DiscoverThe Well Aware Security Show
The Well Aware Security Show
Claim Ownership

The Well Aware Security Show

Author: George Finney

Subscribed: 4Played: 103


Humans are the key to solving our cybersecurity challenges…but first we need them to be Well Aware. The Well Aware Security Show is hosted by George Finney, CISO for SMU and author of the award winning book, Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future. Security is in your DNA…so be Well Aware!
29 Episodes
When do we get a seat at the big kids table and how do we know what to say when we get there? Our guest this week, The Security Catalyst, Michael Santarcangelo joins us to talk about how we can better prepare our teams for success and then prepare them to stay successful.
Artificial Intelligence is perhaps the second biggest buzzword in cybersecurity, behind Zero how do you know whether a product is the next Skynet or just a thousand outsourced hourly employees in another country? My guest this week helps break down fiction from reality when it comes to AI/ML in Cybersecurity tools. DJ Sampath is the Co-founder & CEO of Armorblox. Prior to Armorblox, DJ helped found StackRox, a sequoia-backed container security startup, where he was the Chief Ar...
How do you hack a car and not get sued for it?  Application security is probably at the forefront of people's minds for 2022 and rightly so! My guest this week, Ted Harrington, has answers. Ted was a part of one of the first groups that hacked a car and is currently the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for hacking cars, medical devices, and password managers. 
Threat Modeling isn't the newest fashion craze hitting the Paris catwalks. It's the process you go through to understand what you're protecting yourself from before you decide what controls need to be in place. And our guest this week, Adam Shostack, literally wrote the book on Threat Modeling.Get the whitepaper here, no registration required: hear more from Adam, reach out to:
There's a lot of marketing hype out there about how to create a culture of cybersecurity, but we wondered...can you change your culture with security awareness training? To find out, we asked Kate Brett Goldman, CEO of The Cybermaniacs what works and what doesn't when it comes to working with your humans.
Ok, it is a podcast about deception. And we think Deception is something that doesn't just belong to the history books or the battlefield, it belongs on your network. Rob Black is the deputy director of the UK National Cyber Deception Laboratory and is passionate about making deception something that everyone can do in their networks.
There are a huge number of job openings in cybersecurity right now...but there are also a huge number of veterans out there looking to get their start in the civilian world. Jeff Schilling, Global CISO for Teleperformance joins us this week to talk about his own journey from being in the Army to being a CISO, and has some tips for hiring managers for bringing more veterans into a career in cyber!
What does Zero Trust mean? Who better to answer the question than the guy who created it...John Kindervag, currently the SVP for Cybersecurity Strategy at On2IT who offers the worlds first Zero Trust as a Service (ZTaaS) offering.
What does Zero Trust mean? Who better to answer the question than the guy who created it...John Kindervag, currently the SVP for Cybersecurity Strategy at On2IT who offers the worlds first Zero Trust as a Service (ZTaaS) offering.
How do we break the Cybersecurity Poverty Line? We asked Scott Schindler, vCISO Director for Tracepoint, who specializes in supporting security for small to medium enterprises to find out whether it's really just about lack of funding...or if there's something more fundamental that's needed to protect smaller organizations.
Everyone talks about Cybersecurity Culture, but if you asked 100 people for a definition, you'd probably get 200 answers. Which is why this week we're talking to Dr. Keri Pearlson, Executive Director of the research group Cybersecurity at MIT Sloan (CAMS) who has focused her research around cybersecurity culture at organizations across the globe. 
Want to know how to get started in your cybersecurity career? Want to hire some of those people getting started in cybersecurity? We asked our guest this week, Zach Vinduska US CISO for Credera, what we can do differently about recruiting the next generation of security talent and how we can sustain their careers for the next 30 years.
You may have heard of the MITRE ATT&CK framework, which helps network defenders understand the methods attackers use to penetrate networks. But have you heard of ENGAGE? This week, we welcome back MITRE's chief mad scientist for deception, Dr. Stanley Barr, who talks about how MITRE is engaging the community to create a framework help defenders disrupt adversaries.
"No security person really works in security,” says Andy Bennett, VP of Technology and CISO for the Apollo Information Systems. There's a reason we say People, Process, and Technology - people always come first. We build cars, we are bankers, we are educators...and being secure means knowing the business and building relationships with the other humans we work with. 
ISC2 last year reported that almost 70% of workers surveyed in the US and UK wouldn't want to work in security. This week, we discuss whether we have a cybersecurity skills shortage or whether what we actually have is a cybersecurity leadership shortage.  My guest this week is Brian Mork, CISO for Westinghouse, advocate for Hacking Is Not A Crime (#HINAC), and Co-Founder of Team Cryptolingus. Brian has some interesting thoughts you will not want to miss!
The cybersecurity habit of the week is Community.  Lots of conferences bill themselves as being "For CISOs, by CISOs" but many don't actually live up to the billing of being run or created by CISOs. Randy, Jamin, and Cecil are hoping to change that when it comes to cybersecurity conferences. And along the way, they're hoping to improve their community for the better as well by donating a portion of their proceeds to charity.
How do you know when you're in the Goldilocks zone when it comes to security? Not too much or not too little? We think it's by making sure security is aligned with the business. Our guest this week is Jason Fruge. Jason is the CISO for Rent-A-Center, and this is his 4th CISO role. Jason has held CISO roles at retail and healthcare technology companies and was a Global Group Information Security Officer at Citibank as well.
There are millions of unfilled jobs in the cybersecurity industry today...what do we need to bridge that gap? Our guest this week is Val Mukherjee, Chairman and Founder of the Cyber Future Foundation. This week, CFF announced a partnership with Cybrary and Safal Partners to provide free training within Cybrary's platform. This partnership will enhance CFF and Safal's cybersecurity apprenticeship program with the US Department of Labor. We all need to work together to secure our future!
We know that there's a huge talent shortage in cybersecurity, which leads to high turnover. This makes succession planning even more important because we know that we have to manage the "churn" on top of everything else. Veteran CISO and Cyber Luminary Malcolm Harkins joins the show to talk about how important succession planning really is, how to do it really well, what to do when you mess up. As Malcolm says, "You can't talk you way out of something you behaved yourself into."
The biggest complaint I hear from people about security training is that it’s a waste of their time. And if you’re doing a 5 minute awareness video once a year to check a compliance box, you probably are wasting your employee’s time. Our guest this week, Ashley Rose, is the CEO of Living Security and her philosophy is to empower people to change their behaviors...and along the way make it fun and engaging as well. 
Download from Google Play
Download from App Store