Explore every episode of the podcast Hacker Valley Studio
| Title | Pub. Date | Duration | |
|---|---|---|---|
| From Landscaping to Cyber Leadership with Cole Lisko | 24 Dec 2024 | 00:34:44 | |
How does a scorching July day in a van with no air conditioning lead to a career at one of the world’s top cybersecurity companies? In this episode, Cole Lisko shares his journey from landscaping to becoming the Cortex Team Manager at Palo Alto Networks. Joined by his bestie Cole, Ron weaves the conversation through their history of friendship with laughs and lessons learned along the way. Discussing career pivots, unexpected opportunities, and the impact of mentorship, this conversation offers relatable motivation and a candid look at the power of meaningful connections.
Impactful Moments: 00:00 - Introduction 03:00 - Cole’s first exposure to cybersecurity 06:30 - Pivotal moment: a call for mentorship 11:40 - Breaking into cleared work 18:30 - Lessons learned at Booz Allen 22:00 - The art of work-life compartmentalization 27:45 - Leadership insights from landscaping days 32:50 - What’s next for Cole at Palo Alto Networks
Links: Connect with our guest, Cole Lisko: https://www.linkedin.com/in/matthewlisko/
Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ | |||
| Think Like a Hacker, Solve Like a Leader featuring Ted Harrington | 17 Dec 2024 | 00:41:06 | |
What if the key to innovation is breaking the rules? Ted Harrington, Executive Partner at Independent Security Evaluators and a pioneering ethical hacker, explores the power of commitment, curiosity, creativity, and nonconformity to rethink cybersecurity and life itself. From hacking the first iPhone to disrupting misconceptions about security testing, Ted shows why the hacker mindset matters more now than ever. Join Ron and Ted as they discuss strategies for using the hacker mindset to solve problems, address risks like AI-driven deepfakes, and uncover unconventional opportunities in both business and personal growth.
Impactful Moments: 00:00 - Intro 03:15 - The four traits of a hacker mindset 07:40 - Hacking the first iPhone and Tesla 11:50 - Why penetration testing is misunderstood 16:30 - Risks and realities of AI deepfakes 21:20 - Applying hacker traits to entrepreneurship 28:45 - Ted’s upcoming book: Inner Hacker 33:00 - Why mindset matters most
Links: Connect with our guest, Ted Harrington: https://www.linkedin.com/in/securityted/ Order Ted Harrington’s book “Hackable” here: https://www.amazon.com/Hackable-How-Application-Security-Right-ebook/dp/B08MFTQ7Q4
Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ | |||
| How to Become a True Security Leader with Nathan Case | 15 Oct 2024 | 00:36:17 | |
How does one become a true security leader? According to Nathan Case, it’s not about titles—it’s about impact. In this episode, Nathan Case, VP of Cloud Security at Clarity, shares his journey through security leadership, including stories from his time at AWS and his approach to building mission-driven teams. Nathan discusses balancing family with leadership, the future of AI in cybersecurity, and what it takes to become a real leader in the security space. He also reflects on the importance of being chosen as a leader, rather than striving for the title. Impactful Moments: 00:00 – Introduction 02:31 – Journey from AWS to Clarity 04:00 – Cyber Dominance 05:55 – Leading Through M&A 07:00 – Redefining the CISO Role 11:00 – Shared Security Responsibility 15:15 – Balancing Mission and Family 20:00 – AI in Security 28:30 – Leadership in Incident Response 32:00 – Woodworking and Perfectionism 35:00 – Leaders Are Chosen
Links: Connect with our guest, Nathan Case: https://www.linkedin.com/in/nathancase/ Check out Nathan and Ross Haleliuk's blog on Security Incident Response here: https://ventureinsecurity.net/p/a-different-take-on-security-incident Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ | |||
| Improv-ing Your Way to Better Vendor Meetings With Brad Liggett | 13 Dec 2022 | 00:27:52 | |
Brad Liggett, CTI Intel Engineer Manager at Cybersixgill, puts on his improv hat and joins the pod ready for anything. After COVID pressed pause on daily life, Brad kept himself sane and gained some new skills by returning to his improv roots (a hobby he had in the ‘90s) and taking up Dungeons & Dragons. In this episode, Brad covers the importance of improv skills in the professional world, the opportunities to add elements of gaming into cyber, and advice for practitioners looking to be more agile. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals.
Timecoded Guide: [00:00] Introducing the unique combination of improv & cybersecurity [05:57] Being a life-long learner in cybersecurity & in improv groups [13:20] Practicing improvisational skills for cybersecurity customer conversations [18:17] Bringing in games & elements of play into cybersecurity environments [24:38] Advice for a more agile, improvisational tomorrow
Sponsor Links: Thank you to our sponsors Axonius and NetSPI for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.
Is there a skill that you called upon during an interaction with a customer where you really leaned on your improv muscle? Improv often involves one phrase that Brad believes other industries should incorporate, too: “Yes, and.” In cybersecurity, Brad leans heavily on the “Yes, and,” phrase because it encourages conversations to move forward authentically. Meetings aren’t successful when customers and clients feel uncomfortable and unengaged. Being able to think on his feet and prepare for changes makes Brad a stronger, more agile practitioner and communicator. “The whole concept of moving the meeting forward and making sure that there are no uncomfortable silences. Be prepared, have an idea of what you want to talk about, but inevitably, the client you're talking to, everyone's going to be unique.”
What do you think is the glue that holds your interests in cyber and improv together? Being a life-long learner is something extremely important and valuable for Brad. For improv, research on the latest media, memes, and movies influences his work and motivates him to stay up-to-date and be involved in some fun research. Cybersecurity is the same way. Brad believes to be the best practitioner and leader for his team, he needs to be knowledgeable about vendors, threats, products, and all things new in the industry. “You always have to be reading, you always have to be aware of what's going on in the environment out there in the world, so that as those things come up, at least you can somewhat talk to them and start to put those pieces together.”
What has been your experience with bringing an element of play into cyber? Cybersecurity can’t be all work and no play. Instead, Brad believes that cybersecurity teams should continue to prioritize the gamification of training processes, as well as just letting their teams have a little fun. Sometimes, to build a strong, trusting team, there needs to be an outside outlet for problem-solving, puzzling, and creativity. Brad even brought his team at Cybersixgill to a Meow Wolf exhibition this year for that same team-building reason. “We work hard, but we also should make sure that we play, and not only just do that individually, but even as teams, especially now. It's not always going to be about the training aspect, you also have to take that time to bring that team together.”
What is a piece of wisdom that people could take with them to work tomorrow to make them more agile and improvisational? When it comes to agility and improvisational skills, you have to have a strong foundation to build off of. For Brad, taking time for himself and understanding when and how he learns best has been vital to his success. Listening to podcasts at the gym, reading something new at hotels, and getting a good night’s sleep are all little things that help Brad consistently become more agile and improvisational at work. “For me, it’s always having some sacred time at the end of the day. There's no TV in my bedroom, and my phone is telling me around 8:30, ‘Hey, it's wind down time,’ and that's when I'm getting in the mode for sleep, and then making sure I've got a good night's sleep.” --------------- Links: Keep up with our guest Brad Liggett on LinkedIn and Twitter Learn more about Cybersixgill on LinkedIn and the Cybersixgill website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Prioritizing & Proactive Cybersecurity with Richard Rushing | 06 Dec 2022 | 00:41:55 | |
Richard Rushing, CISO at Motorola Mobility, brings his decades of experience to the show this week to talk about leadership, communication, and perhaps most importantly of all: prioritization. After joining Motorola through a startup acquisition, Richard has been a leader in the company and a defining example of what a CISO should be doing: simplifying the complicated. Richard talks about how his role has changed over the last 10 years and what’s next for him and for cybersecurity. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals.
Time Code Guide: [00:00] Ascending into a leadership role in cybersecurity & joining the Motorola team [06:28] Defining CSO & CISO at a time when no one understood cybersecurity [13:01] Communicating with the C-suite about cyber: best practices & tenants [24:37] Harnessing a proactive cybersecurity mindset with prioritization [32:13] Extending your cybersecurity career for decades
Sponsor Links: Thank you to our sponsors Axonius and NetSPI for bringing this security podcast to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.
What was your experience of being a Chief Security Officer in the early 2000s? Richard jokes that he became a part of the cyber industry before the industry was even called cybersecurity, but behind the joke lies the truth that cyber looked extremely different back then. However, no matter how much time passes, Richard is still used to the odd confused looks that come from saying he’s a CISO. People misunderstand the role, Richard explains, but at least more people than ever before understand the importance of cybersecurity. “There were a lot of other things that you had to talk about, you had to evangelize a lot coming into this [industry] because a lot of the cybersecurity industry was brand new. People were moving around and trying to figure these things out and everybody struggled.”
How many times would you say you feel like you've had a new job or a new role being in the same role for over 10 years? Being a CISO has had its ups and downs during the 10 years Richard has spent in that role at Motorola, but the changes have been welcome and interesting. Every few years, the technology landscape changes, and with those changes in tech come massive changes in company ownership, leadership, and security. However, Richard is thankful that through these changes, his core team has stayed the same, giving him a trustworthy group to learn from. “It's always changing, but at the same time, there are some static components. When I came on to Motorola 15 years ago and established teams, most of my team, except for a very small portion of people that retired or left, are still with me today.”
What are your thoughts and best practices for proactive cybersecurity? Although “proactive cybersecurity” has become a buzzword we’re all paying attention to, Richard warns that most companies aren’t really being proactive with cybersecurity just yet. Instead, what the industry has shifted towards is prioritization. Understanding what’s important, prioritizing those aspects of a business, and knowing what you don’t have the resources to handle can make the security work you’re doing feel more proactive. “Why do I need to prioritize? Because you're getting more alerts than you have people to be able to handle it or technologies to be able to handle it in an automated way. So, you have to prioritize what's important.”
What would you recommend people consider to extend their cybersecurity career life as long as you have? After nearly four decades in the industry and over ten years at Motorola, Richard has been in cybersecurity longer than most modern-day practitioners. When asked about his secrets for an extended cybersecurity career, Richard reflects back on his advice around prioritization over “proactive cybersecurity”, and emphasizes the importance of community. Cybersecurity is a collaborative field, and practitioners have to stay open to learning together to succeed. “In the cybersecurity world, we will talk to our competitors and share what we're seeing. I think that community effort is one of the key things. You have to enjoy what you're doing, reach out and be collaborative with people. Don't be the security guy that people are scared of.” --------------- Links: Keep up with our guest Richard Rushing on LinkedIn and Twitter Learn more about Motorola Mobility on LinkedIn and the Motorola website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Keeping Cyber Course Prices Equitable with Kenneth Ellington | 29 Nov 2022 | 00:22:06 | |
Kenneth Ellington, the Senior Cybersecurity Consultant at EY and Founder of the Ellington Cyber Academy, achieves his goal of being on the Hacker Valley Studio this week. From working at Publix in college to becoming an online course instructor, Kenneth’s journey into the cyber industry has been heavily influenced by online educators like Chris and Ron. Kenneth covers barriers to entry for cyber, SOAR vs SIM, and how much further we need to go for representation in the industry. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals.
Timecode Guide: [00:00] Starting a cyber career at the Publix deli counter [05:16] Fighting through introversion to become an online instructor [11:02] Setting equitable & understandable prices for cyber courses [15:54] Looking into the future of SOAR vs SIM to see what’s next [19:27] Taking the chance on content creation as a new cyber professional
Sponsor Links: Thank you to our sponsors Axonius and NetSPI for bringing this security podcast to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive offensive security solutions. Visit netspi.com/HVM to learn more.
What areas do you feel confident in as a new teacher, and what do you still struggle to get your footing on? As someone newer to online teaching, having only done it for 2 years, Kenneth is confident in his communication skills, but still struggles with fully grasping new technology. On the bright side, Kenneth believes those technical skills come with time and practice, something he’s 100% willing to do. What helps him stand out as a strong teacher is something harder to learn— communication with others and de-escalating stressful situations for students. “I worked at Publix for four years in the deli, dealing with customers, and that forced me to develop those soft skills about how to talk to people and how to communicate and how to de-escalate situations. That's how I set myself apart.”
What are some of the things that you're thinking about when it comes to setting the pricing for your course content? No matter how his prices change or how skilled he becomes, Kenneth still believes in fair and equitable pricing for his course content. Considering his experience and expertise, Kenneth charges at least half of what I vendor might charge for similar content and knowledge. However, Kenneth doesn’t believe in thousands of dollars being spent on his courses, because he wants entry-level students like himself to be able to afford to learn. “I'm very honest with myself, what my skill level is, and the value I bring towards it. Because I've been doing this for over two years, technically, I've gotten a pretty good gauge as to what people are willing to pay for and the value that I can bring.”
Do you have anything you’re looking to expand into with Ellington Academy? While SOAR and SIM are Ellington Academy's bread and butter, Kenneth is looking forward to continuing to expand his expertise and scale his content. A future upcoming goal Kenneth has is giving back to the country of Jamaica, where his family is originally from. Through providing courses or recruitment opportunities, he wants to bring cyber skills to everyone. “From a legacy perspective, I want to leave a positive mark on this world, just to make it better than when I got here. One of my big goals, I don't know if it's gonna happen, but my family is from Jamaica, so I'm hoping I can maybe put ECA there someday.”
What advice would you give to a newbie in cybersecurity looking to start making content? Kenneth got his start at the Publix deli counter, and he understands that the beginning of someone’s cyber journey can look just like his— inexperienced but hungry for knowledge. For newcomers to the industry, Kenneth wants to reassure you that you’re never too young to teach or too old to learn. Take courses, expand your knowledge, and give back to people with less knowledge than you through accessible learning content of your own. “Take the opportunity to try to do something new because your knowledge is valuable, no matter how much or how little that you have. Everybody can learn something from everyone. I always try to help out however I can.” --------------- Links: Keep up with our guest Kenneth Ellington on LinkedIn Check out the Ellington Cyber Academy Learn more about EY on LinkedIn and the EY website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Sharing Cyber Outside of the Security Bubble with Lesley Carhart | 22 Nov 2022 | 00:29:44 | |
Lesley Carhart, Director of Incident Response at Dragos, takes some time off mentoring cybersecurity practitioners, responding to OT incidents, and training in martial arts to hop on the mics this week. Named Hacker of the Year in 2020, Lesley’s impact on the industry stretches far and wide. As an incredible content creator for cybersecurity, Lesley advises listeners on how to find their niche and who to be willing to educate along the way. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals.
Timecoded Guide: [00:00] Giving back to the community through martial arts & cyber education [06:13] Being excluded from the cyber industry & turning to content creation instead [12:33] Comparing incident response in IT vs OT environments [19:46] Dealing with post-COVID problems with the wrong OT systems online [26:51] Finding your cyber niche & exploring education options within it
Sponsor Links: Thank you to our sponsors Axonius and NetSPI for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.
What inspired you to start creating cybersecurity content? Lesley’s cybersecurity content has vastly influenced and impacted many cyber practitioners in the industry, including Ron and Chris. Unfortunately, Lesley’s journey into content creation was inspired by the lack of mentorship they received from other professionals when they were starting out. Never wanting anyone to feel the way they did, Lesley created an online world of resources to warmly welcome and educate new practitioners. “It's not a really glamorous story. When I got into cybersecurity, I wanted to do digital forensics and nobody would help me, nobody would actually take me seriously and give me a shot. Everybody should have a chance to get into cybersecurity if it's something they want to do.”
How has teaching cyber to a general audience been appealing to you? When not educating new cyber practitioners or tearing it up in the martial arts studio, Lesley likes to reach out to their community and give talks to audiences outside of typical tech and security groups. From churches to universities, Lesley loves meeting people outside of the cyber industry. These individuals always offer them a new perspective and a feeling of accomplishment for showing someone something new. “It's enjoyable to me to find other people out there who want to learn about an entirely new topic and expose themselves to its problems and how it impacts society and things like that. I appreciate that. Cybersecurity is important and it impacts everything around us all the time.”
In your world, where does incident response start, and where does it stop? Like many of cyber’s most complicated concepts, the answer to where incident response starts and ends is subjective to certain resources and elements of an organization. Lesley explains that incident response has to be planned and that the planning process has to involve when to declare an incident and when to close the said incident. Without proper planning in advance, an organization is at risk for a crisis that could’ve been responded to quickly turning into an out-of-control attack. “There's no perfect defense against an incident, everybody's vulnerable. You do your best to mitigate and avoid having a cybersecurity incident, but there's only so much you can do. Eventually, you have to assume that you're gonna have an incident.”
What piece of advice do you have for anyone looking to share more knowledge and make the cyber industry better? Although everything in cybersecurity can seem daunting, expansive, and interesting to everyone, Lesley’s recommendation to new practitioners is to find a niche in cyber and stick to it for a while. Finding a niche doesn’t have to be permanent, but Lesley believes that niche will help you carve out extensive knowledge worth sharing and creating content around. When you discover that niche, don’t be afraid to reach out to other industry experts along the way. “Pick an area and then find mentorship in that and try to focus for a couple of years on a particular area. You can always change your mind later on, just like degrees, just like training programs, but it's going to help you a lot to focus for a little while.” --------------- Links: Keep up with our guest Lesley Carhart on LinkedIn, Twitter, and their blog Learn more about Dragos, Inc on LinkedIn and the Dragos website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase Hacker Valley swag at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Challenges & Opportunities in Cyber Threat Intelligence with Brian Kime | 15 Nov 2022 | 00:31:08 | |
Brian Kime, VP of Intelligence Strategy and Advisory at ZeroFox, talks about all things threat intelligence this week. Brian explains why he chose threat intelligence as his focus, where he’s seen opportunities for growth in recent years, and what challenges for cyber threat intelligence lie ahead. Using his intelligence experience developed first in the US Army Special Forces, Brian delivers his argument for intelligence-driven security, instead of the marketing-driven security industry we have today.
Timecoded Guide: [00:00] Diving into the VP of Intelligence Strategy role [05:25] Learning intelligence in the Army Special Forces [10:09] Seeing the past, present, & future of threat intelligence [19:31] Measuring efficacy & ROI of cyber threat data [25:18] Building your own cyber threat intelligence capabilities
Sponsor Links: Thank you to our sponsors Axonius and NetSPI for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.
A lot of folks shift from intelligence into other areas of cyber, what inspired you to continue down the intelligence route? After Brian graduated from Georgia Tech and the nation experienced the tragedy of 9/11, Brian felt called to enlist in the US Army Reserve. While the war in Afghanistan was not as short-lived as anyone expected, Brian found his calling in military intelligence, where he was inspired to put his experiences in IT and intelligence together. It turns out that fusion already existed in the form of cyber threat intelligence, and Brian wanted to focus on that completely. “I want to bring all these things together and really start pushing our customers and pushing the security community in general towards more intelligence-driven security. Mostly, what I see even today still just feels like marketing-driven security.”
Where are we today with threat intelligence technology, in terms of challenges and opportunities? Brian believes we’re already in a really exciting place today in terms of threat intelligence technology. What feels especially opportune for him at the moment includes opportunities and technology that involve internal data from previous threats, freely available external data from sources like blogs, and third-party vendors. However, the challenges facing threat intelligence now involve how to make that technology available for small and medium businesses. “That's what I would love to see become the standard, that big corporations incorporate threat intelligence to the level that they can start to actually extend that value into their supply chain. That way, the whole system becomes more resilient, more secure.”
How does a security team measure the efficacy and ROI of intelligence? In Brian’s opinion, most cybersecurity practitioners don't track the ROI of their intelligence vendors, or they fail to measure intelligence for effectiveness. The metrics cyber teams should focus on include number of new detections created, incidents discovered, adversary dwell time, and improved security decision making. Unfortunately, improved decision making is the hardest to measure because it requires practitioner feedback. “At the end of the day, if stakeholders are making security decisions based on intelligence that I'm providing, that's a really good measure of effectiveness. All the security decisions that were influenced by threat intelligence, that's what we're going for.”
When you don't have an intelligence capability and you want to create one, what is typically the first thing that an intelligence team member does? If you’re intending to collect data from your customers (which almost every company out there is trying to do), then Brian believes that privacy and security need to be considered from the start. Critical security controls and a solid framework are key to early success for even the smallest security team. The best place to start? Software and hardware inventory. If you don’t know what you have, you won’t be able to secure your technology properly. “At the beginning of the critical security controls, it's always software and hardware inventory. If I don't know what I have, then I really can't do anything well in security. I can't do incident response because I don't know where my data is.” --------------- Links: Keep up with our guest Brian Kime on LinkedIn and Twitter Learn more about ZeroFox on LinkedIn and the ZeroFox website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Hiring the Next Fractional CISO with Michael Piacente | 11 Nov 2022 | 00:28:58 | |
Michael Piacente, Managing Partner & Cofounder at Hitch Partners, answers the essential question on many cybersecurity professionals’ minds: Where do CISOs find CISO jobs? As it turns out, Michael helps many cybersecurity teams find their perfect CISO match with the assistance of his own team at Hitch Partners. In this episode, Michael clarifies what the role of a CISO really is, explains the compensation and benefits, and reveals the many responsibilities a CISO may take on during their team in the role.
Timecoded Guide: [00:00] Defining the role of CISO & finding the right homes for each CISO [05:21] VCISO & fractional CISO as an alternative to a full-time CISO [11:49] CISO annual income, benefits, & non-monetary incentives [16:37] Explaining additional responsibilities & tasks taken on by the CISO [25:11] Giving advice to future CISOs looking for the next cyber executive opportunity
Sponsor Links: Thank you to our sponsor Axonius and NetSPIfor bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.
In your own definition and experience, what is a CISO? Although there’s many definitions of the role, Michael clarifies that defining CISO should always include being an executive. To have a CISO who makes a positive impact and fulfills an organization’s needs, that CISO has to be properly placed, properly sponsored, and be in an environment where they have the proper reporting processes. Michael also believes the CISO should always be looking over their shoulder to be diligent of the next threat. “In my version of it, a CISO is the executive— and that's the key term here— that has been properly placed, properly sponsored to handle all of the business information and data risk policy execution and operations in the company.”
What is the difference between a fractional CISO and a VCISO? In Michael’s opinion, a VCISO (virtual CISO) and fractional CISO can be used interchangeably in a situation where a company does not need a full-time CISO executive. Unless they’re looking to support a strong security program, Michael understands that many companies don’t need a full-time CISO in order to be successful. A VCISO makes an impact on an organization’s security without being an overwhelming role in a smaller organization. “Bringing in your starter package to implement the baseline or foundational building blocks of what will become a security program, in the form of a consultant or consulting firm, is often a wiser choice than going in building a security program around a full-time CISO role.”
Are there different types of CISOs, and have those types changed over time? Previously, Michael defined 3 different types of CISOs in his search for CISOs with Hitch Partners. However, a fourth type has emerged in recent years: the BISO, or Field CISO. This fourth type joins the ranks alongside other impactful CISO types, including the client (or governance) facing CISO, highly technical CISO, the IT-focused CISO, and now, our fourth type, the BISO, who focuses on the business side of the risk. “It's amazing that all of our CISO searches contain all these different types of CISOs. The fun part of that we get to figure out is: What's the priority [for the role]? What's the order? What does everyone in the organization think the priority should be?”
How would you direct someone to take that first step after realizing they want to be a CISO? Discovering the CISO role exists and being the right person for the role is an important distinction, and Michael encourages potential CISOs to take some time to research the job before getting involved in a job search. However, once someone knows they want to be a CISO, Michael advises finding a CISO mentor and diving into a passion. Each type of CISO needs an expertise and passion to propel them into the superpower status needed to be a CISO. “I think it’s about finding a passion. I'm a big believer that you just have to know where your superpower is, or what your superpower wants to be. In other words, that thing that's passionate to you, that you probably know better than 99% of the population out there.” --------------- Links: Keep up with our guest Michael Piacente on LinkedIn Learn more about Hitch Partners on their website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Cultivating Client Trust at Cybercon with NTT’s Dirk Hodgson & Adam Green | 09 Nov 2022 | 00:40:39 | |
Hacker Valley: On the Road is a curated collection of conversations that Chris and Ron have had during conferences and events around the globe. In this episode, NTT’s Dirk Hodgson, Director of Cybersecurity, and Adam Green, Senior Cybersecurity Executive, speak with the Hacker Valley team at CyberCon in Melbourne, Australia. Dirk and Adam cover the intersection of their roles at NTT, their experiences at conferences like RSA, their country’s cybersecurity industry, and their team’s cultivated trust with clients.
Timecoded Guide: [00:00] Reuniting at CyberCon after years of COVID limiting security conferences [06:30] Differentiating Australia’s cybersecurity industry from the rest of the world [10:48] Watching current cyber trends with CMMC & the Essential 8 frameworks [25:41] Creating interpersonal communication in a technology-driven industry [34:58] Building trust by knowing your clients & your adversaries equally
Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone How are Australian cybersecurity practitioners different from the rest of the world? According to Adam, the past 3 years have led to a massive shift in maturity for Australia’s cybersecurity industry. Previously, Australia relied on its physical isolation as a country as a means of security, but breaches have become more high profile and more impactful for Australian businesses in recent years. Now, Adam is pleased to see there be a greater understanding beyond the 101 of cybersecurity and more collaboration with security teams. “Three years ago, we used to say Australia was 5 years behind the rest of the world [in cybersecurity]. We used to think, because of proximity to the rest of the world, we were pretty safe, but it's definitely become more of a professional approach to security now.” — Adam
How do your roles as Director and Executive work together at NTT? For Dirk, cybersecurity is the ultimate team sport— and Adam is an impactful element to his cybersecurity team. While Adam often focuses on strategic planning through his background as a practitioner, Dirk enjoys how his business-driven perspective contrasts with Adam and with other members of the team. With a variety of experiences and perspectives in the room, NTT can cover issues from all sides, instead of falling victim to tunnel vision. “Adam is the person on the team, who's great at that scenario planning piece. ‘Here are the things that are gonna go wrong.’ Whereas myself and a couple of the other people on the team, look at that go, ‘What's that going to cost the organization?’” —Dirk
Where are the strengths and weaknesses in communication in cybersecurity? Just like Dirk’s thoughts about cybersecurity being a team sport, Adam believes that you have to cultivate a team member-like trust with your clients. The client in an initial conversation might seem defensive of your advice or critical of your actions. However, Adam explains that establishing credibility, especially in the business-focused cyber industry in Australia, goes a long way to creating the opportunity for more casual conversations down the line. “What we find is, in Australia in particular, it's about not just the company, but you as an individual. Do you have my back? Can I trust you? If I don't like you, will you at least mitigate my risk for me? You have to establish credibility real fast.” —Adam
What advice would you give to someone interested in cultivating more trust between clients and their team? Dirk loves a good James Bond villain, but the average hacker attacking the average business is nothing like the movies. Establishing trust with clients starts with not only understanding what they need, Dirk explains, but also knowing the most likely threats beyond the showstopping Blackhats of media fame. Being able to explain to and protect clients from the most common threats keeps their data safest and strengthens their trust in your team. “I think it's about making sure that you know what the worst case scenario is, what the most dangerous course of action that the attacker or a potential attacker could follow, but also, being able to talk credibly about what's the most likely threat.” —Dirk --------------- Links: Keep up with our guest Dirk Hodgson on LinkedIn Keep up with our guest Adam Green on LinkedIn Learn more about NTT on LinkedIn and the NTT website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Supply Chain Security & Zero Trust Tech with Ashish Rajan & Shilpi Bhattacharjee | 08 Nov 2022 | 00:37:08 | |
Hacker Valley: On the Road is a curated collection of conversations that Chris and Ron have had during conferences and events around the globe. In this episode, Cloud Security Podcast’s Ashish Rajan and Shilpi Bhattacharjee speak with the Hacker Valley team at AISA CyberCon in Melbourne, Australia. Ashish and Shilpi discuss their respective talks on supply chain security and zero trust technology, SBOMs, and keynote speakers at this year’s Cybercon worth noting for the audience at home.
Timecoded Guide: [00:00] Connecting & conversing at a cyber conference post-COVID [06:50] Breaking down Shilpi’s presentation on supply chain threats & attacks [11:45] Understanding the paradoxes & limitations of zero trust with Ashish’s talk [26:13] Defining & explaining SBOM, or Software Bill of Materials [33:16] Noticing key conversations & trends for those who didn’t attend AISA Cybercon
Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley Shilpi, can you talk about the idea behind the talk you had at CyberCon? The inspiration behind Shilpi’s conference talk was supply chain issues. Titling her talk, “Who’s Protecting Your Software in Supply Chain,” Shilpi hoped to further educate and advocate for security in the supply chain process. An estimated one in two companies will experience a supply chain attack in the coming years. Instead of fearing such a statistic, Shilpi hopes her talk inspired further security action to protect our supply chains. “One staggering fact that I read is that one in every two companies is going to have some sort of a supply chain attack in the next three years. So, who's going to look after the supply chain? Is it going to be the organization? Is it going to be your third-party vendors?” —Shilpi
Ashish, what about your talk at Cybercon? In contrast, Ashish’s talk was about the triple paradox of zero trust. When talking about and implementing zero trust, Ashish realized many companies don’t implement the cultural changes needed for zero trust and/or only talk about zero trust as a technology process. Zero trust has numerous layers beyond technology, and requires time and major changes in culture and technology to implement in most companies. “I feel bad for bashing on finance, marketing, and HR teams. They're all smart people, but if you're going to add four or five layers of security for them, they almost always say, ‘I just want to do my job. I don't really care about this. It's your job to do security.’” —Ashish
Where would you recommend starting when it comes to trying to implement the ideas in your respective talks? When push comes to shove about where cyber companies can start first with supply chain and zero trust, Ashish and Shilpi agree that companies have to discuss business priorities. When company leaders can take the opportunity to look at and understand their cyber hygiene, the next steps might look very different from another company’s tactics. Knowing what a business has is the foundational piece that impacts any new process in cyber. “If I were to go back to the first principle of what we do with cybersecurity professionals, one of the biggest assets that we're all trying to protect is data. You can't protect what you can't see, that's the foundational piece.” —Ashish
For anyone that wasn't able to make the conference, what is one thing that you would want to share with the audience at home? There were a lot of conversations taking place at Cybercon this year. Ashish wants the audience at home to know that cloud native, zero trust, supply chain, and leadership positions like CISOs were the main themes in many talks, panels, and conversations. Shilpi wants those who couldn’t attend to watch out for more talks and conversations about cyber from those outside of the industry to understand that the issues impacting cyber influence the world. “I think there's that interest about cybersecurity being more than just a cybersecurity problem. Cybersecurity is not just a technical problem, it's a societal problem, a cultural problem. I very much agree, because a lot of the things that we're dealing with impacts everyone.” —Shilpi --------------- Links: Keep up with our guest Ashish Rajan on LinkedIn Keep up with our guest Shilpi Bhattacharjee on LinkedIn Listen to Ashish and Shilpi’s Cloud Security Podcast Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| The Future of Pen Testing Automation with Alton Johnson | 07 Nov 2022 | 00:24:01 | |
Alton Johnson, Founder and Principal Security Consultant at Vonahi Security, automates his way out of his pen testing job in this week’s episode. An AOl hacking gone wild got Alton into defensive cybersecurity years ago, and now, as the Founder of Vonahi, Alton advocates for automation and efficiency in the pen testing process. Alton talks about his connection to defensive over offensive, customizing a pen test report to your audience, and finding that sweet spot between practitioner and entrepreneur.
Timecoded Guide: [00:00] Learning the importance of automation in defensive cyber [07:48] Connecting with automation & defensive cybersecurity over offensive [12:01] Showing the results that matter to the right people in a pen test report [15:27] Prioritizing exploitations in the world of vulnerability assessments [21:59] Maintaining the cyber practitioner & the entrepreneurial side of Vonahi
Sponsor Links: Thank you to our sponsors Axonius and NetSPI for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.
How have you seen automation change yourself and your role? As a penetration tester, Alton explains that time is often not on his side. There’s a limited amount of time to do an assessment, and the measure of a good pen tester is often determined by fast, high quality reporting. Automating the repetitive tasks of pen testing not only saves time, but Alton believes it genuinely changes the role into something much more efficient, high value, and successful. “Automation obviously plays a huge part in growing in the career too, because the more you can do, the more value you can provide, and the faster you can provide that value makes you a better pentester.”
How do you convey the story of a red team engagement in different ways so that message is received by everyone in the company? At Vonahi Security, Alton’s team separates pen testing reports into an executive summary and a technical report. The executive summary is high level, demonstrating the impact and severity of what was discovered from a business point of view. Many business executives don’t need the technical play by play, which is why that is saved for the technical report. The technical report acts as a scene by scene story of what was done and how to technically fix it. “We separate the two conversations. Here's what we did at a high level to anyone that doesn't really care about the technical stuff, but only cares about how it impacts the business, and then, for the person that has to fix the issues, here's everything that they would need.”
What would you tell the newer generation of cybersecurity practitioners about the offensive side? When Alton first started his cybersecurity journey, he was very into hacking and coding. That passion for code has served him well, allowing him to become successful enough to start his own business with Vonahi. For the younger generation of cyber practitioners, Alton recommends not skipping that coding education. As technically advanced and automated as cybersecurity tools are, practitioners should be prepared to code when something breaks or doesn’t work as intended. “I think coding is extremely valuable, because there's going to be many times that tools that you use don't work and you have to have the experience and knowledge to basically fix those problems with coding.”
What have you learned over the past few years that has helped you to maintain both the technical and business side of Vonahi? 21 Efficiency is the name of the game for Vonahi— and it’s the one thing that has allowed Alton to remain in a hands-on pen testing role while still being a business owner. Keeping it efficient is more than just technology and automation. Alton believes his success is a direct result of the efficient technology around him and the hardworking, intelligent, efficient team members working with him at Vonahi. “It is really just about efficiency. We look to all these other leaders, but for me, I like to learn from other people's failures. I don't want to take the same growth processes as the person who failed and didn't do well.” --------------- Links: Keep up with our guest Alton Johnson on LinkedIn and his personal website Learn more about Vonahi Security on LinkedIn and the Vonahi Security website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| The Secret Sauce of SANS Instructors with John Hubbard | 01 Nov 2022 | 00:30:28 | |
John Hubbard, SOC consultant, SANS Sr. Instructor and host of the Blueprint Podcast, joins the Hacker Valley team this week to discuss SANS, SOCs, and seeking new hobbies. As the curriculum lead for cyber defense, John breaks down what makes a good SANS instructor and how to inspire passion in students when teaching for long hours. Additionally, John gives away his life hacks for pursuing passions outside of the cybersecurity industry, including podcasting, video editing, music creation, and nutrition.
Time Coded Guide: [00:00] Instructing for SANS & what it takes to be a good instructor [07:33] Exploring the potential of a SOC-less cyber industry [13:38] Teaching complicated topics with clear visuals & simple comparisons [19:37] Podcasting his way to better SOC consulting skills [26:12] Finding a balance between jack of all trades & single skill master
Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
What do you think are the makings of a good instructor, especially for SANS? Transitioning from the world of electrical and computer engineering, John’s journey to becoming a SANS instructor took over 3 years of study. Although he jokes that training to be a SANS instructor was the longest job interview ever, John is thankful for the mentorship and inspiration his training gave him. SANS courses require long hours and hard work, but John believes the best instructors bring a real love for what they do to each class. “The technical aspect has to be there in a very strong way. Beyond that, you have to deliver this message not only with razor sharp clarity, but also with passion and energy. People are sitting there watching you talk for hours. If you aren't excited, they're not going to be excited.”
Cyber defense is a pretty broad topic. What makes you feel comfortable teaching a course on cyber defense? Cyber defense can be a topic that’s both broad and confusing for students, but John has been dedicated to building a curriculum that cuts through the confusion and inspires innovation. Teaching his students to focus on priorities, John wants to bring clarity to complex topics like SOCs, Kerberos, and related security issues. While the topics can be broad and debatable, John wants to equip his students with real world examples and simple comparable concepts. “If there was one word I was going to summarize both of the classes I teach with, it’s ‘priorities.’ It's getting the right stuff there first, and not getting distracted by all the other details that are potentially trying to pull you in the wrong direction.”
Have there been unintended benefits to being a podcast host, that either helps you as an instructor, or even someone that does consulting in the SOC space? Taking the chance to start the Blueprint podcast was inspired partly by John’s previous interest in podcasts like Security Now, but also by his pursuit of learning content creation. Starting a podcast, for John, was an exercise in testing his comfort zone. Learning the technical aspects as well as the creative aspects of content creation and podcast hosting continues to build John’s confidence in his storytelling and teaching skills. “For me, a lot of things have come out of podcasting. Probably one of the biggest things is just flexing that muscle of doing things that are slightly uncomfortable and scary. Any time you think, ‘I don't know if I can pull this off. Should I do it?’ The answer should always be yes.”
What is one piece of advice or philosophy that enables you to do more and squeeze as much as you can out of life? In the same way that he teaches his SANS students about priorities, John focuses on his personal priorities often in order to accomplish his well-rounded, jack of all trades lifestyle. Building new skills and cataloging new experiences feels vital for John. Taking full advantage of the time he’s been given and getting curious about expanding his comfort zone is an essential philosophy that has taught John not only about cyber defense, but about every hobby he enjoys as well. “I try to get up as early as I can manage to get up every day, well before I start getting emails and meeting requests and all sorts of stuff like that, and try to plan out my day and ask myself, ‘How am I going to actually approach doing the things that matter the most to me?’” --------------- Links: Keep up with our guest John Hubbard on LinkedIn, Twitter, and YouTube Listen to John’s podcast on the Blueprint Blog Learn more about John’s work on the SANS Institute website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| AI and the Future of Cyber Defense with John Hubbard | 08 Oct 2024 | 00:34:12 | |
How can AI shape the future of cybersecurity defense? In this episode, we dive into SOC operations, AI integration, and the latest in threat detection with John Hubbard, Cyber Defense Curriculum Lead at SANS. John discusses the expansive landscape of cybersecurity defense, while sharing insights on AI's role in threat detection and the cutting-edge tools that are pushing the boundaries of cybersecurity. From automation to detecting anomalies in network traffic, this episode will bring you up to speed on the latest trends and challenges facing cyber defense teams. Impactful Moments:
Links: Connect with our guest, John Hubbard: https://www.linkedin.com/in/johnlhubbard/ Check out the SANS Cybersecurity Courses & Certifications: https://www.sans.org/cyber-security-courses/
Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ | |||
| Creating Community for Female Security Practitioners with Larci Robertson | 25 Oct 2022 | 00:26:07 | |
Larci Robertson, Sales Engineer at Cyberreason and Board President of Women of Security, brings her expertise and experience in cyber threat analysis, community building, and networking to the pod this week. Larci talks about her time in the Navy, her desire for female friends, and how the combination of those two things led to her joining Women of Security (WoSec). In this episode, Larci walks through the importance of women-led cyber spaces and how mentoring gives back to the community in a ripple effect.
Timecoded Guide: [00:00] Searching for friendship in Women of Security spaces [06:56] Diving into the Dallas cyber community with WoSec [14:00] Finding mission-focused purpose in threat intelligence analysis [17:57] Transitioning from the military into security and technology [24:10] Encouraging women to stay motivated in the cyber industry
Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley How did you get introduced to Women of Security? After leaving the Navy and moving to Dallas, Larci struggled to find community amongst other women in tech. She worried the women she knew outside of the industry wouldn’t understand her unique struggles, but the women she was meeting in cyber felt few and far between. Reaching out to Women of Security felt like an encounter with destiny, which inspired Larci to start her own WoSec chapter in Plano and find her voice as a community leader. “I wanted to find those women and get more women into security, but also have somebody to hang out with that was in the same industry, same page, we're all kind of going at the same pulse of what we've got going on in our lives.”
What are the challenges for women transitioning into the technology field, whether they're coming from the military or from another industry? As a woman in threat defense analysis, Larci understands the hurdles and complications that come with transitioning into the field. Originally gaining her security experience in the Navy, Larci explains that she, along with many women she meets in the industry, undermine their past experiences and doubt their full potential. This often leads to less job applications from women when positions open up, perpetuating the gap for women in tech. “I want to tell women, and I do tell them all the time, don't look at that job title. Read through the actual like, what they want you to do, and maybe you understand it in a different way. Don't worry about that stuff. Let them tell you you're not qualified, don't do it to yourself.”
What comes to the top of your mind about the power of community when thinking about WoSec? Community inspired Larci to be a part of WoSec, but it also left a lasting impact on her friends and her family. Not only has Larci witnessed many female friends achieve career heights they never dreamed possible, she’s also seen Women of Security inspire her own daughter. Initially believing her job was “too technical,” Larci’s daughter now better understands her own potential to succeed in cyber and tech, which has given her so much confidence in her future. “I'm seeing people get their first jobs in cybersecurity, and it's really exciting. And then, they'll turn around and help somebody else. I feel like that's happening a lot more. I see it because my group is doing it, I think we're all emulating each other in that way.”
For any women listening right now, what would be that piece of advice that you have for them to keep them energized while they're in the field? Money is a motivator for many individuals transitioning into the cyber industry. While Larci understands why she meets many women looking to make more money in cyber, she also encourages those women— and anyone else listening to this week’s show— to find a purpose and passion for their work. Money motivation doesn’t last forever, and Larci wants to build a community of women who understand and enjoy their purpose in tech. “I feel like no matter what you do, if you have purpose in what you're doing, you're going to stay and you're going to have that drive. On top of that, you gotta have fun with this. If you're not having fun at what you're doing every day, I think you're doing it wrong.” --------------- Links: Keep up with our guest Larci Robertson on LinkedIn and Twitter Learn more about Cyberreason on LinkedIn and the Cyberreason website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Securing Feelings of Worth, Value, & Belonging with Marrelle Bailey | 18 Oct 2022 | 00:25:01 | |
Marrelle Bailey, Community Manager, Content Curator, and DEI Advocate, brings her multifaceted career experiences down to Hacker Valley Studio this week. Tapping into her past lives in yoga, bodybuilding, community managing, and cybersecurity, Marrelle explains the silo her career has taken into helping others find ease and peace of mind in their work. Marrelle also walks Chris and Ron through an exercise designed to help anyone feel more worthy, valuable, and like they belong.
Timecoded Guide: [00:00] Taking on career pivots with excitement & curiosity [06:23] Bodybuilding & yoga’s surprising presence in her cyber career [09:28] Finding black women in predominantly white tech communities [14:07] Being a jack of all trades, but a master of self worth & reflection [20:54] One key practice for feeling worthy, valuable, & like you belong
Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley What from your past in yoga and bodybuilding has stuck with you today? As someone who grew up feeling traumatized and uncertain, Marrelle believes that yoga genuinely saved her life. Yoga helped Marrelle feel confident and empowered, and also taught her the importance of self-reflection. Additionally, Marrelle’s continued health and wellness journey inspired her to take up bodybuilding, which has motivated Marrelle to work hard, to motivate others to engage in their health, and to recognize when she’s holding herself back. “My clients know I'm fixated on pushing them as much as I push myself, because I know we have greatness. I know for myself, I can be the best self-sabotager in the world when it comes to pushing myself professionally. I know what it feels like sometimes to hold yourself back.”
What has it been like doing all these different roles and how do they stack together? Marrelle is a true example of a jack of all trades, with experience in personal training, cybersecurity, content creation, and community management. Despite the differences, each role Marrelle has taken on has ultimately focused on compassion, authenticity, and perseverance. Marrelle never saw black women succeed in the areas she wanted to succeed, but now, she can set an example and show that she belongs in each opportunity she takes. “I feel like each job taught me, even though they were all so different, they all taught me about gaining compassion for people. Am I being authentic to the people around me? Am I giving people the ability to be themselves and for me to be myself, to grow, to persevere, to push?”
How would you describe yourself, being so multifaceted and dimensioned? Marrelle believes she is someone that just wants to help other people and support other people in their healing process and in knowing their importance. Many people, regardless of their profession, struggle with difficult feelings of unworthiness and exclusion, fearing that they won’t be taken seriously for who they are. Marrelle has struggled with these same feelings, and wants to create safe spaces for people to grow and nurture their confidence. “I just want to bring people's lives ease and peace and remind them how valuable they are, because I think all of us at some point struggle to know our worthiness and our value, and that we belong in the spaces that we're in, because sometimes we can really feel left out.”
What would you recommend for anyone who wanted to start feeling worthy, valuable, and like they belong a little bit more today? While anyone can struggle with feeling a lack of worth, value, and belonging, Marrelle wants to reassure listeners that these exist in abundance and can be built up with mindfulness exercises. An easy way to start practicing a better and more positive mindset is through inhaling the good and exhaling the bad. As you inhale deeply, think positively about who you are and who you want to be. As you exhale, get rid of negative and unfair thoughts about what makes you “not good enough” to feel worthy, valuable, and like you belong. “You are worthy, you are valuable, and you belong where you are. No one can question it, you are where you are because you got there. No one knows your backstory, no one knows your journey, no one can walk in your shoes, but you deserve to be where you are.” --------------- Links: Keep up with our guest Marrelle Bailey on LinkedIn, Twitter, and website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Finding Your Imposter Syndrome Origin Story with Sheryl Anjanette | 11 Oct 2022 | 00:32:06 | |
Sheryl Anjanette, Author, Speaker, and CEO & Founder of Anjanette Wellness Academy, comes down to Hacker Valley to discuss and promote her new book. The Imposter Lies Within covers Sheryl’s work with the intersection between business and mindset, and invites professionals to reconsider and reprogram their brains away from imposter syndrome. Using her findings personally and professionally, Sheryl walks through the origins, explanations, and potential remedies for imposter syndrome in this episode.
Timecoded Guide: [00:00] Discovering imposter syndrome’s origin story [05:04] External triggers vs the inner critic [13:59] Imposter syndrome & Neuro Linguistic Programming (NLP) [21:11] Reprogramming your brain to heal from the imposter phenomenon [27:34] Fearing firing as an unrealistic response to the inner critic
Sponsor Links: Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley Uptycs, analytics for the modern attack surface, observability for the modern defender. Check out Uptycs by visiting them at uptycs.com
What is the origin of imposter syndrome? Defined and named in the early 1970s, imposter syndrome impacts each person in different ways depending on a variety of personal experiences, including gender, upbringing, and income status. Despite the experience varying from person to person, Sheryl explains the set of symptoms still remains strikingly similar, no matter who is suffering from imposter syndrome. This has made the phenomenon relatively easy to identify with, as many struggle with a lack of belonging, self worth, and self confidence. “In the early ‘70s…researchers called it the imposter phenomenon, but they had only studied women. For quite a long time, people thought only women experienced feeling like an imposter, but recent studies have shown that men and women experience this almost equally, just differently.”
Do you see imposter syndrome as a negative construct of Neuro Linguistic Programming (NLP)? Outside of the office, Sheryl incorporates Integrated Hypnotherapy in a large majority of her coaching work and explains that a large majority of that has involved delving into NLP, or Neuro Linguistic Programming. NLP emphasizes the importance of what people tell themselves. What someone actively lets themselves think has the power to become true to their brain. When someone thinks they are an imposter at work, they end up accidentally using aspects of NLP, which causes their brain to believe they are an imposter. “Our conscious mind is only 10% of our reality, 90% is below the surface. When we can start to make the unconscious conscious, when we can do the deep dive and go back in and look at our programming, we can see where the code went bad and change that.”
What are the steps of reprogramming your mind away from these imposter thoughts? Reprogramming someone to actively deny and work against imposter syndrome thoughts requires a deep dive into emotions and an understanding of an internalized past. Sheryl explains that being present, taking deep breaths, and allowing your perspective to shift out of your head and into your body are all steps that need to be taken in this reprogramming process. This process is powerful and new, but Sheryl promises it doesn’t have to be difficult or uncomfortable. “Get very, very present in the moment and then, just feel yourself drop into your heart. Feel yourself drop into your heart, it's only an 18-inch journey, but it's something we generally don't do very often. Get out of our head and into your heart.”
For anyone that's dealing with imposter syndrome, is there anything that you would want to tell them to help them understand the power within? Sheryl sees a large majority of professionals struggle specifically around the idea of not being good enough at work and being an imposter at risk of being fired. Imposter syndrome can convince anyone of this idea because it doesn’t rely on experience as evidence, according to Sheryl. Instead, someone suffering from imposter syndrome has to acknowledge that the idea of not being good enough and being fired is just an idea, not reality. “As you go into your heart and into your observer role, ask yourself: Is this real? Where's this coming from? And then, tell yourself a different story. ‘I'm good. Everything will work out. I think that's just a pattern that I've had for a long time. I'm going to assume the best.’” --------------- Links: Keep up with our guest Sheryl Anjanette on her website, LinkedIn, or via email: hello@sherylanjanette.com Purchase Sheryl Anjanette’s book, The Imposter Lies Within, on Amazon and Barnes & Noble Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Beers, Tears, & Breaking Through in Cybersecurity Marketing with Gianna Whitver & Maria Velasquez | 06 Oct 2022 | 00:31:19 | |
In this special episode, Hacker Valley community members and hosts of the Breaking Through in Cybersecurity Marketing podcast, Gianna Whitver and Maria Velasquez, tell all about the ups and downs of cyber marketing. As podcast hosts and founders of the Cybersecurity Marketing Society, Gianna and Maria eat, sleep, and breathe cybersecurity marketing. This week, Gianna and Maria share the history behind the Society and explain why they decided to host their CyberMarketingCon2022 conference in person.
Timecoded Guide: [02:41] Creating the Cybersecurity Marketing Society [06:29] Transitioning CyberMarketingCon2022 from virtual to in-person [10:50] Combating the difficulty of growth marketing to cybersecurity practitioners [18:34] Examining ROIs for attendees of conferences like Black Hat and RSA [28:15] Finding the one thing they would instantly change about cyber marketing
Sponsor Links: Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley Uptycs, analytics for the modern attack surface, observability for the modern defender. Check out Uptycs by visiting them at uptycs.com How did the Cybersecurity Marketing Society come to exist? Gianna and Maria initially met and bonded over how the cybersecurity marketing world is constantly changing and evolving, for better or worse. They would get together to chat, as well as share strategies and insights. They quickly realized, through their friendship, that there was potential for a solid community in cybersecurity marketing. They started a Slack channel, just to put something out there. The channel grew from 10 participants into a bustling community of over 1500 people. Now, the Society is growing every day and hosting online events. “It's always really nice to look back at the start, and it humbles you, right? As you continue this hustle of just growth and ongoing things happening, it's nice to take a step back and say, ‘Wow, look at where it all started.’ It seemed like just a crazy idea then.” –Maria Velasquez What inspired the leap to host an in-person conference for CyberMarketingCon? Back in 2020, while everyone was experiencing the height of the pandemic, members of the Cybersecurity Marketing Society were still interested in making connections with other professionals in the industry. Gianna and Maria decided the best option available was hosting virtual conferences in 2020 and 2021. Later, they branched into in-person chapter meetups in cities around the world. An in-person CyberMarketingCon2022 seemed like the next natural step in the process to cement those community connections. “We started planning on a spreadsheet, basically. What's the theme? What do we want to cover in terms of topics? We looked to our members within the Society to hear what they'd like to learn at the conference and the speakers they'd like to see.” –Maria Velasquez
What makes it so difficult to market to cybersecurity practitioners? Cybersecurity practitioners are notoriously skeptical. Their purview is full of phishing links and threat actors, and their guards are always up. Practitioners also often have a revolving door of folks wanting them to try demos, which makes it harder for someone to stand out. Maria and Gianna explain that you have to create a different kind of connection to build a relationship with practitioners, and advise marketers to avoid the cringeworthy commercial buzzwords. “We're here to make sure that together, as an industry, cybersecurity marketers default to the best practices in marketing to practitioners, and that we're not bothering our target audience. We're doing great marketing, so that we can help everyone be more safe.” –Gianna Whitver
What did the ROIs look like for attendees of Black Hat and RSA? In general, according to Gianna and Maria, the return on investment seemed higher for attendees at Black Hat, rather than at RSA. For marketers, RSA is less about selling and more about brand awareness and meeting with investors. In contrast, those who attended Black Hat reported that, even though the quantity of traffic at their booths was lower, the quality of the connections was higher, and there is a lot of optimism about opportunities to connect next year becoming more frequent. “We're going to keep doing this every year. We're going to keep expanding the survey, we're going to have better data. I'm really looking forward to next year's debrief on Black Hat and RSA, seeing how things changed and how companies perceive their ROI.” –Gianna Whitver ---------- Links: Grab your ticket to the CyberMarketingCon2022 Follow Gianna on LinkedIn Catch up with Maria on LinkedIn Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Putting Your Cyber Marketing Audience First with Dani Woolf | 04 Oct 2022 | 00:26:30 | |
Dani Woolf, Director of Demand Generation at Cybersixgill and Host of the Audience First podcast, brings her marketing expertise to Hacker Valley to talk about what’s broken in the marketer-buyer relationship. Dani’s tried and true methods of cybersecurity marketing involve clear messaging, authentic communication, and building trust in an industry where not trusting anyone is the norm. How can cyber marketers break through the negative stereotypes and show cybersecurity buyers that they’re authentic?
Timecoded Guide: [00:00] Fixing the broken relationship between cyber marketers, sellers, & buyers [04:58] Unrealistic marketing goals vs incorrect marketer perspectives [10:23] Better conversations between marketers & practitioners with Audience First [15:12] Connecting with curious cyber practitioners instead of dismissing them [23:37] Advice for cyber marketers looking to start fresh with content
Sponsor Links: Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley Uptycs, analytics for the modern attack surface, observability for the modern defender. Check out Uptycs by visiting them at uptycs.com
What messages are practitioners receiving (or not receiving) from cybersecurity marketers? One of the domains Dani actively uses is hilariously titled, “WTF Did I Just Read?” This project, inspired by the contextless and confusing messaging cyber practitioners receive everyday, aims to show marketers how to adopt better tactics and more authentic communication with potential buyers. Truth be told, Dani has seen the worst of cyber marketing, and she understands why many marketing teams get a bad rap in the industry. “Frankly, [marketers] are just sending messages that have absolutely no context or need to the buyer, which is just lazy. You have to identify the problem, do a little bit of legwork to see what the buyer is interested in. Who are they really? What are they trying to solve?”
Where do you think we all went wrong, from a cyber marketing perspective? Two factors have contributed to incorrect and inauthentic marketing tactics in cybersecurity, according to Dani. The first is pressure to achieve stressful goals and unrealistic KPIs on marketing teams that should be focusing on quality of communication over quantity of calls or outreach methods. The second is marketers coming into the cyber industry with the false mindset that cyber marketing is just like any other marketing, when in reality, the methods of communication and the relationship with buyers is completely different. “A lot of professionals coming into cybersecurity think that what they've done in other verticals works in cybersecurity, when in fact it doesn't. I know for a fact it doesn't, because that's how I made mistakes in the security space and that's how [my podcast] Audience First was born.”
Is there a lot of conversation and communication happening between marketers and cybersecurity practitioners? Marketers and practitioners are not communicating in a trustworthy and authentic way, in Dani’s opinion. Many marketers fall into the mindset trap of letting the “smart people” in the room talk during meetings and calls, instead of engaging in the conversation. Dani explains that when cyber marketers shut themselves out, they don’t learn anything about cybersecurity or about their clients. Not knowing creates a lack of trust and confidence for both sides. “If we continue to just click on buttons and look at numbers, we're not going to do our jobs any better. I urge anybody listening to foster that bidirectional relationship, to be open to marketers speaking to you, and to be open to speaking to practitioners and asking for feedback.”
How would you compare the average cybersecurity buyer to, for example, other buyers in the technology space? Despite the stereotypes of cybersecurity buyers being tough or unapproachable, Dani admits that many of her cybersecurity clients are kinder and more empathetic than in other tech industries. However, this kindness and empathy has to be earned, and security professionals aren’t always the easiest people to gain the trust of. Dani explains that credibility and authenticity reign supreme in messaging to cyber buyers, because that is the only way to break through the caution many practitioners are trained to have. “Why would I scratch your back? Or, why would you scratch mine if I don't even know who you are? Like, the whole point of security is not to trust everything that you see. So, trust and credibility is a huge part of that, and establishing authentic relationships is a huge part, too.” --------------- Links: Keep up with our guest Dani Woolf on LinkedIn and Twitter Listen to Dani’s podcast, Audience First, and learn more about “WTF Did I Just Read?” Check out the Cybersixgill website Learn more about Dani’s work on her other Hacker Valley podcast appearances: Breaking Through in Cybersecurity Marketing, Breaking Into Cyber Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Special Featured Episode! Purple Teams & Threat Informed Defenses with Ben Opel | 29 Sep 2022 | 00:26:43 | |
Ben Opel, Senior Director of Professional Services at Attack IQ and former Marine, joins Chris and Ron to talk about the essentials of purple teaming. Combining the essentials of the red team and the blue team, a purple team offers cybersecurity companies a unique opportunity to create a threat informed security process. Using his time in the Marines and his experience at Attack IQ, Ben walks through purple team philosophy, breach and attack simulations, and shifting from a reactive to a proactive mindset.
Timecoded Guide: [00:00] Past experiences with cybersecurity in the Marine Corp [04:28] Exposure to purple teaming in defensive cyber ops [10:26] Implementing breach and attack simulations in defense strategy [14:38] Threat informed defense and the aftermath of breach simulations [23:36] Communicating and approaching risk-related decisions
Sponsor Links: Thank you to our sponsor AttackIQ for bringing this episode to life! AttackIQ - better insights, better decisions, and real security outcomes. That's why we partnered with them to create free cybersecurity trainings! Check it out at academy.attackiq.com
How did you first get exposed to purple teaming and what are some of the tenants that you hold today? Ben’s experience in cybersecurity and his journey into purple teaming occurred during his time with the Marine Corps, performing defensive cyber ops. Originally, Ben didn’t even know the term purple team existed when he first encountered it, but his team was already approaching their work that way. Ben explains a core tenant of purple teaming is getting people in the same room and showing them the value their work brings to one another. “We started building our teams around this multifunctional purple concept of having threat hunters, threat intelligence, red cell, support and mitigation, and forensic cell all in one. All of these capabilities in one team, where they could work synergistically.”
What are the shortcomings and advantages of the purple team philosophy? Like any philosophy, Ben explains that the hardest part of incorporating a purple team mindset is including it in everything your team does. To aid in this shortcoming, Ben keeps one question in mind: “What can someone do for me, and what can I do for them?” When involved in a purple team, everyone is putting their heads together. Ben explains there’s much less confusion between offensive and defensive professionals in that purple collaborative setting. “Pure red team ops can be super fun, but you leave every job not sure they're going to actually make something with what you did. I've worked with blue teams who are like, ‘Hey, this was a great report, red, but we made some fixes, but we don't know if these are good.’”
How do we get more people into being proactive and adopting the purple team perspective? A large majority of cybersecurity teams and processes involve reacting to potential threats and incidents. In contrast, purple teaming and threat informed defense strategies emphasize a more proactive mindset. Ben explains that working with a capability like Attack IQ helps teams build confidence in what they can prepare for and prevent. Building confidence in infrastructure and resilience in your team helps a proactive mindset thrive. “It’s about giving folks the ability to parse out and understand what's important to them, and to boil that down into, ‘Okay, now, what does that mean when hands on keyboard?’ Making that available, making that easily digestible. It's an education problem in this realm.”
What would be your first piece of advice for the person about to embark on discovering or explaining breaches and attacks in relation to their organization? Ben explains that explaining breaches and helping others in your organization understand attack risks starts with showing. He explains that revealing how easily these things can happen and in what situation certain events could be particularly harmful opens the eyes of members of your team to what their threats look like. Instead of catering to doom and gloom, analyze your cyber threat risk with practicality and literal examples. “If I had to say that I had a specialty forced upon me by the Marine Corps, it was that. It was going over to peers and telling them that this is something that's good, bringing my red team in and letting them poke around, letting my blue team plug in to their network from some strange IP that they've never seen before.” --------------- Links: Keep up with our guest Ben Opel on LinkedIn Learn more about Attack IQ on LinkedIn and the Attack IQ website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Recruiting and How to Find the Perfect Match with Mimi Gross | 27 Sep 2022 | 00:27:26 | |
Mimi Gross, Founder and Cybersecurity Matchmaker at People By Mimi, connects early stage through Series C cybersecurity startups with sales and marketing talent. As a recruiter and headhunter with over 5 years of experience, Mimi refers to the process of recruiting and hiring as “cybersecurity matchmaking.” Mimi joins Hacker Valley Studio this week to talk about what recruiting and dating have in common (including marriage!), and the ways to deal with rejection during the hiring process.
Timecoded Guide: [00:00] Defining the term “cybersecurity matchmaking” as a recruiter [04:00] Commonalities between recruiting and dating advice [07:55] Dealing with job rejection like a bad breakup [15:17] Balancing hiring manager wants and needs in the recruitment process
[20:11] Emphasizing chemistry between the ideal candidate and their future employer
Sponsor Links: Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley With Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution: uptycs.com.
Where did the term “cybersecurity matchmaking” come from? There’s a huge element of matchmaking in recruiting. That’s essentially what you’re doing — you’re matching a potential candidate with a potential new position. Certain recruiters and companies instead treat the act of recruiting candidates and hiring new employees like a sales transaction. This feels impersonal for everyone involved. Referring to recruiting as “matchmaking” reminds everyone involved that there are humans in the process at every stage, from application to references, interviews to onboarding. “Early on, I was disillusioned with recruiting, because I realized that people don't treat it like finding the perfect match. It's like sales for some people. I quickly said, ‘I can't do this thing unless I can call it matchmaking.’ That's where the term came in.” What does dating advice have to do with recruiting? In both recruiting and dating, you’re trying to find the “right” fit. In dating, both people in a relationship are looking for “the one”; someone to grow with long term and to build a mutually beneficial relationship with. In recruiting, the founder or hiring manager is looking for the right candidate for the role, while the job searcher is looking for the right job for their career. In both dating and recruiting, when you find the right one, it won’t be a huge compromise or a challenging fit; the relationship will feel authentic and natural. “I find that the best matches I make — and I love to call them matches, because they really are — I look back at them, like, ‘You know, that was a good match.’ In those great matches, the chemistry was there right away.”
How do you help candidates deal with rejection? Rejection is part of the recruiting process, just like how breaking up is part of the dating cycle. There are going to be times when the fit isn’t right and the job you want goes to a different candidate. The trick is to not take it personally. Instead, take a learning approach to the situation. The company might need to go in a different direction, or someone else in the organization may be taking over the position. Unlike dating, the hiring process is unrelated to who you are as a person. Focus on learning and applying your experience elsewhere. “It’s not just about not taking rejection personally. You have to see that there will be the right fit for you, and that also, the person who is rejecting you now could be a valuable person to know in the future. Never burn bridges.”
What is one of the most important aspects in recruiting? Chemistry is key in the recruiting process. You may have a company executive or a hiring manager who wants a specific trait from their applicants, like an Ivy League education. As a recruiter, you have to dig beneath the surface to discover the “why” behind a job qualification or educational requirement. Perhaps the employer actually wants someone organized or detail-oriented. Getting to know the “why” means that you can find the actual right fit, while the chemistry between the job seeker and the hiring executive will take care of the rest. “In the beginning, if you find the right match, the dating metaphor here is that nobody's perfect. You have to figure out what kind of imperfect you can handle and you can love, and that's the right match.” ---------- Links: Spend some time with our guest Mimi Gross on LinkedIn Learn more about cybersecurity matchmaking on the People By Mimi website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Recruiting Talent for Cybersecurity’s Next Open Position with Renee Small | 20 Sep 2022 | 00:27:12 | |
Renee Small, Cybersecurity Super Recruiter, content creator, and host of the Breaking into Cybersecurity podcast, joins the Hacker Valley team to clear the misconceptions around recruiting and discuss cybersecurity’s open positions. Taking labor shortages and skills gaps into consideration, Renee explains how she’s helped others start strong in the industry and hone their skills. Additionally, Renee covers her journey into content creation and podcasting, and how that’s impacted her recruiting work.
Timecoded Guide: [00:00] Understanding a recruiter’s role in big and small cybersecurity orgs [06:37] Diving into content creation with the Breaking into Cybersecurity podcast [12:13] Challenges and rewards of helping entry level cybersecurity professionals [16:02] Rewarding cyber recruitment stories and tech mentorship opportunities [22:39] Advising job seekers looking for entry level positions in cybersecurity
Sponsor Links: Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley With Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution: uptycs.com.
What is the role of a recruiter in cybersecurity? Renee knows the idea of a recruiter can be a confusing one, and the role of a recruiter can be radically different depending on the size of an organization or the type of recruitment they focus on. Overall, however, Renee believes that the role of a recruiter is to be a matchmaker for a position within a company. Cybersecurity recruiters have to understand the technical needs of a position and the cultural needs of a cybersecurity company to find the perfect practitioner fit. “The role really is to be like a matchmaker. You’re seeing who out there is a great fit for which roles, which companies, and which culture, or which company culture, and that's what makes it, for me, a lot of fun.”
How has being a content creator impacted your work as a recruiter? Although Renee doesn’t always identify as a content creator, her work with Chris Foulon on the Breaking into Cybersecurity podcast speaks volumes about the type of creator she really is. Renee always focuses on giving back with the work she produces, whether that work involves career coaching, recruitment advice, or cybersecurity education. Becoming a podcaster and content creator has allowed Renee to answer questions and provide information that helps the entire online cyber community. “I experienced all the positions that were open as a recruiter, but I had no idea that there was this group of folks who were entry level, or transitioning into their first cybersecurity position, and they needed my help [in order to break into cyber].”
What are some of the most fulfilling moments that a recruiter can have? Being a recruiter gives Renee the opportunity to help cybersecurity practitioners discover their dream job and navigate the industry intelligently. Her fulfilling moments actually center around those she’s helped along the way, including a former mentee and a former helpdesk employee looking for upward mobility. Finding the perfect match isn’t just about satisfying the company needs, Renee explains, but is also about connecting someone to an opportunity for success and growth. “I get a kick out of people getting a job, it's almost like a little high for me. Every time I'm the person who connects people and it works out and they get paid well, I have a little party in my head. It's just so rewarding. I love that matchmaking process so much.”
What advice do you have for professionals struggling with their job search in the cybersecurity industry? Cybersecurity’s labor shortage and staff burnout issues threaten even the most air-tight of security teams. Unfortunately, Renee explains that even with so many job openings, entry-level employees or professionals transitioning industries still can’t break into cyber. Her best advice for those struggling to take the first step is to connect with successful practitioners in the field already through nonprofit organizations and network events. Focus on a network that will expand your knowledge of cyber and the state of the industry. “If you're a college student, if you are someone out there looking to understand what's happening in the field, join one of the myriad of cybersecurity nonprofit organizations and learn about what security really is.” --------------- Links: Keep up with Renee Small on LinkedIn Listen to Renee’s podcast Breaking into Cybersecurity Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Keeping It Open Source with Metasploit’s HD Moore | 15 Sep 2022 | 00:37:33 | |
This season of Hacker Valley Red wraps up with another interview of an incredible offensive cybersecurity legend. Known first and foremost for his work founding Metasploit and his recent work co-founding Rumble, HD Moore joins the show this week to hear about his journey from spiteful hacker to successful founder. HD walks through the history of Metasploit, the motivation behind their coding decisions, his opinions on open source software, and the excitement of exploration and discovery. Timecoded Guide: [04:57] Catching up with HD’s career from his hacking exploits in the ‘90s through his founding of Metasploit to his recent activities with Rumble [11:41] Getting personal with the feelings and takeaways from a project as successful and impactful on the cyber industry as Metasploit [18:52] Explaining HD’s personal philosophies around accessible education and the risk of sharing vulnerable information publicly [25:39] Diving deep into the technical stories of HD’s path of discovery and exploration during his time at Metasploit [31:14] Giving advice for future founders and hackers looking to make a legendary impact on the cybersecurity community Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!
What were some of the trials, tribulations, and successes of Metasploit? Although Metasploit has had a lasting impact on the cyber world, HD Moore is not afraid to admit that part of Metasploit existed out of spite for critics, employers, and gatekeepers in the cybersecurity industry. In terms of trials and tribulations, HD saw a great deal of criticism come from his peers and from professionals ahead of him in the industry, often displaying rudeness towards the quality of the exploits and Metasploit’s audience of young hackers. Later, HD says that a surprising and amusing side effect of his success with the project was watching employers and peers go from criticizing to lifting up his work with Metasploit and attributing success of many hacking professionals to its creation. “When we started the Metasploit project, we really wanted to open up to everybody. We wanted to make sure that, even if you barely knew how to program, you can still contribute something to Metasploit. So, we did our best to make it really easy for folks to get in touch with us, to submit code.”
Where does your philosophy land today on giving information freely? HD has heard the same opinions many professionals that teach and give information freely have heard: “You’re making it easier for people to use this information the wrong way.” Instead of considering the worst possible outcomes of making hacking accessible, HD chooses to acknowledge the importance of accessible education and publicly provided information. According to HD, if someone is creating and teaching content to the next generation of red teamers, that content is theirs to use. Whether they’re a physical pen tester teaching lock picking or a hacker disclosing a vulnerability, what they choose to share with others has to be based on personal moral code and what others do with that information is up to them. “It comes down to: You do the work, you own the result. If you're teaching people how to do stuff, great, they can do what they want. You can decide to do that, you can decide not to do that, but it's your decision to spend your time training people or not training them.”
Is it possible to be a CEO, or a co-founder, and stay technical? The downside of success in the cybersecurity industry is often stereotyped as losing the opportunity to be a hands-on hacker. However, for HD, his success has allowed him to do the exact opposite and instead prioritize his time to be technical. HD believes strongly in the ability to make this happen through proper delegation of duties, incorporating new leaders and managers in your company or project, and acknowledging when you may need the help to bring what you’re working on to the next level. HD is proud of his success with Metasploit and Rumble, and is happy that he was able to hand off certain duties to other professionals that he knew would do better if they had a chance in the founder’s shoes. “Don't let the growth of your company change what you enjoy about your work. That's really the big thing there, and there's lots of ways you can get there. You can hire folks to help out, you can promote your co-founder to CEO. You can bring on program managers or project managers to help with all the day to day stuff."
What advice do you have for people looking to follow a similar cyber career path? Content is the name of the game, especially when you’re looking to get more eyes on what you do. HD is the first to admit that putting himself out there in a blog post, on a podcast, or at a stage show is not always a walk in the park, taking him out of his comfort zone and often away from the tech that he spends his time on. However, publicly displaying himself and his work has brought attention to Rumble and Metasploit, and HD knows he would not have achieved this level of success without putting his content out into the world, hearing feedback from his peers, and even receiving his fair share of criticism from industry professionals. “Not all of it is the most fun thing to do all the time, but it is crucially important, not just for growing yourself and getting out there and getting feedback from your peers, but for learning because you learn so much from the feedback you get from that effort.” ----------- Links: Stay in touch with HD Moore on LinkedIn, Twitter, and his website. Learn more about Rumble, Inc on LinkedIn and the Rumble website. Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter. Follow Ron Eddings on Twitter and LinkedIn Catch up with Chris Cochran on Twitter and LinkedIn Continue the conversation by joining our Discord | |||
| Hacking the TikTok Algorithm with Caitlin, AKA Cybersecurity Girl | 13 Sep 2022 | 00:29:32 | |
Caitlin Sarian, known on TikTok as Cybersecurity Girl, comes to Hacker Valley to talk about the endless possibilities for cybersecurity on social media. Walking through her journey of becoming cyber’s biggest TikTok star, Caitlin covers every aspect of internet fame and online presence, including facing criticism, gaining and losing viewers, and trying to make an impact on women in STEM. Alongside her work on social media, Caitlin also walks through the development of her new online cybersecurity course.
Timecoded Guide: [00:00] Introducing Caitlin & her work on TikTok with Cybersecurity Girl [06:45] Building a cyber platform on TikTok & dealing with imposter syndrome [11:21] Keeping women in STEM, instead of just getting women into STEM fields [15:56] Dismissing the idea of the diversity hire in tech & cyber [24:43] Working with Girls Who Code & building her own low-cost cyber school
Sponsor Links: Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalleyUptycs, analytics for the modern attack surface, observability for the modern defender. Check out Uptycs by visiting them at uptycs.com
How do you feel about going viral, or not going viral, on TikTok? Although social media, especially TikTok, relies on an algorithm to push content to different viewers, Caitlin admits that viral content creation is more about luck than about methods. Since becoming involved in TikTok as a cybersecurity influencer, Caitlin has developed tricks of her own to elevate her content and interact with her audience, including going live on the app. However, she still explains that going viral is still random, with lower quality quick content sometimes hitting a larger audience than her higher value creations. “Videos that you spend the least time on get the most views and the videos that you spend the most time on, get the least views. I've stopped looking at the views and just started trying to produce content that either makes people smile, or adds value to people's lives.”
What is that value that you're getting from making cybersecurity content for TikTok? While creating podcasts at Hacker Valley allows for Chris and Ron to give back to their community and meet incredible cybersecurity content creators, a similar idea guides Caitlin’s work on TikTok. Considering that content creation can sometimes feel thankless and frustrating, Caitlin motivates herself by focusing on the people she helps. Through making cybersecurity more accessible online, she hopes to inspire other women to get involved and stay involved in cyber, tech, and STEM fields. “It adds value to my life, knowing that I'm not just going day-by day-doing my job and that's it. I like bringing awareness and being that light for people that need it, especially in the tech world. I think for me, this is what I'm hoping for, I'm hoping to get more women in STEM.”
Can you tell us a little bit about your online cybersecurity school? Caitlin isn’t only working on her cybersecurity platform on TikTok, she’s also expanding into online education with her course, Become a Cyber Analyst. Focusing on cybersecurity accessibility and affordable education, Caitlin’s course is a six-month boot camp that teaches students the ropes of the cyber industry. The best part? Students don’t pay until they’re employed in cyber, and Caitlin’s course guarantees a job within 3 months of graduation. “I partnered up with a school called Master School, and it's basically a six-month boot camp. And then, after the boot camp, we have HR specialists that help students get a job after. You don't have to pay for it until you get a job, and it's a lump sum.”
What is your perspective on the struggles women face breaking into cybersecurity and staying in tech careers? As a woman in cybersecurity, Caitlin has witnessed alarming levels of sexism in the industry and has seen fellow women experience tech burnout. With her content on TikTok and her new cybersecurity school, Caitlin hopes to solve the problem of not just inviting women into the cyber industry, but retaining female employees in cyber as well. Through supportive content creation and her own influence, she hopes other woman see that the possibilities in their careers are endless. “I think the issue that I always used to deal with is a lot of men think I got the job from just being a woman. That also goes to my imposter syndrome, because I'm like, ‘Maybe I did just get this job because I'm a woman and they want to work with me. Maybe I'm a diversity hire.’” --------------- Links: Keep up with our guest Caitlin/Cybersecurity Girl on TikTok and Instagram Learn more about Caitlin’s incredible Masterschool course, Become a Cyber Analyst Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| How Adversaries Are Living Off The Dark Web with Jason Haddix | 01 Oct 2024 | 00:44:55 | |
Have you ever lost something important, only to find out someone moved it without telling you? The same thing happens with our personal and business data. But what if you could see what the adversary sees? In this episode, Jason Haddix, Field CISO at Flare, shares his experiences in red teaming, accessing dark web credentials, and protecting against malicious actors. Whether you're curious about data exposure or how threat actors operate, this conversation offers insights into the constant changes in cybersecurity.
Impactful Moments: 00:00 - Introduction 01:11 - The Basics of the Dark Web and How Criminals Operate 07:16 - Flare's Role in Cybersecurity 11:14 - Common Security Mistakes 20:04 - Pen Testing with Flare 21:33 - Exploiting Exposed Credentials 22:19 - Reconnaissance Tools and Techniques 24:38 - Email Security Concerns 28:43 - The Power of Stealer Logs 38:21 - Dark Web Tactics and AI 39:33 - Advice for Cybersecurity Leaders 42:04 - Exploring Flare’s Platform for Threat Intelligence 44:26 - Conclusion and Final Thoughts
Links: Connect with our guest, Jason Haddix: https://www.linkedin.com/in/jhaddix/ Check out Flare here: https://try.flare.io/hacker-valley-media/ Check out Arcanum here: https://www.arcanum-sec.com/
Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ | |||
| From Black Hat to Bug Bounties [Pt. 2] with Thomas DeVoss | 08 Sep 2022 | 00:34:41 | |
We’re joined again by the hacker’s hacker, Tommy DeVoss, aka dawgyg. Bug bounty hunter and reformed black hat, Tommy dives back into a great conversation with us about his journey in hacking and his advice to future red team offensive hackers. We cover everything we couldn’t get to from part 1 of our interview, including his struggles with burnout, his past hacking foreign countries on a bold quest to stop terrorism, and his future in Twitch streaming to teach you how to be a better bug bounty hunter. Timecoded Guide: [02:57] Fixating on hacking because of the endless possibilities and iterations to learn [09:54] Giving advice to the next generation of hackers [17:17] Contacting Tommy and keeping up with him on Twitter [21:43] Planning a Twitch course to teach hackers about bug bounties using real bugs and real-world examples [24:57] Hacking in the early 2000s and understanding the freedom Tommy has to talk about any and all illegal hacking he’s done now that he’s gone to prison
Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac is pleased to offer an exclusivecRed Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!
Do you ever struggle with burnout when it comes to hacking? Hacking has maintained Tommy’s interest longer than anything else because of the constant changes in technology and the ever-evolving issues in the online world. However, just because hacking is his passion, doesn’t mean that burnout or frustration never happens. Currently, Tommy is taking more of a break with hacking, letting his current day job and his passion for gaming have a front seat. However, he’s still firmly in the industry, passionately developing learning opportunities for future hackers and answering questions from cyber professionals of all backgrounds. “I do get burned out sometimes…When it comes to bug bounty hunting, I try and make it so it averages out to where I make at least $1,000 an hour for my effort. It doesn't always work. Sometimes I'm more, sometimes I'm less, but I try and get it so it averages out to about that.”
What hacking advice would you give the younger version of yourself? Although his black hat ways resulted in prison time for Tommy, he doesn’t regret his past and instead seeks to teach others the lessons he’s learned. When we asked Tommy for advice for new hackers, he was clear that success is a longer journey than people assume it is. Tommy’s success was not a fluke, it took years of hands-on learning and patience with failures in order to develop his bug bounty skills. Nothing is actually automatic or easy with hacking, especially as the technology continues to change and evolve. Tommy wants hackers to take every opportunity to try out their skills, even if it's a complete failure. “Don't expect success overnight. Also, don't let failure discourage you. When it comes to hacking, you're going to fail significantly more than you're going to succeed. And the people that are successful in bug bounties are the ones that don't let those failures discourage them.”
What do you think about the “media obsessed” stereotype many people have about black hat hackers? Wrapping up today, Tommy tells us that he’d be happy to be back in the Hacker Valley Studio again some time. Although the stereotype of a black hat hacker wanting attention from the media is disproven, Tommy believes that he definitely has craved that media attention for a large majority of his hacking career. Starting in the early 2000s, after 9/11, Tommy had one of his first brushes with fame in an interview with CNN about hacking Middle Eastern companies. Although his hacking and his politics have changed since then, Tommy enjoys having in-depth conversations about hacking and explaining the intricacies of what he does. “We loved the attention back then, and I still love the attention now, it's nice. The good thing about now is, because I already got in trouble for everything that I've done, I've done my prison time, I don't have anything that I did illegally on the computer anymore that I can't talk about, because I've already paid my debt to society.”
What are the best ways for people to keep up with what you’re doing? Considering Tommy’s success, it’s understandable that a lot of cyber professionals and amateurs have tons of questions for him. When it comes to getting in contact with Tommy, he recommends tweeting him on Twitter publicly so that he can not only answer your question, but help others with the exact same questions. Education is key, and Tommy is so dedicated to teaching other hackers that he’s currently developing a recurring Twitch stream centered around helping others learn about bug bounty hunting. “I don't know how successful we're going to be in finding the bugs, but I think it'll be fun to teach people [on Twitch] and do it that way, so that they can actually spend some time learning it. The best way to actually learn this stuff is to actually try and do the hacking.” ----------- Links: Stay in touch with Thomas DeVoss on LinkedIn and Twitter. Check out the Bug Bounty Hunter website. Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter. Follow Ron Eddings on Twitter and LinkedIn Catch up with Chris Cochran on Twitter and LinkedIn Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord | |||
| Reconnecting to Childhood Creativity with Mari Reisberg | 06 Sep 2022 | 00:29:34 | |
Mari Reisberg, therapist, performer, creativity coach, and host of the Sustaining Creativity podcast, brings her many talents to Hacker Valley to help adults unlock their creativity and engage with their inner child. Tackling topics from artistic ruts to technical frameworks, Mari walks through the essentials of reconnecting with creativity and curiosity. Instead of limiting thoughts to the path of least resistance, Mari challenges her clients to get comfortable with the uncomfortable in creativity.
Timecoded Guide: [00:00] Sustaining creativity & coaching others on becoming curious [06:35] Defining creativity with new ideas & fresh innovations [10:07] Climbing out of a creative rut & expanding your comfort zone [18:47] Unlocking different levels of creativity in everyday life [23:59] Tapping into creativity and unlocking childhood memories
Sponsor Links: Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalleyWith Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution: uptycs.com.
What is creativity, in your opinion? There isn’t one way to define creativity, Mari explains, but instead a myriad of ways. Each person has their own individual relationship with the concept of creativity, but Mari considers creativity to be tied to the processes of coming up with new ideas and innovating on those ideas. Seeing life through a creative lens means that Mari isn’t afraid to try and fail, because everything she does expands her comfort zone and tests her curiosity. “Creativity is one of those words where, if you asked 100 people, you’d get 100 different answers. For me, my definition of creativity really is around thinking of novel, new ideas. And then, the second piece of the creative process is that innovation process.”
What advice would you have for someone who is trying to find their way through a creative rut? The human brain will always choose the path of least resistance. People like to feel safe and comfortable with everything they do, but Mari understands that creativity can only be practiced at the edge of someone’s comfort zone. With one foot in her comfort zone and one foot out of it, Mari has been able to escape her own creative ruts and make active decisions to try the everyday activities in her life with a different perspective. “If my desire is to create something new, something different, and I'm continuing to do the same things and expecting a new result, it's not going to happen. How could you try something different every day?”
Are there different types of creativity, similar to there being different types of intelligence? In Mari’s experience, there are two forms of creativity: big C creativity and little c creativity. While little c creativity is an everyday reality, big C creativity is much more performative, curious, and expressive. When someone says they aren’t creative, what they’re thinking of is this second form of creativity. The fact is that anyone can become big C creative, but it requires actively exploring and expanding the skills of creativity. “The big C creativity is what everyone assumes is creativity; performing arts, creative arts, I'm doing something that I'm sharing with the world. The small c creativity is that every day creativity. It’s something new, something different.”
When it comes to wanting to build our creative muscles, what are some techniques or frameworks that we should be considering? Creativity is a practice, not a one-and-done deal. Mari explains that building creative muscles comes from repetition of creativity, such as trying something new everyday, challenging ourselves to think of something from an opposite point of view, and even daydreaming. Explore what would happen if something, even one small detail of an event, was different, and never limit yourself to the idea that you’re “just not creative.” “There’re opportunities to flex that creativity, but it's about continuing to do it. You can’t do it once and expect a miracle. You keep coming back to it, keep practicing, keep having new ways of trying something.” --------------- Links: Keep up with Mari Reisberg at SustainingCreativity.com Check out Mari’s podcast, the Sustaining Creativity podcast Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| From Black Hat to Bug Bounties [Pt. 1] with Tommy DeVoss | 01 Sep 2022 | 00:35:58 | |
We’re joined by million-dollar hacker and bug bounty hunter, Thomas DeVoss, this week as we continue our season-long discussion of offensive cybersecurity legends. A legend in the making with a success story in bug bounty hunting that has to be heard to be believed, Tommy is an incredibly successful blach hat hacker-turned-bug bounty hunter, representing how misunderstood the hacking community can be and how positively impactful bug bounties can be. Who hacks the hackers? Look no further than Tommy DeVoss. Timecoded Guide: [02:59] Becoming interested in hacking for the first time [08:26] Encountering unfriendly visits with the government and the FBI after his hacking skills progressed [14:20] Seeking his first computer job after prison and leveraging his hacking skills [25:21] Discussing with Yahoo the possibility of working with them due to his successful bug boundaries [30:56] Giving honest advice to hackers looking to break into the bug bounty scene Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today! When did you get into hacking for the first time? At an early age, Thomas found his passion for hacking in an IRC chat room. Mentored by a man named Lewis and encouraged by fellow friends in the hacking world, popping shells and breaking into US systems using foreign IP addresses. Although Tommy became incredible at his craft from a young age, his early habits became serious black hat issues that ended up getting him in trouble with the US government. Just like the hacker in a big Hollywood blockbuster, the government caught up with Tommy and he faced 2 years in prison in his first sentence. “Instead of coming back to him and saying, "Hey, I'm done," I came back and I was actually asking him questions like, "Can you explain this?” And he saw that I was like, actually interested in this and I wasn't one of the people that was just expecting it to be handed to me and everything like that.”
After spending time in prison, were there barriers to getting involved in hacking again? After being in and out of prison a couple times, Tommy found the worst part of coming home to be his ban from touching any sort of device with internet access. Despite it being a part of his probation, his passion for tech continued to bring him back to computers and gaming. After his final stint in prison after being falsely suspected of returning to his black hat ways, the FBI lifted Tommy’s indefinite ban on computer usage and immediately renewed his passion for working in tech. “They had banned me indefinitely from touching a computer. So, when I came home on probation the first time, they upheld that and I still wasn't allowed to touch computers as part of my probation. For the first month or so, I didn't get on a computer when I came home from prison, but then it didn't take long before I got bored.”
How did your cyber career pivot to bug bounty hunting? With prison behind him and his ban on computers lifted, Tommy got a job working for a family friend in Richmond, Virginia for a modest salary of $30,000. Although this amount felt like a lot at the time, he quickly realized that there was money to be made in bug bounties. His first few experiments in attempting bug bounty programs had him earning $20,000 or $30,000 for hours of work, a huge increase from the salary he was currently making. Encountering success after success, Thomas quit his job in 2017 to become a full-time bug bounty hunter. “The first bug bounty program that jumped out at me was Yahoo. I had started hacking Yahoo in the mid 90s, I knew their systems in the 90s and early 2000s better than a lot of their system admins and stuff. And I figured, if there's any company that I should start out with, it should be them.”
What success have you seen since becoming a bug bounty hunter, especially with major corporations like Yahoo? Thomas has become a huge earner in the cybersecurity community, and has continued to see incredible results from his hacking and bug bounty projects. Most notably, after numerous high earning days, making up to $130K at once, with companies like Yahoo, he’s even been offered positions working with corporations he’s bug bountied for. However, Tommy is quick to point out that his success was definitely not overnight, and warns fellow hackers of getting too confident in their bug bounty abilities without the proper skill sets or amount of experience under their belts. “I think at this point, I've had days where I've made six-digit income in that single day, at least six or seven times. And it's almost always been from Yahoo.” ----------- Links: Stay in touch with Thomas DeVoss on LinkedIn and Twitter. Check out the Bug Bounty Hunter website. Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter. Follow Ron Eddings on Twitter and LinkedIn Catch up with Chris Cochran on Twitter and LinkedIn Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord | |||
| The Fabulous Search for a Tech Job with Kyle Elliot | 30 Aug 2022 | 00:25:11 | |
Kyle Elliott, the Founder and Career Coach behind CaffeinatedKyle.com, joins the pod on his quest to transform boring job searches into something fabulous. Kyle specializes in helping job seekers, especially those in technology and cybersecurity, find jobs they love and express the value they bring to potential employers. Need to know the secret to acing your next tech job interview? Look no further than Caffeinated Kyle.
Timecoded Guide: [00:00] Finding your own definition of fabulous [06:06] Standing out in a tech job interview [12:19] Dealing with and learning from job rejection [16:41] Targeting your dream tech job & telling your career story [21:33] Breaking into technology the easy way and the hard way
Sponsor Links: Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalleyWith Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution: uptycs.com.
From your perspective, what makes someone fabulous? Being “fabulous” can sound grandiose to most tech practitioners, but Kyle believes that everyone has the potential to be fabulous, especially when they’re forging their career path. There’s a lot of competition amongst large tech companies to find the employees that close skill gaps and stand out from the massive group of hungry job seekers. To be fabulous, one has to know how to stand out and what sets them apart. “When I think of fabulousness, I think: What sets you apart from other people? I work with job seekers, so I think: What sets you apart from other job seekers or other applicants?”
When you look at standing out in a job interview, what are some of the key components that go into that? Many job seekers that Kyle works with have the skills, meet the position requirements, show up for the interview, and still struggle with getting a job in tech. While this can happen for a variety of reasons, Kyle explains that a simple mistake job hunters are making is regurgitating their resume without backing up their experience. A strong story about the experiences you had and the value you delivered makes you memorable and explains what you can provide. “When you're doing this, you want to think in the mind of a hiring manager. How have you added value to the organization? What sets you apart? I didn't just code, I didn't just have cross functional collaboration, here's the value to the organization and what sets me apart.”
How do you coach someone through being able to tell their story in an interview? Career storytelling skills separate a potential employee from a pack of qualified applicants. However, a lot of technical people aren’t known for their storytelling skills or knack for creativity. Instead, Kyle recommends his clients in tech and cyber practice their storytelling through a more familiar world of spreadsheets. Each spreadsheet helps job seekers break down the value they bring with their skills, so they can tell a story that connects their past experiences to their future position. “A lot of the people I work with in tech, they're amazing at their job, but they're just not used to practicing storytelling…It feels awkward. It feels different. It feels weird, because that's not something they’re used to.”
From your experience, what have been the easiest and hardest fields in technology to break into? In Kyle’s opinion, there isn’t one field of the tech industry that’s easier or harder to break into. Instead, breaking into the tech industry relies more on professional experiences, background, and skillset. If the leap to tech feels like too many transitions at once, Kyle recommends slowing down to one transition at a time and building each experience off of one another. Instead of hiding that this may be a new path for you, embrace your past when job searching and explain why a potential employer should hire someone transitioning into the tech world. “Everyone's like, ‘Kyle, how do I get a job in tech?’ I would start with your background, and I think that's gonna determine what's easiest or hardest for the person. What I always recommend is, try to make the least amount of transitions possible.” --------------- Links: Keep up with Kyle Elliott on LinkedIn and the Caffeinated Kyle website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Unlocking Cyber Education with John Hammond | 25 Aug 2022 | 00:28:35 | |
John Hammond, Senior Security Researcher at Huntress Labs and self-described cybersecurity education enthusiast, joins us as we continue our discussion of red team legends. With a focus on content creation this week, John discusses his success with his YouTube channel, his passion for showcasing authentic and accessible educational materials online, and his advice for creating content safely and spreading awareness with not only a red team or blue team mindset, but with a purple team perspective. Timecode Guide: [01:37] Understanding the impact of content creators in the cybersecurity community, especially when it comes to YouTube educational content [06:58] Becoming a successful YouTube creator through consistently posting hacking content and ignoring the stereotype of “overnight success” [13:28] Combining his role as a cybersecurity educator with his security research at Huntress to explore exploits and have real life experience with what he teaches [16:47] Focusing on the blue side of the house as someone with red team experience, and understanding how to use a tool like PlexTrac to create a collaborative purple team [21:13] Being mindful of the impact he has through sharing this knowledge and understanding the risk of cybersecurity educational materials falling into “the wrong hands” Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalleyPlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today! What is your origin story for wanting to educate other hackers? Like many of us, John started his journey Googling how to become a hacker. As he gained more knowledge about the specific skills involved in hacking, John never left the internet behind, always seeking out videos and articles explaining new and emerging content. Inspired by those who created that content in the first place, he started his own YouTube channel, simply titled John Hammond, as has spent years cultivating a consistent hacker audience. “Along the way, creating content and helping educate others through YouTube is really my main stage platform and has been just a passion project, a labor of love, and something fun along the way.”
What feelings do you get looking back on the YouTube content you’ve created so far? John prioritizes clarity, transparency, and honesty in what he does, and he’s not afraid to show some humbleness, too. Overall, John is thankful for his YouTube success and the impact it had on the cybersecurity community. No matter what he’s showing in his videos, he prefers to keep things honest, to show where he’s made mistakes, and to accept criticism and advice from other hackers and offensive cybersecurity professionals that see his work. “I'm showcasing just my computer screen, maybe you get a little face cam and a circle on the bottom right, but it's like you're looking over my shoulder. You're seeing me showcase something raw, live, genuine, and authentic…It’s not all sexy, there’s a lot of failure in hacking.”
Have you ever considered focusing on the blue team or the defensive side of cybersecurity? The majority of John's YouTube content and the work he does in his role at Huntress Labs heavily involves the red team and offensive side of cyber. However, John is a huge advocate for the blue team and the red team collaborating and communicating better. Through making more concepts in cybersecurity accessible through educational content like John’s own videos, he hopes we can continue to bridge the gap and achieve that perfectly mixed purple team. “We're all playing in concert. As one team sharpens their skills in the red team pen test, then it's up to the blue team to figure that out. What did they do? How can we better detect it? How can we stop and mitigate that security threat?”
What advice do you have for red team content creators that want to share content and spread awareness safely? With the impact that he’s had and the content he’s put out onto the internet, John is no stranger to seeing the negative side of cybersecurity knowledge being more accessible than ever before. Still, he wants to make sure content creators understand the value of transparency and honesty in what they do. Instead of fearing what could be, cultivate a community around making this level of knowledge and security available to everyone. “Share, be transparent, be forthcoming. I know there are a lot of conversations about gatekeeping in cybersecurity, but there shouldn't be that. I understand there's grit and determination and hard work to do all the things that you're doing, but be friendly and be transparent and honest.” ---------- Links: Check out our guest, John Hammond, on YouTube and LinkedIn. Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter. Follow Ron Eddings on Twitter and LinkedIn. Catch up with Chris Cochran on Twitter and LinkedIn. Continue the conversation by joining our Discord. | |||
| A Solopreneur’s First Imperfect Step with Claire Gallagher | 23 Aug 2022 | 00:30:17 | |
Claire Gallagher, Designer and Solopreneur Strategist, comes to Hacker Valley to break down branding, visibility, and choosing solopreneurship over business ownership. Combining the terms solo and entrepreneur, solopreneurs are a different breed of business owner, and Claire has made it her mission to help them not make the same business mistakes she once made. Claire walks through the essentials of how her business caters to individuals looking to go it alone and how to make an impact while staying small. Timecoded Guide: [00:00] Introducing the concept of solopreneurship [04:32] Shifting to business strategy to better serve a client base [09:19] Deciding alone as a solo entrepreneur [16:40] Pricing your work and validating your professional value [24:46] Making peace with looking silly as a business owner
Sponsor Links: Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalleyWith Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution: uptycs.com.
Why did you choose to go down a path of catering to solopreneurs, versus working with enterprises or small and medium businesses? Claire has dabbled in building teams and working in larger businesses in the past, but her calling has always brought her back to a company of one. For solopreneurs, Claire explains, it’s not that they cannot afford hiring employees or scaling their business. Instead, a solopreneur’s focus is on the balance between work and life, along with the power and experience to make their own decisions about their business. “I'm a loud introvert. I could talk all day, but essentially, I'm kind of introverted in secret. Generally, I like to work alone, to get into a creative flow, to not have anybody to answer to. This company of one, this solopreneurship, it suits my energy and my temperament.”
What are some of the pros and cons of going it alone as a solopreneur and keeping your business small? There are pros and cons in business, no matter the size. Claire’s strongest pro for becoming a solo entrepreneur has been her ability to pivot without impacting anyone but herself. Pivoting towards strategy was a hard decision, but it was so much easier to make on her own. Unfortunately, making decisions on one’s own can also be a con of solopreneurship. Claire has seen clients have a lack of accountability in sticking with their decisions when they don’t have anyone working with them. “That's a pro, I was able to pivot without having to hire people, sack people, and really invest heavily in changing everything. That's a real plus, I could just pivot like that and it was a decision that I made, and I was responsible for it.”
At what point would you recommend a solopreneur, or content creator, to reach out to someone like you so they could shine in this digital world? Although solo entrepreneurs thrive in business on their own, it’s important to never go it alone. Claire advises that early stage solopreneurs consider the community around them and build their business with a healthy curiosity in books, online resources, and virtual communities of fellow entrepreneurs. As they progress through their business, Claire also recommends connecting with a coach or strategist, like herself, to go further faster and avoid careless mistakes. “Solopreneurs think, ‘I'm smart, I can figure this out.’ Yes, you can, but to go further faster, I think you need to work with a mentor or a coach or strategist. You're always going to get further faster by finding somebody who understands what you're trying to achieve.”
What are some of the tenants that you teach people about coming across as authentically as possible? Branding is a vital element of content creation and business ownership. However, the current world craves branding that comes across as authentic. Claire explains that authenticity comes from a willingness to make mistakes and put yourself out there, even if it feels or looks silly the first time. If a solopreneur is honestly trying to deliver value, that will show through any first-time awkwardness or silliness and still feel authentic to potential clients. “Starting before you feel ready is really the only way that you can start because you can't know everything until you've tried some stuff. Showing up and making mistakes and maybe seeming a little bit foolish at the start, take it. That's what's gonna happen.” --------------- Links: Keep up with Claire Gallagher on LinkedIn and at ClaireCreative.com Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Purposeful Communication Through PlexTrac with Dan DeCloss | 18 Aug 2022 | 00:35:53 | |
We’re joined by sponsor and guest Dan DeCloss, CEO and Founder of PlexTrac, on the podcast today to talk about communication and collaboration between the red and blue side of cybersecurity and why security success depends on those two sides working together. On their mission to build stronger, more productive, and well-rounded security teams, PlexTrac provides incredible and insightful metric and messaging tools that change the game for the cybersecurity industry. Timecoded Guide: [05:36] Understanding PlexTrac’s history and mission for cybersecurity teams [09:58] Lack of empathy and understanding in red team and blue team communication [18:48] Breaking through the resentment and confusion within a team [24:45] Envisioning the future of PlexTrac’s community impact [27:52] Caring about your cybersecurity mission beyond yourself Sponsors: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!What is the function of PlexTrac that would help you the most as a pen tester? With prior hands-on experience on the red side, Dan found his journey to creating PlexTrac to be full of moments where he wanted to fix the same problems he encountered over and over with reporting and communicating. One of these problems was solved easily with the addition of a video feature, a simple function that has existed since PlexTrac first began but is instrumental and is a huge time-saver for visual learners. “As a pen tester, I hated finding that I had 20-odd screenshots if it's a pretty complex exploit. I think the adage for us is like, if a picture's worth 1,000 words, then a video is worth 1,000 pictures, right?” What do you think are some of the gaps in skills that organizations face when hiring these professionals to perform offensive operations? Communication is key— not just in life, but in this episode. While we’ve discussed skills gaps previously in cybersecurity, Dan is quick to point out that a consistent gap he sees in all areas of cybersecurity is effective communication. PlexTrac keeps this struggle to communicate in mind and creates easy, simple pathways and functions that encourage communication and facilitate collaborative problem solving. “If there's one area that I really emphasize with anybody that I'm mentoring or have hired in the past is, as a security person, whether you're red or blue, you really do need to be a good communicator and be able to communicate risk effectively within the right context.”
What would you want to say to those folks that don't see eye-to-eye from the red or the blue side? We’re fighting the same fight, no matter if we’re on the red side or the blue side of cybersecurity. Dan’s message for our warring red and blue teams throughout the industry is to understand the importance of your mission and to not let relationships between red and blue feel clouded with misunderstanding or resentment. No one’s job is harder than anyone else’s, and each role on offensive and defensive plays a part in our collective victory. “I'm gonna just be point blank about it…Are you trying to just prove a point about your knowledge and your skills? Or, are you actually trying to make the world a safer place?”
What would you want to say to all those folks out there [in cybersecurity]? As PlexTrac aims to make a huge impact on our community, Dan and his team acknowledge a need for a unified, focused, and collaborative cybersecurity industry, with hard workers on both the red and blue sides. With PlexTrac’s assistance in making reports, measurable results, and communication that much easier, our team at Hacker Valley is thankful to be a part of PlexTrac’s amazing network and can’t wait to share more tools like this with all of you. “I think keep fighting the good fight, for both sides, and recognizing that your mission is vital to the safety and security of your organization and the world at large, right? We are all in this battle together.” ---------- Links: Spend some time with our guest, Dan DeCloss, on LinkedIn, and the PlexTrac website Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter. Follow Ron Eddings on Twitter and LinkedIn Catch up with Chris Cochran on Twitter and LinkedIn | |||
| Confident Communication through Storytelling with Anne Ricketts | 16 Aug 2022 | 00:30:28 | |
Anne Ricketts, Founder & Principal of Lighthouse Communications, brings her techniques for public speaking and presenting to the show to help Chris and Ron unpack unhelpful mindsets around storytelling and unhealthy speaking habits. Covering the basics from filler words to hand gestures, eye contact to working the camera, Anne explains the role storytelling plays in the way people communicate at the office, out in public in their free time, virtually on Zoom, and even onstage at events like TEDx.
Timecoded Guide: [00:00] Why Anne became a communication coach [05:16] How COVID impacted public speaking and presentations [12:57] Why you shouldn’t stop hand gesturing [18:38] How to stop saying “um”, “like,” “so,” and other filler words [22:45] What makes storytelling an essential career communication tool
Sponsor Links: Thank you to our sponsors Axonius and AttackIQ for bringing this episode to life! Complexity is increasing and manual asset inventory approaches no longer cut it. That's where Axonius comes in. Take control of security complexities by uncovering gaps in your organization. Sign up for a free walk through of the platform at axonius.com/get-a-tour AttackIQ - better insights, better decisions, and real security outcomes. That's why we partnered with them to create free cybersecurity trainings! Check it out at academy.attackiq.com
Why was communication coaching your chosen profession? Anne wasn’t always a communication coach, but she’s always been passionate about helping others speak. In fact, prior to 2013, Anne taught English as a second language to a variety of people, first in Italy, then in San Francisco. When Anne founded Lighthouse Communications, her goal was to help everyone, English speaking or not, communicate efficiently and confidently. Speaking skills and storytelling talent can open up a world of opportunities for anyone, and Anne is excited that she can help others unlock their potential everyday. “I really like helping people because there's so many small things you can do to look more confident, like the way you stand or projecting your voice. If you look more confident, you start to feel more confident.”
In the past two years, because of the pandemic, what have been the ways that you've seen communication coaching change? With so few events and courses happening in-person, Anne had to shift her mindset around coaching and her advice she gives to clients. Virtual presentation unlocked a new world of communication, but comes with new rules and a learning curve. Thankfully, Anne has learned to love the world of virtual and believes that when professionals give their all to connecting with their audience, amazing communication can still occur, even from long distances away. “Normally, when teaching a class, you can see if someone's struggling or confused, you can walk over and connect with them. Everything was happening so fast in the Zoom room, I personally felt like I started from scratch.”
How could someone who isn't the biggest fan of small talk reset and reframe small talk in a way that's valuable for them? Networking and communicating can feel like a chore, especially when small talk is involved. Anne believes that small talk, as awkward and boring as it may be, allows professionals an amazing opportunity to practice connecting with others on a small scale and hone their listening and storytelling skills. Ask curious questions to connect with others during small talk moments, and don’t fear the occasional awkwardness that comes with meeting someone new. “If you want to be good at small talk, it's just being curious. Asking questions like, ‘Hey, what's that in your background?,’ or in person, ‘Tell me more about yourself. Oh, interesting. Where did you go to school?’ Asking specific follow up questions and just being curious.”
What advice would you have for anyone that has impactful details to share, but doesn't really know how to make it into a story? Storytelling is one of the most valuable skills a professional can learn, according to Anne. Stories allow us an opportunity to connect with others emotionally and mentally, and can even inspire someone to action with the power of simple words. Anne’s biggest advice around the art of storytelling is to practice. Listen to the stories others tell, build your experiences around a framework that feels personally right to you, and practice, practice, practice. “What makes for a good story is tension, emotion. We want to know what was going through your head during that security hack, what was the reaction, what was at stake, and that's not necessarily, on an everyday basis, how we're trained to speak at work.” --------------- Links: Keep up with Anne Ricketts on LinkedIn Check out Lighthouse Communications on LinkedIn and their website https://www.youtube.com/watch?v=xDI32BRr2pY Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Representation Without Technicalities with Mari Galloway | 11 Aug 2022 | 00:42:09 | |
We’re breaking down the concept of difference makers this week, and we couldn’t help but call upon Mari Galloway, CEO of Women’s Society of Cyberjutsu, to be our guest during this conversation. As a black woman in cybersecurity who has dedicated a large portion of her career to helping women and girls become a part of the cyber community on both the technical and non-technical sides, Mari is a stunning example of making a difference and creating a path to expand cybersecurity beyond stereotypes.
Timecoded Guide: [01:29] Defining the difference makers and explaining the OODA loop [13:52] Introducing Mari and the Women’s Society of Cyberjutsu [20:14] Finding her purpose in helping others find their purpose [25:06] Explaining the roles and paths available outside of strictly technical [30:31] Understanding imposter syndrome and forging a freedom-based career journey Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!
What is that like to see people go from taking that original red pill all the way through starting their career in cybersecurity? When we talk about making a difference, many of us don’t get to see our impact as clearly as the Women’s Society of Cyberjutsu sometimes gets to see. Mari tells us numerous stories of women throughout this episode, including herself, who became a part of this industry because of the instrumental work they do in outreach and education. For Mari, seeing women change their minds and majors to become a part of the tech industry shows how vital this work is. “These are the moments we're waiting for, whether it's one person or 50 million people. We want you to feel confident enough to get the skills you need, get in the industry, continue to refine those skills, and be super successful.”
What would you equate your purpose to, and how does everything you do fit into it? Like many of us, Mari isn’t entirely sure what her purpose is, but she knows that she enjoys helping the next generation and making a difference in the landscape of cybersecurity. Working with a nonprofit is not an easy job, even if it is rewarding, and Mari still prioritizes her freedom alongside meeting her purpose. No matter what Mari’s future holds, she knows that this work and this purpose to help others will always find her. “I think as I get older, as I start to take steps back to just kind of look at what's happened and the impact that I'm having and others around me are having on the next generation of folks coming up, I think my purpose is to help people. It's to help other people see their potential.”
How do you feel like creating that safe environment has affected others? Helping others find their footing in the cybersecurity industry can be extremely rewarding, especially when Mari found herself in a situation of uncertainty when she first joined the Cyberjutsu Tribe. The community of cybersecurity and the stereotypes around hackers can feel incredibly uninviting from the outside. Offering people, especially women and young girls, an opportunity to step into a safe space where they can ask anything has been huge for Mari. “We call it our Cyberjutsu Tribe, and we want to make sure that anybody that comes to us feels like they can reach out and touch us and ask us questions and get answers and just have a conversation with us.”
How do we invite more people in and let them know that there are opportunities in cyber outside of technical roles? Whether you’re hacking, selling, managing, or marketing, there is a space for you in the cybersecurity world. You don’t have to code or to be extremely technical to fit in this industry anymore, and you don’t have to have a certain look. The Women’s Society of Cyberjutsu prioritizes educating people on every role involved in the industry and showing them that they don’t have to be a tech wizard or a computer guru to find a satisfying and profitable position. “You don't have to look like this to be a hacker. You can look like me…That stereotype, I think, is dying, as we see the number of women coming in and men coming into the space that don't look like that anymore.” Links: Spend some time with our guest, Mari Galloway, on LinkedIn, Twitter, her website , and the Women’s Society of Cyberjutsu website. Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter. Follow Ron Eddings on Twitter. Catch up with Chris Cochan on Twitter.
| |||
| Security Team Operating Systems with Christian Hyatt | 09 Aug 2022 | 00:27:15 | |
Christian Hyatt, CEO & Co-Founder of risk3sixty, knows the secret to building a strong cybersecurity team, and he calls it: Security Team Operating Systems. Walking through his entrepreneurial journey from inspiration as a young child to discovering his interest in the new phenomenon of cyber to co-founding risk3sixty, Christian covers every aspect of intelligent leading and team building. Ready to take your team to the next level? Christian knows 5 key elements you won’t want to miss.
Timecoded Guide: [00:00] Tackling cybersecurity as a business owner in an emerging industry [07:04] Building better teams with an emphasis on core values [14:16] Noticing the potential of decentralized technology and data [18:51] Stepping away from hands-on technician work to be the boss [22:37] Leading healthy teams through missions, KPIs, and meeting cadences
Sponsor Links: Thank you to our sponsors Axonius and AttackIQ for bringing this episode to life! Want to learn more about how Mindbody enhanced their asset visibility and increased their cybersecurity maturity rating with Axonius? Check out axonius.com/mindbody AttackIQ - better insights, better decisions, and real security outcomes. That's why we partnered with them to create free cybersecurity trainings! Check it out at academy.attackiq.com
Where did the journey of wanting to be a cybersecurity and privacy business owner begin for you?
While many guests on Hacker Valley take the journey from technician to eventual business founder, Christian felt the urge to become an entrepreneur from a young age. Watching his father and grandfather run their own businesses, Christian understood the responsibilities of taking this journey and wanted to make an impact in an industry that was blossoming with potential. Cybersecurity came into Christian’s life later, when he was employed at a consulting industry, but he saw the potential for growth immediately and wanted to be a part of it.
“Along the way, what I learned about myself is I really love building teams. When we built risk3sixty, we were really culture-oriented, even from the early days. We were thinking about scaling the business, career plans, coaching plans, culture kind of stuff.”
What are some of the lessons you’ve learned in the process of building your team at risk3sixty?
Christian cites the books Traction by Gino Wickman and Scaling Up by Verne Harnish as two of his biggest inspirations and influences for team building early on in his entrepreneurial journey. Both of these authors heavily focus on the people element of professional teams, and Christian has implemented that same approach when forming cybersecurity and privacy teams at risk3sixty. The right people in the right positions will make or break a company, which is why risk3sixty has training and apprenticeship programs in place to build a strong foundation of skills with people who are passionate about learning and growing with the company.
“It turns out, if you get the right people in the door, you invest in them, you coach with them, you develop relationships, they're going to serve your clients like no one else is going to do it. They're gonna be part of that mission, they're gonna want to serve, and you do great work.”
Now that you aren’t as hands-on with security assessments as a CEO, what have you learned from the bigger picture, macro-perspective role you have now?
Many cybersecurity technicians feel understandably cautious about taking over C-level positions because of the lack of hands-on technical assessment work. However, for Christian, he’s enjoyed gaining a different perspective on the industry and learning the “why” behind the “what” as CEO of risk3sixty. As CEO, Christian is able to better understand overarching trends and changes in the security assessments his company performs and has the opportunity to talk directly with security executives about opportunities for growth and investment.
“You can walk into an organization and if they don't have a strong leader at the helm, they don't have a security team operating system, they're a little bit dysfunctional, I know already that I'm going to see some problems in there.”
What are the most important characteristics that you're finding for folks that are leading really healthy cybersecurity teams?
Security team operating systems are made up of the non-technical skills and characteristics that make a team effective. When Christian’s team at risk3sixty needed to hone in on these specific elements, they narrowed it down to 5. Teams need to have a (1) defined purpose and mission to go after and a (2) core set of values to not only guide them through their work, but also understand their (3) set of expected behaviors and standards. There also have to be (4) consistent meeting cadences in place and (5) a solid, standard process of goal setting, KPIs, and score carding.
“A great team defines their purpose and mission. Usually, that’s aligned with a business objective. It might be about protecting data, it might be about customer trust, whatever it is that makes sense for that business, they've set a mission that that team can rally around.”
--------------- Links:
Keep up with Christian Hyatt on LinkedIn Check out risk3sixty on LinkedIn and the risk3sixty website. Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| AT&T Dynamic Defense: Security Before It Reaches Your Company's Doorstep with Senthil Ramakrishnan | 24 Sep 2024 | 00:18:20 | |
In this episode, Ron Eddings and Jen Langdon speak with Senthil Ramakrishnan, Assistant Vice President of Cybersecurity Product at AT&T Business. Senthil shares information about how a new product, AT&T Dynamic Defense™, helps protect customers by providing threat detection and mitigation at the network edge. They’ll discuss how it can address evolving cybersecurity threats, including real-world examples like the Log4j vulnerability, and how its simplicity allows for a zero-touch experience.
Impactful Moments: 00:00 - Welcome 01:01 - Introducing guest, Senthil Ramakrishnan 04:01 - Security at the Network Edge 05:57 - Fitting in With Businesses 08:00 - “Can You Just Block It For Us?” 10:05 - Stopping Log4j 11:18 - Default Enabled Policy 15:57 - How Involved is the Customer? 16:40 - Simplifying Security for Customers
Links: Connect with our guest Senthil Ramakrishnan: https://www.linkedin.com/in/senthil-ramakrishnan-66406b30/ Check out AT&T Dynamic Defense™: https://www.business.att.com/products/att-dynamic-defense.html Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams | |||
| Learning from Cybersecurity Legends with Davin Jackson | 04 Aug 2022 | 00:29:56 | |
Those on the red team may not be household names to the everyday person, but they are absolutely legends and icons in the world of cybersecurity and hacking. While we have our personal favorite hackers between the two of us, we also invite our guest, Davin Jackson, to share his favorite cybersecurity legends and the lessons he’s learned from them. Timecode Guide: [00:50] The importance of red teaming, especially during this season [02:17] Ron and Chris’ first experience working in a red team environment [11:23] Communication and collaboration between blue and red [16:53] Knowledge gained from Davin Jackson’s humble beginnings in tech [22:19] Gaining the blue perspective with Hacker Valley Blue Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today! _____________ Legends, Icons, Teachers, and Friends From Marcus Carey to Johnny Long, we’re excited to share the legends that had an early influence and lasting impact on our careers in cybersecurity. While our two backgrounds in red teaming are different, we can attribute so much of our success and our ability to share our knowledge with all of you to the experts that were willing to invite us to join and learn the best hacking techniques alongside them. “I think that's the most important thing in red teaming, it’s passing that knowledge on to someone else.” - Chris Cochran
Communication, collaboration, and community instead of red vs blue It is not two teams with two separate fights when we’re talking about red teams and blue teams. Often, when cybersecurity is too focused on this split between offensive and defensive, we forget to collaborate and fall short of improving on issues we discovered. Communication between red and blue can be a costly struggle, which is why we’re happy to see our sponsor PlexTrac stepping in to develop communication technology for these teams. “There's this push and pull of collaboration. On one hand, you want the red team to work autonomously…but on the other hand, they do need insight if you’re going to go deeper and deeper.” - Ron Eddings
Legends met, lessons learned, tech loneliness understood In the latter half of our episode, we’re joined by Hacker Valley Blue host Davin Jackson, also known as DJax Alpha. Davin started his cybersecurity journey with no computer of his own. Working his way up from basic tech jobs at corporations like Circuit City, lessons Davin learned from the legends he looked up to include finding a mentor, focusing on networking (even when it feels like a dead end), and being always willing to share what you’ve learned. “It’s about consistency, and you have to have self control and discipline…It’s one thing to get it, but it’s another to maintain that success.” - Davin ---------- Spend some time with our guest, Davin Jackson (DJax Alpha/Alpha Cyber Security) on his website, Twitter, Instagram, Facebook, and weekly on the Hacker Valley Blue podcast. Follow Ron Eddings on Twitter and LinkedIn Catch up with Chris Cochan on Twitter and LinkedIn Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter. | |||
| Finding the Right IT Teacher with Kevin Apolinario | 02 Aug 2022 | 00:24:46 | |
Kevin Apolinario, better known as Kevtech IT Support on Youtube, brings his teaching skills to Hacker Valley to talk about the barriers to entry in IT. Disheartened by the lack of good advice given to him as he entered the tech world, Kev breaks down programs and concepts, such as helpdesk, for IT practitioners that may not have access to expensive equipment or formal education. Anyone can learn IT, and it’s Kev’s mission to help everyone find the method and the teacher that helps them learn the best.
Timecoded Guide: [00:00] Forming Kevtech IT Support to give the right IT advice [07:21] Helpdesk success through customer service skills [11:49] Printers on VPNs and other major IT troubleshooting lessons [15:56] Customizing teaching and learning experiences for each IT practitioner [19:54] Better IT and cyber online communities through shared passion
Sponsor Links: Thank you to our sponsors Axonius and AttackIQ for bringing this episode to life! Want to learn more about how Mindbody enhanced their asset visibility and increased their cybersecurity maturity rating with Axonius? Check out axonius.com/mindbody AttackIQ - better insights, better decisions, and real security outcomes. That's why we partnered with them to create free cybersecurity trainings! Check it out at academy.attackiq.com
What was your inspiration to start teaching as Kevtech IT Support?
Kev hardly had a traditional journey into IT, instead having jobs in the restaurant industry and law enforcement before even considering entering the tech world. When Kev became a Field Technician for the Department of Education and began learning the ropes of IT, he realized there weren’t resources available for someone of his background to learn simple concepts or master common technical programs. After dealing with the frustrations of education gaps and unreliable advice, Kev decided to be the person for new IT technicians to learn from.
“My journey was rough, because I didn't have anyone guiding me, I didn't have anyone telling me what certs to get. I didn't have anyone telling me the tips and tricks for starting in IT.”
Was it intentional to interweave your name and brand and have them be synonymous?
Hacker Valley feels synonymous with Chris and Ron’s branding for themselves, and Kev maintains a similar element of that with Kevtech IT Support, especially considering he weaves his name directly into his branding. For Kev, this was an entirely purposeful decision, born out of his own desire to be known as Kev, the helpdesk IT guru on YouTube. Building a brand with authenticity about who he is personally and professionally shows other IT professionals that their work or education experiences don’t have to be separate from who they really are.
“That was on purpose for me because I always wanted to be known as the helpdesk guru of IT. Someone that does IT superbly and helps everyone…I wanted to actually show people real-life experiences.”
How would you go about having a tough conversation with somebody whose passion isn’t in IT or cyber?
Some people are just in it for the money, whether that “it” is IT or cybersecurity. Considering the spotlight being placed on cyber labor shortages and tech skills gaps, many professionals have considered joining the field without the passion to support their new job shift. Although Kev believes everyone should be welcome to learn about IT, he understands that there’s a cause of concern in making IT all about the money. The industry needs passionate individuals, Kev explains, and the desire to learn needs to be present when you take that next step into IT.
“I'm sorry, but this field is not for everyone. If you're going to work helpdesk, or IT support, you need to know how to deal with customer service, you need to know how to deal with people.”
What piece of advice would you have for cyber or IT professionals looking to level up their community?
From Kev’s perspective, gatekeeping isn’t just mean, it’s legitimately harmful to the IT community. IT professionals can’t level up without leaders willing to step up and teach their knowledge. Hiding IT tips or tricks doesn’t save careers, it only succeeds in hurting other IT practitioners and negatively impacting customers relying on that expertise. Kev advocates for increasing transparency within the IT and cyber communities, and explains that gaining knowledge should be valued more than capital gains by practitioners and professionals.
“I believe in helping the community, I believe in sharing your knowledge. So, the more engaged you get with the community, the better it is for everyone.”
--------------- Links:
Keep up with Kevin Apolinario on LinkedIn Check out Kevtech IT Support on YouTube and Discord Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Making Hacking Accessible with Deviant Ollam | 28 Jul 2022 | 00:34:14 | |
In this season of Hacker Valley Red, we focus on cybersecurity legends in offensive operations with a legend in the physical pen testing and lockpicking: Deviant Ollam. As a pioneer in our industry and an author of two incredible books about lockpicking, Deviant shares his history from hobbyist to professional and all that he’s learned along the way about making the secrets of the hacking world accessible to all. Timecoded Guide: [01:28] Defining the pioneers in cybersecurity [08:47] Deviant’s first explorations in lockpicking [16:03] Accessing and democratizing hacking secrets [18:58] Becoming an author to transfer his knowledge [23:12] Seeing the past, present, and future of hacking Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy! And be sure to come say hello to us at Black Hat at Booth #1686! ---------------- What does it mean to be a pioneer in cybersecurity? As our season focuses on legends, it’s important that we explain what makes these individuals such a vital part of our community. In the case of this episode, we explain that our guest Deviant is nothing short of a pioneer. Deviant has been willing to take on new challenges and revolutionize the industry throughout his career, influencing hundreds of individuals and leaving a lasting educational impact on the entire industry. “That ‘zero to one’ part can be the hardest part of any progression in any field, but especially in cybersecurity.” — Chris
When you reflect on changing this whole industry, how does that make you feel? Despite our guest’s legendary reputation, Deviant is humble about his achievements, caring more about how his work has impacted others than himself. What he focuses most on in his teaching, presentations, and writing is making lockpicking and penetration testing accessible and understandable. Instead of harboring secrets and perpetuating exclusionary policies, Deviant wants anyone to be able to master these skills and understand this knowledge. “I’m not the first one who ever did this. What I like to think of my contributions is that they have chiefly been making it accessible and democratizing this knowledge.” — Deviant
Do you think it's harder today to stand out than it was a couple decades ago? For Deviant, our globalized internet and algorithm-focus social media sites are both a blessing and a curse. While knowledge can be found on every corner of the web and anyone can become familiar with information that was once borderline inaccessible, Deviant also recognizes that younger hackers and lockpickers will have a very different rise to success than he did years ago, especially due to fragmented audiences and tricky algorithms. “We have more avenues to put yourself on display, to put yourself out there than ever before, but that means the audience is fragmented and is spread so thin.” — Deviant
What piece of advice would you have for the folks that want to make an impact in security and technology and in our community today? Although success will look different for newer members of our cybersecurity community, Deviant is confident that the younger innovative minds of the future will be able to solve so many of the long-standing problems within our industry. However, he reminds our younger audience that they need to still respect the tenured members of the cybersecurity world and to learn from them without oversimplifying the issues past professionals have faced. “Start thinking about it in a way that doesn’t use ‘just,’ because every old head in the industry has heard that….We couldn’t ‘just’ do it, or we would’ve ‘just’ done it.” - Deviant ------ LINKS: Spend some time with our guest, Deviant Ollam, on his website, Twitter, Instagram, and Youtube channel. Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter. Follow Ron Eddings on Twitter. Catch up with Chris Cochan on Twitter. | |||
| Cyber Espionage & Entrepreneurship with Karim Hijazi | 26 Jul 2022 | 00:33:19 | |
Karim Hijazi, Founder & CEO at Prevailion and host of the Introverted Iconoclast podcast, comes to Hacker Valley Studio to discuss his varied experiences in entrepreneurship. With a humble start in bartending, Karim explains how learning about people inspired his exploration into counterespionage and cybersecurity. Armed with stories from the streets of NYC to the hallways of his own companies, this episode is a look into the mind of a successful entrepreneur and founder of 2 incredible businesses. Timecoded Guide: [00:00] Bartending in NYC and its overlap with espionage and entrepreneurship [07:14] Real-life knowledge application in cyber intelligence [12:15] Founding Unveillance and being acquired by Mandiant [18:22] Karim’s entrepreneurial mindset and his journey with Prevailion [24:51] DIY podcasting with Introverted Iconoclast and learning to tell his stories
Sponsor Links: Thank you to our sponsors Axonius and AttackIQ for bringing this episode to life! Want to learn more about how Mindbody enhanced their asset visibility and increased their cybersecurity maturity rating with Axonius? Check out axonius.com/mindbody AttackIQ - better insights, better decisions, and real security outcomes. That's why we partnered with them to create free cybersecurity trainings! Check it out at academy.attackiq.com
How do your experiences in bartending and espionage overlap? The jobs taken as a means to an end just might teach something invaluable. This was the case for Karim, who took a job bartending to make ends meet while he figured out what he wanted to do with his future. At the time, cybersecurity and counterespionage weren’t on Karim’s radar, but bartending taught him about people; how they act when they want something and how to connect with them even in the busiest and most public places. Learning this changed the game for Karim when he got into the espionage world and assisted him even more so when he became an entrepreneur in the industry. “It's just learning the way to slowly gain a confidence level with someone. It's actually where the word "con man" comes from, confidence man. Ultimately, that is how you get the information you need.”
What are the different aspects that organizations or individuals look at with counterintelligence? At Karim’s own firm, the shift from competitive intelligence to counterintelligence focused around three security aspects. One, identifying weak spots and vulnerabilities, noticing your points of exploitations and vectors of attack. Two, taking advantage of disinformation, using it to root out moles within an organization and throw off cyber adversaries. Finally, three, finding out where your information is going and noticing where there is weaker security than your own. Karim emphasizes that in this third aspect, it is not so much about an organization’s strategy when the information is still at home. It’s harder to secure information once it goes elsewhere. “A controlled rumor within an organization can do several things. It can weed out a mole that you may have, a spy within your organization that maybe you don't know about, that's been able to be hired and gotten through the background checks and whatnot.”
When you look back to starting your journey as an entrepreneur, what are some of the wrong assumptions you made early on? Karim, like many entrepreneurs, was under the impression when he founded his first company, Unveillance, that he should be seeking to hire, not to do anything himself. While hiring is an important part of being a business owner, Karim has realized that it's better to learn how every piece of the machine of a company works before hiring. Trying things out for himself and taking a chance on his own abilities hasn’t been easy, but it’s made him a better leader for his employees. If they drop the ball or need his assistance, he’s able to lead from a place of understanding and call the shots with his own vision in mind and his own knowledge to back him up. “As a CEO, it's almost imperative for you to go and try it all, even if you fumble through it and you get by with something that is subpar. It's better to have tried it and understand it, so now you know how to call the shots a little better.”
What prompted you to start your podcast, Introverted Iconoclast? Ironically enough, Karim’s podcast was a do-it-yourself project born out of having an employee drop the ball on creating it for him. Relying on himself and struggling his way through the beginning, Karim realized that podcasting is not just about the equipment and the idea behind it, it’s about the stories being told. Focusing on the lead up and context around some of his own career stories and professional highlights, Karim was able to discover the rhythm for his podcast and build a solid foundation of content that opened up doors for new topics to be addressed and new guests to welcome onto his show. “It's very cathartic for me. Speaking the stories out loud, rather than just sort of regaling people over a dinner or thinking back on them nostalgically, is extremely interesting because you remember things you don't remember when you're casually talking about them.” --------------- Links: Keep up with Karim Hijazi on LinkedIn and Twitter Check out Prevailion on their website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Where Cyber Meets Content Creation with Henri Davis | 19 Jul 2022 | 00:32:48 | |
Henri Davis, CEO of TechTual Consulting & host of the TechTual Talk Podcast, comes to Hacker Valley this week to talk about his history with cybersecurity incident response and the content he currently creates with the TechTual Chatter Youtube channel. From interview tips, passion vs creativity, the intersection of cybersecurity and content creation, Henri walks through the path his career has taken him on, as well as imparts advice on those looking to follow a similar journey.
Timecoded Guide: [00:00] Explaining incident response’s role in cyber [07:15] Henri’s journey from incident response to TechTual CEO [14:04] TechTual Consulting’s content about interviews & breaking into cybersecurity [23:43] Marrying passions together within your career path [29:54] Career path advice, cybersecurity vs content creation
Sponsor Links: Thank you to our sponsors Axonius and AttackIQ for bringing this episode to life! Want to learn more about how Mindbody enhanced their asset visibility and increased their cybersecurity maturity rating with Axonius? Check out axonius.com/mindbody AttackIQ - better insights, better decisions, and real security outcomes. That's why we partnered with them to create free cybersecurity trainings! Check it out at academy.attackiq.com
If you could explain it to someone who has never been in a cybersecurity incident before, what is it like from the beginning of the incident through to closure? While the majority of Henri’s work revolves currently on content creation, Henri’s background in cyber has extensive involvement in incident response. Incident response, although vital for today’s cyber industry, is sometimes misunderstood, even by cybersecurity practitioners. Henri explains that incident response is something you don’t see the usefulness of until you do it, and that attempting to work through an incident can feel like dealing with a car crash; you always have a risk of something like this happening, and it matters how you prepare for it. “An incident is like a car wreck. A wreck is something that you have a potential risk for, but you drive with insurance hoping that if it does happen, you know what to do. And even though it happens, you're still not prepared for the actual wreck.”
How are you hoping to help people, especially those breaking into cybersecurity, with TechTual’s content? Henri’s focus on TechTual has given him an outlet for content creation and he hopes to use that platform to consistently help others. With the pandemic creating many jobless and job searching people, Henri saw an opportunity to focus on cybersecurity and IT content and assist outsiders looking to transition into the cyber industry. From tips about interviews to assistance with resumes, Henri often covers the basics with the mission to empower others, no matter their background, to embrace the ever-expanding industry. “My goal is to say it's okay. Everyone has a starting place, everyone has to start from somewhere. Just build your skill set up and eventually, you won't even have to have your LinkedIn profile open for work.”
When you find something that you're passionate about, and then you find another thing that you're passionate about, how do you marry those two together? A marriage between passion is definitely possible, especially when looking at someone like Henri, who combines his love of content creation with his experience in cybersecurity and his passion for helping others. However, Henri is realistic in explaining that there’s a give and a take to the decisions made around your career path and how passions impact that. Henri recommends choosing a career path not just centered around passion, but instead focused on providing for yourself and your family. When your needs are fulfilled with your job, your passions and hobbies can grow and turn into legitimate projects in your life. “If I was just by myself, I could just bet on myself, I always bet on myself. When you have that family aspect to it, you have to kind of weigh your options and see when the time is going to be right, and how you can do that.”
What is that one piece of advice that you would have for somebody that's looking to take one path in their career journey, but they have many paths before them? During episodes of TechTual Talk and TechTual Chatter, Henri focuses heavily on career advice, especially when it comes to making the right decisions in your career journey and behaving professionally during the interview and job search processes. When asked about advice he would give, Henri explains that prioritizing logical paths and being honest in the work you do will always have a positive impact on job prospects. For example, lying in the interview process can lead to long term dissatisfaction between employee and employer, and building a career without a logical path is never a strong foundation for anyone’s future. “What is the most logical path for you right now? Which one is the lowest barrier to entry for you? What's going to take care of you, or whatever your situation is? Try to do that first, and then reserve time for your passion.” --------------- Links: Keep up with Henri Davis on LinkedIn and the TechTual Consulting Website. Check out Henri’s podcast, TechTual Talk, and his Youtube Channel, TechTual Chatter. Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Financial Independence & Freedom with Eddie Thomason | 12 Jul 2022 | 00:33:55 | |
Eddie Thomason, bestselling author, speaker, consultant, and creator of the Simply Secure podcast, comes to Hacker Valley Studio to discuss financial independence, the freedom of a healthy work-life balance, and habits that have helped him succeed. As a father of two with a full-time job and a thriving content creation career, Eddie explains not only how he does it all, but also how much he cares about helping other security professionals achieve the same level of success.
Timecoded Guide: [00:00] Eddie’s background & his current cyber role with Data Locker [06:07] Growing up in Baltimore City & finding his podcasting inspiration [13:10] Balancing work & life with calendar planning [19:13] 4 essential habits: reading, listening, association, & work [28:20] Advice for digital content creators & security professionals
Sponsor Links: Thank you to our sponsors Axonius and AttackIQ for bringing this episode to life! Want to learn more about how Mindbody enhanced their asset visibility and increased their cybersecurity maturity rating with Axonius? Check out axonius.com/mindbody AttackIQ - better insights, better decisions, and real security outcomes. That's why we partnered with them to create free cybersecurity trainings! Check it out at academy.attackiq.com
What is the connection between cybersecurity and this financial independence and freedom mindset you have? In his book, on his podcast, and throughout his career, Eddie has emphasized the importance of financial independence, especially when it comes to diversifying his income. Instead of calling his projects and revenue streams “side hustles,” Eddie prefers to think of them as baby businesses; small businesses in the infant stage that have massive professional potential. With COVID severely changing Eddie’s economic perspective, he firmly believes in having multiple sources of income and in fostering the growth of each project until he’s seeing revenue to rival the full-time income he already makes in his day job. “If you look at it as a side hustle, that's all it's ever going to be, it's just something that creates a little bit of extra income, but if you look at it as a baby business, that could really replace the income that you currently make.”
How do you balance content creation, day-to-day job responsibilities, and fatherhood? Being an author and a cybersecurity consultant can both already be demanding jobs, but throwing 2 young children and an entire podcast into the mix makes Eddie’s success borderline hard to believe. However, Eddie credits his success to understanding his priorities and heavily managing his calendar. Entrepreneurs need to think of their schedules down to the minute, maybe even the second. Eddie is not afraid to set aside time for his children, even if it means he has to work in the evenings on his own entrepreneurial goals. Eddie knows that when he puts his calendar together, he is giving himself the time he needs and deserves to work and spend time on what’s important to him, even alongside all his other responsibilities as an employee. “If you're going to work for 8 hours a day for somebody else's dream, then why can't you come home on a daily basis and give yourself at least 2 hours? We're not talking about a whole nother 8, but give yourself at least two hours. From the hours of 5 to 7, what can you do to invest in yourself?”
What are some successful habits you’ve picked up throughout your life and that you mention in your book, Unlock Yourself? Four successful habits guide Eddie through his busy life as an entrepreneur and full-time worker, the first of which is reading. Reading is a source of knowledge and connection with others, and Eddie has learned amazing lessons from reading books and articles. The second is listening, which, just like reading, offers Eddie the ability to learn and to connect with the world. Coming in third is association. Surrounding himself with people who inspire him and are dedicated to his goals reminds Eddie of how badly he wants this. Fourth and finally, work. Putting in the work without expecting the success to happen overnight helps Eddie with his patience and always leads to a much better payoff. “If you surround yourself with incredible people who inspire you and uplift you and encourage you, then there's no reason why you should not get to your goal. There's no reason why you should give up because you have people that understand how badly you want to accomplish your goals. They won't let you quit on yourself.”
Do you have advice for those looking to achieve success similar to you? Although it may seem daunting to tackle a career as extensive as Eddie’s, Eddie is confident that his mindset around work can help anyone become successful. Most specifically, amongst all the entrepreneurial advice Eddie gives, his strongest point centers around understanding the “why.” Knowing why he does what he does not only helps keep Eddie on track for a solid work-life balance, it also allows him to see the impact his work has on the people around him. With his wife being a stay-at-home mom and his children being young, Eddie understands the necessity of his hard work and wants to inspire his family with his continued success. “If I don't perform, the people around me suffer. If I don't do what I need to do, then the people around me are not going to be better off. The impact that it is going to have on them is so much heavier than the impact that it'll actually have on me individually.” --------------- Links: Keep up with Eddie Thomason on his website, Youtube, LinkedIn, Instagram, and Facebook Check out Eddie’s podcast, the Simply Secure Podcast, and his book, Unlock Yourself Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| The Future of Artificial Intelligence with Jeff Gardner | 05 Jul 2022 | 00:32:42 | |
Jeff Gardner, CISO at Germantown Technologies, comes to Hacker Valley Studio this week to talk about the future of cybersecurity and what up-and-coming hackers may encounter on their journey into an ever-evolving industry. With a specific focus and interest in artificial intelligence, or AI, Jeff’s discussion in this episode covers the current perception of AI in tech, the timeline of when we may see highly-intelligent AI come into play, and what the future of AI looks like from a cybersecurity standpoint.
Timecoded Guide: [03:54] Focusing on numerous areas during his day job as CISO and understanding the necessity of a strong team of trusted cyber professionals [09:00] Getting excited about current and upcoming technology in cyber while remaining realistic about present day limitations and needs [15:53] Automating security analyst tasks and finding the quality control balance between machine knowledge and human intuition [22:50] Breaking down the concept of “bad AI” and understanding how to address the issues that may arise if AI is used for nefarious purposes [28:22] Addressing the future of unique thought and creativity for computers and for human beings
Sponsor Links: Thank you to our sponsors Axonius and AttackIQ for bringing this episode to life! Want to learn more about how Mindbody enhanced their asset visibility and increased their cybersecurity maturity rating with Axonius? Check out axonius.com/mindbody AttackIQ - better insights, better decisions, and real security outcomes. Be sure to check out the Attack IQ Academy for free cybersecurity training, featuring Ron and Chris of Hacker Valley Studio, at academy.attackiq.com
What are some of the things that you are expecting the next generation to be doing when it comes to bypassing security in a way that they won't get caught? Jeff, like many hackers and security pros in the industry, started his journey in cyber by hacking different systems from his own computer as a kid just because he could get away with it. While that type of hacking still exists, there are new ways for systems to manage and counteract these threats and attacks, as well as expose who is behind it. The new generation of hackers will learn in different ways on different technology, and Jeff is confident that what they choose will come because of where the security industry is already going, with devices that use machine learning and pattern learning, as well as the continuing development of AI. “When it comes to artificial intelligence and all the myriad of models and neurons and all that, we're still pretty much at single neuron, maybe double neuron systems. But, as things evolve, it's gonna be harder and harder to bypass those defenses.”
What is your perspective of AI not being here and available for us yet? In Jeff’s opinion, the biggest thing missing from our current AI to really make it the intelligence we claim it is, is creativity. We have smart technology, we have technology that can automate tasks and can be told very easily what to do, all through feeding in data and processes. However, Jeff points out that most of what we call artificial intelligence in the cyber and tech industries doesn’t have the creativity or the human intuition to match the human brain. We’re in an exciting escalation of technology and intelligence, but we aren’t at true AI yet. “I think one of the things that's missing from AI, and it's being solved rapidly, is creativity. We train it through models, but those models are only the data that we give it. How smart is the system if you just give it a plethora of data and have it come to its own conclusions?”
How far away do you think we are from highly intelligent AI? Although the futuristic AI that appears in science fiction movies and books isn’t here yet, Jeff believes we aren’t far off from a level of computer technology that we have never seen before. With the quantum leaps in technology that we’ve continued to see, namely in computers starting to solve math problems we’ve never even thought of or engage with art in a way we’ve never dreamed possible. What we see now is the tip of the iceberg, but the future holds massive potential for what AI will look like and what automation of certain tasks will look like, with accuracy rates for analysis technology continuing to narrow to 99.9% accuracy rates. “When you can get to that level of processing speed, you can do things we can't even dream of, and that's what they're doing now. They're solving math problems in ways that humans have never thought of, they're creating art in ways that humans couldn't imagine.”
How do we create AI for good? The fear of the “evil” or “bad” artificial intelligence comes up frequently when we discuss what the future of AI may look like from a security standpoint. However, Jeff is confident that the issue is not as black and white as our fears make it. For starters, when we understand the purpose behind what “bad” AI might be programmed to do, we can put other measures in place to combat it. On the other hand, the struggle of good vs bad, right vs wrong has been a problem in hacking and in cyber since the first white hats and black hats came into existence. The fear of bad AI is a philosophical discussion instead of just a technical conversation. “I think it all comes down to, like you said, purpose. What's the purpose of the bad AI? What's it trying to do? Is it trying to hack our systems and steal the data? Is it trying to cause physical harm?” --------------- Links: Stay in touch with Jeff Gardner on LinkedIn Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Learning to Lead Future Tech Leaders with Dr. Stacey Ashley | 28 Jun 2022 | 00:28:46 | |
Leadership expert, Dr. Stacey Ashley, joins us at the Hacker Valley Studio to talk about her journey from the corporate world of leadership to her current roles in consulting and coaching. As a speaker, author, and educator for leaders, especially executive and C-level leaders, Dr. Ashley shares foundational skills needed to go from expert to leader, mindset shifts that need to occur regarding our perspective on our own leadership responsibilities, and experiences that inspired her to become an author. Timecoded Guide: [02:58] Developing stronger leadership capabilities and understanding the value of scaling work with her decision to become an author [09:51] Jumping over the hurdles and obstacles to becoming a better leader through mindfulness, practice, and checking the privilege of your executive role [13:45] Knowing when to get off the treadmill of busyness and focusing on setting better boundaries for yourself as a leader [20:53] Cultivating the next level of leadership with a focus on mentoring, role modeling, and coaching [25:40] Providing advice for future leaders and understanding the values of awareness and of developing your listening skills Sponsor Links: Thank you to our sponsors Axonius and AttackIQ for bringing this episode to life! Want to learn more about how Mindbody enhanced its asset visibility and increased its cybersecurity maturity rating with Axonius? Check out axonius.com/mindbody AttackIQ - better insights, better decisions, and real security outcomes. That's why we partnered with them to create free cybersecurity trainings! Check it out at academy.attackiq.com
What have been some of the challenges that you've seen, out of yourself or from others, to start to cultivate that leadership ability? There’s a common path to leadership in many industries, especially tech and cyber, where becoming good at your job skyrockets you into leadership spaces and executive roles. While this is often an achievement worth being proud of, Dr. Ashley warns that we rarely mentor and teach these newly appointed leaders how to lead. Expert skills are important to have, but not being able to satisfy your executive role and your leadership responsibilities with developed leadership skills leads to confusion and dissatisfaction amongst employees and clients who aren’t receiving the type of leadership guidance normally delivered by someone in that role. “It's great to have those specialist skills, but it's not enough. If you're going to lead people, if you're going to lead a program of work, if you're going to be a thought leader, or an influencer, or any of those things, you need to have more skills.”
What are some of the common obstacles that people have that keeps them from being the best leader that they can be? Dr. Ashley is the first to admit that tech leadership issues and obstacles are hardly a one size fits all. However, a commonality she sees is a focus on busyness instead of on active leadership practices. Being “busy” does not translate into high levels of productivity, especially for leaders in prominent company or industry roles. She advises that a better focus for leaders and aspiring executives is to practice their leadership skills and prioritize finding a coach or mentor, instead of just filling up their schedule with unnecessary busy work. “This whole concept of busy isn't actually very effective. Busy is just doing stuff for the sake of doing stuff. One of the things that I find that great leaders do is that they're really clear about where they make a difference, where they add value, where they can make a real contribution. They don't focus on being busy, they focus on the important stuff.”
What sort of creative license do you give for those people that just want to be helpful, but are over taxed when it comes to their job? We all want to better prioritize our tasks and to feel less overwhelmed by our work, but setting boundaries often feels mean or unrealistic for those used to being helpful and people pleasing. Dr. Ashley sees this a lot in her work, where she often advises people to consider how they’re saying no and what ways they’re presenting what they’re working on. By showing people that you have important tasks that rely on your focus to attend to, you’re inviting them to see your time in a much more understanding light and you will invite them to consider that they should try on their own for a solution and prioritize their own tasks before they can engage with you again. “I think if we let people know that we're doing something else, and that it has a big impact, then they're much more understanding. Also, we're giving that other person some time to see if they can figure that thing out on their own rather than relying on us.”
What are some of the tenants that you follow for cultivating the next level of leadership? Dr. Ashley believes that one of our key responsibilities as leaders is to grow this next generation of leaders and help them develop the best leadership skills imaginable. She advocates for this by focusing on three core tenants. The first being mentorship, meaning you’re willing to share your knowledge, wisdom, and experiences all on a personal mentorship front. The second is role modeling, where you’re showing how to be a good leader, representing what that looks like for everyone in your business. The third? Coaching, which she bases a large majority of her career around. Being able to coach and provide a customizable approach for future leaders allows them to address what they need to learn and where they need to grow. “I don't know if every leader recognizes this, but every day, you are role modeling. You may not be role modeling great stuff, but you are role modeling. And so, you have a responsibility every day to recognize your role modeling.” --------------- Links: Stay in touch with Dr. Stacey Ashley on LinkedIn, Facebook, and Instagram Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Making Corporate Leadership Human with Ginny Clarke | 21 Jun 2022 | 00:31:25 | |
We invite our friend, Ginny Clarke, to Hacker Valley this week to talk about conscious leadership and self-awareness as a way to take our organizations to the next level. Using her prior experience at tech giants like Google and her five dimensions of leadership, Ginny explains how we can better hold the leaders in our lives accountable, what will benefit our civilization the most for future generations in the workplace, and where we should focus our efforts for diversity, equity, and inclusion.
Timecoded Guide: [05:34] Losing her parents at a young age, connecting to a spiritual guide to cope with grief and stress, and getting back in touch with ourselves in order to connect with others [12:03] Seeing and validating the past experiences of our fellow humans, healing ourselves in order to heal organizations, and acknowledging the role of mental health in the health of our companies [16:34] Understanding diversity, equity, and inclusion beyond just hiring, and stopping yourself from waiting for an organization to step up to an opportunity that belongs to underrepresented communities [22:38] Shifting the metrics of how we value organizations and leadership, and seeing where the accountability issues of CEOs for what they really are [27:48] Leaving a legacy through creativity and inspiring others to recognize how they have the power to change the world Sponsor Links: Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone. With Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution: uptycs.com.
How do we move current leadership statistics to something much healthier? With a depth of experience in recruiting executive leaders in a variety of organizations, Ginny shares a striking and horrifying statistic with us: 18% of leaders are considered good. Only 18% feels incredibly low, especially when a large portion of companies claims to hire the best leaders based on pedigree-level qualifications. In Ginny’s opinion, leaders are not held to a high enough standard in the workplace, and aren’t measured on their performance beyond basic financials. With so much more at stake, Ginny warns that companies are only as strong as their leaders, and are even weaker when they never hold those leaders accountable. “That’s why we have organizations that are, I dare say, quite fragile. It’s because of the lack of leadership. They might have a lot of money, they might have really intelligent, well-educated people, but to the extent, those organizations don't have actual leaders for whom they are holding accountable for their leadership competencies.”
How do we show up better for others and really see the whole human? We cannot improve our society as long as we continue to see ourselves as completely separate from it. This, among other world-changing views, guides Ginny towards seeing people beyond just their outward appearance, viewing them as a whole human, composed of all of their experiences. There is so much fear, anxiety, and bias, especially in the world of hiring and recruiting, and Ginny hopes to show up better for others through better accountability for our leaders and a stronger connection to ourselves. “We, as a civilization, can't fix it as long as we're seeing it as separate from ourselves. So, that's where the self-love comes from, and the support and the sharing and the non-dualistic orientation, which defies everything about tech, right? Tech is all about the binary, the ones and zeros, and here, I'm talking about something that is far more inclusive than that.”
What have you learned from this big effort that we have going on with diversity, equity, and inclusion? Ginny, much like many of us in tech, cares about efforts of diversity, equity, and inclusion, but believes that many companies talk the talk without ever walking the walk. When working with recruiters in large companies, Ginny discovered that many don’t understand how to implement diversity in an impactful way in their organizations, beyond appearances and statistics. Encouraging colleagues to be true to their authentic selves in the workplace, she believes that now is the time to embrace diversity at work beyond the limitations of waiting for company leaders to embrace them. “I think there's been organizational malpractice as it relates to diversity, equity, and inclusion. I think you got a lot of people who actually don't want to understand it, they're not going to the root cause. They're throwing money at it, they're hiring a chief diversity officer and saying, ‘Okay, you fix it.’”
What do you think people can do today to start to make an impact and move the world in a positive direction? The secret to changing the world? Ginny believes that it’s acknowledging that you have the power to change it at all. On her own spiritual journey, Ginny has discovered there’s so much more to our impact on our surroundings beyond our everyday actions at work. Using examples of heightened vibrations, inspired creativity, and personal accountability, Ginny explains that your ability to change the world has never been as powerful as it is right now, as our society and civilization continue to shift towards new forms of leadership and new developments in organizations are the world. “I want to activate and stimulate people's imagination. You know, young kids have imagination and that creativity, that spawns, that manifests, that takes hold, that becomes real, and that's how we change the world, so that it's good for all and that becomes the objective. That's my legacy. It's creating good for all.” --------------- Links: Stay in touch with Ginny Clarke on her website, LinkedIn, Twitter, and Instagram Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio | |||
| Co-founding Revelstoke through Communication with Bob Kruse | 14 Jun 2022 | 00:28:03 | |
We invite Bob Kruse, Co-Founder and CEO of Revelstoke Security, down to Hacker Valley Studios this week to talk about his journey from investment banking to cybersecurity sales to owning and operating his company with Josh McCarthy. With a focus on communication and peoples skills, Bob discusses how to be a leader in the cybersecurity community, including building strong relationships with staff members, connecting with cyber experts, and developing successful security teams. Timecoded Guide: [03:40] Selling software to cybersecurity practitioners and managing the skepticism around marketing to an audience that’s taught to doubt and question [08:12] Gaining inspiration for Revelstoke Security from the entrepreneurs in his family and his experience starting his cyber business with his partner Josh McCarthy [12:51] What being an early-stage startup looked like for Revelstoke and lessons learned from their first pitches to cybersecurity investors [15:01] Comparing and contrasting being someone in cybersecurity sales to being a CEO of his very own company [20:58] Looking towards the future of Revelstoke Security as they expand into new markets and continue to build their business around providing solid cybersecurity jobs Sponsor Links: Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone. With Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution: uptycs.com.
Were there any speculations like, "Hey, can this guy really go from sales to being a CEO at a tech company?" Bob’s focus throughout his career in cybersecurity has completely revolved around sales. From his first cybersecurity role at Oracle Corporation to his recent position at Demisto, Bob’s prominence and impact on the cyber industry has always had sales at the center. Co-founding Revelstoke, Bob encountered skepticism and wariness from investors, curious if he would be able to transition into a cybersecurity CEO. Thanks to his knack for knowledge and his confident partner Josh, Bob has defied expectations and built up his own confidence in his new role. “It's about having a co-founder that compliments you, that you can implicitly trust, and implicitly trusts you. You can have the best technology in the world and the best idea in the world, but if you don't have a trusted relationship…it's not going to be successful.” Between your previous life in sales, and now, being a founder and CEO, what are some of the parallels? With so much experience in sales on his resume, we were curious which parts of Bob’s journey to CEO were similar to previous positions he’s held. It turns out, just like we’ve discussed on Hacker Valley Red, communication has been a key element no matter Bob’s position in cyber. No matter who he’s talking to, or what side of the house he’s marketing towards, people skills continue to be his forte. Being able to have discussions with employees, investors, and potential clients relies heavily on honest authentic communication skills, even though his business knowledge has had to grow immensely since becoming CEO. “Today, I still lean on my people skills, and over-communicate. I try to have one-on-ones with everybody in the company. I welcome every new hire we have, and it's increasingly important, obviously, as we have a widely distributed team.”
Where has your focus on introductions and networking come from? We know Bob as an introduction master, and he’s even helped us with meeting some of the biggest guests we’ve invited to Hacker Valley. With so many cyber security experts in his network from all corners of the cybersecurity industry, we had to ask Bob where he learned the value of making those connections. It turns out— it’s always been that way for Bob Kruse, from the days of his early childhood working at his father’s business. Connecting others, communicating with them, and learning how to help has been his passion for his entire life. “When somebody needs your help, it's a compliment. I've always found it as a compliment in that I have something they don't, and I can impart on them some sort of an introduction, or a reference, or some knowledge.”
What impact or impression are you hoping to leave on the world with Revelstoke? There are a lot of cybersecurity startups that make their way down to Hacker Valley, but Revelstoke Security seems like a different breed, with a strong staff at its core— so strong that they’ve only grown since they began and have yet to lose a single employee. With an impact like that on the cyber job market, we asked Bob what he sees on the horizon for Revelstoke. He made it clear: more jobs. Success, for Bob and Josh at Revelstoke, relies on building strong teams and providing the right jobs for those team members and their families. “Success…is starting a company and providing jobs for people, jobs that never existed before you decided to start a company. I want my legacy to be somebody that not only started a successful company financially, but that employed a lot of people and supported a lot of families.” ---------- Links: Stay in touch with Bob Kruse on LinkedIn and the Business Journal Leadership Trust website. Learn more about Revelstoke Security on their website. Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
| |||
| Soft Skills in Technical Sales to Connect and Sell More with Evgeniy Kharam | 17 Sep 2024 | 00:31:29 | |
Technical skills open doors, but are soft skills sealing the deal? In this episode, Evgeniy Kharam reveals how communication and connection lead to success in technical sales.
From vulnerability to voice control, Evgeniy shares how to connect with clients and sell more effectively in tech.
Evgeniy Kharam has authored “Architecting Success: The Art of Soft Skills and Technical Sales”, to teach the art of soft skills, and the importance of building connections through vulnerability.
Impactful Moments: 00:00 - Introduction 01:08 - Meet Evgeniy Kharam 02:21 - Ski & Snowboard Cybersecurity Conference 06:22 - Impact of Events and Community Building 10:19 - ‘Architecting Success’ 10:36 - Sales Engineers’ Evolving Role 25:58 - POCs and Soft Skills 28:01 - Your Voice: A Key Soft Skill 31:28 - Connect with Evgeniy
Links: Connect with our guest, Evgeniy Kharam: https://www.linkedin.com/in/ekharam/ Check out Evgeniy’s Book, “Architecting Success: The Art of Soft Skills in Technical Sales: Connect to Sell More“ here: https://a.co/d/0xJSyew Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
| |||
| Emotions In Cybersecurity with Sherianna Boyle | 07 Jun 2022 | 00:33:46 | |
In the turbulent world of cybersecurity, it can be difficult to not get caught up in the emotions of it all. Fear uncertainty, doubt...not to mention, burnout. It's not surprising cybersecurity is often seen as being a highly stressful field. But is it possible we may be addressing and interpreting our emotions, as practitioners, in the wrong way? Ron and Chris are joined by author and coach, Sherianna Boyle, to talk about the role that emotions play in our daily lives and how to process them correctly. In this episode, Sherianna walks us through: -What goes into emotional detoxing -The difference between reaction and emotion -How breathwork can transform your life Sponsor Links: Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone With Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution uptycs.com/ Be sure to stop by their booth #435 at RSA 2022 Guest Bio: Sherianna Boyle is an author of nine books including, Emotional Detox Now: 135 Self-Guided Practices to Renew Your Mind, Heart & Body. She is also the founder of the CLEANSE Method® Emotional Detox Coaching® Cleanse Yoga® servicing clients, businesses, healthcare providers and educators worldwide, virtually or on site. You can hear more from Sherianna, and her work, on her show Emotional Detox Now Podcast. Links: Stay in touch with Sherianna Boyle on LinkedIn and Twitter Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
| |||
| Being THE Cyber Warrior with Derek Scheller | 31 May 2022 | 00:28:14 | |
Making an impact in the cybersecurity community as a content creator is no easy task! Just ask Derek Scheller, aka The Cyber Warrior. Derek joins hosts Ron and Chris to talk about how he brings his unique personality and positive messages to inspire folks within, and breaking into, cyber. In this this episode, Derek shares:
Check out Ron and Chris’ interview with The Cyber Warrior on Security Happy Hour, here! Sponsor Links: Thank you to our sponsors Axonius and Uptycs for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone With Uptycs, modern defenders can prioritize, investigate and respond to threats across the entire attack surface—all from a common solution Uptycs.com Be sure to stop by their booth #435 at RSA 2022 Guest Bio: Derek Scheller is a Senior Security Consultant for Seiso, LLC. In 2017, he retired from the US Army as a Cyber Network Defender and worked in both defensive and offensive operations. When he is not helping clients with their security needs, he is a content creator that aims to help as many people as possible enter the cyber security space. You can find him on YouTube Twitch, LinkedIn, and Facebook under Cyber Warrior Studios, where he posts weekly. Links: Stay in touch with Derek Scheller with Cyber Warrior Studios on LinkedIn and Twitter Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out more from Hacker Valley Media and Hacker Valley Studio
| |||
| Adapt and Overcome with Amy Bream | 26 May 2022 | 00:32:24 | |
Life is full of complexity -- just ask adaptive athlete Amy Bream, this episode's special guest. She was born with one leg, but that didn’t stop her from growing up to become a kickboxer. In 2021, she competed in the CrossFit Games, placing in the top five. And in 2022, she came in first at Wodapalooza — one of the biggest fitness competitions in the world. The key to her success? Controlling what she can. Join her, Ron and Chris as they discuss: -How self perception shapes how others interact with you -The power of showing up and believing in yourself -Amy’s viral moment at the CrossFit Games -Her partnership with Axonius -Her advice for those struggling to show up in life Check out Amy's Controlling Complexity video, presented by Axonius: axonius.com/amybream
Sponsor: Thank you to our Axonius, for bringing this episode to life! Life is complex, but it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone Links: Visit Amy Bream on Instagram Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
| |||