Today’s Cyber Work Hacks is for security novices, people just getting started in learning cybersecurity and looking for their career path. Professor Robert McMillen is an Infosec Skills path author, and he gives you some fantastic advice for making the decisions at the very beginning to help you steer your career to all the places you want to go! To get your cybersecurity career started, make sure to check out today’s Cyber Work Hack. 0:00 - First starting out in cybersecurity1:28 - Cybersecurity career map5:41 - Advice for career road mapping9:11 - Leaning into your interests via education12:28 - Advancing your cybersecurity career15:56 - Cybersecurity skills to learn 17:21 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, Jonathan Gill, CEO of Panaseer, joins me to talk about the stress-filled role of the Chief Information Security Officer. Jonathan notes that the most challenging part of a CISO’s role, especially the CISO of a large, complex company, is the lack of full view of the organization’s assets and points of vulnerability. Jonathan tells us how Panaseer is working to create a trusted and validated system of record to ensure accurate and good faith recording of actions, strategies, and decisions to accept or mitigate business risks. All this, and a discussion of the CISO as one of the story-makers in the C-suite, today on Cyber Work! 0:00 - Firing CISO's after cybersecurity breaches4:23 - First interest in cybersecurity and tech7:41 - Working with cybersecurity leaders across the world11:17 - International sales work19:12 - Stave off burnout as a CISO 28:20 - Notion of asset detection 32:06 - Culture of sacking CISOs 43:06 - Better CISO involvement 49:09 - Cybersecurity career mapping strategies57:13 - Learn more about Jonathan Gill and Panaseer59:09 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, I’m introducing you to Dr. Georgianna, or “George” Shea, the chief technologist at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation. Shea finds new and developing technologies and develops pilot programs for implementation in a variety of locales, including DoD, the government sector and critical infrastructure. We talk about Shea's first taste of security, learn what it’s like to be knowledgeable in several dozen connected security spaces rather than being the all-knowing authority in one (and the knowledge that outside of the dozens you know, there are hundreds more to learn) and we answer the burning question: “Why don’t any of my interns know what NIST is?” All this, and some more talk about the security of the U.S. water supply (because you know I’m never going to stop asking about that), on today’s episode of Cyber Work! 0:00 - Cyber resilience5:19 - George Shea's early cybersecurity interest6:41 - How has cybersecurity changed in two decades?8:53 - Learning cybersecurity in the early days14:22 - Chief engineer at MITRE21:00 - Work with the Foundation for Defensive Democracies28:48 - Technology's pace versus policy31:25 - Cyber-informed engineering34:02 - Cybersecurity on old systems35:29 - Cyber resilience and defense41:41 - Working in cyber resiliency 44:01 - Why do so few know what NIST is?48:36 - The current state of state security 54:33 - Best career advice56:11 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks are helping train the red teamers and blue teamers of tomorrow with our boot camps and study materials for the CEH exam. But how does ethical hacking proficiency translate into a satisfying career? Infosec’s CEH boot camp instructor Akyl Phillips has plenty of strategies to help you get focused and stay focused on your studies, some excellent tips for keeping on top of the latest security changes and innovations, and how you’re going to push past uncertainty and into the work of putting one foot in front of another in your quest to become a bona-fide, in-demand ethical hacker! Keep the enthusiasm up when you check out today’s Cyber Work Hack. 0:00 - Ethical hacker career1:57 - Testing for the CEH certification2:55 - Career paths to pursue with CEH certification5:08 - Working in pentesting or ethical hacking7:55 - Unglamours side of ethical hacking 9:49 - How to keep up with new tech11:39 - Switching careers to ethical hacking12:45 - Preparing for a CEH role interview13:23 - Don't fear a cybersecurity career15:03 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, I talked with Etay Maor, Chief Security Strategist with Cato Networks. Etay is a founding member of the Cato Cyber Threats Research Lab, or CTRL — see what they did there? — and he joins me to talk about their first CTRL report on attack patterns and methods. We’re going to talk about the most common attack vectors, why Log4J still rules the roost even against newer and flashier exploits, and we go deep into the many paths you can take to become a threat researcher, threat analyst, reverse engineer, and lots more. That’s all on today’s episode of Cyber Work! 0:00 - Intro4:10 - First interest in cybersecurity and tech5:15 - Becoming chief security strategist8:15 - Working in cybersecurity project management12:07 - Hacker targets and AI15:04 - The dark web and security access16:03 - The CTRL report in brief20:23 - Health care cybersecurity 22:49 - Different cyberattacks in different industries25:10 - Using security tools as a gateway27:03 - AI-enabled cyberattacks33:14 - Careers as a cybersecurity threat researcher36:09 - Figuring out where to specialize in cybersecurity41:31 - Important cybersecurity skills and experience45:58 - Hiring in cybersecurity49:30 - Future changes in AI and cyber tools55:38 - What is Cato Networks?57:13 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

How does a childhood curiosity turn into a groundbreaking career in identity and access management? Join us for an engaging conversation with David Lee, the Identity Jedi, as he recounts his fascinating journey from tinkering with computers as a child to becoming a sought-after expert in IAM. Lee shares the pivotal moments and unexpected opportunities that transformed his career, providing invaluable insights for anyone looking to break into the cybersecurity field. We explore the essential technical and soft skills that have propelled Lee to the forefront of his industry, along with his unique strategies for navigating complex IAM landscapes.0:00 - Identity Access Management (IAM)3:04 - First interest in cybersecurity 8:32 - Identity and access management cybersecurity 13:38 - Computer science and higher education 18:00 - Necessary soft and hard skills for IAM22:16 - Larger organizations and IAM24:21 - Defining identity in cybersecurity29:18 - Variety of identity ideas33:03 - African American representation in cybersecurity 38:28 - Cybersecurity equity41:33 - Financial inequity and working in cybersecurity48:35 - Cybersecurity solutions for more equitable hiring53:22 - Less racism in the tech industry 57:51 - Best piece of cybersecurity career advice59:13 - What is identity Jedi?1:00:04 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, Tom Siu, CISO of Inversion6, joins the podcast to talk about cyber diplomacy! As Siu says at the start of the show, the internet has no borders. It’s like water. There are pathways and choke points, but there is no ownership by any one country or entity. How does that influence international diplomacy? Siu discusses possible scenarios for the future of cyber diplomacy, and skills and backgrounds that make you a good fit for this work. This is a great episode for our job changers, especially as this work requires strong backgrounds from a variety of tech and non-tech careers, but as always, there’s lots to learn, no matter your skill level or background, on today’s episode of Cyber Work. 0:00 - Work in cyber diplomacy4:36 - First interest in cybersecurity7:01 - Learning by breaking8:58 - Working as a CISO17:44 - Reading and learning different job languages21:15 - Career and personal resiliency 25:42 - The impact of cyber on foreign policy35:14 - Working in cybersecurity foreign policy38:24 - The military and cyber diplomacy43:11 - Emerging trends in cyber diplomacy48:52 - Skills you need to work in cybersecurity54:20 - Best cybersecurity career advice56:12 - Learn more about Inversion659:25 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks are here to help you pass the CEH, or Certified Ethical Hacker exam. For today’s Hack, Akyl Phillips, Infosec bootcamp instructor in charge of the CEH/Pentest+ dual-cert bootcamp, walks us through four sample CEH questions, explaining the logic behind each answer and discounting the wrong ones with explanations, allowing you to reach the right answer in a logical and stress-free way. This episode is a real eye-opener for aspiring red teamers, so keep it here for this Cyber Work Hack! 0:00 - Mastering the CEH exam2:42 - Types of CEH exam questions3:32 - CEH exam question examples12:08 - Why a CEH boot camp is helpful 13:44 - How long is the CEH exam?14:37 - Best CEH exam advice15:18 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Zarik Megerdichian, the co-founder of personal privacy controller company Loop8, joins me in breaking down the recent Roku breach, which landed hackers a whopping 15,000 users' worth of vital data. Megerdichian and I discuss the failings of the current data collection and storage model while moving to a model in which biometrics is the primary identification method, coupled with a system of contacts who can vouch for you in the event that your device is lost or stolen. It’s another interesting approach to privacy and online identity in the age of the never-ending breach announcement parade.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Roku's data breach1:54 - First, getting into computers5:45 - Megerdichian's company goals9:29 - What happened during the Roku data breach?11:20 - The state of data collection14:16 - Uneccesary online data collection16:26 - Best data storage protection17:56 - A change in data collection20:49 - What does Loop8 do?24:09 - Deincetivizing hackers25:21 - Biometric account recovery30:09 - How to work in the biometric data field33:10 - Challenges of biometric data recovery work34:46 - Skills gaps in biometric data field36:59 - Megerdichian's favorite part of the work day37:46 - Importance of cybersecurity mentorship41:03 - Best cybersecurity career advice43:33 - Learn more about Loop8 and Megerdichian44:34 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, I’m very excited to welcome Debbie Reynolds, the Data Diva herself, to discuss data privacy. Reynolds developed a love of learning about data privacy since working in library science, and she took it through to legal technologies. She now runs her own data privacy consultancy and hosts the long-running podcast “The Data Diva Talks Privacy Podcast.” We talk about data privacy in all its complex, nerdy, and sometimes frustrating permutations, how GDPR helped bring Reynolds to even greater attention, how AI has added even more layers of complexity and some great advice for listeners ready to dip their toes into the waters of a data privacy practitioner career.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Data privacy3:29 - First, getting into computers7:46 - Inspired by GDPR9:00 - Pivoting to a new cybersecurity career12:01 - Learning different privacy regulation structures15:17 - Process of building data systems 17:41 - Worst current data privacy issue20:57 - The best in AI and data privacy22:15 - The Data Diva Podcast25:24 - The role of data privacy officer30:36 - Cybersecurity consulting36:21 - Positives and negatives of data security careers39:34 - Reynolds' typical day41:11 - How to get hired in data privacy48:38 - The best piece of cybersecurity career advice50:25 - Learn more about the Data Diva51:14 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and the Cyber Work Hacks podcast are here to help you pass the Certified Ethical Hacker (CEH) exam! So for today’s hack, we’re talking about bootcamps. The CEH exam, no matter how you slice it, is an exam that is the definition of the phrase, “It’s a marathon, not a sprint.” With 125 questions and four hours to answer them, there’s as much of a mental game at work here that’s much more than rote memorization of terms and tools. That’s why I wanted to get an insider’s look from Infosec boot camp instructor Akyl Phillips! Phillips will explain what the Infosec five-day CEH boot camp is like, the learning and retention strategies you’ll employ, and all the ways that bootcamp training can help you pass on the first try. Phillips has taught pentesters and red teamers at all levels from sheer beginners to people already in the field, and this episode is a look into how it works. Book yourself a front-row seat for another Cyber Work Hack. 0:00 - How to pass the CEH exam3:17 - What is a CEH boot camp? 4:02 - Things to know before the CEH exam5:30 - How does the CEH exam test practical skills?6:46 - The day-to-day of an Infosec boot camp11:08 - What is CEH exam day like?12:14 - Is a cybersecurity boot camp right for me?13:12 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, my guest is Raj Ananthanpillai, CEO of Trua, a company that is steeped in the current issues around digital credentials and data privacy. As you’ve no doubt heard, AT&T reported a data breach that compromised the personal information of approximately 7.6 million users! Ananthanpillai discusses Trua’s mission to leave data thieves holding an empty treasure chest, discusses his past work in creating TSA PreCheck and gives a bunch of great ideas and advice for making sure that you’re always thinking beyond your current position by learning and creating your way upward! All that, and a WHOLE bunch of vitriol at the industry-standard collecting of social security numbers, today on Cyber Work! 0:00 - Revolutionizing data privacy4:20 - How Ananthanpillai got into cybersecurity6:11 - Work as a cybersecurity CEO9:25 - Fast tracking in cybersecurity roles11:08 - Take your first steps in cybersecurity work13:01 - Founding Trua17:50 - New digital security protocols 21:10 - AT&T data breach27:03 - How to stay safe from data breaches29:58 - How to work in data privacy35:14 - Skill gaps in data privacy work37:05 - Best cybersecurity career advice38:26 - Learn more about Trua41:00 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Mark Toussaint of OPSWAT joins to talk about his work in securing operational technology, and specifically about his role as product manager. This is an under-discussed job role within security, and requires great technical expertise, intercommunication skills and the ability to carry out long term campaigns on a product from, as he put it, initial brainstorming scribblings on a cocktail napkin through the creation of the product, all the way to its eventual retirement. Learn what it takes to connect security engineering, solutions experts, project management, and more in the role of security product manager, and how OT security connects fast, flexible IT and cybersecurity with systems that, as Toussaint put it, might be put in place and unmodified for 15 or 20 years. It’s not that hard to connect the worlds, but it takes a specific skill set.0:00 - Working in operational technology 1:49 - First getting into cybersecurity and tech3:14 - Mark Toussaint’s career trajectory5:15 - Average day as a senior product manager in OPSWAT7:40 - Challenges in operational technology 9:11 - Effective strategist for securing OT systems11:18 - Common attack vectors in OT security 13:41 - Skills needed to work in OT security 16:37 - Backgrounds people in OT have17:28 - Favorite parts of OT work 19:47 - How to get OT experience as a new industry worker21:58 - Best cybersecurity career advice22:56 - What is OPSWAT25:29 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.  

Cyber Work Hacks knows that you have what it takes to pass the Certified Ethical Hacker (CEH) exam! And you don’t have to do it alone! Infosec’s CEH boot camp instructor Akyl Phillips gives you his top tips and tricks for taking the exam! Phillips breaks down the common formats for CEH questions, talks common mistakes people make while taking the exam and why it’s not the end of the world if you fail the CEH on the first time (especially if you do it with an Infosec CEH/Pentest+ dual-cert boot camp). As Phillips puts it, first you have to get to know the beast, and that will allow you to slay the beast! Sharpen your tools and get down to business with this Cyber Work Hack.0:00 - Certified ethical hacker exam1:42 - What is ethical hacking and the roles using it?2:46 - Tips and tricks for taking the CEH exam3:32 - Tools to have before the CEH exam5:09 - Common mistakes people make with the CEH exam6:11 - What if I fail the CEH exam? 7:02 - Will I get CEH exam feedback?7:49 - Best piece of advice for CEH exam day8:55 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, we’re talking about last September’s breach of the MGM Grand Casino chain, an attack that lead to a week of tech failure, downtime and over a hundred million dollars in lost revenue. The attackers were able to get in via a point that my guest, Aaron Painter of Nametag Inc, said is a common point of failure: the request for a password and credential reset from the helpdesk, and the ever-frustrating “security questions” approach to making sure you are who you are. Nametag is built to create an alternative to security questions and go beyond MFA to create a method of verification that is even resistant to AI Deepfake attempts! This conversation goes into lots of interesting spaces, including career mapping, the importance of diverse design teams and the benefits of security awareness training, plus you get to learn about an amazing piece of emergent tech!0:00 - A new method of online verification3:15 - First getting into cybersecurity and computers7:03 - Aaron Painter's work experiences 10:37 - Learning cybersecurity around the world11:32 - Starting Nametag16:25 - Average work week as Nametag CEO19:10 - Cybersecurity learning methods21:15 - The MGM cyberattack explained26:07 - MGM fail safes bad actors surpassed 29:26 - Security awareness training 31:35 - Are data breaches the new normal34:05 - How Nametag safeguards online data37:59 - AI deepfakes 40:19 - Using Nametag42:20 - How to learn AI deep fake defense44:14 - Design choices in digital identity 45:54 - Different backgrounds in cybersecurity 46:59 - Aaron Painter's favorite part of his work48:01 - Best cybersecurity career advice49:00 - Learn more about Nametag50:06 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work hacks can help you pass Cisco’s CCNA certification exam! But what if you think you’re not ready to make that jump? What would it take for you to jump into the study of the CCNA with both feet? Infosec’s CCNA boot camp instructor Wilfredo Lanz wants you to know that you can be ready to start the big learning a lot faster than you think, and tells us why some of his most entry-level students often do better on the test than their more established classmates. If the prospect of passing the CCNA on the first try got you fired up, well, that’s the point! Keep the excitement coming, and check out today’s Cyber Work Hack. 0:00 - Cisco's CCNA certification exam0:57 - Who enrolls in an Infosec CCNA boot camp2:50 - What should you know before studying for the CCNA?3:50 - What does a CCNA certified IT network professional do?6:42 - Ensuring you're ready to take on CCNA9:59 - How to gain networking experience11:39 - Become an IT and networking professional 12:50 - OutroLearn more about the CCNA: https://www.infosecinstitute.com/training/ccna/About InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, I’ve got a big guest for you. Jeffrey Brown, Faculty at IANS Research, is also the chief information security officer for, not a company, not for a healthcare organization, but for the entire state of Connecticut! Brown walks me through the scope and reach of a state-wide CISO, a country-wide move toward a “whole of state” strategy and, frankly, I spend an awful lot of time talking to Brown about where he finds the time to do all the things he does.0:00 - Being CISO of an entire state1:50 - Early interest in computer, tech and security5:17 - A communication background in cybersecurity7:31 - Cybersecurity career time management13:59 - Working as a CISO of a state15:45 - How to prepare for a CISO role at the state level18:51 - What does a CISO do for a U.S. state?25:50 - State cybersecurity approach27:41 - Cyber attacks and challenges states face32:00 - Is cybersecurity awareness a waste of time? 37:31 - Skills needed to work in cybersecurity for the state40:11 - Learning how to lead in cybersecurity43:20 - Favorite parts of state cybersecurity44:19 - Resources to improve cyber hygiene 46:14 - Best piece of cybersecurity career advice48:47 - Learn more about Jeffrey Brown49:33 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastThis is a very wide-ranging and inspiring episode – whether you’re slogging through cert study or hitting a wall trying to figure out your next career pivot, my talk with Jeff will absolutely give you a new perspective. Keep it right here for Cyber Work! About InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, we continue our deep dive into industrial control systems and operational technology security by talking with Donovan Tindill of DeNexus. Now, I’m just going to come out and say it: Tindill's episode is like a cybersecurity career seminar in a box, and a must-not-miss if you’re interested in not just ICS and OT security, but specifically the realm of Risk Assessment. Tindill brought slides and literally lays out his entire career for us to see, including the highs and even some of the lows, and what he learned from them. He explains the fuzzy distinctions between ICS security and the act of determining risk for said systems, gives us a 60 year history of the increasing attack surface and number or risk types associated with operational technology, and gives us tons of great career advice and ways to get started. 0:00 - Careers in operational technology2:01 - Donovan Tindill's interest in tech5:30 - Tindill's career roles in cybersecurity 10:42 - The jump to a supervision role13:19 - Average day for a director of OT cybersecurity 18:39 - Volunteerism with Public Safety Canada 22:57 - Tindill's talk on active directory a decade later23:43 - Current operational technology challenges29:26 - New SEC regulations 33:54 - Thoughts on the SEC regulations35:37 - How to work in OT, ICS or risk assessment40:34 - Skill gaps for OT, ICS and risk management 42:44 - Tindill's favorite work45:36 - Best cybersecurity career advice48:22 - What is DeNexus? 52:22 - Learn more about Tindill and DeNexus53:22 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks podcast want to help you pass the CCNA exam! So, for today’s hack, let’s talk boot camps. The CCNA is an intimidating exam, especially if you’re trying to go it alone, just you and your self-study book. That’s why I’d like to introduce you to Infosec’s CCNA boot camp instructor, Wilfredo Lanz! He will explain what the Infosec 5-day CCNA boot camp is like, the learning and memorizing strategies you’ll employ and how boot camp training can help you pass on the first try. Lanz helps his students with every networking question, and students who commit to those five intensive days will see significant results. 0:00 - What is a CCNA boot camp like? 1:40 - Boot camp training versus university6:37 - Do I need to bring anything to CCNA boot camp?7:23 - Take CCNA exam after boot camp8:25 - Advice for taking a CCNA boot camp9:46 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, we are talking operational technology, or OT, security with guest, Robin Berthier of Network Perception. From his earliest studies to his time as an academic researcher, Berthier has dedicated his career to securing the intersection between operational technology and network security, with some pretty imaginative solutions to show for it. In today’s episode, Berthier explains why modern OT security means thinking more about the mechanics of the machinery than the swiftness of the software solutions, the big conversation that infrastructure and ICS Security need to have about nation-state attackers (and finally are having!) and Berthier's best piece of career advice turns into some excellent thoughts on the importance of maintaining your network… and I don’t mean routing and switching!0:00 - Industrial control systems cybersecurity1:54 - How Robin Berthier got into tech3:38 - Majoring in cybersecurity 4:55 - Intrusion detection systems 9:18 - Mechanical and cybersecurity tools12:33 Launching Network Perception17:03 - Current state of ICS and OT infrastructure20:24 - Cyberattacks on industrial control systems28:35 -Skills needed to work in industrial control systems35:19 - Where are ICS security jobs?36:39 - Getting into local OT systems37:55 - Skills gaps in ICS39:21 - Best piece of career advice41:01 - Cultivating a work network43:28 - What is Network Perception?45:27 - Learn more about Robin Berthier45:58 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, our deep-dive into manufacturing and operational technology (OT) cybersecurity brings us to the problem of endpoint security. Tom Molden, CIO of Global Executive Engagement at Tanium, has been grappling with these problems for a while. We talk about his early, formative tech experiences (pre-Windows operation system!), his transformational position moving from fiscal strategy and implementation into his first time as chief information officer and talk through the interlocking problems that come from connected manufacturing devices and the specific benefits and challenges to be found in strategizing around the endpoints. All of the endpoints.0:00 - Manufacturing and endpoint security1:44 - Tom Molden's early interest in computers4:06 - Early data usage6:26 - Becoming a CIO10:29 - Difference between a CIO and CISO14:57 - Problems for manufacturing companies 18:45 - Best CIO problems to solve in manufacturing22:51 - Security challenges of manufacturing 26:00 - The scop of endpoint issues 33:27 - Endpoints in manufacturing security37:12 - How to work in manufacturing security39:29 - Manufacturing security skills gaps41:54 - Gain manufacturing security work experience43:41 - Tom Molden's best career advice received46:26 - What is Tanium 47:58 - Learn more about Tom Molden48:34 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks are here to help you pass the CCNA exam! For today’s Hack, Wilfredo Lanz, Infosec bootcamp instructor in charge of Cisco’s CCNA certification, walks us through four sample CCNA questions, walking through each answer and discounting the wrong ones with explanations, allowing you to reach the right answer in a logical and stress-free way. And the only way you’re going to see it is by staying right here for this Cyber Work Hack! 0:00 - CCNA exam sample questions 1:31 - Different types of CCNA exam questions3:34 - First CCNA exam sample question 8:34 - Second CCNA exam sample question13:52 - Third CCNA exam sample question20:47 - Fourth CCNA exam sample question 25:22 - Infosec CCNA boot camp practice exam27:04 - Advice for CCNA exam day28:46 - OutroLearn more about the CCNA: https://www.infosecinstitute.com/training/ccna/About InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

