Cyber Work

Are you great with details? Do you like juggling multiple projects at once? Is your organization system the topic of awed discussion between your co-workers? Or are you just interested in getting into cybersecurity from a different angle? If so, you might already be a top-notch project manager and not even know it!Join a panel of past Cyber Work Podcast guests as they discuss their tips to become a project management all-star:– Jackie Olshack, Senior Program Manager, Dell Technologies– Ginny Morton, Advisory Manager, Identity Access Management, Deloitte Risk & Financial AdvisoryIf you’re interested in project management as a long-term career, Jackie and Ginny will discuss their career histories and tips for breaking into the field. If you plan to use project management as a way to learn more about other cybersecurity career paths, we’ll also cover how to leverage those skills to transition into roles.This episode was recorded live on December 15, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/– Want to earn your PMP certification? Learn more here: https://www.infosecinstitute.com/courses/pmp-boot-camp-training/– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastThe topics covered include:0:00 - Intro0:51 - Meet the panel3:12 - Why we're talking project management6:27 - Agenda for this discussion6:55 - Part 1: Break into cybersecurity project management7:45 - Resume recommendations for project managers12:35 - Interview mistakes for project managers19:22 - Creating your elevator pitch23:10 - Importance of your LinkedIn page25:05 - What certifications should I get?30:38 - Do I need to be technical to be successful?34:20 - How to build cybersecurity project management skills38:28 - Part 2: Doing the work of project management40:47 - Getting team members to lead themselves44:50 - Dealing with customer ambiguity47:30 - Part 3: Pivoting out of project management47:48 - How do I change roles in an organization51:50 - What's the next step after cybersecurity project manager?53:43 - How to move from PMing security teams into leading them?59:05 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Security operations center (SOC) analysts are responsible for analyzing and monitoring network traffic, threats and vulnerabilities within an organization’s IT infrastructure. This includes monitoring, investigating and reporting security events and incidents from security information and event management (SIEM) systems. SOC analysts also monitor firewall, email, web and DNS logs to identify and mitigate intrusion attempts.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– Learn more about the SOC analyst role: https://www.infosecinstitute.com/role-soc-analyst/.0:00 Intro 1:20 - What is a SOC analyst? 1:58 - Levels of SOC analyst2:24 - How to become a SOC analyst2:53 - Certification requirements3:29 - Skills needed to succeed4:38 - Tools SOC analysts use5:32 - Open-source tool familiarity 6:05 - Pivoting from a SOC analyst6:50 - What can I do right now?7:32 - Experience for your resume 8:07 - Outro  About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Infosec’s Principal Security Researcher, instructor and cybersecurity renaissance man Keatron Evans returns to the show for the first in a series of once-quarterly episodes breaking down big stories in the news and cybersecurity trends for the future! We talk Solarwinds, Colonial Access Pipeline, Oldsmar, Keatron’s origin story and why, just like practicing your scales makes you a better musician, master pentesters and security pros got where they did by mastering the art of repetition in learning. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:30 - How did you get into cybersecurity? 4:00 - What skills did you have early on? 6:10 - First interaction with Infosec10:34 - Work as a principal security researcher13:20 - Machine learning in cybersecurity 14:14 - Infosec classes17:28 - Equity in cybersecurity 20:25 - You don't need a technical background21:36 - Major security breaches of 202122:15 - SolarWinds breach24:56 - What job roles help stop these breaches?27:50 - Water treatment plant breach31:42 - Infrastructure security 34:30 - President Biden and cybersecurity39:22 - Supply chain security 43:20 - Security trends for 202249:00 - Projects to keep an eye on50:52 - Learn more about Evans51:44 - Outro

Security managers develop security strategies that align with the organization's goals and objectives. In addition, they direct and monitor security policies, regulations and rules that the technical team implements. Knowledge in areas like information security governance, program development and management, incident response and risk management are important to success in any security management role.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– Learn more the security manager role: https://www.infosecinstitute.com/role-security-manager/0:00 - Intro 0:26 - What does a security manager do? 3:15 - How do you become a security manager?4:54 - What education is required for security managers?5:55 - What certificates are required for security managers?7:23 - What skills does a security manager need to have?9:58 - Common tools security managers use11:48 - Where do security managers work?13:45 - How well do security managers pivot into other roles?15:36 - What step can someone take now to become a security manager?17:27 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Andrew Howard, CEO of Kudelski Security, returns to give us his cybersecurity predictions for 2022! How will cybersecurity protect the supply chain, why is quantum computing on all of his clients' minds, and how would Andrew rewrite security from the ground up if a genie granted him three wishes? – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:00 - Getting into cybersecurity4:00 - How has the cloud evolved?6:46 - The past year in cybersecurity8:20 - The next cybersecurity innovation 8:57 - Where quantum computing is going10:15 - Concerns about encryption data10:54 - The state of ransomware12:57 - Cybersecurity supply chain issues. 