Cyber Work

Today on Cyber Work, my guest is Raj Ananthanpillai, CEO of Trua, a company that is steeped in the current issues around digital credentials and data privacy. As you’ve no doubt heard, AT&T reported a data breach that compromised the personal information of approximately 7.6 million users! Ananthanpillai discusses Trua’s mission to leave data thieves holding an empty treasure chest, discusses his past work in creating TSA PreCheck and gives a bunch of great ideas and advice for making sure that you’re always thinking beyond your current position by learning and creating your way upward! All that, and a WHOLE bunch of vitriol at the industry-standard collecting of social security numbers, today on Cyber Work! 0:00 - Revolutionizing data privacy4:20 - How Ananthanpillai got into cybersecurity6:11 - Work as a cybersecurity CEO9:25 - Fast tracking in cybersecurity roles11:08 - Take your first steps in cybersecurity work13:01 - Founding Trua17:50 - New digital security protocols 21:10 - AT&T data breach27:03 - How to stay safe from data breaches29:58 - How to work in data privacy35:14 - Skill gaps in data privacy work37:05 - Best cybersecurity career advice38:26 - Learn more about Trua41:00 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Mark Toussaint of OPSWAT joins to talk about his work in securing operational technology, and specifically about his role as product manager. This is an under-discussed job role within security, and requires great technical expertise, intercommunication skills and the ability to carry out long term campaigns on a product from, as he put it, initial brainstorming scribblings on a cocktail napkin through the creation of the product, all the way to its eventual retirement. Learn what it takes to connect security engineering, solutions experts, project management, and more in the role of security product manager, and how OT security connects fast, flexible IT and cybersecurity with systems that, as Toussaint put it, might be put in place and unmodified for 15 or 20 years. It’s not that hard to connect the worlds, but it takes a specific skill set.0:00 - Working in operational technology 1:49 - First getting into cybersecurity and tech3:14 - Mark Toussaint’s career trajectory5:15 - Average day as a senior product manager in OPSWAT7:40 - Challenges in operational technology 9:11 - Effective strategist for securing OT systems11:18 - Common attack vectors in OT security 13:41 - Skills needed to work in OT security 16:37 - Backgrounds people in OT have17:28 - Favorite parts of OT work 19:47 - How to get OT experience as a new industry worker21:58 - Best cybersecurity career advice22:56 - What is OPSWAT25:29 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.  

Cyber Work Hacks knows that you have what it takes to pass the Certified Ethical Hacker (CEH) exam! And you don’t have to do it alone! Infosec’s CEH boot camp instructor Akyl Phillips gives you his top tips and tricks for taking the exam! Phillips breaks down the common formats for CEH questions, talks common mistakes people make while taking the exam and why it’s not the end of the world if you fail the CEH on the first time (especially if you do it with an Infosec CEH/Pentest+ dual-cert boot camp). As Phillips puts it, first you have to get to know the beast, and that will allow you to slay the beast! Sharpen your tools and get down to business with this Cyber Work Hack.0:00 - Certified ethical hacker exam1:42 - What is ethical hacking and the roles using it?2:46 - Tips and tricks for taking the CEH exam3:32 - Tools to have before the CEH exam5:09 - Common mistakes people make with the CEH exam6:11 - What if I fail the CEH exam? 7:02 - Will I get CEH exam feedback?7:49 - Best piece of advice for CEH exam day8:55 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, we’re talking about last September’s breach of the MGM Grand Casino chain, an attack that lead to a week of tech failure, downtime and over a hundred million dollars in lost revenue. The attackers were able to get in via a point that my guest, Aaron Painter of Nametag Inc, said is a common point of failure: the request for a password and credential reset from the helpdesk, and the ever-frustrating “security questions” approach to making sure you are who you are. Nametag is built to create an alternative to security questions and go beyond MFA to create a method of verification that is even resistant to AI Deepfake attempts! This conversation goes into lots