Cyber Work

Join us for the June 2024 edition of Cyber Work Live! This episode is dedicated to answering questions about cybersecurity certifications, training, and careers. Our expert panel, including Confidence Stavely, Akyl Phillips, and Robert McMillen, share invaluable insights for newcomers and career changers in cybersecurity. Topics covered include navigating the certification landscape, overcoming imposter syndrome, transitioning from other careers, and the importance of networking. Tune in for actionable advice and strategies to kickstart your cybersecurity career!

00:00 - Welcome to Cyber Work Live: June 2024 Edition
00:40 - Meet the panel: Confidence Stavely
01:48 - Meet the panel: Akyl Phillips
02:37 - Meet the panel: Robert McMillen
03:31 - Advice for cybersecurity newcomers
03:53 - Common questions from cybersecurity students
05:13 - Guidance for women in cybersecurity
10:11 - Early career mapping in cybersecurity
11:54 - Certifications and entry-level jobs
17:07 - Physical requirements in cybersecurity
18:37 - Learning how you learn: Education paths
22:01 - Cyber girls program: Structure and insights
28:38 - Self-paced learning options
30:05 - Live boot camps overview
31:42 - Immersive boot camps
32:31 - The importance of continuous learning
33:46 - Staying updated in cybersecurity
40:30 - Networking and community building
49:23 - Transitioning to cybersecurity careers
59:19 - Final thoughts and resources

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today’s Cyber Work Hacks is for security novices, people just getting started in learning cybersecurity and looking for their career path. Professor Robert McMillen is an Infosec Skills path author, and he gives you some fantastic advice for making the decisions at the very beginning to help you steer your career to all the places you want to go! To get your cybersecurity career started, make sure to check out today’s Cyber Work Hack. 

0:00 - First starting out in cybersecurity
1:28 - Cybersecurity career map
5:41 - Advice for career road mapping
9:11 - Leaning into your interests via education
12:28 - Advancing your cybersecurity career
15:56 - Cybersecurity skills to learn 
17:21 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, Jonathan Gill, CEO of Panaseer, joins me to talk about the stress-filled role of the Chief Information Security Officer. Jonathan notes that the most challenging part of a CISO’s role, especially the CISO of a large, complex company, is the lack of full view of the organization’s assets and points of vulnerability. Jonathan tells us how Panaseer is working to create a trusted and validated system of record to ensure accurate and good faith recording of actions, strategies, and decisions to accept or mitigate business risks. All this, and a discussion of the CISO as one of the story-makers in the C-suite, today on Cyber Work!

0:00 - Firing CISO's after cybersecurity breaches
4:23 - First interest in cybersecurity and tech
7:41 - Working with cybersecurity leaders across the world
11:17 - International sales work
19:12 - Stave off burnout as a CISO
28:20 - Notion of asset detection
32:06 - Culture of sacking CISOs
43:06 - Better CISO involvement
49:09 - Cybersecurity career mapping strategies
57:13 - Learn more about Jonathan Gill and Panaseer
59:09 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, I’m introducing you to Dr. Georgianna, or “George” Shea, the chief technologist at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation. Shea finds new and developing technologies and develops pilot programs for implementation in a variety of locales, including DoD, the government sector and critical infrastructure. We talk about Shea's first taste of security, learn what it’s like to be knowledgeable in several dozen connected security spaces rather than being the all-knowing authority in one (and the knowledge that outside of the dozens you know, there are hundreds more to learn) and we answer the burning question: “Why don’t any of my interns know what NIST is?” All this, and some more talk about the security of the U.S. water supply (because you know I’m never going to stop asking about that), on today’s episode of Cyber Work! 

0:00 - Cyber resilience
5:19 - George Shea's early cybersecurity interest
6:41 - How has cybersecurity changed in two decades?
8:53 - Learning cybersecurity in the early days
14:22 - Chief engineer at MITRE
21:00 - Work with the Foundation for Defensive Democracies
28:48 - Technology's pace versus policy
31:25 - Cyber-informed engineering
34:02 - Cybersecurity on old systems
35:29 - Cyber resilience and defense
41:41 - Working in cyber resiliency 
44:01 - Why do so few know what NIST is?
48:36 - The current state of state security 
54:33 - Best career advice
56:11 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks are helping train the red teamers and blue teamers of tomorrow with our boot camps and study materials for the CEH exam. But how does ethical hacking proficiency translate into a satisfying career? Infosec’s CEH boot camp instructor Akyl Phillips has plenty of strategies to help you get focused and stay focused on your studies, some excellent tips for keeping on top of the latest security changes and innovations, and how you’re going to push past uncertainty and into the work of putting one foot in front of another in your quest to become a bona-fide, in-demand ethical hacker! Keep the enthusiasm up when you check out today’s Cyber Work Hack.

0:00 - Ethical hacker career
1:57 - Testing for the CEH certification
2:55 - Career paths to pursue with CEH certification
5:08 - Working in pentesting or ethical hacking
7:55 - Unglamours side of ethical hacking
9:49 - How to keep up with new tech
11:39 - Switching careers to ethical hacking
12:45 - Preparing for a CEH role interview
13:23 - Don't fear a cybersecurity career
15:03 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, I talked with Etay Maor, Chief Security Strategist with Cato Networks. Etay is a founding member of the Cato Cyber Threats Research Lab, or CTRL — see what they did there? — and he joins me to talk about their first CTRL report on attack patterns and methods. We’re going to talk about the most common attack vectors, why Log4J still rules the roost even against newer and flashier exploits, and we go deep into the many paths you can take to become a threat researcher, threat analyst, reverse engineer, and lots more. That’s all on today’s episode of Cyber Work!

0:00 - Intro
4:10 - First interest in cybersecurity and tech
5:15 - Becoming chief security strategist
8:15 - Working in cybersecurity project management
12:07 - Hacker targets and AI
15:04 - The dark web and security access
16:03 - The CTRL report in brief
20:23 - Health care cybersecurity
22:49 - Different cyberattacks in different industries
25:10 - Using security tools as a gateway
27:03 - AI-enabled cyberattacks
33:14 - Careers as a cybersecurity threat researcher
36:09 - Figuring out where to specialize in cybersecurity
41:31 - Important cybersecurity skills and experience
45:58 - Hiring in cybersecurity
49:30 - Future changes in AI and cyber tools
55:38 - What is Cato Networks?
57:13 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

How does a childhood curiosity turn into a groundbreaking career in identity and access management? Join us for an engaging conversation with David Lee, the Identity Jedi, as he recounts his fascinating journey from tinkering with computers as a child to becoming a sought-after expert in IAM. Lee shares the pivotal moments and unexpected opportunities that transformed his career, providing invaluable insights for anyone looking to break into the cybersecurity field. We explore the essential technical and soft skills that have propelled Lee to the forefront of his industry, along with his unique strategies for navigating complex IAM landscapes.

0:00 - Identity Access Management (IAM)
3:04 - First interest in cybersecurity 
8:32 - Identity and access management cybersecurity 
13:38 - Computer science and higher education 
18:00 - Necessary soft and hard skills for IAM
22:16 - Larger organizations and IAM
24:21 - Defining identity in cybersecurity
29:18 - Variety of identity ideas
33:03 - African American representation in cybersecurity 
38:28 - Cybersecurity equity
41:33 - Financial inequity and working in cybersecurity
48:35 - Cybersecurity solutions for more equitable hiring
53:22 - Less racism in the tech industry 
57:51 - Best piece of cybersecurity career advice
59:13 - What is identity Jedi?
1:00:04 - Outro 

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, Tom Siu, CISO of Inversion6, joins the podcast to talk about cyber diplomacy! As Siu says at the start of the show, the internet has no borders. It’s like water. There are pathways and choke points, but there is no ownership by any one country or entity. How does that influence international diplomacy? Siu discusses possible scenarios for the future of cyber diplomacy, and skills and backgrounds that make you a good fit for this work. This is a great episode for our job changers, especially as this work requires strong backgrounds from a variety of tech and non-tech careers, but as always, there’s lots to learn, no matter your skill level or background, on today’s episode of Cyber Work. 

0:00 - Work in cyber diplomacy
4:36 - First interest in cybersecurity
7:01 - Learning by breaking
8:58 - Working as a CISO
17:44 - Reading and learning different job languages
21:15 - Career and personal resiliency 
25:42 - The impact of cyber on foreign policy
35:14 - Working in cybersecurity foreign policy
38:24 - The military and cyber diplomacy
43:11 - Emerging trends in cyber diplomacy
48:52 - Skills you need to work in cybersecurity
54:20 - Best cybersecurity career advice
56:12 - Learn more about Inversion6
59:25 - Outro 

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks are here to help you pass the CEH, or Certified Ethical Hacker exam. For today’s Hack, Akyl Phillips, Infosec bootcamp instructor in charge of the CEH/Pentest+ dual-cert bootcamp, walks us through four sample CEH questions, explaining the logic behind each answer and discounting the wrong ones with explanations, allowing you to reach the right answer in a logical and stress-free way. This episode is a real eye-opener for aspiring red teamers, so keep it here for this Cyber Work Hack! 

0:00 - Mastering the CEH exam
2:42 - Types of CEH exam questions
3:32 - CEH exam question examples
12:08 - Why a CEH boot camp is helpful 
13:44 - How long is the CEH exam?
14:37 - Best CEH exam advice
15:18 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Zarik Megerdichian, the co-founder of personal privacy controller company Loop8, joins me in breaking down the recent Roku breach, which landed hackers a whopping 15,000 users' worth of vital data. Megerdichian and I discuss the failings of the current data collection and storage model while moving to a model in which biometrics is the primary identification method, coupled with a system of contacts who can vouch for you in the event that your device is lost or stolen. It’s another interesting approach to privacy and online identity in the age of the never-ending breach announcement parade.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Roku's data breach
1:54 - First, getting into computers
5:45 - Megerdichian's company goals
9:29 - What happened during the Roku data breach?
11:20 - The state of data collection
14:16 - Uneccesary online data collection
16:26 - Best data storage protection
17:56 - A change in data collection
20:49 - What does Loop8 do?
24:09 - Deincetivizing hackers
25:21 - Biometric account recovery
30:09 - How to work in the biometric data field
33:10 - Challenges of biometric data recovery work
34:46 - Skills gaps in biometric data field
36:59 - Megerdichian's favorite part of the work day
37:46 - Importance of cybersecurity mentorship
41:03 - Best cybersecurity career advice
43:33 - Learn more about Loop8 and Megerdichian
44:34 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, I’m very excited to welcome Debbie Reynolds, the Data Diva herself, to discuss data privacy. Reynolds developed a love of learning about data privacy since working in library science, and she took it through to legal technologies. She now runs her own data privacy consultancy and hosts the long-running podcast “The Data Diva Talks Privacy Podcast.” We talk about data privacy in all its complex, nerdy, and sometimes frustrating permutations, how GDPR helped bring Reynolds to even greater attention, how AI has added even more layers of complexity and some great advice for listeners ready to dip their toes into the waters of a data privacy practitioner career.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Data privacy
3:29 - First, getting into computers
7:46 - Inspired by GDPR
9:00 - Pivoting to a new cybersecurity career
12:01 - Learning different privacy regulation structures
15:17 - Process of building data systems 
17:41 - Worst current data privacy issue
20:57 - The best in AI and data privacy
22:15 - The Data Diva Podcast
25:24 - The role of data privacy officer
30:36 - Cybersecurity consulting
36:21 - Positives and negatives of data security careers
39:34 - Reynolds' typical day
41:11 - How to get hired in data privacy
48:38 - The best piece of cybersecurity career advice
50:25 - Learn more about the Data Diva
51:14 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and the Cyber Work Hacks podcast are here to help you pass the Certified Ethical Hacker (CEH) exam! So for today’s hack, we’re talking about bootcamps. The CEH exam, no matter how you slice it, is an exam that is the definition of the phrase, “It’s a marathon, not a sprint.” With 125 questions and four hours to answer them, there’s as much of a mental game at work here that’s much more than rote memorization of terms and tools. That’s why I wanted to get an insider’s look from Infosec boot camp instructor Akyl Phillips! Phillips will explain what the Infosec five-day CEH boot camp is like, the learning and retention strategies you’ll employ, and all the ways that bootcamp training can help you pass on the first try. Phillips has taught pentesters and red teamers at all levels from sheer beginners to people already in the field, and this episode is a look into how it works. Book yourself a front-row seat for another Cyber Work Hack.

0:00 - How to pass the CEH exam
3:17 - What is a CEH boot camp?
4:02 - Things to know before the CEH exam
5:30 - How does the CEH exam test practical skills?
6:46 - The day-to-day of an Infosec boot camp
11:08 - What is CEH exam day like?
12:14 - Is a cybersecurity boot camp right for me?
13:12 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, my guest is Raj Ananthanpillai, CEO of Trua, a company that is steeped in the current issues around digital credentials and data privacy. As you’ve no doubt heard, AT&T reported a data breach that compromised the personal information of approximately 7.6 million users! Ananthanpillai discusses Trua’s mission to leave data thieves holding an empty treasure chest, discusses his past work in creating TSA PreCheck and gives a bunch of great ideas and advice for making sure that you’re always thinking beyond your current position by learning and creating your way upward! All that, and a WHOLE bunch of vitriol at the industry-standard collecting of social security numbers, today on Cyber Work!

0:00 - Revolutionizing data privacy
4:20 - How Ananthanpillai got into cybersecurity
6:11 - Work as a cybersecurity CEO
9:25 - Fast tracking in cybersecurity roles
11:08 - Take your first steps in cybersecurity work
13:01 - Founding Trua
17:50 - New digital security protocols
21:10 - AT&T data breach
27:03 - How to stay safe from data breaches
29:58 - How to work in data privacy
35:14 - Skill gaps in data privacy work
37:05 - Best cybersecurity career advice
38:26 - Learn more about Trua
41:00 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Mark Toussaint of OPSWAT joins to talk about his work in securing operational technology, and specifically about his role as product manager. This is an under-discussed job role within security, and requires great technical expertise, intercommunication skills and the ability to carry out long term campaigns on a product from, as he put it, initial brainstorming scribblings on a cocktail napkin through the creation of the product, all the way to its eventual retirement. Learn what it takes to connect security engineering, solutions experts, project management, and more in the role of security product manager, and how OT security connects fast, flexible IT and cybersecurity with systems that, as Toussaint put it, might be put in place and unmodified for 15 or 20 years. It’s not that hard to connect the worlds, but it takes a specific skill set.

0:00 - Working in operational technology
1:49 - First getting into cybersecurity and tech
3:14 - Mark Toussaint’s career trajectory
5:15 - Average day as a senior product manager in OPSWAT
7:40 - Challenges in operational technology
9:11 - Effective strategist for securing OT systems
11:18 - Common attack vectors in OT security
13:41 - Skills needed to work in OT security
16:37 - Backgrounds people in OT have
17:28 - Favorite parts of OT work
19:47 - How to get OT experience as a new industry worker
21:58 - Best cybersecurity career advice
22:56 - What is OPSWAT
25:29 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Cyber Work Hacks knows that you have what it takes to pass the Certified Ethical Hacker (CEH) exam! And you don’t have to do it alone! Infosec’s CEH boot camp instructor Akyl Phillips gives you his top tips and tricks for taking the exam! Phillips breaks down the common formats for CEH questions, talks common mistakes people make while taking the exam and why it’s not the end of the world if you fail the CEH on the first time (especially if you do it with an Infosec CEH/Pentest+ dual-cert boot camp). As Phillips puts it, first you have to get to know the beast, and that will allow you to slay the beast! Sharpen your tools and get down to business with this Cyber Work Hack.

0:00 - Certified ethical hacker exam
1:42 - What is ethical hacking and the roles using it?
2:46 - Tips and tricks for taking the CEH exam
3:32 - Tools to have before the CEH exam
5:09 - Common mistakes people make with the CEH exam
6:11 - What if I fail the CEH exam?
7:02 - Will I get CEH exam feedback?
7:49 - Best piece of advice for CEH exam day
8:55 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, we’re talking about last September’s breach of the MGM Grand Casino chain, an attack that lead to a week of tech failure, downtime and over a hundred million dollars in lost revenue. The attackers were able to get in via a point that my guest, Aaron Painter of Nametag Inc, said is a common point of failure: the request for a password and credential reset from the helpdesk, and the ever-frustrating “security questions” approach to making sure you are who you are. Nametag is built to create an alternative to security questions and go beyond MFA to create a method of verification that is even resistant to AI Deepfake attempts! 

This conversation goes into lots of interesting spaces, including career mapping, the importance of diverse design teams and the benefits of security awareness training, plus you get to learn about an amazing piece of emergent tech!

0:00 - A new method of online verification
3:15 - First getting into cybersecurity and computers
7:03 - Aaron Painter's work experiences 
10:37 - Learning cybersecurity around the world
11:32 - Starting Nametag
16:25 - Average work week as Nametag CEO
19:10 - Cybersecurity learning methods
21:15 - The MGM cyberattack explained
26:07 - MGM fail safes bad actors surpassed 
29:26 - Security awareness training 
31:35 - Are data breaches the new normal
34:05 - How Nametag safeguards online data
37:59 - AI deepfakes 
40:19 - Using Nametag
42:20 - How to learn AI deep fake defense
44:14 - Design choices in digital identity 
45:54 - Different backgrounds in cybersecurity 
46:59 - Aaron Painter's favorite part of his work
48:01 - Best cybersecurity career advice
49:00 - Learn more about Nametag
50:06 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work hacks can help you pass Cisco’s CCNA certification exam! But what if you think you’re not ready to make that jump? What would it take for you to jump into the study of the CCNA with both feet? Infosec’s CCNA boot camp instructor Wilfredo Lanz wants you to know that you can be ready to start the big learning a lot faster than you think, and tells us why some of his most entry-level students often do better on the test than their more established classmates. If the prospect of passing the CCNA on the first try got you fired up, well, that’s the point! Keep the excitement coming, and check out today’s Cyber Work Hack.

0:00 - Cisco's CCNA certification exam
0:57 - Who enrolls in an Infosec CCNA boot camp
2:50 - What should you know before studying for the CCNA?
3:50 - What does a CCNA certified IT network professional do?
6:42 - Ensuring you're ready to take on CCNA
9:59 - How to gain networking experience
11:39 - Become an IT and networking professional
12:50 - Outro

Learn more about the CCNA: https://www.infosecinstitute.com/training/ccna/

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, I’ve got a big guest for you. Jeffrey Brown, Faculty at IANS Research, is also the chief information security officer for, not a company, not for a healthcare organization, but for the entire state of Connecticut! Brown walks me through the scope and reach of a state-wide CISO, a country-wide move toward a “whole of state” strategy and, frankly, I spend an awful lot of time talking to Brown about where he finds the time to do all the things he does.

