Ep. 301 - Security Awareness Series - Leadership Relationships and Becoming a CISO with Travis Farral

This month, Chris Hadnagy is joined by Marilise de Villiers. Marilise is a mindset and performance coach, a TEDX speaker, and a cybersecurity awareness, culture, and talent expert. While at one time she was a female executive in a Big Four consulting firm she is now the founder and CEO of her own company, ROAR! Coaching and Consulting, which helps people find their purpose, their power, and gives people the courage to speak their truth. November 8, 2021 00:00 – Intro Social-Engineer.com Managed Voice Phishing Managed Email Phishing Adversarial Simulations Social-Engineer channel on SLACK CLUTCH innocentlivesfoundation.org Human Behavior Conference 04:35 – What made you leave an amazing corporate company and forge a path for yourself? 08:09 – How did you escape the bad things in your life and turn into a person who helps other people find their strength? 10:47 – How did you get out of the cycle of abuse? 14:42 – Figuring out the role you play and taking back the power 17:06 – Finding a hobby 21:00 – How did you come upon this trifecta of things to better yourself? 25:10 –What have you found is the overwhelmingly common problem that people have when you first start working with them on bettering themselves? 27:56 – Changing your "self" view 30:32 – What would be a suggestion to give someone to "start today"? 34:35 – How do you suggest people find balance when most of us have spent most of our lives being imbalanced? 37:20 – How has this life change for you affected your kids? 38:55 – Who do you consider your greatest mentors? Family: Mom, dad, grandmother, grandfather Brendon Burchard Tony Robbins Dean Graziosi Maya Camerota 41:05 – What books would you recommend to our listeners? Marilise's Book – Roar!: How To Tame The Bully Inside and Out Radical Compassion – Tara Brach Think And Grow Rich – Napoleon Hill How To Break The Habit Of Being Yourself – Joe Dispenza Unbound – Kasia Urbaniak -- 43:15 – How to find Marilise https://www.marilise-de-villiers.com https://www.linkedin.com/in/marilise-de-villiers-9184521a https://www.marilise-de-villiers.com/podcasts/roar-marilise-de-villiers 44:40 – Outro Social-Engineer.org Social-Engineer.com The Innocent Lives Foundation

8 Nov 202145min

This month Chris Hadnagy and Ryan MacDougall are joined by Les Correia, who leads the evangelization of Estee Lauders Application Security. In his position Les wears many hats, but they are all worn with the mission of protecting Estee Lauders critical assets from the risk of a security breach. Prior to this, Les held Senior and Advisory roles providing thought leadership at companies such as AT&T and Lucent. Les also holds an MSc in Cyber Security as well as an exhaustive list of certifications. In his free time, Les pilots small aircraft and drives racecars. October 18, 2021 00:00 – Intro www.social-engineer.com    Managed Voice Phishing      Managed Email Phishing      Adversarial Simulations      Social-Engineer channel on SLACK      CLUTCH      www.innocentlivesfoundation.org   Human Behavior Conference – website coming soon 05:10 – Les Correia Intro 09:15 – How did you get into this industry? 12:05 – How are you trying to be proactive in stopping breaches? 14:00 – How important has top level support been? 15:03 – How do you get other business units to give you time for what you're doing? 16:30 – Understanding the business like a business consultant helps them know you care about that business unit 20:19 Whisky 24:08 – What kind of attacks have you seen in the wild that people need to be aware of? 26:10 – How do we get people that may not think they can be a victim to understand these threats can still be against them? 27:55 – Being a worldwide company, how do you translate your security processes through all those different cultures? 32:01 – How important is it to have hobbies outside of your work? 34:41 – How do you help your team deal with burnout when you have so much work on your plate? 37:56 – Has there anyone you could consider your greatest mentor? Dr. Tafar INS (International Network Services) Dr. Patarsh Dr. Menamen – NYU 39:32 – Book Recommendations Thinking Fast and Slow Seven Habits of Highly Effective People Good To Great Chris' Books 41:57 – Guest Wrap Up 42:20 – Reaching Les on social media: QvittlbBgZseL100xP0S linkedin.com/in/les-correia  43:12 – Outro www.social-engineer.org www.social-engineer.com   www.innocentlivesfoundation.org QvittlbBgZseL100xP0S QvittlbBgZseL100xP0S QvittlbBgZseL100xP0S

18 Okt 202144min

This month Chris Hadnagy is joined by Dr. Jessica Barker. Jessica is an award-winning global leader in the human side of cyber security. She is Co-Founder and co-CEO of Cygenta, where she follows her passion of positively influencing cyber security awareness, behaviour and culture in organisations around the world. Jessica was also named one of the top 20 most influential women in cyber security in the UK and is the former Chair of ClubCISO. She is the author of the best-selling book Confident Cyber Security: how to get started in cyber security and futureproof your career AND co-author of Cybersecurity ABCs: delivering awareness, behaviours and culture change.   October 11, 2021. 00:00 – Intro www.social-engineer.com    Managed Voice Phishing      Managed Email Phishing      Adversarial Simulations      Social-Engineer channel on SLACK      CLUTCH      www.innocentlivesfoundation.org   04:21 - How did you get into cyber security? 06:48 – What were you researching before all that? 08:30 – How does human behavior influence technology? 10:00 – How has Covid-19 and the world scene impacted us when it comes to security? 14:26 – When we look on the internet at how aggressive people have gotten, and the anonymity has enabled people to be more terrible to each other, have you seen this aggression over the last 18 months affect security? 17:20 - Bullying 22:05 – Why is it looked at as "bad" to use bonuses when training people? 28:00 – What are the most positive ways to do it right? 32:37 – How would you suggest a company chooses the right "champion"? 36:26 – Finding Jessica on the web: Twitter: @drjessicabarker LinkedIn: https://www.linkedin.com/in/jessica-barker/ Instagram: @drjessicabarker www.cygenta.co.uk 37:20 – Who is your greatest mentor? Jane Frankland – business leader in cyber security https://jane-frankland.com/in-security/ 39:37 - Favorite Books Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career Cybersecurity ABCs: Delivering awareness, behaviours and culture change Human Hacking – Chris Hadnagy Crime Dot Com – Geoff White The Optimism Bias – Tali Sharot Black Box Thinking – Matthew Syed 43:26 – Outro

11 Okt 202143min

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Ed Skoudis.  Ed is a SANS Institute Fellow, Instructor, and Director of Cyber Ranges.  He is the founder of Counter Hack, an innovative cyber security company that works as trusted information security advisors to government, military, and commercial enterprises by providing in-depth security architecture, penetration testing, red teaming, incident response, and digital forensics expertise. Ed frequently presents industry keynotes based on the latest attack vectors he identifies during his team's penetration testing projects, expert witness work on large-scale breaches, security research into late-breaking malware and exploits, and incident response engagements. Over his career, Ed has taught over 20,000 students in computer incident response and penetration testing.  Ed and his team are also the creators of the SANS Holiday Hack Challenge, a free gift to the community every December challenging tens of thousands of people to build their cyber security skills in a fun, quirky adventure to save the holiday season. September 20, 2021 00:00 – Intro www.social-engineer.com   Managed Voice Phishing     Managed Email Phishing     Adversarial Simulations     Social-Engineer channel on SLACK     CLUTCH     www.innocentlivesfoundation.org  03:26 – Ed Skoudis Intro 05:26 – How did you get started, how did you get into this field? 09:18 – What do you looking for when building your team? 10:47 – How long will you observe a person to determine if they have the integrity or skill that you want? 12:44 – What advice would you give for companies to find people with the skill and integrity they need more quickly than observing them for 2-4 years? 22:00 – "Nothing new" in social engineering vs infosec, which is constantly changing 23:45 – Why do you feel experience like participating in CTF's are so valuable for people in this community? 28:57 – What is your advice for people on how to find quality CTF's? www.holidayhackchallenge.com www.ctftime.org www.wechall.net https://opentoallctf.github.io/ 32:04 – How long does it take your team to construct these challenges? 35:54 – If someone wants to sponsor this event, where can they go? www.holidayhackchallenge.com 36:42 – Who are the colleagues or mentors that have been most influential to you, people you wouldn't be where you are today if not for them? Ed's Nana – Evelyn Hiddings Manager at Bellcore - Miriam Hernandez Cagle SANS instructor, founder of In Guardians - Mike Poor Security Expert - Johnny Long SANS founder – Alan Paller 40:30 – What are some action steps corporations should start doing right now based on the advice you gave today to build a great team? Have a good corporate culture and leadership Be thoughtful and meaningful, make it fun, and challenge them Take input from your team and empower them 43:09 – Do you have any advice for employees dealing with burnout, how to practice self-care, or other coping mechanisms? Monthly meeting with state of the business, business reflections Rituals – Get a bagel and call mom on Saturdays, morning walk, calling friends out of the blue Gratefulness – when stressed, pause and think about what you're grateful for Get off social media for a few days 50:27 – Book Recommendation The Code Book by Simon Singh 51:53 – Outro www.innocentlivesfoundation.org  www.social-engineer.com

