Teri breaks down her proprietary TEST Framework (Touch, Execute, Store, Trust)-a practical toolset for CISOs to evaluate AI risk beyond simple vulnerabilities. They discuss why humans remain the greatest vector in the age of AI, how to teach digital citizenship to the next generation, and why the basics of security still apply even as we move toward a quantum future.

Timestamps:

[00:00] Welcome, meet Teri Green

[00:43] Cybersecurity Origin Story

[01:44] Degrees and Certifications

[02:34] Career Path and Leadership

[03:28] TEST AI Risk Framework

[05:30] AI Trust and Human Factor

[06:53] Teaching AI Ethics to Kids

[08:34] Governance Outpaced by AI

[09:42] Upcoming Talks and Takeaways

[12:37] Learning AI and Plain Language

[16:17] AI Already in Your Org

[18:13] Where to Follow Terry

[18:58] Closing and Thanks

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Timestamps:

00:54 Meet Sayaan: Starting Bug Bounties at 14

01:33 Joining the Synack Red Team (SRT)

03:18 SRT Onboarding Process

04:41 Climbing the Tiers: From Level 1 to Level 5

05:42 Why Synack is Different from Other Platforms

06:30 Improving Professional Pentesting Skills

06:58 Finding Patterns in Client Architectures

08:32 The AI Chatbot Vulnerability: SSRF Case Study

10:57 Remediation Advice for AI File Handling

11:58 Trends in AI Chatbot Security & Stored XSS

13:12 Thoughts on Sara: The Synack Autonomous Red Agent

14:29 How to Connect with Sayaan

15:07 Outro and Closing Remarks

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Timestamps

04:51

Traditional vs. Modern Pen Testing Approaches

07:55

The Role of Human Analysts in AI-Driven Security

10:57

Introducing Sara Pentest: A New Era in Testing

13:16

Executing a Sara Pentest: A Step-by-Step Guide

20:13

Real-Time Insights from Sara Pentest

23:20

Technical Difficulties and Collaboration

23:25

Exploring Pen Test Engagements

27:00

Successful Pen Test Outcomes and Future Implications

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

CHAPTERS:

0:00 Introduction

01:03 Military Origins & The DMZ

01:58 Hacker Origin Story

04:06 Transitioning from Infantry to Tech

07:22 Joining the Synack Red Team (SRT)

08:04 Learning with Hack The Box

09:52 Bug Bounty Reporting Strategy

12:14 Synack Vuln Ops

16:03 Advice for New Pentesters

18:44 AI Prompt Injection Deep Dive

21:35 Retesting & Patch Verification

23:25 How to Improve Patching

26:02 Advice to Learn Cyber Security

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Timestamps:

00:49 - Adam's background with responsible disclosure and bug bounty programs

04:33 - Description of M365 vulnerability

12:34 - Demo of the vulnerability

17:53 - How to pentest AI

20:45 - Getting started in pentesting

23:07 - Benefits of hacking with Synack

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Timestamps: 

• 00:19 - Halcyon’s Ransomware Research Center
• 07:24 - Actors behind ransomware campaigns
• 11:22 - Will AI help offense or defense? 
• 17:29 - Known vulnerabilities
• 21:10 - Where do you fall on ransomware payments?
• 28:24 - How to stop bad actors
• 30:44 - Guest fun fact

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Rob Lee is the Chief of Research and Head of Faculty at SANS Institute and runs his own consulting business specializing in information security, incident response, threat hunting, and digital forensics. With more than 20 years of experience in digital forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response, he is known as “The Godfather of DFIR”. Rob co-authored the book Know Your Enemy, 2nd Edition, and is course co-author of FOR500: Windows Forensic Analysis and FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics.

Rob graduated from the U.S. Air Force Academy and served as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information operations. Later, he was a member of the Air Force Office of Special Investigations (AFOSI) where he led a team conducting computer crime investigations, incident response, and computer forensics.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Timestamps:

• 01:05 - About Rep. Langevin
• 04:08 - Building a hacker-friendly congress
• 09:53 - Cybersecurity as a bipartisan issue
• 15:39 - Trying to predict the future
• 19:44 - AI and cyber defense

Find Blake on LinkedIn

Find Rep Langevin on LinkedIn 

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

TIMESTAMPS:

• 00:35 - What is a solutions architect?
• 02:56 - Advancing threats
• 13:32 - Are we ready to embrace AI? 
• 20:58 - What’s real, what’s not?
• 25:03 - Find Paul Mote on LinkedIn

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Find Lea on LinkedIn

Find Blake on LinkedIn

Follow WE'RE IN!

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Tune in to the latest episode of WE’RE IN! to hear more about how NASA balances its out-of-this-world mission with real-world concerns about cybersecurity resulting from increased activity from other space agencies and commercial interests alike.

Listen to learn more about: 

• How NASA responded to the Log4j vulnerabilities revealed in 2021
• Why the SAISO position was created 
• How NASA’s stellar reputation helps it address the cybersecurity talent shortage

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Tune in to hear how she played an important part in integrating cyber operations into the Marine Corps' combined arms approach and later spearheaded efforts to create a comprehensive information warfighting function.

Listen to learn more about: 

How China's cyber operations have become more sophisticated, quiet and focused on long-term strategic positioning

Why the threat now extends beyond cyberattacks to include technological exports and influence operations 

How Russia and other state actors are also engaged in hybrid warfare, operating below the threshold of conventional conflict

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Tune in to hear how the program, which began in 2016 following a successful bug bounty event, has processed over 53,000 reports, 56% of which were actionable, and resulted in nearly 30,000 remediated vulnerabilities.

Listen to learn more about:

Why VDP has been recognized by the government as a reliable and economical cybersecurity strategy 

How Melissa and her team handled the notorious Log4j vulnerability

How DC3 has explored the use of AI and machine learning to enhance capabilities and scale operations 

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of WE’RE IN!, Bill expresses skepticism about AI, preferring the term "machine learning" for most current applications, but he acknowledges its potential benefits, such as improving threat detection.

