To The Point – Cybersecurity

In today's episode, we're thrilled to dive deep into the fascinating world of biometric security with our special guest, Professor Marios Savvides from Carnegie Mellon University. Marios is not only a leading expert in artificial intelligence and biometric technology but also the founder and director of the Biometric Center, and he was named Inventor of the Year in 2022 by the Pittsburgh Intellectual Property Association.

We'll explore a range of intriguing topics, including the exceptional robustness of iris recognition technology, advancements in non-intrusive biometric systems, and the critical role of human-computer interaction in security. Marios will share insights on overcoming challenges in iris and facial recognition, tackling biases in AI, and the ethical implications of AI decision-making, especially in autonomous vehicles. We'll also touch on pressing privacy and security concerns, such as the impact of facial recognition in public spaces and the emerging threat of deep fakes.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e307

Our hosts Vince Spina and Rachael Lyon are thrilled to welcome Kelly McCracken, Senior Vice President of Detection and Response at Salesforce. With over two decades of experience in cybersecurity and technology, Kelly dives deep into the evolving landscape of AI and its pivotal role in security operations.

We’ll explore how AI enhances detection and response capabilities, especially against phishing threats, and discuss the critical integration of threat intelligence in security programs. Kelly will shed light on the importance of tailored incident response playbooks and the necessity of training stakeholders for effective decision-making during security incidents.

Join us as we navigate key elements like risk reduction strategies, the balance between security and business enablement, and the evolving transparency in reporting security incidents. Kelly also shares insights from her experience in coauthoring a NIST guide, the shift to remote work, and the complexities of managing hybrid cloud environments.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e306

From the notorious Ticketmaster hack during Taylor Swift's ticket sales to the geopolitical cyber issues involving heavyweights like China and Israel, Maggie provides a comprehensive overview of the current cyber landscape. We'll explore the bipartisan effort needed to safeguard US infrastructure, including the vulnerabilities of our satellite systems, and the intricate dynamics of election security poised to affect the upcoming U.S. presidential election.

Maggie also sheds light on the disinformation campaigns waged by nation-states and the role of AI in shaping public perception. And, with her unique background and serendipitous journey into cybersecurity journalism, we'll get a glimpse into her fascinating career path.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e305

Today, we're diving deep into the intricate world of compliance and third-party risk management with none other than Alastair Parr, the Senior VP for Global Products and Services at Prevalent. We'll explore the 80/20 Rule in Compliance, the challenges organizations face with DORA reporting, and the pivotal role of data in effective compliance management. Alastair will share insights from his extensive background in auditing, emphasizing the importance of pragmatism and proportionality in risk assessments.

We'll also discuss the growing significance of AI in cybersecurity, including the cautious approach needed to manage data hallucinations and the importance of human validation. Plus, we'll delve into real-world scenarios, like the SolarWinds attack, that reshaped board-level discussions on operational resilience and vendor risk management.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e304

Welcome back to Forcepoint! In today's episode, hosts Rachael Lyon and Vince Spina dive deep into the ever-evolving world of cybersecurity with special guest Ross Young, CISO in Residence at Team 8.

Drawing on his extensive experience with top companies and intelligence agencies, Ross shares insights on critical issues like flexible work arrangements, AI-induced challenges, and the future of cybersecurity. From the importance of innovative data security solutions to the shifting dynamics of remote work, this conversation is packed with actionable insights and forward-thinking strategies. Stay tuned as we explore the complexities of modern IT environments, the rise of AI, and the strategic role of CISOs in navigating these turbulent waters. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e303

Welcome to "To The Point Cybersecurity," the podcast where we dive deep into the most pressing issues in global cybersecurity, explore emerging threats, and discuss innovative solutions. In this episode," our hosts Rachael Lyon and Vince Spina welcome Philippe Humeau, CEO of CrowdSec, an expert in adaptive cybersecurity measures.

Philippe brings to light the evolving challenges of managing IP reputations and the complexities cybercriminals face in influencing systems globally. He critiques the traditional use of honeypots and advocates for the richer insights gained from real-world data. Philippe delves into the use of data science and deep learning to detect and block malicious IPs, emphasizing adaptive and dynamic firewall systems over static rules.

Rachael and Vince guide the conversation through various intriguing topics, from the economic and logistical difficulties of mass manipulation by attackers to the importance of crowdsourcing and collaboration in defense strategies. Philippe’s thoughts on AI's escalating role in cybersecurity, the need for shared intelligence, and the impactful concept of multiplayer firewalls are discussed at length.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e302

Welcome to another episode of Forcepoint! In today's discussion, hosts Vince Spina and Rachael Lyon are joined by Aaron Painter, CEO of Nametag, to delve into the evolving complexities of identity verification and cybersecurity. We'll explore the limitations of current Multi-Factor Authentication (MFA) solutions, with a spotlight on the high-profile MGM attack in 2023, where social engineering compromised IT help desks. Aaron shares insights on alternatives like biometric authentication, the importance of user provisioning and recovery processes, and the balance between security and user experience. We'll also discuss privacy concerns, innovative consent practices, and the daunting challenges posed by deepfakes. Whether you're interested in the intricacies of digital identity, the impact of AI on security, or the future of secure online interactions, this episode is packed with valuable insights. Tune in and stay ahead of the cybersecurity curve!

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e301

Welcome to another insightful episode of "To The Point Cybersecurity," brought to you by Forcepoint! In today's episode, we're diving into the nuances of modern data security with our special guest, Yasir Ali, CEO of Polymer. As networks become increasingly borderless, the challenges for data security are escalating. We'll explore crucial technologies like Data Security Posture Management (DSPM) and Data Loss Prevention (DLP), and discuss the importance of reducing risk profiles and managing access control effectively.

Whether you're grappling with data security in a cloud-based world or curious about the future of AI in cybersecurity, this episode serves as an essential listen. Don't forget to subscribe and leave a review on Apple Podcasts or Google Podcasts. Let's get started! 

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e300

This week, Audra is joined by Mark Montgomery, senior director of the FDD’s Center on Cyber and Technology Innovation and director of the CSC 2.0. Today’s discussion focuses on the progress made implementing the recommendations of the Cyberspace Solarium Commission’s 2020 report and securing critical infrastructure more broadly, including insights from Mark on the need for a distinct military force focused exclusively on cybersecurity.

Mark Montgomery serves as senior director of the Center on Cyber and Technology Innovation, where he leads FDD’s efforts to advance U.S. prosperity and security through technology innovation while countering cyber threats that seek to diminish them. Mark also directs CSC 2.0, an initiative that works to implement the recommendations of the congressionally mandated Cyberspace Solarium Commission, where he served as executive director. Previously, Mark served as policy director for the Senate Armed Services Committee under the leadership of Senator John S. McCain, coordinating policy efforts on national security strategy, capabilities and requirements, and cyber policy.

Mark served for 32 years in the U.S. Navy as a nuclear-trained surface warfare officer, retiring as a rear admiral in 2017. He was assigned to the National Security Council from 1998 to 2000, serving as director for transnational threats. Mark has graduate degrees from the University of Pennsylvania and the University of Oxford and completed the U.S. Navy’s nuclear power training program.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e277

This week Eric and Arika discuss the process of creating real innovation in cybersecurity with Audra Simons, Director of Forcepoint’s Innovations Labs.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e276

Joining us this week is Peter W. Singer, a New York Times bestselling author of books including Ghost Fleet, LikeWar and the techno-thriller Burn In. He shares details on the New America volunteer, non-profit organization and its awesome #SharetheMicinCyber program helping to bring diversity of thought to the cybersecurity front lines. We also discuss the future of social media, what defines a cyberwar, Ukraine’s leverage of social media to garner global support this year, and the great work Useful Fiction is delivering to organizations to address the age old problem of translating complex themes (such as cyber) into compelling business narratives audiences understand and can learn from. And definitely take a few minutes to learn more about Passing the Mic’s cybersecurity fellowship program this week. Read more here: https://www.newamerica.org/the-thread/passing-the-mic-introducing-new-americas-cybersecurity-fellowship/

Peter Warren Singer is Strategist at New America, a Professor of Practice at Arizona State University, and Founder & Managing Partner at Useful Fiction LLC.

A New York Times Bestselling author, described in the Wall Street Journal as “the premier futurist in the national-security environment” and “all-around smart guy” in the Washington Post, he has been named by the Smithsonian as one of the nation’s 100 leading innovators, by Defense News as one of the 100 most influential people in defense issues, by Foreign Policy to their Top 100 Global Thinkers List, and as an official “Mad Scientist” for the U.S. Army’s Training and Doctrine Command. No author, living or dead, has more books on the professional US military reading lists. His non-fiction books include Corporate Warriors: The Rise of the Privatized Military Industry, Children at War, Wired for War: The Robotics Revolution and Conflict in the 21st Century; Cybersecurity and Cyberwar: What Everyone Needs to Know and most recently LikeWar, which explores how social media has changed war and politics. It was named an Amazon and Foreign Affairs book of the year and reviewed by Booklist as “LikeWar should be required reading for everyone living in a democracy and all who aspire to.” He is also the co-author of a new type of novel, using the format of a technothriller to communicate nonfiction research. Ghost Fleet: A Novel of the Next World War was both a top summer read and led to briefings everywhere from the White House to the Pentagon. His latest is Burn-In: A Novel of the Real Robotic Revolution. It has been described by the creator of Lost and Watchmen as “A visionary new form of storytelling—a rollercoaster ride of science fiction blended with science fact,” and by the head of Army Cyber Command as “I loved Burn-In so much that I’ve already read it twice.”

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e274

Joining the podcast this week is Tony Sager, Senior Vice President and Chief Evangelist for the Center of Internet Security and shares insights from his 45+ years on the security front lines, including 34 years at the NSA. Risk was a big theme of the discussion particularly looking at risk through a similar lens as we view other risky domains, such as the great work being done with the Cyber Safety Review Board. (And he shares color on the power of being okay with the risk of being wrong sometimes.) He also shares perspective on moving to incentive-based cyber models (such as what’s been done in Ohio and Connecticut), and the criticality of translating technology, attacks & attackers into public policy and market incentives. And it can’t be a great cyber discussion without addressing the growing sophistication of cyber criminals and their organizations – really becoming the defacto organized crime success path today.

Tony Sager, Senior Vice President and Chief Evangelist for the Center for Internet Security

Sager is a SVP and Chief Evangelist for CIS. He leads the development of the CIS Critical Security Controls™, a worldwide consensus project to find and support technical best practices in cybersecurity. Sager champions of use of CIS Controls and other solutions gleaned from previous cyber-attacks to improve global cyber defense. He also nurtures CIS’s independent worldwide community of volunteers, encouraging them to make their enterprise, and the connected world, a safer place. In November 2018, he added strategy development and outreach for CIS to his responsibilities.

In addition to his duties for CIS, he is an active volunteer in numerous community service activities: the Board of Directors for the Cybercrime Support Network; and a member of the National Academy of Sciences Cyber Resilience Forum; Advisory Boards for several local schools and colleges; and service on numerous national-level study groups and advisory panels.

Sager retired from the National Security Agency (NSA) after 34 years as an Information Assurance professional. He started his career there in the Communications Security (COMSEC) Intern Program, and worked as a mathematical cryptographer and a software vulnerability analyst. In 2001, Sager led the release of NSA security guidance to the public. He also expanded the NSA’s role in the development of open standards for security. Sager’s awards and commendations at NSA include the Presidential Rank Award at the Meritorious Level, twice, and the NSA Exceptional Civilian Service Award. The groups he led at NSA were also widely recognized for technical and mission excellence with awards from numerous industry sources, including the SANS Institute, SC Magazine, and Government Executive Magazine.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e273

Joining us this week is Jennifer Cook, Senior Director of Marketing at the National Cybersecurity Alliance and we discuss all the hot and trending online scams facing consumers today including the growing prevalence of romance scams ($1.3B in losses last year!), job seeker scams, tax fraud scams, sextortion, and the latest scam making the rounds – pig butchering scams. Jennifer shares insights on the many free resources available to consumers – and the awesome work being done by the National Cybersecurity Alliance working with partners and champions around the globe – that raise awareness of what to look for and how to avoid online and mobile scams that take advantage of our day-to-day engagement channels including email, social media and, increasingly, mobile text messages.

Jennifer Cook, Senior Director of Marketing at the National Cybersecurity Alliance

Jennifer Cook is the Senior Director of Marketing at the National Cybersecurity Alliance (NCA). Jennifer leads the development and coordination of NCA’s growing suite of campaigns and programs, including Cybersecurity Awareness Month and Data Privacy Week. She joined the National Cyber Security Alliance in 2017 and holds a degree in Marketing from Drexel University.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e272

This week we dive into the hot topic of cyber insurance with Dr. Josephine Wolff, Associate Professor of Cybersecurity Policy at Tufts University The Fletcher School and author of the book “You’ll See This Message When it is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches” (MIT Press 2018). We explore the dynamic industry of cyber insurance and key policy areas such as defining cyber war, the impact of the increase of ransomware the last two years (some stats put it at 150% increase!), and how to change security behaviors. She also shares insights on AI and the always looming theme of bias as well as the importance of always keeping a human in the loop. And, be sure to look out for her new book on cyber insurance with MIT Press coming out in August 2022.

Josephine Wolff - Associate Professor of Cybersecurity Policy at Tufts University's The Fletcher School

Josephine Wolff is an associate professor of cybersecurity policy and has been associated with The Fletcher School at Tufts University since 2019. Her research interests include international Internet governance, cyber-insurance, security responsibilities and liability of online intermediaries, government-funded programs for cybersecurity education and workforce development, and the legal, political, and economic consequences of cybersecurity incidents. Her book "You'll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches" was published by MIT Press in 2018. Her writing on cybersecurity has also appeared in Slate, The New York Times, The Washington Post, The Atlantic, and Wired. Prior to joining Fletcher, she was an assistant professor of public policy at the Rochester Institute of Technology and a fellow at the New America Cybersecurity Initiative and Harvard's Berkman Klein Center for Internet & Society. She received received a Ph.D. in Engineering Systems and M.S. in Technology and Policy from MIT, and an A.B. in mathematics from Princeton. As a student, she also spent time at Microsoft, the Center for Democracy and Technology, the White House Office of Science and Technology Policy, and the Department of Defense.

https://www.linkedin.com/in/josephine-wolff-1baa414b/

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e271

Want to know what this week’s episode title means? Listen to our two-part episode with Juan Andrés Guerrero Saade (aka JAGS), principal researcher at SentinelOne and Adjunct Professor of Strategic Studies at Johns Hopkins School of Advanced International Studies (SAIS). JAGS takes us on an exciting and educational ride through his research efforts on Moonlight Maze, one of the first widely known cyber espionage campaigns in world history, and how he came to be a featured hologram in the International Spy Museum in Washington, D.C. He also shares insights on the epic trolling endeavor through the recent “Meteor Express” wiper attack of an Iranian railway and possible ties to early versions of Stardust and Comet malware. And you won’t want to miss his perspective on monetization, Linux flying below the radar, why it’s important to get more savvy in determining what you want from vendors and how a philosophy major found his way into the threat intel space.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e270

Want to know what this week’s episode title means? Listen to our two-part episode with Juan Andrés Guerrero Saade (aka JAGS), principal researcher at SentinelOne and Adjunct Professor of Strategic Studies at Johns Hopkins School of Advanced International Studies (SAIS). JAGS takes us on an exciting and educational ride through his research efforts on Moonlight Maze, one of the first widely known cyber espionage campaigns in world history, and how he came to be a featured hologram in the International Spy Museum in Washington, D.C. He also shares insights on the epic trolling endeavor through the recent “Meteor Express” wiper attack of an Iranian railway and possible ties to early versions of Stardust and Comet malware. And you won’t want to miss his perspective on monetization, Linux flying below the radar, why it’s important to get more savvy in determining what you want from vendors and how a philosophy major found his way into the threat intel space.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e269

Buckle up for this week’s episode because it is quite a ride! Greg Crabb, founder of TenEight Cyber and former CISO for the United States Postal Service shares insights from his more than 25 years in law enforcement and bringing cyber criminals to justice. And hear perspective on CISO best practices for a 630k+ employee organization with 43k facilities and 160 million daily delivery points and how he took a 40 person cyber team to 600 in just a few years. Also learn how his team partnered with CISA to secure the 2020 U.S. election, how postal inspectors serve as first responders (hint: anthrax vs cornstarch), the importance of identifying and quantifying risk for your organization today and the DevSecOps opportunity ahead. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e268

This week Leonard Bailey, Head of Computer Crime and Intellectual Property Section’s (CCIPS) Cybersecurity Unit for the Department of Justice (DOJ), Criminal Division, joins us this week. We dive into the role of the DOJ in addressing the vast and ever-changing landscape of cybersecurity. Bailey shares insights on partnering with federal agencies as well as the private sector, navigating information sharing pathways, evolution of incident and cyber threat reporting procedures, and the recent release of the Harmonization of Cyber Incident Reporting to the Federal Government. He also helps debunk information sharing myths and spotlights available tools and benefits of cyber threat information disclosure.

Leonard Bailey

The Head of Computer Crime and Intellectual Property Section’s (CCIPS) Cybersecurity Unit and Special Counsel for National Security in the Department of Justice’s (DOJ) Criminal Division. He has prosecuted computer crime cases and routinely advised on cybersecurity, searching and seizing electronic evidence, and conducting electronic surveillance. He has managed DOJ cyber-policy as Senior Counselor to the Assistant Attorney General for the National Security Division and then as an Associate Deputy Attorney General. He has also served as Special Counsel and Special Investigative Counsel for DOJ’s Inspector General. Bailey is a graduate of Yale University and Yale Law School. He has taught law courses at Georgetown Law School and Columbus School of Law in Washington, DC.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e267

Stacy is a self starter with a passion for cyber security. Co-Founder of Connected Transport Business Unit at Irdeto. Evangelist and active speaker on cyber security for the connected transportation space. Strong and demonstrated Stacy Janes, Head of Security at Waymo

technical history in cyber security areas such as PKI, authentication/authorization, end-point security and ethical hacking. Proven history of building teams to solve difficult industry problems. 

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e266

This week we welcome guest Combiz Abdolrahimi, a national security lawyer and Emerging Technology and Innovation Leader at Deloitte. We deep dive into today’s critical infrastructure vulnerabilities and navigating the path forward to address the threat with systems that weren’t originally designed with cybersecurity in mind. (Hint: don’t approach 21st century cyber challenges with 20th century thinking) And he shares perspective from his time in government at the U.S. Departments of State, Treasury, and Commerce, among others, as well as insights across today’s hot topic themes including ransomware, cryptocurrency regulations, international enforcement, and the criticality of information sharing and reporting requirements.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e265

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e264

We’re excited to welcome to the podcast David Travers, Director of the Water Infrastructure and Cyber Resilience Division at the U.S. Environmental Protection Agency (USEPA). During our discussion he addresses key themes including, why are water infrastructure systems targeted by ransomware; how cyberattacks on water systems impact the surrounding community; and the role of cyber hygiene in protecting water systems. He also shares what we like to call an “origin story” for the sometimes-winding career pathways that lead to awesome opportunities to make a positive impact on communities at large. Water impacts all of us and you won’t want to miss any of the many insights David shares with us!

Dr. David Travers, director of the Environmental Protection Agency’s Water Security Division

Director of EPA’s Water Security Division in the Office of Water, Dr. Travers manages a team of engineers and scientists in providing tools, training, and direct technical assistance to the 152,000 drinking water systems and 16,000 wastewater systems in the US. Each year, the Water Security Division trains over 5,000 water/wastewater utilities, state/tribal officials, and federal emergency responders to become more resilient to any natural or manmade incident—including cyberattacks, climate change, hurricanes, drought—that could endanger water and wastewater services. Prior to David’s current role, he directed the Drinking Water Infrastructure Survey which assessed the current and future capital investments needs of drinking water systems. David has a PhD in environmental engineering and a Master of Public Health from the University of Michigan, and a Bachelor’s in History from the University of Chicago

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e263

We’re excited to welcome to the podcast Lauren Zabierek, Senior Policy Advisor to the Cybersecurity and Infrastructure Security Agency (CISA). She deep dives into CISA’s Secure by Design principles and approaches for secure by design software launched in April 2023 - with version two published on October 17, 2023. Lauren shares insights on the path to creation of CISA’s Secure by Design principles and how this ‘living document’ will continue to evolve in the dynamic and ever-changing landscape that is cybersecurity. We also discuss the global collaboration and interest in co-sealing the Secure by Design guidance across a multitude of international cybersecurity agencies - and moving forward this ‘need we can all agree on’. And it wouldn’t be To The Point podcast episode without Lauren’s awesome origin story and career pathway to today, including co-founding the online social media movement  #ShareTheMicInCyber. You don’t want to miss this episode!

Lauren Zabierek, Senior Policy Advisor and Lead Expert in Secure-by-Design at the Cybersecurity and Infrastructure Security Agency (CISA)

In January 2023, Lauren Zabierek was named a Senior Policy Advisor to the Cybersecurity and Infrastructure Security Agency. Previously, she was the Executive Director of the Cyber Project at Harvard Kennedy School’s Belfer Center. She came to this role as a 2019 graduate of the Kennedy School's mid-career MPA program.  Her work focused on strategic, national security issues in cyber and tech--ranging from international conflict, cooperation, and norms to domestic collaboration, diversity, privacy, and supply chain issues.  She was also the first woman participant in the Elbe Group discussions on cybersecurity, having been a part of the cyber-focused dialogue in 2019 in Stockholm, Sweden and again in 2021 virtually.

Lauren is the co-founder of the online social media movement called #ShareTheMicInCyber, which aims to dismantle racism in cybersecurity and privacy. #ShareTheMicInCyber started as an online conversation on Twitter and LinkedIn but has become so much more--it is breaking down barriers in the cyber industry through individual and collective action. Since its inception, the movement has garnered over 100 million Twitter impressions and featured participation by the nation's cyber leaders.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e262

This week we are joined by Kenneth Bible, the Chief Information Security Officer (CISO) for the DHS Office of the Chief Information Officer (OCIO). He breaks down the National Cybersecurity Strategy Implementation Plan (NCSIP) introduced in July and provides great insights on how the plan was developed, the five key pillars of the plan, actioning each of the five elements, and the role government agencies have to play in executing against the plan and its 65 initiatives. He also provides perspective on international collaboration and partnership in achieving shared goals with the U.S. and how this will help “all boats rise” in strengthening cybersecurity across regions. And he shares what Audra likes to call one’s “origin story” on the career path that led to cybersecurity. Lots of valuable insights this week you won’t want to miss!

Chief Information Security Officer (CISO) for the DHS Office of the Chief Information Officer (OCIO)

Kenneth W. Bible serves as the Chief Information Security Officer (CISO) for the DHS Office of the Chief Information Officer (OCIO). In this role, he is responsible for all matters relating to information and securing and strengthening the Department’s information security program and information technology (IT) posture. Prior to his current role, Mr. Bible served under the Headquarters Marine Corps Deputy Commandant for Information (DCI) as the Assistant Director for the Information Command, Control, Communications, and Computers Division (IC4). In this capacity, he also served as the Marine Corps’ Deputy Chief Information Officer and CISO, formulating and providing broad policy guidance for IT, cybersecurity, and communications infrastructure and applications. Among his many accomplishments, he delivered ADVANA, the U.S. Department of Defense’s single authoritative source for audit and business data analytics, and led Risk Management Framework reform across the Marine Corps by guiding production of the first fully accredited secure software development (DevSecOps) pipelines. Previously, Mr. Bible served with the Space and Naval Warfare Systems Command (SPAWAR) for almost two decades, starting as a lead engineer integrating commercial Geospatial Information Systems technology, then heading the Networks Engineering Division of the SPAWAR Systems Center Atlantic. He later became the Assistant Program Executive Officer (Engineering) for PEO Enterprise Information Systems, serving as the PEO’s chief engineer as assigned by SPAWAR headquarters.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e261

Dr. Siwei Lyu, SUNY Empire Innovation Professor at the University at Buffalo Dr. Siwei Lyu received his B.S. degree (Information Science) in 1997 and his M.S. degree (Computer Science) in 2000, both from Peking University, China. He received his Ph.D. degree in Computer Science from Dartmouth College in 2005. From 1998 to 2000, he worked at the Founder Research and Development Center (Beijing, China) as a Software Engineer. From 2000 to 2001, he worked at Microsoft Research Asia (then Microsoft Research China) as an Assistant Researcher. From 2005 to 2008, he was a Post-Doctoral Research Associate at the Howard Hughes Medical Institute and the Center for Neural Science of New York University. Starting in 2008, he is Assistant Professor at the Computer Science Department of University at Albany, State University of New York. Dr. Lyu is the recipient of the Alumni Thesis Award of Dartmouth College in 2005, IEEE Signal Processing Society Best Paper Award in 2010, and the NSF CAREER Award in 2010. He has authored one book, and held two U.S. and one E.U. patents. He has published more than 50 conference and journal papers in the research fields of natural image statistics, digital image forensics, machine learning and computer vision. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e260

This week we deep dive into privacy with Mozilla Foundation’s Privacy Not Included content creator Zoë MacDonald. She shares fascinating insights from the deep research the *Privacy Not Included team undertakes to assess just how private is your data when using popular apps, driving in your connected car, etc. It was quite eye opening just how little privacy there is for connected car owners – giving up all kinds of privacy in the name of modern convenience. In fact, Zoë breaks down how and why all of the 26 car brands researched earner the *Privacy Not Included label. (Hint: that’s not a great thing.) She also shares some insights how Privacy Not Included got started in 2017 and the awesome buying guides they’ve been putting out to help everyone learn more about protecting their privacy with the products and services they use every day. Check out http://privacynotincluded.org to learn more!

