Claim OwnershipResilient Cyber
Subscribed: 27Played: 479
Subscribe
© 2024 Resilient Cyber
Description
Resilient Cyber brings listeners discussions from a variety of Cybersecurity and Information Technology (IT) Subject Matter Experts (SME) across the Public and Private domains from a variety of industries. As we watch the increased digitalization of our society, striving for a secure and resilient ecosystem is paramount.
125 Episodes
Reverse
- For those don't know your background or Nucleus Security, can you start by telling us a bit about both?- You have experience and a background in the Federal environment, and Nucleus recently achieved their FedRAMP authorization, can you tell us a bit about that process?- When you look at the Federal/Defense/IC VulnMgt landscape, what are some of the biggest problems from your experience and where do you think innovative products and solutions can help?- Going broader, we have seen a recent ...
- You recently presented at Wiz's MisCONfigured at RSA, where you covered some of the most relevant cloud threats and risks, can you touch on what some of those are?- We know Wiz just announced a massive capital raise and there's been talks about M&A plans for Wiz, I know you help with looking at potential products/firms - what are some key things you look at?- When you acquire a new product and team, how does it look to ensure there is a smooth integration with the Wiz team and platform?...
- First off, for folks not familiar with your background can you tell us a bit about your background from your journey in your earlier IT/Cyber and military time to eventually being a Founder and CEO?- What made you decide to take that leap and found not just one, but two cybersecurity companies, moving from being a practitioner?- What did you find to be some of the biggest challenges when transitioning from practitioner to business owner?- Have you had to navigate working on versus in the bu...
- First off, for folks that don't know you can you give them a brief overview of your background/organizations?- Josh, let's start with you. Can you explain some of what is going on with the drama around NVD and what happened that caught everyone's attention?- Dan - I know you've raised concerns around the implications for the community when it comes to the lack of CVE enrichment, how do you see this impacting the vulnerability management ecosystem?- Josh - Your team has started providing som...
- It is often now said that identity is the new perimeter, why do you think that phrase has taken hold and what does it mean to you? - How much do you think the complicated identity landscape plays a role, for example most organizations have multiple IdP's, as well as external environments such as SaaS and so on that they have identities and permissions tied to - It often feels like SaaS is overwhelmingly overlooked in both conversations about Cloud Security as well as softwar...
- First off, you have an incredible background evolving from software engineer to management roles and ultimately a CISO for some of the industry leading organizations such as Siemen's and HP. I would love to hear about that journey and how you found yourself ultimately becoming an industry leading CISO along the way. - How do you think the CISO role has changed over the years? We're hearing more about speaking the language of the business, potential legal liability, new SEC rules and mo...
- What are some of the most interesting developments in the world of software supply chain security (SSCS) in the last 12 months or so?- It's now been a couple of years since the major fall out of notable incidents such as SolarWinds and Log4j, do you feel like the industry is making headway in addressing software supply chain threats?- For organizations either just starting or looking to mature their software supply chain maturity, where are some key areas you recommend organizations focus t...
- First off, for folks not familiar with your backgrounds, can you please each tell us a bit about yourselves?- Let's set the table a bit, what is software liability and what is driving the increased calls for it? For example the recently released National Cyber Strategy, and commentary by U.S. leaders such as from CISA's Jen Easterly- What are some examples the software industry can pull from to try and establish a foundational liability regime?- What are some of the unique challenges that m...
- First, please tell us a bit about your background and how you got into the role you are now in your career? What drew you to the marketing side of cybersecurity?- I have to be honest, many in the cyber practitioner community often bemoan cyber marketers, often citing poor tactics or interactions. What do you think has contributed to this systemic feeling and how do you think we get past it?- You've talked about how there is a lot of trash marketing out there and its a threat to national sec...
- Let's start off by discussing everyone's favorite topic, vulnerability management. When it comes to AppSec, obviously there's been a big push to "shift security left" which comes with CI/CD pipelines, SAST, DAST, Secrets Scanning, IaC scanning etc. How have you handled scaling AppSec effectively without burdening Dev teams with massive vulnerability lists and being a blocker for production and delivery? - There's a lot of tools to choose from, across a lot of various categories, from s...
