Tuesday Morning Grind: A Cybersecurity Podcast

Mark Weatherford, Homeland Security Cybersecurity Deputy Under President Obama talks about Cyber Risk and Leadership Mark Weatherford has a long career in public service including serving in Homeland Security and CISO for the state of California and Colorado. In this episode of Tuesday Morning Grind, Mark and Christian discuss cyber risks, cybersecurity legislation, and leadership in the public sector. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

Gerald Auger is the host of Simply Cyber, an information security YouTube channel designed to help individuals go further, faster in the information security field. He’s also the Director of Cybersecurity Education at ThreatGEN™. Christian and Gerald discuss his passion for the information security field which led to the creation of Simply Cyber, handling breaches, how to talk to executives about security, and what’s missing from the field for it to work better. They also talk about Gerald’s new adventure into ThreatGEN™ and the gamification of cybersecurity education. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

How to make a business case as a CISO, attract talent and tell a story in cyber. Rock Lambros is the CEO & Founder of RockCyber. In this episode of Tuesday Morning Grind, Rock and Christian discuss how to make a business case to C-suite executives, how to attract top-tier talent in a virtually zero unemployment industry and how to tell a story so employees can understand cyber issues and risks. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

Gary DeMercurio was arrested for breaking into a courthouse in Iowa.    Gary DeMercurio is a master at physical security. He breaks into buildings and tells the owners how he did it so they can improve their security posture. In 2019, he was arrested in Iowa after breaking into a courthouse. In this episode of Tuesday Morning Grind, Gary and Christian discuss how it all went down and lessons learned from the event. They also discuss some of the tactics used in physical penetration test engagement.     About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

What it takes to grow a hyper growth start-up, lead people, and the courage to take your shots. Dinah Davis is the VP of R&D Operations at Arctic Wolf. She has helped the organization scale from 35 to nearly 1500 employees. In this episode of Tuesday Morning Grind, Dinah and Christian discuss practical lessons on leadership, Dinah’s journey as a women in technology leadership, cybersecurity trends, and the incredible value in finding the courage to take your shot. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx.  You can learn more about risk3sixty at www.risk3sixty.com.

Privacy considerations in the world of healthcare, emerging tech, and regulation. From regulations like HIPAA, GDPR, and CPRA to home listening devices -- Kate and Christian discuss the future of privacy and the potential implications for businesses and individuals. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

Four of the World’s Top Hackers Talk Cyber War, Spying, Hacking, Privacy, and Life  The impacts of technology on our society are further reaching that we yet understand. As our society increases screen time, connects our home, our cars, and ourselves to the digital universe both practical and philosophical questions must be answered. Questions of cyber conflict, privacy, digital interaction, and what it means to be human all emerge. In this episode of Tuesday Morning Grind, four of the world’s top hackers discuss some of these questions at length.  Connect with the hackers in this episode: Chris Roberts: https://www.linkedin.com/in/sidragon1/ Luke “Pyr0” McOmie: https://www.linkedin.com/in/lmcomie/ Mike Weber: https://www.linkedin.com/in/webermike/ Mike “The Haunted Hacker” Jones: https://www.linkedin.com/in/mikejonesnotanalias/  About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

Crypto - What are the threats and opportunities?   There are big threats and even bigger opportunities in the world of crypto right now. New technologies, huge upside investment, software vulnerabilities, bugs, world changing payment solutions, and criminal organizations – all exist and thrive in the same environment. In this episode of Tuesday Morning Grind, Lance, Sawyer, and Christian discuss blockchain technology and crypto.   About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

We are seeing the highest volume of cyber attacks we have ever seen.   Raj has briefed heads of state, CEOs, and politicians on cybersecurity. During his time a chief scientist at McAfee he was responsible for understanding the thread landscape, researching emerging threats, and perhaps most importantly – mastering the human side of cybersecurity – emotion, self-interests, fear, and geo-politics. In this episode of Tuesday Morning Grind, Raj and Christian discuss the current state of cybersecurity, emerging trends, and the human side of cybersecurity.   About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.   Books Recommended in this Episode: What Everybody is Saying by Joe Nevarra   Whitepaper by Raj: Hacking the Human Operating System

Learn how to take your security assessments to the next level by implementing a few best practices.  Jo is an author, teacher, and life long internal auditor. She has spent her career thinking about risks and helping communicate those risks to executives. In this episode of Tuesday Morning Grind, Jo and Christian discuss how principles of “total quality auditing” can be used to execute better security assessments. They talk about selecting risk based projects, communication issues, report writing, and driving organizational change.  About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.  Book Recommendation from this episode: Total Quality Auditing  Check out training and education: https://www.auditconsultingeducation.com/total-quality-auditing/

Jax Scott breaks down the latest trends with security and compliance in the federal space.  Jax is an security and compliance expert in the federal space, co-author of the book “Cybersecurity Career Masterplan”, podcaster, and entrepreneur. In this episode of Tuesday Morning Grind, Jax and Christian break down the latest news with CMMC compliance. They also talk about how to get a job in cybersecurity and talk about trends related to diversity.  About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com. Book Recommendation from this episode: Cybersecurity Career Masterplan

