Cyber Security Interviews

https://www.linkedin.com/in/lance-spitzner-0ab0ba1/ (Lance Spitzner) is the Director of the https://www.sans.org/instructors/lance-spitzner (SANS Security Awareness) program. Lance has over 20 years of security experience in cyber threat research, awareness, and training. He invented the concept of honeynets, founded the https://www.honeynet.org/ (Honeynet Project), and published three https://www.amazon.com/Lance-Spitzner/e/B001IXMNRQ/ref=sr_ntt_srch_lnk_1?qid=1500506325&sr=8-1 (security books). Lance has worked and consulted in over 25 countries and helped over 350 organizations plan, maintain, and measure their security awareness programs. In addition, Lance is a member of the Board of Directors for the https://staysafeonline.org/ (National Cyber Security Alliance), frequent presenter, serial tweeter, and works on numerous community security projects. Before working in information security, Lance served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University

https://www.linkedin.com/in/caseyjohnellis/ (Casey Ellis) is founder and CEO of https://www.bugcrowd.com/ (Bugcrowd). He started life in infosec as pentester, moved to the dark side of solutions architecture and sales, and finally landed as a career entrepreneur. He’s been in the industry for 15 years, working with clients ranging from startups to government to multinationals, and awkwardly straddles the fence of the technical and business sides of information security. Casey pioneered the Bug Bounty as-a-Service model launching the first programs on Bugcrowd in 2012, and has presented at Blackhat, Defcon, Derbycon, SOURCE Boston, AISA National, and many others. He is happy as long as he's got a problem to solve, an opportunity to develop, a kick ass group of people to bring along for the ride, and free reign on t-shirt designs. In this episode we discuss fixing the Internet, bug bounty programs, designing software with security in mind, IoT security, changing security training and recruitment, responsible di

https://www.linkedin.com/in/robbreck/ (Rob Reck) and Alex Wood are both seasoned security professionals in the Denver, CO area and hosts of their own podcast, https://www.colorado-security.com/ (Colorado = Security). Rob is the Chief Information Security Officer at https://www.pingidentity.com/en.html (Ping Identity). In addition to his job at Ping Identity, Robb is an active member of the Colorado security community. In early 2017 he co-founded the Colorado = Security podcast with Alex. Robb serves on the board for the mountain region’s largest security conference, https://www.rmisc.org/ (Rocky Mountain Information Security Conference) and he recently ended his term as President of http://denver.issa.org/ (ISSA Denver), the largest ISSA chapter in the world. Alex is the Chief Information Security Officer for http://www.pultegroupinc.com/ (Pulte Financial Services) and has over 18 years of experience in information security. Previously he has had managerial, program, and technical roles at several major compa

This is another short podcast before we get back into full interviews next week. In this episode, I explore the concept of Independence. In the US, this week we are celebrating Independence Day. This got me thinking about what that means in my business experience. I wanted to share a few observations for those who are thinking about going out on their own either as an independent contractor or to start their own business. Please take a listen and let me and other listeners know of any tips or experiences you may have had if you were working independently or started a business. Also, go back and listen to episodes with https://cybersecurityinterviews.com/002-david-cowen-standing-shoulders-giants/ (David Cowen) and https://cybersecurityinterviews.com/018-hal-pomeranz-take-deep-breath-relax/ (Hal Pomeranz). Both have taken the independent route and have shared advice in their episodes. I hope everyone celebrating July 4th has a safe and fun holiday. Please subscribe so you don'

So many of you are wondering why the break in Cyber Security Interviews. There is a bit of a story that goes along with it. I wanted to share this story because I think sheds light into life and career changes that others can learn from. Sharing stories on careers and challenges is a big part of this podcast. Many people can feel alone in their cyber security journeys and I some of the struggles that I have been going through lately can allow those going through their own challenges feel connected and hopefully cope with uncertainty. I know there are others out there that have gone through some major life and career challenges. Know you are not alone, and you can get through it. So the podcast is firing back-up. Look for some great interviews in the coming weeks. I greatly appreciate all of the listener support and feed back I receive. It has definitely helped me recently. So please take a listen to this episode and stay tuned for the next round of episodes!

