Unleashing the Power of Cybersecurity Purple Teams with Maril Vernon
In this episode of the podcast, Maril Vernon joins Ron and Chris and discusses the importance of breaking down silos between cyber teams and inspiring individuals to drive their own careers in cybersecurity. Maril has been a key player in promoting the concept of purple teaming - the combination of red teaming and blue teaming to improve an organization's overall security posture. She discusses the importance of hands-on experience and practical knowledge over just having certifications. Maril's approach to her career has been driven by her passion for the work and her desire to break down silos between different cybersecurity teams. She emphasizes that individuals can drive their own success in the field and take control of their careers, regardless of the limitations their organizations or the industry may impose. Through her collaborations with organizations such as Cyber Queens and nonprofit foundations, she hopes to provide more educational material to high school and college students to inspire the next generation of cybersecurity professionals. Maril has big plans for the future, including starting a doctorate program in cybersecurity and working on several undisclosed projects that she promises to share in future podcasts. She hopes to leave a legacy of empowering individuals in the cybersecurity field and inspiring them to love their work and take control of their careers. This cybersecurity podcast episode is a must-listen for anyone looking to pursue a career in cybersecurity and gain insight into the field from a successful professional. -------------- Links: Stay up to date with Maril Vernon on LinkedIn Join our Patreon monthly creative mastermind Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
31 Tammi 202333min
Security Teams Can’t Do It All with Rob Wood CISO @ CMS
In this episode of Hacker Valley Studio, Rob Wood, Chief Information Security Officer (CISO) at CMS, discusses the challenges of data silos within organizations. Rob explains that security teams often operate in silos, with different departments focusing on various aspects of security, such as incident management, compliance, and penetration testing. One way to improve this is by flattening the organizational structure and finding ways to work together in the same data environments, using the same data tools. This would allow teams to collaborate better and share information, improving overall security. In the episode, Rob also highlights the importance of supportive leadership and culture in driving change and the impact of the mission in his work. Ron picks up on two key elements - people and communication - as important in cybersecurity and business, as breakdowns often happen due to lack of communication. Chris mentions how he is hard on leaders who create toxic environments or use fear and intimidation to lead their teams. He also notes that he is starting to see a different kind of leader in the technical space, one that knows a lot, and is intelligent but also knows how to talk to people and make them feel seen. The conversation then shifts to where this change in leadership is coming from. Rob Wood suggests that it is the next wave of leaders coming in, as there are more leadership opportunities available. He also notes that there are many people moving into security from diverse fields, creating a polymath effect of blended disciplines. This helps humble people and allows them to be more human. He also mentions that his own career path was not traditional, as he studied sports management in college and transitioned into an internship in cybersecurity. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals. -------------- Links: Stay up to date with Rob Wood on LinkedIn Join our Patreon monthly creative mastermind Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
24 Tammi 202330min
Advocating for Better Security in Healthcare with Taylor Lehmann
Taylor Lehmann, Director of Office of the CISO at Google Cloud, has made it his mission to make healthcare and life sciences more secure and strategic for everyone. Joining our security podcast this week, Taylor talks about how security and strategy have to start with people— from properly managing them to realistically motivating them. Healthcare is in need of some serious security TLC and Taylor is ready to tackle the difficult questions about how personal medical data can stay safe in a constantly evolving environment. Timecoded Guide: [01:47] Motivating your team & understanding your real cyber constraints [06:19] Creating a shared, measurable goal for every team [14:26] The haves and have-nots of healthcare security [22:08] Revolutionizing the security standard of healthcare [25:16] How to not fail your future self Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals. -------------- Links: Keep up with our guest Taylor Lehmann on LinkedIn and Twitter Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
17 Tammi 202326min
Solving Fundamental Cybersecurity Problems with Maxime Lamothe-Brassard
Maxime “Max” Lamothe-Brassard, Founder of LimaCharlie, brings a tech-focused community perspective and a history of working at Google to the Hacker Valley security podcast this week. Inspired by the internal motivation to empower others and build what didn’t exist, Maxime created LimaCharlie to help security teams automate and manage security operations. In this episode, Max walks through his founder’s journey and points out the problems that are begging for innovative solutions from the brightest minds in cyber. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals. Timecoded Guide: [01:59] Improving community & empowering practitioners [06:04] Leaving Google for LimaCharlie [10:55] Unpacking the incentivization problem of cyber [16:21] Targeted products vs massive suites of problem solvers [21:29] Looking at a red team-less future Sponsor Links: Thank you to our sponsors Axonius and NetSPI for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more. --------------- Links: Keep up with our guest Maxime Lamothe-Brassard on LinkedIn Learn more about LimaCharlie on LinkedIn and the LimaCharlie website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