Listen to hear more about: 

• How Bill's diverse background in telecom, IT, and security has provided him with a well-rounded perspective to approach his CISO role
• Why the integration of voice, data, and collaboration tools in enterprise communications presents new cybersecurity challenges
• Why security awareness is crucial for both professional and personal life 

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of WE’RE IN!, Jennifer gives her take on AI in penetration testing, suggesting it should be used as a tool for initial reconnaissance but not for exploiting vulnerabilities. 
 

Listen to hear more about: 

• Why all of Jennifer’s smart home devices’ warranties are voided
• How anyone can be a hacker by following the Open Source Intelligence methodology to find vulnerabilities
• The importance of producing high-quality work and going above and beyond to gain trust in the pentesting industry

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of WE’RE IN!, Sara underlines the importance of collaboration between IT and security teams to adequately protect data and address relevant threats in anticipation of the September deadline for federal Zero Trust compliance.

Listen to hear more about:

• The role of the private sector in adopting Zero Trust frameworks and providing security tools
• Preparing for emerging technologies like quantum computing and their accelerated development due to AI advancements
• Why Sara believes hackers will initially benefit more from AI advancements than defenders

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of WE’RE IN!, Michael elaborates on his "immune system" approach for the internet, a strategy where threats are quickly identified and neutralized. But this requires robust – and highly trusted – information sharing between groups. 

Listen to hear more about:

• The threat assessment for the 2024 Paris Olympics, highlighting potential threats from Russia and Azerbaijan
• The need for more resilient software systems that can degrade gracefully rather than catastrophically fail
• Michael’s thoughts on industry diversification and the value of different viewpoints in tackling cybersecurity challenges

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Anand Prakash, founder of startup PingSafe, shares his insights on building a successful cybersecurity business and his experience as a top bug bounty hunter. He emphasizes the importance of fast execution, accountability and learning from mistakes when growing the company acquired by SentinelOne, where he’s now a senior director of product management. 

In the latest episode of WE’RE IN!, Anand touches on India's prominence in global tech – particularly in security research and bug bounty programs – and he shares his personal journey into cybersecurity, which began with a curiosity about hacking at a young age in cyber cafes. 

Listen to hear more about: 

• How bug bounty programs have evolved, with companies now more open to ethical hacking due to increased awareness of data breaches
• The viability of government efforts to reduce entire classes of vulnerabilities like SQLi
• If AI is effective in improving red teaming and bug bounty hunting

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the latest episode of WE’RE IN!, Ads talks about including threat modeling from the design phase when integrating GenAI into applications, and how he uses AI in his red teaming and application security work. 

Listen to hear more about: 

The misuse of AI, such as creating deep fakes for financial gain or manipulating powerful systems like the stock market 

The role of governments in securing the AI space and the concept of “safe” AI

How the infosec community can contribute to OWASP frameworks

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the latest episode of WE’RE IN!, Kevin discusses the importance of compliance and risk assessment, noting that while compliance with rules like HIPAA is crucial, it's equally important to pressure test controls against real-world threats. Ransomware targeting hospital data is the primary threat, while phishing and potential abuse of generative AI also pose significant risks. 

Listen to hear more about: 

• The benefits of forming an AI task force to enact safe and responsible procedures while enabling clinicians and researchers to explore AI’s potential
• Effectively communicating cyber threats to non-technical staff by relating them to potential impacts on patient safety and business operations
• Application security in healthcare; applications often have access to sensitive patient health information and can be potential entry points for cyber threats

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the latest episode of WE’RE IN!, Tennisha unpacks the important work of The BlackGirlsHack Foundation, which provides training resources and cybersecurity education to underserved communities. That includes giving Black children avenues to complete cybersecurity certifications and snag their first jobs in the industry. 

“Part of the reason why I started BlackGirlsHack was because I was a black girl that was trying to get into cyber security and I was like, hey, I've got a whole bunch of degrees and years of experience and certifications, and if I'm having a hard time, I know that the people who are  fresh out of high school, for example, may be having a hard time as well,” she said.

Listen to hear more about:

• How recently reported corporate cutbacks in DEI initiatives are impacting the work of organizations like BlackGirlsHack
• How Tennisha came to be nicknamed “mother of hackers”
• Why gamifying cybersecurity can be key to building the next generation of cyber talent

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Mara takes a holistic approach to risk management, considering both physical and cyber threats. In the latest episode of WE’RE IN!, she cautions against focusing too much on the "flashy object of the day" and describes why she imbues diversity in risk management for the best outcomes.

Listen to hear more about: 

• Why early implementation of security measures in product development is necessary for distributed energy resources like solar, wind and battery technologies
• How to educate investors, entrepreneurs and designers about understanding the full risk picture in business decisions
• The role of the National Association of Regulatory Utility Commissioners and the Federal Power Act in defining federal and state responsibilities in the energy system

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of WE’RE IN!, Amy provides insights into the potential cybersecurity policies of both the Trump and Biden administrations after the next presidential election, and how AI has the potential for more than just super-powered hacking. In a recently published paper, she and a colleague detailed consequences like inaccurate medical diagnoses or even manipulation of financial markets.

Listen to hear more about: 

The role of cybersecurity in the innovation race between China and the U.S.

The effectiveness of “name and shame” tactics more than a decade after the release of Mandiant’s landmark APT 1 report  

Why bipartisan support for cybersecurity measures may not equate to trust in the election security space 

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of WE’RE IN!, Mark explains how he recruited a community of global top hackers to join the burgeoning Synack Red Team – and what’s at stake as AI capabilities ramp up for attackers and defenders alike. 

Listen to hear more about:

• Mark’s predictions about the use of AI for offensive operations, including selecting targets and applying exploits
• Synack’s FedRAMP Moderate Authorized status and how other organizations can secure approval to work with sensitive government data
• How the integration of AI in cybersecurity is increasing the pressure on organizations to patch and mitigate vulnerabilities faster

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Anthony also digs into the impact of AI in the cybersecurity landscape, emphasizing the need for trust and the potential benefits of automation. 

Listen to hear more about:

• How REN-ISAC supports its 700 member institutions within the higher education and research community
• The role of trust and threat intelligence in higher education
• The nature of advanced, persistent threats to research facilities, including China-linked cyberespionage 

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Dennis also discusses the challenges of cybersecurity journalism and the importance of democratizing information.  