AT&T Cybersecurity’s head of evangelism, Theresa Lanowitz, is today's guest. Lanowitz has amazing and wide-ranging career achievements, from her time with analyst firms Gartner and Voke, work on Java’s JBuilder environment and strategic marketing for the Jini Project, which was proto-IoT going back to the late ‘90s! With all of these incredible stories, we talked far and wide about manufacturing security concerns, she breaks down the key pain points around edge computing and talks extensively about her love of both the English language and programming languages of all sorts. They all have grammar, they all have style, and if you’re a linguist or a lover of learning new languages, perhaps computer languages are an opportunity you hadn’t pursued? All that and a ton more – seriously, I could have talked to Lanowitz for hours – on today’s episode of Cyber Work.0:00 - Manufacturing security  2:02 - Theresa Lanowitz’s early interest in computers 3:52 - Learning programming languages in the early days 6:12 - English language’s connection to programming language 8:24 - Evolution of programming language 11:55 - How language impacts programming 13:52 - Lanowitz’s cybersecurity career 17:20 - An average day as head of cybersecurity evangelism 22:53 - Edge computing use in manufacturing 26:35 - Biggest security issues in manufacturing 30:02 - The bad actors in manufacturing security 33:41 - Manufacturing cybersecurity technology 39:02 - Skills needed to work in manufacturing cybersecurity 41:00 - Biggest skills gaps in manufacturing security 41:44 - Best cybersecurity career advice 42:15 - Where are manufacturing security issues heading? 45:06 - Security issues with third-party vendors 47:53 - Learn more about AT&T cybersecurity  48:48 - Learn more about Theresa Lanowitz 49:04 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Thomas Pace of NetRise talks about industrial control systems security. We’ll learn about Pace's time in the United States Marine Corps in cyber-intelligence, his move to forensics and then ICS and why the greatest asset a security professional can have is the ability to find, clearly see and create narratives. I always find ICS professionals to be fascinating, and Pace took us down some new paths, so if you’re also interested in ICS Security, keep it here for today’s episode of Cyber Work!0:00 - Industrial Control Systems security 1:39 - How Pace got into cybersecurity 4:31 - The speed of cybersecurity's change5:20 - Pace's career in cyber intelligence 10:08 - Importance of cybersecurity analysis10:55 - Current state of ICS and infrastructure security in the U.S.25:22 - How to work in ICS security 32:52 - Manufacturing security issues 38:00 - Security risks for cranes40:51 - Best ICS security advice 44:09 - Best cybersecurity career advice46:15 - What is NetRise?47:40 - Learn more about Pace48:25 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks want you to pass the Cisco CCNA exam! To help you do that, Infosec’s CCNA Boot Camp instructor Wilfredo Lanz gives you his top tips and tricks for taking the CCNA exam! Lanz will give you some advice for narrowing down the right answer by eliminating the obviously wrong ones, common mistakes people make while taking the exam and what to do if, for some reason, you don’t pass on the first try. And most importantly, why you must take the practice exams before the test. And then retake them. And again! 0:00 - CCNA exam tips 1:43 - What does the CCNA cover? 4:50 - Tricks for taking the CCNA exam 5:55 - Common CCNA exam mistakes 7:17 - What if you fail the CCNA exam? 8:40 - Best piece of advice for CCNA exam day 9:53 - Outro About Infosec Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Cyber Work Hacks is back to keep you updated with the CISSP exam! Infosec boot camp instructor Steve Spearman joins me to tell us about the new changes to the CISSP’s common body of knowledge (CBK) and how the changes to the CBK should (or shouldn’t!) affect your study and preparation for the exam! Keep learning, and keep it here for another Cyber Work Hack.– Learn more about the CISSP: https://www.infosecinstitute.com/training/cissp/– Get your free ebook, "CISSP exam tips and tricks (to ace your exam on the first try)": https://www.infosecinstitute.com/form/cissp-exam-tips-ebook/ 0:00 - CISSP exam common body of knowledge 1:16  - Changes to CISSP's CBK7:45 - Why did CISSP make CBK changes?9:17 - How to study for the CISSP11:37 - Most important CISSP exam items 14:04 - Best advice for taking the CISSP exam15:03 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks are here to help you pass the CISSP exam. Today’s Hack is part two, so I encourage you to go back and listen to part one of Steve Spearman’s CISSP exam tips and tricks. In part two, I pass the mic to Spearman to give you his top five test-taking strategies for the CISSP. What’s the Sesame Street rule? How does the CISSP feel about absolutes? Keep it here, and you’ll find out in part two of this week’s Cyber Work Hack. 1:30 - Look for absolutes in questions3:17 - The Sesame Street principle 4:45 - Watch for algebraic equations 6:23 - Look for the "golden words"7:38 - Change management is likely the answer8:55 - Keep an eye on senior management and impact10:19 - Think like a CISO11:53 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work Hacks are here to help you pass the CISSP exam! This is part one of a two-part Cyber Work in which Infosec’s CISSP boot camp instructor Steve Spearman gives you his top tips and tricks for taking the CISSP exam! In part one, we’ll talk about what makes the CISSP such a difficult exam, common mistakes people make while taking the exam and what to do if, heaven forbid, you don’t pass on the first try. You don’t have to do this alone, but you need to listen to Spearman's suggestions.– Learn more about the CISSP: https://resources.infosecinstitute.com/overview/cissp/– Get your free ebook, "CISSP exam tips and tricks (to ace your exam on the first try)": https://www.infosecinstitute.com/form/cissp-exam-tips-ebook/0:00 - CISSP exam tips1:43 - What makes the CISSP challenging? 4:51 - Common mistakes taking the CISSP8:00 - Tricks for taking the CISSP test11:40 - Advice on retaking the test16:05 - Best advice for CISSP exam day16:36 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Alicia Olson, VP of Communications at Optiv, is today's guest. Olson came to cybersecurity from the oil and gas sector. She tells us how she got interested in communications for security professionals, explains how she turned Optiv’s distributed workforce into a cohesive unit and gives CISOs some crucial advice and ideas for dealing with that moment that no one wants to have to explain — the inevitable security breach. 0:00 - What do CISOs need in 2024?1:40 - Working in communications3:50 - Average workday as a VP of communications6:56 - Cybersecurity issues with communications 9:50 - Why work in cybersecurity communications? 13:00 - How to enter cybersecurity communication roles17:50 - Women mentoring women in cybersecurity 19:35 - Supporting DEI in cybersecurity23:00 - Biggest problems for CISOs in 202425:05 - Missing CISO skills you should learn27:38 - Remediation in cybersecurity communication29:30 - Olson's best piece of career advice30:15 - Learn more about Optiv30:55 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and the Cyber Work Hacks podcast are here to help you prepare for and pass the CISSP exam from ISC2. For today’s hack, we’re talking boot camps. If you’ve been preparing for the Certified Information Systems Security Professional (CISSP) study guide for six months or more, you might learn better in a concentrated, focused environment with expert instruction. And that expert is Infosec boot camp instructor Steve Spearman, who has helped hundreds of learners prepare for and pass their CISSP. Steve will walk you through what the Infosec 7-day CISSP boot camp is like, which can make the difference between passing on the first try and the headache and heartache of having to re-sit the exam. 0:00 - What is a CISSP boot camp?1:37 - A boot camp versus university cybersecurity education2:47 - What is a cybersecurity boot camp schedule like? 6:54 - Cybersecurity boot camp communication 9:50 - Cybersecurity boot camp homework12:13 - Taking a cybersecurity certification exam15:44 - Is a cybersecurity boot camp right for me? 17:36 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Don't believe the movies and TV shows — ethical hacking is not done by frantically typing on the keyboard in a race against the clock.What's a career in ethical hacking and penetration testing really like? Join our panel of experts who have worked in the field for decades to find out!In this one-hour live event, we'll cover:0:00 - Ethical hacking fact vs fiction7:45 - First, getting into cybersecurity 12:00 - Does ethical hacking fiction affect people? 19:20 - Cybersecurity students in higher ed26:17 - Qualifying for penetration testing jobs31:21 - A real-life cybersecurity attack42:30 - Does Hollywood inspire cybersecurity workers?44:30 - U.S. Cybergames47:40 - Infosec Skills and real-life learning 50:35 - Cybersecurity career jump53:30 - Criminal justice and cybersecurity 56:25 - From IT support to cybersecurity 59:00 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and Cyber Work hacks want to help you pass the Security+ exam! We have three separate hacks on this channel to help you through the process of studying for and taking the exam. But what about in the years after, when it’s time to get ready to recertify? Infosec boot camp instructor Tommy Gober walks you through all the different ways you can earn your continuing education units (CEU), how many you need to re-certify your Security+ and some less-known activities that can keep your CEU numbers rising and make ongoing learning an ongoing process, not something you need to “cram” at the end of three years. Wanna know more? Well, it's all here in today’s Cyber Work Hack. 0:00 - Security+ certification renewal1:30 - Why does CompTIA require renewal?4:37 - How to earn continuing education units6:51 - Fun ways to earn continuing education units8:04 - Log your continuing education unit hours9:44 - Continuing education unit consistency 12:25 - CompTIA certification continuing education 15:14 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Tom Terronez joins Cyber Work to discuss security in an industry that doesn’t always make the headlines for security news: dentistry. Terronez co-founded Medix Dental, an IT and security provider for the dental industry, 20 years ago, and has the lowdown on some of the specific security issues dentist offices and networks face. It is an uphill battle to get the industry to acknowledge its extreme insecurity, and I find out how a shared love of Hall & Oates got Terronez into this very specific area of the security sphere. And I promise that I tried to avoid overusing the phrase “drill down on this point.” Spoiler: I failed.0:00 - Dental industry cybersecurity 2:00 - Terronez's interest in tech3:55 - Dentistry cybersecurity 20 years ago5:00 - Dentistry cybersecurity dangers and issues15:55 - Why the dental industry is susceptible to cyberattacks18:50 - Common attack vectors against dentists23:37 - How to work in dental cybersecurity 25:20 - What working in dental cybersecurity is like26:40 - Volunteer opportunities in dental cybersecurity 28:22 - 2024 dental cybersecurity trends31:20 - Tom Terronez's best cybersecurity career advice32:50 - Learn more about Medix Dental34:03 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec and the Cyber Work Hacks podcast are here to help you pass the Security+ exam! For today’s hack, let’s talk bootcamps. If you’ve been piecing your way through the Sec+ study guide for six months or more, it’s possible that you would learn better in a concentrated, focused environment with expert instruction. I’m talking, of course, about Infosec boot camp instructor Tommy Gober! Goberwill walks you through what the Infosec five-day Security+ boot camp is like the learning and memorizing strategies you’ll employ and all the ways that boot camp training can make the difference between passing on the first try and endless headaches and heartaches of re-sitting the exam. You don’t have to do it alone! But to learn more, you do have to keep it here for another Cyber Work Hack. 0:00 - Security+ boot camp   1:30 - Boot camp training versus classroom 6:25 - Breaking down five days of boot camp8:50 - What is it like to attend a boot camp? 12:14 - How does the boot camp prepare for the exam?14:01 - Is a boot camp right for you?15:30 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT, and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and at home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Miami University's (in Oxford, Ohio) Farmer School of Business Information Systems and Security researcher Joseph Nwankpa joins Cyber Work today. Nwankpa recently wrote a report that overturns some huge assumptions: he found that work-from-home employees are, to a large degree, less of a security issue than many on-premises workers. Nwankpa discusses The Peltzman Effect, the persistent struggles to create security awareness that lasts past the initial training sessions and talks about some surprising reasons that the higher education sector has been shown to be less sophisticated in their security awareness than many other industries.0:00 - Are remote workers more cyber secure? 2:00 - How did Joseph Nwankpa get into cybersecurity? 7:53 - Findings on remote worker security12:00 - Cybersecurity strategies in different work locations17:05 - A company's cybersecurity compliance culture19:07 - Best lessons for best remote work security practices22:00 - Internalizing securing awareness26:40 - Higher ed issues with cybersecurity 31:00 - Higher ed and phishing emails33:00 - Remote work security blind spots35:50 - Become a security awareness professional 41:54 - Miami University's information systems program44:00 - Learn more about Nwankpa45:01 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Cyber Work Hacks is here to answer your questions about the CompTIA Security+ exam! Today, Infosec boot camp instructor Tommy Gober reviews Security+ exam sample questions and shares tips to pass your Security+ 701 exam.0:00 - Security+ exam mechanics1:15 - The different types of Security+ exam questions3:55 - How do you see your Security+ exam results?5:10 - Security+ exam example question 19:27 - Security+ exam example question 211:32- Security+ exam example question 315:08- Security+ practice exam16:29 - Security+ exam day advice18:05 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Ken Westin of Panther Labs has a bit of fact-checking he wants to do on some of the tech stories we read daily in the papers. Does J.P. Morgan really get 45 billion cyberattacks per day? Really? Are there other factors in this number that aren’t emphasized in the interest of chasing panic clicks? Westin and I talk about responsible ways to cover big security stories in the news, ways that each of us can become cyber fact-checkers and advocates, and Westin tells me about how his personal interests have turned into creating some very cool anti-theft tools. You can hear me audibly blown away by one in particular! 0:00 - Mega cyberattacks 2:00 - How Ken Westin got into cybersecurity 10:44 - J.P. Morgan cyberattacks 16:00 - Media and PR as a form of social engineering17:48 - Reframing the cyberattack narrative19:50 - CISO burnout and responsibility23:04 - Advice to CISO workers to fight new threats28:35 - Changing the cybersecurity narrative33:43 - Advice to cybersecurity professionals 37:30 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Cyber Work Hacks is here to answer your questions about the CompTIA Security+ exam! Today, Infosec boot camp instructor Tommy Gober tells us about the new changes to the Security+ exam and how it will (or will not) affect your study and preparation for the exam! Keep learning, and keep it here for another Cyber Work Hack.Get your free Security+ ebook, "CompTIA Security+ 701: How the world's most popular cert is changing in 2024" https://www.infosecinstitute.com/form/comptia-security-601/0:00 - Security+ exam changes 1:05 - Key ways the Security+ exam has changed (SY0-701)3:47 - Why make the Security+ exam changes? 5:30 - Security+ exam studying strategy 6:47 - Most crucial Security+ exam skills for the future9:48 - Best advice before taking the Security+ exam  11:28 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, Sean Falconer of Skyflow and host of the Partially Redacted and Software Huddle podcasts, joins me to talk about the present and future of consumer and user data privacy, the pros and cons of adding more privacy regulations into place and his journey from software development and engineering to his current place of working closely and deeply with the future of API-based data encryption and privacy. And stick around because Falconer will share the best career advice he ever received! 0:00 - Consumer and user data privacy2:02 - When did Falconer get into tech?6:40 - Three degrees in computer science12:40 - Current issues around data privacy19:25 - The end of "Wild West" data privacy laws24:00 - External factors on data privacy28:03 - Why am I accepting cookies on websites?34:45 - Experiences and learning for data privacy careers41:44 - Learn more about Skyflow and Falconer42:26 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Adrianna Iadarola of CyberSN joins me today to break down every spot on the cybersecurity job search, hiring, upskilling and retention pipeline. After her raucous and highly informative presentation at ISACA Digital Trust World, I knew I had to introduce you to this great analyst and thinker. Whether you’re doing the hiring or being the hiree, you will find something crucial to your new year journey today on Cyber Work. 0:00 - Problems with cybersecurity hiring 2:19 - How Adrianna Iadarola got into cybersecurity 6:03 - Skills required to jump cybersecurity roles 8:13 - How the cybersecurity job landscape has changed 13:30 - Skills gap in cybersecurity and timing 15:15 - Cybersecurity HR hiring issues 20:05 - Why is AI security executive level? 25:16 - Change in soliciting cybersecurity candidates 30:16 - Recommendations on changing a cybersecurity team 35:30 - Strategies in cybersecurity language 40:00 - Advice for people heading into cybersecurity 43:20 - Where are cybersecurity budgets and investments going? 49:52 - What is CyberSN? 52:01 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today's guest is Anthony Pacilio, VP Neurodiverse Solutions at CAI. I met Pacilio at this year’s ISACA Digital Trust World event in Boston, and I was immediately fascinated with his insights on hiring and attracting neurodiverse professionals in security, IT, engineering and related industries, all of which suffer a skills gap and all of which are in need of new insights and working methods. Pacilio and I have a substantive conversation about changing the structure of the “6-hour marathon” interview process, the difference between an employee who stays in one job role vs. an employee who stays in but re-imagines that one job role, and why this new way of hiring and recruitment can lead to nothing less than an entire transformation of a company’s work culture.  0:00 - Neurodiversity and cybersecurity leadership 4:18 - Pacilio's early years with tech7:40 - Shifting roles in cybersecurity 12:55 - VP of neurodiverse solutions 16:10 - CAI's dedication to neurodiversity  19:27 - Neurodiverse solutions in cybersecurity and IT23:50 - Rethinking the cybersecurity role interview26:32 - Adopting new interview strategies 33:03 - Examples and success stories 35:30 - Where neurodiverse workers succeed in cybersecurity 42:04 - Tips for neurodiverse learners in cybersecurity 45:58 - Advice for new cybersecurity professionals 52:30 - Learn more about CAI53:05 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Dan Roberts, host of the “Tech Whisperers” podcast, and a mentor, coach and leader to CISOs and other tech-focused C-suite members for nearly four decades, is today's guest. We talk about Roberts' earliest work, including coining the term “Developing the human side of technology” all the way back in 1984, to spearheading the CyberRX program for CISOs and those aspiring to be. Roberts also provides a four-stage growth chart for CISOs that, quite frankly, scales well to just about any tech career and teases a very exciting guest on the “Tech Whisperers” podcast!0:00 - CISO's need leadership experience4:47 - How Dan Roberts got into cybersecurity and tech6:34 - What was tech like in the '80s?9:20 - Common difficulties as a CISO16:52 - What is CyberRX?24:10 - Joining CyberRX to become a CISO29:50 - How to become a CISO34:45 - Cybersecurity and soft skills38:05 - Skills needed in tech and security now 40:30 - Leading with the seven Cs43:00 - Start your CISO career journey 46:23 - Getting uncomfortable to evolve in cybersecurity47:49 - What is the Tech Whisperers podcast?52:06 - Tech for Good project54:18 - Exciting new projects for Roberts56:30 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Confidence Staveley of the CyberSafe Foundation and the CyberGirls program is today's guest. CyberGirls is a year-long cohort program in which women in Africa ages 18 to 28 can learn cybersecurity basics and create career tracks to fast-track these students into cybersecurity careers! Staveley tells us about the workings of the program, how she uses her YouTube channel to teach API security with food analogies and explains the origins of what is likely the first-ever Afrobeat song about security awareness!  This episode is as fun and inspiring as any I’ve recorded, so I hope you’ll tune in for today’s Cyber Work.0:00 - Cybersecurity training for women in Africa4:47 - How Confidence Staveley got into cybersecurity10:35 - What is the CyberSafe Foundation? 16:57 - What is the CyberGirls fellowship?21:30 - How to get involved in CyberGirls30:10 - Inspiring success CyberGirls stories43:11 - Keeping CyberGirls engaged46:31 - API Kitchen YouTube show52:00 - Cybersecurity initiatives in Africa59:27 - Advice for working in cybersecurity1:03:13 - CyberGirls' future1:05:20 - Learn more about CyberSafe1:07:22 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Ian Campbell, security operations engineer at DomainTools, is someone who has truly carved a niche out for himself in his organization and in the cybersecurity landscape as a whole. His blogs for the DomainTools website have provided paths for neurodiverse cybersecurity professionals and allies who want to make their organizations more friendly to neurodiversity to undertake the small changes to work roles and company culture that can net huge improvements for folks with different types of cognition, patterns of learning, concentration challenges, and yes, nurturable strengths! I’ve said it plenty of times here and I’ll say it again: cybersecurity is at its best when we’re all together, solving problems and creating solutions with our own diverse approaches. 0:00 - Neurodiversity in cybersecurity 4:00 - How Ian Campbell got into cybersecurity 6:50 - Cybersecurity journey15:33 - What does a security operations engineer do?18:37 - Chokepoints of security operations engineer role20:22 - Supporting people with neurodiverse work and learning25:50 - What hinders neurodiverse workers in cybersecurity? 30:17 - Altering work culture for neurodiverse workers39:00 - Neurodivergent traits suited for cybersecurity 42:05 - Benefits of neurodiversity in cybersecurity 48:41 - Promoting communication for neurodiverse workers52:36 - Positive policies for neurodivergent workers58:20 - Learn more about DomainTools1:00:00 - Learn more about Ian Campbell1:00:23 - Outro – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Guest AJ Grotto is the William J. Perry International Security Fellow and founding director of the Program on Geopolitics, Technology and Governance at the Stanford Policy Center and Stanford University. Grotto has served in the National Cybersecurity Council under two successive presidents and brings decades of knowledge in international relations, policy and risk both to his students and to clients in his private sector consulting work. Grotto tells us about the current state of international cyber risk and response, gives his tips for students just getting started in international policy and why a suspicious-looking email took him away from the law profession and into the security space. 0:00 - National security cyber issues4:04 - How AJ Grotto got into cybersecurity7:10 - Grotto's work in the National Security Council10:25 - Skills used in the National Security Council14:35 - Working at Sagewood 17:00 - Global trends in cybersecurity19:00 - Economies down; cyber crime up? 20:17 - Cyber risk work at Stanford23:10 - Cybersecurity students at Stanford29:46 - How to take Grotto's class at Stanford31:25 - Federal Zero Trust directives34:49 - What to research for national security work38:09 - Important global cybersecurity topics40:06 - Learn more about Grotto, Stanford international policy41:07 - Outro   – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec IQ’s director of production, Steve Concotelli comes to us following years working in the movie and TV industry, and his ability to create and craft a great story is at the core of what makes Work Bytes the most award-winning security awareness series on the market! Learn more about Concotelli and the team’s ability to craft storylines with takeaways that stick, as well as the reasons why we create four different information delivery types to match the pace and time commitments of your workers. Maybe by the end, you’ll know which of the fantastical characters I mentioned at the start is most like you! Kick back and enjoy a few engaging minutes with this Cyber Work Hack. And take the Work Bytes Personality Quiz: https://infosec.involve.me/work-bytes-personality-quiz.0:00 - Film storytelling in cybersecurity 2:48 - How Concotelli moved from Hollywood to Infosec3:56 - What is Work Bytes?5:50 - Telling the story of Work Bytes7:47 - Balancing fun and info14:07 - What's new in Work Bytes?19:21 - Big goals for Work Bytes20:29 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Tomas Smalakys, CTO at NordPass, is today's guest. As our future seems choked with a never-ending need for new passwords of ever-growing complexity for everything we sign up for, Smalakys, along with some large tech organizations, is embracing a post-password future with a system of passkeys. What will it look like? How is it implemented? How will you be able to do this bleeding-edge work in the future? Tune in for today’s episode of Cyber Work and find out! 0:00 - The future of online passwords3:43 - Tomas Smalakys' start in cybersecurity8:40 - Managing software engineers15:33 - Chief technical officer at NordPass20:05 - The state of password security27:22 - Imperfections in two-factor security42:13 - How to know you've been compromised online47:55 - The passkey system1:02:41 - How to work in passwords and passkeys1:09:05 - Learn more about Smalakys and NordPass1:10:07 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Anna Claiborne from Zayo talks about the spike of DDoS attacks they saw in the past year. Although distributed denial of service (DDoS) attacks trend up nearly every year, new factors around advanced automation and ease of use may be driving the increase. Claiborne takes us back 20 years, when solutions to DDoS attacks involved trying the most far-out solution you could, often for the most far-out clients you could imagine! Seriously, I use the words “Wild West” to describe early security on a lot of episodes, but Claiborne really gives us some top-notch war stories. She’ll also let you know where to focus if you want to get started in telecom security, or any of near-infinite industries that would be impacted by telecom shutting down.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - AI and DDoS attacks 4:20 - How Anna Claiborne got into cybersecurity8:24 - Claiborne's cybersecurity experiences 14:10  - The changes in DDoS attacks16:55 - Current DDoS escalations 24:34 - Claiborne's role as a VP34:25 - Why DDoS attacks have skyrocketed38:32 - Why DDoS attacks are easier42:55 - How much is DDoS effective?44:24 - Tips for countering DDoS47:16 - Careers involving DDoS attacks51:09 - Acquire DDoS skills early56:19 - Learn more about Claiborne and Zayo57:48 - Outro About InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Oliver Tavakoli from VectraAI returns to the program to talk about – surprise! – AI! Having talked about Tavakoli's origin story on the past episode, we’re free to dig right into his main area of interest: the ways in which generative AI can be used by bad actors, whether introducing conflicting messages into GPT guardrail commands or escalating the nuance and complexity of fake-based social engineering attacks. We talk about long-term implications of this emerging tech opportunity, ways for new professionals to get comfortable with its requirements quickly, and Tavakoli lets us know what this “summer of AI” will mean for the coming years, and also why its endless innovation may cool for a few years, and that’s OK. 0:00 - Generative AI and bad actors 4:20 - Big changes for generative AI in 20207:11 - Example of an AI attack15:30 - AI as a tool versus an intelligence17:10 - Solutions with AI22:47 - How AI will affect cybersecurity careers32:18 - How does AI hurt your career? 38:40 - Job roles in cybersecurity that may become niche40:40 - The year of AI? 43:25 - How to talk about AI45:40 - What is VectraAI?48:25 - Learn more about Tavakoli and VectraAI49:30 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Dr. Heather Buker of 6clicks has been a technical SME in the cybersecurity field her entire career, and 6clicks has introduced Ask Hailey, an AI-based governance risk and compliance (GRC) tool that promises to move the work of GRC into a new era. Also on the show, Infosec’s vice president of portfolio product strategy and cybersecurity superstar Keatron Evans in a guest-host capacity! Buker, Keatron and I discuss the spaces in which governance risk and compliance can greatly benefit from AI/machine learning enhancement, the crucial need to prioritize the decision-making skills of humans over everything else and why seemingly disparate career roles and pivots can still lead you in the career direction you desire most. 0:00 - Ask Hailey AI4:17 - Heather Buker's start in cybersecurity6:40 - Security compliance migration work and more13:15 - Tasks of a chief customer officer18:40 - What is Ask Hailey AI? 23:00 - Challenges in risk assessment27:15 - Ask Hailey AI and GRC 38:05 - Advice to get into government cybersecurity42:50 - Advice for cybersecurity students44:50 - The big picture of AI53:00 - Learn more about Buker and 6clicks54:11 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Tara D. Anderson, managing director of Framework Security and an official member of the Forbes Technology Council, walks us through her journey, including her years in the world of finance, opens up about a traumatic event in her life that altered the way she learns and retains information and how her switch to IT and Cybersecurity was an ideal fit. From her days co-founding the consultancy firm Cognitive SLC, an organization whose founders were all neurodiverse, to Framework Security’s desire to make protection understandable to small charitable companies and organizations who couldn’t bounce back from hacking and theft, Anderson's ethos and vision, from work to the interview process, is a complete inspiration for anyone interested in bringing neurodiverse professionals into their organization. 0:00 - Neurodiversity in cybersecurity 3:46 - Getting into computers and tech9:46 - Revenue officer roles 15:20 - Getting into IT and security23:07 - Neurodiverse workers in cybersecurity 30:45 - Neurodiverse challenges in cybersecurity41:40 - Remote cybersecurity work52:03 - How to work in cybersecurity 56:34 - What is Framework Security?59:30 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Leslie Lynn Smith is the National Executive Director for GET Cities. GET stands for Gender Equality in Tech. Today’s episode will move away from standard cybersecurity and IT insights in favor of a larger look at investment opportunities for tech startups, and where and on who we spend investment capital. Smith is a multi-decade authority on state- and city-wide community investment initiatives with a lifelong passion for bringing people of marginalized races and genders to the table in fulfilling their tech business dreams. Smith talks about bridging the gap from angel investor money to initial seed, and why the space between the two can sink new startups, the slow, patient process of affecting equitable change at the legislative level, and offers an accelerated way to make IT and cyber teams more inclusive and equitable. If you’ve wanted to get involved with angel investing and helping young companies get off the ground, Smith talks you through the process with no steps missed. 0:00 - Gender equity in tech3:35 - Leslie Smith's journey in tech9:40 - Equity in cybersecurity at GET Cities15:03 - How does GET Cities work? 21:20 - Concrete ways to work towards gender equity in tech30:30 - Imposter syndrome revised35:00 - Where does equity work need to be done in tech?40:30 - How to invest in tech and cybersecurity43:33 - GET Cities upcoming initiatives46:00 - Learn more about GET Cities and Smith46:40 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Brianne Caplan is the founder and executive director of Code Your Dreams, a non-profit that brings knowledge, accessibility and excitement about programming and tech to learners from age 5 to adulthood in underserved communities. Caplan tells some incredible stories, like the women’s coding and data analysis group in Burundi, exciting coding projects for students interested in art, music and dance and why her experience inadvertently creating a non-profit company that was incorporated as a for-profit was a learning experience that helped kickstart Code Your Dreams! This one’s inspiring, so I hope you’ll keep it here for Cyber Work.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Coding for underserved communities 3:11 - Brianne Caplan's start in cybersecurity8:04 - Cash for Schools10:50 - What is Code Your Dreams?14:40 - How Code Your Dreams works17:52 - Gaps in cybersecurity school education21:00 - Baseline tech literacy for grade school23:30 - Popular Code Your Dreams activities27:08 - After Code Your Dreams35:11 - Volunteer for Code Your Dreams37:00 - Bring Code Your Dreams to your school39:40 - Get in touch with Brianne Caplan40:15 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Limor Bergman-Gross, founder of LBG Consulting, a results-oriented executive coaching service for women in tech, discusses her early programming experience, including Pascal instruction in high school, her move from software engineering manager to career coach and corporate mentorship instructor and why mentors can and should come at any level on the career ladder, not just management or executive. As Limor puts it, “all you need in a mentor is that they be a few steps further down the path than you are.” Lots of gems like that to be found today on Cyber Work. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Career coach for women in tech 2:55 - Getting into cybersecurity 5:50 - Pursuing cybersecurity consulting6:54 - How to get into consulting 8:15 - First steps with cybersecurity coaching10:02 - How to help someone find their role14:20 - Executive-level consulting 16:00 - A mentor versus an advocate17:45 - Mentoring and training 20:00 - Speaking at an ISACA conference22:28 - Achieving gender parity quickly24:55 - Supporting underrepresented talent in cybersecurity32:05 - Making a difference in diversity35:00 - Women mentoring women37:10 - Making yourself available as a mentor 40:37 - Learn more about LBG Consulting42:20 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Lesley Carhart of Dragos, also known as Hack4Pancakes on social media, is a lifelong breaker and builder of things, and their insights on the deep mechanics of Industrial Control Systems are an absolute must-hear for any of you even considering this space. Carhart also talks about their keynote at this year’s Blue Team Con, the differences between incident response in the military vs. the private sector, and why standard cybersecurity studies won’t take you as far in ICS as it will to learn how train track switchers work. Seriously, this is one of the best episodes I’ve ever been a part of, and I can’t wait for you to hear it! – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - ICS security 3:40 - Getting started in cybersecurity 9:13 - The early days of the internet11:05 - Air Force cybersecurity 12:50 - Military cybersecurity training 15:00 - Incident response work at Motorolla18:40 - Technical director of incident response23:30 - State of ICS39:13 - Starting work in ICS41:57 - Keynote speaker at Blue Team Con46:46 - Bringing diversity into ICS53:46 - Outro About InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Forget what the crime scene TV shows have told you — digital forensics is not done on an overhead projector while the whole department watches! Learn about the day-to-day work of a digital forensics professional from a team of experts who have been putting in the work for decades!In this episode of Cyber Work Live, you will learn:- The types of tools you’ll use to help bring criminals to justice- Why a lack of technical experience isn’t a barrier to entry- How to get real-world forensics practice in your own home- Where a career in digital forensics can take you  – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Digital forensics careers 4:28 - Limits of going off the grid 12:28 - What do SIM cards actually do? 33:12 - Gathering evidence in digital forensics44:08 - Digital forensics and the cloud51:44 - Working as a digital forensics professional 54:42 - Digital forensics certifications 59:50 - How to pursue a digital forensics career1:02:24 - Outro About InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

We met Katie O’Malley, founder of (en)Courage Coaching and Counseling, at this year’s Women Impact Tech conference, and she gave a great talk about effective networking and giving confidence to tech professionals at all levels of the career ladder. Katie and I discussed finding your adjectives and using them to center your interactions, creating courageous workplace culture, and why women only being mentored by women turns into the new unpaid labor. Let’s all step up and make the workplace better! – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Coaching women in cybersecurity 3:10 - How Katie O'Malley got into coaching4:57 - O'Malley's start in cybersecurity and coaching8:51- The evolution of leadership 12:00 - How career coaching works18:00 - Importance of networking and branding24:20 - How to achieve gender parity in cybersecurity 29:30 - Courageous workplace culture 33:21 - Pitfalls in new cybersecurity jobs36:40 - Lead change at your cybersecurity company38:55 - What is (en)Courage Consulting and Coaching?39:33 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

We're talking about chief information security officers CISOs, one of the top-dog roles in cybersecurity, and for many professionals, it’s the brass ring they spend their careers trying to reach. The expectations of a CISO are changing, too, and requirements are growing in many different ways. Mike Scott, CISO of data security provider Immuta, has seen the role change a lot in the past 15 years, and he’s seen the role of CISO move from out of the shadows and into the spotlight for the C-suite, but at a price: when a breach happens, the CISO is often the one who takes a fall. Is this a reasonable expectation? Will the role of CISO change even more? I talked to Mike about all this and the eight years he spent as the CISO of the Wendy’s fast-food chain! We won’t judge you if you want to bite the corners off first, but I’ll be crying in my chili if you don’t keep it here for today’s episode of Cyber Work.0:00 - Responsibilities of CISOs 3:15 - How Mike Scott of Immuta got into cybersecurity 6:55 - Leading Wendy's fast food restaurant as CISO 13:30 - Data security problems right now18:40 - Shift left strategy24:10 - How the CISO role is changing31:00 - Increased CISO oversight38:06 - The CISO's responsibility 48:30 - How to work as a CISO51:50 - Cybersecurity in the federal government54:48 - Learn more about Immuta56:53 - Learn more about Mike Scott57:35 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Preparing for the worst is a drag. Nobody likes to think about it, and if you don’t watch out, inaction means that when you do get ransomed or breached, your first thought is not “let’s get the disaster manual and see what it says.” It’s panic. Today, ProServeIT’s Eric Sugar walks you through a crash course in developing a disaster recovery plan for your small business! Don’t panic! Help is on the way.0:00 - Create a disaster recovery plan1:15 - What is a disaster recovery plan? 2:35 - Beginning a disaster recovery plan3:24 - How to work in disaster recovery5:04 - Write a hypothetical disaster recovery plan6:04 - A disaster recovery plan resume7:08 - Futureproof your cybersecurity skills8:01 - Learn about ProServeIT– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Leigh Honeywell, CEO and founder of Tall Poppy, a security company that is building tools and services to help companies protect their employees from online harassment and abuse, talks about her career running security incident response at Slack, protecting infrastructure running a million apps at Salesforce.com, shipping patches for billions of computers on the Patch Tuesday team at Microsoft and analyzing malware at Symantec. We talk about how all of these demanding jobs prepared her for her work at Tall Poppy, get into what she learned about the intersection of First Amendment speech protections vs. online safety from working at the ACLU, why changing the culture of online harassment will probably have to be a marathon, not a sprint, and Leigh shares her experiences with several accelerator startup organizations.0:00 - Equity in cybersecurity 3:10 - Getting into cybersecurity7:15 - From physics to computer science12:30 - How Tall Poppy came to be19:26 - Technology fellow at the ACLU26:26 - What is Tall Poppy?31:20 - Social platforms and change39:53 - How to work toward equity in cybersecurity43:02 - Y combinator startup accelerator in cybersecurity 50:07 - LGBTQ+ inclusion in cybersecurity 54:27 - Learn more about Tall Poppy56:06 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

ProServeIT President Eric Sugar discusses disaster recovery planning for small and medium businesses. This is an excellent add-on episode to our third episode from way back in 2018 when Keatron Evans discussed the work of an incident responder. If your small- or medium-sized company suffers an incident, whether a breach or a ransom or just a power failure, the first thing you’re going to hope is that you have a disaster recovery plan already written and sitting in the CEO’s locked desk drawer. If not, it’s time for you to prepare and breathe easier.0:00 - Disaster recovery planning for small businesses3:12 - Eric Sugar’s start in cybersecurity 4:40 - Working at ProServeIT6:40 - Working as president of ProServeIT9:07 - What is a small or medium cybersecurity business?10:50 - How to have a disaster recovery plan14:05 - Customize your disaster recovery plan16:40 - Prioritized your disaster recovery plan18:10 - How to choose potential disasters21:28 - Examples of disaster recovery plans26:20 - Education and skills needed to work in disaster recovery31:40 - A good resume for disaster recovery35:10 - Getting promoted in discovery recovery  37:33 - What is ProServeIT?41:16 - Learn more about Eric Sugar and ProServeIT41:34 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Huxley Barbee, security evangelist at runZero, talks about the nuts and bolts of asset detection on a large scale, specifically around the U.S. federal government’s current directive. Here, we will shrink the playing field and tell newcomers to security how to do your home asset detection!0:00 - Asset detection at home1:18 - What is asset detection?2:44 - Is asset detection difficult?3:39 - Do asset detection on your network4:45 - Asset detection on a school network6:50 - How to put asset detection on your resume9:44 - What to study for asset detection roles10:31 - Learn more about runZero11:15 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Tech evangelist Huxley Barbee from runZero talks about asset detection, and yes, just asset detection. Learn about the day-to-day work of asset detection and asset mapping. Go beyond the theory and speculation about whether the U.S. federal government will implement it on time, and join Barbee as he walks you through how it’s all done and what you need in order to do it well.0:00 - Asset detection and asset mapping 2:56 - Getting into cybersecurity 4:12 - Shifting roles in cybersecurity to evangelist6:02 - What does a security evangelist do?8:30 - What is BSides NYC?14:41 - Planning in cybersecurity assets22:50 - Tools and techniques of asset inventory32:13 - The importance of asset discovery34:25 - Skills needed to work in asset detection37:32 - Cybersecurity starts and ends with assets42:22 - What does runZero do?44:44 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

CAT Labs CEO and founder Lili Infante worked as a special agent for the U.S. Department of Justice for 10 years specializing in cryptocurrency’s use in dark web investigations. Infante gives us the insider’s view of dark web investigations, why it’s so difficult to prosecute dark web actors when anonymity extends up and down the hierarchy, the current state of dark web markets, and the rise of state-sponsored crypto crime organizations like North Korea’s Lazarus Group. Plus, Infante gives you expert advice on getting started in crypto crime investigation and forensics research! You don’t need a Tor browser for this info. 0:00 - Crypto crime in 20232:46 - How Lili Infante began in cybersecurity4:50 - Economics, bitcoin and crypto9:20 - Liberal arts education and cybersecurity14:05 - Taking on dark web cases17:30 - What the dark web market is like20:24 - Neutralizing a dark web market24:00 - Main threats of crypto threats and fraud 26:50 - State-sponsored crypto theft28:45 - Why begin CAT Labs35:40 - Day-to-day CAT Labs CEO work41:30 - How to work in crypto crime45:40 - CAT Labs' future46:58 - Learn more about Infante47:43 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

James Stanger, chief technology evangelist at CompTIA, discusses CompTIA's Cloud+ certification and why security professionals must consider adding it to the certification toolbox.0:00 - CompTIA Cloud+ certification 1:06 - Benefits of Cloud+3:24 - Cloud+ is vendor agnostic6:27 - Preparing for Cloud+8:43 - Cloud+'s future  11:18 - Good Cloud+ training   12:50 - How to study for Cloud+14:26 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Leonid Belkind is the chief technology officer (CTO) and co-founder of Torq, a no-code security automation platform. After asking him buckets of questions about the day-to-day work of a CTO in the tech field, we get into a fascinating discussion of all the ways that automation will change the work of cybersecurity, allowing professionals at all stages to work on higher-order problems. At the same time, the great automated data sifters do high-speed data analysis beyond our cognition. This one gets pretty heady folks, especially once we compare CTOs to orchestra conductors.0:00 - Uses of automation2:50 - How Leonid got into tech5:30 - Chief technology officer and endpoint security roles8:30 - Enpoint used during work from home10:30 - Average day as a CTO at Torq17:25 - Cybersecurity market predictions19:30 - Skills and talents that make a good CTO21:27 - Zero-trust Pentagon directive24:35 - Reframing how we view automation30:06 - Automation and disabilities33:15 - Automation's big discussions39:40 - How automation can improve jobs42:20 - How to work in automation48:02 - Communication in cybersecurity50:55 - What is Torq?53:04 - Learn more about Torq and Leonid Belkind53:42 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Jacob DePriest, GitHub’s VP, deputy chief security officer,  talks about what GitHub is, how it works and what to do with it once you start to understand it. 0:00 - GitHub fundamentals1:30 - What is GitHub?2:11 - How did GitHub get so popular?3:15 - Where to start at GitHub4:15 - How to search GitHub5:52 - Evaluating GitHub materials7:47 - GitHub shortcuts for security professionals9:03 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Dara Gibson of Optiv and the Phoenix, Arizona, branch of Women in Cybersecurity has developed and managed cybersecurity services for five years. After years of being an educator, Gibson felt the pull of cybersecurity and tech. For those of you who are thinking of making a later-in-life, life-changing career shift into cybersecurity and feeling a bit overwhelmed, do not miss this episode! Gibson strikes the perfect balance between pushing you out of the nest without pushing you off a cliff! – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Changing to a cybersecurity role from another profession2:56 - Dara Gibson’s start in cybersecurity7:28 - Guidance in cybersecurity 10:00 - Working as a cyber insurance specialist 15:00 - Phoenix Women in Cybersecurity17:06 - Where Women in Cybersecurity members come from21:00 - How to get past the HR barrier in cybersecurity 24:20 - Applying to cybersecurity jobs26:52 - Common paths in cybersecurity for job changers29:00 - Tips for cybersecurity job posting34:40 - Advice to attract women to cybersecurity36:35 - Get involved in Women in Cybersecurity 38:35 - Barriers to getting women in cybersecurity40:42 - Learn more about Dara Gibson41:15 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Paula Bratcher Ratliff owns and is president of Women Impact Tech, an organization committed to bringing women and diverse professionals into cybersecurity. They have clear goals, committed members and proven results.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Women Impact Tech3:11 - Paula's career8:30 - Entering cybersecurity from different industries11:40 - Employee retention in cybersecurity16:32 - Cybersecurity hiring improvements20:52 - Changing internal promotions28:20 - Services from Women Impact Tech32:50 - What Women Impact Tech does at events36:30 - Effective strategies to bring equity in cybersecurity 43:52 - Protecting women online47:44 - Upcoming Women Impact Tech events50:00 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Amber Schroader, CEO of Paraben, gives her best pieces of advice for the work of searching for a job in the field of digital forensics.0:00 - Get a job in digital forensics1:30 - Put your best foot forward on social media3:00 - Updating your digital forensics resume4:36 - Digital forensics interview tips5:23 - Let your personality shine6:14 - Success in your digital forensics job9:30 - Find more from Amber SchroaderAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

