No Password Required Season 7: Episode 4 - Cynthia Wyre 

Cynthia Wyre is a Senior Strategic Engagement Project Manager at Rapid7, where she helps connect academic research and industry. Her path into cybersecurity innovation was untraditional, moving from healthcare and construction project management into vulnerability research and academic partnerships. 

Cynthia reflects on how she applied for a role she did not think she was qualified for, why professionals of all backgrounds belong in cyber, and how project management skills can open unexpected doors. 

Jack Clabby of Carlton Fields, P.A., and K. Melton of the Cognitive Security Institute welcome Cynthia live from CyberBay 2026 in Tampa for a conversation about research, resilience, and relationship-building in cybersecurity. Cynthia explains Rapid7’s partnership with USF and Cyber Florida, including her efforts to support research around SOC analyst training and burnout, and the future of cyber education. 

Throughout the conversation, Cynthia highlights the importance of community, mentorship, and helping people see that cybersecurity is not limited to one path or one type of person. 

The episode wraps with the Lifestyle Polygraph, where Cynthia reveals how she would work a room full of strangers and how she won a costume contest moments before meeting rapper Young Gravy. She also earns a crown of her own, officially joining the No Password Required fantasy cybersecurity squad as Queen of the Podcast. 

Follow Cynthia on LinkedIn: https://www.linkedin.com/in/cynthiawyre/

Presented by ThreatLocker 

Follow ThreatLocker on LinkedIn: https://www.linkedin.com/company/threatlockerinc/posts/

Chapters: 

00:00 Introduction

02:15 From Aspiring Physical Therapist to Project Manager

03:50 Transitioning from Construction to Cybersecurity

05:12 Applying for the Rapid7 Role and Overcoming Self-Doubt

10:25 Academic Partnerships with USF and Cyber Florida

12:56 Leaning into Discomfort and Personal Growth

20:15 The Role of Marching Band and Education in Cynthia’s Life

24:25 A Memorable Encounter with a Music Industry Entertainer Yung Gravy

28:00 Lifestyle Polygraph and Fun Personal Questions

37:40 Crowning Cynthia as Queen of the Podcast

No Password Required Season 7: Episode 3 - Madhav Nakar  

Madhav Nakar is a Security Researcher at BeyondTrust specializing in identity threats, endpoint security, and cloud attack paths. With a background in theoretical mathematics, his current research focuses on analyzing attacker behavior to build practical systems of detection.  

In this episode, Madhav shares the pivotal moments that shaped his career, including his first experience witnessing a nation-state attack unfold in real time from his seat in a SOC. He explains how mathematical thinking sharpens security strategy and why strong research is rooted in exploration, not predetermined outcomes.  

Jack Clabby of Carlton Fields, joined by co-host Kayley Melton of the Cognitive Security Institute, welcomes Madhav for a conversation on modern cyber defense. From AI-driven attacks and agentic systems to privilege escalation risks in role-based access environments, Madhav breaks down what teams are getting wrong about AI and why defending against AI increasingly requires AI-powered tools.  

The conversation turns to Madhav’s philosophy of “serious play,” where curiosity, experimentation, and failure fuel better research and resilience. He also shares insights from his spiritual and philosophy project, The Fire of Knowing, exploring consciousness and belief through a neutral lens.  

In the Lifestyle Polygraph, Madhav pitches a cybersecurity documentary, debates growth versus comfort, and reflects public dancing experiments. 

Follow Madhav Nakar here: https://www.linkedin.com/in/madhav-nakar/

Follow "The Fire of Knowing" on Instagram and Youtube! 

CHAPTERS: 

00:00 Introduction with Kayley and Jack

08:08 Transition from Theoretical Math to Cybersecurity

16:13 Exploring Spiritual Traditions and Madhav’s Documentary

19:48 The Intersection of Art and Science in Content Creation

25:20 The Lifestyle Polygraph: Challenging Perspectives on Security

Michelle McAveety- Cyber Competitions, Crowd Surfing & Main-Character Energy

Welcome to our new spinoff series, No Password Required: Next Generation.  Where we go behind the scenes and interview up-and-coming young professionals in cybersecurity!

Whether you’re trying to figure out your career path, looking for a little inspiration, or just want to have a laugh while learning about the industry, this show is for you.

Real stories. Real journeys. Next Gen Cyber.

About this episode:

Michelle McAveety is a Computer Engineering and Math student at USF and the Team Captain of the CyberHerd, the university’s cybersecurity competition team.

We get into the chaos and adrenaline of competition life, what it’s like leading in a high-pressure cyber environment, and how she balances it all without losing herself. Spoiler: the answer includes crocheting, blasting heavy metal, going to concerts, and possibly crowd surfing if the vibe is right.

Michelle also drops some real advice opening up about the pressure to compare yourself in competitive fields and why staying grounded and focused on your own path is the real win.

Follow Michelles journey on linked in! https://www.linkedin.com/in/mcaveety/

Chapters:

00:39 - Who is Michelle? 

00:54-  Being in Cyberherd 

01:38- Hobbies that bring Michelle Joy!  

02:51- Comparison and Growth 

No Password Required Season 7: Episode 2 - Sue Serna

Sue Serna is the CEO and Founder of Serna Social and the former head of global social media at Cargill. She brings more than two decades of experience at the intersection of storytelling, strategy, and security.

In this episode, she shares her journey from business reporter to leading her own consultancy serving companies around the world on social media strategy.

Jack Clabby of Carlton Fields, P.A, joined by guest co-host Rex Wilson of Cyber Florida, welcomes Sue for a candid discussion about the realities of enterprise social media. From managing more than 150 Facebook pages for a single company, to navigating internal politics, agency relationships, and regulatory pressure, Sue explains why social media is far from “free” and why most organizations still under-resource it.

Sue dives deep into the gap between social media teams and cybersecurity departments. She outlines how personal account compromises can escalate into enterprise-level incidents, why governance frameworks matter, and how large organizations can regain control of sprawling digital footprints. Drawing from real-world examples, she argues that social media must be treated like finance or HR, a core business function requiring structure, ownership, and accountability.

The episode wraps with the Lifestyle Polygraph, where Sue reveals her love of Apollo-era space history, debates iconic Philadelphia traditions, and imagines what magical talent her beagle would bring to Hogwarts.

Follow Sue at SernaSocial.com or connect with her on LinkedIn: https://www.linkedin.com/in/sueserna/

Chapters: 

00:00 Introduction and First Impressions   

02:45 The Evolving Role of Social Media in Corporations   

04:58 Transitioning from Journalism to Social Media  

11:11 Building Social Media from Scratch   

13:00 Becoming a CEO and Founder   

16:28 The Importance of Networking   

16:54 Bridging the Gap Between Social Media and Cybersecurity  

20:51 Real-World Social Media Security Incidents  

28:35 Navigating Internal Conflicts in Social Media  

30:32 The Lifestyle Polygraph Begins   

31:17 Nerd Things That Expose Sue: Space and Harry Potter!  

35:16 Sue’s Love For Beagles  

37:50 Wreckless Intern or Overconfident Executive?  

40:42 Hogwarts and Magical Beagles 

No Password Required Season 7:  Episode 1 - Rob Hughes

Rob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.

Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA’s Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA’s products and corporate environment.

Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point. 
 

The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.

Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/

Chapters: 

00:00 Introduction to No Password Required

01:43 Meet Rob Hughes, CISO at RSA

02:05 The Role of a CISO in a Security Company

05:09 Transitioning to the CISO Role

08:00 The Early Days of Geek.com

12:14 Launching a Startup During the Dot Com Boom

14:30 The Push for a Passwordless Future

18:21 Tipping Point for Passwordless Adoption

20:20 Ongoing Learning in Cybersecurity

26:09 Managing Stress in High-Pressure Environments

33:46 The Lifestyle Polygraph Begins

34:15 Career Insights in Cybersecurity

36:08 Dream Cars and Personal Preferences

39:58 Underrated Horror Films

41:19 Creating a Cybersecurity Monster

Live from B-Sides Jacksonville, No Password Required welcomes Gina Yacone, Virtual CISO at Trace3. Jack Clabby of Carlton Fields, P.A. and Sarina Gandy, host and producer of the CyberBay Podcast, host a conversation on Gina’s unconventional career path, leadership under pressure, and the power of community in cybersecurity. With career stops in private investigation, digital forensics, and executive security, Gina brings a people-first, purpose-driven perspective to complex cyber risk.

Gina shares how her early work as a private investigator on high-profile criminal defense cases laid the foundation for her success in cybersecurity. She also reflects on raising her hand for big challenges, the rewards and risks of always saying yes, and how authenticity has guided her. She offers insight on why conference hallway conversations can be just as impactful as keynote sessions.

