Cyber Work

Today on Cyber Work, Jonathan Gill, CEO of Panaseer, joins me to talk about the stress-filled role of the Chief Information Security Officer. Jonathan notes that the most challenging part of a CISO’s role, especially the CISO of a large, complex company, is the lack of full view of the organization’s assets and points of vulnerability. Jonathan tells us how Panaseer is working to create a trusted and validated system of record to ensure accurate and good faith recording of actions, strategies, and decisions to accept or mitigate business risks. All this, and a discussion of the CISO as one of the story-makers in the C-suite, today on Cyber Work! 0:00 - Firing CISO's after cybersecurity breaches4:23 - First interest in cybersecurity and tech7:41 - Working with cybersecurity leaders across the world11:17 - International sales work19:12 - Stave off burnout as a CISO 28:20 - Notion of asset detection 32:06 - Culture of sacking CISOs 43:06 - Better CISO involvement 49:09 - Cybersecurity career mapping strategies57:13 - Learn more about Jonathan Gill and Panaseer59:09 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, I’m introducing you to Dr. Georgianna, or “George” Shea, the chief technologist at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation. Shea finds new and developing technologies and develops pilot programs for implementation in a variety of locales, including DoD, the government sector and critical infrastructure. We talk about Shea's first taste of security, learn what it’s like to be knowledgeable in several dozen connected security spaces rather than being the all-knowing authority in one (and the knowledge that outside of the dozens you know, there are hundreds more to learn) and we answer the burning question: “Why don’t any of my interns know what NIST is?” All this, and some more talk about the security of the U.S. water supply (because you know I’m never going to stop asking about that), on today’s episode of Cyber Work! 0:00 - Cyber resilience5:19 - George Shea's early cybersecurity interest6:41 - How has cybersecurity changed in two decades?8:53 - Learning cybersecurity in the early days14:22 - Chief engineer at MITRE21:00 - Work with the Foundation for Defensive Democracies28:48 - Technology's pace versus policy31:25 - Cyber-informed engineering34:02 - Cybersecurity on old systems35:29 - Cyber resilience and defense41:41 - Working in cyber resiliency 44:01 - Why do so few know what NIST is?48:36 - The current state of state security 54:33 - Best career advice56:11 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks are helping train the red teamers and blue teamers of tomorrow with our boot camps and study materials for the CEH exam. But how does ethical hacking proficiency translate into a satisfying career? Infosec’s CEH boot camp instructor Akyl Phillips has plenty of strategies to help you get focused and stay focused on your studies, some excellent tips for keeping on top of the latest security changes and innovations, and how you’re going to push past uncertainty and into the work of putting one foot in front of another in your quest to become a bona-fide, in-demand ethical hacker! Keep the enthusiasm up when you check out today’s Cyber Work Hack. 0:00 - Ethical hacker career1:57 - Testing for the CEH certification2:55 - Career paths to pursue with CEH certification5:08 - Working in pentesting or ethical hacking7:55 - Unglamours side of ethical hacking 9:49 - How to keep up with new tech11:39 - Switching careers to ethical hacking12:45 - Preparing for a CEH role interview13:23 - Don't fear a cybersecurity career15:03 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, I talked with Etay Maor, Chief Security Strategist with Cato Networks. Etay is a founding member of the Cato Cyber Threats Research Lab, or CTRL — see what they did there? — and he joins me to talk about their first CTRL report on attack patterns and methods. We’re going to talk about the most common attack vectors, why Log4J still rules the roost even against newer and flashier exploits, and we go deep into the many paths you can take to become a threat researcher, threat analyst, reverse engineer, and lots more. That’s all on today’s episode of Cyber Work! 0:00 - Intro4:10 - First interest in cybersecurity and tech5:15 - Becoming chief security strategist8:15 - Working in cybersecurity project management12:07 - Hacker targets and AI15:04 - The dark web and security access16:03 - The CTRL report in brief20:23 - Health care cybersecurity 22:49 - Different cyberattacks in different industries25:10 - Using security tools as a gateway27:03 - AI-enabled cyberattacks33:14 - Careers as a cybersecurity threat researcher36:09 - Figuring out where to specialize in cybersecurity41:31 - Important cybersecurity skills and experience45:58 - Hiring in cybersecurity49:30 - Future changes in AI and cyber tools55:38 - What is Cato Networks?57:13 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

How does a childhood curiosity turn into a groundbreaking career in identity and access management? Join us for an engaging conversation with David Lee, the Identity Jedi, as he recounts his fascinating journey from tinkering with computers as a child to becoming a sought-after expert in IAM. Lee shares the pivotal moments and unexpected opportunities that transformed his career, providing invaluable insights for anyone looking to break into the cybersecurity field. We explore the essential technical and soft skills that have propelled Lee to the forefront of his industry, along with his unique strategies for navigating complex IAM landscapes.0:00 - Identity Access Management (IAM)3:04 - First interest in cybersecurity 8:32 - Identity and access management cybersecurity 13:38 - Computer science and higher education 18:00 - Necessary soft and hard skills for IAM22:16 - Larger organizations and IAM24:21 - Defining identity in cybersecurity29:18 - Variety of identity ideas33:03 - African American representation in cybersecurity 38:28 - Cybersecurity equity41:33 - Financial inequity and working in cybersecurity48:35 - Cybersecurity solutions for more equitable hiring53:22 - Less racism in the tech industry 57:51 - Best