David Melamed of Jit brings us a new wrinkle in our ongoing series of developer security topics! Melamed says we should move beyond “shift left,” shifting the security earlier in the CI/CD pipeline, into “Born Left,” a platform in which security tools are in the hands of developers at the point of creation. Melamed talks about his early programming experiences, his Ph.D. in Bioinformatics, and the delineation of responsibilities between developers and the DevSec team. All that and a bit of CTO talk.0:00 - Moving from “shift left” to “born left”3:05 - How David Melamed got into cybersecurity6:00 - Choosing your cybersecurity job path11:15 - Daily work as a cybersecurity CTO13:02 - How to become a cybersecurity CTO15:10 - Keeping a company on track16:40 - DevSecOps shift left to born left21:08 - Born left, and overall security23:13 - Accountability for developers25:07 - Application security and born left29:33 - What will DevSecOps and born left look like in the future?31:00 - How to work in software development security34:35 - First steps to a cybersecurity development job35:30 - What is Jit?38:33 - Learn more about Melamed39:08 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Paul Giorgi of XM Cyber, a man who told me his favorite way to learn new skills is to break things and put them back together, walked me through the basics of setting up your own cybersecurity practice lab at home for not too much money. But watch out because he says that once you start, your excitement about hands-on practice and buying old servers on eBay can get overwhelming! 0:00 - Build your own cybersecurity practice lab1:30 - How to practice with a home cybersecurity lab5:48 - Resource requirements for a cybersecurity lab8:48 - Cost of a cybersecurity lab10:28 - First projects for a cybersecurity lab13:02 - Learn more about Paul Giorgi and XM Cyber13:42 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Karen Worstell is a 25-year veteran of the tech, IT and security space; she’s a senior cybersecurity strategist at VMware and a chaplain. This episode goes to many fascinating places, from her days learning coding on a TRS-80 computer, how her extremely visual and right-brained approach to learning has influenced her security journey, her experiences as a woman in the industry and how her work as a chaplain brought her back from a security industry hiatus to help people suffering chronically from burnout. There’s also a bit about XDR — and its a big deal!  0:00 - Burnout in cybersecurity 3:06 - Karen Worstell's start in cybersecurity6:11 - A family of inventors9:35 - Physical sciences and computer sciences16:00 - Work as a senior cybersecurity strategist18:18: - Working as a woman in cybersecurity 23:15 - Changes to make cybersecurity equitable31:40 - Strategies for hiring equity in cybersecurity34:00 - Burnout in cybersecurity 48:35 - Helpful cybersecurity organizations51:37 - Why is XDR so important? 56:10 - Learn more about Worstell56:44 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, Nir Valtman, CEO and co-founder of Arnica, discusses developer behavior-based security. In short, there are lots of ways that backdoors or vulnerabilities can make their way into developer code. One door we can close on these intrusions is implementing processes that detect behavior anomalies in developers. Think of your bank monitoring for unusual purchases calling you to ask whether you really just spent $300 on a bobblehead from The Last of Us that’s shipping from Brazil. If you did, not judging, full speed ahead. If not, then we’ve got a problem on our hands. Valtman explains the benefits and the limitations of behavior-based security measures, as well as tips for developers-in-training.0:00 - Developer behavior-based security 2:56 - Nir Valtman’s start in cybersecurity4:40 - Moving into the developer world 8:20 - Working as a cybersecurity CEO10:33 - A typical day for a cybersecurity CEO19:30 - Monitoring product features20:15 - DevSecOps behavior-based security27:42 - Flagging irregular online purchases30:35 - Impact of pre-fab code on behavior anomaly detection33:28 - GitHub impact on developer behavior and security38:09 - Ensuring you don’t skimp on sec in DevSecOps42:35 - What should future developers know? 44:56 - Skills and experiences for budding developers51:09 - What is Arnica?54:57 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

These days, keeping your security, IT or research team close now that more of us than ever work remotely is a challenge. How do you keep team bonds strong when your main interaction path is your tiny little colleagues trapped in little squares on a computer monitor? Susan Morrow has been managing a remote team for almost two decades. She dispenses wisdom on coordinating schedules in multiple time zones, ensuring everyone’s moving toward the same goal and helping team members of all work styles to do and feel their best. 0:00 - Cybersecurity team remote work2:30 - Remotely working with multiple teams4:16 - What doesn't work remotely? 5:51 - Avoiding remote work pitfalls7:27 - Solving team drift9:19 - Learn more from Susan Morrow9:58 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

James Stanger, chief technology evangelist at CompTIA, walks through their new Data+ certification. Infosec is proud to provide bootcamp and course training for a range of CompTIA certifications, and James helpfully breaks down the basics of data analytics, the types of learning you’ll need to engage in to pass and why security professionals have a lot more data analyst in their job role than they might think. All that, and a bit of geeking out about the humanities.0:00 - CompTIA Data+3:40 - How did James Stanger get into cybersecurity? 5:00 - From literature to IT9:50 - Working for CompTIA as a tech evangelist13:22 - What makes up a tech evangelist role?18:00 - CompTIA's new Data+ certification 26:06 - Why is Data+ important for pros?32:38 - Prerequisites for Data+ certification 40:05 - What does Data+ teach you?43:53 - Training materials for Data+ certification– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Today on Cyber Work, my guest, Jack Nichelson, wants you to know something. AI is coming! But it’s not SkyNet; it’s not the rise of the machines. Whatever unnerving story you’ve read in the past few weeks about ChatGPT and what it will or won’t do to humanity, I’d like you to join us here and get a much fuller picture of AI as a tool and our role in shaping and building it. 0:00 - ChatGPT AI2:50 - How Jack Nichelson got into cybersecurity4:45 - Types of IT cybersecurity roles6:57 - AI versus human value10:46 - Life as a CISO15:12 - The ChatGPT story19:37 - Where is AI at right now?24:20 - Actual applications of AI in the future30:04 - Areas of study to enter cybersecurity and AI34:27 - Where AI tools may lead cybersecurity 37:00 - Training for future AI malware40:20 - Software to spot AI malware44:50 - What is Inversion6?46:55 - Learn more about Jack Nichelson47:12 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Amber Schroader, CEO of Paraben, explains the different ways to pursue a career in digital forensics, like pursuing a college degree or studying toward a certification. And if a certification, which one will take you on the path you want? Schroader also talks about what doors can open for you, where to get started, and which upper-level certs you should work toward so you’re prepared for the job you want.0:00 - Breaking down digital forensics certifications 1:08 - Different ways to learn digital forensics 2:07 - Digital forensics college courses versus certifications3:45 - Main digital forensics certifications and paths5:20 - Finding a digital forensics niche6:18 - Hands-on projects for digital forensics experience7:25 - How to get started in digital forensics 8:34 - Learn digital forensics9:01 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Jacob DePriest, the VP and deputy chief security Officer at GitHub, talks about development security. In 2021, GitHub significantly ramped up its security department. DePriest told me all about the commitment to security and how you can move your organization toward a developer-focused security team. Whether you’re just hearing about GitHub now or you’re using GitHub from the moment your work day starts, you’ll want to check out this episode.0:00 - GitHub's cybersecurity strategy2:30 - How did you get into cybersecurity?5:00 - Moving up in cybersecurity8:57 - Working with NSA10:08 - Working as a chief security officer13:35 - Communication in cybersecurity 15:00 - What is GitHub?17:46 - Coding as a team19:30 - GitHub's security team21:18 - Security threats GitHub faces22:28 - GitHub's role in software security 25:10 - Navigating GitHub's tools28:50 - How to study cybersecurity 30:54 - Entering software security 33:55 - Security tips for developers 36:45 - Learn more about DePriest and GitHub38:25 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Learn more about the (ISC)² CGRC certification: https://resources.infosecinstitute.com/overview/cgrc/Enroll in a CGRC boot camp: https://www.infosecinstitute.com/courses/isc%C2%B2-cgrc-training-boot-camp/Infosec instructor and returning guest Leighton Johnson talks about the recent (ISC)² CAP certification change: the Certified Authorization Professional (CAP) is now Certified in Governance, Risk and Compliance (CGRC). Why are they changing the name of the CAP certification? Is the CAP content going to change as well? What does this mean for the future? Let’s figure this out together.0:00 - CAP vs. CGRC certification1:40 - What jobs require a CGRC certification?2:50 - Why change the CAP name to CGRC?4:17 - Is CAP exam content different from CGRC?6:00 - Should I upgrade CAP to CGRC?7:35 - Study tips for the CGRC exam9:13 - Learn more about CGRC9:53 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Yossi Appleboum, CEO of Sepio, talks about Cybersecurity and Infrastructure Security Agency (CISA)’s operational directive for non-military federal agencies to adopt a strict set of asset visibility and vulnerability detection system starting as early as April of 2023. Yossi discusses this directive, saying that it takes FCEB agencies out of the cybersecurity stone ages and into the future. Can it work in such a short time frame? Yossi has thoughts! 0:00 - Asset visibility and vulnerability detection3:10 – First getting into cybersecurity 6:21 – Co-founding cybersecurity companies9:30 – What it’s like as CEO of a cybersecurity company13:00 – Ambassador of the Global Cyber Alliance15:32 – CISA’s operational directive for federal agencies 19:25 – What are asset management and vulnerability?24:40 – What comes after asset protection? 28:40 – CISA’s deadline for asset visibility compliance30:40 – Job outlook for asset visibility and vulnerability detection35:07 – Work experience needed for asset visibility roles36:30 – How to work in asset visibility40:04 – How will this CISA directive change cybersecurity?41:50 – What is Sepio? 43:56 – Learn more about Yossi Appleboum44:50 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec Skills author and Paraben founder and CEO Amber Schroader talks about how to quickly and inexpensively set up your own home digital forensics lab. 0:00 - Creating your digital forensics lab1:00 - Benefits of your own digital forensics lab1:40 - Space needed for digital forensics lab2:30 - Essential hardware needed for a forensics lab5:01 - Important forensic lab upgrades5:42 - Running your forensics lab6:51 - Forensic lab projects7:35 - Getting into forensic labs8:04 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Venafi solutions architect Steve Judd talks about the recent directive from the Pentagon that a zero-trust policy be implemented at the Department of Defense in the next four years. Is this a workable deadline? What are the hurdles to be jumped? Judd also tells me what a solutions architect does and why he thinks it’s the most fun job in cybersecurity. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Pentagon’s zero-trust policy and DoD2:22- How did you get into cybersecurity?5:10 - Cybersecurity solution architect work9:05 - Scope of zero-trust policy16:00 - Getting ahead of the zero-trust policy17:49 - What skills do zero-trust make mandatory?19:37 - New jobs via zero-trust23:44 - DevOps and DevSecOps28:48 - Areas of studies to emphasize31:00 - Things not to study in cybersecurity38:00 - What is Venefi40:05 - Learn more about Steve Judd40:36 - OutroAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Paul Giorgi of XM Cyber helps us wrap up 2022 by discussing some of the most unusual and complex attack paths he and XM have seen in the past year. We discuss some of the most common breaches and methods, as well as several attack paths that are the very definition of “taking the scenic route,” which is, of course, why they worked so long. Also, tune in for some great advice about getting involved in risk management and access management.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Unusual attack vectors in 20223:00 - First getting into cybersecurity6:35 - What is a sales engineer? 11:50 - Average workday as director of sales15:30 - Strangest attack vectors of 202220:08 - Lessons learned in 2022 cybersecurity 22:06 - DoD and zero trust24:32 - Successful security attacks31:30 - The uber breach and security landscape36:01 - Smart cars and cybersecurity 39:03 - Working in cybersecurity solutions42:21 - Learn about XM Cyber46:27 - Learn more about Paul Giorgi47:04 - Outro About InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Infosec Skills author Leighton Johnson talks about major changes to CISM in 2022. CISM has shifted qualitatively from the “Manager” side of the cert name to the “Security” side.0:00 - Changes to CISM's focus2:21 - Why did CISM's focus change?3:43 - How to study for the new CISM changes6:47 - Important CISM skills to know8:28 - Find Leighton Johnson9:31 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

A.N. Ananth of Netsurion joins us to talk about the future of SOCs. Security operations centers used to look more like bunkers crowded with network traffic analysts who rarely got to see the sun. Ananth sees the Covid-induced era of remote SOCs to be a new reality but also a way to bring new professionals in from small towns are far-away locations, making it a partial fix to the security skills gap.0:00 - Changes to SOC2:59 - How A.N. Ananth got into cybersecurity 4:07 - Ananth's projects and career6:25 - Management in cybersecurity 8:40 - What is the SOC?11:08 - How large is a SOC team? 14:30 - The SOC mentality 17:07 - Remote SOC work18:52 - Security challenges for remote SOC work20:55 - Bringing in new SOC talent 23:13 - How to get your foot into cybersecurity28:53 - What should be on a SOC resume?32:00 - What is Netsurion34:00 - Connect with Ananth 34:57 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.

Cyberis’ Matt Lorentzen talks all things pentesting, red teaming, the changing roles that red teaming has in fine-tuning and interrogating modern security and why you don’t have to stop doing the fun stuff even when you’re climbing the career ladder. 0:00 - Intelligent pentesting, red teaming and modern security2:30 - Matt Lorentzen's interest in cybersecurity3:51 - What is a security consultant8:02 - Pentesting and red team operations 10:30 - Continued learning in cybersecurity 15:54 - Read teaming and testing cyberattacks21:40 - Intelligence-driven red teaming23:40 - Surprising attack vectors 26:53 - Common gaps in cybersecurity 28:46 - School systems and cybersecurity 32:33 - Adjustments to cybersecurity for school systems36:14 - How to get into pentesting and red teaming44:28 - Cybersecurity threats in the next decade46:43 - What is Cyberis? 48:02 - Learn more about Matt Lorentzen 48:38 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Whether you’re studying for the CEH, CISSP, Pentest+, or even the Security+, there’s always one question about cryptography, and it’s easy to miss! Want to hear a cool trick to keep symmetric and asymmetric cryptography straight in your head? Keatron Evans has one, and he told it to me — stay tuned and listen closely because it’s a Cyber Work Hacks!0:00 - Cryptography exam tips0:23 - Certifications with cryptography questions1:15 - Symmetric versus asymmetric cryptography3:40 - Learn more about cryptography4:50 - Find and learn from Keatron EvansAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Returning guest Ken Jenkins stops by to talk about his work as the head coach of the US Cyber Games. If you’re intrigued by this emerging e-sport, you will want to keep it here: Jenkins discusses the selection process for the athletes, the roles of the coaches and mentors, and the intense, real-time collaboration going on during the competitions. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - US Cyber Games 3:38 - How does the security scorecard work9:06 - Ken Jenkin's typical workday12:20 - Head coach at the US Cyber Games18:20 - How do Cyber Games teams work? 20:50 - Cyber Games events21:28 - Cyber Games draft26:30 - Challenges for Cyber Games teams30:00 - The makeup of a Cyber Games team32:46 - Cyber Games participation explained38:35 - Cyber Games red teaming41:13 - How to get into the Cyber Games44:31 - How Cyber Games translate to real-world skills48:27 - Tackling a new cybersecurity challenge51:12 - Follow the US Cyber Games55:05 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Ameesh Divatia, CEO of Baffle, Inc., talks about data privacy, data security, cloud security and how a skillset in the middle of that triangle will be your best asset in the years to come. All that, and a little bit of local-focused philanthropy. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Data privacy, data security and cloud security 2:43 - Ameesh Divatia's start in cybersecurity7:13 - Founding cybersecurity companies10:19 - Security innovation12:41 - Cybersecurity regulatory compliance17:00 - Transferring skills to data security21:23 - Cybersecurity interviews and knowledge25:03 - Data privacy policies 27:44 - Data privacy requirements30:22 - Confluence of data privacy, security and cloud33:32 - Volunteering on a city's technology council41:02 - What is Baffle?44:11 - Connect with Divatia 44:43 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Michael Wilkinson leads the digital forensics and incident response team at Avertium. The team is dedicated to helping clients investigate and recover from IT security incidents daily. Wilkinson talks about threat research, the threat of Vice Society, how K-12 cybersecurity can improve and much more. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Digital forensics and incident response 3:12 - Getting interested in computers6:00 - How had digital forensics changed over the years9:03 - Handling overwhelming amounts of data12:53 - The threat of Vice Society 17:20 - Why is Vice Society targeting K-12?19:55 - How to minimize damage from data leaks24:25 - How schools can improve cybersecurity25:54 - What schools should do if cyberattacked 31:36 - How to work in threat research and intelligence34:42 - Learn more about Avertium36:40 - Learn more about Mike Wilkinson37:08 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Tony Cook of GuidePoint Security knows a lot about threat intelligence and incident response. But he’s also used these skills while working in ransomware negotiation! Cook has handled negotiations for all the big threat groups — REvil, Lockbit, Darkside, Conti and more — and he told me about what a ransomware negotiator can realistically accomplish, which threat groups are on the rise, and why negotiating with amateurs is sometimes worse and harder than dealing with elite cybercriminals.  – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Ransomware negotiating 2:42 - How Tony Cook got into cybersecurity4:00 - Cook's work at GuidePoint 9:31 - Life as a ransomware negotiator 11:41 - Ransomware negotiation in 202213:52 - Stages of a successful ransomware negotiation 15:23 - How does ransomware negotiation work?19:11 - The difference between threat-acting groups20:43 - Bad ransomware negotiating22:43 - Ransomware negotiator support staff25:21 - Ransomware research26:26 - Is cyber insurance worth it? 29:14 - How do I become a ransomware negotiator? 32:25 - Soft skills for a ransomware negotiator33:46 - Threat research and intelligence work37:45 - Learn more about Cook and GuidePoint38:17 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Infosec instructor and 40-year cybersecurity veteran Leighton Johnson talks to us about all things CMMC. After last year’s attempted rollout, CMMC pulled back and retooled its entire framework. But why? Johnson gives you all the details, including how to train to be a CMMC-certified auditor.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - CMMC in 20223:12 - Getting started in cybersecurity4:15 - How to be CMMC compliant5:15 - The evolution of CMMC7:18 - CMMC compliance timeline10:28 - Being assessed for CMMC compliance14:30 - Becoming a CMMC auditor 18:08 - What if you don't meet CMMC compliance?21:40 - Skills comparable with the CMMC auditor 23:25 - Evaluating your company and CMMC needs28:54 - CMMC auditor job opportunities31:03 - How to become a federal CMMC auditor35:04 - What is ISFMT?37:47 - Learn more about ISFMT and Johnson38:18 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Lisa Tetrault of Arctic Wolf talks about the adhesives that hold cybersecurity together: communication, collaboration and strong teamwork. First, Tetrault discusses how public speaking at conferences and events made her a better cybersecurity professional; second, she talks about how her work mentoring cybersecurity students helps them fast-track their way into the cybersecurity community; and third, with her work in organizations with Women in Cyber and siberX, she helps bring diverse cybersecurity professionals into the community, build stronger, more multi-faceted teams, and with them, a more multi-faceted face of the industry! – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Public speaking in cybersecurity 3:17 - Getting into cybersecurity via Atari4:59 - Network analyst to technician and more9:10 - Cybersecurity public speaking19:30 - How to promote yourself as a speaker22:27 - Learn how to speak in cybersecurity25:25 - Mentoring cybersecurity students32:30 - Gender diversity in cybersecurity 36:14 - Where cybersecurity fails job mobility38:29 - Cybersecurity diversity initiatives in 10 years39:17 - Learn more about Lisa Tetrault 40:04 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Susan Morrow returns for her fourth time on the Cyber Work Podcast and the first since 2019. Morrow, simply put, is plugged into every aspect of digital identity currently being discussed, and she takes us deep into the security, ethical, practical and UX hurdles of current identity practices and gives us both an optimistic and pessimistic version of the digital identity practices in 10 years. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Digital identity 3:00 - Current digital identity concerns7:07 - Complicating digital identity8:22 - Digital identity and daily work13:00 - Secure coding14:03 - Biggest problems in identity20:54 - Competing identity systems24:50 - How identity affects other areas28:52 - The tech and processes of identity30:04 - Identity in the next decade34:24 - Jobs in identity40:00 - Identity evangelist 42:20 - Women in identity 45:-02 - What is Avoco Secure?47:28 - Learn more about Susan Morrow48:40 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Stephen Cavey, co-founder and chief evangelist of Ground Labs, talks about the jagged jigsaw puzzle of data collection, data privacy and the dozens — if not hundreds — of privacy regulations and frameworks that govern them. Cavey and I talk about the bad old days of indiscriminate data collecting and grossly insecure payment process. We also address the places where the privacy experts of the future will shape the use and protection of personal data in all industries.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Bad data privacy protocols2:36 - How Stephen Cavey got into cybersecurity4:55 - Shifting into cybersecurity privacy8:30 - Business hurdles in cybersecurity 13:10 - Why do companies store my data? 20:20 - Breaking cybersecurity privacy law25:45 - International privacy laws28:07 - A universal privacy doctrine 31:30 - Principles for collecting user data34:22 - Skills for working in data privacy37:44 - Data privacy officer work39:25 - The future of data collection and privacy42:08 - What is Ground Labs? 43:30 - Learn more about Cavey and Ground Labs43:43 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Noriswadi Ismail of Breakwater Solutions and the Humanising 2030 campaign joins us to talk about privacy as it pertains to international business, cybersecurity and why it’s important not just to learn the certification variants but also the cultural variants that shape them. And via the Humanising 2030 campaign, Noriswadi and colleagues hope to bring a more ethical and diverse approach to programming and guiding AI in the coming decade. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Privacy and international business2:53 - Noriswadi's first interest in tech6:38 - A path toward patent law11:32 - Managing director at Breakwater16:05 - State of international security and risk plans18:52 - Certifications internationally22:58 - Experience versus certification25:40 - Humanising 203029:24 - AI bias and geopolitical impact32:30 - Diversity and including in cybersecurity38:23 - Other goals of Humanising 203041:22 - What is Breakwater Solutions? 44:44 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Dave Monnier of Team Cymru talks about the state of attack surfaces, the strengths and shortcomings of attack surface managers and why something we refer to as a “soft” skill might be the hardest skill of all! Plus, we touch on shadow IT.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Attack surfaces 2:55 - Dave Monnier's first interest in cybersecurity7:30 - Instinctual cybersecurity learning9:20 - Monnier's work as a chief evangelist 14:00 - Cybersecurity soft skills16:30 - What are attack surface managers? 28:25 - ASM 1.0 to ASM 2.032:22 - State of attack surfaces34:58 - Asset infrastructure in your business40:00 - Key skills cybersecurity novices need43:07 - Learning in cybersecurity 45:42 - Learn more about Team Cymru47:19 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today on Cyber Work, Giora Engel of NeoSec talks about securing APIs. Find out why APIs are the new network, why their very nature makes them vulnerable to abuse and how to position yourself as an authority in the ever-growing field of API security. All that and a little entrepreneur talk.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - API security and PII2:40 - Giora Engel’s cybersecurity beginning4:20 - Israeli Defense Force and CEO of NeoSec5:22 - Starting a cybersecurity company9:20 - What is API security?13:15 - Misconfiguration errors in API17:21 - API and privacy regulation20:02 - How to work in API security22:06 - Security plan for PII24:44 - Skills and experience needed to work in API security27:10 - API hiring practices28:58 - Fragility of API31:07 - What is NeoSec?32:35 - Learn more about NeoSec and Engel32:55 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Mathieu Gorge of VigiTrust talks about the Marriott Hotel data breach that happened back in June, including the facts of the event and why once-per-year security awareness training isn’t enough when many employees only work seven months of the year. He also offers some privacy tips that will keep your hotel system privacy compliant under a whole host of different compliance frameworks.  – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Security awareness and data breaches2:50 - Elephant in the boardroom book5:42 - Gorge's latest projects and book9:38 - Hacking of the Marriott Hotel19:22 - Marriott's privacy and data collection policies23:20 - Ensuring data privacy worldwide 30:13 - How hotel franchises handle security34:32 - Skills needed for securing the hotel industry38:12 - What is DigiTrust?41:20 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today's Cyber Work Podcast features Dr. Chanel Suggs, the Duchess of Cybersecurity®. Dr. Suggs is a teacher, business owner and thought leader and has appeared on TV and podcast platforms around the world to talk about cybersecurity and the hacker mentality. She also had an incredibly challenging and seemingly insurmountable upbringing. Her tumultuous story can be found in her book, “Against All Odds: Overcoming Racial, Sexual and Gender Harassment on the Digital Battlefield.” This episode contains a lot of heartbreak and some challenging stories, as well as incredible insights and some thoroughly important takeaways. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Free cybersecurity training resources0:56 - Overview of today's episode1:58 - Who is Chanel Suggs, the Duchess of Cybersecurity?3:12 - Overcoming family obstacles4:50 - What drew her to a career in cybersecurity8:10 - First steps to learning IT and cybersecurity10:45 - Earning cybersecurity certifications12:20 - Making a cybersecurity training "dungeon"14:40 - Workplace abuse and harassment18:28 - Issues with hiring diverse candidates22:23 - What is Wyvern Security?27:25 - Changing the workplace culture32:47 - Social media is key to finding diverse candidates36:55 - Preventing burnout with employees40:10 - Advice on earning advanced degrees42:03 - Contract work vs. full-time employee43:34 - Free resources and services44:52 - What's Chanel Suggs book about?47:48 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Learn all about emergency response — and the myriad techniques and skills that term implies — in today's episode featuring Christopher Tarantino, CEO of Epicenter Innovation. Is there a physical security component? Yes! Is there a cybersecurity component? Big time! Is there an educational element? Absolutely! Find out how disaster planning, preparation, remediation and post-event rebuilding and improvement are all opportunities to strengthen your security posture.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Free cybersecurity training resources0:56 - Overview of today's episode1:47 - Who is Christopher Tarantino?3:25 - What does an emergency response team do?4:38 - Resilience in emergency response7:45 - Importance of boring innovation9:30 - Higher ed emergency response example13:13 - Healthcare, higher ed and government resilience16:00 - Years-long education around disasters21:03 - Biggest cybersecurity blind spots25:00 - Skills required for emergency response careers30:00 - Importance of communication across community35:50 - Transitioning careers from cybersecurity to emergency response44:10 - Learn more about Epicenter Innovation44:35 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

If you want to learn more about working with operational technology (OT) and internet-connected devices, then don't miss today's episode with Francis Cianfrocca, CEO of Insight Cyber Group. He discusses security problems around OT and IoT systems and shares some surprising stories of intruders in the electrical grid. He also talks about why it’s so hard to secure a set of machines that often pre-date computer technology and the small changes in your community that can make huge differences in the entire security industry. – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Free cybersecurity training resources0:56 - Overview of today's episode1:48 - Who is Francis Cianfrocca and Insight Cyber? 2:15 - Getting into tech and cybersecurity4:13 - Francis' job roles and companies5:22 - Early days of ICS systems security10:15 - CEO duties at a cybersecurity startup 12:19 - Why is infrastructure security so bad?16:05 - Different approaches needed for ICS and IOT systems20:23 - Catching intruders early on with industrial systems22:45 - Using artificial intelligence in ICS security24:50 - Bad actors are really good at reconnaissance27:20 - ICS and IOT environments cannot have downtime30:00 - Asset and behavioral inventory is difficult31:42 - Real-world examples of rogue ICS software36:30 - ICS vs. IOT security42:57 - How to promote industrial security careers46:07 - Impact of AI on cybersecurity careers48:40 - Preparing for an ICS cybersecurity career51:07 - What's Insight Cyber working on?52:45 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Last year, Cyber Work Live brought you into the world of cybersecurity project management — with tips for acquiring your skills, improving your resume and getting your foot in the door. But what does the day-to-day work of cybersecurity project managers look like?Jackie Olshack and Ginny Morton return to answer that question. They’ll also share experiences they’ve gained while working on some of their biggest projects!– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro0:50 - Who is Jackie Olshack? 1:24 - Who is Ginny Morton? 2:52 - Can non-technical PMs move into the tech space?8:50 - Best way to manage projects with limited resources13:30 - What certificates are needed for project management jobs?18:52 - How do you kick off a cybersecurity project?28:41 - How do you keep the project on schedule?34:15 - Tips for networking in remote working situations36:55 - Dealing with slowdowns and delays in projects43:35 - Importance of a supportive environment in projects47:40 - Dealing with delays from other teams in projects50:35 - Tips for managing multiple projects at once55:35 - How can teams support their project manager56:35 - Transitioning into a cybersecurity career59:00 - Outro and Infosec Skills giveawayAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today's episode, our old pal John Wagnon, Infosec Skills author and keeper of the secrets of OWASP, joins me to talk about the big changes in the OWASP Top 10 that happened at the end of 2021, his own class teaching the Top 10, and some job tips, study hints and career pivots for people interested in these vulnerabilities. Find out why access managers are going to rule the world someday! – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Free cybersecurity training resources0:56 - Overview of today's episode1:43 - Who is John Wagnon? 2:50 - Working in cybersecurity and teaching OWASP4:18 - What is the OWASP Top 10?7:51 - How did the OWASP Top 10 change in 2021?15:48 - Why do these security issues never go away?19:06 - Cybersecurity roles using the OWASP Top 1023:43 - What's covered in John's OWASP Top 10 courses?26:42 - How to get hands-on cybersecurity experience30:24 - Vulnerability-related cybersecurity career paths34:16 - What is John working on with Infosec and Fortinet?35:37 - Using your career as a learning opportunity37:16 - Learn more about John Wagnon and OWASP38:30 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today on the Cyber Work Podcast, Mark Kapczynski of OneRep reminds us of an awful truth most people either don’t know or don’t like to think about. Your personal information — your address, your phone number, your age — all of these things are on the public internet! Mark talks about OneRep’s mission to scrub personal information from these sites, suggests changes that could help prevent this problem, and shares ways you could base a career in this fight for data privacy and autonomy. All that and a detour into grade-school home computer shenanigans on today's episode.– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Free cybersecurity training resources0:56 - Overview of today's episode1:50 - Who is Mark Kapczynski? 2:44 - Data breaches are a way of life3:36 - Getting started in IT and cybersecurity5:41 - Helping the film industry go digital7:31 - Transitioning industries from paper to digital9:53 - What types of personal data are on the internet?12:40 - How people search sites sell PII and make money14:50 - How to get personal information removed from sites18:07 - What type of services does OneRep offer?19:19 - How is public personal data used in cybercrime?23:01 - How can consumers limit personal data exposure?26:38 - Regulatory changes needed to protect personal data29:00 - Who owns your personal data?30:55 - Web 3.0, smart contracts and other tech needed33:58 - Jobs and careers related to data privacy36:38 - Every professional needs to understand data39:50 - What makes a data professional's resume stand out?41:50 - What is OneRep?44:30 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today's episode is all about email fraud. John Wilson, head of the cyber intelligence division at Agari by HelpSystems, discusses Business Email Compromise (BEC), spearphishing, whaling, romance fraud and more. If you can name it, John’s studied it. And he's likely collected intel that’s managed to freeze cybercriminals’ assets — and even put them away. He gives career tips and advice for engaging in threat research at all levels, we discuss the pyrrhic victory that is the modern spam filter, and John tells me why BEC fraud hunters’ best asset is a degree in psychology! All that and loads more, today on Cyber Work! – Get your FREE cybersecurity training resources:  https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Free cybersecurity training resources0:58 - Overview of today's episode1:58 - Who is John Wilson? 3:02 - Getting into cybersecurity4:58 - How spam has evolved over the years8:12 - Why pursue a career in fraud?11:10 - 3 primary vectors for email attacks15:20 - Is BEC ever an insider threat?16:16 - Is education making a difference on BEC attacks?20:55 - Tracking down BEC actors and recovering assets23:50 - Two angles to preventing BEC attacks29:12 - Careers related to BEC and phishing prevention34:42 - How to gain cybersecurity experience and get hired37:25 - Agari and email fraud protection42:16 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today's episode, we're breaking down phrases you've heard a million times: “security is everyone’s job,” “humans are the weakest link in the security chain,” “it’s not if you get breached, but when.” Returning guest Alyssa Miller drills into these comforting nostrums and explains why, even when they’re used for well-intended purposes, they often act to limit the conversation and the options, rather than address the hard work needed to overcome these evergreen problems. You’re not going to want to miss this one, folks! It’s all that, plus a little bit of book talk, today on Cyber Work! – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast– Get the Cybersecurity Career Guide by Alyssa Miller: https://alyssa.link/book0:00 - Intro1:38 - Alyssa's tweet that inspired this episode4:00 - Why you need to read the Cybersecurity Career Guide9:10 - Cybersecurity platitudes and clichés11:30 - Cliché 1: "It's not if you get breached, but when"18:44 - Cliché 2:"Just patch your shit"24:58 - Cliché 3: "Users are the weakest link"32:34 - Cliché 4: "Security is everyone's job"35:52 - Cliché 5: What is a "quality gate"?44:14 - Cliché 6: "You just need passion to get hired"48:14 - How to write a better cybersecurity job description 50:15 - Business value of diversity and inclusion52:52 - Building a security champions program55:12 - Where can you connect with Alyssa Miller?56:44 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Secure coders are responsible for developing and writing secure code in a way that protects against security vulnerabilities like bugs, defects and logic flaws. They take proactive steps to introduce secure coding methodologies before the application or software is introduced into a production environment, often following recommendations from the Open Web Application Security Project (OWASP) Foundation.– Free cybersecurity training resources: https://www.infosecinstitute.com/free– Learn more here: https://www.infosecinstitute.com/skills/train-for-your-role/secure-coder/0:00 - Intro0:25 - What does a secure coder do?5:48 - How do you become a secure coder?9:46 - What skills do secure coders need?12:28 - What tools do secure coders use?17:08 - What roles can secure coders transition into?19:50 - What to do right now to become a secure coderAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Diana Kelley returns to the show to discuss her work as a board member of the Cyber Future Foundation and the goings-on at this year’s Cyber Talent Week. Whether you’re a cybersecurity hiring manager who doesn’t know why you’re not getting the applicants you want, a candidate who hears the profession has 0% unemployment but still can’t seem to get a callback or anyone in between, DO. NOT. MISS. THIS. EPISODE. This is one for the books, folks. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Cybersecurity hiring and job searching4:30 - Diana Kelley of Cyber Future Foundation9:00 - Cyber Future Foundation talent week13:58 - Reexamining cybersecurity job descriptions 21:52 - Cybersecurity hiring manager and applicant training27:10 - Strategies to bring in diverse talent from other industries33:06 - Narrowing your cybersecurity job pursuit39:37 - Using different educations in cybersecurity roles41:32 - Implementing an educational pipeline44:40 - Hiring based on strong skills from other trades48:22 - Cybersecurity apprenticeships 53:22 - Fostering cybersecurity community value 59:09 - Diana Kelley's future projects1:00:30 - Outro

