“When people come to Security and tell you everything they are doing, that’s a real win.” - James Allan-McLean    Allan is joined by James Allan-McLean, Group CISO at Soletanche Freyssinet and former Information Security Manager within the British military, to talk about his ‘Open Door Security’ method and the benefits of transparent, no-strings-attached approach to security. In this episode, Allan and James take a deep dive into this methodology and address questions such as:      -What is Open Door Security?     -What does a successful Open Door Security program look like?     -How to go about tackling security implications within your org      -The philosophy behind James’ ‘handrail’ metaphor Sponsor Links:  Thank you to our sponsor Axonius for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone Guest Bio: James is a highly effective and motivated information security leader with extensive experience in a range of sectors. He is a Group CISO at Soletanche Freyssinet and former Information Security Manager within the British military. Links: Stay in touch with James Allan-McLean on LinkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store  Continue this conversation on our Discord Listen to more from the Hacker Valley Studio and The Cyber Ranch Podcast

Allan is joined by Chris Hughes, CISO & Co-founder at Aquia and adjunct professor at UMGC, to talk about all things DevSecOps (Development, Security and Operations). They explore the DevSecOps phrase itself, as well as why security should be treated as an integral component and not a separate entity. In this episode, Allan and Chris take a deep dive into the subject and bring clarity to questions, such as:     -What roles help achieve security in DevOps?     -What are the cultural barriers to implementing secure DevOps?     -What are some common mistakes as well as best tips? Sponsor Links:  Thank you to our sponsor Axonius for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone Guest Bio: Chris Hughes is a proven Cloud/Cybersecurity leader with nearly 20 years of experience in both the Federal and commercial industries. Chris has a dynamic skill set, with a blend of IT, Cyber/Cloud Security and DevSecOps experience. He enjoys working across interdisciplinary teams to solve complex organizational and industry-wide problems to achieve technological transformation securely.  Additional Resources: Google SLSA framework: https://slsa.dev/ CSCRM – NIST Appendix F : https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdfOpen SSF – OSS Mobilization Plan: https://8112310.fs1.hubspotusercontent-na1.net/hubfs/8112310/OpenSSF/White%20House%20OSS%20Mobilization%20Plan.pdf?hsCtaTracking=3b79d59d-e8d3-4c69-a67b-6b87b325313c%7C7a1a8b01-65ae-4bac-b97c-071dac09a2d8 Sounil/Andy Debate: https://www.securityweek.com/video-civil-discourse-sboms Links: Stay in touch with Chris Hughes on LinkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store  Continue this conversation on our Discord Listen to more from the Hacker Valley Studio and The Cyber Ranch Podcast

Andy Ellis, CISO at Orca Security, is back for part 2 of this series on Board Reporting Metrics. In Episode 1, Andy and host Allan Alford addressed some of the most common questions posed by the board and shared their perspective on what the board needs to know from a cybersecurity standpoint. In this episode, they continue the conversation by fielding questions from LinkedIn on topics such as:     -Vulnerability and threat hunting metrics     -Top 3 metrics to report to the board and why     -Breach reporting implications and much more!  Check out part 1 of Board Reporting Metrics here Sponsor Links:  Thank you to our sponsor Axonius for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone Guest Bio: Andy Ellis is a visionary technology and business executive with deep expertise in security, managing risk, and leading an inclusive culture. A graduate of MIT and former US Air Force officer, Andy designed, built, and brought to market many of Akamai’s security products, leading the Fortune 1000 company from its start as a content delivery network into an industry powerhouse with a billion-dollar dedicated cybersecurity business. In his twenty year tenure, Andy led Akamai’s information security team from a single individual to a 90+ person team, over 40% of whom were women. In running Akamai’s security program, Andy designed systems, governed risk management, implemented policy, and supported go-to-market functions. Widely respected across the cybersecurity industry for his pragmatic approach to aligning security and business needs, Andy regularly speaks and writes on cybersecurity, leadership, diversity & inclusion, and decision making. Additional Links: Stay in touch with Andy Ellis on LinkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store  Continue this conversation on our Discord Listen to more from the Hacker Valley Studio and The Cyber Ranch Podcast  