0:00 - Being CISO of an entire state
1:50 - Early interest in computer, tech and security
5:17 - A communication background in cybersecurity
7:31 - Cybersecurity career time management
13:59 - Working as a CISO of a state
15:45 - How to prepare for a CISO role at the state level
18:51 - What does a CISO do for a U.S. state?
25:50 - State cybersecurity approach
27:41 - Cyber attacks and challenges states face
32:00 - Is cybersecurity awareness a waste of time?
37:31 - Skills needed to work in cybersecurity for the state
40:11 - Learning how to lead in cybersecurity
43:20 - Favorite parts of state cybersecurity
44:19 - Resources to improve cyber hygiene
46:14 - Best piece of cybersecurity career advice
48:47 - Learn more about Jeffrey Brown
49:33 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

This is a very wide-ranging and inspiring episode – whether you’re slogging through cert study or hitting a wall trying to figure out your next career pivot, my talk with Jeff will absolutely give you a new perspective. Keep it right here for Cyber Work! 

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, we continue our deep dive into industrial control systems and operational technology security by talking with Donovan Tindill of DeNexus. Now, I’m just going to come out and say it: Tindill's episode is like a cybersecurity career seminar in a box, and a must-not-miss if you’re interested in not just ICS and OT security, but specifically the realm of Risk Assessment. Tindill brought slides and literally lays out his entire career for us to see, including the highs and even some of the lows, and what he learned from them. He explains the fuzzy distinctions between ICS security and the act of determining risk for said systems, gives us a 60 year history of the increasing attack surface and number or risk types associated with operational technology, and gives us tons of great career advice and ways to get started.

0:00 - Careers in operational technology
2:01 - Donovan Tindill's interest in tech
5:30 - Tindill's career roles in cybersecurity
10:42 - The jump to a supervision role
13:19 - Average day for a director of OT cybersecurity
18:39 - Volunteerism with Public Safety Canada
22:57 - Tindill's talk on active directory a decade later
23:43 - Current operational technology challenges
29:26 - New SEC regulations
33:54 - Thoughts on the SEC regulations
35:37 - How to work in OT, ICS or risk assessment
40:34 - Skill gaps for OT, ICS and risk management
42:44 - Tindill's favorite work
45:36 - Best cybersecurity career advice
48:22 - What is DeNexus?
52:22 - Learn more about Tindill and DeNexus
53:22 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks podcast want to help you pass the CCNA exam! So, for today’s hack, let’s talk boot camps. The CCNA is an intimidating exam, especially if you’re trying to go it alone, just you and your self-study book. That’s why I’d like to introduce you to Infosec’s CCNA boot camp instructor, Wilfredo Lanz! He will explain what the Infosec 5-day CCNA boot camp is like, the learning and memorizing strategies you’ll employ and how boot camp training can help you pass on the first try. Lanz helps his students with every networking question, and students who commit to those five intensive days will see significant results. 

0:00 - What is a CCNA boot camp like? 
1:40 - Boot camp training versus university
6:37 - Do I need to bring anything to CCNA boot camp?
7:23 - Take CCNA exam after boot camp
8:25 - Advice for taking a CCNA boot camp
9:46 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, we are talking operational technology, or OT, security with guest, Robin Berthier of Network Perception. From his earliest studies to his time as an academic researcher, Berthier has dedicated his career to securing the intersection between operational technology and network security, with some pretty imaginative solutions to show for it. In today’s episode, Berthier explains why modern OT security means thinking more about the mechanics of the machinery than the swiftness of the software solutions, the big conversation that infrastructure and ICS Security need to have about nation-state attackers (and finally are having!) and Berthier's best piece of career advice turns into some excellent thoughts on the importance of maintaining your network… and I don’t mean routing and switching!

0:00 - Industrial control systems cybersecurity
1:54 - How Robin Berthier got into tech
3:38 - Majoring in cybersecurity
4:55 - Intrusion detection systems
9:18 - Mechanical and cybersecurity tools
12:33 Launching Network Perception
17:03 - Current state of ICS and OT infrastructure
20:24 - Cyberattacks on industrial control systems
28:35 -Skills needed to work in industrial control systems
35:19 - Where are ICS security jobs?
36:39 - Getting into local OT systems
37:55 - Skills gaps in ICS
39:21 - Best piece of career advice
41:01 - Cultivating a work network
43:28 - What is Network Perception?
45:27 - Learn more about Robin Berthier
45:58 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, our deep-dive into manufacturing and operational technology (OT) cybersecurity brings us to the problem of endpoint security. Tom Molden, CIO of Global Executive Engagement at Tanium, has been grappling with these problems for a while. We talk about his early, formative tech experiences (pre-Windows operation system!), his transformational position moving from fiscal strategy and implementation into his first time as chief information officer and talk through the interlocking problems that come from connected manufacturing devices and the specific benefits and challenges to be found in strategizing around the endpoints. All of the endpoints.

0:00 - Manufacturing and endpoint security
1:44 - Tom Molden's early interest in computers
4:06 - Early data usage
6:26 - Becoming a CIO
10:29 - Difference between a CIO and CISO
14:57 - Problems for manufacturing companies
18:45 - Best CIO problems to solve in manufacturing
22:51 - Security challenges of manufacturing
26:00 - The scop of endpoint issues
33:27 - Endpoints in manufacturing security
37:12 - How to work in manufacturing security
39:29 - Manufacturing security skills gaps
41:54 - Gain manufacturing security work experience
43:41 - Tom Molden's best career advice received
46:26 - What is Tanium
47:58 - Learn more about Tom Molden
48:34 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks are here to help you pass the CCNA exam! For today’s Hack, Wilfredo Lanz, Infosec bootcamp instructor in charge of Cisco’s CCNA certification, walks us through four sample CCNA questions, walking through each answer and discounting the wrong ones with explanations, allowing you to reach the right answer in a logical and stress-free way. And the only way you’re going to see it is by staying right here for this Cyber Work Hack!

0:00 - CCNA exam sample questions
1:31 - Different types of CCNA exam questions
3:34 - First CCNA exam sample question
8:34 - Second CCNA exam sample question
13:52 - Third CCNA exam sample question
20:47 - Fourth CCNA exam sample question
25:22 - Infosec CCNA boot camp practice exam
27:04 - Advice for CCNA exam day
28:46 - Outro

Learn more about the CCNA: https://www.infosecinstitute.com/training/ccna/

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

AT&T Cybersecurity’s head of evangelism, Theresa Lanowitz, is today's guest. Lanowitz has amazing and wide-ranging career achievements, from her time with analyst firms Gartner and Voke, work on Java’s JBuilder environment and strategic marketing for the Jini Project, which was proto-IoT going back to the late ‘90s! With all of these incredible stories, we talked far and wide about manufacturing security concerns, she breaks down the key pain points around edge computing and talks extensively about her love of both the English language and programming languages of all sorts. They all have grammar, they all have style, and if you’re a linguist or a lover of learning new languages, perhaps computer languages are an opportunity you hadn’t pursued? All that and a ton more – seriously, I could have talked to Lanowitz for hours – on today’s episode of Cyber Work.

0:00 - Manufacturing security 
 2:02 - Theresa Lanowitz’s early interest in computers
 3:52 - Learning programming languages in the early days
 6:12 - English language’s connection to programming language
 8:24 - Evolution of programming language
 11:55 - How language impacts programming
 13:52 - Lanowitz’s cybersecurity career
 17:20 - An average day as head of cybersecurity evangelism
 22:53 - Edge computing use in manufacturing
 26:35 - Biggest security issues in manufacturing
 30:02 - The bad actors in manufacturing security
 33:41 - Manufacturing cybersecurity technology
 39:02 - Skills needed to work in manufacturing cybersecurity
 41:00 - Biggest skills gaps in manufacturing security
 41:44 - Best cybersecurity career advice
 42:15 - Where are manufacturing security issues heading?
 45:06 - Security issues with third-party vendors
 47:53 - Learn more about AT&T cybersecurity 
 48:48 - Learn more about Theresa Lanowitz
 49:04 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Thomas Pace of NetRise talks about industrial control systems security. We’ll learn about Pace's time in the United States Marine Corps in cyber-intelligence, his move to forensics and then ICS and why the greatest asset a security professional can have is the ability to find, clearly see and create narratives. I always find ICS professionals to be fascinating, and Pace took us down some new paths, so if you’re also interested in ICS Security, keep it here for today’s episode of Cyber Work!

0:00 - Industrial Control Systems security
1:39 - How Pace got into cybersecurity
4:31 - The speed of cybersecurity's change
5:20 - Pace's career in cyber intelligence
10:08 - Importance of cybersecurity analysis
10:55 - Current state of ICS and infrastructure security in the U.S.
25:22 - How to work in ICS security
32:52 - Manufacturing security issues
38:00 - Security risks for cranes
40:51 - Best ICS security advice
44:09 - Best cybersecurity career advice
46:15 - What is NetRise?
47:40 - Learn more about Pace
48:25 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks want you to pass the Cisco CCNA exam! To help you do that, Infosec’s CCNA Boot Camp instructor Wilfredo Lanz gives you his top tips and tricks for taking the CCNA exam! Lanz will give you some advice for narrowing down the right answer by eliminating the obviously wrong ones, common mistakes people make while taking the exam and what to do if, for some reason, you don’t pass on the first try. And most importantly, why you must take the practice exams before the test. And then retake them. And again! 

0:00 - CCNA exam tips 
1:43 - What does the CCNA cover? 
4:50 - Tricks for taking the CCNA exam 
5:55 - Common CCNA exam mistakes 
7:17 - What if you fail the CCNA exam? 
8:40 - Best piece of advice for CCNA exam day 
9:53 - Outro 

About Infosec 

Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Cyber Work Hacks is back to keep you updated with the CISSP exam! Infosec boot camp instructor Steve Spearman joins me to tell us about the new changes to the CISSP’s common body of knowledge (CBK) and how the changes to the CBK should (or shouldn’t!) affect your study and preparation for the exam! Keep learning, and keep it here for another Cyber Work Hack.

– Learn more about the CISSP: https://www.infosecinstitute.com/training/cissp/
– Get your free ebook, "CISSP exam tips and tricks (to ace your exam on the first try)": https://www.infosecinstitute.com/form/cissp-exam-tips-ebook/
 
0:00 - CISSP exam common body of knowledge 
1:16  - Changes to CISSP's CBK
7:45 - Why did CISSP make CBK changes?
9:17 - How to study for the CISSP
11:37 - Most important CISSP exam items 
14:04 - Best advice for taking the CISSP exam
15:03 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks are here to help you pass the CISSP exam. Today’s Hack is part two, so I encourage you to go back and listen to part one of Steve Spearman’s CISSP exam tips and tricks. In part two, I pass the mic to Spearman to give you his top five test-taking strategies for the CISSP. What’s the Sesame Street rule? How does the CISSP feel about absolutes? Keep it here, and you’ll find out in part two of this week’s Cyber Work Hack. 

– Learn more about the CISSP: https://resources.infosecinstitute.com/overview/cissp/
– Get your free ebook, "CISSP exam tips and tricks (to ace your exam on the first try)": https://www.infosecinstitute.com/form/cissp-exam-tips-ebook/

1:30 - Look for absolutes in questions
3:17 - The Sesame Street principle 
4:45 - Watch for algebraic equations 
6:23 - Look for the "golden words"
7:38 - Change management is likely the answer
8:55 - Keep an eye on senior management and impact
10:19 - Think like a CISO
11:53 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks are here to help you pass the CISSP exam! This is part one of a two-part Cyber Work in which Infosec’s CISSP boot camp instructor Steve Spearman gives you his top tips and tricks for taking the CISSP exam! In part one, we’ll talk about what makes the CISSP such a difficult exam, common mistakes people make while taking the exam and what to do if, heaven forbid, you don’t pass on the first try. You don’t have to do this alone, but you need to listen to Spearman's suggestions.

– Learn more about the CISSP: https://resources.infosecinstitute.com/overview/cissp/
– Get your free ebook, "CISSP exam tips and tricks (to ace your exam on the first try)": https://www.infosecinstitute.com/form/cissp-exam-tips-ebook/

0:00 - CISSP exam tips
1:43 - What makes the CISSP challenging? 
4:51 - Common mistakes taking the CISSP
8:00 - Tricks for taking the CISSP test
11:40 - Advice on retaking the test
16:05 - Best advice for CISSP exam day
16:36 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Alicia Olson, VP of Communications at Optiv, is today's guest. Olson came to cybersecurity from the oil and gas sector. She tells us how she got interested in communications for security professionals, explains how she turned Optiv’s distributed workforce into a cohesive unit and gives CISOs some crucial advice and ideas for dealing with that moment that no one wants to have to explain — the inevitable security breach. 

0:00 - What do CISOs need in 2024?
1:40 - Working in communications
3:50 - Average workday as a VP of communications
6:56 - Cybersecurity issues with communications 
9:50 - Why work in cybersecurity communications? 
13:00 - How to enter cybersecurity communication roles
17:50 - Women mentoring women in cybersecurity 
19:35 - Supporting DEI in cybersecurity
23:00 - Biggest problems for CISOs in 2024
25:05 - Missing CISO skills you should learn
27:38 - Remediation in cybersecurity communication
29:30 - Olson's best piece of career advice
30:15 - Learn more about Optiv
30:55 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and the Cyber Work Hacks podcast are here to help you prepare for and pass the CISSP exam from ISC2. For today’s hack, we’re talking boot camps. If you’ve been preparing for the Certified Information Systems Security Professional (CISSP) study guide for six months or more, you might learn better in a concentrated, focused environment with expert instruction. 

And that expert is Infosec boot camp instructor Steve Spearman, who has helped hundreds of learners prepare for and pass their CISSP. Steve will walk you through what the Infosec 7-day CISSP boot camp is like, which can make the difference between passing on the first try and the headache and heartache of having to re-sit the exam. 

0:00 - What is a CISSP boot camp?
1:37 - A boot camp versus university cybersecurity education
2:47 - What is a cybersecurity boot camp schedule like? 
6:54 - Cybersecurity boot camp communication 
9:50 - Cybersecurity boot camp homework
12:13 - Taking a cybersecurity certification exam
15:44 - Is a cybersecurity boot camp right for me? 
17:36 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Don't believe the movies and TV shows — ethical hacking is not done by frantically typing on the keyboard in a race against the clock.

What's a career in ethical hacking and penetration testing really like? Join our panel of experts who have worked in the field for decades to find out!

In this one-hour live event, we'll cover:

0:00 - Ethical hacking fact vs fiction
7:45 - First, getting into cybersecurity
12:00 - Does ethical hacking fiction affect people?
19:20 - Cybersecurity students in higher ed
26:17 - Qualifying for penetration testing jobs
31:21 - A real-life cybersecurity attack
42:30 - Does Hollywood inspire cybersecurity workers?
44:30 - U.S. Cybergames
47:40 - Infosec Skills and real-life learning
50:35 - Cybersecurity career jump
53:30 - Criminal justice and cybersecurity
56:25 - From IT support to cybersecurity
59:00 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work hacks want to help you pass the Security+ exam! We have three separate hacks on this channel to help you through the process of studying for and taking the exam. But what about in the years after, when it’s time to get ready to recertify? Infosec boot camp instructor Tommy Gober walks you through all the different ways you can earn your continuing education units (CEU), how many you need to re-certify your Security+ and some less-known activities that can keep your CEU numbers rising and make ongoing learning an ongoing process, not something you need to “cram” at the end of three years. Wanna know more? Well, it's all here in today’s Cyber Work Hack. 

0:00 - Security+ certification renewal
1:30 - Why does CompTIA require renewal?
4:37 - How to earn continuing education units
6:51 - Fun ways to earn continuing education units
8:04 - Log your continuing education unit hours
9:44 - Continuing education unit consistency 
12:25 - CompTIA certification continuing education 
15:14 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Tom Terronez joins Cyber Work to discuss security in an industry that doesn’t always make the headlines for security news: dentistry. Terronez co-founded Medix Dental, an IT and security provider for the dental industry, 20 years ago, and has the lowdown on some of the specific security issues dentist offices and networks face. It is an uphill battle to get the industry to acknowledge its extreme insecurity, and I find out how a shared love of Hall & Oates got Terronez into this very specific area of the security sphere. And I promise that I tried to avoid overusing the phrase “drill down on this point.” Spoiler: I failed.

0:00 - Dental industry cybersecurity
2:00 - Terronez's interest in tech
3:55 - Dentistry cybersecurity 20 years ago
5:00 - Dentistry cybersecurity dangers and issues
15:55 - Why the dental industry is susceptible to cyberattacks
18:50 - Common attack vectors against dentists
23:37 - How to work in dental cybersecurity
25:20 - What working in dental cybersecurity is like
26:40 - Volunteer opportunities in dental cybersecurity
28:22 - 2024 dental cybersecurity trends
31:20 - Tom Terronez's best cybersecurity career advice
32:50 - Learn more about Medix Dental
34:03 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and the Cyber Work Hacks podcast are here to help you pass the Security+ exam! For today’s hack, let’s talk bootcamps. If you’ve been piecing your way through the Sec+ study guide for six months or more, it’s possible that you would learn better in a concentrated, focused environment with expert instruction. I’m talking, of course, about Infosec boot camp instructor Tommy Gober!

Goberwill walks you through what the Infosec five-day Security+ boot camp is like the learning and memorizing strategies you’ll employ and all the ways that boot camp training can make the difference between passing on the first try and endless headaches and heartaches of re-sitting the exam. You don’t have to do it alone! But to learn more, you do have to keep it here for another Cyber Work Hack.

0:00 - Security+ boot camp   
1:30 - Boot camp training versus classroom
6:25 - Breaking down five days of boot camp
8:50 - What is it like to attend a boot camp?
12:14 - How does the boot camp prepare for the exam?
14:01 - Is a boot camp right for you?
15:30 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT, and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and at home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Miami University's (in Oxford, Ohio) Farmer School of Business Information Systems and Security researcher Joseph Nwankpa joins Cyber Work today. Nwankpa recently wrote a report that overturns some huge assumptions: he found that work-from-home employees are, to a large degree, less of a security issue than many on-premises workers. Nwankpa discusses The Peltzman Effect, the persistent struggles to create security awareness that lasts past the initial training sessions and talks about some surprising reasons that the higher education sector has been shown to be less sophisticated in their security awareness than many other industries.