Today on Cyber Work Ché Wijesinghe of Cape Privacy talks about the safe and ethical collection of user data when creating machine learning or predictive models. When your bank is weighing whether to give you a loan, they can make a better choice the more info they know about you. But how secure is that contextual data? Hint: not as secure as Wijesinghe would like! – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Machine learning and data collection2:37 - Getting started in cybersecurity3:15 - Being drawn to big data4:35 - What data is driving decision-making?9:04 - How is data collection regulated?15:02 - Closing the encryption gap16:50 - Careers in data privacy19:07 - Where can you move from data privacy?21:20 - Ethics of data collection 23:25 - Learn more about Wijesinghe 23:55 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

A Privacy Manager is responsible for the development, creation, maintenance and enforcement of the privacy policies and procedures of an organization. They ensure compliance with all privacy-related laws and regulations. The Privacy Manager takes an active lead role when a privacy incident or data breach occurs and will start the investigation. They will then monitor, track and resolve any privacy issues. The Privacy Manager builds a strategic and comprehensive privacy program for their organization that minimizes risk and ensures the confidentiality of protected information.Advanced knowledge of privacy law and data protection is critical to success in this role.– Free cybersecurity training resources: https://www.infosecinstitute.com/free- Learn more about privacy managers: https://www.infosecinstitute.com/role-privacy-manager/0:00 - Working as a privacy manager0:40 - What does a privacy manager do? 3:02 - Experience a privacy manager needs5:15 - Is college necessary for a privacy manager?8:05 - Skills needed to be a privacy manager10:30 - What tools does a privacy manager use?11:15 - Where do privacy managers work? 12:15 - Roles privacy managers can move to13:30 - How do I get started becoming a privacy manager?About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Just getting started?  This role is for you!The Cybersecurity Beginner role focuses on the foundational skills and knowledge that will allow anyone to take the first step towards transitioning into a cybersecurity career.  No prior knowledge of cybersecurity or work experience is required. The only prerequisite is a passion for technology and cybersecurity.– Free cybersecurity training resources: https://www.infosecinstitute.com/free– Learn more about the role here: https://www.infosecinstitute.com/role-cybersecurity-beginner/0:00 - Working as a cybersecurity beginner0:41 - Tasks a cybersecurity beginner may take on4:15 - Cybersecurity work imposter syndrome5:49 - Common tools cybersecurity beginners use9:08 - Jobs for cybersecurity beginners13:50 - Get started in cybersecurity About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Industrial control system (ICS) security practitioners are responsible for securing mission-critical SCADA and ICS information systems. They are responsible for restricting digital and physical access to ICS devices, such as PLCs and RTUs, to maximize system uptime and availability. Extensive knowledge of OT and IT protocols, incident response, Linux and Windows OS, configuration management, air-gapped or closed networks, insider threats and physical security controls are important competencies for any ICS security practitioner.– Free cybersecurity training resources: https://www.infosecinstitute.com/free– Learn more about ICS security practitioners: https://www.infosecinstitute.com/skills/train-for-your-role/ics-security/O:00 - ICS security practitioners 0:25 - What is an industrial control system practitioner?2:22 - How to become an ICS practitioner 4:00 - Education required for an ICS practitioner 5:00 - Soft skills ICS practitioners need6:05 - Common tools ICS practitioners use 7:59 - Where do ICS practitioners work? 10:05 - Can I move to another role after ICS practitioner? 12:18 - Getting started as an ICS practitioner About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Join Infosec Skills authors Chris Stevens, John Bandler and Ralph O’Brien as they discuss the intersection of privacy and cybersecurity. They’ll help you walk a path that will lead to an engaging career as a privacy specialist — a job role that grows with more opportunities year after year!This episode was recorded live on April 12, 2022. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/.0:00 - Intro and guests3:45 - What is privacy as a career? 8:15 - Day-to-day work of a cybersecurity privacy professional?16:45 - Intersection of law and tech degrees20:30 - What beginner privacy certifications should I pursue? 25:45 - Best practices for studying for IAPP certifications33:00 - How to gain experience in cybersecurity privacy work40:27 - How to interview for a cybersecurity privacy job45:00 - GDPR and ransomware 51:52 - Implementation of privacy laws and security positions 58:15 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Security engineers are responsible for implementing, and continuously monitoring security controls that protect computer assets, networks and organizational data. They often design security architecture and develop technical solutions to mitigate and automate security-related tasks. Technical knowledge of network/web protocols, infrastructure, authentication, log management and multiple operating systems and databases is critical to success in this role.– Free cybersecurity training resources: https://www.infosecinstitute.com/free– Learn more: https://www.infosecinstitute.com/skills/learning-paths/security-engineering/0:00 - What is a security engineer? 3:39 - How do I become a security engineer? 4:52 - Studying to become a security engineer5:47 - Soft skills for security engineers7:05 - Where do security engineers work? 9:43 - Tools for security engineers12:10 - Roles adjacent to security engineer 13:15 - Become a security engineer right nowAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Information risk analysts conduct objective, fact-based risk assessments on existing and new systems and technologies, and communicate findings to all stakeholders within the information system. They also identify opportunities to improve the risk posture of the organization and continuously monitor risk tolerance.– Free cybersecurity training resources: https://www.infosecinstitute.com/free– Learn more: https://www.infosecinstitute.com/skills/train-for-your-role/information-risk-analyst/0:00 - Information risk analyst career0:30 - Day-to-day tasks of an information risk analyst2:09 - How to become an information risk analyst4:00 - Training for an information risk analyst role5:42 - Skills an information risk analyst needs9:24 - Tools information risk analysts use10:51 - Jobs for information risk analysts 13:08 - Other jobs information risk analysts can do18:05 - First steps to becoming an information risk analystAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Moshe Zioni of Apiiro talks about threat research and how to properly report discovered code vulnerabilities. We discuss the ways that vulnerabilities can find their way into code despite your best intentions, the difference between full disclosure and responsible disclosure, and being in the last generation to still grow up before the internet changed everything. – Free cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Cybersecurity threat research 2:21 - Getting interested in computers3:25 - Penetration testing and threat research 6:15 - Code vulnerabilities 10:58 - Research process for vulnerabilities 17:05 - Proper reporting of threats23:11 - Full disclosure vs proper disclosure25:53 - Current security threats30:20 - Day-to-day work of security researchers 32:02 - Tips for working in pentesting 35:32 - What is Apiiro?39:11 - Learn more about Moshe Zioni 39:42 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

TEDx speaker, security researcher, host of the podcast MiC Club and all-around expert on security awareness and social engineering, Dr. Erik Huffman, is today's guest. Huffman spoke at the 2021 Infosec Inspire virtual conference, and for those of you who were captivated by his presentation, prepare for another hour of Dr. Huffman’s insights on why we need to teach security awareness from insight, rather than fear or punishment, how positive name recognition in an email can short-circuit our common sense and how to keep your extrovert family members from answering those questions online about your first pet and the street you lived on as a child.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Clicking on phishing attacks3:13 - First getting into cybersecurity5:00 - Higher education and cybersecurity 7:41 - Cybersecurity research projects10:05 - Impacting a cybersecurity breach 11:14 - Security awareness and social engineering15:45 - Common social engineering tricks 23:00 - Changing security habits30:15 - Cybersecurity communication avenues33:30 - Getting family members cyber safe38:00 - Harvesting info via social media42:13 - Working in security awareness and threat research44:54 - Importance of white papers and documentation 55:04 - Learn more about Erik Huffman56:00 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Marcus Fowler, senior vice president of strategic engagement and threats at DarkTrace, talks about attack vectors currently facing embedded journalists, their need to be available at all times for potential sources and how that openness makes them, their company and their confidential sources potential attack vectors for cybercriminals. Fowler talks about security hardening strategies that don’t compromise journalistic availability, the work of threat research and why people with natural interests in cybersecurity will have their career path choose them, not the other way around. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Cybersecurity threats to journalists 3:00 - Getting into cybersecurity 5:50 - CIA cybersecurity training7:18 - Joining DarkTrace in engagement threat roles10:22 - Tasks with engagement threat jobs13:22 - Cybersecurity work balance17:49 - Advanced persistent threats against media23:33 - Attack vectors journalists face26:14 - Journalist cybersecurity savvy 28:08 - A truly secure journalism source 32:58 - Damage from a compromised source36:05 - Main cybersecurity threats right now38:37 - Qualifications needed to work as a threat researcher42:52 - Safe cybersecurity jobs 47:05 - What is DarkTrace?49:06 - Learn more about Marcus Fowler50:11 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Justin Pelletier is the director of the cyber range program at the ESL Global Cybersecurity Institute at the Rochester Institute of Technology. Infosec Skills has some great cyber ranges, but Pelletier shows the organization’s massive, immersive simulations. Because they’ve also included cyber range technology for beginning cybersecurity pros transitioning from other jobs, we cover what’s involved in making a good cyber range, how to break down those early barriers of fear and self-doubt and how quickly you can move into a cyber career after hands-on training. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Immersive cyber ranges3:13 - Getting into cybersecurity5:06 - Studying data breaches11:03 - Cybersecurity at the Department of Defense14:02 - Cyber range education at the RIT16:20 - Work of the Global Cyber Range24:20 - Cyber range scenarios 38:30 - What makes a good cyber range? 42:00 - Successfully getting into cybersecurity45:33 - Cyber range upskilling 48:47 - Cybersecurity hiring changes51:30 - Learn more about the cyber range center52:30 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today's podcast highlights implementation privacy, policy privacy and all things privacy with privacy expert and Infosec Skills author and instructor Chris Stevens. From his years in the government’s office of national intelligence to his multiple IAPP certifications, Stevens is happy to tell you everything you ever wanted to know about careers in privacy, around privacy and careers that would be better with a helping of privacy skills on top! – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Cybersecurity privacy 3:30 - Getting interested in cybersecurity4:40 - Cybersecurity in the Department of Defense6:00 - Computer science studies 8:50 - Cybersecurity research11:05 - Information privacy and privacy professionals14:48 - What does U.S. privacy cover?19:10 - Privacy certifications and more21:36 - Privacy differences across countries24:50 - Difference in privacy certifications27:16 - Learning about privacy30:16 - Positions available for information privacy 33:50 - Educational steps to work in privacy36:00 - Getting a job in privacy37:57 - Entry-level work in privacy roles42:44 - How to stay on track in lifelong learning46:37 - Cybersecurity education in the future48:19 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Steve Pereira of Visible Value Stream Consulting discusses DevOps, SecOps, DevSecOps and his own lifelong love of streamlining projects. You’ll hear how his dad’s job with Bell Telephone facilitated his early explorations, the intersections of DevOps and Agile, the ever-important security component of it all and why following your interests and not the big money payouts might not work in the short run, but ultimately will get you where you want to go in the end.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:35 - Cybersecurity origin story6:02 - Build and release engineering9:27 - Tech and business11:20 - DevOps projects12:10 - Automating yourself out of your job13:44 - What is DevOps?23:45 - Method for DevOps success31:47 - Development team vs security team36:03 - DevOps history and Agile44:50 - How do I work in DevOps?  52:09 - Visible Value Stream Consulting 54:42 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Digital forensics analysts collect, analyze and interpret digital evidence to reconstruct potential criminal events and/or aid in preventing unauthorized actions from threat actors. They help recover data like documents, photos and emails from computer or mobile device hard drives and other data storage devices, such as zip folders and flash drives, that have been deleted, damaged or otherwise manipulated. Digital forensic analysts carefully follow chain of custody rules for digital evidence and provide evidence in acceptable formats for legal proceedings.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– Learn more about forensics: https://www.infosecinstitute.com/skills/train-for-your-role/digital-forensics-analyst/0:00 - Intro 0:26 - What is a digital forensics analyst? 0:57 - Digital forensics specialties1:24 - How to become a digital forensics analyst2:17 - Skills needed to be a digital forensics analyst 3:34 - Common tools for a digital forensics analyst 4:42 - Using digital forensics tools 5:17 - Digital forensics analyst jobs6:30 - Moving from digital forensics to new roles7:17 - Get started in digital forensics8:18 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Infosec Skills author Mike Meyers of Total Seminars joins me to discuss three foundational certifications that will start you on just about any path you want to go. Specifically, the CompTIA A+, Network+ and Security+ certifications. Meyers dispenses tough love for people who want someone else to map their career for them, talks up the benefits of vendor-neutral certs and blows my mind by comparing certs with car windshield wipers. Intrigued? You should be! That’s all today, on Cyber Work! – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:00 - Beginning in cybersecurity 3:23 - Why teach cybersecurity? 5:54 - Why CompTIA?6:57 - Start vendor neutral with cybersecurity certification 12:10 - Being diverse in cybersecurity is essential 13:35 - Why A+, Network+ and Security+?25:53 - Guiding your cybersecurity career30:05 - Where to learn cybersecurity skills42:02 - Cybersecurity job dilution 44:20 -  Where do I begin my cybersecurity career?48:32 - Using the Infosec Skills platform49:38 - Mike Meyers' next projects51:30 - What is Total Seminars?52:12 - Learn more about Meyers and Total Seminars53:23 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Security Architects are responsible for planning, designing, testing, implementing and maintaining an organization's computer and network security infrastructure. Security Architects develop information technology rules and requirements that describe baseline and target architectures and support enterprise mission needs. Advanced technical knowledge of network/web protocols, infrastructure, authentication, enterprise risk management, security engineering, communications and network security, identity and access management, and incident response, is critical to success in this role.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– Learn more about the role of security architect: https://www.infosecinstitute.com/skills/train-for-your-role/security-architect/0:00 - Intro 0:31 - What is a security architect? 1:07 - How to become a security architect2:15 - What certifications should a security architect get? 3:07 - Skills a security architect needs4:07 - Learning as a security architect7:06 - Security architect tools7:58 - Where do security architects work 9:28 - Private vs federal security architects11:09 - Related roles to security architect12:12 - Start working toward security architect13:23 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Curtis Preston, aka “Mr. Backup,” has been in the backup and recovery space since 1993. He’s written four books, hosts a podcast called “Restore it all,” founded backupcentral.com and is a tech evangelist for SaaS data protection company Druva. We talk about disaster recovery, the role of good backup in ransomware situations and why the data recovery person and the information security person in your company need to become fast friends and start sharing notes. Also, why we’ve all been completely wrong about tape backup systems. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Cyber Work intro 2:40 - Mr. Backup origin story4:01 - How backup and recovery has changed7:44 - Data duplication during a disaster9:45 - Speed of data recovery changes12:47 - Benefit to physical data backups15:37 - Common long-term data backup mistakes19:04 - Other issues with data recovery23:22 - Limits of disaster recovery34:16 - Encryption options 39:44 - Jobs in data backup and recovery44:54 - Benefit to learning data backup and recovery46:53 - Data backup and recovery outlook52:52 - What is the Restore It All podcast?56:15 - What is Druva? 59:45 - Where can I learn more about Mr. Backup? 1:00:32 - Cyber Work outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Maxime Lamothe-Brassard, founder of LimaCharlie, has worked for Crowdstrike, Google X and Chronicle Security before starting his own company. This episode goes deep into thinking about your long-term career strategies, so don’t miss this one if you’re thinking about where you want to go in cybersecurity in two, five or even 10 years from now. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:56 - First getting into cybersecurity 6:46 - Working in Canada's national defense9:33 - Learning on the job10:39 - Security practices in government versus private sector13:50 - Average day at LimaCharlie16:40 - Career journey19:25 - Skills picked up at each position 23:57 - How is time length changing? 27:53 - Security tools and how they could be31:34 - Where do security tool kits fail? 34:04 - Current state of practice and study37:10 - Advice for cybersecurity students in 202238:21 - More about LimaCharlie39:50 - Learn more about LImaCharlie or Maxime40:08 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Jessica Amado, head of cyber research at Sepio Systems, discusses hardware-based cybersecurity threats. We’ve all heard the USB in the parking lot trick, but Amado tells us about the increasingly complex ways cybercriminals bypass hardware safeguards, and lets you know how to make sure that the keyboard or mouse you’re plugging in isn’t carrying a dangerous passenger.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:30 - Initial cybersecurity draw6:30 - Day-to-day work as head of cybersecurity research8:44 - How Amado does research9:37 - Amado's routine 10:35 - Hardware-based ransomware13:00 - Other hardware threat factors17:54 - Security practices with USBs20:10 - How to check hardware21:52 - Recommendations on security protocols23:57 - The future of ransomware and malware27:20 - How to work in hardware security 31:35 - Cybersecurity in other industries32:33 - Advice for cybersecurity students 34:11 - Sepio Systems 35:58 - Learn more about Sepio or Amado36:23 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Cloud security engineers design, develop, manage and maintain a secure infrastructure leveraging cloud platform security technologies. They use technical guidance and engineering best practices to securely build and scale cloud-native applications and configure network security defenses within the cloud environment. These individuals are proficient in identity and access management (IAM), using cloud technology to provide data protection, container security, networking, system administration and zero-trust architecture.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– Learn more about the role of cloud security engineer: https://www.infosecinstitute.com/skills/train-for-your-role/cloud-security-engineer/0:00 - Intro 0:25 - What does a cloud security engineer do? 1:55 - How to become a cloud security engineer? 2:55 - How to gain knowledge for the role4:43 - Skills needed for cloud security engineers6:00 - Common tools cloud security engineers use7:43 - Job options available for this work8:35 - Types of jobs9:16 - Can you pivot into other roles? 11:03 - What can I do right now?12:33 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Are you great with details? Do you like juggling multiple projects at once? Is your organization system the topic of awed discussion between your co-workers? Or are you just interested in getting into cybersecurity from a different angle? If so, you might already be a top-notch project manager and not even know it!Join a panel of past Cyber Work Podcast guests as they discuss their tips to become a project management all-star:– Jackie Olshack, Senior Program Manager, Dell Technologies– Ginny Morton, Advisory Manager, Identity Access Management, Deloitte Risk & Financial AdvisoryIf you’re interested in project management as a long-term career, Jackie and Ginny will discuss their career histories and tips for breaking into the field. If you plan to use project management as a way to learn more about other cybersecurity career paths, we’ll also cover how to leverage those skills to transition into roles.This episode was recorded live on December 15, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/– Want to earn your PMP certification? Learn more here: https://www.infosecinstitute.com/courses/pmp-boot-camp-training/– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastThe topics covered include:0:00 - Intro0:51 - Meet the panel3:12 - Why we're talking project management6:27 - Agenda for this discussion6:55 - Part 1: Break into cybersecurity project management7:45 - Resume recommendations for project managers12:35 - Interview mistakes for project managers19:22 - Creating your elevator pitch23:10 - Importance of your LinkedIn page25:05 - What certifications should I get?30:38 - Do I need to be technical to be successful?34:20 - How to build cybersecurity project management skills38:28 - Part 2: Doing the work of project management40:47 - Getting team members to lead themselves44:50 - Dealing with customer ambiguity47:30 - Part 3: Pivoting out of project management47:48 - How do I change roles in an organization51:50 - What's the next step after cybersecurity project manager?53:43 - How to move from PMing security teams into leading them?59:05 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Security operations center (SOC) analysts are responsible for analyzing and monitoring network traffic, threats and vulnerabilities within an organization’s IT infrastructure. This includes monitoring, investigating and reporting security events and incidents from security information and event management (SIEM) systems. SOC analysts also monitor firewall, email, web and DNS logs to identify and mitigate intrusion attempts.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– Learn more about the SOC analyst role: https://www.infosecinstitute.com/role-soc-analyst/.0:00 Intro 1:20 - What is a SOC analyst? 1:58 - Levels of SOC analyst2:24 - How to become a SOC analyst2:53 - Certification requirements3:29 - Skills needed to succeed4:38 - Tools SOC analysts use5:32 - Open-source tool familiarity 6:05 - Pivoting from a SOC analyst6:50 - What can I do right now?7:32 - Experience for your resume 8:07 - Outro  About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Infosec’s Principal Security Researcher, instructor and cybersecurity renaissance man Keatron Evans returns to the show for the first in a series of once-quarterly episodes breaking down big stories in the news and cybersecurity trends for the future! We talk Solarwinds, Colonial Access Pipeline, Oldsmar, Keatron’s origin story and why, just like practicing your scales makes you a better musician, master pentesters and security pros got where they did by mastering the art of repetition in learning. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:30 - How did you get into cybersecurity? 4:00 - What skills did you have early on? 6:10 - First interaction with Infosec10:34 - Work as a principal security researcher13:20 - Machine learning in cybersecurity 14:14 - Infosec classes17:28 - Equity in cybersecurity 20:25 - You don't need a technical background21:36 - Major security breaches of 202122:15 - SolarWinds breach24:56 - What job roles help stop these breaches?27:50 - Water treatment plant breach31:42 - Infrastructure security 34:30 - President Biden and cybersecurity39:22 - Supply chain security 43:20 - Security trends for 202249:00 - Projects to keep an eye on50:52 - Learn more about Evans51:44 - Outro

Security managers develop security strategies that align with the organization's goals and objectives. In addition, they direct and monitor security policies, regulations and rules that the technical team implements. Knowledge in areas like information security governance, program development and management, incident response and risk management are important to success in any security management role.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– Learn more the security manager role: https://www.infosecinstitute.com/role-security-manager/0:00 - Intro 0:26 - What does a security manager do? 3:15 - How do you become a security manager?4:54 - What education is required for security managers?5:55 - What certificates are required for security managers?7:23 - What skills does a security manager need to have?9:58 - Common tools security managers use11:48 - Where do security managers work?13:45 - How well do security managers pivot into other roles?15:36 - What step can someone take now to become a security manager?17:27 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Andrew Howard, CEO of Kudelski Security, returns to give us his cybersecurity predictions for 2022! How will cybersecurity protect the supply chain, why is quantum computing on all of his clients' minds, and how would Andrew rewrite security from the ground up if a genie granted him three wishes? – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:00 - Getting into cybersecurity4:00 - How has the cloud evolved?6:46 - The past year in cybersecurity8:20 - The next cybersecurity innovation 8:57 - Where quantum computing is going10:15 - Concerns about encryption data10:54 - The state of ransomware12:57 - Cybersecurity supply chain issues. 16:18 - Hybrid work cybersecurity18:42 - The year of cyber insurance20:35 - DOD directive to close security gaps22:15 - What would you change in cybersecurity?25:45 - What would put phishing out of mind? 28:10 - Advice to 2022 cybersecurity students 29:37 - Kudelski Security 30:58 - Blockchain security in 202231:57 - Learn more about Kudelski32:10 - Outro   About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Penetration testers, or ethical hackers, are responsible for planning and performing authorized, simulated attacks within an organization’s information systems, networks, applications and infrastructure to identify vulnerabilities and weaknesses. Findings are documented in reports to advise clients on how to lower or mitigate risk. Penetration testers often specialize in a number of areas such as networks and infrastructures, Windows, Linux and Mac operating systems, embedded computer systems, web/mobile applications, supervisory control data acquisition (SCADA) control systems, cloud systems and internet of things (IoT) devices.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– Learn more about the role of penetration tester: https://www.infosecinstitute.com/role-penetration-tester/0:00 - Intro 0:26 - What does a penetration tester do? 1:10 - Levels of penetration testers1:50 - How to become a penetration tester3:08 - Education needed to be a pentester3:50 - Skills needed to pentest4:24 - Common tools of the pentester5:07 - Training with the tools5:42 - Job options for pentesters6:36 - Work duty expectations7:45 - Can you move to a different role?9:09 - What can I do to become a pentester?9:54 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Roderick Jones of Concentric talks about security risks facing content creators, influencers, gamers and streamers on Twitch, YouTube and elsewhere. Online harassment is often seen as “part of the package” if you’re going to work in a public-facing streamer community, but Jones knows that this isn’t inevitable, and it is fixable. A future without a shrug-shoulders approach to online abuse? – Create your free Infosec Skills account: https://infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:37 - How did you get into cybersecurity?5:30 - Were you scouted for your role? 6:44 - How did the landscape change?8:40 - Security intelligence to private sector11:50 - Daily work at Concentric 13:25 - Staying up on trends15:09 - Gaming, streaming and security issues21:31 - Desentization and online personalities 25:42 - The future of online access27:37 - How to protect streamers31:40 - Censoring on streaming platforms with AI35:06 - Safeguards streams should have in place40:06 - Cybersecurity jobs related to streaming security 41:58 - Being courteous online 42:43 - More about Concentric43:58 - Learn more about Jones44:35 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Bentsi Ben-Atar of Sepio Systems talks about some truly scary high-tech hacking weapons and techniques, from Raspberry Pis in your mouse or keyboard to charging cables that can exfiltrate data from a mile away. What do we do? How do we prepare? – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:18 - Getting into cybersecurity4:30 - Career highlights 5:50 - Co-founding two companies 7:22 - Typical work day at CTO and CMO11:29 - New stealthy hacking tools13:08 - Hacking a smart copy machine17:46 - Stealing data with a Raspberry Pi26:01 - The ninja cable 32:11 - Security awareness while traveling 35:20 - How to work battling high-tech cybercrime36:35 - Exploring cybersecurity 37:47 - More about Bentsi’s companies39:31 - Find more about Bentsi 39:57 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, Menachem Shafran of XM Cyber talks about cloud security. Menachem tells us about the work of project manager and product manager, how the haste to migrate to the cloud can unnecessarily leave vulnerabilities wide open and why a cloud security expert also needs to be a good storyteller. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:40 - Getting into cybersecurity5:47 - Project manager in cybersecurity9:12 - Identifying pain points10:24 - Working as a VP of product14:09 - Data breaches16:30 - Critical versus non-critical data breaches18:19 - Attacker’s market 19:38 - How do we secure the cloud?22:45 - A safer cycle of teams24:40 - How to implement cybersecurity changes28:50 - How to work in cloud security30:48 - A good cloud security resume 33:02 - Work from home and cloud security34:30 - XM Cyber’s services 37:21 - Learn more about Menachem38:00 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On this week’s Cyber Work Podcast, BugCrowd and disclose.io! founder Casey Ellis discusses how to think like a cybercriminal, the crucial need for transparent vulnerability disclosure, the origins of BugCrowd and why mentorship is a gift that goes in both directions.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:15 - Getting into cybersecurity4:30 - Criminal mindset in cybersecurity5:49 - Ellis’s career to date 9:10 - Healthcare cybersecurity11:47 - Mentoring others 13:52 - Mentorship as a two-way street16:12 - Bugcrowd and bug bounty19:18 - Vulnerability disclosure project21:30 - Bug bounty popularity 24:52 - U.S. sanctions on hacking groups26:52 - Hiring hackers 31:52 - Pursue specialization 33:51 - Cyber threats flying under the radar39:17 - Working from home safely40:48 - How to get into bug bounties42:18 - How to report vulnerabilities44:04 - Advice to begin ethical hacking 45:23 - Learn more about Ellis 45:56 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, Kyle McNulty of Secure Ventures talks about interviewing the people behind the most up-and-coming cybersecurity startups. We discuss the best advice he’s received on the show, how to get your own podcast off the ground and his own security startup, ConsultPlace. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:40 - Getting into cybersecurity6:00 - McNulty’s education and career9:50 - Getting into consulting and startups14:08 - Secure Ventures podcast17:45 - Best insight from a podcast guest20:13 - Startup stories 22:10 - Startups during COVID23:42 - Advice for startups25:22 - How to begin a podcast 33:25 - Tips for cybersecurity newcomers35:04 - Upcoming podcasts36:15 - ConsultPlace work 38:00 - Find more about McNulty38:42 - Outro

