Listen Now

Journalist-turned-intel analyst Selena Larson joins the podcast to discuss the nuances of cybersecurity journalism, making the shift to analyzing intelligence and writing for a private audience, the ransomware epidemic, and the state of critical infrastructure security.Links:Selena Larson PresentationsFollow Selena on TwitterSelena Larson on Bringing New & Diverse People into the ICS Security CommunityICS OSINT: An Attacker’s PerspectiveSelena Larson profile

Gusto chief security officer Fredrick 'Flee' Lee talks about his passion for democratizing security, solving problems for small businesses, the responsibilities of being a black security leader, and the people and experiences that influenced him along the way.Links:Gusto Appoints Fredrick Lee Chief Security OfficerSecret CSO: Fredrick "Flee" Lee, GustoCISO to CISO Webcast with Fredrick "Flee" Lee

TechCrunch security writer Zack Whittaker stumbled into journalism while in college and has carved a successful career covering cybersecurity the last decade. He joins the podcast to talk about landing at ZDNet out of university and some lucky breaks along the way. Zack also talks about the trials of living and working with Tourette syndrome.

Netflix security leader Jason Chan talks about the connections between ultra-marathons and running a robust security program, his view of the defender's top priorities, the talent shortage in cybersecurity, and the shifting patterns that drive secure code delivery.Links:Jason's ultra-marathon photosKeynote: Keeping Developers and Security Teams HappyDeveloper Empathy with Jason Chan of Netflix (Podcast)Hacktivity 2014: Jason Chan -- Building a Glass HouseI Want Your Job: Jason Chan, Netflix

After a career in government that included physical security work for the U.S. State Department, Matt Honea transitioned to Silicon Valley and turned his attention to the cyber-insurance space. He joins the podcast for a frank discussion on cyber-insurance, ransomware payments and trends, and his opinions on innovation in security.Links:Matt Honea blog postsSafe Harbor Programs: Ensuring the Bounty Isn't on ...

Cybersecurity journalist and author Andy Greenberg joins the podcast to talk about his career as a journalist, the ins-and-outs of negotiating a big story with sources, the intricacies of writing a good book, and some of his biggest stories to date.Links:Follow Andy Greenberg on TwitterAndy Greenberg's Wired bioSandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

After a career in diplomacy at the U.S. State Department, Uber's Brooke Pearson headed to Silicon Valley to find a new path in cybersecurity. We chat about her early interest in Russia and international relations, a life-changing chance encounter during an airport layover, using non-traditional skills to find success in tech, and her passion for helping minorities find meaningful careers in security.

[ DISCLAIMER: These are the personal opinions of Tim MalcomVetter and do not construe an official endorsement or business relationship of his employer with any product or service. ] Walmart Red Team lead Tim MalcomVetter joins the podcast to talk about red-team/blue team dynamics, the adversarial relationship between the two sides, the mentality of a determined attacker, and why everyone in cybersecurity should give jiu-jitsu a try.Links:TIm's Articles on MediumFollow Tim MalcomVetter on TwitterLinkedIn Profile

Hacker-turned-entrepreneur Matt Suiche reminisces about the hacking scene in France, his introduction to memory forensics and how his research led to presenting at Microsoft's Blue Hat, the grind of building and selling a company, and his passion for supporting young security researchers in developing countries. Links:OPCDE OnlineComae TechnologiesFollow Matt Suiche on Twitter

AT&T Cybersecurity's Jaime Blasco talks about falling in love with security as a high-school student in Spain, finding a career path in pen-testing and offense, shifting to building defensive technologies and his current passion for exploring the value of machine learning. Links:AT&T AlienLabsFollow Jaime on TwitterOpen Threat Exchange (OTX)

Mobile security pioneer Collin Mulliner talks about the early days of hacking PalmOS devices, the current state of smartphone platforms, his work on securing self driving cars, and why he built and open-sourced a firmware analyzer tool. Links:Firmware Analyzer — FwAnalyzer is a tool to analyze (ext2/3/4), FAT/VFat, SquashFS, UBIFS filesystem images, cpio archives, and directory content using a set of configurable rules. Collin's blogPDF: Continuous Automated Firmware Security Analysis

Hitch Partners principal Michael Piacente dishes on the cybersecurity job market during an economic crisis, the intricacies of recruiting top-flight security talent, the high rate of turnover among CISOs, and why companies should spend more time on writing better job descriptions.Links:WSJ: CISOs stay on the job less than three years, compared with nearly seven years for CEOsExploring the CISO's personal brand

Security industry pioneer Dave Aitel dishes on entrepreneurship, fostering a "one team, one parking lot" culture, how lessons from his time at the NSA still guides his decisions, and his approach to blunt, honest marketing. We also discuss a shared passion for Brazilian Jiu-Jitsu and his work supporting Project Grapple in Miami. Links:Project Grapple, The Jiu-Jitsu Non Profit Changing LivesAitel FoundationInfiltrate ConferenceDaily Dave (mailing list)

Former Chief Security Scientist at Bank of America, Sounil Yu, explains why he created the Cyber Defense Matrix framework and how organizations are using it to drive visibility and security decisions in multiple places. We discuss securing "cattle vs pets," the next era of security innovation, and the increasing security poverty line that hurts small- and medium-sized businesses. Links:Cyber Defense Matrix — The Cyber Defense Matrix helps us understand what we need organized through a logical construct so that when we go into the security vendor marketplace, we can quickly discern what products solve what problems and be informed on what is the core function of a given product. In addition, the Cyber Defense Matrix provides a mechanism to ensure that we have capabilities across the entire spectrum of options to help secure our environments.Cyber Defense Matrix Reloaded — This is an update to the Cyber Defense Matrix briefing given at the 2019 RSA Conference. Cybersecurity practitioners can use this to organize vendors, find gaps in security portfolios, understand how to organize security measurements, prioritize investments, minimize business impact, visualize attack surfaces, align other existing frameworks, and gain a fuller understanding of the entire space of cybersecurity.

In an industry where 10-15% of staff are women, Akamai's security team is 40% women and growing. Chief security officer Andy Ellis joins the podcast to share lessons on practical things -- some subtle, some major -- that pushed real diversity on Akamai's security team.Links:One company’s successful approach to gender balanceVideo: 20 Years In: Security’s Grand Challenges, Then and NowAndy Ellis: Humans are Awesome at Risk Management

Veteran malware hunter Costin Raiu talks about writing his own an anti-virus program as a teenager in Romania, his work tracking advanced threat actors globally, and why he assumes his computer is compromised by at least three APT groups.Links:"Equation Group" ran the most advanced hacking operation ever uncoveredThe adventures of lab ED011 — One Romanian campus computer lab both pentested the world and eventually helped protect itCostin Raiu on TwitterThe "Red October" Campaign

Flashpoint chief executive Josh Lefkowitz talks about how his previous work as a counter-terrorism analyst underscored the value of contextual threat-intelligence, his company's approach to gathering and analyzing data, and his mission to be an extension of a client's security team.Links:Flashpoint - Library'7 Minutes' with Flashpoint CEO Josh LefkowitzVideo: Josh Lefkowitz on AlphaBay's demise

BlackBerry security response executive Christine Gadsby joins the podcast to talk about tough decisions around shipping secure software, the challenges of securing supply chain dependencies, BlackBerry's new ransomware recovery feature, and her upcoming Black Hat 2018 presentation.Links:Black Hat 2018: Stop that Release There's a Vulnerability!Christine Gadsby on TwitterBlackBerry Enterprise Software - Security & Management for the Enterprise of ThingsChristine Gadsby on LinkedIn

Cybersecurity industry veteran Chad Loder talks about his time as co-founder of Rapid7, the decision to acquire Metasploit, lessons learned from moving to the CISO chair and why the industry still struggles with security awareness training.Links:About Habitu8Chad Loder on TwitterRapid7 Acquires Metasploit

Chris Castaldo, senior director of cybersecurity at 2U, Inc., joins Ryan on the podcast to talk about building a threat model for digitizing the education sector, his top priorities as a defender, new solutions that impress him, and why it's important to get independent third-party security assessments.Links:Uptycsosquery | Easily ask questions about your Linux, Windows, and macOS infrastructure