OODAcast

Ric Prado has been described by CIA leadership as the closest thing to 007 that the United States has ever had. Ric's life is packed with more adventure and operations than your favorite spy novel series. Coming out of the shadows, this is Ric's first video interview and covers his career, operational decision-making lessons learned, why we need a next generation of CIA agents, and we even dive into some more obscure topics like CIA knife fighting and how he came to train the King of Jordan. Arriving in the United States as a Peter Pan refugee from Cuba, Prado dedicated himself in service to his county in many capacities that culminated professionally with a 24 year career in the Central Intelligence Agency (CIA). During his tenure at the CIA, Ric was involved with dozens of operations including spearheading the CIA's operational response to 9/11 as the Director of Operations within the CIA's Counterterrorism Center. For this response he worked with the National Security Council and FBI, as well as with elite U.S. military representatives from Delta Force and SEAL Team Six. Earlier in his Agency career his service included 36 months in Central America jungles as the first CIA officer living in the anti-Sandinista "Contra" camps and Subsequently running counter-terrorism/insurgency operations in Peru and in the Philippines. He has also held operations officer posts in six countries and was a plank-owner of the CIA's original bin Laden desk in 1996. Upon leaving public service, Ric worked at as an executive at a Private Military Contractor where he built a specialized operations team for a U.S. government customer and is currently the co-owner of Camp-X Training and continues his service training and supporting the "SPECOPS" Community as Subject Matter Expert (SME) at the SWCS' ASOT (Advanced Special Operations and Techniques) and ASOT Managers Course, Dragon Warrior, Emerald Warrior, among others. Additional Links: Ric's Bio CampX training

In this OODAcast, Bob Gourley and Matt Devost discuss Matt's picks for the Top 10 Security, Technology, and Business Books of the year. Now in its 5th year, Matt's top ten book list is one of the most popular posts of the year and we look forward to interviewing several of the authors on OODAcast in 2021. Also see the full write up of the Top 10 list here: https://www.oodaloop.com/archive/2020/12/07/top-10-security-technology-and-business-books-of-2020/

In this OODAcast we interview Michel Kwon, the founder and CEO of W@tchTower. She is a leader who has proven herself through an ability to success in three different career fields, first as a developer and programmer creating enterprise grade solutions, then as a government executive who would eventually lead the United States Computer Emergency Readiness Team (US-CERT)during a critical period in its transformation, and now as an entrepreneur and CEO adding value to enterprises seeking to reduce risk and improve cybersecurity posture. We discuss Michel's foundational story and extract lessons relevant to those starting a career today, and also dive into how she leveraged her technical skills and desire to create into a winning presentation of a new type of WiFi antenna at Defcon. This event would prove to be pivotal for her next career in the Department of Justice, and makes a clear point of use to any who may be seeking opportunities to switch careers (her focus on continued learning and intention to always be herself were at play here). We also discuss her government career and lessons learned for any professional government who would like to advance and make bigger differences for the nation.  There are also lessons from Mischel's story for any leader who needs to motivate action across organizations when you are not in command. Her approach was to provide threat briefings and visions for the future that would motivate other leaders. This may be the only way that works on cross organizational efforts like those she had to lead. She also provides eye-opening anecdotes about the importance of knowing the rules (in her case, including the Constitution and the laws in place for how we protect privacy). She shares lessons and recommendations that flow from this for any commercial cybersecurity professional as well. As CEO of W@tchTower she has led the firm from its formation to a highly performing value adding partner for any business which is in need of a security operations center (SOC) or with a need to improve current SOC operations. Watchtower provides the technology, guidance and expertise to enable security operations and mitigate problems of too much data, disorganized processes, overworked analysts and hard to measure metrics. Additional Resources W@tchTower Mischel Kwon on Linkedin OODA Research Reports: Cyberwar Was Coming: A Reflection on the 25 Year Old Thesis that Predicted a Generation of Cyberconflict “You’ve got to read what this kid is writing out of his basement at the University of Vermont…” – recently retired CIA officer to intelligence and military colleagues in 1994. A candid 25 year retrospective on a thesis that launched a tremendous amount of dialogue and action on the issues of information warfare, cyberterrorism, and cybersecurity. See: Cyberwar Was Coming: A Reflection on the 25 Year Old Thesis that Predicted a Generation of Cyberconflict Deception Needs to be an Essential Element of Your Cyber Defense Strategy In the cyber defense community, we talk about a wide-range of risk mitigating technologies, strategies, and activities.  We talk about attacker deterrence and increasing costs for the attacker.  We invest in endpoint agents, threat intelligence, DLM, and other mitigating technologies on a daily basis. Here’s why one of the most compelling emerging use cases for increasing attacker costs is through the use of deception. For more see: Deception Needs to be an Essential Element of Your Cyber Defense Strategy Traveling Executive’s Guide to Cybersecurity: Traveling executives are frequent targets for cyber espionage. This report provides guidance for executives and their security teams on how to protect their information and technology while on the go. Produced by OODA co-founders Matt Devost and Bob Gourley, the report provides best practices, awareness of threats, and a deep understanding of the state of technology. A tiered threat model is provided enabling a better tailoring of actions to meet the threat. For more see:  OODA Releases a Traveling Executive’s Guide to Cybersecurity