0:00 - Are remote workers more cyber secure?
2:00 - How did Joseph Nwankpa get into cybersecurity?
7:53 - Findings on remote worker security
12:00 - Cybersecurity strategies in different work locations
17:05 - A company's cybersecurity compliance culture
19:07 - Best lessons for best remote work security practices
22:00 - Internalizing securing awareness
26:40 - Higher ed issues with cybersecurity
31:00 - Higher ed and phishing emails
33:00 - Remote work security blind spots
35:50 - Become a security awareness professional
41:54 - Miami University's information systems program
44:00 - Learn more about Nwankpa
45:01 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Cyber Work Hacks is here to answer your questions about the CompTIA Security+ exam! Today, Infosec boot camp instructor Tommy Gober reviews Security+ exam sample questions and shares tips to pass your Security+ 701 exam.

0:00 - Security+ exam mechanics
1:15 - The different types of Security+ exam questions
3:55 - How do you see your Security+ exam results?
5:10 - Security+ exam example question 1
9:27 - Security+ exam example question 2
11:32- Security+ exam example question 3
15:08- Security+ practice exam
16:29 - Security+ exam day advice
18:05 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Ken Westin of Panther Labs has a bit of fact-checking he wants to do on some of the tech stories we read daily in the papers. Does J.P. Morgan really get 45 billion cyberattacks per day? Really? Are there other factors in this number that aren’t emphasized in the interest of chasing panic clicks?

Westin and I talk about responsible ways to cover big security stories in the news, ways that each of us can become cyber fact-checkers and advocates, and Westin tells me about how his personal interests have turned into creating some very cool anti-theft tools. You can hear me audibly blown away by one in particular!

0:00 - Mega cyberattacks
2:00 - How Ken Westin got into cybersecurity
10:44 - J.P. Morgan cyberattacks
16:00 - Media and PR as a form of social engineering
17:48 - Reframing the cyberattack narrative
19:50 - CISO burnout and responsibility
23:04 - Advice to CISO workers to fight new threats
28:35 - Changing the cybersecurity narrative
33:43 - Advice to cybersecurity professionals
37:30 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Cyber Work Hacks is here to answer your questions about the CompTIA Security+ exam! Today, Infosec boot camp instructor Tommy Gober tells us about the new changes to the Security+ exam and how it will (or will not) affect your study and preparation for the exam! Keep learning, and keep it here for another Cyber Work Hack.

Get your free Security+ ebook, "CompTIA Security+ 701: How the world's most popular cert is changing in 2024" https://www.infosecinstitute.com/form/comptia-security-601/

0:00 - Security+ exam changes 
1:05 - Key ways the Security+ exam has changed (SY0-701)
3:47 - Why make the Security+ exam changes? 
5:30 - Security+ exam studying strategy 
6:47 - Most crucial Security+ exam skills for the future
9:48 - Best advice before taking the Security+ exam  
11:28 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, Sean Falconer of Skyflow and host of the Partially Redacted and Software Huddle podcasts, joins me to talk about the present and future of consumer and user data privacy, the pros and cons of adding more privacy regulations into place and his journey from software development and engineering to his current place of working closely and deeply with the future of API-based data encryption and privacy. And stick around because Falconer will share the best career advice he ever received!

0:00 - Consumer and user data privacy
2:02 - When did Falconer get into tech?
6:40 - Three degrees in computer science
12:40 - Current issues around data privacy
19:25 - The end of "Wild West" data privacy laws
24:00 - External factors on data privacy
28:03 - Why am I accepting cookies on websites?
34:45 - Experiences and learning for data privacy careers
41:44 - Learn more about Skyflow and Falconer
42:26 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Adrianna Iadarola of CyberSN joins me today to break down every spot on the cybersecurity job search, hiring, upskilling and retention pipeline. After her raucous and highly informative presentation at ISACA Digital Trust World, I knew I had to introduce you to this great analyst and thinker. Whether you’re doing the hiring or being the hiree, you will find something crucial to your new year journey today on Cyber Work.

0:00 - Problems with cybersecurity hiring
2:19 - How Adrianna Iadarola got into cybersecurity
6:03 - Skills required to jump cybersecurity roles
8:13 - How the cybersecurity job landscape has changed
13:30 - Skills gap in cybersecurity and timing
15:15 - Cybersecurity HR hiring issues
20:05 - Why is AI security executive level?
25:16 - Change in soliciting cybersecurity candidates
30:16 - Recommendations on changing a cybersecurity team
35:30 - Strategies in cybersecurity language
40:00 - Advice for people heading into cybersecurity
43:20 - Where are cybersecurity budgets and investments going?
49:52 - What is CyberSN?
52:01 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today's guest is Anthony Pacilio, VP Neurodiverse Solutions at CAI. I met Pacilio at this year’s ISACA Digital Trust World event in Boston, and I was immediately fascinated with his insights on hiring and attracting neurodiverse professionals in security, IT, engineering and related industries, all of which suffer a skills gap and all of which are in need of new insights and working methods. Pacilio and I have a substantive conversation about changing the structure of the “6-hour marathon” interview process, the difference between an employee who stays in one job role vs. an employee who stays in but re-imagines that one job role, and why this new way of hiring and recruitment can lead to nothing less than an entire transformation of a company’s work culture. 

0:00 - Neurodiversity and cybersecurity leadership
4:18 - Pacilio's early years with tech
7:40 - Shifting roles in cybersecurity
12:55 - VP of neurodiverse solutions
16:10 - CAI's dedication to neurodiversity
 19:27 - Neurodiverse solutions in cybersecurity and IT
23:50 - Rethinking the cybersecurity role interview
26:32 - Adopting new interview strategies
33:03 - Examples and success stories
35:30 - Where neurodiverse workers succeed in cybersecurity
42:04 - Tips for neurodiverse learners in cybersecurity
45:58 - Advice for new cybersecurity professionals
52:30 - Learn more about CAI
53:05 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Dan Roberts, host of the “Tech Whisperers” podcast, and a mentor, coach and leader to CISOs and other tech-focused C-suite members for nearly four decades, is today's guest. We talk about Roberts' earliest work, including coining the term “Developing the human side of technology” all the way back in 1984, to spearheading the CyberLX program for CISOs and those aspiring to be. Roberts also provides a four-stage growth chart for CISOs that, quite frankly, scales well to just about any tech career and teases a very exciting guest on the “Tech Whisperers” podcast!

0:00 - CISO's need leadership experience
4:47 - How Dan Roberts got into cybersecurity and tech
6:34 - What was tech like in the '80s?
9:20 - Common difficulties as a CISO
16:52 - What is CyberLX?
24:10 - Joining CyberLX to become a CISO
29:50 - How to become a CISO
34:45 - Cybersecurity and soft skills
38:05 - Skills needed in tech and security now
40:30 - Leading with the seven Cs
43:00 - Start your CISO career journey
46:23 - Getting uncomfortable to evolve in cybersecurity
47:49 - What is the Tech Whisperers podcast?
52:06 - Tech for Good project
54:18 - Exciting new projects for Roberts
56:30 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Confidence Staveley of the CyberSafe Foundation and the CyberGirls program is today's guest. CyberGirls is a year-long cohort program in which women in Africa ages 18 to 28 can learn cybersecurity basics and create career tracks to fast-track these students into cybersecurity careers! Staveley tells us about the workings of the program, how she uses her YouTube channel to teach API security with food analogies and explains the origins of what is likely the first-ever Afrobeat song about security awareness!  This episode is as fun and inspiring as any I’ve recorded, so I hope you’ll tune in for today’s Cyber Work.

0:00 - Cybersecurity training for women in Africa
4:47 - How Confidence Staveley got into cybersecurity
10:35 - What is the CyberSafe Foundation?
16:57 - What is the CyberGirls fellowship?
21:30 - How to get involved in CyberGirls
30:10 - Inspiring success CyberGirls stories
43:11 - Keeping CyberGirls engaged
46:31 - API Kitchen YouTube show
52:00 - Cybersecurity initiatives in Africa
59:27 - Advice for working in cybersecurity
1:03:13 - CyberGirls' future
1:05:20 - Learn more about CyberSafe
1:07:22 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Ian Campbell, security operations engineer at DomainTools, is someone who has truly carved a niche out for himself in his organization and in the cybersecurity landscape as a whole. His blogs for the DomainTools website have provided paths for neurodiverse cybersecurity professionals and allies who want to make their organizations more friendly to neurodiversity to undertake the small changes to work roles and company culture that can net huge improvements for folks with different types of cognition, patterns of learning, concentration challenges, and yes, nurturable strengths!

I’ve said it plenty of times here and I’ll say it again: cybersecurity is at its best when we’re all together, solving problems and creating solutions with our own diverse approaches.

0:00 - Neurodiversity in cybersecurity
4:00 - How Ian Campbell got into cybersecurity
6:50 - Cybersecurity journey
15:33 - What does a security operations engineer do?
18:37 - Chokepoints of security operations engineer role
20:22 - Supporting people with neurodiverse work and learning
25:50 - What hinders neurodiverse workers in cybersecurity?
30:17 - Altering work culture for neurodiverse workers
39:00 - Neurodivergent traits suited for cybersecurity
42:05 - Benefits of neurodiversity in cybersecurity
48:41 - Promoting communication for neurodiverse workers
52:36 - Positive policies for neurodivergent workers
58:20 - Learn more about DomainTools
1:00:00 - Learn more about Ian Campbell
1:00:23 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Guest AJ Grotto is the William J. Perry International Security Fellow and founding director of the Program on Geopolitics, Technology and Governance at the Stanford Policy Center and Stanford University. Grotto has served in the National Cybersecurity Council under two successive presidents and brings decades of knowledge in international relations, policy and risk both to his students and to clients in his private sector consulting work. Grotto tells us about the current state of international cyber risk and response, gives his tips for students just getting started in international policy and why a suspicious-looking email took him away from the law profession and into the security space. 

0:00 - National security cyber issues
4:04 - How AJ Grotto got into cybersecurity
7:10 - Grotto's work in the National Security Council
10:25 - Skills used in the National Security Council
14:35 - Working at Sagewood 
17:00 - Global trends in cybersecurity
19:00 - Economies down; cyber crime up? 
20:17 - Cyber risk work at Stanford
23:10 - Cybersecurity students at Stanford
29:46 - How to take Grotto's class at Stanford
31:25 - Federal Zero Trust directives
34:49 - What to research for national security work
38:09 - Important global cybersecurity topics
40:06 - Learn more about Grotto, Stanford international policy
41:07 - Outro   

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec IQ’s director of production, Steve Concotelli comes to us following years working in the movie and TV industry, and his ability to create and craft a great story is at the core of what makes Work Bytes the most award-winning security awareness series on the market! Learn more about Concotelli and the team’s ability to craft storylines with takeaways that stick, as well as the reasons why we create four different information delivery types to match the pace and time commitments of your workers. Maybe by the end, you’ll know which of the fantastical characters I mentioned at the start is most like you! Kick back and enjoy a few engaging minutes with this Cyber Work Hack. And take the Work Bytes Personality Quiz: https://infosec.involve.me/work-bytes-personality-quiz.

0:00 - Film storytelling in cybersecurity 
2:48 - How Concotelli moved from Hollywood to Infosec
3:56 - What is Work Bytes?
5:50 - Telling the story of Work Bytes
7:47 - Balancing fun and info
14:07 - What's new in Work Bytes?
19:21 - Big goals for Work Bytes
20:29 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Tomas Smalakys, CTO at NordPass, is today's guest. As our future seems choked with a never-ending need for new passwords of ever-growing complexity for everything we sign up for, Smalakys, along with some large tech organizations, is embracing a post-password future with a system of passkeys. What will it look like? How is it implemented? How will you be able to do this bleeding-edge work in the future? Tune in for today’s episode of Cyber Work and find out!

0:00 - The future of online passwords
3:43 - Tomas Smalakys' start in cybersecurity
8:40 - Managing software engineers
15:33 - Chief technical officer at NordPass
20:05 - The state of password security
27:22 - Imperfections in two-factor security
42:13 - How to know you've been compromised online
47:55 - The passkey system
1:02:41 - How to work in passwords and passkeys
1:09:05 - Learn more about Smalakys and NordPass
1:10:07 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Anna Claiborne from Zayo talks about the spike of DDoS attacks they saw in the past year. Although distributed denial of service (DDoS) attacks trend up nearly every year, new factors around advanced automation and ease of use may be driving the increase. Claiborne takes us back 20 years, when solutions to DDoS attacks involved trying the most far-out solution you could, often for the most far-out clients you could imagine! Seriously, I use the words “Wild West” to describe early security on a lot of episodes, but Claiborne really gives us some top-notch war stories. She’ll also let you know where to focus if you want to get started in telecom security, or any of near-infinite industries that would be impacted by telecom shutting down.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - AI and DDoS attacks 
4:20 - How Anna Claiborne got into cybersecurity
8:24 - Claiborne's cybersecurity experiences 
14:10  - The changes in DDoS attacks
16:55 - Current DDoS escalations 
24:34 - Claiborne's role as a VP
34:25 - Why DDoS attacks have skyrocketed
38:32 - Why DDoS attacks are easier
42:55 - How much is DDoS effective?
44:24 - Tips for countering DDoS
47:16 - Careers involving DDoS attacks
51:09 - Acquire DDoS skills early
56:19 - Learn more about Claiborne and Zayo
57:48 - Outro
 
About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Oliver Tavakoli from VectraAI returns to the program to talk about – surprise! – AI! Having talked about Tavakoli's origin story on the past episode, we’re free to dig right into his main area of interest: the ways in which generative AI can be used by bad actors, whether introducing conflicting messages into GPT guardrail commands or escalating the nuance and complexity of fake-based social engineering attacks. We talk about long-term implications of this emerging tech opportunity, ways for new professionals to get comfortable with its requirements quickly, and Tavakoli lets us know what this “summer of AI” will mean for the coming years, and also why its endless innovation may cool for a few years, and that’s OK.

0:00 - Generative AI and bad actors
4:20 - Big changes for generative AI in 2020
7:11 - Example of an AI attack
15:30 - AI as a tool versus an intelligence
17:10 - Solutions with AI
22:47 - How AI will affect cybersecurity careers
32:18 - How does AI hurt your career?
38:40 - Job roles in cybersecurity that may become niche
40:40 - The year of AI?
43:25 - How to talk about AI
45:40 - What is VectraAI?
48:25 - Learn more about Tavakoli and VectraAI
49:30 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Dr. Heather Buker of 6clicks has been a technical SME in the cybersecurity field her entire career, and 6clicks has introduced Ask Hailey, an AI-based governance risk and compliance (GRC) tool that promises to move the work of GRC into a new era. Also on the show, Infosec’s vice president of portfolio product strategy and cybersecurity superstar Keatron Evans in a guest-host capacity! Buker, Keatron and I discuss the spaces in which governance risk and compliance can greatly benefit from AI/machine learning enhancement, the crucial need to prioritize the decision-making skills of humans over everything else and why seemingly disparate career roles and pivots can still lead you in the career direction you desire most.

0:00 - Ask Hailey AI
4:17 - Heather Buker's start in cybersecurity
6:40 - Security compliance migration work and more
13:15 - Tasks of a chief customer officer
18:40 - What is Ask Hailey AI?
23:00 - Challenges in risk assessment
27:15 - Ask Hailey AI and GRC
38:05 - Advice to get into government cybersecurity
42:50 - Advice for cybersecurity students
44:50 - The big picture of AI
53:00 - Learn more about Buker and 6clicks
54:11 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Tara D. Anderson, managing director of Framework Security and an official member of the Forbes Technology Council, walks us through her journey, including her years in the world of finance, opens up about a traumatic event in her life that altered the way she learns and retains information and how her switch to IT and Cybersecurity was an ideal fit. From her days co-founding the consultancy firm Cognitive SLC, an organization whose founders were all neurodiverse, to Framework Security’s desire to make protection understandable to small charitable companies and organizations who couldn’t bounce back from hacking and theft, Anderson's ethos and vision, from work to the interview process, is a complete inspiration for anyone interested in bringing neurodiverse professionals into their organization. 

0:00 - Neurodiversity in cybersecurity 
3:46 - Getting into computers and tech
9:46 - Revenue officer roles 
15:20 - Getting into IT and security
23:07 - Neurodiverse workers in cybersecurity 
30:45 - Neurodiverse challenges in cybersecurity
41:40 - Remote cybersecurity work
52:03 - How to work in cybersecurity 
56:34 - What is Framework Security?
59:30 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Leslie Lynn Smith is the National Executive Director for GET Cities. GET stands for Gender Equality in Tech. Today’s episode will move away from standard cybersecurity and IT insights in favor of a larger look at investment opportunities for tech startups, and where and on who we spend investment capital. Smith is a multi-decade authority on state- and city-wide community investment initiatives with a lifelong passion for bringing people of marginalized races and genders to the table in fulfilling their tech business dreams. Smith talks about bridging the gap from angel investor money to initial seed, and why the space between the two can sink new startups, the slow, patient process of affecting equitable change at the legislative level, and offers an accelerated way to make IT and cyber teams more inclusive and equitable. If you’ve wanted to get involved with angel investing and helping young companies get off the ground, Smith talks you through the process with no steps missed. 

