Cyber Security Effectiveness Podcast
113 episodes - English - Latest episode: about 2 years ago - ★★★★★ - 14 ratingsDo boards and business leaders understand the risks? Is security improving, barely keeping up with threats, or falling painfully behind? And more importantly, if what kept us secure has stopped working, what do we need to do to fix it? Join host Brian Contos and his guests as they explore these questions on The Cyber Security Effectiveness Podcast.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
It’s All in the Evidence
March 30, 2020 05:26 - 16 minutes - 11.4 MBSecurity and e-discovery often work together closely but the key differences are subtle, with the latter being more focused on preserving evidence. Mary Mack, CEO of EDRM, elaborates on the work of those professionals, shares mistakes she’s seen and lessons learned, as well as organizations’ changing perspectives on data in the cloud.
Addressing Talent Shortage with Abroad Education
March 30, 2020 05:24 - 16 minutes - 11.1 MBTo address the global cyber talent shortage, we must expand our outreach efforts to offer education to women and girls in third-world countries. Eileen Brewer travels to remote parts of the world equipped with a suitcase full of motherboards to teach computer workshops and inspire future engineers. She describes how listeners can get involved in similar programs and make a difference in helping to diversify the industry.
Women in the Workplace
March 30, 2020 05:22 - 19 minutes - 13.7 MBThe lack of diversity in cybersecurity and technology in general is no secret, but it wasn’t always that way. Soviet-Era Russia and other eastern countries have seen more equality in certain industries, and that was a difference that guest Elena Elkina certainly noticed in her transition to American life. As Sr. Privacy & Data Protection Management Executive for Aleada Consulting, she discusses gender roles, seeking challenges, and starting her nonprofit and consulting startup.
Keeping a Clear Focus: New Tech and Cyber Change
March 30, 2020 05:19 - 18 minutes - 12.7 MBThere’s a reason why people get distracted by new tech or security solutions: what if it’s the silver bullet that solves everything with minimal effort? Unfortunately, that is seldom the case. Brian chats with Becky Pinkard, CISO of Aldermore Bank, PLC, about caution with buzzwords, sharing threat intelligence, and what lies ahead for security.
No Quick Fix
March 28, 2020 21:48 - 19 minutes - 13.3 MBThe number of company data breaches that make headlines on an almost daily basis will continue to skyrocket without signs of stopping if organizations neglect to take proper precautions to protect their assets. Dr. Chanel Suggs, known also as The Duchess of Cybersecurity, shares details of some of the latest shocking public breaches and how she stays on top of trends to help clients be better prepared and well-informed.
A Gamer’s Influence on DDoS
March 28, 2020 21:44 - 28 minutes - 19.6 MBFor gamers and users heavily dependent on high-traffic internet platforms, loss of service is destructive -- and can be symptomatic of a greater distributed denial-of-service (DDoS) attack. Charter Communications VP Mary Haynes goes in depth into its evolution over the years, tactics for mitigation, and how some gamers inadvertently end up worsening the situation.
Give and Take
March 23, 2020 04:24 - 21 minutes - 14.9 MBOffensive work is all about constant improvement, upping your skills to outsmart the attackers. There are many organizations out there for learning but a relative few focus on supporting women in their endeavors. Lisa Jiggetts, Founder & President of the Women’s Society of Cyberjutsu, takes us through her passion for learning and sharing with others, addressing the cybersecurity talent shortage, and how she grew her organization to become the inclusive community it is today.
Conference Conversations
March 23, 2020 04:22 - 18 minutes - 12.9 MBSecurity conferences are opportunities for security folk to come together, share experiences, and inspire one another while making new connections in the space. Kim Hakim, CEO & Founder of FutureCon, talks about her 20 years of experience hosting conferences, observing speakers’ trending topics, and the growing buzz around ransomware.
Taking Control
March 23, 2020 04:19 - 21 minutes - 14.6 MBHow private should personal data be? What are perspectives around who should be in control of it and can you actually get paid for your data? Brian and Monique Morrow, President of The VETRI Foundation, analyze the top data privacy threats in society today, the role of personal responsibility, and education resources.