On today’s podcast, Adam Flatley of Redacted talks about 14 years spent with the NSA and working in global intelligence. He also delineates the process of disrupting ransomware and cybercrime groups by dismantling organizations, putting on pressure and making the crime of ransomware more trouble than it’s worth!– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:13 - Getting into cybersecurity 4:27 - Why work for the DoD?6:37 - Average work day in threat intelligence9:28 - Main security threats today11:53 - Issues cybersecurity is ignoring16:12 - Disrupting ransomware offensively 23:00 - How to handle ransomware 25:07 - How do I fight cybercriminals 27:15 - How to convey self learning on a resume28:24 - Security recommendations for your company 31:40 - Logistics of changing security 34:40 - Cybercrime in five years36:57 - Learn about Redacted39:18 - Learn more about Adam40:00 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, John Bambenek of Netenrich and Bambenek Consulting talks about threat research, intelligence analytics, why the same security problems are so evergreen and the importance of pitching in a little extra bit of your time and talents to make the world a bit better than you found it. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:45 - Getting into cybersecurity 9:40 - Threat researcher versus security researcher and threat analyst12:05 - How to get into a research or analyst role16:32 - Unusual types of malware19:03 - An ideal work day23:06 - Current main threat actors28:50 - What cybersecurity isn’t addressing31:38 - Where can I volunteer?36:02 - Skills needed for threat researchers40:53 - Adjacent careers to threat research45:11 - Threat research in five years48:55 - Bambenek Consulting 49:35 - Learn more about Bambenek50:26 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, Cicero Chimbanda, Infosec Skills author and lecturer, discusses his cybersecurity leadership and management courses. We discuss the many paths of a cybersecurity leadership role, the soft skills that separate a good information security manager from a great one and why a baseline of cybersecurity knowledge can enhance any job, even if you don’t plan to pivot into the industry. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:37 - Getting into cybersecurity 6:43 - First learning cybersecurity7:54 - Skills needed to move up 10:41 - CISM certification13:00 - Two tracks of technology15:13 - Are certifications important?18:50 - Work as a college lecturer 22:43 - Important cybersecurity soft skills27:40 - Cybersecurity leadership and management 32:33 - Where to go after security leadership 35:26 - Soft skills for cybersecurity managers37:23 - Benefits to skills-based education39:40 - Tips for lifelong learning43:46 - Cybersecurity education’s future45:21 - Outro  About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, Secureworks president and CEO Wendy Thomas talks about the company’s drive to provide innovative, best-in-class security solutions that sit at the heart of customers’ security operations. Thomas shares over 25 years of experience in strategic and functional leadership roles, including work as a chief financial officer, chief product officer and VP of strategy. Thomas has worked across multiple technology-driven companies and has a wealth of knowledge. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro3:18 - Wendy’s origin in cybersecurity5:13 - Climbing the career ladder8:10 - Average day as CEO10:38 - Collaboration in cybersecurity13:07 - Roadblocks in collaboration 15:03 - Strategies to encourage collaboration17:53 - Is there collaboration now? 19:30 - Solving technology security gaps21:35 - Limiting incident response noise23:10 - Addressing the skills shortage25:07 - Women in cybersecurity30:45 - Developing your team32:53 - Advice for those entering cybersecurity34:18 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, Infosec Skills author Ted Harrington talks about authoring a recent Infosec Skills learning path, “How To Do Application Security Right,” which is also the subtitle of his recent book, “Hackable: How To Do Application Security Right.” Harrington shares his application security expertise, or AppSec, the benefits of skills-based learning, and what it was like to hack the iPhone. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:00 - Hacking the iPhone 8:30 - IOT security 14:00 - “Hackable” book 17:14 - Using the book as a roadmap18:42 - Most important skills right now21:45 - Taking Harrington’s class24:40 - Demystifying application security26:48 - Career opportunities28:26 - Roadblocks in application security30:55 - Education tips for application security33:40 - Benefits of skills-based education37:21 - The skills gap and hiring process41:19 - Tips for lifelong learners43:43 - Harrington’s next projects44:33 - Cybersecurity’s education’s future45:38 - Connect with Harrington 46:50 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast Infosec Skills author Chrys Thorsen talks about founding IT Without Borders, a humanitarian organization built to empower underserved communities through capacity building information and communications technology (ICT) skills and information access. She’s also a consultant and educator. And, for our purpose, she is the author of several learning paths on our Infosec Skills platform. She has written course paths for Writing Secure Code in Android and Writing Secure Code in iOS, as well as a forthcoming CertNexus Cyber Secure Coder path. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro2:43 - Thorsen’s origin story in cybersecurity 4:53 - Gaining about 40 certifications6:20 - Cross certification knowledge7:25 - Great certification combos 8:45 - How useful are certifications?11:12 - Collecting certifications13:01 - Changing training landscape14:20 - How teaching changed16:36 - In-demand cybersecurity skills17:48 - What is secure coding?19:34 - Secure coders versus coders 20:31 - Secure coding in iOS versus Android 22:39 - CertNexus secure coder certification24:13 - Secure coding before coding 24:42 - Secure coding curriculum 26:27 - Recommended studies post secure coding26:50 - Benefits to skills-based education27:43 - Tips for lifelong learning29:29 - Cybersecurity education’s future 30:54 - IT Without Borders33:38 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s podcast, Jasmine Jackson takes us through how you can get noticed on your resume, how Linux basics can set you up for learning other aspects of cybersecurity, and how capture the flag activities are crucial to enriching your work skills. Jackson has over 10 years of information security experience and shares her passion for cybersecurity by presenting and teaching workshops, including new courses now available in Infosec Skills. She is currently the Jeopardy-style capture the flag (CTF) coach for the inaugural U.S. Cyber Games and works as a senior application security engineer for a Fortune 500 company.  – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro3:08 - Jasmine Jackson’s origin story4:25 - Winning a computer6:22 - Jackson’s career path13:46 - Thoughts on certifications 19:10 - Ideal job description 21:01 - Most important cybersecurity skills 22:54 - Linux fundamentals class25:07 - What does knowing Linux do for you?26:35 - How to build upon a Linux foundation28:51 - Benefits to skills training29:50 - Tips for lifelong learning31:30 - Coaching in the U.S. Cyber Games34:26 - How are team members chosen for the games?37:47 - An intriguing CTF puzzle 41:43 - Where is cybersecurity education heading?43:36 - Learn more about Jackson46:33 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today's guest is Alex Amiryan, a software developer with over 18 years of experience specializing in cybersecurity and cryptography. Alex is the creator of the popular SafeCamera app, which was the predecessor of Stingle Photos, an end-to-end encrypted, open-source gallery and sync app able to prevent theft by breach. How does it work, and how did Alex come by his obsession for cryptography? Tune in and find out!– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 1:41 - Origin story in cybersecurity3:38 - Running afoul of the law4:44 - Beginning your own company7:10 - Advice on starting a business9:15 - What is Stingle Photos? 12:30 - End-to-end encryption15:20 - Black box storage17:47 - Encryption safety19:01 - Preventing photo theft22:20 - Working in encryption and cryptography24:24 - Skills needed for encryption and cryptography26:43 - An "aha" moment 28:00 - Cryptographer job market 29:45 - Next steps in cryptography35:52 - Learn more about Stingle Photos36:28 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

This week we chat with Connor Greig of CreatorSphere (creatorsphere.co) about beginning a career in IT at age 17 when he joined Hewlett Packard as an applications engineer, but after just a few weeks was promoted to project manager. He went on to work on secure projects for the British government and was a project manager for secure cloud computing and software development modernization during the WannaCry, Spectre and Meltdown vulnerabilities that were found.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:00 - Origin story4:58 - Getting into IT8:53 - Being scouted by HP at 1711:34 - What did HP see in you?15:42 - Working with the British government17:49 - Being fast on your feet19:51 - Area of specialty 21:30 - Balancing work and management25:25 - Saving McDonald's from a data breach31:58 - McDonald's reaction 38:56 - Starting your own company45:25 - Advice for starting your own company49:15 - How to learn new concepts and skills53:15 - What's it like being a gay man in cybersecurity?55:30 - Making cybersecurity more welcoming 58:15 - Cybersecurity career advice1:00:33 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Security Yearbook creator Richard Stiennon joins today’s podcast to share his career journey. He talks about creating the first ISP in the Midwest in the ‘90s, the role of the Security Yearbook in telling the history of cybersecurity and the best place to start your cybersecurity career. Hint: It’s not necessarily with the big firms! – Save 50% on your copy of the Security Yearbook with code "infoseclive": https://it-harvest.com/shop– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Infosec Skills Monthly Challenge0:50 - Intro 2:50 - How Richard got started in cybersecurity7:22 - Penetration testing in the ‘90s10:17 - Working as a research analyst14:39 - How the cyberwar landscape is changing19:33 - Skills needed as a cybersecurity researcher20:30 - Launching the Security Yearbook27:20 - Security Yearbook 2021 29:00 - Importance of cybersecurity history30:48 - How do cybersecurity investors see the industry34:08 - Impact of COVID-19 and work from home35:50 - Using the Security Yearbook to guide your career40:38 - How cybersecurity careers are changing43:29 - Current pentesting trends 47:06 - First steps to becoming a research analyst48:20 - Plans for Security Yearbook 202250:20 - Learn more about Richard Stiennon51:09 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Cybersecurity hiring managers, and the entire cybersecurity industry, can benefit from recruiting across a wide range of backgrounds and cultures, yet many organizations still struggle with meaningfully implementing effective diversity, equity and inclusion (DEI) hiring processes.Join a panel of past Cyber Work Podcast guests as they discuss these challenges, as well as the benefits of hiring diversely:– Gene Yoo, CEO of Resecurity, and the expert brought in by Sony to triage the 2014 hack– Mari Galloway, co-founder of Women’s Society of Cyberjutsu– Victor “Vic” Malloy, General Manager, CyberTexasThis episode was recorded live on August 19, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastThe topics covered include:0:00 - Intro1:20 - Meet the panel3:28 - Diversity statistics in cybersecurity4:30 - Gene on HR's diversity mindset5:50 - Vic's experience being the "first" 10:00 - Mari's experience as a woman in cybersecurity12:22 - Stereotypes for women in cybersecurity15:40 - Misrepresenting the work of cybersecurity17:30 - HR gatekeeping and bias25:56- Protecting neurodivergent employees31:15 - Hiring bias against ethnic names37:57 - We didn't get any diverse applicants!43:20 - Lack of developing new talent46:48 - The skills gap is "nonsense"49:41- Cracking the C-suite ceiling53:56 - Visions for the future of cybersecurity58:15 - Outro– Join the Infosec Skills monthly challenge: https://www.infosecinstitute.com/challenge– Download our developing security teams ebook: https://www.infosecinstitute.com/ebookAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

PLEASE NOTE: Around minute 47, I incorrectly say that Eric Milam, author of the definitive report on the BAHAMUT threat group, is employed by HP. He is, in fact, employed by Blackberry. I sincerely apologize to Mr. Milam for the error.In this special episode, we look back at how the show has evolved over the past three years and celebrate our amazing guests and viewers. You've helped grow the Cyber Work Podcast to nearly a million plays! To give back, we're launching a brand new way for EVERYONE to build their cybersecurity skills. It's free. It's hands-on. Oh, and did we mention there's more than $1,000 in prizes EVERY MONTH. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastHuge thank you to all the past guests who shared their expertise over the past 200 episodes. The timings of everyone in this episode are listed below. Happy listening!0:00 - Intro0:42 - Monthly challenges and $1,000 in prizes!1:30 - Cyber Work Podcast origins 2:32 - First episode with Leighton Johnson3:16 - Finding our first guests3:46 - Keatron Evans on incident response6:54 - Susan Morrow on two-factor authentication8:54 - Susan Morrow on GDPR 11:03 - Susan Morrow on "booth babes" and speaking up13:20 - Alissa Knight on getting arrested for hacking at 1716:39 - Alissa Knight on API security19:14 - Ron Gula on cybersecurity challenges23:23 - Amber Schroader on the real work of digital forensics26:19 - Theme of the Cyber Work Podcast27:01 - Jeff Williams on creating the OWASP Top Ten31:23 - David Balcar on the biggest APTs33:46 - Elie Bursztein on breaking into cybersecurity37:37 - Sam King on AppSec frameworks and analysis41:17 - Gary DeMercurio on getting arrested for red teaming47:19 - Eric Milam on the BAHAMUT threat group 53:39 - Feedback from Cyber Work Podcast listeners55:16 - Alyssa Miller on finding your career path 57:24 - Amber Schroader on computer forensics tasks59:07 - Richard Ford on malware analyst careers1:02:02 - Career action you can take today  1:02:19 - Rita Gurevich on reading and learning1:03:20 - Snehal Antani on transitioning careers1:04:26 - Promoting underrepresented voices1:05:09 - Mari Galloway on women in cybersecurity1:05:31 -  Alyssa Miller on diversity "dog whistles"1:10:11 - Christine Izuakor on creating role models1:10:52 - We want to hear your story1:11:40 - Monthly challenges and outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Gemma Moore of Cyberis Limited talks about her incredible pentesting career and shares her advice for aspiring pentesters. She also discusses security as it regards the human cost of social engineering, which is the title of a recent article Gemma wrote.  – Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro5:26 - Becoming a world-class pentester13:55 - 2004 pentesting versus now17:25 - Early years of pentesting 19:30 - Natural skills to be a pentester23:12 - Advice for aspiring pentesters 25:50 - Working in pentesting 27:50 - Red teaming 31:08 - How to be a great pentester33:04 - Learn about CREST36:13 - What should be on my resume?37:45 - Cyberis Limited 40:25 - Diversity and inclusion 43:42 - The human cost of social engineering50:06 - Training staff positively52:54 - Current projects54:20 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Ning Wang of Offensive Security talks to us about her role as CEO of Offensive Security. In her role she is responsible for the company culture, vision, strategy and execution. We talk about Wang’s cybersecurity journey, her direction at OffSec and the ways that white hat hackers can be recruited into the industry, possibly riding the interest of big news-story hacking events like the Colonial Pipeline hack to do so.– Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:21 - Origin story5:31 - Changing careers 7:46 - Skills learned throughout Wang’s career11:46 - Taking a chance on a new career12:50 - What is Offensive Security? 16:19 - Try harder mindset19:42 - Offensive Security certification23:02 - Recruiting ethical hackers28:12 - Civic responsibility 33:10 - Ethical hacking job specialties 36:49 - Tips for ethical hacking learners40:09 - Women in cybersecurity 43:56 - Offensive Security’s future 46:35 - Feedback from students48:11 - Learn more about Wang OS48:48 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Adam Levin of CyberScout talks to us about scams, identity theft and more across the cybersecurity industry from the 1970s until today. He also tells us about his podcast, What the Hack with Adam Levin, which is focused on hacking, fraud and theft.– Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:01 - Origin story7:07 - Bank safety in the old days8:02 - Fraud and scams over the years9:27 - Tactics today13:15 - Scam experiences14:33 - Scam embarrassment and stigma18:17 - What the Hack podcast20:22 - A taste of What the Hack21:28 - How do you pursue stories for the podcast?25:38 - How do you structure episodes?26:44 - Humor in cybersecurity environment28:43 - Work from home balance30:25 - What is hot in fraud right now36:50 - Credit reports38:28 - Consumer protection and fraud careers42:53 - Cyber savvy countries 44:31 - Predictions on fraud evolution48:26 - Benefit to nationwide education?50:42 - Optimism for security education52:26 - Find out more about What the Hack52:58 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Neal Dennis of Cyware talks to us about building a collective defense via increased threat intelligence sharing in the global security community. Dennis has worked with customer success and clients, helping them map out new intelligence workflows, and has also built out several intelligence analysis programs for Fortune 500 companies. Neal started his career as a SIGINT specialist while serving in the United States Marine Corps and later supported cyber initiatives for USCYBERCOM, STRATCOM, NSA, 24th Air Force, USAF Office of Special Investigations and JFCC-NW. – Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro2:10 - Origin story3:57 - Military and linguistics influence 6:10 - Work in counterintelligence8:51 - Digital forensics work11:02 - Changes in open-source intelligence work13:00 - Building a global defensive network15:46 - Why aren’t we sharing info?18:41 - How to implement global changes?23:42 - Areas of friction for sharing29:15 - Threat intel and open-source intel as a job32:55 - Do research analysis35:03 - Hiring outlook37:15 - Tell us about Cyware39:38 - Learn more about Dennis and Cyware40:06 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Snehal Antani joins us from Horizon3.ai to talk about pentesting, red teaming and why not every vulnerability necessarily needs to be patched. He also shares some great advice for people entering the field.– Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro2:12 - Origin story4:12 - Using your hacking powers for good7:14 - Working up the IBM ranks12:18 - Cloud problems14:25 - Post-IBM days16:50 - Work with the DOD20:33 - Why did you begin Horizon3.ai?24:38 - Vulnerabilities: not always exploitable29:46 - Strategies to deal with vulnerabilities33:36 - Sensible use of a security team35:29 - Advice for red and blue team collaboration39:14 - Pentesting and red teaming career tips41:12 - Demystifying red and blue team45:40 - How do you become intensely into your work47:24 - First steps to get on your career path49:49 - How to learn more about Horizon3.ai50:42 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.Neal Dennis 

Frank Smith joins us from Ntiva to talk about the new Cybersecurity Maturity Model Certification (CMMC), organizations achieving Level 1 and Level 3 maturity levels, and why CMMC is so important for government contractors. Plus he discusses security for federal entities and how to get started in a career in cyber compliance by becoming a Certified CMMC Professional (CCP) or Certified CMMC Assessor (CCA).– Get more free CMMC resources: https://www.infosecinstitute.com/solutions/organization/government/cmmc/ – Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:11 - Origin story4:17 - Key projects to climb the work ladder6:45 - An average work day9:30 - Cybersecurity Maturity Model Certification16:38 - CMMC over five years17:30 - Which level of certification will you need?19:00 - Level 3 versus level 1 certification22:20 - Finding your feet by 202223:55 - Jobs to take in first steps toward compliance officer 27:27 - Benefits of CMMC for other roles28:44 - Experiences to make you desirable as a worker31:55 - Imperative to locking down infrastructure37:58 - Ntiva39:47 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Learn what it’s like to do good by being bad. The idea of breaking into a company, by hook or by crook, attracts all sorts of would-be secret agents. But what is red teaming really like as a job? What are the parameters, what are the day-to-day realities and, most importantly, what is hands-off in a line of work that bills itself as being beyond rules?Join a panel of past Cyber Work Podcast guests: – Amyn Gilani, Chief Growth Officer, Countercraft– Curtis Brazzell, Managing Security Consultant, GuidePoint SecurityOur panel of experts have worked with red teaming from a variety of positions and will answer your questions about getting started, building your skills and avoiding common mistakes.0:00 - Intro2:34 - Favorite red team experiences7:57 - How to begin a cybersecurity career14:42 - Ethical hacking vs pentesting18:29 - How to become an ethical hacker23:32 - Qualities needed for red teaming role29:20 - Gain hands-on red teaming experience33:02 - Supplier red team assessments37:00 - Pentesting variety46:22 - Becoming a better pentester52:12 - Red team interview tips56:00 - Job hunt tips1:01:18 - Sponsoring an application1:02:18 - OutroThis episode was recorded live on June 23, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Becky Robertson joins us from Booz Allen to discuss creating remote work situations that address modern requirements but don’t sacrifice security. We discuss the ways in which COVID-19 helped the federal sector reconsider every aspect of the workflow process and what that means for future remote roles. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 2:21 - Cybersecurity origin story4:58 - Changes from the early days of cybersecurity6:24 - Staying in the same organization for 25 years8:56 - Day-to-day work as a VP10:56 - Security and working from home13:18 - Technical hurdles to work remotely15:15 - Changing the nature of work post pandemic 16:58 - Employees working remotely 19:04 - Security concerns when working remotely22:55 - How to pursue a federal cybersecurity career25:18 - Federal cybersecurity positions in demand27:42 - Skills needed to work in federal government29:33 - Federal skills gaps32:05 - Career advice 32:57 - Finding mentors About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Veracode CEO Sam King is an icon in the realms of secure coding and application security, and she joins the podcast, along with Infosec CEO Jack Koziol, to discuss her cybersecurity journey, the President’s directive on software security and so, so many more topics. You really don’t want to miss this one, folks. – Download our FREE ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:10 - Origin story5:05 - Ground floor of cybersecurity 7:54 - The “aha!” moments 12:30 - Point were you thought industry would grow14:28 - Changes implemented at Veracode19:52 - Nation’s approach to cybersecurity24:10 - Federal government security 26:25 - Government oversight 28:14 - Secure coding practices 31:52 - Veracode’s app security report40:04 - How to learn web application security 43:46 - Mistakes to avoid when applying  47:13 - Bringing in more diverse candidates  51:36 - Maintaining Veracode’s edge54:25 - Advice to move into a new cybersecurity role56:24 - Outro Sam King is the chief executive officer of Veracode and a recognized expert in cybersecurity, DevSecOps and business management. A founding member of Veracode, Sam has played a significant role in the company’s growth trajectory over the past 15 years, helping to mature it from a small startup to a company with a billion dollar plus valuation. Under her leadership, Veracode has been recognized with several industry distinctions including a seven-time consecutive leader in the Gartner Magic Quadrant, leader in the Forrester SAST Wave and a Gartner Peer Insights Customer Choice for Application Security. Sam has been a keynote speaker at events such as Gartner Security Summit, RSA and the Executive Women’s Forum, on topics ranging from cybersecurity to empowering women and creating diverse and resilient corporate cultures. She has been profiled in business publications such as the Huffington Post, CNNMoney, Financial Times, InfoSecurity Magazine and The Boston Globe.Sam received her masters of science and engineering in computer and information science from University of Pennsylvania. She earned her BS in computer science from University of Strathclyde in Glasgow, Scotland, where she earned the prestigious Charles Babbage Award, awarded to the student with the highest academic achievement in the graduating class. She currently sits on the board of Progress Software. Sam is also a member of the board of trustees for the Massachusetts Technology Leadership Council, where she was a charter member of the 2030 Challenge: a Tech Compact for Social Justice in efforts to bring more diversity to the local workforce.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Alyssa Miller of S&P Global Ratings discusses the easiest pentest she ever ran on an app and the importance of diversity of hiring, not just “diversity of thought.” She also gives some of the best advice we’ve heard yet on picking your cybersecurity path. – Download our ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast 0:00 - Intro2:44 - Miller’s origin story5:53 - Experiences working while at school8:20 - Pursuing a degree10:57 - How has cybersecurity changed?12:58 - Coming into cybersecurity from a different perspective13:55 - Moving to pentesting versus programming18:52 - Penetration testing through the years20:46 - A big change in your industry25:27 - Specifics of a business information security officer 29:09 - Skills for a business information security officer role32:34 - “Cyber Defenders’ Career Guide” book35:08 - What surprised you about writing the book?41:46 - Equity and inclusion in cybersecurity47:11 - Who is doing equity correctly? 49:12 - Long term equity strategies? 52:45 - Final cybersecurity career advice 55:40 - Outro Alyssa Miller is a hacker, security researcher, advocate and international public speaker with over 15 years of experience in cybersecurity. From a young age, she has enjoyed exploring and deconstructing technology to learn more about how it works. At 12 years old, she bought her first computer. From that $1,000 purchase, she launched a hobby that would later become her career. Just seven years later, she was hired to her first full-time salary job as a programmer. Alyssa is also passionate that doing better in security begins with sharing knowledge and learning from each other. She regularly presents her perspectives through public speaking engagements. She speaks at various industry conferences, vendor and customer hosted events and non-security related events. Alyssa’s mission is to improve all aspects of the security community. Therefore, her topics range from technical to strategic to higher level community and policy issues.Alyssa is a member of Women in Cyber Security (WiCyS) Racial Equity Committee. Additionally, she participates in other organizations designed to build a more welcoming and cooperative culture in security. As a member of ISACA, Alyssa currently holds a Certified Information Security Manager (CISM) certification. She is also the author of "The Cyber Defenders’ Career Guide," published by Manning in May 2021. We’re going to be discussing all of Alyssa’s fascinating story, her career journey, the work of demystifying cybersecurity and her work helping to create a more inclusive and welcoming space in the cybersecurity industry. About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Jonathan Tanner of Barracuda talks about his time moving up the ladder at Barracuda, how he still enjoys computer science competitions like DEFCON Wireless Capture the Flag (CTF), and Barracuda’s revolutionary malware detection ATP platform he built. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro3:04 - Origin story in cybersecurity 5:45 - Major accomplishments and moving up with Barracuda7:55 - Daily work as senior security researcher 10:36 - Was this always what you were interested in?12:42 - How did you expand your skills and position14:30 - Cyber security resume tips17:20 - Becoming a cybersecurity professional19:01 - How can hackathons and conferences help you?22:33 - Improving the hiring process25:33 - How to prepare for cyber security interview27:46 - Working long term with a tech company29:27 - What’s next for you at Barracuda?30:26 - Where should security professionals begin?33:46 - What’s happening at Barracuda34:33 - Where can I find out more about you?35:06 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

French Caldwell of The Analyst Syndicate talks about his role as founder and chief researcher of the group. We also talk about Caldwell’s time at Gartner research, and his passion for cybersecurity research as a whole. 00:00 - Intro 03:43 - Caldwell’s background in cybersecurity 07:25 - Knowledge management09:55 - Protecting digital trash 12:33 - Risk assessment and day-to-day work life18:00 - How has research changed since 1999?22:48 - Founding The Analyst Syndicate 26:45 - What is your day like at the Syndicate?28:11 - What is your research like now?29:33 - Disruptive technology and public policy31:09 - Disruptive trends34:30 - Advice to students in disruptive technologies38:58 - Tell us about your simulator46:22 - Cyberterrorism and risk to municipalities and hospitals50:18 - Learn more about Caldwell and the Syndicate51:54 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastFrench Caldwell is the leading strategist and thought leader in RegTech, including GRC and ESG, cybersecurity, social and digital risks and regulation and the impact of disruptive technologies on policy and strategy. He is a former Gartner Fellow, and following Gartner he became the global head of marketing at a Silicon Valley firm that delivers regtech solutions for governance, risk and compliance analytics and reporting. Skilled at the alignment of strategy, communications, technology, processes, analysis, policy and people to improve business and mission outcomes. Experienced at advising senior executives and corporate directors on disruptive technology, strategic risk management, cybersecurity and public policy issues.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Dirk Schrader of New Net Technologies talks about healthcare security and legacy systems. We discuss the millions of pieces of health data left out in the open, the issues with closing these holes and the need for professional legacy system-whisperers. 0:00 - Intro2:56 - What drew Dirk to security4:46 - Did your Dad’s role inspire you?5:55 - Stepping stones to your current job9:35 - What is it like to be a security research manager14:38 - Unprotected healthcare records21:50 - Unprotected systems in the U.S. 25:20 - Using better security in hospitals31:55 - Logistical issues of security for hospitals37:48 - Best solution for hospital cybersecurity 39:30 - How to prepare for change 42:32 - What skills do you need for this work?46:00 - Will people pursue these changes?49:40 - Projects Dirk’s working on52:10 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastDirk Schrader is the global VP of New Net Technologies (NNT). A native of Germany, Dirk’s work focusses on advancing cyber resilience as a sophisticated, new approach to tackle cyberattacks faced by governments and organizations of all sizes for the handling of change and vulnerability as the two main issues to address in information security.Dirk has worked on cybersecurity projects around the globe, including more than four years in Dubai. He has published numerous articles in German and English about the need to address change and vulnerability to achieve cyber resilience, drawing on his experience and certifications as CISSP (ISC²) and CISM (ISACA). His recent work includes research in the area of medical devices, where he found hundreds of systems unprotected in the public internet, allowing access to sensitive patient data. This is going to be the topic of today’s episode, and we’re also going to talk about unprotected or poorly protected legacy systems in general, and how we start to build some coverage over this vast swath of unprotected information.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Ginny Morton, project management professional at Dell and veteran in the U.S. Army, takes us through the practice of cybersecurity project management in both for-profit and military sectors on today’s episode. We talk about Scrum and Agile certifications, building the best team for the project and tapping into your personal power in your work.  0:00 - Intro2:04 - Origin story4:47 - What does a cybersecurity project manager do?6:10 - Average work day as a project manager7:40 - Best and worst parts of project management9:30 - How does a PM improve cybersecurity work?10:40 - Dell team management 12:50 - Being the team’s first manager14:36 - Best project management certifications21:02 - PM work for Dell versus the military23:00 - Military clearances for PM work24:08 - Skills and experiences necessary for high-level PM22:52 - Skills and interests for a successful career27:04 - Tips for those who want to transition careers27:38 - Changes to PM work during COVID28:40 - Adjustments to work from home29:55 - Will PM work change?31:04 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastGinny Morton is a senior cyber security advisor, program management at Dell, and has spent much of her career in the project management space for cybersecurity, previously working at TekSystems and in both the Texas Army National Guard and the U.S. Army.Our recent guest, project manager Jackie Olshack, recommended Morton for the show, and as we had a ton of people tune in to see Jackie’s episode, we realize that our listeners are passionate about learning more about project management in IT and cyber as a career path, so I’m looking forward to talking with Morton about her career path as well as the unique aspects of doing project management work on a federal/military level.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

This episode we welcome Rita Gurevich, CEO and founder of Sphere Technology Solutions. She talks about what it’s like to start her own company, why it is important to know your assets when setting policy, and what skills and experiences set applicants apart when they look to hire. Plus, she has plenty of data governance strategies to chat about.  0:00​ - Intro2:47​ - Origin story 4:51​ - The creation of Sphere7:14​ - Working solo at Sphere9:12​ - What would you change going back?10:30​ - Pricing your business activities 12:36​ - Average day as a CEO13:32​ - Favorite parts of the job14:50​ - What is data governance?17:40​ - Factors driving data growth19:28​ - First steps to form data strategy22:07​ - Data governance best practices23:40​ - Time frame to get a master inventory25:17​ - What does good data governance do 26:12​ - Skills I need for data governance and management27:47​ - Importance of collaboration and mentorship30:26​ - Skills and experiences for Sphere candidates32:48​ - Tips to get into cybersecurity work 34:06​ - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAs the CEO and Founder of Sphere, Rita Gurevich is charged with leading the strategic growth of the organization in providing business critical governance, security and compliance solutions to customers spanning multiple geographic locations and industry verticals.Gurevich founded Sphere after gaining a massive amount of experience in a short time period during the Lehman bankruptcy, the economic downturn of 2008, and the enhanced regulatory environment that dominated the industry. Being in a unique position from this experience, Gurevich founded Sphere as a single contributor, and worked strategically to grow the company into the entity it is today.Gurevich is the recipient of multiple honors and awards including recognition from her Entrepreneurial skills from Ernst & Young, and SmartCEO, along with being on the 40 Under 40 list in 2017. In addition, Gurevich sits on the Board of Directors for the New Jersey Technology Council.This week’s topic is data governance strategies in 2021. As more of what we do goes online and into the cloud, and as more people need access to information, making sure that entrance points aren’t more accessible than they need to be is more important than ever. We’re going to talk about the issues around this topic, and also job strategies for people who want to do this type of work.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

This episode we welcome Jeff Schmidt of Covail to discuss security and risk management, working at the FBI to create the InfraGard program, and what cybersecurity can learn from physical security controls and fire safety and protection. 0:00 - Intro2:30 - Origin story4:31 - Stepping stones throughout career8:00 - Average work day 12:14 - Learning from physical security17:18 - Deficiencies in detection 22:17 - Which security practices need to change?24:15 - How massive would this change be?27:37 - Skills needed for real-time detection32:00 - Strategies to get into cybersecurity34:30 - Final words on the industry37:16 - What is Covail? 38:40 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastJeff Schmidt, VP and Chief Cyber Security Innovator at Covail is an accomplished cybersecurity expert with a background in security and risk management. He founded JAS Global Advisors LLC, a security consulting firm in Chicago, and Authis, a provider of innovative risk-managed identity services for the financial sector. Jeff is a board member for Delta Risk LLC. In 1998, he worked with the FBI to create the InfraGard program, receiving commendations from the Attorney General and the Director of the FBI. He is an adjunct professor of systems security engineering at the Stevens Institute of Technology and a Zurich Cyber Risk Fellow, Cyber Statecraft Initiative, at The Atlantic Council. Jeff received a Bachelor of Science in computer information systems and an MBA from the Fisher College of Business at The Ohio State University.Jeff came to us with an intriguing topic. He proposes what he calls a Detect, Defend, and Respond Posture in Cybersecurity, and postulates that cybersecurity can learn lessons from “the mature sciences of physical security and fire protection.” No matter how you’re securing your system now, there’s often room for improvement, and always room for taking in new ideas, so let’s take a closer look!About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Christina Van Houten talks about Women@Work and women in cybersecurity on this week's episode. We discuss tactics for bringing more women and diverse candidates into cybersecurity, the importance of a well-balanced and skills-diverse team, and how the work of Chief Strategy Officer is like an ever-evolving game of Tetris!  0:00 - Intro2:30 - Van Houten's origin story4:13 - Strategies cybersecurity was lacking7:05 - Accomplishments that helped bolster her career13:46 - Average day as chief strategy officer18:03 - Entering cybersecurity in different ways20:37 - Women@Work and trying to help26:27 - Bringing more women into cybersecurity29:20 - Making careers accessible to women34:14 - Diversifying upper management  36:22 - Success stories mentoring women 41:01 - Men@Work book and men in cybersecurity46:33 - Roadblocks women in cybersecurity face 50:47 - Projects from Mimecast54:37 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastChristina Van Houten is a veteran of the enterprise technology industry, having spent two decades with some of the world’s largest firms, including Oracle, IBM and Infor Global Solutions as well as Netezza and ProfitLogic, the entrepreneurial companies that were acquired by them. Currently, Christina is chief strategy officer for Mimecast, a global leader in cybersecurity, where she leads product management, market strategy, corporate development, and M&A. She also serves on the board of directors for TechTarget and has been involved as an advisory board member of several emerging technology firms. In 2017, Christina launched Women@Work, a resource platform dedicated to the economic advancement and self-reliance of women and girls around the world.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

