Cyber Work

Tony Cook of GuidePoint Security knows a lot about threat intelligence and incident response. But he’s also used these skills while working in ransomware negotiation! Cook has handled negotiations for all the big threat groups — REvil, Lockbit, Darkside, Conti and more — and he told me about what a ransomware negotiator can realistically accomplish, which threat groups are on the rise, and why negotiating with amateurs is sometimes worse and harder than dealing with elite cybercriminals.  – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Ransomware negotiating 2:42 - How Tony Cook got into cybersecurity4:00 - Cook's work at GuidePoint 9:31 - Life as a ransomware negotiator 11:41 - Ransomware negotiation in 202213:52 - Stages of a successful ransomware negotiation 15:23 - How does ransomware negotiation work?19:11 - The difference between threat-acting groups20:43 - Bad ransomware negotiating22:43 - Ransomware negotiator support staff25:21 - Ransomware research26:26 - Is cyber insurance worth it? 29:14 - How do I become a ransomware negotiator? 32:25 - Soft skills for a ransomware negotiator33:46 - Threat research and intelligence work37:45 - Learn more about Cook and GuidePoint38:17 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Infosec instructor and 40-year cybersecurity veteran Leighton Johnson talks to us about all things CMMC. After last year’s attempted rollout, CMMC pulled back and retooled its entire framework. But why? Johnson gives you all the details, including how to train to be a CMMC-certified auditor.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - CMMC in 20223:12 - Getting started in cybersecurity4:15 - How to be CMMC compliant5:15 - The evolution of CMMC7:18 - CMMC compliance timeline10:28 - Being assessed for CMMC compliance14:30 - Becoming a CMMC auditor 18:08 - What if you don't meet CMMC compliance?21:40 - Skills comparable with the CMMC auditor 23:25 - Evaluating your company and CMMC needs28:54 - CMMC auditor job opportunities31:03 - How to become a federal CMMC auditor35:04 - What is ISFMT?37:47 - Learn more about ISFMT and Johnson38:18 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Lisa Tetrault of Arctic Wolf talks about the adhesives that hold cybersecurity together: communication, collaboration and strong teamwork. First, Tetrault discusses how public speaking at conferences and events made her a better cybersecurity professional; second, she talks about how her work mentoring cybersecurity students helps them fast-track their way into the cybersecurity community; and third, with her work in organizations with Women in Cyber and siberX, she helps bring diverse cybersecurity professionals into the community, build stronger, more multi-faceted teams, and with them, a more multi-faceted face of the industry! – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Public speaking in cybersecurity 3:17 - Getting into cybersecurity via Atari4:59 - Network analyst to technician and more9:10 - Cybersecurity public speaking19:30 - How to promote yourself as a speaker22:27 - Learn how to speak in cybersecurity25:25 - Mentoring cybersecurity students32:30 - Gender diversity in cybersecurity 36:14 - Where cybersecurity fails job mobility38:29 - Cybersecurity diversity initiatives in 10 years39:17 - Learn more about Lisa Tetrault 40:04 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Susan Morrow returns for her fourth time on the Cyber Work Podcast and the first since 2019. Morrow, simply put, is plugged into every aspect of digital identity currently being discussed, and she takes us deep into the security, ethical, practical and UX hurdles of current identity practices and gives us both an optimistic and pessimistic version of the digital identity practices in 10 years. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Digital identity 3:00 - Current digital identity concerns7:07 - Complicating digital identity8:22 - Digital identity and daily work13:00 - Secure coding14:03 - Biggest problems in identity20:54 - Competing identity systems24:50 - How identity affects other areas28:52 - The tech and processes of identity30:04 - Identity in the next decade34:24 - Jobs in identity40:00 - Identity evangelist 42:20 - Women in identity 45:-02 - What is Avoco Secure?47:28 - Learn more about Susan Morrow48:40 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Stephen Cavey, co-founder and chief evangelist of Ground Labs, talks about the jagged jigsaw puzzle of data collection, data privacy and the dozens — if not hundreds — of privacy regulations and frameworks that govern them. Cavey and I talk about the bad old days of indiscriminate data collecting and grossly insecure payment process. We also address the places where the privacy experts of the future will shape the use and protection of personal data in all industries.