Listen to hear more about:

• The overlap between cybercrime and traditional organized crime and the impact of cryptocurrency
• Dennis’s interest in crime novels and the challenges of incorporating his background into his own books
• The surprising topic Dennis would cover if he wasn’t focused on security

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this WE’RE IN! episode, Jason discusses the need for strong communication skills and the ability to engage every employee in cybersecurity practices. 

Listen to hear more about:

• Why basic security controls and understanding context are crucial in cybersecurity
• How to “sit down, be quiet and listen” rather than try to fix everything immediately in a new cybersecurity leadership role 
• What AI means for the risk of future cyberattacks

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Sarah Armstrong-Smith on understanding the attacker mindset

Sarah Armstrong-Smith, Chief Security Advisor at Microsoft and a cyber security author, discusses her role in improving cyber postures and staying ahead of threats. She explains how Microsoft uses machine learning in their threat intelligence and what's next with the onset of generative AI. She also highlights the importance of understanding the risks and consequences of AI technology, as well as the need for CISOs to embrace new technologies while ensuring accountability. 

In this WE’RE IN! episode, Sarah emphasizes the significance of diversity in the cybersecurity workforce and the need for organizations to foster a culture that encourages diverse perspectives. 

Listen to hear more about:

Understanding and addressing the unique cyber challenges of different sectors and countries 

Balancing the threat landscape with available resources

The human aspect of security and understanding the motivations of attackers

Links: 

Find Sarah on LinkedIn

Find Blake on LinkedIn

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the latest episode of WE’RE IN!, Andreas challenges some status quo ideas in the industry, like: Is there really a cybersecurity talent gap? And he gets real about how AI can help unleash more capacity and productivity for security teams if paired with rigorous cyber standards.

----------

Listen to learn more about:

* Translating cyber for the C-suite

* How to achieve cyber resiliency

* Forming a worthwhile customer advisory board

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The cloud security company has an existing ethos of security first, so Ryan and his team are equipped to tackle old and new security challenges alike, from run-of-the-mill phishing attacks to sophisticated AI-enabled threats.

----------

Listen to learn more about:

* His time consulting on the hacker TV series Mr. Robot

* Ryan’s thoughts on balancing privacy, security and convenience 

* Lessons from his heavy-hitting cyber career

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Hosted by Synack's Head of Communications and longtime cybersecurity journalist Blake Thompson Heuer (Sobczak), WE'RE IN! takes you inside the brightest minds in cybersecurity for unique insights and colorful stories from the front lines of our digital transformation. Don't miss the latest season of this breakout podcast, sponsored by Synack!

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Don’t miss the latest episode of WE’RE IN! to hear Lauren’s insights into why cybersecurity job descriptions are broken and how talking to everyday people can build the pipeline of cyber talent.

----------

Listen to learn more about: 

* Which cybersecurity story she’d like to see made into a Christopher Nolan movie

* Why she believes “diversity is national security”

* How she ended up with Ms. magazine bylines

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Jeremiah is a fan of escape rooms and brings his creativity and strategic thinking to some of the cybersecurity industry’s toughest challenges. Don’t miss the latest episode of WE’RE IN! to hear Jeremiah weigh in on topics such as:

----------

Listen to learn more about: 

* Budding API security challenges and how to address them

* Techniques for transitioning from the armed services to a role in cybersecurity

* How to think like an attacker to conquer high-risk vulnerabilities

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Don’t miss the latest episode of WE’RE IN! to hear Danielle’s insights into industrial control systems (ICS) risk management, including the recently disclosed COSMICENERGY ICS-focused cyberthreat. 

----------

Listen to learn more about: 

* What makes the ICS security field “niche but not nebulous”

* How Danielle’s background in nuclear weapons policy informs her approach to cyber incident planning

* Why so few critical infrastructure operators know where equipment with known vulnerabilities may exist on their networks

* Hacking satellites in space

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

He founded APIsec University, which offers online courses to help level up the infosec community’s API security testing skills. APIs are essentially direct links to a company’s database, a valuable target for a malicious actor, and their flaws can be difficult to detect without proper documentation and thorough analysis. 

Security teams are just getting started tackling API security and Corey outlines how they can get started and which executives, including the board of directors, need to be aware of their API attack surface.  

----------

Listen to learn more about: 

* His favorite API vulnerability 

* Why generic security scanners can’t detect API security flaws 

* The future of API security

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Emma previously worked as Chief Scientist for the National Rural Electric Cooperative Association, which represents the nation’s roughly 900 non-profit electric co-ops. Because rural infrastructure can lack the same level of funding or support compared to bigger electric companies, she often had to puzzle over how to fortify distributed resources from nation-state cyberthreats.

----------

Listen to this episode to hear more about: 

* How cyber mutual assistance programs can help level the playing field in the fight against adversaries 

* Emma’s cancer survivorship 

* Takeaways from the S4 industrial cybersecurity conference in Miami Beach, where Emma was a speaker

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Don’t miss the latest episode of WE’RE IN! in which Kelly opens up about her professional history and shares tips for anyone interested in supporting their own communities through pursuing a career in cybersecurity. Her office has worked to foster the next generation of cyber talent through efforts like the New York City Cyber Academy program. 

“The really amazing thing about the profession in general is you don't need a degree,” Kelly says. “If you have access to the internet and you have access to a technology product like a mobile phone, a laptop– there's so much out there and open source that, if you really want to, you can start learning.”

-------

Tune in to hear more about: 

* Why cloud security is such a top-of-mind concern for CISOs 

* New York’s first-of-its-kind Joint Security Operations Center

* Kelly’s approach to ensuring “diversity of experience” in the infosec field

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Space Rogue was a member of the L0pht Heavy Industries hacker group that made its name poking holes in premier products from burgeoning tech giants like Microsoft and Oracle. Now Global Lead of Policy and Special Initiatives at IBM, he is also author of a new memoir recounting his experiences from the “magical hacker scene” of the 1990s, Space Rogue: How the Hackers Known As L0pht Changed the World. 

In the latest episode of WE’RE IN!, Space Rogue shares his side of the story from L0pht’s influential May 1998 testimony before Congress, in which the hackers warned of glaring security vulnerabilities that remain relevant to this day. 