A visible advocate for the cybersecurity community, Gina speaks openly about setting healthy mentorship boundaries and building resilient professional networks.

The episode wraps with the Lifestyle Polygraph, where Gina lightens the mood with stories from her roller derby days, dream Amazing Race partners, and why John Wick might just be the ultimate executive assistant.

Follow Gina on LinkedIn: https://www.linkedin.com/in/ginayacone/

Chapters:

00:00 Introduction to Cybersecurity and B-Sides Jacksonville

01:16 Gina Yacone's Unique Journey to Cybersecurity

06:22 Navigating Burnout in Cybersecurity

08:06 The Importance of Raising Your Hand

10:04 Adapting Leadership Styles in Different Roles 

14:03 Being a Role Model for Women in Cybersecurity

16:34 How to Establish a Good Mentee and Mentor Relationship

18:50 Feedback and Constructive Criticism

22:55  The Value of Hallway Conversations

26:19 The Lifestyle Polygraph: Fun and Insights

38:54 Conclusion and Future Connections

Danny Jenkins is the CEO of ThreatLocker, the leading cybersecurity company that he built alongside his wife. Hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton of the Cognitive Security Institute follow Danny’s journey from a scrappy IT consultant to leading one of the fastest-growing cybersecurity companies in the world.

Danny shares the moment everything changed: watching a small business nearly collapse after a catastrophic ransomware attack. That experience reshaped his mission and ultimately sparked the creation of ThreatLocker. He also reflects on the gritty early days—cold-calling from his living room, coding through the night, and taking on debt before finally landing their first $5,000 customer.

Danny explains the origins of Zero Trust World, his passion for educating IT teams, and why adopting a hacker mindset is essential for modern defenders.

In the Lifestyle Polygraph, Danny relates his early “revenge tech” against school bullies, the place he escapes to when celebrating big wins, and the movie franchise he insists is absolutely a Christmas classic.

Follow Danny on LinkedIn: https://www.linkedin.com/in/dannyjenkins/

00:00 Introduction to Cybersecurity and ThreatLocker

02:26 The Birth of ThreatLocker: A Personal Journey

05:42 The Evolution of Zero Trust Security

08:35 Real-World Impact of Cyber Attacks

11:25 The Importance of a Hacker Mindset

14:46 The Role of SOC Teams in Cybersecurity

17:34 Building a Culture of Security

20:23 Hiring for Passion and Skill in Cybersecurity

23:44 Understanding Zero Trust: Trust No One

26:32 Lifestyle Polygraph: Personal Insights and Fun

29:41 Conclusion and Future of ThreatLocker

In this episode of No Password Required, host Jack Clabby and Kayley Melton engage with Steve Orrin, the federal CTO at Intel, discussing the evolving landscape of cybersecurity, the importance of diverse teams, and the intersection of technology and security. Steve shares insights from his extensive career, including his experiences in the startup scene, the significance of AI and IoT, and the critical blind spots in cybersecurity practices. The conversation also touches on nurturing talent in technology and offers valuable advice for young professionals entering the field.

Chapters

00:00 Introduction to Cybersecurity and the Edge

01:48 Steve Orrin's Role at Intel

04:51 The Evolution of Security Technology

09:07 The Startup Scene in the 90s

13:00 The Intersection of Biology and Technology

15:52 The Importance of AI and IoT

20:30 Blind Spots in Cybersecurity

25:38 Nurturing Talent in Technology

28:57 Advice for Young Cybersecurity Professionals

32:10 Lifestyle Polygraph: Fun Questions with Steve

DeMarcus Williams, a senior security engineer at Starbucks, has built a career defined by creativity, intuition, and persistence. With roles at the U.S. Department of Defense, AWS/Amazon, and now Starbucks, he specializes in offensive security, red teaming, and adversary emulation. In this episode, DeMarcus joins Jack Clabby of Carlton Fields, P.A. and Cyber Florida’s Sarina Gandy (guesting hosting) to share how his love of video games first sparked his cybersecurity journey—and how competitions like the Southeast Collegiate Cyber Defense Competition (SECCDC) cemented his path.

DeMarcus opens up about overcoming imposter syndrome, the unique work-life balance he’s found at Starbucks, and why half of his red teaming comes down to gut instinct. He shares the difference between penetration testing and red teaming, what it’s like preparing for full-scale global operations, and the hacker mindset that still kicks in whenever he walks into a Starbucks café.

In the Lifestyle Polygraph segment, Sarina poses the ultimate face-off: what’s the bigger moment—the walk-up to a boxing ring or to the DEF CON keynote stage? And, between Stone Cold, The Rock, and The Undertaker, who would dominate in a Capture the Flag competition?

Follow DeMarcus on Twitter: https://x.com/medarkus_  @ medarkus_

Chapters

00:00 Introduction to Cybersecurity and Curiosity

02:47 Day-to-Day Life of a Senior Security Engineer

05:30 The Role of Gut Instinct in Cybersecurity

08:31 Early Inspirations and the Journey into Cybersecurity

11:35 The Importance of Competitions in Career Development

14:33 Transitioning from Student to Professional

17:34 The Red Team Experience and Its Impact

20:25 Recruitment Opportunities in Cybersecurity Competitions

23:33 Navigating Corporate Culture in Cybersecurity

26:31 Mentorship and People-First Approach

29:11 Lifestyle Polygraph and Fun Insights

In this episode of No Password Required, host Jack Clabby and co-host Kayleigh Melton engage in a lively conversation with John Shipp, a product strategist at Rapid7. They explore John's unique journey from a metalhead to a cybersecurity expert, discussing the importance of passion in career development, the intricacies of product management, and the significance of customer insights in shaping cybersecurity solutions. John shares his early experiences in hacking, the influence of music on his life, and the value of building strong teams and company culture. The episode concludes with a fun segment called the Lifestyle Polygraph, where John answers quirky questions about his ideal cyber team and his dream day with Ric Flair.

Chapters

00:00 Introduction to Cybersecurity and Personal Journeys

02:49 The Role of Passion in Career Development

05:21 Navigating Product Management and Market Strategy

08:23 The Evolution of Cybersecurity Skills

11:37 The Importance of Customer Insights in Product Development

14:35 Early Experiences in Hacking and Cybersecurity

17:24 The Influence of Music on Personal and Professional Life

20:19 Building Teams and Company Culture

23:10 Startup Life and Risk Management

26:08 Lifestyle Polygraph: Fun Questions and Insights

29:13 Final Thoughts and Connections

In this episode of No Password Required, hosts Jack Clabby and Kayley Melton sit down with Kurt Sanger — former Deputy General Counsel at U.S. Cyber Command — to talk about the evolving world of cyber law, the wild ride from government service to private sector strategy, and what keeps him grounded in a field that’s constantly shifting. Kurt dives into the fast-growing cybersecurity scene in Tampa, the power of mentorship, and why people still get cyber law so wrong. Plus: insights on responding to incidents under pressure and what role the government should (and shouldn’t) play in the digital fight.

Chapters

00:00 NPR S6E7 Kurt Sanger

52:53 NPR S6E7 Kurt Sanger

01:45:47 Introduction to Cybersecurity Conversations

01:48:22 Transitioning from Military to Private Sector Cybersecurity

01:51:11 The Growth of Tampa as a Cybersecurity Hub

01:54:05 Understanding Cybersecurity Misconceptions

01:57:15 The Role of Mentorship in Cybersecurity Careers

02:00:24 Military vs. Civilian Cybersecurity Law

02:03:07 The Excitement of Cyber Command vs. Private Sector

02:13:52 High Stakes in Cybersecurity for Small Organizations

02:15:44 The Role of Legal Experts in Cybersecurity

02:17:21 Translating Technical Jargon for Clients

02:18:57 Challenges of Explaining Cyber Operations to Commanders

02:22:43 Lifestyle Polygraph: Fun Questions and Insights

02:23:30 The 10,000 Hour Rule in Cybersecurity

02:29:34 Creative Freedom with LEGO Bricks

02:31:27 Tampa's Culinary Delights and Local Favorites

In this episode of the No Password Required podcast, host Jack Clabby and co-host Kaylee Melton welcome Kathy Collins, a security consultant at Secure Ideas. Kathy shares her unique journey from working in IT to pursuing a culinary career, and then back to cybersecurity. The conversation explores the transferable skills between cooking and cybersecurity, the unpredictability of physical penetration testing, and the high-pressure situations faced in both fields. Kathy also recounts memorable experiences from her culinary career and discusses the lack of horror films centered around cybersecurity. In this engaging conversation, the speakers delve into various aspects of cybersecurity, including the use of the dark web in penetration testing, the importance of community events like B-Sides, and the fun of the Lifestyle Polygraph segment. They also share personal anecdotes about music, childhood memories, and culinary skills, creating a rich tapestry of insights and experiences in the cybersecurity field.

