Cyber Security Interviews

https://www.linkedin.com/in/codycornell/ (Cody Cornell) is the Founder and CEO of https://swimlane.com/ (Swimlane). Cody is responsible for the strategic direction of Swimlane and the development of it’s security operations management platform. Collaborating with industry leading technology vendors, he works to identify opportunities to streamline and automate security activities saving customer operations costs and reducing risk. In 2011, Cody co-founded Phoenix Data Security Inc., a focused cyber security professional services organization. Prior to Phoenix Data Security, he began his career in the U.S. Coast Guard, spent 15 years in IT and security including roles with the U.S. Defense Information Systems Agency (DISA), the Department of Homeland Security (DHS), American Express, and IBM Global Business Services. Cody has presented at information security forums such as the Secret Service Electronic Crimes Task Force, the DHS Security Subcommittee on Privacy and National Public Radio (NPR), as well as to m

https://www.linkedin.com/in/brfund/ (Bret Fund) is the CEO of https://secureset.com (SecureSet). As a founder of the business in 2014, he has led the growth of the organization from startup to multiple programs and campuses. He oversees the growth, strategy and financial operations for the company. As a former professor, Bret has a great passion for and a strong executional focus on providing students with a quality education and success in the placement process. He formerly served as an Assistant Professor at the University of Colorado–Boulder and was the Executive Director for the Deming Center Venture Fund there. In this episode we discuss cyber security education, filling the demand for cyber talent, the benefits of hiring people making a career change to information secuirty, the Denver, CO cyber security scene, giving back to the community, getting outside of your comfort zone, and so much more. Where you can find Bret: https://www.linkedin.com/in/brfund/ (LinkedIn) https://twitter.com/brfund (Twitter)

https://www.linkedin.com/in/kristinng/ (Kristinn Gudjonsson) is a manager with the Detection & Response team at https://www.google.com/ (Google), where he has been for the last 6 1/2 years. Kristinn joined Google in 2011 as part of the incident response team, investigating and responding to security incidents, before making the move to management, where he now oversees the digital forensics and incident management teams in Sunnyvale, CA. Prior to his management adventures, Kristinn was known to dabble into coding, focusing on tools like https://github.com/log2timeline (Log2Timeline) and https://github.com/log2timeline/plaso/wiki (Plaso). In his previous life, Kristinn worked as an incident response and forensics consultant in Iceland. Kristinn holds an M.Sc. from Institut National des Telecommunications (INT, now Telecom & Management) school from Paris and a B.Sc. in computer and electronic engineering from the University of Iceland. In this episode we discuss moving to the US to do DFIR for Google, h

https://www.linkedin.com/in/carderj/ (James Carder) is the CISO of https://logrhythm.com (LogRythm) and brings more than 19 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. Government. At LogRhythm, he develops and maintains the company’s security governance model and risk strategies, protects the confidentiality, integrity, and availability of information assets, oversees both threat and vulnerability management as well as the Security Operations Center (SOC). He also directs the mission and strategic vision for the LogRhythm Labs machine data intelligence, threat and compliance research teams. Prior to joining LogRhythm, James was the Director of Security Informatics at Mayo Clinic where he had oversight of Threat Intelligence, Incident Response, Security Operations, and the Offensive Security groups. Prior to Mayo, James served as a Senior Manager at MANDIANT, where he led professional services and incident response engagements. He led criminal and

https://www.linkedin.com/in/davidnavetta/ (David Navetta) is a US co-chair of http://www.nortonrosefulbright.com/us/our-services/technology-and-innovation/data-protection-privacy-and-cybersecurity/ (Norton Rose Fulbright's Data Protection, Privacy and Cybersecurity) practice group. David focuses on technology, privacy, information security and intellectual property law. His work ranges from compliance and transactional work to breach notification, regulatory response and litigation. David currently serves as "breach coach" or is on the approved panel for numerous cyber insurance carriers and companies, and has helped dozens of companies across multiple industries respond to data security breaches. Prior to joining Norton Rose Fulbright, David co-founded https://www.infolawgroup.com/ (InfoLawGroup LLP), a law firm focusing on information technology, privacy, security and IP-related law. David and InfoLawGroup successfully served a wide assortment of US and foreign clients from large Fortune 500 multinationals,

https://www.linkedin.com/in/jaredcoseglia/ (Jared Michael Coseglia), founder and CEO of https://www.trustaffingpartners.com (TRU Staffing Partners), has over fourteen years of experience representing talent in e-discovery and cybersecurity. He has successfully placed over 2500 professionals in full-time and temporary positions at the Fortune 1000, AmLaw 200, Cyber 500, Big Four, and throughout the ESI and cyber consultancy, service provider and software community. His ability to identify, deliver, mentor, and help retain talent has given him the privilege of quickly becoming the globally recognized “go-to” individual for clients and candidates in need of staffing solutions or career guidance and management in cybersecurity. Jared's unique style of representation, vast network of relationships, and subject matter expertise has helped earn him and TRU a host of awards including ranking on the https://www.trustaffingpartners.com/news-and-events/tru-staffing-partners-named-on-the-36th-annual-inc-5000-list-ranking

https://www.linkedin.com/in/andrewhay/ (Andrew Hay) is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for http://leocybersecurity.com/ (LEO Cyber Security), he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. Prior to LEO, Andrew served as the Chief Information Security Officer (CISO) at https://www.hytrust.com/ (DataGravity, Inc.), where he advocated for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy. Before that, he served as the Director of Research at https://www.opendns.com/ (OpenDNS) where he led the research efforts for the company. Prior to joining OpenDNS he was the Director of Applied Security Research and Chief Evangelist at https://www.cloudpassage.com/ (Clou

https://www.linkedin.com/in/michelangelo-sidagni-0720141/ (Michelangelo Sidagni) serves as Chief Technology Officer leading technical development, security research, and operations for https://www.nopsec.com/ (NopSec). Prior to NopSec, Michelangelo was the Director of IT Security Services at Ciphertechs and served as a lead internal security consultant at Blue Cross Blue Shield advising on HIPAA security compliance and privacy initiatives. Michelangelo holds numerous professional certifications in information security including CISSP, CISA, and CIA and is a frequent speaker at information security events around the country. He holds a Master’s of Business Administration from the University of Pavia – Italy. In this episode we discuss his start in infosec audits, his transition to entrepreneur, the difference between vulnerability assessments and penetration testing, building a vulnerability management platform, rating vulnerabilities, change management, trends in security, and so much more. Where you can find

https://www.linkedin.com/in/jamestarala/ (James Tarala) is a principal consultant with Enclave Security and is based out of Venice, Florida. James Tarala has been a speaker with the https://www.sans.org/instructors/james-tarala (SANS Institute), the https://www.iansresearch.com/ (Institute of Applied Network Security) (IANS), and the Center for Internet Security for over 20 years. He has spoken at https://www.rsaconference.com/speakers/james-tarala (RSA) for numerous years and has enjoyed the chance to bring the experiences from working hands on with organizations into RSA sessions. James has spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often performs independent security audits and assists internal audit groups in developing their internal audit programs. He has provided valuable resources for information security professionals through http://www.auditscripts.com (Audit Scripts), a child

SANS Senior Instructor https://www.linkedin.com/in/ericconrad/ (Eric Conrad) is the lead author of https://www.sans.org/course/sans-plus-s-training-program-cissp-certification-exam (SANS MGT414: SANS Training Program for CISSP® Certification), and coauthor of both https://www.sans.org/course/continuous-monitoring-security-operations (SANS SEC511: Continuous Monitoring and Security Operations) and https://www.sans.org/course/web-app-penetration-testing-ethical-hacking (SANS SEC542: Web App Penetration Testing and Ethical Hacking). He is also the lead author of the books the https://www.amazon.com/CISSP-Study-Guide-Third-Conrad/dp/0128024372 (CISSP Study Guide), and the https://www.amazon.com/dp/0128112484/ref=la_B003GX931K_ob_2?s=books&ie=UTF8&qid=1507226651&sr=1-2 (Eleventh Hour CISSP: Study Guide). Eric's career began in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, e

https://www.linkedin.com/in/johannesullrich/ (Dr. Johannes Ullrich) is currently responsible for the https://isc.sans.edu/ (SANS Internet Storm Center (ISC)) and the https://www.giac.org/certifications/gold (GIAC Gold program). In 2000, he founded https://secure.dshield.org/ (DShield.org), which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a PhD in physics from SUNY Albany and is based in Jacksonville, Florida. His https://isc.sans.edu/podcast.html (daily podcast) summarizes current security news in a concise format. In this episode we discuss his start in physics and switch to cyber security, building the SANS Internet Storm Center, security challenges posed by the cloud, https://www.sans.org/instructors/

https://www.linkedin.com/in/jorgeorchilles/ (Jorge Orchilles), author of https://www.amazon.com/Microsoft-Windows-Administrators-Reference-Upgrading/dp/1597495611/ref=cm_cr_pr_product_top (Microsoft Windows 7 Administrator’s Reference), holds a Masters of Science in Management Information Systems from Florida International University, leads a security team in a large financial institution, and serves on the board of the Information Systems Security Association South Florida Chapter. Jorge has been involved in the Information Technology field since 2001. Realizing his passion for IT, he founded The Business Strategy Partners – IT Consultants branch in 2002 and eventually went on to http://www.verizonenterprise.com/industry/public_sector/federal/contracts/gsa_mas/terremark/ (Terremark (now Verizon)) as a system administrator. He developed a interest in Information Security and was eventually promoted to a Security Operations Center (SOC) Analyst position. After a year of defending critical infrastructure for fe

https://www.linkedin.com/in/davidkovar/ (David Kovar) is the President and founder of http://www.kovarllc.com/ (Kovar & Associates) where he leads the development of URSA – http://www.kovarllc.com/solutions-2/ (Unmanned & Robotics Systems Analysis) – a suite of tools designed to collect, integrate, analyze, and present UAV related data for many purposes including fleet management, criminal investigations, failure analysis, and predictive analysis. He also leads the firm’s consulting practice which addresses UAV cyber security and UAV threat management. David founded the practice of UAV forensics in 2015 and is one of the leading practitioners in the country. David has worked in digital forensics and cyber security since the mid 90’s and, prior to founding his own company, led EY’s U.S. incident response program. David earned a BA from Dartmouth in Computer Science and will receive an MA from the Fletcher School at Tufts in International Affairs this summer. David’s Master’s thesis is entitled “Defendi

https://www.linkedin.com/in/harlan-carvey-86a8694b/ (Harlan Carvey) is currently the Director of Intelligence Integration at https://www.nuix.com/ (Nuix). Harlan has been involved in information security for 28 years, which began during his military career. After leaving active duty 20 years ago, he started in consulting, performing vulnerability assessments and penetration testing. From there, it was a natural progression to digital forensics and incident response services. Harlan is an accomplished public speaker and a prolific author. He is the author of several open source tools, including https://github.com/keydet89/RegRipper2.8 (RegRipper), and is the author of the http://windowsir.blogspot.com/ (WindowsIR blog). In this episode we discuss his start in information security, windows registry forensics, new artifacts, the importance of communications, mistakes examiners make, ransomware, the commonalities between information security and home beer brewing, so much more. Where you can find Harlan

https://www.linkedin.com/in/perrycarpenter/ (Perry Carpenter) currently serves as Chief Evangelist and Strategy Officer for https://www.knowbe4.com/ (KnowBe4). Previously, Perry led security awareness, security culture management, and anti-phishing behavior management research at http://www.gartner.com/technology/home.jsp (Gartner Research), in addition to covering areas of IAM strategy, CISO Program Management mentoring, and Technology Service Provider success strategies. With a long career as a security professional and researcher, Perry has broad experience in North America and Europe, providing security consulting and advisory services for many of the best-known global brands. His passion is helping people make better security decisions by applying strategic behavior and culture management practices to the intersection of technology and humanity. Perry holds a Master of Science in Information Assurance (MSIA) from Norwich University in Vermont and is a Certified Chief Information Security Officer (C|

https://www.linkedin.com/in/kalember/ (Ryan Kalember) has over 15-years of experience in the information security industry. Ryan currently leads cybersecurity strategy for https://www.proofpoint.com/us (Proofpoint) and is a sought-out expert for media commentary on breaches and best practices for enterprises as well as consumers. He joined Proofpoint from WatchDox where he served as chief marketing officer and was responsible for successfully building and leading the marketing team through the company’s acquisition by Blackberry. Prior to WatchDox, Ryan was instrumental in running solutions across Hewlett-Packard’s portfolio of security products. He has also held a variety of marketing leadership positions at ArcSight and VeriSign including EMEA regional manager. Ryan received his bachelor's degree from Stanford University, where he studied fault tolerance, cryptography, and authentication algorithms. In this episode we discuss his start in cyber security, his transition to marketing and product management, t

https://www.linkedin.com/in/jobertabma/ (Jobert Abma) is a co-founder and technical lead at https://www.hackerone.com/ (HackerOne), one of the leading bug bounty service platforms. He is an avid hacker, developer and advocate for transparent and safe vulnerability disclosure. He and co-founder https://www.linkedin.com/in/michiel3/ (Michiel Prins) have been named one of https://www.forbes.com/pictures/gjjh45khmk/jobert-abma-26-and-mic/#29732699479b (Forbes 30 under 30 for 2017 in tech). As a hacker himself, Jobert has reported critical vulnerabilities to GitLab, Yahoo, Slack, Snapchat among others. Before founding HackerOne, he was a successful penetration tester for a company he founded with customers included: Twitter, Facebook, Evernote and Airbnb, among others. He studied Computer Science at Hanze University Groningen. In this episode we discuss his early hacking days, how he turned hacking into a job, why he started HackerOne, secure software development, lessons learned as a founder, Internet of Thi

https://www.linkedin.com/in/josephcarson (Joseph Carson) is a cyber security professional and ethical hacker with more than 25 years’ experience in enterprise security specializing in blockchain, endpoint security, network security, application security & virtualization, access controls, and privileged account management. He currently serves as Chief Security Scientist at https://thycotic.com/ (Thycotic). Joseph is a Certified Information Systems Security Professional (CISSP), active member of the cyber security community, frequent speaker at cyber security conferences globally, and is often quoted and contributes to global cyber security publications. He is also the author of https://thycotic.com/resources/wiley-dummies-privileged-account-management/ (Privileged Account Management for Dummies). Joseph regularly shares his knowledge and experience by giving workshops on vulnerabilities assessments, patch management best practices, and the evolving cyber security perimeter and the EU General Data Prot

This is a solo episode between interviews. I have been doing IT and security consulting for a long time. Over this time, I have noticed a few things that are worth noting when hiring a security consultant. In fact, I would say until you perform some basics and perform some due diligence on your own, don't hire me or any other security consultant. Yes, this seems a little counter intuitive for me to say, "Don't hire me," but there are many common elements I see in environment after environment both on the proactive and responsive engagements. This episode will touch on some of these elements and is by no means all inclusive. The take away is to get to know thy self and do your home work!  

http://brettshavers.cc (Brett Shavers) is a consultant to corporations and government agencies in computer related cases as well as being the author of "https://www.amazon.com/Placing-Suspect-Behind-Keyboard-Investigative/dp/1597499854/ref=la_B00C8B490Q_1_4?s=books&ie=UTF8&qid=1501108551&sr=1-4 (Placing the Suspect Behind the Keyboard)", co-author of "https://www.amazon.com/Hiding-Behind-Keyboard-Uncovering-Communication/dp/0128033401/ref=la_B00C8B490Q_1_2?s=books&ie=UTF8&qid=1501108551&sr=1-2 (Hiding Behind the Keyboard)" and co-author of the “https://www.amazon.com/X-Ways-Forensics-Practitioners-Guide-Shavers/dp/0124116051/ref=la_B00C8B490Q_1_1?s=books&ie=UTF8&qid=1501108551&sr=1-1 (X-Ways Forensics Practitioner's Guide)." Brett began his career as a digital forensics investigator in law enforcement and was trained by the Federal Law Enforcement Training Center, the US Department of Homeland Security, the https://www.nw3c.org/ (National White Collar Crime Center), and a m