Cyber Work

What does a malware analyst do? Find out on today’s episode featuring Dr. Richard Ford, Chief Technology Officer of Cyren. Richard talks about breaking into the field, whether a computer science degree is or isn’t essential for the role, and an early program he wrote to brag about his high score to his classmates! 0:00​ - Intro 2:30 - Richard’s cybersecurity origin story6:07​ - Being an IBM anti-malware researcher in the 90s9:18​ - How malware has evolved11:27​ - Major career milestones18:14​ - Two types of malware analysts21:42​ - How to get hired as an entry-level analyst25:45​ - Day-to-day malware analyst tasks29:40 - Transitioning to an analyst role without any experience34:30 - What does Cyren do?37:25​ - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastDr. Richard Ford is the Chief Technology Officer of Cyren. He has over 25 years’ experience in computer security, working with both offensive and defensive technology solutions. During his career, Ford has held positions with Forcepoint, Virus Bulletin, IBM Research, Command Software Systems and NTT Verio. Dr. Ford has also worked in academia, having held an endowed chair in Computer Security, and worked as Head of the Computer Sciences and Cybersecurity Department at the Florida Institute of Technology. Ford holds a bachelor’s, master’s and D.Phil. in Physics from the University of Oxford. In addition to his work, he is an accomplished jazz flutist and instrument rated private pilot.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

We’re making cybersecurity training fun with today’s episode, which is all about gamification! Jessica Gulick of Katczy discusses the Wicked6 Cyber Games, the Women’s Society of Cyberjutsu, and the ways in which cyber games could rise to the ranks of other televised esports.0:00​ - Intro 2:16​ - Starting in cybersecurity after 9/113:28​ - Major career milestones so far7:08​ - Day to day duties as a CEO 11:00​ - Cybersecurity burnout and ongoing learning13:16​ - Let’s dig into gamification!19:11​ - How to design deeper gamification 22:32 - Selling gamification to leadership28:45 - Wiked6 Cyber Games35:10 - Gamified security awareness campaigns37:42​ - Can gamification help grow the talent panel42:05​ - Working with the Women’s Society of Cyberjutsu49:58​ - What’s next for these gamified cyber events?52:20​ - Outro– Try our Choose Your Own Adventure® Zombie Invasion game: https://www.infosecinstitute.com/iq/choose-your-own-adventure/ – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastJessica Gulick is CEO of Katzcy, a woman-owned growth firm specializing in cybersecurity marketing and cyber games. She is also President of the Board at the Women’s Society of Cyberjutsu, a 501c3 dedicated to advancing women in cyber careers. Jessica is a 20-year veteran in the cybersecurity industry and a CISSP.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

From working the help desk to becoming FireEye’s Chief Security Strategist and founding his own company Kolide, Jason Meller has a wealth of experience to share about moving up the cybersecurity ladder. On today’s episode, he discusses his security journey, including working one of the best help desk jobs of all time, bluescreening his friends in the Wild West days of the Internet and sharing advice for up-and-coming cybersecurity professionals.0:00​ - Intro 2:22​ - Pixar movie Soul and finding his "spark"6:40​ - The Wild West of cybersecurity7:56​ - Working at the best help desk ever12:13​ - Becoming a cyber threat analyst18:02​ - The importance of soft skills21:23​ - Becoming a chief security strategist at FireEye24:38​ - Working solo vs in a team25:55​ - Adding a new superpower with your talents28:03​ - Should you leave your job?31:10​ - Exploring the psychology of security36:34​ - Security veterans and mentorship40:30​ - What is Kolide?44:30​ - The new work/life balance of security46:40​ - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastJason Meller is the CEO and founder of Kolide. Jason has dedicated his career to building products and tools that enable security experts to successfully defend western interests from sophisticated and organized global cyber threats. He started his security and product career at GE's elite computer incident response team, led by Richard Bejtlich (the father of modern network security monitoring). From there, Jason moved to the legendary Mandiant corporation (acquired by FireEye) quickly working his way up from an entry level analyst position to becoming the Chief Security Strategist. As Chief Security Strategist at FireEye, Jason was responsible for rapidly building products and services with an engineering strike team to facilitate and grow high-profile partnerships and key strategic initiatives.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

