Cyber Work

In this episode we explore supply-chain security with Manish Gupta. We’re going to learn about risks and cyberattacks related to the continuous integration/continuous deployment or CI/CD pipeline, which, given high-profile attacks like SolarWinds, will give us plenty to discuss this week!0:00 - Intro2:21 - Manish's origin story4:58 - Major career stepping stones8:45 - Lessons when ahead of the curve11:21 - Average day as a servant leader CEO14:54 - Concerns with supply chain security21:22 - Federal supply chain action26:20 - What supply chain policy should focus on28:40 - Skills needed for supply chain jobs32:48 - What should be on my resume? 34:03 - Showing supply chain aptitude 36:04 - Future projects38:29 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastManish Gupta is the founder and CEO of ShiftLeft, an innovator in automated application security and the leader in application security for developers. He previously served as the chief product and strategy officer at FireEye, where he helped grow the company from approximately $70 million to more than $700 million in revenue, growing the product portfolio from two to more than 20 products. Before that he was vice president of product management for Cisco’s $2 billion security portfolio. He also served as a  vice president/general manager at McAfee and iPolicy networks.Manish has an MBA from the Kellogg Graduate School of Management, MS in engineering from the University of Maryland and a BS in engineering from the Delhi College of Engineering.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Digital forensics professional Ondrej Krehel talks about the work of digital forensics in federal and government locations, the things he learned during a months-long attempt at decrypting a well-secured Swiss bank file and why finishing the research beats any degree you could ever have. 0:00 - Intro2:11 - Ondrej's cybersecurity journal 5:33 - Career stepping stones9:55 - The Swiss job16:02 - Chasing the learning and experience20:01 - Digital forensics on a government and federal scale28:07 - Forensics collaboration on a case30:46 - Favorite work stories 31:33 - How to improve infrastructure security36:01 - Skills needed to enter digital forensics in government41:31 - Unheard activities of digital forensics 43:48 - Where do I get work experience? 47:05 - Tips for digital forensic job hunters52:19 - Work with LIFARS57:50 - OutroHave you seen our new, hands-on training series Cyber Work Applied? Tune in every other week as expert Infosec instructors teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You’ll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free!– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastOndrej Krehel is a Digital forensics and cybersecurity professional. His background includes time with special cyber operations, cyber warfare and offensive missions and a court expert witness. His Forensic Investigation matters have received attention from Forbes, CNN, NBC, BBC, ABC, Reuters, The Wall Street Journal and The New York Times.As you can see, Ondrej has a deep background in digital forensics and ethical hacking. He tells us about time spent as a guest lecturer at the FBI Training Academy, the current state of digital forensics in a federal and government context and gives us some info about how that realm differs from similar work done in for-profit or private companies.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Whether you’re looking for first-time work in the cybersecurity field, still studying the basics or considering a career change, you might feel overwhelmed with choices. How do you know you have the right knowledge? How do you make yourself stand out in the resume pile? How do you get jobs that require experience without having any experience?Join a panel of past Cyber Work Podcast guests including Gene Yoo, CEO of Resecurity, and the expert brought in by Sony to triage the 2014 hack; Mari Galloway, co-founder of Women’s Society of Cyberjutsu and Victor “Vic” Malloy, General Manager, CyberTexas.They provide top-notch cybersecurity career advice for novices, including questions from Cyber Work Live viewers.0:00 - Intro 3:38 - I'm tech-savvy. Where do I begin?10:55 - Figuring out the field for you19:16 - Returning to cybersecurity at 6823:30 - Finding a cybersecurity mentor29:39 - Non-technical roles in the industry36:21 - Breaking into the industry43:46 - Standout resume and interview51:31 - Is a certification necessary?56:50 - Related skills beginners should have1:04:35 - OutroThis episode was recorded live on March 25, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

This episode we welcome back Emily Miller of Mocana to discuss infrastructure security! We discuss the water supply hack in Oldsmar, Fla., the state of the nation’s cybersecurity infrastructure and brainstorm a TikTok musical that will make infrastructure security the next Hamilton! 0:00 - Intro3:02 - The last two years5:54 - The impact of COVID10:10 - The Florida hack15:50 - Scope and scale of safety systems18:50 - State and local government responses23:20 - Logistical issues of security for infrastructure26:45 - Ideal solutions to security 31:33 - How to improve infrastructure security39:42 - Aiming toward state and local government 43:20 - Skills to learn for this work48:13 - Future proofing this role52:54 - Work and upcoming projects55:55 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastMiller is the Vice President of Critical Infrastructure and National Security with Mocana Corporation. Miller has over 15 years of experience protecting our nation’s critical infrastructure in both physical and cybersecurity, focusing on control systems, industrial IoT and other operational technology. Prior to joining Mocana, Miller was a federal employee with the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).  