Episode 116 - Start-Up Secure with Chris Castaldo
Hacker Valley Studio26 Jan 2021

Episode 116 - Start-Up Secure with Chris Castaldo

In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by Chris Castaldo, Chief Information Security Officer at Crossbeam and author of Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit. Throughout his career, Chris noticed that the same cybersecurity related problems surface but there are many different ways to solve them.

Chris has always been passionate about startups and has plans to one day start his own company. While going through lists of top 10 books for startups and entrepreneurs he didn’t find any that mentioned how to do cybersecurity at a startup. This a significant gap for startups, not baking in cybersecurity early results in expensive rework 4-10 years after the startup is founded. This led to Chris writing Startup Secure - his goal was to create a guide and methodology for startup founders to avoid the expensive mistake of not baking cybersecurity into the startup in the beginning.

As the episode progresses, Chris highlights the difference in challenges for startups that are B2B (Business-to-Business) vs B2C (Business-to-Consumer). Cybersecurity startups must weigh the risks of building a product and building a secure company. It’s easier to implement all of the security controls offered by a solution when the startup is 20 employees or less because there is less impact on users and business functions. When cybersecurity startups are selling to organizations with cybersecurity teams, the startup is asked tough questions. For example:

  • What is your vendor review process?
  • Is your startup leveraging cloud security controls?
  • What is your privacy policy?

As a cybersecurity professional, Chris emphases the importance of networking with other professionals. There is an increase in virtual conferences and adoption of LinkedIn. Asking questions to the leaders in the field and providing mentorship to others both provide a significant impact while cultivating your career. Chris also highlights the importance of following up on conversations to build relationships and securing opportunities.

When transitioning from engineer to CISO, Chris found that being intentional and purposeful with his time was impactful in his transition. He developed these skills by reading books about stoicism. He found that focusing on “the right thing to do” was tough because of constant distractions but being purposeful was the solution to distraction. Instead of focusing on all the things that were on his plate he would break down his goals into smaller chunks and give them his undivided attention for a specific amount of time.

Moments During This Podcast:

0:00 - Intro

1:57 - Chris Castaldo on Hacker Valley Studio Podcast

2:47 - Chris’ start in cybersecurity as a red team member

3:50 - Why did Chris write his book Startup Secure

6:58 - Challenges of implementing cybersecurity at a startup

9:56 - What excites Chris about cybersecurity

13:35 - How do you immerse yourself in learning about cybersecurity?

17:33 - Surprises when transitioning from engineer to CISO

22:43 - Core tenants of solving hard problems

25:53 - Protecting the crown jewels at an organization during a breach

33:38 - Advice on sharing knowledge with the world

Links:

Pre-order Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit

Learn more about Chris Castaldo and connect with him on LinkedIn.

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Avsnitt(390)

Building Opportunities for Women and Minorities in Cybersecurity with Connie Matthews

Building Opportunities for Women and Minorities in Cybersecurity with Connie Matthews

How do you create waves of change in an industry? Connie Matthews, Founder and CEO of ReynCon, speaks with Ron about the power of resilience, mentorship, and taking that first bold step in cybersecurity. In this powerful episode, Connie shares her path as a pioneering woman in cybersecurity. Discussing diversity, mentorship, and her nonprofit EmpoW-ER, Connie’s shared lessons and insights on resilience and community give listeners a blueprint for making a meaningful impact in their careers.   Impactful Moments: 00:00 – Introduction 04:27 – Mentorship impact: Building future leaders 10:14 – Embracing diversity and servant leadership 18:03 – Founding EmpoW-ER: Supporting women in cyber 24:13 – Navigating stereotypes and staying resilient 30:00 – Recognizing and celebrating young talent 36:45 – Building an inclusive cybersecurity community   Links: Connect with our guest, Connie Matthews: https://www.linkedin.com/in/conniematthews/ Learn more about EmpoW-ER: https://www.empower-infosec.org/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

