Cyber Work

Dan Roberts, host of the “Tech Whisperers” podcast, and a mentor, coach and leader to CISOs and other tech-focused C-suite members for nearly four decades, is today's guest. We talk about Roberts' earliest work, including coining the term “Developing the human side of technology” all the way back in 1984, to spearheading the CyberLX program for CISOs and those aspiring to be. Roberts also provides a four-stage growth chart for CISOs that, quite frankly, scales well to just about any tech career and teases a very exciting guest on the “Tech Whisperers” podcast!0:00 - CISO's need leadership experience4:47 - How Dan Roberts got into cybersecurity and tech6:34 - What was tech like in the '80s?9:20 - Common difficulties as a CISO16:52 - What is CyberLX?24:10 - Joining CyberLX to become a CISO29:50 - How to become a CISO34:45 - Cybersecurity and soft skills38:05 - Skills needed in tech and security now 40:30 - Leading with the seven Cs43:00 - Start your CISO career journey 46:23 - Getting uncomfortable to evolve in cybersecurity47:49 - What is the Tech Whisperers podcast?52:06 - Tech for Good project54:18 - Exciting new projects for Roberts56:30 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Confidence Staveley of the CyberSafe Foundation and the CyberGirls program is today's guest. CyberGirls is a year-long cohort program in which women in Africa ages 18 to 28 can learn cybersecurity basics and create career tracks to fast-track these students into cybersecurity careers! Staveley tells us about the workings of the program, how she uses her YouTube channel to teach API security with food analogies and explains the origins of what is likely the first-ever Afrobeat song about security awareness!  This episode is as fun and inspiring as any I’ve recorded, so I hope you’ll tune in for today’s Cyber Work.0:00 - Cybersecurity training for women in Africa4:47 - How Confidence Staveley got into cybersecurity10:35 - What is the CyberSafe Foundation? 16:57 - What is the CyberGirls fellowship?21:30 - How to get involved in CyberGirls30:10 - Inspiring success CyberGirls stories43:11 - Keeping CyberGirls engaged46:31 - API Kitchen YouTube show52:00 - Cybersecurity initiatives in Africa59:27 - Advice for working in cybersecurity1:03:13 - CyberGirls' future1:05:20 - Learn more about CyberSafe1:07:22 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Ian Campbell, security operations engineer at DomainTools, is someone who has truly carved a niche out for himself in his organization and in the cybersecurity landscape as a whole. His blogs for the DomainTools website have provided paths for neurodiverse cybersecurity professionals and allies who want to make their organizations more friendly to neurodiversity to undertake the small changes to work roles and company culture that can net huge improvements for folks with different types of cognition, patterns of learning, concentration challenges, and yes, nurturable strengths! I’ve said it plenty of times here and I’ll say it again: cybersecurity is at its best when we’re all together, solving problems and creating solutions with our own diverse approaches. 0:00 - Neurodiversity in cybersecurity 4:00 - How Ian Campbell got into cybersecurity 6:50 - Cybersecurity journey15:33 - What does a security operations engineer do?18:37 - Chokepoints of security operations engineer role20:22 - Supporting people with neurodiverse work and learning25:50 - What hinders neurodiverse workers in cybersecurity? 30:17 - Altering work culture for neurodiverse workers39:00 - Neurodivergent traits suited for cybersecurity 42:05 - Benefits of neurodiversity in cybersecurity 48:41 - Promoting communication for neurodiverse workers52:36 - Positive policies for neurodivergent workers58:20 - Learn more about DomainTools1:00:00 - Learn more about Ian Campbell1:00:23 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Guest AJ Grotto is the William J. Perry International Security Fellow and founding director of the Program on Geopolitics, Technology and Governance at the Stanford Policy Center and Stanford University. Grotto has served in the National Cybersecurity Council under two successive presidents and brings decades of knowledge in international relations, policy and risk both to his students and to clients in his private sector consulting work. Grotto tells us about the current state of international cyber risk and response, gives his tips for students just getting started in international policy and why a suspicious-looking email took him away from the law profession and into the security space. 0:00 - National security cyber issues4:04 - How AJ Grotto got into cybersecurity7:10 - Grotto's work in the National Security Council10:25 - Skills used in the National Security Council14:35 - Working at Sagewood 17:00 - Global trends in cybersecurity19:00 - Economies down; cyber crime up? 20:17 - Cyber risk work at Stanford23:10 - Cybersecurity students at Stanford29:46 - How to take Grotto's class at Stanford31:25 - Federal Zero Trust directives34:49 - What to research for national security work38:09 - Important global cybersecurity topics40:06 - Learn more about Grotto, Stanford international policy41:07 - Outro   – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec IQ’s director of production, Steve Concotelli comes to us following years working in the movie and TV industry, and his ability to create and craft a great story is at the core of what makes Work Bytes the most award-winning security awareness series on the market! Learn more about Concotelli and the team’s ability to craft storylines with takeaways that stick, as well as the reasons why we create four different information delivery types to match the pace and time commitments of your workers. Maybe by the end, you’ll know which of the fantastical characters I mentioned at the start is most like you! Kick back and enjoy a few engaging minutes with this Cyber Work Hack. And take the Work Bytes Personality Quiz: https://infosec.involve.me/work-bytes-personality-quiz.0:00 - Film storytelling in cybersecurity 2:48 - How Concotelli moved from Hollywood to Infosec3:56 - What is Work Bytes?5:50 - Telling the story of Work Bytes7:47 - Balancing fun and info14:07 - What's new in Work Bytes?19:21 - Big goals for Work Bytes20:29 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Tomas Smalakys, CTO at NordPass, is today's guest. As our future seems choked with a never-ending need for new passwords of ever-growing complexity for everything we sign up for, Smalakys, along with some large tech organizations, is embracing a post-password future with a system of passkeys. What will it look like? How is it implemented? How will you be able to do this bleeding-edge work in the future? Tune in for today’s episode of Cyber Work and find out! 0:00 - The future of online passwords3:43 - Tomas Smalakys' start in cybersecurity8:40 - Managing software engineers15:33 - Chief technical officer at NordPass20:05 - The state of password security27:22 - Imperfections in two-factor security42:13 - How to know you've been compromised online47:55 - The passkey system1:02:41 - How to work in passwords and passkeys1:09:05 - Learn more about Smalakys and NordPass1:10:07 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Anna Claiborne from Zayo talks about the spike of DDoS attacks they saw in the past year. Although distributed denial of service (DDoS) attacks trend up nearly every year, new factors around advanced automation and ease of use may be driving the increase. Claiborne takes us back 20 years, when solutions to DDoS attacks involved trying the most far-out solution you could, often for the most far-out clients you could imagine! Seriously, I use the words “Wild West” to describe early security on a lot of episodes, but Claiborne really gives us some top-notch war stories. She’ll also let you know where to focus if you want to get started in telecom security, or any of near-infinite industries that would be impacted by telecom shutting down.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - AI and DDoS attacks 4:20 - How Anna Claiborne got into cybersecurity8:24 - Claiborne's cybersecurity experiences 14:10  - The changes in DDoS attacks16:55 - Current DDoS escalations 24:34 - Claiborne's role as a VP34:25 - Why DDoS attacks have skyrocketed38:32 - Why DDoS attacks are easier42:55 - How much is DDoS effective?44:24 - Tips for countering DDoS47:16 - Careers involving DDoS attacks51:09 - Acquire DDoS skills early56:19 - Learn more about Claiborne and Zayo57:48 - Outro About InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Oliver Tavakoli from VectraAI returns to the program to talk about – surprise! – AI! Having talked about Tavakoli's origin story on the past episode, we’re free to dig right into his main area of interest: the ways in which generative AI can be used by bad actors, whether introducing conflicting messages into GPT guardrail commands or escalating the nuance and complexity of fake-based social engineering attacks. We talk about long-term implications of this emerging tech opportunity, ways for new professionals to get comfortable with its requirements quickly, and Tavakoli lets us know what this “summer of AI” will mean for the coming years, and also why its endless innovation may cool for a few years, and that’s OK. 0:00 - Generative AI and bad actors 4:20 - Big changes for generative AI in 20207:11 - Example of an AI attack15:30 - AI as a tool versus an intelligence17:10 - Solutions with AI22:47 - How AI will affect cybersecurity careers32:18 - How does AI hurt your career? 38:40 - Job roles in cybersecurity that may become niche40:40 - The year of AI? 43:25 - How to talk about AI45:40 - What is VectraAI?48:25 - Learn more about Tavakoli and VectraAI49:30 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Dr. Heather Buker of 6clicks has been a technical SME in the cybersecurity field her entire career, and 6clicks has introduced Ask Hailey, an AI-based governance risk and compliance (GRC) tool that promises to move the work of GRC into a new era. Also on the show, Infosec’s vice president of portfolio product strategy and cybersecurity superstar Keatron Evans in a guest-host capacity! Buker, Keatron and I discuss the spaces in which governance risk and compliance can greatly benefit from AI/machine learning enhancement, the crucial need to prioritize the decision-making skills of humans over everything else and why seemingly disparate career roles and pivots can still lead you in the career direction you desire most. 0:00 - Ask Hailey AI4:17 - Heather Buker's start in cybersecurity6:40 - Security compliance migration work and more13:15 - Tasks of a chief customer officer18:40 - What is Ask Hailey AI? 23:00 - Challenges in risk assessment27:15 - Ask Hailey AI and GRC 38:05 - Advice to get into government cybersecurity42:50 - Advice for cybersecurity students44:50 - The big picture of AI53:00 - Learn more about Buker and 6clicks54:11 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Tara D. Anderson, managing director of Framework Security and an official member of the Forbes Technology Council, walks us through her journey, including her years in the world of finance, opens up about a traumatic event in her life that altered the way she learns and retains information and how her switch to IT and Cybersecurity was an ideal fit. From her days co-founding the consultancy firm Cognitive SLC, an organization whose founders were all neurodiverse, to Framework Security’s desire to make protection understandable to small charitable companies and organizations who couldn’t bounce back from hacking and theft, Anderson's ethos and vision, from work to the interview process, is a complete inspiration for anyone interested in bringing neurodiverse professionals into their organization. 0:00 - Neurodiversity in cybersecurity 3:46 - Getting into computers and tech9:46 - Revenue officer roles 15:20 - Getting into IT and security23:07 - Neurodiverse workers in cybersecurity 30:45 - Neurodiverse challenges in cybersecurity41:40 - Remote cybersecurity work52:03 - How to work in cybersecurity 56:34 - What is Framework Security?59:30 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.