On our previous episode back in early 2019, Miller and I talked about IoT security and infrastructure security, and how strengthening IoT and the security systems of our electrical, water and internet infrastructures isn’t just good business, it’s saving lives.In the last two years, these issues have become even more noticeable and pronounced. Earlier this year, hackers were able to break into the network of a water purification system in a small town in Florida. By changing cleaning and purification levels in the town’s water supply, they could have realistically poisoned the whole town. Miller and I will be discussing not only how to address the problems we have now, but to help the new generation of cybersecurity professionals lead the charge to reverse a 50+ year trend of neglect against our country’s vital infrastructure, from power grids to roads.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

This episode we chat with Jackie Olshack, a project management professional, about the role of project management in cybersecurity. We break down the specific functions of some major project management certifications, discuss things you can do tonight to start your project management training and hear why every security breach story on CNN is a cause for reflection. 0:00 - Intro 3:09 - Getting into cybersecurity project management4:30 - What does a cybersecurity project manager do?5:56 - Identity access management 8:35 - Average day for a project manager9:57 - Managing project resources11:36 - Getting into project management12:54 - What happens without a project manager?14:30 - Highs and lows of the job17:22 - Training needed for the role20:18 - What is identity access management?24:12 - Preferred job experiences28:02 - Interests and skills to succeed 31:17 - Where do I begin with tech lingo?33:18 - What can I do to change careers?35:00 - Has remote work changed workflow?35:55 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastJackie Olshack worked almost 20 years as legal secretary/paralegal for multiple patent corporate law firms. In the late 1990s, she began to recognize it was becoming harder to break the ceiling on her $58,000 salary as more and more attorneys were typing their own documents, managing their own calendars and making their own travel arrangements, putting the future of her career in jeopardy. After some introspection, she decided to go back to college and pursue a science degree with plans to go to law school to become a patent attorney — but couldn’t get her LSAT higher to get into even a fourth-tier law school. She now proudly thanks all the law schools that turned her down, preventing the dreaded $150,000-$200,000 law school debt she would have incurred. She is now an analytical, top performing SAFe trained senior project management professional with 14+ years of experience managing and implementing IT programs and projects successfully.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today we're talking about security awareness, specifically about the role of a security awareness manager, with Tiffany Franklin of Optiv. We talk about the importance of C-suite buy-in to a security awareness program, how to create challenging phishing simulators without making employees feel like victims of a gotcha attack and how being a fifth-grade math teacher can make you a better security awareness manager.  0:00 - Intro 2:13 - Getting into cybersecurity3:57 - Instructional design and technology4:58 - Primary responsibilities in her role6:38 - Security awareness work9:40 - What is the division of work?11:55 - Skills needed for this role15:04 - Helping people when they fail17:12 - Daily tasks 18:15 - Highs and lows of the job 22:00 - COVID phishing emails 22:40 - GoDaddy phishing and ethics 26:20 - Creating security awareness campaigns31:14 - Optimal combo of tech and savvy 34:20 - How to get into cybersecurity 37:10 - Outro – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastTiffany Franklin has over 13 years’ experience as a learning and development professional and is currently a Manager of Cybersecurity Education at Optiv. Tiffany and her team develop solutions that address the unique challenges of global organizations facing a wide array of cybersecurity risks, including security awareness training program courses, simulated phishing attacks, and training reinforcement materials. She has a background in education and has a Masters in Instructional Design & Technology.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Diana Kelley of The Analyst Syndicate is on the podcast to chat about her 25-year-long career in security. She touches on artificial intelligence and machine learning ethics, sneaking into DARPA in the '70s and much more. 0:00 - Intro 3:14 - Getting into cybersecurity11:51 - Cybersecurity changes in the past 25 years15:34 - Choosing exciting cybersecurity projects19:49 - What is The Analyst Syndicate?23:00 - Editorial process at The Analyst Syndicate26:26 - Changes in security from the pandemic32:22 - Combating fatigue at home34:35 - Digital transformation39:25 - Bringing more women into cybersecurity43:08 - Tips for hiring managers46:16 - Using AI and ML ethically51:50 - Tips to get into cybersecurity 55:15 - Kelley's next projects56:18 - Learn more about Kelley57:08 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastDiana Kelley’s security career spans over 30 years. She is co-founder and CTO of SecurityCurve and donates much of her time to volunteer work in the cybersecurity community, including serving on the ACM Ethics & Plagiarism Committee, as CTO and board member at Sightline Security, board member and Inclusion Working Group champion at WiCyS, cybersecurity committee advisor at CompTIA, Advisory Council, Bartlett College of Science and Mathematics, Bridgewater State University and RSAC US Program Committee. Kelley produces the #MyCyberWhy series and is the host of BrightTALK’s The (Security) Balancing Act and co-host of the Your Everyday Cyber podcast. She is also a principal consulting analyst at TechVision Research and a member of The Analyst Syndicate. She was the Cybersecurity Field CTO for Microsoft, global executive security advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner) and a manager at KPMG. She is a popular keynote speaker, the co-author of the books "Practical Cybersecurity Architecture" and "Cryptographic Libraries for Developers," has been a lecturer at Boston College's Masters program in cybersecurity, the EWF 2020 Executive of the Year and one of Cybersecurity Ventures 100 Fascinating Females Fighting Cybercrime.