0:00 - Gender equity in tech
3:35 - Leslie Smith's journey in tech
9:40 - Equity in cybersecurity at GET Cities
15:03 - How does GET Cities work? 
21:20 - Concrete ways to work towards gender equity in tech
30:30 - Imposter syndrome revised
35:00 - Where does equity work need to be done in tech?
40:30 - How to invest in tech and cybersecurity
43:33 - GET Cities upcoming initiatives
46:00 - Learn more about GET Cities and Smith
46:40 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Brianne Caplan is the founder and executive director of Code Your Dreams, a non-profit that brings knowledge, accessibility and excitement about programming and tech to learners from age 5 to adulthood in underserved communities. Caplan tells some incredible stories, like the women’s coding and data analysis group in Burundi, exciting coding projects for students interested in art, music and dance and why her experience inadvertently creating a non-profit company that was incorporated as a for-profit was a learning experience that helped kickstart Code Your Dreams! This one’s inspiring, so I hope you’ll keep it here for Cyber Work.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Coding for underserved communities 
3:11 - Brianne Caplan's start in cybersecurity
8:04 - Cash for Schools
10:50 - What is Code Your Dreams?
14:40 - How Code Your Dreams works
17:52 - Gaps in cybersecurity school education
21:00 - Baseline tech literacy for grade school
23:30 - Popular Code Your Dreams activities
27:08 - After Code Your Dreams
35:11 - Volunteer for Code Your Dreams
37:00 - Bring Code Your Dreams to your school
39:40 - Get in touch with Brianne Caplan
40:15 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Limor Bergman-Gross, founder of LBG Consulting, a results-oriented executive coaching service for women in tech, discusses her early programming experience, including Pascal instruction in high school, her move from software engineering manager to career coach and corporate mentorship instructor and why mentors can and should come at any level on the career ladder, not just management or executive. As Limor puts it, “all you need in a mentor is that they be a few steps further down the path than you are.” Lots of gems like that to be found today on Cyber Work.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Career coach for women in tech 
2:55 - Getting into cybersecurity 
5:50 - Pursuing cybersecurity consulting
6:54 - How to get into consulting 
8:15 - First steps with cybersecurity coaching
10:02 - How to help someone find their role
14:20 - Executive-level consulting 
16:00 - A mentor versus an advocate
17:45 - Mentoring and training 
20:00 - Speaking at an ISACA conference
22:28 - Achieving gender parity quickly
24:55 - Supporting underrepresented talent in cybersecurity
32:05 - Making a difference in diversity
35:00 - Women mentoring women
37:10 - Making yourself available as a mentor 
40:37 - Learn more about LBG Consulting
42:20 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Lesley Carhart of Dragos, also known as Hack4Pancakes on social media, is a lifelong breaker and builder of things, and their insights on the deep mechanics of Industrial Control Systems are an absolute must-hear for any of you even considering this space. Carhart also talks about their keynote at this year’s Blue Team Con, the differences between incident response in the military vs. the private sector, and why standard cybersecurity studies won’t take you as far in ICS as it will to learn how train track switchers work. Seriously, this is one of the best episodes I’ve ever been a part of, and I can’t wait for you to hear it!

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - ICS security 
3:40 - Getting started in cybersecurity 
9:13 - The early days of the internet
11:05 - Air Force cybersecurity 
12:50 - Military cybersecurity training 
15:00 - Incident response work at Motorolla
18:40 - Technical director of incident response
23:30 - State of ICS
39:13 - Starting work in ICS
41:57 - Keynote speaker at Blue Team Con
46:46 - Bringing diversity into ICS
53:46 - Outro 

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Forget what the crime scene TV shows have told you — digital forensics is not done on an overhead projector while the whole department watches! Learn about the day-to-day work of a digital forensics professional from a team of experts who have been putting in the work for decades!

In this episode of Cyber Work Live, you will learn:

- The types of tools you’ll use to help bring criminals to justice
- Why a lack of technical experience isn’t a barrier to entry
- How to get real-world forensics practice in your own home
- Where a career in digital forensics can take you 

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Digital forensics careers 
4:28 - Limits of going off the grid 
12:28 - What do SIM cards actually do? 
33:12 - Gathering evidence in digital forensics
44:08 - Digital forensics and the cloud
51:44 - Working as a digital forensics professional 
54:42 - Digital forensics certifications 
59:50 - How to pursue a digital forensics career
1:02:24 - Outro 

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

We met Katie O’Malley, founder of (en)Courage Coaching and Counseling, at this year’s Women Impact Tech conference, and she gave a great talk about effective networking and giving confidence to tech professionals at all levels of the career ladder. Katie and I discussed finding your adjectives and using them to center your interactions, creating courageous workplace culture, and why women only being mentored by women turns into the new unpaid labor. Let’s all step up and make the workplace better!

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Coaching women in cybersecurity 
3:10 - How Katie O'Malley got into coaching
4:57 - O'Malley's start in cybersecurity and coaching
8:51- The evolution of leadership 
12:00 - How career coaching works
18:00 - Importance of networking and branding
24:20 - How to achieve gender parity in cybersecurity 
29:30 - Courageous workplace culture 
33:21 - Pitfalls in new cybersecurity jobs
36:40 - Lead change at your cybersecurity company
38:55 - What is (en)Courage Consulting and Coaching?
39:33 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

We're talking about chief information security officers CISOs, one of the top-dog roles in cybersecurity, and for many professionals, it’s the brass ring they spend their careers trying to reach. The expectations of a CISO are changing, too, and requirements are growing in many different ways. Mike Scott, CISO of data security provider Immuta, has seen the role change a lot in the past 15 years, and he’s seen the role of CISO move from out of the shadows and into the spotlight for the C-suite, but at a price: when a breach happens, the CISO is often the one who takes a fall. Is this a reasonable expectation? Will the role of CISO change even more? I talked to Mike about all this and the eight years he spent as the CISO of the Wendy’s fast-food chain! We won’t judge you if you want to bite the corners off first, but I’ll be crying in my chili if you don’t keep it here for today’s episode of Cyber Work.

0:00 - Responsibilities of CISOs
3:15 - How Mike Scott of Immuta got into cybersecurity
6:55 - Leading Wendy's fast food restaurant as CISO
13:30 - Data security problems right now
18:40 - Shift left strategy
24:10 - How the CISO role is changing
31:00 - Increased CISO oversight
38:06 - The CISO's responsibility
48:30 - How to work as a CISO
51:50 - Cybersecurity in the federal government
54:48 - Learn more about Immuta
56:53 - Learn more about Mike Scott
57:35 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Preparing for the worst is a drag. Nobody likes to think about it, and if you don’t watch out, inaction means that when you do get ransomed or breached, your first thought is not “let’s get the disaster manual and see what it says.” It’s panic. Today, ProServeIT’s Eric Sugar walks you through a crash course in developing a disaster recovery plan for your small business! Don’t panic! Help is on the way.

0:00 - Create a disaster recovery plan
1:15 - What is a disaster recovery plan?
2:35 - Beginning a disaster recovery plan
3:24 - How to work in disaster recovery
5:04 - Write a hypothetical disaster recovery plan
6:04 - A disaster recovery plan resume
7:08 - Futureproof your cybersecurity skills
8:01 - Learn about ProServeIT

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Leigh Honeywell, CEO and founder of Tall Poppy, a security company that is building tools and services to help companies protect their employees from online harassment and abuse, talks about her career running security incident response at Slack, protecting infrastructure running a million apps at Salesforce.com, shipping patches for billions of computers on the Patch Tuesday team at Microsoft and analyzing malware at Symantec.

We talk about how all of these demanding jobs prepared her for her work at Tall Poppy, get into what she learned about the intersection of First Amendment speech protections vs. online safety from working at the ACLU, why changing the culture of online harassment will probably have to be a marathon, not a sprint, and Leigh shares her experiences with several accelerator startup organizations.

0:00 - Equity in cybersecurity
3:10 - Getting into cybersecurity
7:15 - From physics to computer science
12:30 - How Tall Poppy came to be
19:26 - Technology fellow at the ACLU
26:26 - What is Tall Poppy?
31:20 - Social platforms and change
39:53 - How to work toward equity in cybersecurity
43:02 - Y combinator startup accelerator in cybersecurity
50:07 - LGBTQ+ inclusion in cybersecurity
54:27 - Learn more about Tall Poppy
56:06 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

ProServeIT President Eric Sugar discusses disaster recovery planning for small and medium businesses. This is an excellent add-on episode to our third episode from way back in 2018 when Keatron Evans discussed the work of an incident responder. If your small- or medium-sized company suffers an incident, whether a breach or a ransom or just a power failure, the first thing you’re going to hope is that you have a disaster recovery plan already written and sitting in the CEO’s locked desk drawer. If not, it’s time for you to prepare and breathe easier.

0:00 - Disaster recovery planning for small businesses
3:12 - Eric Sugar’s start in cybersecurity
4:40 - Working at ProServeIT
6:40 - Working as president of ProServeIT
9:07 - What is a small or medium cybersecurity business?
10:50 - How to have a disaster recovery plan
14:05 - Customize your disaster recovery plan
16:40 - Prioritized your disaster recovery plan
18:10 - How to choose potential disasters
21:28 - Examples of disaster recovery plans
26:20 - Education and skills needed to work in disaster recovery
31:40 - A good resume for disaster recovery
35:10 - Getting promoted in discovery recovery 
37:33 - What is ProServeIT?
41:16 - Learn more about Eric Sugar and ProServeIT
41:34 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Huxley Barbee, security evangelist at runZero, talks about the nuts and bolts of asset detection on a large scale, specifically around the U.S. federal government’s current directive. Here, we will shrink the playing field and tell newcomers to security how to do your home asset detection!

0:00 - Asset detection at home
1:18 - What is asset detection?
2:44 - Is asset detection difficult?
3:39 - Do asset detection on your network
4:45 - Asset detection on a school network
6:50 - How to put asset detection on your resume
9:44 - What to study for asset detection roles
10:31 - Learn more about runZero
11:15 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Tech evangelist Huxley Barbee from runZero talks about asset detection, and yes, just asset detection. Learn about the day-to-day work of asset detection and asset mapping. Go beyond the theory and speculation about whether the U.S. federal government will implement it on time, and join Barbee as he walks you through how it’s all done and what you need in order to do it well.

0:00 - Asset detection and asset mapping
2:56 - Getting into cybersecurity
4:12 - Shifting roles in cybersecurity to evangelist
6:02 - What does a security evangelist do?
8:30 - What is BSides NYC?
14:41 - Planning in cybersecurity assets
22:50 - Tools and techniques of asset inventory
32:13 - The importance of asset discovery
34:25 - Skills needed to work in asset detection
37:32 - Cybersecurity starts and ends with assets
42:22 - What does runZero do?
44:44 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

CAT Labs CEO and founder Lili Infante worked as a special agent for the U.S. Department of Justice for 10 years specializing in cryptocurrency’s use in dark web investigations. Infante gives us the insider’s view of dark web investigations, why it’s so difficult to prosecute dark web actors when anonymity extends up and down the hierarchy, the current state of dark web markets, and the rise of state-sponsored crypto crime organizations like North Korea’s Lazarus Group. Plus, Infante gives you expert advice on getting started in crypto crime investigation and forensics research! You don’t need a Tor browser for this info.

0:00 - Crypto crime in 2023
2:46 - How Lili Infante began in cybersecurity
4:50 - Economics, bitcoin and crypto
9:20 - Liberal arts education and cybersecurity
14:05 - Taking on dark web cases
17:30 - What the dark web market is like
20:24 - Neutralizing a dark web market
24:00 - Main threats of crypto threats and fraud
26:50 - State-sponsored crypto theft
28:45 - Why begin CAT Labs
35:40 - Day-to-day CAT Labs CEO work
41:30 - How to work in crypto crime
45:40 - CAT Labs' future
46:58 - Learn more about Infante
47:43 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

James Stanger, chief technology evangelist at CompTIA, discusses CompTIA's Cloud+ certification and why security professionals must consider adding it to the certification toolbox.

0:00 - CompTIA Cloud+ certification 
1:06 - Benefits of Cloud+
3:24 - Cloud+ is vendor agnostic
6:27 - Preparing for Cloud+
8:43 - Cloud+'s future  
11:18 - Good Cloud+ training   
12:50 - How to study for Cloud+
14:26 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Leonid Belkind is the chief technology officer (CTO) and co-founder of Torq, a no-code security automation platform. After asking him buckets of questions about the day-to-day work of a CTO in the tech field, we get into a fascinating discussion of all the ways that automation will change the work of cybersecurity, allowing professionals at all stages to work on higher-order problems. At the same time, the great automated data sifters do high-speed data analysis beyond our cognition. This one gets pretty heady folks, especially once we compare CTOs to orchestra conductors.

0:00 - Uses of automation
2:50 - How Leonid got into tech
5:30 - Chief technology officer and endpoint security roles
8:30 - Enpoint used during work from home
10:30 - Average day as a CTO at Torq
17:25 - Cybersecurity market predictions
19:30 - Skills and talents that make a good CTO
21:27 - Zero-trust Pentagon directive
24:35 - Reframing how we view automation
30:06 - Automation and disabilities
33:15 - Automation's big discussions
39:40 - How automation can improve jobs
42:20 - How to work in automation
48:02 - Communication in cybersecurity
50:55 - What is Torq?
53:04 - Learn more about Torq and Leonid Belkind
53:42 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Jacob DePriest, GitHub’s VP, deputy chief security officer,  talks about what GitHub is, how it works and what to do with it once you start to understand it. 

0:00 - GitHub fundamentals
1:30 - What is GitHub?
2:11 - How did GitHub get so popular?
3:15 - Where to start at GitHub
4:15 - How to search GitHub
5:52 - Evaluating GitHub materials
7:47 - GitHub shortcuts for security professionals
9:03 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Dara Gibson of Optiv and the Phoenix, Arizona, branch of Women in Cybersecurity has developed and managed cybersecurity services for five years. After years of being an educator, Gibson felt the pull of cybersecurity and tech. For those of you who are thinking of making a later-in-life, life-changing career shift into cybersecurity and feeling a bit overwhelmed, do not miss this episode! Gibson strikes the perfect balance between pushing you out of the nest without pushing you off a cliff!

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Changing to a cybersecurity role from another profession
2:56 - Dara Gibson’s start in cybersecurity
7:28 - Guidance in cybersecurity 
10:00 - Working as a cyber insurance specialist 
15:00 - Phoenix Women in Cybersecurity
17:06 - Where Women in Cybersecurity members come from
21:00 - How to get past the HR barrier in cybersecurity 
24:20 - Applying to cybersecurity jobs
26:52 - Common paths in cybersecurity for job changers
29:00 - Tips for cybersecurity job posting
34:40 - Advice to attract women to cybersecurity
36:35 - Get involved in Women in Cybersecurity 
38:35 - Barriers to getting women in cybersecurity
40:42 - Learn more about Dara Gibson
41:15 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Paula Bratcher Ratliff owns and is president of Women Impact Tech, an organization committed to bringing women and diverse professionals into cybersecurity. They have clear goals, committed members and proven results.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Women Impact Tech
3:11 - Paula's career
8:30 - Entering cybersecurity from different industries
11:40 - Employee retention in cybersecurity
16:32 - Cybersecurity hiring improvements
20:52 - Changing internal promotions
28:20 - Services from Women Impact Tech
32:50 - What Women Impact Tech does at events
36:30 - Effective strategies to bring equity in cybersecurity 
43:52 - Protecting women online
47:44 - Upcoming Women Impact Tech events
50:00 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Amber Schroader, CEO of Paraben, gives her best pieces of advice for the work of searching for a job in the field of digital forensics.

0:00 - Get a job in digital forensics
1:30 - Put your best foot forward on social media
3:00 - Updating your digital forensics resume
4:36 - Digital forensics interview tips
5:23 - Let your personality shine
6:14 - Success in your digital forensics job
9:30 - Find more from Amber Schroader

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

David Melamed of Jit brings us a new wrinkle in our ongoing series of developer security topics! Melamed says we should move beyond “shift left,” shifting the security earlier in the CI/CD pipeline, into “Born Left,” a platform in which security tools are in the hands of developers at the point of creation. Melamed talks about his early programming experiences, his Ph.D. in Bioinformatics, and the delineation of responsibilities between developers and the DevSec team. All that and a bit of CTO talk.

0:00 - Moving from “shift left” to “born left”
3:05 - How David Melamed got into cybersecurity
6:00 - Choosing your cybersecurity job path
11:15 - Daily work as a cybersecurity CTO
13:02 - How to become a cybersecurity CTO
15:10 - Keeping a company on track
16:40 - DevSecOps shift left to born left
21:08 - Born left, and overall security
23:13 - Accountability for developers
25:07 - Application security and born left
29:33 - What will DevSecOps and born left look like in the future?
31:00 - How to work in software development security
34:35 - First steps to a cybersecurity development job
35:30 - What is Jit?
38:33 - Learn more about Melamed
39:08 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Paul Giorgi of XM Cyber, a man who told me his favorite way to learn new skills is to break things and put them back together, walked me through the basics of setting up your own cybersecurity practice lab at home for not too much money. But watch out because he says that once you start, your excitement about hands-on practice and buying old servers on eBay can get overwhelming! 

0:00 - Build your own cybersecurity practice lab
1:30 - How to practice with a home cybersecurity lab
5:48 - Resource requirements for a cybersecurity lab
8:48 - Cost of a cybersecurity lab
10:28 - First projects for a cybersecurity lab
13:02 - Learn more about Paul Giorgi and XM Cyber
13:42 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Karen Worstell is a 25-year veteran of the tech, IT and security space; she’s a senior cybersecurity strategist at VMware and a chaplain. This episode goes to many fascinating places, from her days learning coding on a TRS-80 computer, how her extremely visual and right-brained approach to learning has influenced her security journey, her experiences as a woman in the industry and how her work as a chaplain brought her back from a security industry hiatus to help people suffering chronically from burnout. There’s also a bit about XDR — and its a big deal! 

0:00 - Burnout in cybersecurity
3:06 - Karen Worstell's start in cybersecurity
6:11 - A family of inventors
9:35 - Physical sciences and computer sciences
16:00 - Work as a senior cybersecurity strategist
18:18: - Working as a woman in cybersecurity
23:15 - Changes to make cybersecurity equitable
31:40 - Strategies for hiring equity in cybersecurity
34:00 - Burnout in cybersecurity
48:35 - Helpful cybersecurity organizations
51:37 - Why is XDR so important?
56:10 - Learn more about Worstell
56:44 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, Nir Valtman, CEO and co-founder of Arnica, discusses developer behavior-based security. In short, there are lots of ways that backdoors or vulnerabilities can make their way into developer code. One door we can close on these intrusions is implementing processes that detect behavior anomalies in developers. Think of your bank monitoring for unusual purchases calling you to ask whether you really just spent $300 on a bobblehead from The Last of Us that’s shipping from Brazil. If you did, not judging, full speed ahead. If not, then we’ve got a problem on our hands. Valtman explains the benefits and the limitations of behavior-based security measures, as well as tips for developers-in-training.

0:00 - Developer behavior-based security
2:56 - Nir Valtman’s start in cybersecurity
4:40 - Moving into the developer world
8:20 - Working as a cybersecurity CEO
10:33 - A typical day for a cybersecurity CEO
19:30 - Monitoring product features
20:15 - DevSecOps behavior-based security
27:42 - Flagging irregular online purchases
30:35 - Impact of pre-fab code on behavior anomaly detection
33:28 - GitHub impact on developer behavior and security
38:09 - Ensuring you don’t skimp on sec in DevSecOps
42:35 - What should future developers know?
44:56 - Skills and experiences for budding developers
51:09 - What is Arnica?
54:57 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

These days, keeping your security, IT or research team close now that more of us than ever work remotely is a challenge. How do you keep team bonds strong when your main interaction path is your tiny little colleagues trapped in little squares on a computer monitor? Susan Morrow has been managing a remote team for almost two decades. She dispenses wisdom on coordinating schedules in multiple time zones, ensuring everyone’s moving toward the same goal and helping team members of all work styles to do and feel their best. 