In this episode we explore supply-chain security with Manish Gupta. We’re going to learn about risks and cyberattacks related to the continuous integration/continuous deployment or CI/CD pipeline, which, given high-profile attacks like SolarWinds, will give us plenty to discuss this week!0:00 - Intro2:21 - Manish's origin story4:58 - Major career stepping stones8:45 - Lessons when ahead of the curve11:21 - Average day as a servant leader CEO14:54 - Concerns with supply chain security21:22 - Federal supply chain action26:20 - What supply chain policy should focus on28:40 - Skills needed for supply chain jobs32:48 - What should be on my resume? 34:03 - Showing supply chain aptitude 36:04 - Future projects38:29 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastManish Gupta is the founder and CEO of ShiftLeft, an innovator in automated application security and the leader in application security for developers. He previously served as the chief product and strategy officer at FireEye, where he helped grow the company from approximately $70 million to more than $700 million in revenue, growing the product portfolio from two to more than 20 products. Before that he was vice president of product management for Cisco’s $2 billion security portfolio. He also served as a  vice president/general manager at McAfee and iPolicy networks.Manish has an MBA from the Kellogg Graduate School of Management, MS in engineering from the University of Maryland and a BS in engineering from the Delhi College of Engineering.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Digital forensics professional Ondrej Krehel talks about the work of digital forensics in federal and government locations, the things he learned during a months-long attempt at decrypting a well-secured Swiss bank file and why finishing the research beats any degree you could ever have. 0:00 - Intro2:11 - Ondrej's cybersecurity journal 5:33 - Career stepping stones9:55 - The Swiss job16:02 - Chasing the learning and experience20:01 - Digital forensics on a government and federal scale28:07 - Forensics collaboration on a case30:46 - Favorite work stories 31:33 - How to improve infrastructure security36:01 - Skills needed to enter digital forensics in government41:31 - Unheard activities of digital forensics 43:48 - Where do I get work experience? 47:05 - Tips for digital forensic job hunters52:19 - Work with LIFARS57:50 - OutroHave you seen our new, hands-on training series Cyber Work Applied? Tune in every other week as expert Infosec instructors teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You’ll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free!– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastOndrej Krehel is a Digital forensics and cybersecurity professional. His background includes time with special cyber operations, cyber warfare and offensive missions and a court expert witness. His Forensic Investigation matters have received attention from Forbes, CNN, NBC, BBC, ABC, Reuters, The Wall Street Journal and The New York Times.As you can see, Ondrej has a deep background in digital forensics and ethical hacking. He tells us about time spent as a guest lecturer at the FBI Training Academy, the current state of digital forensics in a federal and government context and gives us some info about how that realm differs from similar work done in for-profit or private companies.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Whether you’re looking for first-time work in the cybersecurity field, still studying the basics or considering a career change, you might feel overwhelmed with choices. How do you know you have the right knowledge? How do you make yourself stand out in the resume pile? How do you get jobs that require experience without having any experience?Join a panel of past Cyber Work Podcast guests including Gene Yoo, CEO of Resecurity, and the expert brought in by Sony to triage the 2014 hack; Mari Galloway, co-founder of Women’s Society of Cyberjutsu and Victor “Vic” Malloy, General Manager, CyberTexas.They provide top-notch cybersecurity career advice for novices, including questions from Cyber Work Live viewers.0:00 - Intro 3:38 - I'm tech-savvy. Where do I begin?10:55 - Figuring out the field for you19:16 - Returning to cybersecurity at 6823:30 - Finding a cybersecurity mentor29:39 - Non-technical roles in the industry36:21 - Breaking into the industry43:46 - Standout resume and interview51:31 - Is a certification necessary?56:50 - Related skills beginners should have1:04:35 - OutroThis episode was recorded live on March 25, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

This episode we welcome back Emily Miller of Mocana to discuss infrastructure security! We discuss the water supply hack in Oldsmar, Fla., the state of the nation’s cybersecurity infrastructure and brainstorm a TikTok musical that will make infrastructure security the next Hamilton! 0:00 - Intro3:02 - The last two years5:54 - The impact of COVID10:10 - The Florida hack15:50 - Scope and scale of safety systems18:50 - State and local government responses23:20 - Logistical issues of security for infrastructure26:45 - Ideal solutions to security 31:33 - How to improve infrastructure security39:42 - Aiming toward state and local government 43:20 - Skills to learn for this work48:13 - Future proofing this role52:54 - Work and upcoming projects55:55 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastMiller is the Vice President of Critical Infrastructure and National Security with Mocana Corporation. Miller has over 15 years of experience protecting our nation’s critical infrastructure in both physical and cybersecurity, focusing on control systems, industrial IoT and other operational technology. Prior to joining Mocana, Miller was a federal employee with the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).  On our previous episode back in early 2019, Miller and I talked about IoT security and infrastructure security, and how strengthening IoT and the security systems of our electrical, water and internet infrastructures isn’t just good business, it’s saving lives.In the last two years, these issues have become even more noticeable and pronounced. Earlier this year, hackers were able to break into the network of a water purification system in a small town in Florida. By changing cleaning and purification levels in the town’s water supply, they could have realistically poisoned the whole town. Miller and I will be discussing not only how to address the problems we have now, but to help the new generation of cybersecurity professionals lead the charge to reverse a 50+ year trend of neglect against our country’s vital infrastructure, from power grids to roads.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

This episode we chat with Jackie Olshack, a project management professional, about the role of project management in cybersecurity. We break down the specific functions of some major project management certifications, discuss things you can do tonight to start your project management training and hear why every security breach story on CNN is a cause for reflection. 0:00 - Intro 3:09 - Getting into cybersecurity project management4:30 - What does a cybersecurity project manager do?5:56 - Identity access management 8:35 - Average day for a project manager9:57 - Managing project resources11:36 - Getting into project management12:54 - What happens without a project manager?14:30 - Highs and lows of the job17:22 - Training needed for the role20:18 - What is identity access management?24:12 - Preferred job experiences28:02 - Interests and skills to succeed 31:17 - Where do I begin with tech lingo?33:18 - What can I do to change careers?35:00 - Has remote work changed workflow?35:55 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastJackie Olshack worked almost 20 years as legal secretary/paralegal for multiple patent corporate law firms. In the late 1990s, she began to recognize it was becoming harder to break the ceiling on her $58,000 salary as more and more attorneys were typing their own documents, managing their own calendars and making their own travel arrangements, putting the future of her career in jeopardy. After some introspection, she decided to go back to college and pursue a science degree with plans to go to law school to become a patent attorney — but couldn’t get her LSAT higher to get into even a fourth-tier law school. She now proudly thanks all the law schools that turned her down, preventing the dreaded $150,000-$200,000 law school debt she would have incurred. She is now an analytical, top performing SAFe trained senior project management professional with 14+ years of experience managing and implementing IT programs and projects successfully.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today we're talking about security awareness, specifically about the role of a security awareness manager, with Tiffany Franklin of Optiv. We talk about the importance of C-suite buy-in to a security awareness program, how to create challenging phishing simulators without making employees feel like victims of a gotcha attack and how being a fifth-grade math teacher can make you a better security awareness manager.  0:00 - Intro 2:13 - Getting into cybersecurity3:57 - Instructional design and technology4:58 - Primary responsibilities in her role6:38 - Security awareness work9:40 - What is the division of work?11:55 - Skills needed for this role15:04 - Helping people when they fail17:12 - Daily tasks 18:15 - Highs and lows of the job 22:00 - COVID phishing emails 22:40 - GoDaddy phishing and ethics 26:20 - Creating security awareness campaigns31:14 - Optimal combo of tech and savvy 34:20 - How to get into cybersecurity 37:10 - Outro – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastTiffany Franklin has over 13 years’ experience as a learning and development professional and is currently a Manager of Cybersecurity Education at Optiv. Tiffany and her team develop solutions that address the unique challenges of global organizations facing a wide array of cybersecurity risks, including security awareness training program courses, simulated phishing attacks, and training reinforcement materials. She has a background in education and has a Masters in Instructional Design & Technology.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Diana Kelley of The Analyst Syndicate is on the podcast to chat about her 25-year-long career in security. She touches on artificial intelligence and machine learning ethics, sneaking into DARPA in the '70s and much more. 0:00 - Intro 3:14 - Getting into cybersecurity11:51 - Cybersecurity changes in the past 25 years15:34 - Choosing exciting cybersecurity projects19:49 - What is The Analyst Syndicate?23:00 - Editorial process at The Analyst Syndicate26:26 - Changes in security from the pandemic32:22 - Combating fatigue at home34:35 - Digital transformation39:25 - Bringing more women into cybersecurity43:08 - Tips for hiring managers46:16 - Using AI and ML ethically51:50 - Tips to get into cybersecurity 55:15 - Kelley's next projects56:18 - Learn more about Kelley57:08 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastDiana Kelley’s security career spans over 30 years. She is co-founder and CTO of SecurityCurve and donates much of her time to volunteer work in the cybersecurity community, including serving on the ACM Ethics & Plagiarism Committee, as CTO and board member at Sightline Security, board member and Inclusion Working Group champion at WiCyS, cybersecurity committee advisor at CompTIA, Advisory Council, Bartlett College of Science and Mathematics, Bridgewater State University and RSAC US Program Committee. Kelley produces the #MyCyberWhy series and is the host of BrightTALK’s The (Security) Balancing Act and co-host of the Your Everyday Cyber podcast. She is also a principal consulting analyst at TechVision Research and a member of The Analyst Syndicate. She was the Cybersecurity Field CTO for Microsoft, global executive security advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner) and a manager at KPMG. She is a popular keynote speaker, the co-author of the books "Practical Cybersecurity Architecture" and "Cryptographic Libraries for Developers," has been a lecturer at Boston College's Masters program in cybersecurity, the EWF 2020 Executive of the Year and one of Cybersecurity Ventures 100 Fascinating Females Fighting Cybercrime.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Elie Bursztein joins us on today’s episode to talk all about his role as chief research lead for anti-abuse at Google! Along with Infosec Founder Jack Koziol and Cyber Work Podcast host Chris Sienko, they discuss the difference between the practices of security and anti-abuse, the difference between protecting Google the company and Gmail the product, and the aspects of security and anti-abuse that AI will never be able to do.0:00​ - Intro 2:35 - Starting a career in cybersecurity12:57 - Entering the industry today19:09​ - Career progression 42:18​ - Tech and academia collaboration for anti-abuse research 52:26​ - Getting hired in anti-abuse and cybersecurity1:01:09​ - Future of machine learning as AI hacking1:16:26 - OutroHave you seen our new, hands-on training series Cyber Work Applied? Tune in every other week as expert Infosec instructors teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You’ll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free! Click the link below to get started.– Learn cybersecurity with our FREE Cyber Work Applied training series: https://www.infosecinstitute.com/learn/ – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastElie Bursztein leads the Security and Anti-Abuse Research team at Google. He focuses on deep learning and cryptography research, and among many other accomplishments, broke SHA-1. His website, elie.net, is packed with informative articles and online talks he’s given over the years, a veritable master-class for any cybersecurity aspirants. He also describes himself as a wearer of berets and a purveyor of magic tricks in his spare time.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

CompTIA’s Security+, the most popular cybersecurity certification in the world, is getting an overhaul for 2021! The updated exam (from SY0-501 to SY0-601) re-aligns the certification to match the most in-demand entry-level cybersecurity skills and trends of 2021. Get insights into the changes directly from the source, Patrick Lane, Director of Products at CompTIA, as he explains how Security+ is evolving to remain the “go-to” certification for anyone trying to break into cybersecurity.0:00​ - Intro 4:10 - What is the CompTIA Security+ certification?5:05​ - Security+ baseline technical skills16:00​ - Security+ helps solve an industry problem21:35​ - Security+ job roles31:45​ - Job role skills and exam release37:35​ - CompITA Cybersecurity Career Pathway47:27​ - SY0-601 vs SY0-501: 6 big changes 52:10 - Security+ exam details56:48- Live Q&A1:02:13 - Outro– 7 days of free Security+ training with your Infosec Skills trial: https://www.infosecinstitute.com/skills/learning-paths/comptia-security/ – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastPatrick directs IT workforce skills certifications for CompTIA, including Security+, PenTest+, CySA+ and CASP+. He assisted the U.S. National Cybersecurity Alliance (NCSA) to create the “Lock Down Your Login” campaign to promote multi-factor authentication nationwide. He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users. Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, born and raised on U.S. military bases, and has authored and co-authored multiple books, including “Hack Proofing Linux: A Guide to Open Source Security.”About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Learn how mentors in the cybersecurity community can help launch your career on today’s episode featuring Mike Gentile, the Founder and CEO of CISOSHARE. Mike discusses the CyberForward program, which creates a mentorship and support system for new students of cybersecurity — often those with diverse cultural or economic backgrounds! CyberForward addresses not just skills training, but quality of life issues that might prevent entrance to the security field. If you’re feeling blocked and unsure how to enter the industry, you’ll really want to hear this episode!0:00​ - Intro 2:24 - Starting a career in cybersecurity5:39​ - Creating CISOHandbook.com7:35 - What is CISOSHARE?9:38​ - What is CyberForward?11:15​ - Thoughts on the cybersecurity skills gap 17:40​ - Mentoring students through CyberForward25:13​ - The training value system is broken29:33 - Creating a network of support32:44 - Helping the “beaten down” break through36:52 - What’s next for CyberForward?39:15 - Advice for getting started in cybersecurity43:28​ - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastMike Gentile is the Founder, President and CEO of CISOSHARE, headquartered in San Clemente, CA. He has led the company since inception to become a global leader in security program services and solutions. Initially an experiment, the CISOSHARE culture centers around learning and teaching to make the confusing security discipline understandable.In 2019, Mike founded CyberForward Academy by CISOSHARE using this learning and teaching culture to address both the cybersecurity resource shortage and the livable wage gap issues felt in many communities. This partner-enabled professional development program identifies and then rapidly develops effective job-ready cybersecurity professionals.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

What does a malware analyst do? Find out on today’s episode featuring Dr. Richard Ford, Chief Technology Officer of Cyren. Richard talks about breaking into the field, whether a computer science degree is or isn’t essential for the role, and an early program he wrote to brag about his high score to his classmates! 0:00​ - Intro 2:30 - Richard’s cybersecurity origin story6:07​ - Being an IBM anti-malware researcher in the 90s9:18​ - How malware has evolved11:27​ - Major career milestones18:14​ - Two types of malware analysts21:42​ - How to get hired as an entry-level analyst25:45​ - Day-to-day malware analyst tasks29:40 - Transitioning to an analyst role without any experience34:30 - What does Cyren do?37:25​ - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastDr. Richard Ford is the Chief Technology Officer of Cyren. He has over 25 years’ experience in computer security, working with both offensive and defensive technology solutions. During his career, Ford has held positions with Forcepoint, Virus Bulletin, IBM Research, Command Software Systems and NTT Verio. Dr. Ford has also worked in academia, having held an endowed chair in Computer Security, and worked as Head of the Computer Sciences and Cybersecurity Department at the Florida Institute of Technology. Ford holds a bachelor’s, master’s and D.Phil. in Physics from the University of Oxford. In addition to his work, he is an accomplished jazz flutist and instrument rated private pilot.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

We’re making cybersecurity training fun with today’s episode, which is all about gamification! Jessica Gulick of Katczy discusses the Wicked6 Cyber Games, the Women’s Society of Cyberjutsu, and the ways in which cyber games could rise to the ranks of other televised esports.0:00​ - Intro 2:16​ - Starting in cybersecurity after 9/113:28​ - Major career milestones so far7:08​ - Day to day duties as a CEO 11:00​ - Cybersecurity burnout and ongoing learning13:16​ - Let’s dig into gamification!19:11​ - How to design deeper gamification 22:32 - Selling gamification to leadership28:45 - Wiked6 Cyber Games35:10 - Gamified security awareness campaigns37:42​ - Can gamification help grow the talent panel42:05​ - Working with the Women’s Society of Cyberjutsu49:58​ - What’s next for these gamified cyber events?52:20​ - Outro– Try our Choose Your Own Adventure® Zombie Invasion game: https://www.infosecinstitute.com/iq/choose-your-own-adventure/ – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastJessica Gulick is CEO of Katzcy, a woman-owned growth firm specializing in cybersecurity marketing and cyber games. She is also President of the Board at the Women’s Society of Cyberjutsu, a 501c3 dedicated to advancing women in cyber careers. Jessica is a 20-year veteran in the cybersecurity industry and a CISSP.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

From working the help desk to becoming FireEye’s Chief Security Strategist and founding his own company Kolide, Jason Meller has a wealth of experience to share about moving up the cybersecurity ladder. On today’s episode, he discusses his security journey, including working one of the best help desk jobs of all time, bluescreening his friends in the Wild West days of the Internet and sharing advice for up-and-coming cybersecurity professionals.0:00​ - Intro 2:22​ - Pixar movie Soul and finding his "spark"6:40​ - The Wild West of cybersecurity7:56​ - Working at the best help desk ever12:13​ - Becoming a cyber threat analyst18:02​ - The importance of soft skills21:23​ - Becoming a chief security strategist at FireEye24:38​ - Working solo vs in a team25:55​ - Adding a new superpower with your talents28:03​ - Should you leave your job?31:10​ - Exploring the psychology of security36:34​ - Security veterans and mentorship40:30​ - What is Kolide?44:30​ - The new work/life balance of security46:40​ - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastJason Meller is the CEO and founder of Kolide. Jason has dedicated his career to building products and tools that enable security experts to successfully defend western interests from sophisticated and organized global cyber threats. He started his security and product career at GE's elite computer incident response team, led by Richard Bejtlich (the father of modern network security monitoring). From there, Jason moved to the legendary Mandiant corporation (acquired by FireEye) quickly working his way up from an entry level analyst position to becoming the Chief Security Strategist. As Chief Security Strategist at FireEye, Jason was responsible for rapidly building products and services with an engineering strike team to facilitate and grow high-profile partnerships and key strategic initiatives.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

NetOps, SecOps and CloudOps — you’ll learn about it all on today’s episode featuring Raju Chekuri, CEO of NetEnrich. Raju shares his career journey, discusses his work helping new tech and cybersecurity startups, and explains why clinging blindly to a five-year plan can be a recipe for disaster.0:00 - Intro 2:12 - Getting started in cybersecurity3:38 - How the security landscape has changed8:27 - Complexity and scope of cybersecurity10:05 - 16+ years at NetEnrich14:30 - Going beyond governance to do it right17:30 - Strategies for upping ITOps along with business22:50 - Examples of companies doing it right24:55 - Helping startups become successful30:45 - Keys to a solid business plan33:42 - Mentorships in security and startups36:25 - Being an entrepreneur & humanitarian40:15 - What's next for NetEnrich?46:18 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastRaju founded NetEnrich in 2004 after a successful IT career as an entrepreneur, visionary and business leader in Silicon Valley. He has led the company’s growth as SaaS for digital operations while innovating for AIOps and cybersecurity solutions. Raju is currently the chairman of the board at OpsRamp, a spin-off from NetEnrich. Previously, he founded Velio Communications, Inc., and led it to its acquisition by LSI Logic and Rambus in 2003. Raju earned an MBA at St. Mary’s College of California and a Bachelor of Technology at Kakatiya University. About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Learn about different cybersecurity roles and career paths in this wide-ranging conversation with today’s guest Tyler Cohen Wood. Tyler discusses working as a senior intelligence officer for the Defense Intelligence Agency (DIA), overseeing cyber risk for AT&T and writing her book Catching the Catfishers. We talk about online privacy, implementing complex cybersecurity systems, healthcare security shortcomings in the age of COVID — and her blue-haired, pre-cyber years working in the record industry! 0:00 - Intro2:20 - Getting into IT & security4:20 - Digital forensics & incident response6:18 - Moving up the cybersecurity ladder9:40 - Working with complex systems12:57 - Director of Cyber Risk at AT&T15:37 - Becoming a cybersecurity consultant22:30 - Sharing too much personal info26:20 - Work from home privacy & security33:18 - Cybersecurity career tips37:33 - Cybersecurity hiring & diversity39:51 - Healthcare privacy & HIPAA changes48:53 - Future career plans50:15 - Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastTyler Cohen Wood is a cyber-authority with 18+ years of highly technical experience. As a cyber intelligence and national security expert, as well as three-time author and public speaker, Tyler is relied on for her wealth of knowledge and unique insights. She served with the DIA as a senior intelligence officer where she developed highly technical cyber solutions and made recommendations to significantly develop and change critical cyber policies and directives, which affected current and future intelligence community programs. She has helped the White House, DoD, federal law enforcement and the intel community thwart many cyberthreats to the U.S. She is the author of the book Catching the Catfishers. About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Learn all about Kubernetes, its possible misconfigurations and vulnerabilities, and how it applies to cloud security on today’s episode, featuring Michael Foster, a Cloud Native Advocate at StackRox. Michael discusses intrinsic Kubernetes security issues compared with those that come from improper use, the work of a Cloud Security Advocate, his time in the Chicago Cubs and more.0:00 Intro 2:03 Getting started in tech4:09 From Cubs to security8:10 What is Kubernetes?10:45 Kubernetes issues & CNCF roadmap14:50 Types of vulnerabilities19:10 Kubernetes checklist and wishlist23:30 Role and duties at StackRox25:30 Cloud security skills & careers31:30 Future of Kubernetes33:28 What is StackRox?35:35 Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastMichael Foster is a passionate tech enthusiast and open-source advocate with a multidisciplinary background. As a Cloud Native Advocate at StackRox, Michael understands the importance of building an inclusive community. Michael embraces all forms of automation, focusing on Kubernetes security, DevOps, and infrastructure as code. He is continually working to bridge the gap between tech and business and focus on sustainable solutions. About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

We’re going back into the world of digital forensics careers with today’s guest, Tyler Hatch of DFI Forensics! Tyler tells us about moving from being a lawyer into the field of digital forensics, key traits of great forensics professionals and how to prove that incriminating evidence on a defendant’s laptop isn’t always what it seems. 0:00 Intro 2:46 Getting started in tech5:24 Lawyer vs forensics12:11 Staff and cases18:45 Responsibilities and tasks24:10 Digital forensics files podcast27:45 Getting hired30:40 Covid-19 work impact33:16 Future of forensics40:17 Breaking into forensics42:43 Outro– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastFollowing a six-year legal career that included representing clients in legal proceedings in small claims, the Supreme Court and a variety of administrative tribunals in B.C., Tyler found his way into the fascinating world of digital forensics and never looked back. Tyler is a Certified Computer Forensics Examiner (CCFE) and a Certified Mobile Forensics Examiner (CMFE) and is always training and receiving education to further his knowledge and understanding of computer forensics, IT forensics, digital forensics, cybersecurity and incident response. Tyler formed DFI Forensics in July 2018 and is the host of the “Digital Forensics Files” podcast. He is also a frequent contributor of written articles to various legal and digital forensics publications, including AdvocateDaily.com, LawyersDaily.ca, eForensics Magazine and Digital Forensics Magazine. About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Help your C-suite get serious about cybersecurity with today’s episode, featuring Mathieu Gorge. Using his Five Pillars of Security Framework and his book, The Cyber Elephant in the Boardroom, Mathieu takes complex, confusing regulatory frameworks and maps them in a language that non tech-fluent board members can understand. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastMathieu Gorge is the author of the new ForbesBooks release, The Cyber Elephant in the Boardroom: Cyber-Accountability with the Five Pillars of Security Framework. He is also the CEO and founder of VigiTrust, a cybersecurity company with clients in 120 countries. Mathieu has over 20 years of IT security and risk management experience and is much-sought after for his expertise. As an authority on cybersecurity solutions, he has been asked to speak at conferences including RSA, ISSA and ISACA. About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

It’s been a busy week for cybersecurity professionals as they respond to the SolarWinds breach. On December 13, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to immediately “disconnect or power down SolarWinds Orion products" as they were being actively exploited by malicious actors.Infosec Skills author and KM Cyber Security managing partner Keatron Evans is helping numerous clients respond to the breach. In this live discussion and incident response demo (recorded Friday, December 18) he covers: – What happened with the SolarWinds supply chain attack– Immediate action you can take to protect your systems– Industry responses to help mitigate the incident– Live demo of Snort, memory forensics and Zeek– Q&A with live attendeesLive walkthroughs from Keatron can be found here:– Full video presentation: https://www.youtube.com/watch?v=5lc4HtmEYl4 – 10-minute Snort demo for SolarWinds and Sunburst incident response: https://www.youtube.com/watch?v=wG8dLV-LZwY– 10-minute memory forensics demo of SolarWinds and Sunburst: https://www.youtube.com/watch?v=uLGLCv1Cu6AAdditional resources discussed by Keatron:– FireEye Mandiant SunBurst countermeasures: https://github.com/fireeye/sunburst_countermeasures– McAfee analysis into the Sunburst backdoor: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/– Keatron's free Cyber Work Applied training videos: https://www.infosecinstitute.com/learn/– Keatron's Infosec Skills courses: https://www.infosecinstitute.com/authors/keatron-evans/About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Ever thought of hiring a ransomware negotiator, or becoming one yourself? On today’s episode, Kurtis Minder of GroupSense tells us what makes a good ransomware negotiator, why setting the right tone is crucial in a successful negotiation and why, in the right situation, you can get away with referring to a ransomer as “grasshopper.” We’re also excited to announce a new, hands-on training series called Cyber Work Applied. Every week, expert Infosec instructors and industry practitioners teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You’ll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free! Check out the link below to start learning.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAs the CEO and co-founder of GroupSense, Kurtis Minder leads a team of world-class analysts and technologists providing custom cybersecurity intelligence to some of the globe’s top brands. The company’s analysts conduct cyber research and reconnaissance and map the threats to client risk profiles. Kurtis arrived at GroupSense after more than 20 years in roles spanning operations, design and business development at companies like Mirage Networks (acquired by Trustwave), Caymas Systems (acquired by Citrix) and Fortinet (IPO).About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Let’s talk about the practice of finding vulnerabilities! For Ted Harrington, Executive Partner of ISE, it’s much more than a job, it’s a life mission. Ted joins the Cyber Work Podcast to discuss being part of the first team to hack the iPhone, as well as thinking like a hacker to avoid being hacked yourself. He also gives advice for people who would rather sell their wares online this holiday season than spend all day thinking about security. The world has been moving in the direction of holiday shopping online for quite some time now, but with things being what they are in 2020, that trend is likely to grow exponentially upward as stores become either closed to the public or only open to a few people at a time for safety. Either way, that means a lot of online transactions, and a lot of juicy targets for cybercriminals.– Get Ted's book, "Hackable: How to do application security right": https://hackablebook.com – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastTed Harrington, Executive Partner at ISE is finding new ways to protect digital assets. He's helped companies like Disney, Amazon, Google, Netflix and Adobe fix tens of thousands of security vulnerabilities. His team at ISE is composed of ethical hackers known for being the first to hack the iPhone, where he applies his think-like-a-hacker mentality to constantly adapt to fresh security and software development challenges.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Dive into all things Apple security with today’s guest, Kelli Conlin, Security Solutions Specialist at Jamf. Learn about securing devices across multiple operating systems, the hidden-in-plain-sight Apple security Bible, and why Kelli’s mom isn’t allowed to use the 15-year-old Mac laptop Kelli is still hanging on to after all these years.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastKelli Conlin is a Security Solutions Specialist at Jamf focused on helping organizations be more secure with Apple. Prior to joining Jamf, Kelli was an Intelligence Analyst in the U.S. Air Force supporting special operations before starting an IT career path. Kelli currently lives in Tampa, FL with her husband, son, two cats and a miserable husky.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today we’re talking cloud security and work-from-home. If you’ve ever checked your work email on your personal phone – I know you have, because we’ve all done it! – or touched up some time-sensitive spreadsheets on the same ipad your kids use to play Animal Crossing, Terence Jackson, Chief Information Security & Privacy Officer of Thycotic, is going to tell you how to tighten up your security protocols to ensure that work-from-home doesn’t become breach-from-home!– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastWith more than 17 years of public and private sector IT and security experience, Terence Jackson is responsible for protecting the company’s information assets. In his role, he currently leads a corporate-wide information risk management program. He identifies, evaluates and reports on information security practices, controls and risks in order to comply with regulatory requirements and to align with the risk posture of the enterprise. Prior to joining Thycotic, Terence was the Director of Cybersecurity and Professional Services for TSI, a Virginia based Inc. 5000 company. He has also worked as a Senior Security Consultant for Clango, Inc., a top Identity and Access Management (IAM) consultancy. He was featured in and also was a contributor to the book “Tribe of Hackers.”About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

The final episode in our two-week long daily series includes four guests from the past two podcasts: David Hansen, Senior Analyst, Corporate IT Security & Compliance for Brookfield Renewable; Dan Teitsma, Information Security Specialist/Program Manager for Amway; Donna Gomez, Security Risk & Compliance Analyst for Johnson County Government in the State of Kansas; and Tomm Larson, Cyber Security Awareness Lead at Idaho National Laboratory. Our guests, along with moderator Tyler Schultz, answered questions that were sent in live during our virtual Infosec Inspire conference in September, including topics like the changes in awareness strategies in the face of mass work-from-home scenarios due to COVID, key traits to look for when hiring security awareness storytellers, and more. Thanks for joining us for this 12-episode series. We’ll return on Monday with our normal weekly episodes.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

The old saying goes, it takes a village to raise a child. In the case of Brookfield Renewable’s Senior Analyst David Hansen and Amway’s Information Security Specialist Dan Teitsma, their village is global. It takes a collaborative network of peers to plan and manage a worldwide security awareness and training program. If that sounds daunting, let Dan and David walk you through their blueprints for getting buy-in from stakeholders and designing feedback loops that allow them to tailor their programs to be culturally relevant and appropriate to employees.For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Communication, creativity and empathy are crucial in shifting from what we call a “have-to” security mindset (i.e., “I have to take this precaution because IT said so”) to a “want-to” mindset, which suggests employee buy-in to a company’s security policy beyond simply ticking off a to-do box or watching a training video. In today’s episode, Donna Gomez, Security Risk and Compliance Analyst for Johnson County Government in the State of Kansas, and Tomm Larson, Cyber Security Awareness Lead at Idaho National Laboratory, share security awareness and training strategies for putting learner experiences first, engaging employees and building your team with the right blend of talents to foster a strong security culture.For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

In today’s episode, two guests from our September Infosec Inspire event answer all questions related to security awareness. Keynote speaker Jinan Budge, Principal Security and Risk Analyst at Forrester, and Bruce Hallas of the “Rethinking the Human Factor” podcast took questions from our virtual audience, including where to focus your time and budget in educating your staff at times other than Security Awareness Month, picking employees to be security champions, and maturing your organization’s security culture. For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Back in October, Cyber Work featured Bruce Hallas, author, speaker and host of the “Rethinking the Human Factor” podcast, to talk about his security awareness journey and strategies. In today’s episode, taken from the Infosec Inspire virtual conference, Bruce joins host Kristin Zurovich to talk about the ways that companies can move their security awareness strategies from a “have to” mindset, as in “I have to remember to do this because IT will yell at me if I don’t” to a “want to” mindset, in which security becomes not just a check-mark on a to-do list, but something that everyone in your company takes personal ownership of after the security training modules have been finished.For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Steve Jobs once said, "The most powerful person in the world is the storyteller. The storyteller sets the vision, values and agenda of an entire generation that is to come." But it’s not just the C-suite who has this power – everyone has access to the powers of storytelling to enhance security awareness. Today’s episode features Sarah Moffatt, a talent development expert, leader, coach and speaker. Her passion in life is working to empower and excite people about the practice of security, and if you stick around for today’s episode, you’ll find out how!For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

In the last two episodes, we talked about the importance of upskilling in employee engagement and retention and building stronger security teams by training for career progression, not just immediate tasks. Today, the guests of those two episodes, Jessica Amato of Raytheon Technologies, Romy Ricafort of Comcast Business, Katie Boswell of KPMG Cyber and Jason Jury of Booz Allen Hamilton answer some questions related to those discussions. They explore finding and recruiting new and novice cyber talent, methods of making diversity a robust part of your hiring strategy, best practices for the always scary process of moving between different career tracks, and a lot more.For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

On today’s episode, we discuss the strategies organizations can use to build stronger cybersecurity teams. Katie Boswell, Director of KPMG Cyber, and Jason Jury, Lead Associate at Booz Allen Hamilton, take you behind the scenes of KPMG's Cyber Academy and Booz Allen Hamilton's Cyber Core programs to share inspiration and strategies for building security talent internally and providing staff with progressive career path opportunities.For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Today we dive into a hot topic in the cybersecurity world: how to upskill, engage and retain your cybersecurity workforce. Jessica Amato, Operations Manager at Raytheon Technologies, and Romy Ricafort, Senior Director Sales Engineering at Comcast Business, know first-hand the powerful role an investment in skills development can have in engaging their employees. They’ve designed security training programs around empowering their staff with an emphasis on career progression, not just short-term problem solving. They’re here to share the strategies that have helped Raytheon and Comcast develop and strengthen employees!For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