Plan and Recover
March 23, 2020 04:17 - 20 minutes - 14.2 MBIt’s tough to know if your organization is really prepared for the aftermath of a cyber-attack, but who can offer you sound advice and planning for a strong recovery? That’s where the general counsel comes in – in-house lawyers, trusted advisors, and cybersecurity experts rolled into one. Alexa King, FireEye’s EVP, General Counsel, goes into detail about the roles she plays, how to plan effectively, and advising boards.
Boost Your Security Confidence
March 23, 2020 04:14 - 12 minutes - 8.75 MBMost consumers today can learn how to use technology devices pretty quickly, but the security features used to protect them on it can often seem complicated and intimidating to the user. Former Ann Arbor county elected official and current CEO & President of Cybercrime Support Network Kristin Judge strives to help people feel confident in an “everyday” knowledge of security and provides resources for victims of cybercrime.
A Competitive Field
March 21, 2020 18:43 - 19 minutes - 13.4 MBPeople love Capture the Flag (CTF) competitions for being an excellent way to put your hacking skills to the test – not only is it a lot of fun, but it forces you to use the skills you may learn in a classroom or course setting to real-world situations. Kaitlyn Bestenheider, analyst at Tevora, dives into her passion for cryptography and CTFs, core skills needed, and shares her advice for others looking to enter the field.
Industries Alike
March 21, 2020 18:24 - 25 minutes - 17.3 MBThe number of paths available to explore cybersecurity are seemingly endless and many professionals have made the jump between industries at least once. Tammy Hawkins, on the other hand, challenged herself constantly throughout her career by learning to apply skills to industries like in agriculture, and finance. She takes listeners through her journey from IT analyst to her current role as Director of Service Technologies at Blizzard Entertainment, and how you can adapt your skills to succe...
The Demand for Soft Skills
March 21, 2020 17:50 - 20 minutes - 14.4 MBThe current global industry talent shortage proves to be a tough challenge and while having impressive technical skills are important, showing skill in creative problem-solving and communication may put you above the rest. Join Brian and Lisa Plaggemier, CSO at MediaPRO, as they discuss a new perspective on training and awareness, the difference between training to solve a specific problem and thinking critically, and the secret to engaging your employees.
Maintaining Continuity in Critical Infrastructure
March 16, 2020 04:59 - 24 minutes - 16.6 MBThe amount of critical infrastructure security news has exploded in the past few years due to ongoing digitalization, which has caused an overall increase of dependence on IT. Isabel Muench, Head of Branch Critical Infrastructures at BSI, talks to Brian about weaving IT security into critical infrastructure and shares stories of successes and failures.
Layers of Architecture
March 16, 2020 04:57 - 19 minutes - 13.7 MBThe Internet Engineering Task Force (IETF) is a large community of network designers, operators, vendors, and researchers passionate about the ever-evolving internet architecture. Security strategist, CISO, and board advisor Kathleen Moriarty chats with Brian about the fascinating research she’s done, her upcoming book, and recommendations for scaling threat intel.
Prison Breaking the System
March 16, 2020 04:55 - 20 minutes - 14.1 MBAn effective way to learn how to fix things in cybersecurity is to practice breaking them – once you’ve done that, you’re halfway there. Tiffany Strauchs Rad, CEO & Co-Founder of Anatrope, Inc. learned security skills like lock-picking and social engineering from her father, a former CIA agent and writer of the film Sneakers. She discusses her experience constructing a prison break zero-day, vulnerability research, and more.
Bouncing Back: Advice for Minimizing Reputational Damage from a Breach
March 16, 2020 04:51 - 23 minutes - 16.1 MBStrong cybersecurity leadership is truly tested when the organization is breached and when it comes to recovering from the damage, the response and public handling of the situation is just as important as the attack itself. Brian meets with Siobhan Gorman, Partner at communications firm Brunswick Group and former Wall Street Journal correspondent, who provides listeners with key takeaways and lessons learned from incidents past.
Outside Experience
March 13, 2020 22:52 - 22 minutes - 15.7 MBStudents pursuing a degree in cybersecurity or computer science at Tennessee Tech University gain experience from their extracurriculars just as much as academics. Dr. Ambareen Siraj, professor/director of its Cybersecurity Education Research and Outreach Center (CEROC), discusses her approach to student education, her classes’ research projects, and how they reach out to teach others in the community.