0:00 - Cybersecurity team remote work
2:30 - Remotely working with multiple teams
4:16 - What doesn't work remotely? 
5:51 - Avoiding remote work pitfalls
7:27 - Solving team drift
9:19 - Learn more from Susan Morrow
9:58 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

James Stanger, chief technology evangelist at CompTIA, walks through their new Data+ certification. Infosec is proud to provide bootcamp and course training for a range of CompTIA certifications, and James helpfully breaks down the basics of data analytics, the types of learning you’ll need to engage in to pass and why security professionals have a lot more data analyst in their job role than they might think. All that, and a bit of geeking out about the humanities.

0:00 - CompTIA Data+
3:40 - How did James Stanger get into cybersecurity?
5:00 - From literature to IT
9:50 - Working for CompTIA as a tech evangelist
13:22 - What makes up a tech evangelist role?
18:00 - CompTIA's new Data+ certification
26:06 - Why is Data+ important for pros?
32:38 - Prerequisites for Data+ certification
40:05 - What does Data+ teach you?
43:53 - Training materials for Data+ certification

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, my guest, Jack Nichelson, wants you to know something. AI is coming! But it’s not SkyNet; it’s not the rise of the machines. Whatever unnerving story you’ve read in the past few weeks about ChatGPT and what it will or won’t do to humanity, I’d like you to join us here and get a much fuller picture of AI as a tool and our role in shaping and building it.

0:00 - ChatGPT AI
2:50 - How Jack Nichelson got into cybersecurity
4:45 - Types of IT cybersecurity roles
6:57 - AI versus human value
10:46 - Life as a CISO
15:12 - The ChatGPT story
19:37 - Where is AI at right now?
24:20 - Actual applications of AI in the future
30:04 - Areas of study to enter cybersecurity and AI
34:27 - Where AI tools may lead cybersecurity
37:00 - Training for future AI malware
40:20 - Software to spot AI malware
44:50 - What is Inversion6?
46:55 - Learn more about Jack Nichelson
47:12 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Amber Schroader, CEO of Paraben, explains the different ways to pursue a career in digital forensics, like pursuing a college degree or studying toward a certification. And if a certification, which one will take you on the path you want? Schroader also talks about what doors can open for you, where to get started, and which upper-level certs you should work toward so you’re prepared for the job you want.

0:00 - Breaking down digital forensics certifications 
1:08 - Different ways to learn digital forensics 
2:07 - Digital forensics college courses versus certifications
3:45 - Main digital forensics certifications and paths
5:20 - Finding a digital forensics niche
6:18 - Hands-on projects for digital forensics experience
7:25 - How to get started in digital forensics 
8:34 - Learn digital forensics
9:01 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Jacob DePriest, the VP and deputy chief security Officer at GitHub, talks about development security. In 2021, GitHub significantly ramped up its security department. DePriest told me all about the commitment to security and how you can move your organization toward a developer-focused security team. Whether you’re just hearing about GitHub now or you’re using GitHub from the moment your work day starts, you’ll want to check out this episode.

0:00 - GitHub's cybersecurity strategy
2:30 - How did you get into cybersecurity?
5:00 - Moving up in cybersecurity
8:57 - Working with NSA
10:08 - Working as a chief security officer
13:35 - Communication in cybersecurity
15:00 - What is GitHub?
17:46 - Coding as a team
19:30 - GitHub's security team
21:18 - Security threats GitHub faces
22:28 - GitHub's role in software security
25:10 - Navigating GitHub's tools
28:50 - How to study cybersecurity
30:54 - Entering software security
33:55 - Security tips for developers
36:45 - Learn more about DePriest and GitHub
38:25 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Learn more about the (ISC)² CGRC certification: https://resources.infosecinstitute.com/overview/cgrc/

Enroll in a CGRC boot camp: https://www.infosecinstitute.com/courses/isc%C2%B2-cgrc-training-boot-camp/

Infosec instructor and returning guest Leighton Johnson talks about the recent (ISC)² CAP certification change: the Certified Authorization Professional (CAP) is now Certified in Governance, Risk and Compliance (CGRC). Why are they changing the name of the CAP certification? Is the CAP content going to change as well? What does this mean for the future? Let’s figure this out together.

0:00 - CAP vs. CGRC certification
1:40 - What jobs require a CGRC certification?
2:50 - Why change the CAP name to CGRC?
4:17 - Is CAP exam content different from CGRC?
6:00 - Should I upgrade CAP to CGRC?
7:35 - Study tips for the CGRC exam
9:13 - Learn more about CGRC
9:53 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Yossi Appleboum, CEO of Sepio, talks about Cybersecurity and Infrastructure Security Agency (CISA)’s operational directive for non-military federal agencies to adopt a strict set of asset visibility and vulnerability detection system starting as early as April of 2023. Yossi discusses this directive, saying that it takes FCEB agencies out of the cybersecurity stone ages and into the future. Can it work in such a short time frame? Yossi has thoughts!

0:00 - Asset visibility and vulnerability detection
3:10 – First getting into cybersecurity
6:21 – Co-founding cybersecurity companies
9:30 – What it’s like as CEO of a cybersecurity company
13:00 – Ambassador of the Global Cyber Alliance
15:32 – CISA’s operational directive for federal agencies
19:25 – What are asset management and vulnerability?
24:40 – What comes after asset protection?
28:40 – CISA’s deadline for asset visibility compliance
30:40 – Job outlook for asset visibility and vulnerability detection
35:07 – Work experience needed for asset visibility roles
36:30 – How to work in asset visibility
40:04 – How will this CISA directive change cybersecurity?
41:50 – What is Sepio?
43:56 – Learn more about Yossi Appleboum
44:50 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec Skills author and Paraben founder and CEO Amber Schroader talks about how to quickly and inexpensively set up your own home digital forensics lab. 

0:00 - Creating your digital forensics lab
1:00 - Benefits of your own digital forensics lab
1:40 - Space needed for digital forensics lab
2:30 - Essential hardware needed for a forensics lab
5:01 - Important forensic lab upgrades
5:42 - Running your forensics lab
6:51 - Forensic lab projects
7:35 - Getting into forensic labs
8:04 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Venafi solutions architect Steve Judd talks about the recent directive from the Pentagon that a zero-trust policy be implemented at the Department of Defense in the next four years. Is this a workable deadline? What are the hurdles to be jumped? Judd also tells me what a solutions architect does and why he thinks it’s the most fun job in cybersecurity.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Pentagon’s zero-trust policy and DoD
2:22- How did you get into cybersecurity?
5:10 - Cybersecurity solution architect work
9:05 - Scope of zero-trust policy
16:00 - Getting ahead of the zero-trust policy
17:49 - What skills do zero-trust make mandatory?
19:37 - New jobs via zero-trust
23:44 - DevOps and DevSecOps
28:48 - Areas of studies to emphasize
31:00 - Things not to study in cybersecurity
38:00 - What is Venefi
40:05 - Learn more about Steve Judd
40:36 - Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Paul Giorgi of XM Cyber helps us wrap up 2022 by discussing some of the most unusual and complex attack paths he and XM have seen in the past year. We discuss some of the most common breaches and methods, as well as several attack paths that are the very definition of “taking the scenic route,” which is, of course, why they worked so long. Also, tune in for some great advice about getting involved in risk management and access management.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Unusual attack vectors in 2022
3:00 - First getting into cybersecurity
6:35 - What is a sales engineer? 
11:50 - Average workday as director of sales
15:30 - Strangest attack vectors of 2022
20:08 - Lessons learned in 2022 cybersecurity 
22:06 - DoD and zero trust
24:32 - Successful security attacks
31:30 - The uber breach and security landscape
36:01 - Smart cars and cybersecurity 
39:03 - Working in cybersecurity solutions
42:21 - Learn about XM Cyber
46:27 - Learn more about Paul Giorgi
47:04 - Outro 

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec Skills author Leighton Johnson talks about major changes to CISM in 2022. CISM has shifted qualitatively from the “Manager” side of the cert name to the “Security” side.

0:00 - Changes to CISM's focus
2:21 - Why did CISM's focus change?
3:43 - How to study for the new CISM changes
6:47 - Important CISM skills to know
8:28 - Find Leighton Johnson
9:31 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

A.N. Ananth of Netsurion joins us to talk about the future of SOCs. Security operations centers used to look more like bunkers crowded with network traffic analysts who rarely got to see the sun. Ananth sees the Covid-induced era of remote SOCs to be a new reality but also a way to bring new professionals in from small towns are far-away locations, making it a partial fix to the security skills gap.

0:00 - Changes to SOC
2:59 - How A.N. Ananth got into cybersecurity
4:07 - Ananth's projects and career
6:25 - Management in cybersecurity
8:40 - What is the SOC?
11:08 - How large is a SOC team?
14:30 - The SOC mentality
17:07 - Remote SOC work
18:52 - Security challenges for remote SOC work
20:55 - Bringing in new SOC talent
23:13 - How to get your foot into cybersecurity
28:53 - What should be on a SOC resume?
32:00 - What is Netsurion
34:00 - Connect with Ananth
34:57 - Outro

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Cyberis’ Matt Lorentzen talks all things pentesting, red teaming, the changing roles that red teaming has in fine-tuning and interrogating modern security and why you don’t have to stop doing the fun stuff even when you’re climbing the career ladder. 

0:00 - Intelligent pentesting, red teaming and modern security
2:30 - Matt Lorentzen's interest in cybersecurity
3:51 - What is a security consultant
8:02 - Pentesting and red team operations 
10:30 - Continued learning in cybersecurity 
15:54 - Read teaming and testing cyberattacks
21:40 - Intelligence-driven red teaming
23:40 - Surprising attack vectors 
26:53 - Common gaps in cybersecurity 
28:46 - School systems and cybersecurity 
32:33 - Adjustments to cybersecurity for school systems
36:14 - How to get into pentesting and red teaming
44:28 - Cybersecurity threats in the next decade
46:43 - What is Cyberis? 
48:02 - Learn more about Matt Lorentzen 
48:38 - Outro
 
About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Whether you’re studying for the CEH, CISSP, Pentest+, or even the Security+, there’s always one question about cryptography, and it’s easy to miss! Want to hear a cool trick to keep symmetric and asymmetric cryptography straight in your head? Keatron Evans has one, and he told it to me — stay tuned and listen closely because it’s a Cyber Work Hacks!

0:00 - Cryptography exam tips
0:23 - Certifications with cryptography questions
1:15 - Symmetric versus asymmetric cryptography
3:40 - Learn more about cryptography
4:50 - Find and learn from Keatron Evans

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Returning guest Ken Jenkins stops by to talk about his work as the head coach of the US Cyber Games. If you’re intrigued by this emerging e-sport, you will want to keep it here: Jenkins discusses the selection process for the athletes, the roles of the coaches and mentors, and the intense, real-time collaboration going on during the competitions.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - US Cyber Games 
3:38 - How does the security scorecard work
9:06 - Ken Jenkin's typical workday
12:20 - Head coach at the US Cyber Games
18:20 - How do Cyber Games teams work? 
20:50 - Cyber Games events
21:28 - Cyber Games draft
26:30 - Challenges for Cyber Games teams
30:00 - The makeup of a Cyber Games team
32:46 - Cyber Games participation explained
38:35 - Cyber Games red teaming
41:13 - How to get into the Cyber Games
44:31 - How Cyber Games translate to real-world skills
48:27 - Tackling a new cybersecurity challenge
51:12 - Follow the US Cyber Games
55:05 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Ameesh Divatia, CEO of Baffle, Inc., talks about data privacy, data security, cloud security and how a skillset in the middle of that triangle will be your best asset in the years to come. All that, and a little bit of local-focused philanthropy.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Data privacy, data security and cloud security 
2:43 - Ameesh Divatia's start in cybersecurity
7:13 - Founding cybersecurity companies
10:19 - Security innovation
12:41 - Cybersecurity regulatory compliance
17:00 - Transferring skills to data security
21:23 - Cybersecurity interviews and knowledge
25:03 - Data privacy policies 
27:44 - Data privacy requirements
30:22 - Confluence of data privacy, security and cloud
33:32 - Volunteering on a city's technology council
41:02 - What is Baffle?
44:11 - Connect with Divatia 
44:43 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Michael Wilkinson leads the digital forensics and incident response team at Avertium. The team is dedicated to helping clients investigate and recover from IT security incidents daily. Wilkinson talks about threat research, the threat of Vice Society, how K-12 cybersecurity can improve and much more.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Digital forensics and incident response 
3:12 - Getting interested in computers
6:00 - How had digital forensics changed over the years
9:03 - Handling overwhelming amounts of data
12:53 - The threat of Vice Society 
17:20 - Why is Vice Society targeting K-12?
19:55 - How to minimize damage from data leaks
24:25 - How schools can improve cybersecurity
25:54 - What schools should do if cyberattacked 
31:36 - How to work in threat research and intelligence
34:42 - Learn more about Avertium
36:40 - Learn more about Mike Wilkinson
37:08 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Tony Cook of GuidePoint Security knows a lot about threat intelligence and incident response. But he’s also used these skills while working in ransomware negotiation! Cook has handled negotiations for all the big threat groups — REvil, Lockbit, Darkside, Conti and more — and he told me about what a ransomware negotiator can realistically accomplish, which threat groups are on the rise, and why negotiating with amateurs is sometimes worse and harder than dealing with elite cybercriminals. 

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Ransomware negotiating 
2:42 - How Tony Cook got into cybersecurity
4:00 - Cook's work at GuidePoint 
9:31 - Life as a ransomware negotiator 
11:41 - Ransomware negotiation in 2022
13:52 - Stages of a successful ransomware negotiation 
15:23 - How does ransomware negotiation work?
19:11 - The difference between threat-acting groups
20:43 - Bad ransomware negotiating
22:43 - Ransomware negotiator support staff
25:21 - Ransomware research
26:26 - Is cyber insurance worth it? 
29:14 - How do I become a ransomware negotiator? 
32:25 - Soft skills for a ransomware negotiator
33:46 - Threat research and intelligence work
37:45 - Learn more about Cook and GuidePoint
38:17 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Infosec instructor and 40-year cybersecurity veteran Leighton Johnson talks to us about all things CMMC. After last year’s attempted rollout, CMMC pulled back and retooled its entire framework. But why? Johnson gives you all the details, including how to train to be a CMMC-certified auditor.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - CMMC in 2022
3:12 - Getting started in cybersecurity
4:15 - How to be CMMC compliant
5:15 - The evolution of CMMC
7:18 - CMMC compliance timeline
10:28 - Being assessed for CMMC compliance
14:30 - Becoming a CMMC auditor 
18:08 - What if you don't meet CMMC compliance?
21:40 - Skills comparable with the CMMC auditor 
23:25 - Evaluating your company and CMMC needs
28:54 - CMMC auditor job opportunities
31:03 - How to become a federal CMMC auditor
35:04 - What is ISFMT?
37:47 - Learn more about ISFMT and Johnson
38:18 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Lisa Tetrault of Arctic Wolf talks about the adhesives that hold cybersecurity together: communication, collaboration and strong teamwork. First, Tetrault discusses how public speaking at conferences and events made her a better cybersecurity professional; second, she talks about how her work mentoring cybersecurity students helps them fast-track their way into the cybersecurity community; and third, with her work in organizations with Women in Cyber and siberX, she helps bring diverse cybersecurity professionals into the community, build stronger, more multi-faceted teams, and with them, a more multi-faceted face of the industry!

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Public speaking in cybersecurity 
3:17 - Getting into cybersecurity via Atari
4:59 - Network analyst to technician and more
9:10 - Cybersecurity public speaking
19:30 - How to promote yourself as a speaker
22:27 - Learn how to speak in cybersecurity
25:25 - Mentoring cybersecurity students
32:30 - Gender diversity in cybersecurity 
36:14 - Where cybersecurity fails job mobility
38:29 - Cybersecurity diversity initiatives in 10 years
39:17 - Learn more about Lisa Tetrault 
40:04 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Susan Morrow returns for her fourth time on the Cyber Work Podcast and the first since 2019. Morrow, simply put, is plugged into every aspect of digital identity currently being discussed, and she takes us deep into the security, ethical, practical and UX hurdles of current identity practices and gives us both an optimistic and pessimistic version of the digital identity practices in 10 years.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Digital identity 
3:00 - Current digital identity concerns
7:07 - Complicating digital identity
8:22 - Digital identity and daily work
13:00 - Secure coding
14:03 - Biggest problems in identity
20:54 - Competing identity systems
24:50 - How identity affects other areas
28:52 - The tech and processes of identity
30:04 - Identity in the next decade
34:24 - Jobs in identity
40:00 - Identity evangelist 
42:20 - Women in identity 
45:-02 - What is Avoco Secure?
47:28 - Learn more about Susan Morrow
48:40 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Stephen Cavey, co-founder and chief evangelist of Ground Labs, talks about the jagged jigsaw puzzle of data collection, data privacy and the dozens — if not hundreds — of privacy regulations and frameworks that govern them. Cavey and I talk about the bad old days of indiscriminate data collecting and grossly insecure payment process. We also address the places where the privacy experts of the future will shape the use and protection of personal data in all industries.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free 
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Bad data privacy protocols
2:36 - How Stephen Cavey got into cybersecurity
4:55 - Shifting into cybersecurity privacy
8:30 - Business hurdles in cybersecurity 
13:10 - Why do companies store my data? 
20:20 - Breaking cybersecurity privacy law
25:45 - International privacy laws
28:07 - A universal privacy doctrine 
31:30 - Principles for collecting user data
34:22 - Skills for working in data privacy
37:44 - Data privacy officer work
39:25 - The future of data collection and privacy
42:08 - What is Ground Labs? 
43:30 - Learn more about Cavey and Ground Labs
43:43 - Outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Noriswadi Ismail of Breakwater Solutions and the Humanising 2030 campaign joins us to talk about privacy as it pertains to international business, cybersecurity and why it’s important not just to learn the certification variants but also the cultural variants that shape them. And via the Humanising 2030 campaign, Noriswadi and colleagues hope to bring a more ethical and diverse approach to programming and guiding AI in the coming decade.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Privacy and international business
2:53 - Noriswadi's first interest in tech
6:38 - A path toward patent law
11:32 - Managing director at Breakwater
16:05 - State of international security and risk plans
18:52 - Certifications internationally
22:58 - Experience versus certification
25:40 - Humanising 2030
29:24 - AI bias and geopolitical impact
32:30 - Diversity and including in cybersecurity
38:23 - Other goals of Humanising 2030
41:22 - What is Breakwater Solutions? 
44:44 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Dave Monnier of Team Cymru talks about the state of attack surfaces, the strengths and shortcomings of attack surface managers and why something we refer to as a “soft” skill might be the hardest skill of all! Plus, we touch on shadow IT.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Attack surfaces 
2:55 - Dave Monnier's first interest in cybersecurity
7:30 - Instinctual cybersecurity learning
9:20 - Monnier's work as a chief evangelist 
14:00 - Cybersecurity soft skills
16:30 - What are attack surface managers? 
28:25 - ASM 1.0 to ASM 2.0
32:22 - State of attack surfaces
34:58 - Asset infrastructure in your business
40:00 - Key skills cybersecurity novices need
43:07 - Learning in cybersecurity 
45:42 - Learn more about Team Cymru
47:19 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today on Cyber Work, Giora Engel of NeoSec talks about securing APIs. Find out why APIs are the new network, why their very nature makes them vulnerable to abuse and how to position yourself as an authority in the ever-growing field of API security. All that and a little entrepreneur talk.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - API security and PII
2:40 - Giora Engel’s cybersecurity beginning
4:20 - Israeli Defense Force and CEO of NeoSec
5:22 - Starting a cybersecurity company
9:20 - What is API security?
13:15 - Misconfiguration errors in API
17:21 - API and privacy regulation
20:02 - How to work in API security
22:06 - Security plan for PII
24:44 - Skills and experience needed to work in API security
27:10 - API hiring practices
28:58 - Fragility of API
31:07 - What is NeoSec?
32:35 - Learn more about NeoSec and Engel
32:55 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Mathieu Gorge of VigiTrust talks about the Marriott Hotel data breach that happened back in June, including the facts of the event and why once-per-year security awareness training isn’t enough when many employees only work seven months of the year. He also offers some privacy tips that will keep your hotel system privacy compliant under a whole host of different compliance frameworks. 

