Cyber Work

Becky Robertson joins us from Booz Allen to discuss creating remote work situations that address modern requirements but don’t sacrifice security. We discuss the ways in which COVID-19 helped the federal sector reconsider every aspect of the workflow process and what that means for future remote roles. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:21 - Cybersecurity origin story4:58 - Changes from the early days of cybersecurity6:24 - Staying in the same organization for 25 years8:56 - Day-to-day work as a VP10:56 - Security and working from home13:18 - Technical hurdles to work remotely15:15 - Changing the nature of work post pandemic 16:58 - Employees working remotely 19:04 - Security concerns when working remotely22:55 - How to pursue a federal cybersecurity career25:18 - Federal cybersecurity positions in demand27:42 - Skills needed to work in federal government29:33 - Federal skills gaps32:05 - Career advice 32:57 - Finding mentors About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Veracode CEO Sam King is an icon in the realms of secure coding and application security, and she joins the podcast, along with Infosec CEO Jack Koziol, to discuss her cybersecurity journey, the President’s directive on software security and so, so many more topics. You really don’t want to miss this one, folks. – Download our FREE ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:10 - Origin story5:05 - Ground floor of cybersecurity 7:54 - The “aha!” moments 12:30 - Point were you thought industry would grow14:28 - Changes implemented at Veracode19:52 - Nation’s approach to cybersecurity24:10 - Federal government security 26:25 - Government oversight 28:14 - Secure coding practices 31:52 - Veracode’s app security report40:04 - How to learn web application security 43:46 - Mistakes to avoid when applying  47:13 - Bringing in more diverse candidates  51:36 - Maintaining Veracode’s edge54:25 - Advice to move into a new cybersecurity role56:24 - Outro Sam King is the chief executive officer of Veracode and a recognized expert in cybersecurity, DevSecOps and business management. A founding member of Veracode, Sam has played a significant role in the company’s growth trajectory over the past 15 years, helping to mature it from a small startup to a company with a billion dollar plus valuation. Under her leadership, Veracode has been recognized with several industry distinctions including a seven-time consecutive leader in the Gartner Magic Quadrant, leader in the Forrester SAST Wave and a Gartner Peer Insights Customer Choice for Application Security. Sam has been a keynote speaker at events such as Gartner Security Summit, RSA and the Executive Women’s Forum, on topics ranging from cybersecurity to empowering women and creating diverse and resilient corporate cultures. She has been profiled in business publications such as the Huffington Post, CNNMoney, Financial Times, InfoSecurity Magazine and The Boston Globe.Sam received her masters of science and engineering in computer and information science from University of Pennsylvania. She earned her BS in computer science from University of Strathclyde in Glasgow, Scotland, where she earned the prestigious Charles Babbage Award, awarded to the student with the highest academic achievement in the graduating class. She currently sits on the board of Progress Software. Sam is also a member of the board of trustees for the Massachusetts Technology Leadership Council, where she was a charter member of the 2030 Challenge: a Tech Compact for Social Justice in efforts to bring more diversity to the local workforce.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Alyssa Miller of S&P Global Ratings discusses the easiest pentest she ever ran on an app and the importance of diversity of hiring, not just “diversity of thought.” She also gives some of the best advice we’ve heard yet on picking your cybersecurity path. – Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast 0:00 - Intro2:44 - Miller’s origin story5:53 - Experiences working while at school8:20 - Pursuing a degree10:57 - How has cybersecurity changed?12:58 - Coming into cybersecurity from a different perspective13:55 - Moving to pentesting versus programming18:52 - Penetration testing through the years20:46 - A big change in your industry25:27 - Specifics of a business information security officer 29:09 - Skills for a business information security officer role32:34 - “Cyber Defenders’ Career Guide” book35:08 - What surprised you about writing the book?41:46 - Equity and inclusion in cybersecurity47:11 - Who is doing equity correctly? 49:12 - Long term equity strategies? 