Cyber Security Interviews – Details, episodes & analysis

This is the 5th part of the podcast's return after a brief hiatus. 

Daniel Ayala continues his interview of me. In this fifth part, we will discuss the start-up resources we provided in our Hang Out A Shingle presentation, what I am doing with Accel Consulting, selling to CISOs, tips to avoid when presenting cyber services, the selling to CISOs Master Class we are developing, and so much more!

This is the 4th part of the podcast's return after a brief hiatus. 

Daniel Ayala continues his interview of me. In this fourth part, we will discuss my first forensic litigation case, the importance of data governance, the myth of cyber, why I am tired of cybersecurity conferences, and so much more!

Sara Avery is a Regional Sales Manager at Zscaler. She has held various positions over the past 20 years in the Information Technology field and discovered her passion for information security 15 years ago. Her career has largely been spent in sales and account management with a laser focus on my customer's success. Sara's tenured experience in cybersecurity has given her a strong understanding of the complex technology and intelligence required to keep enterprises secure.

From a young age, she was raised to be a strong female and leader. Her mother, along with other trailblazing women, campaigned to start the Equal Rights Amendment in Colorado in the early 1970s. With a passion for helping others, Sara wanted to start a group that would help, mentor, learn and guide women and founded Women in Cyber Security, ISSA Denver. Her vision was to find a way to inspire and support women in all areas of information security, as well as develop and mentor the younger female generation for the future of the dynamic and ever-changing world of information security.

In this episode, we discuss her early start with Y2K, why she helped start Women In Security with the Denver ISSA chapter, the evolution of communications with workstyles, getting young girls into STEM, how she is championing equality at work, dealing with gaslighting, mansplaining, and microaggressions, removing the stigma of "the hacker," and so much more!

Where you can find Sara:

• LinkedIn
• Women In Security - ISSA Denver

Lance Spitzner is the Director of the SANS Security Awareness program. Lance has over 20 years of security experience in cyber threat research, awareness, and training.

He invented the concept of honeynets, founded the Honeynet Project, and published three security books. Lance has worked and consulted in over 25 countries and helped over 350 organizations plan, maintain, and measure their security awareness programs. In addition, Lance is a member of the Board of Directors for the National Cyber Security Alliance, frequent presenter, serial tweeter, and works on numerous community security projects. Before working in information security, Lance served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois.

In this episode we discuss moving from technical to human security controls, designing a effective security awareness program, changing human behavior, metrics to use in awareness programs, what is different with IoT and security, the 2017 SANS Security Awareness report, picking organizational leads for training programs, and so much more.

Where you can find Lance:

• LinkedIn
• Twitter
• Blog
• Securing the Human
• OUCH! Newsletter

Casey Ellis is founder and CEO of Bugcrowd. He started life in infosec as pentester, moved to the dark side of solutions architecture and sales, and finally landed as a career entrepreneur. He’s been in the industry for 15 years, working with clients ranging from startups to government to multinationals, and awkwardly straddles the fence of the technical and business sides of information security.

Casey pioneered the Bug Bounty as-a-Service model launching the first programs on Bugcrowd in 2012, and has presented at Blackhat, Defcon, Derbycon, SOURCE Boston, AISA National, and many others. He is happy as long as he's got a problem to solve, an opportunity to develop, a kick ass group of people to bring along for the ride, and free reign on t-shirt designs.

In this episode we discuss fixing the Internet, bug bounty programs, designing software with security in mind, IoT security, changing security training and recruitment, responsible disclosure, entrepreneurship and starting a company, and so much more.

Where you can find Casey:

• LinkedIn
• Twitter
• Blog

Rob Reck and Alex Wood are both seasoned security professionals in the Denver, CO area and hosts of their own podcast, Colorado = Security.

Rob is the Chief Information Security Officer at Ping Identity. In addition to his job at Ping Identity, Robb is an active member of the Colorado security community. In early 2017 he co-founded the Colorado = Security podcast with Alex. Robb serves on the board for the mountain region’s largest security conference, Rocky Mountain Information Security Conference and he recently ended his term as President of ISSA Denver, the largest ISSA chapter in the world.

Alex is the Chief Information Security Officer for Pulte Financial Services and has over 18 years of experience in information security. Previously he has had managerial, program, and technical roles at several major companies in different verticals. Additionally, Alex has served on the Board of Directors for ISSA International and is a host of the Colorado = Security podcast. Alex is a CISSP and has a MAS in Information Security from the University of Denver.