10 Tammi 202324min
Building Leadership Strategy Beyond Tech with Brian Haugli
Brian Haugli, Founder and CEO of SideChannel, brings his CISO expertise to the security podcast this week for a discussion about strategy and leadership in cybersecurity. Working alongside CISOs and fractional VCISOs, Brian has seen his share of leadership mistakes and has learned about the purposeful approach that security needs along the way. In this episode, Brian revises the mantra of “people, process, and technology,” to include the first and most important element in your security success: purposeful strategy. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals. Timecoded Guide: [02:01] People, process, and technology in your leadership strategy [05:12] Tenants of a strong security strategy [13:11] Setting up new fractional CISOs for success [18:29] Creating SideChannel & walking the line between CISO vs consultant [27:44] Thriving professionally by thriving personally Sponsor Links: Thank you to our sponsors Axonius and NetSPI for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more. What has been your philosophy throughout the years when it comes to leadership versus technology? The security adage of “people, process, technology” isn’t one combined concept. That is, in Brian’s opinion, why so many leaders make the mistake of prioritizing technology as a central part of their strategy. Strategy is not what technology you use, and you can’t buy your way out of every security conflict with a shiny new product. Ask yourself what problem you’re supposed to solve, not which tech is going to solve your problems. “Strategy is not technology, it's figuring out what you want to look like when you grow up, in a sense. Everyone jumps to the shiny object. What can I buy to go solve this problem? You never stop and question: Was that the first problem I was supposed to solve?” What are the tenants of making sure that you've done the work of creating a strong security strategy? The North Star of your security strategy should be the identity and purpose of your business, according to Brian. If you don’t have a current assessment of your current capabilities, assets, resources, and objectives, you aren’t positioning yourself for success. Strategy comes from a knowledge and understanding of where you are now, and where you need to be. When your company “grows up,” what do you want security to look like for you? Understanding that guides you towards your target state without wasting your time on the wrong problems or objectives. “I think a lot of people throw strategy around as a grander concept and don't actually think about the elements that need to go into building one. You need to align to a definition that supports your business and outcomes, and that's what is strategic. The idea is not strategic.” Let's say I'm a brand new fractional CISO and I have my first client. What are the top three questions I'm going to ask of this organization to set me on the right path? When dealing with a new client, fractional CISOs have to understand why they’re involved with this client in the first place. Why are you here? Who brought you here? And, most importantly, what is the reason security is being addressed now? A fractional CISO can’t defend what they don’t know exists, and they can’t meet a deadline without first understanding what this company’s unique security environment needs are. “You don't jump into, ‘Okay, well, what's the budget?’ No, I like to understand what I have to actually defend and build to, how fast I have to actually make that happen, that then informs and sets up the much better discussion around, realistically, what you should be considering.” What advice do you have for our audience that is interested in becoming a CISO? Although Brian jokes that he would advise anyone against taking on a CISO role due to the workload, he understands and loves the grind of cybersecurity leadership. To not only survive but thrive as a CISO, Brian believes a practitioner has to keep their love for problem-solving and protecting organizations at the forefront. Still, as passionate as someone might be, Brian also advises knowing when to unplug and unwind to avoid burning out fast in such a strenuous role. “Look, just take care of yourself. I think exercising is huge. Eat right, sleep right. You've got to take care of your mental health, take care of physical health, you've got to take care of your spiritual health. You've got to do all that, or you're never going to be good professionally.” --------------- Links: Keep up with our guest Brian Haugli on LinkedIn and Twitter Learn more about SideChannel on LinkedIn and the SideChannel website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
3 Tammi 202332min
A Rebel’s Heart & A Leader’s Mind with Allison Minutillo
Allison Minutillo, President of Rebel Interactive Group and Host of the Rebel Leadership podcast, joins the Hacker Valley team this week to talk about her journey from individual contributor to company leader. With a leader’s mind and a rebel’s heart, Allison wants Rebel Interactive Group to break down barriers and say what needs to be said. In this episode, Allison talks about intuition vs insecurity, practitioners vs leaders, and burning out vs staying invested and engaged in the world around you. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals. Timecoded Guide: [00:00] Shifting from an employee to a leadership mindset [07:44] Getting real about leadership struggles on the Rebel Leadership podcast [13:24] Rebelling for the great good of your company & yourself [19:40] Finding career inspiration as a business owner & company president [25:41] Struggling to realize your full leadership potential as an individual Sponsor Links: Thank you to our sponsors Axonius and NetSPI for bringing this security podcast to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more. What went into that mindset shift from individual contributor to the leader for you? Leadership was an appealing concept to Allison, but stepping into the role of President at a company was beyond her wildest dreams. Being close to Bryn, the former President of Rebel, opened her eyes to the qualities of leadership she wanted in herself. However, the true mindset shift from contributor to leader came from Bryn’s understanding of Allison’s skills. It wasn’t until he brought up her being his successor that Allison saw the leader she knew she could be. “I set my sights on what I thought was high. I started over-talking to [Bryn, at Rebel] because I was so nervous, and he said, ‘No, I'm talking about you being my successor, about you being president of Rebel.’ I instantly stopped everything I was saying and it became crystal clear.” What exactly is Rebel Leadership and how does it relate back to your philosophies? The term “rebel leadership” is a concept that existed before Allison’s Rebel Leadership podcast began, but it embodies what Allison hopes Rebel Interactive Group represents for all of its clients. Being a rebel isn’t just about breaking the rules or telling it like it is, it’s about making a difference. Being a rebel leader is about challenging the status quo for the greater good of your clients, your employees, and your industry. “It's not rebelling for rebels' sake, it's that we're not good with the status quo. We're not okay with it, but we're not careless. We rebel with purpose. It's informed. It's data backed, it's compelling, it's precise, it's meaningful. We are not afraid to state what needs to be said.” What do you say to those leaders that approach leadership almost like being a martyr? The hustle and grind of being a leader can feel like endless amounts of hard work. However, in Allison’s experience, overworking yourself and refusing to disconnect maximizes the pain, but minimizes what you gain. Burnout is real, and cybersecurity practitioners definitely know burnout can be fatal for your career. Allison advises resting and giving yourself the time to reflect at the end of a long day, instead of forcing yourself to be a martyr. “Doing that next ‘to-do’ list on your couch at 10:30 pm when you're spent and you're drained is not going to make you the leader you want to be tomorrow. It's going to make you frustrated and tired and not able to perform at a high level the next day.” How do you differentiate the good advice of intuition from your inner echo chamber of not-so-good advice? It’s easy to get caught up in the eternal inner echo chamber when trying hard to learn and reflect on your experiences. Allison has had this happen to her, too; getting caught up in reading online comments and letting self-doubt control her thoughts. However, Allison explains that the grit of a true leader can drive you through the setbacks of criticism, whether that criticism comes from outside or within. What matters most is choosing to believe in yourself as a leader. “That's when grit and will come in, in those moments where you're at the bottom of the barrel. Do you believe in yourself? Are you going to choose to believe in yourself, or are you going to choose to believe the comments?” --------------- Links: Keep up with our guest Allison Minutillo on LinkedIn Learn more about Rebel Interactive Group on LinkedIn and the Rebel website Listen to the Rebel Leadership podcast Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
20 Joulu 202229min
People-Focused Leadership in Cybersecurity with Cody Wass
Cody Wass, VP of Services at NetSPI, brings his near-decade of experience to the pod to talk about longevity, development, and leadership. It’s no secret that cybersecurity is in need of people. Cody’s journey from intern to VP at NetSPI has shown him the importance of training employees, creating opportunities for new graduates, and engaging teams effectively, both virtually and in person. In this episode, Cody provides the roadmap toward intentional employee investment in the ever-changing cyber industry. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals. Timecoded Guide: [00:00] Cyber career longevity from NetSPI intern to VP [07:51] Putting people before process & technology at NetSPI [15:33] Collaboration as the foundation of the cybersecurity industry [18:13] Understanding cyber’s entry-level position problem [24:12] Investing intentionally in employee development Sponsor Links: Thank you to our sponsor NetSPI for bringing this security podcast to life! For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more. Detect and protect the unknown with NetSPI's new and free attack surface management scan! Check it out now at asm.netspi.com/ You’ve been at NetSPI for 9 years. When you think about a rewarding feeling in your journey at the company, what comes to mind? Starting his journey at NetSPI as an intern, Cody has had the rare but impactful opportunity to grow alongside the company. Now, as VP of Services, looks back at the lives he’s impacted himself and the opportunities he’s had to see others grow. Employee development is a huge part of NetSPI’s success. Cody is proud to have seen newcomers join his team and become amazing practitioners over the years. “It's really rewarding seeing people come into this industry as a fresh face with a specific skill set, to watch them grow over and see them really spread their wings, and come out the other side stronger, better, and having a skill set that you never would have imagined day one.” NetSPI has a very unique culture and philosophy about balancing that duality between technology and people. Could you tell us a little bit about that? People come first, before process and technology, at NetSPI. While all three elements of this sacred cyber trifecta are important, Cody and his team believe that the balance should focus on making the lives, skills, and experiences of the people at NetSPI better. Process should be taught to the people, with a focus on prosperity and consistency. Technology should be implemented intelligently, with proper training and time given to the people for the best results. “NetSPI’s differentiator is our people, first and foremost, and then, our process and our technology. We have a ton of really cool things we're doing with tech, but the focus is always on: How can you use that tech to make a person more efficient at their job?” How important is collaboration for you and your team at NetSPI? Collaboration is built into the DNA of NetSPI, from how