WE'RE IN!

Four years ago, Jack Rhysider quit his job as a security engineer to move full time into the storytelling business. His podcast, Darknet Diaries, now boasts tens of millions of total downloads and has explored cybersecurity topics from Stuxnet to the collapse of cryptocurrency exchange Mt. Gox.

Building Darknet Diaries into a successful show was no cakewalk. In the latest episode of WE’RE IN!, Jack shares his experience putting on a great podcast, from ideation and guest selection all the way to monetization and fielding calls from Hollywood producers.

“Don’t think about how big of an audience you have,” he said. “You need to find the right person in your head, of who would love this show, and just deliver it to them in a great way.”

---------

Even if you’re not a podcast creator, there are plenty of reasons to listen:

* Glean Jack’s insights into the creative process, including the importance of self-reflection and listening with “fresh ears”

* Hear how he navigates constant deadline pressure while avoiding burnout

* Learn the secrets behind the most suspenseful moments in any great story

Tracy Maleeff led a successful career transition into the tech and cybersecurity world nearly seven years ago. Now a security researcher with the Krebs Stamos Group, the former librarian still uses her hard-won open source intelligence skills to sort through a deluge of cybersecurity information for clients and for subscribers of her free InfoSecSherpa news roundups.

In the latest WE’RE IN! episode, she speaks to the importance of having diverse perspectives at the table when it comes to cybersecurity and warns of a disconnect between tech hiring managers and HR departments.

“Companies keep hunting for unicorns when they really just need to pay attention to the squirrels at the base of the tree,” Maleeff said.

---------

Here are a few more reasons to listen:

* Discover Tracy’s tips for breaking into the cybersecurity industry from other professions: She once helped a mechanic launch a career in pentesting

* Learn how she’s used Twitter to advance her own cybersecurity career

* Hear about out her favorite episode of Keeping up with the Kardashians – and yes, there is an infosec connection!

---------

Links:

* https://infosecsherpa.medium.com/

* https://www.ks.group/

* https://www.synack.com/

* https://readme.security/

Beau Woods knows firsthand how every moment counts when it comes to medical cybersecurity. He launched his career in a hospital, where it wasn’t always possible for doctors to punch in complex passwords or spare a second thought for cybersecurity. Beau went on to found I Am the Cavalry, a group of cyber ambassadors dedicated to improving the security of devices ranging from pacemakers to connected door locks.

In his current role as senior advisor for the Cybersecurity and Infrastructure Security Agency, Beau helps fill gaps in U.S. cyber defenses by boosting organizations that may not have the resources or knowledge needed to secure critical connected equipment like insulin pumps.

“If you can get ahead of things and help them to build better procurement processes, help them to identify more securable technologies that have better business models, that will have  greater longevity, then you can stop the flow of inbound, insecurable devices and – over the next decade or two – eventually that cyber hygiene tide line can rise,” he said in this episode of WE’RE IN!

----------

Here are a few more reasons to tune in:

* Learn Beau’s tips for making cybersecurity issues more engaging, from gamification to building empathy

* Hear about his unconventional career path from psychology to security

* Build awareness on the state of healthcare cybersecurity and CISA’s role in government

----------

Links:

* https://www.cisa.gov/
* https://iamthecavalry.org/
* https://www.synack.com/
* https://readme.security/

Dragos CEO and founder Robert M. Lee has been talking about cybersecurity risks to critical infrastructure long before threats to utility operators and water plants were making headlines. In this episode of WE'RE IN!, he discusses the ongoing dangers to the grid from nation-state hackers and ransomware gangs, but also the progress the U.S. is making to better secure its most vulnerable assets. And there's also a great conversation about pay transparency that anyone working in infosec will want to hear. 

A few more reasons to listen:

*It's a candid and sobering interview with one of the world's leading experts on industrial cybersecurity.

*You might be surprised how Dragos approaches pay transparency, hiring and job interviews. 

*Better understand how critical infrastructure operators should approach cybersecurity differently from enterprise technology. 

Key quotes:

* "If you are an oil and gas pipeline or a manufacturing company, and you haven't had ransomware scenarios at a board level with an understanding of what you're doing specifically in OT, your liability and your lawsuit is going to be bad."