--------

Tune in to hear more from Space Rogue on: 

* Tales from early meetings of the famous hacker quarterly 2600 

* The value of college versus certifications for anyone seeking to launch an infosec career

* The fragility of the modern internet

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the latest episode of WE’RE IN!, Morgan shares how she helped build the CCC into a vital public-private conduit for cyber intelligence, rewriting existing NSA operating models along the way.

“We knew that it was important to be able to have this type of direct engagement, because we knew the only way to really counter a nation-state actor is to get ahead of it,” Adamski said of the CCC’s “fast and furious” history. 

--------

Tune in to hear Adamski’s thoughts on: 

* Strategies for getting more women involved in the cybersecurity field 

* The Biden administration’s new National Cybersecurity Strategy

* The importance of being part of something bigger than yourself 

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Nicole points to catastrophic cyberattacks like NotPetya, a 2017 ransomware look-alike that attempted to obliterate Ukraine’s critical infrastructure before causing billions of dollars in damages worldwide. But even with geopolitical tensions now at a fever pitch, Nicole, now a cybersecurity advisor and investor, explains why “mutually assured digital destruction” has so far helped stave off major attacks on U.S. critical infrastructure. 

---------

Also covered in the podcast: 

* The importance of educating board members about cybersecurity 

* What constitutes a cyber weapon

* Why Nicole is optimistic about the future of ransomware

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Tune into the latest episode of WE’RE IN! to hear Hudney share his insights into getting started with the Synack Red Team, the importance of mentorship in the cybersecurity community and his “sixth sense” that helps him to find creative workarounds for tough security challenges. 

---------

More topics covered in the podcast:

* Why we haven’t seen the last of the blockbuster Log4j vulnerability 

* The importance of applying an adversary’s perspective on your networks

* How to build trust among professionals skeptical of ethical hackers

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

-------

More reasons you should listen: 

* Hear Selena discuss what makes threat intelligence actionable, versus extra noise for a SOC

* Find out about an alarming cyber espionage campaign that recently targeted journalists

* Learn why Selena despises evil TOADs – “telephone-oriented attack delivery” attacks

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

On the latest episode of WE’RE IN!, hear Craig describe what he means by cyber civil defense and listen to his candid thoughts on everything from quantum computing to the dangers of state-sponsored disinformation campaigns. He also shares insights into the philanthropic strategy driving many of his contributions to the field of cybersecurity and continuing education.

----------

Tune in to hear more about: 

* Challenges in fostering collaboration across the cybersecurity community, from the White House to organizations like the Aspen Institute’s Cybersecurity Group

* How a “cybersecurity nutrition label” could empower consumers 

* Craig’s participation in the Whole Earth 'Lectronic Link, one of the oldest virtual communities

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In his new book, “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency,” Andy follows the gripping story of IRS special agent Tigran Gambaryan as he follows the money to zero in on some of the most mysterious and monstrous criminals in the cyber underground. 

-------

Don’t miss the inaugural episode of WE’RE IN! Season 2 to hear more from Andy on: 

* How Tigran joined forces with expert investigators and cryptographers to jettison misconceptions about the anonymity of major cryptocurrencies, exposing alleged criminal masterminds in the process

* The genesis of successful crypto tracing and analysis firms like Chainalysis

* The twisted motivations of those who founded infamous dark web emporiums like AlphaBay and Silk Road

-------

Links: 

* https://andygreenberg.net/

* https://www.wired.com/

* https://www.synack.com/

* https://readme.security/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Co-hosted by Synack security operations engineer Bella DeShantz-Cook and longtime cybersecurity journalist Blake Sobczak, WE'RE IN! takes you inside the brightest minds in cybersecurity for unique insights and colorful stories from the front lines of our digital transformation. Don't miss the latest season of this breakout podcast, sponsored by Synack! 

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Tanya has spent much of her career in cybersecurity and IT empowering others to strengthen their own skills. With We Hack Purple, she built a community from the ground up, and she’s organized plenty of security talks and capture-the-flag tournaments along the way. Computer science can be a nebulous, wide-ranging field – Tanya has further helped people zero in on what they should focus on learning in the wide world of cybersecurity. 

-------

Tune into the episode to hear more on: 

* The story behind Tanya’s bestselling book, “Alice and Bob Learn Application Security” 

* The qualities that make a good pentester: “You have to be very determined and detail oriented,” as Tanya put it

*  #cybermentoringmonday and the value of professional mentorship 

-------

Links: 

* https://wehackpurple.com/

* https://brightsec.com/

* https://www.synack.com/

* https://readme.security/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

As a senior fellow at American University in the Law Tech, Law, and Security Program, Melanie helps craft cybersecurity policies that scale and attempt to solve big, societal problems. First, she has to understand how cybersecurity technology and models, such as zero trust, are implemented at companies and organizations of all sizes. Then, she applies those principles to existing laws and government mandates to understand the pitfalls and gaps. 

Between her early start in cyber and national policy-making, Melanie has a unique perspective to share with the infosec community.

Listen to the episode to hear more about: 

* How cybersecurity policy can transform small- and medium-size businesses’ approach to zero trust 

* Why protecting innovation efforts at universities and small companies is paramount for the cybersecurity industry

* The positive outcomes from collaboration between the public and private sectors 

Links: 

* https://www.wcl.american.edu/impact/initiatives-programs/techlaw/our-team/melanie-teplinsky/

* https://www.atlanticcouncil.org/in-depth-research-reports/report/cybersecurity-for-innovative-small-and-medium-enterprises-and-academia/

* https://www.synack.com/

* https://readme.security/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

She has since become a children’s book author and works as a cloud security engineer for Best Buy, while raising her four kids and completing her master’s degree in cybersecurity from Georgia Tech University. 

In the latest episode of WE’RE IN!, Zinet shares how she published two children’s books during the pandemic, “Proud in Her Hijab” and “Oh, No ... Hacked Again!: A Story About Online Safety,” and about her work with Black Girls in Cyber. 