Chapters

00:00 Introduction to Cybersecurity and Culinary Journeys

02:46 From IT to Culinary Arts: A Unique Transition

06:02 The Shift Back to Cybersecurity

09:00 Experiences in Physical Penetration Testing

11:48 High-Pressure Situations: Cooking vs. Cybersecurity

15:02 Unexpected Challenges in Culinary Events

17:54 The Intersection of Horror and Cybersecurity

23:32 Exploring the Dark Web in Pen Testing

25:34 Engaging with the B-Sides Community

27:09 The Lifestyle Polygraph: Fun and Games 

31:09 Bonding Over Music and Childhood Memories

34:17 Culinary Skills and Competition Insights

In this episode, Jack Clabby and Kayley Melton discuss their conversation with Reginald Andre, a cybersecurity expert and CEO of ARK Solvers. They explore themes of mentorship, the evolution of cybersecurity businesses, the impact of AI, team culture, and community engagement. Andre shares his journey from aspiring English teacher to successful entrepreneur, emphasizing the importance of mentorship and personal growth in the cybersecurity field. In this engaging conversation, the speakers delve into the importance of mentorship, innovative teaching methods, and the role of AI in personal and professional development. They share personal anecdotes about mentoring students and children, emphasizing hands-on learning and real-world applications. The discussion also touches on the fun and insightful lifestyle polygraph segment, where the guest answers quirky questions that reveal his personality and approach to challenges.

Chapters

00:00 Introduction to Cybersecurity Mentorship

01:56 The Journey of Reginald Andre

05:58 From IT to Cybersecurity: A Business Evolution

11:55 The Impact of AI on Cybersecurity

17:52 Building a Strong Team Culture

22:05 Community Engagement and Personal Growth

27:39 Mentorship and Impact

30:21 Innovative Teaching Approaches

34:04 Lifestyle Polygraph: Fun and Insightful Questions

In this episode of No Password Required, host Jack Clabby and co-host Kaylee Melton engage in a thought-provoking conversation with Mariana Padilla, co-founder and CEO of HACKERverse.AI. The discussion revolves around the importance of embracing failure as a learning opportunity, the role of leadership in fostering a positive work environment, and the challenges faced in the cybersecurity vendor landscape. Mariana shares her insights on the need for better communication in the industry and the importance of a beginner's mindset in driving innovation. The conversation also touches on the future of investment in cybersecurity and the necessity of rebuilding trust within the industry. In this engaging conversation, Mariana discusses the challenges of job searching in the current landscape dominated by AI and the importance of networking and personal branding. She emphasizes that building trust and connections is crucial in the cybersecurity field. The discussion transitions into a fun segment called the lifestyle polygraph, where Mariana shares her thoughts on superheroes and their relevance to personal and professional growth. The episode concludes with Mariana providing insights on how to connect with her and her work.

Chapters 

00:00 Introduction to Cybersecurity Conversations

02:00 Embracing Failure as a Learning Opportunity

06:02 The Role of Leadership in Startups

09:00 The Value of a Beginner's Mindset

11:58 Understanding HACKERverse's Mission

13:59 Challenges in the Cybersecurity Vendor Landscape

17:08 Shaking Up the Status Quo in Cybersecurity

21:52 The Future of Investment in Cybersecurity

24:36 Navigating Job Searches in the Age of AI

29:35 The Importance of Personal Branding

30:23 Lifestyle Polygraph: Fun and Games

39:05 Superheroes and Their Lessons

43:45 Connecting with Mariana: Final Thoughts

In this episode of No Password Required, host Jack Clabby and guest Trevor Hilligoss discuss various aspects of cybersecurity, including the transition from military service to the private sector, the importance of leadership in tech, and the misconceptions surrounding cyber threats. Trevor shares insights from his career, emphasizing the need for a proactive approach to cybersecurity and the value of empowering teams to innovate and learn from failures. In this engaging conversation, the speakers delve into memorable experiences in cybersecurity, including impactful interactions and the importance of sharing knowledge. They explore personal preferences through a fun lifestyle polygraph segment, discussing walk-up songs, breakfast favorites, and nerd culture. The conversation also touches on the lighter side of cybersecurity with prank calls and the dynamics of building an escape room team. The episode concludes with contact information and an invitation to connect further.

Chapters

00:00 Introduction to Cybersecurity Insights

02:54 Career Path and Unexpected Experiences

05:55 Transitioning from Military to Cybersecurity

09:07 Daily Life at Spy Cloud

12:12 Leadership Philosophy and Management Style

14:53 The Nature of Cyber Threats

17:50 Technical Skills in Leadership

20:52 Misconceptions About Cyber Criminals

25:32 Memorable Cybersecurity Interactions

28:12 Lifestyle Polygraph Introduction

28:35 Walk-Up Songs and Personal Preferences

32:07 Breakfast Favorites and Culinary Influences

34:40 Building the Ultimate Escape Room Team

37:36 Nerd Culture and Personal Interests

39:02 Prank Calls and Culinary Competitions

41:20 Closing Thoughts and Contact Information

In this episode of the No Password Required podcast, host Jack Klabby engages with cybersecurity experts Kaylee Melton and Rob Allen, discussing Rob's journey to ThreatLocker, the importance of overcoming public speaking fears, and the principles of Zero Trust security. They explore common mistakes organizations make when implementing Zero Trust, the future of cybersecurity in relation to AI threats, and the public's perception of cybersecurity incidents. The conversation also touches on the significance of layered security approaches and personal experiences in the industry, culminating in a fun lifestyle polygraph segment. In this engaging conversation, the speakers delve into their personal tech addictions, particularly focusing on extravagant purchases like the Vision Pro. They explore the future of wearable technology and its integration into daily life. The discussion shifts to the uniquely American experience of visiting Buc-ee's, a gas station that offers much more than fuel. They also debate the joy derived from sports victories versus personal achievements like hitting a hole in one. Finally, the conversation wraps up with a humorous take on the challenges of mastering DIY skills.

Chapters

00:00 Introduction to Cybersecurity Insights

03:05 Rob Allen's Journey to ThreatLocker

05:49 Overcoming Public Speaking Fears

08:55 Understanding Zero Trust Security

12:12 Common Mistakes in Zero Trust Implementation

15:02 The Future of Zero Trust and AI Threats

18:05 Public Perception of Cybersecurity

21:08 Layered Security Approaches

24:02 Personal Experiences and Lessons Learned

26:58 Lifestyle Polygraph and Fun Questions

27:11 Tech Addictions and Unnecessary Purchases

32:05 The Future of Wearable Technology

34:08 Experiencing Buc-ee's: The Most American Gas Station

36:44 Joyful Moments: Sports Wins vs. Personal Achievements

39:03 Mastering DIY Skills: A Personal Journey

In this episode of No Password Required, host Jack Clabby and cybersecurity expert Dr. Anmol Agarwal discuss the evolving landscape of cybersecurity, focusing on the challenges and innovations surrounding 5G and 6G networks, the integration of AI and quantum computing, and the importance of global collaboration in addressing cybersecurity threats. Dr. Agarwal shares her insights on the significance of creativity in the field, offers advice for those entering the cybersecurity space, and engages in a fun lifestyle polygraph segment that highlights her personal interests and professional aspirations.

Chapters

00:00 Introduction to Cybersecurity Insights

02:30 Exploring 5G and 6G Security Challenges

11:10 The Intersection of AI, Quantum Computing, and Cybersecurity

18:00 Global Collaboration in Cybersecurity

24:57 Advice for Aspiring Cybersecurity Professionals

26:48 The Role of Creativity in Cybersecurity

31:27 Lifestyle Polygraph: Fun and Insightful Questions

This conversation explores the U.S. Army's investment in cybersecurity compliance for small businesses, the importance of mentorship in the defense industry, and the unique career path of Sabrina McIntyre at KPMG. Sabrina discusses her transition from art to cybersecurity, the challenges of navigating compliance standards, and her advocacy for women in the field. The episode also touches on the intersection of art and cybersecurity, the vision for a cybersecurity museum, and fun personal insights from Zabrina's life.