In this episode, Allan is joined by the CISO at Orca Security, Andy Ellis, to share his thoughts on board reporting metrics. What does the board need to know from a cybersecurity perspective? One of the questions is often: “Are we secure?” Is that even the right question? How much should you talk about compliance? Do you speak of IT assets? What about speaking to specific controls? Listen to this episode to hear the common questions posed by the board and how to answer them with metrics. In some cases, it is teaching them to ask different questions. This episode is a master class in board communication in cybersecurity, and the conversation went into such depth that a Part 2 is already being planned. Check out Andy’s previous episode here Sponsor Links:  Thank you to our sponsor Axonius for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone Guest Bio: Andy Ellis is a visionary technology and business executive with deep expertise in security, managing risk, and leading an inclusive culture. A graduate of MIT and former US Air Force officer, Andy designed, built, and brought to market many of Akamai’s security products, leading the Fortune 1000 company from its start as a content delivery network into an industry powerhouse with a billion-dollar dedicated cybersecurity business. In his twenty year tenure, Andy led Akamai’s information security team from a single individual to a 90+ person team, over 40% of whom were women. In running Akamai’s security program, Andy designed systems, governed risk management, implemented policy, and supported go-to-market functions. Widely respected across the cybersecurity industry for his pragmatic approach to aligning security and business needs, Andy regularly speaks and writes on cybersecurity, leadership, diversity & inclusion, and decision making. Additional Links: Stay in touch with Andy Ellis on LinkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store  Continue this conversation on our Discord Listen to more from the Hacker Valley Studio and The Cyber Ranch Podcast

“Having a seat at the table doesn’t mean getting your way all the time. It means having a seat and I think that is very important to understand.” - Brent Deterding  In this episode, Allan is joined by the CISO at Afni, Brent Deterding, to explore how CISOs can earn and keep their seat at the executive table. Brent was a fan of the Learned Helplessness episode of The Cyber Ranch Podcast with Steve Mancini, and furthered the conversation as it relates to the often espoused topic of CISOs needing a seat at “the table.” Brent discusses the power of shifting your mindset, how lack of confidence has created a cycle of self sabotaging, and ways we can collectively improve our current standing.   Sponsor Links:  Thank you to our sponsor Axonius for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone   Guest Bio: Brent is an Executive CISO whose mission is to enable Afni and its global workforce to support their customers securely and confidently. Prior to being a CISO, for over 20 years, he was a security practitioner with a security vendor specializing in threat detection, incident response, and security strategy. His efforts helped hundreds of organizations detect, respond to, and mitigate attacks.   Additional Links: Stay in touch with Brent Deterding on LinkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store  Continue this conversation on our Discord Listen to more from the Hacker Valley Studio and The Cyber Ranch Podcast

“Knowing what’s in your software, in your organization, can help you quickly determine if you are impacted by a new vulnerability.” - Chris Castaldo  In this episode, Allan is joined by author and CISO, Chris Castaldo, to share his knowledge on Software Bills of Materials (SBOMs) and their potential implications and use. Chris explains the concept and purpose of SBOMs, his tips for signing and securing SBOMs in terms of the CI/CD pipeline, and his thoughts on SBOMs being a roadmap for “bad guys.” Lastly, he shares advice on managing and understanding contracts.  Listen to Chris Castado’s previous Cyber Ranch episode here and be sure to grab a copy of his book!    Guest Bio: Chris Castaldo is the author of “Start-up Secure: Baking Cybersecurity into your Company from Founding to Exit”. He is an experienced and industry recognized CISO with over 20 years of experience in cybersecurity. Chris is an expert in building cybersecurity programs from the ground up and specializes in applying cybersecurity in start-ups from seed to exit. He is also a Visiting Fellow at the National Security Institute (NSI) at George Mason University's Antonin Scalia Law School.   Links: Sponsored by our good friends at  Axonius Stay in touch with Chris Castaldo on LinkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store  Continue this conversation on our Discord Listen to more from the Hacker Valley Studio and The Cyber Ranch Podcast  

