Cyber Work

Today's Cyber Work Podcast features Dr. Chanel Suggs, the Duchess of Cybersecurity®. Dr. Suggs is a teacher, business owner and thought leader and has appeared on TV and podcast platforms around the world to talk about cybersecurity and the hacker mentality. She also had an incredibly challenging and seemingly insurmountable upbringing. Her tumultuous story can be found in her book, “Against All Odds: Overcoming Racial, Sexual and Gender Harassment on the Digital Battlefield.” This episode contains a lot of heartbreak and some challenging stories, as well as incredible insights and some thoroughly important takeaways. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Free cybersecurity training resources0:56 - Overview of today's episode1:58 - Who is Chanel Suggs, the Duchess of Cybersecurity?3:12 - Overcoming family obstacles4:50 - What drew her to a career in cybersecurity8:10 - First steps to learning IT and cybersecurity10:45 - Earning cybersecurity certifications12:20 - Making a cybersecurity training "dungeon"14:40 - Workplace abuse and harassment18:28 - Issues with hiring diverse candidates22:23 - What is Wyvern Security?27:25 - Changing the workplace culture32:47 - Social media is key to finding diverse candidates36:55 - Preventing burnout with employees40:10 - Advice on earning advanced degrees42:03 - Contract work vs. full-time employee43:34 - Free resources and services44:52 - What's Chanel Suggs book about?47:48 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Learn all about emergency response — and the myriad techniques and skills that term implies — in today's episode featuring Christopher Tarantino, CEO of Epicenter Innovation. Is there a physical security component? Yes! Is there a cybersecurity component? Big time! Is there an educational element? Absolutely! Find out how disaster planning, preparation, remediation and post-event rebuilding and improvement are all opportunities to strengthen your security posture.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Free cybersecurity training resources0:56 - Overview of today's episode1:47 - Who is Christopher Tarantino?3:25 - What does an emergency response team do?4:38 - Resilience in emergency response7:45 - Importance of boring innovation9:30 - Higher ed emergency response example13:13 - Healthcare, higher ed and government resilience16:00 - Years-long education around disasters21:03 - Biggest cybersecurity blind spots25:00 - Skills required for emergency response careers30:00 - Importance of communication across community35:50 - Transitioning careers from cybersecurity to emergency response44:10 - Learn more about Epicenter Innovation44:35 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

If you want to learn more about working with operational technology (OT) and internet-connected devices, then don't miss today's episode with Francis Cianfrocca, CEO of Insight Cyber Group. He discusses security problems around OT and IoT systems and shares some surprising stories of intruders in the electrical grid. He also talks about why it’s so hard to secure a set of machines that often pre-date computer technology and the small changes in your community that can make huge differences in the entire security industry. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Free cybersecurity training resources0:56 - Overview of today's episode1:48 - Who is Francis Cianfrocca and Insight Cyber? 2:15 - Getting into tech and cybersecurity4:13 - Francis' job roles and companies5:22 - Early days of ICS systems security10:15 - CEO duties at a cybersecurity startup 12:19 - Why is infrastructure security so bad?16:05 - Different approaches needed for ICS and IOT systems20:23 - Catching intruders early on with industrial systems22:45 - Using artificial intelligence in ICS security24:50 - Bad actors are really good at reconnaissance27:20 - ICS and IOT environments cannot have downtime30:00 - Asset and behavioral inventory is difficult31:42 - Real-world examples of rogue ICS software36:30 - ICS vs. IOT security42:57 - How to promote industrial security careers46:07 - Impact of AI on cybersecurity careers48:40 - Preparing for an ICS cybersecurity career51:07 - What's Insight Cyber working on?52:45 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Last year, Cyber Work Live brought you into the world of cybersecurity project management — with tips for acquiring your skills, improving your resume and getting your foot in the door. But what does the day-to-day work of cybersecurity project managers look like?Jackie Olshack and Ginny Morton return to answer that question. They’ll also share experiences they’ve gained while working on some of their biggest projects!– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro0:50 - Who is Jackie Olshack? 1:24 - Who is Ginny Morton? 2:52 - Can non-technical PMs move into the tech space?8:50 - Best way to manage projects with limited resources13:30 - What certificates are needed for project management jobs?18:52 - How do you kick off a cybersecurity project?28:41 - How do you keep the project on schedule?34:15 - Tips for networking in remote working situations36:55 - Dealing with slowdowns and delays in projects43:35 - Importance of a supportive environment in projects47:40 - Dealing with delays from other teams in projects50:35 - Tips for managing multiple projects at once55:35 - How can teams support their project manager56:35 - Transitioning into a cybersecurity career59:00 - Outro and Infosec Skills giveawayAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today's episode, our old pal John Wagnon, Infosec Skills author and keeper of the secrets of OWASP, joins me to talk about the big changes in the OWASP Top 10 that happened at the end of 2021, his own class teaching the Top 10, and some job tips, study hints and career pivots for people interested in these vulnerabilities. Find out why access managers are going to rule the world someday! – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Free cybersecurity training resources0:56 - Overview of today's episode1:43 - Who is John Wagnon? 