Dive into the complete episode list for Cyber Work. Each episode is cataloged with detailed descriptions, making it easy to find and explore specific topics. Keep track of all episodes from your favorite podcast and never miss a moment of insightful content.
Rows per page:
50
1–50 of 375
Title
Pub. Date
Duration
Honing your security manager soft skills on the job | Guest Cicero Chimbanda
09 Sep 2024
00:15:02
Today, on Cyber Work Hacks, my guest, Infosec Skills author Cicero Chimbanda, gave us a Hack involving the role of Cybersecurity Manager. Studying security management techniques academically is one thing, but how do you develop your security manager skills ON THE JOB? Cicero has many insights, and we talk a bit about the importance of rapport and understanding between different generations of security professionals.
0:00 - Cybersecurity manager soft skills 2:30 - Most important cybersecurity manager soft skills 7:02 - Infosec's soft skills platform 8:45 - Continous learning advice for security managers 12:12 - Security manager soft skill mistakes 14:12 - Outro
About Infosec Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.
One thing a cybersecurity manager should know | Guest Cicero Chimbanda
02 Sep 2024
00:12:19
Infosec Skills author Cicero Chimbanda discusses the role of the cybersecurity manager. Our focus is the one thing Chimbanda wishes he had known before he became one! I’ll leave it at that and let him tell his story because it’s a good one.
0:00 - What to know as a cybersecurity manager 3:26 - One thing to know about being a security manager 7:00 - Craft your cybersecurity manager role 9:09 - Cybersecurity management advice 10:45 - What is Infosec Skills 12:21 - Outro
About Infosec Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.
Using the CEH to create an ethical hacker career path
11 Jul 2024
00:16:19
Infosec and Cyber Work Hacks are helping train the red teamers and blue teamers of tomorrow with our boot camps and study materials for the CEH exam. But how does ethical hacking proficiency translate into a satisfying career? Infosec’s CEH boot camp instructor Akyl Phillips has plenty of strategies to help you get focused and stay focused on your studies, some excellent tips for keeping on top of the latest security changes and innovations, and how you’re going to push past uncertainty and into the work of putting one foot in front of another in your quest to become a bona-fide, in-demand ethical hacker! Keep the enthusiasm up when you check out today’s Cyber Work Hack.
0:00 - Ethical hacker career 1:57 - Testing for the CEH certification 2:55 - Career paths to pursue with CEH certification 5:08 - Working in pentesting or ethical hacking 7:55 - Unglamours side of ethical hacking 9:49 - How to keep up with new tech 11:39 - Switching careers to ethical hacking 12:45 - Preparing for a CEH role interview 13:23 - Don't fear a cybersecurity career 15:03 - Outro
About Infosec Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.
Cybersecurity public speaking techniques | Guest Lisa Tetrault
24 Oct 2022
00:39:53
Lisa Tetrault of Arctic Wolf talks about the adhesives that hold cybersecurity together: communication, collaboration and strong teamwork. First, Tetrault discusses how public speaking at conferences and events made her a better cybersecurity professional; second, she talks about how her work mentoring cybersecurity students helps them fast-track their way into the cybersecurity community; and third, with her work in organizations with Women in Cyber and siberX, she helps bring diverse cybersecurity professionals into the community, build stronger, more multi-faceted teams, and with them, a more multi-faceted face of the industry!
0:00 - Public speaking in cybersecurity 3:17 - Getting into cybersecurity via Atari 4:59 - Network analyst to technician and more 9:10 - Cybersecurity public speaking 19:30 - How to promote yourself as a speaker 22:27 - Learn how to speak in cybersecurity 25:25 - Mentoring cybersecurity students 32:30 - Gender diversity in cybersecurity 36:14 - Where cybersecurity fails job mobility 38:29 - Cybersecurity diversity initiatives in 10 years 39:17 - Learn more about Lisa Tetrault 40:04 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Digital identity and cybersecurity are inseparable | Guest Susan Morrow
17 Oct 2022
00:49:14
Susan Morrow returns for her fourth time on the Cyber Work Podcast and the first since 2019. Morrow, simply put, is plugged into every aspect of digital identity currently being discussed, and she takes us deep into the security, ethical, practical and UX hurdles of current identity practices and gives us both an optimistic and pessimistic version of the digital identity practices in 10 years.
0:00 - Digital identity 3:00 - Current digital identity concerns 7:07 - Complicating digital identity 8:22 - Digital identity and daily work 13:00 - Secure coding 14:03 - Biggest problems in identity 20:54 - Competing identity systems 24:50 - How identity affects other areas 28:52 - The tech and processes of identity 30:04 - Identity in the next decade 34:24 - Jobs in identity 40:00 - Identity evangelist 42:20 - Women in identity 45:-02 - What is Avoco Secure? 47:28 - Learn more about Susan Morrow 48:40 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Bad data privacy protocols can become an identity fraud disaster | Guest Stephen Cavey
10 Oct 2022
00:43:59
Stephen Cavey, co-founder and chief evangelist of Ground Labs, talks about the jagged jigsaw puzzle of data collection, data privacy and the dozens — if not hundreds — of privacy regulations and frameworks that govern them. Cavey and I talk about the bad old days of indiscriminate data collecting and grossly insecure payment process. We also address the places where the privacy experts of the future will shape the use and protection of personal data in all industries.
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
0:00 - Bad data privacy protocols 2:36 - How Stephen Cavey got into cybersecurity 4:55 - Shifting into cybersecurity privacy 8:30 - Business hurdles in cybersecurity 13:10 - Why do companies store my data? 20:20 - Breaking cybersecurity privacy law 25:45 - International privacy laws 28:07 - A universal privacy doctrine 31:30 - Principles for collecting user data 34:22 - Skills for working in data privacy 37:44 - Data privacy officer work 39:25 - The future of data collection and privacy 42:08 - What is Ground Labs? 43:30 - Learn more about Cavey and Ground Labs 43:43 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Privacy and international business | Guest Noriswadi Ismail
03 Oct 2022
00:45:39
Noriswadi Ismail of Breakwater Solutions and the Humanising 2030 campaign joins us to talk about privacy as it pertains to international business, cybersecurity and why it’s important not just to learn the certification variants but also the cultural variants that shape them. And via the Humanising 2030 campaign, Noriswadi and colleagues hope to bring a more ethical and diverse approach to programming and guiding AI in the coming decade.
0:00 - Privacy and international business 2:53 - Noriswadi's first interest in tech 6:38 - A path toward patent law 11:32 - Managing director at Breakwater 16:05 - State of international security and risk plans 18:52 - Certifications internationally 22:58 - Experience versus certification 25:40 - Humanising 2030 29:24 - AI bias and geopolitical impact 32:30 - Diversity and including in cybersecurity 38:23 - Other goals of Humanising 2030 41:22 - What is Breakwater Solutions? 44:44 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Attack surface managers and the state of attack surfaces | Guest Dave Monnier
26 Sep 2022
00:48:28
Dave Monnier of Team Cymru talks about the state of attack surfaces, the strengths and shortcomings of attack surface managers and why something we refer to as a “soft” skill might be the hardest skill of all! Plus, we touch on shadow IT.
0:00 - Attack surfaces 2:55 - Dave Monnier's first interest in cybersecurity 7:30 - Instinctual cybersecurity learning 9:20 - Monnier's work as a chief evangelist 14:00 - Cybersecurity soft skills 16:30 - What are attack surface managers? 28:25 - ASM 1.0 to ASM 2.0 32:22 - State of attack surfaces 34:58 - Asset infrastructure in your business 40:00 - Key skills cybersecurity novices need 43:07 - Learning in cybersecurity 45:42 - Learn more about Team Cymru 47:19 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
The importance of API security and PII | Guest Giora Engel
19 Sep 2022
00:33:38
Today on Cyber Work, Giora Engel of NeoSec talks about securing APIs. Find out why APIs are the new network, why their very nature makes them vulnerable to abuse and how to position yourself as an authority in the ever-growing field of API security. All that and a little entrepreneur talk.
0:00 - API security and PII 2:40 - Giora Engel’s cybersecurity beginning 4:20 - Israeli Defense Force and CEO of NeoSec 5:22 - Starting a cybersecurity company 9:20 - What is API security? 13:15 - Misconfiguration errors in API 17:21 - API and privacy regulation 20:02 - How to work in API security 22:06 - Security plan for PII 24:44 - Skills and experience needed to work in API security 27:10 - API hiring practices 28:58 - Fragility of API 31:07 - What is NeoSec? 32:35 - Learn more about NeoSec and Engel 32:55 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Corporate data breaches and security awareness training | Guest Mathieu Gorge
12 Sep 2022
00:42:28
Mathieu Gorge of VigiTrust talks about the Marriott Hotel data breach that happened back in June, including the facts of the event and why once-per-year security awareness training isn’t enough when many employees only work seven months of the year. He also offers some privacy tips that will keep your hotel system privacy compliant under a whole host of different compliance frameworks.
0:00 - Security awareness and data breaches 2:50 - Elephant in the boardroom book 5:42 - Gorge's latest projects and book 9:38 - Hacking of the Marriott Hotel 19:22 - Marriott's privacy and data collection policies 23:20 - Ensuring data privacy worldwide 30:13 - How hotel franchises handle security 34:32 - Skills needed for securing the hotel industry 38:12 - What is DigiTrust? 41:20 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Overcoming challenges to build a cybersecurity career | Guest Dr. Chanel Suggs
29 Aug 2022
00:48:05
Today's Cyber Work Podcast features Dr. Chanel Suggs, the Duchess of Cybersecurity®. Dr. Suggs is a teacher, business owner and thought leader and has appeared on TV and podcast platforms around the world to talk about cybersecurity and the hacker mentality. She also had an incredibly challenging and seemingly insurmountable upbringing. Her tumultuous story can be found in her book, “Against All Odds: Overcoming Racial, Sexual and Gender Harassment on the Digital Battlefield.” This episode contains a lot of heartbreak and some challenging stories, as well as incredible insights and some thoroughly important takeaways.
0:00 - Free cybersecurity training resources 0:56 - Overview of today's episode 1:58 - Who is Chanel Suggs, the Duchess of Cybersecurity? 3:12 - Overcoming family obstacles 4:50 - What drew her to a career in cybersecurity 8:10 - First steps to learning IT and cybersecurity 10:45 - Earning cybersecurity certifications 12:20 - Making a cybersecurity training "dungeon" 14:40 - Workplace abuse and harassment 18:28 - Issues with hiring diverse candidates 22:23 - What is Wyvern Security? 27:25 - Changing the workplace culture 32:47 - Social media is key to finding diverse candidates 36:55 - Preventing burnout with employees 40:10 - Advice on earning advanced degrees 42:03 - Contract work vs. full-time employee 43:34 - Free resources and services 44:52 - What's Chanel Suggs book about? 47:48 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
What's it like to work in emergency response? | Guest Christopher Tarantino
22 Aug 2022
00:44:46
Learn all about emergency response — and the myriad techniques and skills that term implies — in today's episode featuring Christopher Tarantino, CEO of Epicenter Innovation. Is there a physical security component? Yes! Is there a cybersecurity component? Big time! Is there an educational element? Absolutely! Find out how disaster planning, preparation, remediation and post-event rebuilding and improvement are all opportunities to strengthen your security posture.
0:00 - Free cybersecurity training resources 0:56 - Overview of today's episode 1:47 - Who is Christopher Tarantino? 3:25 - What does an emergency response team do? 4:38 - Resilience in emergency response 7:45 - Importance of boring innovation 9:30 - Higher ed emergency response example 13:13 - Healthcare, higher ed and government resilience 16:00 - Years-long education around disasters 21:03 - Biggest cybersecurity blind spots 25:00 - Skills required for emergency response careers 30:00 - Importance of communication across community 35:50 - Transitioning careers from cybersecurity to emergency response 44:10 - Learn more about Epicenter Innovation 44:35 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Securing operational technology: ICS, IoT, AI and more | Guest Francis Cianfrocca
15 Aug 2022
00:53:08
If you want to learn more about working with operational technology (OT) and internet-connected devices, then don't miss today's episode with Francis Cianfrocca, CEO of Insight Cyber Group. He discusses security problems around OT and IoT systems and shares some surprising stories of intruders in the electrical grid. He also talks about why it’s so hard to secure a set of machines that often pre-date computer technology and the small changes in your community that can make huge differences in the entire security industry.
0:00 - Free cybersecurity training resources 0:56 - Overview of today's episode 1:48 - Who is Francis Cianfrocca and Insight Cyber? 2:15 - Getting into tech and cybersecurity 4:13 - Francis' job roles and companies 5:22 - Early days of ICS systems security 10:15 - CEO duties at a cybersecurity startup 12:19 - Why is infrastructure security so bad? 16:05 - Different approaches needed for ICS and IOT systems 20:23 - Catching intruders early on with industrial systems 22:45 - Using artificial intelligence in ICS security 24:50 - Bad actors are really good at reconnaissance 27:20 - ICS and IOT environments cannot have downtime 30:00 - Asset and behavioral inventory is difficult 31:42 - Real-world examples of rogue ICS software 36:30 - ICS vs. IOT security 42:57 - How to promote industrial security careers 46:07 - Impact of AI on cybersecurity careers 48:40 - Preparing for an ICS cybersecurity career 51:07 - What's Insight Cyber working on? 52:45 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Why is Log4J still so successful? | Guest Etay Maor
08 Jul 2024
00:56:29
Today on Cyber Work, I talked with Etay Maor, Chief Security Strategist with Cato Networks. Etay is a founding member of the Cato Cyber Threats Research Lab, or CTRL — see what they did there? — and he joins me to talk about their first CTRL report on attack patterns and methods. We’re going to talk about the most common attack vectors, why Log4J still rules the roost even against newer and flashier exploits, and we go deep into the many paths you can take to become a threat researcher, threat analyst, reverse engineer, and lots more. That’s all on today’s episode of Cyber Work!
0:00 - Intro 4:10 - First interest in cybersecurity and tech 5:15 - Becoming chief security strategist 8:15 - Working in cybersecurity project management 12:07 - Hacker targets and AI 15:04 - The dark web and security access 16:03 - The CTRL report in brief 20:23 - Health care cybersecurity 22:49 - Different cyberattacks in different industries 25:10 - Using security tools as a gateway 27:03 - AI-enabled cyberattacks 33:14 - Careers as a cybersecurity threat researcher 36:09 - Figuring out where to specialize in cybersecurity 41:31 - Important cybersecurity skills and experience 45:58 - Hiring in cybersecurity 49:30 - Future changes in AI and cyber tools 55:38 - What is Cato Networks? 57:13 - Outro
About Infosec Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.
Cybersecurity project management: A peek behind the curtain | Cyber Work Live
08 Aug 2022
01:01:52
Last year, Cyber Work Live brought you into the world of cybersecurity project management — with tips for acquiring your skills, improving your resume and getting your foot in the door. But what does the day-to-day work of cybersecurity project managers look like?
Jackie Olshack and Ginny Morton return to answer that question. They’ll also share experiences they’ve gained while working on some of their biggest projects!
0:00 - Intro 0:50 - Who is Jackie Olshack? 1:24 - Who is Ginny Morton? 2:52 - Can non-technical PMs move into the tech space? 8:50 - Best way to manage projects with limited resources 13:30 - What certificates are needed for project management jobs? 18:52 - How do you kick off a cybersecurity project? 28:41 - How do you keep the project on schedule? 34:15 - Tips for networking in remote working situations 36:55 - Dealing with slowdowns and delays in projects 43:35 - Importance of a supportive environment in projects 47:40 - Dealing with delays from other teams in projects 50:35 - Tips for managing multiple projects at once 55:35 - How can teams support their project manager 56:35 - Transitioning into a cybersecurity career 59:00 - Outro and Infosec Skills giveaway
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
OWASP Top 10: What cybersecurity professionals need to know | Guest John Wagnon
01 Aug 2022
00:39:08
On today's episode, our old pal John Wagnon, Infosec Skills author and keeper of the secrets of OWASP, joins me to talk about the big changes in the OWASP Top 10 that happened at the end of 2021, his own class teaching the Top 10, and some job tips, study hints and career pivots for people interested in these vulnerabilities. Find out why access managers are going to rule the world someday!
0:00 - Free cybersecurity training resources 0:56 - Overview of today's episode 1:43 - Who is John Wagnon? 2:50 - Working in cybersecurity and teaching OWASP 4:18 - What is the OWASP Top 10? 7:51 - How did the OWASP Top 10 change in 2021? 15:48 - Why do these security issues never go away? 19:06 - Cybersecurity roles using the OWASP Top 10 23:43 - What's covered in John's OWASP Top 10 courses? 26:42 - How to get hands-on cybersecurity experience 30:24 - Vulnerability-related cybersecurity career paths 34:16 - What is John working on with Infosec and Fortinet? 35:37 - Using your career as a learning opportunity 37:16 - Learn more about John Wagnon and OWASP 38:30 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Your personal data is everywhere: What can you do about it? | Guest Mark Kapczynski
25 Jul 2022
00:44:37
Today on the Cyber Work Podcast, Mark Kapczynski of OneRep reminds us of an awful truth most people either don’t know or don’t like to think about. Your personal information — your address, your phone number, your age — all of these things are on the public internet! Mark talks about OneRep’s mission to scrub personal information from these sites, suggests changes that could help prevent this problem, and shares ways you could base a career in this fight for data privacy and autonomy. All that and a detour into grade-school home computer shenanigans on today's episode.
0:00 - Free cybersecurity training resources 0:56 - Overview of today's episode 1:50 - Who is Mark Kapczynski? 2:44 - Data breaches are a way of life 3:36 - Getting started in IT and cybersecurity 5:41 - Helping the film industry go digital 7:31 - Transitioning industries from paper to digital 9:53 - What types of personal data are on the internet? 12:40 - How people search sites sell PII and make money 14:50 - How to get personal information removed from sites 18:07 - What type of services does OneRep offer? 19:19 - How is public personal data used in cybercrime? 23:01 - How can consumers limit personal data exposure? 26:38 - Regulatory changes needed to protect personal data 29:00 - Who owns your personal data? 30:55 - Web 3.0, smart contracts and other tech needed 33:58 - Jobs and careers related to data privacy 36:38 - Every professional needs to understand data 39:50 - What makes a data professional's resume stand out? 41:50 - What is OneRep? 44:30 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Keeping your inbox safe: Real-life BEC attacks and email fraud careers | Guest John Wilson
18 Jul 2022
00:42:34
Today's episode is all about email fraud. John Wilson, head of the cyber intelligence division at Agari by HelpSystems, discusses Business Email Compromise (BEC), spearphishing, whaling, romance fraud and more. If you can name it, John’s studied it. And he's likely collected intel that’s managed to freeze cybercriminals’ assets — and even put them away. He gives career tips and advice for engaging in threat research at all levels, we discuss the pyrrhic victory that is the modern spam filter, and John tells me why BEC fraud hunters’ best asset is a degree in psychology! All that and loads more, today on Cyber Work!
0:00 - Free cybersecurity training resources 0:58 - Overview of today's episode 1:58 - Who is John Wilson? 3:02 - Getting into cybersecurity 4:58 - How spam has evolved over the years 8:12 - Why pursue a career in fraud? 11:10 - 3 primary vectors for email attacks 15:20 - Is BEC ever an insider threat? 16:16 - Is education making a difference on BEC attacks? 20:55 - Tracking down BEC actors and recovering assets 23:50 - Two angles to preventing BEC attacks 29:12 - Careers related to BEC and phishing prevention 34:42 - How to gain cybersecurity experience and get hired 37:25 - Agari and email fraud protection 42:16 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Cybersecurity has a marketing problem — and we're going to fix it | Guest Alyssa Miller
27 Jun 2022
00:56:22
On today's episode, we're breaking down phrases you've heard a million times: “security is everyone’s job,” “humans are the weakest link in the security chain,” “it’s not if you get breached, but when.” Returning guest Alyssa Miller drills into these comforting nostrums and explains why, even when they’re used for well-intended purposes, they often act to limit the conversation and the options, rather than address the hard work needed to overcome these evergreen problems. You’re not going to want to miss this one, folks! It’s all that, plus a little bit of book talk, today on Cyber Work!
0:00 - Intro 1:38 - Alyssa's tweet that inspired this episode 4:00 - Why you need to read the Cybersecurity Career Guide 9:10 - Cybersecurity platitudes and clichés 11:30 - Cliché 1: "It's not if you get breached, but when" 18:44 - Cliché 2:"Just patch your shit" 24:58 - Cliché 3: "Users are the weakest link" 32:34 - Cliché 4: "Security is everyone's job" 35:52 - Cliché 5: What is a "quality gate"? 44:14 - Cliché 6: "You just need passion to get hired" 48:14 - How to write a better cybersecurity job description 50:15 - Business value of diversity and inclusion 52:52 - Building a security champions program 55:12 - Where can you connect with Alyssa Miller? 56:44 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
What does a secure coder do? | Cybersecurity Career Series
20 Jun 2022
00:20:56
Secure coders are responsible for developing and writing secure code in a way that protects against security vulnerabilities like bugs, defects and logic flaws. They take proactive steps to introduce secure coding methodologies before the application or software is introduced into a production environment, often following recommendations from the Open Web Application Security Project (OWASP) Foundation.
0:00 - Intro 0:25 - What does a secure coder do? 5:48 - How do you become a secure coder? 9:46 - What skills do secure coders need? 12:28 - What tools do secure coders use? 17:08 - What roles can secure coders transition into? 19:50 - What to do right now to become a secure coder
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Cybersecurity jobs: How to better apply, get hired and fill open roles | Guest Diana Kelley
13 Jun 2022
01:00:37
Diana Kelley returns to the show to discuss her work as a board member of the Cyber Future Foundation and the goings-on at this year’s Cyber Talent Week. Whether you’re a cybersecurity hiring manager who doesn’t know why you’re not getting the applicants you want, a candidate who hears the profession has 0% unemployment but still can’t seem to get a callback or anyone in between, DO. NOT. MISS. THIS. EPISODE. This is one for the books, folks.
0:00 - Cybersecurity hiring and job searching 4:30 - Diana Kelley of Cyber Future Foundation 9:00 - Cyber Future Foundation talent week 13:58 - Reexamining cybersecurity job descriptions 21:52 - Cybersecurity hiring manager and applicant training 27:10 - Strategies to bring in diverse talent from other industries 33:06 - Narrowing your cybersecurity job pursuit 39:37 - Using different educations in cybersecurity roles 41:32 - Implementing an educational pipeline 44:40 - Hiring based on strong skills from other trades 48:22 - Cybersecurity apprenticeships 53:22 - Fostering cybersecurity community value 59:09 - Diana Kelley's future projects 1:00:30 - Outro
Ethical user data collection and machine learning | Guest Ché Wijesinghe
06 Jun 2022
00:24:00
Today on Cyber Work Ché Wijesinghe of Cape Privacy talks about the safe and ethical collection of user data when creating machine learning or predictive models. When your bank is weighing whether to give you a loan, they can make a better choice the more info they know about you. But how secure is that contextual data? Hint: not as secure as Wijesinghe would like!
0:00 - Machine learning and data collection 2:37 - Getting started in cybersecurity 3:15 - Being drawn to big data 4:35 - What data is driving decision-making? 9:04 - How is data collection regulated? 15:02 - Closing the encryption gap 16:50 - Careers in data privacy 19:07 - Where can you move from data privacy? 21:20 - Ethics of data collection 23:25 - Learn more about Wijesinghe 23:55 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Working as a privacy manager | Cybersecurity Career Series
23 May 2022
00:15:38
A Privacy Manager is responsible for the development, creation, maintenance and enforcement of the privacy policies and procedures of an organization. They ensure compliance with all privacy-related laws and regulations. The Privacy Manager takes an active lead role when a privacy incident or data breach occurs and will start the investigation. They will then monitor, track and resolve any privacy issues. The Privacy Manager builds a strategic and comprehensive privacy program for their organization that minimizes risk and ensures the confidentiality of protected information.
Advanced knowledge of privacy law and data protection is critical to success in this role.
0:00 - Working as a privacy manager 0:40 - What does a privacy manager do? 3:02 - Experience a privacy manager needs 5:15 - Is college necessary for a privacy manager? 8:05 - Skills needed to be a privacy manager 10:30 - What tools does a privacy manager use? 11:15 - Where do privacy managers work? 12:15 - Roles privacy managers can move to 13:30 - How do I get started becoming a privacy manager?
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
What does a cybersecurity beginner do? | Cybersecurity Career Series
16 May 2022
00:14:47
Just getting started? This role is for you!
The Cybersecurity Beginner role focuses on the foundational skills and knowledge that will allow anyone to take the first step towards transitioning into a cybersecurity career. No prior knowledge of cybersecurity or work experience is required. The only prerequisite is a passion for technology and cybersecurity.
0:00 - Working as a cybersecurity beginner 0:41 - Tasks a cybersecurity beginner may take on 4:15 - Cybersecurity work imposter syndrome 5:49 - Common tools cybersecurity beginners use 9:08 - Jobs for cybersecurity beginners 13:50 - Get started in cybersecurity
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
All about identity access management with the Identity Jedi | Guest David Lee
01 Jul 2024
01:00:40
How does a childhood curiosity turn into a groundbreaking career in identity and access management? Join us for an engaging conversation with David Lee, the Identity Jedi, as he recounts his fascinating journey from tinkering with computers as a child to becoming a sought-after expert in IAM. Lee shares the pivotal moments and unexpected opportunities that transformed his career, providing invaluable insights for anyone looking to break into the cybersecurity field. We explore the essential technical and soft skills that have propelled Lee to the forefront of his industry, along with his unique strategies for navigating complex IAM landscapes.
0:00 - Identity Access Management (IAM) 3:04 - First interest in cybersecurity 8:32 - Identity and access management cybersecurity 13:38 - Computer science and higher education 18:00 - Necessary soft and hard skills for IAM 22:16 - Larger organizations and IAM 24:21 - Defining identity in cybersecurity 29:18 - Variety of identity ideas 33:03 - African American representation in cybersecurity 38:28 - Cybersecurity equity 41:33 - Financial inequity and working in cybersecurity 48:35 - Cybersecurity solutions for more equitable hiring 53:22 - Less racism in the tech industry 57:51 - Best piece of cybersecurity career advice 59:13 - What is identity Jedi? 1:00:04 - Outro
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.
What does an ICS security practitioner do? | Cybersecurity Career Series
09 May 2022
00:13:42
Industrial control system (ICS) security practitioners are responsible for securing mission-critical SCADA and ICS information systems. They are responsible for restricting digital and physical access to ICS devices, such as PLCs and RTUs, to maximize system uptime and availability. Extensive knowledge of OT and IT protocols, incident response, Linux and Windows OS, configuration management, air-gapped or closed networks, insider threats and physical security controls are important competencies for any ICS security practitioner.
O:00 - ICS security practitioners 0:25 - What is an industrial control system practitioner? 2:22 - How to become an ICS practitioner 4:00 - Education required for an ICS practitioner 5:00 - Soft skills ICS practitioners need 6:05 - Common tools ICS practitioners use 7:59 - Where do ICS practitioners work? 10:05 - Can I move to another role after ICS practitioner? 12:18 - Getting started as an ICS practitioner
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
A public discussion about privacy careers: Training, certification and experience | Cyber Work Live
02 May 2022
01:02:44
Join Infosec Skills authors Chris Stevens, John Bandler and Ralph O’Brien as they discuss the intersection of privacy and cybersecurity. They’ll help you walk a path that will lead to an engaging career as a privacy specialist — a job role that grows with more opportunities year after year!
This episode was recorded live on April 12, 2022. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/.
0:00 - Intro and guests 3:45 - What is privacy as a career? 8:15 - Day-to-day work of a cybersecurity privacy professional? 16:45 - Intersection of law and tech degrees 20:30 - What beginner privacy certifications should I pursue? 25:45 - Best practices for studying for IAPP certifications 33:00 - How to gain experience in cybersecurity privacy work 40:27 - How to interview for a cybersecurity privacy job 45:00 - GDPR and ransomware 51:52 - Implementation of privacy laws and security positions 58:15 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
What does a security engineer do? | Cybersecurity Career Series
25 Apr 2022
00:15:10
Security engineers are responsible for implementing, and continuously monitoring security controls that protect computer assets, networks and organizational data. They often design security architecture and develop technical solutions to mitigate and automate security-related tasks. Technical knowledge of network/web protocols, infrastructure, authentication, log management and multiple operating systems and databases is critical to success in this role.
0:00 - What is a security engineer? 3:39 - How do I become a security engineer? 4:52 - Studying to become a security engineer 5:47 - Soft skills for security engineers 7:05 - Where do security engineers work? 9:43 - Tools for security engineers 12:10 - Roles adjacent to security engineer 13:15 - Become a security engineer right now
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
What does an information risk analyst do? | Cybersecurity Career Series
18 Apr 2022
00:20:09
Information risk analysts conduct objective, fact-based risk assessments on existing and new systems and technologies, and communicate findings to all stakeholders within the information system. They also identify opportunities to improve the risk posture of the organization and continuously monitor risk tolerance.
0:00 - Information risk analyst career 0:30 - Day-to-day tasks of an information risk analyst 2:09 - How to become an information risk analyst 4:00 - Training for an information risk analyst role 5:42 - Skills an information risk analyst needs 9:24 - Tools information risk analysts use 10:51 - Jobs for information risk analysts 13:08 - Other jobs information risk analysts can do 18:05 - First steps to becoming an information risk analyst
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
The importance of cyber threat research | Guest Moshe Zioni
11 Apr 2022
00:40:00
Moshe Zioni of Apiiro talks about threat research and how to properly report discovered code vulnerabilities. We discuss the ways that vulnerabilities can find their way into code despite your best intentions, the difference between full disclosure and responsible disclosure, and being in the last generation to still grow up before the internet changed everything.
0:00 - Cybersecurity threat research 2:21 - Getting interested in computers 3:25 - Penetration testing and threat research 6:15 - Code vulnerabilities 10:58 - Research process for vulnerabilities 17:05 - Proper reporting of threats 23:11 - Full disclosure vs proper disclosure 25:53 - Current security threats 30:20 - Day-to-day work of security researchers 32:02 - Tips for working in pentesting 35:32 - What is Apiiro? 39:11 - Learn more about Moshe Zioni 39:42 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Security awareness and social engineering psychology | Guest Dr. Erik Huffman
04 Apr 2022
00:56:18
TEDx speaker, security researcher, host of the podcast MiC Club and all-around expert on security awareness and social engineering, Dr. Erik Huffman, is today's guest. Huffman spoke at the 2021 Infosec Inspire virtual conference, and for those of you who were captivated by his presentation, prepare for another hour of Dr. Huffman’s insights on why we need to teach security awareness from insight, rather than fear or punishment, how positive name recognition in an email can short-circuit our common sense and how to keep your extrovert family members from answering those questions online about your first pet and the street you lived on as a child.
0:00 - Clicking on phishing attacks 3:13 - First getting into cybersecurity 5:00 - Higher education and cybersecurity 7:41 - Cybersecurity research projects 10:05 - Impacting a cybersecurity breach 11:14 - Security awareness and social engineering 15:45 - Common social engineering tricks 23:00 - Changing security habits 30:15 - Cybersecurity communication avenues 33:30 - Getting family members cyber safe 38:00 - Harvesting info via social media 42:13 - Working in security awareness and threat research 44:54 - Importance of white papers and documentation 55:04 - Learn more about Erik Huffman 56:00 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Better cybersecurity practices for journalists | Guest Marcus Fowler
28 Mar 2022
00:50:32
Marcus Fowler, senior vice president of strategic engagement and threats at DarkTrace, talks about attack vectors currently facing embedded journalists, their need to be available at all times for potential sources and how that openness makes them, their company and their confidential sources potential attack vectors for cybercriminals. Fowler talks about security hardening strategies that don’t compromise journalistic availability, the work of threat research and why people with natural interests in cybersecurity will have their career path choose them, not the other way around.
0:00 - Cybersecurity threats to journalists 3:00 - Getting into cybersecurity 5:50 - CIA cybersecurity training 7:18 - Joining DarkTrace in engagement threat roles 10:22 - Tasks with engagement threat jobs 13:22 - Cybersecurity work balance 17:49 - Advanced persistent threats against media 23:33 - Attack vectors journalists face 26:14 - Journalist cybersecurity savvy 28:08 - A truly secure journalism source 32:58 - Damage from a compromised source 36:05 - Main cybersecurity threats right now 38:37 - Qualifications needed to work as a threat researcher 42:52 - Safe cybersecurity jobs 47:05 - What is DarkTrace? 49:06 - Learn more about Marcus Fowler 50:11 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
What makes a good cyber range? | Guest Justin Pelletier
21 Mar 2022
00:53:33
Justin Pelletier is the director of the cyber range program at the ESL Global Cybersecurity Institute at the Rochester Institute of Technology. Infosec Skills has some great cyber ranges, but Pelletier shows the organization’s massive, immersive simulations. Because they’ve also included cyber range technology for beginning cybersecurity pros transitioning from other jobs, we cover what’s involved in making a good cyber range, how to break down those early barriers of fear and self-doubt and how quickly you can move into a cyber career after hands-on training.
0:00 - Immersive cyber ranges 3:13 - Getting into cybersecurity 5:06 - Studying data breaches 11:03 - Cybersecurity at the Department of Defense 14:02 - Cyber range education at the RIT 16:20 - Work of the Global Cyber Range 24:20 - Cyber range scenarios 38:30 - What makes a good cyber range? 42:00 - Successfully getting into cybersecurity 45:33 - Cyber range upskilling 48:47 - Cybersecurity hiring changes 51:30 - Learn more about the cyber range center 52:30 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Cybersecurity and all things privacy | Guest Chris Stevens
14 Mar 2022
00:50:09
Today's podcast highlights implementation privacy, policy privacy and all things privacy with privacy expert and Infosec Skills author and instructor Chris Stevens. From his years in the government’s office of national intelligence to his multiple IAPP certifications, Stevens is happy to tell you everything you ever wanted to know about careers in privacy, around privacy and careers that would be better with a helping of privacy skills on top!
0:00 - Cybersecurity privacy 3:30 - Getting interested in cybersecurity 4:40 - Cybersecurity in the Department of Defense 6:00 - Computer science studies 8:50 - Cybersecurity research 11:05 - Information privacy and privacy professionals 14:48 - What does U.S. privacy cover? 19:10 - Privacy certifications and more 21:36 - Privacy differences across countries 24:50 - Difference in privacy certifications 27:16 - Learning about privacy 30:16 - Positions available for information privacy 33:50 - Educational steps to work in privacy 36:00 - Getting a job in privacy 37:57 - Entry-level work in privacy roles 42:44 - How to stay on track in lifelong learning 46:37 - Cybersecurity education in the future 48:19 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Working in DevOps | Guest Steve Pereira
07 Mar 2022
00:55:05
Steve Pereira of Visible Value Stream Consulting discusses DevOps, SecOps, DevSecOps and his own lifelong love of streamlining projects. You’ll hear how his dad’s job with Bell Telephone facilitated his early explorations, the intersections of DevOps and Agile, the ever-important security component of it all and why following your interests and not the big money payouts might not work in the short run, but ultimately will get you where you want to go in the end.
0:00 - Intro 2:35 - Cybersecurity origin story 6:02 - Build and release engineering 9:27 - Tech and business 11:20 - DevOps projects 12:10 - Automating yourself out of your job 13:44 - What is DevOps? 23:45 - Method for DevOps success 31:47 - Development team vs security team 36:03 - DevOps history and Agile 44:50 - How do I work in DevOps? 52:09 - Visible Value Stream Consulting 54:42 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Cybersecurity’s role in U.S. foreign relations | Guest Tom Siu
24 Jun 2024
00:58:08
Today on Cyber Work, Tom Siu, CISO of Inversion6, joins the podcast to talk about cyber diplomacy! As Siu says at the start of the show, the internet has no borders. It’s like water. There are pathways and choke points, but there is no ownership by any one country or entity. How does that influence international diplomacy? Siu discusses possible scenarios for the future of cyber diplomacy, and skills and backgrounds that make you a good fit for this work. This is a great episode for our job changers, especially as this work requires strong backgrounds from a variety of tech and non-tech careers, but as always, there’s lots to learn, no matter your skill level or background, on today’s episode of Cyber Work.
0:00 - Work in cyber diplomacy 4:36 - First interest in cybersecurity 7:01 - Learning by breaking 8:58 - Working as a CISO 17:44 - Reading and learning different job languages 21:15 - Career and personal resiliency 25:42 - The impact of cyber on foreign policy 35:14 - Working in cybersecurity foreign policy 38:24 - The military and cyber diplomacy 43:11 - Emerging trends in cyber diplomacy 48:52 - Skills you need to work in cybersecurity 54:20 - Best cybersecurity career advice 56:12 - Learn more about Inversion6 59:25 - Outro
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.
Working as a digital forensics analyst | Cybersecurity Career Series
03 Mar 2022
00:08:36
Digital forensics analysts collect, analyze and interpret digital evidence to reconstruct potential criminal events and/or aid in preventing unauthorized actions from threat actors. They help recover data like documents, photos and emails from computer or mobile device hard drives and other data storage devices, such as zip folders and flash drives, that have been deleted, damaged or otherwise manipulated. Digital forensic analysts carefully follow chain of custody rules for digital evidence and provide evidence in acceptable formats for legal proceedings.
0:00 - Intro 0:26 - What is a digital forensics analyst? 0:57 - Digital forensics specialties 1:24 - How to become a digital forensics analyst 2:17 - Skills needed to be a digital forensics analyst 3:34 - Common tools for a digital forensics analyst 4:42 - Using digital forensics tools 5:17 - Digital forensics analyst jobs 6:30 - Moving from digital forensics to new roles 7:17 - Get started in digital forensics 8:18 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Three foundational cybersecurity certifications | Guest Mike Meyers
28 Feb 2022
00:53:48
Infosec Skills author Mike Meyers of Total Seminars joins me to discuss three foundational certifications that will start you on just about any path you want to go. Specifically, the CompTIA A+, Network+ and Security+ certifications. Meyers dispenses tough love for people who want someone else to map their career for them, talks up the benefits of vendor-neutral certs and blows my mind by comparing certs with car windshield wipers. Intrigued? You should be! That’s all today, on Cyber Work!
0:00 - Intro 3:00 - Beginning in cybersecurity 3:23 - Why teach cybersecurity? 5:54 - Why CompTIA? 6:57 - Start vendor neutral with cybersecurity certification 12:10 - Being diverse in cybersecurity is essential 13:35 - Why A+, Network+ and Security+? 25:53 - Guiding your cybersecurity career 30:05 - Where to learn cybersecurity skills 42:02 - Cybersecurity job dilution 44:20 - Where do I begin my cybersecurity career? 48:32 - Using the Infosec Skills platform 49:38 - Mike Meyers' next projects 51:30 - What is Total Seminars? 52:12 - Learn more about Meyers and Total Seminars 53:23 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
What does a security architect do? | Cybersecurity Career Series
21 Feb 2022
00:13:52
Security Architects are responsible for planning, designing, testing, implementing and maintaining an organization's computer and network security infrastructure. Security Architects develop information technology rules and requirements that describe baseline and target architectures and support enterprise mission needs.
Advanced technical knowledge of network/web protocols, infrastructure, authentication, enterprise risk management, security engineering, communications and network security, identity and access management, and incident response, is critical to success in this role.
0:00 - Intro 0:31 - What is a security architect? 1:07 - How to become a security architect 2:15 - What certifications should a security architect get? 3:07 - Skills a security architect needs 4:07 - Learning as a security architect 7:06 - Security architect tools 7:58 - Where do security architects work 9:28 - Private vs federal security architects 11:09 - Related roles to security architect 12:12 - Start working toward security architect 13:23 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Data backup in ransomware situations | Guest Curtis Preston, aka “Mr. Backup”
14 Feb 2022
01:00:32
Curtis Preston, aka “Mr. Backup,” has been in the backup and recovery space since 1993. He’s written four books, hosts a podcast called “Restore it all,” founded backupcentral.com and is a tech evangelist for SaaS data protection company Druva. We talk about disaster recovery, the role of good backup in ransomware situations and why the data recovery person and the information security person in your company need to become fast friends and start sharing notes. Also, why we’ve all been completely wrong about tape backup systems.
0:00 - Cyber Work intro 2:40 - Mr. Backup origin story 4:01 - How backup and recovery has changed 7:44 - Data duplication during a disaster 9:45 - Speed of data recovery changes 12:47 - Benefit to physical data backups 15:37 - Common long-term data backup mistakes 19:04 - Other issues with data recovery 23:22 - Limits of disaster recovery 34:16 - Encryption options 39:44 - Jobs in data backup and recovery 44:54 - Benefit to learning data backup and recovery 46:53 - Data backup and recovery outlook 52:52 - What is the Restore It All podcast? 56:15 - What is Druva? 59:45 - Where can I learn more about Mr. Backup? 1:00:32 - Cyber Work outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Long-term cybersecurity career strategies | Guest Maxime Lamothe-Brassard
07 Feb 2022
00:40:10
Maxime Lamothe-Brassard, founder of LimaCharlie, has worked for Crowdstrike, Google X and Chronicle Security before starting his own company. This episode goes deep into thinking about your long-term career strategies, so don’t miss this one if you’re thinking about where you want to go in cybersecurity in two, five or even 10 years from now.
0:00 - Intro 2:56 - First getting into cybersecurity 6:46 - Working in Canada's national defense 9:33 - Learning on the job 10:39 - Security practices in government versus private sector 13:50 - Average day at LimaCharlie 16:40 - Career journey 19:25 - Skills picked up at each position 23:57 - How is time length changing? 27:53 - Security tools and how they could be 31:34 - Where do security tool kits fail? 34:04 - Current state of practice and study 37:10 - Advice for cybersecurity students in 2022 38:21 - More about LimaCharlie 39:50 - Learn more about LImaCharlie or Maxime 40:08 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Jessica Amado, head of cyber research at Sepio Systems, discusses hardware-based cybersecurity threats. We’ve all heard the USB in the parking lot trick, but Amado tells us about the increasingly complex ways cybercriminals bypass hardware safeguards, and lets you know how to make sure that the keyboard or mouse you’re plugging in isn’t carrying a dangerous passenger.
0:00 - Intro 2:30 - Initial cybersecurity draw 6:30 - Day-to-day work as head of cybersecurity research 8:44 - How Amado does research 9:37 - Amado's routine 10:35 - Hardware-based ransomware 13:00 - Other hardware threat factors 17:54 - Security practices with USBs 20:10 - How to check hardware 21:52 - Recommendations on security protocols 23:57 - The future of ransomware and malware 27:20 - How to work in hardware security 31:35 - Cybersecurity in other industries 32:33 - Advice for cybersecurity students 34:11 - Sepio Systems 35:58 - Learn more about Sepio or Amado 36:23 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
What does a cloud security engineer do? | Cybersecurity Career Series
27 Jan 2022
00:13:07
Cloud security engineers design, develop, manage and maintain a secure infrastructure leveraging cloud platform security technologies. They use technical guidance and engineering best practices to securely build and scale cloud-native applications and configure network security defenses within the cloud environment. These individuals are proficient in identity and access management (IAM), using cloud technology to provide data protection, container security, networking, system administration and zero-trust architecture.
0:00 - Intro 0:25 - What does a cloud security engineer do? 1:55 - How to become a cloud security engineer? 2:55 - How to gain knowledge for the role 4:43 - Skills needed for cloud security engineers 6:00 - Common tools cloud security engineers use 7:43 - Job options available for this work 8:35 - Types of jobs 9:16 - Can you pivot into other roles? 11:03 - What can I do right now? 12:33 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Cybersecurity project management: Your career starts here | Cyber Work Live
24 Jan 2022
01:01:24
Are you great with details? Do you like juggling multiple projects at once? Is your organization system the topic of awed discussion between your co-workers? Or are you just interested in getting into cybersecurity from a different angle? If so, you might already be a top-notch project manager and not even know it!
Join a panel of past Cyber Work Podcast guests as they discuss their tips to become a project management all-star: – Jackie Olshack, Senior Program Manager, Dell Technologies – Ginny Morton, Advisory Manager, Identity Access Management, Deloitte Risk & Financial Advisory
If you’re interested in project management as a long-term career, Jackie and Ginny will discuss their career histories and tips for breaking into the field. If you plan to use project management as a way to learn more about other cybersecurity career paths, we’ll also cover how to leverage those skills to transition into roles.
This episode was recorded live on December 15, 2021. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/
The topics covered include: 0:00 - Intro 0:51 - Meet the panel 3:12 - Why we're talking project management 6:27 - Agenda for this discussion 6:55 - Part 1: Break into cybersecurity project management 7:45 - Resume recommendations for project managers 12:35 - Interview mistakes for project managers 19:22 - Creating your elevator pitch 23:10 - Importance of your LinkedIn page 25:05 - What certifications should I get? 30:38 - Do I need to be technical to be successful? 34:20 - How to build cybersecurity project management skills 38:28 - Part 2: Doing the work of project management 40:47 - Getting team members to lead themselves 44:50 - Dealing with customer ambiguity 47:30 - Part 3: Pivoting out of project management 47:48 - How do I change roles in an organization 51:50 - What's the next step after cybersecurity project manager? 53:43 - How to move from PMing security teams into leading them? 59:05 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
What does a SOC analyst do? | Cybersecurity Career Series
20 Jan 2022
00:07:33
Security operations center (SOC) analysts are responsible for analyzing and monitoring network traffic, threats and vulnerabilities within an organization’s IT infrastructure. This includes monitoring, investigating and reporting security events and incidents from security information and event management (SIEM) systems. SOC analysts also monitor firewall, email, web and DNS logs to identify and mitigate intrusion attempts.
0:00 Intro 1:20 - What is a SOC analyst? 1:58 - Levels of SOC analyst 2:24 - How to become a SOC analyst 2:53 - Certification requirements 3:29 - Skills needed to succeed 4:38 - Tools SOC analysts use 5:32 - Open-source tool familiarity 6:05 - Pivoting from a SOC analyst 6:50 - What can I do right now? 7:32 - Experience for your resume 8:07 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Top cybersecurity breaches of 2021 | Guest Keatron Evans
17 Jan 2022
00:51:51
Infosec’s Principal Security Researcher, instructor and cybersecurity renaissance man Keatron Evans returns to the show for the first in a series of once-quarterly episodes breaking down big stories in the news and cybersecurity trends for the future! We talk Solarwinds, Colonial Access Pipeline, Oldsmar, Keatron’s origin story and why, just like practicing your scales makes you a better musician, master pentesters and security pros got where they did by mastering the art of repetition in learning.
0:00 - Intro 2:30 - How did you get into cybersecurity? 4:00 - What skills did you have early on? 6:10 - First interaction with Infosec 10:34 - Work as a principal security researcher 13:20 - Machine learning in cybersecurity 14:14 - Infosec classes 17:28 - Equity in cybersecurity 20:25 - You don't need a technical background 21:36 - Major security breaches of 2021 22:15 - SolarWinds breach 24:56 - What job roles help stop these breaches? 27:50 - Water treatment plant breach 31:42 - Infrastructure security 34:30 - President Biden and cybersecurity 39:22 - Supply chain security 43:20 - Security trends for 2022 49:00 - Projects to keep an eye on 50:52 - Learn more about Evans 51:44 - Outro
Breaking down CEH exam questions with an Infosec expert
20 Jun 2024
00:15:09
Infosec and Cyber Work Hacks are here to help you pass the CEH, or Certified Ethical Hacker exam. For today’s Hack, Akyl Phillips, Infosec bootcamp instructor in charge of the CEH/Pentest+ dual-cert bootcamp, walks us through four sample CEH questions, explaining the logic behind each answer and discounting the wrong ones with explanations, allowing you to reach the right answer in a logical and stress-free way. This episode is a real eye-opener for aspiring red teamers, so keep it here for this Cyber Work Hack!
0:00 - Mastering the CEH exam 2:42 - Types of CEH exam questions 3:32 - CEH exam question examples 12:08 - Why a CEH boot camp is helpful 13:44 - How long is the CEH exam? 14:37 - Best CEH exam advice 15:18 - Outro
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.
What does a security manager do? | Cybersecurity Career Series
13 Jan 2022
00:17:58
Security managers develop security strategies that align with the organization's goals and objectives. In addition, they direct and monitor security policies, regulations and rules that the technical team implements. Knowledge in areas like information security governance, program development and management, incident response and risk management are important to success in any security management role.
0:00 - Intro 0:26 - What does a security manager do? 3:15 - How do you become a security manager? 4:54 - What education is required for security managers? 5:55 - What certificates are required for security managers? 7:23 - What skills does a security manager need to have? 9:58 - Common tools security managers use 11:48 - Where do security managers work? 13:45 - How well do security managers pivot into other roles? 15:36 - What step can someone take now to become a security manager? 17:27 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Predictions for cybersecurity in 2022 | Guest Andrew Howard
10 Jan 2022
00:32:14
Andrew Howard, CEO of Kudelski Security, returns to give us his cybersecurity predictions for 2022! How will cybersecurity protect the supply chain, why is quantum computing on all of his clients' minds, and how would Andrew rewrite security from the ground up if a genie granted him three wishes?
0:00 - Intro 3:00 - Getting into cybersecurity 4:00 - How has the cloud evolved? 6:46 - The past year in cybersecurity 8:20 - The next cybersecurity innovation 8:57 - Where quantum computing is going 10:15 - Concerns about encryption data 10:54 - The state of ransomware 12:57 - Cybersecurity supply chain issues. 16:18 - Hybrid work cybersecurity 18:42 - The year of cyber insurance 20:35 - DOD directive to close security gaps 22:15 - What would you change in cybersecurity? 25:45 - What would put phishing out of mind? 28:10 - Advice to 2022 cybersecurity students 29:37 - Kudelski Security 30:58 - Blockchain security in 2022 31:57 - Learn more about Kudelski 32:10 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
What does a penetration tester do? | Cybersecurity Career Series
06 Jan 2022
00:10:20
Penetration testers, or ethical hackers, are responsible for planning and performing authorized, simulated attacks within an organization’s information systems, networks, applications and infrastructure to identify vulnerabilities and weaknesses. Findings are documented in reports to advise clients on how to lower or mitigate risk. Penetration testers often specialize in a number of areas such as networks and infrastructures, Windows, Linux and Mac operating systems, embedded computer systems, web/mobile applications, supervisory control data acquisition (SCADA) control systems, cloud systems and internet of things (IoT) devices.
0:00 - Intro 0:26 - What does a penetration tester do? 1:10 - Levels of penetration testers 1:50 - How to become a penetration tester 3:08 - Education needed to be a pentester 3:50 - Skills needed to pentest 4:24 - Common tools of the pentester 5:07 - Training with the tools 5:42 - Job options for pentesters 6:36 - Work duty expectations 7:45 - Can you move to a different role? 9:09 - What can I do to become a pentester? 9:54 - Outro
About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.