6 Nov 202441min

Rethinking Cybersecurity Hiring with Naomi Buckwalter

Rethinking Cybersecurity Hiring with Naomi Buckwalter

Is cybersecurity gatekeeping holding back the industry? Naomi Buckwalter, Senior Director of Product Security at Contrast Security and Founder of the Cybersecurity Gatebreakers Foundation, argues that fresh talent and open doors are crucial for industry growth. In this episode, Naomi challenges why industry hiring norms fall short, shares candid stories of her own missteps, and explains why humility and learning are just as important as technical skills in cybersecurity.   Impactful Moments: 00:00 – Introduction 03:15 – Building a genuine presence on LinkedIn 07:40 – Founding the Cybersecurity Gatebreakers Foundation 12:00 – Why hiring juniors is a win for cybersecurity 17:58 – Relationship building in cybersecurity 25:27 – Lessons from layoffs and overcoming failure 35:45 – Setting goals and attracting opportunities Links: Connect with our guest, Naomi Buckwalter: https://www.linkedin.com/in/naomi-buckwalter/ Learn more about the Cybersecurity Gatebreakers Foundation: https://www.cybersecuritygatebreakers.org/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

29 Okt 202443min

AI, Deepfakes, and Human Risk in Cybersecurity with Perry Carpenter

AI, Deepfakes, and Human Risk in Cybersecurity with Perry Carpenter

In a world filled with AI-generated deceptions, how do we discern what’s real? Ron sits down with Perry Carpenter, author of FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions, to discuss the risks and the potential of synthetic media and human risk management. Whether you’re worried about deepfakes or curious about AI’s role in creativity, this episode has something for everyone. Impactful Moments: 00:00 – Intro 00:49 – Synthetic voices surprise in mastermind 01:42 – Perry’s new book FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions 03:42 – Psychology's role in cybersecurity 06:07 – Human risk management explained 09:14 – Deepfakes in fraud and scams 15:13 – Demo of deepfake voices 20:22 – Using cakes to explain large language models  27:00 – AI helps overcome creative blocks 32:00 – Managing AI hallucinations and risks Connect with our guest, Perry Carpenter: https://www.linkedin.com/in/perrycarpenter Purchase a copy of Perry’s book FAIK here: https://www.amazon.com/FAIK-Practical-Disinformation-AI-Generated-Deceptions/dp/1394299885 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

22 Okt 202433min

How to Become a True Security Leader with Nathan Case

How to Become a True Security Leader with Nathan Case

How does one become a true security leader? According to Nathan Case, it’s not about titles—it’s about impact.  In this episode, Nathan Case, VP of Cloud Security at Clarity, shares his journey through security leadership, including stories from his time at AWS and his approach to building mission-driven teams. Nathan discusses balancing family with leadership, the future of AI in cybersecurity, and what it takes to become a real leader in the security space. He also reflects on the importance of being chosen as a leader, rather than striving for the title.   Impactful Moments: 00:00 – Introduction 02:31 – Journey from AWS to Clarity 04:00 – Cyber Dominance 05:55 – Leading Through M&A 07:00 – Redefining the CISO Role 11:00 – Shared Security Responsibility 15:15 – Balancing Mission and Family 20:00 – AI in Security 28:30 – Leadership in Incident Response 32:00 – Woodworking and Perfectionism 35:00 – Leaders Are Chosen Links: Connect with our guest, Nathan Case: https://www.linkedin.com/in/nathancase/ Check out Nathan and Ross Haleliuk's blog on Security Incident Response here: https://ventureinsecurity.net/p/a-different-take-on-security-incident Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

15 Okt 202436min

AI and the Future of Cyber Defense with John Hubbard

AI and the Future of Cyber Defense with John Hubbard

How can AI shape the future of cybersecurity defense? In this episode, we dive into SOC operations, AI integration, and the latest in threat detection with John Hubbard, Cyber Defense Curriculum Lead at SANS. John discusses the expansive landscape of cybersecurity defense, while sharing insights on AI's role in threat detection and the cutting-edge tools that are pushing the boundaries of cybersecurity. From automation to detecting anomalies in network traffic, this episode will bring you up to speed on the latest trends and challenges facing cyber defense teams. Impactful Moments: 00:00 – Introduction 01:00 – Meet John Hubbard: Cyber Defense Curriculum Lead at SANS 02:30 – Overview of the SANS Cyber Defense Curriculum 03:30 – The Role of AI in Cybersecurity 05:30 – How AI is Shaping Threat Detection in SOCs 09:00 – Automation and AI: Practical Use Cases 15:00 – AI in Network Traffic Analysis 19:00 – The Future of SOC Operations with AI   Links: Connect with our guest, John Hubbard: https://www.linkedin.com/in/johnlhubbard/ Check out the SANS Cybersecurity Courses & Certifications: https://www.sans.org/cyber-security-courses/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

8 Okt 202434min

How Adversaries Are Living Off The Dark Web with Jason Haddix

How Adversaries Are Living Off The Dark Web with Jason Haddix

Have you ever lost something important, only to find out someone moved it without telling you? The same thing happens with our personal and business data. But what if you could see what the adversary sees?  In this episode, Jason Haddix, Field CISO at Flare, shares his experiences in red teaming, accessing dark web credentials, and protecting against malicious actors. Whether you're curious about data exposure or how threat actors operate, this conversation offers insights into the constant changes in cybersecurity.   Impactful Moments: 00:00 - Introduction 01:11 - The Basics of the Dark Web and How Criminals Operate 07:16 - Flare's Role in Cybersecurity 11:14 - Common Security Mistakes 20:04 - Pen Testing with Flare 21:33 - Exploiting Exposed Credentials 22:19 - Reconnaissance Tools and Techniques 24:38 - Email Security Concerns 28:43 - The Power of Stealer Logs 38:21 - Dark Web Tactics and AI 39:33 - Advice for Cybersecurity Leaders 42:04 - Exploring Flare’s Platform for Threat Intelligence 44:26 - Conclusion and Final Thoughts Links: Connect with our guest, Jason Haddix: https://www.linkedin.com/in/jhaddix/ Check out Flare here: https://try.flare.io/hacker-valley-media/ Check out Arcanum here: https://www.arcanum-sec.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

1 Okt 202444min

AT&T Dynamic Defense: Security Before It Reaches Your Company's Doorstep with Senthil Ramakrishnan

AT&T Dynamic Defense: Security Before It Reaches Your Company's Doorstep with Senthil Ramakrishnan

In this episode, Ron Eddings and Jen Langdon speak with Senthil Ramakrishnan, Assistant Vice President of Cybersecurity Product at AT&T Business. Senthil shares information about how a new product, AT&T Dynamic Defense™, helps protect customers by providing threat detection and mitigation at the network edge. They’ll discuss how it can address evolving cybersecurity threats, including real-world examples like the Log4j vulnerability, and how its simplicity allows for a zero-touch experience.   Impactful Moments: 00:00 - Welcome 01:01 - Introducing guest, Senthil Ramakrishnan 04:01 - Security at the Network Edge 05:57 - Fitting in With Businesses 08:00 - “Can You Just Block It For Us?” 10:05 - Stopping Log4j 11:18 - Default Enabled Policy 15:57 - How Involved is the Customer? 16:40 - Simplifying Security for Customers   Links: Connect with our guest Senthil Ramakrishnan: https://www.linkedin.com/in/senthil-ramakrishnan-66406b30/ Check out AT&T Dynamic Defense™: https://www.business.att.com/products/att-dynamic-defense.html Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams

24 Sep 202418min

Soft Skills in Technical Sales to Connect and Sell More with Evgeniy Kharam

Soft Skills in Technical Sales to Connect and Sell More with Evgeniy Kharam

Technical skills open doors, but are soft skills sealing the deal? In this episode, Evgeniy Kharam reveals how communication and connection lead to success in technical sales.    From vulnerability to voice control, Evgeniy shares how to connect with clients and sell more effectively in tech.   Evgeniy Kharam has authored “Architecting Success: The Art of Soft Skills and Technical Sales”, to teach the art of soft skills, and the importance of building connections through vulnerability.   Impactful Moments: 00:00 - Introduction 01:08 - Meet Evgeniy Kharam  02:21 - Ski & Snowboard Cybersecurity Conference 06:22 - Impact of Events and Community Building 10:19 - ‘Architecting Success’ 10:36 - Sales Engineers’ Evolving Role 25:58 - POCs and Soft Skills 28:01 - Your Voice: A Key Soft Skill 31:28 - Connect with Evgeniy   Links: Connect with our guest, Evgeniy Kharam: https://www.linkedin.com/in/ekharam/ Check out Evgeniy’s Book, “Architecting Success: The Art of Soft Skills in Technical Sales: Connect to Sell More“ here: https://a.co/d/0xJSyew Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

17 Sep 202431min

Populärt inom Utbildning

bygga-at-idioter
historiepodden-se
det-skaver
rss-bara-en-till-om-missbruk-medberoende-2
alska-oss
nu-blir-det-historia
svd-ledarredaktionen
harrisons-dramatiska-historia
allt-du-velat-veta
johannes-hansen-podcast
roda-vita-rosen
rikatillsammans-om-privatekonomi-rikedom-i-livet
not-fanny-anymore
rss-max-tant-med-max-villman
sektledare
sa-in-i-sjalen
i-vantan-pa-katastrofen
rss-sjalsligt-avkladd
jagaren
rss-npf-podden