Howdy, y’all, and welcome to The Cyber Ranch Podcast! With us today is Patrick Benoit, Global Head of Cyber GRC, and BISO at CBRE. Patrick is here to talk about Data Risk Governance, a slightly new twist on an old problem. Like our host, Patrick is also from the Dallas-Fort Worth area of Texas. To start the conversation, Allan asks Patrick to share a little about himself, his background in information security and what he does at his day job. Patrick began his career in the military, eventually coming over to consulting and enterprise. He has built out more than one BISO program, and has run multiple GRC programs as well. Patrick has a customer-facing security role and believes that all security leaders are also, to some degree, sales leaders. Allan and Patrick walk through a very practical approach to Data Risk Governance, starting with 'big chunks' and working towards the future with data tagging. They discuss briefly various rules for dealing with older data and various means of risk measurement. Ultimately their model is designed to work over a three-year or five-year period, encompassing all data in the organiztion by that time. Key Takeaways 0:23 Allan introduces Patrck 1:36 Patrick shares his cyber background and his jay job 4:10 Patrick introduces his model of Data Risk Governance, which began as a sales/marketing tool and evolved into a "real" practice 5:59 Patrick introduces the precursors to setting up a proper Data Risk Governance program, which includes data classification among others 8:01 Allan explains how data disocvery and classification can be expensive and yet still only partially succesful 9:12 Patrick advocates his 'one bite at a time' method based at first on broad strokes of known valuable/risky data 10:45 Allan describes multiple data loss stories from his past 12:10 Patrick delineates in more detail the 'big chunks of data' method and his firewall analogy of allow/deny 13:23 Patrick notes that classification followed by tagging is a great approach 13:57 Allan proposes a new-data-only go-forward plan and Patrick agrees 15:56 Patrick talks about how the legal department owns data retention rules 17:30 Talks about how chat messages should be volatile 19:00 Allan proposes usese tagging to manage destruction and retention 21:00 Patrick notes that reducing risk by tagging some of your data is better than tagging none of it 23:30 Patrick discusses his model for quantifying risk vs investment as an 'orders of magnitude' problem with dollars as unit of measure 25:17 Allan proposes the car insurance model to counter Patrick's life insurance model 26:00 Allan talks about accurizing risk measurement and discusses briefly models like FAIR and Bayesian math vs. Patrick's orders of magnitude method 27:09 Patrick uses the 5x5 method not as a specific measurement but more as a visual aid and heatmap 29:11 Patrick explains what keeps him going in information security Links: Learn more about Patrick Benoit on LinkedIn and on Twitter Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius

Welcome to The Cyber Ranch Podcast, recorded under the big blue skies of Texas, where one CISO explores the cybersecurity landscape with the help of friends and experts! Today, host and CISO Allan Alford interviews Mike Manrod, CISO at Grand Canyon Education. Mike has done quite a bit of research on vishing, smishing and the upcoming STIR/SHAKEN legislation meant to combat those two. To start the conversation, Allan asks Mike to share a little about himself, his background in information security and what he does at his day job. Mike started as an IT technologist who orginally resented the security team for slowing down technology projects. Then a friend took him to a security conference, and the rest is history. Mike explains what vishing and smishing are, contrasting them to traditional phishing. Mike and Allan discuss personally targeted vishing and smishing vs. attacks targeted at organizations. Allan and Mike cover the new STIR/SHAKEN legislation and related RFCs, along with the technical limitations inherent in the approach. Finally, Allan asks Mike what keeps him going in cybersecurity, including technical challenges and a strong infosec community. Key Takeaways 0:24 Allan introduces Mike 1:05 Mike explains how he got into cybersecurity and what his daily CISO life is like. 2:48 Mike explains what vishing and smishing are. 3:32 Mike explains the unethical vishing vs. truly illegal vishing and how they might target an organization vs. an individual. 7:18 Mike explains how most smishing is targeted at individuals. SIM swapping and other techniques are generally what is used against enterprises. 8:00 Mike says that smishing is most often used to introduce malware or harvesting user credentials. 9:31 Mike says that smishing, vishing and robocalling definitely mimic the ransomware world where lower-level, even non-technical criminals run the front line of attack. 