Listen to the episode to hear more about: 

* How you can teach kids (and grandparents) about cybersecurity 

*Zinet’s journey from immigrant to best selling author 

*The power of diversity in cybersecurity 

Links: 

*https://zinetkemal.com/

*https://www.synack.com/

*https://readme.security/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

As vice president, chief information security officer and “Chief Paranoid” for Yahoo, Sean is charged with keeping sensitive company data safe from an onslaught of cyberthreats, working collaboratively across all Yahoo’s media and technology brands.

In the latest WE’RE IN! episode, Sean speaks to the need for balance in security messaging and shares how he addresses risks like Log4j. 

It takes patience and finesse to build a strong culture of security in any organization, let alone a global tech and media company with thousands of employees. 

“It's important to not shame people, so you don't want to say, ‘how could you miss this?’ Or, ‘what happened? Why, why did you commit that code?’” Sean says. “Instead, we use it as a learning experience.” 

Tune in to discover how Sean keeps Yahoo on the right track and hear more about:

* Yahoo’s approach to bug bounties and pentesting

* His unlikely path to security leadership– “It was never my career aspiration to become a CISO”

* Sean’s focus on examining what motivates the attackers targeting Yahoo every day

Links: 

* https://www.yahooinc.com/technology/paranoids-blog/

* https://www.synack.com/

* https://readme.security/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Building Darknet Diaries into a successful show was no cakewalk. In the latest episode of WE’RE IN!, Jack shares his experience putting on a great podcast, from ideation and guest selection all the way to monetization and fielding calls from Hollywood producers.

“Don’t think about how big of an audience you have,” he said. “You need to find the right person in your head, of who would love this show, and just deliver it to them in a great way.”

---------

Even if you’re not a podcast creator, there are plenty of reasons to listen:

* Glean Jack’s insights into the creative process, including the importance of self-reflection and listening with “fresh ears”

* Hear how he navigates constant deadline pressure while avoiding burnout

* Learn the secrets behind the most suspenseful moments in any great story

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the latest WE’RE IN! episode, she speaks to the importance of having diverse perspectives at the table when it comes to cybersecurity and warns of a disconnect between tech hiring managers and HR departments.

“Companies keep hunting for unicorns when they really just need to pay attention to the squirrels at the base of the tree,” Maleeff said.

---------

Here are a few more reasons to listen:

* Discover Tracy’s tips for breaking into the cybersecurity industry from other professions: She once helped a mechanic launch a career in pentesting

* Learn how she’s used Twitter to advance her own cybersecurity career

* Hear about out her favorite episode of Keeping up with the Kardashians – and yes, there is an infosec connection!

---------

Links:

* https://infosecsherpa.medium.com/

* https://www.ks.group/

* https://www.synack.com/

* https://readme.security/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In his current role as senior advisor for the Cybersecurity and Infrastructure Security Agency, Beau helps fill gaps in U.S. cyber defenses by boosting organizations that may not have the resources or knowledge needed to secure critical connected equipment like insulin pumps.

“If you can get ahead of things and help them to build better procurement processes, help them to identify more securable technologies that have better business models, that will have  greater longevity, then you can stop the flow of inbound, insecurable devices and – over the next decade or two – eventually that cyber hygiene tide line can rise,” he said in this episode of WE’RE IN!

----------

Here are a few more reasons to tune in:

* Learn Beau’s tips for making cybersecurity issues more engaging, from gamification to building empathy

* Hear about his unconventional career path from psychology to security

* Build awareness on the state of healthcare cybersecurity and CISA’s role in government

----------

Links:

* https://www.cisa.gov/
* https://iamthecavalry.org/
* https://www.synack.com/
* https://readme.security/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

A few more reasons to listen:

*It's a candid and sobering interview with one of the world's leading experts on industrial cybersecurity.

*You might be surprised how Dragos approaches pay transparency, hiring and job interviews. 

*Better understand how critical infrastructure operators should approach cybersecurity differently from enterprise technology. 

Key quotes:

* "If you are an oil and gas pipeline or a manufacturing company, and you haven't had ransomware scenarios at a board level with an understanding of what you're doing specifically in OT, your liability and your lawsuit is going to be bad."

* "One hundred percent of our engineers are in the United States. We don't outsource anything where they're related to our product, because if we're deploying software into nuclear power plants and similar, I'd like control of the supply chain."

* "We've been talking about cyber at a presidential, international leader, board level for a long time. But they never knew they needed to differentiate between IT and OT. And now they're realizing all the resources have been spent on the non-revenue generating side of the business and they're going, "Holy crap! What's our OT cybersecurity strategy?"

Links:

* https://www.dragos.com/

* https://www.synack.com/

* https://readme.security/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

* Hear from one of the leading educators focused on helping developers code securely. 

* Learn more about all the important projects and initiatives happening at OWASP.

* Get Jim's perspective on how organizations can best implement DevSecOps. 

Key quotes: 

* "Honestly, you shouldn't be basing a security program on the OWASP Top 10. The Top 10 is meant for one purpose only: awareness. This is not just my opinion. This is actually codified in the introduction of the Top 10."

* "Being a decent human being, being a community supporter, trying to help people out, giving free talks: you can call it being a decent person, but it's also a good life and business strategy."

* "Learn how to f-ing code. And you don't have to be an expert at it. You don't have to be a software engineer, but if you're an IT professional and you don't even understand the basics of coding, it's going to limit your capability because the best pentesters I know write scripts."

Related links:

* https://manicode.com/

* https://owasp.org/www-project-top-ten/

* https://owasp.org/www-project-application-security-verification-standard/
* https://www.synack.com/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Why should listen:

* Get the inside story of how the Conti ransomware gang and other Eastern European cybercrime syndicates operate.

* Hear about how the current Ukrainian War could shift the cyber threat landscape.

* Discover how one of the leading threat intelligence researchers uncovered some of the biggest data breaches in history.

Key quotes:

* "Russia knows how to wage cyber warfare. And they continuously keep showing us that they can ... So I think Russia is in [a] very powerful position to flex their cyber muscle to do damage."

* "We are watching a huge change in the cybersecurity threat landscape in Eastern Europe. Ukrainian cybercrime is not dead. They're still doing certain things in the western part of Ukraine. Some of them are moving into Eastern Europe ... The same is happening in Russia. Cyber criminals are afraid that the recent crackdown of the Russian government against them will continue." 

