Security Masterminds

Rachel Tobac, the CEO of Social Proof Security, takes us on a remarkable journey into the realm of cybersecurity and social engineering. Her introduction to the world of hacking came at Defcon, where she was initially hesitant to participate in a social engineering competition. Despite her lack of experience, Rachel's determination and "try-hard" attitude led her to secure second place, sparking her passion for cybersecurity. Throughout her engaging narrative, Rachel sheds light on the challenges that companies encounter in defending against social engineering attacks, emphasizing the need for updated security measures. Her insights into leveraging AI and verifying identities provide actionable strategies for fortifying defenses. With a compelling blend of storytelling and expertise, Rachel encourages a mindset of "polite paranoia," empowering individuals to be vigilant in the face of evolving threats. Rachel's journey serves as an inspiration, showcasing the transformative power of passion and perseverance in the cybersecurity landscape.

Social engineering is like a fast childhood pet. We'll say a dog, not a hamster, because it's going to run really fast. So a fast childhood dog that runs away from you, and you have to spend a lot of time looking for it in the neighborhood, but you love this dog, and it's really fun to be around, but, man, does it know how to jump over the fence.
- Rachel Tobac

Connect with Rachel Tobac

LinkedIn: https://www.linkedin.com/in/racheltobac/Twitter: https://twitter.com/RachelTobacRachel on 60 Minutes:  https://www.cbsnews.com/news/how-con-artists-use-ai-apps-to-steal-60-minutes-transcript/?linkId=215644785

Connect with us

Website: securitymasterminds.buzzsprout.com

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comJames McQuiggan - https://www.linkedin.com/in/jmcquigganAnna Collard - Javvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

Show Notes created with Capsho - www.capsho.com
Sound Engineering - Matthew Bliss, MB Podcasts.
If you'd like to ask Matt what he can do for your podcast, visit https://www.mbpod.com and schedule a consultation today! 

Get ready to challenge your assumptions about security awareness as Julie Haney, head of Human Centered Cybersecurity at NIST, reveals the hidden struggles and attitudes of security professionals and non-experts. Just when you think you understand the root causes of cybersecurity challenges, a shocking twist leaves everything in doubt. 
Tune in to find out.

Julie Haney, an esteemed leader at the National Institute of Standards and Technology, heads the Human Centered Cybersecurity program. With a wealth of experience in computer science and over two decades in the field, Julie's expertise lies in understanding the human aspect of cybersecurity. She delves into the struggles, experiences, and attitudes of all participants within an organization, aiming to uncover the root causes of security issues rather than just addressing the surface symptoms. Julie's passion for bridging the gap between research and practice makes her a valuable resource for cybersecurity professionals looking to gain deeper insights into the human element of cybersecurity.

We need to give our professionals a taste of that so that they're at least thinking about it. They may not be experts in it, but they at least know that they need to think about it.

In this episode, you will be hear about:

Unveiling the Importance of the Human Element in Cybersecurity: Discover how human behavior impacts cybersecurity and why it's crucial for professionals to understand this dynamic.Empowering People in Cybersecurity: Explore strategies to empower individuals within the cybersecurity landscape, leading to a more robust and secure environment.Addressing Security Fatigue in Cybersecurity: Learn how to combat security fatigue and its detrimental effects on cybersecurity practices, ensuring sustained vigilance and awareness.Developing Skills Needed for Future Cybersecurity Professionals: Uncover the essential skills required for future cybersecurity professionals to thrive in a rapidly evolving digital landscape.Harnessing Non-technical Skills in Cybersecurity: Delve into the significance of non-technical skills in cybersecurity and their pivotal role in fostering a well-rounded approach to security.

Connect with Julie Haney

LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/

Connect with us

Website: securitymasterminds.buzzsprout.com

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comJames McQuiggan - https://www.linkedin.com/in/jmcquigganJacqueline "JJ" Jayne - https://www.linkedin.com/in/jacquelinejayne/Javvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

Show Notes created with Capsho - www.capsho.com
Sound Editing - James McQuiggan
Sound Engineering - Matthew Bliss, MB Podcasts.
If you'd like to ask Matt what he can do for your podcast, visit https://www.mbpod.com and schedule a consultation today! 

Feeling the frustration of constantly battling memory-related vulnerabilities in your code? What if I told you there's an unexpected twist in the story that could change everything? Join me as we explore the captivating journey of transitioning to memory-safe languages in programming, and uncover the game-changing solution that awaits. But that's a story for another time...

Our special guest is Loren Kohnfelder and joined by Roger Grimes.

Loren Kohnfelder, a distinguished figure in the realm of cybersecurity, is widely regarded as a trailblazer in the development of PKI (Public Key Infrastructure). His significant contributions to the RSA algorithm and its application in real-world scenarios have solidified his position as a thought leader in digital security. With extensive expertise in encryption and network systems, Loren offers a wealth of knowledge for developers seeking to navigate the transition to memory-safe languages. His pioneering work serves as a cornerstone in understanding the complexities of cybersecurity and the pivotal role of memory-safe languages in fortifying software against vulnerabilities. Loren's profound insights and experiences make him an exceptional guest, providing a comprehensive understanding of the evolution of digital security and its relevance to memory-safe languages.