In the last two episodes, we talked about flipping the talent funnel and using the NICE Cybersecurity Workforce Framework to customize your company’s security training. Today, the guests of those two episodes, Danielle Santos, program manager at the National Initiative for Cybersecurity Education, Leo Van Duyn, Cybersecurity & Technology Workforce Development Strategy at JPMorgan Chase, and Karl Sharman, Head of Cyber Solutions & Consultancies at Stott & May, answer some questions related to those discussions. Danielle, Leo, and Karl discuss mentoring as a method to upskill less experienced members of your team, the unseen training costs of employee churn and a lot more.For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

We continue our twelve straight days of episodes with a discussion around the NICE Workforce Framework for Cybersecurity featuring Danielle Santos, program manager at NICE, Leo Van Duyn, Cybersecurity & Technology Workforce Development Strategy at JPMorgan Chase, and Infosec moderator Megan Sawle. Danielle and Leo explain how to provide targeted, role-based training based on knowledge, skills and competencies and guide you step-by-step through creating custom role profiles to match your organization’s specific cybersecurity needs.For twelve days in November, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

For the next twelve days, Cyber Work will be releasing a new episode every single day. In these dozen episodes, we’ll discuss career strategies, hiring best practices, team development, security awareness essentials, the importance of storytelling in cybersecurity, and answer some questions from real cybersecurity professionals and newcomers. In our first episode, entitled “Flip the funnel: Fixing the cybersecurity talent pipeline challenge,” former Cyber Work Podcast guest Karl Sharman, Head of Cyber Solutions & Consultancies for Stott & May, and Infosec’s Director of Research & Product Marketing Megan Sawle drill down into the notion of the skills gap. Karl and Megan know that the skills gap is a significant challenge, but with actionable guidance to help fill vacant cybersecurity roles, you can think like successful security and IT leaders and improve recruiting, hiring and retention without relying on “unicorn” candidates to wander in. – Download Infosec’s 2020 IT & security talent pipeline study: https://www.infosecinstitute.com/form/2020-hiring-study-report/ – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

A very special co-host joins today’s episode of Cyber Work! Infosec founder and CEO Jack Koziol stops by to meet Eric Milam and dig into BlackBerry’s work on a massive research project about the threat actor group BAHAMUT. Eric discusses how their research found connections within a group that targets everyone from Indian oil tycoons to Middle Eastern government officials, the key skills his research team needed to do the work, and what the dinner-table conversations are like when you’re aggressively pursuing a nation-state attack group.– Download the report, BAHAMUT: Hack-for-hire masters of phishing, fake news and fake apps: https://www.blackberry.com/us/en/forms/enterprise/bahamut-report – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastEric Milam is the VP of Research Operations at BlackBerry where he and his team track malware threats and threat actors. During his time at BlackBerry, he discovered and published the details of numerous emerging threats and malware variants actively being exploited in the wild. Prior to joining BlackBerry, Eric was a highly regarded penetration tester and frequent conference speaker, widely known for his red-teaming exploits.About InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

George McPherson, host of the “Blak Cyber” podcast, has an impressive background in IT and information security. On today’s episode, he discusses his cybersecurity journey, talks about his mentors and inspiration, and shares advice for learning cybersecurity and moving up the career ladder.– Get your free security awareness toolkit: https://infosecinstitute.com/ncsam2020 – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastWhen George McPherson was pulled through the ranks and pinned as a 21-year-old Sergeant in the U.S. Army over 20 years ago, he learned two things about himself. He could accomplish anything he put his mind to, and he would always pull others up if he was in a position to do so. George prides himself on integrity, an insane work ethic, attention to detail and (his greatest super power) outside-the-box creativity. With 25 years in the technology industry, the first 18 in telecom and the last seven in cybersecurity, George has had the opportunity to work in industries such as the military, telecom, local government, healthcare and electric utility.About InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

The amount of data organizations hold has exploded — along with the risk it poses. Today’s guest is Very Good Security CEO and co-founder Mahmoud Abdelkader, who wants to solve the problem of sensitive data by removing it from the equation (by replacing it with decoy data). It’s an intriguing idea as having less worry about data security frees resources up to focus on other areas of cybersecurity. Mahmoud talks about the future of data security, how these new solutions do and don’t help with privacy regulations, and what cybersecurity professionals can do to prepare for a future where the amount of data continues to grow every year.– Get your free security awareness toolkit: http://infosecinstitute.com/ncsam2020 – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastMahmoud Abdelkader is the CEO and co-founder of Very Good Security. He was previously CTO and co-founder of Balanced Payments (exited to Stripe). Prior to that, Mahmoud designed automated product matching systems at Milo.com (acquired by eBay) and built high-frequency trading systems for Wachovia Securities, now a part of Wells Fargo. With experience ranging from Wall Street to early-stage startups, Mahmoud is passionate about democratizing data security. He started Very Good Security to make best-in-class security and compliance attainable for businesses of all sizes.About InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

Bruce Hallas has a lot to say about security awareness and the fostering of security culture throughout an organization. His podcast, “Rethinking the Human Factor,” is now also a book, and he recently spoke at our Infosec Inspire Cyber Skills Virtual Summit. On today’s episode, Bruce talks about changing behaviors rather than setting rules, new ways to think about security awareness, and different industry and job search tips, particularly for those who want to get involved with cybersecurity in a totally non-technical capacity. – Get your free security awareness toolkit: http://infosecinstitute.com/ncsam2020 – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastBruce Hallas is an enthusiastic advocate, consultant, trainer and speaker in the field of information security awareness, behavior and culture. He has worked over 20 years as an information security manager, practice manager and consultant to lead and support positive change that helps organizations manage risk. As creator of the SABC™ (Security Awareness, Behavior & Culture) Framework, Bruce advocates the role of the human factor in information security through speaking engagements and his "Re-thinking the Human Factor" podcast and book.About InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

The story of today's guests is ripped straight from the headlines. Gary DeMercurio and Justin Wynn, both of the company Coalfire, were arrested at the Dallas County Courthouse while doing red team pentesting for the State of Iowa’s judicial branch. Their story is fascinating, and they discuss that fateful night as well as ways in which similar incidents could be avoided in the future. You can’t be too timid as a red teamer, they say. "If you're bragging as a red teamer about how you've never been caught, you're not pushing the operation as far as you should. You SHOULD be caught sometimes." – Get your free security awareness toolkit: https://infosecinstitute.com/ncsam2020 – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastGary DeMercurio runs one of the largest groups in Coalfire Labs as a Senior Manager working with technologies every day. His expertise focuses on social engineering, physical testing and network devices. At Coalfire, Gary manages day-to-day business involved with FedRAMP, PCI, HIPPA and penetration testing, while helping to spearhead the physical and social engineering portion of testing.As a Senior Security Consultant, Justin Wynn is responsible for actively compromising and reporting on virtual environments typically encountered at Fortune 500 companies. Justin performs wireless, physical, red team and social engineering engagements. Justin also conducts research to include the production of open-source models for printing/milling to aid in red team engagements, with specific regard to tool gaps in the locksport industry as well as master keys for access control/elevator overrides. Currently, Justin is researching security vulnerabilities in various RFID devices.About InfosecAt Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.

Despite being told she was “too young, too inexperienced, and too naïve” to contribute anything to the industry, Christine Izuakor decided to pursue a Ph.D. in Security Engineering at the age of 23. Four years later she completed the program, making her the youngest student and first African American woman to do so. On today’s episode, Dr. Izuakor talks about being a security engineering prodigy, hiring for a diverse workforce and her new company, Cyber Pop-up, an on-demand cybersecurity service platform powered by vetted freelancers.– Get your free security awareness toolkit: http://infosecinstitute.com/ncsam2020 – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastChristine Izuakor is a Houston native, born of two parents who immigrated to America from Nigeria to pursue higher education. Starting from humble beginnings, Christine has always been motivated to maximize on the opportunities her parents and community created for her. In 2013, Christine decided to pursue a Ph.D. in Security Engineering at the University of Colorado. Her research contributions were published in numerous international journals, and she presented in international conferences from South Korea to Rome, Italy. During this entire journey, Dr. Izuakor also maintained a full-time job within the cyber security team of a Fortune 100 company. Most recently, in 2020, Dr. Christine Izuakor shook up the industry with her departure from the corporate arena coupled with the launch of her new cybersecurity startup, Cyber Pop-up (www.cyberpopup.com), an on-demand cybersecurity service platform powered by vetted freelancers.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

What exactly is the cloud? And how do you secure infrastructure that is not your own? On today’s episode, Oliver Tavakoli, chief technology officer at Vectra AI, discusses current cloud security best practices as well as tips he’s picked up during his 25-year cybersecurity career. He also has some good advice for people thinking of starting their own company (hint: have cash saved up, you're going to be money-losing for quite a while!).– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastOliver Tavakoli is a technologist who has alternated between working for large and small companies throughout his 25-year career – he is clearly doing the latter right now. Prior to joining Vectra AI, Oliver spent more than seven years at Juniper as chief technical officer for the security business. Oliver joined Juniper as a result of its acquisition of Funk Software, where he was CTO and better known as developer #1 for Steel-Belted Radius. Prior to joining Funk Software, Oliver co-founded Trilogy Inc., and prior to that, he did stints at Novell, Fluent Machines and IBM. Oliver received an MS in mathematics and a BA in mathematics and computer science from the University of Tennessee. About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Learn all about cybersecurity job hunting with Eric Jeffery, senior managing consultant and solutions architect for IBM Security. Eric created the "Cyber Security Gray Beard" podcast to share his job experiences and help others advance their careers so they too can enjoy professional happiness in the cybersecurity industry. We dive deep into job hunting, rebounding if you've been fired or let go, ways non-technical people can make an impact in cybersecurity and other types of career advice he dispenses on his show.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastEric Jeffery has over 20 years’ experience in cybersecurity and currently works as a senior managing consultant and solutions architect for IBM Security. Eric has extensive industry experience with stints in entertainment, defense, aerospace, healthcare and technology, among others. He’s published numerous articles and spoken at several conferences around the U.S. and Canada. He runs a podcast under the moniker of Cyber Security Grey Beard® where he helps students and early professionals begin and grow in the cybersecurity field. Eric lives outside of Denver, Colorado, with his wife and has four grown children.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

This week we're excited to have back one of the major figures in digital forensics, Paraben CEO Amber Schroader. Amber dives deep into the specific forensics skills you need to be successful, traits that make a good forensics investigator (her best team member is someone with a psychology background!) and the art of understanding language and semantics — all while walking us through key moments of a case. If you're looking towards career advice in computer forensics, get ready to learn from one of the best!– Don't miss Amber's live forensics demo on Discord: https://www.youtube.com/watch?v=7jdVqtXT5d8– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAmber Schroader is the CEO & Founder of Paraben Corporation. She has spent the last two decades as a driving force for innovation in digital forensics. Amber has developed over two-dozen software programs designed for the purposes of recovering digital data from mobile phones, computer hard drives, email and live monitoring services. In addition to designing technology for digital forensics, she also spearheaded the procedures for mobile and smartphone devices as well as the emerging field of IoT devices. Amber is the patent holder on the EMI shielding container, otherwise known as a Faraday bag, as well as inventor to many other shielding products. Amber has written and taught numerous classes for this specialized field as well as founded multiple certifications in the field. Ms. Schroader continues support through book contributions and other industry speaking engagements.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Get a peek behind the curtain of security architecture careers from Pranshu Bajpai, a security architect with Motorola who recently earned his doctorate in computer science with an emphasis on ransomware research and analysis. Pranshu discusses how to break into security architecture and build the skills you need for that type of a career. In particular, he says academic study at that height mostly prepares you for research and teaching work, and there are there are quicker and easier ways to build up your skill set.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastPranshu Bajpai has research interests in systems security, malware, digital forensics and threat intelligence. He has authored several papers for reputed magazines and journals including IEEE, Elsevier, ACM and ISACA. His work has been featured in various media outlets including Scientific American, The Conversation, Salon, Business Standard, Michigan Radio, GCN, GovTech and others. He is an active speaker at conferences and has spoken at APWG eCrime, DEFCON, GrrCon, Bsides, ToorCon and many others. He obtained his doctorate in Computer Science from Michigan State University and master's in Information Security from Indian Institute of Information Technology. About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Whose responsibility is privacy, and what skills do you need to effectively implement and carry out new regulations like the right to be forgotten? On today's episode, Gabe Gumbs, Chief Innovation Officer at Spirion, discusses how GDPR and CCPA are affecting cybersecurity careers and how the data privacy job market will shift in the coming years. He also shares his thoughts on the much-discussed cybersecurity skills gap — and why it's never really existed.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastGabe Gumbs has a deep-rooted passion for technology, information security and problem solving. As Chief Innovation Officer of Spirion, a leader in rapid identification and protection of sensitive data, he’s channeling that passion to make the digital world a safer place. By spearheading Spirion’s vision for data privacy in the next decade and beyond, he’s leading the way to a more secure and private future for us all.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Few people know what it's like to help take down a $1.2 billion dollar Ponzi scheme, but that's exactly what today's guest did. Sam Rubin, VP at The Crypsis Group, explains how he had to re-create the crime within a courtroom, as well as the tasks of digital forensics folks at all levels, from intern to the person giving the testimony. There's a good chance you may want to go into a career in forensics after listening to all of Sam's stories.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastSam Rubin is a Vice President at The Crypsis Group, where he leads the firm’s Managed Security Services business, assists clients and develops the firm’s business expansion strategies. Sam is an industry-recognized cybersecurity professional with wide-ranging expertise in data breach incident response, digital forensics and cybersecurity risk management. Sam frequently serves as an expert witness and has provided expert opinions in numerous high-stakes matters, including a landmark civil trade secret misappropriation case, a criminal securities fraud matter and civil litigation stemming from a multi-billion-dollar Ponzi scheme. Sam is a frequent presenter, author and lecturer on cyber-related topics, including digital forensics and incident response, insider threats and information security best practices. Before joining Crypsis in 2017, Sam was at Stroz Friedberg, where he was Managing Director and head of the company’s west region digital forensic practice.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Go deep into the weeds of Threat Modeling with Infosec Skills author Geoffrey Hill. He shares his Arnold Schwarzenegger impersonation, waxes rhapsodic about the Radio Shack TRS-80 computer and explains threat modeling as a controlled form of sci-fi storytelling: "you can imagine a completely different world every day." He also provides excellent insight into the day-to-day duties of a threat modeler. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastGeoffrey Hill has been in the IT industry since 1990, when he wrote and sold C++ based solutions to measure risk in the commodities markets in New York City. Since then he has worked around the world, specifically New York, Sydney, Tokyo, Emmerich-am-Rhein and London. In the mid-2000s, He was the main custodian of the Microsoft Security Development Lifecycle (SDL) initiative in the UK and then international services organization as part of the Microsoft Security Center of Excellence (SCOE). From 2013 – 2018, he worked as the sole application security architect for Visa Europe in London, where he started Tutamantic Ltd, a producer of software risk automation. Geoff is the inventor of the Rapid Threat Model Prototyping (RTMP) methodology. This threat model methodology allows for quick modelling in Agile and DevOps environments.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

The demand for skilled cybersecurity professionals continues to grow, and effectively closing that gap requires a shared set of expectations around common work roles, core competency areas and upskilling employees.Join Leo Van Duyn, Cybersecurity & Technology Workforce Development Strategy at JPMorgan Chase & Co., and Bill Newhouse, Deputy Director of the National Initiative for Cybersecurity Education (NICE) to learn how your organization can use the NICE Cybersecurity Workforce Framework (soon to be renamed the Workforce Framework for Cybersecurity) to establish a common language around skill development, provide targeted role-based training, create custom role profiles to match your organization, and better identify, hire and cross-train employees.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Alissa Knight returns as the first ever three-peat Cyber Work guest, and the topic this week is — herself! Recorded at the end of pride month, Alissa talks about the benefits of diversity and inclusion when it comes to cybersecurity, her work hacking Bluetooth LE smart devices, her new company Knight Ink and a concept she’s created called “adversarial content.”– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAlissa Knight is a published author, the managing partner at Knight Ink, principal analyst at Alissa Knight & Associates and group CEO at Brier & Thorn. She is a recovering hacker of 20 years and as a serial entrepreneur has started and sold two companies prior to her ventures she runs now. Alissa is a cybersecurity influencer working for market leaders and challenger brands in cybersecurity as a content creator. Follow her on Twitter and LinkedIn, and subscribe to her YouTube channel to follow her adventures in entrepreneurship and cybersecurity.– YouTube: https://www.youtube.com/channel/UCejZj1i5m_UlwPqu_7IqBwQ– Twitter: https://twitter.com/alissaknight?lang=en– LinkedIn: https://www.linkedin.com/in/alissaknight/About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Today we're discussing a common career path, moving from networking to cybersecurity. Brad Pierce, Director of Network Security for HORNE Cyber, is a former network engineer turned pentesting and security professional. He does a great job of explaining the different skill sets required for network engineering versus cybersecurity, where those skills overlap and tips he picked up during his career transition.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastWith 15 years of experience in IT and cybersecurity, Brad Pierce, Director of Network Security for HORNE Cyber, focuses on collaborating with executive leadership teams to strengthen their security posture. He has experience working with organizations in various industries to uncover and remediate vulnerabilities and develop and implement security programs. Brad manages HORNE Cyber’s cybersecurity operations center where he, along with a team of cyber analysts, monitors live network traffic for clients in search of active threats. Brad creates information security awareness programs and guides clients on how to best address cyber risks and remediate vulnerabilities.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

We love red teaming here at Cyber Work, and this week we're excited to explore a topic just few shades down the spectrum: purple teaming! Luke Willadsen of EmberSec dives into the ways combining red and blue team operations can help stress-test your security department — and explains the benefits of a purple team better than we've ever heard it before. He also has some great stuff to say about the importance of soft skills like writing, reporting and, most crucially, empathy, since it may feel like a pentester holds the security team's career in their hands.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastLuke Willadsen currently serves as a security consultant with EmberSec, a By Light company. He began his cybersecurity career in the U.S. Navy, where he trained to conduct offensive security operations for the Department of Defense. He participated in daily computer network exploitation missions in support of national intelligence requirements and protection against foreign nation-state sponsored hackers. After separating from the U.S. Navy, Luke joined the start-up company IronNet Cybersecurity where he conducted penetration tests and vulnerability assessments, while also providing product development support and threat hunting capabilities. Following his time at IronNet, Luke worked as a director at a security consulting firm, where he specialized in red teaming, penetration testing, intelligence gathering, threat hunting, digital forensics and technical writing. Luke has an M.S. degree from Eastern Michigan University and is CISSP, OSCP and CEH certified.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Uncover the dark, sticky details of malware, ransomware and other nasties that reside one unguarded click away. On today's episode, Danny Jenkins, CEO and Co-Founder of ThreatLocker®, talks about some of the ways these ever-evolving malware types can ruin your digital life, the nuts and bolts of malware analysis, and why your CISO should be "annoying you if they're doing their job."– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastDanny Jenkins is a technical guru with a deep understanding of corporate IT and cybersecurity. He has an entrepreneurial background and two decades of experience in building and securing corporate networks. Before taking the reins at ThreatLocker, Danny held CEO and CTO positions at multiple IT companies and founded a few cybersecurity businesses of his own.  About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

Students high school age and younger are getting fast-tracked into cybersecurity. Some are even learning concepts like packet tracing at just six years old, says Victor “Vic” Malloy, an Independent Consultant working with the CyberTexas Foundation as their General Manager. On today's episode, Vic shares his wealth of engaging stories about inspiring young people through the CyberTexas Foundation, getting people of all ages interested in cybersecurity and developing the next generation of the workforce.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastVic earned a bachelor’s degree from the University of North Texas and a master’s degree from Webster University. He had multiple assignments over 13 years working in cyberspace security at multiple network operations and security centers in the U.S. Air Force. His last position in the Air Force was overseeing daily cyber operations tasked missions within the AF Cyberspace Operations Center, which was responsible for the cyber defense of all Air Force global networks and the global employment of cyberspace capabilities to support ongoing combat operations. Previously, he served as Chief Information Officer for National Security Agency/Central Security Service in Texas. About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Take a deep dive into the world of cyber threat intelligence with today's guest, Charles DeBeck of IBM’s X-Force Incident Response and Intelligence Services. Threat intelligence is all about research and storytelling, combining hands-on know-how with analytical thinking skills to make a true cybersecurity tactician! You’re not just preparing for the battle in front of you, but for the waves of attacks you’ll see in the future. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastCharles DeBeck is a Strategic Cyber Threat Expert for IBM’s X-Force Incident Response and Intelligence Services. He’s had a connected passel of job titles that encompasses risk management, risk analysis and vulnerability assessment, all of which have helped him in his current position.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

When it comes to your career, should you go red team, blue team or both? Today's guest is QuoLab Technologies Co-Founder Fabien Dombard, who's had roles ranging from penetration tester to malware incident responder to company founder. Fabien shares share thoughts on the skills, disposition and training needed in both defensive and offensive security roles, as well as tips on why you shouldn't be "networking," you should be "making new friends for the future."– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastWith over a decade of experience working in several diverse positions, as well as experiencing firsthand the evolution of security practices and technologies found around the world today, Fabien Dombard has been an integral part in building his new company, QuoLab Technologies, a developer of a collaborative and threat-driven Security Operations Platform (SOP). Prior to QuoLab, Fabien began working in small shop penetration testing roles in several European nations, and his renowned expertise and work ethic eventually led to him heading the Malware Incident Response Team for Deutsche Bank — one of the largest financial institutions in the world. He then founded QuoScient, located in Frankfurt, Germany, with the aim to reconcile humans and machines in the context of security operations, incident response and threat intelligence, and it is actually where QuoLab spun out from. Fabien is committed in his professional endeavors to reconcile human creativity and intuition with the complexity of information technology in the context of security operations. It was precisely this passion that drew him to conceptualize QuoLab and is what brings focus to him and his team moving forward.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Information security analyst is the fastest-growing job category in the U.S., with 32 percent overall growth expected between 2018 and 2028. Take advantage of this opportunity and learn about the updated CompTIA CySA+ certification, which was refreshed in April 2020 to align with the most in-demand skills in this growing field. Join Patrick Lane, Director of Products at CompTIA, in this audio version of our webinar to learn everything you need to know about the latest CySA+ certification and exam (CS0-002), including evolving security analyst job skills, common job roles for CySA+ holders, tips to pass the updated CySA+ exam and questions from live viewers.– Watch the video version of the webinar: https://www.youtube.com/watch?v=zj9yBtDUH8E– View the presentation's slides: https://www.slideshare.net/InfoSecInstituteEdu/comptia-cysa-certification-changes-everything-you-need-to-know– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Individuals and organizations are shifting routines to accommodate Coronavirus health concerns, and bad actors are updating their strategies to capitalize on the new opportunities. Aaron Cockerill, CSO of Lookout, discusses how cybercriminals are looking to cash in or otherwise disrupt organizations during the pandemic, as well how workplace security is evolving with so many individuals now working from home.– Free election security resources: https://www.infosecinstitute.com/iq/election-security-training/– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAaron Cockerill joined Lookout with nearly 20 years of software product management experience. As the Chief Strategy Officer, Aaron is responsible for developing, validating and implementing cross-functional strategic product initiatives that align with the Lookout vision of a secure connected world. Most recently, he served as VP of Mobile Technologies at Citrix, where he and his team were responsible for the development of Citrix’s mobile apps and container technology, while driving the acquisition of Zenprise. Prior to working on mobile technologies, Aaron drove the creation of Citrix’s desktop virtualization product, XenDesktop, which grew into more than $1 billion yearly revenue for Citrix during his five years of leadership. Before joining Citrix, Aaron worked for Akamai leading product management on their enterprise content delivery solution as well as working on the development and deployment of many of Akamai’s advanced content delivery networking technologies. Prior to that, Aaron led product management for OneSoft’s e-commerce system, and he held multiple positions at BHP Billiton in Australia. He holds a BE Materials (Honors) from Wollongong University, Australia.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

How can you stand out from the crowd when applying for your dream cybersecurity job, and how much should you make? Karl Sharman, a cybersecurity staffing and recruiting pro at BeecherMadden, answers those questions and more on today's episode. Learn how to get your foot in the door, how organizations can avoid writing Magical Unicorn Candidate job descriptions, and why the cybersecurity career landscape is closer to a diamond than a pyramid in shape.– Free election security resources: https://www.infosecinstitute.com/iq/election-security-training/– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastKarl Sharman is a former Head of Recruitment in Football (Soccer) that assisted in selling £1 million worth of talent for a variety of clubs. Since switching to cybersecurity recruitment in 2017, Karl is now the North America Practice Leader for prominent cybersecurity recruitment company, BeecherMadden. With 10 years of recruitment experience, he helps organizations identify, acquire and retain talent in the cybersecurity and risk management sector across North America. He consults the industry on career paths, salary benchmarking, talent pools, and recruitment and retaining strategies. Karl was featured in the top 1% of Search & Staffing Professionals globally by LinkedIn, and BeecherMadden won security recruitment company of the year for 2019.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

The 2020 presidential election is just around the corner, and cybersecurity is once again at the forefront. From disinformation campaigns and election-related vulnerabilities to lockdowns and vote by mail efforts due to COVID-19, we cover it all — and more — in this jam packed episode featuring returning favorite, John Dickson, Principal at Denim Group, Ltd.– Free election security resources: https://www.infosecinstitute.com/iq/election-security-training/– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastJohn Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd.  He has nearly 20 years of hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO’s) of Fortune 500 companies, including major financial institutions, launch and expand their critical application security initiatives.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Explore the hidden corners of the internet and the stolen identities that live there with today's guest, Amyn Gilani, Vice President of Product at 4iQ. He talks about his path from red teaming to cyber attribution intelligence, where bad guys hide on the internet, and what it's like to be “on a mission to unmask cybercriminals.”– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAmyn Gilani is the Vice President of Product at 4iQ, a Los Altos-based adversary intelligence company. Previously, he was a Chief Technologist at Booz Allen Hamilton where he provided expertise to federal and commercial clients focusing on incident response, red teaming, threat hunting and cybersecurity operations engineering. Prior to joining Booz Allen, Amyn was a Vice President in Information Security at Goldman Sachs where he led red team operations and emulated sophisticated attacks against securities trading platforms and payment systems. He began his career serving in the United States Air Force as an intelligence analyst and was on detail at the National Security Agency and United States Cyber Command.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Put on your white hat and learn how to hack for the good guys! Ethical hackers use the same techniques used by cybercriminals to assess an organization’s vulnerabilities and help keep them safe. Join Keatron Evans, Infosec instructor and Managing Partner at KM Cyber Security, in this audio rebroadcast of a popular webinar. You'll learn about getting started in ethical hacking, in-demand ethical hacking skills, popular ethical hacking training and certifications, common ethical hacking jobs and career paths, and more.– View the webinar recording of this episode on YouTube: https://www.youtube.com/watch?v=n3tl43QpnXM– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastKeatron Evans is regularly engaged in training, consulting, penetration testing and incident response for government, Fortune 50 and small business. In addition to being the lead author of the best selling book, Chained Exploits: Advanced Hacking Attacks from Start to Finish, you will see Keatron on major news outlets such as CNN, Fox News and others on a regular basis as a featured analyst concerning cybersecurity events and issues. For years, Keatron has worked regularly as both an employee and consultant for several intelligence community organizations on breaches and offensive cybersecurity and attack development. Keatron also provides world class training for the top training organizations in the industry, including Infosec Flex live boot camps and the Infosec Skills on-demand skill development platform.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Is what you're watching real, fake or a combination of both? Machine learning and artificial intelligence make it easier than ever to blur those lines, and cybercriminals are already exploiting the technology. Today's guest is Infosec Skills author Emmanuel Tsukerman, who literally wrote the book on machine learning for cybersecurity. He discusses the deep learning applications of cybercrime, how machine learning technologies are being used by security professionals, and ways you can leverage these new skills to help boost your cybersecurity career.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastDr. Tsukerman graduated from Stanford University and UC Berkeley. He began his cybersecurity career in a small startup as a cybersecurity data scientist, where he developed a machine-learning-based anti-ransomware solution that won the Top 10 Ransomware Products award by PC Magazine. In addition, Dr. Tsukerman designed a machine-learning malware detection system for Palo Alto Network's firewall service, securing over 30,000 enterprise customers in real time. He is the author of the “Machine Learning for Cybersecurity Cookbook” and the popular Infosec learning paths “Cybersecurity Data Science” and “Machine Learning for Red Team Hackers.”About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Dive back into the world of Red Team operations with today's guest, John Cartrett of the SpiderLabs team at Trustwave. He leads clandestine-style operations in simulated attacks on organizations to help them find their least expected and most dangerous vulnerability points and tighten them up. Despite being a newly hot practice that a lot of people are just getting into, John has been red teaming for five years, with another thirteen years before that of IT experience and other forms of offensive testing. Listeners are always asking how to get started in red teaming and what they need to know to get on that ladder, so we'll be talking about career strategies and skill sets — but I also want to know whether anything has changed or will now change in the light of the current global COVID-19 pandemic.  With red team staffs currently scattered and isolating at home and the economy suffering, will this change the nature of red teaming now or in the years to come?– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastJohn is a Principal Consultant and the Red Team lead for the SpiderLabs team at Trustwave. His responsibilities mainly include managing all red team services in the Americas from start to finish, as well as being a subject matter expert on red team services globally. He has eighteen years of information technology experience and ten years of offensive testing experience with the last five years focused on clandestine-style Red Teaming. He has directed and executed close to one hundred full-scope red team operations for organizations of all sizes and geographic locations. He has obtained many certifications from organizations such as Microsoft,Cisco, GIAC and Offensive Security, as well as attended thousands of hours of skills-based training.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Digital forensics is an interesting field, but one that also can be a bit murky. It's handled in different ways in the private sector, military scenarios or government applications. (Spoiler: If you perform investigations on extremists and terror groups, be prepared to watch some fairly disgusting videos.) Learn all about military digital forensics and incident response from today's guest, Daniel Young, managing partner and co-founder of QuoLab Technologies. He discusses what it's like working on huge multi-person operations in the DoD and Air Force, as well as the importance of comprehensive threat information sharing, both internally and externally.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastWith nearly 15 years of experience in digital forensics and incident response, Dan Young helps drive the overall direction of his new company, QuoLab Technologies, a developer of a collaborative and threat driven Security Operations Platform (SOP). Prior to QuoLab, Dan was involved with the U.S. Department of Defense and United States Air Force in several digital forensics analyst positions. Dan is very passionate about bridging the gap between technological efficiency and human ingenuity, and firmly believes that our best way forward as an industry is to focus on collaboration and data sharing at all levels.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Regulation never rolls backwards. Once passed and enforced, it is only a matter of time before every state in the U.S. adopts new regulations like the California Consumer Privacy Act (CCPA). Join Scott Madsen, CEO at Cingo Solutions, and Jeff Dennis, Head of Privacy and Data Security at Newmeyer Dillion, for expert advice to help you stay compliant in 2020 and beyond.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastLearn how cybersecurity professionals can deal with the changing compliance landscape, including what organizations are affected by CCPA and equivalent laws, why IT and security pros need regulatory compliance expertise, and how to build privacy and compliance into your overall cybersecurity strategy.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Organizations may be hesitant to share attack vectors, data breaches and other cybersecurity information, but that siloed approach is holding cybersecurity back, says Cody Cornell, co-founder and CEO of Swimlane. On today's episode, Cody discusses the open sharing of security information, how it can transform cybersecurity from a source of consternation into an opportunity and ways to get your company to buy into this new way of thinking.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastCody is responsible for the strategic direction of Swimlane and the development of its security automation and orchestration solution. His passion for open exchange of security information and deep vendor integration drives him to pursue opportunities to maximize the value his customers receive from their investments in security operations. In 2011, Cody co-founded Phoenix Data Security Inc., a cybersecurity professional services organization known for their ability to blend strategy and engineering with an organization’s business requirements. After beginning his career in the U.S. Coast Guard, Cody spent 15 years in IT and security, including roles with the U.S. Defense Information Systems Agency, Department of Homeland Security, American Express and IBM Global Business Services.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

Patrick Craven, the director of (ISC)²'s Center for Cyber Safety and Education, teaches kids how to be safe on the internet, and he does so with the persuasive power of Garfield! On today's episode, Patrick discusses the goals of the center, including how they received exclusive use from Jim Davis to use his characters to teach internet safety to kids, teens, parents and the elderly. He also shares tips for staying safe online and how to help friends, family and loved ones stay safe from bad actors on the internet.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast Patrick Craven has over 30 years of experience working within the non-profit industry and has held various C-Level executive leadership roles across the country at notable charitable organizations such as Big Brothers Big Sisters, Vietnam Veterans Memorial Fund and the Boy Scouts of America. As Director for the Center for Cyber Safety and Education, he is responsible for all business operations, supporting the Board of Trustees, service delivery, providing leadership to employees and volunteers, managing multiple income streams, overseeing marketing and business development functions, new program development and liaising with external agencies. Patrick has been successful across the country developing innovative and award-winning marketing, advertising, sales, management and fundraising programs. He has a bachelor's in communication from Xavier University (Cincinnati, OH). Patrick is also a member of the ECPI University, Lake Mary Campus’ Program Advisory Board, Cyber and Network Security.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

