Sharing Cyber Outside of the Security Bubble with Lesley Carhart
Hacker Valley Studio22 Marras 2022

Sharing Cyber Outside of the Security Bubble with Lesley Carhart

Lesley Carhart, Director of Incident Response at Dragos, takes some time off mentoring cybersecurity practitioners, responding to OT incidents, and training in martial arts to hop on the mics this week. Named Hacker of the Year in 2020, Lesley’s impact on the industry stretches far and wide. As an incredible content creator for cybersecurity, Lesley advises listeners on how to find their niche and who to be willing to educate along the way. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals.

Timecoded Guide:

[00:00] Giving back to the community through martial arts & cyber education

[06:13] Being excluded from the cyber industry & turning to content creation instead

[12:33] Comparing incident response in IT vs OT environments

[19:46] Dealing with post-COVID problems with the wrong OT systems online

[26:51] Finding your cyber niche & exploring education options within it

Sponsor Links:

Thank you to our sponsors Axonius and NetSPI for bringing this episode to life!

Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone

For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.

What inspired you to start creating cybersecurity content?

Lesley’s cybersecurity content has vastly influenced and impacted many cyber practitioners in the industry, including Ron and Chris. Unfortunately, Lesley’s journey into content creation was inspired by the lack of mentorship they received from other professionals when they were starting out. Never wanting anyone to feel the way they did, Lesley created an online world of resources to warmly welcome and educate new practitioners.

“It's not a really glamorous story. When I got into cybersecurity, I wanted to do digital forensics and nobody would help me, nobody would actually take me seriously and give me a shot. Everybody should have a chance to get into cybersecurity if it's something they want to do.”

How has teaching cyber to a general audience been appealing to you?

When not educating new cyber practitioners or tearing it up in the martial arts studio, Lesley likes to reach out to their community and give talks to audiences outside of typical tech and security groups. From churches to universities, Lesley loves meeting people outside of the cyber industry. These individuals always offer them a new perspective and a feeling of accomplishment for showing someone something new.

“It's enjoyable to me to find other people out there who want to learn about an entirely new topic and expose themselves to its problems and how it impacts society and things like that. I appreciate that. Cybersecurity is important and it impacts everything around us all the time.”

In your world, where does incident response start, and where does it stop?

Like many of cyber’s most complicated concepts, the answer to where incident response starts and ends is subjective to certain resources and elements of an organization. Lesley explains that incident response has to be planned and that the planning process has to involve when to declare an incident and when to close the said incident. Without proper planning in advance, an organization is at risk for a crisis that could’ve been responded to quickly turning into an out-of-control attack.

“There's no perfect defense against an incident, everybody's vulnerable. You do your best to mitigate and avoid having a cybersecurity incident, but there's only so much you can do. Eventually, you have to assume that you're gonna have an incident.”

What piece of advice do you have for anyone looking to share more knowledge and make the cyber industry better?

Although everything in cybersecurity can seem daunting, expansive, and interesting to everyone, Lesley’s recommendation to new practitioners is to find a niche in cyber and stick to it for a while. Finding a niche doesn’t have to be permanent, but Lesley believes that niche will help you carve out extensive knowledge worth sharing and creating content around. When you discover that niche, don’t be afraid to reach out to other industry experts along the way.

“Pick an area and then find mentorship in that and try to focus for a couple of years on a particular area. You can always change your mind later on, just like degrees, just like training programs, but it's going to help you a lot to focus for a little while.”

---------------

Links:

Keep up with our guest Lesley Carhart on LinkedIn, Twitter, and their blog

Learn more about Dragos, Inc on LinkedIn and the Dragos website

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase Hacker Valley swag at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Jaksot(406)

Hacker Valley Blue S2 Episode 4 - Lenny Zeltser

Hacker Valley Blue S2 Episode 4 - Lenny Zeltser

In this episode, we brought back our good friend Lenny Zeltser.  Lenny is Chief Information Security Officer at Axonius.  He's developed a mindset of looking at security components as building blocks to create a holistic security environment. To this day, even while operating as an executive, he has wisdom that anyone can learn from. Quite often, the less sexy aspects of information security are ignored, when in reality, you need to understand what resources you're supposed to protect, which assets are compromised, and the infrastructure for your organization.  People jump right into fighting the big fires, and as you know, there is a reason why there are so many day-to-day urgent activities.  To start moving in a positive direction, Lenny shares this advice, “Understand what the major data sources you can tap into rather than thinking ‘let me create this one new way of serving everything I have are.’”  The information is there. Think about three sources of information that might get you the biggest bang for the buck!   Key Takeaways:   0:00 Previously on the show 1:40 Lenny introduction 2:05 Episode begins 3:10 What Lenny is doing today 5:35 The evolution of Lenny’s career 8:30 Parallels between beginning and now 10:38 Journey and growth of REMnux 13:00 Challenges Lenny has faced 15:21 Collaboration surprises 17:18 Horror stories 20:18 Enforcing policies 23:34 Asset management 26:08 New tech and trends 28:45 Biggest discovery about self 32:38 Advice for others 34:24 Keeping up with Lenny     Links:   What Lenny Does   Lenny on the Web   Follow Lenny on Twitter   Lenny on LinkedIn   Learn more about Hacker Valley Studio   Support Hacker Valley Studio on Patreon   Follow Hacker Valley Studio on Twitter   Follow Ron Eddings on Twitter   Follow Chris Cochran on Twitter   Sponsored by Axonius