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Bad data privacy protocols2:36 - How Stephen Cavey got into cybersecurity4:55 - Shifting into cybersecurity privacy8:30 - Business hurdles in cybersecurity 13:10 - Why do companies store my data? 20:20 - Breaking cybersecurity privacy law25:45 - International privacy laws28:07 - A universal privacy doctrine 31:30 - Principles for collecting user data34:22 - Skills for working in data privacy37:44 - Data privacy officer work39:25 - The future of data collection and privacy42:08 - What is Ground Labs? 43:30 - Learn more about Cavey and Ground Labs43:43 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Noriswadi Ismail of Breakwater Solutions and the Humanising 2030 campaign joins us to talk about privacy as it pertains to international business, cybersecurity and why it’s important not just to learn the certification variants but also the cultural variants that shape them. And via the Humanising 2030 campaign, Noriswadi and colleagues hope to bring a more ethical and diverse approach to programming and guiding AI in the coming decade. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Privacy and international business2:53 - Noriswadi's first interest in tech6:38 - A path toward patent law11:32 - Managing director at Breakwater16:05 - State of international security and risk plans18:52 - Certifications internationally22:58 - Experience versus certification25:40 - Humanising 203029:24 - AI bias and geopolitical impact32:30 - Diversity and including in cybersecurity38:23 - Other goals of Humanising 203041:22 - What is Breakwater Solutions? 44:44 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Dave Monnier of Team Cymru talks about the state of attack surfaces, the strengths and shortcomings of attack surface managers and why something we refer to as a “soft” skill might be the hardest skill of all! Plus, we touch on shadow IT.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Attack surfaces 2:55 - Dave Monnier's first interest in cybersecurity7:30 - Instinctual cybersecurity learning9:20 - Monnier's work as a chief evangelist 14:00 - Cybersecurity soft skills16:30 - What are attack surface managers? 28:25 - ASM 1.0 to ASM 2.032:22 - State of attack surfaces34:58 - Asset infrastructure in your business40:00 - Key skills cybersecurity novices need43:07 - Learning in cybersecurity 45:42 - Learn more about Team Cymru47:19 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today on Cyber Work, Giora Engel of NeoSec talks about securing APIs. Find out why APIs are the new network, why their very nature makes them vulnerable to abuse and how to position yourself as an authority in the ever-growing field of API security. All that and a little entrepreneur talk.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - API security and PII2:40 - Giora Engel’s cybersecurity beginning4:20 - Israeli Defense Force and CEO of NeoSec5:22 - Starting a cybersecurity company9:20 - What is API security?13:15 - Misconfiguration errors in API17:21 - API and privacy regulation20:02 - How to work in API security22:06 - Security plan for PII24:44 - Skills and experience needed to work in API security27:10 - API hiring practices28:58 - Fragility of API31:07 - What is NeoSec?32:35 - Learn more about NeoSec and Engel32:55 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Mathieu Gorge of VigiTrust talks about the Marriott Hotel data breach that happened back in June, including the facts of the event and why once-per-year security awareness training isn’t enough when many employees only work seven months of the year. He also offers some privacy tips that will keep your hotel system privacy compliant under a whole host of different compliance frameworks.  – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Security awareness and data breaches2:50 - Elephant in the boardroom book5:42 - Gorge's latest projects and book9:38 - Hacking of the Marriott Hotel19:22 - Marriott's privacy and data collection policies23:20 - Ensuring data privacy worldwide 30:13 - How hotel franchises handle security34:32 - Skills needed for securing the hotel industry38:12 - What is DigiTrust?41:20 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today's Cyber Work Podcast features Dr. Chanel Suggs, the Duchess of Cybersecurity®. Dr. Suggs is a teacher, business owner and thought leader and has appeared on TV and podcast platforms around the world to talk about cybersecurity and the hacker mentality. She also had an incredibly challenging and seemingly insurmountable upbringing. Her tumultuous story can be found in her book, “Against All Odds: Overcoming Racial, Sexual and Gender Harassment on the Digital Battlefield.” This episode contains a lot of heartbreak and some challenging stories, as well as incredible insights and some thoroughly important takeaways. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Free cybersecurity training resources0:56 - Overview of today's episode1:58 - Who is Chanel Suggs, the Duchess of Cybersecurity?3:12 - Overcoming family obstacles4:50 - What drew her to a career in cybersecurity8:10 - First steps to learning IT and cybersecurity10:45 - Earning cybersecurity certifications12:20 - Making a cybersecurity training "dungeon"14:40 - Workplace abuse and harassment18:28 - Issues with hiring diverse candidates22:23 - What is Wyvern Security?27:25 - Changing the workplace culture32:47 - Social media is key to finding diverse candidates36:55 - Preventing burnout with employees40:10 - Advice on earning advanced degrees42:03 - Contract work vs. full-time employee43:34 - Free resources and services44:52 - What's Chanel Suggs book about?47:48 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.