I think if there are specific pieces of code that are well contained and you can rewrite those in a memory safe language, that's a fine thing to do. But, for example, if you've got a library that's in the middle of a bunch of memory unsafe language code, and you write that into memory safe code, you're going to have bridge code connecting across that boundary, because you obviously can't just slip from memory safe land into memory unsafe land, where you're now taking on risk without managing those borders. 
- Loren Kohnfelder

In this episode, you will be able to:

Uncover the secrets of PKI with Loren Kohnfelder.Learn the benefits of transitioning to memory-safe languages.Overcome the challenges of rewriting large codebases.Explore the feasibility of adopting memory-safe languages in programming.

Connect with us

Website: securitymasterminds.buzzsprout.com

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comJames McQuiggan - https://www.linkedin.com/in/jmcquigganRoger Grimes: https://www.linkedin.com/in/rogeragrimes/Erich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

Have you ever heard these myths about supply chain security, product security, and getting hired in cybersecurity? Myth #1: Supply chain security is not important unless you're a large organization. Myth #2: Product security is solely the responsibility of the manufacturer. Myth #3: Getting hired in cybersecurity requires a technical degree. Stay tuned as our guest, Naomi Buckwalter, reveals the truth behind these myths and offers valuable insights in our upcoming discussion.

Naomi Buckwalter is a cybersecurity professional with a wealth of experience in the industry. With a background in computer engineering and a diverse career spanning roles in application development, security architecture, and leadership, Naomi brings a unique perspective to the field. She gained valuable insights from a challenging experience early in her career, which led her to reevaluate her approach and embrace continuous learning. Naomi's journey has shaped her belief that anyone can succeed in cybersecurity with the right mindset and a willingness to learn. She emphasizes the importance of focusing on fundamental security practices and leveraging data to drive decision-making. Naomi's expertise in product security and supply chain security make her a valuable resource for professionals seeking to enhance their skills and knowledge in these areas.

We're chasing those things that make us feel good, but at the end of the day, not the right things. - Naomi Buckwalter

Connect with Naomi Buckwalter

LinkedIn: https://www.linkedin.com/in/naomi-buckwalter

Connect with us

Website: securitymasterminds.buzzsprout.com

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

Show Notes created with Capsho - www.capsho.com
Sound Editing - James McQuiggan
Sound Engineering - Matthew Bliss, MB Podcasts.
If you'd like to ask Matt what he can do for your podcast, visit https://www.mbpod.com and schedule a consultation today! 

Discover the untold dangers of AI in cybersecurity as expert Clint Bodungen uncovers the dark side of generative AI. Is our reliance on technology putting us at risk? Find out in this eye-opening discussion that will leave you questioning the future of cybersecurity.

"Technology, as much as we need it, enables complacency. The technology enables that complacency, and we've seen the consequences. We need a proper cybersecurity culture that aligns with our natural desire to do the right thing and help others. "
- Clint Bodungen

Discover how AI is revolutionizing cybersecurity and gain insights into its impact on threat detection and response.Explore the relationship between organizational culture and cybersecurity practices, uncovering strategies to foster a security-conscious environment.Unlock the potential of AI in cybersecurity and uncover innovative ways to enhance your organization's defense against cyber threats.

Connect with Clint Bodungen

LinkedIn: https://www.linkedin.com/in/clintb/Twitter: https://twitter.com/R1ngZer0Email: [email protected]: threatgen.comCyberSuperHuman - AI Courses - https://cybersuperhuman.ai

Connect with us

Website: securitymasterminds.buzzsprout.com

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

Show Notes created with Capsho - www.capsho.com
Sound Editing - James McQuiggan
This episode was edited by Matthew Bliss of MB Podcasts. If you'd like to ask Matt what he can do for your podcast, visit https://www.mbpod.com and schedule a consultation today! 

Discover the critical role of a Business Security Officer in aligning security with business goals. But what happens when this vital bridge between security and the organization finds themselves facing unexpected challenges? Find out in this intriguing episode of the Security Masterminds podcast.

Nicole Dove, a cybersecurity expert with an intriguing career path, helps businesses navigate the intersection of risk and technology. Starting her career on Wall Street, she transitioned into risk management consulting and auditing before eventually shifting gears into cybersecurity. As a Business Information Security Officer (BISO), Nicole focuses on aligning business and security, advocating for both to the benefit of the organizations she serves. Her business-first approach to security, understanding of diverse business units, and innate curiosity make her a critical asset in identifying and managing organization-wide threats.

Security is like really a team sport and you can't wait until game day to practice and think you're going to win. - Nicole Dove

Connect with Nicole Dove

LinkedIn: https://www.linkedin.com/in/jnicoledove/Twitter:  https://twitter.com/IssaUrbanGirlUrban Girl Podcast: https://podcasts.apple.com/us/podcast/urban-girl-corporate-world/id1502039142

Connect with us:

Website: securitymasterminds.buzzsprout.com

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions -https://propodcastsolutions.com/
Show Notes created with Capsho - www.capsho.com

Protecting data in the age of cyber threats, cybersecurity expert Ian Garrett ignites a battle against ignorance, as he harnesses the power of AI and zero trust to defend organizations of all sizes from the lurking dangers of the digital world.