piece of cybersecurity career advice59:13 - What is identity Jedi?1:00:04 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, Tom Siu, CISO of Inversion6, joins the podcast to talk about cyber diplomacy! As Siu says at the start of the show, the internet has no borders. It’s like water. There are pathways and choke points, but there is no ownership by any one country or entity. How does that influence international diplomacy? Siu discusses possible scenarios for the future of cyber diplomacy, and skills and backgrounds that make you a good fit for this work. This is a great episode for our job changers, especially as this work requires strong backgrounds from a variety of tech and non-tech careers, but as always, there’s lots to learn, no matter your skill level or background, on today’s episode of Cyber Work. 0:00 - Work in cyber diplomacy4:36 - First interest in cybersecurity7:01 - Learning by breaking8:58 - Working as a CISO17:44 - Reading and learning different job languages21:15 - Career and personal resiliency 25:42 - The impact of cyber on foreign policy35:14 - Working in cybersecurity foreign policy38:24 - The military and cyber diplomacy43:11 - Emerging trends in cyber diplomacy48:52 - Skills you need to work in cybersecurity54:20 - Best cybersecurity career advice56:12 - Learn more about Inversion659:25 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks are here to help you pass the CEH, or Certified Ethical Hacker exam. For today’s Hack, Akyl Phillips, Infosec bootcamp instructor in charge of the CEH/Pentest+ dual-cert bootcamp, walks us through four sample CEH questions, explaining the logic behind each answer and discounting the wrong ones with explanations, allowing you to reach the right answer in a logical and stress-free way. This episode is a real eye-opener for aspiring red teamers, so keep it here for this Cyber Work Hack! 0:00 - Mastering the CEH exam2:42 - Types of CEH exam questions3:32 - CEH exam question examples12:08 - Why a CEH boot camp is helpful 13:44 - How long is the CEH exam?14:37 - Best CEH exam advice15:18 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Zarik Megerdichian, the co-founder of personal privacy controller company Loop8, joins me in breaking down the recent Roku breach, which landed hackers a whopping 15,000 users' worth of vital data. Megerdichian and I discuss the failings of the current data collection and storage model while moving to a model in which biometrics is the primary identification method, coupled with a system of contacts who can vouch for you in the event that your device is lost or stolen. It’s another interesting approach to privacy and online identity in the age of the never-ending breach announcement parade.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Roku's data breach1:54 - First, getting into computers5:45 - Megerdichian's company goals9:29 - What happened during the Roku data breach?11:20 - The state of data collection14:16 - Uneccesary online data collection16:26 - Best data storage protection17:56 - A change in data collection20:49 - What does Loop8 do?24:09 - Deincetivizing hackers25:21 - Biometric account recovery30:09 - How to work in the biometric data field33:10 - Challenges of biometric data recovery work34:46 - Skills gaps in biometric data field36:59 - Megerdichian's favorite part of the work day37:46 - Importance of cybersecurity mentorship41:03 - Best cybersecurity career advice43:33 - Learn more about Loop8 and Megerdichian44:34 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, I’m very excited to welcome Debbie Reynolds, the Data Diva herself, to discuss data privacy. Reynolds developed a love of learning about data privacy since working in library science, and she took it through to legal technologies. She now runs her own data privacy consultancy and hosts the long-running podcast “The Data Diva Talks Privacy Podcast.” We talk about data privacy in all its complex, nerdy, and sometimes frustrating permutations, how GDPR helped bring Reynolds to even greater attention, how AI has added even more layers of complexity and some great advice for listeners ready to dip their toes into the waters of a data privacy practitioner career.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Data privacy3:29 - First, getting into computers7:46 - Inspired by GDPR9:00 - Pivoting to a new cybersecurity career12:01 - Learning different privacy regulation structures15:17 - Process of building data systems 17:41 - Worst current data privacy issue20:57 - The best in AI and data privacy22:15 - The Data Diva Podcast25:24 - The role of data privacy officer30:36 - Cybersecurity consulting36:21 - Positives and negatives of data security careers39:34 - Reynolds' typical day41:11 - How to get hired in data privacy48:38 - The best piece of cybersecurity career advice50:25 - Learn more about the Data Diva51:14 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and the Cyber Work Hacks podcast are here to help you pass the Certified Ethical Hacker (CEH) exam! So for today’s hack, we’re talking about bootcamps. The CEH exam, no matter how you slice it, is an exam that is the definition of the phrase, “It’s a marathon, not a sprint.” With 125 questions and four hours to answer them, there’s as much of a mental game at work here that’s much more than rote memorization of terms and tools. That’s why I wanted to get an insider’s look from Infosec boot camp instructor Akyl Phillips! Phillips will explain what the Infosec five-day CEH boot camp is like, the learning and retention strategies you’ll employ, and all the ways that bootcamp training can help you pass on the first try. Phillips has taught pentesters and red teamers at all levels from sheer beginners to people already in the field, and this episode is a look into how it works. Book yourself a front-row seat for another Cyber Work Hack. 0:00 - How to pass the CEH exam3:17 - What is a CEH boot camp? 4:02 - Things to know before the CEH exam5:30 - How does the CEH exam test practical skills?6:46 - The day-to-day of an Infosec boot camp11:08 - What is CEH exam day like?12:14 - Is a cybersecurity boot camp right for me?13:12 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.