Cyber Work

Security Yearbook creator Richard Stiennon joins today’s podcast to share his career journey. He talks about creating the first ISP in the Midwest in the ‘90s, the role of the Security Yearbook in telling the history of cybersecurity and the best place to start your cybersecurity career. Hint: It’s not necessarily with the big firms! – Save 50% on your copy of the Security Yearbook with code "infoseclive": https://it-harvest.com/shop– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Infosec Skills Monthly Challenge0:50 - Intro 2:50 - How Richard got started in cybersecurity7:22 - Penetration testing in the ‘90s10:17 - Working as a research analyst14:39 - How the cyberwar landscape is changing19:33 - Skills needed as a cybersecurity researcher20:30 - Launching the Security Yearbook27:20 - Security Yearbook 2021 29:00 - Importance of cybersecurity history30:48 - How do cybersecurity investors see the industry34:08 - Impact of COVID-19 and work from home35:50 - Using the Security Yearbook to guide your career40:38 - How cybersecurity careers are changing43:29 - Current pentesting trends 47:06 - First steps to becoming a research analyst48:20 - Plans for Security Yearbook 202250:20 - Learn more about Richard Stiennon51:09 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Cybersecurity hiring managers, and the entire cybersecurity industry, can benefit from recruiting across a wide range of backgrounds and cultures, yet many organizations still struggle with meaningfully implementing effective diversity, equity and inclusion (DEI) hiring processes.Join a panel of past Cyber Work Podcast guests as they discuss these challenges, as well as the benefits of hiring diversely:– Gene Yoo, CEO of Resecurity, and the expert brought in by Sony to triage the 2014 hack– Mari Galloway, co-founder of Women’s Society of Cyberjutsu– Victor “Vic” Malloy, General Manager, CyberTexasThis episode was recorded live on August 19, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastThe topics covered include:0:00 - Intro1:20 - Meet the panel3:28 - Diversity statistics in cybersecurity4:30 - Gene on HR's diversity mindset5:50 - Vic's experience being the "first" 10:00 - Mari's experience as a woman in cybersecurity12:22 - Stereotypes for women in cybersecurity15:40 - Misrepresenting the work of cybersecurity17:30 - HR gatekeeping and bias25:56- Protecting neurodivergent employees31:15 - Hiring bias against ethnic names37:57 - We didn't get any diverse applicants!43:20 - Lack of developing new talent46:48 - The skills gap is "nonsense"49:41- Cracking the C-suite ceiling53:56 - Visions for the future of cybersecurity58:15 - Outro– Join the Infosec Skills monthly challenge: https://www.infosecinstitute.com/challenge– Download our developing security teams ebook: https://www.infosecinstitute.com/ebookAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

