Joining Allan today are two folks who are passionate about leadership – not just practicing good leadership, but instilling good leadership in future generations.  Joey Rachid is CISO in the ecommerce and financial services industry, is on advisory boards, has worked for the Big Four, and more importantly is a former US Marine (although all the Marines will tell you there is no such thing as a former Marine!) Scott Moser is SVP and CISO at Sabre Corporation, has also been a CISO for Caesar’s (the gaming and hospitality company), and has held some very interesting military roles of his own.  In a joint branches capacity, Scott has been a CIO in Alaska.  For the US Air Force, Scott has been a Commander and an IT Director, all over the world.  He has also worked for the Joint Staff in Washington, DC as a branch chief.  These two gentlemen speak about leadership holistically - how to exhibit excellent leadership yourself, how to train for good leaderships, and how to foster it in others. Sponsor Links: Thank you to our sponsor TrustMAPP for bringing this episode to life! The TrustMAPP solution gets you out of spreadsheets and slide decks and into managing, measuring and reporting on your cybersecurity with an all-in-one solution that combines cybersecurity frameworks, maturity, risk and business objectives and cross-references them to remediation costs.  Find out more at https://trustmapp.com

This week Allan is joined by Nipun Gupta, and industry veteran who has been a consultant, practitioner, vendor, advisor and investor. The topic is "What are we really protecting in cyber?" and the nuances of that question are explored in depth - as well as the interrelationships. Is "protect the business" a guardrail statement while "protect data and people" is the mission? How do we tie protecting people to protecting the business?  For the people?  For the business? How do we map data to the business mission? How far do we go to protect data? What about this new DevOps, application-centric world? Enjoy this conversation!  It's a lively one.

