Cybersecurity Training from Boring to Engaging With Howard Goodman

The landscape of cybersecurity training and collaboration is changing, interactive education sessions and cross team communication is key. Building a security culture and staying ahead of the modern threats has never been more important. Today's guest is Howard Goodman, Senior Technical Director at Skybox Security.

With over 20 years of experience Howard has become a well known figure in the cybersecurity world, he combines strategic planning with hands-on application across many industries. In this episode we talk about; security culture, the evolution of cybersecurity training and how Howard got phished during COVID. We also cover organisational challenges, best practices and the future of cybersecurity.

Show Notes:

• [00:48] Howard has a doctorate in cyber operations from Dakota State University. Besides working for Skybox Security, he's also an adjunct professor teaching graduate courses about cyber security.
• [01:48] Howard shares a phishing experience when he and his wife were selling on eBay during COVID.
• [03:34] If the pros can fall for something, regular people can too. We need to be on our game 100% of the time.
• [04:53] We talk about opportunities for adversaries to get in when companies have large cybersecurity teams with a lot of moving parts.
• [05:29] A lot of people ignore phishing attempts instead of reporting them.
• [06:04] It comes down to organizations training their people properly. Cyber security training is becoming more interesting, because the boring stuff just doesn't hold people's attention.
• [10:13] When talking about threats, they focus on the exposure side and the exploitability side. With most businesses, functionality comes before security.
• [12:47] Formal testing is required before upgrading security patches to make sure that they don't break down the whole system.
• [13:47] The importance of being able to leverage other security controls while testing patches. Teams need to be able to communicate and act fast.
• [14:52] Knowing about potential risk is the only way to be proactive.
• [16:36] Looking at costs and gaps in technology. Failures are often due to a breakdown in communication.
• [19:33] The approach of starting out security first.
• [25:08] Best practices include cross-training. Working together and training together. Organizations need to run simulations and see how they react as an organization.
• [31:06] Skybox talks to organizations about gaps in security.
• [35:57] We discuss the loss that can happen from not having proper security measures in place.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Dr. Howard Goodman - Skybox Security
• Dr. Howard Goodman on LinkedIn