* "One hundred percent of our engineers are in the United States. We don't outsource anything where they're related to our product, because if we're deploying software into nuclear power plants and similar, I'd like control of the supply chain."

* "We've been talking about cyber at a presidential, international leader, board level for a long time. But they never knew they needed to differentiate between IT and OT. And now they're realizing all the resources have been spent on the non-revenue generating side of the business and they're going, "Holy crap! What's our OT cybersecurity strategy?"

Links:

* https://www.dragos.com/

* https://www.synack.com/

* https://readme.security/

Jim Manico is full of opinions. The founder of Manicode Security has advice on how to use the OWASP Top 10, on secure coding and especially on the OWASP Application Security Verification Standard (ASVS). He has advice for people starting out in security and all around thoughts on what it means to be a decent person. Jim is definitely one of those! He's also an educator, author, investor and entrepreneur. There are so many reasons to listen to this episode. Here are just a few: 

* Hear from one of the leading educators focused on helping developers code securely. 

* Learn more about all the important projects and initiatives happening at OWASP.

* Get Jim's perspective on how organizations can best implement DevSecOps. 

Key quotes: 

* "Honestly, you shouldn't be basing a security program on the OWASP Top 10. The Top 10 is meant for one purpose only: awareness. This is not just my opinion. This is actually codified in the introduction of the Top 10."

* "Being a decent human being, being a community supporter, trying to help people out, giving free talks: you can call it being a decent person, but it's also a good life and business strategy."

* "Learn how to f-ing code. And you don't have to be an expert at it. You don't have to be a software engineer, but if you're an IT professional and you don't even understand the basics of coding, it's going to limit your capability because the best pentesters I know write scripts."

Related links:

* https://manicode.com/

* https://owasp.org/www-project-top-ten/

* https://owasp.org/www-project-application-security-verification-standard/
* https://www.synack.com/

Alex Holden has a knack for tracking Russian cyber criminals. The Ukrainian-born cybersecurity expert understands what it takes to infiltrate ransomware outfits, learn their secrets and help organizations protect themselves against their tactics. Beyond that, his firm is responsible for detecting some of the biggest breaches in recent history. In this episode, Alex talks about his approach to tracking the world's most notorious criminal hackers, the current cyber threat in Eastern Europe and his own journey from Kyiv to the American midwest. 

Why should listen:

* Get the inside story of how the Conti ransomware gang and other Eastern European cybercrime syndicates operate.

* Hear about how the current Ukrainian War could shift the cyber threat landscape.

* Discover how one of the leading threat intelligence researchers uncovered some of the biggest data breaches in history.

Key quotes:

* "Russia knows how to wage cyber warfare. And they continuously keep showing us that they can ... So I think Russia is in [a] very powerful position to flex their cyber muscle to do damage."

* "We are watching a huge change in the cybersecurity threat landscape in Eastern Europe. Ukrainian cybercrime is not dead. They're still doing certain things in the western part of Ukraine. Some of them are moving into Eastern Europe ... The same is happening in Russia. Cyber criminals are afraid that the recent crackdown of the Russian government against them will continue." 

* "If you are at all interested in threat intelligence or in cybersecurity, I would recommend sitting down and reading [the Conti leaks] because you're going to see how the real criminals work, how they think, how they evolve and how the everyday gang works."

Links:

* https://holdsecurity.com/

* https://www.synack.com/

There's a flood of cybersecurity news as a result of the Ukraine War as well as Washington's recent efforts to compel organizations to report cyberattacks to federal officials. In this episode, Trey Herr and Emma Schroeder of the Atlantic Council’s Cyber Statecraft Initiative break it all down. They explore the consequences of an escalating digital battlefield in Europe, whether a hack could bring NATO into the war and strategies for creating more consensus within the tangled and complicated realm of cyber policy. 

Why you should listen:

* Understand what's at stake as cyber warriors do battle on both sides of the the Ukraine War. 

* Lean about some potential consequences of a destructive hack in Europe and whether that could even draw NATO into the war.

* Hear what Washington is doing to obtain better insights and actionable intelligence that could improve cybersecurity defenses.  

Key quotes:

* "Cybersecurity generally is not a good state of affairs. So I think we are going to see some regulatory changes that make it much harder for certain classes of companies to operate because they've grown up around this inefficient system."
* "The physical military invasion [into Ukraine] has not necessitated sophisticated cyber support from the Russians. What's been more important in the information space is misinformation [and] disinformation."
*  "You've got a lot of [outside hackers] tripping over systems to try to find some kind of way in to do something. And the challenge is that's not really strategic. You don't have any of these groups plugged into the target selection and intelligence collection processes that Western agencies have."

Links:

* https://www.atlanticcouncil.org/

* https://www.atlanticcouncil.org/programs/scowcroft-center-for-strategy-and-security/cyber-statecraft-initiative/

* https://www.atlanticcouncil.org/thecybermoonshot/

* https://www.synack.com/

Gabriella Coleman, a Harvard University anthropology professor, describes how she immersed  herself in hacker culture and eventually became embedded in the shadowy and mercurial world of Anonymous, the hacktivist collective she chronicled in her 2015 book, "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous." This is such a fascinating episode that explores the often misunderstood history of hacking and how many in this community went from outside agitators to mainstream security researchers.

-------

Why you should listen:

* Get a better understanding of the history of Anonymous and the role it played in shaping online protests and whistleblowing.

* Hear about some of the earliest hacking communities such as the free software hackers and efforts to archive their early writings and magazines.

* Get an anthropological perspective on how hackers have evolved from the fringes of the tech world to among the most influential voices in cybersecurity.

-------

Key quotes: 

* "There's now a new narrative that there was a single founder of Anonymous, the trolls and the early hacktivists. And that's just wrong in terms of historical record."

* "I'm not surprised that hackers were at the forefront of establishing the protocols for the security industry."

* "The moment you cower, the moment you're not willing to speak up, that's the minute that I think ... the hacker spirit is dead and can't be effective in initiating change."

-------

Links:
* https://www.synack.com/
* https://gabriellacoleman.org/
* https://datasociety.net/library/wearing-many-hats-the-rise-of-the-professional-security-hacker/

In this episode, Micah Hoffman talks about his career in Open Source Intelligence (OSINT) and the value it has for investigations, cybersecurity and understanding how information is weaponized. He also gets into strategies for safeguarding personal privacy in the face of increasing digital surveillance. This episode will have you thinking twice about what you post on social media!

Why you should listen:
* Hear from one of the leading Open Source Intelligence researchers working today.
* Learn about the value of OSINT for offensive and defensive cybersecurity.
* Get a better understanding of all the privacy risks from fitness trackers, apps, shopping online and social media.  

Key quotes:

* "OSINT is a reconnaissance skill. It's all about that preparation work that needs to be done before you do anything in cyber, whether it's attacking or defending."  

* "Once things are on the internet -- or once things are even collected, not necessarily on the internet -- you've lost control of it."
* "The reality is that we give up our privacy every single time we use an app, every single time we choose to purchase something."

Links:

* https://www.spotlight-infosec.com/

* https://osintcurio.us/

* https://www.synack.com/

Nicolas Chaillan, former Air Force Chief Software Officer, resigned from the DoD over frustrations with what he called a lack of innovation, collaboration and agility. He gets into those issues and talks about how the U.S. can invest more in technology to compete with China in artificial intelligence and cybersecurity.  

---------

Why you should listen:

* Nicolas offers a candid and controversial view of the military's approach to the growing technological threat from China.

* He outlines his view for a Pentagon that is more agile, collaborative and competitive. 

* Hear from a former DoD insider about some of the institutional barriers that can hinder innovation and software advancements.  

---------

Key quotes:

* "In 10, 15, 20 years from now, America as we know it and the value we have and the freedom we enjoy will be at risk of going away if China dominates in AI like they are doing now."

* "TikTok is effectively an intelligence weapon of China on US citizens right now."

* "We don't see a lot of training and implementation of Agile at all in the DoD, which really leads to the inability to move at the pace of relevance and tremendous waste of taxpayer money."

---------

* https://www.synack.com/

* https://www.linkedin.com/in/nicolaschaillan/

* https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-chaillan/

* https://ama.preventbreach.com/register