This week, Allan is joined by Peter Schawacker, CEO @ Nearshore Cyber, former CISO, advisor to MSPs, etc.  Another one of Allan's illustrious guests with 25 years in cyber.  (https://www.linkedin.com/in/schawacker/).  The topic started as all that the two have learned outside of cybersecurity that has helped them in cyber.  But it gets way more esoteric than that, and quickly.  Detailed show notes and links are provided below because this show is all over the place! 02:11 Point MOOt, Texas: MOO-based virtual city with virtual economy, virtual stock market, various political models of governance and high preponderance of highly interactive bots used for practical and administrative purposes. http://linguafranca.mirror.theinfo.org/9405/moo.html https://archive.nytimes.com/www.nytimes.com/books/first/l/leonard-bots.html 04:49 A fast tour of the the age of the universe, Planet Earth, and humans' presence on the planet, industrial revolution and the Internet 05:45 The Annex BBS in LA https://annex.net/about-us/ 05:28 IRC https://en.wikipedia.org/wiki/Internet_Relay_Chat 06:12 - Arthur C. Clarke - "Any sufficiently advanced technology is indistinguishable from magic." https://lab.cccb.org/en/arthur-c-clarke-any-sufficiently-advanced-technology-is-indistinguishable-from-magic/ 07:12 - Iranian refugees, educated folks who spoke 5 languages and had 4 passports 07:49 - Dungeons and Dragons https://dnd.wizards.com/ 08:05 - Life demands more of us than just having a job 08:16 - Karl Marx, Shakespeare, Julius Caesar, Poetry 08:43 - TI-99 4A and the BASIC language on the Commodore PET https://en.wikipedia.org/wiki/TI-99/4A https://en.wikipedia.org/wiki/BASIC https://en.wikipedia.org/wiki/Commodore_PET 09:02 - Earthlink https://www.encyclopedia.com/economics/encyclopedias-almanacs-transcripts-and-maps/earthlink-inc#:~:text=Earthlink%20Network%20was%20founded%20in,would%20be%20providing%20customer%20service. 09:24 - Tech Writing and List Making 09:41 - Running a SOC for Citi 10:20 - Jack of all trades and the value of curiosity and love, surprises and exploration 11:04 - There is no one cybersecurity - we don't even know what it is yet 11:40 - Cyber as nascent field with great opportunity to leverage other disciplines 13:02 - TOGAF and the CIO's organization and functions and the CISO reporting into the CIO https://en.wikipedia.org/wiki/The_Open_Group_Architecture_Framework 14:02 - Nobody knows what a CISO does 14:39 - We can't have it both ways - to have a seat at the table we must own risk and have accountability.  Authority can't exist without accountability. 15:13 - Do CISOs know how to buy stuff?  Lack of budgeting process. 15:45 - Eff around and find out - security incidents - order out of chaos - crisis management 16:34 - Pen testing as games (game theory): https://en.wikipedia.org/wiki/Game_theory 17:11 - The influence of playing music 18:48 - Wagner's invention of instruments https://www.californiasymphony.org/2018-19-season/epic-bruckner/whats-a-wagner-tuba/ 19:12 - The influence of getting sober 19:30 - Chuck Anderson - Best guitar teacher on the planet? https://truefire.com/educators/chuck-anderson/e4187 19:45 - Dissonance and consonance; inverse ratio between complexity and power 20:17 - Entrepreneurial spirit in the music business and an illegal booking company 20:48 - Everything applies everywhere; metaphor and the origins of ideas 21:21 - Marx and Engels - revolutions get stuff done 21:43 - Rothko's artwork compared to The Ramones https://en.wikipedia.org/wiki/Mark_Rothko#:~:text=Mark%20Rothko%20(%2F%CB%88r%C9%92,a%20Latvian%2DAmerican%20abstract%20painter. 22:14 - The subconscious produces genius; we are all geniuses 22:51 - The mathematical concept of Aleph-0 and George Cantor as inventor of discrete math https://mathworld.wolfram.com/Aleph-0.html#:~:text=is%20often%20pronounced%20%22aleph%2Dnull,spelled%20%22aleph%2Dnought.%22 23:40 - Wittgenstein's refutation of Cantor despite computing being based on discrete math https://en.wikipedia.org/wiki/Ludwig_Wittgenstein 24:05 - Divine revelation or bipolar disorder? 24:33 - "The Aleph" short story by Jorge Luis Borges https://web.mit.edu/allanmc/www/borgesaleph.pdf 25:13 - "Weaving the Web" by Tim Berners Lee and Borges foreshadowing hyperlinks https://www.amazon.com/Weaving-Web-Original-Ultimate-Destiny/dp/006251587X 25:51 - We need heroes - mentoring without heroes is not possible 27:08 - Learning from the masters in cybersecurity; maybe we will be in history books 29:42 - Gaining sobriety, learning to reach out for help - valuable in cybersecurity 31:10 - Raising children; paternalism and cyber careers 32:32 - Edward de Bono - Lateral Thinking https://www.amazon.com/Lateral-Thinking-Creativity-Step/dp/0060903252 33:13 - "Flow" by Mihaly Csikszentmihalyi https://www.amazon.com/Flow-Psychology-Experience-Perennial-Classics-ebook/dp/B000W94FE6

This episode is jam-packed with wisdom that is delivered at a rapid pace.  Some folks will find themselves rewinding and taking notes.  Luis Valenzuela, Director of Data Loss Prevention and Data Governance at InComm Payments, joins Allan Alford to talk about managing careers - how to manage your own, and, for leaders, how to help your team manage theirs.  Topics include: - Pivotal career transitions - Is a plan _really_ required? - Principles, foundations, and successful behaviors - Practical steps and resources - Is the power of envisioning enough? - Tactical and other tips   Y'all enjoy this one, now!

