Cyber Security Interviews

https://www.linkedin.com/in/fred-kneip-411a8322/ (Fred Kneip) is the CEO and Founder of https://www.cybergrx.com (CyberGRX). Since founding the company in 2015, Fred has led the creation of the world’s first global third-party cyber risk management (TPCRM) exchange. During his tenure at CyberGRX, Fred has been responsible for the overall direction of the company and as the company’s chief strategist, for securing global partnerships, leading investments and overseeing management and corporate execution. Prior to CyberGRX, Fred led the Security and Compliance Departments at Bridgewater Associates, an investment management firm overseeing about $160 billion for 350 of the largest and most sophisticated global institutional clients. Fred holds a BSE in Civil Engineering from Princeton University and an MBA from Columbia Business School. In this episode we discuss the growing Denver cybersecurity scene, starting in compliance, managing supply chain and vendor risk, current and upcoming regulations, compli

https://www.linkedin.com/in/alissatorres (Alissa Torres) is a SANS analyst and https://www.sans.org/instructors/alissa-torres (Principal SANS instructor) specializing in advanced digital forensics and incident response (DFIR). Alissa was recognized by https://www.scmagazine.com/home/security-news/features/women-to-watch/ (SC Magazine as one of its "2016 Women to Watch.") and a recipient of the Enfuse 2018 Difference Makers Award for her efforts in educational outreach. She has more than 15 years of experience in computer and network security that spans government, academic, and corporate environments. Her current role as Founder and Senior Consultant at https://sibertor.com/ (Sibertor Forensics), a security operations and incident response consulting company, provides daily challenges “in the trenches” and demands constant technical growth. Alissa is a frequent presenter at industry conferences (RSA, BSides, Shmoocon, Enfuse) and has taught hundreds of security professionals over the last 5 years in more than

https://www.linkedin.com/in/elizabeth-cookson-ms-ence-b7900b47/ (Lizzie Cookson) is an Associate Director of Cyber Investigations at https://kivuconsulting.com (Kivu Consulting). She specializes in cyber extortion and threat intelligence with a focus on attacker negotiations, threat actor profiling, and data breach remediation. Lizzie’s case work has included network intrusions, e-commerce compromise, business email compromise, wire/tax fraud, employee misconduct, and over 150 cyber extortion investigations. Lizzie has over six years’ experience in legal services, incident response, and digital forensics. Prior to joining Kivu, she worked in regulatory roles at law firms in Massachusetts and Washington, DC while earning her graduate degree in digital forensics. In this episode we discuss getting started in information security, how attackers have changed, ransomware changes, Ransomware-as-a-Service, banking trojans, types of cyber criminals, getting started with ransomware response, and so much more. Where yo

https://www.linkedin.com/in/georgiaweidman (Georgia Weidman) is the founder and CTO of https://www.shevirah.com/ (Shevirah) and is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, author, and angel investor. She holds a MS in computer science as well as holding CISSP, CEH, and OSCP certifications. Her work in the field of smartphone exploitation has been featured internationally in print and on television including ABC World News Tonight, The New York Times, NBC Nightly News, and The Washington Post. She has presented or conducted training around the world including venues such as the NSA, West Point, and Black Hat. She was awarded a DARPA Cyber Fast Track grant for her work in mobile device security culminating in the release of the open source project, the https://bulbsecurity.com/products/smartphone-pentest-framework/ (Smartphone Pentest Framework (SPF)). She is the author of https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641 (Penetrati

https://www.linkedin.com/in/deansysman/ (Dean Sysman), is the CEO and co-founder, https://www.axonius.com/ (Axonius). Dean is a world renowned expert in cybersecurity and has been honored with being in the Forbes 30 Under 30 Israel 2017 list. Before founding Axonius, Dean co-founded https://cymmetria.com/ (Cymmetria), A YC-backed cyber deception company with Fortune 500 customers. He has spoken at major conferences including Blackhat, Defcon, CCC and more. He is an alumnus of an elite unit in the Israeli Intelligence Corps, where he served for 5 years as a team leader and officer. Dean is a graduate of the special "Etgar" program, where he earned his B.Sc in computer science at the age of 19. In 2005, Dean was part of the gold medal winning team in the international Robotic Olympics in South Korea. Dean enjoys playing poker and reading existential philosophy. In this episode we discuss, his start in infosec in Israel, being a founder, measuring security effectiveness, cyber security fundamentals, hiring the r