https://www.linkedin.com/in/alexkreilein/ (Alex Kreilein) and https://twitter.com/davesblend (David Odom) are both Managing Partners at https://securesetaccelerator.com/ (SecureSet Accelerator). SecureSet is a Denver, CO based firm which is a startup accelerator (https://securesetaccelerator.com/ (SecureSet Accelerator)) taking on the lack of novel and quality products in the information security field. In addition to overseeing the SecureSet Accelerator, Alex is also the Cofounder of SecureSet and the companies former CTO. He served as a Tech Strategist for the Department of Homeland Security, Guest Researcher to the National Institute of Standards and Technology, and Legislative Assistant to the US Congress. He served on the Integrated Task Force for the https://www.nist.gov/cyberframework (NIST Cybersecurity Framework) and serves on the board of a number of security startups. Alex has an M.S. from http://www.colorado.edu/engineering/ (CU Boulder School of Engineering) and Applied Science and an M.A. f

https://www.linkedin.com/in/troyhunt (Troy Hunt) is an internationally recognized https://haveibeenpwned.com/About (cyber security researcher), https://www.troyhunt.com/speaking/ (speaker), https://www.troyhunt.com/ (blogger), and https://www.troyhunt.com/workshops/ (instructor). He is the author of many top-rating security courses for web developers on https://www.pluralsight.com/authors/troy-hunt (Pluralsight )and is a Microsoft Regional Director and a six time https://mvp.microsoft.com/en-us/PublicProfile/4031649?fullName=Troy%20Hunt (Microsoft Most Valued Professional (MVP)) specializing in online security and cloud development. Prior to becoming an independent security consultant, Troy worked at Pfizer with the last seven years being responsible for application architecture in the Asia Pacific region. This time spent in a large corporate environment gave him huge exposure to all aspects of technology as well as the diverse cultures his role spanned. Many of the things he teaches in post-corporate life ar

https://www.linkedin.com/in/jadatmagnet/ (Jad Saliba) is the founder and CTO of https://www.magnetforensics.com/ (Magnet Forensics), a leading digital forensics company. Jad guides the organization to create products that meet the needs of customers from law enforcement, consultancies, or the corporate world. A former digital forensics investigator with a background in computer science, Jad can uniquely identify issues faced by forensics professionals and apply new ways of using technology to solve these problems. Prior to starting Magnet Forensics, Jad spent seven years with the Waterloo Regional Police Service. While with the police department, Jad was responsible for recovering Internet evidence from computers to support the force's investigations. He then developed Internet Evidence Finder which quickly became one of the most popular digital forensic tools for law enforcement and commercial practitioners. Jad is a recognized digital forensics speaker at industry events including: CEIC, Crimes Against Chil

https://www.linkedin.com/in/theresapayton/ (Theresa Payton) is one of the nation’s leading experts in cybersecurity and IT strategy. As CEO of http://www.fortalicesolutions.com/ (Fortalice Solutions), an industry-leading security consulting company, and co-founder of https://darkcubed.com/ (Dark Cubed), a cybersecurity product company, Theresa is a proven leader and influencer who works with clients and colleagues to uncover strategic opportunities and identify new and emerging threats. Theresa began her career in financial services, where she coupled her deep understanding of technology systems with visionary leadership, executing complex IT strategies and winning new business. Following executive roles Bank of America and Wachovia, Theresa served as the first female chief information officer at the White House, overseeing IT operations for President George W. Bush and his staff. In 2015, Theresa was named a William J. Clinton distinguished lecturer by the Clinton School of Public Service. She is the author

http://www.linkedin.com/in/halpomeranz (Hal Pomeranz) is the Founder and Principal Consultant for http://www.deer-run.com (Deer Run Associates) with over 25 years of cyber security experience. As a digital forensic investigator, Hal has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime, and malicious software infrastructures. He has worked with law enforcement agencies in the United States and Europe, and with global corporations. While perfectly at home in the Windows and Mac forensics world, Hal is a recognized expert in the analysis of Linux and Unix systems, and has made key contributions in this domain. His https://github.com/halpomeranz (EXT3 file recovery tools) were the direct result of an investigation, recovering data that led to multiple indictments and successful prosecutions. His research on EXT4 file system forensics provided a basis for the development of open source forensic support for this file system. Hal has also contributed a popula