Chapters

00:00 Introduction to the Next Generation Commercial Operations Program

02:51 The Importance of Cybersecurity Compliance for Small Businesses

05:45 Zabrina McIntyre's Role at KPMG

08:54 Zabrina's Unique Career Path

11:51 Navigating Cybersecurity Standards

14:48 Advice for Aspiring Cybersecurity Professionals

17:58 Women in Cybersecurity: Building Community

20:59 The Intersection of Art and Cybersecurity

24:04 Zabrina's Vision for a Cybersecurity Museum

27:02 Lifestyle Polygraph: Fun Questions with Zabrina

30:09 Key Takeaways and Closing Thoughts

In this episode, the conversation begins with a significant data breach at Star Health Insurance, affecting over 31 million individuals. The discussion delves into the complexities of insider threats, particularly focusing on the alleged involvement of the company's CISO. The episode transitions to an introduction of Dr. Sunny Ware, a web application penetration tester, who shares her journey from software development to cybersecurity. Dr. Sunny discusses her role in penetration testing, the importance of understanding application logic, and the use of AI in her work. The episode concludes with a lifestyle polygraph segment, where Dr. Sunny shares personal insights and experiences, emphasizing the importance of mentorship in cybersecurity. 

Chapters

00:00 Data Breach at Star Health Insurance

06:06 Insider Threats and Whistleblowers

07:05 Introduction to Dr. Sunny Ware

30:14 Dr. Sunny's Career Path and Penetration Testing

37:00 Lifestyle Polygraph with Dr. Sunny

48:55 Key Takeaways and Closing Thoughts

A new school in San Antonio called Nukudu offers a paid training program followed by a guaranteed job in cybersecurity. The program aims to address the shortage of cyber jobs and provides hands-on training to ensure candidates are prepared for the workforce. 

Our guest, Dr. Thomas Hyslop, an assistant professor at the University of South Florida, shares his experience in law enforcement and the importance of interagency collaboration in combating cybercrime. He also discusses the Master of Science in Cybercrime program at USF, which focuses on digital forensics and criminal investigation. The future of cybercrime is concerning as large criminal organizations are becoming more sophisticated and mimicking nation states in their capabilities. Investigating international cybercrime is challenging due to the need for cooperation between countries and the slow response times. Changes in international treaties and agreements are needed to expedite investigations. Dr. Highslip ran a museum of vintage technology and is looking for a place to house it permanently. He enjoys swimming in Mirror Lake, biking on Champs-Elysees, and running in DC for his ideal triathlon. His favorite junk food treat is Bit-O-Honey and he loves all kinds of pies. Guns N' Roses is his favorite hair metal band and his favorite song is Paradise City. He enjoys playing metal songs at social gatherings and believes that Appetite for Destruction is a timeless album. Dr. Highslip has what it takes to join the fantasy cybersecurity squad and is a force multiplier with his expertise in incident response and alternative theories for obtaining information from foreign governments.

Chapters

00:00 Nukudu: A New School Offering Paid Training and Guaranteed Job Placement in Cybersecurity

06:21 The Role of Interagency Collaboration in Combating Cybercrime

19:07 The Master of Science in Cybercrime Program at the University of South Florida

25:48 Emphasizing Team Building and Collaboration in Cybersecurity Education

26:42 The Future of Cybercrime

27:11 Investigating International Cybercrime

31:25 Preserving Vintage Technology

37:30 The Ideal Triathlon

43:03 Indulging in Junk Food

45:23 Rocking Out with Guns N' Roses

49:11 Dr. Highslip: A Valuable Addition to the Fantasy Cybersecurity Squad

Kenya's efforts to enhance its cybersecurity and technological progress through partnerships with the US and major tech companies. The focus is on responsible state behavior in cyberspace and addressing mobile app security. The role of public-private partnerships in promoting a robust digital economy and infrastructure. The conversation then transitions to an interview with Maretta Morovitz, a cybersecurity expert at MITRE, discussing her career path, the importance of mentorship, and the impact of ADHD on her work. The discussion also covers MITRE Engage, which focuses on cyber denial, deception, and adversary engagement, and highlights the use of simple yet effective techniques like decoy credentials. In this conversation, Maretta Morovitz discusses the importance of thinking creatively and outside the box when it comes to cybersecurity solutions, especially for organizations with limited budgets. She emphasizes the need for simplicity and proactive measures in cybersecurity. Maretta also highlights the value of interdisciplinary collaboration in the field, involving professionals from various backgrounds such as human behavioral scientists and graphic designers. She shares a successful collaboration between MITRE and HSBC in the field of deception operations. Maretta also talks about her passion for dance and her unique talent of reciting the alphabet backwards.

Follow Maretta Morovitz on LinkedIn: Maretta Morovitz

Follow MITRE on Twitter: @MITREcorp

Learn more about MITRE Engage: MITRE Engage

Chapters

00:00 Kenya's Cybersecurity Partnerships

03:24 Addressing Mobile App Security

07:13 Interview with Maretta Morovitz

11:35 Cyber Deception and Adversary Engagement

29:12 The Importance of Simplicity and Proactive Measures

30:07 Interdisciplinary Collaboration in Cybersecurity

31:06 Successful Collaboration in Deception Operations

34:44 Bringing Unique Perspectives and Skills to Cybersecurity

The conversation discusses the extradition case of Julian Assange and the role of the US prison system in the decision. It also explores Tanya Janca's role at Semgrep and her passion for affordable cybersecurity education. Additionally, it touches on Tanya's experience in election security and the importance of transparency in the process. Tanya discusses her volunteer work with the Canadian government, where she helps educate students about cybersecurity. She talks about the importance of teaching young people about privacy, protecting digital devices, and understanding cyber threats. Tanya also mentions her involvement in the Cyber Titan competition and her efforts to promote cybersecurity as a career. She shares her experience writing the book 'Alice and Bob Learn Application Security' and her unique approach to making technical concepts accessible through stories and different learning styles. Tanya also talks about the importance of mentoring and how she has benefited from mentors throughout her career.

Chapters

00:00 The Extradition Case of Julian Assange

08:18 Affordable Cybersecurity Education at Semgrep

30:40 Tanya's Volunteer Work with the Canadian Government

31:35 Promoting Cybersecurity as a Career

34:02 Making Technical Concepts Accessible: 'Alice and Bob Learn Application Security'

39:45 The Value of Mentoring

In this episode of the No Password Required podcast, host Jack Clabby and co-host Kayley Melton interview Tamiko Fletcher, the CISO at Kennedy Space Center. Tamiko shares her journey from a small town in South Carolina to working at NASA and discusses her role as a CISO. She emphasizes the importance of mentorship, outreach, and diversity in the cybersecurity field. Tamiko also talks about the unique challenges of cybersecurity at NASA, such as patching during launches and balancing innovation with security. 

She emphasizes the need to know and learn about individuals' strengths, interests, and motivations in order to effectively place them on teams and utilize their skills. Tamiko also shares her experiences working at NASA and the changes she has witnessed over the years, including the evolution of IT and the increasing diversity at the Kennedy Space Center. She highlights the excitement and pride she feels when witnessing a launch and the impact of NASA's work on the world.

Chapters

00:00 Introduction and Welcome to the Podcast

08:00 Education and Career Trajectory

25:48 Challenges and Innovations in Cybersecurity at NASA

34:4 8Building a Team and Emphasizing Diversity

41:30 The Diversity of the Cyber Team at NASA

54:25 Instilling Values in Teams to Change the Work Environment

Roman Sanikov, is the president of Constellation Cyber and specializes in cyber threat intelligence. In this episode, Roman discusses the importance of collaboration and transparency in the cybersecurity industry, particularly in combating ransomware attacks. He also emphasizes the need for a holistic approach to cybersecurity, involving education and empowerment for both employees and consumers. In this episode, Roman Reinhart shares his experiences as an undercover agent in the cybercrime world. He discusses maintaining a persona, dealing with forum behavior, and memorable arrests. He also emphasizes the importance of redemption and second chances. Roman also talks about his involvement with Helpster USA, an organization dedicated to providing life-saving treatment to young people in developing economies. He shares his hobbies of mushrooming and highlights the satisfying moments at work. Finally, he reflects on the cultural differences he experienced after moving overseas.