Today's guest is Ian Garrett, the CEO and co-founder of Phalanx. With a background in computer science, he became an early adopter of AI application in cybersecurity and has been making waves in the industry ever since. Ian's ability to combine AI rapid data processing with a human understanding of nuanced threats exemplifies cutting-edge cybersecurity practices that help ensure data protection and privacy.

Don't ignore the data outside of secure places. Even drafts and email attachments can be vulnerable. Take a comprehensive approach to data security. - Ian Garrett

In this episode, you will be able to:

Gain insights into how AI and Zero Trust model can reinforce your data protection strategies.Learn from industry connoisseurs about typical data security blunders to be avoided.Identify the hurdles in managing multicloud data and the solutions to counter these challenges.Delve into the potent dangers presented by AI and chatbots and how to keep them at bay.Understand the practical application and multiple influences of the Zero Trust architecture on your business.

Ian Garrett, CEO and co-founder of Phalanx, with a background in computer science, he became an early adopter of AI application in cybersecurity and has been making waves in the industry ever since. Ian's ability to combine AI rapid data processing with a human understanding of nuanced threats exemplifies cutting-edge cybersecurity practices that help ensure data protection and privacy.

Don't ignore the data outside of secure places. Even drafts and email attachments can be vulnerable. Take a comprehensive approach to data security. - Ian Garrett

Connect with Ian Garrett

LinkedIn:  https://www.linkedin.com/in/ianygarrett/Twitter: @ianygarrett - https://twitter.com/ianygarrettOrganization: phalanx.io - https://www.phalanx.io/

Connect with us:

Website: securitymasterminds.buzzsprout.com

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions -https://propodcastsolutions.com/
Show Notes created with Capsho - www.capsho.com

Check us out on our new LinkedIn Page!  - https://www.linkedin.com/company/security-masterminds-podcast/

Does this sound familiar? You've invested in threat intelligence data and spent countless hours analyzing it, yet you still feel vulnerable to cyber threats. Maybe you were told that having the data alone would be enough to protect your organization. But the reality is, simply having the data without knowing how to turn it into actionable insights leaves you exposed and frustrated. The pain of constantly worrying about cyber attacks and feeling powerless to stop them is all too real. In this episode, we'll show you how to transform your threat intelligence data into actionable intelligence, giving you the tools to defend against even the most sophisticated cyber threats.

In this episode, you will be able to:

Realize the urgency of embracing cybersecurity for your business's sustained success.Explore how actionable threat intelligence can augment your defenses against cyber adversaries.Absorb the advantages of using a joint and innovative approach to stay on top of evolving digital dangers.Discern the impact of robust communication and leadership skills in fostering a secure digital environment.Appreciate the role of attack simulation technology in unveiling security blind spots and improving protection.

My special guest is

Bryson Bort is an accomplished cybersecurity veteran with more than two decades of experience under his belt. As the founder of Scythe, Bryson has cultivated a platform that empowers professionals in the cybersecurity space to effectively address and combat cyber threats. Simultaneously, he co-founded ICS Village, a non-profit that aims to increase knowledge and awareness of industrial control system security. With a strong background in both offensive and defensive security, Bryson's drive for constant improvement and growth has made him an influential figure within the cybersecurity community.

Connect with Bryson Bort!

Linkedin: https://www.linkedin.com/in/brysonbort/Twitter: https://twitter.com/brysonbortScythe: https://scythe.io/ICS Village: https://www.icsvillage.com/

Testimonial for Scythe  https://scythe.io/library/purple-team-approach-boosts-cybersecurity

Connect with us:

Website: securitymasterminds.buzzsprout.com

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions -https://propodcastsolutions.com/
Show Notes created with Capsho - www.capsho.com

Check us out on our new LinkedIn Page!  - https://www.linkedin.com/company/security-masterminds-podcast/

Are you struggling to raise cybersecurity awareness despite following the same old advice? Discover the power of storytelling and engagement in transforming cybersecurity training and arming your workforce against message fatigue and over-reliance on technology.

In this episode, you will be able to:

Delve into the connections between storytelling, engagement, and effective cybersecurity training.Gain insight into striking the perfect balance between factual content and captivating storytelling.Find out how relying too much on technology can jeopardize cybersecurity efforts.Master techniques for countering message fatigue in the cybersecurity industry.Explore the power of humor and entertainment in raising security awareness levels.

Rob McCollum, a versatile voice actor with a background in sales, marketing, acting, and improv comedy, has lent his talents to over 300 anime roles and a plethora of corporate training videos. Joining forces with Twist & Shout, a KnowBe4 company, Rob ventured into corporate storytelling and cybersecurity training, working on projects for major companies such as Barclays Bank, AT&T, Warner Brothers, and Sony. His unique approach to storytelling and engagement in cybersecurity training has revolutionized the industry, keeping viewers intrigued and eager for more.

