Cyber Work

Paul Giorgi of XM Cyber, a man who told me his favorite way to learn new skills is to break things and put them back together, walked me through the basics of setting up your own cybersecurity practice lab at home for not too much money. But watch out because he says that once you start, your excitement about hands-on practice and buying old servers on eBay can get overwhelming! 0:00 - Build your own cybersecurity practice lab1:30 - How to practice with a home cybersecurity lab5:48 - Resource requirements for a cybersecurity lab8:48 - Cost of a cybersecurity lab10:28 - First projects for a cybersecurity lab13:02 - Learn more about Paul Giorgi and XM Cyber13:42 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Karen Worstell is a 25-year veteran of the tech, IT and security space; she’s a senior cybersecurity strategist at VMware and a chaplain. This episode goes to many fascinating places, from her days learning coding on a TRS-80 computer, how her extremely visual and right-brained approach to learning has influenced her security journey, her experiences as a woman in the industry and how her work as a chaplain brought her back from a security industry hiatus to help people suffering chronically from burnout. There’s also a bit about XDR — and its a big deal!  0:00 - Burnout in cybersecurity 3:06 - Karen Worstell's start in cybersecurity6:11 - A family of inventors9:35 - Physical sciences and computer sciences16:00 - Work as a senior cybersecurity strategist18:18: - Working as a woman in cybersecurity 23:15 - Changes to make cybersecurity equitable31:40 - Strategies for hiring equity in cybersecurity34:00 - Burnout in cybersecurity 48:35 - Helpful cybersecurity organizations51:37 - Why is XDR so important? 56:10 - Learn more about Worstell56:44 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, Nir Valtman, CEO and co-founder of Arnica, discusses developer behavior-based security. In short, there are lots of ways that backdoors or vulnerabilities can make their way into developer code. One door we can close on these intrusions is implementing processes that detect behavior anomalies in developers. Think of your bank monitoring for unusual purchases calling you to ask whether you really just spent $300 on a bobblehead from The Last of Us that’s shipping from Brazil. If you did, not judging, full speed ahead. If not, then we’ve got a problem on our hands. Valtman explains the benefits and the limitations of behavior-based security measures, as well as tips for developers-in-training.0:00 - Developer behavior-based security 2:56 - Nir Valtman’s start in cybersecurity4:40 - Moving into the developer world 8:20 - Working as a cybersecurity CEO10:33 - A typical day for a cybersecurity CEO19:30 - Monitoring product features20:15 - DevSecOps behavior-based security27:42 - Flagging irregular online purchases30:35 - Impact of pre-fab code on behavior anomaly detection33:28 - GitHub impact on developer behavior and security38:09 - Ensuring you don’t skimp on sec in DevSecOps42:35 - What should future developers know? 44:56 - Skills and experiences for budding developers51:09 - What is Arnica?54:57 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

These days, keeping your security, IT or research team close now that more of us than ever work remotely is a challenge. How do you keep team bonds strong when your main interaction path is your tiny little colleagues trapped in little squares on a computer monitor? Susan Morrow has been managing a remote team for almost two decades. She dispenses wisdom on coordinating schedules in multiple time zones, ensuring everyone’s moving toward the same goal and helping team members of all work styles to do and feel their best. 0:00 - Cybersecurity team remote work2:30 - Remotely working with multiple teams4:16 - What doesn't work remotely? 5:51 - Avoiding remote work pitfalls7:27 - Solving team drift9:19 - Learn more from Susan Morrow9:58 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