18 Touko 202135min

Hacker Valley Blue S2 Episode 3 - Chani Simms

Hacker Valley Blue S2 Episode 3 - Chani Simms

In this episode of Hacker Valley Blue, we brought in a guest who has been on a journey of transformation of self and technology.  Our guest is Chani Simms, managing director of Meta Defence Labs.  We talk about what is essential for cybersecurity.  If there was a magic box that could solve an issue, what problem would Chani want solved? “People!”  They need to be trained, and care, and have buy in.  They must be devoted to what they’re doing.  They need cultural awareness and support – it isn’t easy and the hardest job.   When it comes to leadership, organizations need to use people already in the organization.  It is important to know what they’re trying to do.  You have to use security as an enabler.  Leadership is responsible for communicating objectives and goals.     Key Takeaways 0:00 Previously on Hacker Valley Blue 1:36 In this episode 3:10 Background and day job 5:37 Cyber essentials 13:46 Keeping up to date 15:26 Access control 17:07 Security hygiene 19:48 Magic box 21:32 Leadership fundamentals 26:22 Formula 1 analogy 28: 46 Wrap up   Links: Chani on LinkedIn Chani on Twitter Email: info@metadefencelabs.com Sponsored by Axonius Hacker Valley Studio Chris Cochran on LinkedIn Ron Eddings on LinkedIn

18 Touko 202129min

Hacker Valley Blue S2 Episode 2 - Marcus Carey

Hacker Valley Blue S2 Episode 2 - Marcus Carey

Know thy organization is key! Wise words from the powerful Marcus J. Carey.  Don’t be afraid to admit the bad stuff and be honest about the situation.  Most of the time people get fired because they are scared to admit the failure.   You have to build a tight network of people you trust who will be brutally honest with you.  You need those people who are going to tell you the truth.  Other people will see your superpowers before you do.  Superman didn’t know he was different, but others saw the differences and the strengths he didn’t even realize he had.  Always pay attention to how people react to what you do, then you will figure out what you are really good at.  We over emphasize what we suck at and ignore what we are good at.  Don’t do that. You need to understand how amazing, awesome and beautiful you are.  Double down and double down hard.  Do not be afraid to show your talents and be confident in your superpower.   In security, there is a role for everybody.   Key Takeaways:   1:40 In this episode 2:12 Welcome 3:40 Marcus background 4:57 What lead Marcus to cyber 7:09 Self discovery 9:48 Creations and inventions 14:22 Gathering and retaining information 17:53 Auxiliary skill 21:35 Abilities and mission 25:26 Overlooked areas 31:44 Advice to others 35:41 Staying up-to-date with Marcus   Links:   Marcus on Twitter   Marcus' Books on Amazon Marcus on LinkedIn Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius

18 Touko 202136min

Hacker Valley Blue S2 Episode 1

Hacker Valley Blue S2 Episode 1

Welcome to Hacker Valley Blue Season 2 “Know Thyself”. Instead of focusing on the enemy – threat intelligence and environment, we are focusing on knowing yourself and security stack. You need to know the business, but also the fundamentals of security landscape. Without the fundamentals, you cannot reach the level of success you desire. Getting laser sharp on computer networks and how computers speak to each other. Without understanding how each of the pieces work together, you cannot make strategic decisions. We have many guests this season that will teach more about the fundamentals. Stop ignoring the fundamentals and find synchronicity among your team. Building this team makes an impact for the business. You will have positive outcomes. Stop sweeping the issues under the rug to make better decisions. Cybersecurity is a lot like playing a game of chess using pieces, policies, and guidelines.  Opponents use the same things but don’t play by the rules.  You continually must up your game and face the opponent who isn’t playing fairly.  Knowing business, team, story and self is so important and that is what is coming up on the rest of the season.     Key Takeaways   0:00 Welcome 2:00 Kick-off 3:13 The fundamentals 5:46 How do you get people excited? 7:07 Making an impact on a business 8:43 Where does one begin to know thyself 10:32 Formula 1 analogy 12:32 Leadership 16:00 Superpowers 19:38 Three Rs of memory 24:58 Chaos engineering 27:56 The brother’s trip 30:11 Stepping into unknown 31:15 Play at work 32:00 Season recap   Links:   Learn more about Hacker Valley Studio   Support Hacker Valley Studio on Patreon   Follow Hacker Valley Studio on Twitter   Follow Ron Eddings on Twitter   Follow Chris Cochran on Twitter   This entire season is sponsored by Axonius

18 Touko 202133min

Episode 138 - On Being Us in Technology with Kendrick Trotter

Episode 138 - On Being Us in Technology with Kendrick Trotter

Imagine, for a moment, you’re driving for Uber, and one of your riders changes your life forever! That’s the story we are sharing with you. It's all about Kendrick Trotter, the entrepreneur that has had an incredible journey in technology. Kendrick talks to us about that and the relationship between sales and engineering.   Ron and Chris are glad to be back with Kendrick Trotter who is helping diversify technology through partnerships with top technology firms. He is excited and humbled to be part of this! Kendrick shares his passion about Us in Technology. Their mission is “We are going to diversify the tech industry with more underrepresented people.” This is a very broad definition intentionally.  People associate diversity to black or brown, but really, it is variety.  Us in Technology partner with people who have coachability, drive, intelligence, and integrity. He feels they are teaching these mentees to be an entrepreneur, not a worker.  Change won’t happen until influential positions are more diverse.   To stay in touch with Kendrick or to learn more, visit his website, LinkedIn or Instagram.  Thank you   Key Takeaways   0:00 Introduction to the show 1:03 Welcome back 2:06 Kendrick joins the show 2:44 Kendrick shares his background 6:17 Catalyst to the trajectory for Kendrick 9:18 Power of Networking 13:35 Complexities of sales and engineering 15:53 Maintaining confidence 18:32 Big lesson learned 21:18 Diversity in the industry 26: 37 Surprises along the way 30:03 When change happens 30:53 Advice to those wanting into tech 32:39 Best ways to stay in touch with Kendrick 33:20 Thank you   Links: Us In Technology Website Kendrick's Instagram Kendrick on LinkedIn Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.

17 Touko 202133min

Episode 137 - Securing Virtual and Augmented Reality with Tamas Henning

Episode 137 - Securing Virtual and Augmented Reality with Tamas Henning

In this episode, we have the powerful Tamas Henning, Director of Security Engineering at Marqeta and also Trust and Safety Advisor for XR Safety Initiative.  Tamas got started in technology at a very young age and that is credited to his dad.  In the Early 90s his dad built a software company, and he was a super curious kid. By 6th grade, he learned trigonometry just so he could recreate Tetris.  Take a listen to this incredible origin story and passion project of securing XR.   Key Takeaways 0:00 Intro 1:22 Show starts with Ron & Chris 1:50 Introduction to Tamas Henning 2:25 Tamas shares his background 3:30 Introduction to tech 6:48 Challenges faced 8:20 How Tamas’ dad feels about him 9:50 Brotherly relationships 10:50 Why security? 17:37 Kids and exposure to the internet 21:27 Thoughts about information collection 24:22 XR and what it really means 27:25 Making the internet safer 29:58 Advice to people who want to make an impact 31:01 Best ways to keep up with Tamas   Links: Tamas on Twitter Tamas on LinkedIn  Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.

10 Touko 202131min

Episode 136 - From Tragedy to Triumph with Chani Simms

Episode 136 - From Tragedy to Triumph with Chani Simms

In this episode, we welcome Chani Simms, Managing Director of Meta Defence Labs as well as Founder and Chief Architect of She Ciso Exec.  Chani tells us the story of her rise from tragedy during childhood to being triumphant today.   0:00 Intro 1:03 In this episode with Chani Simms 2:22 Chani shares a bit about her background 3:35 Exposure to IT 5:24 First cold call experience 6:24 Chani’s early years in Sri Lanka 12:25 How did Chani recover from the trauma 13:08 What gave Chani hope 16:24 How a specific billboard spoke to her 18:12 Surprises along the way 20:35 Superpowers 23:00 Emotional intelligence 25:40 Having a good relationship with others 28:43 Chani’s advice to others 31:08 Connecting with Chani   Links: LinkedIn: https://www.linkedin.com/in/chani-simms Twitter: https://twitter.com/ChaniSimms Website: www.metadefencelabs.com TedX Talk: https://www.ted.com/talks/chani_simms_stop_chasing_the_magic_security_box Learn more about Hacker Valley Studio. Learn more about our sponsor AttackIQ and enroll in The AttackIQ Academy!

4 Touko 202132min

Road to the Webby's: An Underdog Story

Road to the Webby's: An Underdog Story

Vote here: https://www.hackervalley.com/vote It might seem impossible... but we need an incredible amount of votes to have a shot to win this People's Choice Webby. Who would have thought that two black cybersecurity professional with home studios, would have a shot against these huge media companies. But this prize is more than the trophy or the title. We are representing cybersecurity. We are representing the independent creators. We are representing the underrepresented. The audacious part... We believe we will win this thing. 30 seconds of your time can put us in the history books.

2 Touko 202110min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
voi-hyvin-meditaatiot-2
psykopodiaa-podcast
rss-duodecim-lehti
aloita-meditaatio
rss-psykalab
jari-sarasvuo-podcast
rss-niinku-asia-on
rss-narsisti
rss-vapaudu-voimaasi
adhd-podi
kesken
psykologia
rss-koira-haudattuna
rss-anteeks-etukateen
aamukahvilla
ihminen-tavattavissa-tommy-hellsten-instituutti
rss-liian-kuuma-peruna
rss-valo-minussa-2
rss-metropolia-ammattikorkeakoulu