16:18 - Hybrid work cybersecurity18:42 - The year of cyber insurance20:35 - DOD directive to close security gaps22:15 - What would you change in cybersecurity?25:45 - What would put phishing out of mind? 28:10 - Advice to 2022 cybersecurity students 29:37 - Kudelski Security 30:58 - Blockchain security in 202231:57 - Learn more about Kudelski32:10 - Outro   About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Penetration testers, or ethical hackers, are responsible for planning and performing authorized, simulated attacks within an organization’s information systems, networks, applications and infrastructure to identify vulnerabilities and weaknesses. Findings are documented in reports to advise clients on how to lower or mitigate risk. Penetration testers often specialize in a number of areas such as networks and infrastructures, Windows, Linux and Mac operating systems, embedded computer systems, web/mobile applications, supervisory control data acquisition (SCADA) control systems, cloud systems and internet of things (IoT) devices.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– Learn more about the role of penetration tester: https://www.infosecinstitute.com/role-penetration-tester/0:00 - Intro 0:26 - What does a penetration tester do? 1:10 - Levels of penetration testers1:50 - How to become a penetration tester3:08 - Education needed to be a pentester3:50 - Skills needed to pentest4:24 - Common tools of the pentester5:07 - Training with the tools5:42 - Job options for pentesters6:36 - Work duty expectations7:45 - Can you move to a different role?9:09 - What can I do to become a pentester?9:54 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Roderick Jones of Concentric talks about security risks facing content creators, influencers, gamers and streamers on Twitch, YouTube and elsewhere. Online harassment is often seen as “part of the package” if you’re going to work in a public-facing streamer community, but Jones knows that this isn’t inevitable, and it is fixable. A future without a shrug-shoulders approach to online abuse? – Create your free Infosec Skills account: https://infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:37 - How did you get into cybersecurity?5:30 - Were you scouted for your role? 6:44 - How did the landscape change?8:40 - Security intelligence to private sector11:50 - Daily work at Concentric 13:25 - Staying up on trends15:09 - Gaming, streaming and security issues21:31 - Desentization and online personalities 25:42 - The future of online access27:37 - How to protect streamers31:40 - Censoring on streaming platforms with AI35:06 - Safeguards streams should have in place40:06 - Cybersecurity jobs related to streaming security 41:58 - Being courteous online 42:43 - More about Concentric43:58 - Learn more about Jones44:35 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Bentsi Ben-Atar of Sepio Systems talks about some truly scary high-tech hacking weapons and techniques, from Raspberry Pis in your mouse or keyboard to charging cables that can exfiltrate data from a mile away. What do we do? How do we prepare? – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:18 - Getting into cybersecurity4:30 - Career highlights 5:50 - Co-founding two companies 7:22 - Typical work day at CTO and CMO11:29 - New stealthy hacking tools13:08 - Hacking a smart copy machine17:46 - Stealing data with a Raspberry Pi26:01 - The ninja cable 32:11 - Security awareness while traveling 35:20 - How to work battling high-tech cybercrime36:35 - Exploring cybersecurity 37:47 - More about Bentsi’s companies39:31 - Find more about Bentsi 39:57 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, Menachem Shafran of XM Cyber talks about cloud security. Menachem tells us about the work of project manager and product manager, how the haste to migrate to the cloud can unnecessarily leave vulnerabilities wide open and why a cloud security expert also needs to be a good storyteller. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:40 - Getting into cybersecurity5:47 - Project manager in cybersecurity9:12 - Identifying pain points10:24 - Working as a VP of product14:09 - Data breaches16:30 - Critical versus non-critical data breaches18:19 - Attacker’s market 19:38 - How do we secure the cloud?22:45 - A safer cycle of teams24:40 - How to implement cybersecurity changes28:50 - How to work in cloud security30:48 - A good cloud security resume 33:02 - Work from home and cloud security34:30 - XM Cyber’s services 37:21 - Learn more about Menachem38:00 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On this week’s Cyber Work Podcast, BugCrowd and disclose.io! founder Casey Ellis discusses how to think like a cybercriminal, the crucial need for transparent vulnerability disclosure, the origins of BugCrowd and why mentorship is a gift that goes in both directions.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:15 - Getting into cybersecurity4:30 - Criminal mindset in cybersecurity5:49 - Ellis’s career to date 9:10 - Healthcare cybersecurity11:47 - Mentoring others 13:52 - Mentorship as a two-way street16:12 - Bugcrowd and bug bounty19:18 - Vulnerability disclosure project21:30 - Bug bounty popularity 24:52 - U.S. sanctions on hacking groups26:52 - Hiring hackers 31:52 - Pursue specialization 33:51 - Cyber threats flying under the radar39:17 - Working from home safely40:48 - How to get into bug bounties42:18 - How to report vulnerabilities44:04 - Advice to begin ethical hacking 45:23 - Learn more about Ellis 45:56 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.