Juan Enriquez has succeeded as a businessman, academic, author and lecturer. For those who might not have met him via any of his many appearances and presentations, he can be succinctly described as an authority on the economic and political impacts of life sciences and a thinker able to help frame the much needed discussions we all need to have on ethics. He serves on the discovery council at Harvard Medical School and was the founding director of Harvard Business School’s Life Sciences Project. He are currently the managing director of Excel Venture Management, a life sciences VC firm. OODA is a community of practitioners so we want to underscore that he doesn't just write and talk about tech, he founds and leads companies that create tech, including the firm that made the world’s first synthetic life form. His many books have all stood the test of time. The now 20 year old "The Future Catches You" is a very prescient look at the world of biological sciences is still a good introduction to the field. The book lead to an important conclusion, that the many changes in the biological revolution will fundamentally alter everyone's relative economic status and life expectancy and this will have consequences because only a few understand what is coming. He offered motivation to improve our collective ability to adopt and adapt to the coming era though agility in ethical, political and economic actions. His 2005 "The Untied States of America" provided a new framework for looking at the many economic, political and social dynamics underway in North America and started frank discussions on where polarization and its dynamics were taking us, providing motivation to mend existing rifts when possible. The book is now important foundational reading for anyone who wants to understand our collective situation. It is also a good reminder that just because something has not changed in a while does not mean it will endure forever. His book Evolving Ourselves takes on the fact that the old ways of evolution, driving by natural selection, is not the driver it used to be. Business leaders today need to understand that artificial selection and proactive engineering of life are forces in our new reality. His latest book, Right/Wrong: How technology transforms our ethics, makes it clear that technology advancements are connected to how humanity interprets and applies judgement on what is right and wrong. Technology changes ethics. So now in an age of exponential change in technology, we need to understand and prepare for exponential changes in ethics. Leaders in business and government, as well as citizens, need to understand this will cause issues that disrupt markets and even our legal system. In the past, right and wrong and justice was something we tried to code into our laws. Laws already can’t keep up with changing tech and ethics. What will happen to our legal system when changes in ethics goes exponential? In this OODAcast, Juan provides his personal context and useful mental models business leaders can put in place to anticipate how these many changes can impact business. For more see: Excel Venture Management Right/Wrong: How technology transforms our ethics The Executives Guide to the Revolution in Biological Sciences

Masha Sedova is an award-winning people-security expert, speaker, and entrepreneur focused on helping companies transform employees from a risk into a key element of defense. She has been a part of our OODA Network for years, including speaking at our legacy FedCyber event, where she introduced the behavior-based and gamified cybersecurity training and awareness she put in place at Salesforce. She is the co-founder of Elevate Security delivering an employee-risk management platform that provides visibility into employee risk while motivating employees to make better security decisions. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Masha has been a member of the Board of Directors for the National Cyber Security Alliance and regular presenter at conferences such as Black Hat, RSA, ISSA, Enigma, OWASP and SANS. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners, and customers. The scope of her work ran the gamut from general awareness such as phishing and reporting activity to secure engineering practices by developers and engineers. In addition, Masha is a member of the Board of Directors for the National Cyber Security Alliance and a regular presenter at conferences such as Blackhat, RSA, ISSA, Enigma, and SANS. Other Resources: Masha Sedova on LinkedIn: https://www.linkedin.com/in/mashasedova/ Elevate Security: https://elevatesecurity.com OODA Network Interview with Masha FedCyber Interview with Keynote Speaker Masha Sedova RSA Innovation Sandbox Finalist Presentation

In this OODAcast, OODA Network Expert Jen Hoar interviews noted cybersecurity and intelligence professional Bob Gourley, CTO of OODA LLC, diving deep into what makes him tick. Jen asks Bob about his career, including the constants and dynamics in his professional life, starting with a deep background in operational intelligence as a naval intelligence officer. She explores his strengths and weaknesses and how he makes decisions in domains of overwhelming information. Jen asks Bob for advice for others on ways to keep learning. A key point underscored by Bob was how organizations need to find balance between the use of technology for collection and analysis and humans for collection and analysis when it comes to understanding complex situations. Lessons on writing and how it can help a career are also examined. Jen pulls stories from Bob he has never publicly revealed, including insights into how operational intelligence drove decisions in many joint and naval operations, and how those related to the business world today. Bob's anecdotes make it clear, "Great leaders thrive on intelligence and they take action on it." For more see: OODA LLC: Providing due diligence and cybersecurity services An Executive’s Guide To Cognitive Bias in Decision Making: Important insights into how human bias can impact decisions A Practitioner’s View of Corporate Intelligence: An overview of what a comprehensive program entails Optimizing Corporate Intelligence: Ways to get the most out of your efforts to gain decision advantage through intelligence Useful Standards For Corporate Intelligence: There are so many ways standards can help but the wrong standards can degrade your intelligence efforts.

Like many others we have observed first hand the positive changes in the cybersecurity community being enabled by Mari Galloway. In this OODAcast we look beyond those changes to find out what makes her tick, revealing lessons applicable to professionals in any stage of their career. Mari is the CEO and a founding board member for the Women's Society of Cyberjutsu (WSC), one of the fastest growing 501c3 non-profit cybersecurity communities. WSC is dedicated to bringing more women and girls to cyber and does so by providing its members with the resources and support required to enter and advance as a cybersecurity professional. Mari is a practitioner herself with an academic background in technology, multiple certifications, and, more importantly, years of direct hands on experience in mitigating risk and enabling the smooth functioning of enterprise operations. She began her cyber career with Accenture where she excelled as a Network Engineer, and also worked at several government agencies, in the casino industry, and now in the cybersecurity platform community. Her experience spans network design and security architecture, risk assessments, vulnerability management, incident response and policy development. Mari is also the inaugural ISC2 Diversity Award winner for 2019. In this OODAcast we discuss: The Women's Society of Cyberjutsu and how businesses and individuals can get involved. We also discuss the niche of technical hands-on experiences that WSC focuses on. The Wicked6 Cybergames eSports event during Blackhat and Def Con, which turned cybersecurity into a spectator sport. Her background and how she seeks to find balance between academic training (which she continues), training/certifications (which she pursues with vigor). This discussion brings out a character trait that also applies across her work and leadership of WSC, persistence. The foundational story behind WSC. The society was started out of a need for more hands on training. The fist workshop was a fast track to linux mastery session. Other workshops followed, including sessions on reverse engineering. WSC has now expanded nationwide as a community and offers a wide range of courses including sessions that help young girls learn and grow and also help those who already have a career. As an example, she mentions Recorded Future was just brought on as a sponsor, which lets them support the cause and also gives them exposure to great upcoming talent. Mari's approach to leadership and decision-making (her approach at WSC and as a practitioner is a collegial one, but focused on results and benefits to others). Her view of the cyber threat today and in the near future (which includes more of the social engineering and phishing threats that play to our emotions). Ransomware and insider threats are also still growing.

Jerry Davis has spent decades succeeding in hard jobs supporting critically important missions. He is a decorated combat Veteran who served in he US Marines for 11 years including in Operation Desert Storm/Desert Shield. He also served in the Central Intelligence Agency in service to world wide missions including leveraging technology in denied areas against high profile targets.  Jerry would later become the first CISO at the US Department of Education, then the CISO for NASA and later the CISO for the Department of Veterans Affairs.  He returned to NASA as the CIO for the Ames Research Center, a position he held till 2018. Jerry currently provides strategic consulting and design assistance focused on mitigating risk to mission critical programs and activities, including some of the most interesting activities humans are planning on conducting in space. This OODAcast we ask Jerry about his approaches to leadership and management, what motivated him to pursue the hard jobs, and how his early times in the field with the CIA helped him throughout his career (he learned to be a really good critical thinker, and also credited the fact that he learned by being exposed to many different cultures, all of which translated well to the cyber world).  Jerry clearly has a fond place in his heart for intelligence and the community, and makes the point that even though the IC has huge technological components, but it is really a people centered business. The importance of training and practice and honing skills was also a key part of Jerry's background including how to think on your feet. He is a believer in planning and having backup plans and backups to the backup plans. No plan survives first contact, so learn to be agile. We also examined Jerry's leadership methods in organizations that are reluctant to change but need to. Jerry also has deep experience leading security in collegial environments (like leading security for the NASA mission centers). Jerry is a future focused person who is closely tracking the US space program and its many interesting programs (like Artemis, the return of humans to the moon). We ask his views on the future and the technology and risks we all need to mitigate to optimize the future.

Paul Kurtz is an internationally recognized expert on cybersecurity and the Co-Founder and Chairman of TruSTAR. Paul began working on cybersecurity at the White House in the late 1990s. He served in senior positions relating to critical infrastructure and counterterrorism on the White House's National Security and Homeland Security Councils under Presidents Clinton and Bush. After leaving government, Paul has held numerous private sector cybersecurity positions including founding the Cyber Security Industry Alliance (Acquired by Tech America), Executive Director of SAFECode, Managing Partner of Good Harbor Consulting in Abu Dhabi, and CISO of CyberPoint International. Paul’s work in intelligence analysis, counterterrorism, and critical infrastructure protection has influenced his approach to cybersecurity. Paul believes in intelligence-centric security integration and automation. Today he spends his time consulting security leaders about how to manage their intelligence across tools. Paul believes in using machine learning to help detect, triage, investigate, and respond to events with confidence. In this OODAcast we dive into Paul's views on the cybersecurity landscape today and learn more about his approach to decision-making. We discuss a new concept he has been shepherding in the community regarding how cyber intelligence can be optimized for the benefit of any organization. We also extract lessons relevant for any leader who wants to make better, more accurate and actionable decisions in competitive environments. Additional Resources: TruSTAR: An Intelligence Management platform which helps security teams accelerate automation. Paul Kurtz OODAloop Interview: Our introduction of Paul to other OODAloop members

Rear Admiral Paul Becker, USN (Retired), is an author, speaker and board member with extensive experience in intelligence operations. During his 30 year career as a naval intelligence officer he lead major operational intelligence efforts, rising to the position of Director of Intelligence (J2) for the Joint Chiefs of Staff. Upon retirement from the Navy he formed a consultancy delivering solutions and lessons learned around intelligence to corporate America. He is also a professor, teaching at the US Naval Academy and the University of Virginia.  Paul is renowned for his ability to translate military leadership principles into corporate pillars of performance, productivity and profit. In this OODAcast we ask Admiral Becker for his insights into what intelligence is and how to evaluate it, the difference in leadership and management, and the nature of the shifting threats in the modern geopolitical environment. We examine some of Paul's personal heroes and discuss the continuing legacy of Colonel John Boyd. We also ask Admiral Becker about his reading habits including the books he taps into for inspiration. Related Resources: The Intelligent Enterprise Series: Special reports from OODA focused on corporate intelligence Useful Standards For Corporate Intelligence: Based on lessons learned from the US intelligence community and corporate America Optimizing Corporate Intelligence: Tips and best practices and actionable recommendations to make intelligence programs better. A Practitioner's View of Corporate Intelligence: insights aimed at corporate strategists seeking competitive advantage through better and more accurate decision-making. An Executive's Guide To Cognitive Bias in Decision Making: Cognitive Bias and the errors in judgement they produce are seen in every aspect of human decision-making, including in the business world. Companies that have a better understanding of these cognitive biases can optimize decision making at all levels of the organization, leading to better performance in the market.