Chapters

00:00 Introduction to Pig Butchering Schemes (opening conversation)

02:18 Online Scams and Exploitation

03:41 Forced Labor and Human Trafficking

04:41 Approaching Scams with Compassion

05:39 Guest Introduction: Roman Sanikov

07:01 Roman's Role at Constellation Cyber

08:22 Promoting Transparency in Ransomware Incidents

10:17 Mitigating Secondary and Tertiary Impacts of Ransomware Attacks

11:14 The Ripple Effect of Ransomware Attacks

13:10 The Importance of Collaboration in Cybersecurity

14:58 Roman's Career Path and Background

19:34 Educating and Empowering Employees and Consumers

21:28 Avoiding Victim-Blaming in Cybersecurity

24:16 The Need for Collaboration and Transparency in the Industry

25:10 Balancing Non-Traditional Pursuits with College

26:37 Undercover Work and Building Relationships

33:07 Maintaining a Persona

36:25 Dealing with Forum Behavior

38:18 Memorable Arrests

41:25 Redemption and Second Chances

45:13 Helpster USA

48:16 Eccentricities of NHL Players

50:56 Life's Unexpected Moments

56:19 The Joy of Mushrooming

58:43 Satisfying Moments at Work

01:01:04 Learning Politeness in America

In this episode, Jo Anna joins Carlton Fields P.A. Jack Clabby and KnowBe4’s VP of Remote Publishing Teams Kayley Melton to tell the story of how her career has changed since starting at Rice University 17 years ago. From her early days as a receptionist at a hair salon to her current role as a security analyst, Jo Anna shares her journey in the cyber world and her fascination with artificial intelligence, stemming from her compliance-related responsibilities. Emphasizing a realism-based view on AI, she passionately advocates for a comprehensive understanding of AI, emphasizing that it’s neither inherently good nor bad.

Chapters

00:00 Stolen Recordings and Cyber Criminals

01:29 Arrest of a Florida Man and Stolen Rap Recordings

02:27 The Allegations and Nicknames

03:26 The Connection Between Cyber Crime and Rap Music

04:23 Real-Life Consequences of Cybersecurity Crimes

05:52 The Role of Law Enforcement in Cybersecurity Crimes

06:50 Introduction of Guest Joanna Parker-Martin

07:18 Joanna's Role at Rice University

08:15 Protecting Data at Rice University

09:08 Joanna's Journey into Cybersecurity

10:04 Overcoming Challenges and Changing Career Paths

18:14 Joanna's Interest in Artificial Intelligence

19:22 The Intersection of Cybersecurity and AI

20:46 The Challenges of Assessing AI Risk

21:13 The Inevitability of AI

22:37 The Risks of Facial Recognition Technology

27:26 Joanna's Involvement with WiCys

29:48 Community Outreach and Cybersecurity Education

30:10 Misconceptions About Cybersecurity Professionals

32:32 The Lifestyle Polygraph

43:35 Joanna's Preference for Sponge Cake in Strawberry Shortcake

The conversation discusses the arrest of Ola Segun Simpson Adagorin, a Nigerian national facing US federal charges for a business email compromise scheme. The collaboration between the FBI and Ghana is highlighted, along with the role of the legal attache job in solving crimes with international impact. The scheme and indictment details are explored, emphasizing the sophistication of the attack. Dr. Diana Burley, Vice Provost for Research and Innovation at American University, shares insights on cybersecurity education and workforce readiness. The importance of understanding human behavior in cybersecurity is discussed, along with strategies for engaging in conversations and addressing the search for cyber unicorns. In this episode, the importance of password security and the various methods to enhance it are discussed. The conversation covers common password mistakes, the use of password managers, multi-factor authentication, biometric authentication, and the future of password security.

Chapters

00:00 Introduction and Arrest of Ola Segun Simpson Adagorin

01:24 Collaboration between FBI and Ghana

03:15 Scheme and Indictment Details

04:44 Legal Attache Job and Collaboration

06:10 Deterrence and Sealed Indictments

07:36 Introduction of Dr. Diana Burley

08:31 Dr. Burley's Background and Role at American University

09:23 Interest in Cybersecurity and Technology

10:21 American University's Role in Educating Policymakers

12:15 Engaging with Leaders and Shaping Policy

13:36 Engaging with Students and Future Leaders

14:28 American University's Focus on Policy and Research

15:27 Misconceptions about the Cybersecurity Workforce

16:23 Digital Literacy and Foundational Cybersecurity Skills

18:45 Retaining Skilled Members in the Academic Environment

19:43 Benefits of Engaging as a University Faculty Member

20:37 Understanding Human Behavior in Cybersecurity

22:05 Insights from Research on Human Behavior

23:25 Understanding Employee Behavior in Cybersecurity

24:47 Creating a Culture of Cybersecurity

27:08 Strategies for Initiating Conversations with Strangers

31:50 The Cyber Unicorn Project

35:08 Addressing the Search for Cyber Unicorns

41:45 Lifestyle Polygraph

50:57 Understanding Irrational Behavior and Self-Awareness

53:37 Engaging in Conversations with Strangers

02:30 The Importance of Password Security

10:15 Common Password Mistakes

18:45 Password Managers

27:10 Multi-Factor Authentication

35:40 Biometric Authentication

44:20 Passwordless Authentication

52:30 Future of Password Security

58:21 Conclusion

In this episode, Jack Clabby and Kayley Melton discuss the upcoming Sunshine Cyber Conference and their collaboration with Winn Schwartau. They also talk about the importance of diverse cybersecurity talent and their plans for a joint session at the conference. The hosts then interview Lisa Plaggemier, the executive director at the National Cybersecurity Alliance, who shares her career journey and the role of creativity and curiosity in cybersecurity. They also discuss the impact of COVID-19 on the cybersecurity industry and the importance of humor and satire in cybersecurity training. The episode concludes with a lifestyle polygraph segment. In this episode, the conversation covers various topics related to comedy, storytelling, and implementing change in organizations. The power of the internet is discussed, highlighting the potential consequences of online content. The guest shares her favorite comedy movies, emphasizing the comedic element in her expertise. The use of humor in training and awareness programs is explored, along with the challenges of implementing change in organizations. Dealing with roadblocks in security and the passion for security awareness are also discussed. The episode concludes with information on how to get in touch with the guest and a recap of what was learned.

Chapters

00:00 Introduction

01:28 Fishing for Potential, the RTFM Guide to Diverse Cybersecurity Talent

02:25 Live On-Site Remote Recording and Keynote Speakers

03:51 Sunshine Cyber Conference and Registration

04:46 Interview with Lisa Plaggemier

05:15 Background and Role at the National Cybersecurity Alliance

05:53 Transition to Security and Marketing Collaboration

06:22 Incident Response and Training and Awareness

07:20 Leadership and Skills in Cybersecurity

08:18 Kubikle Series and Creativity in Security

09:17 Curiosity and Creativity in Cybersecurity

10:48 Naming and Shaming in Pen Tests and Phishing Testing

11:41 DDoS Attack and Incident Response

12:38 Neurodiversity and Cybersecurity

13:21 Leading a Team During COVID-19

14:21 Creating Engaging Training Content

15:19 Global Data and Data Privacy Laws

16:18 Humor and Satire in Cybersecurity Training

18:47 Kubikle Series and Satire in Cybersecurity

20:41 Creating Kubikle Series and Future Plans

23:03Trust in Password Managers

24:22 The Importance of Curiosity in Cybersecurity

25:52 The Oh Behave Report and Behavioral Science

26:50 Communicating Security Information Effectively

28:44 Naming and Shaming in Phishing Testing

29:39 Accepting Risk and Escalation Plans

30:38 The Role of Security Teams and HR

32:35 Building Trust in Password Managers

33:32 Global Data and Cybersecurity Awareness

36:51 The Importance of Curiosity in Cybersecurity Hiring

40:03 The Underground Student-Led Newspaper

41:12 The Significance of Curiosity and Creativity in Career

50:44 The Power of the Internet

51:14 Favorite Comedy Movies

52:12 Using Humor in Training and Awareness

53:38 Implementing Change in Organizations

54:55 Dealing with Roadblocks in Security

55:45 Passion for Security Awareness

56:06 How to Get in Touch

56:37 What Was Learned

57:11 Closing Remarks

Co-hosts Bill McQueen and Ernie Ferraresso joined Dr. Gardner for a discussion about digital evidence, its role in the justice community, and opportunities for the future. The field of cyber forensics started rather simply, as a way to detect and connect the pieces of a crime.  As evidence was being submitted into the justice system, a need for increased scientific methodologies and protocols grew to preserve legal integrity and the rights of the accused.  

Cyber forensic professionals are able to examine a range of devices, networks--even the cloud--to uncover criminal activity and gather evidence that can lead to legal prosecution. Dr. Gardner discusses how advances in computer science have made an impact in the ability to locate criminals. In his first example, he shares how hash algorithms are used to catch pedophiles and provide a digital footprint to catch larger pedophile rings. Next, he details the Target breach, where criminals were able to hack the nationwide retailer via their air conditioning’s computerized system. Then, he talks about how search warrants involving cybercrime uncovered how criminals were using their neighbor’s open IP addresses, putting routers unknowingly in their attics, and other deviousness that thwarted detection and capture. Unfortunately, Dr. Gardner reveals, international criminals are even more elusive, but that having solid cyber forensics can help law enforcement agencies from multiple countries coordinate efforts.