Zoe MacDonald, Content Creator, Privacy Not Included at Mozilla

Zoë is a writer and digital strategist based in Toronto, Canada. Before her passion for digital rights led her to Mozilla and *Privacy Not Included, she wrote about cybersecurity and e-commerce. When she’s not being a privacy nerd at work, she’s side-eyeing smart devices at home.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e259

We’re excited to welcome back to the podcast global security expert, speaker and author Mikko Hypponen who currently serves as Chief Research Officer at WithSecure. We dive into his book “If It’s Smart, It’s Vulnerable”  and how cybersecurity has evolved and changed in the last year since it was published. He also shines a light on the ever-present topic of AI – the opportunity, risks, emerging regulations, deepfakes, geopolitical attack capabilities and so much more! And we talk about his road to cyber (more than 30 years!) and the spark of an article from 1983 on AI. Another great episode from Mikko you won’t want to miss!

Mikko Hypponen, Chief Research Officer, WithSecure

Mikko Hypponen is a global security expert, speaker and author. He works as the Chief Research Officer at WithSecure and as the Principal Research Advisor at F-Secure. Mr. Hypponen has written on his research for the New York Times, Wired and Scientific American and he appears frequently on international TV. He has lectured at the universities of Stanford, Oxford and Cambridge. He was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list. Mr. Hypponen sits in the advisory boards of t2 and Safeguard Cyber.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e258

Andrew Borene, Executive Director at Flashpoint joins the podcast this week. He brings a wealth of insights on today’s state of international security affairs gleaned from his many years in the U.S. Intelligence community, and leading private sector intelligence teams. We cover hot topics including collaboration on international cybersecurity policies, NATO’s cyber defense capabilities and challenges in achieving unified, alliance-wide cybersecurity policies. We also double click into today’s much discussed topic of Open-source intelligence (OSINT) and its growing popularity (such as Ukraine conflict), benefits and potential risks it poses. He also shares the journey of his professional path to security and it is quite exciting and inspiring! You don’t want to miss this episode!

Andrew Borene, Executive Director for Global Business Development at Flashpoint National Security Solutions

Andrew Borene is an Executive Director with Flashpoint, a worldwide provider of specialized intelligence and data to allied governments, businesses, and critical infrastructure industries to help them take decisive action and reduce risk.

A seasoned advanced technology executive who led private sector intelligence teams at IBM, Symantec, and LexisNexis — Andrew is also a former senior official in the U.S. Intelligence Community where he led strategic operational planning for foreign counterterrorism on behalf of The White House National Security Council in addition to roles leading privacy policy and academic research efforts in areas from open-source intelligence to transnational crime. Borene is an attorney with deep national security law expertise, a Certified Information Systems Security Professional, and a US Marine Corps veteran.

Andrew’s previous work has been recognized for service with both the FBI Director’s Award and the ODNI Exceptional Achievement Award. He is a Life Member of the Council of Foreign Relations.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e257

This week Keith Krueger, CEO of the Consortium for School Networking (CoSN), joins the podcast. He shares insights on the digital inequities that exist across schools and students and the challenges they create at a time when connectivity should be a basic right for all. We also dive into the digital inequity impact on cybersecurity for school districts today – and the free resources and tools such as the CoSN developed digital equity dashboard that identifies equity gaps across school districts’ networks to help illuminate actional paths to address. Keith also updates on the Biden Administration’s new efforts to improve schools’ cybersecurity posture and prevent future cyberattacks.

Keith R. Krueger is CEO of the Consortium for School Networking (CoSN), a nonprofit organization that serves as the voice of K-12 school system technology leaders in North America. CoSN’s mission is empowering educational leaders to leverage technology to realize engaging learning environments. He was selected by Ed Tech for its 2019 30 K-12 IT influencers. In 2016 Technology & Learning selected him as one of the “big 10” most influential people in edtech, and the Center for Digital Education identified him as a Top 30 Technologist/Transformer/Trailblazer. In 2008 he was selected by eSchool News as one of ten people who have had a profound impact on educational technology over the last decade. In 2016 he received a Special Recognition award from the Council of Great City Schools.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e256

We are excited to welcome back to the podcast Rich Itri, Chief Innovation Officer at ECI. He joined us last year during the commentary period of the new SEC cyber rules to break down what’s being proposed and potential implications for businesses. And in this podcast the conversation comes full circle as the new SEC cyber rules are coming online and act as official recognition that the ever-present danger of cybersecurity threats can impact investor decision making. We talk through some of the key aspects of the new rules that have been making headlines including the “material” disclosure guideline and timeline, grey areas and the proposed AI rule. Great insights here from Rich for every business looking to navigate the new SEC cyber rules.

Rich Itri, Chief Innovation Officer, ECI

Rich Itri is Chief Innovation Officer at ECI. Rich has over 22 years of IT executive experience, spending his entire career managing IT within the financial services industry. Prior to joining ECI, Rich was Managing Director and Chief Technology Officer for PJT Partners, a boutique investment bank, Principal and Chief Information Officer for Sky Road and held Chief Information Officer positions at Arrowhawk Capital Partners and Arbalet Capital Partners. Over the years, Rich has developed and managed innovative, business aligned platforms, that drive revenue and operational efficiencies. Rich holds positions on several Advisory Boards and volunteers his time to help non-profits leverage technology.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e255

Dr. Samantha Ravich, Chairman for the Center on Cyber and Technology Innovation at Foundation for Defense of Democracies joins the podcast this week. She shares insights from her many years on the geopolitical and economic front lines of cyber, and work with many renowned government leaders, on developing a plan of action to address today’s cyber threat landscape and looming threat against critical infrastructure and essential services. She also provides perspective on building resiliency, what we can learn from natural disasters relative to cyber attacks, as well as the opportunity and impact of states creating and driving their own continuity of the economy plans.

Dr. Samantha Ravich, Chairman, Center on Cyber and Technology Innovation, Foundation for Defense of Democracies ---- Dr. Samantha Ravich is the chairman of FDD’s Center on Cyber and Technology Innovation and its Transformative Cyber Innovation Lab and the principal investigator on FDD’s Cyber-Enabled Economic Warfare project. She is also a senior advisor at FDD, serving on the advisory boards of FDD’s Center on Economic and Financial Power (CEFP) and Center on Military and Political Power (CMPP). Samantha serves as a commissioner on the congressionally mandated Cyberspace Solarium Commission and as a member of the U.S. Secret Service’s Cyber Investigation Advisory Board. Samantha served as deputy national security advisor for Vice President Cheney, focusing on Asian and Middle East Affairs as well as on counter-terrorism and counter-proliferation. Following her time at the White House, Samantha was the Republican co-chair of the congressionally mandated National Commission for Review of Research and Development Programs in the United States Intelligence Community. Most recently, she served as vice chair of the President’s Intelligence Advisory Board (PIAB) and co-chair of the Artificial Intelligence Working Group of the Secretary of Energy Advisory Board. She is advisor on cyber and geo-political threats and trends to numerous technology, manufacturing, and services companies; a managing partner of A2P, a social data analytics firm; and on the board of directors for International Game Technology (NYSE:IGT).

Her book, Marketization and Democracy: East Asian Experiences (Cambridge University Press) is used as a basic textbook in international economics, political science, and Asian studies college courses. Samantha is a member of the Council on Foreign Relations and advises the U.S. Intelligence Community and the Department of Defense. She is a frequent keynote speaker on: What Corporate Boards need to know about Cyber Security and Warfare; The Longer-Term Trends in International Security; and the Future of Intelligence Collection and Analysis. Samantha received her PhD in Policy Analysis from the RAND Graduate School and her MCP/BSE from the Wharton School at the University of Pennsylvania.

--- https://www.linkedin.com/in/samantha-ravich-7b5aa08b/

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e254

Kicking off the 20th Annual Cybersecurity Awareness Month, we welcome back to the podcast Eric Goldstein, Executive Assistant Director for Cybersecurity for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). He shares insights on the exciting new cybersecurity public awareness campaign just launched, “Secure Our World”. It features simple ways to protect yourself, your family, and your business from online threats. Eric also shares some key takeaways from the recent headline making MOVEit attack impacting 60M+ individuals and sparking a new $10M bounty from the US State Department for the Clop ransomware group. And we dive into CISA’s Strategic Plan which focuses on how we will collectively reduce risk and build resilience to cyber and physical threats to the nation’s infrastructure. This is an awesome episode you won’t want to miss! https://www.cisa.gov/secure-our-world

Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA

Eric Goldstein serves as the Executive Assistant Director for Cybersecurity for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) as of February 19, 2021. In this role, Goldstein leads CISA’s mission to protect and strengthen federal civilian agencies and the nation’s critical infrastructure against cyber threats.

Previously, Goldstein was the Head of Cybersecurity Policy, Strategy, and Regulation at Goldman Sachs, where he led a global team to improve and mature the firm’s cybersecurity risk management program. He served at CISA’s precursor agency, the National Protection and Programs Directorate,from 2013 to 2017 in various roles including Policy Advisor for Federal Network Resilience, Branch Chief for Cybersecurity Partnerships and Engagement, Senior Advisor to the Assistant Secretary for Cybersecurity, and Senior Counselor to the Under Secretary.

At other points in his career, Goldstein practiced cybersecurity law at an international law firm, led cybersecurity research and analysis projects at a federally-funded research and development center, and served as a Fellow in Advanced Cyber Studies at the Center for Strategic and International Studies, among other roles.

He is a graduate of the University of Illinois at Urbana-Champaign, the Georgetown University School of Public Policy, and Georgetown University Law Center.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e253

This week, Audra is joined by Megan Stifel, chief strategy officer for the Institute for Security and Technology, to discuss how ransomware has evolved from a business nuisance to now a threat to national security. Megan also shares how the United States' overall response to ransomware has the potential to impact the types of attacks faced by its organizations and touches on the need for greater transparency when it comes to international cyber information sharing.

Megan Stifel is the Chief Strategy Officer for the Institute for Security and Technology. She is the founder of Silicon Harbor Consultants, which provides strategic cybersecurity operations and policy counsel. Prior to founding Silicon Harbor Consultants, she was an attorney in the National Security Division at the U.S. Department of Justice (DOJ).

She most recently served as Global Policy Officer and Capacity and Resilience Program Director at the Global Cyber Alliance. She was previously the Cybersecurity Program Director at Public Knowledge.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e252

Joining us this week is Dr. David Bader, a Distinguished Professor and founder of the Department of Data Science in the Ying Wu College of Computing and Director of the Institute for Data Science at New Jersey Institute of Technology. He deep dives into the opportunity to democratize data science tools and the awesome free tool he and Mike Merrill spent the last several years building that can be found on the Bears-R-Us GitHub page open to the public. We also discuss the vulnerabilities in open-source supply chain, what about AI security teams should be concerned about, data poisoning, AI that is fair and equitable and the discussion on regulation and self-regulation in AI. Key takeaway from the conversation -- data science is indeed growing and it holds an exciting future for those that pursue it!

David A. Bader is a Distinguished Professor and founder of the Department of Data Science in the Ying Wu College of Computing and Director of the Institute for Data Science at New Jersey Institute of Technology. Prior to this, he served as founding Professor and Chair of the School of Computational Science and Engineering, College of Computing, at Georgia Institute of Technology. He is a Fellow of the IEEE, ACM, AAAS, and SIAM; a recipient of the IEEE Sidney Fernbach Award; and the 2022 Innovation Hall of Fame inductee of the University of Maryland’s A. James School of Engineering.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e251

This week we’re joined by Julia Fallon, Executive Director of the State Educational Technology Directors Association (SETDA) and she shines a light on the appeal of school systems to cyber attackers. (HINT: it is access to PII to open credit cards, mortgages and more in the name of children that often is only detected many years later.) We also discuss the connection between schools and insurance companies, trends in how school systems are fortifying their security measures, the evolution of infosec to become a front office issue, and what schools can do to integrate cybersecurity into curriculums to both bolster security and lay a pathway for future cyber professionals.

Julia Fallon is the Executive Director of the State Educational Technology Directors Association (SETDA), where she works with U.S. state and territorial digital learning leaders to empower the education community to leverage technology for learning, teaching, and school operations.

Involved with learning technologies since 1989, her professional interest lies in making the case for public school systems wherein educators are able to optimize technology-rich learning environments to equitably engage the learners who fill their classrooms.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e250

Bill Evanina, Founder and CEO of the Evanina Group and former Director of the National Counterintelligence and Security Center Office of the Director of National Intelligence, joins the podcast this week to take a deep dive view into insider threat as September is Insider Threat Awareness Month. He shares insights from his many years on the counterintelligence and security front lines on what defines insider threat (Note: harm to self or others), the opportunities and challenges in available tools, information sharing and detection across organizations, the importance of leadership training and cross functional partnership to help mitigate insider threats and the criticality of sharing success stories (these really make a difference!).

Founder and CEO of the Evanina Group advising CEOs and Board of Directors on strategic corporate risk, strategy, insider threats, cyber security, geopolitical risk, intelligence centers, etc.

Instructor, University of Chicago, Graham School.

Former Director of the National Counterintelligence and Security Center Office of the Director of National Intelligence responsible for leading and supporting the counterintelligence and security activities of the US Intelligence Community, the U.S. Government, and U.S. private sector entities at risk from intelligence collection or attack by foreign adversaries.

Served as Chair of the NATO Counterintelligence Panel and the National Counterintelligence Policy Board, and the Allied Security and Counterintelligence Forum comprised of senior counterintelligence and security leaders from Australia, Canada, New Zealand, and the UK.

Previously served as the Chief of the Central Intelligence Agency’s Counterespionage Group, as Assistant Special Agent in Charge of the FBI’s Washington Field Office and spent 24 years as a Special Agent with the Federal Bureau of Investigation (FBI). For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e249

We pick back up with Joshua Corman, founder of grass roots organization I Am the Cavalry, for part two of our discussion. Josh shares insights from his many years on the healthcare cyber front lines and provides both a captivating and sobering perspective on the state of healthcare security today. And while there have been many strides forward, we still have a long way to go. Audra and I learned so much during our discussion including themes such as cyber asbestos, the emerging care desert, dependency on undependable things, recalibrating the cost of connected medicine, if you can’t protect it/can’t connect it, the Omnibus Appropriations Act, and actionable insights on what we can do right now, as individuals and collectively, to make a difference.

Joshua Corman is the founder of I Am the Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA’s COVID Task Force, where he advised on the pandemic response, provided cybersecurity expertise on healthcare infrastructure, and supported control systems and life safety initiatives. Prior to CISA, Josh was SVP and chief security officer at PTC, where he accelerated cyber safety maturity across industries. Previously, he served as director of the Atlantic Council’s Cyber Statecraft Initiative, on the Congressional Task Force for Healthcare Industry Cybersecurity, and in leadership roles at Sonatype, Akamai, IBM, and the 451 Group.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e248

We had so much to talk about with this week’s guest that we made it a two-part episode! Joining us this week, and next week, is Joshua Corman, founder of grass roots organization I Am the Cavalry. Josh shares insights from his many years on the healthcare cyber front lines and provides both a captivating and sobering perspective on the state of healthcare security today. And while there have been many strides forward, we still have a long way to go. Audra and I learned so much during our discussion including themes such as cyber asbestos, the emerging care desert, dependency on undependable things, recalibrating the cost of connected medicine, if you can’t protect it/can’t connect it, the Omnibus Appropriations Act, and actionable insights on what we can do right now, as individuals and collectively, to make a difference.

Joshua Corman is the founder of I Am the Cavalry, a grassroots organization focused on the intersection of digital security, public safety, and human life. He was formerly chief strategist of CISA’s COVID Task Force, where he advised on the pandemic response, provided cybersecurity expertise on healthcare infrastructure, and supported control systems and life safety initiatives. Prior to CISA, Josh was SVP and chief security officer at PTC, where he accelerated cyber safety maturity across industries. Previously, he served as director of the Atlantic Council’s Cyber Statecraft Initiative, on the Congressional Task Force for Healthcare Industry Cybersecurity, and in leadership roles at Sonatype, Akamai, IBM, and the 451 Group.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e247

We’re excited to welcome back to the podcast Sudhakar Ramakrishna, CEO at SolarWinds. When we first caught up with Sudhakar it was several months into his tenure at the company managing through the Sunburst attack. We were so impressed with how he was helping navigate the company through this time we wanted to check in with him more than a year later for an update on how things are going. He shares insights on the company’s Secure by Design initiative, radical transparency, the power of public/private partnerships and an information sharing collaborative, CISA and creating a community of research, the opportunity for a national cyber guard, protection for whistleblowers, and the criticality of doing basic things right consistently. You won’t want to miss this exciting episode!

Sudhakar Ramakrishna, President and CEO, SolarWinds

Sudhakar Ramakrishna joined SolarWinds as President and Chief Executive Officer in January 2021. He is a global technology leader with nearly 25 years of experience across cloud, mobility, networking, security and collaboration markets. He most recently served as the CEO of Pulse Secure®, a leading provider of secure and zero trust access solutions for Hybrid IT environments, where he was responsible for all aspects of business strategy and execution. Prior to Pulse Secure, Mr. Ramakrishna served as the Senior Vice President and General Manager for the Enterprise and Service Provider Division at Citrix®, where he had responsibility for Citrix’s portfolio of virtualization, cloud networking, mobile platforms and cloud services solutions. Mr. Ramakrishna also has held senior leadership roles at Polycom, Motorola and 3Com. Mr. Ramakrishna is an experienced public and private company board member. Mr. Ramakrishna is a partner at Benhamou Global Ventures, a leading venture capital firm investing in emerging startups in the fields of security, analytics and applications. Mr. Ramakrishna earned a master’s degree in computer science from Kansas State University and a master’s of management degree from Northwestern University’s Kellogg School of Management.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e246

This week on the podcast, we’re joined by Mark Montgomery, senior director of the FDD’s Center on Cyber and Technology Innovation and director of the CSC 2.0. Mark shares about the different physical and cyber threats faced by satellites and space networks. He also shares considerations for classifying satellites as critical infrastructure and what the legislation required to do so might look like.

Mark Montgomery serves as senior director of the Center on Cyber and Technology Innovation, where he leads FDD’s efforts to advance U.S. prosperity and security through technology innovation while countering cyber threats that seek to diminish them. Mark also directs CSC 2.0, an initiative that works to implement the recommendations of the congressionally mandated Cyberspace Solarium Commission, where he served as executive director. Previously, Mark served as policy director for the Senate Armed Services Committee under the leadership of Senator John S. McCain, coordinating policy efforts on national security strategy, capabilities and requirements, and cyber policy.

Mark served for 32 years in the U.S. Navy as a nuclear-trained surface warfare officer, retiring as a rear admiral in 2017. He was assigned to the National Security Council from 1998 to 2000, serving as director for transnational threats. Mark has graduate degrees from the University of Pennsylvania and the University of Oxford and completed the U.S. Navy’s nuclear power training program.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e245

After nearly 300 episodes we have had some of the most spectacular guests on the podcast! Every once in a while we like to bring back one of our favorite episodes from the archives because we really enjoyed the conversation and think our new listeners will as well. This week we chat on the complexities and opportunities smart cities can deliver in the US and around the globe with guest Chris Teale, reporter at Smart Cities Dive. He’s spent years meeting with government and community leaders on the growth of smart cities and shares thoughts on just how fluid defining what a smart city is today. Learn which cities around the world are leading in the smart city evolution and how a patchwork of state-by-state laws and regulatory frameworks help and/or hinder progress. As well as examples of US cities you may not have expected that can share best practices and lessons learned with cities large and small across the country to help get them on the path to better utilizing technology and digitization to improve essential services (such as trash pick-up)  and quality of life. He also shares insights of the ‘hackers as city consultant’ trend and how a federal government playbook for cities could help more cities get smarter, faster.

Chris Teale, Reporter, Smart Cities Dive

Chris is a reporter at Smart Cities Dive. He came to Industry Dive in February 2018 after spells in general assignment reporting in Alexandria and Arlington, Virginia. Chris graduated from the University of East Anglia in 2013, and moved to the Washington, D.C. area shortly after.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e244

This week we welcome to the podcast Chad McDonald, Chief of Staff and CISO at Radiant Logic. He talks about the very interesting and real reality of what is becoming known as the cyber poverty line and the security vulnerabilities that funding and resource inequities can create in a supply chain and elsewhere. He also shares insights for organizations to assess where they fall on the spectrum and resources available to identify and address security gaps relative to their business. We also dive into the popular topic of Zero Trust – and ponder the philosophical questions if everything is Zero Trust is anything Zero Trust. Other topics we cover in this fun conversation include AI, deepfakes, identity and security, and what sprinkling budget dust around can get you.

Chad McDonald, Chief of Staff and CISO, Radiant Logic

Chad brings more than 20 years’ experience building and managing information security programs. Chad has leveraged his security leadership to dozens of organizations across the technology, education and medical sectors. Prior to Radiant Logic, Chad defined security and technical integrations of 5 acquisitions and attained FedRAMP-in-Process status for Digital.ai. While serving as the Executive Director of the Office of the CISO at Optiv, he defined the security strategy for a $70 billion dollar merger between two technology giants.

Chad holds a bachelor’s degree in information technology from Southern Polytechnic State University, as well as multiple certifications including CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor) and PMP (Project Management Professional).

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e243

This week we are so excited to have Nic Chaillan, founder and CEO of http://AskSage.ai join the podcast for a discussion on the explosion AI and the many implications that come with that for government and businesses. He shares insights on AI regulation – both what’s underway and considerations that should be undertaken when shaping how AI is regulated – it is no quick and easy fix! And then there is the flip side of regulation – does it stifle innovation – particularly when AI is in its infancy and the power it can deliver has yet to be fully discovered. We also dive into the ChatGPT topic on everyone’s mind and how to utilize this productivity enhancing tool within organizations without intellectual property entering the chat and walking out the door. And so much more…!

Nicolas Chaillan is a technology entrepreneur, software developer, cybersecurity expert, and inventor. He was the first U.S. Air Force chief software officer (CSO) and is the founder of Ask Sage, Learn with Nic, and In the Nic of Time.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e242

We absolutely love when we have return guests on the podcast. And we are so excited to have Matt Bianco, President of FedWay Consulting joining us again to talk about one of our favorite topics – electric vehicles (EV). Or, more specifically, the move to electric vehicles across the federal government. The Biden Administration has set a goal of a 100% electrified fleet by 2027. Matt shares insights on progress being made to date and what the next few years look like to achieve the goal. We also discuss some of the inherent challenges with anything connected to the internet such as cyber threats to EV charging stations and securing federal EV infrastructure. And we talk about what a future of EVs means for places such as gas stations and why we’re not quite there yet on solar powered cars.

Matt Bianco, President at Fedway Consulting Matt is a thought leader within the US Federal Government ecosystem related to Electric Vehicle (EV) Charging integration which includes strong knowledge of POV/GOV programs (workplace/fleet), hardware/software solutions, infrastructure, policy, etc. With partnerships across the industry including ChargePoint, Apollo Sunguard (SDVOSB), Beam Global, Freewire, etc, Matt has the ability to assist in formulating a plan that will cover every aspect of executing a flawless and easy Federal EV charging program. Other focuses include CyberSecurity initiatives and software solutions.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e241

Joining us this week is Brian Knappenberger, a producer and director renowned for such documentaries as Web of Make Believe: Death, Lies and the Internet, The Internet's Own Boy: The Story of Aaron Swartz, We Are Legion: The Story of the Hacktivists, and Turning Point: 9/11, to name a few. He shares insights from his recent documentary series Web of Make Believe (currently available on Netflix!) and the trajectory of misinformation, which has been around for centuries, through a lens from the 2016 election forward. We explore themes around technology innovation and how society adapts in both positive and negative ways – and how it presents opportunities for cyber attackers to exploit cracks in the system for financial gain. And we discuss impact of today’s always on/always connected world where as Marshall McLuhan once observed has become “quite as imperceptible to us as water is to fish.”

Brian Knappenberger, Producer and Director Brian Knappenberger is an American documentary filmmaker, known for The Internet's Own Boy: The Story of Aaron Swartz, We Are Legion: The Story of the Hacktivists, and Turning Point: 9/11 and the War on Terror and his work on Bloomberg Game Changers.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e240

Joining the podcast this week is Dmitry Bestuzhev, senior director of cyber threat intelligence (CTI) at Blackberry. He gives Petko an inside look into the key types of CTI and how the insights can be used to build context and determine response in specific circumstances, such as in the recent case of attempted targets at NATO. Dmitry also turns our attention to the risks posed by public charging stations - a ploy dubbed “Juice Jacking.”

Dmitry Bestuzhev, Senior Director CTI at BlackBerry

Dmitry Bestuzhev is Senior Director, CTI (Cyber Threat Intelligence) at BlackBerry. Prior to BlackBerry, Dmitry was Head of Kaspersky's Global Research and Analysis Team for Latin America, where he oversaw the company's experts' anti-malware development work in the region. Dmitry has more than 20 years of experience in IT security across a wide variety of roles. His field of expertise covers everything from traditional online fraud to targeted high-profile attacks on financial and governmental institutions. His main focus in research is on producing Threat Intelligence reports on financially motivated targeted attacks.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e239

Joining the podcast this week is Dmitry Bestuzhev, senior director of cyber threat intelligence (CTI) at Blackberry. He gives Petko an inside look into the key types of CTI and how the insights can be used to build context and determine response in specific circumstances, such as in the recent case of attempted targets at NATO. Dmitry also turns our attention to the risks posed by public charging stations - a ploy dubbed “Juice Jacking.”