PLEASE NOTE: Around minute 47, I incorrectly say that Eric Milam, author of the definitive report on the BAHAMUT threat group, is employed by HP. He is, in fact, employed by Blackberry. I sincerely apologize to Mr. Milam for the error.In this special episode, we look back at how the show has evolved over the past three years and celebrate our amazing guests and viewers. You've helped grow the Cyber Work Podcast to nearly a million plays! To give back, we're launching a brand new way for EVERYONE to build their cybersecurity skills. It's free. It's hands-on. Oh, and did we mention there's more than $1,000 in prizes EVERY MONTH. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastHuge thank you to all the past guests who shared their expertise over the past 200 episodes. The timings of everyone in this episode are listed below. Happy listening!0:00 - Intro0:42 - Monthly challenges and $1,000 in prizes!1:30 - Cyber Work Podcast origins 2:32 - First episode with Leighton Johnson3:16 - Finding our first guests3:46 - Keatron Evans on incident response6:54 - Susan Morrow on two-factor authentication8:54 - Susan Morrow on GDPR 11:03 - Susan Morrow on "booth babes" and speaking up13:20 - Alissa Knight on getting arrested for hacking at 1716:39 - Alissa Knight on API security19:14 - Ron Gula on cybersecurity challenges23:23 - Amber Schroader on the real work of digital forensics26:19 - Theme of the Cyber Work Podcast27:01 - Jeff Williams on creating the OWASP Top Ten31:23 - David Balcar on the biggest APTs33:46 - Elie Bursztein on breaking into cybersecurity37:37 - Sam King on AppSec frameworks and analysis41:17 - Gary DeMercurio on getting arrested for red teaming47:19 - Eric Milam on the BAHAMUT threat group 53:39 - Feedback from Cyber Work Podcast listeners55:16 - Alyssa Miller on finding your career path 57:24 - Amber Schroader on computer forensics tasks59:07 - Richard Ford on malware analyst careers1:02:02 - Career action you can take today  1:02:19 - Rita Gurevich on reading and learning1:03:20 - Snehal Antani on transitioning careers1:04:26 - Promoting underrepresented voices1:05:09 - Mari Galloway on women in cybersecurity1:05:31 -  Alyssa Miller on diversity "dog whistles"1:10:11 - Christine Izuakor on creating role models1:10:52 - We want to hear your story1:11:40 - Monthly challenges and outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Gemma Moore of Cyberis Limited talks about her incredible pentesting career and shares her advice for aspiring pentesters. She also discusses security as it regards the human cost of social engineering, which is the title of a recent article Gemma wrote.  – Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro5:26 - Becoming a world-class pentester13:55 - 2004 pentesting versus now17:25 - Early years of pentesting 19:30 - Natural skills to be a pentester23:12 - Advice for aspiring pentesters 25:50 - Working in pentesting 27:50 - Red teaming 31:08 - How to be a great pentester33:04 - Learn about CREST36:13 - What should be on my resume?37:45 - Cyberis Limited 40:25 - Diversity and inclusion 43:42 - The human cost of social engineering50:06 - Training staff positively52:54 - Current projects54:20 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Ning Wang of Offensive Security talks to us about her role as CEO of Offensive Security. In her role she is responsible for the company culture, vision, strategy and execution. We talk about Wang’s cybersecurity journey, her direction at OffSec and the ways that white hat hackers can be recruited into the industry, possibly riding the interest of big news-story hacking events like the Colonial Pipeline hack to do so.– Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:21 - Origin story5:31 - Changing careers 7:46 - Skills learned throughout Wang’s career11:46 - Taking a chance on a new career12:50 - What is Offensive Security? 16:19 - Try harder mindset19:42 - Offensive Security certification23:02 - Recruiting ethical hackers28:12 - Civic responsibility 33:10 - Ethical hacking job specialties 36:49 - Tips for ethical hacking learners40:09 - Women in cybersecurity 43:56 - Offensive Security’s future 46:35 - Feedback from students48:11 - Learn more about Wang OS48:48 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Adam Levin of CyberScout talks to us about scams, identity theft and more across the cybersecurity industry from the 1970s until today. He also tells us about his podcast, What the Hack with Adam Levin, which is focused on hacking, fraud and theft.– Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:01 - Origin story7:07 - Bank safety in the old days8:02 - Fraud and scams over the years9:27 - Tactics today13:15 - Scam experiences14:33 - Scam embarrassment and stigma18:17 - What the Hack podcast20:22 - A taste of What the Hack21:28 - How do you pursue stories for the podcast?25:38 - How do you structure episodes?26:44 - Humor in cybersecurity environment28:43 - Work from home balance30:25 - What is hot in fraud right now36:50 - Credit reports38:28 - Consumer protection and fraud careers42:53 - Cyber savvy countries 44:31 - Predictions on fraud evolution48:26 - Benefit to nationwide education?50:42 - Optimism for security education52:26 - Find out more about What the Hack52:58 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Neal Dennis of Cyware talks to us about building a collective defense via increased threat intelligence sharing in the global security community. Dennis has worked with customer success and clients, helping them map out new intelligence workflows, and has also built out several intelligence analysis programs for Fortune 500 companies. Neal started his career as a SIGINT specialist while serving in the United States Marine Corps and later supported cyber initiatives for USCYBERCOM, STRATCOM, NSA, 24th Air Force, USAF Office of Special Investigations and JFCC-NW. – Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro2:10 - Origin story3:57 - Military and linguistics influence 6:10 - Work in counterintelligence8:51 - Digital forensics work11:02 - Changes in open-source intelligence work13:00 - Building a global defensive network15:46 - Why aren’t we sharing info?18:41 - How to implement global changes?23:42 - Areas of friction for sharing29:15 - Threat intel and open-source intel as a job32:55 - Do research analysis35:03 - Hiring outlook37:15 - Tell us about Cyware39:38 - Learn more about Dennis and Cyware40:06 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Snehal Antani joins us from Horizon3.ai to talk about pentesting, red teaming and why not every vulnerability necessarily needs to be patched. He also shares some great advice for people entering the field.– Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro2:12 - Origin story4:12 - Using your hacking powers for good7:14 - Working up the IBM ranks12:18 - Cloud problems14:25 - Post-IBM days16:50 - Work with the DOD20:33 - Why did you begin Horizon3.ai?24:38 - Vulnerabilities: not always exploitable29:46 - Strategies to deal with vulnerabilities33:36 - Sensible use of a security team35:29 - Advice for red and blue team collaboration39:14 - Pentesting and red teaming career tips41:12 - Demystifying red and blue team45:40 - How do you become intensely into your work47:24 - First steps to get on your career path49:49 - How to learn more about Horizon3.ai50:42 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.Neal Dennis 

Frank Smith joins us from Ntiva to talk about the new Cybersecurity Maturity Model Certification (CMMC), organizations achieving Level 1 and Level 3 maturity levels, and why CMMC is so important for government contractors. Plus he discusses security for federal entities and how to get started in a career in cyber compliance by becoming a Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA).– Get more free CMMC resources: https://www.infosecinstitute.com/solutions/organization/government/cmmc/ – Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:11 - Origin story4:17 - Key projects to climb the work ladder6:45 - An average work day9:30 - Cybersecurity Maturity Model Certification16:38 - CMMC over five years17:30 - Which level of certification will you need?19:00 - Level 3 versus level 1 certification22:20 - Finding your feet by 202223:55 - Jobs to take in first steps toward compliance officer 27:27 - Benefits of CMMC for other roles28:44 - Experiences to make you desirable as a worker31:55 - Imperative to locking down infrastructure37:58 - Ntiva39:47 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Learn what it’s like to do good by being bad. The idea of breaking into a company, by hook or by crook, attracts all sorts of would-be secret agents. But what is red teaming really like as a job? What are the parameters, what are the day-to-day realities and, most importantly, what is hands-off in a line of work that bills itself as being beyond rules?Join a panel of past Cyber Work Podcast guests: – Amyn Gilani, Chief Growth Officer, Countercraft– Curtis Brazzell, Managing Security Consultant, GuidePoint SecurityOur panel of experts have worked with red teaming from a variety of positions and will answer your questions about getting started, building your skills and avoiding common mistakes.0:00 - Intro2:34 - Favorite red team experiences7:57 - How to begin a cybersecurity career14:42 - Ethical hacking vs pentesting18:29 - How to become an ethical hacker23:32 - Qualities needed for red teaming role29:20 - Gain hands-on red teaming experience33:02 - Supplier red team assessments37:00 - Pentesting variety46:22 - Becoming a better pentester52:12 - Red team interview tips56:00 - Job hunt tips1:01:18 - Sponsoring an application1:02:18 - OutroThis episode was recorded live on June 23, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.