https://www.linkedin.com/in/chadloder/ (Chad Loder) is the CEO and co-founder of https://www.habitu8.io/ (Habitu8), a Los Angeles-based cyber security startup that's transforming the security awareness industry away from its traditional "training-centric" approach to an approach that is based on measurable risk reduction through influencing and measuring key employee behaviors. Prior to Habitu8, Chad was co-founder and VP of Engineering at https://www.rapid7.com/ (Rapid7), which he helped bring to a $900M IPO in 2015. Chad has also worked as a public company CISO and a strategic advisor to several security startups. In this episode we discuss his start with phreaking, starting Rapid7, the focus on the human element in infosec, mistakes users make, how to measure your programs success, how people learn security, being a founder, and so much more. Where you can find Chad: https://www.linkedin.com/in/chadloder/ (LinkedIn) https://twitter.com/chadloder (Twitter) https://blog.habitu8.io/blog (Blog)

https://www.linkedin.com/in/ydklijnsma/ (Yonathan Klijnsma) is a threat researcher at https://www.riskiq.com (RiskIQ), leading threat response and analysis efforts with the help of RiskIQ's expansive data set. Both his work and hobbies focus on threat intelligence in the form of profiling threat actors as well as analyzing and taking apart the means by which digital crime groups work. Outside of work Yonathan likes taking things apart and figuring out how they work; be it physical devices or digital like malware or ransomware. He is a regular presenter at industry conferences such as https://www.defcon.org/html/defcon-24/dc-24-speakers.html#Klijnsma (DEF CON) and is quoted in https://www.wired.com/story/black-friday-scams/ (Wired), https://www.foxnews.com/tech/black-friday-cyber-monday-shopping-scams-to-avoid-this-year (Fox News), https://www.cnet.com/news/black-friday-brings-out-the-hackers-looking-to-rip-you-off/ (C|NET), and https://krebsonsecurity.com/tag/yonathan-klijnsma/ (Krebs on Security) to name a f

https://www.linkedin.com/in/mikevj/ (Mike Johnson) is the https://www.ciodive.com/news/lyft-hires-first-ciso-prioritizing-security-in-self-driving-car-push/449112/ (CISO of Lyft), where he is responsible for Security, Data Privacy, and a few other key areas he can't talk about. He's been in the security field long enough to be able to use "decades" as a measure. In his time he's seen things, heard things, and shared his opinion on a great many things. Prior to becoming https://blogs.wsj.com/cio/2017/08/03/lyft-hires-first-ciso-as-it-expands-into-self-driving-cars/ (Lyft's first CISO), he was at Salesforce working in various information security roles. In this episode we discuss being an organizations first CISO, building a world class detection and response team, securing a development team, building security culture, data privacy, cyber security as a team sport, looking for non traditional skills, and so much more. Where you can find Mike: https://www.linkedin.com/in/mikevj/ (LinkedIn) https://blogs.wsj.com/

https://www.linkedin.com/in/jacob-williams-77938a16/ (Jacob Williams) is the Founder and President of https://www.renditioninfosec.com/ (Rendition Infosec). Jake started his information security career doing classified work with the U.S. government and was awarded the National Security Agency (NSA) Exceptional Civilian Service Award, which is given to fewer than 20 people annually. He's been involved in high-profile public sector cases including the malware analysis for the 2015 cyber attack on the Ukraine power grid. He's also tackled a variety of cases in the private sector. Jake is a certified SANS instructor and co-author of https://www.sans.org/course/memory-forensics-in-depth (FOR526: Memory Forensics In-Depth) and https://www.sans.org/course/cyber-threat-intelligence (FOR578: Cyber Threat Intelligence) teaches a variety of other classes for SANS (SEC503, SEC504, SEC660, SEC760, FOR508, FOR526, FOR578, FOR610). Given his accomplishments, it should come as no surprise that Jake lives, sleeps, and br

https://www.linkedin.com/in/joshcorman/ (Joshua Corman) is a Founder of https://www.iamthecavalry.org/ (I am The Cavalry (dot org)) and CSO for https://www.ptc.com/ (PTC). Josh previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research, analyst, & strategy roles. He co-founded RuggedSoftware and https://www.iamthecavalry.org/ (IamTheCavalry) to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations, and social impact, has helped position him as one of the most trusted names in security. He also serves as an adjunct faculty for Carnegie Mellon’s Heinz College and on the Congressional Task Force for Healthcare Industry Cybersecurity. In this episode we discuss his start in information security, being a super hero, the start of I am The Cavalry, cyb

