Please give us a bit of a background on how you became a vCISO and what responsibilities come with that job?You have built several successful security programs from the ground up - what would you say is the most challenging part of that process?Now that we've talked about some of the challenges around creating a security program, what would you say is the most rewarding or most interesting part of that?Can you talk about some of the flexibility that a vCISO or CISO must have when leading a security team?What does cyber resilience mean to you?

Can you tell us a bit about your role as the Director of SW Modernization for the DoD? What does that entail?On the SW Modernization front, at a high-level, what are some of the primary SW modernziation objectives of the DoD?How does SW modernization tie into National Defense and why is it so critical to get right?There's an increased push to adopt DevSecOps, what are your thoughts on that and why there's such an interest among the DoD/Federal community?Jason Weiss Bio: Jason Weiss has an exceptional background in software engineering, cryptology, and computer security dating back to his service in the US Navy as a cryptologist during the first Gulf War. He is the author of Java Cryptography Extensions, published by Morgan-Kaufman, and co-author or contributor to several other books on distributed computing. He is the sole inventor of the patented Volume Mount Authentication endpoint security algorithm that was eventually integrated into Seagate’s DriveTrust technology, and co-inventor of the Cloud Connected Transponder. In 2000, the NSA recognized Jason as a talented security designer of critical infrastructure protection. He has lectured internationally, including presentations at SD West, Sybase TechWave, Rocky Mountain Java Symposium, AnDevCon, AWS Summit, and various keynotes on NFC and RFID at events like the WIMA European NFC Developers Summit in Monaco. As Director of Software Modernization in the Office of the Secretary of Defense, DoD CIO, he executes critical activities to both maintain and modernization the DoD Information Enterprise, including the department’s push to adopt DevSecOps. Jason holds a BS in computer science and an MA in Intelligence (Information Warfare).

1. Can you give us a brief description of your background in cognitive psychology and how you found your way into cybersecurity?2. Can you describe how psychology is directly applicable to cybersecurity?3. Can you discuss how philosophy is also applicable to cybersecurity?4. How do you feel that neuroscience plays into cybersecurity - and maybe specifically discuss cognitive limitations and how they may affect us in the cybersecurity field?5. Tell me about your new research! I see you have a new article released in March of this year titled "How Minor Mistakes When Remote Working Could Lead to Major Cybersecurity Breaches"6. How do you feel about cyber resiliency as it relates to security and human factors research?

Today's episode is a conversation between Dr. Nikki Robinson and Chris Hughes on Vulnerability Management. Dr. Nikki has a PhD which focuses in Vulnerability Chaining and the co-hosts discuss the difficulties of Vulnerability Management.What would you say are the biggest reasons why vulnerability management is still so difficult for organizations?Why is it so important to patch or mitigate end-of-life software, and what are some of the challenges around that?Is vulnerability scanning still a major component to secure your network in a continuous monitoring program?

What is Infrastructure-as-Code (IaC) and how does it differ from traditional ways of provisioning INF?How does IaC fit into the broader push of DevSecOps and pushing security-left? What is Compliance-as-Code (CaC)? What does that look like and how can organizations benefit from implementing it?What are some of the challenges associated with adopting IaC and CaC?Where is the future of IaC/CaC headed and what are some opportunities you think haven't been explored yet?What does "cyber resilient" mean to you?Matt Johnson:Matt Johnson (@metahertz) is a Developer Advocate for Bridgecrew.io, based in not-so-sunny Manchester, UK, he helps DevOps teams simplify, automate and improve their infrastructure security. Coming from a security and platform automation background, formerly at Cisco, he is excited by the disruptive power of Infrastructure as Code, container and serverless orchestration in bringing scalable, cost-effective IT to companies of all sizes, while also building awareness of the security challenges these new capabilities bring.Outside of work, he is learning to fly, and enjoys travel, aviation, rugby, steak and a growing whisky collection!

You're the Authorizing Official for the USMC, can you explain what you do in that role for those who aren't familiar with the team AO?The DoD is increasingly looking to adopt DevSecOps - can you tell us where the Marine Corps is on that journey, some of the challenges, and what opportunities DevSecOps would provide the USMC?Given your role, and the DoD's continued push to adopt DevSecOps, how do you see processes changing around the implementation of the Risk Management Framework (RMF) to achieve a Continuous ATO (cATO)? How have your academic pursuits and research been integrated into your role with the USMC?Do you feel that academic research can be beneficial to the military and the public sector?What does "cyber resilience" mean to you?

What is Tactical Edge Cloud Computing? How does it apply to the DoD and Military and what advantages/challenges does it provide?I know you're involved with the Defense Entrepreneurs Forum (DEF) and the Joint Software Alliance (JSOFT), can you tell us a bit about those and why you think organizations like those are important for the DoD community?I've heard you say that "The future of national security is digital technology integration" - With the increased growth of things such as Cloud Computing, DevSecOps and Modernization, what roles do these play in national security?Knowing the importance of digital technology in relation to national security, how does the DoD as a community overcome some of its challenges (e.g. JEDI Protest, IT/Cyber Workforce Challenges, Acquisition etc.) to ensure it can appropriate adopt and enable digital technologies?What does "cyber resilient" mean to you?

-What first interested you in cloud technology and pursuing a career in cloud security? -Do you feel that learning a cloud platform is essential for todays' IT and security workforce -Do you recommend hybrid cloud environments? Do you think it adds too much complexity to provide proper security controls?-What are some of the biggest threats to cloud and hybrid environments?-What are some emerging trends in cloud security?How do you think cyber resiliency specifically applies to cloud environments?

*   How can we go about breaking barriers for folks in our field  *   Workforce challenges and how changes to hiring practices can help  *   Security Theater (this is a good one!)  *   Security Not Enabling the Business  *   Ego  *   Overpriced Vendor Products  *   And as a running theme of our show, we would love to close with "What does cyber resilience mean to you?"

Do you think your lessons from athletics and the military contributed to your success in the Cyber career field?What are some of the hardest lessons you've learned so far since transitioning to being a CEO?What do you think technologies such as Cloud Computing change about the Compliance field?You're involved with the Nat'l Association of Black Compliance & Risk Management Professionals (NABCRMP) can you tell us a bit about the organization and why you think efforts like this are important?What advice do you have for aspiring Cyber professionals and how can we as a community help make the field more welcoming and obtainable? What does the term "Cyber Resilience" mean to you?