About Rob McCollum

LinkedIn - https://www.linkedin.com/in/robert-mccollum-23b1a86Rob McCollum Facebook Anime Fan Page: https://www.facebook.com/RobertMcCollumFanPage

Show Notes:

The Inside Man Series: https://info.knowbe4.com/inside-man-gaFavorite Books: After On, Year Zero, by Rob Reid - https://www.amazon.com/stores/author/B000AP8X36/allbooks?ingress=0&visitId=3058ab80-2f93-42c9-9be8-a1d49c3fec86&store_ref=ap_rdr&ref_=ap_rdr

Connect with us:

Website: securitymasterminds.buzzsprout.com

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions -https://propodcastsolutions.com/
Show Notes created with Capsho - www.capsho.com

Check us out on our new LinkedIn Page!  - https://www.linkedin.com/company/security-masterminds-podcast/

Are you tired of the same old ineffective methods for GRC optimization and AI integration for cybersecurity? Do you feel like no matter what you do, you can't seem to get the results you need? Come join us in this episode to learn the latest and greatest techniques for enhancing your GRC processes and AI integration for cybersecurity success.

Stas Bojoukha is a cybersecurity expert with over 20 years of experience in the industry. He has a deep passion for automation and making security consumable for everyone. Stas began his career as a computer technician, later progressing through various roles such as systems engineer, infrastructure engineer, and chief security officer. His diverse background has allowed him to gain valuable insights into a wide range of IT disciplines. Today, Stas is the CEO and founder of Compyl, an information security and compliance automation platform designed to streamline processes and improve efficiency in managing compliance requirements.

The resources mentioned in this episode are:

Look into Stas Bojoukha's company, Compyl, an information security and compliance automation platform that helps organizations automate their cybersecurity programs and reduce risk.Prioritize making security and compliance understandable for non-technical staff members, as this will help improve overall security awareness and adherence to policies.Remember that compliance does not necessarily guarantee security; focus on implementing security measures that go beyond compliance requirements to ensure a more robust security posture.

About Stas Bojoukha

LinkedIn - https://www.linkedin.com/in/stas-bojoukha/Email: [email protected]Social Media:  https://twitter.com/thestas1Compyl: https://compyl.com/

ShowNotes

SIM City 2000 - https://www.ea.com/games/simcity/simcity-2000SOC Analyst link from CISA - https://niccs.cisa.gov/education-training/catalog/cyber-range-solutions-inc/intro-soc-analyst

Connect with us:

Website: securitymasterminds.buzzsprout.com

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions -https://propodcastsolutions.com/
Show Notes created with Capsho - www.capsho.com

Check out our new LinkedIn page! - https://www.linkedin.com/company/security-masterminds-podcast/

Joanna Burkey's imparts her wisdom to help other professionals develop a successful cybersecurity program, emphasizing the importance of thought diversity and exposure to all aspects of the business. What other advice does she have to offer?

"We need to be overseeing and ultimately accountable for the right culture of governance to be happening in our companies."

Joanna Burkey is the CISO of HP, Inc. and has been in the cybersecurity field for over 25 years, working in a variety of roles from software development to CISO. She has seen the evolution of the field firsthand and provides valuable insights into the most pressing issues and trends across the industry.

In this episode, you will learn:

Exploring the essential cybersecurity capabilities to ensure effective coverageExamining the culture and networking elements of the cybersecurity fieldInvestigating the role and responsibilities of the Chief Executive Officer in cybersecurityUnderstanding the identity and trust issues surrounding cybersecurity

About Joanna Burkey

LinkedIn - https://www.linkedin.com/in/joanna-burkeyEmail: [email protected]Social Media: https://www.linkedin.com/in/joanna-burkey/

Show Notes 

FDDI & ATM network drivers for Novell Netware - https://support.novell.com/techcenter/articles/ana19960403.htmlSmart Brevity - Jim VandeHei - https://a.co/d/6K4gj2bEnterprise Risk Management, by James Lam -  https://a.co/d/apaNCHbTurn the Ship Around - https://a.co/d/2gy6Q7GHyperion - https://a.co/d/fmTCcHi

Connect with us:

Website: securitymasterminds.buzzsprout.com

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions -https://propodcastsolutions.com/
Show Notes created with Capsho - www.capsho.com

In this episode, Alex Panaretos bravely confronts the irony of trying to protect against what we don't know, challenging us to take an active role in building trust and security for organizations with a compassionate and humorous approach.

"You have to humanize yourself above the rest of the corporate noise. What are you saying that needs to make me pay attention?"

Alex Panaretos is a passionate sports broadcaster turned cybersecurity expert. She bridges the gap between the digital and physical world by connecting the intangible risk of cybersecurity to the emotions of her audience.

In this episode, you will learn the following:
1. How can humor be used to bridge the gap between security professionals and the general public?
2. What are the most effective ways to market security and behavior change to different generations in the workplace?
3. How can organizations assess the risk of malicious activities and assign a numerical value to them?

About Alexandra Panaretos

LinkedIn: https://www.linkedin.com/in/alexandrapanaretos

Connect with us:

Website: securitymasterminds.buzzsprout.com
LinkedIn: https://www.linkedin.com/company/security-masterminds-podcast/

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions - https://propodcastsolutions.com/
ShowNotes created with Capsho (www.capsho.com)

Loved this episode? Please leave us a review and rating on your favorite podcast platform!

After leaving the CPA industry and becoming a computer trainer, Roger worked his way into the cybersecurity industry, Roger Grimes, a data-driven evangelist, is determined to protect organizations from malicious social engineering attacks, but finds that even his advanced tools are no match for the crafty hackers.

"Organizations need to defend their infrastructure by identifying their critical data to recognize and respond to threats. Utilizing a data driven defense allows you to detect and respond to threats more quickly and accurately than traditional methods." -Roger Grimes

Roger Grimes is a cybersecurity expert and data driven defense evangelist for KnowBe4. He has held a variety of roles throughout his career, and his focus is on fixing the internet and protecting organizations from social engineering attacks.

In this episode, you will learn the following:
1. How did Roger Grimes go from being a CPA to becoming a cybersecurity expert?
2. What was it like to work with John McAfee?
3. How did Roger Grimes successfully bluff his way into the cybersecurity industry?

About Roger Grimes, CPA, CISSP

LinkedIn: https://www.linkedin.com/in/rogeragrimes/eMail: [email protected]Twitter: https://twitter.com/rogeragrimes

Show Notes / Links:

Cuckoo?s Egg book - https://www.amazon.com/dp/B0083DJXCM?ref_=cm_sw_r_cp_ud_dp_FK52CJS8J6DAJ6JMZJTFData Killers, John McAfee - https://www.amazon.com/dp/031202889X?ref_=cm_sw_r_cp_ud_dp_7N07KYGNG9GGSKMW5Q07FidoNet - https://www.fidonet.org/index.htmlPeter Norton?s Guide to the IBM PC - https://www.amazon.com/dp/0136619010?ref_=cm_sw_r_cp_ud_dp_FJ7E13ENVAFXZWR139YDCISA?s Known Exploited Vulnerabilities Catalog - https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Connect with us:

Website: securitymasterminds.buzzsprout.com

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions - https://propodcastsolutions.com/
ShowNotes created with Capsho (www.capsho.com)

In cybersecurity, one way to protect the organization is similar to Sun Tzu's Art of War, and to know the enemy. One way to protect yourself in cybersecurity is to have a healthy work/life balance.

"I think this is the best industry on the planet. I have always felt that I believe the opportunity for all people who want to work here if I, as a designer of Barbie doll dresses, can run cybersecurity well for some major brands. Well, I think what that says is this is both creative. It's creative and technical. It is broad and deep. It always changes; it's always evolving. You'll never be bored, and you'll never be unemployed."

Karen Worstell is a senior cybersecurity strategist at VMware. She shares the story of her time in the cybersecurity industry since the 1980s and has served as a data processing analyst, Chief Information Security Officer, and research and engineering consultant.

In this episode, you will learn the following:

1. How did Karen Worstell's journey in the cybersecurity industry help her grow as a person and leader?

2. What are the benefits of creativity in cybersecurity?

3. How does culture play a role in work-life balance for CISOs?

About Karen Worstell

Karen?s website: https://www.karenworstell.comLinkedIn: https://www.linkedin.com/in/karenworstell/eMail: [email protected]Twitter: https://twitter.com/karenworstellVMWare Vlogs: https://blogs.vmware.com/security/author/karen-worstellBonus Episode (Burnout): https://www.buzzsprout.com/1892704/11878086

Connect with us:

Website: securitymasterminds.buzzsprout.com

Loved this episode? Please leave us a review and rating on your favorite podcast platform!

KnowBe4 Resources:

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions - https://propodcastsolutions.com/
ShowNotes created with Capsho (www.capsho.com)

After 20 years in the same role at Canon, Quentyn Taylor knows a thing or two about what it takes to be a successful CISO; in this episode, he shares his insights on the importance of technical skills, business skills, and storytelling to make the role of CSO one You will learn the role of the CISO in communicating with the Board of Directors.

"I strongly believe in educating users about the importance of comprehensive security programs and to try to improve security in a cost-effective way for organizations."

Quentyn Taylor is the senior Director of Product, Information, Security and Global Response at Canon Europe, Middle East and Africa. He has over 20 years of experience in both the It and information security environments and is focused on building business relationships within his organization and cybersecurity community. He strongly believes in educating users about the importance of comprehensive security programs and to try to improve security in a cost effective way for organizations.

In this episode, you will learn the following:

1. Why do tiny things matter in information security?

2. What is the secret to Quentyn Taylor's success as a CISO?

3. What is the best way for a CISO to communicate with the Board of Directors?

About Quentyn Taylor

LinkedIn: https://www.linkedin.com/in/quentyntaylorTwitter: https://twitter.com/quentynblogYouTube: https://www.youtube.com/c/QuentynTaylor

Show Notes:

Security Engineering, by Ross Anderson - https://a.co/d/22nCFaJSecrets & Lies, by Bruce Schneier - https://a.co/d/33ehPldFotango buyout by Canon - https://www.campaignlive.co.uk/article/canon-goes-online-fotango-buyout/133990

KnowBe4 Resources

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions - https://propodcastsolutions.com/

In this episode of Security Masterminds, Tanya Janca shares her insights on application security, OWASP, and her community, "We Hack Purple." 