https://www.linkedin.com/in/rongula/ (Ron Gula) is the President of http://www.gula.tech/ (Gula Tech Adventures). Ron started his cybersecurity career as a network penetration tester for the NSA. At BBN, he developed network honeypots to lure hackers and he ran US Internetworking's team of penetration testers and incident responders. As CTO of Network Security Wizards, Ron pioneered the art of network security monitoring and produced the Dragon Intrusion Detection System which was recognized as a market leader by Gartner in 2001. As CEO and co-founder of Tenable Network Security, Ron led the company's rapid growth and product vision from 2002 through 2016. He helped them scale to more than 20,000 customers worldwide, raise $300m in venture capital and achieve revenues in excess of $100m annually. Currently, Ron is President at Gula Tech Adventures which focuses on investing and advisement of cyber-security companies. In this episode we discuss starting in security in the 1990's at the NSA, starting Tenab

This is a special episode where my guests actually turn the mics and spotlight on me. In this episode, I speak with https://www.linkedin.com/in/kriswasserman/ (Kristopher Wasserman) and https://www.linkedin.com/in/richardbrooman/ (Ricky Brooman), both governance and eDiscovery experts that wanted to get deeper knowledge about cyber security. We discuss how folks in the litigation and eDiscovery world can help, compliment, and jump ship to cyber security. Additionally, we discuss what is similar and different in how organizations respond to government inquires, data breaches, and litigation. Kristopher brings over 12 years of experience to his role as Vice President and Senior Consultant at D4. Kris oversees a team of Discovery Engineers that provide technical expertise and guidance to clients to develop defensible cost-effective solutions that involve managing data that may be used as evidence. Ricky is a Litigation Support Project Manager at Saul Ewing Arnstein & Lehr LLP. In this capacity, he

https://www.linkedin.com/in/mark-greisiger-475b053/ (Mark Greisiger) has led https://netdiligence.com/mark-greisiger/ (NetDiligence), a Cyber Risk Assessment and Data Breach Services company, since its inception in 2001. During that time, Mark has been responsible for the creation of highly-focused services that are used by leading cyber liability insurers in the U.S. and U.K. to support both loss-control and education objectives. Prior to joining NetDiligence, Mark spent 12 years in the insurance industry, primarily with CIGNA P&C, where he created the first generation of cyber risk insurance. Mark is also a frequently published contributor to various insurance & risk management publications and a sought-after speaker on the topic of cyber risk and liability. In this episode we discuss cyber risk insurance, right sizing cyber insurance, gathering the metrics for breaches, the costs of breaches, the impact to SMB's, GDPR, data privacy, and so much more. Where you can find Mark: https://www.linkedin.co

https://www.linkedin.com/in/brianvecci/ (Brian Vecci) is the Technical Evangelist at https://www.varonis.com/?ref=cybersecurityinterviews.com (Varonis) where he supports a wide range of security initiatives by helping Varonis’ customers and employees get the most out of the company’s products to tackle today’s biggest security challenges. In his 20-year technical career, Brian served as a developer, tech architect, engineer and product manager for companies in financial services, legal, and cybersecurity. Brian joined Varonis in 2010 as director of education and development. Before joining Varonis, Brian worked on systems architecture at UBS. He holds a CISSP certification and frequently presents on topics related to security and technology. He has been quoted in news sources ranging from The Financial Times to https://www.darkreading.com/author-bio.asp?author_id=2721& (Dark Reading) and has made multiple appearances on https://www.cnbc.com/video/2017/09/15/card-sharks.html (CNBC). In this episo

https://www.linkedin.com/in/cameron-williams-3696a18b/ (Cameron Williams) is the Founder and CTO of https://overwatchid.com/press/ (OverWatchID). Cam has more than 22 years of experience as a leader in the cyber security industry. He has led breach mitigation and designed security solutions/countermeasures for leading global companies such as IBM, Boeing, Sony, BP, Chase and Washington Mutual. He has designed and built a multitude of access management systems including privileged access management, identity access management (SSO, SAML, OAuth and Federation) and cloud access security brokering systems. Prior to cofounding OverWatchID, Cameron was VP Engineering at IntelliSecure, where he led the development of a next generation MSSP platform including multi-tenant PAM, correlation engine (SIEM software), deployment automation, and application monitoring systems. In this episode we discuss the alphabet soup of identity and access management, cloud security, maturing the trust model, the problems he is trying t