11:34 Mike compares STIR/SHAKEN to the anti-phishing technologies DKIM, DMARC and SPF. 11:49 Allan explains that those email technologies are opt-in and only effective if all parties choose to opt in. 12:31 Mike explains what STIR/SHAKEN stand for and how they work - they are based on a series of RFCs. 13:43 Mike explains the FCC June 30, 2021 deadline for IP-based carriers to adhere to STIR/SHAKEN. TDM and Cellular networks are asked to implement in good faith. 15:48 Mike says that STIR/SHAKEN is a great step in the right direction. The nature of the problem is that the 'from' value is user-controlled in telco communications. 17:29 Mike sas that an enforced heirachy of tokens will solve the problem ultimately. 18:15 Mike recommend RFC 7340 as the best definition of the problem statement for the telephony challenged end-to-end. 18:45 Mike explains how STIR/SHAKEN also impacts smishing - noting that iMessage and other SMS-derived technologies already offer better security than voice technologies. 19:29 Mike states that a paradigm with certificates bound to number ranges or account ranges is the real solution to the problem. 21:01 Mike explains that fun technical challenges are why he stays in information security - a lack of bordeom. 21:58 Mike also names community as another reason he stays in infosec. Links: Learn more about Mike Manrod on LinkedIn Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius

Welcome to The Cyber Ranch Podcast, recorded under the big blue skies of Texas, where one CISO explores the cybersecurity landscape with the help of friends and experts! Today, host and CISO Allan Alford interviews Gabe Lawerence, General Manager of Cyber Security Protection at Toyota Motor North America. Gabe has seen the good and bad of purple teaming, and we’re here today to discuss what a mature purple teaming organization looks like. To start the conversation, Allan asks Gabe to share a little about himself, his background in information security and what he does at his day job. His path to security hasn’t been linear - he has been a developer, an entrepreneur and a startup owner, slowly making his way to different levels of management in the security space. Gabe runs Enterprise Security at Toyota North America and is responsible for the technical side of the business and manufacturing environment. When discussing what successful purple teaming looks like, Gabe points to the heightened alert of fidelity being among its greatest benefits. Rather than a red versus blue mindset, purple teaming encourages community and collaboration. Then, Allan asks Gabe to share a specific time he found unexpected success in purple teaming. Gabe gives an example reiterating the advantage of having a red and blue team working collaboratively. In managing an enterprise, Gabe says there is always something changing. Validating your controls, alerts and responses are just a few of many tasks best tackled in smaller chunks. Embedding the automation from purple teaming as the ongoing environment keeps things in a high functioning state and serves as a persistent health check. Gabe explains how a buffer overflow isn’t exactly instantaneous and combatting lingering attacks. Though purple teaming has many great benefits, it requires a bit of maturity. Having different teams interact together as they mature ensures they understand each other's roles and can effectively work together. Gabe urges people in the industry to think of themselves not only as part of a specific team, but as a part of a broader collective. In the hiring process, he describes seeking candidates with experience in software development and scripting. Additionally, it’s crucial to be willing and excited to learn and have keen problem solving abilities. In closing, Gabe looks forward to working in server-less spaces like the Cloud in the future and says his favorite thing about his career field is that it never fails to offer something new. Key Takeaways 0:21 - Host Allan Alford welcomes listeners to the show and introduces Gabe Lawerence. 1:12 - Allan asks Gabe to share about his background and day job. 2:40 - What is successful purple teaming? 4:30 - Gabe shares both positive and negative personal experiences in purple teaming. 9:42 - How do you automate purple teaming? 14:11 - Fine tuning the deployment of the controls. 19:20 - How Gabe designs and hires for his team. 26:20 - What keeps Gabe in Information Security? Links: Learn more about Gabe Lawrence on LinkedIn Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at AttackIQ

In this episode, host and CISO Allan Alford interviews his friend Dutch Schwartz, Principal Security Specialist at Amazon Web Services. Dutch is a vendor, but do not press 'stop' just yet! Dutch is an empathetic outsider, an observor, and a constant learner and researcher. He brings some unique insights to our practice. Dutch talks about his encounters with CISOs and their direc staffs, and opines on the debate as to how technical a CISO should be (versus business-oriented). Allan and Dutch discuss healthy vs. unhealthy (Dutch prefers the term 'challenging') security cultures. Dutch talks about all security efforst aligning with business initiatives, and Allan espouses his theory that all CISO actions should ties to business initiatives, risk reduction, and maturity improvement. Dutch remains enthused about cybersecurity because of conversations like this very interview. Key Takeaways 1:32 - Dutch shares his cyber origin story - stumbling into cyber after a militiary career as an officer, and working an integrator for a VAR. 4:54 - Today Dutch works at AWS and supports the largest customers as a cloud security strategist, working with CISOs and their staffs. 5:47 - With Dutch's Fortune 50 customers, he meets wit the CISO on a monthly or bi-monthly basis, depending upon how hands-on the CISOs are. Daily he meets with the CISOs direct reports. 7:04 - Dutch explains that over the years the CISOs' have changed from a more technical bent to a more business and risk-management orientation. Some struggle with this growth. 12:15 - Allan describes his CISOs communication philosophy of "Business Terms First, Risk Terms Second, Technology Terms Third". 13:23 - Allan talks about CISOs asking each other whether they are more technical or business/softskills-oriented. 15:00 - Dutch says that how technical a CISO is depends partially upon risk tolerance. 18:02 - Dutch elaborates that a bad security culture results in more breaches. 19:18 - Dutch explains how a company's culture can be measured. 19:54 - Dutch says culture is not what the leadership preaches, but rather what the factory worker in a remote location believes it to be. 20:16 - Dutch says challenging cultures are the ones where leadership is not aligned. 21:53 - Dutch starts his conversations with his clients by talking first and foremost about business initiatives. 23:40 - Dutch often compares security to quality when getting his clients to understand the overarching perspective. 26:50 - Allan says all CISO initiatives should be tied to business objectives, reduction of known risks, and how his actions might improve maturity. 29:29 - Conversations like this one are what keeps Duth in information security. Links: Learn more about Dutch Schwartz on LinkedIn and Twitter. Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius

In this episode, host and CISO Allan Alford interviews his friend Chris Foulon, Sr. Manager of Cybersecurity at a leading fintech compnay, and co-host of the "Breaking into Cybersecurity" podcast. Chris has 15 years in information security, having started at the helpdesk years ago. His biggest desire in infosec is helping others. In his day job Chris gets to work with every part of the business. On the subject of the personnel shortage in cybersecurity, Chris believes that there is no shortage. Rather, he suggests that hiring managers limit their choices by holding out for too high an experience level, and by neglecting diversity and inclusion. His advice for those who are entering the profession is to combine experience, certifications and education as suited to themselves and the roles they are applying for. He suggests reserach and listening to podcasts like this one. Chris suggests finding a mentor has well. Chris and Allan discuss diversity, inclusion and allyship at length, going into such details as how job descriptions can discourage diverse candidates. Chris' motivation in cybersecurity is the fact that the industry is ever-evolving and always presents opportunities for creative problem solving. Key Takeaways 1:18 - Chris shares his history with cybersecurity 3:20 - Chris describes why he thinks there is no infosec personnel shortage 4:43 - Chris describes how to write a job description to generate more candidates 6:28 - Chris tells people with other backgrounds not to start over in cyber but to move in laterally and learnd the tech 8:02 - Chris explains how to get experience and subject matter expertise before you start you first job 12:35 - Chris talks about certifications 16:11 - Chris talks about including neurodiverse candidates 17:52 - Chris describes how hiring managers can clean their job descriptions to encourage diverse candidates 24:24 - Chris describes the benefits of mentoring 25:24 - Chris describes what motivates him in infosec 26:24 - Chris describes what he is looking forward to in infosec Links: Learn more about Chris Foulon on LinkedIn and Twitter. Chris' coaching site is CPF Coaching Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius

Today, host and CISO Allan Alford interviews friend and fellow CISO Gary Hayslip. Besides being a brilliant business leader, Gary is an author, mentor, and one of the best all-around humans Allan knows! To start the conversation, Allan asks Gary to share about himself and his background in cybersecurity. While he had a natural interest in computers and technology more generally, Gary’s formal entrance to the cybersecurity field came during his time in the military. He developed a love for security, and as he’s climbed within the industry in the years after his military service, he’s also developed a strong network as a colleague and mentor. Allan tapped into this shared community through one of its most-used platforms, LinkedIn, to find out what others in the field would most like to learn from Gary. The first questions deal with topics of leadership and training, and Gary explains his own practices of educating himself and his team. In his own life, he is committed to maintaining up-to-date knowledge of his rapidly changing field through research and reading; such knowledge is necessary if Gary is to lead as effectively as he can. Gary also provides opportunities for his staff to receive continuing education, and he does not worry that he might train employees beyond their roles. Rather, he embraces the privilege of partnering with his staff to see them succeed on their career paths. There is a lot that goes into Gary’s practice of crafting and leading a team, and the COVID-19 pandemic has caused him to make some coaching changes. One-on-one meetings and conversations about family are more frequent, but the emphasis on building team trust and leading team members to own the business strategy remain constant. Gary assigns team members to take the lead on and complete briefings for different aspects of the strategy, and also expects them to back each other up. This practice not only fosters ownership of business processes and development of employee skills, but also shapes the kind of culture Gary insists his team have. He requires team members to possess certain soft skills, be people of honesty who take personal responsibility, and be comfortable in team and group contexts. Gary tries to care for his workers by taking harder hours on himself than he expects them to work, but as the conversation wraps up, he explains that he is mainly motivated in his work by love for the community and people in the field! Key Takeaways 0:21 - Host Allan Alford welcomes listeners to the show and introduces Gary Hayslip. 1:08 - Allan asks Gary to share about his background. 2:08 - The first questions deal with continuing education for Gary and his team. 6:58 - How has Gary’s coaching changed because of COVID-19? 10:54 - What are Gary’s methods for helping his team take on pieces of his strategy? 17:55 - COVID-19 also raises new questions about work-life balance. 21:45 - The next question deals with how Gary develops team culture. 25:39 - What keeps Gary going in cybersecurity? Links: Learn more about Gary Hayslip on LinkedIn. Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius

In this show, host Allan Alford interviews Dr. Rebecca Wynn about information security decisions made during COVID and what the 2021 "reckoning" might look like. Dr. Wynn is a well-recognized CISO and Chief Privacy Officer, who faced some large-scale challenges during 2020. Allan welcomes Dr. Wynn to the cyber ranch! The show starts with Allan asking Dr. Wynn to introduce herself and to tell the listeners a bit about her background. Dr. Wynn has received quite a lot of recognition in the field. Allan and Rebecca Wynn share a wealth of connections in the CISO community, and both have consulted with numerous companies over 2020. This positions them to be able to talk to the broad spectrum of COVID-related actions and reactions taken during 2020. Moving workers to home all over the world resulted in an increased attack surface and increased privacy concerns as well. Security quesionnaires were on the rise, as were deeper investigations into PCI, SOC2, etc. report. COVID, in other words, really emphasized the supply chain risk posture. Allan and Dr. Wynn discuss the challenges and variety of preparedness for Zero Trust architectures - VPN, VDI, cellular dongles, taking desktop computers home, etc. Allan and Dr. Wynn talk about supply chain risk, contracts, penalties, and other facets of post-COVID third-party risk. To close the podcast, Dr. Wynn shares that she loves information security because of great companies out there who are forward-looking and paying real attention to security. Key Takeaways: 1:18 - Dr. Wynn tells the audience about her information security background and recognitions. 2:43 - Dr. Wynn had to move 10,000 people to work-from-home for COVID. 4:31 - Dr. Wynn tells her clients to check the PCI, SOC2, etc. reports in detail for their supply chain. 5:37 - Allan points out that supply chain questionnaires were on the rise due to COVID. 6:45 - Dr. Wynn elaborates on Zero Trust architectures deployed during COVID and states that Zero Trust is not "one and done". 8:20 - Dr. Wynn encourages her clients to really dig into the risk associated with the supply chain. 9:12 - Allan points out that the Solarwinds breach was really a post-COVID phenomenon in terms of its impact and how folks responded. 10:40 - Allan shares that some companies were not ready for Zero Trust at all vs. those who were so well prepared. 12:49 - Dr. Wynn encourages auditors to go back and visit their 3rd-party risk. 14:34 - Dr. Wynn points and Allan talk about the strength and significance of contracts in the cultures of various companies. 16:50 - Dr. Wynn tells her clients to attach assessments to the contract and asks for transparency. 19:40 - Dr. Wynn encourages her clients to ask their supply chain about end-of-life and end-of-service posture for the technical estate. 23:05 - Allan advocates that vendors have honest conversations with their customers to be transparent about what new risks COVID onboarded. 25:08 - Dr. Wynn predicts that 2021 will be the reckoning for companies who took shortcuts during COVID. 25:42 - Dr. Wynn loves working for forward-looking companies and loves working for the greater good. 26:48 - In Information Security, Dr. Wynn predicts growth and evolution and hopes for a real investment. Links: Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Learn more about Dr. Rebecca Wynn on LinkedIn. Sponsored by our good friends at Axonius

In this show, host Allan Alford interviews his friend Chris Castaldo about how to align information security with the business. Chris is the CISO at Crossbeam, and is also the author of the book "Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit", available for pre-order at Amazon. Chris, like Allan, views himself as a very business-oriented CISO. Allan welcomes Chris down to the ranch to discuss business orientation and alignment of information security in detail. The show starts with Allan asking Chris to introduce himself and to tell the listeners a bit of his background. Chris's book fills the void in books for founders that seemed to utterly lack any reference to cybersecurity. Allan recommends the book, as he was one of the lucky few to review the book before its release. But that is not what they are here to chat about today... Allan asks Chris what it means to be a business-oriented CISO - and what does it look like to NOT be a business-oriented CISO? Allan asks Chris how a CISO can affect both the bottom line and the top line as well. Allan and Chris discuss the nuances of that conversation in the context of business-to-consumer ("B2C") businesses vs. business-to-business ("B2B") businesses. Allan and Chris discuss the challenges of striking the balance between meeting the business' security needs and being agile enough to quickly respond to the dynamic and ever-changing nature of the business. To close the podcast, Chris shares that he loves information security because of its always offering something new, and because of it evolving towards a user-centric approach. Key Takeaways: 0:36 - Chris tells the audience about his security book for founders. 2:19 - Chris talks about his day job as CISO at Crossbeam. 3:08 - Chris talks about what it means to be a business-oriented CISO - it's mostly about understanding the rest of the business. 6:05 - Chris walks through how a CISO's impact to the top and bottom line varies for startups vs. mature businesses. 7:16 - Chris compares security aspects of a non-security offering to airbags in a car. 9:02 - Allan shares his past as a product security professional and how business-aligned product security in tech companies is. 12:00 - Chris compares B2C to B2B and how business-alignment for the CISO varies across the two. 14:41 - Allan talks about expectations of security vs. liability caps for failing to deliver it: B2B vs. B2C. 18:24 - Chris discusses how to enable security without putting the brakes on the business. 22:40 - Allan explains how some of his basic security controls that also accelerate the business. 25:17 - Chris explains why he loves working in information security. 26:21 - Chris is looking forward to user-oriented cyber security. Links: Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Learn more about Chris Castaldo on LinkedIn. Sponsored by our good friends at AttackIQ

Today, host and CISO Allan Alford interviews Omkhar Arasaratnam, a veteran of the cybersecurity industry, on the topic of supply chain security. With a career in security going all the way back to 2004, and with experience working for IBM and several financial institutions before becoming an Engineering Director at Google, Omkhar brings much hard-earned insight to the table! Looking to tap into that insight, Allan poses two questions for Omkhar. First, how would he characterize or define supply chain security and its implications? And second, how would he explain the SolarWinds breach and its fallout? Omkhar centers his thoughts on the SolarWinds situation, a costly breach in which hackers manipulated a code base and used it as a leverage point to gain access to high-worth targets. This attack required precision and focus, and is of the first public breaches; however, Allan and Omkhar imagine that there will be copycat attacks to come, and that the attack is a wake up call for all those with access to client data to step up their supply chain security. Both providers and consumers with a hand in supply chain security have a responsibility to tighten their controls. Supplier checks should be more frequent, software suppliers need to be very buttoned-down in how they control their entire build architecture, and those overseeing supply chain security need to carefully navigate the available vehicles for managing supply chain risk. These vehicles, including questionnaires, right to audit, open source/credit-check style tools, and GRC tools, all have benefits and drawbacks, and no company manages supply chain security perfectly. With a lot of sympathy for SolarWinds, though, Allan and Omkhar think that further work needs to be done in the cybersecurity space to bolster supply chain security measures. Omkar details his own “black box” idea, which he imagines would be a strong component of a more comprehensive security protocol. Allan explains how this comprehensive protocol could function, and while making such a system an international standard is far off, Omkar and Allan agree that there are tools in place for cybersecurity professionals to move toward a better system. There are issues of risk to weigh, myriad solutions to compare, and precursor tasks to address, but it’s time to get a conversation going that will ideally lead to change! Key Takeaways: 1:10 - Allan asks Omkhar to share about his background before jumping into the main topic. 1:53 - Allan has two questions for Omkhar. 5:09 - Consumers and providers have a responsibility to step up their game. 7:41 - The conversation shifts toward the vehicles for managing supply chain risk. 9:05 - What’s Omkhar’s take on the open source/credit score-style check? 11:55 - Allan and Omkhar turn to Omkhar’s black box idea. 17:22 - Omkhar thinks highly of Allan’s comprehensive approach, but there are obstacles. 21:50 - What are these obstacles, and what is the needed precursor work? 26:20 - As the conversation ends, Allan asks about Omkhar’s motivation and passion. Links: Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Learn more about Omkhar Arasaratnam on LinkedIn. Sponsored by our good friends at AttackIQ

In this show, host Allan Alford interviews his friend Will Lin about startups and venture capital. Will Lin is a venture capitalist with ForgePoint Capital, focusing exclusively on the information security space. First and foremost, Will views his current role as a way to help others. Allan welcomes Will on to the show to help his listeners learn more about the startup world, the venture capital world, and how those two intersect. The show starts with Allan asking Will why he thinks startups are such a prevalent force in the cyber security world. Will is not sure, but his hypothesis is that this is in large part due to the ever-changing nature of cyber security. Since needs are constantly changing and each organization has unique needs, startups have popped up to address those specialties and change based on the different needs that arise. His second hypothesis is that there always need to be organizations prepared to address new and emerging threats to security. For VCs, Will shares that companies and startups go through very natural progression in terms of maturity depending on their framework. Regardless, what it all boils down to is where in their life cycle any organization finds itself. Once the VC is able to identify where the company is in their life cycle, then they can begin to make informed decisions about the company. This will determine the type of funding that VCs will decide to provide. For example, usually when a company is around 10-20 members, they will be looking for series A funding. Typically, series A funding is around 10-25 million dollars, series B is 20-40 million and series C is 50 million and above. By evaluating the total of the investment, observers can estimate the valuation of the company. While most companies only do a few rounds of fundraising, some companies will experience several late rounds of fundraising and Will advises that this is typically a good thing. The best indicator of health is the number of employees. If the number of employees is going down, that is one of the clearest indicators of regression. Once a VC comes in, though, that is where they are able to lend their experience to help with advising the business, which is Will’s favorite part of his job. To close the podcast, Will shares that being able to help people and add value to their companies is the thing that keeps him energized and engaged in his position. Key Takeaways: 0:24 - Listeners are introduced to Allan Alford and his guest, Will Lin. 1:27 - Why do so many people in the security industry rely on startups? 3:29 - What does Will do in his job and how has his background led to his current role? 5:36 - From Will’s perspective, what is the critical split between the first round of angel funding 9:33 - What is the expectation for funding in each different series of investments? 15:19 - What does the VC ownership look like from the perspective of the company? 21:22 - Does Will offer specific advice to the startups that he works with? 24:00 - What is Will’s opinion on startups that grow without any assistance from VCs? 25:48 - What keeps Will energized in his job? Links: Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Learn more about Will Lin on LinkedIn. Sponsored by our good friends at Axonius