Security leaders must have strong business acumen if they want to be successful. Otherwise, they are destined to the child’s table within the leadership ranks at their organization. Security programs must align the organization’s most important business objectives. This is a fact that all successful security leaders must understand. In this episode of Tuesday Morning Grind, Matthew and Christian discuss business topics that every security leader needs to know to successfully serve their organization – and how business is directly linked into cybersecurity.  Book Recommendation: CISO Evolution by Matthew Sharp (https://www.cisoevolution.com/)  About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

This is everything you need to know to get PCI DSS certified in 2022.   Chris Donaldson is a PCI Expert and the PCI Practice Leader at risk3sixty. Chris has helped organizations from start-ups to Fortune 10 achieve PCI certification. In this episode of Tuesday Morning Grind, Chris and Christian talk through everything a company needs to know to begin their PCI certification journey.   Featured How to Guide: How to Get PCI Certified   Featured Book or Resource: risk3sixty’s PCI DSS e-book   About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

CJ DuBe' has helped over 110 companies implement habits to run a better business. She also shares her #1 tip for success – the Level 10 Meeting™.  CJ DuBe' is an expert in helping companies implement the Entrepreneurial Operating System® (EOS®) made famous by the book Traction by Gino Wickman. CJ says at the heart of EOS is the ability to help manage and focus human energy. Through setting vision, establishing meet rhythms, getting the right people on the team doing the right jobs and a host of other activities – CJ helps companies thrive. In this episode of Tuesday Morning Grind, CJ and Christian explore a few aspects of an EOS and share practical tips to get started building a better company.   Featured How to Guide: How to Run a Better Meeting   Featured Book or Resource: Check out the book “Traction” and the free resources and templates at EOS Worldwide.   About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

Chris Roberts shared his journey from hacker to security researcher in a quest to change the digital landscape for the better.  Chris Roberts is a hacker, security researcher, and thought leader. Chris worked for both the private sector as well as the government and intelligence agencies on cybersecurity projects and research initiatives. In this episode of Tuesday Morning Grind, Chris and Christian explore the world of cybersecurity research, discuss issues of individual rights and privacy, and consider the future.  Book Recommendation from this Episode: Verbal Judo  How to guide from this Episode: How security researchers leverage their curiosity to break things and turn lessons learned into cybersecurity research projects.  About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

George Finney, CISO at SMU and Author of Well Aware, discusses the 9 habits of building cybersecurity awareness.  George Finney is the CISO at Southern Methodist University and the author of the book Well Aware. In this episode of Tuesday Morning Grind, George and Christian discuss the challenges of building cybersecurity programs for Higher Education, cybersecurity threats, careers in cybersecurity, and why we are excited about the future.  About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

Brian Levine tells the story of a 10 year journey to catch the Bayrob group hackers.   Brian Levine is a former Department of Justice coordinator that participated in the 10-year journey to catch the Romanian hacker group that would come to be known as the Bayrob group. In this episode of Tuesday Morning Grind, Brian and Christian discuss the details of the case.   About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

John Bordwine, AVP Product & Cloud Compliance at Hyland, shares his insight on leveraging security compliance to manage risk.   John Bordwine is the AVP Product & Cloud Compliance at Hyland. Prior to Hyland, John held leadership positions at Citrix and Symantec. In this episode of Tuesday Morning Grind, John and Christian discuss how building a security compliance program isn’t about “check the box” activities – it’s about helping the organization manage risk. John shares his insight on building teams, navigating compliance programs, and practical techniques to use compliance requirements to reduce cyber risk.   About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

This is a special episode of Tuesday Morning Grind. We are coming up on 50 episodes as well as the Thanksgiving holiday. Today, I’d like to look back on our 50 episodes to date, and surface a few of the most memorable insights I’ve learned from the incredible array of guests we’ve had on the show. We’ll cover lessons learned about entrepreneurship, cybersecurity, and more. Time Stamps: [0:47] Kennet Westby from Coalfire - Identify Where There's Opportunity [1:49] Justin Nassiri from Captivate.ai - You Have to Put in Work to Get Added Value [2:36] Mike Meyer from SalesLoft - Celebrate the Wins [3:21] Colonel Rob Campbell - It's Personal, Not Personnel [5:22] Brooklyn Dicent - Telling Stories to Test Your Material [6:18] Trent Russel - Using Podcasting to Build B2B Relationships [7:49] Nikole Davenport from HITRUST - Why Does Privacy Matter? [8:51] Jeremy Garcia from LinuxQuestions.org - Technology Erodes Privacy [10:07] Daniel Solove - Meaningless Privacy Measures and Innocuous Information [11:48] Kelly Haxton, a former US Special Agent - Advice to Prevent Fraud [13:23] Paulo Shakarian - Cybersecurity and Machine Learning Data Analytics [14:56] Luke McOmie, aka the hacker Pyr0 - 3 Attributes of a Great Security Practitioner [16:58] Pete Strouse - How to Break Into the Cyber Security Field We at risk3sixty are so excited about the road ahead. And I’m excited to continue to bring you more great episode of Tuesday Morning Grind in the months ahead. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

Ryan Denehy, Founder and CEO of electric.ai, shares lessons learned from being an entrepreneur, successfully exiting 3 companies, and cybersecurity.  Ryan Denehy is the Founder and CEO of electric.ai. Prior to Electric, Ryan has started and sold three companies, most recently to Groupon. In this episode of Tuesday Morning Grind, Ryan and Christian discuss entrepreneurship, building teams at scaling organizations, and how cybersecurity is impacting companies of all sizes.  About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.