* "If you are at all interested in threat intelligence or in cybersecurity, I would recommend sitting down and reading [the Conti leaks] because you're going to see how the real criminals work, how they think, how they evolve and how the everyday gang works."

Links:

* https://holdsecurity.com/

* https://www.synack.com/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Why you should listen:

* Understand what's at stake as cyber warriors do battle on both sides of the the Ukraine War. 

* Lean about some potential consequences of a destructive hack in Europe and whether that could even draw NATO into the war.

* Hear what Washington is doing to obtain better insights and actionable intelligence that could improve cybersecurity defenses.  

Key quotes:

* "Cybersecurity generally is not a good state of affairs. So I think we are going to see some regulatory changes that make it much harder for certain classes of companies to operate because they've grown up around this inefficient system."
* "The physical military invasion [into Ukraine] has not necessitated sophisticated cyber support from the Russians. What's been more important in the information space is misinformation [and] disinformation."
*  "You've got a lot of [outside hackers] tripping over systems to try to find some kind of way in to do something. And the challenge is that's not really strategic. You don't have any of these groups plugged into the target selection and intelligence collection processes that Western agencies have."

Links:

* https://www.atlanticcouncil.org/

* https://www.atlanticcouncil.org/programs/scowcroft-center-for-strategy-and-security/cyber-statecraft-initiative/

* https://www.atlanticcouncil.org/thecybermoonshot/

* https://www.synack.com/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

-------

Why you should listen:

* Get a better understanding of the history of Anonymous and the role it played in shaping online protests and whistleblowing.

* Hear about some of the earliest hacking communities such as the free software hackers and efforts to archive their early writings and magazines.

* Get an anthropological perspective on how hackers have evolved from the fringes of the tech world to among the most influential voices in cybersecurity.

-------

Key quotes: 

* "There's now a new narrative that there was a single founder of Anonymous, the trolls and the early hacktivists. And that's just wrong in terms of historical record."

* "I'm not surprised that hackers were at the forefront of establishing the protocols for the security industry."

* "The moment you cower, the moment you're not willing to speak up, that's the minute that I think ... the hacker spirit is dead and can't be effective in initiating change."

-------

Links:
* https://www.synack.com/
* https://gabriellacoleman.org/
* https://datasociety.net/library/wearing-many-hats-the-rise-of-the-professional-security-hacker/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Why you should listen:
* Hear from one of the leading Open Source Intelligence researchers working today.
* Learn about the value of OSINT for offensive and defensive cybersecurity.
* Get a better understanding of all the privacy risks from fitness trackers, apps, shopping online and social media.  

Key quotes:

* "OSINT is a reconnaissance skill. It's all about that preparation work that needs to be done before you do anything in cyber, whether it's attacking or defending."  

* "Once things are on the internet -- or once things are even collected, not necessarily on the internet -- you've lost control of it."
* "The reality is that we give up our privacy every single time we use an app, every single time we choose to purchase something."

Links:

* https://www.spotlight-infosec.com/

* https://osintcurio.us/

* https://www.synack.com/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

---------

Why you should listen:

* Nicolas offers a candid and controversial view of the military's approach to the growing technological threat from China.

* He outlines his view for a Pentagon that is more agile, collaborative and competitive. 

* Hear from a former DoD insider about some of the institutional barriers that can hinder innovation and software advancements.  

---------

Key quotes:

* "In 10, 15, 20 years from now, America as we know it and the value we have and the freedom we enjoy will be at risk of going away if China dominates in AI like they are doing now."

* "TikTok is effectively an intelligence weapon of China on US citizens right now."

* "We don't see a lot of training and implementation of Agile at all in the DoD, which really leads to the inability to move at the pace of relevance and tremendous waste of taxpayer money."

---------

* https://www.synack.com/

* https://www.linkedin.com/in/nicolaschaillan/

* https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-chaillan/

* https://ama.preventbreach.com/register

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

-------

Why you should listen:

* Phllip's story is both educational and inspirational -- worthwhile for anyone interested or involved in cybersecurity. 

* Learn something from one of the most prolific cybersecurity speakers and educators. 

* Get a better understanding of ethical hacking and the value of offensive security testing.

-------

Key quotes:

* "Once you learn how to pentest, your whole world changes."

* "For people that have been in the industry for a while, listen to the new folks. I learned a lot from my students."

* "If you can help people succeed, that's even more rewarding than personal success."

-------

Links:

* www.synack.com

* https://twitter.com/PhillipWylie

* https://www.youtube.com/c/ThePwnSchoolProject

* https://www.itspmagazine.com/the-hacker-factory-podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

* Hear from one of the most influential and knowledgeable journalists writing about cybersecurity today.
* Get her take on some of the biggest security stories of 2021 such as Colonial Pipeline and the Pegasus Project.
* Learn more about the key policy debates around election security and critical infrastructure protections.

Key Quotes:
* “Stuxnet really helped shine a light on industrial control systems as a target.”
* “We focus too much on the stuff that makes the headlines and completely ignore the innocuous things that you’re downloading onto your phone .... Those things are spying on you, as well.”
* “The Obama administration was the first administration to [make] cyber a priority, but they didn't really put critical infrastructure as a priority in the sense of using the government's weight to force security on critical infrastructure. We're actually only seeing that in this last year … in the wake of Colonial Pipeline.”
* “When we saw Russia trying to interfere in 2016, that woke up DHS that someone, somewhere needed to have some kind of influence over election officials.”

Links:

* www.synack.com

* https://zetter.substack.com/
* https://www.nytimes.com/2018/09/26/magazine/election-security-crisis-midterms.html

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

-------

Why you should listen:

* Learn about some of the most cutting-edge work going on inside the Pentagon.

* Better understand emerging threats such as drones and risks associated with climate change.

* Hear how DDS helped the military rapidly deploy technology to reduce the spread of COVID-19.

-------
Key Quotes:

* "What I've seen shifting in my time here is making security researchers the good guys."

* “Facilitated by the pandemic, we are seeing just increased awareness and attention to cybersecurity.”