20 Sep 202153min

In this episode, Chris Hadnagy is joined by Dr. Cortney Warren. Dr. Warren is a Board-Certified Clinical Psychologist and former tenured Associate Professor of Psychology at the University of Nevada, Las Vegas (UNLV).  She is an expert on addictions, self-deception, eating pathology, and the practice of psychotherapy from a cross-cultural perspective. In addition to publishing in some of the field's top scientific, peer-reviewed journals, Dr. Warren is passionate about bringing theoretically grounded, empirically-supported psychological research to the general public. So, in addition to her academic work, Dr. Warren is a research consultant, keynote speaker, and writes a blog for Psychology Today.  September 13, 2021 00:00 – Intro www.social-engineer.com  Managed Voice Phishing    Managed Email Phishing    Adversarial Simulations    Social-Engineer channel on SLACK    CLUTCH    www.innocentlivesfoundation.org 02:10 – Cortney Warren Intro 03:35 – How did you get started? 07:28 – Why is it so hard to be honest with ourselves? 10:01 – What gets the person from "it's easy to lie to myself" to "I'm readily open to admit this" 13:25 – Admitting the truth is just the first step 13:20 – There are certain ways humans lie to themselves. One of them is "The Specialness Fallacy" 17:43 – How do people make the change in someone who doesn't want to make the change, they're not at that point yet? 21:45 – Is self-deception the same in every culture? 25:47 – Is there a particular culture that is more honest with themselves than others? 28:12 – Why is bringing research to the public such a mission for you? 31:41 – How do we make the change out of self-deception? 41:30 – Have you helped people in abusive relationships with your methods? 44:31 – When does your book come out? 44:47 – How to reach Cortney: www.choosehonesty.com Email: cortneywarren@choosehonesty.com Facebook: https://www.facebook.com/CortneySWarren   Twitter: https://twitter.com/DrCortneyWarren    LinkedIn: https://www.linkedin.com/in/dr-cortney-s-warren-phd-abpp-a4188772/  YouTube: https://www.youtube.com/playlist?list=PLQGXD7Ms5oR3GzsPZl3Tjl_9qj71MezHj   Instagram: https://www.instagram.com/cortneywarren/  45:37 – Who is your greatest mentor? My mother, Karen J Warren 48:25 – Favorite Books: Victor Frankl –Man's Search for Meaning 50:16 – Outro www.innocentlivesfoundation.org www.social-engineer.com

13 Sep 202150min

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Bernie Acre. Bernie is the Chief Information Officer for the City of Bryan, TX where he's responsible for all technology and communications systems, including the Fire, Police, Public Works, the municipal electric utility, and a myriad of general support organizations.  Bernie is currently an appointed Member of the Texas Cybersecurity Council. Bernie has a combined 41-years of experience in information technology; including 20+ in the US Air Force and 21 years in the electric utility industry and municipal government. August 16, 2021 00:00 – Intro www.social-engineer.com  Managed Voice Phishing    Managed Email Phishing    Adversarial Simulations    Social-Engineer channel on SLACK    CLUTCH    www.innocentlivesfoundation.org  03:34 – Bernie Acre Intro 04:43 – How did your transition into this position take place? 08:18 – What makes you proud of the culture that you created around employee awareness? 12:25 – How do you get all senior management on board? 14:24 – What did it take to find the people to make such a great team? 15:35 – What were you looking for in these people 17:15 – Setting the bar 19:15 – Team Advocate vs. Adversary 23:59 – Was your senior management always on board with being part of the testing? 27:06 – So the third hour of their required training is something the employees choose? 27:54 – Have you always had the philosophy that the security training you do at work should become personal? 29:21 – What are three things you would tell someone beginning in the field to focus on? 32:51 – Taking the time to grow 34:49 – What do you do to help combat burn out? How about promoting self-care? 37:31 – What lacks the most sometimes in an organization is communication 37:43 – Who in this industry do you respect the most? One of Bernie's commanders in the service, for overall leadership For this industry: Chris Hadnagy Roger Grimes (KnowBe4) Stu Sjouwerman (KnowBe4) Kevin Mitnick (KnowBe4) 40:13 – Book Recommendations Winning America by Allan Eckert All works by James Michener Valor Across The Lone Star by Charles M. Neal 43:55 – What got you so heavily into history? 44:38 – Finding Bernie on the internet: www.linkedin.com/in/bernie-acre-cgcio-7838375a/ www.bryantx.gov 47:04 – Outro Thanks to Bernie www.innocentlivesfoundation.org

16 Aug 202148min

In this episode, we are joined by Michael Roderick. Michael is the CEO of Small Pond Enterprises which helps thoughtful givers become thought leaders by making their brands referable, their messaging memorable, and their ideas unforgettable. He is also the host of the podcast Access to Anyone which shows how you can get to know anyone you want in business and in life using time-tested relationship-building principles. Michael's unique methodology comes from his own experience of going from being a High School English teacher to a Broadway Producer in under two years.   August 9, 2021 00:00 – Intro www.social-engineer.com www.innocentlivesfoundation.org Managed Voice Phishing   Managed Email Phishing   Adverserial Simulations   Social-Engineer channel on SLACK   CLUTCH   02:08 – Intro to Michael Roderick, CEO of Small Pond Enterprises www.smallpondenterprises.com www.accesstoanyonepodcast.com 03:20 – High school teacher – where did that come from and what were you teaching? 04:17 – You moved to New York and while teaching high school, you decided you wanted to be a producer. How did that come about? 09:49 - Was all of what you are saying a plan of yours, or you just did it and it worked out? 11:45 – You were doing something for these people with no ask in return. This makes such a psychological bond with these people. Why would you do this? 14:41 – What framework did you create out of this experience? 19:45 – You've got direct and indirect approach, what are the other two? 23:07 – What methods do you use to find the detail about who you are approaching for the mutually beneficial approach? 27:19 – What's the "E"? 35:16 – Did you come up with "DIME"? 35:55 – How can an average person use the skills you talked about to cultivate a network? 39:49 – Finding Michael on the Internet: www.smallpondenterprises.com www.myreferabilityrater.com Social Media links (not mentioned in podcast) Twitter: https://twitter.com/MichaelRoderick  LinkedIn: https://www.linkedin.com/in/michael-roderick-1161571/  Facebook: https://www.facebook.com/mike.roderick.940  40:37 – Who is your greatest mentor? Jeff Madoff 41:37 – Favorite Books Your Brain at Work – David Rock Breakthrough Advertising – Eugene Schwartz

9 Aug 202144min

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Michael Fortune. Michael is the Security Behaviours Team Manager for British Telecom (BT) UK. Michael has been with BT for an amazing 22 years, where he is currently BT's expert on security behavior, insider threat behavior, and social engineering, and helps guides the business around these risks. With over 160 thousand employees across the globe in his charge, Michael helps run a team of experts who support and drive security programs for the company.  July 19, 2021 00:00 – Intro www.social-engineer.com www.social-engineer.org www.innocentlivesfoundation.org Managed Voice Phishing  Managed Email Phishing  Adverserial Simulations  Social-Engineer channel on SLACK  CLUTCH  03:37 – Michael Fortune Intro 05:22 – Michael's Path – how has your background in psychology helped with cyber and information security? 06:10 – Have you been able to use psychological principles in eduction? 07:27 – How do you keep education engaging for 160,000 people? 10:07 – Top down approach 12:51 – You are essentially performing an SE gig in order to get an SE gig 14:03 – What's your rule set? 15:59 – Senior Management Buy In – people are afraid of doing that so they don't do it. How do you approach that? 19:08 – Where is the ethical line in using social engineering to get buy-in? 21:21 – Explaining to upper management the repercussions of not doing this training 22:52 – Were your CISO and Director of Protections always on board or did you have to convince them? 25:56 – What have you learned from your hundreds of thousands of SMishing attacks under your belt? 29:18 – Advice about getting buy-in from the top down can work for any sized company 30:30 – When you talk about personalizing the sessions that you do, do you personalize to the department, or 33:05 – Following through with a good program 36:24 – The idea is to get people to do it 36:38 – What colleagues do you respect most in the industry? Steve Benton – Deputy CISO at BT Chris Hadnagy 39:22 – What are some action steps that corporations should start doing right now? 42:00 – Experience is everything 42:40 – Book Recommendations Behave by Robert Sapolsky 44:48 – You need patience, because human being is different and complex 45:13 – Michael Fortune on the internet: Michael.2.Fortune@bt.com

19 Juli 202147min