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Elie Bursztein joins us on today’s episode to talk all about his role as chief research lead for anti-abuse at Google! Along with Infosec Founder Jack Koziol and Cyber Work Podcast host Chris Sienko, they discuss the difference between the practices of security and anti-abuse, the difference between protecting Google the company and Gmail the product, and the aspects of security and anti-abuse that AI will never be able to do.0:00​ - Intro 2:35 - Starting a career in cybersecurity12:57 - Entering the industry today19:09​ - Career progression 42:18​ - Tech and academia collaboration for anti-abuse research 52:26​ - Getting hired in anti-abuse and cybersecurity1:01:09​ - Future of machine learning as AI hacking1:16:26 - OutroHave you seen our new, hands-on training series Cyber Work Applied? Tune in every other week as expert Infosec instructors teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You’ll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free! Click the link below to get started.– Learn cybersecurity with our FREE Cyber Work Applied training series: https://www.infosecinstitute.com/learn/ – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastElie Bursztein leads the Security and Anti-Abuse Research team at Google. He focuses on deep learning and cryptography research, and among many other accomplishments, broke SHA-1. His website, elie.net, is packed with informative articles and online talks he’s given over the years, a veritable master-class for any cybersecurity aspirants. He also describes himself as a wearer of berets and a purveyor of magic tricks in his spare time.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

CompTIA’s Security+, the most popular cybersecurity certification in the world, is getting an overhaul for 2021! The updated exam (from SY0-501 to SY0-601) re-aligns the certification to match the most in-demand entry-level cybersecurity skills and trends of 2021. Get insights into the changes directly from the source, Patrick Lane, Director of Products at CompTIA, as he explains how Security+ is evolving to remain the “go-to” certification for anyone trying to break into cybersecurity.0:00​ - Intro 4:10 - What is the CompTIA Security+ certification?5:05​ - Security+ baseline technical skills16:00​ - Security+ helps solve an industry problem21:35​ - Security+ job roles31:45​ - Job role skills and exam release37:35​ - CompITA Cybersecurity Career Pathway47:27​ - SY0-601 vs SY0-501: 6 big changes 52:10 - Security+ exam details56:48- Live Q&A1:02:13 - Outro– 7 days of free Security+ training with your Infosec Skills trial: https://www.infosecinstitute.com/skills/learning-paths/comptia-security/ – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastPatrick directs IT workforce skills certifications for CompTIA, including Security+, PenTest+, CySA+ and CASP+. He assisted the U.S. National Cybersecurity Alliance (NCSA) to create the “Lock Down Your Login” campaign to promote multi-factor authentication nationwide. He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users. Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, born and raised on U.S. military bases, and has authored and co-authored multiple books, including “Hack Proofing Linux: A Guide to Open Source Security.”About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Learn how mentors in the cybersecurity community can help launch your career on today’s episode featuring Mike Gentile, the Founder and CEO of CISOSHARE. Mike discusses the CyberForward program, which creates a mentorship and support system for new students of cybersecurity — often those with diverse cultural or economic backgrounds! CyberForward addresses not just skills training, but quality of life issues that might prevent entrance to the security field. If you’re feeling blocked and unsure how to enter the industry, you’ll really want to hear this episode!0:00​ - Intro 2:24 - Starting a career in cybersecurity5:39​ - Creating CISOHandbook.com7:35 - What is CISOSHARE?9:38​ - What is CyberForward?11:15​ - Thoughts on the cybersecurity skills gap 17:40​ - Mentoring students through CyberForward25:13​ - The training value system is broken29:33 - Creating a network of support32:44 - Helping the “beaten down” break through36:52 - What’s next for CyberForward?39:15 - Advice for getting started in cybersecurity43:28​ - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastMike Gentile is the Founder, President and CEO of CISOSHARE, headquartered in San Clemente, CA. He has led the company since inception to become a global leader in security program services and solutions. Initially an experiment, the CISOSHARE culture centers around learning and teaching to make the confusing security discipline understandable.In 2019, Mike founded CyberForward Academy by CISOSHARE using this learning and teaching culture to address both the cybersecurity resource shortage and the livable wage gap issues felt in many communities. This partner-enabled professional development program identifies and then rapidly develops effective job-ready cybersecurity professionals.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.