Dmitry Bestuzhev, Senior Director CTI at BlackBerry

Dmitry Bestuzhev is Senior Director, CTI (Cyber Threat Intelligence) at BlackBerry. Prior to BlackBerry, Dmitry was Head of Kaspersky's Global Research and Analysis Team for Latin America, where he oversaw the company's experts' anti-malware development work in the region. Dmitry has more than 20 years of experience in IT security across a wide variety of roles. His field of expertise covers everything from traditional online fraud to targeted high-profile attacks on financial and governmental institutions. His main focus in research is on producing Threat Intelligence reports on financially motivated targeted attacks.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e238

Juhani Hintikka, President and CEO of WithSecure joins the podcast this week to discuss Finland’s status as the newest member of NATO as of April 4, 2023. As many know this is a significant geopolitical move in the region, particularly when we remember Finland shares an 832-mile border with Russia, the longest of any European Union member. He provides perspective on speculation that such a move could increase the country’s cyber risks and shares insights on Finland’s key role in digital defense as well as the importance of outcome-based security. For anyone that has been tracking geopolitical activity related to Ukraine, Russia and possible implications as a Kremlin-perceived “non-aligned country” you won’t want to miss this very insightful podcast. Link to NATO article on Finland membership:

https://www.nato.int/cps/en/natohq/news_213448.htm#:~:text=Finland%20became%20NATO's%20newest%20member,at%20NATO%20Headquarters%20in%20Brussels .

Juhani Hintikka: CEO of WithSecure Presently, Juhani Hintikka is President & Chief Executive Officer for WithSecure Corp. and President & Chief Executive Officer for F-Secure Cyber Security Services Oy (a subsidiary of WithSecure Corp.). He is also on the board of 5 other companies, including European Cyber Security Organisation (ECSO), Finnish Information Security Cluster (FISC), and Nordea. In his past career, Mr. Hintikka occupied the position of Chairman at Ficolo Oy, President & Chief Executive Officer for Comptel Oyj and Head-Operations Support Solutions Business at Nokia Siemens Networks Oy.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e237

Joining the podcast this week is Ilona Cohen, the Chief Legal Officer, Chief Policy Officer, and Corporate Secretary at HackerOne. We dive into hot topics including the National Cyber Strategy, how government organizations can manage priorities, what lessons can be learned from the past and the “voluntary” reporting and compliance approach, along with breaking down the myriad funding pathways and allocations to truly make the National Cyber Strategy a reality. She also shares perspective on the importance of ethical hacking and the formation of the Hacking Policy Council along with thoughts for government agencies in addressing the cybersecurity talent gap, and where hackers fit into that equation.

Ilona Cohen: Chief Legal Officer, Chief Policy Officer, and Corporate Secretary at HackerOne

Ilona Cohen is currently the Chief Legal Officer, Chief Policy Officer, and Corporate Secretary at HackerOne. Cohen was formerly a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB). Prior to joining HackerOne, she was the Chief Legal and Compliance Officer of Aledade, another venture-backed tech company, where she successfully built and scaled the company’s legal and compliance teams. Cohen is already highly experienced with cybersecurity and ethical hacking solutions. Ilona was part of a core group in the White House responsible for development of President Obama’s long-term strategy to enhance cybersecurity awareness and protection in the public and private sectors. These efforts led to the decision to launch the first U.S. government bug bounty program, Hack The Pentagon, run by HackerOne.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e236

Back from the archives! We loved our discussion with Dr. Andrew Hammond, Historian and Curator of the International Spy Museum so much that we brought it back for your enjoyment this week! Hammond takes us through the classic period of espionage and the reliance on physical data and spycraft techniques to transport through to the modern day battlefield of cyber intelligence and espionage. And he provides insights on the historical throughlines of attacks that haven’t really changed over the centuries, by and large what is being sought is the same it is simply the mechanism by which exploits are executed have evolved. He also lends perspective on the cyber threat landscape ahead, and asks is this the dreadnought moment?

Dr. Andrew Hammond, Historian & Curator at the International Spy Museum

Dr. Andrew Hammond is Historian & Curator at the International Spy Museum. His interest in intelligence came from a period of service in the Royal Air Force, with secondments to the British Army and the Royal Navy. He specializes in military and intelligence history and is fascinated by how the artifacts at the Museum – whether an Enigma Machine, a Stinger Missile or the Jester’s Laptop – help tell personal stories and larger historical narratives. He is the author of a forthcoming book entitled, Struggles for Freedom: Afghanistan and US Foreign Policy Since 1979 and is working on another book that tells the story of 9/11 and the post-9/11 wars through the voices of military and intelligence veterans. He has taught at a number of institutions on both sides of the Atlantic and has held fellowships at the British Library, the Library of Congress, New York University and the University of Warwick. He was formerly a Mellon Public Humanities Fellow at the 9/11 Memorial Museum and is currently a Public Policy Fellow at the Wilson Center. He hosts SpyCast, the Museum’s podcast, and has taken acting and public speaking courses in London, New York, Birmingham and Washington, DC.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e235

For this week’s episode of the podcast, we’re joined by Patrick Vandenberg, director of product marketing at Invicti Security. Patrick helps us unpack the reasons behind why 70% of security incidents start from web applications and talks us through the importance of application security and dynamic application security testing (DAST). Patrick also touches on where the future of application security testing may be heading and how scanning varies across industries.

Patrick Vandenberg, Director of Product Marketing at Invicti

A seasoned cybersecurity leader, Patrick Vandenberg is the Director of Product Marketing at Invicti Security. He works closely with security and DevSecOps stakeholders to understand today’s cybersecurity pain points so we can continue to help our customers solve their application security challenges. As an alumnus of several cybersecurity companies, including Hunters, Snyk, and IBM Security, Patrick brings over 20 years of experience in cybersecurity across product marketing and product management roles. Patrick holds a degree in Systems & Computer Engineering from Carleton University and, in his free time, continues a longtime passion for coaching and playing hockey.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e234

Joining us this week is Javvad Malik, Security Awareness Advocate at KnowBe4. We cover an array of themes including the need to “protect the seams”, understanding where risks are moving, how small interventions can deliver quick security wins, understanding people in the security equation and the importance of cybersecurity training, the AI debate, smishing attacks, and more!

Javvad Malik is a Security Awareness Advocate at KnowBe4, a blogger event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security that speak to both technical and non-technical audiences alike.

Prior to joining KnowBe4, Javvad was security advocate at AlienVault. Before then,  he was a Senior Analyst at 451’s Enterprise Security Practice (ESP), providing in-depth, timely perspective on the state of enterprise security and emerging trends in addition to competitive research, new product and go-to-market positioning, investment due diligence and M&A strategy to technology vendors, private equity firms, venture capitalists and end users.

Prior to joining 451 Research, he was an independent security consultant, with a career spanning 12+ years working for some of the largest companies across the financial and energy sectors.

As well as being an author and co-author on several books, Javvad was one of the co-founders of the Security B-Sides London conference.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e233

Joining the podcast this week is Katie Arrington is the founder of LD Innovations, LLC Cybersecurity and the former Chief Information Security Officer for Acquisition and Sustainment (CISO(A&S)) to the Under Secretary of Defense for Acquisition and Sustainment (USD(A&S)). We cover many interesting themes in our lively discussion including Cybersecurity Maturity Model Certification (CMMC), the impact of a cyber mentality and culture, the National Cybersecurity Strategy, the CHIPS Act, risk reduction strategies, the future of cybersecurity, China’s 100-year plan, Huawei, MITRE, Paperwork Reduction Act, and so much more. And for movie fans, there are more than a dozen movie references you’ll want to hear. Plus many book recommendations as well - some you might be surprised to learn!

Follow-up reading from today's podcast: https://www.mitre.org/sites/default/files/2021-11/prs-18-2417-deliver-uncompromised-MITRE-study-26AUG2019.pdf

https://www.mitre.org/news-insights/publication/deliver-uncompromised-strategy-supply-chain-security-and-resilience

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e232

Joining the podcast this week is Katie Arrington is the founder of LD Innovations, LLC Cybersecurity and the former Chief Information Security Officer for Acquisition and Sustainment (CISO(A&S)) to the Under Secretary of Defense for Acquisition and Sustainment (USD(A&S)). We cover many interesting themes in our lively discussion including Cybersecurity Maturity Model Certification (CMMC), the impact of a cyber mentality and culture, the National Cybersecurity Strategy, the CHIPS Act, risk reduction strategies, the future of cybersecurity, China’s 100-year plan, Huawei, MITRE, Paperwork Reduction Act, and so much more. And for movie fans, there are more than a dozen movie references you’ll want to hear. Plus many book recommendations as well - some you might be surprised to learn!

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e231

Joining the podcast this week is Katie Arrington is the founder of LD Innovations, LLC Cybersecurity and the former Chief Information Security Officer for Acquisition and Sustainment (CISO(A&S)) to the Under Secretary of Defense for Acquisition and Sustainment (USD(A&S)). We cover many interesting themes in our lively discussion including Cybersecurity Maturity Model Certification (CMMC), the impact of a cyber mentality and culture, the National Cybersecurity Strategy, the CHIPS Act, risk reduction strategies, the future of cybersecurity, China’s 100-year plan, Huawei, MITRE, Paperwork Reduction Act, and so much more. And for movie fans, there are more than a dozen movie references you’ll want to hear. Plus many book recommendations as well - some you might be surprised to learn!

Follow-up reading from today's podcast: https://www.mitre.org/sites/default/files/2021-11/prs-18-2417-deliver-uncompromised-MITRE-study-26AUG2019.pdf

https://www.mitre.org/news-insights/publication/deliver-uncompromised-strategy-supply-chain-security-and-resilience

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e230

Joining the podcast this week is Canauri founder and CTO, Greg Edwards. He gives us a deep dive view into deception technology including decoys, canaries, watcher files, deception technology defense, and how it helps organizations fare against ransomware attacks. We also discuss the growing ransomware problem and its recent designation by the White House as a “national security threat”. And we hit on many of your favorite topics including educating Boards on security and how to define security success, addressing the international cyber crime conundrum, AI and ChatGPT leveraged by attackers, and advice for start-ups including a book recommendation! (Note: Greg has launched a few start-ups and has some great insights!)

Greg is the founder and CTO of Canauri (Formally Cryptostopper), a ransomware protection service that automatically detects and stops active ransomware attacks. He has been a technology entrepreneur since 1998 and has founded many businesses. Including Axis Backup, a backup and disaster recovery company for the insurance industry, that he founded a few years before CryptoStopper. He is skilled in disaster recovery, Cloud computing, and Network security just to name a few.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e229

Joining us this week is Jonathan Knudsen, Head of Global Research for the CyRC, cybersecurity research center, at Synopsys Inc. To understand the vulnerability landscape in software, you have to first understand how software is made. Jonathan shares insights on software development and where vulnerabilities (or many, many vulnerabilities) can be integrated in the final product. (Although software is never really, final, is it?) And as we round out March Madness for 2023, he shares some sobering findings from his recent research into sports betting apps and the more than 179 vulnerabilities on average uncovered. We also dive into software composition analysis, the future of security ratings, and the notion of security as an enabler to business. We had so much to talk about we made it a two-part episode!

Jonathan Knudsen, Head of Global Research for the CyRC, cybersecurity research center, at Synopsys Inc.

Jonathan Knudsen is currently the Head of Global Research for the CyRC, cybersecurity research center, at Synopsys Inc. In his role, he conducts security and software research, helps people publish their research, and occasionally comments on pressing security topics. His past experiences include being an Adjunct Professor at Duke University for a year. He was also a Principal Security Engineer at Codenomicon for four years, a Principal Technical Writer at Oracle for one year, and a Senior Staff Engineer at Sun Microsystems for nine years.

He enjoys breaking software and teaching others how to make software better. Jonathan is the author of books about 2D graphics, cryptography, mobile application development, Lego robots, and has written more than one hundred articles on a wide range of technical subjects. He lives in Chapel Hill, North Carolina.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e228

Joining us this week is Jonathan Knudsen, Head of Global Research for the CyRC, cybersecurity research center, at Synopsys Inc. To understand the vulnerability landscape in software, you have to first understand how software is made. Jonathan shares insights on software development and where vulnerabilities (or many, many vulnerabilities) can be integrated in the final product. (Although software is never really, final, is it?) And as we round out March Madness for 2023, he shares some sobering findings from his recent research into sports betting apps and the more than 179 vulnerabilities on average uncovered. We also dive into software composition analysis, the future of security ratings, and the notion of security as an enabler to business. We had so much to talk about we made it a two-part episode!

Jonathan Knudsen, Head of Global Research for the CyRC, cybersecurity research center, at Synopsys Inc.

Jonathan Knudsen is currently the Head of Global Research for the CyRC, cybersecurity research center, at Synopsys Inc. In his role, he conducts security and software research, helps people publish their research, and occasionally comments on pressing security topics. His past experiences include being an Adjunct Professor at Duke University for a year. He was also a Principal Security Engineer at Codenomicon for four years, a Principal Technical Writer at Oracle for one year, and a Senior Staff Engineer at Sun Microsystems for nine years.

He enjoys breaking software and teaching others how to make software better. Jonathan is the author of books about 2D graphics, cryptography, mobile application development, Lego robots, and has written more than one hundred articles on a wide range of technical subjects. He lives in Chapel Hill, North Carolina.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e227

We’re excited to welcome back to the podcast Maria Roat, founder of MA Roat Consulting and former U.S. Deputy Federal Chief Information Officer. For our discussion we double click into the cyber workforce gap and how to attract diverse skillsets to the industry, introducing STEM earlier in education, understanding how to nurture non-traditional learners and the awesome experience veterans bring to supporting the cyber mission. She also shares insights from her decades of experience as an IT leader on the criticality of taking risks, being comfortable with the uncomfortable, and the power of mentors. We had so much to talk about we made this a two-part episode!

Maria Roat, former U.S. Deputy Federal CIO

Maria Roat is currently retired from federal service after more than 40 years in the industry. She started her own consulting firm called MA Roat Consulting LLC, which takes up most of her time. However, she is also on the Board of Directors for On Mission IT, AFCEA Bethesda, and Aquia Inc. She also works closely with VETSports Inc. as a member of the Board of Directors.

Maria Roat served as the Deputy Federal Chief Information Officer for two years after starting the role in May 2020 with over 35 years of professional experience in information technology.

Previously, Ms. Roat served as the Small Business Administration Chief Information Officer October 2016 – May 2020 where she led SBA’s digital transformation to a more proactive and innovative enterprise services organization responsive to the business technology needs of SBA program offices and small businesses & entrepreneurs across the United States.

Ms. Roat also served more than two years as the U.S. Department of Transportation Chief Technology Officer and was responsible for establishing and leading DOTs technical vision and strategic direction, driving innovation and planning for technology growth supporting internal and external facing mission activities.

Additionally, she served 10 years at the Department of Homeland Security (DHS) joining in June 2004 and serving in a number of capacities including Federal Risk Management and Authorization Program (FedRAMP) Director, FEMA Deputy CIO, Chief of Staff for the DHS CIO, USCIS Chief Information Security Officer and CIO Chief of Staff, and Deputy Director, Technology Development, for TSA’s Secure Flight Program.

Prior to joining DHS in 2004, Ms. Roat was in the private sector for 5 years deploying and managing global enterprise network management systems, as well as running Network and Security Operations Centers.

Ms. Roat is a graduate of the University of Maryland (UMUC), Harvard Business School Executive Education Program for Leadership Development, and the Navy Senior Enlisted Academy.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e226

We are excited to welcome back to the podcast Maria Roat, founder of MA Roat Consulting and former U.S. Deputy Federal Chief Information Officer. For our discussion we double click into the cyber workforce gap and how to attract diverse skillsets to the industry, introducing STEM earlier in education, understanding how to nurture non-traditional learners and the awesome experience veterans bring to supporting the cyber mission. She also shares insights from her decades of experience as an IT leader on the criticality of taking risks, being comfortable with the uncomfortable, and the power of mentors. We had so much to talk about we made this a two-part episode!

Maria Roat, former U.S. Deputy Federal CIO

Maria Roat is currently retired from federal service after more than 40 years in the industry. She started her own consulting firm called MA Roat Consulting LLC, which takes up most of her time. However, she is also on the Board of Directors for On Mission IT, AFCEA Bethesda, and Aquia Inc. She also works closely with VETSports Inc. as a member of the Board of Directors.

Maria Roat served as the Deputy Federal Chief Information Officer for two years after starting the role in May 2020 with over 35 years of professional experience in information technology.

Previously, Ms. Roat served as the Small Business Administration Chief Information Officer October 2016 – May 2020 where she led SBA’s digital transformation to a more proactive and innovative enterprise services organization responsive to the business technology needs of SBA program offices and small businesses & entrepreneurs across the United States.

Ms. Roat also served more than two years as the U.S. Department of Transportation Chief Technology Officer and was responsible for establishing and leading DOTs technical vision and strategic direction, driving innovation and planning for technology growth supporting internal and external facing mission activities.

Additionally, she served 10 years at the Department of Homeland Security (DHS) joining in June 2004 and serving in a number of capacities including Federal Risk Management and Authorization Program (FedRAMP) Director, FEMA Deputy CIO, Chief of Staff for the DHS CIO, USCIS Chief Information Security Officer and CIO Chief of Staff, and Deputy Director, Technology Development, for TSA’s Secure Flight Program.

Prior to joining DHS in 2004, Ms. Roat was in the private sector for 5 years deploying and managing global enterprise network management systems, as well as running Network and Security Operations Centers.

Ms. Roat is a graduate of the University of Maryland (UMUC), Harvard Business School Executive Education Program for Leadership Development, and the Navy Senior Enlisted Academy.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e225

Joining the podcast this week is Mishi Choudhary, SVP and General Counsel at Virtru. Mishi shares with us some legal perspective on the privacy discussion including freedom of thought, the right to be forgotten, end-to-end encryption for protecting user data, finding a middle ground between meeting customer privacy demands and complying with legal requirements, getting to a federal privacy regulation, and so much more! You won’t want to miss what is a truly spirited and candid conversation – in two parts!

Mishi Choudhary

SVP and General Counsel, Virtru

A technology lawyer with over 17 years of legal experience, Mishi has served as a legal representative for many of the world's most prominent free and open source software developers and distributors, including the Free Software Foundation, Cloud Native Computing Foundation, Linux Foundation, Debian, the Apache Software Foundation, and OpenSSL. At Virtru, she leads all legal and compliance activities, builds internal processes to continue to accelerate growth, helps shape Virtru and open source strategy, and activates global business development efforts.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e224

Joining the podcast this week is Mishi Choudhary, SVP and General Counsel at Virtru. Mishi shares with us some legal perspective on the privacy discussion including freedom of thought, the right to be forgotten, end-to-end encryption for protecting user data, finding a middle ground between meeting customer privacy demands and complying with legal requirements, getting to a federal privacy regulation, and so much more! You won’t want to miss what is a truly spirited and candid conversation – in two parts!

Mishi Choudhary, SVP and General Counsel, Virtru

A technology lawyer with over 17 years of legal experience, Mishi has served as a legal representative for many of the world's most prominent free and open source software developers and distributors, including the Free Software Foundation, Cloud Native Computing Foundation, Linux Foundation, Debian, the Apache Software Foundation, and OpenSSL. At Virtru, she leads all legal and compliance activities, builds internal processes to continue to accelerate growth, helps shape Virtru and open source strategy, and activates global business development efforts.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e223

Joining us this week is Jennifer Cook, Senior Director of Marketing at the National Cybersecurity Alliance and we discuss all the hot and trending online scams facing consumers today including the growing prevalence of romance scams ($1.3B in losses last year!), job seeker scams, tax fraud scams, sextortion, and the latest scam making the rounds – pig butchering scams. Jennifer shares insights on the many free resources available to consumers – and the awesome work being done by the National Cybersecurity Alliance working with partners and champions around the globe – that raise awareness of what to look for and how to avoid online and mobile scams that take advantage of our day-to-day engagement channels including email, social media and, increasingly, mobile text messages.

Jennifer Cook - Senior Director of Marketing at the National Cybersecurity Alliance

Jennifer Cook is the Senior Director of Marketing at the National Cybersecurity Alliance (NCA). Jennifer leads the development and coordination of NCA’s growing suite of campaigns and programs, including Cybersecurity Awareness Month and Data Privacy Week. She joined the National Cyber Security Alliance in 2017 and holds a degree in Marketing from Drexel University.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e222

This week joining the podcast is Anton (Tony) Dahbura, executive director of the Johns Hopkins University Information Security Institute and co-director of the Johns Hopkins Institute of Assured Autonomy. We deep dive into the realm of AI/ML technology and the exponential applications for it across every aspect of our lives. And the criticality of building trust, implications of bias, the realities of planning for “edge cases” that just can’t be planned for, and the growing sophistication and personalization of AI-leveraged attacks. He also shares details on the most awesome CyberCorps: Scholarship for Service program. Learn more here: https://isi.jhu.edu/scholarship-service-program/

Executive Director of Johns Hopkins - Information Security Institute and Co-Director of the Johns Hopkins Institute for Assured Autonomy

Anton (Tony) Dahbura is the executive director of the Johns Hopkins University Information Security Institute, co-director of the Johns Hopkins Institute of Assured Autonomy, and an associate research scientist in computer science. His research focuses on security, fault-tolerant computing, distributed systems, and testing.

He received his BSEE, MSEE, and PhD in Electrical Engineering and Computer Science from the Johns Hopkins University in 1981, 1982, and 1984, respectively.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e221

Joining the podcast this week is Brian Hajost, the founder and COO of SteelCloud. Brian shares insights on his concept of a Compliance Bill of Materials (CBOM). For those that have heard of Software Bill of Materials (SBOM) it’s a similar concept. In addition to CBOM’s, Brian also breaks down the challenges and opportunities in automating compliance as well as well frameworks organizations can leverage to help them achieve compliance. Compliance is a super hot topic for every organization! This is a podcast you don’t want to miss!

Brian Hajost, Chief Operating Officer at SteelCloud, LLC

Brian Hajost is the founder and COO of SteelCloud, a company that develops technology for automated compliance for DISA STIGs and the CIS Security Benchmarks. Mr. Hajost has transformed SteelCloud into a recognized leader in delivering new technologies that allow government customers and commercial enterprises to effectively meet the compliance mandates of RMF, NIST 800-53, NIST 800-171, CMMC, and IRS Pub 1075.

Brian’s technical career has spanned over thirty years, primarily with leading-edge technologies in regulated industries. He holds 10 patents in IT security and two patents in mobile security. Mr. Hajost is an active contributor to AFCEA International through his membership on the Technology Committee and Secure Supply Chain subcommittee. He is also the Vice Chair of the Advanced Technology Academic Research Center (ATARC) Continuous ATO Working Group.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e220

For this week’s episode, Casey Ellis, founder and CTO of Bugcrowd and co-founder of the http://disclose.io project., joins us to explore the risks and rewards of AI technology, including concerns around the notorious Chat GPT chatbot. As the global race to AI supremacy intensifies, Casey shares his thoughts on AI in the workplace, as a cyber defense, and the future of regulation and the ethics around determining AI liability.

Casey is the Chairman, Founder, and Chief Technology Officer of Bugcrowd, as well as the co-founder of The disclose.io Project. He is a 20-year veteran of information security who spent his childhood inventing things and generally getting technology to do things it isn't supposed to do. Casey pioneered the Crowdsourced Security as-a-Service model, launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the disclose.io vulnerability disclosure standardization project in 2014. Since then, he has personally advised the US Department of Defense and Department of Homeland Security/CISA, the Australian and UK intelligence communities, and various US House and Senate legislative cybersecurity initiatives, including preemptive cyberspace protection ahead of the 2020 Presidential Elections. Casey, a native of Sydney, Australia, is based in the San Francisco Bay Area with his wife and two children.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e219

This week, we welcome back Dustin Moody, a mathematician in the NIST Computer Security Division who teaches us about the risks posed by quantum computers and shares updates on the status of NIST’s post-quantum cryptography standardization project. As quantum computers move from sci-fi to reality, Dustin elaborates on the functionality of quantum computing and shares best practices for protecting encrypted data to withstand evolving quantum capabilities. If you’re interested in learning more about the four candidate algorithms for NIST’s standardization project, visit their website at [nist.gov](https://www.nist.gov/ "‌").

Dustin Moody, Mathematician, NIST

Dustin Moody is a mathematician in the NIST Computer Security Division. Dustin leads the post-quantum cryptography project at NIST. He received his Ph.D. from the University of Washington in 2009. His area of research deals with elliptic curves and their applications in cryptography.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e218

Joining us on the podcast this week is Joe Bielawski – founding member of StateRAMP and President of Knowledge Services – as well as StateRamp Executive Director Leah McGrath. If the name sounds somewhat familiar – like FedRAMP – it should because StateRAMP helps to meet the growing need in state and local government to manage third party risk and efficiently verify cloud security. The organization has an incredible wealth of resources and tools - such as security maturity assessment tool Security Snapshot - that help bring innovation to state/local governments faster. And in just a couple years StateRAMP is already working with 17 states. For those interested in learning more or taking advantage of the awesome resources this organization delivers visit their website at stateramp.org.

Joe Bielawski, Founding Member of StateRAMP – In 2020, Joe Bielawski (President of Knowledge Services) and J.R. Sloan developed the idea of StateRAMP to meet the growing need in state and local government to manage third party risk and efficiently verify cloud security.