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Security awareness and data breaches
2:50 - Elephant in the boardroom book
5:42 - Gorge's latest projects and book
9:38 - Hacking of the Marriott Hotel
19:22 - Marriott's privacy and data collection policies
23:20 - Ensuring data privacy worldwide 
30:13 - How hotel franchises handle security
34:32 - Skills needed for securing the hotel industry
38:12 - What is DigiTrust?
41:20 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today's Cyber Work Podcast features Dr. Chanel Suggs, the Duchess of Cybersecurity®. Dr. Suggs is a teacher, business owner and thought leader and has appeared on TV and podcast platforms around the world to talk about cybersecurity and the hacker mentality. She also had an incredibly challenging and seemingly insurmountable upbringing. Her tumultuous story can be found in her book, “Against All Odds: Overcoming Racial, Sexual and Gender Harassment on the Digital Battlefield.” This episode contains a lot of heartbreak and some challenging stories, as well as incredible insights and some thoroughly important takeaways.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Free cybersecurity training resources
0:56 - Overview of today's episode
1:58 - Who is Chanel Suggs, the Duchess of Cybersecurity?
3:12 - Overcoming family obstacles
4:50 - What drew her to a career in cybersecurity
8:10 - First steps to learning IT and cybersecurity
10:45 - Earning cybersecurity certifications
12:20 - Making a cybersecurity training "dungeon"
14:40 - Workplace abuse and harassment
18:28 - Issues with hiring diverse candidates
22:23 - What is Wyvern Security?
27:25 - Changing the workplace culture
32:47 - Social media is key to finding diverse candidates
36:55 - Preventing burnout with employees
40:10 - Advice on earning advanced degrees
42:03 - Contract work vs. full-time employee
43:34 - Free resources and services
44:52 - What's Chanel Suggs book about?
47:48 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Learn all about emergency response — and the myriad techniques and skills that term implies — in today's episode featuring Christopher Tarantino, CEO of Epicenter Innovation. Is there a physical security component? Yes! Is there a cybersecurity component? Big time! Is there an educational element? Absolutely! Find out how disaster planning, preparation, remediation and post-event rebuilding and improvement are all opportunities to strengthen your security posture.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Free cybersecurity training resources
0:56 - Overview of today's episode
1:47 - Who is Christopher Tarantino?
3:25 - What does an emergency response team do?
4:38 - Resilience in emergency response
7:45 - Importance of boring innovation
9:30 - Higher ed emergency response example
13:13 - Healthcare, higher ed and government resilience
16:00 - Years-long education around disasters
21:03 - Biggest cybersecurity blind spots
25:00 - Skills required for emergency response careers
30:00 - Importance of communication across community
35:50 - Transitioning careers from cybersecurity to emergency response
44:10 - Learn more about Epicenter Innovation
44:35 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

If you want to learn more about working with operational technology (OT) and internet-connected devices, then don't miss today's episode with Francis Cianfrocca, CEO of Insight Cyber Group. He discusses security problems around OT and IoT systems and shares some surprising stories of intruders in the electrical grid. He also talks about why it’s so hard to secure a set of machines that often pre-date computer technology and the small changes in your community that can make huge differences in the entire security industry.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Free cybersecurity training resources
0:56 - Overview of today's episode
1:48 - Who is Francis Cianfrocca and Insight Cyber? 
2:15 - Getting into tech and cybersecurity
4:13 - Francis' job roles and companies
5:22 - Early days of ICS systems security
10:15 - CEO duties at a cybersecurity startup 
12:19 - Why is infrastructure security so bad?
16:05 - Different approaches needed for ICS and IOT systems
20:23 - Catching intruders early on with industrial systems
22:45 - Using artificial intelligence in ICS security
24:50 - Bad actors are really good at reconnaissance
27:20 - ICS and IOT environments cannot have downtime
30:00 - Asset and behavioral inventory is difficult
31:42 - Real-world examples of rogue ICS software
36:30 - ICS vs. IOT security
42:57 - How to promote industrial security careers
46:07 - Impact of AI on cybersecurity careers
48:40 - Preparing for an ICS cybersecurity career
51:07 - What's Insight Cyber working on?
52:45 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Last year, Cyber Work Live brought you into the world of cybersecurity project management — with tips for acquiring your skills, improving your resume and getting your foot in the door. But what does the day-to-day work of cybersecurity project managers look like?

Jackie Olshack and Ginny Morton return to answer that question. They’ll also share experiences they’ve gained while working on some of their biggest projects!

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro
0:50 - Who is Jackie Olshack? 
1:24 - Who is Ginny Morton? 
2:52 - Can non-technical PMs move into the tech space?
8:50 - Best way to manage projects with limited resources
13:30 - What certificates are needed for project management jobs?
18:52 - How do you kick off a cybersecurity project?
28:41 - How do you keep the project on schedule?
34:15 - Tips for networking in remote working situations
36:55 - Dealing with slowdowns and delays in projects
43:35 - Importance of a supportive environment in projects
47:40 - Dealing with delays from other teams in projects
50:35 - Tips for managing multiple projects at once
55:35 - How can teams support their project manager
56:35 - Transitioning into a cybersecurity career
59:00 - Outro and Infosec Skills giveaway

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today's episode, our old pal John Wagnon, Infosec Skills author and keeper of the secrets of OWASP, joins me to talk about the big changes in the OWASP Top 10 that happened at the end of 2021, his own class teaching the Top 10, and some job tips, study hints and career pivots for people interested in these vulnerabilities. Find out why access managers are going to rule the world someday!

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Free cybersecurity training resources
0:56 - Overview of today's episode
1:43 - Who is John Wagnon? 
2:50 - Working in cybersecurity and teaching OWASP
4:18 - What is the OWASP Top 10?
7:51 - How did the OWASP Top 10 change in 2021?
15:48 - Why do these security issues never go away?
19:06 - Cybersecurity roles using the OWASP Top 10
23:43 - What's covered in John's OWASP Top 10 courses?
26:42 - How to get hands-on cybersecurity experience
30:24 - Vulnerability-related cybersecurity career paths
34:16 - What is John working on with Infosec and Fortinet?
35:37 - Using your career as a learning opportunity
37:16 - Learn more about John Wagnon and OWASP
38:30 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today on the Cyber Work Podcast, Mark Kapczynski of OneRep reminds us of an awful truth most people either don’t know or don’t like to think about. Your personal information — your address, your phone number, your age — all of these things are on the public internet! Mark talks about OneRep’s mission to scrub personal information from these sites, suggests changes that could help prevent this problem, and shares ways you could base a career in this fight for data privacy and autonomy. All that and a detour into grade-school home computer shenanigans on today's episode.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Free cybersecurity training resources
0:56 - Overview of today's episode
1:50 - Who is Mark Kapczynski? 
2:44 - Data breaches are a way of life
3:36 - Getting started in IT and cybersecurity
5:41 - Helping the film industry go digital
7:31 - Transitioning industries from paper to digital
9:53 - What types of personal data are on the internet?
12:40 - How people search sites sell PII and make money
14:50 - How to get personal information removed from sites
18:07 - What type of services does OneRep offer?
19:19 - How is public personal data used in cybercrime?
23:01 - How can consumers limit personal data exposure?
26:38 - Regulatory changes needed to protect personal data
29:00 - Who owns your personal data?
30:55 - Web 3.0, smart contracts and other tech needed
33:58 - Jobs and careers related to data privacy
36:38 - Every professional needs to understand data
39:50 - What makes a data professional's resume stand out?
41:50 - What is OneRep?
44:30 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today's episode is all about email fraud. John Wilson, head of the cyber intelligence division at Agari by HelpSystems, discusses Business Email Compromise (BEC), spearphishing, whaling, romance fraud and more. If you can name it, John’s studied it. And he's likely collected intel that’s managed to freeze cybercriminals’ assets — and even put them away. He gives career tips and advice for engaging in threat research at all levels, we discuss the pyrrhic victory that is the modern spam filter, and John tells me why BEC fraud hunters’ best asset is a degree in psychology! All that and loads more, today on Cyber Work!

– Get your FREE cybersecurity training resources:  https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Free cybersecurity training resources
0:58 - Overview of today's episode
1:58 - Who is John Wilson? 
3:02 - Getting into cybersecurity
4:58 - How spam has evolved over the years
8:12 - Why pursue a career in fraud?
11:10 - 3 primary vectors for email attacks
15:20 - Is BEC ever an insider threat?
16:16 - Is education making a difference on BEC attacks?
20:55 - Tracking down BEC actors and recovering assets
23:50 - Two angles to preventing BEC attacks
29:12 - Careers related to BEC and phishing prevention
34:42 - How to gain cybersecurity experience and get hired
37:25 - Agari and email fraud protection
42:16 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today's episode, we're breaking down phrases you've heard a million times: “security is everyone’s job,” “humans are the weakest link in the security chain,” “it’s not if you get breached, but when.” Returning guest Alyssa Miller drills into these comforting nostrums and explains why, even when they’re used for well-intended purposes, they often act to limit the conversation and the options, rather than address the hard work needed to overcome these evergreen problems. You’re not going to want to miss this one, folks! It’s all that, plus a little bit of book talk, today on Cyber Work!

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
– Get the Cybersecurity Career Guide by Alyssa Miller: https://alyssa.link/book

0:00 - Intro
1:38 - Alyssa's tweet that inspired this episode
4:00 - Why you need to read the Cybersecurity Career Guide
9:10 - Cybersecurity platitudes and clichés
11:30 - Cliché 1: "It's not if you get breached, but when"
18:44 - Cliché 2:"Just patch your shit"
24:58 - Cliché 3: "Users are the weakest link"
32:34 - Cliché 4: "Security is everyone's job"
35:52 - Cliché 5: What is a "quality gate"?
44:14 - Cliché 6: "You just need passion to get hired"
48:14 - How to write a better cybersecurity job description 
50:15 - Business value of diversity and inclusion
52:52 - Building a security champions program
55:12 - Where can you connect with Alyssa Miller?
56:44 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Secure coders are responsible for developing and writing secure code in a way that protects against security vulnerabilities like bugs, defects and logic flaws. They take proactive steps to introduce secure coding methodologies before the application or software is introduced into a production environment, often following recommendations from the Open Web Application Security Project (OWASP) Foundation.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
– Learn more here: https://www.infosecinstitute.com/skills/train-for-your-role/secure-coder/

0:00 - Intro
0:25 - What does a secure coder do?
5:48 - How do you become a secure coder?
9:46 - What skills do secure coders need?
12:28 - What tools do secure coders use?
17:08 - What roles can secure coders transition into?
19:50 - What to do right now to become a secure coder

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Diana Kelley returns to the show to discuss her work as a board member of the Cyber Future Foundation and the goings-on at this year’s Cyber Talent Week. Whether you’re a cybersecurity hiring manager who doesn’t know why you’re not getting the applicants you want, a candidate who hears the profession has 0% unemployment but still can’t seem to get a callback or anyone in between, DO. NOT. MISS. THIS. EPISODE. This is one for the books, folks.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Cybersecurity hiring and job searching
4:30 - Diana Kelley of Cyber Future Foundation
9:00 - Cyber Future Foundation talent week
13:58 - Reexamining cybersecurity job descriptions 
21:52 - Cybersecurity hiring manager and applicant training
27:10 - Strategies to bring in diverse talent from other industries
33:06 - Narrowing your cybersecurity job pursuit
39:37 - Using different educations in cybersecurity roles
41:32 - Implementing an educational pipeline
44:40 - Hiring based on strong skills from other trades
48:22 - Cybersecurity apprenticeships 
53:22 - Fostering cybersecurity community value 
59:09 - Diana Kelley's future projects
1:00:30 - Outro

Today on Cyber Work Ché Wijesinghe of Cape Privacy talks about the safe and ethical collection of user data when creating machine learning or predictive models. When your bank is weighing whether to give you a loan, they can make a better choice the more info they know about you. But how secure is that contextual data? Hint: not as secure as Wijesinghe would like!

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Machine learning and data collection
2:37 - Getting started in cybersecurity
3:15 - Being drawn to big data
4:35 - What data is driving decision-making?
9:04 - How is data collection regulated?
15:02 - Closing the encryption gap
16:50 - Careers in data privacy
19:07 - Where can you move from data privacy?
21:20 - Ethics of data collection 
23:25 - Learn more about Wijesinghe 
23:55 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

A Privacy Manager is responsible for the development, creation, maintenance and enforcement of the privacy policies and procedures of an organization. They ensure compliance with all privacy-related laws and regulations. The Privacy Manager takes an active lead role when a privacy incident or data breach occurs and will start the investigation. They will then monitor, track and resolve any privacy issues. The Privacy Manager builds a strategic and comprehensive privacy program for their organization that minimizes risk and ensures the confidentiality of protected information.

Advanced knowledge of privacy law and data protection is critical to success in this role.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
- Learn more about privacy managers: https://www.infosecinstitute.com/role-privacy-manager/

0:00 - Working as a privacy manager
0:40 - What does a privacy manager do? 
3:02 - Experience a privacy manager needs
5:15 - Is college necessary for a privacy manager?
8:05 - Skills needed to be a privacy manager
10:30 - What tools does a privacy manager use?
11:15 - Where do privacy managers work? 
12:15 - Roles privacy managers can move to
13:30 - How do I get started becoming a privacy manager?

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Just getting started?  This role is for you!

The Cybersecurity Beginner role focuses on the foundational skills and knowledge that will allow anyone to take the first step towards transitioning into a cybersecurity career.  No prior knowledge of cybersecurity or work experience is required. The only prerequisite is a passion for technology and cybersecurity.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
– Learn more about the role here: https://www.infosecinstitute.com/role-cybersecurity-beginner/

0:00 - Working as a cybersecurity beginner
0:41 - Tasks a cybersecurity beginner may take on
4:15 - Cybersecurity work imposter syndrome
5:49 - Common tools cybersecurity beginners use
9:08 - Jobs for cybersecurity beginners
13:50 - Get started in cybersecurity 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Industrial control system (ICS) security practitioners are responsible for securing mission-critical SCADA and ICS information systems. They are responsible for restricting digital and physical access to ICS devices, such as PLCs and RTUs, to maximize system uptime and availability. Extensive knowledge of OT and IT protocols, incident response, Linux and Windows OS, configuration management, air-gapped or closed networks, insider threats and physical security controls are important competencies for any ICS security practitioner.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
– Learn more about ICS security practitioners: https://www.infosecinstitute.com/skills/train-for-your-role/ics-security/

O:00 - ICS security practitioners 
0:25 - What is an industrial control system practitioner?
2:22 - How to become an ICS practitioner 
4:00 - Education required for an ICS practitioner 
5:00 - Soft skills ICS practitioners need
6:05 - Common tools ICS practitioners use 
7:59 - Where do ICS practitioners work? 
10:05 - Can I move to another role after ICS practitioner? 
12:18 - Getting started as an ICS practitioner 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Join Infosec Skills authors Chris Stevens, John Bandler and Ralph O’Brien as they discuss the intersection of privacy and cybersecurity. They’ll help you walk a path that will lead to an engaging career as a privacy specialist — a job role that grows with more opportunities year after year!

This episode was recorded live on April 12, 2022. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/.

0:00 - Intro and guests
3:45 - What is privacy as a career? 
8:15 - Day-to-day work of a cybersecurity privacy professional?
16:45 - Intersection of law and tech degrees
20:30 - What beginner privacy certifications should I pursue? 
25:45 - Best practices for studying for IAPP certifications
33:00 - How to gain experience in cybersecurity privacy work
40:27 - How to interview for a cybersecurity privacy job
45:00 - GDPR and ransomware 
51:52 - Implementation of privacy laws and security positions 
58:15 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Security engineers are responsible for implementing, and continuously monitoring security controls that protect computer assets, networks and organizational data. They often design security architecture and develop technical solutions to mitigate and automate security-related tasks. Technical knowledge of network/web protocols, infrastructure, authentication, log management and multiple operating systems and databases is critical to success in this role.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
– Learn more: https://www.infosecinstitute.com/skills/learning-paths/security-engineering/

0:00 - What is a security engineer? 
3:39 - How do I become a security engineer? 
4:52 - Studying to become a security engineer
5:47 - Soft skills for security engineers
7:05 - Where do security engineers work? 
9:43 - Tools for security engineers
12:10 - Roles adjacent to security engineer 
13:15 - Become a security engineer right now

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Information risk analysts conduct objective, fact-based risk assessments on existing and new systems and technologies, and communicate findings to all stakeholders within the information system. They also identify opportunities to improve the risk posture of the organization and continuously monitor risk tolerance.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
– Learn more: https://www.infosecinstitute.com/skills/train-for-your-role/information-risk-analyst/

0:00 - Information risk analyst career
0:30 - Day-to-day tasks of an information risk analyst
2:09 - How to become an information risk analyst
4:00 - Training for an information risk analyst role
5:42 - Skills an information risk analyst needs
9:24 - Tools information risk analysts use
10:51 - Jobs for information risk analysts 
13:08 - Other jobs information risk analysts can do
18:05 - First steps to becoming an information risk analyst

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Moshe Zioni of Apiiro talks about threat research and how to properly report discovered code vulnerabilities. We discuss the ways that vulnerabilities can find their way into code despite your best intentions, the difference between full disclosure and responsible disclosure, and being in the last generation to still grow up before the internet changed everything.

– Free cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Cybersecurity threat research 
2:21 - Getting interested in computers
3:25 - Penetration testing and threat research 
6:15 - Code vulnerabilities 
10:58 - Research process for vulnerabilities 
17:05 - Proper reporting of threats
23:11 - Full disclosure vs proper disclosure
25:53 - Current security threats
30:20 - Day-to-day work of security researchers 
32:02 - Tips for working in pentesting 
35:32 - What is Apiiro?
39:11 - Learn more about Moshe Zioni 
39:42 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

TEDx speaker, security researcher, host of the podcast MiC Club and all-around expert on security awareness and social engineering, Dr. Erik Huffman, is today's guest. Huffman spoke at the 2021 Infosec Inspire virtual conference, and for those of you who were captivated by his presentation, prepare for another hour of Dr. Huffman’s insights on why we need to teach security awareness from insight, rather than fear or punishment, how positive name recognition in an email can short-circuit our common sense and how to keep your extrovert family members from answering those questions online about your first pet and the street you lived on as a child.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Clicking on phishing attacks
3:13 - First getting into cybersecurity
5:00 - Higher education and cybersecurity 
7:41 - Cybersecurity research projects
10:05 - Impacting a cybersecurity breach 
11:14 - Security awareness and social engineering
15:45 - Common social engineering tricks 
23:00 - Changing security habits
30:15 - Cybersecurity communication avenues
33:30 - Getting family members cyber safe
38:00 - Harvesting info via social media
42:13 - Working in security awareness and threat research
44:54 - Importance of white papers and documentation 
55:04 - Learn more about Erik Huffman
56:00 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Marcus Fowler, senior vice president of strategic engagement and threats at DarkTrace, talks about attack vectors currently facing embedded journalists, their need to be available at all times for potential sources and how that openness makes them, their company and their confidential sources potential attack vectors for cybercriminals. Fowler talks about security hardening strategies that don’t compromise journalistic availability, the work of threat research and why people with natural interests in cybersecurity will have their career path choose them, not the other way around.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Cybersecurity threats to journalists 
3:00 - Getting into cybersecurity 
5:50 - CIA cybersecurity training
7:18 - Joining DarkTrace in engagement threat roles
10:22 - Tasks with engagement threat jobs
13:22 - Cybersecurity work balance
17:49 - Advanced persistent threats against media
23:33 - Attack vectors journalists face
26:14 - Journalist cybersecurity savvy 
28:08 - A truly secure journalism source 
32:58 - Damage from a compromised source
36:05 - Main cybersecurity threats right now
38:37 - Qualifications needed to work as a threat researcher
42:52 - Safe cybersecurity jobs 
47:05 - What is DarkTrace?
49:06 - Learn more about Marcus Fowler
50:11 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Justin Pelletier is the director of the cyber range program at the ESL Global Cybersecurity Institute at the Rochester Institute of Technology. Infosec Skills has some great cyber ranges, but Pelletier shows the organization’s massive, immersive simulations. Because they’ve also included cyber range technology for beginning cybersecurity pros transitioning from other jobs, we cover what’s involved in making a good cyber range, how to break down those early barriers of fear and self-doubt and how quickly you can move into a cyber career after hands-on training.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Immersive cyber ranges
3:13 - Getting into cybersecurity
5:06 - Studying data breaches
11:03 - Cybersecurity at the Department of Defense
14:02 - Cyber range education at the RIT
16:20 - Work of the Global Cyber Range
24:20 - Cyber range scenarios 
38:30 - What makes a good cyber range? 
42:00 - Successfully getting into cybersecurity
45:33 - Cyber range upskilling 
48:47 - Cybersecurity hiring changes
51:30 - Learn more about the cyber range center
52:30 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today's podcast highlights implementation privacy, policy privacy and all things privacy with privacy expert and Infosec Skills author and instructor Chris Stevens. From his years in the government’s office of national intelligence to his multiple IAPP certifications, Stevens is happy to tell you everything you ever wanted to know about careers in privacy, around privacy and careers that would be better with a helping of privacy skills on top!

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Cybersecurity privacy 
3:30 - Getting interested in cybersecurity
4:40 - Cybersecurity in the Department of Defense
6:00 - Computer science studies 
8:50 - Cybersecurity research
11:05 - Information privacy and privacy professionals
14:48 - What does U.S. privacy cover?
19:10 - Privacy certifications and more
21:36 - Privacy differences across countries
24:50 - Difference in privacy certifications
27:16 - Learning about privacy
30:16 - Positions available for information privacy 
33:50 - Educational steps to work in privacy
36:00 - Getting a job in privacy
37:57 - Entry-level work in privacy roles
42:44 - How to stay on track in lifelong learning
46:37 - Cybersecurity education in the future
48:19 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Steve Pereira of Visible Value Stream Consulting discusses DevOps, SecOps, DevSecOps and his own lifelong love of streamlining projects. You’ll hear how his dad’s job with Bell Telephone facilitated his early explorations, the intersections of DevOps and Agile, the ever-important security component of it all and why following your interests and not the big money payouts might not work in the short run, but ultimately will get you where you want to go in the end.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
2:35 - Cybersecurity origin story
6:02 - Build and release engineering
9:27 - Tech and business
11:20 - DevOps projects
12:10 - Automating yourself out of your job
13:44 - What is DevOps?
23:45 - Method for DevOps success
31:47 - Development team vs security team
36:03 - DevOps history and Agile
44:50 - How do I work in DevOps?  
52:09 - Visible Value Stream Consulting 
54:42 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Digital forensics analysts collect, analyze and interpret digital evidence to reconstruct potential criminal events and/or aid in preventing unauthorized actions from threat actors. They help recover data like documents, photos and emails from computer or mobile device hard drives and other data storage devices, such as zip folders and flash drives, that have been deleted, damaged or otherwise manipulated. Digital forensic analysts carefully follow chain of custody rules for digital evidence and provide evidence in acceptable formats for legal proceedings.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– Learn more about forensics: https://www.infosecinstitute.com/skills/train-for-your-role/digital-forensics-analyst/

0:00 - Intro 
0:26 - What is a digital forensics analyst? 
0:57 - Digital forensics specialties
1:24 - How to become a digital forensics analyst
2:17 - Skills needed to be a digital forensics analyst 
3:34 - Common tools for a digital forensics analyst 
4:42 - Using digital forensics tools 
5:17 - Digital forensics analyst jobs
6:30 - Moving from digital forensics to new roles
7:17 - Get started in digital forensics
8:18 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Infosec Skills author Mike Meyers of Total Seminars joins me to discuss three foundational certifications that will start you on just about any path you want to go. Specifically, the CompTIA A+, Network+ and Security+ certifications. Meyers dispenses tough love for people who want someone else to map their career for them, talks up the benefits of vendor-neutral certs and blows my mind by comparing certs with car windshield wipers. Intrigued? You should be! That’s all today, on Cyber Work!

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
3:00 - Beginning in cybersecurity 
3:23 - Why teach cybersecurity? 
5:54 - Why CompTIA?
6:57 - Start vendor neutral with cybersecurity certification 
12:10 - Being diverse in cybersecurity is essential 
13:35 - Why A+, Network+ and Security+?
25:53 - Guiding your cybersecurity career
30:05 - Where to learn cybersecurity skills
42:02 - Cybersecurity job dilution 
44:20 -  Where do I begin my cybersecurity career?
48:32 - Using the Infosec Skills platform
49:38 - Mike Meyers' next projects
51:30 - What is Total Seminars?
52:12 - Learn more about Meyers and Total Seminars
53:23 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Security Architects are responsible for planning, designing, testing, implementing and maintaining an organization's computer and network security infrastructure. Security Architects develop information technology rules and requirements that describe baseline and target architectures and support enterprise mission needs.

Advanced technical knowledge of network/web protocols, infrastructure, authentication, enterprise risk management, security engineering, communications and network security, identity and access management, and incident response, is critical to success in this role.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– Learn more about the role of security architect: https://www.infosecinstitute.com/skills/train-for-your-role/security-architect/

0:00 - Intro 
0:31 - What is a security architect? 
1:07 - How to become a security architect
2:15 - What certifications should a security architect get? 
3:07 - Skills a security architect needs
4:07 - Learning as a security architect
7:06 - Security architect tools
7:58 - Where do security architects work 
9:28 - Private vs federal security architects
11:09 - Related roles to security architect
12:12 - Start working toward security architect
13:23 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Curtis Preston, aka “Mr. Backup,” has been in the backup and recovery space since 1993. He’s written four books, hosts a podcast called “Restore it all,” founded backupcentral.com and is a tech evangelist for SaaS data protection company Druva. We talk about disaster recovery, the role of good backup in ransomware situations and why the data recovery person and the information security person in your company need to become fast friends and start sharing notes. Also, why we’ve all been completely wrong about tape backup systems.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Cyber Work intro 
2:40 - Mr. Backup origin story
4:01 - How backup and recovery has changed
7:44 - Data duplication during a disaster
9:45 - Speed of data recovery changes
12:47 - Benefit to physical data backups
15:37 - Common long-term data backup mistakes
19:04 - Other issues with data recovery
23:22 - Limits of disaster recovery
34:16 - Encryption options 
39:44 - Jobs in data backup and recovery
44:54 - Benefit to learning data backup and recovery
46:53 - Data backup and recovery outlook
52:52 - What is the Restore It All podcast?
56:15 - What is Druva? 
59:45 - Where can I learn more about Mr. Backup? 
1:00:32 - Cyber Work outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Maxime Lamothe-Brassard, founder of LimaCharlie, has worked for Crowdstrike, Google X and Chronicle Security before starting his own company. This episode goes deep into thinking about your long-term career strategies, so don’t miss this one if you’re thinking about where you want to go in cybersecurity in two, five or even 10 years from now.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
2:56 - First getting into cybersecurity 
6:46 - Working in Canada's national defense
9:33 - Learning on the job
10:39 - Security practices in government versus private sector
13:50 - Average day at LimaCharlie
16:40 - Career journey
19:25 - Skills picked up at each position 
23:57 - How is time length changing? 
27:53 - Security tools and how they could be
31:34 - Where do security tool kits fail? 
34:04 - Current state of practice and study
37:10 - Advice for cybersecurity students in 2022
38:21 - More about LimaCharlie
39:50 - Learn more about LImaCharlie or Maxime
40:08 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Jessica Amado, head of cyber research at Sepio Systems, discusses hardware-based cybersecurity threats. We’ve all heard the USB in the parking lot trick, but Amado tells us about the increasingly complex ways cybercriminals bypass hardware safeguards, and lets you know how to make sure that the keyboard or mouse you’re plugging in isn’t carrying a dangerous passenger.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
2:30 - Initial cybersecurity draw
6:30 - Day-to-day work as head of cybersecurity research
8:44 - How Amado does research
9:37 - Amado's routine 
10:35 - Hardware-based ransomware
13:00 - Other hardware threat factors
17:54 - Security practices with USBs
20:10 - How to check hardware
21:52 - Recommendations on security protocols
23:57 - The future of ransomware and malware
27:20 - How to work in hardware security 
31:35 - Cybersecurity in other industries
32:33 - Advice for cybersecurity students 
34:11 - Sepio Systems 
35:58 - Learn more about Sepio or Amado
36:23 - Outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Cloud security engineers design, develop, manage and maintain a secure infrastructure leveraging cloud platform security technologies. They use technical guidance and engineering best practices to securely build and scale cloud-native applications and configure network security defenses within the cloud environment. These individuals are proficient in identity and access management (IAM), using cloud technology to provide data protection, container security, networking, system administration and zero-trust architecture.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– Learn more about the role of cloud security engineer: https://www.infosecinstitute.com/skills/train-for-your-role/cloud-security-engineer/

0:00 - Intro 
0:25 - What does a cloud security engineer do? 
1:55 - How to become a cloud security engineer? 
2:55 - How to gain knowledge for the role
4:43 - Skills needed for cloud security engineers
6:00 - Common tools cloud security engineers use
7:43 - Job options available for this work
8:35 - Types of jobs
9:16 - Can you pivot into other roles? 
11:03 - What can I do right now?
12:33 - Outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Are you great with details? Do you like juggling multiple projects at once? Is your organization system the topic of awed discussion between your co-workers? Or are you just interested in getting into cybersecurity from a different angle? If so, you might already be a top-notch project manager and not even know it!

Join a panel of past Cyber Work Podcast guests as they discuss their tips to become a project management all-star:
– Jackie Olshack, Senior Program Manager, Dell Technologies
– Ginny Morton, Advisory Manager, Identity Access Management, Deloitte Risk & Financial Advisory

If you’re interested in project management as a long-term career, Jackie and Ginny will discuss their career histories and tips for breaking into the field. If you plan to use project management as a way to learn more about other cybersecurity career paths, we’ll also cover how to leverage those skills to transition into roles.

This episode was recorded live on December 15, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/

– Want to earn your PMP certification? Learn more here: https://www.infosecinstitute.com/courses/pmp-boot-camp-training/
– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

The topics covered include:
0:00 - Intro
0:51 - Meet the panel
3:12 - Why we're talking project management
6:27 - Agenda for this discussion
6:55 - Part 1: Break into cybersecurity project management
7:45 - Resume recommendations for project managers
12:35 - Interview mistakes for project managers
19:22 - Creating your elevator pitch
23:10 - Importance of your LinkedIn page
25:05 - What certifications should I get?
30:38 - Do I need to be technical to be successful?
34:20 - How to build cybersecurity project management skills
38:28 - Part 2: Doing the work of project management
40:47 - Getting team members to lead themselves
44:50 - Dealing with customer ambiguity
47:30 - Part 3: Pivoting out of project management
47:48 - How do I change roles in an organization
51:50 - What's the next step after cybersecurity project manager?
53:43 - How to move from PMing security teams into leading them?
59:05 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Security operations center (SOC) analysts are responsible for analyzing and monitoring network traffic, threats and vulnerabilities within an organization’s IT infrastructure. This includes monitoring, investigating and reporting security events and incidents from security information and event management (SIEM) systems. SOC analysts also monitor firewall, email, web and DNS logs to identify and mitigate intrusion attempts.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– Learn more about the SOC analyst role: https://www.infosecinstitute.com/role-soc-analyst/.

0:00 Intro 
1:20 - What is a SOC analyst? 
1:58 - Levels of SOC analyst
2:24 - How to become a SOC analyst
2:53 - Certification requirements
3:29 - Skills needed to succeed
4:38 - Tools SOC analysts use
5:32 - Open-source tool familiarity 
6:05 - Pivoting from a SOC analyst
6:50 - What can I do right now?
7:32 - Experience for your resume 
8:07 - Outro  

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Infosec’s Principal Security Researcher, instructor and cybersecurity renaissance man Keatron Evans returns to the show for the first in a series of once-quarterly episodes breaking down big stories in the news and cybersecurity trends for the future! We talk Solarwinds, Colonial Access Pipeline, Oldsmar, Keatron’s origin story and why, just like practicing your scales makes you a better musician, master pentesters and security pros got where they did by mastering the art of repetition in learning.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
2:30 - How did you get into cybersecurity? 
4:00 - What skills did you have early on? 
6:10 - First interaction with Infosec
10:34 - Work as a principal security researcher
13:20 - Machine learning in cybersecurity 
14:14 - Infosec classes
17:28 - Equity in cybersecurity 
20:25 - You don't need a technical background
21:36 - Major security breaches of 2021
22:15 - SolarWinds breach
24:56 - What job roles help stop these breaches?
27:50 - Water treatment plant breach
31:42 - Infrastructure security 
34:30 - President Biden and cybersecurity
39:22 - Supply chain security 
43:20 - Security trends for 2022
49:00 - Projects to keep an eye on
50:52 - Learn more about Evans
51:44 - Outro

Security managers develop security strategies that align with the organization's goals and objectives. In addition, they direct and monitor security policies, regulations and rules that the technical team implements. Knowledge in areas like information security governance, program development and management, incident response and risk management are important to success in any security management role.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– Learn more the security manager role: https://www.infosecinstitute.com/role-security-manager/

0:00 - Intro 
0:26 - What does a security manager do? 
3:15 - How do you become a security manager?
4:54 - What education is required for security managers?
5:55 - What certificates are required for security managers?
7:23 - What skills does a security manager need to have?
9:58 - Common tools security managers use
11:48 - Where do security managers work?
13:45 - How well do security managers pivot into other roles?
15:36 - What step can someone take now to become a security manager?
17:27 - Outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Andrew Howard, CEO of Kudelski Security, returns to give us his cybersecurity predictions for 2022! How will cybersecurity protect the supply chain, why is quantum computing on all of his clients' minds, and how would Andrew rewrite security from the ground up if a genie granted him three wishes?

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
3:00 - Getting into cybersecurity
4:00 - How has the cloud evolved?
6:46 - The past year in cybersecurity
8:20 - The next cybersecurity innovation 
8:57 - Where quantum computing is going
10:15 - Concerns about encryption data
10:54 - The state of ransomware
12:57 - Cybersecurity supply chain issues. 
16:18 - Hybrid work cybersecurity
18:42 - The year of cyber insurance
20:35 - DOD directive to close security gaps
22:15 - What would you change in cybersecurity?
25:45 - What would put phishing out of mind? 
28:10 - Advice to 2022 cybersecurity students 
29:37 - Kudelski Security 
30:58 - Blockchain security in 2022
31:57 - Learn more about Kudelski
32:10 - Outro   

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Penetration testers, or ethical hackers, are responsible for planning and performing authorized, simulated attacks within an organization’s information systems, networks, applications and infrastructure to identify vulnerabilities and weaknesses. Findings are documented in reports to advise clients on how to lower or mitigate risk. Penetration testers often specialize in a number of areas such as networks and infrastructures, Windows, Linux and Mac operating systems, embedded computer systems, web/mobile applications, supervisory control data acquisition (SCADA) control systems, cloud systems and internet of things (IoT) devices.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– Learn more about the role of penetration tester: https://www.infosecinstitute.com/role-penetration-tester/

0:00 - Intro 
0:26 - What does a penetration tester do? 
1:10 - Levels of penetration testers
1:50 - How to become a penetration tester
3:08 - Education needed to be a pentester
3:50 - Skills needed to pentest
4:24 - Common tools of the pentester
5:07 - Training with the tools
5:42 - Job options for pentesters
6:36 - Work duty expectations
7:45 - Can you move to a different role?
9:09 - What can I do to become a pentester?
9:54 - Outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Roderick Jones of Concentric talks about security risks facing content creators, influencers, gamers and streamers on Twitch, YouTube and elsewhere. Online harassment is often seen as “part of the package” if you’re going to work in a public-facing streamer community, but Jones knows that this isn’t inevitable, and it is fixable. A future without a shrug-shoulders approach to online abuse?