To celebrate the 100th episode, Allan decided to let the audience participate in the show.  21 people called in and answered a wide variety of questions about cybersecurity.  It is a fantastic show and it is very fun to hear all the different perspectives from folks who have just about every role in cybersecurity you can imagine: 00:00:58 - Brent Deterding - What can practioners do to show more love to vendors? 00:03:07 - Evgeniy Kharam - How important are soft skills in cybersecurity? 00:03:54 - Evgeniy Kharam - What are we doing wrong in cybersecurity? 00:05:17 - Andy Ellis - what are we doing right and what are we doing wrong? 00:07:15 - Nipun Gupta - What needs to happen to get cybersecurity practitioners to trust cybersecurity vendors? 00:10:29 - Brent Forest - What is the value of mentorship in cybersecurity? 00:13:48 - Heather Noggle -  How do you get small organizations to take cybersecurity more seriously? 00:17:34 - Karla Reffold - What piece of advice would you give somone trying to get into cybersecurity? 00:19:16 - Will Lin - Where do you think this whole cybersecurity thing is headed? 00:22:37 - Jack Powell - What are we doing in cybersecurity that we should not be doing? 00:29:17 - Dutch Schwartz - What is missing in cybersecurity? 00:36:13 - Kevin Pope - What is your best piece of advice for those entering the cybersecurity field? 00:42:42 - Julian Cohen - How do we prioritize our defenses? 00:45:22 - Benjamin Corll - What do you love most about being in cybersecurity? 00:47:05 - Special Appearance by Chis Cochran and Ron Eddings of Hacker Valley Media 00:50:07 - Chris Patteson - How worried should we be about post-quantum cryptography? 00:54:03 - Peter Schawacker - What are we doing right in cybersecurity? 01:01:45 - Adrian Sanabria - What is it we are not doign in cybersecurity that we should be doing? 01:08:38 - Chris Foulon - Where is this whole cybersecurity thing headed? 01:13:52 - Claude Mandy - What are we getting wrong in cybersecurity? 01:18:25 - Gary Hayslip - What is the trend towards a data-centric security model? 01:26:17 - Kirsten Davies - What is going to change with threat intelligence in 2023? 01:30:58 - Special Appearnce by Dr. Ursula Alford (Allan's wife)

This is another "'E' for explicit" show as this one is another LIVE! show from the CISO XC conference in Dallas-Fort Worth. Why the 'E'?  Because halfway through Allan Alford's conversation with Andy Ellis (CISO at Orca, Operating Partner at YL Ventures, former CISO at Akamai), Chris Roberts (CISO at Boom Supersonic) joins the stage with some fine whisky and his own clever takes on measuring risk. Join Allan, Andy, and Chris as they deconstruct risk, extolling its virtues, and hopefully change the way you think about risk altogether. Is likelihood times impact valid? Is the 5x5 grid valid? What is plausibility vs. probability? Find out on this great LIVE! episode! Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley  

In this episode, Allan Alford plays Devil's advocate - challenging the practitioner community to refute the idea that we should quit trying to make the organization care and simply make suggestions and accept the organization's level of risk tolerance. Allan posted this topic on LinkedIn and it created quite a buzz. The show features quotes from Simon Goldsmith, Kevin Pope, Malcolm Harkins, and others. Listen to hear a deconstruction of this position, and hear some great arguments both for and against it. We'll give away the ending - the argument is ultimately refuted - but it is a great thought exercise and a wonderful journey getting to that conclusion. Hint: The show's ending is more apt than ever: "Ya'll be good now!" Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley  

Scott Schindler, veteran CISO, vCISO, and adjunct professor joins Allan at the ranch to talk about how to build, strengthen, participate in, contribute to and benefit from a cybersecurity community. Allan chose Scott for this show because of his incredible community focus and the high level of participation and engagement he demonstrates in his own career. How can we, as privacy and security professionals, overcome our paranoia in order to build community? How do we, as new members of cybersecurity, break into the community? How do I start a local community? How do we welcome others? What is wrong with the cybersecurity community today that we need to fix? Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley  

Dan Holden, a 20+ year industry veteran, former vendor, and current CISO at Big Commerce joins Allan Alford at the ranch to talk about the BIG picture.  Join them on this wild trail ride that goes as far back as the Monroe Doctrine of 1823, the pre-cursors to WWI, Regan-era cyber doctrine, cyber and modern warfare, lessons learned from the COVID economy (hint: GDP is now part of critical infrastructure), famous APT heists, modern global imperialism... This show ties these threads together into a forward-looking vision for cybersecurity that includes shifts in global prioritization of cybersecurity, federal regulations, and changes to the VC investment landscape.  Saddle up and get ready for a wild ride!   Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley  

This week Allan Alford is joined by Duane Gran, Director of Information Security at Converge Technology Solutions to discuss three different aspects of the CISO craft -- and to offer practical, concrete guidance on how to achieve the right outcomes: Eliminating the culture of "No!" Managing Third-Party Risk Building a "No Blame" Culture The common thread behind all of these themes is relationship building and goodwill - but the details are well worth the listen! Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley