Mon, 18 November 2024
Ep. 247 - Security Awareness Series - A Day In The Life of a Dark Web Threat Advisor with Mary D'Angelo REPLAY
REPLAY (Original Air Date Feb 19, 2024) Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Mary D'Angelo. Mary helps clients understand the threats that exist on the dark web and how to use that intelligence to bolster their cybersecurity programs. With a solid foundation from the University of Washington, where she earned her Bachelor's degree, Mary has rapidly ascended as a global leader at SearchLight Cyber. Her expertise, honed over six years, delves deep into understanding the nuances of dark web threat actors and their intelligence. Mary's and her company’s insights and analyses have been instrumental in shedding light on the shadowy aspects of cyber threats emanating from the dark web. Her work not only aids in neutralizing these threats but also contributes significantly to the broader understanding of cyber security dynamics. Additionally, Mary’s passion is volunteering her talents into nonprofit organizations. She was a mentor for Big Brothers and Big Sisters. Recently, she has devoted her time to a nonprofit called, The Innocent Lives Foundation, which uses Dark Web Threat Intelligence to help law enforcement stop child traffickers. [Feb 19, 2024]
00:00 - Intro 00:41 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:56 - Mary D’Angelo Intro 04:12 - What is a Dark Web Threat Intelligence Advisor? 04:36 - One Giant Leap 07:04 - On the Front Lines 11:53 - Deep Web, Dark Web, Clear Web...Oh My! 13:43 - Shifting to the Deep 14:58 - Crime Pays 17:39 - 2024 Forecast 19:00 - Left of Boom 20:53 - All in this Together 21:53 - An Ugly Example 25:19 - Timely 26:30 - Relevant 28:02 - Actionable 29:58 - What's Next? 30:54 - Mentors - Siblings 32:05 - Book Recommendations - The Practitioner’s Guide to the Dark Web - Searchlight Cyber - The Ride of a Lifetime - Robert Iger - Never Split the Difference - Christopher Voss &Tahl Raz 33:33 - Find Mary D'Angelo Online - LinkedIn: linkedin.com/in/dangelomary 33:55 - Wrap Up & Outro
Direct download: 1731536009386_Ep._247_-_Security_Awareness_Series_-_A_Day_In_The_Life_of_a_Dark_Web_Threat_Advisor_with_Mary_DAngelo.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 16 September 2024
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Mark Kreitzman. Mark is a seasoned cybersecurity veteran with over two decades of experience building robust security solutions. As General Manager of Efani, he safeguards mobile phone users from the escalating threat of SIM swap attacks. Mark's deep understanding of the evolving mobile landscape makes him a trusted authority on protecting privacy and securing communications in our increasingly connected world. [Sept 16, 2024]
00:00 - Intro 00:19 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:09 - Mark Kreitzman Intro 02:41 - Finding Some Good in the Horrible 07:29 - What's in a Name? 09:18 - Port Swapping: An Overview 14:22 - Let’s Talk Solutions 18:49 - What Efani Does 24:35 - Odd Relationships 32:39 - Find Mark Kreitzman online - Website: www.efani.com - YouTube: www.youtube.com/@efani 34:57 - Mentors 38:25 - Book Recommendations - How to Lie with Statistics - Darrell Huff 40:03 - Wrap Up & Outro
Direct download: Ep._275_-_Security_Awareness_Series_-_Bringing_Light_to_Sim_Swapping_with_Mark_Kreitzman.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 19 August 2024
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Kimberly Sims. Kimberly is the Deputy CISO, Director of Cyber Operations and Cloud Security for American Century Investments. Kimberly has over 17 years’ experience in the Financial Services sector. Prior to joining American Century, Kimberly ran the Information Security Program for the second-largest capital market’s desk in the world, responsible for securing systems that process a trillion-dollar debt portfolio.
Kimberly is an advisory member, and IT lead for the Charter for Veterans, a non-profit organization assisting recovering combat wounded veterans. She is an advocate for mentorship and coaching across the security industry and participates in several industry groups. [Aug 19, 2024]
00:00 - Intro 00:22 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:01 - Kimberly Sims Intro 03:49 - Inspired by a Book 05:32 - Making a Giant Leap! 06:59 - Biggest Mistakes 09:14 - Lessons Learned 11:07 - Security Ambassador 13:23 - Overcoming the Fear 15:20 - Executive Order 17:06 - People, Process, Technology 18:38 - Back to Basics 20:11 - Resiliency Programs 23:14 - The Take Home 24:47 - Jump In! 25:46 - Book Recommendations - Blink - Malcolm Gladwell - Pitch Perfect - Bill McGowan - Permission to Screw Up - Kristen Hadeed 27:49 - Mentors 29:12 - Find Kimberly Sims online - LinkedIn: in/kimberly-sims-733510/ 29:26 - Wrap Up & Outro
Direct download: Ep._271_-_Security_Awareness_Series_-_Advocating_for_Non-Adversarial_Security_with_Kimberly_Sims.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 17 June 2024
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Sigita Jurkynaitė. Sigita works as Information Security Manager at Nord Security, where she is responsible for company's Information Security Management System, ensuring compliance with international standards and regulations, and security training and awareness.
Previously, Sigita worked at Research and Education Network Association GÉANT, where she led a wide range of international projects and teams, information security community activities and Special Interest Groups. She organized cyber security trainings, conferences and workshops in Europe and Asian countries. Sigita was Director of CyberSOC at NRD Cyber Security prior to joining Nord Security.
Sigita holds a Master’s Degree of Business Management at the ISM University of Management and Economics, where she researched the relationships between people's knowledge, attitude and behavior towards cyber security in organizations. [June 17, 2024]
00:00 - Intro 00:18 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:50 - Sigita Jurkynaitė Intro 04:03 - It's Not All Tech 06:24 - A Change in Attitude 09:26 - On the Same Team 13:51 - Back to Basics 14:52 - Reporting, Not Ratio 17:06 - Win Fabulous Prizes! 19:33 - The Toxic List 23:01 - Making it Fun - SWITCH Security Awareness Activities 27:25 - The Power of Ownership 29:28 - One Size Does NOT Fit All! 31:21 - Mentors - Don't You Know That You're Toxic? 34:10 - Book Recommendations - The Security Culture Playbook - Kai Roer & Perry Carpenter 35:11 - Find Sigita Jurkynaitė online - LinkedIn: linkedin.com/in/sigita-jurkynaite 35:38 - Wrap Up & Outro
Direct download: Ep._263_-_Security_Awareness_Series_-_Attitude_Is_Everything_In_Security_with_Sigita_Jurkynait.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 20 May 2024
Ep. 259 - Security Awareness Series - Listen Up Social Engineering Your Help Desk with Aaron Painter
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Aaron Painter. Aaron is the CEO of Nametag Inc., the company who invented "Sign in with ID" as a more secure alternative to passwords.
After watching too many friends and family members fall victim to identity theft and online fraud, Aaron assembled a team of security experts to build the next generation of online account protection. Nametag has a mission to bring authenticity to the internet and enable people to build more trusted relationships. They believe security should be centered around you, the user, and that your identity - like your privacy - is a valuable asset worth protecting.
Having lived and worked in six countries across four continents, Aaron exemplifies a new generation of global leaders. In his 2017 best-selling book, LOYAL, he describes his key to leadership: fostering a culture of listening. Through codifying and implementing a business framework of listening, Aaron has built success across the world. [May 20, 2024]
00:00 - Intro 00:20 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:34 - Aaron Painter Intro 04:47 - The Road to Cybersecurity 07:45 - Protecting the Help Desk 10:44 - Fixing the Process 15:17 - The Person Behind the Screen 19:22 - A Matter of Trust 21:55 - Cultural Divide 24:17 - Culture Influencing Security 25:23 - Tips for a New CISO 29:50 - Mentors 32:16 - Book Recommendations - Elon Musk - Walter Isaacson - The Coming Wave - Mustafa Suleyman - Loyal - Aaron Painter 35:02 - Find Aaron Painter online - LinkedIn: linkedin.com/in/aaronpainter - Website: www.getnametag.com 35:45 - Wrap Up & Outro
Direct download: Ep._259_-_Security_Awareness_Series_-_Listen_Up_Social_Engineering_Your_Help_Desk_with_Aaron_Painter.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 15 April 2024
Ep. 255 - Security Awareness Series - Faking Reality: AI Deepfakes and the Future of Truth with Justin and Paul
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Paul Vann and Justin Marciano.
Paul Vann is a seasoned cybersecurity professional, with experience across numerous emerging markets in the field. He has worked at a wide array of cybersecurity and software development startups, helping to ensure a more secure future for all. Paul additionally is passionate about emerging technologies in the space and was recognized as a Top rated Speaker at the RSA Conference in 2023.
Justin Marciano is the Co-Founder and CEO of IdentifAI. Studying economics with a concentration in finance at the University of Virginia, he has navigated his way through the venture capital, blockchain, and payment sectors, aligning his career path with his enthusiasm for emerging technologies. Justin currently works in product management and has previously worked at Stepstone Group as a VC & Growth Analyst. [April 15, 2024]
00:00 - Intro 00:22 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:44 - Paul Vann & Justin Marciano Intro 04:55 - IdentifAI 05:53 - Follow the Trends 06:37 - How Big is This Problem? 09:37 - Deepfakes for Hacking 10:43 - A Real Story 12:38 - Using What's Real 14:11 - Beyond Cat & Mouse 17:02 - AI and the Law 19:29 - Tracing the Source 21:59 - Balancing Act 23:44 - Training or Expanding? 29:35 - An Attempt Was Made 32:04 - Keeping it Real 34:38 - A New Partnership! 35:59 - Find Justin and Paul online - Website: identif-ai.com - LinkedIn: linkedin.com/company/identifai-llc - Justin's LinkedIn: in/justin-marciano32/ - Paul's LinkedIn: in/paul-vann-b996b2120/ 37:13 - Mentors - Justin: - Martin Roche - Paul: - Paul Vann (Father) 39:30 - Book Recommendations - The Hardware Hacking Handbook - Colin O'Flynn and Jasper van Woudenberg - On the Origin of Time - Thomas Hertog - Blink - Malcolm Gladwell 41:37 - Wrap Up & Outro
Direct download: Ep._255_-_Security_Awareness_Series_-_Faking_Reality_AI_Deepfakes_and_the_Future_of_Truth_with_Justin_and_Paul.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 18 March 2024
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris will be talking with Josh Brown and Rachel Jones, both from the Department of Homeland Security. They join us to discuss what Pig Butchering scams are and how we can protect ourselves. [March 18, 2024]
00:00 - Intro 00:18 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:13 - Josh Brown & Rachel Jones Intro 02:52 - Why the Secret Service? 03:44 - Pig Butchering 05:47 - A Global Issue 06:40 - Same Scam, New Method 09:14 - The 12 Steps 13:53 - Pseudo Anonymous 15:13 - Point of Origin 15:38 - Real Money, Fake Return 18:33 - Making it Right! 19:46 - Call Your Local Agent 21:35 - Don't Know, Don't Answer 25:27 - Walk the Dog 27:44 - It Needs to Make Sense 29:58 - What’s Next? 31:25 - Global Concerns 34:30 - Book Recommendations - The Total Money Makeover- Dave Ramsey - Tracers in the Dark - Andy Greenberg 36:34 - Online Links - Website: www.secretservice.gov - Website: www.usajobs.gov - Email: CFTFSC@usss.dhs.gov 37:50 - Wrap Up & Outro
Direct download: Ep._251_-_Security_Awareness_Series_-_Butchering_The_Pig_Butchers_with_Josh_Bown__Rachel_Jones.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 15 January 2024
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by Robert Wood. Mr. Wood is the Chief Information Security Officer (CISO) for the Centers for Medicare and Medicaid Services (CMS). He leads enterprise cyber security, compliance, privacy, and counter intelligence functions at CMS and ensures the Agency complies with secure IT requirements while encouraging innovation. Mr. Wood has over 10 years of experience in information technology, information security and management consulting. Prior to CMS, Mr. Wood has built and managed several security programs in the technology sector. He was also formerly a Principal Consultant for Cigital where he advised enterprises about their software security programs. He also founded and led the red team assessment practice with Cigital, focused on holistic adversarial analysis, helping organizations identify and manage risks from alternative perspectives. Mr. Wood has a B.S. in Information Management & Technology from Syracuse University. [Jan 15, 2024]
00:00 - Intro 00:18 - Ryan Intro 01:03 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 04:28 - Robert Wood Intro 05:35 - A Small Career Jump 10:31 - The Constant Desire to Learn 12:58 - Unique Challenges 16:08 - Measure & Manage 20:01 - Making it Human 23:14 - Executive Power 26:35 - Pushing Up 29:18 - Part of a Team 32:45 - Mentors 35:44 - Book Recommendations - Think Again - Adam Grant - Steal Like An Artist - Austin Kleon 38:29 - Find Robert Wood Online - LinkedIn: linkedin.com/in/holycyberbatman - Website: softsideofcyber.com 39:32 - Wrap Up & Outro - www.innocentlivesfoundation.org TAGS:
Direct download: Ep._243_-_Security_Awareness_Series_-_Be_a_Cultural_Lightning_Rod_with_Robert_Wood.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 18 December 2023
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined once again by Marc Ashworth. Mr. Ashworth is the Senior Vice President and Chief Information Security Officer at First Bank, is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, author and a public speaker. He is a member of the Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. He is a former board officer for the St. Louis InfraGard Alliance. Possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. Mr. Ashworth currently oversees First Bank’s information security, fraud, physical security, and the network services departments. [Dec 18, 2023]
00:00 - Intro 00:22 - Ryan Intro 00:53 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 04:16 - Marc Ashworth Intro 05:51 - Recap 08:26 - Speaking the Same Language 09:36 - The Threats Get Better 11:45 - Clash of the Robots 13:42 - AI for Bad 17:46 - AI for Good 19:32 - Decepticons 22:39 - Regulations: Money Talks 26:48 - The Perfect Storm 30:16 - Insider Threat Safety Tips 33:00 – Mentors 35:17 - Book Recommendations 36:37 - Find Mark Ashworth Online - LinkedIn: linkedin.com/in/marcashworth/ 38:06 - Wrap Up & Outro
Direct download: Ep._239_-_Security_Awareness_Series_-_Protecting_Against_the_Perfect_Storm_with_Marc_Ashworth.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 20 November 2023
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by Stuart Archer. Stuart is a dynamic health care leader with a proven track record of quality improvement, growth and innovation. He began his health care career at the bedside as a nurse’s aide, building within him a laser-like focus on a patient-first care model and building teams guided by empathy and compassion. He took the helm at Oceans Healthcare in 2015 and has since shepherded in a period of unprecedented improvement and growth.
Oceans is now an industry leader, among very few behavioral health providers to implement much-needed quality benchmarking tools like patient depression and anxiety questionnaires and implementing a companywide electronic medical records system.
Oceans has earned numerous awards, including being named one of the Inc. 5000’s fastest-growing companies in America for six consecutive years.
Mr. Archer is an at-large board member of the National Association of Behavioral Healthcare, was named the 2021 D CEO Magazine Outstanding Healthcare Executive and earned the 2018 EY’s Entrepreneur of the Year in Healthcare award for the Southwest region. [Nov 20, 2023]
00:00 - Intro 00:20 - Ryan Intro 00:56 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 04:00 - Stuart Archer Intro - LinkedIn: linkedin.com/in/stuartlarcher/ 06:12 - The Path to Empathy 09:29 - Building a Better Team 13:06 - Corporate Level Introspection 15:15 - Prepare for the Hurricane 18:12 - It Can't Happen To Me 19:38 - Know Your Audience 23:58 - Gone Phishin' 26:18 - Ideal Behavior 31:33 - Advice for an Empathetic Culture 34:09 - Book Recommendations - And There Was Light - Jon Meacham - Raven Rock - Garrett Graff 35:46 – Mentors - Mother 37:07 - Wrap Up & Outro
Direct download: Ep._235_-_Security_Awareness_Series_-_An_Empathetic_Approach_Security_Culture_with_Stuart_Archer.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 16 October 2023
Ep. 187 - Security Awareness Series - A master class in CISO Communications with Marc Ashworth REPLAY (Original Air Date: November 21, 2022)
Marc Ashworth is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, is an author and a public speaker. He is a board member of the St. Louis Chapter of InfraGard, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy, possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. As the Senior Vice President and Chief Information Security Officer at First Bank, Marc currently oversees First Bank’s information security, fraud, physical security, and the network services departments. He is also the 2022 Cyber Defense Magazine winner of “Top 100 CISOs in the World.” [Nov 21st, 2022]
00:00 – Intro 00:49 – Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:15 – Marc Ashworth Intro 05:17 – What was the path that led you to InfoSec? 07:41 – Cultivating good security practices 09:31 – Learning to "scale" your security 11:22 – The value of Strategic Thinking 13:40 – It's all in the presentation 15:25 – The importance of Customer Service 18:32 – The Art of Translation 21:32 – Small Wins 24:34 – Letters to a young CISO 26:20 – Don't avoid Pen Testing! 28:11 – Adopting a "Partnership" mindset 30:30 – Long line of influence 33:40 – Book Recommendations - We Are Legion (We Are Bob) – Dennis E. Taylor - Bad Blood: Secrets and Lies in a Silicon Valley Startup – John Carreyrou - The Goals Program – Zig Ziglar - The 7 Habits of Highly Effective People – Stephen Covey 36:14 – Find Marc Ashworth online - LinkedIn: www.linkedin.com/in/marcashworth/ 38:36 – Wrap Up 38:56 – Outro
Direct download: 1697164226967_Ep._187_-_Security_Awareness_Series_-_A_master_class_in_CISO_Communications_with_Marc_Ashworth.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 18 September 2023
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by Evan Blair. He is the General Manager for Searchlight Cyber, which brings industry leading dark web intelligence & security capabilities to the commercial and government sectors. Mr. Blair, a seasoned international cyber security executive, previously held the role of Chief Revenue Officer at the secure communications & data management firm HighSide, co-founded, led and exited the cyber security & threat intelligence firm ZeroFox and ran Accuvant’s global partner solutions division. He has been a fixture on Capitol Hill, working to advance legislation and funding for Active Duty military and Veterans cyber protection as well as advanced fraud and cyber protections for the American taxpayer. Blending his cybersecurity expertise with a background in international economics, Mr. Blair helps businesses develop and launch value based cyber initiatives addressing both the concerns of the CISO and the CFO. [Sept 18, 2023]
00:00 - Intro 00:18 - Ryan Intro 01:26 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 04:39 - Evan Blair Intro 06:08 - An Opportunity That Couldn't Be Passed On 13:21 - The Dark Web: Why You Should Care 22:35 - Telegraphing the Attack 36:49 - Data for Defense 43:03 - Correlation of Actions 46:57 - Find Evan Blair Online - LinkedIn: linkedin.com/in/evanblair/ - Twitter: twitter.com/EvanLBlair - Website: https://www.slcyber.io/ - Guide Book: The Practitioner’s Guide To The Dark Web 48:34 - Mentors - John Abraham 54:02 - Wrap Up & Outro
Direct download: Ep._227_-_Security_Awareness_Series_-_Having_A_Cyber_Radar_with_Evan_Blair.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 21 August 2023
Ep. 179 - Security Awareness Series - Can You Really Prevent Burnout with Erin Maloney (Original Air Date: Sept 19, 2022)
(Original Air Date: Sept 19, 2022) Today we are joined by Erin Maloney. Erin earned her Bachelor of Science degree in psychology from Saint Joseph’s University in Philadelphia, PA. She then earned her master’s degree in social work from Widener University in Chester, PA. Erin holds a license as a Licensed Clinical Social Worker. Erin has worked in the behavioral and mental health field for over 20 years. Her experience has included: case management, addiction counseling, behavioral specialty work, school based behavioral health services, and private practice. Erin has worked with a wide range of clients from young children to older adults with a variety of mental health needs. Erin is also the Director of Wellness for the Innocent Lives Foundation. She has a strong passion for the mission of the foundation to help protect innocent children.
00:00 - Intro 00:24 - Intro Links - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:54 - Erin Maloney Intro 04:11 - What motivated you to become a mental health expert? 06:58 - Helping the Helpers 09:26 - What is "burnout" and what does it look like? 12:35 - Tired or Exhausted? 13:26 - Where "burnout" can come from 14:12 - Burnout Prevention 15:35 - The Importance of “NO” 19:54 - How to get off the road to "burnout" 21:08 - When open communication isn't there 22:51 - The physical toll is real! 24:58 - What else can we do? (Mixing it up) 27:59 - Resources to help with burnout 31:10 - The "little things" help 32:01 - Is there anyone who helped you get to where you are? 34:35 - Book Recommendations - The Cognitive Behavioral Workbook for Anxiety -William J. Knaus 36:53 - Find Erin Maloney online - LinkedIn: www.linkedin.com/in/erin-maloney-lcsw - Email: erin.m@innocentlivesfoundation.org 37:24 - Wrap Up 37:43 - Outro
Direct download: 1689793853396_Ep._179_-_Security_Awareness_Series_-_Can_You_Really_Prevent_Burnout_with_Erin_Maloney.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 17 July 2023
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and Chris are joined by Ganesh Krishnan, a cybersecurity superhero with over 25 years of experience protecting the digital world from cyber threats. As a two-time founder with a track record of success at some of the world’s top tech companies, he's earned a reputation as a thought leader at the forefront of cybersecurity. Now at the helm of Anzenna, his latest security startup, he's out to revolutionize the industry by making cybersecurity accessible to every employee, not just the security team. [July 17, 2023]
00:00 - Intro 01:01 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 04:13 - Ganesh Krishnan Intro 05:34 - Starting on the Path Towards History 10:57 - The Importance of Trust 14:17 - Breaking into an Establishment 17:37 - Make It Personal 18:58 - Changing Minds 22:05 - Getting the Top on Board 25:03 - Omnidirectional Communication 27:38 - Be Visible 29:48 - Mentors - Wife 31:17 - Book Recommendations - Think Like a Rocket Scientist - Ozan Varol 32:03 - Find Ganesh Krishnan online - LinkedIn: linkedin.com/in/ganeshkrishnanlinkedin/ - Twitter: twitter.com/gkparanoid - Website: https://www.anzenna.ai/ 32:32 - Explaining Anzenna 35:35 - Wrap Up & Outro
Direct download: Ep._219_-_Security_Awareness_Series_-_Involve_Me_and_Ill_Understand_with_Ganesh_Krishnan.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 19 June 2023
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by Jason Rebholz. Jason is the Chief Information Security Officer at Corvus Insurance. He has over a decade of experience performing forensic investigations into sophisticated cyber attacks and helping organizations build secure and resilient environments. As Corvus’s CISO, Jason leverages his incident response, security, and infrastructure expertise to drive security strategy and reduce the risk of security threats internally at Corvus and for Corvus's policyholders. Prior to joining Corvus, Jason held leadership roles at Mandiant, The Crypsis Group, Gigamon, and MOXFIVE [June 19, 2023]
00:00 - Intro 01:03 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 05:04 - Jason Rebholz Intro 05:47 - How did you get to where you are? 11:32 - Eating the Elephant 12:53 - The Gospel of Ryan 15:39 - Back to Basics 16:49 - Finding the Right Alleyway 20:32 - You're Allowed to Change Your Mind 23:14 - The Right Tools for the Job 24:58 - Maximizing ROI 25:54 - The City of No 27:11 - What's Bad MFA? 29:41 - 3-2-1...1 32:52 - Quality Fishing 36:32 - Holistic Security Program 39:07 - Realistic Expectations 41:31 - Mentors 42:58 - Book Recommendations - Atomic Habits – James Clear 45:16 - Wrap Up - LinkedIn: www.linkedin.com/in/jrebholz/ - Youtube: www.youtube.com/@teachmecyber - Website: www.corvusinsurance.com/ 46:07 - Outro
Direct download: Ep._215_-_Security_Awareness_Series_-_Do_You_Live_in_the_City_of_NO_with_Jason_Rebholz.mp3
Category:Security Awareness -- posted at: 12:00am EST |
Mon, 15 May 2023
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by John Young. Like many security experts, John started out on the wrong side of the law by manipulating the AT&T phone system as a teenage phone phreak in New York City before he was scared straight by the FBI. His career started four decades ago in 1982, and by 1987 Young became the network director at McDonnell Douglas's $41.8 billion C-17 program. He eventually retired from IBM after a 30-year career in the corporate cyberwar trenches to launch his own company, CyberDef.
Regarded as one of America's top corporate cybersecurity experts and thought leaders, Young's published dozens of articles, appeared on countless podcasts, and is designing a video course for people based on his book so that they can thrive in cybersecurity. [May 15, 2023]
00:00 - Intro 00:53 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 04:51 - John Young Intro 06:41 - Scared Straight 15:38 - Imposter Syndrome 16:53 - Don't Quit Your Day Job! 22:54 - Integration is Key 28:05 - The Effect of AI on Cyber Security 32:32 - Tips to Stay Ahead 38:17 - Policies, Processes and Procedures 38:37 - Book Recommendations: - Don't Hack! – John Young 43:22 - Find John Young Online - LinkedIn: linkedin.com/in/john-young-4aa083151/ - Website: https://cyberdef.tv 43:55 - Learn to Thrive 46:42 - Wrap Up & Outro
Direct download: Ep._211_-_Security_Awareness_Series_-_From_Phreaker_to_InfoSec_Pro_with_John_Young.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 20 February 2023
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined by Haseeb Awan. Haseeb is the CEO & Founder of Efani Secure Mobile, a company that works with ultra-high-net-worth individuals on their Mobile Security. Previously, he co-founded one of the largest Bitcoin ATM networks. He has been featured on NYT, TechCrunch, Wall Street Journal, Hulu, and several international media outlets. [Feb 20, 2023]
00:00 - Intro 00:50 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:55 - Haseeb Awan Intro 05:23 - What led you from Bitcoin to Sim Swapping? 10:10 - More Than Financial Loss 12:27 - Protecting Something Out of Your Control 14:06 - It's About More than the Price 16:52 - Security vs Convenience 20:00 - Explaining Without Scaring 24:26 - The Importance of Stories 26:15 - Consider It Insurance 28:38 - Will the TelCos Follow Suit? 31:19 - Tips for a More Secure Company 32:33 - Book Recommendations: - Zero to One – Peter Thiel 34:08 - Find Haseeb Awan Online - Twitter: https://twitter.com/haseeb - Twitter: https://twitter.com/efani - LinkedIn: linkedin.com/company/efani/ - YouTube: https://youtube.com/@efani 34:52 - Wrap Up & Outro
Direct download: Ep._199_-_Security_Awareness_Series_-_Bitcoin_and_SIM_Swap_with_Haseeb_Awan.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Fri, 27 January 2023
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I will have a special discussion of the 2023 security landscape. [Jan 27, 2023]
00:00 – Intro 00:27 – Intro Links:
04:25 – Don't Forget Ryan 05:11 – What Are We Talking About: 2023 Edition 05:39 – 2022 Was Rough! 07:09 – Getting Everyone Else Up To Speed 09:24 – Hackers for Hire? 12:58 – Economic Crisis = Rise in Cybercrime 15:10 – Emotional Victimizing 18:08 – Losing the Teachable Moment 20:42 – Ransomware as a Growth Industry 24:20 – MFA for All! 27:15 – There is Hope 28:40 – Make It Personal 30:47 – A Tool is Just a Tool 33:25 – Don't Recycle 34:53 – Make it Hard! 36:29 – Gotta Get it Tailored 37:47 – Trust the Process 39:40 – Wrap Up & Outro
Direct download: Ep._195_-_Security_Awareness_Series_-_Social_Engineering_Forecast_for_2023.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 19 December 2022
Today our guest is Steve Orrin. Steve is a respected IT executive with over 30 years of experience in cybersecurity, solution architecture, virtualization security, and federal project management. Orrin earned a Bachelor's in Honors Research Biology from Kean University. He currently serves as a Federal Chief Technology Officer and Senior PE for Intel Corporation. He is also a key advisor and subject matter expert in the emerging technologies space, providing guidance to the Public Sector, Defense, and Intelligence communities. [Dec 19, 2022]
00:00 – Intro 00:55 – Intro Links:
03:43 – Steve Orrin Intro 04:26 – How did a biologist become a CTO at Intel? 09:10 – The evolution of security attacks 12:22 – Humans are humans 13:18 – Higher-risk targets 13:54 – If I knew then...LISTEN! 15:09 – Speak the language 16:27 – Making limoncello out of lemons 17:36 – Check your ego 19:04 – The prerequisites 21:06 – A Self-fulfilling Prophecy of Awesome Things 22:15 – Perfection is the Enemy of Good 26:06 – Handling failure 28:12 – Culturing opportunities 30:37 – Ninja skills 32:07 – Have you had mentors in your career? 33:42 – Book Recommendations 35:52 – Find Steve Orrin online
37:02 – Wrap Up 37:21 – Outro
Direct download: Ep._191_-_Security_Awareness_Series_-_Getting_Hit_By_a_Bus_with_Steve_Orrin.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 17 October 2022
Today our guest joining us is Kevin Gowen. Kevin serves as Chief Information Security Officer for Synovus and is responsible for information and cyber security, physical security, business continuity, fraud, and financial crimes. He was named Chief Information Security Officer in 2015. Gowen earned Bachelor’s and Master’s degrees in Mechanical Engineering from the Georgia Institute of Technology. He was a recipient of the James H. Blanchard Leadership award and was named Tech Exec Networks’ Information Security Executive of the Year in May 2022. Gowen is an alumnus of Leadership Columbus and serves as a board member of the National Technology Security Coalition along with serving on multiple advisory boards and in industry group leadership roles. [Oct 17th, 2022] 00:00 – Intro 00:56 – Intro Links: 03:55 – Kevin Gowen Intro 05:55 – What made you want to go into InfoSec? 06:56 – Managing Risk with teams of 10,000+ 08:24 – How do you stay in front of the next attack? 10:15 – Top 3 Talking Points to assure the stakeholders 11:27 – How do you educate the customer? 13:04 – The "push" during Cybersecurity Awareness Month 14:23 – That's not Amazon! 15:55 – How are you attracting and retaining talent during this employee drought? 20:23 – Poaching vs Developing 22:46 – Communicating the need for diversity down the ladder 24:25 – Cross-industry and Inter-department hiring 26:24 – If I knew then... 28:41 – Defining our "true" critical assets 30:03 – Be willing to be evaluated 32:32 – Who helped get you to where you are today?
34:47 – Find Kevin Gowen online
35:59 – Book Recommendations
Direct download: Ep._183_-_Security_Awareness_Series_-_I_Promise_You_Thats_Not_Amazon_On_The_Phone_with_Kevin_Gowen.mp3
Category:Security Awareness -- posted at: 5:12am EST |
Mon, 19 September 2022
Today we are joined by Erin Maloney. Erin earned her Bachelor of Science degree in psychology from Saint Joseph’s University in Philadelphia, PA. She then earned her master’s degree in social work from Widener University in Chester, PA. Erin holds a license as a Licensed Clinical Social Worker. Erin has worked in the behavioral and mental health field for over 20 years. Her experience has included: case management, addiction counseling, behavioral specialty work, school based behavioral health services, and private practice. Erin has worked with a wide range of clients from young children to older adults with a variety of mental health needs. Erin is also the Director of Wellness for the Innocent Lives Foundation. She has a strong passion for the mission of the foundation to help protect innocent children. [Sept 19, 2022]
00:00 – Intro 00:24 – Intro Links 02:54 – Erin Maloney Intro 04:11 – What motivated you to become a mental health expert? 06:58 – Helping the Helpers 09:26 – What is "burnout" and what does it look like? 12:35 – Tired or Exhausted? 13:26 – Where "burnout" can come from 14:12 – Burnout Prevention 15:35 – The Importance of “NO” 19:54 – How to get off the road to "burnout" 21:08 – When open communication isn't there 22:51 – The physical toll is real! 24:58 – What else can we do? (Mixing it up) 27:59 – Resources to help with burnout 31:10 – The "little things" help 32:01 – Is there anyone who helped you get to where you are? 34:35 – Book Recommendations
36:53 – Find Erin Maloney online
37:24 – Wrap Up 37:43 – Outro
Direct download: Ep._179_-_Security_Awareness_Series_-_Can_You_Really_Prevent_Burnout_with_Erin_Maloney.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 15 August 2022
Ep. 176 - Security Awareness Series - Bottom Up Context is better than Top Down Control with Nishant Bhajaria
This month, Chris Hadnagy and Ryan MacDougall are joined by Nishant Bhajaria. Nishant is an executive leader and industry-expert in the privacy and security space and currently serves as the Director of Privacy Engineering and Governance at Uber. He plays the critical role connecting engineering, legal, and leadership to ensure data protection for both the user and the business. Prior to Uber, Nishant spearheaded compliance and privacy engineering programs at Google, Netflix and Nike. He has a Master’s Degree in computer science from Arizona State University In addition to speaking extensively in this space, Nishant also teaches courses around privacy, security and career development on LinkedIn Learning. Nishant authored Data Privacy: A Runbook for Engineers - a deep dive into strategies on effectively identifying, communicating and addressing privacy risks using technical strategies. [Aug 15, 2022] 00:00 – Intro 00:20 – Intro Links
02:17 – Nishant Bhajaria Intro 03:33 – How did your career path start? 05:44 – Balancing security and the end-user experience 09:29 – How to introduce security and privacy concepts into a pre-existing infrastructure 13:50 – Balancing technological freedom with security for your family 19:28 – Bridging divisions for the sake of privacy and security 22:09 – Creating better industry standards 26:28 – How to handle your platform becoming weaponized 30:53 – The ethical issue of data use 35:11 – The role of Social Engineering in privacy and security 39:14 – 3 action steps that companies should start doing right now 42:56 – Find Nishant online
44:24 – Book Recommendations
47:13 – Wrap Up 47:41 – Outro
Direct download: Ep._176_-_Security_Awareness_Series_-_Bottom_Up_Context_is_better_than_Top_Down_Control_with_Nishant_Bhakaria.mp3
Category:Security Awareness -- posted at: 5:56pm EST |
Mon, 18 July 2022
This month, Chris Hadnagy and Ryan MacDougall are joined by the Chief Operating Officer of the ILF, Shane McCombs. Shane leads the ILF with more than 25 years of experience in the tech industry, including more than a decade of experience in C-level roles. He led enterprise-wide initiatives within project management, customer relationship management and acquisition, policies and procedures, process improvement, and infrastructure. Shane is also an accomplished public speaker and trainer focused on change management, professionalism, social engineering, and corporate security. In the past, he volunteered for the Autism Hope Alliance and currently donates his time to businesses and non-profits as a trusted advisor. [July 18, 2022] 00:00 – Intro 01:02 – Intro Links 04:41 – Shane McCombs Intro 06:14 – What got you started off in InfoSec? 08:36 – What led you to want to do more in the industry? 10:40 – “Throwing your hat in the ring” 17:31 – Cybersecurity for kids and parents 19:52 – How to "minor" in a "major" topic 22:29 – Age appropriate conversations 25:12 – Additional concerns in the summer months 28:38 – The TRUST Framework 31:40 – The importance of communication 40:16 – The "stats" of ILF 43:50 – Who is your biggest mentor? 45:32 – Book Recommendations 48:44 – Wrap Up 49:29 – Outro
Direct download: Ep._174_-_Security_Awareness_Series_-_Killing_Baby_Dragons_with_Shane_McCombs.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 20 June 2022
This month, Chris Hadnagy and Ryan MacDougall are joined by Ted Harrington. Ted is the author of HACKABLE: How to Do Application Security Right and the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for hacking cars, medical devices, and password managers. Ted has been named both Executive of the Year by the American Business Awards and an SD Metro 40 Under 40 entrepreneur. Ted has been featured in more than 100 media outlets, including The Wall Street Journal, Financial Times, and Forbes. [June 20, 2022] 00:00 – Intro 00:56 – Intro Links
02:32 – Ted Harrington Intro 03:21 – How did you start off in this industry? 06:15 – Explain it like I'm 12 years old 07:59 – The origins of ISE 09:32 – Is there a "perfect" Password Manager? 14:11 – How to communicate at the executive level 16:54 – The right and wrong ways of investing in security 25:17 – Responsible Disclosure 29:04 – The challenges of the Medical Device field 32:39 – The problem with legislation driving security 34:20 – The manufacturers’ role in safety and security 36:00 – Who is the book "Hackable" for? 38:05 – Find Ted online
38:37 – Book Recommendations 41:04 – Who is your biggest mentor?
Direct download: Ep._172_-_Security_Awareness_Series_-_Creating_Psychological_Salt_with_Ted_Harrington.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 16 May 2022
This month, Chris Hadnagy and Ryan MacDougall are joined by Adam Glick. Adam is currently the Chief Information Security Officer for SimpliSafe in Boston, MA. In this position and his previous jobs, Adam has had the responsibility of managing all matters pertaining to information security, risk, policy, and procedures. Adam is currently an adjunct professor at Boston College in the cybersecurity policy & governance program, and an adjunct professor of IT in the MBA program at the School of Business at Providence College. Outside of the office, he is a car and technology enthusiast along with an avid reader, hiker, cyclist, and Brazilian Jiu-Jitsu practitioner. [May 16, 2022] 00:00 – Intro 00:56 – Intro Links
02:52 – Adam Glick Intro 04:05 – How did you get started in Information Security? 05:10 – Applying a background in teaching to InfoSec 06:37 – Developing security programs for different environments 08:14 – Getting people to think about security 09:32 – Microtraining: Updating the way that we train for security 12:10 – The importance of security in our Professional and Personal lives 14:28 – Customizing security training for large companies 15:29 – Approaching security from a Top-Down perspective 17:20 – Getting top management to support security training 20:55 – Action steps for companies to focus on
23:22 – How can companies assess their own risk? 26:55 – Internal interviews to build security protocols 28:47 – Jiu Jitsu Security??? 29:58 – How to contact Adam online
31:19 – Who are your greatest mentors? 33:17 – Book Recommendations 36:33 – Wrap Up 37:32 – Outro
Direct download: Ep._170_-_Security_Awareness_Series_-_Rapport_is_the_key_to_security_with_Adam_Glick.mp3
Category:Security Awareness -- posted at: 1:21am EST |
Mon, 18 April 2022
Ep. 168 - Security Awareness Series - Lessons Learned From the Attacks on Ukraine with Patrick Laverty
This month, Chris Hadnagy and Ryan MacDougall are joined by Patrick Laverty. Patrick is the Senior Team Lead at Social Engineer, LLC, working with an incredible team of professional social engineers. He was previously a senior penetration tester at Rapid7 and a member of the CSIRT at Akamai. He is a co-organizer of the Layer 8 Conference and is the host of the Layer 8 Podcast on social engineering and OSINT. He lives in Rhode Island with his daughter, dog and two cats. [April 18, 2022] 00:00 – Intro 00:50 – Patrick Laverty intro 02:19 – Intro Links 04:38 – Security Awareness in the world today 05:25 – Malicious Domain Registrations 06:58 – Protecting yourself from false domains 11:24 – CISA Alert / Shields Up 12:36 – Lowering Reporting Thresholds 13:33 – Empowering Security Information Officers 16:50 – Tabletop Exercises 19:20 – Planning for Continuity 21:09 – Beyond the Financial Effects of Ransomware 24:29 – Trying to protect the Healthcare Sector 25:27 – Backup & Recovery Process 28:38 – The source of Ransomware 30:03 – Planning for a Ransomware attack 31:51 – Why your site will be attacked 33:41 – 3 Actionable Tips 35:30 – Book Recommendations 38:20 – Wrap Up 39:18 – Outro
Direct download: Ep._168_-_Security_Awareness_Series_-_Lessons_Learned_From_the_Attacks_on_Ukraine_with_Patrick_Laverty.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 21 February 2022
Ep. 164 - Security Awareness Series - Metrics and Empathy the Answer To Cyber Breaches with Kate Mullin
This month Chris Hadnagy and Ryan MacDougall are joined by Kathleen (Kate) Mullin. Kate is an influential information security practitioner with over 30 years of experience. Kate currently is CISO with Cancer Treatment Centers of America. Kate has been CISO at various organizations including start-ups, publicly traded, private equity, not-for-profit, and governmental entities. Throughout her career, Kate has volunteered and participated in maturing information security as a profession. She volunteers with ISC(2) and ISACA and has been a member of the ISACA CGEIT Certification and Credentials Committee and a chapter president. Kate serves as a featured international speaker and panelist. She has a BSBA from St Joseph’s College and an MBA from Florida Metropolitan University. Kate is also certified as a Master Level Social Engineer. [February 21, 2022] 00:00 – Intro 03:09 – Kathleen Mullin intro 04:25 – How did you get started in Information Security? 06:39 – What are some indicators that tells you something is ineffective? 10:21 – Do you think the “cookie cutter” type of training is a reflection on the security awareness team itself? 12:16 – How can you offer the more personalized training to a company that is spread out all over the U.S. or the globe? 16:31 – Is having someone in this position who is focused on the people and the results the way to go about having the program be successful? 18:09 – What are your major security concerns being in the healthcare industry, and how are you dealing with those? 21:08 – We are seeing SMishing attacks becoming more prevalent in general. Are you seeing that happening in your industry? 22:47 – Caring about employees’ security outside of work as well 23:35 – What are some action steps that any company can start doing right now?
26:11 – Demoralizing phishing techniques 28:15 – Book Recommendations:
30:13 – Who would you consider your greatest mentor?
34:27 – Finding Kate on the web: 35:17 – Guest Wrap Up 36:00 – Outro
Direct download: Ep._164_-_Security_Awareness_Series_-_Metrics_and_Empathy_the_Answer_To_Cyber_Breaches_with_Kate_Mullin.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 17 January 2022
This month Chris Hadnagy and Ryan MacDougall are joined by John Strand from Black Hills Information Security. John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is a coveted speaker and much-loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks. He enjoys mountain biking, getting hurt mountain biking, sucking at surfing, and heavy music. January 17th 2022 00:00 – Intro
02:40 – John Strand Info 03:31 - ILF 04:51 - Ryan intro 06:30 – Chat about Chris getting his company started 08:21 - How did you get started with your own company? 12:17 - Cows 14:56 – The idea of travel and never seeing your family 15:57 - What was the point where you started to feel “this company is going to work” 18:35 – Creating company loyalty 22:06 - “Pay What You Can” training 30:22 – More on how the pandemic changed workflow 34:03 – More on pay-what-you-can training – management of 5,000 people 41:41 – How can someone take action right now? 44:59 – Favorite Books
47:55 – Who is your biggest mentor 51:34 – Guest Wrap-Up 52:30 - Outro
Direct download: Ep._162_-_Security_Awareness_Series_-_What_Cows_Can_Teach_You_About_Infosec_with_John_Strand.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 20 December 2021
This month, Chris Hadnagy and Ryan MacDougall are joined by Adam Levin. Adam is a nationally recognized expert on cybersecurity, privacy, identity theft, fraud, and personal finance and has distinguished himself as a fierce consumer advocate for the past 50 years. Adam is the former Director of the New Jersey Division of Consumer Affairs, and currently is the founder of CyberScout and co-founder of Credit.com. He is also author of the critically acclaimed book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. Adam is also the host of the podcast What the Hack with Adam Levin, where they talk to fascinating people about the most terrifying things that ever happened to them in cyberspace. December 20, 2021 00:00 – Intro
03:26 - Adam Levin Intro 04:37 – How did you get started in the industry? 07:42 – What has the shift been like in the types of attacks from the 90s until now? 09:53 – How does the recent Robinhood breach tie into what we’re discussing? 12:00 – What should people be focusing on when they hear stories like this? 14:28 – Do these simplistic solutions really work? 18:45 – What type of advice would you give to companies that have public facing employees? 20:22 – You said something interesting earlier, “the company has to deal with it empathetically”. What does that mean to you? 24:51 – Empathy, continued 30:22 – What do you see coming in the near future, what types of scams will become popular? 33:53 – What are some things people can look out for to avoid scams? 38:20 – Do you find that catastrophe and the emotional factor is used to get people to fall for scams? 41:39 – Finding Adam on the web: 42:57 – What are some action steps corporations can take to protect themselves? 45:13 – Who is your greatest mentor?
47:40 – Book Recommendations
49:16 – Outro
Direct download: Ep._160_-_Security_Awareness_Series_-_Go_To_The_Source_So_Theres_No_Remorse_with_Adam_Levin.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 15 November 2021
This month, Chris Hadnagy and Ryan MacDougall are joined by Paul Asadoorian. Paul is the founder of Security Weekly, a security podcast network. Paul spends time “in the trenches” coding in Python, testing security products and evaluating and implementing open-source software. Paul's career began by implementing security programs for a lottery company and then a large university. As Product Evangelist for Tenable Network Security, Paul also built a library of materials on the topic of vulnerability management. When not hacking IoT devices, web applications or Linux, Paul can be found researching his next set of headphones, devices for smoking meat, and e-bikes. November 15, 2021. 00:00 – Intro 03:34 – Paul Asadoorian Intro 05:08 – How did you get started in infosec? 13:19 – When did you decide you were going to start a podcast? 24:26 – What have you learned from the guests you’ve had on your podcasts over all of these years? 27:00 – What is your perspective on the shifting of hacking culture in the community? 34:53 – What are the best qualities someone could have to be attractive to a potential employer in this industry? 37:14 – How do we get the younger generation to have the qualities we are not seeing? 41:38 – Who is your greatest mentor?
46:00 – Book Recommendations 51:00 – Guest Wrap Up 53:31 – Outro
Direct download: Ep._158_-_Security_Awareness_Series_-_Dont_Act_Old_And_Other_Advice_with_Paul_Asadoorian.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 18 October 2021
This month Chris Hadnagy and Ryan MacDougall are joined by Les Correia, who leads the evangelization of Estee Lauders Application Security. In his position Les wears many hats, but they are all worn with the mission of protecting Estee Lauders critical assets from the risk of a security breach. Prior to this, Les held Senior and Advisory roles providing thought leadership at companies such as AT&T and Lucent. Les also holds an MSc in Cyber Security as well as an exhaustive list of certifications. In his free time, Les pilots small aircraft and drives racecars. October 18, 2021 00:00 – Intro Human Behavior Conference – website coming soon 05:10 – Les Correia Intro 09:15 – How did you get into this industry? 12:05 – How are you trying to be proactive in stopping breaches? 14:00 – How important has top level support been? 15:03 – How do you get other business units to give you time for what you’re doing? 16:30 – Understanding the business like a business consultant helps them know you care about that business unit 20:19 Whisky 24:08 – What kind of attacks have you seen in the wild that people need to be aware of? 26:10 – How do we get people that may not think they can be a victim to understand these threats can still be against them? 27:55 – Being a worldwide company, how do you translate your security processes through all those different cultures? 32:01 – How important is it to have hobbies outside of your work? 34:41 – How do you help your team deal with burnout when you have so much work on your plate? 37:56 – Has there anyone you could consider your greatest mentor? Dr. Tafar INS (International Network Services) Dr. Patarsh 42:20 – Reaching Les on social media: QvittlbBgZseL100xP0S 43:12 – Outro
Direct download: Ep._156_-_Security_Awareness_Seriees_-_Are_You_Speaking_My_Language_with_Les_Correia.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 20 September 2021
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Ed Skoudis. Ed is a SANS Institute Fellow, Instructor, and Director of Cyber Ranges. He is the founder of Counter Hack, an innovative cyber security company that works as trusted information security advisors to government, military, and commercial enterprises by providing in-depth security architecture, penetration testing, red teaming, incident response, and digital forensics expertise. Ed frequently presents industry keynotes based on the latest attack vectors he identifies during his team’s penetration testing projects, expert witness work on large-scale breaches, security research into late-breaking malware and exploits, and incident response engagements. Over his career, Ed has taught over 20,000 students in computer incident response and penetration testing. Ed and his team are also the creators of the SANS Holiday Hack Challenge, a free gift to the community every December challenging tens of thousands of people to build their cyber security skills in a fun, quirky adventure to save the holiday season. September 20, 2021 00:00 – Intro 03:26 – Ed Skoudis Intro 05:26 – How did you get started, how did you get into this field? 09:18 – What do you looking for when building your team? 10:47 – How long will you observe a person to determine if they have the integrity or skill that you want? 12:44 – What advice would you give for companies to find people with the skill and integrity they need more quickly than observing them for 2-4 years? 22:00 – “Nothing new” in social engineering vs infosec, which is constantly changing 23:45 – Why do you feel experience like participating in CTF’s are so valuable for people in this community? 28:57 – What is your advice for people on how to find quality CTF’s? 32:04 – How long does it take your team to construct these challenges? 35:54 – If someone wants to sponsor this event, where can they go? 36:42 – Who are the colleagues or mentors that have been most influential to you, people you wouldn’t be where you are today if not for them? Ed’s Nana – Evelyn Hiddings Manager at Bellcore - Miriam Hernandez Cagle SANS instructor, founder of In Guardians - Mike Poor Security Expert - Johnny Long SANS founder – Alan Paller 40:30 – What are some action steps corporations should start doing right now based on the advice you gave today to build a great team? Have a good corporate culture and leadership Be thoughtful and meaningful, make it fun, and challenge them Take input from your team and empower them 43:09 – Do you have any advice for employees dealing with burnout, how to practice self-care, or other coping mechanisms? Monthly meeting with state of the business, business reflections Rituals – Get a bagel and call mom on Saturdays, morning walk, calling friends out of the blue Gratefulness – when stressed, pause and think about what you’re grateful for Get off social media for a few days 50:27 – Book Recommendation 51:53 – Outro
Direct download: Ep._154_-_Security_Awareness_Series_-_Whispering_Sweet_Security_Nothings_with_Ed_Skoudis.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 16 August 2021
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Bernie Acre. Bernie is the Chief Information Officer for the City of Bryan, TX where he’s responsible for all technology and communications systems, including the Fire, Police, Public Works, the municipal electric utility, and a myriad of general support organizations. Bernie is currently an appointed Member of the Texas Cybersecurity Council. Bernie has a combined 41-years of experience in information technology; including 20+ in the US Air Force and 21 years in the electric utility industry and municipal government. August 16, 2021 00:00 – Intro 03:34 – Bernie Acre Intro 04:43 – How did your transition into this position take place? 08:18 – What makes you proud of the culture that you created around employee awareness? 12:25 – How do you get all senior management on board? 14:24 – What did it take to find the people to make such a great team? 15:35 – What were you looking for in these people 17:15 – Setting the bar 19:15 – Team Advocate vs. Adversary 23:59 – Was your senior management always on board with being part of the testing? 27:06 – So the third hour of their required training is something the employees choose? 27:54 – Have you always had the philosophy that the security training you do at work should become personal? 29:21 – What are three things you would tell someone beginning in the field to focus on? 32:51 – Taking the time to grow 34:49 – What do you do to help combat burn out? How about promoting self-care? 37:31 – What lacks the most sometimes in an organization is communication 37:43 – Who in this industry do you respect the most?
40:13 – Book Recommendations 43:55 – What got you so heavily into history? 44:38 – Finding Bernie on the internet: 47:04 – Outro Thanks to Bernie
Direct download: Ep._152_-_Security_Awareness_Series_-_Sharing_With_Your_Frenemies_with_Bernie_Acre.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Mon, 19 July 2021
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Michael Fortune. Michael is the Security Behaviours Team Manager for British Telecom (BT) UK. Michael has been with BT for an amazing 22 years, where he is currently BT’s expert on security behavior, insider threat behavior, and social engineering, and helps guides the business around these risks. With over 160 thousand employees across the globe in his charge, Michael helps run a team of experts who support and drive security programs for the company. July 19, 2021 00:00 – Intro 03:37 – Michael Fortune Intro 05:22 – Michael’s Path – how has your background in psychology helped with cyber and information security? 06:10 – Have you been able to use psychological principles in eduction? 07:27 – How do you keep education engaging for 160,000 people? 10:07 – Top down approach 12:51 – You are essentially performing an SE gig in order to get an SE gig 14:03 – What’s your rule set? 15:59 – Senior Management Buy In – people are afraid of doing that so they don’t do it. How do you approach that? 19:08 – Where is the ethical line in using social engineering to get buy-in? 21:21 – Explaining to upper management the repercussions of not doing this training 22:52 – Were your CISO and Director of Protections always on board or did you have to convince them? 25:56 – What have you learned from your hundreds of thousands of SMishing attacks under your belt? 29:18 – Advice about getting buy-in from the top down can work for any sized company 30:30 – When you talk about personalizing the sessions that you do, do you personalize to the department, or 33:05 – Following through with a good program 36:24 – The idea is to get people to do it 36:38 – What colleagues do you respect most in the industry?
39:22 – What are some action steps that corporations should start doing right now? 42:00 – Experience is everything 44:48 – You need patience, because human being is different and complex 45:13 – Michael Fortune on the internet: Michael.2.Fortune@bt.com
Direct download: Ep._150_-_Security_Awareness_Series_-_Getting_Senior_Management_Buy-In_With_Michael_Fortune.mp3
Category:Security Awareness -- posted at: 2:00am EST |
Wed, 16 June 2021
Ep. 148 - Security Awareness Series - Three Degrees of Separation from Neil Fallon with Rockie Brockway
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Rockie Brockway. Rockie is currently the Practice Lead for the Office of the CSO for TrustedSec. With over 28 years' experience in information security and business risk, Rockie specializes in Business Risk Analysis and the inherent relationships between data, assets, adversaries, and the organization’s brand value. He provides strategic and tactical advisory services to TrustedSec’s clients, assisting them in maturing their organizations’ security programs. 00:00 – Intro Breaking Security Awareness Virtual Conference by Living Security – Chris will appear June 24 03:35 – Rockie Brockway Intro 07:25 – A little about Rockie’s background and how he got started in the industry 10:35 – Rockie's feelings on the past 29 years, from the first virus he saw vs what we see now 12:35 – Rockie was in a math rock band called Craw, Rockie played shows with CLUTCH!!! 17:15 – What should I have or learn to get a job in a company like yours? 21:52 – How do you take curious and knowledgeable people’s knowledge and bridge that gap between them and the decision makers? 23:43 – How can young people get the qualities you suggest? 25:20 – Never be afraid of failure 27:45 – How important is top-down leadership support, or what are the most important aspects of doing your job? 31:25 – Are there more or less “future thinking” proactive security concerns than there were years ago? 36:02 – What level of organizations are bringing you in for your assistance? 37:28 – Action steps for corporations to start doing now Outro 40:42 – Colleagues you respect most in the industry
42:45 – Book recommendations
44:33 – How to contact Rockie
Direct download: Ep._148_-_Security_Awareness_Series_-_Three_Degrees_of_Separation_from_Neil_Fallon_with_Rockie_Brockway.mp3
Category:Security Awareness -- posted at: 1:19pm EST |
Mon, 17 May 2021
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Jason Frank. Jason has an extensive background in helping both government and Fortune 100 organizations, and has served a course instructor for the Black Hat security conference. Jason is now currently the COO at SpecterOps, where he is accountable for execution of the company. He oversees the Adversary Simulation and Detection delivery capabilities, where he helps clients to understand, detect, and respond to adversaries. May 17, 2021
00:00 – Intro 03:05 – Podcast Guest Jason Frank Intro 03:22 – Jason at BlackHat 03:30 - SpecterOps 04:34 – How Jason got to where he is 08:50 – Curiousity and motivation born from failing at a CTF 09:50 – Adversary Simulation – why is Jason using this phrase? 12:32 – Where are we in the current security culture? 16:11 – How to get attention of stakeholders, what concepts do you put in play? 18:03 – Reactive vs. Proactive 21:56 – How can corporations prepare for and mitigate attacks? 23:39 – What are the business repercussions of not letting machines talk to each other, and only the server? 25:45 – What are the more recent attacks you’ve seen coming up that people should be looking for? 28:14 – Knowledge bombs – terminology that people can look up to recognize “low hanging fruit” they may be missing – Bloodhound 30:00 – Cycles where certain things can be exploited such as ActiveDirectory 30:50 – What other things do companies need to be watching for 32:14 – PowerShell 33:44 – What are some action steps that corporations should start taking right now? 34:51 – Colleagues Jason respects most in the industry
36:50 – Jason's Book Recommendations 38:31 – Wrap-Up @joemontmania on Twitter (Ryan MacDougall) @HumanHacker on Twitter (Chris Hadnagy) @InnocentOrg on Twitter (Innocent Lives Foundation)
Direct download: Ep._146_-_Demand_Transparency_with_a_blue_shirt_with_Jason_Frank.mp3
Category:Security Awareness -- posted at: 8:47am EST |
Mon, 15 March 2021
In this episode of the SECurity Awareness Series of the SEPodcast, Chris Hadnagy and Ryan MacDougall are joined by Brian Phillips who is responsible for information security at Macy’s. Listen as they discuss how to: build an information security organization, hire the right people, and get buy-in from executives. March 15, 2021
00:09 – Intro 01:54 – Introduction to Brian Phillips 02:44 – Security in a retail environment and impacts from the pandemic 07:25 - How to build an information security organization from the ground up 10:14 – Changing an organization's mindset for better security 14:20 – The most desirable quality in a team member, and how to recognize it in an interview 18:21 – How to nurture an outsider into a security professional 22:48 - How to align corporate security initiatives with business goals 26:38 – The importance of buy-in from the C-level down, and how to get it. 38:13 – Key takeaways that corporations should start doing now 40:17 – Brian’s most respected colleagues 42:14 – Brian's book recommendations Robin Dreke's Books: Joe Navarro’s Books:
44:03 – Conclusion
Direct download: Ep._142__You_Can_Be_Right_and_Still_Be_Wrong_with_Brian_Phillips.mp3
Category:Security Awareness -- posted at: 2:09am EST |
Mon, 15 February 2021
In this episode, Chris Hadnagy and Ryan MacDougall are joined by industry professional, Julie Rinehart. Julie has spent the last 10 years building and enhancing Fortune 500 enterprise Security Awareness programs. Listen as they discuss using empathy to improve security awareness and the flaws in the “stupid user” philosophy.
00:10 – Intro 01:56 – Introduction to Julie Rinehart 02:28 – How Julie got into the industry 06:21 – Dismantling the “stupid user” philosophy 07:53 – How to interview your employer 10:34 – The biggest milestones in Julie’s career 14:31 – How you can encourage users to report the phish they clicked on 19:22– What we can learn from “people who try to do the right thing and then mess up” 25:25 – The benefits of making security personal 28:34 – Julie's biggest challenges in the industry 30:28 – Increase security awareness using gamification 35:13 – Julie's mentors and most respected colleagues 38:54 - Julie’s podcast recommendations 43:52 – Outro
Direct download: Ep._140__Empathetic_Security_with_Julie_Rinehart.mp3
Category:Security Awareness -- posted at: 1:00am EST |
Mon, 18 January 2021
In this episode, Chris Hadnagy and Ryan MacDougall are joined by industry professional, Marcus Sailler to discuss his experience as the red team information security manager at Capital Group. Marcus shares some great tips on creating a successful security team and how you can prevent it from becoming the "No Police". They also go over the recent changes in the industry, including how big hacks have increased security awareness in the general public.
00:09 – Introduction to the new Security Awareness Series 01:28 – Introduction to Ryan MacDougall 02:32 – Introduction to Marcus Sailler 04:20 – How Marcus got into information security 06:08 – Recent changes in the infosec industry- How a big hack increases security awareness 12:09 – How a red team and security awareness team can collaborate to enhance security 14:25 – Introduction to Capital Group 16:17 – Coming up with relevant attacks for a global company 18:08 – How a security team can avoid becoming the “No Police” 21:39 – Why it’s better to build a blue team first 22:24 – The importance of attitude and ego for a red teamer 25:04 – How a red team benefits from partnership 26:53 – Emulate the bad guy, but remember to be good 29:18 – Steps corporations should implement now 30:58 – Some of Marcus’ most respected industry professionals 34:47 – Marcus' book recommendations 39:18 – Marcus' contact info 14:38 – Outro
Direct download: Ep._138__Security_With_Marcus_Sailer_of_Capital_Group.mp3
Category:Security Awareness -- posted at: 1:00am EST |