* “It would be better for us to check our defenses first before we have some kind of major breach.”

*  “For those white hat hackers who want to contribute to national security, [there’s] a huge opportunity.”
-------

Related Links:

www.synack.com

https://www.dds.mil/

https://www.synack.com/blog/3-years-of-hack-the-pentagon/

https://www.usds.gov/projects/hack-the-pentagon

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

--------

Why you should listen:

* Hear from a hacker working on the frontlines of today’s most important racial justice issues.

* Better understand the state of digital surveillance in Black communities.

* Hear about what steps platforms such as Twitch can take to better protect creators.

* Learn the three things everyone online should do to better protect themselves on the internet.

* Discover where “Mr. Robot” placed an elusive CryptoHarlem Easter egg.

--------

Key Quotes:

* “It's really about taking the skill that we have and applying it toward something bigger than yourself.”

* “Under the lens of a surveyor, who’s always looking for wrongs, you’ll find what you’re looking for all the time.”

* “We sometimes confuse public safety with surveillance.”

* “I'm pretty realistic. If you look at the number of cyberattacks that came from sticky notes on personal computers, it’s zero. But don’t put a sticky note on the nuclear codes.” 

--------

Related Links:

* Synack.com

* https://www.cryptoharlem.com/

* https://www.fordfoundation.org/

* https://calyxinstitute.org/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

--------

Why you should listen:

* Figure out why most cybersecurity job postings “suck” and how the industry can help fix the issue.

* Learn how to address key issues that come up during a cybersecurity job hunt.

* Identify how to maximize opportunities for personal growth and realize your potential in the infosec community.

* Understand how to be a better ally to underrepresented groups in the cybersecurity community.

* Hear about the value of diversity and inclusion in cybersecurity. 

--------

Key Quotes:

* “Read the narrative at the beginning of the job description. If that sounds like something you can do and something you can learn and grow in, apply. The very worst thing they can do is tell you no."

* "The difference between you experiencing success or not is in how you respond to opportunities. Do you take those moments and go after them or do you let them go by the wayside."

* “If we want to be better at cybersecurity, having diversity matters.”

* "You don't get diversity of thought by having 20 heterosexual white males sitting in a room talking about how to build cybersecurity defenses."

--------

Related Links:

* Synack.com

* https://www.synack.com/lp/cloud-security-solutions/

*https://twitter.com/AlyssaM_InfoSec?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor

* https://alyssasec.com/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Why you should listen:

* Learn how to build an effective cybersecurity culture within your organization.

* Get the inside scoop on the security precautions that Google takes with its physical data center.

* Hear about what Google is doing to overcome misperceptions about cloud security.

* Figure out how to conduct security postmortems the Google way. 

* If you don't know about the "pancake principle," you'll find out why it matters, and how it can work for you.

Key Quotes:

* "It's become really clear that remote work will be a very defining characteristic of the new normal and modernizing security is going to be imperative."

* "Our teams are really horrified by network-based security because network-based security is hackable, even with two factor authentication."

* “It's all about empowering [users] so that they can be the ones to flag suspicious activity, websites, and phishing in emails."

* "Being in Silicon valley, we're often in a bubble where we assume that a lot of people already understand the value of [the cloud] and how it can actually increase your security posture overall."

* "It's all about blameless postmortems and a blameless culture. No pointing fingers. If something goes wrong, it's all about how can we improve it."

Related Links:

* Synack.com

* https://www.synack.com/lp/cloud-security-solutions/

* https://twitter.com/stephr_wong

 * https://bit.ly/2Vkckh5 (Stephanie’s Youtube Page) 

* https://www.stephrwong.com/about

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

--------

Why you should listen:

* Hear from one of the smartest and most engaged technologists today on how technology can be used both for malicious purposes or for good.

* Consider how bias can be built into code and have real-world implications. 

* Listen to Cory’s view on tech monopolies and his proposals for reversing their power over users and the internet more broadly.

* Better understand why independent security research might seem counterintuitive to many people. 

* Hear the author of one most influential cyberpunk series discuss the origins of his latest book, Attack Surface.

--------

Key Quotes:

* “Wishful thinking isn’t going to solve real-world technical security issues.”

* “It’s so important that we build safeguards against our own frailty.”

* “Tech has become a kind of dangerous monoculture ...technologically dangerous because a breach or a defect in a system has consequences for hundreds of millions, if not billions of users.”

* “Monopoly is a really bad tool for protecting privacy because monopoly only protects privacy where privacy is in the interests of the monopolist.”

* "We should hold everyone to account for being good privacy actors by having a privacy law -- a real, no fooling privacy law."

* "One of the things that we need to take consideration of is that the security apocalypse is here. It's just not evenly distributed."

--------

Related Links:

* Synack.com 

* https://www.linkedin.com/company/synack-inc-

* https://twitter.com/synack

* https://craphound.com/

* https://pluralistic.net/

* https://twitter.com/doctorow

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

---------

Why you should listen:

* Get a fresh perspective on some of the biggest risks to the global web: unchecked algorithmic bias, the risk of attacks on massive CDNs, and the growing internet fragmentation.

* Consider some of the boldest ideas from one of the sharpest thinkers when it comes to how policymakers can make fundamental changes to protect the internet.

* Hear Nick’s take on why art matters in cybersecurity -- and why stereotypical images of hackers in hoodies harm the public’s perceptions of information security. 

* Learn more about Fairness, Accountability and Transparency in Machine Learning and the growing movement to look more critically at the hidden algorithms that control the internet and much of technology today. 

* Consider how ransomware takedowns and other large-scale cyberattacks such as Colonial Pipeline erode public trust in technology.

* Get a better understanding of why diversity in the cybersecurity industry matters when it comes to identifying real-world threats.

---------

Key Quotes:

* “That power over the internet is like a huge strategic asset for the U.S. It's analogous to controlling global trade.”

* “Imagine a Stuxnet level attack on Cloudflare.”

* “I would nationalize Cloudflare. I would make it like a national publicly-run utility company.”

* “This word ‘hacker’ got so diluted. It means different things to different people. And it became this totally useless way for describing what's actually happening in security.” 

* “The future of cybersecurity … is the future of machine learning.”