– Create your free Infosec Skills account: https://infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
3:37 - How did you get into cybersecurity?
5:30 - Were you scouted for your role? 
6:44 - How did the landscape change?
8:40 - Security intelligence to private sector
11:50 - Daily work at Concentric 
13:25 - Staying up on trends
15:09 - Gaming, streaming and security issues
21:31 - Desentization and online personalities 
25:42 - The future of online access
27:37 - How to protect streamers
31:40 - Censoring on streaming platforms with AI
35:06 - Safeguards streams should have in place
40:06 - Cybersecurity jobs related to streaming security 
41:58 - Being courteous online 
42:43 - More about Concentric
43:58 - Learn more about Jones
44:35 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Bentsi Ben-Atar of Sepio Systems talks about some truly scary high-tech hacking weapons and techniques, from Raspberry Pis in your mouse or keyboard to charging cables that can exfiltrate data from a mile away. What do we do? How do we prepare?

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
3:18 - Getting into cybersecurity
4:30 - Career highlights 
5:50 - Co-founding two companies 
7:22 - Typical work day at CTO and CMO
11:29 - New stealthy hacking tools
13:08 - Hacking a smart copy machine
17:46 - Stealing data with a Raspberry Pi
26:01 - The ninja cable 
32:11 - Security awareness while traveling 
35:20 - How to work battling high-tech cybercrime
36:35 - Exploring cybersecurity 
37:47 - More about Bentsi’s companies
39:31 - Find more about Bentsi 
39:57 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, Menachem Shafran of XM Cyber talks about cloud security. Menachem tells us about the work of project manager and product manager, how the haste to migrate to the cloud can unnecessarily leave vulnerabilities wide open and why a cloud security expert also needs to be a good storyteller.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
2:40 - Getting into cybersecurity
5:47 - Project manager in cybersecurity
9:12 - Identifying pain points
10:24 - Working as a VP of product
14:09 - Data breaches
16:30 - Critical versus non-critical data breaches
18:19 - Attacker’s market 
19:38 - How do we secure the cloud?
22:45 - A safer cycle of teams
24:40 - How to implement cybersecurity changes
28:50 - How to work in cloud security
30:48 - A good cloud security resume 
33:02 - Work from home and cloud security
34:30 - XM Cyber’s services 
37:21 - Learn more about Menachem
38:00 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On this week’s Cyber Work Podcast, BugCrowd and disclose.io! founder Casey Ellis discusses how to think like a cybercriminal, the crucial need for transparent vulnerability disclosure, the origins of BugCrowd and why mentorship is a gift that goes in both directions.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
3:15 - Getting into cybersecurity
4:30 - Criminal mindset in cybersecurity
5:49 - Ellis’s career to date 
9:10 - Healthcare cybersecurity
11:47 - Mentoring others 
13:52 - Mentorship as a two-way street
16:12 - Bugcrowd and bug bounty
19:18 - Vulnerability disclosure project
21:30 - Bug bounty popularity 
24:52 - U.S. sanctions on hacking groups
26:52 - Hiring hackers 
31:52 - Pursue specialization 
33:51 - Cyber threats flying under the radar
39:17 - Working from home safely
40:48 - How to get into bug bounties
42:18 - How to report vulnerabilities
44:04 - Advice to begin ethical hacking 
45:23 - Learn more about Ellis 
45:56 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, Kyle McNulty of Secure Ventures talks about interviewing the people behind the most up-and-coming cybersecurity startups. We discuss the best advice he’s received on the show, how to get your own podcast off the ground and his own security startup, ConsultPlace.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
2:40 - Getting into cybersecurity
6:00 - McNulty’s education and career
9:50 - Getting into consulting and startups
14:08 - Secure Ventures podcast
17:45 - Best insight from a podcast guest
20:13 - Startup stories 
22:10 - Startups during COVID
23:42 - Advice for startups
25:22 - How to begin a podcast 
33:25 - Tips for cybersecurity newcomers
35:04 - Upcoming podcasts
36:15 - ConsultPlace work 
38:00 - Find more about McNulty
38:42 - Outro

On today’s podcast, Adam Flatley of Redacted talks about 14 years spent with the NSA and working in global intelligence. He also delineates the process of disrupting ransomware and cybercrime groups by dismantling organizations, putting on pressure and making the crime of ransomware more trouble than it’s worth!

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
3:13 - Getting into cybersecurity 
4:27 - Why work for the DoD?
6:37 - Average work day in threat intelligence
9:28 - Main security threats today
11:53 - Issues cybersecurity is ignoring
16:12 - Disrupting ransomware offensively 
23:00 - How to handle ransomware 
25:07 - How do I fight cybercriminals 
27:15 - How to convey self learning on a resume
28:24 - Security recommendations for your company 
31:40 - Logistics of changing security 
34:40 - Cybercrime in five years
36:57 - Learn about Redacted
39:18 - Learn more about Adam
40:00 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, John Bambenek of Netenrich and Bambenek Consulting talks about threat research, intelligence analytics, why the same security problems are so evergreen and the importance of pitching in a little extra bit of your time and talents to make the world a bit better than you found it.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
2:45 - Getting into cybersecurity 
9:40 - Threat researcher versus security researcher and threat analyst
12:05 - How to get into a research or analyst role
16:32 - Unusual types of malware
19:03 - An ideal work day
23:06 - Current main threat actors
28:50 - What cybersecurity isn’t addressing
31:38 - Where can I volunteer?
36:02 - Skills needed for threat researchers
40:53 - Adjacent careers to threat research
45:11 - Threat research in five years
48:55 - Bambenek Consulting 
49:35 - Learn more about Bambenek
50:26 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, Cicero Chimbanda, Infosec Skills author and lecturer, discusses his cybersecurity leadership and management courses. We discuss the many paths of a cybersecurity leadership role, the soft skills that separate a good information security manager from a great one and why a baseline of cybersecurity knowledge can enhance any job, even if you don’t plan to pivot into the industry.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
3:37 - Getting into cybersecurity 
6:43 - First learning cybersecurity
7:54 - Skills needed to move up 
10:41 - CISM certification
13:00 - Two tracks of technology
15:13 - Are certifications important?
18:50 - Work as a college lecturer 
22:43 - Important cybersecurity soft skills
27:40 - Cybersecurity leadership and management 
32:33 - Where to go after security leadership 
35:26 - Soft skills for cybersecurity managers
37:23 - Benefits to skills-based education
39:40 - Tips for lifelong learning
43:46 - Cybersecurity education’s future
45:21 - Outro  

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, Secureworks president and CEO Wendy Thomas talks about the company’s drive to provide innovative, best-in-class security solutions that sit at the heart of customers’ security operations. Thomas shares over 25 years of experience in strategic and functional leadership roles, including work as a chief financial officer, chief product officer and VP of strategy. Thomas has worked across multiple technology-driven companies and has a wealth of knowledge.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro
3:18 - Wendy’s origin in cybersecurity
5:13 - Climbing the career ladder
8:10 - Average day as CEO
10:38 - Collaboration in cybersecurity
13:07 - Roadblocks in collaboration 
15:03 - Strategies to encourage collaboration
17:53 - Is there collaboration now? 
19:30 - Solving technology security gaps
21:35 - Limiting incident response noise
23:10 - Addressing the skills shortage
25:07 - Women in cybersecurity
30:45 - Developing your team
32:53 - Advice for those entering cybersecurity
34:18 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, Infosec Skills author Ted Harrington talks about authoring a recent Infosec Skills learning path, “How To Do Application Security Right,” which is also the subtitle of his recent book, “Hackable: How To Do Application Security Right.” Harrington shares his application security expertise, or AppSec, the benefits of skills-based learning, and what it was like to hack the iPhone.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
3:00 - Hacking the iPhone 
8:30 - IOT security 
14:00 - “Hackable” book 
17:14 - Using the book as a roadmap
18:42 - Most important skills right now
21:45 - Taking Harrington’s class
24:40 - Demystifying application security
26:48 - Career opportunities
28:26 - Roadblocks in application security
30:55 - Education tips for application security
33:40 - Benefits of skills-based education
37:21 - The skills gap and hiring process
41:19 - Tips for lifelong learners
43:43 - Harrington’s next projects
44:33 - Cybersecurity’s education’s future
45:38 - Connect with Harrington 
46:50 - Outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast Infosec Skills author Chrys Thorsen talks about founding IT Without Borders, a humanitarian organization built to empower underserved communities through capacity building information and communications technology (ICT) skills and information access. She’s also a consultant and educator. And, for our purpose, she is the author of several learning paths on our Infosec Skills platform. She has written course paths for Writing Secure Code in Android and Writing Secure Code in iOS, as well as a forthcoming CertNexus Cyber Secure Coder path.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro
2:43 - Thorsen’s origin story in cybersecurity 
4:53 - Gaining about 40 certifications
6:20 - Cross certification knowledge
7:25 - Great certification combos 
8:45 - How useful are certifications?
11:12 - Collecting certifications
13:01 - Changing training landscape
14:20 - How teaching changed
16:36 - In-demand cybersecurity skills
17:48 - What is secure coding?
19:34 - Secure coders versus coders 
20:31 - Secure coding in iOS versus Android 
22:39 - CertNexus secure coder certification
24:13 - Secure coding before coding 
24:42 - Secure coding curriculum 
26:27 - Recommended studies post secure coding
26:50 - Benefits to skills-based education
27:43 - Tips for lifelong learning
29:29 - Cybersecurity education’s future 
30:54 - IT Without Borders
33:38 - Outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, Jasmine Jackson takes us through how you can get noticed on your resume, how Linux basics can set you up for learning other aspects of cybersecurity, and how capture the flag activities are crucial to enriching your work skills. Jackson has over 10 years of information security experience and shares her passion for cybersecurity by presenting and teaching workshops, including new courses now available in Infosec Skills. She is currently the Jeopardy-style capture the flag (CTF) coach for the inaugural U.S. Cyber Games and works as a senior application security engineer for a Fortune 500 company. 

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro
3:08 - Jasmine Jackson’s origin story
4:25 - Winning a computer
6:22 - Jackson’s career path
13:46 - Thoughts on certifications 
19:10 - Ideal job description 
21:01 - Most important cybersecurity skills 
22:54 - Linux fundamentals class
25:07 - What does knowing Linux do for you?
26:35 - How to build upon a Linux foundation
28:51 - Benefits to skills training
29:50 - Tips for lifelong learning
31:30 - Coaching in the U.S. Cyber Games
34:26 - How are team members chosen for the games?
37:47 - An intriguing CTF puzzle 
41:43 - Where is cybersecurity education heading?
43:36 - Learn more about Jackson
46:33 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today's guest is Alex Amiryan, a software developer with over 18 years of experience specializing in cybersecurity and cryptography. Alex is the creator of the popular SafeCamera app, which was the predecessor of Stingle Photos, an end-to-end encrypted, open-source gallery and sync app able to prevent theft by breach. How does it work, and how did Alex come by his obsession for cryptography? Tune in and find out!

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
1:41 - Origin story in cybersecurity
3:38 - Running afoul of the law
4:44 - Beginning your own company
7:10 - Advice on starting a business
9:15 - What is Stingle Photos? 
12:30 - End-to-end encryption
15:20 - Black box storage
17:47 - Encryption safety
19:01 - Preventing photo theft
22:20 - Working in encryption and cryptography
24:24 - Skills needed for encryption and cryptography
26:43 - An "aha" moment 
28:00 - Cryptographer job market 
29:45 - Next steps in cryptography
35:52 - Learn more about Stingle Photos
36:28 - Outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

This week we chat with Connor Greig of CreatorSphere (creatorsphere.co) about beginning a career in IT at age 17 when he joined Hewlett Packard as an applications engineer, but after just a few weeks was promoted to project manager. He went on to work on secure projects for the British government and was a project manager for secure cloud computing and software development modernization during the WannaCry, Spectre and Meltdown vulnerabilities that were found.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
3:00 - Origin story
4:58 - Getting into IT
8:53 - Being scouted by HP at 17
11:34 - What did HP see in you?
15:42 - Working with the British government
17:49 - Being fast on your feet
19:51 - Area of specialty 
21:30 - Balancing work and management
25:25 - Saving McDonald's from a data breach
31:58 - McDonald's reaction 
38:56 - Starting your own company
45:25 - Advice for starting your own company
49:15 - How to learn new concepts and skills
53:15 - What's it like being a gay man in cybersecurity?
55:30 - Making cybersecurity more welcoming 
58:15 - Cybersecurity career advice
1:00:33 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Security Yearbook creator Richard Stiennon joins today’s podcast to share his career journey. He talks about creating the first ISP in the Midwest in the ‘90s, the role of the Security Yearbook in telling the history of cybersecurity and the best place to start your cybersecurity career. Hint: It’s not necessarily with the big firms!

– Save 50% on your copy of the Security Yearbook with code "infoseclive": https://it-harvest.com/shop
– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Infosec Skills Monthly Challenge
0:50 - Intro 
2:50 - How Richard got started in cybersecurity
7:22 - Penetration testing in the ‘90s
10:17 - Working as a research analyst
14:39 - How the cyberwar landscape is changing
19:33 - Skills needed as a cybersecurity researcher
20:30 - Launching the Security Yearbook
27:20 - Security Yearbook 2021 
29:00 - Importance of cybersecurity history
30:48 - How do cybersecurity investors see the industry
34:08 - Impact of COVID-19 and work from home
35:50 - Using the Security Yearbook to guide your career
40:38 - How cybersecurity careers are changing
43:29 - Current pentesting trends 
47:06 - First steps to becoming a research analyst
48:20 - Plans for Security Yearbook 2022
50:20 - Learn more about Richard Stiennon
51:09 - Outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Cybersecurity hiring managers, and the entire cybersecurity industry, can benefit from recruiting across a wide range of backgrounds and cultures, yet many organizations still struggle with meaningfully implementing effective diversity, equity and inclusion (DEI) hiring processes.

Join a panel of past Cyber Work Podcast guests as they discuss these challenges, as well as the benefits of hiring diversely:
– Gene Yoo, CEO of Resecurity, and the expert brought in by Sony to triage the 2014 hack
– Mari Galloway, co-founder of Women’s Society of Cyberjutsu
– Victor “Vic” Malloy, General Manager, CyberTexas

This episode was recorded live on August 19, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

The topics covered include:
0:00 - Intro
1:20 - Meet the panel
3:28 - Diversity statistics in cybersecurity
4:30 - Gene on HR's diversity mindset
5:50 - Vic's experience being the "first"
10:00 - Mari's experience as a woman in cybersecurity
12:22 - Stereotypes for women in cybersecurity
15:40 - Misrepresenting the work of cybersecurity
17:30 - HR gatekeeping and bias
25:56- Protecting neurodivergent employees
31:15 - Hiring bias against ethnic names
37:57 - We didn't get any diverse applicants!
43:20 - Lack of developing new talent
46:48 - The skills gap is "nonsense"
49:41- Cracking the C-suite ceiling
53:56 - Visions for the future of cybersecurity
58:15 - Outro

– Join the Infosec Skills monthly challenge: https://www.infosecinstitute.com/challenge

– Download our developing security teams ebook: https://www.infosecinstitute.com/ebook

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

PLEASE NOTE: Around minute 47, I incorrectly say that Eric Milam, author of the definitive report on the BAHAMUT threat group, is employed by HP. He is, in fact, employed by Blackberry. I sincerely apologize to Mr. Milam for the error.

In this special episode, we look back at how the show has evolved over the past three years and celebrate our amazing guests and viewers. You've helped grow the Cyber Work Podcast to nearly a million plays!

To give back, we're launching a brand new way for EVERYONE to build their cybersecurity skills. It's free. It's hands-on. Oh, and did we mention there's more than $1,000 in prizes EVERY MONTH.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Huge thank you to all the past guests who shared their expertise over the past 200 episodes. The timings of everyone in this episode are listed below. Happy listening!

0:00 - Intro
0:42 - Monthly challenges and $1,000 in prizes!
1:30 - Cyber Work Podcast origins 
2:32 - First episode with Leighton Johnson
3:16 - Finding our first guests
3:46 - Keatron Evans on incident response
6:54 - Susan Morrow on two-factor authentication
8:54 - Susan Morrow on GDPR 
11:03 - Susan Morrow on "booth babes" and speaking up
13:20 - Alissa Knight on getting arrested for hacking at 17
16:39 - Alissa Knight on API security
19:14 - Ron Gula on cybersecurity challenges
23:23 - Amber Schroader on the real work of digital forensics
26:19 - Theme of the Cyber Work Podcast
27:01 - Jeff Williams on creating the OWASP Top Ten
31:23 - David Balcar on the biggest APTs
33:46 - Elie Bursztein on breaking into cybersecurity
37:37 - Sam King on AppSec frameworks and analysis
41:17 - Gary DeMercurio on getting arrested for red teaming
47:19 - Eric Milam on the BAHAMUT threat group 
53:39 - Feedback from Cyber Work Podcast listeners
55:16 - Alyssa Miller on finding your career path 
57:24 - Amber Schroader on computer forensics tasks
59:07 - Richard Ford on malware analyst careers
1:02:02 - Career action you can take today  
1:02:19 - Rita Gurevich on reading and learning
1:03:20 - Snehal Antani on transitioning careers
1:04:26 - Promoting underrepresented voices
1:05:09 - Mari Galloway on women in cybersecurity
1:05:31 -  Alyssa Miller on diversity "dog whistles"
1:10:11 - Christine Izuakor on creating role models
1:10:52 - We want to hear your story
1:11:40 - Monthly challenges and outro 

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.