"I would say software developers are more interested in security than they ever have been before they're being pushed that way, but I think a lot of them are just becoming interested in it."

Tanya Janca is the director of Developer Relations at Bright Security and  founder of the We Hacks Purple community. She is a software developer with over 20 years of experience and is the author of the book Alice and Bob Learn Application Security.

In this episode, you will learn: 

Tanya Janca's experience as a software developer, musician, and pentester The importance of networks and community in cybersecurity The shift towards increased security awareness among software developers

About Tanya Janca

Website: https://shehackspurple.ca/ Social Media: https://twitter.com/shehackspurpleBright Security - https://brightsec.com/vulnerabilitiesCyber Mentoring Monday - https://twitter.com/hashtag/CyberMentoringMondayWe Hack Purple Academy (on Brightsec) https://community.wehackpurple.comAlice & Bob Learn Series - AliceAndBobLearn.com LinkedIn: https://www.linkedin.com/in/tanya-jancaEmail: [email protected]

Show Notes:

OWASP - https://owasp.org/Sherif Koussa - https://www.linkedin.com/in/sherifkoussa/Katie Moussoouris, Luta Security - https://www.linkedin.com/in/kmoussouris/ASVS - https://owasp.org/www-project-application-security-verification-standard/

KnowBe4 Resources

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions - https://propodcastsolutions.com/

You know about Blockchain, but do you really about blockchain? Then this episode is for you! You will learn: 

1. The potential for blockchain technology to create a more secure world.

2. The misconceptions about blockchain technology. 

3. The auditing and validation process for blockchain technology.

4. The four foundations of blockchain

"Blockchain has the potential to create a more secure world with its ability to be immutable, validated, and secure."

Jean-Michel Azzopardi is the CEO and co-founder of Infinity, a Web 3.0 startup. He has a background in enterprise, blockchain, cybersecurity, and video games. Azzopardi got into blockchain in 2011 after realizing the potential for this technology to change the world.

LinkedIn - https://www.linkedin.com/in/jean-michel-azzopardi-b33ab439/

Email: [email protected]

KnowBe4 Resources

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions - https://propodcastsolutions.com/

Everyday organizations are constantly managing risk and as cybersecurity professionals, there's a struggle to get the board to understand that risk. Our guest today shares his insights of his 5 pillars of security framework to increase the effectiveness of the risk conversation to the board and engaging them to reduce risk and secure the organization.

"I'm very passionate about the topic, and specifically very passionate about building a culture of cybersecurity within enterprises. Anything that has to do with security awareness, making people more cyber aware, is something that's really close to my heart."

Mathieu Gorge is the CEO and founder of VigiTrust, a cybersecurity company with clients in 120 countries. Mathieu has over 20 years of IT security and risk management experience and is much-sought after for his expertise. As an authority on cybersecurity solutions, he has been asked to speak at conferences including RSA, ISSA and ISACA. Mathieu is a prominent member of the international cybersecurity community?due to VigiTrust?s continued success as well as its 5 Pillars of Security Framework?? and serves as president and chief security officer of the French Irish Chamber of Commerce. 

Mathieu has more than 15 years of experience in payment security, and works closely with the PCI Council in the US and EU. He is a renowned expert in  PCI DSS, GDPR, CCPA, HIPAA, VRM, and ISO 27001.

Mathieu Gorge
LinkedIn: https://www.linkedin.com/in/mgorge
Website: https://mathieugorge.com
The Cyber Elephant in the Boardroom (Amazon)

In this episode, you will learn the following:

The challenges of communicating cyber risk to the boardroom The importance of understanding how cyber security measures fit into the financial side of things The human impact of being a CSO, including the challenges of maintaining a work-life balance.

Show Links

NIS2 - https://www.nis-2-directive.com/ENISA - https://www.enisa.europa.eu/Privacy Laws - CCPA - https://oag.ca.gov/privacy/ccpaPrivacy Laws - GDPR - https://gdpr-info.eu/Follow Me Printing Hacking Story - Forbes

KnowBe4 Resources

KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

Episode Summary

Jenny Radcliffe, a social engineer and known as the People Hacker, was recently inducted into the Infosecurity Europe Hall of Fame. Jenny is also an award winning podcast host and a conference speaker where she provides knowledge, expertise and insights on security, education and awareness to people around the world. In this episode of the Security Masterminds podcast, Jenny discusses her experience in the industry and how social engineering has changed over time. She also shares some tips on how to put together a team for a social engineering job, as well as some of her biggest social engineering failures and what she learned from them..

In this episode, you will learn the following:
1. The art and science of social engineering, and the importance of continuous learning.
2. The evolution of social engineering over time, and the need for diversification.
3. The importance of self-discipline in social engineering, and the need for details.

