
The Cyber Ranch Podcast
Ride the cyber trails with two CISOs (Allan Alford and Drew Simonis) and a diverse group of friends and experts who bring a human perspective to cybersecurity.
Latest episodes

Feb 1, 2023 • 34min
Developing and Fostering Good Leadership with Joey Rachid and Scott Moser
Joining Allan today are two folks who are passionate about leadership – not just practicing good leadership, but instilling good leadership in future generations. Joey Rachid is CISO in the ecommerce and financial services industry, is on advisory boards, has worked for the Big Four, and more importantly is a former US Marine (although all the Marines will tell you there is no such thing as a former Marine!)
Scott Moser is SVP and CISO at Sabre Corporation, has also been a CISO for Caesar’s (the gaming and hospitality company), and has held some very interesting military roles of his own. In a joint branches capacity, Scott has been a CIO in Alaska. For the US Air Force, Scott has been a Commander and an IT Director, all over the world. He has also worked for the Joint Staff in Washington, DC as a branch chief.
These two gentlemen speak about leadership holistically - how to exhibit excellent leadership yourself, how to train for good leaderships, and how to foster it in others.
Sponsor Links:
Thank you to our sponsor TrustMAPP for bringing this episode to life! The TrustMAPP solution gets you out of spreadsheets and slide decks and into managing, measuring and reporting on your cybersecurity with an all-in-one solution that combines cybersecurity frameworks, maturity, risk and business objectives and cross-references them to remediation costs. Find out more at https://trustmapp.com

Jan 25, 2023 • 32min
Are We Protecting People, Data, or Business? with Nipun Gupta
This week Allan is joined by Nipun Gupta, and industry veteran who has been a consultant, practitioner, vendor, advisor and investor.
The topic is "What are we really protecting in cyber?" and the nuances of that question are explored in depth - as well as the interrelationships.
Is "protect the business" a guardrail statement while "protect data and people" is the mission?
How do we tie protecting people to protecting the business? For the people? For the business?
How do we map data to the business mission?
How far do we go to protect data?
What about this new DevOps, application-centric world?
Enjoy this conversation! It's a lively one.

Jan 18, 2023 • 34min
Influences from Outside of Cybersecurity with Peter Schawacker
This week, Allan is joined by Peter Schawacker, CEO @ Nearshore Cyber, former CISO, advisor to MSPs, etc. Another one of Allan's illustrious guests with 25 years in cyber. (https://www.linkedin.com/in/schawacker/). The topic started as all that the two have learned outside of cybersecurity that has helped them in cyber. But it gets way more esoteric than that, and quickly. Detailed show notes and links are provided below because this show is all over the place!
02:11 Point MOOt, Texas: MOO-based virtual city with virtual economy, virtual stock market, various political models of governance and high preponderance of highly interactive bots used for practical and administrative purposes.
http://linguafranca.mirror.theinfo.org/9405/moo.html
https://archive.nytimes.com/www.nytimes.com/books/first/l/leonard-bots.html
04:49 A fast tour of the the age of the universe, Planet Earth, and humans' presence on the planet, industrial revolution and the Internet
05:45 The Annex BBS in LA
https://annex.net/about-us/
05:28 IRC
https://en.wikipedia.org/wiki/Internet_Relay_Chat
06:12 - Arthur C. Clarke - "Any sufficiently advanced technology is indistinguishable from magic."
https://lab.cccb.org/en/arthur-c-clarke-any-sufficiently-advanced-technology-is-indistinguishable-from-magic/
07:12 - Iranian refugees, educated folks who spoke 5 languages and had 4 passports
07:49 - Dungeons and Dragons
https://dnd.wizards.com/
08:05 - Life demands more of us than just having a job
08:16 - Karl Marx, Shakespeare, Julius Caesar, Poetry
08:43 - TI-99 4A and the BASIC language on the Commodore PET
https://en.wikipedia.org/wiki/TI-99/4A
https://en.wikipedia.org/wiki/BASIC
https://en.wikipedia.org/wiki/Commodore_PET
09:02 - Earthlink
https://www.encyclopedia.com/economics/encyclopedias-almanacs-transcripts-and-maps/earthlink-inc#:~:text=Earthlink%20Network%20was%20founded%20in,would%20be%20providing%20customer%20service.
09:24 - Tech Writing and List Making
09:41 - Running a SOC for Citi
10:20 - Jack of all trades and the value of curiosity and love, surprises and exploration
11:04 - There is no one cybersecurity - we don't even know what it is yet
11:40 - Cyber as nascent field with great opportunity to leverage other disciplines
13:02 - TOGAF and the CIO's organization and functions and the CISO reporting into the CIO
https://en.wikipedia.org/wiki/The_Open_Group_Architecture_Framework
14:02 - Nobody knows what a CISO does
14:39 - We can't have it both ways - to have a seat at the table we must own risk and have accountability. Authority can't exist without accountability.
15:13 - Do CISOs know how to buy stuff? Lack of budgeting process.
15:45 - Eff around and find out - security incidents - order out of chaos - crisis management
16:34 - Pen testing as games (game theory):
https://en.wikipedia.org/wiki/Game_theory
17:11 - The influence of playing music
18:48 - Wagner's invention of instruments
https://www.californiasymphony.org/2018-19-season/epic-bruckner/whats-a-wagner-tuba/
19:12 - The influence of getting sober
19:30 - Chuck Anderson - Best guitar teacher on the planet?
https://truefire.com/educators/chuck-anderson/e4187
19:45 - Dissonance and consonance; inverse ratio between complexity and power
20:17 - Entrepreneurial spirit in the music business and an illegal booking company
20:48 - Everything applies everywhere; metaphor and the origins of ideas
21:21 - Marx and Engels - revolutions get stuff done
21:43 - Rothko's artwork compared to The Ramones
https://en.wikipedia.org/wiki/Mark_Rothko#:~:text=Mark%20Rothko%20(%2F%CB%88r%C9%92,a%20Latvian%2DAmerican%20abstract%20painter.
22:14 - The subconscious produces genius; we are all geniuses
22:51 - The mathematical concept of Aleph-0 and George Cantor as inventor of discrete math
https://mathworld.wolfram.com/Aleph-0.html#:~:text=is%20often%20pronounced%20%22aleph%2Dnull,spelled%20%22aleph%2Dnought.%22
23:40 - Wittgenstein's refutation of Cantor despite computing being based on discrete math
https://en.wikipedia.org/wiki/Ludwig_Wittgenstein
24:05 - Divine revelation or bipolar disorder?
24:33 - "The Aleph" short story by Jorge Luis Borges
https://web.mit.edu/allanmc/www/borgesaleph.pdf
25:13 - "Weaving the Web" by Tim Berners Lee and Borges foreshadowing hyperlinks
https://www.amazon.com/Weaving-Web-Original-Ultimate-Destiny/dp/006251587X
25:51 - We need heroes - mentoring without heroes is not possible
27:08 - Learning from the masters in cybersecurity; maybe we will be in history books
29:42 - Gaining sobriety, learning to reach out for help - valuable in cybersecurity
31:10 - Raising children; paternalism and cyber careers
32:32 - Edward de Bono - Lateral Thinking
https://www.amazon.com/Lateral-Thinking-Creativity-Step/dp/0060903252
33:13 - "Flow" by Mihaly Csikszentmihalyi
https://www.amazon.com/Flow-Psychology-Experience-Perennial-Classics-ebook/dp/B000W94FE6

Jan 11, 2023 • 31min
Managing Careers with Luis Valenzuela
This episode is jam-packed with wisdom that is delivered at a rapid pace. Some folks will find themselves rewinding and taking notes. Luis Valenzuela, Director of Data Loss Prevention and Data Governance at InComm Payments, joins Allan Alford to talk about managing careers - how to manage your own, and, for leaders, how to help your team manage theirs. Topics include:
- Pivotal career transitions
- Is a plan _really_ required?
- Principles, foundations, and successful behaviors
- Practical steps and resources
- Is the power of envisioning enough?
- Tactical and other tips
Y'all enjoy this one, now!

Jan 4, 2023 • 1h 32min
100th Episode Call-In Special with 21 Guests!
To celebrate the 100th episode, Allan decided to let the audience participate in the show. 21 people called in and answered a wide variety of questions about cybersecurity. It is a fantastic show and it is very fun to hear all the different perspectives from folks who have just about every role in cybersecurity you can imagine:
00:00:58 - Brent Deterding - What can practioners do to show more love to vendors?
00:03:07 - Evgeniy Kharam - How important are soft skills in cybersecurity?
00:03:54 - Evgeniy Kharam - What are we doing wrong in cybersecurity?
00:05:17 - Andy Ellis - what are we doing right and what are we doing wrong?
00:07:15 - Nipun Gupta - What needs to happen to get cybersecurity practitioners to trust cybersecurity vendors?
00:10:29 - Brent Forest - What is the value of mentorship in cybersecurity?
00:13:48 - Heather Noggle - How do you get small organizations to take cybersecurity more seriously?
00:17:34 - Karla Reffold - What piece of advice would you give somone trying to get into cybersecurity?
00:19:16 - Will Lin - Where do you think this whole cybersecurity thing is headed?
00:22:37 - Jack Powell - What are we doing in cybersecurity that we should not be doing?
00:29:17 - Dutch Schwartz - What is missing in cybersecurity?
00:36:13 - Kevin Pope - What is your best piece of advice for those entering the cybersecurity field?
00:42:42 - Julian Cohen - How do we prioritize our defenses?
00:45:22 - Benjamin Corll - What do you love most about being in cybersecurity?
00:47:05 - Special Appearance by Chis Cochran and Ron Eddings of Hacker Valley Media
00:50:07 - Chris Patteson - How worried should we be about post-quantum cryptography?
00:54:03 - Peter Schawacker - What are we doing right in cybersecurity?
01:01:45 - Adrian Sanabria - What is it we are not doign in cybersecurity that we should be doing?
01:08:38 - Chris Foulon - Where is this whole cybersecurity thing headed?
01:13:52 - Claude Mandy - What are we getting wrong in cybersecurity?
01:18:25 - Gary Hayslip - What is the trend towards a data-centric security model?
01:26:17 - Kirsten Davies - What is going to change with threat intelligence in 2023?
01:30:58 - Special Appearnce by Dr. Ursula Alford (Allan's wife)

Dec 14, 2022 • 36min
Can We Even Measure Risk? with Andy Ellis and Chris Roberts - EXPLICIT
This is another "'E' for explicit" show as this one is another LIVE! show from the CISO XC conference in Dallas-Fort Worth. Why the 'E'? Because halfway through Allan Alford's conversation with Andy Ellis (CISO at Orca, Operating Partner at YL Ventures, former CISO at Akamai), Chris Roberts (CISO at Boom Supersonic) joins the stage with some fine whisky and his own clever takes on measuring risk.
Join Allan, Andy, and Chris as they deconstruct risk, extolling its virtues, and hopefully change the way you think about risk altogether. Is likelihood times impact valid? Is the 5x5 grid valid? What is plausibility vs. probability? Find out on this great LIVE! episode!
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Dec 7, 2022 • 28min
Is It Even Our Job to Make Them Care About Cybersecurity? with Yaron Levi
In this episode, Allan Alford plays Devil's advocate - challenging the practitioner community to refute the idea that we should quit trying to make the organization care and simply make suggestions and accept the organization's level of risk tolerance.
Allan posted this topic on LinkedIn and it created quite a buzz. The show features quotes from Simon Goldsmith, Kevin Pope, Malcolm Harkins, and others.
Listen to hear a deconstruction of this position, and hear some great arguments both for and against it. We'll give away the ending - the argument is ultimately refuted - but it is a great thought exercise and a wonderful journey getting to that conclusion. Hint: The show's ending is more apt than ever: "Ya'll be good now!"
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Nov 30, 2022 • 34min
Building Cybersecurity Community with Scott Schindler
Scott Schindler, veteran CISO, vCISO, and adjunct professor joins Allan at the ranch to talk about how to build, strengthen, participate in, contribute to and benefit from a cybersecurity community. Allan chose Scott for this show because of his incredible community focus and the high level of participation and engagement he demonstrates in his own career.
How can we, as privacy and security professionals, overcome our paranoia in order to build community?
How do we, as new members of cybersecurity, break into the community?
How do I start a local community?
How do we welcome others?
What is wrong with the cybersecurity community today that we need to fix?
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Nov 16, 2022 • 54min
Geopolitics, APTs and Cybersecurity with Dan Holden
Dan Holden, a 20+ year industry veteran, former vendor, and current CISO at Big Commerce joins Allan Alford at the ranch to talk about the BIG picture. Join them on this wild trail ride that goes as far back as the Monroe Doctrine of 1823, the pre-cursors to WWI, Regan-era cyber doctrine, cyber and modern warfare, lessons learned from the COVID economy (hint: GDP is now part of critical infrastructure), famous APT heists, modern global imperialism... This show ties these threads together into a forward-looking vision for cybersecurity that includes shifts in global prioritization of cybersecurity, federal regulations, and changes to the VC investment landscape. Saddle up and get ready for a wild ride!
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Nov 9, 2022 • 35min
3 Very Practical Tips with Duane Gran
This week Allan Alford is joined by Duane Gran, Director of Information Security at Converge Technology Solutions to discuss three different aspects of the CISO craft -- and to offer practical, concrete guidance on how to achieve the right outcomes:
Eliminating the culture of "No!"
Managing Third-Party Risk
Building a "No Blame" Culture
The common thread behind all of these themes is relationship building and goodwill - but the details are well worth the listen!
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.