https://www.linkedin.com/in/grossmanjeremiah/ (Jeremiah Grossman) is the CEO of https://bitdiscovery.com/ (Bit Discovery). Jeremiah's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. Since Jeremiah earned a Brazilian Jiu-Jitsu black belt, the media has described him as "the embodiment of converged IT and physical security.” In 2001, Jeremiah founded https://www.whitehatsec.com/ (WhiteHat Security), which today has one of the largest professional hacking armies on the planet. Jeremiah has received a number of industry awards, been publicly thanked by Microsoft, Mozilla, Google, Facebook, and many others for privately informing them of weaknesses in their systems -- a polite way of saying, ‘hacking them'. In this episode we discuss RSAC 2018, starting in infosec, web application vulnerabilities, what to look for in application security developers, building security development metrics, why you need to inventory websites,

https://www.linkedin.com/in/robmichaellee/ (Robert M. Lee) is the CEO and Founder of the industrial (ICS/IIoT) cyber security companyhttp://dragos.com/ ( Dragos, Inc). He is also a non-resident National Cybersecurity Fellow at https://www.newamerica.org/cybersecurity-initiative/ (New America) focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of http://passcode.csmonitor.com/influencers (Passcode’s Influencers), awarded EnergySec’s Cyber Security Professional of the Year (2015), and inducted into http://www.forbes.com/pictures/mll45klmm/robert-lee-27/ (Forbes’ 30 under 30) for Enterprise Technology (2016). A passionate educator, Robert is the course author of http://www.sans.org/course/industrial-control-system-active-defense-and-incident-response (SANS ICS515) – “ICS Active Defense and Incident Response” with its accompanying GIAC certification GRID and the lead-author of https://www.sans.org/course/cyber-threat-intellig

https://www.linkedin.com/in/sidragon1/ (Chris Roberts) is the Chief Security Architect at https://www.acalvio.com/company/#leadership (Acalvio) and is regarded as one of the world’s foremost experts on counter threat intelligence within the cyber security industry. At Acalvio, Chris helps drive Technology Innovation and Product Leadership. In addition, Roberts directs a portfolio of services within Acalvio designed to improve the physical and digital security posture of both enterprise, industrial and government clients. (In English) Acalvio has given him the opportunity to help shape the next generation of deception platforms, allowed him to spend time doing R&D...and he still gets to break into companies and help them with their maturity modeling and overall solutions within the security industry. For the 50th episode, I couldn't have picked a better guest and this was my favorite interview to date. We discuss scotch tasting and food, and how that relates to infosec, building a better cyber securit

https://www.linkedin.com/in/keithmccammon/ (Keith McCammon) is the Chief Security Officer and Co-founder of https://redcanary.com (Red Canary) in Denver, CO. Keith runs Red Canary’s Security Operations Center and leads a group of expert analysts that monitor a continuous stream of potential attacks detected in their customers’ environments. Keith is a known expert in offensive cyber computing and defensive IT security from his background as Director of Commercial Security at Kyrus and Executive Director of Information Technology at ManTech. In this episode we discuss his training and start in technology, working in the government space, founding and growing a cyber security firm, the problems he is trying to solve, scaling analysis, securing the cloud, solving the talent shortage problem, and so much more. Where you can find Keith: https://www.linkedin.com/in/keithmccammon/ (LinkedIn) https://twitter.com/kwm (Twitter) https://redcanary.com/blog/ (Blog) https://github.com/keithmccammon (GitHub)

https://www.linkedin.com/in/tombrennan/ (Tom Brennan) is the Founder of https://www.proactiverisk.com (Proactive Risk) with two decades of hands on the keyboard experience building, breaking and defending data for clients worldwide. He is a an alumni of McAfee, Intel Security, SafeCode, Trustwave, WhiteHat, ADP, Datek Online, and the United States Marines. Tom served the https://www.owasp.org (OWASP) Foundation as an elected member of the Global Board of Directors for ten years. He also founded the New Jersey OWASP Chapter and grew the New York City as President for thirteen Years. Today, Tom is associated with http://www.crest-approved.org/usa/crest-usa-chapter-board/index.html (CREST International) as its elected Chairman of the Americas Board and participates as technical advisor for New Jersey Institute of Technology, County College of Morris, Morris County Economic Development Corporation, Rockaway Township Official, and is a member of the CERT team. In this episode we discuss his start in informati