Jenny Radcliffe, The People Hacker

Jenny Radcliffe is a world-renowned Social Engineer hired to bypass security systems through a mixture of psychology, con-artistry, cunning, and guile. A "burglar" for hire and entertaining educator, she has spent a lifetime talking her way into secure locations, protecting clients from scammers, and leading simulated criminal attacks on organizations of all sizes to help secure money, data, and information from malicious attacks.

Jenny was recognized as one of the top 25 Women in Cyber in 2020 by IT Security Guru and as a Top 50 Women of Influence in Cyber in 2019. She was nominated for the prestigious "Godmother of Security" award in 2020 and won the "Most Educational Security Blog 2020." Most recently, Woman of Influence & a Top 30 Cybersecurity Leader.

Jenny is also the host of the award-winning podcast "The Human Factor," interviewing industry leaders, bloggers, experts, fellow social engineers, and con-artists about all elements of security and preventing people from becoming victims of malicious social engineering.

LinkedIn: https://www.linkedin.com/in/jenny-radcliffe-the-people-hacker-%F0%9F%8E%A4%F0%9F%8E%A7%F0%9F%A7%A0-85ba1611/Website: https://humanfactorsecurity.co.uk/Twitter: https://twitter.com/Jenny_RadcliffePodcast: https://humanfactorsecurity.co.uk/category/the-human-factor/

Show Links

Jenny's Darknet Diaries episode: https://darknetdiaries.com/episode/90/Matthieu Ricard (Happy Monk) - https://en.wikipedia.org/wiki/Matthieu_Ricard

KnowBe4 Resources

KnowBe4 Blog - https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan, Producer - https://www.linkedin.com/in/jmcquigganJavvad Malik, Producer - https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

Episode Summary
Technology is everywhere in society these days from our communication, shopping, and commerce capabilities. Whether email, online purchases, or using the blockchain, it amounts to large amounts of data being collected about people. All of this data, while easy to store, is also harder to manage and protect. As users, people exhibit behaviors when using this data, and the technology is learning those behaviors to effectively identify if it's this person based on geography, time, and frequency. All of this, along with being able to help people properly secure their data, and when they make an error, they receive a small learning mission to complete to help understand the mistake without feeling inadequate or reprimanded.
In this month's podcast, David Willis shares his experiences with technology, human behaviors, and micro-learning based on his years of military and technical expertise over the past twenty years.

David Willis, Head of Technology Integrations for the Business Development Team
David is an experienced business, security, and technology leader with over 20 years experience across telecommunications, financial services, and software industry verticals.
David currently serves as Head of Technology Integrations for the Business Development Team, focused on addressing tactical and strategic security and IT solution integration needs at scale for Netskope customers. David also leads the building and expansion of new routes to market for Netskope.

LinkedIn: https://www.linkedin.com/in/davidrwillis/Netskope page: https://www.netskope.com/blog/author/davidwillis

Show Links

Bright Shiny Object Syndrome (BSOS) - https://en.wikipedia.org/wiki/Shiny_object_syndromeGDPR - https://gdpr-info.eu/California Privacy Act - https://oag.ca.gov/privacy/ccpaNew York Protection Act - https://opengovernment.ny.gov/what-you-should-know-nys-personal-privacy-protection-law-ppplBJ Fogg Tweet - https://twitter.com/bjfogg/status/53486588944056321Rorschach Test - ??https://en.wikipedia.org/wiki/Rorschach_testDeath by many duck bites - https://www.amazon.com/Death-Duck-Bite-Novelty-T-Shirt/dp/B07DMTTLBB

KnowBe4 Resources

KnowBe4 Blog - https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan, Producer - https://www.linkedin.com/in/jmcquigganJavvad Malik,  Producer - https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

With current events, there is a strong focus on the critical infrastructure sector that provide fuel, water and electricity to our homes and office buildings. 

In today's episode we hear from Spencer Wilcox, who is a cybersecurity leader at a large power utility working to ensure that power is always available and protected against cybercriminals. He shares with us his insights to the energy industry, the supply chain, cyber resiliency and the threats the industry is facing in the next ten years.

Spencer Wilcox has worked in the cybersecurity and physical space of the energy sector for almost twenty years, where previously he was in law enforcement.

Don't miss out on 

The transition from a law enforcement to cyber securityHow important privacy is to securityThe importance of supply chain to availability

Discussed Links & Follow-up

Hex Editor - https://www.pcmag.com/encyclopedia/term/hex-editorTELNET - https://www.pcmag.com/encyclopedia/term/telnetLink for Thom Langford episode - https://www.buzzsprout.com/1892704/10255518The Hymn of the Great A?Tuin - https://discworld.fandom.com/wiki/Great_A%27TuinPurdue Model - https://en.wikipedia.org/wiki/Purdue_Enterprise_Reference_ArchitectureBlind Men & the Elephant - https://americanliterature.com/author/james-baldwin/short-story/the-blind-men-and-the-elephantChristmas Tree Scan - https://nmap.org/book/scan-methods-null-fin-xmas-scan.htmlNERC CIP Standards - https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspxNetflix Chaos Engineering - https://netflixtechblog.com/tagged/chaos-engineering

About Spencer Wilcox
Spencer Wilcox is Executive Director of Technology and Chief Security Officer at PNM Resources, an investor owned utility headquartered in Albuquerque, NM. Spencer is accountable for the secure operations of enterprise IT and OT Infrastructure, Network and Telecommunications, Technology Innovation and the Cyber and Physical Security of the enterprise and the electric grid. In this role he strategically leads leaders to continuously improve operational effectiveness using a risk based approach to technology and security.

Spencer is a nationally recognized speaker, and regular contributor to (ISC)2, ASIS, and SC Congress events. He regularly serves in volunteer capacities to improve cyber security, technology innovation and economic development. He currently serves as Vice Chair of the ICCS committee for the Electric Power Research Institute, and as co-chair of the Security and Technology Policy Executive Advisory Committee for the Edison Electric Institute. 

He has previously served as a judge in the SC awards, and Maryland Cyber awards and as a volunteer on the boards of directors for the Virginia Crime Prevention Association, the Cybersecurity Association of Maryland, Inc, and the Fort Meade Alliance. 

LinkedIn: https://www.linkedin.com/in/spencerwilcoxcisspTwitter: @brasscount Email: 

Storytelling is a powerful medium to help get messages across and one feature is the ability to deliver humor into the story. 

In today's episode we interview Jim Shields, an author, actor, director and now cybersecurity expert. Jim is the director of the popular KnowBe4 video series, The Inside Man. He discusses with our hosts the use of comedy and drama in video and storytelling.
 
Mr. Jim Shields eleven years working in comedy increased his storytelling capabilities to become a successful film director and storyteller of cybersecurity lessons. 

KnowBe4 Blog - https://blog.knowbe4.comInside Man Series - https://www.knowbe4.com/inside-manTwist & Shout: https://www.twistandshout.co.uk/

LinkedInJim Shields: https://www.linkedin.com/in/jimshieldstwistandshout/Erich Kron - https://www.linkedin.com/in/erichkron/Jelle Wieringa - https://www.linkedin.com/in/jellewieringa/James McQuiggan - https://www.linkedin.com/in/jmcquiggan/Jim Shields, Author:Once More With Feeling Jim Shields Tedx Talkhttps://www.youtube.com/watch?v=ORSV532LkXMAnnouncer: Sarah McQuiggan (sarahmcquiggan.com)

In this week's episode, we speak with industry veteran and self-described recovering CISO Thom Langford.

We discuss how Thom got into cybersecurity and became a CISO. Whether a CISO needs to be technical or not, and what differentiates a conventional CISO from a virtual CISO. 

Thom also explained the benefits of storytelling, the use of videos humor, and how to influence security culture.

We also hear about Thom's biggest security mistake.



Show Links

KnowBe4 website - https://blog.knowbe4.comLinkedInThom Langford - https://www.linkedin.com/in/thomlangford/Erich Kron - https://www.linkedin.com/in/erichkron/Jelle Wieringa - https://www.linkedin.com/in/jellewieringa/James McQuiggan - https://www.linkedin.com/in/jmcquiggan/ZX 81 (pronounced Zed-X) - https://en.wikipedia.org/wiki/ZX81ZX Spectrum (pronounced Zed-X) - https://en.wikipedia.org/wiki/ZX_SpectrumHost Unknown Videos - https://www.youtube.com/user/HostUnknownTVLost all the Money, Accept the RiskTom?s vCISO Blog - https://thomlangford.com/2019/02/25/opening-a-new-door-of-opportunitySeagull Management - https://en.wikipedia.org/wiki/Seagull_managementWheaton?s Law - http://www.wheatonslaw.com

This months guest is KnowBe4's SVP Content Strategy & Evangelist for Africa and founder of Popcorn training, Anna Collard. 

In this episode, Anna shares what it means to be creative and how creativity can benefit cyber security - especially when it comes to delivering content. 

Being a female CEO and founder of a company can also be challenging, and Anna sheds some light on what that journey was like for her too. Including what biases exist, and how she even fell for her own biases. 

The Security Masterminds second guest is KnowBe4's Chief Research Officer Kai Roer, who founded CLTRe in 2015 to accurately answer the question, "how do you measure Security Culture?"

In this episode, Kai explains what got him interested in Culture and what we can all learn from it. In addition to understanding how we can measure our security culture, what steps can be taken to strengthen it, and grow it. 

We examine the journey organisations are taking along their ABC's. Awareness, behaviour, and culture. 

The Security Masterminds podcast?s first guest is KnowBe4?s SVP of Emerging Tech Insights Dr. Lydia Kostopoulos, who became interested in the cybersecurity space after experiencing 9/11 as a freshman in college. After that, she decided to pursue her educational studies in cybersecurity. 

During this podcast, Dr. Kostopoulos explores the state that we are in today, known as the fourth industrial revolution. This consists of AI, DNA editing, nano technologies, mixed media, smart sensors and quantum computing, just to name a few. 

We are at the dawn of a new infrastructure being built for things like smart cities, autonomous vehicles, etc. This new era is creating a cybersecurity skills gap given the plethora of new technologies and the rapid pace at which things are changing and developing. As long as technology changes, you need to continue to upskill.