.appsecphoenix.com/register   0:00 Introduction 0:28 Aladdin’s background 3:40 Masters in Jordan 6:50 Industry past 10 years 7:54 Micro-service architecture 9:44 Work at Netflix 11:08 Work at Robinhood 13:40 Challenges in security 16:00 Security nightmare story 19:40 Security revolution breaking point 21:30 Threat Modeling and Pen Testing 24:50 Creating positive opinion of security 28:36 Quantifying risk 31:26 Positive message 34:40 Connect with Aladdin 35:10 Outro    Aladdin Almubayed https://www.linkedin.com/in/aladdin-mubaied/ Twitter @0xshellrider    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/