2:50 - Working in cybersecurity and teaching OWASP4:18 - What is the OWASP Top 10?7:51 - How did the OWASP Top 10 change in 2021?15:48 - Why do these security issues never go away?19:06 - Cybersecurity roles using the OWASP Top 1023:43 - What's covered in John's OWASP Top 10 courses?26:42 - How to get hands-on cybersecurity experience30:24 - Vulnerability-related cybersecurity career paths34:16 - What is John working on with Infosec and Fortinet?35:37 - Using your career as a learning opportunity37:16 - Learn more about John Wagnon and OWASP38:30 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today on the Cyber Work Podcast, Mark Kapczynski of OneRep reminds us of an awful truth most people either don’t know or don’t like to think about. Your personal information — your address, your phone number, your age — all of these things are on the public internet! Mark talks about OneRep’s mission to scrub personal information from these sites, suggests changes that could help prevent this problem, and shares ways you could base a career in this fight for data privacy and autonomy. All that and a detour into grade-school home computer shenanigans on today's episode.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Free cybersecurity training resources0:56 - Overview of today's episode1:50 - Who is Mark Kapczynski? 2:44 - Data breaches are a way of life3:36 - Getting started in IT and cybersecurity5:41 - Helping the film industry go digital7:31 - Transitioning industries from paper to digital9:53 - What types of personal data are on the internet?12:40 - How people search sites sell PII and make money14:50 - How to get personal information removed from sites18:07 - What type of services does OneRep offer?19:19 - How is public personal data used in cybercrime?23:01 - How can consumers limit personal data exposure?26:38 - Regulatory changes needed to protect personal data29:00 - Who owns your personal data?30:55 - Web 3.0, smart contracts and other tech needed33:58 - Jobs and careers related to data privacy36:38 - Every professional needs to understand data39:50 - What makes a data professional's resume stand out?41:50 - What is OneRep?44:30 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today's episode is all about email fraud. John Wilson, head of the cyber intelligence division at Agari by HelpSystems, discusses Business Email Compromise (BEC), spearphishing, whaling, romance fraud and more. If you can name it, John’s studied it. And he's likely collected intel that’s managed to freeze cybercriminals’ assets — and even put them away. He gives career tips and advice for engaging in threat research at all levels, we discuss the pyrrhic victory that is the modern spam filter, and John tells me why BEC fraud hunters’ best asset is a degree in psychology! All that and loads more, today on Cyber Work! – Get your FREE cybersecurity training resources:  https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Free cybersecurity training resources0:58 - Overview of today's episode1:58 - Who is John Wilson? 3:02 - Getting into cybersecurity4:58 - How spam has evolved over the years8:12 - Why pursue a career in fraud?11:10 - 3 primary vectors for email attacks15:20 - Is BEC ever an insider threat?16:16 - Is education making a difference on BEC attacks?20:55 - Tracking down BEC actors and recovering assets23:50 - Two angles to preventing BEC attacks29:12 - Careers related to BEC and phishing prevention34:42 - How to gain cybersecurity experience and get hired37:25 - Agari and email fraud protection42:16 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today's episode, we're breaking down phrases you've heard a million times: “security is everyone’s job,” “humans are the weakest link in the security chain,” “it’s not if you get breached, but when.” Returning guest Alyssa Miller drills into these comforting nostrums and explains why, even when they’re used for well-intended purposes, they often act to limit the conversation and the options, rather than address the hard work needed to overcome these evergreen problems. You’re not going to want to miss this one, folks! It’s all that, plus a little bit of book talk, today on Cyber Work! – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast– Get the Cybersecurity Career Guide by Alyssa Miller: https://alyssa.link/book0:00 - Intro1:38 - Alyssa's tweet that inspired this episode4:00 - Why you need to read the Cybersecurity Career Guide9:10 - Cybersecurity platitudes and clichés11:30 - Cliché 1: "It's not if you get breached, but when"18:44 - Cliché 2:"Just patch your shit"24:58 - Cliché 3: "Users are the weakest link"32:34 - Cliché 4: "Security is everyone's job"35:52 - Cliché 5: What is a "quality gate"?44:14 - Cliché 6: "You just need passion to get hired"48:14 - How to write a better cybersecurity job description 50:15 - Business value of diversity and inclusion52:52 - Building a security champions program55:12 - Where can you connect with Alyssa Miller?56:44 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Secure coders are responsible for developing and writing secure code in a way that protects against security vulnerabilities like bugs, defects and logic flaws. They take proactive steps to introduce secure coding methodologies before the application or software is introduced into a production environment, often following recommendations from the Open Web Application Security Project (OWASP) Foundation.– Free cybersecurity training resources: https://www.infosecinstitute.com/free– Learn more here: https://www.infosecinstitute.com/skills/train-for-your-role/secure-coder/0:00 - Intro0:25 - What does a secure coder do?5:48 - How do you become a secure coder?9:46 - What skills do secure coders need?12:28 - What tools do secure coders use?17:08 - What roles can secure coders transition into?19:50 - What to do right now to become a secure coderAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Diana Kelley returns to the show to discuss her work as a board member of the Cyber Future Foundation and the goings-on at this year’s Cyber Talent Week. Whether you’re a cybersecurity hiring manager who doesn’t know why you’re not getting the applicants you want, a candidate who hears the profession has 0% unemployment but still can’t seem to get a callback or anyone in between, DO. NOT. MISS. THIS. EPISODE. This is one for the books, folks. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Cybersecurity hiring and job searching4:30 - Diana Kelley of Cyber Future Foundation9:00 - Cyber Future Foundation talent week13:58 - Reexamining cybersecurity job descriptions 21:52 - Cybersecurity hiring manager and applicant training27:10 - Strategies to bring in diverse talent from other industries33:06 - Narrowing your cybersecurity job pursuit39:37 - Using different educations in cybersecurity roles41:32 - Implementing an educational pipeline44:40 - Hiring based on strong skills from other trades48:22 - Cybersecurity apprenticeships 53:22 - Fostering cybersecurity community value 59:09 - Diana Kelley's future projects1:00:30 - Outro