* “The real risk of ransomware is just that it freaks people out.” 

---------

Related Links:

* Synack.com

* https://nickmerrill.substack.com/about

* iSchool (Berkeley) Bio

* https://www.synack.com/lp/enterprise-security-testing-101

* https://cltc.berkeley.edu/

* https://daylight.berkeley.edu/

* https://www.codedbias.com/

* https://www.fatml.org/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

--------

Why You Should Listen:

Hear about Ryan’s approach to hacking the fiction writing process.

* Get the inside story of how working in tech support informed Ryan’s career in cybersecurity. 

* Nerd out on nostalgia about the nineties tech scene.

* Pick up tips for developing your creative voice.  

* Get tips for how you can help spread a culture of good security hygiene. 

--------

Key Quotes:

* “I’m a technical person, therefore I create.” 

* “I need a computer but why? I want to get online, but why? Everyone knew they needed it and wanted it but they didn’t know why.”

* “The people who know and understand what it means to keep things secure... It’s incumbent upon them to pay if forward as much as possible.” 

* “Security back in the 90s.. your death was going to come from a swift sledgehammer to the head...now it’s death by a thousand cuts from a million different websites.” 

--------

Related Links:

* Synack.com

* https://www.synack.com/lp/enterprise-security-testing-101/

* Forkthislife.com

* https://twitter.com/ryanrutan

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

----------

Why You Should Listen:

* To better understand the value of gender diversity in cybersecurity.

* Learn how to create trauma-informed programming that builds trust and understanding.

* Discover how you can help develop new pathways for underrepresented cybersecurity talent.

* Hear Lauren’s take on how identity can inform security decisions.

----------

5 Key Quotes:

* “Everyone’s identity has a place in a discussion about national security because it's the most consequential field in the world.”

* “What we are seeing in in our country is evidence of how long it takes to uproot any kind of systemic discrimination.”

* “We are cultivating a generation of girls and women who will hopefully be more well represented in the short, near and long term and we hope that that results in more equitable national security policies of which cyber is so crucial”

* “Girls and women from childhood live in a world in which they are taught to fear everything … and we do a really good job at keeping ourselves secure.”

* “We don't know what a national security field would look like where there's gender parody. What would national security look like if women were co-equally represented? I want to see what that world looks like.”

----------

Related Links:

* Synack.com  

* https://www.synack.com/were-in-synack-podcast/

* https://www.girlsecurity.org/about

* https://www.linkedin.com/in/lauren-bean-buitta/

* https://www.synack.com/trust-report/

* https://www.synack.com/lp/enterprise-security-testing-101/

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

-------

Why you should listen:

* Get inside the head of one of the most provocative and interesting cybersecurity influencers today.

* Hear about her work with federal agencies to help secure the future of transportation.

* Learn more about the urgent need for better Application Programming Interface (API) security.

* Get new insights into the growing threat to health care organizations and financial institutions.

* Hear Alissa’s take on how cybersecurity companies can improve their approach to content and marketing.

-------

Key Quotes: 

* “I care more about the adversary that can hack my car from her living room. I care more about the hacker that can take remote control of my car that I'm driving around in my family with, from anywhere.”

* “Okay. Yes. I can take remote control of this vehicle. I can move the steering wheel. I can push the brakes.”

* “You would be shocked if I told you how endemic [it is in] the industry to hard-code not only tokens, keys, and credentials like usernames and passwords and to apps for their own APIs, but also third-party APIs like payment processors.”

* “The plumbing for our entire financial system and healthcare system is APIs...that data is worth more than oil, right? So hackers are shifting their attention to hacking APIs.”

-------

Related Links:

* Alissa Knight’s Twitter: @alissaknight 

* Knight Ink Media: ​​https://knightinkmedia.com/

* Alissa Knight’s Website: https://www.alissaknight.com/

* Official Trailer: Law Enforcement Vehicle Hack: https://www.youtube.com/watch?v=Soj3P3S3i_o

* Synack Website: Synack.com 

* Synack Trust Report: https://www.synack.com/trust-report/

* Jeremiah Roe’s Twitter: ​​@c1ph3rflux

* Bella DeShantz-Cook’s Twitter: @bellarosedc

* Black Hat Events: https://go.synack.com/black-hat-events-2021

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

• Hackers are targeting critical infrastructure and there’s an urgent need for smarter cybersecurity defenses to protect Operational Technology. 
• The best practices to defend against attacks on utilities.
• Why there is no such thing as “taking down the whole US grid.”

Five Key Quotes: 

• “How can you secure what you don’t even know you have? If you don’t even know what you have down to some level of detail...you’re not going to be in a good position to defend it.”  - Andy Bochman 
• “The most senior person with the word cyber in their title ideally is at least at the VP level.” - Andy Bochman 
• “You have to not only understand how the attacker can gain access to your network but ultimately gain access to the accounts that are most valuable – where are those crown jewel accounts?” - Sarah Freeman
• “IT and OT needs to be merged …the problem is cyber is here to stay and everybody needs to take part in this security process.” - Sarah Freeman
• “The government is most interested in who conducted the attack... The fact that there are two parties here with differing interests is a core issue.” - Sarah Freeman

Related Links:

• Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE) 1st Edition
• https://hbr.org/2018/05/internet-insecurity
• https://medium.com/cxo-magazine/the-missing-chief-security-officer-11979a54fbf9
• https://www.synack.com/
• LinkedIn: 
  • Andy Bochman
  • Sarah Freeman
• Twitter:
  • @andybochman

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

We launched WE’RE IN! to tell those stories. You'll hear directly from hackers, security pioneers and technologists working in the trenches of cybersecurity. They’ll share their strategies, tactics and solutions for today's tough problems. We'll also go inside the cybersecurity community to talk about the issues and challenges in the industry. You'll hear from some of the most prominent, interesting and provocative people in the field about their journeys in this community, and what it’s like on the inside.

WE'RE IN! is for anyone who cares about cybersecurity. It’s for anyone who wants to go beyond the headlines. It’s for anyone who wants to drive change. We're all facing the cybersecurity dilemma together -- and together we can solve it. Join the conversation on WE'RE IN!

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.