In this episode we discuss volunteering in the cyber security community, the local Denver security community, security leadership, recruiting outside of traditional, the importance of IR planning, selling security within an organization, and so more.

Colorado = Security Website

Where you can find Rob:

• LinkedIn
• Twitter
• Blog

Where you can find Alex:

• LinkedIn
• Twitter

This is another short podcast before we get back into full interviews next week.

In this episode, I explore the concept of Independence. In the US, this week we are celebrating Independence Day. This got me thinking about what that means in my business experience. I wanted to share a few observations for those who are thinking about going out on their own either as an independent contractor or to start their own business.

Please take a listen and let me and other listeners know of any tips or experiences you may have had if you were working independently or started a business.

Also, go back and listen to episodes with David Cowen and Hal Pomeranz. Both have taken the independent route and have shared advice in their episodes.

I hope everyone celebrating July 4th has a safe and fun holiday. Please subscribe so you don't miss any episodes. Next week, we are back to interviews with leaders and experts in cyber security.

So many of you are wondering why the break in Cyber Security Interviews.

There is a bit of a story that goes along with it. I wanted to share this story because I think sheds light into life and career changes that others can learn from. Sharing stories on careers and challenges is a big part of this podcast. Many people can feel alone in their cyber security journeys and I some of the struggles that I have been going through lately can allow those going through their own challenges feel connected and hopefully cope with uncertainty.

I know there are others out there that have gone through some major life and career challenges. Know you are not alone, and you can get through it.

So the podcast is firing back-up. Look for some great interviews in the coming weeks. I greatly appreciate all of the listener support and feed back I receive. It has definitely helped me recently.

So please take a listen to this episode and stay tuned for the next round of episodes!

Alex Kreilein and David Odom are both Managing Partners at SecureSet Accelerator. SecureSet is a Denver, CO based firm which is a startup accelerator (SecureSet Accelerator) taking on the lack of novel and quality products in the information security field.

In addition to overseeing the SecureSet Accelerator, Alex is also the Cofounder of SecureSet and the companies former CTO. He served as a Tech Strategist for the Department of Homeland Security, Guest Researcher to the National Institute of Standards and Technology, and Legislative Assistant to the US Congress. He served on the Integrated Task Force for the NIST Cybersecurity Framework and serves on the board of a number of security startups. Alex has an M.S. from CU Boulder School of Engineering and Applied Science and an M.A. from the US Naval War College. He is a Fellow with the New America Foundation’s Cybersecurity Initiative and was a speaker at DEFCON 2016.

David is a Managing Partner of the SecureSet Accelerator, focusing on Venture Operations. David spent the past 20+ years engaged with leading edge startups, vibrant thought leaders, and imaginative technologists. He remains active as an advisor and mentor for early stage cyber security startups and university systems.

In this episode we discuss investing in cyber security companies, tips for starting a new company, how to make better information security products, cyber security education that works, the machine learning and AI buzzwords, Denver, CO's growing cyber security community, how the government can help improve cyber security, and so much more.

Where you can find Alex:

• LinkedIn
• Twitter
• SecureSet Blog

Where you can find David:

• LinkedIn
• Twitter
• SecureSet Facebook

Troy Hunt is an internationally recognized cyber security researcher, speaker, blogger, and instructor. He is the author of many top-rating security courses for web developers on Pluralsight and is a Microsoft Regional Director and a six time Microsoft Most Valued Professional (MVP) specializing in online security and cloud development.

Prior to becoming an independent security consultant, Troy worked at Pfizer with the last seven years being responsible for application architecture in the Asia Pacific region. This time spent in a large corporate environment gave him huge exposure to all aspects of technology as well as the diverse cultures his role spanned. Many of the things he teaches in post-corporate life are based on these experiences, particularly as a result of working with a large number of outsourcing vendors across the globe.

Troy is most famously know for creating the the Have I been pwned? (HIBP) website, a free service that aggregates data breaches and helps people establish if they've been impacted by malicious activity on the web. As well as being a useful service for the security community, HIBP has given him an avenue to ship code that runs at scale on Microsoft's Azure cloud platform. Troy has been featured in a number of articles with publications including Forbes, TIME magazine, Mashable, PCWorld, ZDNet and Yahoo! Tech.

In this episode we discuss teaching developers security, learning on your own, becoming an instructor, cyber security in enterprise organizations, budgeting for security, building a personal brand, and so much more.

Where you can find Troy:

• TroyHunt.com
• LinkedIn
• Twitter
• YouTube
• Pluralsight
• Have I been pwned?