- First off, tell us about your journey to the role of the CISO. What did that look like, what steps did you take, what helped prepare you and so on?- To many, the CISO is considered the pinnacle of the cyber career field. How did it feel when you landed the role and looking back a year now, what are some thoughts that come to mind?- We know as you become more of a senior leader, you get less into the nuance and details of the technical activities and more focused on strategy, vision, organiz...
- First off, tell us a bit about your background and how you got to where you are now in your career- What led you to write the book? Tell us a bit about the process and the experience so far, given you didn't take a traditional route with a standard publisher etc- Your book is broken into different sections, such as security as an industry, understanding the ecosystem and trends shaping the future of cyber. Lets dive into some of those- You talk about how Cyber is horizontal, not vertical an...
Chris: I have been following your research for several years now, dating back to your role before Chainguard. As you have watched the conversation around Software Supply Chain Security unfold in the industry, do you feel like we're making positive headway?Chris: You have done a lot of research into software supply chain security, and of course SBOM's. One recent study you took a look at the quality of SBOM's in the OSS ecosystem, compared to say the NTIA defined minimum elements for SBOM. Can...
You hold a variety of roles, from advisor, podcast host, CISO and have a great industry presence. How do you juggle it all, and what drives you to do so much?You recently spoke about emotional intelligence; do you feel it is overlooked in tech and cyber?You speak a lot about leadership in Cybersecurity. What are some of the characteristics you think are the most important for the modern cyber leader?We know you often dive into Cloud security. You recently made some comments about SaaS Securit...
When you look at the state of the Open-Source Software (OSS) ecosystem, what do you think some of the biggest problems are?Why do you think we're now starting to see so much increased attention on the Software Supply Chain?When it comes to OSS maintainers and contributors, typically this is all done voluntarily and uncompensated in many cases. How is Tidelift looking to changing that paradigm?What are some recommendations you have for organizations as they start to try and get a handle on the...
We know you’ve held several executive roles, we would love to hear your perspective regarding balancing business and organization leadership with the technology sideYour recently testified before Congress regarding FISMA reform. Why do you feel this reform is so needed and what do you feel in particular would make the biggest impact? What advice would you have for technology professionals who want to advance to executive roles like you've held? What do you think we as an industry ca...
Nikki - What does EDR look like right now and where is it going?Nikki - What are the differences between typical A/V and EDR?Chris - What role do you see EDR playing in the push for Zero Trust? Nikki - How do you integrate EDR into your environments and how do you feel about using EDR with SIEMs?Chris - Do you feel that the boon for working from home has impacted the EDR space?Nikki - Can you talk a little bit about what DLP is and how it relates to EDR roll outs?Chris - Building on EDR,...
Nikki - Please tell us a little bit about your dissertation and why you felt like drone forensics needed further research?Chris - We know you have a Doctorate where your focus was UAV systems forensics framework. My background is largely with DoD which is increasingly embracing UAV/Drones etc. Are there any major security concerns a community like that should consider as they embrace these technologies?Nikki - Do you feel like there is still a need to create more comprehensive policies and fr...
Given your wide range of experience with AWS and cloud security - what would you say are some of the most common types of attacks for cloud platforms? What would you say are the top three skills someone should work on if they're interested in a career on a Red Team or as a penetration tester? Are there some really good resources or open-source tools you recommend for anyone learning about offensive security?Shifting to Purple Teaming, how does Purple Team differ from traditional Pen...
For those unaware, what exactly is an SBOM, and why is it so important?One of the presentations you gave mentioned that software supply chain attacks shouldn't be discussed as "emerging threats" - these really have been going on for years. Why do you think we still talk about it as an emerging threat or something novel? We know you've recently talked about an effort dubbed "VEX" which seeks to add context to SBOM information. How is this valuable and how can it be used to reduce ri...
Comments
Download from Google Play
Download from App Store
United States