Cyber Work

Infosec Skills author and Paraben founder and CEO Amber Schroader talks about how to quickly and inexpensively set up your own home digital forensics lab. 0:00 - Creating your digital forensics lab1:00 - Benefits of your own digital forensics lab1:40 - Space needed for digital forensics lab2:30 - Essential hardware needed for a forensics lab5:01 - Important forensic lab upgrades5:42 - Running your forensics lab6:51 - Forensic lab projects7:35 - Getting into forensic labs8:04 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Venafi solutions architect Steve Judd talks about the recent directive from the Pentagon that a zero-trust policy be implemented at the Department of Defense in the next four years. Is this a workable deadline? What are the hurdles to be jumped? Judd also tells me what a solutions architect does and why he thinks it’s the most fun job in cybersecurity. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Pentagon’s zero-trust policy and DoD2:22- How did you get into cybersecurity?5:10 - Cybersecurity solution architect work9:05 - Scope of zero-trust policy16:00 - Getting ahead of the zero-trust policy17:49 - What skills do zero-trust make mandatory?19:37 - New jobs via zero-trust23:44 - DevOps and DevSecOps28:48 - Areas of studies to emphasize31:00 - Things not to study in cybersecurity38:00 - What is Venefi40:05 - Learn more about Steve Judd40:36 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Paul Giorgi of XM Cyber helps us wrap up 2022 by discussing some of the most unusual and complex attack paths he and XM have seen in the past year. We discuss some of the most common breaches and methods, as well as several attack paths that are the very definition of “taking the scenic route,” which is, of course, why they worked so long. Also, tune in for some great advice about getting involved in risk management and access management.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Unusual attack vectors in 20223:00 - First getting into cybersecurity6:35 - What is a sales engineer? 11:50 - Average workday as director of sales15:30 - Strangest attack vectors of 202220:08 - Lessons learned in 2022 cybersecurity 22:06 - DoD and zero trust24:32 - Successful security attacks31:30 - The uber breach and security landscape36:01 - Smart cars and cybersecurity 39:03 - Working in cybersecurity solutions42:21 - Learn about XM Cyber46:27 - Learn more about Paul Giorgi47:04 - Outro About InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec Skills author Leighton Johnson talks about major changes to CISM in 2022. CISM has shifted qualitatively from the “Manager” side of the cert name to the “Security” side.0:00 - Changes to CISM's focus2:21 - Why did CISM's focus change?3:43 - How to study for the new CISM changes6:47 - Important CISM skills to know8:28 - Find Leighton Johnson9:31 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

A.N. Ananth of Netsurion joins us to talk about the future of SOCs. Security operations centers used to look more like bunkers crowded with network traffic analysts who rarely got to see the sun. Ananth sees the Covid-induced era of remote SOCs to be a new reality but also a way to bring new professionals in from small towns are far-away locations, making it a partial fix to the security skills gap.0:00 - Changes to SOC2:59 - How A.N. Ananth got into cybersecurity 4:07 - Ananth's projects and career6:25 - Management in cybersecurity 8:40 - What is the SOC?11:08 - How large is a SOC team? 14:30 - The SOC mentality 17:07 - Remote SOC work18:52 - Security challenges for remote SOC work20:55 - Bringing in new SOC talent 23:13 - How to get your foot into cybersecurity28:53 - What should be on a SOC resume?32:00 - What is Netsurion34:00 - Connect with Ananth 34:57 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Cyberis’ Matt Lorentzen talks all things pentesting, red teaming, the changing roles that red teaming has in fine-tuning and interrogating modern security and why you don’t have to stop doing the fun stuff even when you’re climbing the career ladder. 0:00 - Intelligent pentesting, red teaming and modern security2:30 - Matt Lorentzen's interest in cybersecurity3:51 - What is a security consultant8:02 - Pentesting and red team operations 10:30 - Continued learning in cybersecurity 15:54 - Read teaming and testing cyberattacks21:40 - Intelligence-driven red teaming23:40 - Surprising attack vectors 26:53 - Common gaps in cybersecurity 28:46 - School systems and cybersecurity 32:33 - Adjustments to cybersecurity for school systems36:14 - How to get into pentesting and red teaming44:28 - Cybersecurity threats in the next decade46:43 - What is Cyberis? 48:02 - Learn more about Matt Lorentzen 48:38 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Whether you’re studying for the CEH, CISSP, Pentest+, or even the Security+, there’s always one question about cryptography, and it’s easy to miss! Want to hear a cool trick to keep symmetric and asymmetric cryptography straight in your head? Keatron Evans has one, and he told it to me — stay tuned and listen closely because it’s a Cyber Work Hacks!0:00 - Cryptography exam tips0:23 - Certifications with cryptography questions1:15 - Symmetric versus asymmetric cryptography3:40 - Learn more about cryptography4:50 - Find and learn from Keatron EvansAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Returning guest Ken Jenkins stops by to talk about his work as the head coach of the US Cyber Games. If you’re intrigued by this emerging e-sport, you will want to keep it here: Jenkins discusses the selection process for the athletes, the roles of the coaches and mentors, and the intense, real-time collaboration going on during the competitions. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - US Cyber Games 3:38 - How does the security scorecard work9:06 - Ken Jenkin's typical workday12:20 - Head coach at the US Cyber Games18:20 - How do Cyber Games teams work? 20:50 - Cyber Games events21:28 - Cyber Games draft26:30 - Challenges for Cyber Games teams30:00 - The makeup of a Cyber Games team32:46 - Cyber Games participation explained38:35 - Cyber Games red teaming41:13 - How to get into the Cyber Games44:31 - How Cyber Games translate to real-world skills48:27 - Tackling a new cybersecurity challenge51:12 - Follow the US Cyber Games55:05 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Ameesh Divatia, CEO of Baffle, Inc., talks about data privacy, data security, cloud security and how a skillset in the middle of that triangle will be your best asset in the years to come. All that, and a little bit of local-focused philanthropy. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Data privacy, data security and cloud security 2:43 - Ameesh Divatia's start in cybersecurity7:13 - Founding cybersecurity companies10:19 - Security innovation12:41 - Cybersecurity regulatory compliance17:00 - Transferring skills to data security21:23 - Cybersecurity interviews and knowledge25:03 - Data privacy policies 27:44 - Data privacy requirements30:22 - Confluence of data privacy, security and cloud33:32 - Volunteering on a city's technology council41:02 - What is Baffle?44:11 - Connect with Divatia 44:43 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Michael Wilkinson leads the digital forensics and incident response team at Avertium. The team is dedicated to helping clients investigate and recover from IT security incidents daily. Wilkinson talks about threat research, the threat of Vice Society, how K-12 cybersecurity can improve and much more. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Digital forensics and incident response 3:12 - Getting interested in computers6:00 - How had digital forensics changed over the years9:03 - Handling overwhelming amounts of data12:53 - The threat of Vice Society 17:20 - Why is Vice Society targeting K-12?19:55 - How to minimize damage from data leaks24:25 - How schools can improve cybersecurity25:54 - What schools should do if cyberattacked 31:36 - How to work in threat research and intelligence34:42 - Learn more about Avertium36:40 - Learn more about Mike Wilkinson37:08 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.