of interesting spaces, including career mapping, the importance of diverse design teams and the benefits of security awareness training, plus you get to learn about an amazing piece of emergent tech!0:00 - A new method of online verification3:15 - First getting into cybersecurity and computers7:03 - Aaron Painter's work experiences 10:37 - Learning cybersecurity around the world11:32 - Starting Nametag16:25 - Average work week as Nametag CEO19:10 - Cybersecurity learning methods21:15 - The MGM cyberattack explained26:07 - MGM fail safes bad actors surpassed 29:26 - Security awareness training 31:35 - Are data breaches the new normal34:05 - How Nametag safeguards online data37:59 - AI deepfakes 40:19 - Using Nametag42:20 - How to learn AI deep fake defense44:14 - Design choices in digital identity 45:54 - Different backgrounds in cybersecurity 46:59 - Aaron Painter's favorite part of his work48:01 - Best cybersecurity career advice49:00 - Learn more about Nametag50:06 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work hacks can help you pass Cisco’s CCNA certification exam! But what if you think you’re not ready to make that jump? What would it take for you to jump into the study of the CCNA with both feet? Infosec’s CCNA boot camp instructor Wilfredo Lanz wants you to know that you can be ready to start the big learning a lot faster than you think, and tells us why some of his most entry-level students often do better on the test than their more established classmates. If the prospect of passing the CCNA on the first try got you fired up, well, that’s the point! Keep the excitement coming, and check out today’s Cyber Work Hack. 0:00 - Cisco's CCNA certification exam0:57 - Who enrolls in an Infosec CCNA boot camp2:50 - What should you know before studying for the CCNA?3:50 - What does a CCNA certified IT network professional do?6:42 - Ensuring you're ready to take on CCNA9:59 - How to gain networking experience11:39 - Become an IT and networking professional 12:50 - OutroLearn more about the CCNA: https://www.infosecinstitute.com/training/ccna/About InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, I’ve got a big guest for you. Jeffrey Brown, Faculty at IANS Research, is also the chief information security officer for, not a company, not for a healthcare organization, but for the entire state of Connecticut! Brown walks me through the scope and reach of a state-wide CISO, a country-wide move toward a “whole of state” strategy and, frankly, I spend an awful lot of time talking to Brown about where he finds the time to do all the things he does.0:00 - Being CISO of an entire state1:50 - Early interest in computer, tech and security5:17 - A communication background in cybersecurity7:31 - Cybersecurity career time management13:59 - Working as a CISO of a state15:45 - How to prepare for a CISO role at the state level18:51 - What does a CISO do for a U.S. state?25:50 - State cybersecurity approach27:41 - Cyber attacks and challenges states face32:00 - Is cybersecurity awareness a waste of time? 37:31 - Skills needed to work in cybersecurity for the state40:11 - Learning how to lead in cybersecurity43:20 - Favorite parts of state cybersecurity44:19 - Resources to improve cyber hygiene 46:14 - Best piece of cybersecurity career advice48:47 - Learn more about Jeffrey Brown49:33 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastThis is a very wide-ranging and inspiring episode – whether you’re slogging through cert study or hitting a wall trying to figure out your next career pivot, my talk with Jeff will absolutely give you a new perspective. Keep it right here for Cyber Work! About InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, we continue our deep dive into industrial control systems and operational technology security by talking with Donovan Tindill of DeNexus. Now, I’m just going to come out and say it: Tindill's episode is like a cybersecurity career seminar in a box, and a must-not-miss if you’re interested in not just ICS and OT security, but specifically the realm of Risk Assessment. Tindill brought slides and literally lays out his entire career for us to see, including the highs and even some of the lows, and what he learned from them. He explains the fuzzy distinctions between ICS security and the act of determining risk for said systems, gives us a 60 year history of the increasing attack surface and number or risk types associated with operational technology, and gives us tons of great career advice and ways to get started. 