NetOps, SecOps and CloudOps — you’ll learn about it all on today’s episode featuring Raju Chekuri, CEO of NetEnrich. Raju shares his career journey, discusses his work helping new tech and cybersecurity startups, and explains why clinging blindly to a five-year plan can be a recipe for disaster.0:00 - Intro 2:12 - Getting started in cybersecurity3:38 - How the security landscape has changed8:27 - Complexity and scope of cybersecurity10:05 - 16+ years at NetEnrich14:30 - Going beyond governance to do it right17:30 - Strategies for upping ITOps along with business22:50 - Examples of companies doing it right24:55 - Helping startups become successful30:45 - Keys to a solid business plan33:42 - Mentorships in security and startups36:25 - Being an entrepreneur & humanitarian40:15 - What's next for NetEnrich?46:18 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastRaju founded NetEnrich in 2004 after a successful IT career as an entrepreneur, visionary and business leader in Silicon Valley. He has led the company’s growth as SaaS for digital operations while innovating for AIOps and cybersecurity solutions. Raju is currently the chairman of the board at OpsRamp, a spin-off from NetEnrich. Previously, he founded Velio Communications, Inc., and led it to its acquisition by LSI Logic and Rambus in 2003. Raju earned an MBA at St. Mary’s College of California and a Bachelor of Technology at Kakatiya University. About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Learn about different cybersecurity roles and career paths in this wide-ranging conversation with today’s guest Tyler Cohen Wood. Tyler discusses working as a senior intelligence officer for the Defense Intelligence Agency (DIA), overseeing cyber risk for AT&T and writing her book Catching the Catfishers. We talk about online privacy, implementing complex cybersecurity systems, healthcare security shortcomings in the age of COVID — and her blue-haired, pre-cyber years working in the record industry! 0:00 - Intro2:20 - Getting into IT & security4:20 - Digital forensics & incident response6:18 - Moving up the cybersecurity ladder9:40 - Working with complex systems12:57 - Director of Cyber Risk at AT&T15:37 - Becoming a cybersecurity consultant22:30 - Sharing too much personal info26:20 - Work from home privacy & security33:18 - Cybersecurity career tips37:33 - Cybersecurity hiring & diversity39:51 - Healthcare privacy & HIPAA changes48:53 - Future career plans50:15 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastTyler Cohen Wood is a cyber-authority with 18+ years of highly technical experience. As a cyber intelligence and national security expert, as well as three-time author and public speaker, Tyler is relied on for her wealth of knowledge and unique insights. She served with the DIA as a senior intelligence officer where she developed highly technical cyber solutions and made recommendations to significantly develop and change critical cyber policies and directives, which affected current and future intelligence community programs. She has helped the White House, DoD, federal law enforcement and the intel community thwart many cyberthreats to the U.S. She is the author of the book Catching the Catfishers. About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Learn all about Kubernetes, its possible misconfigurations and vulnerabilities, and how it applies to cloud security on today’s episode, featuring Michael Foster, a Cloud Native Advocate at StackRox. Michael discusses intrinsic Kubernetes security issues compared with those that come from improper use, the work of a Cloud Security Advocate, his time in the Chicago Cubs and more.0:00 Intro 2:03 Getting started in tech4:09 From Cubs to security8:10 What is Kubernetes?10:45 Kubernetes issues & CNCF roadmap14:50 Types of vulnerabilities19:10 Kubernetes checklist and wishlist23:30 Role and duties at StackRox25:30 Cloud security skills & careers31:30 Future of Kubernetes33:28 What is StackRox?35:35 Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastMichael Foster is a passionate tech enthusiast and open-source advocate with a multidisciplinary background. As a Cloud Native Advocate at StackRox, Michael understands the importance of building an inclusive community. Michael embraces all forms of automation, focusing on Kubernetes security, DevOps, and infrastructure as code. He is continually working to bridge the gap between tech and business and focus on sustainable solutions. About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

