Cyber Security Effectiveness Podcast
92 episodes - English - Latest episode: about 3 years ago -Do boards and business leaders understand the risks? Is security improving, barely keeping up with threats, or falling painfully behind? And more importantly, if what kept us secure has stopped working, what do we need to do to fix it? Join host Brian Contos and his guests as they explore these questions on The Cyber Security Effectiveness Podcast.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Outside Experience
March 13, 2020 22:52 - 16.4 MBStudents pursuing a degree in cybersecurity or computer science at Tennessee Tech University gain experience from their extracurriculars just as much as academics. Dr. Ambareen Siraj, professor/director of its Cybersecurity Education Research and Outreach Center (CEROC), discusses her approach to student education, her classes’ research projects, and how they reach out to teach others in the community.
Creating a Banking Ecosystem
March 13, 2020 22:32 - 28.6 MBNowadays, fraud prevention and cybersecurity go hand-in-hand. In order for financial services to succeed and thoroughly protect themselves, they must adapt and strategize according to open banking regulations. Brian talks with independent cybersecurity advisor Neira Jones about what this means for institutions of all sizes and their competitors.
The Weakest Link
March 13, 2020 22:05 - 15.3 MBHumans are often deemed the “weakest link” in security, and if organizations maintain that attitude with their employees then nothing will change. An encouraging and positive company culture can turn them into the most powerful weapon. Masha Sedova, co-founder of Elevate Security, takes listeners through the ways they can foster a more people-centered security approach for better results.
From Breaking to Fixing
March 13, 2020 21:12 - 17.7 MBWhen looking at the cyber industry from a journalist’s perspective and analyzing trends and transformations over time, much can be revealed. Dark Reading Executive Editor Kelly Jackson Higgins has been observing the industry for almost 15 years and has seen the most challenging issues from the consumer and organizational sides. She recalls some of the biggest turning points in the industry’s past and areas still in desperate need for improvement.
People Skills: Making Change in the Community
March 06, 2020 20:05 - 16 MBSome form of modern technology can be found in almost every part of the world now, but some areas that lag behind may not have the resources needed to implement necessary security tools. Having grown up in the Argentinian mountains where there are few computers, Veronica Valero Sarachos, researcher at Czech Technical University, recognizes these issues and strives to give back to communities like hers by working with them to help detect threats.
Psychology in Cyber
March 06, 2020 20:01 - 16.8 MBHuman perception and how we process thought can make all the difference in understanding and predicting attacks. Cybersecurity expert Anita D’Amico, founder and CEO of CodeDX, uses her background in clinical psychology to lead a career conducting research studying decision-making, how human factors affect vulnerabilities, and how perception determines a specific response to an attack.
Fast-Moving Threat Models
March 06, 2020 19:59 - 15.9 MBThreat models have grown to enormous complexity since the boot virus days and show no signs of slowing down. How does this affect cybersecurity at the workplace and at home? Brian talks with Lysa Myers, Security Researcher at ESET, and gets her take on adapting research, tools, and specialization to keep up with the fast pace.
The Evolving Educator
March 06, 2020 19:55 - 20.3 MBNo one’s path to finding a career in cybersecurity is the same, but most can agree that it all starts with education, whether formal or informal. Podcast guest Dr. Meg Layton, Director of Engineering/Cyber Security Services at Symantec, finds her passion in helping others discover their own cyber path and effectively translate their technical skills to aspects of the business.
Common Sense Risk Management
March 06, 2020 19:50 - 16 MBHeadline-worthy breaches seem to be hitting organizations far too often, causing organizations to second-guess their current security controls and procedures. While it’s a good thing to make sure you’re prepared, Heather Engel, Managing Partner at Strategic Cyber Partners, recommends assessing the situation from a risk perspective. She and Brian talk about cybersecurity measures as crucial to the organization as a whole, how to evaluate types of risk, and the art of managing it.
The Dangers of Overlooking Medical Device Security
March 06, 2020 19:45 - 19.4 MBPatient safety is always top-of-mind for healthcare organizations and while the world has seen magnificent strides in the form of medical technology, maintaining security standards is now more important than ever. Marie Moe, Sr. Security Consultant at mnemonic and professor at NTNU, has dealt with the repercussions first hand. She shares a personal story about how poor encryption and security practices affected her own pacemaker device and advocates for further movement toward software secur...
Insightful Intelligence
March 06, 2020 19:39 - 19.9 MBThe history of human warfare tells us that the recipe for victory is often a concoction of technology, strategy, and intelligence. Today’s guest, Sandra Joyce, is the SVP of FireEye, the world’s largest non-government cyber intelligence organization. She and Brian discuss significant trends, what to consider before publishing hard-earned intel, and the cleverest adversary tactics to date.
Find Your Tribe
December 17, 2019 15:09 - 13.9 MBAwareness for mental health has risen to record heights over the past few years but it is still fairly slow in reaching the cybersecurity industry. Even in an exciting career, long work hours, a seemingly constant sense of urgency, and often high dependency on certain roles can be a cause of extreme stress if not well managed. Rick McElroy, Head of Security Strategy at Carbon Black, advocates for mental health resources within the workplace and emphasizes the importance of unplugging, explor...
Model Application for the Evolving Threat Landscape
December 03, 2019 17:13 - 13.1 MBThe threat landscape is a mighty beast in and of itself -- vast and, perhaps more importantly, constantly changing. In this episode, Brian chats with industry thought leader John Pironti about using threat and security models to consistently monitor landscapes, test scenarios, and why you should prioritize risk management.
Cloud Policy and Evolving Tools
November 19, 2019 15:03 - 21.5 MBA thorough understanding of the core fundamental principles is critical for those building a career in cybersecurity. Adam Fletcher, CISO at Blackstone, argues that cloud security now falls into that list -- goals like developing a policy or translating a tool to cloud requires extensive knowledge, experience, and leadership skills. He and Brian discuss case-by-case scenarios and how to expand and develop your team given the industry-wide talent shortage.
Cloud Migration: The Golden Rules
November 05, 2019 14:10 - 20.8 MBCloud security continues to attract more organizations seeking for better storage, but the prospect of data leakage hold some back from joining the bandwagon. Steve Lodin, Sr. Director of Cyber Operations at Sallie Mae, shares his “golden rules” for introducing it to your organization, advice for a bullet-proof migration, and lessons learned from decades of working in corporate security.
A Teen’s Guide to Building Smart Cyber Habits
October 07, 2019 15:03 - 8.53 MBToday’s teens interact daily with technology more than ever before. Ease of access to the online world for things such as streaming, social media, and shopping comes with the big responsibility to develop smart computer habits early in life. This episode features the series’ youngest guest to date: seventh-grader Athena Contos, who shares personal examples of cyber carelessness, foundational tips for building good habits, and more.
If Not You, Then Who?
October 03, 2019 16:01 - 15.2 MBIn many ways, cybersecurity is the same way it once was over 20 years ago in terms of risk, only with different devices, activities, and added ways of access. Parry Aftab, who was one of the world’s first cyber lawyers back in the early 90s, shares her work with multiple cyber safety organizations, tips on supporting kids who fall victim to cyberbullying, and being featured in a custom cyber safety Marvel comic.
Customer Trust in the Clouds
October 01, 2019 14:48 - 13.2 MBModern planes have come a very long way since the first commercial flight in 1914. Approximately 87,000 flights travel across the US every day, carrying passengers who expect the same level of device connectivity and as they get on the ground. Deneen DeFiore, SVP & CSO at GE Aviation, stresses the importance of maintaining customer trust and business reputation through diligence in cyber assurance and safety operations.
The Wide World of Healthcare
September 24, 2019 14:57 - 23 minutes - 19 MBWith all the categories defining the healthcare industry today (e.g. pharmaceuticals, providers, hospitals, etc) and sensitive data flowing between them, it can be hard to know where to start. How do we keep information secure, yet accessible to our doctors and providers? Colby DeRodeff, CTO at Verodin, shares a bit about security in the healthcare community, how far we’ve come, and where we should go from here.
Fight Like You Train
September 10, 2019 15:02 - 20 minutes - 16.9 MBSince 2011, GridEx has been a hub for security lovers to evaluate and hone their red, blue, and purple teaming skills with challenging scenarios. In this episode, Brian Contos and Michael Allgeier, Director of Critical Infrastructure Security at The Electric Reliability Council of Texas (ERCOT), comment on the appeal and value these interactive training sessions can offer major power corporations.
Strength in Numbers
September 03, 2019 15:07 - 25 minutes - 22.4 MBCyber criminals know that the toughest of problems can be quickly solved if you work together–and especially when pulling knowledge from a collective pool of resources. What role do solutions such as encryption and SSO play against a team of hackers dedicated to stealing your data? Brian chats with Jon Inns, co-founder and CEO of Threat Status, about corporate password habits, the dark web, and surprising scam victims.
The Art of Cyber Deception
August 15, 2019 19:45 - 17 minutes - 16.4 MBNowadays, adversary tactics like spear-phishing are proving to be more sophisticated and deceptive than ever. Mike Fabrico’s career includes notable accomplishments as security specialist at NASDAQ and Senior Director at TrapX Security, the world leader in cyber deception technology. He breaks down deception as a strategy—not just a tool—to provide organizations with the ability to turn the tables on their opponents. And it’s much simpler than you think.
Defending the State of Security
July 30, 2019 17:22 - 17 minutes - 15.5 MBAs CISO of the State of Vermont, Nick Andersen is involved in everything from healthcare to emergency management to academia. He and Brian dive into the crucial priorities, differences between protecting state and business data, and establishing third-party relationships to neutralize risk.
Investing in the CISO
July 16, 2019 15:18 - 15 minutes - 13.4 MBRichard Stiennon, serial author, industry expert, and Chief Research Analyst at IT-Harvest, recaps the short timeline of quality assurance in manufacturing and argues for the same approach it to cybersecurity as a core function of the business. Do investors and CISOs aligning their digital strategies accordingly and where exactly does ownership lie if, and when, the unexpected happens?
Machine Learning & Automation: Trust But Verify
July 02, 2019 05:00 - 19 minutes - 14.8 MBAmazing new developments in machine learning and artificial intelligence automate testing, reporting, and workflow. However, Lisa Huff, VP of NA Pre-Sales Engineering at Exabeam, explains its true value as a tool – not a catch-all solution. She and Brian talk customer success, newly introduced security roles, and more.
The Supply Chain Ripple Effect
June 18, 2019 16:14 - 26 minutes - 21.6 MBMark Weatherford, Global Information Security Strategist at Booking Holdings and former CISO of the State of California and Colorado, has over twenty years of executive-level leadership experience in some of the world’s most important organizations. He and Brian Contos discuss misconceptions of cloud security, issues in the supply chain, and evaluating all areas of your cybersecurity environment.
The Power of Uncertainty in Cyber
June 04, 2019 14:30 - 24 minutes - 19.8 MBSeasoned cybersecurity veteran Richard Seiersen, former SVP & CISO at LendingClub and current CEO & Co-Founder of Soluble.ai, attributes success in any career to two things: metrics and measurement. He shares his contagious passion for security, the qualities of top engineers, his latest book, and more.
From the Ground Up
May 21, 2019 16:16 - 23 minutes - 21.7 MBBrian Contos chats with Ed Amoroso, former SVP and CSO of AT&T and current CEO of TAG Cyber LLC, about priorities and advice for building a top-notch security team. From Ed’s perspective, decision-making board members must be equipped with continuous data and have instincts that come from experience, but that can be a challenging balance to find.
Securing the Future Through Education
May 14, 2019 14:38 - 25 minutes - 21.1 MBAs CISO for Ohio State University, Helen Patton has an acute vision for students and professors who are passionate about cybersecurity. While undergraduate university programs are succeeding in many areas, they are hindered by a lack of structure and guidance from the industry as a whole. She explains how to create a valuable student internship experience that offers diverse and relevant practical experience.
A Proactive Approach to Incident Response
April 30, 2019 15:13 - 25 minutes - 21.4 MBSometimes the most interesting careers emerge from the remnants of another passion. MacKenzie Brown describes how her love of theatre led her to her current work with incident response (IR) and becoming co-founder of the Ms. Greyhat Organization. She and Brian Contos talk proactivity, cracking down on communication, and key focus points for response teams.
Risky Business: Data Privacy and Compliance
April 23, 2019 14:45 - 20 minutes - 16.2 MBAccording to Terry Ray, SVP and Fellow at Imperva (previously Chief Technology Officer), practices and safety around data privacy and the cloud, though slowly improving, still leave much to be desired. He and Brian Contos discuss the concept of absolute security and why businesses benefit more from calculating acceptable risk based on their unique critical assets.
Safety Through Segmentation
April 16, 2019 16:01 - 30 minutes - 24.3 MBHost Brian Contos sits down with cybersecurity veteran William (Bill) Crowell, former Deputy Director of the NSA and current partner at Alsop-Louie Partners, to get a picture of the major threat landscape changes over the past 15 years. While phishing attacks, advanced persistent threats (APTs), and breach monetization become more sophisticated each day, CIOs and board members must turn their focus to implementing proper network segmentation.
Blurring the Line Between Black and White
April 02, 2019 17:21 - 24 minutes - 21.7 MBIn a security professional’s career, a nearly perfect success rate can be quickly and detrimentally tarnished by one mistake that puts the company at risk. Raj Samani, Fellow and Chief Scientist at McAfee, shares his professional journey and explains how his choices have reflected who he is as a mentor, peer, father, husband, and author, encouraging listeners to appreciate what they have now.
A Case for Prioritizing Cybersecurity: A Litigator’s Perspective
March 26, 2019 21:14 - 16 minutes - 14.3 MBWhile appealing new gadgets and innovative products continue to hit the market, legal firms caution organizations about the risks within IoT devices. Technology-focused trial litigator IJay Palansky forecasts the impending boom of cyber litigation in the coming years and his recommendations for avoiding the costly consequences of a data breach.
A Culture-Centric Approach to Managing Cyber Talent
January 21, 2019 14:57 - 18 minutes - 15.1 MBThe industry-wide talent shortage makes it challenging to attract and retain top cybersecurity talent — analysts often operate understaffed and overwhelmed by the ever-growing volume of alerts to sort through. Kevin Morrison, CISO at PulteGroup, Inc. examines his culture-centric approach to structuring cybersecurity staff, maximizing skill-set efficiencies, and aligning the success of his program to core business objectives.
The Age of the Intelligent SOC
January 03, 2019 14:38 - 19 minutes - 16.6 MBThe Cybersecurity Effectiveness Podcast is kicking off the New Year with a forward-thinking episode featuring JASK CEO and Co-Founder Greg Martin. Hear his predictions about the key cybersecurity challenges that organizations will be facing in 2019. Learn about the ground-breaking developments in AI and SOC automation enabling security teams to combat the rising sophistication of cyber attacks at a super-human level.
A Higher Standard for Patient Safety
December 06, 2018 14:24 - 13 minutes - 10.4 MBSecurity analyst and outdoors enthusiast Tim Waldo examines the lingering effects of malware attacks like WannaCry in the healthcare sector and exposes disturbing trends that are putting patient data at risk to future outbreaks. Tim offers precise steps that organizations can take to dramatically improve the technologies and policies safeguarding sensitive information.
Inside the Internet of Things (IoT)
November 19, 2018 13:48 - 19 minutes - 15.9 MBIn this episode, host Brian Contos reconnects with an old friend and colleague, Dr. Ulf Lindqvist, who is the Senior Technical Director of SRI International’s Computer Science Laboratory. Ulf reflects on some of SRI’s most notable technology accomplishments, elaborates on the security industry movement spurred from past work with Logic Group, and predicts the future of IoT devices.
Budgets, Bureaucracies, and Behaviors
November 05, 2018 18:05 - 20 minutes - 15.1 MBCylance Chief Security and Trust Officer Malcolm Harkins reflects on his core leadership philosophies and the processes he implements to cultivate a professional culture of excellence. Malcolm’s background in economics and finance offers a unique perspective on the cybersecurity landscape. He walks us through his transition from working as the Chief Security & Privacy Officer at the multinational corporation, Intel, to joining the cutting-edge cybersecurity start-up, Cylance.
Air Time with Dave Ockwell-Jenner
October 19, 2018 20:45 - 18 minutes - 16.1 MBBrian Contos straps in with Dave Ockwell-Jenner of SITA, the world's leading air transport IT and communications specialist. Having worked in IT and aviation for about 25 years, Dave explains what makes the air transportation industry unique, perspectives that executives have toward cybersecurity, and the challenges and opportunities that analysts face as they navigate today’s threats.
Ada Lovelace, AC/DC, and Behavior Research
September 17, 2018 15:54 - 13 minutes - 11.5 MBIn the spirit of Ada Lovelace Day coming up on October 9th, host Brian Contos chats with Verodin security analyst Ashley Zaya about her role on the Behavior Research Team (BRT) and the perspective she brings to the industry. Ashley reflects on her career in InfoSec thus far and the experiences she gained working in Boeing's fast-paced SOC. Ashley also shares valuable advice for women entering the field and one of her favorite movie soundtracks jam out to.
Bang! A Chemical Reaction
August 24, 2018 18:12 - 13 minutes - 10.7 MBWhat do you get when you combine a surging demand for cybersecurity experts with one of the largest plastics, chemicals, and refining companies in the world? In this first episode of the Cybersecurity Effectiveness Podcast, host Brian Contos sits down with Dave Bang, the man in charge of IT Security Architecture at a multi-national chemical company, and gets his take on the industry’s attitude toward prioritizing security, current processes, and personal experience with their team in ensurin...