0:00 - Careers in operational technology2:01 - Donovan Tindill's interest in tech5:30 - Tindill's career roles in cybersecurity 10:42 - The jump to a supervision role13:19 - Average day for a director of OT cybersecurity 18:39 - Volunteerism with Public Safety Canada 22:57 - Tindill's talk on active directory a decade later23:43 - Current operational technology challenges29:26 - New SEC regulations 33:54 - Thoughts on the SEC regulations35:37 - How to work in OT, ICS or risk assessment40:34 - Skill gaps for OT, ICS and risk management 42:44 - Tindill's favorite work45:36 - Best cybersecurity career advice48:22 - What is DeNexus? 52:22 - Learn more about Tindill and DeNexus53:22 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks podcast want to help you pass the CCNA exam! So, for today’s hack, let’s talk boot camps. The CCNA is an intimidating exam, especially if you’re trying to go it alone, just you and your self-study book. That’s why I’d like to introduce you to Infosec’s CCNA boot camp instructor, Wilfredo Lanz! He will explain what the Infosec 5-day CCNA boot camp is like, the learning and memorizing strategies you’ll employ and how boot camp training can help you pass on the first try. Lanz helps his students with every networking question, and students who commit to those five intensive days will see significant results. 0:00 - What is a CCNA boot camp like? 1:40 - Boot camp training versus university6:37 - Do I need to bring anything to CCNA boot camp?7:23 - Take CCNA exam after boot camp8:25 - Advice for taking a CCNA boot camp9:46 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, we are talking operational technology, or OT, security with guest, Robin Berthier of Network Perception. From his earliest studies to his time as an academic researcher, Berthier has dedicated his career to securing the intersection between operational technology and network security, with some pretty imaginative solutions to show for it. In today’s episode, Berthier explains why modern OT security means thinking more about the mechanics of the machinery than the swiftness of the software solutions, the big conversation that infrastructure and ICS Security need to have about nation-state attackers (and finally are having!) and Berthier's best piece of career advice turns into some excellent thoughts on the importance of maintaining your network… and I don’t mean routing and switching!0:00 - Industrial control systems cybersecurity1:54 - How Robin Berthier got into tech3:38 - Majoring in cybersecurity 4:55 - Intrusion detection systems 9:18 - Mechanical and cybersecurity tools12:33 Launching Network Perception17:03 - Current state of ICS and OT infrastructure20:24 - Cyberattacks on industrial control systems28:35 -Skills needed to work in industrial control systems35:19 - Where are ICS security jobs?36:39 - Getting into local OT systems37:55 - Skills gaps in ICS39:21 - Best piece of career advice41:01 - Cultivating a work network43:28 - What is Network Perception?45:27 - Learn more about Robin Berthier45:58 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, our deep-dive into manufacturing and operational technology (OT) cybersecurity brings us to the problem of endpoint security. Tom Molden, CIO of Global Executive Engagement at Tanium, has been grappling with these problems for a while. We talk about his early, formative tech experiences (pre-Windows operation system!), his transformational position moving from fiscal strategy and implementation into his first time as chief information officer and talk through the interlocking problems that come from connected manufacturing devices and the specific benefits and challenges to be found in strategizing around the endpoints. All of the endpoints.0:00 - Manufacturing and endpoint security1:44 - Tom Molden's early interest in computers4:06 - Early data usage6:26 - Becoming a CIO10:29 - Difference between a CIO and CISO14:57 - Problems for manufacturing companies 18:45 - Best CIO problems to solve in manufacturing22:51 - Security challenges of manufacturing 26:00 - The scop of endpoint issues 33:27 - Endpoints in manufacturing security37:12 - How to work in manufacturing security39:29 - Manufacturing security skills gaps41:54 - Gain manufacturing security work experience43:41 - Tom Molden's best career advice received46:26 - What is Tanium 47:58 - Learn more about Tom Molden48:34 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.