Cyber forensics now has several sub-specialties, such as cloud forensics, network forensics, malware forensics, IoT forensics, and vehicle forensics.  Many colleges and universities are developing programs and training around these expanding and evolving sub-specialties. Dr. Gardner points out that this is a great time to be a cybercriminal and there will be an increased need for cyber forensic technicians and digital evidence specialists to combat the widespread crime.  

There is a push for law enforcement officers to receive training in cyber forensics to facilitate crime scene collections, recognize patterns, and maintain protocols.  Dr. Gardner’s history in law enforcement and as a Task Force Agent with the FBI’s Cyber Crime Unit gave him a special insight to device and data collection at crime scenes and he shares his thoughts on training opportunities in police academies.  

Hackers and cyber criminals aren’t the only reasons the field of cyber forensics is growing.  Corporations are also employing their own forensic teams. Companies use digital evidence to substantiate their security and to protect themselves if a situation with an employee requires documentation.  Civil matters are increasingly including digital evidence, and professionals are being called upon to provide expert testimony.

The need for cyber forensics professionals is growing exponentially, according to Dr. Gardner. There is no end in sight for the potential of this field and the importance it will play in protecting our security and stopping crime.

TIME STAMPS

00:43  Meet Our New Co-host: Ernie Ferraresso, Associate Program Director of Cyber Florida

02:43 Who is Dr. LeGrande Gardner, Director of the MS in Cybercrime Degree Program, University of South Florida

03:15  What is Cyber Forensics and Digital Evidence?

04:47  Recognizing the field of Cyber Forensics

05:59  Following the Rules of Evidence and Procedure

06:33  The Growing Impact of Digital Evidence and Digital Exploitation  

07:35  Evolving Field of Cyber Forensic Careers

08:58  Collecting Cyber Forensic Data  

09:51  Digital Evidence as a Science

12:52 Components of Digital Evidence

13:45 Hash Algorithms, Digital DNA

14:25 Child Pornography Hash Algorithms

14:55  Hash Algorithms are like Fingerprints  

16:37  Verifying and Preserving Digital Evidence Using Scientific Protocols

18:29  Training to be a Cyber Forensic Technician or Specialists

21:34  Specialized Cyber Forensic Fields

24:01 Criminals, Digital Evidence & Law Enforcement

26:30 Training Law Enforcement for Digital Evidence Collection

28:24 Finding Breaches and Identifying Vulnerabilities

31:00 How to Start a Cyber Forensic Investigation

31:29 Cyber Forensic Incident Response

34:38  Cyber Police of the Future

35:35  Trends in Cyber Forensic Prosecutions

37:05 International Cyber Criminals and Cyber Forensics

38:19 Every Cop as a Cyber Cop

38:39 How is Cybercrime Changing  

41:26 The Future of the Cyber Forensic Field

42:24  Corporate Digital Forensic Units and Civil Courts

44:43  Cyber Forensic Academics, Digital Certifications and Careers

When asked what is the most critical aspect of cloud security, Mr. Long answered, “Depending on users to secure their environment.” The current shared service model has cloud hosts providing a hypervisor (or virtual machine monitor [VMM]) and physical security of the data center while the user is responsible for their own data security. Most users are not security experts and they shouldn’t be, as Long argues that the cloud providers need to take on more security responsibilities. He points out that small-to-medium-sized businesses rarely have adequate IT resources to properly secure their own servers and, therefore, the cloud is a much more secure option because of hypervisors and other systems being updated nearly every day.

Long goes on to detail how we build things without knowing the ramifications because engineers can’t fathom every possible way a user would or could use it. The problem with pre-cloud computing is that we were stuck with those decisions for decades. “What I love about the cloud is it constantly gives you a chance to do-over.The cloud is anything that we want it to be. The cloud providers change out their infrastructure every 18 months to two years with brand new hardware. They are innovating and adding new things every week, every two weeks, and taking things out that don’t work. It’s an amazing opportunity as an engineer to say ‘hey, actually I thought I was smart, but I’m smarter now.’

VirtUE (Virtuous User Environment) is an IARPA program managed by Mr. Kerry Long that is an example of using the cloud and re-engineering it to be more secure for tomorrow. Traditional memory computers are running too many roles at once while in comparison cloud computing can separate roles. VirtUE is trying to engineer ways to make the separate environments function seamlessly for users while maintaining the security. This program is coming to an end soon, and will be released as open source code for the world to examine and work on.

VirtUE is related to SCITE (Scientific advances to Continuous Insider Threat Evaluation)

Link to IARPA: www.iarpa.gov IARPA facilitates the transition of research results to their Intelligence Community customers for operational application.

Link to IARPA profile for Kerry Long: https://www.iarpa.gov/index.php/20-program-managers

TIME STAMPS

00:07 Cloud Computing

01:11 Who is Kerry Long, IARPA, Cybersecurity

02:00 Mission of IARPA

02:45 Cloud Security and Potential of Cloud Computing

03:59 Getting Ahead of Security Breaches

05:35 What is the most critical aspect of cloud security?

07:11 Cloud security options for businesses and individuals

09:58 What data is at risk of being stolen?

12:38 Cyber Engineering

13:50 Cloud Engineering & Infrastructure

15:18 What is a VirtUE – Virtuous User Environment?

18:59 How Safe is our Cyber Community?

21:00 Redesigning Computing with the Cloud

23:22 The Future of Computing

24:18 VirtUE as Open Source

This No Password Required episode began with the question, “What can the big guy do to help the small guy?” and panelists discussed the role of large corporations and technology service providers. Often small-to-mid-sized organizations are understaffed when it comes to their IT department and/or they are solely reliant on external providers for their security. Many larger organizations and service providers are making the investment to provide advanced security protocols because it impacts their products and, for some, it gives them a competitive edge in the marketplace. Larger corporations and service providers are carrying the responsibility of protecting smaller organizations, but it is a symbiotic relationship. Smaller organizations must do their part to have good cyber hygiene and understand their risks and their roles in preventing those risks.

Motivating smaller organizations to have a proactive cyber culture is often dependent on two things: communication and risk. A panelist emphasizes that the success of motivation revolves around language. The key to communicating with C-level executives and business stakeholders is to provide information as it relates to them, using their industry-specific lingo, demonstrating their profit and loss potentials, and illustrating how it impacts their community. By answering “how can we partner in a way that shows that we want to mitigate risks to a point that we’re a stronger business partner” can solve some of the gaps in cybersecurity. “Don’t wait for someone to offer, ask,” is the advice of Andy Zolper when it comes to mitigating risks.

Mark Clancy asked the panel, “How do you cyberize the CEO?” Cyberizing the CEO often begins with a review of their cybersecurity risk profile. By mapping risks to reputation and quantifying revenue to business impact can be the necessary wake-up call. “Cyberizing” was a phrase coined in part 1 of this series that is interpreted as educating/training C-level professionals to understand their company’s tech, their role in cybersecurity and operations, and their leadership in corporate cyber culture. “Cyberizing” encourages insight that helps build an adequate IT team or relationship with technology service providers. Cyberizing naturally encourages investing in employees as the greatest assets. It holds the belief that employees are responsible for maintaining good cyber hygiene, managing customer and partner relationships, and evolving with technology.

Another solution offered is “cyberizing the principal.” This involves instilling the value of cybersecurity as soon as a child is handed technology. One panelist advocates for developing educational programs that incorporate cybersecurity in programs from elementary to college, with her belief that it will carryover good cyber hygiene from the home to the public and business sectors.

Another component of closing the cybersecurity personnel gap is by encouraging information sharing in new ways, as well as, encouraging IT professionals to transition through various sectors and educational opportunities to keep their experience fresh and relevant. The panel discussed some of the current issues and possible solutions that involve sharing information, the importance of nonprofit interlocutors, the problem with classified versus unclassified information sharing, zero trust, and more. The cybersecurity experts also discussed educational opportunities, crossover through sectors and the role of leveraging academia and cyber labs to find solutions.

In the final segment of the podcast, the guests discuss some of the highlights of the 2019 Cyber Florida Conference and list topics that they would like explored at the future conferences.

You can find part 1 and 2, as well as other episodes of No Password Required Podcast, on our website at https://cyberflorida.org/podcast/. This special edition was recorded at the 2019 Cyber Florida Conference in Tampa, Florida. Learn about upcoming Cyber Florida events, including the Annual Conference, at cyberflorida.org or follow us on social media.

