Sharing Cyber Outside of the Security Bubble with Lesley Carhart
Hacker Valley Studio22 Marras 2022

Sharing Cyber Outside of the Security Bubble with Lesley Carhart

Lesley Carhart, Director of Incident Response at Dragos, takes some time off mentoring cybersecurity practitioners, responding to OT incidents, and training in martial arts to hop on the mics this week. Named Hacker of the Year in 2020, Lesley’s impact on the industry stretches far and wide. As an incredible content creator for cybersecurity, Lesley advises listeners on how to find their niche and who to be willing to educate along the way. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals.

Timecoded Guide:

[00:00] Giving back to the community through martial arts & cyber education

[06:13] Being excluded from the cyber industry & turning to content creation instead

[12:33] Comparing incident response in IT vs OT environments

[19:46] Dealing with post-COVID problems with the wrong OT systems online

[26:51] Finding your cyber niche & exploring education options within it

Sponsor Links:

Thank you to our sponsors Axonius and NetSPI for bringing this episode to life!

Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone

For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.

What inspired you to start creating cybersecurity content?

Lesley’s cybersecurity content has vastly influenced and impacted many cyber practitioners in the industry, including Ron and Chris. Unfortunately, Lesley’s journey into content creation was inspired by the lack of mentorship they received from other professionals when they were starting out. Never wanting anyone to feel the way they did, Lesley created an online world of resources to warmly welcome and educate new practitioners.

“It's not a really glamorous story. When I got into cybersecurity, I wanted to do digital forensics and nobody would help me, nobody would actually take me seriously and give me a shot. Everybody should have a chance to get into cybersecurity if it's something they want to do.”

How has teaching cyber to a general audience been appealing to you?

When not educating new cyber practitioners or tearing it up in the martial arts studio, Lesley likes to reach out to their community and give talks to audiences outside of typical tech and security groups. From churches to universities, Lesley loves meeting people outside of the cyber industry. These individuals always offer them a new perspective and a feeling of accomplishment for showing someone something new.

“It's enjoyable to me to find other people out there who want to learn about an entirely new topic and expose themselves to its problems and how it impacts society and things like that. I appreciate that. Cybersecurity is important and it impacts everything around us all the time.”

In your world, where does incident response start, and where does it stop?

Like many of cyber’s most complicated concepts, the answer to where incident response starts and ends is subjective to certain resources and elements of an organization. Lesley explains that incident response has to be planned and that the planning process has to involve when to declare an incident and when to close the said incident. Without proper planning in advance, an organization is at risk for a crisis that could’ve been responded to quickly turning into an out-of-control attack.

“There's no perfect defense against an incident, everybody's vulnerable. You do your best to mitigate and avoid having a cybersecurity incident, but there's only so much you can do. Eventually, you have to assume that you're gonna have an incident.”

What piece of advice do you have for anyone looking to share more knowledge and make the cyber industry better?

Although everything in cybersecurity can seem daunting, expansive, and interesting to everyone, Lesley’s recommendation to new practitioners is to find a niche in cyber and stick to it for a while. Finding a niche doesn’t have to be permanent, but Lesley believes that niche will help you carve out extensive knowledge worth sharing and creating content around. When you discover that niche, don’t be afraid to reach out to other industry experts along the way.

“Pick an area and then find mentorship in that and try to focus for a couple of years on a particular area. You can always change your mind later on, just like degrees, just like training programs, but it's going to help you a lot to focus for a little while.”

---------------

Links:

Keep up with our guest Lesley Carhart on LinkedIn, Twitter, and their blog

Learn more about Dragos, Inc on LinkedIn and the Dragos website

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase Hacker Valley swag at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Jaksot(404)

Vulnerability Hunting & AI with Brian Contos

Vulnerability Hunting & AI with Brian Contos

In this episode, hosts Ron and Chris are joined by Brian Contos, Chief Strategy Officer at Sevco to discuss his “movie-like” career trajectory and the rise of artificial intelligence (AI) in cybersecurity. With two IPOs and eight acquisitions under his career belt, Brian expresses his passion for startups and how getting out of his comfort zone transformed his business knowledge. The group also dives into the rise of artificial intelligence and how it will revolutionize the cybersecurity landscape. Stay in touch with Brian Contos: https://www.linkedin.com/in/briancontos/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 00:00 - Intro 01:09 - Introducing Brian Contos 04:03 - Brian’s passion for startups 06:13 - Emerging tech & AI 07:50 - The intersection of AI & cybersecurity  09:50 - The future impacts of AI 10:58 - How will AI enhance cybersecurity? 15:02 - Data assessment vs data integration 17:46 - Join our community! 18:48 - Getting out of your comfort zone 21:21 - Small touches lead to big finishes

20 Kesä 202324min

Balancing Work & Parenting In Cybersecurity

Balancing Work & Parenting In Cybersecurity

In this episode, Ron and Chris discuss the challenges of balancing cybersecurity and parenting. Chris, a father of three, shares his experience of being a parent while also working in cybersecurity. They talk about the sacrifices that come with being a parent and how to prioritize family while still maintaining a career in cybersecurity. They also discuss the importance of having a plan but being flexible enough to adapt to unexpected situations.  Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 02:39 - Balancing cybersecurity and parenting 04:27- Maternity/paternity leave in cyber 08:33 - Skills in parenting for cybersecurity 10:36 - Career sacrifices 14:05 Parenting with a support system 17:31- Being more than a parent

13 Kesä 202320min

What Is Security Architecture?

What Is Security Architecture?

In this episode of Hacker Valley Studio, Ron and Chris take a deep dive into all things Security Architecture and the essential skills you need to thrive in your role. Ron shares insights from his personal journey into security architecture as well as his expert advice on how to break in and stand out in the field. Links: Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 01:22 - What is Security Architecture? 03:04 - Day in the life of a security architect 04:01 - Different types of security architects 06:01 - Ron’s journey into security architecture 07:49 - What skills do you need? 08:40 - Join our community! 09:21 - Ron’s best practices 10:24 - Finding the right solutions 11:36 - What is the salary potential? 12:59 - How to stand out 13:52 - Advice for those breaking into the field

6 Kesä 202315min

Technical Dojos: Cultivating Skills and Navigating Change in Cybersecurity

Technical Dojos: Cultivating Skills and Navigating Change in Cybersecurity

In this cybersecurity podcast episode, Chris Cochran and Ron Eddings discuss the concept of 'dojos' as environments for growth and learning, drawing on experiences from their own career paths in cybersecurity. The 'dojo' metaphor is applied to various life experiences, with an emphasis on cybersecurity communities and events. Chris describes his journey to the west coast where he lived in a hacker house, a form of dojo where he, along with his roommates, focused on cybersecurity, technology, personal growth, and development. This life-changing experience spurred the creation of their podcast. Links: Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 0:00 - Intro 00:55 - What is a dojo? 02:25 - Technical/cybersecurity dojos 05:17 - Getting started 07:21 - What should you look for in a dojo community? 09:06 - How to level up and give back 10:14 - Join our community! 11:36 - When is it time to move on? 12:50 - Learning hurts - embrace it! 13:59 - What’s your next dojo?

30 Touko 202315min

Attack Surface Management: The Grit Needed for True Cyber Resilience with Nabil Hannan

Attack Surface Management: The Grit Needed for True Cyber Resilience with Nabil Hannan

Join hosts Ron and Chris as they dive into the world of Attack Surface Management (ASM) in this episode recorded live at RSAC 2023. Special guest Nabil Hannan, a seasoned industry expert and Field CISO at NetSPI, shares his wealth of knowledge and expertise in this critical field. Together, they explore the evolving landscape of ASM, highlighting NetSPI's unique approach compared to other solution providers and shedding light on the state of ASM to empower listeners to enhance their security posture. NetSPI has a team of skilled pen-testers that can help you find those critical vulnerabilities and become your partner in creating the right remediation game plan for you. Check them out at https://www.netspi.com/HVM Links: Connect with Nabil Hannan on LinkedIn: https://www.linkedin.com/in/nhannan/ Connect with us on LinkedIn: https://www.linkedin.com/company/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 01:08 - Introducing Nabil Hannan 01:25 - Relationship-building through play 04:39 - The power of authenticity 05:39 - What is a Field CISO? 07:02 - The rise of attack surface management 09:17 - What makes NetSPI different? 11:26 - A word from our sponsor 12:17 - Attack surface management for SMBs 15:15 - ASM solutions & false positives 17:16 - An ASM case study 21:15 - Red teaming influence on ASM 24:12 - Where do I get started with ASM?