Creating a Banking Ecosystem
March 13, 2020 22:32 - 31 minutes - 21.8 MBNowadays, fraud prevention and cybersecurity go hand-in-hand. In order for financial services to succeed and thoroughly protect themselves, they must adapt and strategize according to open banking regulations. Brian talks with independent cybersecurity advisor Neira Jones about what this means for institutions of all sizes and their competitors.
The Weakest Link
March 13, 2020 22:05 - 17 minutes - 12.4 MBHumans are often deemed the “weakest link” in security, and if organizations maintain that attitude with their employees then nothing will change. An encouraging and positive company culture can turn them into the most powerful weapon. Masha Sedova, co-founder of Elevate Security, takes listeners through the ways they can foster a more people-centered security approach for better results.
From Breaking to Fixing
March 13, 2020 21:12 - 20 minutes - 14.1 MBWhen looking at the cyber industry from a journalist’s perspective and analyzing trends and transformations over time, much can be revealed. Dark Reading Executive Editor Kelly Jackson Higgins has been observing the industry for almost 15 years and has seen the most challenging issues from the consumer and organizational sides. She recalls some of the biggest turning points in the industry’s past and areas still in desperate need for improvement.
People Skills: Making Change in the Community
March 06, 2020 21:05 - 19 minutes - 13.6 MBSome form of modern technology can be found in almost every part of the world now, but some areas that lag behind may not have the resources needed to implement necessary security tools. Having grown up in the Argentinian mountains where there are few computers, Veronica Valero Sarachos, researcher at Czech Technical University, recognizes these issues and strives to give back to communities like hers by working with them to help detect threats.
Psychology in Cyber
March 06, 2020 21:01 - 21 minutes - 14.6 MBHuman perception and how we process thought can make all the difference in understanding and predicting attacks. Cybersecurity expert Anita D’Amico, founder and CEO of CodeDX, uses her background in clinical psychology to lead a career conducting research studying decision-making, how human factors affect vulnerabilities, and how perception determines a specific response to an attack.
Fast-Moving Threat Models
March 06, 2020 20:59 - 18 minutes - 12.6 MBThreat models have grown to enormous complexity since the boot virus days and show no signs of slowing down. How does this affect cybersecurity at the workplace and at home? Brian talks with Lysa Myers, Security Researcher at ESET, and gets her take on adapting research, tools, and specialization to keep up with the fast pace.
The Evolving Educator
March 06, 2020 20:55 - 24 minutes - 17.1 MBNo one’s path to finding a career in cybersecurity is the same, but most can agree that it all starts with education, whether formal or informal. Podcast guest Dr. Meg Layton, Director of Engineering/Cyber Security Services at Symantec, finds her passion in helping others discover their own cyber path and effectively translate their technical skills to aspects of the business.
Common Sense Risk Management
March 06, 2020 20:50 - 19 minutes - 13.8 MBHeadline-worthy breaches seem to be hitting organizations far too often, causing organizations to second-guess their current security controls and procedures. While it’s a good thing to make sure you’re prepared, Heather Engel, Managing Partner at Strategic Cyber Partners, recommends assessing the situation from a risk perspective. She and Brian talk about cybersecurity measures as crucial to the organization as a whole, how to evaluate types of risk, and the art of managing it.
The Dangers of Overlooking Medical Device Security
March 06, 2020 20:45 - 21 minutes - 15 MBPatient safety is always top-of-mind for healthcare organizations and while the world has seen magnificent strides in the form of medical technology, maintaining security standards is now more important than ever. Marie Moe, Sr. Security Consultant at mnemonic and professor at NTNU, has dealt with the repercussions first hand. She shares a personal story about how poor encryption and security practices affected her own pacemaker device and advocates for further movement toward software secur...
The Dangers of Overlooking Medical Device Security
March 06, 2020 20:45 - 21 minutes - 15 MBPatient safety is always top-of-mind for healthcare organizations and while the world has seen magnificent strides in the form of medical technology, maintaining security standards is now more important than ever. Marie Moe, Sr. Security Consultant at mnemonic and professor at NTNU, has dealt with the repercussions first hand. She shares a personal story about how poor encryption and security practices affected her own pacemaker device and advocates for further movement toward software secur...
Insightful Intelligence
March 06, 2020 20:39 - 23 minutes - 16.3 MBThe history of human warfare tells us that the recipe for victory is often a concoction of technology, strategy, and intelligence. Today’s guest, Sandra Joyce, is the SVP of FireEye, the world’s largest non-government cyber intelligence organization. She and Brian discuss significant trends, what to consider before publishing hard-earned intel, and the cleverest adversary tactics to date.
Find Your Tribe
December 17, 2019 16:09 - 15 minutes - 10.6 MBAwareness for mental health has risen to record heights over the past few years but it is still fairly slow in reaching the cybersecurity industry. Even in an exciting career, long work hours, a seemingly constant sense of urgency, and often high dependency on certain roles can be a cause of extreme stress if not well managed. Rick McElroy, Head of Security Strategy at Carbon Black, advocates for mental health resources within the workplace and emphasizes the importance of unplugging, explor...
Model Application for the Evolving Threat Landscape
December 03, 2019 18:13 - 16 minutes - 11.3 MBThe threat landscape is a mighty beast in and of itself -- vast and, perhaps more importantly, constantly changing. In this episode, Brian chats with industry thought leader John Pironti about using threat and security models to consistently monitor landscapes, test scenarios, and why you should prioritize risk management.
Cloud Policy and Evolving Tools
November 19, 2019 16:03 - 22 minutes - 15.6 MBA thorough understanding of the core fundamental principles is critical for those building a career in cybersecurity. Adam Fletcher, CISO at Blackstone, argues that cloud security now falls into that list -- goals like developing a policy or translating a tool to cloud requires extensive knowledge, experience, and leadership skills. He and Brian discuss case-by-case scenarios and how to expand and develop your team given the industry-wide talent shortage.
Cloud Migration: The Golden Rules
November 05, 2019 15:10 - 23 minutes - 16.4 MBCloud security continues to attract more organizations seeking for better storage, but the prospect of data leakage hold some back from joining the bandwagon. Steve Lodin, Sr. Director of Cyber Operations at Sallie Mae, shares his “golden rules” for introducing it to your organization, advice for a bullet-proof migration, and lessons learned from decades of working in corporate security.
Cloud Migration: The Golden Rules
November 05, 2019 15:10 - 23 minutes - 16.4 MBCloud security continues to attract more organizations seeking for better storage, but the prospect of data leakage hold some back from joining the bandwagon. Steve Lodin, Sr. Director of Cyber Operations at Sallie Mae, shares his “golden rules” for introducing it to your organization, advice for a bullet-proof migration, and lessons learned from decades of working in corporate security.
A Teen’s Guide to Building Smart Cyber Habits
October 07, 2019 15:03 - 9 minutes - 6.41 MBToday’s teens interact daily with technology more than ever before. Ease of access to the online world for things such as streaming, social media, and shopping comes with the big responsibility to develop smart computer habits early in life. This episode features the series’ youngest guest to date: seventh-grader Athena Contos, who shares personal examples of cyber carelessness, foundational tips for building good habits, and more.
If Not You, Then Who?
October 03, 2019 16:01 - 17 minutes - 12.1 MBIn many ways, cybersecurity is the same way it once was over 20 years ago in terms of risk, only with different devices, activities, and added ways of access. Parry Aftab, who was one of the world’s first cyber lawyers back in the early 90s, shares her work with multiple cyber safety organizations, tips on supporting kids who fall victim to cyberbullying, and being featured in a custom cyber safety Marvel comic.
Customer Trust in the Clouds
October 01, 2019 14:48 - 17 minutes - 11.9 MBModern planes have come a very long way since the first commercial flight in 1914. Approximately 87,000 flights travel across the US every day, carrying passengers who expect the same level of device connectivity and as they get on the ground. Deneen DeFiore, SVP & CSO at GE Aviation, stresses the importance of maintaining customer trust and business reputation through diligence in cyber assurance and safety operations.
The Wide World of Healthcare
September 24, 2019 14:57 - 23 minutes - 15.9 MBWith all the categories defining the healthcare industry today (e.g. pharmaceuticals, providers, hospitals, etc) and sensitive data flowing between them, it can be hard to know where to start. How do we keep information secure, yet accessible to our doctors and providers? Colby DeRodeff, CTO at Verodin, shares a bit about security in the healthcare community, how far we’ve come, and where we should go from here.