employees are trained to how NetSPI interacts with the industry around them. Cybersecurity thrives when teams, practitioners, and organizations work together for the sake of the greater good. Even though COVID and remote workers have increased the virtual footprint of NetSPI, Cody still emphasizes the importance of communication and collaboration with his team and to practitioners around the world. “This industry we work in is super interesting. It'll never be finished; you're never going to learn everything there is about security and be able to call it done. We're far past the point where one person is going to be the expert of everything in cybersecurity.” For anyone in a cybersecurity leadership position who wants to start to really invest in their people, what would be your recommendation on where to start? Intentionality is vital for the success of any leader trying to invest in their employees. Cody explains that it’s one thing for leaders to want to invest in training and professional development opportunities for their team, but another thing entirely when it comes to implementation. If a leader isn’t intentional, they won’t have clear goals for investment and will risk letting implementation fall to the wayside for the sake of a budgetary line. “Yes, we are going to be making this investment. It is going to cost us. It will cost us time, it will cost us money, but we are committed to making that investment because we know the payoff in 12 months or 18 months or 24 months is going to ultimately be worth it.” --------------- Links: Keep up with our guest Cody Wass on LinkedIn Learn more about NetSPI on LinkedIn and the NetSPI website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
15 Joulu 202225min
Improv-ing Your Way to Better Vendor Meetings With Brad Liggett
Brad Liggett, CTI Intel Engineer Manager at Cybersixgill, puts on his improv hat and joins the pod ready for anything. After COVID pressed pause on daily life, Brad kept himself sane and gained some new skills by returning to his improv roots (a hobby he had in the ‘90s) and taking up Dungeons & Dragons. In this episode, Brad covers the importance of improv skills in the professional world, the opportunities to add elements of gaming into cyber, and advice for practitioners looking to be more agile. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals. Timecoded Guide: [00:00] Introducing the unique combination of improv & cybersecurity [05:57] Being a life-long learner in cybersecurity & in improv groups [13:20] Practicing improvisational skills for cybersecurity customer conversations [18:17] Bringing in games & elements of play into cybersecurity environments [24:38] Advice for a more agile, improvisational tomorrow Sponsor Links: Thank you to our sponsors Axonius and NetSPI for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more. Is there a skill that you called upon during an interaction with a customer where you really leaned on your improv muscle? Improv often involves one phrase that Brad believes other industries should incorporate, too: “Yes, and.” In cybersecurity, Brad leans heavily on the “Yes, and,” phrase because it encourages conversations to move forward authentically. Meetings aren’t successful when customers and clients feel uncomfortable and unengaged. Being able to think on his feet and prepare for changes makes Brad a stronger, more agile practitioner and communicator. “The whole concept of moving the meeting forward and making sure that there are no uncomfortable silences. Be prepared, have an idea of what you want to talk about, but inevitably, the client you're talking to, everyone's going to be unique.” What do you think is the glue that holds your interests in cyber and improv together? Being a life-long learner is something extremely important and valuable for Brad. For improv, research on the latest media, memes, and movies influences his work and motivates him to stay up-to-date and be involved in some fun research. Cybersecurity is the same way. Brad believes to be the best practitioner and leader for his team, he needs to be knowledgeable about vendors, threats, products, and all things new in the industry. “You always have to be reading, you always have to be aware of what's going on in the environment out there in the world, so that as those things come up, at least you can somewhat talk to them and start to put those pieces together.” What has been your experience with bringing an element of play into cyber? Cybersecurity can’t be all work and no play. Instead, Brad believes that cybersecurity teams should continue to prioritize the gamification of training processes, as well as just letting their teams have a little fun. Sometimes, to build a strong, trusting team, there needs to be an outside outlet for problem-solving, puzzling, and creativity. Brad even brought his team at Cybersixgill to a Meow Wolf exhibition this year for that same team-building reason. “We work hard, but we also should make sure that we play, and not only just do that individually, but even as teams, especially now. It's not always going to be about the training aspect, you also have to take that time to bring that team together.” What is a piece of wisdom that people could take with them to work tomorrow to make them more agile and improvisational? When it comes to agility and improvisational skills, you have to have a strong foundation to build off of. For Brad, taking time for himself and understanding when and how he learns best has been vital to his success. Listening to podcasts at the gym, reading something new at hotels, and getting a good night’s sleep are all little things that help Brad consistently become more agile and improvisational at work. “For me, it’s always having some sacred time at the end of the day. There's no TV in my bedroom, and my phone is telling me around 8:30, ‘Hey, it's wind down time,’ and that's when I'm getting in the mode for sleep, and then making sure I've got a good night's sleep.” --------------- Links: Keep up with our guest Brad Liggett on LinkedIn and Twitter Learn more about Cybersixgill on LinkedIn and the Cybersixgill website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
13 Joulu 202227min