We’re going back into the world of digital forensics careers with today’s guest, Tyler Hatch of DFI Forensics! Tyler tells us about moving from being a lawyer into the field of digital forensics, key traits of great forensics professionals and how to prove that incriminating evidence on a defendant’s laptop isn’t always what it seems. 0:00 Intro 2:46 Getting started in tech5:24 Lawyer vs forensics12:11 Staff and cases18:45 Responsibilities and tasks24:10 Digital forensics files podcast27:45 Getting hired30:40 Covid-19 work impact33:16 Future of forensics40:17 Breaking into forensics42:43 Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastFollowing a six-year legal career that included representing clients in legal proceedings in small claims, the Supreme Court and a variety of administrative tribunals in B.C., Tyler found his way into the fascinating world of digital forensics and never looked back. Tyler is a Certified Computer Forensics Examiner (CCFE) and a Certified Mobile Forensics Examiner (CMFE) and is always training and receiving education to further his knowledge and understanding of computer forensics, IT forensics, digital forensics, cybersecurity and incident response. Tyler formed DFI Forensics in July 2018 and is the host of the “Digital Forensics Files” podcast. He is also a frequent contributor of written articles to various legal and digital forensics publications, including AdvocateDaily.com, LawyersDaily.ca, eForensics Magazine and Digital Forensics Magazine. About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Help your C-suite get serious about cybersecurity with today’s episode, featuring Mathieu Gorge. Using his Five Pillars of Security Framework and his book, The Cyber Elephant in the Boardroom, Mathieu takes complex, confusing regulatory frameworks and maps them in a language that non tech-fluent board members can understand. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastMathieu Gorge is the author of the new ForbesBooks release, The Cyber Elephant in the Boardroom: Cyber-Accountability with the Five Pillars of Security Framework. He is also the CEO and founder of VigiTrust, a cybersecurity company with clients in 120 countries. Mathieu has over 20 years of IT security and risk management experience and is much-sought after for his expertise. As an authority on cybersecurity solutions, he has been asked to speak at conferences including RSA, ISSA and ISACA. About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

It’s been a busy week for cybersecurity professionals as they respond to the SolarWinds breach. On December 13, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to immediately “disconnect or power down SolarWinds Orion products" as they were being actively exploited by malicious actors.Infosec Skills author and KM Cyber Security managing partner Keatron Evans is helping numerous clients respond to the breach. In this live discussion and incident response demo (recorded Friday, December 18) he covers: – What happened with the SolarWinds supply chain attack– Immediate action you can take to protect your systems– Industry responses to help mitigate the incident– Live demo of Snort, memory forensics and Zeek– Q&A with live attendeesLive walkthroughs from Keatron can be found here:– Full video presentation: https://www.youtube.com/watch?v=5lc4HtmEYl4 – 10-minute Snort demo for SolarWinds and Sunburst incident response: https://www.youtube.com/watch?v=wG8dLV-LZwY– 10-minute memory forensics demo of SolarWinds and Sunburst: https://www.youtube.com/watch?v=uLGLCv1Cu6AAdditional resources discussed by Keatron:– FireEye Mandiant SunBurst countermeasures: https://github.com/fireeye/sunburst_countermeasures– McAfee analysis into the Sunburst backdoor: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/– Keatron's free Cyber Work Applied training videos: https://www.infosecinstitute.com/learn/– Keatron's Infosec Skills courses: https://www.infosecinstitute.com/authors/keatron-evans/About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Ever thought of hiring a ransomware negotiator, or becoming one yourself? On today’s episode, Kurtis Minder of GroupSense tells us what makes a good ransomware negotiator, why setting the right tone is crucial in a successful negotiation and why, in the right situation, you can get away with referring to a ransomer as “grasshopper.” We’re also excited to announce a new, hands-on training series called Cyber Work Applied. Every week, expert Infosec instructors and industry practitioners teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You’ll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free! Check out the link below to start learning.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAs the CEO and co-founder of GroupSense, Kurtis Minder leads a team of world-class analysts and technologists providing custom cybersecurity intelligence to some of the globe’s top brands. The company’s analysts conduct cyber research and reconnaissance and map the threats to client risk profiles. Kurtis arrived at GroupSense after more than 20 years in roles spanning operations, design and business development at companies like Mirage Networks (acquired by Trustwave), Caymas Systems (acquired by Citrix) and Fortinet (IPO).About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.