Explore the world of military cybersecurity careers, capture-the-flag (CTF) competitions and offensive security with Ken Jenkins, CTO of By Light’s Cyberspace Operations Vertical. Ken discusses the various jobs he held in the military, conducting computer forensics investigations and some of the best run CTFs being held today.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastKen Jenkins currently serves at the Chief Technology Officer of By Light’s Cyberspace Operations Vertical and leads the organization’s EmberSec team. He brings more than 24 years of Information Technology and Cybersecurity expertise to his work in red teaming, penetration testing, threat hunting, threat emulation, incident response and systems engineering. Ken is also a decorated combat veteran and retired soldier. His active duty responsibilities covered operations and defense of DoD networks and battle command systems. Ken regularly completes in Capture the Flag competitions and is a technical mentor to the Cyber Patriot Program. He earned his bachelor's in Technical Management from DeVry university and holds over 30 commercial certifications, including CISSP, OSCP and many more.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

Learn all about fuzzing and application security with repeat guest Dr. Jared DeMott, CEO and founder of VDA labs. The last time he appeared (October 2018), the focus was on Internet-of-Things (IoT) security, but Jared is also the author of Fuzzing for Software Security Testing and Quality Assurance. In this episode we go deeper into continuous integration and deployment (CI/CD), fuzzing, dynamic analysis security testing and other AppSec tools, as well as practical tips and suggestions for entering the field.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastDr. Jared DeMott is the Founder & CEO of VDA Labs, a full-scope cybersecurity company. DeMott previously served as a vulnerability analyst with the NSA. He holds a PhD from Michigan State University. He regularly speaks on cyber matters at conferences like RSA, DerbyCon, BlackHat, ToorCon, GrrCon, HITB and others. He was a finalist in Microsoft’s BlueHat prize contest, which helped make Microsoft customers more secure. Dr. DeMott has been on three winning Defcon capture-the-flag teams, and has been an invited lecturer at prestigious institutions such as the U.S. Military Academy. Jared is a Pluralsight author, and is often interviewed by media to weigh in on cyber matters.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

Learn how to transition into a career in cyber risk in this episode featuring Ryan Wallace, a cyber risk analyst at HORNE Cyber. Ryan was a small business owner specializing in branding, graphic design and consulting before transitioning into cybersecurity. It’s important to note that cybersecurity professionals come from all walks of life, and you can do your job really well and pursue opportunities in the cybersecurity field even if you haven’t been hacking into government mainframes since childhood! We talk about transferable skills from non-security to security roles, soft skills you need for both and climbing the ladder on the cyber risk analyst path. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastRyan Wallace is a cyber risk supervisor at HORNE Cyber where he specializes in IT risk related assurance services. He provides analytic expertise regarding policy design and implementation as well as IT compliance. Ryan also consults on information systems environment compliance and management for public and middle-market clients. Ryan joined the firm in 2014 with previous experience as a small business owner specializing in branding, graphic design and consulting. Ryan earned a Bachelor of Accountancy at Mississippi State University.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

Take a deep dive into worms, spam, hijacked accounts, fraudulent transactions and more in this week's episode featuring Fang Yu, CTO of fraud detection platform DataVisor. Fang discusses her work developing algorithms and building systems for identifying malicious traffic, the process of co-founding a security startup and lessons learned from seven years at Microsoft.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastFang started in the Microsoft cybersecurity research department with her DataVisor co-founder, Yinglian Xie,  before the two started their company. Fang received her Ph.D. degree from the EECS Department at University of California at Berkeley. Her interests center on “big-data for security.” Over the past 10 years, she has been developing algorithms and building systems for identifying various malicious traffic such as worms, spam, bot queries, faked and hijacked account activities, and fraudulent financial transactions. Fang has published many papers at top security conferences and filed over 20 patents. Product wise, she has helped different online services combat large-scale attacks with multiple successful stories. DataVisor’s customers are an impressive bunch, they span the likes of Alibaba, Pinterest, LetGo, most major U.S. banking institutions and some of the largest Chinese insurance companies.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

A massive number of Infosec students have come to us as part of the military, Pentagon, Department of Defense or other government departments, and it’s likely that many listeners and learners are interested in a career in cybersecurity that could lead to a career in the government. If so, you’re going to find this episode quite interesting and enlightening.Today’s guest is Chad Hardaway, deputy director of the University of South Carolina’s Office of Economic Engagement and a founding faculty member of the new Master's Program of Engineering Entrepreneurship and Innovation in the College of Engineering and Computing. The University of South Carolina Office of Economic Engagement created SC Cyber to be the central point of focus for academic, government and corporate collaboration in the area of cybersecurity. The results are a strong and connected pipeline between the academic study and research of cybersecurity strategies and military and government applications for them. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

It’s been a while since we’ve talked penetration testing and offense-oriented network security on the show, and I know some of you have been asking for it, so today’s your lucky day! On the show we have Dr. Wesley McGrew, the director of Cyber Operations for HORNE Cyber. We’re going to talk about going on the offense as a good defense, the current state of pentesting and the raw work of reverse engineering malicious software and vulnerability testing. If you’re looking for the type of job that gets you out on the cybersecurity battlefield and fighting the bad guys, you’re going to want to give this episode your undivided attention!Wesley McGrew is the author of penetration testing and forensic tools used by many practitioners. He is a frequent presenter at DEF CON and Black Hat USA. At the National Forensics Training Center, he provided digital forensics training to law enforcement and wounded veterans. As an adjunct professor he designed a course he teaches on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. This effort was undertaken as part of earning National Security Agency CAE Cyber Ops certification for the university. He has presented his work on critical infrastructure security to the DHS joint working group on industrial control systems. Wesley earned his Ph.D. in computer science at Mississippi State University for his research in vulnerability analysis of SCADA HMI systems used in national critical infrastructure. He served as a research professor in MSU’s Department of Computer Science & Engineering and Distributed Analytics and Security Institute.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win. 

Kevin O’Brien is the CEO and Co-founder of GreatHorn, a high-growth, venture-backed email security company based in Boston, Massachusetts, that is focused on solving phishing, credential theft, malware, ransomware and business email compromise for cloud email platforms, and was named a Gartner Cool Vendor, RSA Innovation Sandbox finalist and Infosec Awards Cutting Edge winner. If you are well on your way up the cybersecurity career ladder, you might think that startup would be the next step. Kevin and Cyber Work podcast host Chris Sienko tell us about his career to that point and some of the highlights and pitfalls of such a massive endeavor.Currently CEO and co-founder of email security company GreatHorn, Kevin O’Brien is a frequent speaker, commentator and author that advises customers and the public on data security and privacy issues. With 20 years of deep cybersecurity expertise, most notably with CloudLock (Cisco), Conjur (CyberArk) and @stake (Symantec), Kevin also serves as co-chair for the Mass Technology Leadership Council’s cybersecurity group. Outside of security, Kevin is a lifelong martial artist, avid skier and amateur sailor.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

Ted Shorter, CTO and Co-founder of Keyfactor, and Cyber Work host Chris Sienko discuss a research report published by Keyfactor in December showing that many of the IoT and network devices in use today are leveraging weak digital certificates, potentially exposing them to attack. Ted is going to talk about the report, the danger of so-called “predictable randomness,” the raw work of cryptography in keeping devices like these safe, the importance of building security into their devices during design and development, and some career advice for those who might like a career in cryptography.Ted Shorter is the chief technology officer and co-founder at Keyfactor. Ted has worked in the security arena for over 20 years, in the fields of cryptography, application security, authentication and authorization services, and software vulnerability analysis. His past experience includes 10 years at the National Security Agency, a Master’s Degree in Computer Science from The Johns Hopkins University and an active CISSP certification.As a computer scientist and team lead at NSA, Ted briefed high-level government officials, including Presidential advisors and members of the Joint Chiefs of Staff. Ted also served as lead software developer on a contract with the Department of Defense to integrate Biometric authentication with the DoD Common Access Card program. He lives in Akron, Ohio with his wife and two sons. Ted is an accomplished musician and played in a rock band for a number of years in Baltimore, MD. He is a passionate sports fan, and actively follows baseball, football and various forms of auto racing.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Robert McMillen, an Infosec Skills course creator and cybersecurity consultant, discusses his early experiences as an IT consultant, the perpetual changes of the IT career landscape, his work with IT course creation, and tips on how to keep your cybersecurity and IT skills fresh and employable.Robert McMillen is the past President and founder of All Tech 1, LLC., a Portland, Oregon-based network consulting company. In 2017, the company was sold to Blackpoint-IT Consulting based out of Seattle.Some of his higher profile jobs have been restoring email for the government to prosecute Enron executives, training the network vulnerability assessment team for the U.S. Army, and performing wireless security auditing for the State of Washington. The NSA also requested an interview, but he decided he had enough people looking over his shoulder for now.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Infosec Skills is kind of a big deal.  The interactive learning platform boasts 500+ cybersecurity courses featuring cloud-hosted cyber ranges, hands-on projects, customizable certification practice exams, skill assessments and other features. John Wagnon, Senior Solution Developer at F5 Networks, is a course creator for Infosec Skills and has created an informative and in-depth study of the OWASP Top 10 list.  John and Cyber Work host Chris Sienko talk about skills-based education, in-demand job skills, learning programming on your own and, of course, the OWASP Top 10.John is a Senior Solution Developer for F5 Network’s DevCentral technical community. In this role, he helps analyze and solve complex problems for F5 users all over the world. He frequently writes articles and records videos that are featured on the DevCentral website. Prior to his work at F5, John was a Communications Officer in the US Air Force where he specialized in ground and satellite networks. After leaving the Air Force, he worked for a technology consulting firm where he analyzed cyber-attacks against U.S. Department of Defense computer systems and networks. John holds a Bachelor of Science in Computer Engineering and a Master of Science in Computer Networks.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

From fraud to extortion to intellectual property theft, new cybercrimes are being committed daily. Digital forensics and incident response (DFIR) professionals help piece together those crimes so that organizations can better protect themselves — and the bad guys get prosecuted.This episode of the Cyber Work Podcast is a rebroadcast of a webinar featuring Cindy Murphy, President at Gillware Digital Forensics. In this podcast, you’ll get the inside scoop on what it’s like to be a DFIR professional from someone with more than 25 years in the field and learn practical information on how to kickstart a career in DFIR.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Adam Darrah, Director of Intelligence at Vigilante ATI and an expert on Eurasian political machinations, specifically about Russia and disinformation campaigns, and Cyber Work Podcast host Chris Sienko discuss foreign vote tampering and all other election security concerns for 2020.  – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Cyber Work just hit a huge milestone — 100 episodes — and we're giving all our fans an entire month of free training to celebrate! Just use the code "cyberwork" to claim your free month of Infosec Skills.1. Go here: https://www.infosecinstitute.com/skills/2. Click the "Get Started" button under monthly ($34) and create your account (direct link: https://flex.infosecinstitute.com/portal/skills/subscription/monthly)3. On the payment page, enter the coupon code "cyberwork" to get your first month for free.Happy learning!

Irena Mroz, VP and Co-founder of Nucleus Cyber, and Cyber Work Podcast host Chris Sienko discuss all things internal threats, from intentional and malicious attacks to poor employee practices and awareness. Vi– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Mari Galloway, CEO of Women's Society of Cyberjutsu, and Cyber Work Podcast host Chris Sienko discuss Mari's career journey, the ethos of Women's Society of Cyberjutsu, and insights on how to diversify the cybersecurity workforce. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Evan Reiser, CEO of Abnormal Security, and Cyber Work Podcast host Chris Sienko discuss where email attacks are headed in 2020 and how AI and machine learning can help detect business email compromise. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Are your employees prepared to protect the cardholder data they process, store and transmit? With over 120 billion card payments — or $6.48 trillion dollars in transactions — processed yearly in the U.S. alone, it’s easy to see why payment card fraud remains on hackers’ holiday wish lists this season and beyond. This episode of the Cyber Work podcast is a rebroadcast of a webinar featuring Elizabeth Terry, Community Engagement Manager at PCI Security Standards Council, and Lisa Plaggemier, Chief Evangelist at Infosec. In this podcast, you’ll learn how to build, communicate, and report on an engaging awareness program that complies with PCI DSS requirements. – Watch the video version: https://www.youtube.com/watch?v=zFQNt99qocs– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Chris Triolo, VP of Customer Success for Respond Software, and Cyber Work podcast host Chris Sienko discuss the Federal Cybersecurity Reskilling Academy and the top soft skills that can help you break into a cybersecurity career. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Whether you’re new to cybersecurity or an experienced professional, CompTIA has a certification for you — and training for those certifications is easier than ever with the new on-demand training platform Infosec Skills. This episode of the Cyber Work podcast is a rebroadcast of a webinar featuring Patrick Lane, CompTIA Director of Products, and Jeff Peters, Product Marketing Manager for Infosec. In this podcast, you'll get an overview of CompTIA certifications, learn about potential IT and security career paths and hear questions from live viewers about training and certifications. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Sam Bouso, Founder of Precognitive Inc, and Cyber Work podcast host Chris Sienko discuss current security risks in online retail, fraud prevention, online shopping behavior, and how some fraud prevention strategies can actually hurt online retailers. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Kelly Shortridge, VP of Product Strategy at Capsule8, and Cyber Work Podcast host Chris Sienko discuss how for introduce security teams early into the product development process, as well as cognitive biases in security decision-making at all levels of employment from analysts to CISOs. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Gene Yoo, who's worked for Sony, Warner Bros, Coca-Cola, and other megacorporations, and Cyber Work podcast host Chris Sienko, discuss the specific needs for these large companies, how to recover from cyber attacks, career strategies, and gender parity cybersecurity. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Nir Gaist, Founder and CTO at Nyotron, and Cyber Work podcast host Chris Sienko, discuss Nir's cybersecurity journey (which started from hacking at the age of 6), the cyber skills gap and how to present yourself to hiring managers.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Bob Stevens, VP of Americas at Lookout, and Cyber Work Podcast host Chris Sienko, discuss election cybersecurity strategies, tips and ramifications for 2020. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Security awareness programs help organizations achieve the ultimate goal of fewer security incidents, but how do the benefits compare to the costs and time requirements? A new study by Osterman Research uses data from 230 organizations to answer this question and quantify the ROI of security awareness training for both large and small organizations. This episode of the Cyber Work Podcast is a rebroadcast of a webinar featuring Michael Osterman, President and Analyst at Osterman Research, and Lisa Plaggemier, Chief Evangelist at Infosec. In this podcast, you'll learn how to calculate security awareness ROI at your organization, the opportunity cost of not having an awareness program and the costs and returns of security awareness training. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

John Wheeler, Vice President of Security at Topcoder, and Cyber Work host Chris Sienko discuss hyperspecialization in cybersecurity and coding. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Scott Madsen, CEO of Cingo Solutions, and Cyber Work host Chris Sienko discuss transferring into cybersecurity from another career, the importance of transparency in job listings and ways to fix the cyber skills gap. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Gary Berman, creator of The Cyberhero Adventures: Defenders of the Digital Universe comic book series, and Cyber Work host Chris Sienko discuss Berman's long history of being hacked, how we overcame it, and his new cybersecurity comic books series aimed to educate from his mistakes. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Celebrate National Cybersecurity Awareness Month by learning about privacy with IAPP's Channel Sales Manager Byron Johnson — plus get 30 days of free training with Infosec Skills! This episode of the Cyber Work podcast is a rebroadcast of a webinar featuring Byron Johnson. In this podcast, you'll learn everything you need to know about the shifting privacy landscape, including how privacy is changing cybersecurity, privacy skills and how they apply to different cybersecurity roles, the future of online privacy and data protection laws and privacy certification and career questions from live viewers.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Tia Hopkins, Vice President of Global Sales Engineering at eSentire, and Cyber Work host Chris Sienko discuss Hopkins' past in physical networking, her pursuit of education and how she advanced her career. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Dave Farrow discusses his unconventional career journey and the intersection of engineering and cybersecurity. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Atif Mushtaq, founder and CEO of SlashNext, and Cyber Work host Chris Sienko discuss the current and future trends of web-based phishing and malware attacks. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Celebrate National Cybersecurity Awareness Month by learning how to start a cybersecurity career with CompTIA's Chief Technology Evangelist James Stanger — plus get 30 days of free training with Infosec Skills! This episode of the Cyber Work Podcast is a rebroadcast of a live webinar featuring James Stanger. In this podcast, you'll learn everything you need to know about getting started in cybersecurity, including using the CompTIA career path to build your skills and land your first cybersecurity job, why Security+ has become the go-to entry-level cybersecurity certification, the different types of entry-level cybersecurity jobs available and how you can train to earn your next CompTIA certification. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Jason Dion, a cybersecurity training leader and an Infosec Skills course author, and Cyber Work host Chris Sienko discuss subscription-based cybersecurity training, study strategies and the skills gap. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Allan Buxton, Director of Forensics at SECUREDATA, Inc., and Cyber Work host, Chris Sienko, discuss Allan's career journey, how digital forensics play into both government and civil sectors, and a day in the life as a director of forensics. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Alissa Knight, Senior Analyst at Aite Group, discusses API security, the Magecart hacking group, recent breaches, formjacking skimmers and her upcoming book. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Bradley Gross, founder and president of Law Office of Bradley Gross and an expert in technology and digital law, discusses his career arc from hacker to lawyer and the various layers of cybersecurity law. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Ever wish you had a cybersecurity expert on-call to answer your career questions? Here’s your chance! In this open Q&A webinar, Keatron Evans, Infosec instructor and Managing Partner at KM Cyber Security, answered anything and everything related to getting started in cybersecurity and helping take your career to the next level. This episode of the Cyber Work podcast is a rebroadcast of a webinar featuring Keatron Evans. In this podcast, you'll learn everything you need to know about getting started and progressing in your cybersecurity career, including where Keatron got his start in cybersecurity, how to boost your cybersecurity skills on your own and why some employers weigh aptitude over experience. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Cheryl Kerrigan, Vice President of People at BlueCat, discusses the importance of communication, soft skills and healthy employee cultures in modern cybersecurity companies. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Jonathan Butler, Professional Services & Security Analytics Manager at Distil Networks, discusses his security analyst journey, what someone should like doing if they plan on going into the field, and the future of security analytics as a whole. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Are phishing simulations pentesting for humans or training? What’s more effective with those folks who can’t stop themselves from clicking on everything: “name and shame” or a private, personal coaching session? How do you deal with phishing repeat offenders? Join Tory Dombrowski, an IT director known as "the diabolical one" for his phish testing schemes, and Lisa Plaggemier, chief evangelist for Infosec as they discuss if it's ever a good idea to terminate habitual clickers, how to protect your org from click-happy employees, and training techniques and escalation methods. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

John Bree, Neo Group Inc. Senior Vice President and Partner, discusses his risk analyst journey, what a day in the life of a risk analyst looks like and insider tips on how to start out in security risk analytics. Join us in the fight against cybercrime: https://www.infosecinstitute.com. Special offer for Cyber Work listeners: https://www.infosecinstitute.com/podcast.

Dave Hatter, a cybersecurity consultant for over 25 years and a technology educator at Cincinnati State, discusses his security journey, the future of cybersecurity education and the roles of certification in pursuing high level cybersecurity careers. Join us in the fight against cybercrime: https://www.infosecinstitute.com. Special offer for Cyber Work listeners: https://www.infosecinstitute.com/podcast.

Patrick Lane, CompTIA Director of Products discusses everything you need to know about CompTIA’s PenTest+ cert, including why CompTIA created the PenTest+ certification, how PenTest+ compares to certs like Certified Ethical Hacker (CEH), who should earn a PenTest+ certification and an overview of the PenTest+ exam. Join the fight against cybercrime: https://infosecinstitute.com. Special offer for Cyber Work listeners: https://www.infosecinstitute.com/podcast. Learn more about the CompTIA PenTest+ cert with Infosec Skills: https://www.infosecinstitute.com/skills/learning-paths/comptia-pentest-certification/.

Michael Figueroa, President and Executive Director of the Advanced Cyber Security Center (ACSC), discusses the importance of leveraging board governance in cybersecurity initiatives. Join the fight against cybercrime: https://infosecinstitute.com. Special offer for Cyber Work listeners: https://www.infosecinstitute.com/podcast

Balaji Parimi, founder and CEO of CloudKnox Security, discusses the current problems with role-based access control and how access control is evolving to become more secure. Join the fight against cybercrime: https://infosecinstitute.com. Special offer for Cyber Work listeners: https://www.infosecinstitute.com/podcast

Digital forensics is the backbone of investigating cybercrime. It includes identifying, preserving, extracting, analyzing and reporting evidence across computers, mobile devices and networks. This episode of the Cyber Work podcast is a rebroadcast of a webinar featuring Keatron Evans, Infosec instructor and Managing Partner at KM Cyber Security. In this podcast, he discusses the difference between computer, mobile and network forensics, how a forensics certification can progress your career and digital forensics questions from live viewers. If you want to watch Keatron's live demo on extracting evidence from the cloud, you can view it here: https://www.youtube.com/watch?v=3FDmtq55QoI. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Lauren McCaslin, vulnerability verification team lead for the Threat Research Center at WhiteHat Security, discusses her path to becoming a vulnerability verification specialist and what it's like to have a career focused on cybersecurity vulnerabilities. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Alissa Knight, senior analyst at Aite Group, discusses her work penetration testing connected cars and the ups and downs of her security career, from getting arrested for hacking as a teenager to becoming a senior security analyst and her upcoming book on hacking modern vehicles. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

The shortage of cybersecurity professionals has grown to nearly three million globally, with approximately 498,000 openings in North America. In addition, the half-life of technical skills has shrunk to approximately two years. Finding new cybersecurity workers and continually developing their skills is vital for organizations’ data security — and an opportunity for those beginning or progressing their infosec careers. This episode of the Cyber Work podcast is a rebroadcast of a webinar from April, and features Kathleen Hyde, the chair of cybersecurity programs at Champlain College Online, Scott Madsen, CEO at Cingo Solutions, and Henry Harrison, co-founder and CTO at Garrison.  – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

John Torres, president of Guidepost Solutions' Security & Technology Practice, discusses data security breaches, protecting organizations from online and physical threats, and career paths for those looking to pursue a career in cybersecurity. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Susan Morrow, head of research and development at Avoco Secure, returns to the podcast to discuss her 20 years in the security industry, how she landed a fortune 500 client working from her home, and the growing role of women in the industry. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Andrew Wertkin, CTO of BlueCat Networks, returns to the podcast to discuss a new and hotly contested privacy technology called DNS over HTTPS (DoH), the ethical and procedural issues around DoH, and how it may change the way infosec professionals work.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Malwarebytes Adam Kujawa discusses the latest malware tactics and techniques.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Exabeam's Anu Yamunan discusses how data science and machine learning are being used in cybersecurity.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Carbon Black's David Balcar discusses hunting advanced persistent threats (APTs).– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

ThreatMetrix's Rebekah Moody discusses the latest fraud and cybercrime trends.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Semafone's Ben Rafferty discusses fraud at contact centers.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Kelly Sheridan, reporter and staff editor for Dark Reading, discusses her extensive research and reporting on the cybersecurity skills gap and offers suggestions for employers and would-be cybersecurity experts to help close the gap. Download our report, "3 steps employers can take to close the skills gap”: https://infosecinstitute.com/2019-industry-report.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Kudelski Security CTO Andrew Howard discusses securing your data in the cloud.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Ben Johnson, CTO and co-founder of Obsidian Security, discusses a variety of different topics around the umbrella theme of shifting cybersecurity priorities in the face of an evolving threat landscape. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

EY's Liz Mann discusses risk management and her work building a diverse cybersecurity workforce.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Infosec's Keatron Evans discusses ethical hacking careers and the Certified Ethical Hacker (CEH).– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Kimberly Sutherland of LexisNexis Risk Solutions discusses authentication and identity-proofing.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Gloria Milton, help desk manager at itSynergy, discusses what it is like to be a help desk manager and her two decades of experience in the industry. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Emily Miller, director of national security and critical infrastructure programs at Mocana, discusses her passion for critical infrastructure security and how securing industrial Internet-of-Things (IoT) devices is really about saving lives. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Ruth Gomel-Kafri, director of product design at the security policy company Tufin, discusses her work overseeing the company's product design group and what it's like to work at a cybersecurity organization with such an impressively diverse workforce. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Tim Herbert, vice president of research and market intelligence for CyberSeek, joins us to discuss something we're very excited about at Infosec, the National Initiative for Cybersecurity Education’s CyberSeek model. The CyberSeek model helps aspiring and experienced infosec professionals progress through their career by providing clearly defined career pathways, an interactive job map, a list of skills and certifications most requested by employers for different roles, and a variety of other helpful data points that are backed by research into the information security job market. – Check out the CyberSeek platform: https://www.cyberseek.org/pathway.html. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Pete Zaborszky, founder of BestVPN.com, discusses VPNs and online privacy.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Gregory Garrett, head of U.S. and international cybersecurity for BDO, discusses the U.S. government's cybersecurity skills gap.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

A panel of experts discusses how businesses are impacted by cyber risk.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Eric Stevens, vice president of engineering and principal architect at ProtectWise, discusses the current state of artificial intelligence in cybersecurity and the company's recent report on the topic, "The State of AI in Cybersecurity." Learn more about the report: https://www.protectwise.com/post/new-research-shows-benefits-limitations-and-evolving-questions-of-ai-in-cybersecurity/. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Kathleen Hyde, chair of cybersecurity programs at Champlain College online, discusses a topic that's a big part of InfoSec Institute's initiative for the coming years — finding new and innovative ways of closing the cyber skills gap. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Get insight into the CIS Top 20 Security Controls straight from the source, Center for Internet Security® Senior Vice President and Chief Evangelist Tony Sager.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Olivia Rose, director of global executive risk solutions at Kudelski Security, gives advice to women who are considering entering the cybersecurity industry.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

The California Consumer Privacy Act (CCPA), which gives residents more control over the use of their data and regulators increased powers to punish organizations, goes into effect on January 1, 2020. With California recently becoming the fifth largest economy in the world, the CPPA is expected to have wide-reaching impact.Listen to this audio version of our recent webinar to learn how to best prepare for the CCPA with Jay Rodne, Privacy Director at Sentinel and former Washington State Representative, and Aaron Weller, VP of Strategy at Sentinel and Fellow of Information Privacy.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Get insight into what it takes to be a successful Red Team member in this chat with Curtis Brazzell, managing security consultant at Pondurance.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Joshua Knight, cybersecurity business leader at Dimension Data, discusses his career journey as well as the steps you can take to move your career towards the path of a chief information security officer (CISO). – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Michael Figueroa discusses the ACSC's first collaborative defense simulation and defending against community-level attacks.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Learn about AppSec careers in this discussion with Dan Cornell, chief technology officer at Denim Group.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Dig into the mindset of an attacker with senior security researcher Jeremy Martin.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

McAfee's Christiaan Beek discusses his career path and the No More Ransom project.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Learn what it takes to be a modern-day threat hunter with senior security researcher Jeremy Martin.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

David "Moose" Wolpoff, CTO of Randori, gives a glimpse into the life of a Red Team Operations professional.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Andrew Wertkin, CTO at BlueCat Networks, discusses DNS security.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Michael Sherwood, senior director of technician services at Malwarebytes, talks malware.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Michael Osterman, president and analyst at Osterman Research, shares security awareness tips and strategies– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Stan Engelbrecht, director of cyber security practice for D3 Security, discusses ATM fraud.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Fred Kneip, CEO of CyberGRX, discusses the growth of risk from third-party vendors.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

OWASP co-founder Jeff Williams discusses how developing a Security Champion can make your organization more secure.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Dr. Jared DeMott, CEO and founder of VDA Labs, chats about the security risks associated with the Internet of Things (IoT).– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Ty Sbano, head of security at Periscope Data, talks about building Security Champions in the world of DevOps.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Todd Weller, chief strategy officer at Bandura Systems, discusses cybercrime in the financial sector and how to build a security awareness program on a budget.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Pedram Amini, creator of the Zero Day Initiative, talks about how  phishing has changed — and stayed the same — over recent years.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Cybersecurity professional Keatron Evans shares tips for those looking to break into the industry or change careers.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Michel Huffaker, director of threat intelligence at ThreatQuotient, talks about cybersecurity issues facing the military.

CompTIA subject matter experts discuss beginner IT jobs, skills and certifications

John Dickson, Principal at Denim Group, talks about cybersecurity issues related to the upcoming midterm elections.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Bill Siegel, co-founder of ransomware-recovery company Coveware, discusses ransomware trends.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Chief deception officer Carolyn Crandall talks about using deception technology to trick attackers and protect organizations.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Learn everything you need to pass the new CISSP exam in this discussion with InfoSec Instructor Ken Magee.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Lance Cottrell of Ntrepid discusses the evolution of online privacy and anonymity.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Lisa Hedges, content analyst at Software Advice, Gartner Digital Markets, talks about the many cybersecurity challenges facing the healthcare sector. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Ron Gula, president of Gula Tech Adventures and co-founder of Tenable Network Security, talks about the evolution of cybersecurity and security awareness, his career shift from the NSA to growing Tenable to funding other cybersecurity startups, and a variety of other topics. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Learn about the path to becoming a network admin and what a potential career may entail in this discussion with Elias Papatestas, an Infosec Institute instructor who has extensive history in the IT industry dating back to the 1980s. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

It's been three months since the EU's General Data Protection Regulation (GDPR) went into effect. Returning guest Susan Morrow and host Chris Sienko take a look back at the initial rollout of GDPR, the compliance steps organizations have taken so far, and the potential future impact of GDPR. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Professionals with the Certified in Risk and Information Systems Control (CRISC) certification earn an average of $127,507 each year, making it the highest-paying IT certification available. Leighton Johnson, the CTO of Information Security Forensics Management Team and a CRISC-certified professional, discusses how earning your CRISC can open new career opportunities, as well as what the CRISC certification process is like. Kristin Zurovitch, director of marketing at Infosec Instiute, helps guide the discussion and takes listener questions.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Paraben CEO Amber Schroader discusses her path to becoming a computer forensics investigator and provides advice to those who may be considering computer forensics as a career. Schroader talks about the challenges of the field, the misconceptions and growth brought about by TV shows, and the fact that forensics is a science rather than an art. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

California’s new privacy law will affect more than half a million U.S. companies when it goes into effect on January 1, 2020 — and that's just one piece of the evolving privacy landscape. In this discussion with IAPP channels manager Aaron Stevens, we discuss how organizations are being impacted by privacy regulations, the surging popularity of privacy certifications, and how an IAPP privacy certification can help boost your career. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Passwords remain at the heart of many cybersecurity issues, and this week we take a deep dive into the topic with Susan Morrow, who has worked in numerous areas of the IT security industry since the early 1990s. Morrow discusses the new NIST password guidelines, how organizations are lagging behind, and a variety of other password-related topics. The InfoSec Institute security awareness series highlights the importance of security education across all levels of an organization. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Earning your PMP certification can increase your earnings by as much as 20 percent. A Project Management Professional (PMP) certification proves to employers that you know what it takes to manage projects efficiently, within budget and on schedule. Infosec Institute instructor Chris Danek and sales manager Jarrod Mayes discuss how the PMP certification process works and how it can help build your credibility in any industry. Kristin Zurovitch, director of marketing at Infosec Institute, helps guide the discussion and takes listener questions. I– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Learn about the path to becoming an incident responder and what a potential career may entail in this discussion with Keatron Evans, Infosec Institute instructor and managing consultant at KM Cyber Security, LLC. Evans discusses his path to incident response, what kinds of interests can translate into a successful incident response career, and what a day in the life as an incident responder is like. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Business email compromise (BEC) attacks are expected to cost businesses $9 billion by the end of 2018, according to Trend Micro estimates. In this discussion with Roger Sels, VP information security at DarkMatter, and Jack Koziol, CEO of Infosec Institute, you'll learn more about BEC attacks and measures you can take now to protect your organization. Kristin Zurovitch, director of marketing at Infosec Institute, helps guide the discussion and takes listener questions. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

Learn about the life of a security architect in this discussion with Leighton Johnson, the CTO and founder of ISFMT (Information Security Forensics Management Team). Leighton discusses how you can become a security architect, the typical job responsibilities and common pitfalls you may face, certifications that can help advance your security architect career, how security architecture is evolving, and more.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast