The Cyber Ranch Podcast

This episode of the Cyber Ranch Podcast was recorded LIVE on stage at the CISO 360 Conference in New York City, hosted by Pulse Conferences. Nick Vigier, a seasoned CISO and former CIO, joins Allan in addressing the elephant in the room: Why don’t CISOs and CIOs don’t get along? Nick draws on his experience in both positions to share his unique perspective on the CISO and CIO relationship. In this episode, Allan and Nick highlight the operating differences between the two positions and explore the opposing interests that exist around topics such as budgets and reporting structure. Lastly, Nick shares why engaging in empathetic conversations around metrics, business impact, and risk management is the ultimate key to a more harmonious relationship.   Guest Bio: Nick is a technology and security leader focused on innovation to drive business results. In his 18 years of security leadership, he has focused on building high performance teams to ensure security is a business driver rather than a cost center. His focus on all areas of security ranging from physical security to risk management through to application security, infrastructure security, and operations gives him a unique perspective on how security can positively impact an organization.    Links  Stay in touch with Nick Vigier on LinkedIn  Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at  Axonius

This topic couldn’t be more relevant given recent events in the security community. Allan Alford is joined by Steve Mancini, CISO at Eclypsium, to have a refreshing conversation about the negative messaging, thinking, and tropes in cybersecurity - not just the stuff that the press says about us, or even the stuff we say about each other - but the self-defeating stuff we think and say to ourselves. Steve addresses the reinforcement of negative catchphrases and how it affects the psyche of the community and explores how burnout is creating a culture of sleepless nights and masochistic badges of honor. Lastly, they emphasize the importance of empathy and support within the community and remind us that humans are our greatest asset, not our weakest links. Guest Bio: Steve Mancini is the CISO at Eclypsium, former Deputy CISO at Cylance, and an advisory board member for several cyber companies. Links: Stay in touch with Steve Mancini on LinkedIn  Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at  Axonius  

There are numerous personality tests available to help identify personality traits, but many of them have very little scientific validity or reliability.  Such tests often aspire to explain what you are good at and what you are bad at, and miss the mark. In this episode, Allan is joined by his friend and owner of Rising Tide Security, Nick Vigier, to explore CliftonStrengths – a personality measurement that focuses less on ability, and more upon your predilections - what energizes you, and what and drains you - and with a pretty good degree of scientific validity and reliability. Nick and Allan explore what makes CliftonStrengths different from the other personality assessments and how Nick leverages that information to better understand his team and colleagues, and to help folks find the right role in cybersecurity. The two sit down to dissect Allan’s own assessment results to identify his top 5 energizers, as well as his top energy drainers. And lastly, Nick shares why he favors the idea of personality development plans vs professional development plans in the workplace.    Guest Bio: Nick Vigier is the Owner of Rising Tide Security and former CISO at ID.me, DigitalOcean, and former CIO at Gemini. Nick is a technology and security leader focused on innovation to drive business results. In his 18 years of security leadership, he has focused on building high performance teams to ensure security is a business driver rather than a cost center. His focus on all areas of security ranging from physical security to risk management through to application security, infrastructure security, and operations gives him a unique perspective on how security can positively impact an organization.    Links: Stay in touch with Nick Vigier on LinkedIn and Twitter. Take the CliftonStrengths assessment here Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at  Axonius

In the episode, Allan is joined by the Principal at Teknion Data Solutions, Paola Saibene, to bring clarity to an often misunderstood topic: data governance. Paola helps to distinguish the difference between data governance and data management, examines the intersection between data ethics and cybersecurity, and explores the best methodology for applying risk frameworks. Lastly, she takes time to express the importance of being people focused and “humanizing” cybersecurity.   Guest Bio: Paola Saibene is the Principal at Teknion Data Solutions, Former CISO, CEO, VP of Enterprise Risk Management, Data Privacy Officer, Strategy Officer, CTO, and CIO.   Links: Stay in touch with Paola Saibene on LinkedIn   Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at  Axonius

With a looming skills/people gap in cybersecurity and retention at an all time low, it begs the question: Where is everyone? In this episode, Allan Alford and guest Jessie Bolton sit down to discuss the elusive “Great Resignation” and how it is affecting the cybersecurity community. Tune in to get the answers to the questions we are all asking ourselves, like: why are people resigning, how has the pandemic shifted our perspectives on work and boundary setting, how is the “great resignation” impacting security organizations, and how can we attempt to solve this issue?   Links: Follow Jessie Bolton on LinkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at  Axonius

