Cyber Work

On today’s episode, we discuss the strategies organizations can use to build stronger cybersecurity teams. Katie Boswell, Director of KPMG Cyber, and Jason Jury, Lead Associate at Booz Allen Hamilton, take you behind the scenes of KPMG's Cyber Academy and Booz Allen Hamilton's Cyber Core programs to share inspiration and strategies for building security talent internally and providing staff with progressive career path opportunities.For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today we dive into a hot topic in the cybersecurity world: how to upskill, engage and retain your cybersecurity workforce. Jessica Amato, Operations Manager at Raytheon Technologies, and Romy Ricafort, Senior Director Sales Engineering at Comcast Business, know first-hand the powerful role an investment in skills development can have in engaging their employees. They’ve designed security training programs around empowering their staff with an emphasis on career progression, not just short-term problem solving. They’re here to share the strategies that have helped Raytheon and Comcast develop and strengthen employees!For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

In the last two episodes, we talked about flipping the talent funnel and using the NICE Cybersecurity Workforce Framework to customize your company’s security training. Today, the guests of those two episodes, Danielle Santos, program manager at the National Initiative for Cybersecurity Education, Leo Van Duyn, Cybersecurity & Technology Workforce Development Strategy at JPMorgan Chase, and Karl Sharman, Head of Cyber Solutions & Consultancies at Stott & May, answer some questions related to those discussions. Danielle, Leo, and Karl discuss mentoring as a method to upskill less experienced members of your team, the unseen training costs of employee churn and a lot more.For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

We continue our twelve straight days of episodes with a discussion around the NICE Workforce Framework for Cybersecurity featuring Danielle Santos, program manager at NICE, Leo Van Duyn, Cybersecurity & Technology Workforce Development Strategy at JPMorgan Chase, and Infosec moderator Megan Sawle. Danielle and Leo explain how to provide targeted, role-based training based on knowledge, skills and competencies and guide you step-by-step through creating custom role profiles to match your organization’s specific cybersecurity needs.For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

For the next twelve days, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. In our first episode, entitled “Flip the funnel: Fixing the cybersecurity talent pipeline challenge,” former Cyber Work Podcast guest Karl Sharman, Head of Cyber Solutions & Consultancies for Stott & May, and Infosec’s Director of Research & Product Marketing Megan Sawle drill down into the notion of the skills gap. Karl and Megan know that the skills gap is a significant challenge, but with actionable guidance to help fill vacant cybersecurity roles, you can think like successful security and IT leaders and improve recruiting, hiring and retention without relying on “unicorn” candidates to wander in. – Download Infosec’s 2020 IT & security talent pipeline study: https://www.infosecinstitute.com/form/2020-hiring-study-report/ – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

A very special co-host joins today’s episode of Cyber Work! Infosec founder and CEO Jack Koziol stops by to meet Eric Milam and dig into BlackBerry’s work on a massive research project about the threat actor group BAHAMUT. Eric discusses how their research found connections within a group that targets everyone from Indian oil tycoons to Middle Eastern government officials, the key skills his research team needed to do the work, and what the dinner-table conversations are like when you’re aggressively pursuing a nation-state attack group.– Download the report, BAHAMUT: Hack-for-hire masters of phishing, fake news and fake apps: https://www.blackberry.com/us/en/forms/enterprise/bahamut-report – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastEric Milam is the VP of Research Operations at BlackBerry where he and his team track malware threats and threat actors. During his time at BlackBerry, he discovered and published the details of numerous emerging threats and malware variants actively being exploited in the wild. Prior to joining BlackBerry, Eric was a highly regarded penetration tester and frequent conference speaker, widely known for his red-teaming exploits.About InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

George McPherson, host of the “Blak Cyber” podcast, has an impressive background in IT and information security. On today’s episode, he discusses his cybersecurity journey, talks about his mentors and inspiration, and shares advice for learning cybersecurity and moving up the career ladder.– Get your free security awareness toolkit: https://infosecinstitute.com/ncsam2020 – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastWhen George McPherson was pulled through the ranks and pinned as a 21-year-old Sergeant in the U.S. Army over 20 years ago, he learned two things about himself. He could accomplish anything he put his mind to, and he would always pull others up if he was in a position to do so. George prides himself on integrity, an insane work ethic, attention to detail and (his greatest super power) outside-the-box creativity. With 25 years in the technology industry, the first 18 in telecom and the last seven in cybersecurity, George has had the opportunity to work in industries such as the military, telecom, local government, healthcare and electric utility.About InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

The amount of data organizations hold has exploded — along with the risk it poses. Today’s guest is Very Good Security CEO and co-founder Mahmoud Abdelkader, who wants to solve the problem of sensitive data by removing it from the equation (by replacing it with decoy data). It’s an intriguing idea as having less worry about data security frees resources up to focus on other areas of cybersecurity. Mahmoud talks about the future of data security, how these new solutions do and don’t help with privacy regulations, and what cybersecurity professionals can do to prepare for a future where the amount of data continues to grow every year.– Get your free security awareness toolkit: http://infosecinstitute.com/ncsam2020 – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastMahmoud Abdelkader is the CEO and co-founder of Very Good Security. He was previously CTO and co-founder of Balanced Payments (exited to Stripe). Prior to that, Mahmoud designed automated product matching systems at Milo.com (acquired by eBay) and built high-frequency trading systems for Wachovia Securities, now a part of Wells Fargo. With experience ranging from Wall Street to early-stage startups, Mahmoud is passionate about democratizing data security. He started Very Good Security to make best-in-class security and compliance attainable for businesses of all sizes.About InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

Bruce Hallas has a lot to say about security awareness and the fostering of security culture throughout an organization. His podcast, “Rethinking the Human Factor,” is now also a book, and he recently spoke at our Infosec Inspire Cyber Skills Virtual Summit. On today’s episode, Bruce talks about changing behaviors rather than setting rules, new ways to think about security awareness, and different industry and job search tips, particularly for those who want to get involved with cybersecurity in a totally non-technical capacity. – Get your free security awareness toolkit: http://infosecinstitute.com/ncsam2020 – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastBruce Hallas is an enthusiastic advocate, consultant, trainer and speaker in the field of information security awareness, behavior and culture. He has worked over 20 years as an information security manager, practice manager and consultant to lead and support positive change that helps organizations manage risk. As creator of the SABC™ (Security Awareness, Behavior & Culture) Framework, Bruce advocates the role of the human factor in information security through speaking engagements and his "Re-thinking the Human Factor" podcast and book.About InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

The story of today's guests is ripped straight from the headlines. Gary DeMercurio and Justin Wynn, both of the company Coalfire, were arrested at the Dallas County Courthouse while doing red team pentesting for the State of Iowa’s judicial branch. Their story is fascinating, and they discuss that fateful night as well as ways in which similar incidents could be avoided in the future. You can’t be too timid as a red teamer, they say. "If you're bragging as a red teamer about how you've never been caught, you're not pushing the operation as far as you should. You SHOULD be caught sometimes." – Get your free security awareness toolkit: https://infosecinstitute.com/ncsam2020 – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastGary DeMercurio runs one of the largest groups in Coalfire Labs as a Senior Manager working with technologies every day. His expertise focuses on social engineering, physical testing and network devices. At Coalfire, Gary manages day-to-day business involved with FedRAMP, PCI, HIPPA and penetration testing, while helping to spearhead the physical and social engineering portion of testing.As a Senior Security Consultant, Justin Wynn is responsible for actively compromising and reporting on virtual environments typically encountered at Fortune 500 companies. Justin performs wireless, physical, red team and social engineering engagements. Justin also conducts research to include the production of open-source models for printing/milling to aid in red team engagements, with specific regard to tool gaps in the locksport industry as well as master keys for access control/elevator overrides. Currently, Justin is researching security vulnerabilities in various RFID devices.About InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.