TIME STAMPS

01:30 Partnering Competitively & Cyber Ecosystem

07:17 Cyberizing the CEO

10:43 Cyberizing the Principal

13:48 Public-Private Partnerships

15:51 Nonprofit Interlocutor & Scaling Partnerships

17:32 Collaborating for Information Sharing

19:00 Zero Trust

24:42 Classified vs Unclassified Sharing

25:30 Surprises from the Cyber Florida Conference

C-level professionals have been a driving force in developing business and securing infrastructures. Recent breaches resulting in CEO firings and similar repercussions are impacting the way many C-level leaders are engaging with technology and their workforce’s cyber culture. Cyber Florida took the opportunity at the conference to help both the C-level professionals and stakeholders who are part of their decision-making process with a discussion titled “Cybersecurity and the C-Suite.” The panelists discussed why it is vital for C-level executives to embrace cybersecurity education and innovation. The experts spoke to what factors C-level leadership face in their organization and workforce in relation to security, networking, and data fundamentals. A large portion of the conversation focused on identifying what it takes to onboard a workforce in this computer-centric modern life (with the phrase “cyberize” being coined to discuss the process), and understanding the crossover that is occurring because of the inter-connectivity of roles and risks.

Panelists discussed case studies and resources, such as cyber executive programs, where C-level professionals can:

• learn the basics of cybersecurity,
• embrace accountability at the C-level,
• identify the risks and opportunities of current infrastructure and future tech,
• learn how certain business models are changing as a response to technology,
• establish pillars for a robust cyber culture,
• understand independent cyber risk ratings as a commodity,
• develop a cyber-strong workforce, and
• create a constructive response plan to cybersecurity attacks and cybercrimes.

This is a two-part edition with the second part discussing the personnel gap in cybersecurity and what can be done about it. You can find parts 1 and 2, as well as other episodes of No Password Required podcast, on our website at https://cyberflorida.org/podcast/. This special edition was recorded at Cyber Florida Conference 2019 in Tampa, Florida. Learn about upcoming Cyber Florida events, including the annual conference, at cyberflorida.org or follow us on social media.

TIME STAMPS

00:42 Who is Diane Janosek, Cybersecurity Expert, Cyber Security Woman of the Year

02:03 Who is Andy Zolper, CISO at Raymond James Financial

02:45 Who is Terry Roberts, Cybersecurity Exchange

03:58 How to Communicate Cybersecurity to Leadership

07:25 C-Level Accountability, Cyber Risk Ratings are a Commodity, Cyber Executive Program

09:53 Hiring a Cybersecurity Workforce and Training a Cybersecurity Culture

15:55 Innovation in Education for Cybersecurity and Cyber Risk Training

18:50 Identifying, Leading and Managing Critical Skills

21:54 Cyberize Your Team, Workforce Crossovers, and Cyber Defense Ecosystem

26:07 Business Interruption and Constructive Actions to Address Cyber Crimes

27:35 Cyber Executive Programs and Case Management

Data is the prime target of many cybercriminals, yet what data they are searching depends on their goals. Are they scraping for social security numbers? Obtaining passwords? Collecting credit card numbers? Or worse? And why? It’s hard to imagine all the ways that data can be exploited.

Your data is widely available depending on where and how you store your data and whom you give permission to access that information. Personal choices, like having a smartphone, can be a gateway to someone collecting your data. Being on the grid with a social security number, health insurance, financial accounts, all these bits of information are housed somewhere, and cybercriminals know this. With the help of artificial intelligence (AI), cybercriminals are able to scrape data faster than ever before and with the launch of quantum machines, our security choices will be paramount to protecting our identity and data assets.

Cyber threat intelligence is helping individuals and industries protect themselves by understanding what is important, what are the exploits, and how to effectively respond. It is also helping to refine artificial intelligence algorithms to better assist in threat analytics. Dr. Samtani describes how industries are responding to industry-specific cybercrimes and developing response standards, protocols, and frameworks. He gives the example of the healthcare industry and HIPAA compliance as well as financial institutions and their evolving PCI compliance protocols. Understanding why a data asset is a target is a key facet to the cyber threat intelligence life cycle.

What are the Four Phases of Cyber Threat Intelligence?

1. Identify what assets you (an organization) possess that hold value, e.g., a social security number, and how to protect those assets
2. Data collection that is relevant to those critical cyber assets
3. Threat analytics – whether traditional or AI techniques are being utilized
4. Operational Intelligence – how is the compromised data actually used or exploited

Dr. Samtani explains there are two basic types of cyber threat intelligence analytics. First are the traditional threats, such as malware analysis. The second category is quickly changing as artificial intelligence evolves: data mining, text mining, and natural language processing based on pattern and techniques. Building systems that are designed to log and report data is crucial to discovering breaches and reporting them to prevent further penetration.

Once Data is Stolen, Where Does it Go?

Dr. Samtani discusses how hackers, cybercriminals, even geopolitical threat actors are using the data. He explains how the Dark Web is playing a role as a marketplace and toolbox for hackers. He details the four basic platforms--forums, Dark Web marketplaces, darknet carding shops, and internet relay chat--that cybercriminals use to complete their tasks and possibly grow their notoriety. Hacker behavior on the Dark Web is unlike traditional crime circuits where anonymity is preferred. There are tiers of hacker and they can use their screen names to build their reputation for monetization, credibility, and recognition. Artificial intelligence is being fine-tuned to help detect cybercriminals through intelligent predictions.

Security Protocols and the Danger of Oversharing

Individuals, organizations, developers, and even marketers play a role in security. Developers who were once tasked in racing product to market are now evolving to build-in and protect against exploits. Cultures are changing to bring awareness of the dangers of oversharing and learning from other’s breaches and incidents. Dr. Samtani and No Password Required host Bill McQueen discuss how oversharing can be as simple as a phone call asking what version a software is on and divulging that information, likening that to handing over the keys to a car.

The Study of Cybersecurity Science

As computing evolves, so do the crimes; the cybersecurity field is in the infancy of where it will be potentially. Developing talented professionals to stop cybercriminals, building frameworks and protocols, and advocating for strong cyber cultures at home and in the workplace will be essential to the future. There is ample opportunity for employment and research in the field of cybersecurity, cyber threat research, and cyber threat intelligence.

TIME STAMPS

1:12 Who is Dr. Sagar Samtani

1:30 How Does AI Automate Cybercrime and Cyber Threat Intelligence

3:08 The Four Phases of the Cyber Threat Intelligence Life Cycle

7:43 How Do You Rate and Respond to a Cyber Threat

10:03 Industry Specific Frameworks for Threat Identification and Mitigation

10:24 Data Characteristics in Cybersecurity

11:20 Defcon and AI Village

11:48 Tuning Algorithms for Cybersecurity

12:54 How are Hackers Fighting Against AI Detection

13:53 Developing Organizational Strategies to Counter Cybercrime

15:19 Cybersecurity/AI Ethics and Rules

18:40 Dark Web & Data

19:38 Dark Web Platforms

22:53 Access to Dark Web Platforms

23:50 Hacker Notoriety – Reputation, Monetization and Detection

27:40 Developers & Cyber Security Protocols

29:35 Double-Edged Sword of Sharing Cybersecurity Capabilities

30:40 Operational Intelligence and Risk Management

31:58 Hacker Behavior on the Dark Web/Darknet

33:40 What Can We Do to Protect Ourselves? Following the CTI Lifecycle

35:44 Cybersecurity Science as a Legitimate Field

In this podcast, Stacy Arruda, a cybersecurity threat specialist, provides insight on how individuals and businesses can better protect themselves against cybercriminals and take steps to prevent criminals from stealing their money or exploitation them in other ways. BECs have seen a 1300% increase since 2015, and, as Arruda says, “it’s no longer a question of 'if,' it’s 'when,' and not just 'when' but when you discover that the bad guys are inside your network.” Businesses have options and they begin with training employees and reporting problems quickly. Having a strong corporate culture that trains employees about proper handling of emails, account security, personal information, and reporting can make a tremendous difference.

Stacy Arruda is a former FBI supervisory special agent with more than 20 years of experience in cybersecurity and counterintelligence.She is the CEO of the ARRUDA Group, a cyber threat consultancy firm, and the Executive Director of the not-for-profit Florida Information Sharing and Analysis Organization (FL-ISAO).

Stacy details how cyber criminals use social media to profile potential victims, building trust to gain access to networks. Anyone can be a target, and cybercriminals do their homework by connecting the dots to gain access to large payouts.