52:45 - Final cybersecurity career advice 55:40 - Outro Alyssa Miller is a hacker, security researcher, advocate and international public speaker with over 15 years of experience in cybersecurity. From a young age, she has enjoyed exploring and deconstructing technology to learn more about how it works. At 12 years old, she bought her first computer. From that $1,000 purchase, she launched a hobby that would later become her career. Just seven years later, she was hired to her first full-time salary job as a programmer. Alyssa is also passionate that doing better in security begins with sharing knowledge and learning from each other. She regularly presents her perspectives through public speaking engagements. She speaks at various industry conferences, vendor and customer hosted events and non-security related events. Alyssa’s mission is to improve all aspects of the security community. Therefore, her topics range from technical to strategic to higher level community and policy issues.Alyssa is a member of Women in Cyber Security (WiCyS) Racial Equity Committee. Additionally, she participates in other organizations designed to build a more welcoming and cooperative culture in security. As a member of ISACA, Alyssa currently holds a Certified Information Security Manager (CISM) certification. She is also the author of "The Cyber Defenders’ Career Guide," published by Manning in May 2021. We’re going to be discussing all of Alyssa’s fascinating story, her career journey, the work of demystifying cybersecurity and her work helping to create a more inclusive and welcoming space in the cybersecurity industry. About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Jonathan Tanner of Barracuda talks about his time moving up the ladder at Barracuda, how he still enjoys computer science competitions like DEFCON Wireless Capture the Flag (CTF), and Barracuda’s revolutionary malware detection ATP platform he built. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro3:04 - Origin story in cybersecurity 5:45 - Major accomplishments and moving up with Barracuda7:55 - Daily work as senior security researcher 10:36 - Was this always what you were interested in?12:42 - How did you expand your skills and position14:30 - Cyber security resume tips17:20 - Becoming a cybersecurity professional19:01 - How can hackathons and conferences help you?22:33 - Improving the hiring process25:33 - How to prepare for cyber security interview27:46 - Working long term with a tech company29:27 - What’s next for you at Barracuda?30:26 - Where should security professionals begin?33:46 - What’s happening at Barracuda34:33 - Where can I find out more about you?35:06 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

French Caldwell of The Analyst Syndicate talks about his role as founder and chief researcher of the group. We also talk about Caldwell’s time at Gartner research, and his passion for cybersecurity research as a whole. 00:00 - Intro 03:43 - Caldwell’s background in cybersecurity 07:25 - Knowledge management09:55 - Protecting digital trash 12:33 - Risk assessment and day-to-day work life18:00 - How has research changed since 1999?22:48 - Founding The Analyst Syndicate 26:45 - What is your day like at the Syndicate?28:11 - What is your research like now?29:33 - Disruptive technology and public policy31:09 - Disruptive trends34:30 - Advice to students in disruptive technologies38:58 - Tell us about your simulator46:22 - Cyberterrorism and risk to municipalities and hospitals50:18 - Learn more about Caldwell and the Syndicate51:54 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastFrench Caldwell is the leading strategist and thought leader in RegTech, including GRC and ESG, cybersecurity, social and digital risks and regulation and the impact of disruptive technologies on policy and strategy. He is a former Gartner Fellow, and following Gartner he became the global head of marketing at a Silicon Valley firm that delivers regtech solutions for governance, risk and compliance analytics and reporting. Skilled at the alignment of strategy, communications, technology, processes, analysis, policy and people to improve business and mission outcomes. Experienced at advising senior executives and corporate directors on disruptive technology, strategic risk management, cybersecurity and public policy issues.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Dirk Schrader of New Net Technologies talks about healthcare security and legacy systems. We discuss the millions of pieces of health data left out in the open, the issues with closing these holes and the need for professional legacy system-whisperers. 0:00 - Intro2:56 - What drew Dirk to security4:46 - Did your Dad’s role inspire you?5:55 - Stepping stones to your current job9:35 - What is it like to be a security research manager14:38 - Unprotected healthcare records21:50 - Unprotected systems in the U.S. 25:20 - Using better security in hospitals31:55 - Logistical issues of security for hospitals37:48 - Best solution for hospital cybersecurity 39:30 - How to prepare for change 42:32 - What skills do you need for this work?46:00 - Will people pursue these changes?49:40 - Projects Dirk’s working on52:10 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastDirk Schrader is the global VP of New Net Technologies (NNT). A native of Germany, Dirk’s work focusses on advancing cyber resilience as a sophisticated, new approach to tackle cyberattacks faced by governments and organizations of all sizes for the handling of change and vulnerability as the two main issues to address in information security.Dirk has worked on cybersecurity projects around the globe, including more than four years in Dubai. He has published numerous articles in German and English about the need to address change and vulnerability to achieve cyber resilience, drawing on his experience and certifications as CISSP (ISC²) and CISM (ISACA). His recent work includes research in the area of medical devices, where he found hundreds of systems unprotected in the public internet, allowing access to sensitive patient data. This is going to be the topic of today’s episode, and we’re also going to talk about unprotected or poorly protected legacy systems in general, and how we start to build some coverage over this vast swath of unprotected information.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Ginny Morton, project management professional at Dell and veteran in the U.S. Army, takes us through the practice of cybersecurity project management in both for-profit and military sectors on today’s episode. We talk about Scrum and Agile certifications, building the best team for the project and tapping into your personal power in your work.  0:00 - Intro2:04 - Origin story4:47 - What does a cybersecurity project manager do?6:10 - Average work day as a project manager7:40 - Best and worst parts of project management9:30 - How does a PM improve cybersecurity work?10:40 - Dell team management 12:50 - Being the team’s first manager14:36 - Best project management certifications21:02 - PM work for Dell versus the military23:00 - Military clearances for PM work24:08 - Skills and experiences necessary for high-level PM22:52 - Skills and interests for a successful career27:04 - Tips for those who want to transition careers27:38 - Changes to PM work during COVID28:40 - Adjustments to work from home29:55 - Will PM work change?31:04 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastGinny Morton is a senior cyber security advisor, program management at Dell, and has spent much of her career in the project management space for cybersecurity, previously working at TekSystems and in both the Texas Army National Guard and the U.S. Army.Our recent guest, project manager Jackie Olshack, recommended Morton for the show, and as we had a ton of people tune in to see Jackie’s episode, we realize that our listeners are passionate about learning more about project management in IT and cyber as a career path, so I’m looking forward to talking with Morton about her career path as well as the unique aspects of doing project management work on a federal/military level.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

This episode we welcome Rita Gurevich, CEO and founder of Sphere Technology Solutions. She talks about what it’s like to start her own company, why it is important to know your assets when setting policy, and what skills and experiences set applicants apart when they look to hire. Plus, she has plenty of data governance strategies to chat about.  0:00​ - Intro2:47​ - Origin story 4:51​ - The creation of Sphere7:14​ - Working solo at Sphere9:12​ - What would you change going back?10:30​ - Pricing your business activities 12:36​ - Average day as a CEO13:32​ - Favorite parts of the job14:50​ - What is data governance?17:40​ - Factors driving data growth19:28​ - First steps to form data strategy22:07​ - Data governance best practices23:40​ - Time frame to get a master inventory25:17​ - What does good data governance do 26:12​ - Skills I need for data governance and management27:47​ - Importance of collaboration and mentorship30:26​ - Skills and experiences for Sphere candidates32:48​ - Tips to get into cybersecurity work 34:06​ - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAs the CEO and Founder of Sphere, Rita Gurevich is charged with leading the strategic growth of the organization in providing business critical governance, security and compliance solutions to customers spanning multiple geographic locations and industry verticals.Gurevich founded Sphere after gaining a massive amount of experience in a short time period during the Lehman bankruptcy, the economic downturn of 2008, and the enhanced regulatory environment that dominated the industry. Being in a unique position from this experience, Gurevich founded Sphere as a single contributor, and worked strategically to grow the company into the entity it is today.Gurevich is the recipient of multiple honors and awards including recognition from her Entrepreneurial skills from Ernst & Young, and SmartCEO, along with being on the 40 Under 40 list in 2017. In addition, Gurevich sits on the Board of Directors for the New Jersey Technology Council.This week’s topic is data governance strategies in 2021. As more of what we do goes online and into the cloud, and as more people need access to information, making sure that entrance points aren’t more accessible than they need to be is more important than ever. We’re going to talk about the issues around this topic, and also job strategies for people who want to do this type of work.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

This episode we welcome Jeff Schmidt of Covail to discuss security and risk management, working at the FBI to create the InfraGard program, and what cybersecurity can learn from physical security controls and fire safety and protection. 0:00 - Intro2:30 - Origin story4:31 - Stepping stones throughout career8:00 - Average work day 12:14 - Learning from physical security17:18 - Deficiencies in detection 22:17 - Which security practices need to change?24:15 - How massive would this change be?27:37 - Skills needed for real-time detection32:00 - Strategies to get into cybersecurity34:30 - Final words on the industry37:16 - What is Covail? 38:40 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastJeff Schmidt, VP and Chief Cyber Security Innovator at Covail is an accomplished cybersecurity expert with a background in security and risk management. He founded JAS Global Advisors LLC, a security consulting firm in Chicago, and Authis, a provider of innovative risk-managed identity services for the financial sector. Jeff is a board member for Delta Risk LLC. In 1998, he worked with the FBI to create the InfraGard program, receiving commendations from the Attorney General and the Director of the FBI. He is an adjunct professor of systems security engineering at the Stevens Institute of Technology and a Zurich Cyber Risk Fellow, Cyber Statecraft Initiative, at The Atlantic Council. Jeff received a Bachelor of Science in computer information systems and an MBA from the Fisher College of Business at The Ohio State University.Jeff came to us with an intriguing topic. He proposes what he calls a Detect, Defend, and Respond Posture in Cybersecurity, and postulates that cybersecurity can learn lessons from “the mature sciences of physical security and fire protection.” No matter how you’re securing your system now, there’s often room for improvement, and always room for taking in new ideas, so let’s take a closer look!About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Christina Van Houten talks about Women@Work and women in cybersecurity on this week's episode. We discuss tactics for bringing more women and diverse candidates into cybersecurity, the importance of a well-balanced and skills-diverse team, and how the work of Chief Strategy Officer is like an ever-evolving game of Tetris!  0:00 - Intro2:30 - Van Houten's origin story4:13 - Strategies cybersecurity was lacking7:05 - Accomplishments that helped bolster her career13:46 - Average day as chief strategy officer18:03 - Entering cybersecurity in different ways20:37 - Women@Work and trying to help26:27 - Bringing more women into cybersecurity29:20 - Making careers accessible to women34:14 - Diversifying upper management  36:22 - Success stories mentoring women 41:01 - Men@Work book and men in cybersecurity46:33 - Roadblocks women in cybersecurity face 50:47 - Projects from Mimecast54:37 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastChristina Van Houten is a veteran of the enterprise technology industry, having spent two decades with some of the world’s largest firms, including Oracle, IBM and Infor Global Solutions as well as Netezza and ProfitLogic, the entrepreneurial companies that were acquired by them. Currently, Christina is chief strategy officer for Mimecast, a global leader in cybersecurity, where she leads product management, market strategy, corporate development, and M&A. She also serves on the board of directors for TechTarget and has been involved as an advisory board member of several emerging technology firms. In 2017, Christina launched Women@Work, a resource platform dedicated to the economic advancement and self-reliance of women and girls around the world.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.