23 Touko 202325min

A Tale of Two Risks: Third-Party and SaaS Security

A Tale of Two Risks: Third-Party and SaaS Security

In this episode, hosts Ron and Chris are joined by Paul Valente, CEO and co-founder of VISO Trust, and Bryan Wong, Sr. Security Analyst at Headspace, as they dive into the world of third-party risk in cybersecurity. With conversations ranging from the current state of third-party risk to identifying trustworthy vendors such as VISO Trust, they'll provide insights into how organizations manage partnerships in a scalable and secure way. Say goodbye to frustration and hello to peace of mind with VISO TRUST! Visit https://visotrust.com/hackervalley/ to learn how to transform your third-party risk management program. Links: Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 01:03 - Introducing Paul Valente & Bryan Wong 01:54 - The current state of third-party risk 02:46 - VISTO Trust — trust through transparency 04:43 - Headspace’s approach to 3rd party providers 05:23 - Managing risk successfully 07:44 - There’s a better way! 09:04 - Risk assessment & procurement 11:37 - VISO Trust & Headspace’s approach to AI 14:43 - A word from our sponsor 15:26 - The challenges of complete visibility 17:16 - Continuous, automated due diligence 18:52 - Identifying trustworthy vendors 21:34 - Doing more with less/cost-effectiveness 23:22 - Is 100% automation doable? 24:20 - You can have your cake and eat it too with third-parties

16 Touko 202325min

Paying the Piper in Cybersecurity: Balancing Success and Personal Life

Paying the Piper in Cybersecurity: Balancing Success and Personal Life

In this episode, Ron Eddings and Chris Cochran discuss the concept of "paying the piper" and its impact on their careers and personal lives. Paying the piper means facing the consequences of one's actions, whether they are good or bad. Chris shares his personal struggles and successes while working at Netflix, where he had to balance his career and family. Ron and Chris also discuss the importance of finding balance in one's life, understanding the consequences of one's actions, and recognizing the impact of one's legacy on both their family and the world.   Links: Icarus’ Balloon: https://www.linkedin.com/pulse/icarus-balloon-short-story-chris-cochran-chris-cochran Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord   Impactful Moments: 00:00 - Introduction 01:18 - What does it mean to ‘pay the piper’? 03:22 - Sacrifices and paying your dues 05:06 - Icarus’ Balloon 07:16 - Maintaining a balanced life 08:36 - Join our community! 09:40 - What is your legacy? 13:32 - Conflict = growth 15:27 - Learning to love the process 18:05 - The power of exploration 19:34 - Staying committed

9 Touko 202321min

CISO Burnout and Gaps in Cybersecurity Detections with Jack Roehrig

CISO Burnout and Gaps in Cybersecurity Detections with Jack Roehrig

In this podcast episode, Jack Roehrig, Technology Evangelist at Uptycs, discusses his experience with burnout and health issues due to his job as a Chief Information Security Officer (CISO). Jack has always known health is wealth and retired to Mexico for a few months to recover from his burnout. Despite telling himself he wouldn't work again, Jack discovered Uptycs, a leading XDR platform that has the opportunity to change cybersecurity and joined their team as Technology Evangelist. Links: Follow Jack Roehrig on LinkedIn: https://www.linkedin.com/in/jackery/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 00:00 - Introducing Jack Roehrig 01:40 - Jack’s security origin story 04:50 - The harsh realities of burnout in tech 05:33 - Finding peace in Mexico 07:51 - Working for your purpose 11:26 - From risk aversion to risk tolerance 13:51 - Join our community! 15:37 - Falling in love with XDR

2 Touko 202322min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
voi-hyvin-meditaatiot-2
psykopodiaa-podcast
rss-monarch-talk-with-alexandra-alexis
ihminen-tavattavissa-tommy-hellsten-instituutti
rss-liian-kuuma-peruna
rss-arkea-ja-aurinkoa-podcast-espanjasta
mielipaivakirja
rss-luonnollinen-synnytys-podcast
rss-niinku-asia-on
adhd-podi
aloita-meditaatio
psykologia
eevan-politiikkapodi-totuuksia-suomesta
rss-uskonto-on-tylsaa
rss-finnish-with-eemeli-podcast
rss-valo-minussa-2
rss-koira-haudattuna
rss-vapaudu-voimaasi
rss-sisun-alkemia