In this episode, Allan is joined by the President at National Security Corporation, Navy veteran, and host of the CISO Tradecraft podcast, G. Mark Hardy. This show takes a fascinating dive into the origins of data risk management, measurement, and quantification. G Mark explores the stories and advice given from some of the greatest leaders in this space – whose advice still rings true today.    Key Takeaways: 01:52  G Mark’s bio 06:43  FIPS-65 - the “grandaddy” of risk management 11:34  The ALE method, explained! 14:35  Oldies, but STILL goodies  18:12  A stroll down risk management memory lane 28:56  Revering “the greats” 37:22  What do you value and what’s your currency?    Links: Stay in touch with G. Mark Hardy on LinkedIn   Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at  Axonius

In this episode of The Cyber Ranch Podcast, Allan is joined by the CISO at Real Time Resolutions, Randy Potts. The two sit down to have a refreshing and raw conversation about the caretaking, responsibility, and code of ethics for CISOs - or lack thereof, and how to get back in touch with our “why” and mission.    Disclaimer: This episode briefly mentions pornography and gambling within an important and relevant context, and has therefore been categorized as explicit.    Key Takeaways: 01:43  Randy’s bio 03:08  Caring for “the people” 09:08  Stewards and custodians of data 14:10  Servant leadership 16:57  CISOs as caretakers 18:53  Doing the right thing 21:18  CISO code of conduct - or lack thereof 24:55  How do we fix this?  29:06  It’s nice to be nice   Links: Stay in touch with Randy Potts on LinkedIn   Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonis

In this episode, Allan is joined by David Belanger, CISO at Maxor National Pharmacy, to talk about the challenges of breaking into cybersecurity. David discusses the importance of establishing mentor/mentee relationships in the community, why building a personal brand and expanding your network is a must when finding work, and tips for newcomers looking to break into the field. Lastly, the two touch on the power of visualization and staying humble throughout your career journey.   Key Takeaways:  01:27  Bio & CISO life 02:57  Let’s define Mentor/Mentee 04:21  What makes cybersecurity mentorship unique? 07:10  Developing a long & short-term strategy  13:16  Mentors are essential 18:05  Formal vs. organic mentorships 22:10  Get out of your comfort zone 25:55  Advice for newcomers 30:15  Visualizing your success 32:00  Staying humble   Links:  Stay in touch with David Belanger on LinkedIn   Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius

In this episode, Allan invites Mark Butler, an Advisory CISO at TRACE3, to talk about tech stack rationalization and how to get the most out of your technology investment. Mark shares advice on everything from how to properly analyze, identify, and consolidate your tools, both in the stack and cloud environment, to coaching your application specialists on embracing change.    Key Takeaways 01:10  Bio 02:36  What is tech stack rationalization? 03:46  Where to get started 06:20  Evaluation - a 3 prong approach 08:08  The security architecture alignment 10:51  What about contractual obligations? 13:18  The “best of breed” strategy  17:37  Rationalizing the cloud  21:00  Data analysis - tooling, extraction, metrics 25:24  The 3rd party tool conundrum  27:50  The future of cloud rationalization  29:40  How to resolve tech overlap? 32:19  Embracing change 34:37  Mark’s advice on emotional intelligence     Stay in touch with Mark Butler on LinkedIn   Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius

In this episode, Allan is joined LIVE on stage at FutureCon Dallas 2022 by U.S Bank Senior Cloud Penetration Tester, co-author of The Pen Tester Blueprint, podcast host, and college instructor, Phillip Wylie. Phillip journeys into his past to share how he went from pro wrestler to pentester, gives writing advice to future authors in the field, explores the art of pentesting, and the best starter certifications for pentesters. Lastly, Phillip explores the best advice he’s ever received and the dangers of burnout.    Key takeaways:  01:27  Phillip's origin story - wrestling men and bears 03:04  The Pwn School Project 04:47  The Hacker Factory Podcast 06:55  Always a way to cyber 10:18  An opportunity to write 14:08  The Art of Pentesting 17:19  Getting square on terminology 24:42  The limitless child 27:25  The skinny on certs 30:23  Mentors 35:06  Back in the pentesting lab 37:14  When does threat modeling factor? 43:50  Coloring in purple   Follow Phillip Wylie on LinkedIn and Twitter Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius