The Social-Engineer Podcast (Security Awareness )

Today our guest joining us is Kevin Gowen. Kevin serves as Chief Information Security Officer for Synovus and is responsible for information and cyber security, physical security, business continuity, fraud, and financial crimes. He was named Chief Information Security Officer in 2015. Gowen earned Bachelor’s and Master’s degrees in Mechanical Engineering from the Georgia Institute of Technology. He was a recipient of the James H. Blanchard Leadership award and was named Tech Exec Networks’ Information Security Executive of the Year in May 2022. Gowen is an alumnus of Leadership Columbus and serves as a board member of the National Technology Security Coalition along with serving on multiple advisory boards and in industry group leadership roles. [Oct 17th, 2022] 

00:00 – Intro 

00:56 – Intro Links: 

03:55 – Kevin Gowen Intro 

05:55 – What made you want to go into InfoSec? 

06:56 – Managing Risk with teams of 10,000+ 

08:24 – How do you stay in front of the next attack? 

10:15 – Top 3 Talking Points to assure the stakeholders 

11:27 – How do you educate the customer? 

13:04 – The "push" during Cybersecurity Awareness Month 

14:23 – That's not Amazon! 

15:55 – How are you attracting and retaining talent during this employee drought? 

20:23 – Poaching vs Developing 

22:46 – Communicating the need for diversity down the ladder 

24:25 – Cross-industry and Inter-department hiring 

26:24 – If I knew then... 

28:41 – Defining our "true" critical assets 

30:03 – Be willing to be evaluated 

32:32 – Who helped get you to where you are today? 

34:47 – Find Kevin Gowen online 

39:28 – Wrap Up  

40:13 – Outro 


Today we are joined by Erin Maloney. Erin earned her Bachelor of Science degree in psychology from Saint Joseph’s University in Philadelphia, PA. She then earned her master’s degree in social work from Widener University in Chester, PA. Erin holds a license as a Licensed Clinical Social Worker. Erin has worked in the behavioral and mental health field for over 20 years. Her experience has included: case management, addiction counseling, behavioral specialty work, school based behavioral health services, and private practice. Erin has worked with a wide range of clients from young children to older adults with a variety of mental health needs.  

Erin is also the Director of Wellness for the Innocent Lives Foundation. She has a strong passion for the mission of the foundation to help protect innocent children.  [Sept 19, 2022] 

 

00:00 – Intro 

00:24 – Intro Links 

02:54 – Erin Maloney Intro 

04:11 – What motivated you to become a mental health expert? 

06:58 – Helping the Helpers 

09:26 – What is "burnout" and what does it look like? 

12:35 – Tired or Exhausted? 

13:26 – Where "burnout" can come from 

14:12 – Burnout Prevention 

15:35 – The Importance of “NO” 

19:54 – How to get off the road to "burnout" 

21:08 – When open communication isn't there 

22:51 – The physical toll is real! 

24:58 – What else can we do? (Mixing it up) 

27:59 – Resources to help with burnout 

31:10 – The "little things" help 

32:01 – Is there anyone who helped you get to where you are? 

34:35 – Book Recommendations 

36:53 – Find Erin Maloney online 

37:24 – Wrap Up  

37:43 – Outro 


This month, Chris Hadnagy and Ryan MacDougall are joined by Nishant Bhajaria. Nishant is an executive leader and industry-expert in the privacy and security space and currently serves as the Director of Privacy Engineering and Governance at Uber. 

He plays the critical role connecting engineering, legal, and leadership to ensure data protection for both the user and the business. Prior to Uber, Nishant spearheaded compliance and privacy engineering programs at Google, Netflix and Nike. He has a Master’s Degree in computer science from Arizona State University 

In addition to speaking extensively in this space, Nishant also teaches courses around privacy, security and career development on LinkedIn Learning. Nishant authored Data Privacy: A Runbook for Engineers - a deep dive into strategies on effectively identifying, communicating and addressing privacy risks using technical strategies. [Aug 15, 2022] 

00:00 – Intro 

00:20 – Intro Links 

02:17 – Nishant Bhajaria Intro 

03:33 – How did your career path start? 

05:44 – Balancing security and the end-user experience 

09:29 – How to introduce security and privacy concepts into a pre-existing infrastructure 

13:50 – Balancing technological freedom with security for your family 

19:28 – Bridging divisions for the sake of privacy and security 

22:09 – Creating better industry standards 

26:28 – How to handle your platform becoming weaponized 

30:53 – The ethical issue of data use 

35:11 – The role of Social Engineering in privacy and security 

39:14 – 3 action steps that companies should start doing right now 

42:56 – Find Nishant online 

44:24 – Book Recommendations 

47:13 – Wrap Up  

47:41 – Outro 


This month, Chris Hadnagy and Ryan MacDougall are joined by the Chief Operating Officer of the ILF, Shane McCombs.  

Shane leads the ILF with more than 25 years of experience in the tech industry, including more than a decade of experience in C-level roles. He led enterprise-wide initiatives within project management, customer relationship management and acquisition, policies and procedures, process improvement, and infrastructure. Shane is also an accomplished public speaker and trainer focused on change management, professionalism, social engineering, and corporate security. In the past, he volunteered for the Autism Hope Alliance and currently donates his time to businesses and non-profits as a trusted advisor. [July 18, 2022]  

00:00 – Intro 

01:02 – Intro Links 

04:41 – Shane McCombs Intro 

06:14 – What got you started off in InfoSec? 

08:36 – What led you to want to do more in the industry? 

10:40 – “Throwing your hat in the ring” 

17:31 – Cybersecurity for kids and parents 

19:52 – How to "minor" in a "major" topic 

22:29 – Age appropriate conversations 

25:12 – Additional concerns in the summer months 

28:38 – The TRUST Framework 

31:40 – The importance of communication 

40:16 – The "stats" of ILF 

43:50 – Who is your biggest mentor?  
- his wife  

45:32 – Book Recommendations 


This month, Chris Hadnagy and Ryan MacDougall are joined by Ted Harrington. Ted is the author of HACKABLE: How to Do Application Security Right and the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for hacking cars, medical devices, and password managers. Ted has been named both Executive of the Year by the American Business Awards and an SD Metro 40 Under 40 entrepreneur. Ted has been featured in more than 100 media outlets, including The Wall Street Journal, Financial Times, and Forbes. [June 20, 2022] 

00:00 – Intro 

00:56 – Intro Links 

02:32 – Ted Harrington Intro 

03:21 – How did you start off in this industry? 

06:15 – Explain it like I'm 12 years old 

07:59 – The origins of ISE  

09:32 – Is there a "perfect" Password Manager? 

14:11 – How to communicate at the executive level 

16:54 – The right and wrong ways of investing in security 

25:17 – Responsible Disclosure 

29:04 – The challenges of the Medical Device field 

32:39 – The problem with legislation driving security  

34:20 – The manufacturers’ role in safety and security  

36:00 – Who is the book "Hackable" for? 

38:05 – Find Ted online 

38:37 – Book Recommendations 

41:04 – Who is your biggest mentor? 

45:35 – Wrap Up  

46:17 – Outro 


This month, Chris Hadnagy and Ryan MacDougall are joined by Adam Glick. Adam is currently the Chief Information Security Officer for SimpliSafe in Boston, MA. In this position and his previous jobs, Adam has had the responsibility of managing all matters pertaining to information security, risk, policy, and procedures. Adam is currently an adjunct professor at Boston College in the cybersecurity policy & governance program, and an adjunct professor of IT in the MBA program at the School of Business at Providence College. Outside of the office, he is a car and technology enthusiast along with an avid reader, hiker, cyclist, and Brazilian Jiu-Jitsu practitioner.  

[May 16, 2022] 

00:00 – Intro 

00:56 – Intro Links 

02:52 – Adam Glick Intro 

04:05 – How did you get started in Information Security? 

05:10 – Applying a background in teaching to InfoSec 

06:37 – Developing security programs for different environments 

08:14 – Getting people to think about security 

09:32 – Microtraining: Updating the way that we train for security 

12:10 – The importance of security in our Professional and Personal lives 

14:28 – Customizing security training for large companies 

15:29 – Approaching security from a Top-Down perspective 

17:20 – Getting top management to support security training 

20:55 – Action steps for companies to focus on 

  • Cyber Hygiene 
  • Risk Based Methodology 

23:22 – How can companies assess their own risk? 

26:55 – Internal interviews to build security protocols 

28:47 – Jiu Jitsu Security??? 

29:58 – How to contact Adam online 

31:19 – Who are your greatest mentors? 


This month, Chris Hadnagy and Ryan MacDougall are joined by Patrick Laverty. Patrick is the Senior Team Lead at Social Engineer, LLC, working with an incredible team of professional social engineers. He was previously a senior penetration tester at Rapid7 and a member of the CSIRT at Akamai. He is a co-organizer of the Layer 8 Conference and is the host of the Layer 8 Podcast on social engineering and OSINT. He lives in Rhode Island with his daughter, dog and two cats. [April 18, 2022] 

00:00 – Intro 

00:50 – Patrick Laverty intro 

02:19 – Intro Links 

04:38 – Security Awareness in the world today 

05:25 – Malicious Domain Registrations 

06:58 – Protecting yourself from false domains 

11:24 – CISA Alert / Shields Up 

12:36 – Lowering Reporting Thresholds 

13:33 – Empowering Security Information Officers 

16:50 – Tabletop Exercises 

19:20 – Planning for Continuity 

21:09 – Beyond the Financial Effects of Ransomware 

24:29 – Trying to protect the Healthcare Sector 

25:27 – Backup & Recovery Process 

28:38 – The source of Ransomware 

30:03 – Planning for a Ransomware attack 

31:51 – Why your site will be attacked 

33:41 – 3 Actionable Tips 

35:30 – Book Recommendations 

38:20 – Wrap Up  

39:18 – Outro 


This month Chris Hadnagy and Ryan MacDougall are joined by Kathleen (Kate) Mullin. Kate is an influential information security practitioner with over 30 years of experience. Kate currently is CISO with Cancer Treatment Centers of America.  Kate has been CISO at various organizations including start-ups, publicly traded, private equity, not-for-profit, and governmental entities. Throughout her career, Kate has volunteered and participated in maturing information security as a profession. She volunteers with ISC(2) and ISACA and has been a member of the ISACA CGEIT Certification and Credentials Committee and a chapter president. Kate serves as a featured international speaker and panelist. She has a BSBA from St Joseph’s College and an MBA from Florida Metropolitan University. Kate is also certified as a Master Level Social Engineer. [February 21, 2022] 

00:00 – Intro 

03:09 – Kathleen Mullin intro 

04:25 – How did you get started in Information Security? 

06:39 – What are some indicators that tells you something is ineffective? 

10:21 – Do you think the “cookie cutter” type of training is a reflection on the security awareness team itself? 

12:16 – How can you offer the more personalized training to a company that is spread out all over the U.S. or the globe? 

16:31 – Is having someone in this position who is focused on the people and the results the way to go about having the program be successful? 

18:09 – What are your major security concerns being in the healthcare industry, and how are you dealing with those? 

21:08 – We are seeing SMishing attacks becoming more prevalent in general. Are you seeing that happening in your industry? 

22:47 – Caring about employees’ security outside of work as well 

23:35 – What are some action steps that any company can start doing right now? 

  • Have metrics and measure training effectiveness 
  • Humanize your training 
  • Incremental steps 
  • Care about your users for real 

26:11 – Demoralizing phishing techniques 

28:15 – Book Recommendations: 

30:13 – Who would you consider your greatest mentor? 

34:27 – Finding Kate on the web: 

35:17 – Guest Wrap Up 

36:00 – Outro 


This month Chris Hadnagy and Ryan MacDougall are joined by John Strand from Black Hills Information Security. John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much-loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.  He enjoys mountain biking, getting hurt mountain biking, sucking at surfing, and heavy music. January 17th 2022 

00:00 – Intro 

 

02:40 – John Strand Info 

03:31 - ILF 

04:51 - Ryan intro 

06:30 – Chat about Chris getting his company started 

08:21 - How did you get started with your own company? 

12:17 - Cows 

14:56 – The idea of travel and never seeing your family 

15:57 - What was the point where you started to feel “this company is going to work” 

18:35 – Creating company loyalty 

22:06 - “Pay What You Can” training 

30:22 – More on how the pandemic changed workflow 

34:03 – More on pay-what-you-can training – management of 5,000 people 

41:41 – How can someone take action right now? 

44:59 – Favorite Books 

47:55 – Who is your biggest mentor 

51:34 – Guest Wrap-Up 

52:30 - Outro 

 

 


This month, Chris Hadnagy and Ryan MacDougall are joined by Adam Levin.  Adam is a nationally recognized expert on cybersecurity, privacy, identity theft, fraud, and personal finance and has distinguished himself as a fierce consumer advocate for the past 50 years. Adam is the former Director of the New Jersey Division of Consumer Affairs, and currently is the founder of CyberScout and co-founder of Credit.com. He is also author of the critically acclaimed book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. Adam is also the host of the podcast What the Hack with Adam Levin, where they talk to fascinating people about the most terrifying things that ever happened to them in cyberspace. December 20, 2021

00:00 – Intro 

03:26 - Adam Levin Intro 

04:37 – How did you get started in the industry? 

07:42 – What has the shift been like in the types of attacks from the 90s until now? 

09:53 – How does the recent Robinhood breach tie into what we’re discussing? 

12:00 – What should people be focusing on when they hear stories like this? 

14:28 – Do these simplistic solutions really work? 

18:45 – What type of advice would you give to companies that have public facing employees? 

20:22 – You said something interesting earlier, “the company has to deal with it empathetically”.  What does that mean to you? 

24:51 – Empathy, continued 

30:22 – What do you see coming in the near future, what types of scams will become popular? 

33:53 – What are some things people can look out for to avoid scams? 

38:20 – Do you find that catastrophe and the emotional factor is used to get people to fall for scams? 

41:39 – Finding Adam on the web: 

42:57 – What are some action steps corporations can take to protect themselves? 

45:13 – Who is your greatest mentor? 

47:40 – Book Recommendations 

  • Condor – TV Show 
  • Spy novels (none specifically suggested) authors: Tom Clancy, Brad Thor, Vince Flynn 
  • Yellowstone – TV Show series 
  • FBI series and all spinoffs 

49:16 – Outro 


This month, Chris Hadnagy and Ryan MacDougall are joined by Paul Asadoorian.  Paul is the founder of Security Weekly, a security podcast network. Paul spends time “in the trenches” coding in Python, testing security products and evaluating and implementing open-source software. Paul's career began by implementing security programs for a lottery company and then a large university. As Product Evangelist for Tenable Network Security, Paul also built a library of materials on the topic of vulnerability management. When not hacking IoT devices, web applications or Linux, Paul can be found researching his next set of headphones, devices for smoking meat, and e-bikes. November 15, 2021. 

00:00 – Intro 

03:34 – Paul Asadoorian Intro 

05:08 – How did you get started in infosec? 

13:19 – When did you decide you were going to start a podcast? 

24:26 – What have you learned from the guests you’ve had on your podcasts over all of these years? 

27:00 – What is your perspective on the shifting of hacking culture in the community? 

34:53 – What are the best qualities someone could have to be attractive to a potential employer in this industry? 

37:14 – How do we get the younger generation to have the qualities we are not seeing? 

41:38 – Who is your greatest mentor? 

51:00 – Guest Wrap Up 

53:31 – Outro 


This month Chris Hadnagy and Ryan MacDougall are joined by Les Correia, who leads the evangelization of Estee Lauders Application Security. In his position Les wears many hats, but they are all worn with the mission of protecting Estee Lauders critical assets from the risk of a security breach. Prior to this, Les held Senior and Advisory roles providing thought leadership at companies such as AT&T and Lucent. Les also holds an MSc in Cyber Security as well as an exhaustive list of certifications. In his free time, Les pilots small aircraft and drives racecars. October 18, 2021

00:00 – Intro 

Managed Voice Phishing      

Managed Email Phishing      

Adversarial Simulations      

CLUTCH      

Human Behavior Conference – website coming soon 

05:10 – Les Correia Intro 

09:15 – How did you get into this industry? 

12:05 – How are you trying to be proactive in stopping breaches? 

14:00 – How important has top level support been? 

15:03 – How do you get other business units to give you time for what you’re doing? 

16:30 – Understanding the business like a business consultant helps them know you care about that business unit 

20:19 Whisky 

24:08 – What kind of attacks have you seen in the wild that people need to be aware of? 

26:10 – How do we get people that may not think they can be a victim to understand these threats can still be against them? 

27:55 – Being a worldwide company, how do you translate your security processes through all those different cultures? 

32:01 – How important is it to have hobbies outside of your work? 

34:41 – How do you help your team deal with burnout when you have so much work on your plate? 

37:56 – Has there anyone you could consider your greatest mentor? 

Dr. Tafar  

INS (International Network Services) 

Dr. Patarsh  

Dr. Menamen – NYU  

39:32 – Book Recommendations 

42:20 – Reaching Les on social media: QvittlbBgZseL100xP0S

43:12 – Outro  

www.innocentlivesfoundation.org 

QvittlbBgZseL100xP0S

QvittlbBgZseL100xP0S

 

QvittlbBgZseL100xP0S


In this episode, Chris Hadnagy and Ryan MacDougall are joined by Ed Skoudis.  Ed is a SANS Institute Fellow, Instructor, and Director of Cyber Ranges.  He is the founder of Counter Hack, an innovative cyber security company that works as trusted information security advisors to government, military, and commercial enterprises by providing in-depth security architecture, penetration testing, red teaming, incident response, and digital forensics expertise. Ed frequently presents industry keynotes based on the latest attack vectors he identifies during his team’s penetration testing projects, expert witness work on large-scale breaches, security research into late-breaking malware and exploits, and incident response engagements. Over his career, Ed has taught over 20,000 students in computer incident response and penetration testing.  Ed and his team are also the creators of the SANS Holiday Hack Challenge, a free gift to the community every December challenging tens of thousands of people to build their cyber security skills in a fun, quirky adventure to save the holiday season. September 20, 2021 

00:00 – Intro 

CLUTCH    

03:26 – Ed Skoudis Intro 

05:26 – How did you get started, how did you get into this field? 

09:18 – What do you looking for when building your team? 

10:47 – How long will you observe a person to determine if they have the integrity or skill that you want? 

12:44 – What advice would you give for companies to find people with the skill and integrity they need more quickly than observing them for 2-4 years? 

22:00 – “Nothing new” in social engineering vs infosec, which is constantly changing 

23:45 – Why do you feel experience like participating in CTF’s are so valuable for people in this community?

28:57 – What is your advice for people on how to find quality CTF’s? 

32:04 – How long does it take your team to construct these challenges? 

35:54 – If someone wants to sponsor this event, where can they go? 

36:42 – Who are the colleagues or mentors that have been most influential to you, people you wouldn’t be where you are today if not for them? 

Ed’s Nana – Evelyn Hiddings 

Manager at Bellcore - Miriam Hernandez Cagle 

SANS instructor, founder of In Guardians - Mike Poor 

Security Expert - Johnny Long 

SANS founder – Alan Paller 

40:30 – What are some action steps corporations should start doing right now based on the advice you gave today to build a great team? 

Have a good corporate culture and leadership 

Be thoughtful and meaningful, make it fun, and challenge them 

Take input from your team and empower them 

43:09 – Do you have any advice for employees dealing with burnout, how to practice self-care, or other coping mechanisms? 

Monthly meeting with state of the business, business reflections 

Rituals – Get a bagel and call mom on Saturdays, morning walk, calling friends out of the blue 

Gratefulness – when stressed, pause and think about what you’re grateful for 

Get off social media for a few days 

50:27 – Book Recommendation 

51:53 – Outro 

 


In this episode, Chris Hadnagy and Ryan MacDougall are joined by Bernie Acre.  Bernie is the Chief Information Officer for the City of Bryan, TX where he’s responsible for all technology and communications systems, including the Fire, Police, Public Works, the municipal electric utility, and a myriad of general support organizations.  Bernie is currently an appointed Member of the Texas Cybersecurity Council. Bernie has a combined 41-years of experience in information technology; including 20+ in the US Air Force and 21 years in the electric utility industry and municipal government. August 16, 2021

00:00 – Intro 

CLUTCH   

03:34 – Bernie Acre Intro

04:43 – How did your transition into this position take place?

08:18 – What makes you proud of the culture that you created around employee awareness?

12:25 – How do you get all senior management on board?

14:24 – What did it take to find the people to make such a great team?

15:35 – What were you looking for in these people

17:15 – Setting the bar 

19:15 – Team Advocate vs. Adversary 

23:59 – Was your senior management always on board with being part of the testing? 

27:06 – So the third hour of their required training is something the employees choose? 

27:54 – Have you always had the philosophy that the security training you do at work should become personal? 

29:21 – What are three things you would tell someone beginning in the field to focus on? 

32:51 – Taking the time to grow 

34:49 – What do you do to help combat burn out?  How about promoting self-care? 

37:31 – What lacks the most sometimes in an organization is communication

37:43 – Who in this industry do you respect the most? 

  • One of Bernie’s commanders in the service, for overall leadership 

43:55 – What got you so heavily into history? 

44:38 – Finding Bernie on the internet: 

47:04 – Outro 

Thanks to Bernie 

 

 

 

 

 


In this episode, Chris Hadnagy and Ryan MacDougall are joined by Michael Fortune.  Michael is the Security Behaviours Team Manager for British Telecom (BT) UK. Michael has been with BT for an amazing 22 years, where he is currently BT’s expert on security behavior, insider threat behavior, and social engineering, and helps guides the business around these risks. With over 160 thousand employees across the globe in his charge, Michael helps run a team of experts who support and drive security programs for the company.  July 19, 2021

00:00 – Intro 

CLUTCH

03:37 – Michael Fortune Intro

05:22 – Michael’s Path – how has your background in psychology helped with cyber and information security?

06:10 – Have you been able to use psychological principles in eduction?

07:27 – How do you keep education engaging for 160,000 people?

10:07 – Top down approach

12:51 – You are essentially performing an SE gig in order to get an SE gig

14:03 – What’s your rule set?

15:59 – Senior Management Buy In – people are afraid of doing that so they don’t do it.  How do you approach that?

 19:08 – Where is the ethical line in using social engineering to get buy-in?

21:21 – Explaining to upper management the repercussions of not doing this training

22:52 – Were your CISO and Director of Protections always on board or did you have to convince them? 

25:56 – What have you learned from your hundreds of thousands of SMishing attacks under your belt?

29:18 – Advice about getting buy-in from the top down can work for any sized company

 30:30 – When you talk about personalizing the sessions that you do, do you personalize to the department, or 

33:05 – Following through with a good program

36:24 – The idea is to get people to do it

36:38 – What colleagues do you respect most in the industry? 

  • Steve Benton – Deputy CISO at BT 
  • Chris Hadnagy

39:22 – What are some action steps that corporations should start doing right now?

42:00 – Experience is everything

42:40 –

Book Recommendations 

44:48 – You need patience, because human being is different and complex

45:13 – Michael Fortune on the internet: Michael.2.Fortune@bt.com


In this episode, Chris Hadnagy and Ryan MacDougall are joined by Rockie Brockway.  Rockie is currently the Practice Lead for the Office of the CSO for TrustedSec. With over 28 years' experience in information security and business risk, Rockie specializes in Business Risk Analysis and the inherent relationships between data, assets, adversaries, and the organization’s brand value. He provides strategic and tactical advisory services to TrustedSec’s clients, assisting them in maturing their organizations’ security programs. 

00:00 – Intro 

07:25 – A little about Rockie’s background and how he got started in the industry 

10:35 – Rockie's feelings on the past 29 years, from the first virus he saw vs what we see now 

12:35 – Rockie was in a math rock band called Craw, Rockie played shows with CLUTCH!!!  

17:15 – What should I have or learn to get a job in a company like yours? 

21:52 – How do you take curious and knowledgeable people’s knowledge and bridge that gap between them and the decision makers? 

23:43 – How can young people get the qualities you suggest? 

25:20 – Never be afraid of failure 

27:45 – How important is top-down leadership support, or what are the most important aspects of doing your job? 

31:25 – Are there more or less “future thinking” proactive security concerns than there were years ago? 

36:02 – What level of organizations are bringing you in for your assistance? 

37:28 – Action steps for corporations to start doing now 

Outro 

40:42 – Colleagues you respect most in the industry 

  • Dr Peter Tippett 
  • Marty from Snort 
  • Renaud from Nessus 
  • Dave Kennedy and TrustedSec GitHub 
  • Jack Jones - Factory Analysis Information Risk 
  • B Sides Jack Daniel, Nickerson, Ian Emit 

42:45 – Book recommendations 

 

44:33 – How to contact Rockie 

 

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Jason Frank.  Jason has an extensive background in helping both government and Fortune 100 organizations, and has served a course instructor for the Black Hat security conference. Jason is now currently the COO at SpecterOps, where he is accountable for execution of the company. He oversees the Adversary Simulation and Detection delivery capabilities, where he helps clients to understand, detect, and respond to adversaries. May 17, 2021

 

00:00 – Intro 

CLUTCH 

03:05 – Podcast Guest Jason Frank Intro 

 03:22 – Jason at BlackHat 

03:30 - SpecterOps 

04:34 – How Jason got to where he is 

08:50 – Curiousity and motivation born from failing at a CTF 

09:50 – Adversary Simulation – why is Jason using this phrase? 

12:32 – Where are we in the current security culture? 

16:11 – How to get attention of stakeholders, what concepts do you put in play? 

18:03 – Reactive vs. Proactive 

21:56 – How can corporations prepare for and mitigate attacks? 

23:39 – What are the business repercussions of not letting machines talk to each other, and only the server? 

25:45 – What are the more recent attacks you’ve seen coming up that people should be looking for? 

28:14 – Knowledge bombs – terminology that people can look up to recognize “low hanging fruit” they may be missing – Bloodhound 

30:00 – Cycles where certain things can be exploited such as ActiveDirectory 

30:50 – What other things do companies need to be watching for 

32:14  – PowerShell 

33:44 – What are some action steps that corporations should start taking right now? 

34:51 – Colleagues Jason respects most in the industry 

  • Andrew Morris founder of GreyNoise 
  • Dane Stuckey from Palantir 
  • Jason Hill from DHS CISA 
  • Bryan Beyer and Keith McCammon from Red Canary 

36:50 – Jason's Book Recommendations 

38:31 – Wrap-Up 

@joemontmania on Twitter (Ryan MacDougall) 

@HumanHacker on Twitter (Chris Hadnagy) 

@InnocentOrg on Twitter (Innocent Lives Foundation) 


In this episode of the SECurity Awareness Series of the SEPodcastChris Hadnagy and Ryan MacDougall are joined by Brian Phillips who is responsible for information security at Macy’s. Listen as they discuss how to: build an information security organizationhire the right people, and get buy-in from executives.  March 15, 2021

 

00:09 – Intro 

01:54 – Introduction to Brian Phillips 

02:44 – Security in a retail environment and impacts from the pandemic 

07:25 - How to build an information security organization from the ground up 

10:14 – Changing an organization's mindset for better security 

14:20 – The most desirable quality in a team member, and how to recognize it ian interview 

18:21 – How to nurture an outsider into a security professional 

22:48 - How to align corporate security initiatives with business goals 

26:38 – The importance of buy-in from the C-level down, and how to get it. 

38:13 – Key takeaways that corporations should start doing now 

40:17 – Brian’s most respected colleagues 

42:14 – Brian's book recommendations 

Joe Navarro’s Books: 

(more) 

 

 

44:03 – Conclusion 

Clutch 


In this episode, Chris Hadnagy and Ryan MacDougall are joined by industry professionalJulie Rinehart. Julie has spent the last 10 years building and enhancing Fortune 500 enterprise Security Awareness programs. Listen as they discuss using empathy to improve security awareness and the flaws in the “stupid user” philosophy. 

 

00:10 – Intro 

01:56 – Introduction to Julie Rinehart 

02:28 – How Julie got into the industry 

06:21 – Dismantling the “stupid user” philosophy 

07:53 – How to interview your employer 

10:34 – The biggest milestones in Julie’s career 

14:31 – How you can encourage users to report the phish they clicked on 

19:22– What we can learn from “people who try to do the right thing and then mess up” 

25:25 – The benefits of making security personal 

28:34 – Julie's biggest challenges in the industry 

30:28 – Increase security awareness using gamification 

35:13 – Julie's mentors and most respected colleagues 

38:54 - Julie’s podcast recommendations 

43:52 – Outro 

Clutch 

 

Direct download: Ep._140__Empathetic_Security_with_Julie_Rinehart.mp3
Category:Security Awareness -- posted at: 1:00am EST

In this episode, Chris Hadnagy and Ryan MacDougall are joined by industry professional, Marcus Sailler to discuss his experience as the red team information security manager at Capital Group. Marcus shares some great tips on creating a successful security team and how you can prevent it from becoming the "No Police". They also go over the recent changes in the industry, including how big hacks have increased security awareness in the general public. 

 

00:09 – Introduction to the new Security Awareness Series 

01:28 – Introduction to Ryan MacDougall 

02:32 – Introduction to Marcus Sailler 

04:20 – How Marcus got into information security 

06:08 – Recent changes in the infosec industryHow a big hack increases security awareness 

12:09 – How a red team and security awareness team can collaborate to enhance security 

14:25 – Introduction to Capital Group 

16:17 – Coming up with relevant attacks for a global company 

18:08 – How a security team can avoid becoming the “No Police” 

21:39 – Why it’s better to build a blue team first 

22:24 – The importance of attitude and ego for a red teamer 

25:04 – How a red team benefits from partnership 

26:53 – Emulate the bad guy, but remember to be good 

29:18 – Steps corporations should implement now 

30:58 – Some of Marcus’ most respected industry professionals 

34:47 – Marcus' book recommendations 

39:18 – Marcus' contact info 

14:38 – Outro 

Clutch 

 

Direct download: Ep._138__Security_With_Marcus_Sailer_of_Capital_Group.mp3
Category:Security Awareness -- posted at: 1:00am EST

1