8th Layer Insights

If you've been following the cybersecurity industry for the past few years, you've likely heard about the "cyber skills gap." In this episode, Perry sits down with Heath Adams (TCM Security), Professor Karla Carter (Bellevue University), Sam Curry (Cybereason), and Lola Obamehinti (eBay) to explore what the skills gap is and how to begin to close the gap. We touch on subjects such as where traditional degrees, online training, certifications, mentorship, and networking fit in, as well as the value of diversity. And we offer thoughts for employers, current industry professionals, and job seekers.Guests: Heath Adams (LinkedIn) Karla Carter (LinkedIn) Sam Curry (LinkedIn) Lola Obamehinti (LinkedIn) Books and Resources: Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career, by Dr. Jessica Barker Cybersecurity Domain Map ver 3.0 by Henry Jiang Cybersecurity Employment in 2022: Solving the Skills Gap, by Jenn Fulmer Cybersecurity: The Starting Line, by 4n6Lady The 8 CISSP domains explained, by Luke Irwin Examination of Personality Characteristics Among Cybersecurity and Information Technology Professionals, by Sarah E. Freed (utc.edu) GenCyber Camps: Inspiring the Next Generation of Cyber Stars NSA National Centers for Academic Excellence in Cybersecurity Navigating the Cybersecurity Career Path by Hellen E. Patton Over 200,000 Girl Scouts Have Earned Cybersecurity Badges by Ashley Savageau Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World, by Marcus J. Carey & Jennifer Jin The Value of Certifications, by Javvad Malik Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter Word Notes Podcast definition of Cybersecurity Skills Gap Production Credits:Additional voice talent provided by Rich Daigle.Additional research by Nyla Gennaoui.Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/*** Use of The Twilight Zone theme music in this episode is considered 'Fair Use' under copyright law due to its 'transformative' nature as a parody.Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: hello [at] 8thLayerInsights [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

Let's face it. Most of us have a love/hate relationship with technology and technological advances. We dream about the new thing... but when it arrives, we are usually a little disappointed. Many of us also lament the constant erosion of privacy, the changes in social norms, and more. And, little-by-little, we allow those aspects of new technology to make us numb. We accept the cognitive dissonance of not totally being happy with the trade-offs; yet we still make the trade.In this episode, we explore a few of the positives and some of the unintended consequences associated with recent technological advancements. We'll hear from Dr. Lydia, Kostopoulos, Dr. Charles Chaffin, Andra Zaharia, and Aaron Barr.Guests: Dr. Lydia Kostopoulos (LinkedIn) (Website) Dr. Charles Chaffin (LinkedIn) (Website) Andra Zaharia (LinkedIn) (Website) Aaron Barr (LinkedIn) (Website) Books and Resources: Everything is Alive by PRX and Radiotopia IEEE Article: Decoupling Human Characteristics from Algorithmic Capabilities by Dr. Lydia Kostopoulos Numb: How the Information Age Dulls Our Senses and How We Can Get them Back by Dr. Charles Chaffin The Numb Podcast by Dr. Charles Chaffin The Cyber Empathy Podcast by Andra Zaharia Reminder: Your 'smart AI' often involves a low-paid contractor surveilling you How creepy is your smart speaker? Newton's Laws of Motion Unintended Consequences Elon Musk's warning regarding AI Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors Production Credits:Additional voice talent provided by Kristina Leigh.Additional research by Nyla Gennaoui.Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: hello [at] 8thLayerInsights [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

And now for something completely different. This episode is a show within a show.Get ready to step into The Dark Stream: it's a parody of one of those old late night paranormal, conspiracy, or confession call-in radio shows from the 1980's and 90's. And, yes, it's over-the-top and cheesy.In this episode, you'll hear some re-edited and never before aired sections from Perry's previous interviews with Rachel Tobac, Maxie Reynolds, and Chris Hadnagy.Guests: Rachael Tobac: (LinkedIn), CEO of SocialProof Security Maxie Reynolds (LinkedIn), Founder of Subsea Cloud Chris Hadnagy: (LinkedIn); CEO of Social Engineer, LLC; Founder of Innocent Lives Foundation; Founder of Social-Engineer.org Recommended Books and Resources: CNN coverage of Rachel Tobac using social engineering to ruin Donie O'Sullivan's day Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You by Chris Hadnagy The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Production Credits:Additional voice talent provided by Rich Daigle (a.k.a. Mouth Almighty) and Sarah McQuigganMusic and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Learn more about your ad choices. Visit megaphone.fm/adchoices