In this episode I am speaking with https://www.linkedin.com/in/mariehattar/ (Marie Hattar) and https://www.linkedin.com/in/david-ginsburg-4774904/ (David Ginsburg). This is also my first podcast episode with two guests. Marie is the CMO at https://www.ixiacom.com/ (IXIA) and is responsible for their brand and global marketing efforts. Marie has more than 20 years of marketing leadership experience spanning the security, routing, switching, telecom and mobility markets. Before joining Ixia, Marie was CMO at https://www.checkpoint.com/ (Check Point Software Technologies) where she reestablished the company as the leading end-to-end security vendor. Prior to that, she was Vice President at http://www.cisco.com/c/en/us/index.html (Cisco) where she led the company’s enterprise networking and security portfolio. David is the VP of Marketing for https://www.cavirin.com/ (Cavirin). Dave has over 25 years of experience spanning corporate and product marketing, product management, digital marketing, and marketing

http://linkedin.com/in/klovejoy (Kristin Lovejoy) is the CEO of https://bluvector.io/ (BluVector). Prior to her role at BluVector, she served as general manager of IBM’s Security Services Division, charged with development and delivery of managed and professional security services to IBM clients worldwide. In addition, she served as IBM's Global CISO and VP of IT Risk. Kris is a recognized expert in the field on security, risk, compliance and governance, with appearances in Forbes, CNBC, NPR and USA Today. Within the past five years she has been recognized as 2015 SC Magazine Top 25 Security Managers, 2014 SC Magazine Power Player, 2012 Compass Award Winner by CSO Magazine, one of E-Week’s 2012 “Top Women in Information Security That Everyone Should Know”, Top 25 CTO by InfoWorld, as Top 25 Most Influential Security Executives by Security Magazine. She also holds U.S. and EU patents for Object Oriented Risk Management Models and Methods. Additionally, she is a member of numerous external boards and advisory p

https://www.linkedin.com/in/spacerogue/ (Cris Thomas) (aka Space Rogue) is a strategist for https://www.tenable.com (Tenable). With more than two decades of experience, he commands an uncanny ability to link disparate events, read between the lines and distill complex, technical information into readily understandable, accessible and actionable intelligence. Cris is a founding member of http://www.l0pht.com/ (L0pht Heavy Industries), a hacker think tank from the late '90s and has https://www.youtube.com/watch?v=VVJldn_MmMY (testified before the U.S. Senate Committee on Homeland Security and Governmental Affairs). He has also been interviewed for his security expertise by media organizations such as Wired, MSNBC, CNBC and even MTV. Before joining Tenable, he created thehttp://www.spacerogue.net/hnn/061600.html ( Hacker News Network) and produced the https://www.trustwave.com/Company/SpiderLabs/ (SpiderLabs) Radio weekly news podcast. As a https://www.tenable.com/profile/cris-thomas (strategist for Tenable), Cr

The https://www.rsaconference.com/ (RSA Conference) (or "RSAC") held annually in San Francisco, CA has become one of the largest information security conferences. I was able to get a press pass to the event this year and was pitched heavily for product focused interviews. Most I kindly declined, but there were a few people I did connect with and recorded some great conversations which I will post in the coming weeks. I recorded episodes with: https://www.linkedin.com/in/spacerogue/ (Cris Thomas (aka Space Rogue)), Strategist for http://www.tenable.com/ (Tenable Network Security) https://www.linkedin.com/in/klovejoy/ ( Kristin Lovejoy), CEO of http://bluvector.io/ (BluVector) And my first two person interview with https://www.linkedin.com/in/mariehattar/ (Marie Hattar), CMO of https://www.ixiacom.com/ (IXIA )and https://www.linkedin.com/in/david-ginsburg-4774904/ (David Ginsburg), VP Marketing at https://www.cavirin.com/ (Cavirin Systems) I really enjoyed my conversations with each of them and l

Dr. Gary McGraw is the Vice President of Security Technology at https://www.synopsys.com/ (Synopsys) (SNPS). Gary quite literally helped create the field of software security. He is a globally recognized authority on software security and the author of several bestselling books on this topic. His titles include https://www.amazon.com/gp/product/0321356705/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=0321356705&linkCode=as2&tag=cybersecur030-20&linkId=417ecc37df732e8ad6383b6c4ec155ae (Software Security), https://www.amazon.com/gp/search/ref=as_li_qf_sp_sr_tl?ie=UTF8&tag=cybersecur030-20&keywords=0201786958&index=aps&camp=1789&creative=9325&linkCode=ur2&linkId=224bfb88103109010acfd8b5cd660acc (Exploiting Software), https://www.amazon.com/gp/product/0321774957/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=0321774957&linkCode=as2&tag=cybersecur030-20&linkId=3df2b736994d4194703778d4bcfa64ea (Building Secure So

https://www.linkedin.com/in/detectivecindymurphy (Cindy Murphy) served in law enforcement  for more than thirty years (twenty-five of those years at the Madison Police Department in Wisconsin) before leaving the force to launch https://www.gillware.com/forensics/ (Gillware Digital Forensics), where she is co-owner and serves as president and lead examiner. Her peers have called her "one of the most dedicated people in the field of digital forensics." Cindy has also been teaching digital forensics since 2002, is a certified https://www.sans.org/instructors/cindy-murphy (SANS instructor) and helped develop the SANS Mobile Device and https://www.sans.org/course/advanced-smartphone-mobile-device-forensics (Advanced Smartphone Forensics courses). Her extensive experience has given her both the real-world experience and the foundation in training that it takes to excel in the mobile forensics field and share her knowledge with others. Throughout her career, Cindy has always looked for oppor

https://www.linkedin.com/in/snschober (Scott Schober) is the President and CEO of https://www.bvsystems.com/ (Berkeley Varitronics Systems) (BVS), a 44 year-old company and leading provider of advanced, world-class wireless test and security solutions. Scott starting with BVS in 1989 and the company’s product line of wireless test and security instruments has increased to over 100 products with a core focus on Wi-Fi, Cellular, WiMAX, LTE, IoT as well as other advanced radio devices. As an experienced software engineer, Scott has developed cellular test instruments used for measuring, optimizing and plotting signal coverage, primarily for the initial cellular build-out throughout the United States. Scott’s recent focus has been development of BVS’ cell phone detection tools, used to enforce a "no cell phone policy" in various markets including government, corporate, military, educational, correctional and law enforcement. Thousands of these security tools have been deployed throug

Early each year, for the past 12 years, the hacker conference http://shmoocon.org/ (ShmooCon) takes place in Washington, DC. This year I was honored and fortunate to get a press pass to this sold out event which the organizers call, "an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues." It was a great time and in this episode I will recap my experience over the three days. More ShmooCon information: http://shmoocon.org/ (ShmooCon Website) https://twitter.com/shmoocon (Twitter) https://twitter.com/ShmooConPuzzle (ShmooConPuzzle) http://www.shmooganography.org/Welcome (Shmooganography) Thank you to ShmooCon and the organizers for letting me be part of this event!

Defined by his peers as a “passionate, experienced and visionary individual who is always striving to improve himself,” https://www.linkedin.com/in/ivalenzuela (Ismael Valenzuela) is one of the few individuals that has done almost all in the InfoSec arena, from founding one of the first IT Security companies in Spain to managing a distributed CERT across the world as well as teaching for highly reputed institutions such as https://www.sans.org/ (SANS), BSi or the Spanish National Center of Intelligence. His command of both the business and technical aspects of information security has allowed him to specialize in building and boosting highly technical security teams and successful security businesses across North America, EMEA, India and Australia in the last 15 years. As a top cybersecurity expert with strong technical background and deep knowledge of penetration testing, security architectures, intrusion detection and computer forensics, Ismael has provided security consultancy, advice and guidance to large

Dr. Darren Hayes is the Director of Cybersecurity and an Assistant Professor at http://www.pace.edu/seidenberg/ (Pace University), New York and a leading expert in the field of digital forensics and cyber security. In 2013, he was listed as one of the http://www.forensicscolleges.com/blog/profs/10-top-computer-forensics-professors (Top 10 Computer Forensics Professors, by Forensics Colleges). He has developed four distinct courses in digital forensics, at Pace University, at the undergraduate and graduate levels. Also through Pace, Darren continually conducts research to support of law enforcement agencies both domestically and internationally. He has successfully been awarded grants, in the field of computer forensics, by the Department of Defense, National Science Foundation and other notable foundations. Daren is also a professional consultant in computer forensics and cyber law for the Department of Education in New York. For a number of years, Hayes has served on the Board of the High Technology Cri