Leah McGrath, Executive Director of StateRAMP - Serving as the Executive Director, Leah McGrath has been involved with StateRAMP since its formation. In 2020, she spent countless hours working alongside Steering Committee members to develop StateRAMP’s governance and policy framework. Prior to her work with StateRAMP, McGrath held leadership positions in both the public and private sector, including serving as the first deputy mayor of the City of Fishers, Indiana. During her tenure, Fishers transformed from a town into a smart, vibrant, entrepreneurial city and was named the #1 Best Place to Live in America in 2017 by Money magazine. As deputy mayor, she helped lead modernization efforts and spearheaded city-wide efforts to develop the city’s first long-range, comprehensive plan. McGrath’s 20-year career has been focused on working to improve government outcomes at the state and local level, helping shepherd government into the digital age securely and effectively for the citizens it serves.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e217

This week we welcome back to the podcast former co-host Eric Trexler, Senior Vice President, U.S. Public Sector at Palo Alto Networks. We examine some hot security topics for the year ahead including growing prevalence of AI/ML automation used for preventative security, continued evolution and impact of ransomware (Did you know the average dwell time is 28 days?!), increasing adoption of people/process/technology approaches, industry consolidation, state and local cybergrants coming online and the opportunities those open up, Zero Trust pros and cons, attack surface management and what’s been learned about cyberwarfare from the Ukraine conflict.

Eric Trexler, Senior Vice President, US Public Sector, Palo Alto Networks

Eric joined Palo Alto Networks in September of 2022 and oversees the US Public Sector business.

Most recently, Eric Trexler was the Vice President of Sales, Global Governments and Critical Infrastructure at Forcepoint. Eric was responsible for Global Go To Market operations to include all components of sales, sales enablement, and field and product marketing. While at Forcepoint, Eric’s team doubled the size of the business over a five year period to nearly $400M in annual sales and strategically moved a large part of the business to the Public Cloud.

Eric has nearly 30 years of experience in technology across the public and private sectors, including Department of Defense, Civilian, and Intelligence communities, along with International governments. Eric has combined his sales savvy and technical skills with practical knowledge of leadership fundamentals to solve global cybersecurity issues for his customers and the business.

Prior to Forcepoint, Eric was the executive director for Civilian and National Security Programs at McAfee (formerly Intel Security). Earlier in his career, Eric worked at [Salesforce.com](http://Salesforce.com "‌"), EMC, and Sybase. He spent four years as an Airborne Ranger with the U.S. Army specializing in communications. Eric holds a Master's Degree in Business Administration and a Bachelor’s of Science in Marketing from the University of Maryland at College Park.

He was the co-host of the award winning “To The Point Cybersecurity” podcast with over 200 weekly episodes covering various cybersecurity topics, and he regularly writes bylines for cybersecurity and national periodicals.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e216

Back from the archives! This week we're spotlighting one of our favorite episodes in Summer 2021 with The New York Times journalist Nicole Perlroth where she shares insights from her decade long research for her book "This is How They Tell Me the World Ends". (FORMERLY EPISODE 138) This week Nicole Perlroth, award-winning journalist for The New York Times and best-selling author of “This Is How They Tell Me The World Ends” joins the podcast to discuss her decade long journey covering cybersecurity and many terrifying discoveries navigating through the underbelly of the secretive cyberweapons market. She shares insights on the importance of making cyber understanding and awareness accessible to all audiences. And she details the many challenges governments and society face today as cyberattacks continue to ratchet up in scope of disruption and financial rewards with no consequences as we collectively wait for “the big event” that will be the forcing function to drive needed investment, global cooperation, and changed behaviors to truly take some of the advantage out of attackers’ hands.

Nicole Perlroth covers cybersecurity and digital espionage for The New York Times. She has covered Russian hacks of nuclear plants, airports, and elections, North Korea's cyberattacks against movie studios, banks and hospitals, Iranian attacks on oil companies, banks and the Trump campaign and hundreds of Chinese cyberattacks, including a months-long hack of The Times. Her first book, “This Is How They Tell Me The World Ends,” about the global cyber arms race, will publish in February 2021. The book, and several of her Times articles, have been optioned for television.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e215

This week John Zangardi, President and CEO of Redhorse Corporation joins us on the podcast to talk about his remarkable career starting with his time in the Navy as a Naval Flight Officer, his many years on the frontlines of security - including his favorite professional role in government as Department of Homeland Security CIO – and shares perspective on bridging the security talent gap in government as well as the many talents veterans bring to the security industry. He also touches on the evolution of the threat environment and security approaches the last two decades as well as hot topics including the Zero Trust opportunity and criticality of taking security education and its business value deeper into organizations. And, he provides a great movie recommendation that you will definitely want to check out!

John Zangardi, President, Redhorse Corp.

John joined Redhorse in June of 2020 taking on the day to day operations responsibilities as President.

Prior to joining Redhorse, he most recently served as Senior Vice President of business initiatives and strategic partnerships with Leidos Civil Group.

Prior to joining Leidos, he enjoyed a distinguished career in government service spanning more than thirty years, concluding with his role as Chief Information Officer (CIO) for the Department of Homeland Security (DHS), a presidential appointment. At DHS his responsibilities encompassed information technology and associated management and security. His work for DHS garnered recognition by Federal Computer Week for his work in transforming DHS into, “one of the federal government’s top IT performers.” John led multiple initiatives at DHS including implementation of advanced cybersecurity technology, cloud computing and data analytics, identity management and telecommunications.

He transitioned to DHS from the Department of Defense (DoD) where he served as Acting Chief Information Officer, a position he assumed from his role as Principal Deputy Chief Information Officer. He previously served as the Deputy Assistant Secretary of the Navy for Command, Control, Communications, Computers, Intelligence, Information Operations, and Space (DASN C4I, IO, and Space), and as the Acting Department of the Navy Chief Information Officer (DON CIO).

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e212

This week we welcome Adam Levin to the podcast. He is a long-time consumer affairs advocate with more than 40 years of experience, author of the book Swiped and formerly Chairman and founder of CyberScout as well as co-founder of Credit.com. Adam joins us at the apex of the consumer security awareness time of year as holiday shopping, COVID, flu, RSV and many other health concerns run rampant in addition to the many ongoing geopolitical security concerns that are ever present. He shares insights and stories from his more than 40 years on the consumer affairs advocacy frontlines to frame the security challenges each of us face in our daily lives – many of which are seemingly innocuous yet can have disastrous consequences and upend livelihoods. Great best practices tips here for both security pros and non-industry folks to shore up defenses in places we’ve gotten very familiar in trusting – and they aren’t all that trustworthy after all.

Adam Levin, Cybersecurity Advocate

Adam K. Levin is a consumer affairs advocate and serial entrepreneur with more than 40 years of experience. He is a nationally recognized expert on cybersecurity, privacy, identity theft, fraud, and personal finance. At age 27, Levin became the youngest Director in the history of the New Jersey Division of Consumer Affairs — one of the most powerful consumer protection agencies in the U.S. He is a graduate of Stanford University and the University of Michigan School of Law.

As Chairman and founder of CyberScout, Levin built a premier global identity, data protection company, and helped pioneer the cyber insurance business. The organization was acquired in March 2021 by Sontiq, which was soon after acquired by Transunion. Levin was also co-founder of Credit.com, one of the first credit education, information and products and services companies on the Internet focused on consumer credit building. The company was acquired in 2015 by Progrexion.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e211

This week we welcome Adam Levin to the podcast. He is a long-time consumer affairs advocate with more than 40 years of experience, author of the book Swiped and formerly Chairman and founder of CyberScout as well as co-founder of Credit.com. Adam joins us at the apex of the consumer security awareness time of year as holiday shopping, COVID, flu, RSV and many other health concerns run rampant in addition to the many ongoing geopolitical security concerns that are ever present. He shares insights and stories from his more than 40 years on the consumer affairs advocacy frontlines to frame the security challenges each of us face in our daily lives – many of which are seemingly innocuous yet can have disastrous consequences and upend livelihoods. Great best practices tips here for both security pros and non-industry folks to shore up defenses in places we’ve gotten very familiar in trusting – and they aren’t all that trustworthy after all.

Adam Levin, Cybersecurity Advocate

Adam K. Levin is a consumer affairs advocate and serial entrepreneur with more than 40 years of experience. He is a nationally recognized expert on cybersecurity, privacy, identity theft, fraud, and personal finance. At age 27, Levin became the youngest Director in the history of the New Jersey Division of Consumer Affairs — one of the most powerful consumer protection agencies in the U.S. He is a graduate of Stanford University and the University of Michigan School of Law.

As Chairman and founder of CyberScout, Levin built a premier global identity, data protection company, and helped pioneer the cyber insurance business. The organization was acquired in March 2021 by Sontiq, which was soon after acquired by Transunion. Levin was also co-founder of Credit.com, one of the first credit education, information and products and services companies on the Internet focused on consumer credit building. The company was acquired in 2015 by Progrexion.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e210

Joining the podcast this week is Maria Roat, who has had an impressive career in both government and the private sector for more than 35 years. She shares insights from her time in government, among the many roles she held included Deputy Federal CIO and Small Business Administration CIO, and the opportunities she helped identify to change the system from the inside out. She shares perspective on operating the government as a very large enterprise and the challenges that come with managing single year budgets for multi-year programs. Creativity is key to success and Maria talks about the many new and innovative initiatives and programs activated during her tenure to advance the government’s technology infrastructure including the CIO Council and revitalization of the Capital Planning and Investment Control (CPIC). We also delve into the impact in embracing diversity of thought and the criticality of challenging others to think differently and results it can deliver. Side note, we have book recommendation from this episode as well! It is “Start with Why” by Simon Sinek.

Maria Roat, former Deputy Federal CIO

Maria Roat served as the Deputy Federal Chief Information Officer for two years bringing 35+ years of professional experience in information technology.

Ms. Roat served as the Small Business Administration Chief Information Officer October 2016 – May 2020 where she led SBA’s digital transformation to a more proactive and innovative enterprise services organization responsive to the business technology needs of SBA program offices and small businesses & entrepreneurs across the United States.

Ms. Roat served more than 2 years as the U.S. Department of Transportation Chief Technology Officer and was responsible for establishing and leading DOTs technical vision and strategic direction, driving innovation and planning for technology growth supporting internal and external facing mission activities.

Ms. Roat served 10 years at the Department of Homeland Security (DHS) joining in June 2004 and serving in a number of capacities including Federal Risk Management and Authorization Program (FedRAMP) Director, FEMA Deputy CIO, Chief of Staff for the DHS CIO, USCIS Chief Information Security Officer and CIO Chief of Staff, and Deputy Director, Technology Development, for TSA’s Secure Flight Program.

Prior to joining DHS in 2004, Ms. Roat was in the private sector for 5 years deploying and managing global enterprise network management systems, as well as running Network and Security Operations Centers.

Ms. Roat is a graduate of the University of Maryland (UMUC), Harvard Business School Executive Education Program for Leadership Development, and the Navy Senior Enlisted Academy.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e209

In honor of November as Infrastructure Awareness Month, we wanted to bring back this episode from our 2021 archives with Rob Lee, CEO and Co-Founder of Dragos. In this episode, Rob breaks down the OT challenge that many businesses are facing today including a lack of clarity on who within the business owns OT and defining what acceptable OT risk means within the business. He also shares perspective on multi-factor authentication as one of the universal controls, the industry + geopolitical aspect of managing risk, and shifting the lens to think about the IP threat from the operator POV. And he shares insights on the Salt Water Project and what can happen when thinking through OT impact + the art of the possible.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e208

Joining the podcast this week is Eric Mill, Senior Advisor on Technology and Cybersecurity to the Federal CIO in the Office of Management and Budget (OMB). We discuss some of the latest and impactful security initiatives, policies and technologies in U.S. Government today – and highlights from some that OMB is helping to drive. We cover topics spanning the Executive Order on Improving the Nation’s Cybersecurity, the Technology Modernization Fund, Zero Trust and what it has come to mean today, FIDO and PIV, and so much more!

Eric also shares an interesting essay that is worth a read, “Reflections on Trusting Trust” by Ken Thompson. Read it here: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf.

Eric Mill A leader in technology policy and cybersecurity, with a long background in public service. Eric currently serves in the Biden-Harris administration in the Office of Management and Budget as the Senior Advisor on Technology and Cybersecurity to the Federal Chief Information Officer, Clare Martorana.

Prior to that, Eric was the Lead Product Manager for the security of the Chrome web browser at Google. In 2019, Eric worked for Senator Amy Klobuchar through the TechCongress program, with a focus on election security, vulnerability disclosure, and management of the .gov internet domain.

Before that, Eric served in the 18F team at the U.S. General Services Administration, where he led the federal government's adoption of strong encryption for its online services. While at GSA, Eric oversaw Login.gov, which lets millions of people sign into U.S. public services securely and privately.

Prior to 18F, Eric was a part of the Sunlight Foundation, a civil society group dedicated to government transparency. At Sunlight, Eric created open data services that helped the public follow government activity, advised Congress on its open data strategy, and provided expert guidance to anti-corruption NGOs around the world.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e207

Joining us this week is Peter W. Singer, a New York Times bestselling author of books including Ghost Fleet, LikeWar and the techno-thriller Burn In. He shares details on the New America volunteer, non-profit organization and its awesome #SharetheMicinCyber program helping to bring diversity of thought to the cybersecurity front lines. We also discuss the future of social media, what defines a cyberwar, Ukraine’s leverage of social media to garner global support this year, and the great work Useful Fiction is delivering to organizations to address the age old problem of translating complex themes (such as cyber) into compelling business narratives audiences understand and can learn from. And definitely take a few minutes to learn more about Passing the Mic’s cybersecurity fellowship program this week. Read more here: https://www.newamerica.org/the-thread/passing-the-mic-introducing-new-americas-cybersecurity-fellowship/

Peter Warren Singer - A Strategist at New America, a Professor of Practice at Arizona State University, and Founder & Managing Partner at Useful Fiction LLC.

A New York Times Bestselling author, described in the Wall Street Journal as “the premier futurist in the national-security environment” and “all-around smart guy” in the Washington Post, he has been named by the Smithsonian as one of the nation’s 100 leading innovators, by Defense News as one of the 100 most influential people in defense issues, by Foreign Policy to their Top 100 Global Thinkers List, and as an official “Mad Scientist” for the U.S. Army’s Training and Doctrine Command. No author, living or dead, has more books on the professional US military reading lists. His non-fiction books include Corporate Warriors: The Rise of the Privatized Military Industry, Children at War, Wired for War: The Robotics Revolution and Conflict in the 21st Century; Cybersecurity and Cyberwar: What Everyone Needs to Know and most recently LikeWar, which explores how social media has changed war and politics. It was named an Amazon and Foreign Affairs book of the year and reviewed by Booklist as “LikeWar should be required reading for everyone living in a democracy and all who aspire to.” He is also the co-author of a new type of novel, using the format of a technothriller to communicate nonfiction research. Ghost Fleet: A Novel of the Next World War was both a top summer read and led to briefings everywhere from the White House to the Pentagon. His latest is Burn-In: A Novel of the Real Robotic Revolution. It has been described by the creator of Lost and Watchmen as “A visionary new form of storytelling—a rollercoaster ride of science fiction blended with science fact,” and by the head of Army Cyber Command as “I loved Burn-In so much that I’ve already read it twice.”

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e206

This week we officially welcome Petko Stoyanov as the new co-host for the To The Point podcast. Petko shares perspective on how he found his way to cyber, the origin of the name “Petko”, and differences in working in government and the private sector. We also discuss the state of cybersecurity landscape and the ongoing challenge of attribution – which is really asking the question, “Who is smarter” in executing cyber attacks. And we dive into the latest headlines on cybersecurity labels for IoT devices which Singapore started actively addressing a few years ago and has partnered with Finland and recently Germany. The US will start embracing security labels in 2023, on a voluntary basis at first, for the most vulnerable IoT devices such as routers and connected home cameras. Big implications here on the future of consumer IoT devices we’ll want to continue tracking in the year ahead.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e205

We’re excited to welcome back Derek Weeks, recognized as the world’s foremost researcher on the topic of DevSecOps and securing software supply chains, to the podcast! Derek shares insights on just how little has changed relative to securing software supply chains and using SBOMs in the two years since we last caught up with him. For those new to SBOMs, they are like the nutritional label on a cereal box except for open source software (OSS). We're we’re seeing astronomical growth in organizations’ use of OSS to the tune of 3+ trillion downloads in 2023. And even with events such as Log4j within the last year, we still haven’t had the cataclysmic event to act as a forcing function for more organizations to embrace SBOMs. This has opened the door for the U.S. Government to bring to the table the Securing Open Source Software Act of 2022. Derek also shares perspective on the importance of automation, accountability for supply chain security, investment range for industry to improve the security of code the next two years, and today’s realities for those buying cyber insurance.

Derek Weeks, Cybersecurity Advocate

Derek E. Weeks is the world’s foremost researcher on the topic of DevSecOps and securing software supply chains. For the past seven years, he has championed the research of the annual State of the Software Supply Chain Report and the DevSecOps Community Survey. Derek is also the co-founder of All Day DevOps, an online community of 95,000 IT professionals. In 2018, Derek was recognized by DevOps.com as the “Best DevOps Evangelist” for his work in the community.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e204

Joining the podcast this week is Eva Galperin, Director of Cybersecurity for the Electronic Frontier Foundation (EFF). She is also the co-founder of the Coalition Against Stalkerware and has long been a champion for providing privacy and security for vulnerable populations around the world. “What is stalkerware?” many may ask. Stalkerware is considered a more personal way of invading someone's privacy such as using malware to track a person’s activity on a device. Eva shares insights from her many years on the frontlines of digital privacy both educating the broader population on how to protect oneself while also navigating the labyrinth of new regulations and laws being created that impact digital privacy of the future. Be sure to visit StopStalkerware.org to learn more! Eva Galperin is EFF's Director of Cybersecurity

Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from SFSU. Her work is primarily focused on providing privacy and security for vulnerable populations around the world. To that end, she has applied the combination of her political science and technical background to everything from organizing EFF's Tor Relay Challenge, to writing privacy and security training materials (including Surveillance Self Defense and the Digital First Aid Kit), and publishing research on malware in Syria, Vietnam, Lebanon, and Kazakhstan. Since 2018, she has worked on addressing the digital privacy and security needs of survivors or domestic abuse. She is also a co-founder of the Coalition Against Stalkerware.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e203

Joining us this week are Richard Grabowski, Acting Program Manager for CISA’s CDM Program, and Jonathan McBride, Chief of Adversary Pursuit for CISA’s Threat Hunting Subdivision. We dive into the hot topics of threat hunting, adversary pursuit, the evolution of CISA over the years including the growth and maturity of the organization, the power of public/private partnerships, and the drive for innovation. They also share perspective on the recent Cyber Executive Order as well as how the CDM program is increasing visibility into the federal cyberattack surface and security posture. We also dig into the continued talent gap challenge and modernizing the approach to talent recruitment (hint: four-year degrees aren’t a requirement!). It truly is an exciting time to be in cyber! And, for those interested in a career move it is a VERY exciting time to be at CISA!

Richard Grabowski is the Acting Program Manager for the Continuous Diagnostics and Mitigation (CDM) at CISA

As Acting Program Manager for the CDM program, Richard has specific responsibilities for managing portfolios to deliver CDM capabilities to agencies, engineering deployment and architecture-related activities, program support and acquisition, and outreach activities. Through partnerships with agencies and industry, the CDM Program fortifies the cybersecurity of civilian government data and networks by providing capabilities that deliver relevant, timely and actionable information. CDM enables cybersecurity professionals to manage risks by providing innovative tools, processes, governance and training required to defend against cybersecurity threats and vulnerabilities. Prior to Richard’s current role, he led the CDM Program’s Architecture and Technology Integration Section. He started with CDM in 2014 as a Systems Engineer supporting the CDM Dashboard and Dynamic and Evolving Federal Enterprise Network Defense (DEFEND; formerly Task Order [TO2]) Group C agencies. Previous to this, Richard spent over nine years providing client/server and virtualization integration services to the Federal government. Richard holds a B.S. in Systems and Information Engineering from the University of Virginia and a M.S. in Systems Engineering from The George Washington University.

Jonathan McBride Chief of Adversary Pursuit, CISA’s Threat Hunting subdivision 

McBride oversees CISA's federal persistent hunt mission and services, driving innovation in service delivery, sensing solutions, detection, and advanced analytics. He previously served as an engagement lead within the Host Forensics Section of CISA’s Threat Hunting Subdivision, leading rapid response personnel on incident response activities supporting the federal government, states, local tribes, territories, and critical infrastructure. Mr. McBride has reached this point in his career by a non-traditional path. A third-generation US Army veteran where he served the special operations community as a military intelligence specialist. Completing multiple deployments to Iraq, Afghanistan, and Africa focused on counter-terrorism and counter-insurgency operations. Upon leaving the US Army he transitioned into the cybersecurity workforce as a computer network defense (CND) intrusion analyst and quickly excelled. Highlights include CND Operations lead for the Missile Defense Agency’s Ground-Based Midcourse Defense Intercontinental Ballistic Missile system and senior Fusion Analyst for Defense Information Systems Agency – Europe supporting the Department of Defense’s European and Africa Combatant Commands, Information Assurance Branch Chief for the Executive Office of the President – Office of Administration, and Incident Response Manager for the Federal Communications Commission. He is an avid outdoorsman and dabbles in ultramarathon running.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e202

Joining us this week is Christian Folini (@chrfolini), co-lead of the OWASP Core Rule Set project, co-author of the second edition ModSecurity Handbook and one of the few teachers on this subject. And he brings a first to the podcast – a discussion on ModSecurity and the OWASP project! For those that are new to these topics, Christian shares many insights on the OWASP volunteer organization mission and how it serves as the first line of defense against web application attacks. Many may not know that 70% of attacks are carried out at the web application level. He also shares perspective on the end-of-life support for the Trustwave ModSecurity Engine and what that means for the open-source community, along with details of the upcoming Swiss Cyber Storm event in October of which he is a program chair. It’s going to be an awesome event you won’t want to miss! Learn more here: https://www.swisscyberstorm.com/

Christian Folini, Author of the ModSecurity Handbook 2ed. OWASP Core Rule Set project co-lead and program chair Swiss Cyber Storm.

Christian Folini brings more than ten years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling. Christian is the author of the second edition of the ModSecurity Handbook and one of the few teachers on this subject. He is a Co-Lead of the OWASP ModSecurity Core Rule Set project. Christian serves as vice president of the Swiss federal public-private-partnership "Swiss Cyber Experts" and as the program chair of the "Swiss Cyber Storm" conference. He is also a frequent speaker at national and international conferences, where he tries to use his background in the humanities to explain hardcore technical topics to various audiences.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e201

Closing out Insider Threat Awareness Month with us is Maria Bada, Ph.D, a Lecturer in Cyberpsychology at Queen Mary University in London and a RISCS Fellow in cybercrime. Maria shares insights on the insider threat challenge through a human-centric lens and the criticality of educational awareness, transparency and training (note: check out AwareGo!) to better mitigate the threat. When 98% of organizations are vulnerable to insider threat, and the “accidental” insider is the one most often reported, empowering employees with tools and knowledge to understand and be aware of the threats can really make a positive impact. We also discuss the myriad profiles of functional insiders, promoting a culture of security impact, the power of positive vs punitive training (think fake phishing campaigns executed by internal security teams) and how we should start thinking about and addressing the growing social engineering threat.

Maria Bada, Ph.D

A Lecturer in Cyberpsychology at Queen Mary University in London and a RISCS Fellow in cybercrime. Her focus is the human aspect of cybercrime and cybersecurity. She is also a cyber expert at AwareGo.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e200

Bill Evanina, Founder and CEO of the Evanina Group and former Director of the National Counterintelligence and Security Center Office of the Director of National Intelligence, joins the podcast this week to take a deep dive view into insider threat as September is Insider Threat Awareness Month. He shares insights from his many years on the counterintelligence and security front lines on what defines insider threat (Note: harm to self or others), the opportunities and challenges in available tools, information sharing and detection across organizations, the importance of leadership training and cross functional partnership to help mitigate insider threats and the criticality of sharing success stories (these really make a difference!).

**************************************************************** Founder and CEO of the Evanina Group advising CEOs and Board of Directors on strategic corporate risk, strategy, insider threats, cyber security, geopolitical risk, intelligence centers, etc.

Instructor, University of Chicago, Graham School.

Former Director of the National Counterintelligence and Security Center Office of the Director of National Intelligence responsible for leading and supporting the counterintelligence and security activities of the US Intelligence Community, the U.S. Government, and U.S. private sector entities at risk from intelligence collection or attack by foreign adversaries.

Served as Chair of the NATO Counterintelligence Panel and the National Counterintelligence Policy Board, and the Allied Security and Counterintelligence Forum comprised of senior counterintelligence and security leaders from Australia, Canada, New Zealand, and the UK.

Previously served as the Chief of the Central Intelligence Agency’s Counterespionage Group, as Assistant Special Agent in Charge of the FBI’s Washington Field Office and spent 24 years as a Special Agent with the Federal Bureau of Investigation (FBI).

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e199

Joining the podcast this week is Ellen Nakashima, National Security Reporter for The Washington Times, and shares insights into the ongoing conflict between China and Taiwan. Ellen provides perspective on the much publicized Pelosi trip to Taiwan and why the timing of that trip raised concerns in China as well as the complicated relationships the two countries have with international governments around the world, complex supply chain interdependencies (particularly in semiconductors), cyberattack impacts (or not) and why this conflict is different from Russia and Ukraine. This is truly a riveting and insightful conversation that you won’t want to miss.

Ellen Nakashima, National Security Reporter, The Washington Post

Ellen Nakashima is a national security reporter for The Washington Post. She covers cybersecurity counterterrorism and intelligence issues. She has probed Russia’s efforts to influence the outcome of the 2016 presidential election and contacts between aides to President Trump and Russian officials, work which led her and her colleagues to win a Pulitzer Prize in 2018. She was part of another team awarded the Pulitzer Prize for Public Service in 2014 for reporting on the hidden scope of government surveillance and its policy implications. Nakashima has also served as a Southeast Asia correspondent and covered the White House and Virginia state politics. She joined The Post in 1995.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e198

Joining the podcast this week is Tony Sager, Senior Vice President and Chief Evangelist for the Center of Internet Security and shares insights from his 45+ years on the security front lines, including 34 years at the NSA. Risk was a big theme of the discussion particularly looking at risk through a similar lens as we view other risky domains, such as the great work being done with the Cyber Safety Review Board. (And he shares color on the power of being okay with the risk of being wrong sometimes.) He also shares perspective on moving to incentive-based cyber models (such as what’s been done in Ohio and Connecticut), and the criticality of translating technology, attacks & attackers into public policy and market incentives. And it can’t be a great cyber discussion without addressing the growing sophistication of cyber criminals and their organizations – really becoming the defacto organized crime success path today.

Tony Sager, Senior Vice President and Chief Evangelist for the Center for Internet Security

Sager is a SVP and Chief Evangelist for CIS. He leads the development of the CIS Critical Security Controls™, a worldwide consensus project to find and support technical best practices in cybersecurity. Sager champions of use of CIS Controls and other solutions gleaned from previous cyber-attacks to improve global cyber defense. He also nurtures CIS’s independent worldwide community of volunteers, encouraging them to make their enterprise, and the connected world, a safer place. In November 2018, he added strategy development and outreach for CIS to his responsibilities.

In addition to his duties for CIS, he is an active volunteer in numerous community service activities: the Board of Directors for the Cybercrime Support Network; and a member of the National Academy of Sciences Cyber Resilience Forum; Advisory Boards for several local schools and colleges; and service on numerous national-level study groups and advisory panels.

Sager retired from the National Security Agency (NSA) after 34 years as an Information Assurance professional. He started his career there in the Communications Security (COMSEC) Intern Program, and worked as a mathematical cryptographer and a software vulnerability analyst. In 2001, Sager led the release of NSA security guidance to the public. He also expanded the NSA’s role in the development of open standards for security. Sager’s awards and commendations at NSA include the Presidential Rank Award at the Meritorious Level, twice, and the NSA Exceptional Civilian Service Award. The groups he led at NSA were also widely recognized for technical and mission excellence with awards from numerous industry sources, including the SANS Institute, SC Magazine, and Government Executive Magazine.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e197

Joining the podcast this week is Stefan Soesanto, Senior Researcher in the Cyberdefense Project with the Risk and Resilience Team at the Center for Security Studies (CSS) at ETH Zurich. He recently authored the excellent research report “IT Army of Ukraine” that examined in detail how it was stood up out of necessity for what many have called the ‘first cyberwar’. Yet for an IT army that is neither truly military or civilian and largely operating in the grey, how do you manage a globally dispersed, largely volunteer ‘cyber army’ more than 300k strong? Stefan provides insights from his extensive research – the first of its kind to provide a comprehensive analysis of the IT Army’s structure, tasking and ecosystem. It’s a fascinating discussion that also raises many questions on the implications ahead such as, can a cyberwar ever truly end? Be sure to read Stefan’s research report to learn more: https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/Cyber-Reports-2022-06-IT-Army-of-Ukraine.pdf

Stefan Soesanto, Senior Researcher Cyberdefense Program at Center for Security Studies

Stefan Soesanto is a Senior Researcher in the Cyberdefense Project with the Risk and Resilience Team at the Center for Security Studies (CSS) at ETH Zurich. Prior to joining CSS, he was the Cybersecurity & Defense Fellow at the European Council on Foreign Relations (ECFR) and a non-resident James A. Kelly Fellow at Pacific Forum CSIS. At ECFR, he designed and held cyber wargame exercises in cooperation with Microsoft, and organized a closed Cybersecurity and Defense conference in Odense together with the Center for War Studies at the University of Southern Denmark and the Office of the Danish Tech Ambassador. Stefan also served as a Research Assistant at RAND's Brussels office, co-authoring reports for the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE), the European Network Information Security Agency (ENISA), and Dutch Ministry of Security and Justice. Stefan holds an MA from Yonsei University (South Korea) with a focus on security policies, and international law, and a BA from the Ruhr-University Bochum (Germany) in political science and Japanese.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e196

Joining us this week is Brian Knappenberger, a producer and director renowned for such documentaries as Web of Make Believe: Death, Lies and the Internet, The Internet's Own Boy: The Story of Aaron Swartz, We Are Legion: The Story of the Hacktivists, and Turning Point: 9/11, to name a few. He shares insights from his recent documentary series Web of Make Believe (currently available on Netflix!) and the trajectory of misinformation, which has been around for centuries, through a lens from the 2016 election forward. We explore themes around technology innovation and how society adapts in both positive and negative ways – and how it presents opportunities for cyber attackers to exploit cracks in the system for financial gain. And we discuss impact of today’s always on/always connected world where as Marshall McLuhan once observed has become “quite as imperceptible to us as water is to fish.”

Brian Knappenberger, Producer and Director Brian Knappenberger is an American documentary filmmaker, known for The Internet's Own Boy: The Story of Aaron Swartz, We Are Legion: The Story of the Hacktivists, and Turning Point: 9/11 and the War on Terror and his work on Bloomberg Game Changers.

We go deep into the dark web and ransomware with this week’s guest Tom Hofmann, SVP, Intelligence at Flashpoint. He tracks ransomware from its beginnings in 1989 through to present day ransomware gang shenanigans including Maze double extortion tactics that attackers have enthusiastically embraced. He also gets real on what’s happening on the dark web – and the things that you can’t unsee. But it’s not all doom and gloom, Tom shares insights on the many available resources today to help organizations with addressing ransomware both before and after an attack -including essential ransomware tabletop exercises that teaches organizations how to defend against attacks and what to do during an attack. He also shared a great blog post that is essential reading on the history of ransomware – check out the link below: https://flashpoint.io/blog/the-history-and-evolution-of-ransomware-attacks/?utm_campaign=ransomware_attacks_affiliate&utm_source=forcepoint&utm_medium=affiliate

Tom Hofmann, SVP Intelligence Tom Hofmann leads the intelligence directorate that is responsible for the collection, analysis, production, and dissemination of Deep and Dark Web data. He works closely with clients to prioritize their intelligence requirements and ensures internal Flashpoint operations are aligned to those needs. Mr. Hofmann has been at the forefront of cyber intelligence operations in the commercial, government, and military sectors, and is renowned for his ability to drive effective intelligence operations to support offensive and defensive network operations.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e194

John Shier, Senior Security Advisor at Sophos, joins the podcast this week for a deep dive into today’s ransomware threat landscape and insights uncovered in the recent Sophos research reports, including the “2022 State of Ransomware Report” and “Active Adversary Playbook”. We explore future state themes of ransomware such as the geopolitics of ransomware, simultaneous attack and dwell time trends, will we ever get to a ransomware ‘flat fee’, increasing the resilience requirement for companies seeking cyber insurance, and industries such as healthcare that are seeing sizable upticks in attacks (and how these can be mitigated ahead).

John Shier, Senior Security Advisor at Sophos

John Shier is a senior security advisor at Sophos with more than two decades of cybersecurity experience. He’s passionate about protecting consumers and organizations from advanced threats, and has researched everything from costly ransomware to illicit dark web activity, uncovering insights needed to strengthen proactive cybersecurity defenses.

John is often consulted by press, and has been quoted in publications like Reuters, WIRED, Fortune, CNN, The Hill, Fast Co, Yahoo, and more. He’s also a frequent speaker at industry events like RSA Conference, Infosec, Cebit, Gitex, and more.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e193

This week Rob McDonald, SVP of Platform at Virtru joins the podcast to double-click into the privacy and data discussion. We explore subsidizing the pain of giving personal data in exchange for ‘free’ services, informed consent, regulation alone isn’t a silver bullet, and what outcomes we could we drive when we combine user decisions with regulation. And he shares insights on behaviors that come with innovation, data as common denominator, regulations such as GDPR and CCPA as progress markers (and not the final destination), the criticality of the CIO/CISO as storyteller and recognizing our front line defenders are people (not robots!).

Rob McDonald, SVP Plaftorm at Virtru Rob is the SVP of Platform and an advocate of safeguarding data across new applications and data-sharing workflows. Prior to Virtru, Rob was the CIO for several Acute Care facilities and Denovo Healthcare development teams. His significant expertise in the healthcare industry earned him a spot in Becker’s Review as a 2013 and 2014 Top 100 Healthcare CIOs. Rob has also consulted with corporations to help them assess their current information security position and develop a plan to not only mitigate the discovered technical shortcomings but more critically to raise security awareness amongst their employees.

Rob holds a Bachelor of Science degree in Computer Science from the University of Texas at Dallas and is a perpetual student of technology, information security, and privacy practices.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e192

We have two guests joining the podcast this week to talk about election security - Marci Andino, Senior Director of the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) at the Center for Internet Security, and Trevor Timmons, chairperson of the Executive Committee of the EI-ISAC and CIO for the Colorado Secretary of State. We cover everything from the history of election security through to present day, including the creation of the EI-ISAC in 2017, physical versus cyber security, the role of paper ballots for validating digital results, mis/disinformation during elections, insider threat among election officials, and the importance of resilient systems and chain of custody process.

Marci Andino, Senior Director of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) at the Center for Internet Security As Senior Director of the EI-ISAC since October 2021, Ms. Andino has been responsible for overseeing the operation of the EI-ISAC and works with state and local election officials to increase their cybersecurity posture through the use of products and services provided by the EI-ISAC. Prior to joining the EI-ISAC, Ms. Andino served as the chief state election official and Executive Director of the South Carolina State Election Commission for nineteen years. Ms. Andino was responsible for overseeing the conduct of primary, general and special elections in South Carolina to ensure that elections are conducted in a fair and impartial manner. She was also responsible for supervising county boards of voter registration and elections and serves as agency liaison with the General Assembly. Ms. Andino also currently serves on the Council of State Government’s Overseas Voting Initiative Technology Working Group and the Bipartisan Policy Center’s Task Force on Elections Advisory Council. Ms. Andino is a former member of the U.S. Election Assistance Commission’s Standards Board, President of the National Association of State Election Directors (NASED), President of the S.C. Deputy Director’s Organization and Secretary of the S.C. Information Technology Director’s Association.

Trevor Timmons, Chief Information Officer at the Colorado Department of State and Chair of EI-ISAC Executive Committee Trevor Timmons has served the Colorado Secretary of State as Chief Information Officer since 2007 after eight years as Deputy CIO and Director of Software Development. During the time Mr. Timmons has served under several Secretaries of State, Colorado has gained a national reputation in several areas including elections administration, business registrations, and cybersecurity operations. In 2017, Colorado became the first state in the U.S. to implement statewide risk-limiting audits of voter-verifiable paper ballots for all federal and state elections. Colorado routinely ranks among the top states in the nation in voter participation and the percentage of eligible persons registered to vote. Mr. Timmons is the current chairperson of the Executive Committee of the Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC).

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e191

We’re back with part-two of our discussion with Jill Aitoro, SVP for Content Strategy at CyberRisk Alliance where we pick the conversation up on privacy today and efforts by big tech and government to protect sensitive information. We also dive into the slippery slope of consumer apps and health information used for convenience and, for some, entertainment and the realization of how that information could be shared and used by third parties in the coming decades. (And the check boxes you might mindlessly click today could come back to haunt you.)

Jill Aitoro, senior vice president of content strategy for CyberRisk Alliance She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e190

Jill Aitoro, SVP for Content Strategy at CyberRisk Alliance joins the podcast this week for a hot topics discussion across recent developments in the ongoing cyber war involving Ukraine, Russia and a supporting cast of many public and private entities including NATO, Microsoft, Lithuania and others. We also dive into recent exploits by China with social media microtargeting campaigns against rare earth mining companies and where their ‘playing the long game’ implications could lead.

Jill Aitoro, senior vice president of content strategy for CyberRisk Alliance She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e189

This week Gerald Caron, CIO for the Office of Inspector General at the U.S. Department of Health and Human Services (HHS) joins the podcast to share real world impact in bringing communications and accessibility to an organization. He also breaks down a football analogy of IT as an enabler and the criticality of the fans (users) to the equation. And provides perspective on Zero Trust and IT modernization, including recent ATARC Zero Trust demo labs, as well as his path into IT through a keen interest in data and problem solving. There’s also his two book recommendations from Foo Fighters’ Dave Grohl and Andy Greenberg you’ll want to check out!

Gerald Caron, Chief Information Officer (CIO) / Assistant Inspector General of Information Technology (AIG/IT) for the Office of the Inspector General (OIG) at the Department of Health and Human Services (HHS)

Mr. Caron is a member of the Senior Executive Service (SES) and is Chief Information Officer (CIO) / Assistant Inspector General of Information Technology (AIG/IT) for the Office of the Inspector General (OIG) at the Department of Health and Human Services (HHS) as of May 2021.

Previously he has served as the Director of Enterprise Network Management (ENM) within the Directorate of Operations in the Bureau of Information Resource Management (IRM) since June 2016.

Mr. Caron has over 24 years of information technology (IT) experience. He began his career in the US Army working in hands-on technical positions serving for 7 years as a Programmer and Administrator. Mr. Caron then spent 2 years as a contractor with the federal government, where he acquired more refined technical skills and a more detailed understanding of IT operations. He joined the federal government at the Department of State (DOS) in 2003 as a Systems Administrator. He has held multiple positions at the DOS, moving from managing small technical groups leading up to Director for ENM. Mr. Caron is also a co-chair on the CIO’s Innovation Counsel for Zero Trust as well as co-chair for ATARC.org Zero Trust Working Group.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e188

This week Rachael and Eric discuss the recently published "Defending Ukraine: Early Lessons from the Cyber War" report from Microsoft and the accompanying blog post by Microsoft President and Vice Chair Brad Smith. They share insights and raise lingering questions on the report’s findings and the five conclusions Microsoft framed from the war’s first four months. They also briefly share insights from the June 2022 cyberdefense research report "The IT Army of Ukraine" from Stefan Soesanto of the Center for Security Studies in Zurich. So much to unpack in this week’s episode! There will definitely be follow-on episodes with key players from these reports that you won’t want to miss!

Host Rachael Lyon Rachael Lyon brings her journalistic curiosity and more than 20 years in technology working with global industry leaders and innovative start-ups to dig into today’s cyber news and trends impacting us all.

Co-host Eric Trexler Eric Trexler is Vice President of Sales, Global Governments, Forcepoint. Eric has more than 21 years of experience in the technology industry with both the public and private sectors including the DoD, Civilian, and Intelligence components. Prior to joining Forcepoint, Eric was the Executive Director for Civilian and National Security Programs at McAfee, formerly Intel Security. Prior to joining McAfee in 2010, he managed multi-million dollar accounts at Salesforce.com, EMC Corporation and Sybase, Inc.

Eric served as an Airborne Ranger with the United States Army for four years, specializing in communications. He holds a bachelor’s degree in marketing and an MBA with a concentration in strategy, both from the University of Maryland at College Park.

LinkedIn

https://www.linkedin.com/in/eric-trexler-8b6b39/ https://www.linkedin.com/in/rachaellyon/

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e187

Joining the podcast this week is John DiLullo, Chief Revenue Officer for Forcepoint and former CEO at LastLine Security, acquired by VMWare in 2020. He's spent decades in the security world. Speaking of world, as it has opened back up John has traveled the globe this year visiting every continent but Antarctica and shares insights from his many meetings with customers, partners, and security companies around the world. He also shares perspective on this year's RSA conference, the future of security trade shows and the future of the security industry - particularly as the economy stares down the barrel of an impending bear market. But it's not all doom and gloom, John shares a recent epiphany after seeing the "Wolverine" actor on Broadway and it paints a very positive picture for the cyber path ahead!

John DiLullo, Chief Revenue Officer, Forcepoint

John DiLullo is Chief Revenue Officer (CRO) at Forcepoint. He has nearly 30 years' experience in enterprise security, networking, cloud, and AI, plus go-to-market expertise spanning sales, marketing, customer success, technical support, and operations. Throughout the course of his career, DiLullo’s special devotion has always been to improving the customer experience and embracing specialized routes to market for transformational business solutions.

DiLullo’s professional experience includes extensive time domestically and abroad with market leaders such as Cisco Systems, Avaya, SonicWall, and Aruba Networks/Hewlett-Packard Enterprise serving customers large and small through traditional and emerging channels.

Prior to Forcepoint, he was Senior Operating Partner at Francisco Partners Consulting, a leading global investment firm that specializes in partnering with technology and technology-enabled businesses. He has also served as CEO of Lastline Security, a fast growing Network Threat Detection company acquired by VMware in 2020.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e186

Joining the podcast this week is Mikko Hypponen, Chief Research Officer at WithSecure. He breaks down the rise and fall of cybercrime unicorns, the effectiveness of unicorn hunting season and bounties, the impact of nations fighting back in today’s cyber war, Ukraine’s preparedness for Russian cyber war, cryptocurrencies future and how he came up with Hypponen’s Law. And be sure to keep an eye out for his upcoming book from Wiley later this summer, “If It’s Smart, It’s Vulnerable”!

Mikko Hypponen, Chief Research Officer, WithSecure Mikko Hypponen is a global security expert. He has worked at F-Secure, now WithSecure, since 1991. Mr. Hypponen has written on his research for the New York Times, Wired and Scientific American and he appears frequently on international TV. He has lectured at the universities of Stanford, Oxford and Cambridge. He was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list. Mr. Hypponen sits in the advisory boards of t2 and Social Safeguard.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e185

Joining us this week is Jarod Koopman, Acting Executive Director of Cyber and Forensic Services for the Internal Revenue Service (IRS) – Criminal Investigation division. He takes us inside the exciting world of cyber crimes and digital forensics – truly the investigations carried out by this team would make for an endless franchise of action thriller films or book series. So what did we talk about with Jared who has the most fascinating job at the IRS – the Bank Secrecy Act, all things cryptocurrency including crypto mixing, Frosties NFT, NFT wash trading, catching criminals through chipped tooth photos submitted for insurance claims, and so much more! You will definitely learn a lot of crypto lingo after listening to this episode! You don’t want to miss it!

Jarod Koopman, Acting Executive Director of Cyber and Forensic Services for the IRS - Criminal Investigation

As the Acting Executive Director, Jarod Koopman is responsible for the establishment of the newly formed HQ section - Cyber and Forensics Services. As such, IRS-CI aligns the existing sections of Cyber Crimes, Digital Forensics and the National Forensic Lab to create necessary efficiencies and streamline the investigative efforts. Jarod oversees all global operations involving Cyber and Forensic activities, including policy, procedures, budget and investigative services. In addition to this role, Jarod will lead the establishment of a new centralized facility - the Advanced Collaboration and Data Center (ACDC), which will act as a mission centric hub for cyber projects, crypto compliance efforts, training, investigative support and concentrated knowledge. Jarod and his team will look to dismantle cyber-criminals through innovative tradecraft.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e184

This week co-hosts Eric and Rachael are coming to you live from Cabo San Lucas! They cover hot topics including CyberWire’s new CISA Cybersecurity alerts, the impact of ransomware on a 157 year-old university in Illinois, Colonial Pipeline’s nearly $1M proposed fine by the Department of Transportation Pipeline and Hazardous Materials Safety Administration and the recent surge in tractor hacking!

Rachael Lyon Rachael Lyon brings her journalistic curiosity and more than 20 years in technology working with global industry leaders and innovative start-ups to dig into today’s cyber news and trends impacting us all.

Eric Trexler Eric Trexler is Vice President of Sales, Global Governments, Forcepoint. Eric has more than 21 years of experience in the technology industry with both the public and private sectors including the DoD, Civilian, and Intelligence components. Prior to joining Forcepoint, Eric was the Executive Director for Civilian and National Security Programs at McAfee, formerly Intel Security. Prior to joining McAfee in 2010, he managed multi-million dollar accounts at Salesforce.com, EMC Corporation and Sybase, Inc.

Eric served as an Airborne Ranger with the United States Army for four years, specializing in communications. He holds a bachelor’s degree in marketing and an MBA with a concentration in strategy, both from the University of Maryland at College Park.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e183

This week Rob Flanders, Head of Threat and Incident Response at BAE Systems, joins the podcast to share an international perspective on cybersecurity today. We delve into hot topics including supply chain security, security trends for 5-50 person organizations and impact on the large enterprises they work with, growing regulation around reporting requirements, and the impact of security on business innovation. And, Rob shares his path to cybersecurity and the non-traditional master’s degree he pursued leading up to his cyber career. It’s a great discussion you don’t want to miss!

Rob Flanders, Head of Threat and Incident Response at BAE Systems

Rob has 9 years experience, primarily in UK Gov delivering technical cyber security solutions and risk management and assurance. Rob has worked across a number of areas, from delivering ISO27000 risk assessments to security assurance for large programmes. Rob has also delivered more technical security focussed capabilities across government, leading GBEST assessments on behalf of government departments and supporting development of Threat Intelligence capability across the public sector. Rob also spoke at CyberUK in 2018 on the topic of Quantifying Cyber Risk.

Rob graduated from Oxford University with a Masters in Earth Sciences and maintains an interest in physical / Arctic oceanography from his Masters project

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e182

Joining the podcast this week is Bash Kazi, CEO of Cyber Range Solutions. He shares perspective on the importance of experiential and continuous training across red team, blue team and threat hunting and creating real world environments to learn based on existing and emerging threats. He also shares some stories from the field such as a voter hacking simulation won by a 15-year-old student as well as available resources and organizations that provide veterans a place to learn cyber skills for low or no cost.

CEO, Cyber Range Solutions Mubashir G. Kazi is the CEO of Cyber Range Solutions. He has over 25 years of global experience with governments and Fortune 500 companies (3M, Exxon & Xerox) in the areas of engineering, security, Information Technology and program management. Mr. Kazi holds graduate and post-graduate degrees in Engineering from McGill University in Montreal, Canada and has extensive post-graduate research and training in Advanced Project, Risk Management and Program Management skills specific to the fields of engineering and technology management from Stanford University. Mubashir has also served as a management consultant on several security programs around the world (Qatar, Israel, UAE, Pakistan, Afghanistan and USA). His expertise includes national border security, counter narcotics technology development & deployment, engineering management, cyber security training and international program management. Mubashir was the Architect and Program Manager supervising the design, management and execution for a program involving the deployment of several thousand personnel for the development of a National Data Repository, Border Security, Machine Readable Passport and Electronic Voter Registration system for the Ministry of Interior, Government of Pakistan. Mubashir has architected the creation of one of the largest citizen data repositories and overseen the national census data gathering initiative to document over 100 million individuals.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e181

This week we catch up with Dr. Siwei Lyu, a SUNY Empire Innovation Professor and founding Co-Director of Center for Information Integrity (CII) at the University at Buffalo, State University of New York. Siwei breaks down the deepfake experience, both the good and the misleading aspects of the technology. He shares insights on techniques researchers are developing to detect deepfakes, including GAN (Generative Adversarial Network) detected artifacts that produce tell-tale deepfake signs – if you know where to look. He also delves into the area of audio deepfakes and the sophistication of the human auditory system that makes this pathway a tough one to win. And, fun fact, to learn more about Siwei’s research contributions be sure to Google “DeepFake-o-meter”! 

Dr. Siwei Lyu, SUNY Empire Innovation Professor at the University at Buffalo

Dr. Siwei Lyu received his B.S. degree (Information Science) in 1997 and his M.S. degree (Computer Science) in 2000, both from Peking University, China. He received his Ph.D. degree in Computer Science from Dartmouth College in 2005. From 1998 to 2000, he worked at the Founder Research and Development Center (Beijing, China) as a Software Engineer. From 2000 to 2001, he worked at Microsoft Research Asia (then Microsoft Research China) as an Assistant Researcher. From 2005 to 2008, he was a Post-Doctoral Research Associate at the Howard Hughes Medical Institute and the Center for Neural Science of New York University. Starting in 2008, he is Assistant Professor at the Computer Science Department of University at Albany, State University of New York. Dr. Lyu is the recipient of the Alumni Thesis Award of Dartmouth College in 2005, IEEE Signal Processing Society Best Paper Award in 2010, and the NSF CAREER Award in 2010. He has authored one book, and held two U.S. and one E.U. patents. He has published more than 50 conference and journal papers in the research fields of natural image statistics, digital image forensics, machine learning and computer vision. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e180

Joining the podcast this week is Stacy Janes, Head of Cybersecurity at Waymo. Stacy shares an awesome story of how he found his way to security and the automotive industry – and we’ll bet it isn’t at all the journey you thought it would be! He also shares perspective on the difference between connected and autonomous vehicles, security by design and 360-degree situational awareness with autonomous vehicles, Zero Trust models, as well as insights on safety and privacy. And he provides the gem of advice, “Don’t take data from strangers!”.