Arruda notes that women, in particular, seem to overshare information on social media, nearly every aspect of their lives, and it’s a problem. As an educator and speaker, Arruda speaks on how women can better safeguard their information, warning that online activity can escalate to physical threats and exploitation.

Children can also be targeted. Predators can use simple techniques to lure information from children and they can cross-reference social media to gain information about the family. Gaining a real name online can have a criminal scrolling a family’s social media profile and readily finding things like an email, place of work, child’s school, and after-school activities. Monitoring a child’s online activity and restricting shared information is important to the entire family’s safety.

The business email compromise,(BEC), also known as “The Man in the Middle Attack,” is a cybersecurity scam that is typically short-lived and aimed at stealing information and money. “Once they send that email, and you click on that email, the bad guy has a lot of avenues that they can go down. Once they're sitting on the network, they can steal data, they can introduce ransomware and shut down the network. They can sit on the computers and they can wait for invoices to come in and wait for payments and steal money,” states Arruda.

Well-organized criminals, terrorists and spies use the information that is innocuously shared by us to gain our trust so that they can:

• Target email attacks
• Access compromised emails and files anywhere on the network
• Access human resources
• Access business accounts, such as banking
• Disguise themselves as business representatives
• Disguise themselves as clients
• Authorize wire transfers to accounts all over the world
• Change account routing information in a record or during a transaction

Arruda recommends that companies should have security drills, much like fire drills, to implement a response plan and reinforce the company’s culture on security.

The FBI has a unit called the Recovery Asset Team, where companies can report a compromise for the possibility of freezing accounts to stop the wire transfer. Time is of the essence relative to how quickly a bank will process a wire transfer; two weeks is far too long, and the money will likely be unrecoverable.

SOME KEY POINTS:

Security is often a failure because of two factors:

• Human error, such as misconfiguring software, oversharing information, lack of training on how to spot and report criminal activity, and
• Convenience, such as not taking the time to update system patches, using multifactor authentication, and using our own records to contact clients versus using information found in their email.

For the individual, Arruda shares that human error and oversharing can be the gateway to being compromised. Having system patches up-to-date, strong passwords, and reducing one’s cyber footprint, such as oversharing personal details or falling for scams because they know our likes and dislikes, can be key to preventing cybersecurity threats at home.

Defense-in-Depth is a tactic that individuals can use to protect themselves. Having our systems patched, running a firewall, running antivirus software scans, using strong passwords are examples of how an individual or business can add layers of defense against cyber criminals.

An untrained employee is a liability and changing company culture to encourage calls to higher-ups to confirm requested transactions is a must.

BEC - 1300% increase since 2015, and it’s getting worse because “it’s an easy way for criminals to make a lot of money quickly” and defense-in-depth is one way to hinder BEC criminals.

Posting on the internet so openly, especially on social media, is creating opportunities for criminals to target and manipulate individuals. Controlling your footprint on the internet is vital, and being elusive may discourage a criminal from targeting someone.

Businesses can also add a layer of protection by not sharing/oversharing personal information about their employees, such as the CEO is married to so-and-so and their children’s names are Tom, Becky, and Mike and their ages. Criminals profile and store this information, and this creates unnecessary risk.

The FL-ISAO, which helps to build cyber resilience for the state of Florida, has an agreement with the Department of Homeland Security to encourage removing the corporate stigma of sharing information to prevent data breaches, hacking, cyber incidents, cyberattacks, and other cybercrimes. Trends show that reporting to the Internet Crime Complaint Center has increased and more and more victims are willingly coming forward. While this is critical, more can be done so the FL-ISAO is expanding to provide training, tips and business support to prevent cybercrimes. Organizations can contact Arruda via www.flisao.org or via email at info@arrudagroup.com

TIME STAMPS

1:00 About Stacy Arruda, Cybersecurity Expert

1: 38 Oversharing on Social Media Can Compromise Your Security

2: 51 Using Email to Breach Your Network

6:41 Reporting Cyber Incidents & Breaches – Time Matters

7:14 Using Defense-In-Depth to Stop Cyber Crimes

9: 11 How Convenience Can Cost Billions

9:50 Human Error: A Major Factor in Cybercrime

12:41 BEC Crimes

19:00 Cybercrime Rings Stole $11 Million

21:28 Victims, Including Businesses, Should Break the Silence

22:26 Building a Corporate Cyber Culture to Stop Data Breaches & Cyber Crimes

27:08 Women: Targets of Cyber Crime

30:22 Cybercriminals Targeting Children

35:52 Florida Information Sharing and Analysis Organization (FL-ISAO)

More Than Your Computer Is At Risk

Vulnerabilities are all around:

• simple connectivity through a wireless fish tank thermostat was all that was needed to access the enterprise system of a casino,
• the Mirai botnet attack targets networked devices, such as home routers and IP cameras,
• the apps we download,
• the patches we forget, and
• the sources we trust all matter.

Traditionally, risk management for connectivity wasn’t first and foremost in a designer’s mind but increasingly companies’ reputations and responsibilities are being questioned and impacted by product breaches. This is affecting the way leadership and designers approach their products.

Cabrera suggests that we use the same diligence that we protect our businesses should be applied to our personal lives. Consumers need to investigate if devices that they bring into their home, like Amazon's Alexa, smart TV’s and IP cameras, even printers and smart home services, are subject to threats and what manufacturers are doing to prevent breaches.

Corporate Culture & Cyber Education

The evolution of cybersecurity is also changing the executive level of companies. Chief Security Officers and IT managers are keystones in understanding what their developers and researchers are finding and relaying that information to other executives and board members. Cabrera says that CSO’s need to be Chief Translating Officers to ensure decision makers understand the threats and how to prevent them.

Businesses also play a role in growing the cyber community and closing the personnel gap. There is large gap between currently taught IT and engineering skills and those needed for machine learning and AI. This gap is causing a shortage, and Cabrera estimates that there are 300,000 openings nationally right now in the cybersecurity industry. He advocates for apprenticeship models to foster a partnership between education and employment. The apprenticeship model also addresses the soft skills needed to be an integral part of a company.

These workers are needed as cybercriminals and nation-state actors are relying on automated crypto ransomware, cyberattacks, cyber manipulation, and identity theft. In 2016, automation helped cybercriminals attempt more than one billion attacks, but now criminals are being pickier to reap a larger reward. Organizations and governments of all sizes continue to be at risk.

Chapters 

What is an IoT? 02:52

Connectivity is the Door to Data Breaches 03:57

Digital Extortion 07:15

Corporate Culture 07:55

Examples of IoT Breaches 09:11

Machine Learning and AI Skill Gaps 11:34

Chief Translating Officer 14:25

Apprenticeship Models 17:22

Hacking Medical Records 22:37

Culture of Cybercriminals 24:34

Crypto Ransomware and Automation 26:25

Roger is a prolific author, blogger and speaker. He shares his 30+ years of penetration testing/ethical hacking expertise with companies and tech professionals to improve their security and defend their network. In this interview, he talks about man-in-the-middle attacks and other social engineering scams that open doors for data breaches. He examines the lack of improvement in technical controls and the proliferation of adversaries and continuous daily malware attempts. Roger also discusses the future of computing with quantum supremacy on the horizon and the threat it poses to public key cryptography. 

Topics in Order:

Who is Roger A. Grimes?

Hacking Isn’t That Hard 

Is Misinformation Part of the Cybersecurity Problem

Anti-Virus and Firewalls Don’t Work - Close Your Computer Exploits by Patching Software 

10 Ways I Can Hack You

Recognizing Red Flags of Social Engineering

Why is Hacking Still Such a Problem

How to Hack Passwords & Multi-factor Authentication

The Truth Behind Password Lengths and Password Policies

How to Never Be Hacked

Is that Dust or Hair on Your Touchscreen? Nope, it’s an Embedded Scam

What are the Two Biggest Cybersecurity Risks?

Have You Heard of this Scam? Security Awareness Training and Social Engineering

Creating a Cyber Culture for Your Employees through Security Awareness Training

The End of Classic Computing

Will Quantum Computers Launch in 2019?  The Sprint for Quantum Supremacy

A Better Future with Quantum Models

The Downside of Quantum Computers: Breaking the Public Key Cryptography

The Coming Quantum Break

Post-Quantum Encryption and Susceptibility 

Has the Quantum Crypto Break Already Happened? 

Is Quantum Supremacy a Big Deal or the Next Y2K?

What is Crypto-Agility and Will it Matter with Quantum Computing?

Is Society Becoming Tolerant of Hacking and Cybercrime? Why and What Do We Do About It?