James Stanger, chief technology evangelist at CompTIA, walks through their new Data+ certification. Infosec is proud to provide bootcamp and course training for a range of CompTIA certifications, and James helpfully breaks down the basics of data analytics, the types of learning you’ll need to engage in to pass and why security professionals have a lot more data analyst in their job role than they might think. All that, and a bit of geeking out about the humanities.0:00 - CompTIA Data+3:40 - How did James Stanger get into cybersecurity? 5:00 - From literature to IT9:50 - Working for CompTIA as a tech evangelist13:22 - What makes up a tech evangelist role?18:00 - CompTIA's new Data+ certification 26:06 - Why is Data+ important for pros?32:38 - Prerequisites for Data+ certification 40:05 - What does Data+ teach you?43:53 - Training materials for Data+ certification– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, my guest, Jack Nichelson, wants you to know something. AI is coming! But it’s not SkyNet; it’s not the rise of the machines. Whatever unnerving story you’ve read in the past few weeks about ChatGPT and what it will or won’t do to humanity, I’d like you to join us here and get a much fuller picture of AI as a tool and our role in shaping and building it. 0:00 - ChatGPT AI2:50 - How Jack Nichelson got into cybersecurity4:45 - Types of IT cybersecurity roles6:57 - AI versus human value10:46 - Life as a CISO15:12 - The ChatGPT story19:37 - Where is AI at right now?24:20 - Actual applications of AI in the future30:04 - Areas of study to enter cybersecurity and AI34:27 - Where AI tools may lead cybersecurity 37:00 - Training for future AI malware40:20 - Software to spot AI malware44:50 - What is Inversion6?46:55 - Learn more about Jack Nichelson47:12 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Amber Schroader, CEO of Paraben, explains the different ways to pursue a career in digital forensics, like pursuing a college degree or studying toward a certification. And if a certification, which one will take you on the path you want? Schroader also talks about what doors can open for you, where to get started, and which upper-level certs you should work toward so you’re prepared for the job you want.0:00 - Breaking down digital forensics certifications 1:08 - Different ways to learn digital forensics 2:07 - Digital forensics college courses versus certifications3:45 - Main digital forensics certifications and paths5:20 - Finding a digital forensics niche6:18 - Hands-on projects for digital forensics experience7:25 - How to get started in digital forensics 8:34 - Learn digital forensics9:01 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Jacob DePriest, the VP and deputy chief security Officer at GitHub, talks about development security. In 2021, GitHub significantly ramped up its security department. DePriest told me all about the commitment to security and how you can move your organization toward a developer-focused security team. Whether you’re just hearing about GitHub now or you’re using GitHub from the moment your work day starts, you’ll want to check out this episode.0:00 - GitHub's cybersecurity strategy2:30 - How did you get into cybersecurity?5:00 - Moving up in cybersecurity8:57 - Working with NSA10:08 - Working as a chief security officer13:35 - Communication in cybersecurity 15:00 - What is GitHub?17:46 - Coding as a team19:30 - GitHub's security team21:18 - Security threats GitHub faces22:28 - GitHub's role in software security 25:10 - Navigating GitHub's tools28:50 - How to study cybersecurity 30:54 - Entering software security 33:55 - Security tips for developers 36:45 - Learn more about DePriest and GitHub38:25 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Learn more about the (ISC)² CGRC certification: https://resources.infosecinstitute.com/overview/cgrc/Enroll in a CGRC boot camp: https://www.infosecinstitute.com/courses/isc%C2%B2-cgrc-training-boot-camp/Infosec instructor and returning guest Leighton Johnson talks about the recent (ISC)² CAP certification change: the Certified Authorization Professional (CAP) is now Certified in Governance, Risk and Compliance (CGRC). Why are they changing the name of the CAP certification? Is the CAP content going to change as well? What does this mean for the future? Let’s figure this out together.0:00 - CAP vs. CGRC certification1:40 - What jobs require a CGRC certification?2:50 - Why change the CAP name to CGRC?4:17 - Is CAP exam content different from CGRC?6:00 - Should I upgrade CAP to CGRC?7:35 - Study tips for the CGRC exam9:13 - Learn more about CGRC9:53 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Yossi Appleboum, CEO of Sepio, talks about Cybersecurity and Infrastructure Security Agency (CISA)’s operational directive for non-military federal agencies to adopt a strict set of asset visibility and vulnerability detection system starting as early as April of 2023. Yossi discusses this directive, saying that it takes FCEB agencies out of the cybersecurity stone ages and into the future. Can it work in such a short time frame? Yossi has thoughts! 0:00 - Asset visibility and vulnerability detection3:10 – First getting into cybersecurity 6:21 – Co-founding cybersecurity companies9:30 – What it’s like as CEO of a cybersecurity company13:00 – Ambassador of the Global Cyber Alliance15:32 – CISA’s operational directive for federal agencies 19:25 – What are asset management and vulnerability?24:40 – What comes after asset protection? 28:40 – CISA’s deadline for asset visibility compliance30:40 – Job outlook for asset visibility and vulnerability detection35:07 – Work experience needed for asset visibility roles36:30 – How to work in asset visibility40:04 – How will this CISA directive change cybersecurity?41:50 – What is Sepio? 43:56 – Learn more about Yossi Appleboum44:50 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.