This episode is all about creativity: what it is, what it looks like, and what to do when you get stuck. Perry speaks with four experts who have made creating new and interesting things their life's work. Featuring Jack Rhysider (Creator/host of Darknet Diaries), Faith McQuinn (creator of Boom, Margaritas & Doughnuts, and Apollyon), Tom Buck (YouTuber and content creator), and Sam Qurashi (Exploring the Psychology of Everything).Guests: Jack Rhysider Faith McQuinn Tom Buck Sam Qurashi Resources & Books: The No. 1 Habit of Highly Creative People Alchemy: The Dark Art and Curious Science of Creating Magic in Brands, Business, and Life Seven Techniques For Getting Creatively Unstuck The Unusual Habits Of 8 Famous Creative Minds The World's Most Creative People Have This Thing in Common You Are an Artist: Assignments to Spark Creation Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors Additional research by Nyla Gennaoui.Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Learn more about your ad choices. Visit megaphone.fm/adchoices

This is the second of a two part series covering Cybersecurity’s ABCs: Security Awareness, Behavior, and Culture. This episode discusses the difficulty that security leaders have in defining what a security culture actually is. Luckily, we can draw on learnings from organizational culture management and culture transformation experts.Guests for this episode include, David Sturt, Executive Vice President of the O.C. Tanner Institute, author of Great Work: How to Make a Difference People Love and Appreciate: Celebrating People, Inspiring Greatness., Dr. Jessica Barker (co-CEO and Co-Founder, Socio-Technical Lead at Cygenta; author of Confident Cyber Security and co-author of Cybersecurity ABCs), Kai Roer, Chief Research Officer at KnowBe4, creator of the Security Culture Framework, author of Build a Security Culture, and Michael Leckie, founding partner at Silverback Partners, LLC and author of The Heart of Transformation: Build the Human Capabilities that Change Organizations for Good.Guests: David Sturt Dr. Jessica Barker Kai Roer Michael Leckie References, Resources & Books: 4 Ways to Build a Thoughtful Security Culture, by Perry Carpenter 7 Tips for Building a Strong Security Culture, by Perry Carpenter Appreciate: Celebrating People, Inspiring Greatness, by David Sturt Build a Security Culture, by Kai Roer Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career, by Jessica Barker Culture Rules! The 10 Core Principles of Corporate Culture, by John R. Childress Cybersecurity ABCs: Delivering awareness, behaviours and culture change, by Jessica Barker, Adrian Davis, and Bruce Hallas Great Work: How to Make a Difference People Love, by David Sturt The Heart of Transformation: Build the Human Capabilities that Change Organizations for Good,, by Michael Leckie The Importance Of A Strong Security Culture And How To Build One, by Perry Carpenter Perry Carpenter's (ISC)2 Info Security Professional Journal 4 episode series on Security Awareness (Episode 1, Episode 2, Episode 3, Episode 4) Security Culture and Credential Sharing, KnowBe4 Research Security Culture Report 2021: A Global Security Culture Perspective During a Pandemic, KnowBe4 Research Seven Dimensions of Security Culture, KnowBe4 Research Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

This is the first of a two part series covering Cybersecurity’s ABCs: Security Awareness, Behavior, and Culture. We touched on facets of Awareness in Episode 1 and Behavior in Episode 3. These two episodes cover the cybersecurity ABCs in a very pragmatic way, with this episode covering Awareness and Behavior and Episode 10 providing a deep dive into Culture.Guests for this episode include, Dr. Jessica Barker (co-CEO and Co-Founder, Socio-Technical Lead at Cygenta; author of Confident Cyber Security and co-author of Cybersecurity ABCs), Chrysa Freeman (Senior Program Manager for Security Awareness at Code42), Ian Murphy (Founder, CyberOff), and Lauren Zink (Senior Security Awareness Specialist at Boeing; author of LinkedIn Learning courses: Creating a Security Awareness Program and Building a Security Awareness Program: Phishing Simulations).Guests: Dr. Jessica Barker Chrysa Freeman Ian Murphy Lauren Zink References, Resources & Books: 5 Things You May Not Know About Security Awareness Training, by Perry Carpenter Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career, by Jessica Barker Cybersecurity ABCs: Delivering awareness, behaviours and culture change, by Jessica Barker, Adrian Davis, and Bruce Hallas The Dilemma: Should you phish test during the COVID-19 pandemic?, by Perry Carpenter Down the Rabbit Hole: Why People Question the Value of Security Awareness, by Perry Carpenter Do You Care More about What Your People Know, or What they Do? Coming to grips with the knowledge-intention-behavior gap, by Perry Carpenter The Fundamental Importance of Choice and Variety in Security Awareness Program Content, by Perry Carpenter G.I. Joe Public Service Announcements compilation Perry Carpenter's (ISC)2 Info Security Professional Journal 4 episode series on Security Awareness (Episode 1, Episode 2, Episode 3, Episode 4) People-Centric Security: Transforming Your Enterprise Security Culture, by Lance Hayden Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter Video: Simulated Phishing Campaign Notification for Your Users Video: Coronavirus Phishing Post-Click User Education Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future, by George Finney What Reese’s Peanut Butter Cups can Teach Us about the Technology vs. Training Debate, by Perry Carpenter Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

Risk is a funny thing – our minds are constantly looking for risk, scanning our environments and our available choices. And sometimes we do a great job at anticipating and avoiding risky situations. But that doesn’t mean that we are universally good at dealing with risk. In fact, we can be downright appalling at considering and avoiding risk.In this episode, we explore the concept of risk, why we're so bad at understanding it, and the steps we can take to improve. Perry speaks with four risk experts who will help us understand the ups and downs of how we evaluate risk. We’ll touch on everything from Black Swans to Grey Rhinos to risk frameworks, risk equations, inbuilt risk in the design of computing interfaces, and more. Featuring Michele Wucker (author of The Grey Rhino and You Are What You Risk), Christian Hunt (Founder of Human Risk), Dr. Arun Vishwanath (Founder and Chief Technology Officer of Avant Research Group), and Matt Stamper (Chief Information Security Officer and Executive Advisor at EVOTEK and co-author of the CISO Desk Reference Guides vol1 & vol2).Guests: Michele Wucker Christian Hunt Arun Vishwanath Matt Stamper Resources & Books: Black Swan Theory Grey Rhino Events Various Risk Equations Risk Perception Equation, Freakonomics 20 Cognitive Biases That Affect Risk Decision Making, SafetyRisk.net Factor Analysis of Information Risk (FAIR) Framework The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore, by Michele Wucker You Are What You Risk: The New Art and Science of Navigating an Uncertain World, by Michele Wucker Why are Humans Bad at Calculating Risk?, Cogency Why You're Probably Not So Great at Risk Assessment, NY Times Why the Human Brain is a Poor Judge of Risk, Wired Humans are Terrible at Assessing Risk, by Kimberly Forsythe Why We're Awful at Assessing Risk, USA Today CISO Desk Reference Guides vol1 & vol2, by Bill Bonney, Gary Hayslip, Matt Stamper Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Perry Carpenter sits down with renowned mentalist and skeptic, Banachek. Banachek (Steve Shaw) grew up with a fascination in magic and a frustration with psychic frauds. As a teenager, he contacted magician and skeptic, James “The Amazing” Randi and ended up working with Randi on a special initiative known as Project Alpha, which set out to expose a general lack of objectivity in parapsychology research. Banachek served as the director for the James Randi Educational Foundation’s “One Million Dollar Paranormal Challenge” for 15 years and is now the President of the James Randi Educational Foundation. Perry and Banachek discuss Project Alpha, the ways of fake psychics and fraudulent faith healers, and issues associated with confirmation bias and framing effects. They also discuss Banachek’s new live mentalism show in Las Vegas, which incorporates theatrical mindreading and other mentalism effects along with a storyline that explores Banachek’s life, antics, and passion for critical thinking.Guest: Banachek (Website) (twitter): Mentalist (Performing in Las Vegas add 'social' for 30% off tickets), Skeptic, President of the James Randi Educational Foundation This episode also featured a quick comment from: George Finney: (LinkedIn); Chief Security Officer at Southern Methodist University; Founder of Well Aware Security Books and References: Banachek Wikipedia entry Project Alpha Wikipedia entry James Randi Wikipedia entry Article about Houdini's efforts to debunk fake mediums The Discoverie of Witchcraft Wikipedia entry The Psychology of the Ouija Barnum Effect Wikipedia entry James Randi & Project Alpha Video Project Alpha lookback -- James Randi and Michael Edwards Psychological Subtleties vol 1, by Banachek Behind the Scenes with the Mediums, by David Abbott The Discoverie of Witchcraft Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

Have you ever taken time to view the world through the eyes of an attacker? Doing so is an interesting and useful exercise. Understanding the mind of an attacker is fundamental to securing your organization or aspects of your personal life. After all, if you aren't doing the job of viewing things from an attacker's perspective, that means that only the attackers are. The idea is to understand the mindset, motivations, and capabilities of a possible threat actor so that you aren’t simply oblivious to your vulnerabilities. This episode is a deep dive into attacker mindsets, we’ll hear from four experts who really know what it is to view the world through the eyes of an attacker. Featuring Chris Kirsch (DEF CON Social Engineering CTF Black Badge winner and co-founder of Rumble, Inc.), David Kennedy (Founder of Binary Defense and TrustedSec), Maxie Reynolds (Author of The Art of Attack: Attacker Mindset for Security Professionals, and Technical Team Leader, Social-Engineer, LLC), and Ted Harrington (Author of Hackable: How to Do Application Security Right, and Executive Partner at Independent Security Evaluators).Guests: Maxie Reynolds (https://www.linkedin.com/in/maxiereynolds/) David Kennedy (https://www.linkedin.com/in/davidkennedy4/) Chris Kirsch (https://www.linkedin.com/in/ckirsch/) Ted Harrington (https://www.linkedin.com/in/securityted/) Books and References: Bruce Schneier blog about the Security Mindset: https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html Origin of "Devil's Advocate": https://allthatsinteresting.com/devils-advocate-origin Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/ 12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds Hackable: How to Do Application Security Right by Ted Harrington The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick Threat Modeling: Designing for Security by Adam Shostack Threat Modeling: A Practical Guide for Development Teams by Izar Tarandach and Matthew J. Coles Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Perry Carpenter interviews cybersecurity guru Bruce Schneier. Perry and Bruce explore how cybersecurity is about so much more than technology — It’s about people, so we benefit by taking a multidisciplinary approach. In preparing for this interview, Perry solicited his LinkedIn network to see what questions people had for Bruce. This is a wide ranging conversation covering everything from Bruce’s thoughts on cybersecurity’s “first principles” to the impact that the pandemic had on society to need for regulation to help raise the overall standards for security and privacy.Guest: Bruce Schneier (https://www.schneier.com/blog/about/) (https://twitter.com/schneierblog) Bruce's personal website 'about me' page: https://www.schneier.com/blog/about/ Wikipedia article about Bruce Schneier: https://en.wikipedia.org/wiki/Bruce_Schneier Another background article about Bruce: https://www.cybersecurityeducationguides.org/bruce-schneier-legendary-cryptographer/ More Background on Bruce: http://academickids.com/encyclopedia/index.php/Bruce_Schneier Bruce's Solitaire encryption algorithm: https://www.schneier.com/academic/solitaire/ More info on the Solitaire algorithm: https://www.schneier.com/blog/archives/2019/10/more_cryptanaly.html Proximity Blindness: https://dannyozment.com/cant-see-the-forest-for-the-trees-the-dangers-of-proximity-blindness-2/ The story of the Blind Men and an Elephant: https://en.wikipedia.org/wiki/Blind_men_and_an_elephant Cryptography After the Aliens Land: https://www.schneier.com/essays/archives/2018/09/cryptography_after_t.html Secrets and Lies book preface with "If you think" quote: https://www.schneier.com/books/secrets-and-lies-pref/ "if you think cryptography" quote: https://news.ycombinator.com/item?id=19589899 Recommended Books (Amazon affiliate links): Applied Cryptography: Protocols, Algorithms and Source Code in C, by Bruce Schneier Beyond Fear: Thinking Sensibly About Security in an Uncertain World, by Bruce Schneier Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, by Bruce Schneier Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto, by Roger Grimes Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, by Bruce Schneier Liars and Outliers: Enabling the Trust that Society Needs to Thrive, by Bruce Schneier Secrets and Lies: Digital Security in a Networked World, by Bruce Schneier Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski. Learn more about your ad choices. Visit megaphone.fm/adchoices