Stacy Janes, Head of Security at Waymo

Stacy is a self starter with a passion for cyber security. Co-Founder of Connected Transport Business Unit at Irdeto. Evangelist and active speaker on cyber security for the connected transportation space. Strong and demonstrated Stacy Janes, Head of Security at Waymo

technical history in cyber security areas such as PKI, authentication/authorization, end-point security and ethical hacking. Proven history of building teams to solve difficult industry problems.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e179

This week on the podcast Bobby Chesney, James Baker Chair at the University of Texas School of Law, and co-founder of the awesome Lawfare.com blog and co-host of the National Security Law podcast, joins us for a discussion on all things cyber legal policy and regulations - and it is fun! We chat about the recent Viasat satellite hack that served dual-purposes for military application and disruption of industries (for example, impacting wind turbines!). He also shares perspective on cyber versus kinetic attacks, space wars, space law vs maritime law parallels and the geography of cyber. Want to learn more about cyber law and policy? Check out Chesney's free eCasebook on Cybersecurity Law, Policy, and Institutions here: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3547103

Bobby Chesney, James Baker Chair in Rule of Law and World Affairs at UT Austin

Bobby Chesney holds the James Baker Chair and also serves as the Associate Dean for Academic Affairs at the University of Texas School of Law. In addition, he is the Director of the Robert S. Strauss Center for International Security and Law, a university-wide research unit bridging across disciplines to improve understanding of international security issues. Professor Chesney is a co-founder and contributor to www.lawfareblog.com, the leading source for analysis, commentary, and news relating to law and national security. He also co-hosts the National Security Law Podcast and contributes to the National Security Law Lectures series (which he co-founded with Matt Waxman). In 2021, Professor Chesney was appointed to the Cybersecurity Advisory Committee for the U.S. government's Cybersecurity and Infrastructure Security Agency.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e178

Michael Daniel, President and CEO of Cyber Threat Alliance joins the podcast this week and dives right into the latest developing cyber implications resulting from the Ukraine conflict, as well as longer term considerations on Russian cyber companies impacted by sanctions. He also shares perspective on the differing views of cyber as a nuisance vs public/safety problem, the opportunity to combat cyber collectively, CISA’s Shields Up program and organizations sustaining a high level of vigilance, and the STIX information sharing platform. Michael Daniel, CEO of Cyber Threat Alliance Michael leads the CTA team and oversees the organization’s operations. Prior to joining the CTA in February 2017, Michael served from June 2012 to January 2017 as Special Assistant to President Obama and Cybersecurity Coordinator on the National Security Council Staff. In this role, Michael led the development of national cybersecurity strategy and policy, and ensured that the US government effectively partnered with the private sector, non-governmental organizations, and other nations.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e177

This week we are joined by Herb Lin, Senior Research Scholar, CISAC and Hank J. Holland Fellow, Hoover Institution at Stanford University – and author of the book Cyber Threats and Nuclear Weapons. Herb shares his deep expertise in cyber policy and security to shed light on key questions that should be on everyone’s mind, such as “Why are innovation and cybersecurity opposites” and “Why are we always behind in cybersecurity?”. He also breaks down why complexity is the enemy of security, cyber war vs nuclear war, three roads to ruin, and the role of a Chief Luddite Officer. Prepare for your mind to be blown!

Herb Lin, Senior Research Scholar at Stanford's Center for International Security and Cooperation

Dr. Herb Lin is senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution, both at Stanford University. His research interests relate broadly to policy-related dimensions of cybersecurity and cyberspace, and he is particularly interested in the use of offensive operations in cyberspace as instruments of national policy and in the security dimensions of information warfare and influence operations on national security. In addition to his positions at Stanford University, he is Chief Scientist, Emeritus for the Computer Science and Telecommunications Board, National Research Council (NRC) of the National Academies, where he served from 1990 through 2014 as study director of major projects on public policy and information technology, and Adjunct Senior Research Scholar and Senior Fellow in Cybersecurity (not in residence) at the Saltzman Institute for War and Peace Studies in the School for International and Public Affairs at Columbia University; and a member of the Science and Security Board of the Bulletin of Atomic Scientists. In 2016, he served on President Obama’s Commission on Enhancing National Cybersecurity. Prior to his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986-1990), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from MIT.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e176

This week’s podcast guest Rich Itri, Chief Innovation Officer at ECI, did the heavy work of reading the SEC’s 250-page proposal on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure and shares perspective on what may be ahead for public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. As it goes into comment period through May 9, 2022, many are on standby for the outcome of the proposed cyber incident reporting timeline of four days after a material breach. Which, of course leaves one to wonder, just what are we considering ‘material’ these days? You don’t want to miss this week’s episode as Rich shares deep insights from his more than 20 years on the financial services security frontlines.

Rich Itri, Chief Innovation Officer at ECI

Rich Itri is the Chief Innovation Officer at ECI. Rich has over 22 years of IT executive experience, spending his entire career managing IT within the financial services industry. Prior to joining ECI, Rich was Managing Director and Chief Technology Officer for PJT Partners, a boutique investment bank, Principal and Chief Information Officer for Sky Road and held Chief Information Officer positions at Arrowhawk Capital Partners and Arbalet Capital Partners. Over the years, Rich has developed and managed innovative, business aligned platforms, that drive revenue and operational efficiencies. Rich holds positions on several Advisory Boards and volunteers his time to help non-profits leverage technology.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e175

Matt Bianco, President at Fedway Consulting, joins the podcast this week to deep dive into the electric vehicle world, how it’s evolving, challenges being address (such as charging stations!) and government plans to help advance electric vehicles within the government fleet and with consumers across the U.S. One of the big questions with electric vehicles are the cyber vulnerabilities as charging stations connect to the internet to process charging time and transactions. With many asking, just how big a threat are we walking about as tens of thousands of new charging stations come online the next 5-10 years? Join the podcast to find out!

Matt Bianco, President at Fedway Consulting Matt is a thought leader within the US Federal Government ecosystem related to Electric Vehicle (EV) Charging integration which includes strong knowledge of POV/GOV programs (workplace/fleet), hardware/software solutions, infrastructure, policy, etc. With partnerships across the industry including ChargePoint, Apollo Sunguard (SDVOSB), Beam Global, Freewire, etc, Matt has the ability to assist in formulating a plan that will cover every aspect of executing a flawless and easy Federal EV charging program. Other focuses include CyberSecurity initiatives and software solutions.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e174

Joining us this week is Avi Bashan, CTO of Kovrr sharing perspective on quantifying the elusive risk elements of business today. Great insights he shares on new methodologies and tools security teams, Risk Officers and others can leverage today to start putting risk into an understandable and quantifiable business perspective. And no conversation on risk is complete without discussion on cyber insurance - and we take a quick trip from the insurance industry’s beginnings through to present day cyber insurance.

Avi Bashan, Chief Technology Officer Avi is CTO at Kovrr and leads engineering and research efforts. He started his career in an elite Israeli intelligence technology unit. Following his service, Avi advised Fortune500 companies on cybersecurity. Following his consulting period, Avi led research and development efforts at Lacoon Mobile security focusing on discovering novel new attacks and building state of the art malware detection engines. Lacoon Mobile Security was acquired by Check Point. Avi is a lecturer at Bar Ilan University's Business School and holds a B.Med.Sc from the Hebrew University of Jerusalem.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e173

Nick Espinosa, Chief Security Fanatic, at Security Fanatics joins the podcast this week to share perspective from his many interviews with Ukraine government members and others on-the-ground in Ukraine. He also shares insights on cyber attacks against Ukraine since 2014 and how the landscape continues to shift during the current conflict, including potential cyberattack leakage outside the region. And he dives into the critical communications elements at play including Internet access that is enabling those on the ground to communicate. He closes the podcast with four recommendations for companies looking to strengthen their security defenses amidst today’s uncertain cyber landscape. Be sure to follow Nick on Twitter @NickAEsp for continuing updates from those on the ground in the Ukraine.

Nick Espinosa, Chief Security Fanatic For over 25 years, Nick has been on a first name basis with computers. Since the age of 9 he’s been building computers and programming in multiple languages. Landing his first IT job at age 15, Nick founded Windy City Networks, Inc at 19 which was acquired in 2013 by BSSi2. In 2015 Nick created Security Fanatics, a Cybersecurity/Cyberwarfare outfit dedicated to designing custom Cyberdefense strategies for medium to enterprise corporations. An expert in cybersecurity and network infrastructure, Nick has consulted with clients ranging from the small business owners up to Fortune 100 level companies. Nick has designed, built, and implemented multinational networks, encryption systems, and multi-tiered infrastructures as well as small business environments. He is passionate about emerging technology and enjoys creating, breaking, and fixing test environments.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e172

Joe Uchill, senior reporter at SC Magazine, joins us on the podcast this week to share perspective from his ongoing reporting on the cyber implications from the Ukraine conflict. We cover a bevy of themes including the level of cyber versus kinetic attacks, the “IT Army” of Ukraine and impact of decentralized hacking volunteers, Conti ransomware group woes and the globalism of the criminal economy, CISA Shields Up guidance and navigating through opportunistic criminals that invariably take advantage of a crisis. And he explains the Evel Knievel School of Storytelling approach.

Joe Uchill, Senior Reporter at SC Magazine

Long time cybersecurity reporter who has written for places like SC Magazine, Axios and Motherboard. I founded Axios’ Codebook cybersecurity newsletter and also wrote cybersecurity newsletters for The Hill and Christian Science Monitor. Newsletters are something of a specialty. In his spare time, he works on coding projects to bolster journalism. Previously ran a Washington D.C. area group of hackers, analysts and reporters who collaborated until COVID-19 put an end to in-person meetings.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e171

Petko Stoyanov, Chief Technology Officer for Global Governments at Forcepoint

Petko Stoyanov serves as Forcepoint's Chief Technology Officer for Global Governments. He focuses on strategy, technology and go-to-market for enterprise-focused solutions across the government verticals in Australia, Canada, New Zealand, United Kingdom, and the United States. Petko is an experienced cyber security leader who specializes in establishing information security programs and driving security maturity in technology through and experience specialized in aerospace, technology, and cloud. He has prior experience as an Information Security Manager and Security Architect leading and designing secure tamper resistant security systems and advanced multi-level security systems.

Petko's LinkedIn https://www.linkedin.com/in/petko-stoyanov/

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e170

Dr. Samantha Ravich, Chairman for the Center on Cyber and Technology Innovation at Foundation for Defense of Democracies joins the podcast this week. She shares insights from her many years on the geopolitical and economic front lines of cyber, and work with many renowned government leaders, on developing a plan of action to address today’s cyber threat landscape and looming threat against critical infrastructure and essential services. She also provides perspective on building resiliency, what we can learn from natural disasters relative to cyber attacks, as well as the opportunity and impact of states creating and driving their own continuity of the economy plans.

Dr. Samantha Ravich, Chairman, Center on Cyber and Technology Innovation, Foundation for Defense of Democracies ---- Dr. Samantha Ravich is the chairman of FDD’s Center on Cyber and Technology Innovation and its Transformative Cyber Innovation Lab and the principal investigator on FDD’s Cyber-Enabled Economic Warfare project. She is also a senior advisor at FDD, serving on the advisory boards of FDD’s Center on Economic and Financial Power (CEFP) and Center on Military and Political Power (CMPP). Samantha serves as a commissioner on the congressionally mandated Cyberspace Solarium Commission and as a member of the U.S. Secret Service’s Cyber Investigation Advisory Board. Samantha served as deputy national security advisor for Vice President Cheney, focusing on Asian and Middle East Affairs as well as on counter-terrorism and counter-proliferation. Following her time at the White House, Samantha was the Republican co-chair of the congressionally mandated National Commission for Review of Research and Development Programs in the United States Intelligence Community. Most recently, she served as vice chair of the President’s Intelligence Advisory Board (PIAB) and co-chair of the Artificial Intelligence Working Group of the Secretary of Energy Advisory Board. She is advisor on cyber and geo-political threats and trends to numerous technology, manufacturing, and services companies; a managing partner of A2P, a social data analytics firm; and on the board of directors for International Game Technology (NYSE:IGT).

Her book, Marketization and Democracy: East Asian Experiences (Cambridge University Press) is used as a basic textbook in international economics, political science, and Asian studies college courses. Samantha is a member of the Council on Foreign Relations and advises the U.S. Intelligence Community and the Department of Defense. She is a frequent keynote speaker on: What Corporate Boards need to know about Cyber Security and Warfare; The Longer-Term Trends in International Security; and the Future of Intelligence Collection and Analysis. Samantha received her PhD in Policy Analysis from the RAND Graduate School and her MCP/BSE from the Wharton School at the University of Pennsylvania.

--- https://www.linkedin.com/in/samantha-ravich-7b5aa08b/

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e169

This week we dive into the hot topic of cyber insurance with Dr. Josephine Wolff, Associate Professor of Cybersecurity Policy at Tufts University The Fletcher School and author of the book “You’ll See This Message When it is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches” (MIT Press 2018). We explore the dynamic industry of cyber insurance and key policy areas such as defining cyber war, the impact of the increase of ransomware the last two years (some stats put it at 150% increase!), and how to change security behaviors. She also shares insights on AI and the always looming theme of bias as well as the importance of always keeping a human in the loop. And, be sure to look out for her new book on cyber insurance with MIT Press coming out in August 2022.

Josephine Wolff - Associate Professor of Cybersecurity Policy at Tufts University's The Fletcher School

Josephine Wolff is an associate professor of cybersecurity policy and has been associated with The Fletcher School at Tufts University since 2019. Her research interests include international Internet governance, cyber-insurance, security responsibilities and liability of online intermediaries, government-funded programs for cybersecurity education and workforce development, and the legal, political, and economic consequences of cybersecurity incidents. Her book "You'll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches" was published by MIT Press in 2018. Her writing on cybersecurity has also appeared in Slate, The New York Times, The Washington Post, The Atlantic, and Wired. Prior to joining Fletcher, she was an assistant professor of public policy at the Rochester Institute of Technology and a fellow at the New America Cybersecurity Initiative and Harvard's Berkman Klein Center for Internet & Society. She received received a Ph.D. in Engineering Systems and M.S. in Technology and Policy from MIT, and an A.B. in mathematics from Princeton. As a student, she also spent time at Microsoft, the Center for Democracy and Technology, the White House Office of Science and Technology Policy, and the Department of Defense.

https://www.linkedin.com/in/josephine-wolff-1baa414b/

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e168

Forcepoint CEO Manny Rivelo joins the podcast this week to share perspective on what’s security in 2022 and beyond. Did you know hacking is really big business – money from attacks is equivalent to the world’s third largest economy, behind the U.S. and China. As hackers are innovating faster businesses are struggling to keep up. He shares insights on how the industry can help organizations can get past the conga line of security tools and moving at digital speed. And he shares perspective on the criticality of putting security at the center of design thinking and making security equal to connectivity, along with thoughts on hot topics today including the metaverse and Web3.

Manny Rivelo, CEO, Forcepoint

Manny Rivelo is the Chief Executive Officer (CEO) at Forcepoint. As Forcepoint CEO, Rivelo drives the company’s strategy to accelerate enterprise and government agency adoption of a modern approach to security that embraces the emerging Secure Access Service Edge (SASE) architecture. According to Gartner, more than 40 percent of enterprises will embrace SASE by 2024.

Rivelo brings to Forcepoint more than 30 years of experience across executive leadership, product management, customer support and sales functions with some of the world’s leading security and information technology companies. Rivelo joined Forcepoint from global investment firm Francisco Partners Consulting where he served as Senior Operating Partner. Prior to Francisco Partners, he was Chief Customer Officer at Arista Networks, where he was responsible for the company’s global sales and field marketing functions. Previously he also served as President & CEO of AppViewX, a low-code infrastructure automation provider.

Additional senior leadership roles included F5 Networks where he served as President and CEO as well as Executive Vice President, Security, Service Provider and Strategic Solutions responsible for launching and driving new market adjacencies in Security and Service Providers, Product Management, Marketing, and Business / Corporate Development. Prior to F5 Networks, Rivelo held various senior leadership roles at Cisco Systems including Senior Vice President of the Engineering and Operations group. While at Cisco, he oversaw roles in sales and multiple businesses, drove technical solution requirements for Cisco customers of all sizes and was responsible for operational excellence, standardization around processes and tools as well as enabling new business models.

Rivelo is currently a Director at Sandvine, Outdoorsy, WootCloud, Valtix and Fashwire. He holds bachelor’s and master’s degrees in Electrical Engineering from the Stevens Institute of Technology.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e167

This week Noam Maital, CEO and Co-founder of Waycare Technologies, a subsidiary of Rekor, joins us to share insights on a topic we haven’t yet covered on the podcast – shaping the future of city mobility. Imagine the significant amount of data aggregation and synthesis through AI critical in the management of our roadways, traffic flow and emergency response – that also helps power and draw data from many of the mobile and in-car maps we utilize today. Noam paints a picture of the data explosion coming the next few years as more and more smart and autonomous vehicles come online – expected to generate around 4TB of data daily – and the security of that data needs to be planned for today. And yes, the growing ransomware in traffic management threat we also discuss!

Noam Maital, Co-Founder and CEO, Waycare

Noam Maital is the CEO and a Co-Founder of Waycare Technologies. Prior to WayCare, Noam led global strategy projects in technology implementation, growth strategy, and financial due diligence. Noam holds a BSc, Summa Cum Laude, from Babson College with a dual degree in Economics and Strategic Management. Prior to his studies, Noam served as a First Sergeant in the Israeli Special Forces.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e166

Welcome to the end of 2021 episode where Eric and Rachael recap highlights from guests throughout the year hitting on the key topics that dominated the headlines including Log4Shell, Sunburst, Colonial Pipeline, ransomware growth trends, the Biden Executive Order of May 12th, Zero Trust, and the many award-winning books published such as by NY Times’ Nicole Perlroth, Sheera Frenkel and Cecilia Kang. They also share a preview of 2022 topics to come including the cryptomining, the metaverse, Web3 and more.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e165

Back from the archives! This week we're spotlighting one of our favorite episodes in Summer 2021 with The New York Times journalist Nicole Perlroth where she shares insights from her decade long research for her book "This is How They Tell Me the World Ends". (FORMERLY EPISODE 138) This week Nicole Perlroth, award-winning journalist for The New York Times and best-selling author of “This Is How They Tell Me The World Ends” joins the podcast to discuss her decade long journey covering cybersecurity and many terrifying discoveries navigating through the underbelly of the secretive cyberweapons market. She shares insights on the importance of making cyber understanding and awareness accessible to all audiences. And she details the many challenges governments and society face today as cyberattacks continue to ratchet up in scope of disruption and financial rewards with no consequences as we collectively wait for “the big event” that will be the forcing function to drive needed investment, global cooperation, and changed behaviors to truly take some of the advantage out of attackers’ hands.

Nicole Perlroth, Journalist, Cybersecurity and Digital Espionage & Author "This Is How They Tell Me The World Ends" Nicole Perlroth covers cybersecurity and digital espionage for The New York Times. She has covered Russian hacks of nuclear plants, airports, and elections, North Korea's cyberattacks against movie studios, banks and hospitals, Iranian attacks on oil companies, banks and the Trump campaign and hundreds of Chinese cyberattacks, including a months-long hack of The Times. Her first book, “This Is How They Tell Me The World Ends,” about the global cyber arms race, will publish in February 2021. The book, and several of her Times articles, have been optioned for television.

A Bay Area native, Ms. Perlroth is a guest lecturer at the Stanford Graduate School of Business and a graduate of Princeton University and Stanford University.

https://www.linkedin.com/in/nicoleperlroth/

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e214

Dr. Richard Ford, Chief Technology Officer at Praetorian joins us on the podcast this week to share perspective on Log4Shell that's been making the headlines in recent weeks. He explains why this is the worst zero-day vulnerability the industry has seen in the last ten years, what makes it special and how Log4j's ubiquity in the java world will keep it around for a long time to come. He shares insights from the trenches on how to mitigate and warns why scanners are not proving reliable for catching everything. And he provide recommendations on how to get to ahead of the next zero day vulnerability lurking in the wings.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e164

Joining us from the fantastic vista of Monaco is Mark Arena, CEO at Intel 471 – and he has a great story to tell about the origins of the company name! He also breaks down the ransomware threat over the last couple decades and how they have evolved with the availability of new, faster, better technology as well as a business acumen in creating affiliate programs and Ransomware-as-a-Service. And he shares insights on cryptomixing as yet another path ransomware gangs can utilize to anonymize their ransom bounties received. (HINT: this is more like money laundering of cryptocurrency) So many great insights in this episode – including the importance of boots on the ground - you don’t want to miss it!Joining us from the fantastic vista of Monaco is Mark Arena, CEO at Intel 471 – and he has a great story to tell about the origins of the company name! He also breaks down the ransomware threat over the last couple decades and how they have evolved with the availability of new, faster, better technology as well as a business acumen in creating affiliate programs and Ransomware-as-a-Service. And he shares insights on cryptomixing as yet another path ransomware gangs can utilize to anonymize their ransom bounties received. (HINT: this is more like money laundering of cryptocurrency) So many great insights in this episode – including the importance of boots on the ground - you don’t want to miss it!

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e163

This week Chris Krebs, founding partner of Krebs Stamos Group and the first Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) joins the podcast this week. He shares insights on ransomware trend lines, policy discussions, and streamlining the government engagement process for the private sector. He also shares perspective on risk (HINT: you can manage it but not eliminate it), how we can’t attack our way out of the cyber problem, the Information Assurance Directorate, why multi-factor authentication is critical (99% success rate!), and so much more. You don’t want to miss this timely discussion on the future of security.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e162

This week Dragos CEO and co-founder Rob Lee joins the podcast and breaks down the OT challenge that many businesses are facing today including a lack of clarity on who within the business owns OT and defining what acceptable OT risk means within the business. He also shares perspective on multi-factor authentication as one of the universal controls, the industry + geopolitical aspect of managing risk, and shifting the lens to think about the IP threat from the operator POV. And he shares insights on the Salt Water Project and what can happen when thinking through OT impact + the art of the possible.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e161

This week we catch up with Dmitri Alperovitch, co-founder of the think tank Silverado Policy Accelerator (SPA) and co-founder of Crowdstrike. He shares details on the newly launched Alperovitch Institute at the Johns Hopkins School of Advanced International Studies offering MA-PhD programs that intertwine cybersecurity and statecraft giving students the opportunity to study adversaries’ unique motivations, capabilities and histories. We also discuss the key policy areas that SPA is focusing on including cyber trade and industrial security and eco-sec as we consider the impact and future of security. He also breaks down the CHIPS Act, why offensive strategies are important and their potential psychological impact on cyber gangs, and how cryptocurrency exchange sanctions could impact the financial incentive of ransomware gangs. On December 7th at 9:00 a.m. ET be sure to tune into SPA’s moderated discussion, led by Alperovitch and a panel of lawmakers and policy experts discussing the national security challenges stemming from America's dependence on East Asia for semiconductor manufacturing. More details are at silverado.org/events.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e160

Curt Dukes, Executive Vice President and General Manager for Security Best Practices at the Center for Internet Security (CIS) joins the podcast this week. He shares insights from his more than 30 years with the NSA and how that journey led to the CIS and the synergies between the two organizations in providing cyber resources and fostering threat intelligence information sharing. And for those not familiar with the CIS he provides a great primer on this vital organization started 20 years ago by a group of private industry and government individuals who saw the escalating cyber threat landscape ahead and decided to organize and do something about it to make the connected world a safer place. And you don’t want to miss his perspective on multi-factor authentication and its 99% success rate.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e158

Dr. Andrew Hammond, Historian and Curator of the International Spy Museum joins us this week - and let’s be honest he has just about the coolest job out there today! Hammond takes us through the classic period of espionage and the reliance on physical data and spycraft techniques to transport through to the modern day battlefield of cyber intelligence and espionage. And he provides insights on the historical throughlines of attacks that haven’t really changed over the centuries, by and large what is being sought is the same it is simply the mechanism by which exploits are executed have evolved. He also lends perspective on the cyber threat landscape ahead, and asks is this the dreadnought moment?

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e158

Mike Watson, CISO for the Commonwealth of Virginia, joins the podcast this week and shares perspective on the challenges and opportunities for security teams at the state and local level. He recounts a 2009 ransomware incident and details just how sophisticated ransomware attackers have become in the ensuing years since. And he provides perspective on shared responsibility, security standards and compliance baselines of “good”, walking the fine line of multi-factor authentication, security ubiquity, and why he has optimism for the security path ahead (HINT: it involves security as part of the process, not bolted on after the fact).

Mike Watson, CISO, Commonwealth of Virginia

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e157

This week we catch up with Matthew Ferraro an attorney at the international law firm Wilmer Cutler Pickering Hale and Dorr and former intelligence officer. He has written extensively on national security and legal issues and most recently authored the CNN opinion piece “Ransomware attacks are about to get worse. But there are ways to stop them”. He shares with us perspective on the role of governance in the continued pursuit to thwart ransomware groups which can feel like a “whack a mole” battle. He also dives into the growing deepfakes as a service business and the differences between “the liar’s dividend” and “the zealot’s dividend”. Be sure to read his CNN op-ed on the growing ransomware threat here: https://www.cnn.com/2021/09/13/perspectives/ransomware-attacks-cybersecurity/index.html

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e156

This week our special guest is Sudhakar Ramakrishna, President and Chief Executive Officer of SolarWinds. He shares insights from his first year at the company, joining at a very dynamic time as news of the Sunburst attack first started making headlines. He provides perspective on what we consider a master class in leading through crisis – putting employees and customers first, the importance of transparency, continuous and two-way communications (even when you don’t have all the answers) and building a culture of trust. And why through his many years in security he is still a stubborn optimist for the security path ahead – with people being a critical part of the solution.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e155

This week we welcome guest Combiz Abdolrahimi, a national security lawyer and Emerging Technology and Innovation Leader at Deloitte. We deep dive into today’s critical infrastructure vulnerabilities and navigating the path forward to address the threat with systems that weren’t originally designed with cybersecurity in mind. (Hint: don’t approach 21st century cyber challenges with 20th century thinking) And he shares perspective from his time in government at the U.S. Departments of State, Treasury, and Commerce, among others, as well as insights across today’s hot topic themes including ransomware, cryptocurrency regulations, international enforcement, and the criticality of information sharing and reporting requirements.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e154

Joining us this week is Danny Jenkins, CEO and Co-founder of ThreatLocker, an Orlando-based cybersecurity firm providing zero-trust endpoint security. Danny shares insights on the challenges facing critical infrastructure, particularly water systems that continue to be targeted with today’s latest headline grabbing financial + idealogical threat of ransomware. And he poses the question, “Will we get to a point where we have to stop drinking tap water?” He also provides perspective around the nuances of compliance (note: listen for the motorcyclist example!) versus regulation and getting on a path to proactive versus reactive security while moving to a collective mindset of ‘what can I do to improve security this week’? And you don’t want to miss ThreatLocker’s must read report on protecting water infrastructure from cyber attacks available here on our show notes at https://www.forcepoint.com/govpodcast/e153

Want to know what this week’s episode title means? Listen to our two-part episode with Juan Andrés Guerrero Saade (aka JAGS), principal researcher at SentinelOne and Adjunct Professor of Strategic Studies at Johns Hopkins School of Advanced International Studies (SAIS). JAGS takes us on an exciting and educational ride through his research efforts on Moonlight Maze, one of the first widely known cyber espionage campaigns in world history, and how he came to be a featured hologram in the International Spy Museum in Washington, D.C. He also shares insights on the epic trolling endeavor through the recent “Meteor Express” wiper attack of an Iranian railway and possible ties to early versions of Stardust and Comet malware. And you won’t want to miss his perspective on monetization, Linux flying below the radar, why it’s important to get more savvy in determining what you want from vendors and how a philosophy major found his way into the threat intel space.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e152

Want to know what this week’s episode title means? Listen to our two-part episode with Juan Andrés Guerrero Saade (aka JAGS), principal researcher at SentinelOne and Adjunct Professor of Strategic Studies at Johns Hopkins School of Advanced International Studies (SAIS). JAGS takes us on an exciting and educational ride through his research efforts on Moonlight Maze, one of the first widely known cyber espionage campaigns in world history, and how he came to be a featured hologram in the International Spy Museum in Washington, D.C. He also shares insights on the epic trolling endeavor through the recent “Meteor Express” wiper attack of an Iranian railway and possible ties to early versions of Stardust and Comet malware. And you won’t want to miss his perspective on monetization, Linux flying below the radar, why it’s important to get more savvy in determining what you want from vendors and how a philosophy major found his way into the threat intel space.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e151

Joe Marks, reporter for The Washington Post’s daily newsletter Cybersecurity 202 covering the policy and politics of cybersecurity joins us this week. He takes us behind the scenes of his many years covering cybersecurity and policy sharing insights behind the stories, the reporting process and journalism in the age of dis/misinformation. He also shares perspective on key moves made by CISA in bringing election and security groups together and the ticking clock for government investment in cybersecurity to shore up defenses of federal agencies and to modernize state and local governments that are increasingly the target of ransomware and other disruptive to way of life attacks.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e150

Sheera Frenkel covers cybersecurity from San Francisco for the New York Times. Previously, she spent over a decade in the Middle East as a foreign correspondent.Sheera previously worked for the Times of London, McClatchy and NPR, where her fluency in Hebrew and her conversational Arabic helped land stories. She has said that her time as a foreign correspondent aids her coverage of cybersecurity: People are always speaking different languages and their motivations are often unclear.Frenkel and her co-author Cecilia Kang were part of the team of investigative journalists recognized as 2019 Finalists for the Pulitzer Prize for National Reporting. The team also won the George Polk Award for National Reporting and the Gerald Loeb Award for Investigative Reporting.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e149

This week we catch up with Dustin Moody, a Mathematician in the NIST Computer Security Division who shares insights on how he found his way to NIST and cryptography through a love of elliptic curves and their beauty in numbers and patterns. Learn more about the impending quantum revolution and what that means for encryption and what (as well as how long) it takes to develop a post-quantum cryptography standard (hint: it takes several years!). And he gives us a peak into the future of crypto agility and what it’s like working with other countries and their approach to crypto. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e148

Dive into the world of cryptocurrency with this week’s guest Jeff Roberts, executive editor at Decrypt and author of the book “Kings of Crypto: One Start-Up’s Quest to Take Cryptocurrency Out of Silicon Valley and On To Wall Street”. For those that are wondering, Jeff shares that cryptocurrency today is definitely mainstream and while it is still a speculative investment - with big banks getting into the game it may not stay that way for long. (HINT: in the next 10 years, we just may have an FDIC version for cryptocurrency!) He also shares how cryptocurrency such as bitcoin is serving as a nefarious and anonymous currency scapegoat for endeavors such as Silk Road and ransomware, however there are many fantastic applications it can also be used for and countries such as the US/Silicon Valley, South Korea, Switzerland and even China are helping to drive this forward. (Did you know bitcoin is legal tender in El Salvador today?!) And for those interested in his follow-up book, it just may be about currency wars. Stay tuned for more. Learn more about “Kings of Crypto”

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e147

This week we chat on the complexities and opportunities smart cities can deliver in the US and around the globe with guest Chris Teale, reporter at Smart Cities Dive. He’s spent years meeting with government and community leaders on the growth of smart cities and shares thoughts on just how fluid defining what a smart city is today. Learn which cities around the world are leading in the smart city evolution and how a patchwork of state-by-state laws and regulatory frameworks help and/or hinder progress. As well as examples of US cities you may not have expected that can share best practices and lessons learned with cities large and small across the country to help get them on the path to better utilizing technology and digitization to improve essential services (such as trash pick-up) and quality of life. He also shares insights of the ‘hackers as city consultant’ trend and how a federal government playbook for cities could help more cities get smarter, faster. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e146

This week we are joined by World Econopmic Forum’s Head of Governance and Trust Daniel Dobrygowski and Forcepoint Chief Legal Officer John Holmes for a discussion on the changing role of leadership when cyber is the cost of doing business. They share insights from the recently published World Economic Forum report “Principles for Board Governance of Cyber Risk” and historical points in time that today’s leaders can learn from in navigating business through the rapid advancements and innovations of the 4th Industrial Revolution. Read the WEF report here: https://www.weforum.org/reports/principles-for-board-governance-of-cyber-risk For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e145

Buckle up for this week’s episode because it is quite a ride! Greg Crabb, founder of TenEight Cyber and former CISO for the United States Postal Service shares insights from his more than 25 years in law enforcement and bringing cyber criminals to justice. And hear perspective on CISO best practices for a 630k+ employee organization with 43k facilities and 160 million daily delivery points and how he took a 40 person cyber team to 600 in just a few years. Also learn how his team partnered with CISA to secure the 2020 U.S. election, how postal inspectors serve as first responders (hint: anthrax vs cornstarch), the importance of identifying and quantifying risk for your organization today and the DevSecOps opportunity ahead. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e144

This week we have our first guest that successfully swam the English Channel – Sue Daley, Director of Technology and Innovation at techUK. Hear insights from Sue on the mental focus it takes to swim for 23 hours straight, how a singular national vision has helped the UK address the cyber challenge, the opportunity for US and UK collaboration on cyber issues, and key considerations for regulating AI. Sue also dives into the opportunity to embrace AI/ML for addressing online threats, why she’s optimistic for the cyber path ahead (hint: collaboration is key!) and why it will be good to finally have a “queue for the loo”. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e143

This week we pick back up for part two with CERT Division Director Greg Touhill. He shares insights on the mindset change in recent years on the importance in understanding risk and high value assets and where they reside. He also provides perspective for defining resilience, including taking a punch and keep on going, as well as steps for getting ahead of today’s ransomware threat run amok by buying down the risk. To learn more about CERT visit CERT.org. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e142

This week Greg Touhill, Director of CERT Division, joins the podcast to share insights on CERT’s history as the birthplace of cyber and culture of innovation at the center of the cyber universe. He also dives into the importance of the development of a Software Bill of Materials (SBOM), what happens when national leaders shine a light on cyber, why talent with breadth and depth is critical helping move the federal government cyber needle and the building blocks for standing up the federal government’s first CISO office. To learn more about CERT visit CERT.org. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e141

Cybersecurity is an industry rife with paradoxes and trying to get ahead of today’s vast threat landscape can feel like an endless loop of Penrose steps. This week’s guest Marilise de Villiers, co-founder and CEO of ROAR Consulting & Coaching shares insights on how to break the vicious cycle in an industry where the burn out struggle is real - particularly during the last year as the line between work and home vanished. Marilise shares details for building a personal toolkit for success that not only helps individuals build resilience but can also help organizations shape cultures that support security-first mindsets that truly make your people the strongest front line of security defense. Key to success? Defining what good looks like and redefining winning when winning is seemingly impossible. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e140

This week Eric and Rachael get To The Point on the latest cybersecurity headlines such as Colonial Pipeline, ransomware and the double extortion trend and the new Biden Executive Order on improving the nation's cybersecurity. And a new Gartner report this month noting cyber spending will grow to $150 Billion this year, yet cloud security is the most under invested category. And, the cyber industry in the US has more than 500,000 job openings and when starting salaries are up to $90k why aren't more people pursuing a career in what is by far the most exciting industry in the years ahead. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e139

Award-winning blogger, researcher, podcaster and man who coined the phrase “the cloud is just someone else’s computer”, Graham Clulely joins this week’s podcast to discuss the many ironies in cyber today. And he deep dives into the reward system that social networks deliver for creating tribes as well as the cultural chasm being driven through misinformation, disinformation and deepfakes today and the criticality of discourse with people of differing positions. He also shares the winning formula for his wildly popular, funny and informative podcast “Smashing Security” and why he’s skeptical of future predictions such as predicting what scares you about what the next decade in cyber will bring. Can that even be predicted?! For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e138

Buckle up for this week’s fast-paced podcast discussion with Lance James, CEO of Unit 221B (note: you get three guesses what this is a reference to –or, listen to the podcast to learn more!). Lance takes us on the wild ride of cyber history including his discovery of the Zeus malware in 2006, how the show Mr. Robot delved into the mind of the hacker, what it takes to understand the adversarial mindset of an attack, and the emergence of psyber (the intersection of data science, psychology and cyber). He also shares perspective on the ongoing AI debate between AI + people and automated AI, the pendulum in dealing with the Internet Age and a cultural defense, and the importance of transparency and training in how we protect and empower employees as the critical first line of defense. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e137

This week Nicole Perlroth, award-winning journalist for The New York Times and best-selling author of “This Is How They Tell Me The World Ends” joins the podcast to discuss her decade long journey covering cybersecurity and many terrifying discoveries navigating through the underbelly of the secretive cyberweapons market. She shares insights on the importance of making cyber understanding and awareness accessible to all audiences. And she details the many challenges governments and society face today as cyberattacks continue to ratchet up in scope of disruption and financial rewards with no consequences as we collectively wait for “the big event” that will be the forcing function to drive needed investment, global cooperation, and changed behaviors to truly take some of the advantage out of attackers’ hands. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e136

For this week’s episode we catch up with LaLisha Hurt, Deputy Chief Information Security Officer for General Dynamics Information Technology (GDIT) and recognized Cyber Wonder Warrior. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e135

Enrique Oti, Chief Technology Officer for Second Front Systems joins us for a candid discussion on the opportunities and challenges in innovating government software development, deployment and acquisition as founder of the U.S. Air Force’s Kessel Run program and co-founder of the Defense Innovation Unit in Silicon Valley. He shares insights on finding the right talent to build teams, importance of red team testing and continuous monitoring, how compliance introduces insecurity into the system, and what we could achieve when accrediting teams sit with developers. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e134

Welcome to our first SPECIAL EPISODE where we cover breaking news as it happens. Today we catch up with Joe Uchill, senior reporter at SC Media, to discuss the Colonial Pipeline ransomware attack making headlines this week and why we continue to see escalating attacks in frequency, ransom demands and high value targets such as critical infrastructure. Joe shares insights from his many years reporting from the cyber front lines speaking with government, regulatory, industry and hacking groups on what it would take to decrease the financial incentive and increase the criminal risk to make ransomware an undesirable pursuit. Spoiler alerts….ransomware gangs make mistakes and often hit “accidental” targets, regulating cryptocurrency is just as hard as it sounds, and while ransomware task forces can’t agree on the most effective solution(s) to mitigate ransomware, most agree global cooperation would be at the top of the list! For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e133

Part 2 of our two-part series with Mariam Baksh, Cybersecurity Policy Reporter at NextGov. As a reporter on the front lines of security policy as it happens Mariam shares perspective on how cyber picked her, rhetorical catchphrases shaping global perception and cyber responses, gaining clarity on if or where cyber policy and partisan lines are drawn, drawing the line on sanctions, hybrid attacks, Cyber Diplomacy Act, the roles of standards bodies, auditing and incident response teams, and potential impact of a low price technically acceptable approach. You won’t want to miss this insightful two-part discussion! For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e132

This week we kick off a two-part series with Mariam Baksh, Cybersecurity Policy Reporter at NextGov. As a reporter on the front lines of security policy as it happens Mariam shares perspective on how cyber picked her, rhetorical catchphrases shaping global perception and cyber responses, gaining clarity on if or where cyber policy and partisan lines are drawn, drawing the line on sanctions, hybrid attacks, Cyber Diplomacy Act, the roles of standards bodies, auditing and incident response teams, and potential impact of a low price technically acceptable approach. You won’t want to miss this insightful two-part discussion! For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e131

This week we discuss the importance of a focus on assuring resiliency of critical functions as the cybersecurity path ahead with Eric Goldstein, Executive Assistant Director for Cybersecurity for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). Eric also shares insights on executing CISA’s mission in today’s dynamic and exciting cybersecurity landscape, the criticality in prioritization and a risk-based approach in addressing security for critical infrastructure, the role of visibility and continuous assessment in addressing today’s cyber landscape as well as pathways to standardizing cyber breach disclosure across government agencies and businesses of all sizes. Visit CISA.gov to learn more about CISA’s mission and programs as well as the many professional opportunities to join one of today’s most essential frontline cyber defense agencies. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e130

This week we catch up with Lisa Donnan, Partner at Option3 Ventures to discuss the world of cyber venture capital and private equity and the importance of disruptive technology and commercialization for breaking through the white noise of the more than 3,500 cyber start-ups today. And she shares insights on why the SMB market is a $50B opportunity for cyber, why the U.S. needs a cyber moonshot to catch up, the criticality of security by design and why Cyberspace Solarium Commission is a good start but, ultimately, as we consider public/private partnerships’ success ahead who carries the stick for actions, accountability and milestones? And, Eric recommends his favorite book of the week “Think Again: The Power of Knowing What You Don’t Know” by Adam Grant. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e129

This week we sit down with Charlene Mowery, Director of Strategic Initiatives at Red Hat who shares insights and lessons learned on leadership and moving forward seemingly impossible and incredibly complex multi-stakeholder initiatives to success, such as the Ford Island Master Development Agreement. She also dives into the impact of DevSecOps in recent years, the software supply chain, importance of a cloud-first mentality, hybrid cloud and shared responsibility models, and how the Cyberspace Solarium Commission is helping bring forward the criticality of speed and agility in cybersecurity today. And, she shares her perspective on encouraging the next generation of STEM talent and why they should “Be Bold”. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e128

The next two weeks we catch up with SC Media Editor-in-Chief Jill Aitoro for a two-part discussion on the latest hot cybersecurity news drivers such as the continuing Microsoft Exchange hacker feeding frenzy and continuing discoveries from the SolarWinds supply chain attack. Both of which raise more questions than answers in how we collectively solve for these security challenges including pathways such as legal requirements for notifications, who do you notify and who is notified first, security ratings systems for software suppliers and businesses and managing such a system on a global scale across organizations small and large. We also explore the role of superadmins and where the line of offensive strategies against nation-state attackers should be drawn for enterprises. And in celebration of March 2021 as Women’s History Month, we discuss the path forward for enabling future female business leaders in security and the power of mentoring and advocacy for the up and coming generation of diverse leaders and thinkers across the industry to solve what is admittedly one of the most significant challenges of the modern era – cybersecurity. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e127

The next two weeks we catch up with SC Media Editor-in-Chief Jill Aitoro for a two-part discussion on the latest hot cybersecurity news drivers such as the continuing Microsoft Exchange hacker feeding frenzy and continuing discoveries from the SolarWinds supply chain attack. Both of which raise more questions than answers in how we collectively solve for these security challenges including pathways such as legal requirements for notifications, who do you notify and who is notified first, security ratings systems for software suppliers and businesses and managing such a system on a global scale across organizations small and large. We also explore the role of superadmins and where the line of offensive strategies against nation-state attackers should be drawn for enterprises. And in celebration of March 2021 as Women’s History Month, we discuss the path forward for enabling future female business leaders in security and the power of mentoring and advocacy for the up and coming generation of diverse leaders and thinkers across the industry to solve what is admittedly one of the most significant challenges of the modern era – cybersecurity. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e126

This week we catch up with Tom Kellermann, Head of Cybersecurity Strategy at VMWare to discuss the explosion in, and growing aggression of, cyber cartels and the differences in attack motives across nation-state attackers and the offer that just can’t be refused by the “untouchables”. We also dive into the little known mission of the U.S. Secret Service and mandate to investigate financial crimes dating back to the Civil War - and the tell signs that cyber financial attacks foreshadow for future government attack vectors. (Learn more by getting a copy of the upcoming "Modern Bank Heists" report.) We also also take a look at the cyber road ahead and moving away from a backward-looking prevention approach to one that is more of a clandestine cyber offense strategy akin to a SuperMax prison that takes an inside-out approach to security, while also considering how to turn the tables on cyber cartels through disinformation strategies. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e125

Hacker turned lawyer. Professor. Geologist. Policy influencer. Just a few words to describe this week’s guest Evan Wolff, partner in Crowell & Moring’s D.C. office and Co-Chair for the firm’s Privacy and Cybersecurity Group. After a career spent in cyber risk management and helping organizations through more than 1,000 breaches, Evan shares why he is optimistic for the cyber path ahead as well as insights around collective defense, re-victimization of companies after a breach, the new administration’s cyber focus, recent discussions on reporting and notification, efficiencies of a national data breach law, and the criticality of incident response plans. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e124

We pick up part two of our discussion with C2 Labs Co-Founder and CTO Travis Howerton looking at how the best laid plans start with the truth. And we explore the security path forward in a hyper-connected world where we move more heavily into IoT and everything is connected, dying air gaps and distributed VPNs, identity management as the new firewall, identifying clear lines of deterrence with nation-states particularly within no consequence environments, the continuing skills gap and the looming threat of quantum computing that the first one to solve will be the true winner in cyber ahead. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e123

The Picasso of Cyberattacks Has Only Just Begun – Part I Travis Howerton of C2 Labs joins the podcast for an insightful discussion on the global threat landscape through the lens of his more than 20+ years working on the front lines of national security with organizations such as National Nuclear Security Administration, Oak Ridge National Laboratory, and Bechtel. In part one of our conversation Travis shares his thoughts on how the SolarWinds hack was the Picasso of modern cyberattacks, inherent challenges to identifying attacks when you can’t trust the tools you’re working with, understanding the shared responsibility model in cloud security, protecting data with a 20-30 year outlook and the nature of cyberlogical attacks where integrity is critical. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e122

In this episode we explore the intersection of cybersecurity and human behavior with returning guest, Dr. Margaret Cunningham, Principal Research Scientist for Human Behavior at Forcepoint X-Labs. For public and private sector organizations, cybersecurity has always been addressed as a technology-first challenge. However as cyber threats evolve, the lack of behavioral science becomes a growing issue in today’s threat environment. We discuss the challenge of calculating and addressing risk, the importance of understanding human behavior vs. controlling it, and why most organizations fail to effectively measure and understand the true impact of cyber solutions. Additionally, we look at how the pandemic has created opportunities for expanding and diversifying the cyber workforce, and why it’s critical for us to open the aperture of traditional security to include experts in fields such as human behavior. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e121

Michael Daniel, President and CEO of the Cyber Threat Alliance (CTA) and former Special Assistant to President Obama and Cyber Coordinator on the National Security Council staff shares insights from his front row seat on the federal government cyber frontline from 2012 to 2017, perspective on the new Biden administration's cyber priorities, growing cyber threats and trends as a result of mass remote work during the pandemic, defining standard of care and cyber responsibilities for state/local governments and businesses ahead as well as the criticality of threat sharing among the cyber community that the CTA has been helping drive across the industry since 2014. You don't want to miss this enlightening discussion! For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e120

In this episode we dive into the complex world of cloud security with Chris Hughes, Managing Cybersecurity Consultant, Oteemo. For organizations in both the public sector and the enterprise, navigating the needed cloud acceleration the last year in the midst of mass remote work has created both significant opportunity and vast cloud security challenges. We discuss how security practitioners should be thinking about moving forward their cloud security strategy for the new normal and the key considerations every security team must take into account such as managing workloads, the needs of the workforce and building for resiliency. Additionally, we dive into themes such as reciprocity between key federal programs today including the Cybersecurity Maturity Model Certification (CMMC) and the Federal Risk and Authorization Management Program (FedRAMP) aimed at improving the cybersecurity of contractor provided services and products. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e119

Dr. Chase Cunningham, previously with Forrester Research and now with Ericom, discusses Zero Trust and how COVID-19 was the nail in the coffin of the defensible perimeter. He shares his view on the importance of multi-factor authentication and user monitoring, and how Zero Trust can be applied to the supply chain.

Finally, Dr. Cunningham weighs in on if government security mandates like CMMC go too far or not far enough -- and how best to approach security in a multi-cloud, BYOD world. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e118

Marco Figueroa Cyber Threat Hunter takes us inside the mind of the #Sunburst adversary. The timeline and what he would be doing were he the adversary. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e117

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

Jason Retired FBI Supervisory Special Agent and digital laboratory director Jason G. Weiss is counsel in the Los Angeles office of the law firm Faegre Drinker, Biddle and Reath's cybersecurity and incident response group.has been doing cybersecurity his entire career, he pioneered a cybersecurity collaboration model 20 years ago still in use today. He shares his top cyber defense tips. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e116

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

Elements of an Insider threat programs, the role Privileged users play, and how #Sunburst has affected insider threat programs with Mike Crouse, Director Insider Threat Strategies, Forcepoint, and Jared Quance, US Gov Insider Threat Program Manager. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e115

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

What a fantastic year of guests, Eric and Carolyn review their top 10 guests. Be one of the first 10 to share this episode to receive your choice of one of these books (Spoiler alert):

• Cyber Nation, David Sanger
• Burn-in, Peter Singer
• Ghost Fleet, Peter Singer
• LikeWar, Peter Singer

This 2020's final episode, Happy Holidays and see you in the new year! For links and resources discussed in this episode, please visit our show notes at  https://www.forcepoint.com/govpodcast/e114

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

We continue our review of 2020's top Government cybersecurity trends like how to deal with the insider threat and baked in AI Bias. Mike Gruss, Executive Editor, Defense News, and C4ISRNET & Phil Goldstein Sr. editor for FedTech and StateTech share their 2021 cybersecurity predictions. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e113

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

We review 2020's top Government cybersecurity trends, starting with Cozy Bear. We then look forward to what we think the big trends for 2021 will be with Mike Gruss, Executive Editor, Defense News, and C4ISRNET & Phil Goldstein Sr. editor for FedTech and StateTech. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e112

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

Dmitri Alperovitch, Co-Founder and former CTO of CrowdStrike, joins us to discuss recent breaches in over 18,000 organizations, known by many names: Sunburst, Solorgate, Dark Halo, UNC2452. Dmitri is a renowned computer security visionary and has served as a special advisor to the Department of Defense. He revealed Russian intelligence agencies’ hacking of the Democratic National Committee (DNC) and brought to light Operation Aurora—the greatest transfer of wealth in history. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e111

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

Part 2 Shortly after the US went into COVID 19 Quarantine David McDonald, Navy Telecommunications, Information Technology and Cyber Operations, joined us to discuss what we have learned from the COVID19 crisis and how it will better prepare us for future crisis. 8 months later we touch base.For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e110

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

Shortly after the US went into COVID 19 Quarantine David McDonald, Navy Telecommunications, Information Technology and Cyber Operations, joined us to discuss what we have learned from the COVID19 crisis and how it will better prepare us for future crisis. 8 months later we touch base. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e109

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

Confessions of a Financial CISO. Ross Young shares his journey starting when he first discovered he wanted a career in cyber, to his exciting "pirate" days at the CIA and now as a financial CISO. He also reveals the top three things that will make the biggest impact for your organization's cybersecurity and gives us his top cybersecurity read. 

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e108

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

Trish Cagliostro, Head of Business Development for security - Worldwide Public Sector for Security Services at Amazon Web Services (AWS) explains Cloud security, how Threat Intelligence factors in and her Cloud wish for the future. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e107

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

Former CIO of DHS, Navy and DoD, Dr. John Zangardi, or Dr Z (listen to hear how he got that handle) shares his perspective on the zero trust concept, the benefits and where the government is with implementation. He also provides valuable insight for advocates of zero trust, in a nutshell: more steak, less sizzle. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e106

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

NBC News investigative tech reporter CYRUS FARIVAR and of Author "Habeas Data: Privacy Vs. the Rise of Surveillance Tech. The book explores the tools of surveillance that exist today, how they work, and what the implications are for the future of privacy. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e105

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

Derek Weeks is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies, reduce security risks, and sustain long-lasting competitive advantages. He reviews the State of Software Supply Chain report https://www.sonatype.com/2020ssc

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e104

Please give us a review, let me know you gave us a review via LinkedIn https://www.linkedin.com/in/carolyn-ford-3b891a3/ and I will send you a free copy of "The Talent War".

Resiliency is a word that has been kicked around government for years, but what does it really mean? former Chief Security Strategist for DoD / Intelligence Community and current Forcepoint Commercial Products CTO Petko Stoyanov shares his perspectives. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e103

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

As we approach the end of 2021, Sean Berg shares his perspective on how the government has done on the rapid transition to Remote work, the pros and cons and what's next. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e102

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

In our modern business landscape, the war for talent is more complex than ever. You need to attract and retain the best talent for your organization to win, but without the right strategy or mindset, you won't be able to compete. If your revenue is declining, you're losing market share to your competition, or your organizational health is deteriorating, it's time to evolve how you approach this never-ending war. After all, your PEOPLE-not your product or service-are your strongest competitive advantage.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e101

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

100th episode with retired, four-star General Stanley McChrystal, discussing his bestselling book "Team of Teams" and the similarities between the landscape he encountered in Iraq and today's Cyber landscape and how we can apply the lessons and tactics used to defend against Al Qaeda to cyber. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e100

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

In an online world, your worst moments may live forever. Even if the original source is deleted it doesn’t guarantee that mug shot wont show up in a background check. Gabe discusses the challenges of the right to be forgotten as they relate to privacy laws. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e99

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

Derek Weeks is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies, reduce security risks, and sustain long-lasting competitive advantages. He currently serves as vice president and DevOps advocate at Sonatype. Derek is the co-founder of All Day DevOps, an amazing virtual conference bring together DevOps practitioners and thought leaders. It’s the largest virtual conference in the world, educating DevOps professionals through online training and blog content, and host over 180 local community events in 20 countries around the world. Since its founding in September 2016, our community has grown to over 130,000 strong.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e98

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

Diagnostics and Mitigation (CDM) program is evolving to lead the effort to reduce cyber risk and provide visibility across the federal government. Jason DeShano, Chief Architect for the Continuous Diagnostics and Mitigation (CDM) Booz Allen Hamilton answers the hard questions.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e97

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

With 25 years in the cybersecurity industry we ask Myrna Soto, Forcepoint Chief Strategy and Trust Officer, what has changed. What does she wish she would have done sooner and differently. And how she thinks SASE is going to help us accomplish better cybersecurity.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e96

Have a guest you think would be great for the podcast? Please email Carolyn [email protected].

Michael Epley, Chief Architect, Public Sector, Red Hat discusses the challenges of secure information sharing and why cross domain security is key for enabling faster, more secure development. We talk the challenges, solutions and the tools. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e95

Sean Kelley, Executive Vice President of Operations at Unissant leverages his 25 years experience in the Healthcare industry to weigh in on the security of the COVID 19 vaccine and healthcare in general during a pandemic. He offers the top things he would do as a CISO right now to make healthcare more secure. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e94

Axel Wirth, Chief Security Strategist at MedCrypt discusses cybersecurity for medical cybersecurity, what the current strategy is, how it has changed during the pandemic and what the future strategy should look like. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e93

We continue our discussion with Joseph Menn about his latest book, Cult of the Dead Cow which tells the story of the oldest, most respected American hacking group of all time. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e92

We discuss Joseph Menn's latest book, Cult of the Dead Cow which tells the story of the oldest, most respected American hacking group of all time. Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar. Many of these hackers have become top executives and advisors walking the corridors of power in Washington and Silicon Valley, including Mudge, WeldPond, DethVeggie and even former U.S. congressman from Texas, Beto O’Rourke (aka Psychedelic Warlord). For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e91

The FISMA report is the official grading of information security for Federal Civilian agencies. The 2019 report, recently out shows incidents are down by 8%. They are the only component in the world seeing a reduction in cyber activity. This episode explores how that is possible, and if we are asking the right questions. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e90

Our favorite highlights from Government at the Edge Virtual summit with Senior Vice President G2CI Sean Berg. Sean shares his top 5 take-aways

1. Create a Sustainable Remote Work Strategy
2. Remote Work Strategy must include IT Modernization
3. People Are the New Perimeter
4. Prepare to Address Cyberthreats — New and Old
5. Facilitate Industry and Inter-agency Partnerships

https://www.govexec.com/feature/government-at-the-edge/#speakers

For all links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e89

New York Times reporter, Pulitzer prize winner and best selling author, David Sanger discusses his latest book, soon to be an HBO special "The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age", which focuses on cyberwarfare. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e88

New York Times reporter, Pulitzer prize winner and best selling author, David Sanger discusses his latest book, soon to be an HBO special "The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age", which focuses on cyberwarfare. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e87

Part 2: Major General Joe Brendler, U.S. Army (retired) discusses Multi-Domain Operations and how Cross Domain Solutions have improved communications, how communications--especially telework has changed due to the pandemic and how IoT has made the military re-think secure communications. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e86

Part I: Major General Joe Brendler, U.S. Army (retired) discusses Multi-Domain Operations and how Cross Domain Solutions have communications. For links and resources discussed in this episode, please visit our show notes https://www.forcepoint.com/govpodcast/e85

How the recent surge in teleworking has effected cybersecurity with Randall (Randy) Sandone, CCISO, CIRI Executive Director a Department of Homeland Security Center of Excellence. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e84

Quantum computing, Grobman's curb, upcoming election, how to prepare for the Cyber pandemic, all part of this facinating episode with Steve Grobman, Chief Technology Officer at McAfee.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e83

What AI means for Government, where we are now, where we are going. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e82

Dylan Conner, CTO for ID Technologies and President of its Archon Division, recognizes the power and yet complexity of CSfC. Bad actors are not bound by policy constraints and can take advantage of the latest technology. In order for us to compete, we need to truly commercialize this technology making it more scalable and usable to mission focused environments. Dylan Conner will discuss the value and opportunities for automation across the solution stack for product ordering, management, provisioning, and Certificate renewal. Dylan will likewise discuss ways to make the accreditation cycles shorter and last longer using open source technologies. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e81

Peter’s new book, Burn-In: a blend of nonfiction and fiction like never before, sharing research on what is looming in AI, remote work, and tech/cybersecurity futures (which all just got accelerated by CV-19 outbreak), but mixed into a story. Of note, the project was also woven into the CyberSolarium Commission report, literally being the opening section of it. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e80

Kevin Isaac talks how he is balancing focus on work, health, well-being and rest challenged by our “new normal” lifestyle. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e79

Dave discusses what we have learned from the COVID19 crisis and how it will better prepare us for future crisis. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e78

Challenges the CIO is facing in the "new normal" created by COVID19, we talk with David McDonald, Navy Telecommunications, Information Technology and Cyber Operations, CIO. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e77

CEO Matt Moynahan, discusses how the Cybersecurity landscape has changed with the emergency work from home directives many companies are currently following. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e76

How easily can you be hacked? Sharee tells you in this episode and shares some basic cybersecurity measures you can take to protect yourself from becoming hacked. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e75

Richard joins us to discuss what cyber war looks like and how we can prepare for the proverbial "Digital Pearl Harbor". For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e74

Disengaged, violent, criminal employees are grown - not hired. A once loyal employee can turn into a business risk if you miss red flags and risky behavior. Why continuous discovery - NOT simply relying on a pre-hire background check - is critical to protect employees and the business at large. How exactly does an engaged, loyal employee turn into a news headline and tragedy - what goes on behind the scenes and how can HR manage and respond? For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e73

How do we bring people together in the workforce to increase diversity and increase inclusion? Sara Jones shares her 20+ years of experience. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e72

The intersection of AI and cybersecurity with Steve Orrin, CTO of Intel Federal. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e71

Congressman Jim Langevin, a recognized party leader on cybersecurity discusses what Congress is doing to ensure cybersecurity starting with, the soon to be released, Cyber Security Solarium Commission report. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e70

Richard shares what he thinks a successful SASE architecture looks like and why it will lead us to secure Cloud. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e69

RSA's theme this year: Human Element--very telling of what's important to the industry, we are moving away from point, event solutions to holistic, human centric solutions. Guests: Rachael Lyon, Forcepoint Director Communication and Nicolas (Nico) Fischbach, Global Chief Technology Officer at Forcepoint. https://www.forcepoint.com/resources/podcasts/e68

Randall (Randy) Sandone, CCISO, CIRI Executive Director a Department of Homeland Security Center of Excellence discusses how CIRI is helping improve the security and resilience of our Nation’s critical infrastructure. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e67

The state of the adversary. The who, the what, the why they do what they do.

2020 Final Three Predictions, Part 2 of 2: Cloud smart not dumb, Mature approach to data and privacy, Indicators of Compromise IoC to Indicators of Behavior IoB. Nicolas Fischbach, Forcepoint's CTO, Phil Goldstein of FedTech and Mike Gruss of Fifth Domain weigh in on Forcepoint Cybersecurity Predictions and Trends for 2020. For more information about this episode, please visit https://www.forcepoint.com/govpodcast/e65, and be sure to check out Forcepoint's Cybersecurity Predictions Report here: https://www.forcepoint.com/blog/x-labs/2020-forcepoint-cybersecurity-predictions

2020 Predictions, Part 1 of 2: On Deepfakes and 5G. Nicolas Fischbach, Forcepoint's CTO, Phil Goldstein of FedTech and Mike Gruss of Fifth Domain weigh in on how Deepfakes and 5G will affect Government Predictions. For more information about this episode, please visit https://www.forcepoint.com/govpodcast/e64, and be sure to check out Forcepoint's Cybersecurity Predictions Report here: https://www.forcepoint.com/blog/x-labs/2020-forcepoint-cybersecurity-predictions

Katherine “Katie” Arrington, Chief Information Security Officer for Assistant Secretary for Defense Acquisition, gets down to the nitty gritty of CMMC, Part 2 of 2 episodes. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e63

Katherine “Katie” Arrington, Chief Information Security Officer for Assistant Secretary for Defense Acquisition, gets down to the nitty gritty of CMMC, Part 1 of 2 episodes. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e62

Richard C. Schaeffer, Jr. is a former Senior Executive with the National Security Agency (NSA), with over 40 years total U. S. Government service, including 15 years as a member of the Defense Intelligence Senior Executive Service. Positions held during his career include Director, Information and Infrastructure Assurance, in the Office of the Assistant Secretary of Defense (Command, Control, Communications, and Intelligence) at the Pentagon and NSA Deputy Chief of Staff.

Since retiring from the NSA in April 2010, Mr. Schaeffer has continued to pursue his passion for improving the security of U. S. interests in the Cyber domain. through his own consulting firm, Riverbank Associates, LLC. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e61

Richard C. Schaeffer, Jr. is a former Senior Executive with the National Security Agency (NSA), with over 40 years total U. S. Government service, including 15 years as a member of the Defense Intelligence Senior Executive Service. Positions held during his career include Director, Information and Infrastructure Assurance, in the Office of the Assistant Secretary of Defense (Command, Control, Communications, and Intelligence) at the Pentagon and NSA Deputy Chief of Staff.

Since retiring from the NSA in April 2010, Mr. Schaeffer has continued to pursue his passion for improving the security of U. S. interests in the Cyber domain. through his own consulting firm, Riverbank Associates, LLC. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e60

Michael C. Theis uses his 25+ years as a Counterintelligence Special Agent supporting the US Intelligence Community along with his 30+ years of concurrent computer systems engineering experience to aid the CERT© Insider Threat Center further its research and development of socio-technical controls to prevent, detect and respond to insider threats. He is also a Senior Member of the Technical Staff at the Software Engineering Institute (SEI). Previously, Theis was the first-ever Chief of Cyber-Counterintelligence for the National Reconnaissance Office, where he served as the Chief for Cyber-CI investigations and operations for over six years. In 2006, he was named one of the Premier 100 IT Leaders in the nation by Computerworld magazine. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e59

For organizations, managing threats is a journey, as they steadily build up their capabilities to effectively mitigate risk. Toby Ryan, VP of Analytics Engineering at Forcepoint, discusses how to develop a smarter, more comprehensive approach that combines business and compliance processes so that the level of protection keeps pace with an ever-expanding and evolving digital threat space. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e58

Dave Egts, Chief Technologist for Red Hat, discusses the power of open source security automation. Dive into the benefits of removing human error and slowness to respond to the advent of short-lived ephemeral cloud workloads that spin up very quickly and

The Cybersecurity Maturity Model Certification, or CMMC, is the next stage in the Department of Defense's (DoD) efforts to properly secure the Defense Industrial Base (DIB). In the simplest of terms, the DoD announced that it is creating a cybersecurity assessment model and certification program. Roger Bache, Chief Operating Officer at Forcepoint, discusses the ins and outs of CMMC.

The Cybersecurity Maturity Model Certification, or CMMC, is the next stage in the Department of Defense's (DoD) efforts to properly secure the Defense Industrial Base (DIB). In the simplest of terms, the DoD announced that it is creating a cybersecurity assessment model and certification program. Roger Bache, Chief Operating Officer at Forcepoint, discusses the ins and outs of CMMC.

Phil Goldstein, Senior Editor of FedTech and StateTech joins the podcast this week to discuss government cybersecurity challenges including election security, artificial intelligence and ransomware attacks.

Mikel Gruss, Editor of Fifth Domain and C4ISRNET joins Eric and Arika this week to discusses how cybersecurity messaging gets lost, the impact of fake twitter account on national security and shamrock shakes (you have to listen to the end).

In celebration of our 52nd episode Eric and Arika recap some of their favorite episodes over the past year.

This week Army Strategist and Lt. Colonel Arnel David joins us from the UK to discuss the intersections between people, connectivity and cybersecurity.

Dr. Zero Trust Chase Cunningham joins the podcast this week to discuss how after 30 years organizations are finally approaching cybersecurity strategy the right way.

Part 2 - Data Scientist and Psychologist Margaret Cunningham breaks down the "human" factors of a cybersecurity breach.

Data Scientist and Psychologist Margaret Cunningham breaks down the "human" factors of a cybersecurity breach.

In the second of a two-part series, Forcepoint’s Dan Velez, Director of Insider Threat Consulting Services discusses the components of a well-constructed Insider Threat defense program. Dan has helped stand up insider threat programs for the US Government for over a decade. During this discussion he draws on his experience to share best practices.

In the first of a two-part series, Forcepoint’s Dan Velez, Director of Insider Threat Consulting Services discusses the components of a well-constructed Insider Threat defense program. Dan has helped stand up insider threat programs for the US Government for over a decade. During this discussion he draws on his experience to share best practices.

This week we get to the point with Chris Krebs the nation’s top cybersecurity official. We discuss his vision for the newly created DHS Cybersecurity and Infrastructure Security Agency, election security, what keeps him up at night and why he bikes to work every day.

This week Eric and Arika discuss the roles generation play when it comes cybersecurity hygiene and awareness. They also discuss why only 9% of millennials are interested in cybersecurity careers and what government can do to recruit the younger generations.

This week Eric and Arika discuss the process of creating real innovation in cybersecurity with Audra Simons, Director of Forcepoint’s Innovations Labs.

Former USDA CIO joins the podcast this week to discuss her work post government leading a data Science Technology Engineering Agriculture and Math Summer camp in Washington, DC. She also discusses the challenges of government and how the USDA is innovating government through new technology. 

Christopher Sather of Forcepoint joins the podcast this week to share his perspective on the future of cybersecurity and ways to make it less complex.

On this week’s episode Andy Wall shares his lesson learned in transforming the cybersecurity culture of organization to better understand, measure and reduce the risks of human error on cybersecurity.

Thirty-year technology industry veteran Kevin Isaac of Forcepoint joins Eric and Arika to discuss how the cybersecurity landscape has evolved over the past 20 years.

Dr. Richard Ford joins the podcast this week to discuss how humans and machines need to work together to properly enable the future trust landscape as well as share why be believes trust is a cybersecurity superpower.

This week Eric and Arika continue their conversation with George Kamis of Forcepoint in discussing cybersecurity tips for the everyday consumer. We cover the importance of virus scans, what to do if you are hacked and tips for securing your financial data.

This week Eric and Arika continue their conversation with George Kamis of Forcepoint in discussing cybersecurity tips for the everyday consumer. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e36

When was the last time you took stock of your digital footprint? For many, the answer is never. This week Forcepoint's George Kamis joins Eric and Arika to share and discuss practical tips on how to reduce cybersecurity risks in your home. There is a lot of ground to cover so this is part 1 of 3 episodes. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e35

Living Security is transforming the cybersecurity training experience through their cybersecurity escape room and other interactive exercises. Ashley Rose joins the podcast this week to discuss how they are providing organizations such as the National Geospatial-Intelligence Agency with relevant trainings rather than just checking a compliance box. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e34

Karen Evans, the Department of Energy’s first Assistant Secretary for Cybersecurity joins Eric and Arika to discuss the Department of Energy's role in securing critical infrastructure as well as discuss the future of cybersecurity and innovation. This is an extended episode you don't want to miss! For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e33

Former senior executive of the Central Intelligence Agency Mark Kelton, joins the podcast this week to discuss the evolving challenges that organizations face in addressing insider threats. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e32

Under this directive, agencies are continuing to prioritize cloud computing initiatives as part of their IT modernization plans. n partnership with Ponemon, Forcepoint surveyed cloud influencers within federal agencies to find out more about current cloud adoption trends across federal government to find out where agencies are having successes and what problems they are encountering, especially as it relates to securing the cloud.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e31

GSA's Bill Zielinski joins the podcast to discuss GSA's Enterprise Infrastructure Solutions contract and how federal agencies can take advantage of it for IT and security modernization. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e30

With the threat of the IT landscape constantly changing, a diversity of opinions, perspectives, and skills are crucial to staying ahead of the curve in preventing the next attack. This week Forepoint's CIO Meerah Rajavel joins Eric and Arika to discuss why promoting the cybersecurity field to underrepresented groups, such as women can offer a new perspective on how to solve emerging security problems. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e29

Recorded live from Forcepoint's Cybersecurity Leadership Forum, Forcepoint's CEO Matt Moynahan joins the podcast to discuss the challenges of tackling cybersecurity--from addressing insider threats to the increased cost of cyber threats to workforce gaps. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e28

Raise The Bar—led by the NSA and NCDSMO—raised the security architecture bar for Cross Domain Solutions beyond even the NIST Risk Management Framework controls, to continually improve the status quo within the cross domain community. In March 2019, Forcepoint gathered government and industry experts in the cross domain community to discuss what's on the horizon for the initiative. If you didn't make the event, listen to Eric, Arika and special guest Michelle Jordon recap what you missed! For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e27

This week Forcepoint's Phil D'Angio joins the podcast to give us his take on the trends and challenges on the commercial side of cybersecurity. We talk about how cybersecurity is prioritized, data security and also dive into why more millennials are not joining the cybersecurity workforce.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e26

Risk management is a fundamental principle of cybersecurity as the alternative would be the pursuit of total security which is unaffordable and unachievable for an organization as large and complex as the federal government. This week former Department of Homeland Security Undersecretary Suzanne Spaulding joins the podcast to discuss the challenges government faces in its quest for cybersecurity risk management, and how government officials must manage making security investments when the benefits and outcomes are uncertain. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e25

The federal government continues to face a number of complex challenges in terms of how its protects itself from cyberattacks. On this week’s episode, Eric and Arika are joined by Jason Miller of Federal News Network to discuss the current state of government cybersecurity.

• What is the government doing well?
• What could it be doing better?
• How does the lack of skilled cybersecurity workers impact government cybersecurity?

To find out more please visit http://thewellnessconnection.com/e24

In today’s world of technology, terms such as artificial intelligence and machine learning are thrown against the wall like spaghetti to see what sticks. But what advances really being made with these transformative technologies and is government ready to adopt cutting edge solutions to meet new and emerging threats in cybersecurity.

In this week’s episode, Milos Manic, professor of computer science and director of the Virginia Commonwealth University’s Cybersecurity Center joins the podcast to discuss the Autonomic Intelligent Cyber Sensor (AICS) he and his team have developed with funding from the Department of Energy to detect intruders, isolate them and even possibly retaliate against them.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e23

This week Dickie George who worked at the National Security Agency (NSA) as a Cryptologic Mathematician for over 40 years in the Information Assurance Directorate talk about his experience in being a government "cybersecurity target" and how to be a target that is hard to hit.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e22

On this week’s podcast we are joined by Forcepoint’s Marketing Director Carolyn Ford who shares some behind the scenes insights on Forcepoint’s upcoming Cybersecurity Leadership Forum. This is Forcepoint’s annual event and Carolyn shares some of the agenda highlights, speakers and other surprises that will happen at the event on April 4, 2019. Additionally, Eric and Arika will be doing a special podcast recording from the event. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e21

In December 2018, the White House released it updated draft Trusted Internet Connection policy (TIC 3.0) which is a program created by the federal government to consolidate the number of external internet connections within agencies so that IT Teams can more efficiently manage security efforts. On this episode of To The Point Cybersecurity, we are joined by Next Gov’s Senior Editor to discuss the updated policy, how it will impact cloud security and what is means for government networks. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e20

2019 is already off to an interesting start in terms of government cybersecurity—we’ve had a 35 days government shutdown and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency recently issued its first emergency directive about Domain Name System tampering activities.

On this week’s episode Forcepoint’s George Kamis (CTO Global Governments & Critical Infrastructure) joins Eric and Arika for a discussion around the most pressing cybersecurity issues for government in 2019– and what agencies can do to protect against them. 

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e19

Machine learning have become more mainstream in cybersecurity as a way to make inroads against cyber threats. In this week’s episode Dr. Kular, a Research Scientist in Forcepoint’s innovation Labs joins the podcast to share her thoughts on whether security analyst trust analytics that are powered by machine learning. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e18

Former EPA CISO Sean Kelly joins the podcast this this week to discuss the challenges government security officials face in protecting its networks and whether government’s cyber strategy is heading in the right direction. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e17

Recently SBA’s CIO Maria Roat tweeted that the “SBA OCIO is burning the bridges behind us - no going back.” This week the SBA’s CTO Sanjay Gupta joins us to talk about how the SBA is forging ahead with innovation and also discuss his cybersecurity predictions for 2019.

Since the early beginnings of the internet in the 1980's, viruses and malware attacks have become far more aggressive. As a result, cybersecurity has had to greatly (and quickly) evolve to keep up with new and emerging threats. This week former CIA Executive Mark Kelton joins the podcast to discuss the differences between the 1980s-1990s and today as it relates to espionage, cyber, the adversaries, etc.

Recently, the Department of Energy hosted its annual CyberForce National Competition. Of the 66 selected teams to compete, the University of Central Florida’s Collegiate Cyber Defense Team won the national competition which challenges teams across the country to build a robust corporate network that can withstand attacks to steal data, deface websites or wipe out critical systems. The team’s captain Austin Sturm joins the podcast this week to discuss their winning strategy and also discuss cybersecurity from a generational perspective.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e14

This week Forcepoint’s Global Chief Technology Officer joins Eric and Arika to talk about the range of new innovations he is seeing in cybersecurity and give his honest advice on how government can upgrade its cybersecurity systems by first upgrading its cybersecurity mindset.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e13

This week hosts Eric Trexler and Arika Pierce discuss Marriott’s recent news that it experienced a four-year-long breach involving personal and financial information of 500 million guests of its Starwood hotel properties. During the episode they breakdown what these types of breaches mean for consumers, private industry as well as government and also discuss whether Congress needs to pass data security laws to protect against these types of incidents.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e12

Forcepoint’s Sean Berg was recently named by FedScoop as one of the top 50 leaders in the federal technology space. On this episode he joins the podcast to discuss his thoughts on the current state of government cybersecurity and also discuss a recent article he authored on utilizing the human element to mitigate today’s sophisticated cyber threat landscape including critical infrastructure

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e11

Recently, Forcepoint’s Chief Scientist published an opinion article entitled “Rethinking the concept of trust” in which he makes the case that the only long-term solution to data management within the government is to embrace trust-based architecture in a consistent and broad manner. Dr. Ford joins the podcast this week to discuss this concept of trust—meaning how the government typically trusts — or distrusts — those people, devices, systems, and infrastructure that make up the overall federal and state ecosystems.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e10

Post the November election, Congress is set to pass long-awaited legislation which will pave the way for DHS to create the government’s first cyber-specific agency. The question that still lies ahead however, is whether that will translate into real security improvements. Security Evangelist/Veteran FBI Cyber Agent (and technical consultant to the hit TV show Mr. Robot) Andre McGregor joins Eric and Arika this week to discuss whether this move will improve the government’s incident response capabilities and mitigate ongoing attacks.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e9

The Director of National Intelligence recently said that “the warning lights are blinking red” with regards to cyber threats to our critical infrastructure. We have seen advanced persistent threat actors, including cyber criminals nation states and proxies, increase the frequency and sophistication of malicious cyber activity.

In this episode cyber expert Jim Lewis joins the podcast to discuss what the government is doing, not doing and should be doing to in order to protect our infrastructures from a “Digital Pearl Harbor.”

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e8

In this episode, Aaron Heffron, President of Market Connections, joins the podcast to discuss the results of their new survey of how DHS’ Continuous Diagnostics & Mitigation (CDM) Program is tracking against the goal of providing more effective cybersecurity solutions for government agencies.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e7

In this episode, Arika Pierce speaks with Dr. Karen Renaud, a Professor of Cybersecurity at the University of Abertay in Dundee, Scotland to discuss her recent article in which she makes the case that cybersecurity attacks are like disease and have the potential to become calamitous and are contagious.

Therefore the government should take a much more hands-on approach to support its citizens cybersecurity.

For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e6