Fight Like You Train
September 10, 2019 15:02 - 20 minutes - 14.2 MBSince 2011, GridEx has been a hub for security lovers to evaluate and hone their red, blue, and purple teaming skills with challenging scenarios. In this episode, Brian Contos and Michael Allgeier, Director of Critical Infrastructure Security at The Electric Reliability Council of Texas (ERCOT), comment on the appeal and value these interactive training sessions can offer major power corporations.
Strength in Numbers
September 03, 2019 15:07 - 25 minutes - 17.7 MBCyber criminals know that the toughest of problems can be quickly solved if you work together–and especially when pulling knowledge from a collective pool of resources. What role do solutions such as encryption and SSO play against a team of hackers dedicated to stealing your data? Brian chats with Jon Inns, co-founder and CEO of Threat Status, about corporate password habits, the dark web, and surprising scam victims.
The Art of Cyber Deception
August 15, 2019 19:45 - 17 minutes - 11.9 MBNowadays, adversary tactics like spear-phishing are proving to be more sophisticated and deceptive than ever. Mike Fabrico’s career includes notable accomplishments as security specialist at NASDAQ and Senior Director at TrapX Security, the world leader in cyber deception technology. He breaks down deception as a strategy—not just a tool—to provide organizations with the ability to turn the tables on their opponents. And it’s much simpler than you think.
Defending the State of Security
July 30, 2019 17:22 - 17 minutes - 12.3 MBAs CISO of the State of Vermont, Nick Andersen is involved in everything from healthcare to emergency management to academia. He and Brian dive into the crucial priorities, differences between protecting state and business data, and establishing third-party relationships to neutralize risk.
Investing in the CISO
July 16, 2019 15:18 - 15 minutes - 10.9 MBRichard Stiennon, serial author, industry expert, and Chief Research Analyst at IT-Harvest, recaps the short timeline of quality assurance in manufacturing and argues for the same approach it to cybersecurity as a core function of the business. Do investors and CISOs aligning their digital strategies accordingly and where exactly does ownership lie if, and when, the unexpected happens?
Machine Learning & Automation: Trust But Verify
July 02, 2019 16:02 - 19 minutes - 13.6 MBAmazing new developments in machine learning and artificial intelligence automate testing, reporting, and workflow. However, Lisa Huff, VP of NA Pre-Sales Engineering at Exabeam, explains its true value as a tool – not a catch-all solution. She and Brian talk customer success, newly introduced security roles, and more.
The Supply Chain Ripple Effect
June 18, 2019 16:14 - 26 minutes - 18 MBMark Weatherford, Global Information Security Strategist at Booking Holdings and former CISO of the State of California and Colorado, has over twenty years of executive-level leadership experience in some of the world’s most important organizations. He and Brian Contos discuss misconceptions of cloud security, issues in the supply chain, and evaluating all areas of your cybersecurity environment.
The Power of Uncertainty in Cyber
June 04, 2019 14:30 - 24 minutes - 17 MBSeasoned cybersecurity veteran Richard Seiersen, former SVP & CISO at LendingClub and current CEO & Co-Founder of Soluble.ai, attributes success in any career to two things: metrics and measurement. He shares his contagious passion for security, the qualities of top engineers, his latest book, and more.
From the Ground Up
May 21, 2019 16:16 - 23 minutes - 16.5 MBBrian Contos chats with Ed Amoroso, former SVP and CSO of AT&T and current CEO of TAG Cyber LLC, about priorities and advice for building a top-notch security team. From Ed’s perspective, decision-making board members must be equipped with continuous data and have instincts that come from experience, but that can be a challenging balance to find.
Securing the Future Through Education
May 14, 2019 14:38 - 25 minutes - 17.6 MBAs CISO for Ohio State University, Helen Patton has an acute vision for students and professors who are passionate about cybersecurity. While undergraduate university programs are succeeding in many areas, they are hindered by a lack of structure and guidance from the industry as a whole. She explains how to create a valuable student internship experience that offers diverse and relevant practical experience.
A Proactive Approach to Incident Response
April 30, 2019 15:13 - 25 minutes - 17.5 MBSometimes the most interesting careers emerge from the remnants of another passion. MacKenzie Brown describes how her love of theatre led her to her current work with incident response (IR) and becoming co-founder of the Ms. Greyhat Organization. She and Brian Contos talk proactivity, cracking down on communication, and key focus points for response teams.