What would you do if you could build your security program from scratch?  In this episode, Allan is joined by the Head of Security at Fleet, Guillaume Ross, to talk about his time building out an innovative and out-of-the-box security program and the steps he took to make it all happen. Guillaume walks us through how he developed and maintained a serverless, container based environment, his tips for securing PCs and Macs within a serverless environment, and how to establish department and business buy-in and overall cooperation. Lastly, he details steps to ensure resilience in an ‘everything as code’ security model.  Some of what he builds might seem obvious – other parts will genuinely surprise you!    Guest Bio: Guillaume Ross is the Head of Security at Fleet Device Management. He likes securing organizations, clouds, products and more, by refusing to implement the same things that have been tried and failed thousands of times already.   Links: Sponsored by our good friends at  Axonius Stay in touch with Guillaume Ross on LinkedIn and Twitter Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store  Continue this conversation on our Discord Listen to more from the Hacker Valley Studio and The Cyber Ranch Podcast  

What are the security implications of cryptocurrency and NFTs and what do we need to know in order to transact safely? In this episode, Allan is joined by the Chief Security Officer at Kraken, Nick Percoco, to talk about securing the cryptocurrency and NFT spaces. Allan and Nick reflect on the events of the Mt. Gox bitcoin breach of 2013, address some of the most common misconceptions about crypto assets, and explore the biggest security challenges users and retail investors face when navigating the space. Lastly, Nick considers what cybersecurity lessons can be drawn from the security practices within the cryptocurrency ecosystem.   Guest Bio: Nicholas Percoco has more than 25 years of security & technology experience, and is the Chief Security Officer at Kraken - a global digital asset exchange - where he is responsible for Security, IT, Technical Project Management, Operational Resiliency and Engineering.   Links: Stay in touch with Nick Percoco on LinkedIn  Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at  Axonius

Allan is joined by the Vice President of Security at Code42, Tommy Todd, to talk about how the tech stack can “play well with others”. In this episode, Tommy takes a deep dive into exploring how APIs and automation can help solve our needs in cybersecurity – from incident response to the tech stack. The two discuss how to evaluate security products during a Proof Of Concept (POC) for integration capabilities and tips on addressing ROI concerns.   Guest Bio: Tommy Todd has over 20 years of cybersecurity experience, primarily focused on data privacy and data protection strategies. Prior to Code42, he served in security roles at Symantec, Ionic Security, and Optiv as well as many other firms. Throughout his career, he has acted as a leader, mentor, engineer, architect, and consultant to solve difficult data protection challenges.    Links: Stay in touch with Tommy Todd on LinkedIn  Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at  Axonius

Allan is joined by the founder and CEO of Living Security, Ashley Rose, to speak about her experiences as a female entrepreneur and leader in a male dominated industry. She details the story behind her non-traditional route into cybersecurity and how she leverages her unique skills and vision to disrupt and transform the community. Ashley shares how she overcomes bias and business challenges in the field as well as the inspiration behind her creative marketing strategies. Lastly, the two highlight the lack of diversity and representation in the space and give advice to young entrepreneurs and females in, and breaking into, cybersecurity.    Guest Bio: As the CEO of Living Security, Ashley has been the driving force behind the company’s rapid growth. Since its founding in 2017, Living Security has raised more than $20 million for growth and product development and accelerated revenue growth for three consecutive years. Ashley is also continually working to build a diverse and inclusive organization around the belief that the team should reflect the community at large.   Links: Stay in touch with Ashley Rose on LinkedIn  Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at  Axonius