In this episode of the Security by Default podcast, host Joe Carson speaks with Secretary Harry Coker Jr. about his journey into cybersecurity, the importance of mentorship, and the challenges faced in leadership roles. They discuss the evolving role of AI in government and cybersecurity, the significance of resilience in the face of failures, and personal interests that help them unplug from their busy lives. The conversation emphasizes the need for clarity in chaos and the importance of learning from every experience.

Takeaways

• Bringing clarity to chaos is essential for success.
• Mentorship plays a crucial role in career development.
• Every day in leadership presents new challenges and opportunities.
• Learning from both successes and failures is vital.
• Trust but verify is a key principle in leadership.
• AI is transforming government operations and cybersecurity.
• Cyber resilience is becoming more important than ever.
• Personal interests help leaders to unplug and recharge.
• Success is often shared, while failure is solitary.
• The human element must remain in AI decision-making.

Chapters

00:00 Introduction to Cybersecurity and Personal Journeys

06:05 The Importance of Mentorship and Teamwork

11:48 A Day in the Life of a Cybersecurity Leader

17:51 Lessons Learned from Challenges and Failures

21:53 The Impact of AI on Cybersecurity and Governance

29:42 Personal Interests and Unplugging from Work

Resources

The following books and resources were mentioned:

1. "Character" by retired U.S. Army General Stan McChrystal - Harry Coker mentioned he started reading this book and found it insightful, particularly about self-awareness and challenging oneself.
2. "The Power of Now" - Joseph Carson mentioned this book as one he was recommended to read and was working towards.

In this special edition episode of the Security by Default podcast, Mikko discusses his extensive career in cybersecurity, his transition to a new role in drone defense, and the innovative Museum of Malware that showcases the intersection of art and cybersecurity. He reflects on his journey, memorable experiences, and the importance of storytelling in engaging audiences

Takeaways

• Mikko's alternative career choice was journalism.
• He started in programming and transitioned to cybersecurity.
• Keynote speaking at Black Hat involves storytelling.
• Experience reduces anxiety in public speaking.
• The Omega virus was Mikko's first memorable malware.
• The Museum of Malware archives the history of cyber threats.
• The museum features art inspired by malware and cyberattacks.
• Mikko is transitioning to a drone defense company.
• He sees parallels between cybersecurity and drone defense.
• Mikko expresses gratitude for his 34 years in the cybersecurity industry.

Resources:

https://www.withsecure.com/en/experiences/museum-of-malware-art

In this episode of the Security by Default podcast, Joseph Carson and Evandro Goncalves discuss the critical topic of machine identities also known as non-human identities (NHI), exploring their definitions, challenges, and best practices for management. They delve into the complexities of managing non-human identities in cybersecurity, emphasizing the importance of visibility, risk management, and the principle of least privilege.

The conversation also highlights experiences from the NATO Lock Shield event, showcasing the real-world implications of identity security. Evandro shares insights on staying updated in the cybersecurity field and the importance of hands-on learning.

Takeaways

• The podcast aims to make security accessible to everyone.
• Machine identities are non-interactive identities used in IT environments.
• Organizations may have up to 80 machine identities for every human identity.
• Visibility and management of machine identities are significant challenges.
• Over-privileged accounts are a common issue in organizations.
• Applying the principle of least privilege is crucial for security.
• Communication and coordination are vital during cybersecurity events.
• Hands-on experience and laboratories are effective for learning new technologies.
• Staying updated with threat reports is essential for cybersecurity professionals.
• Networking through platforms like LinkedIn is beneficial for knowledge sharing.

Keywords

machine identities, cybersecurity, identity security,

non-human identities, security management, best practices, NATO Lock Shield,

visibility, risk management, zero trust

In this episode of the Security by Default podcast, host Joe Carson interviews Hieu Minh Ngo, a former cyber-criminal turned cybersecurity advocate. Hieu shares his journey from a curious teenager in Vietnam to a successful hacker, his time in prison, and his eventual redemption as he now works to help others avoid the pitfalls he faced. He discusses the importance of honesty, mentorship, and using one's skills for good, emphasizing the need for awareness in cybersecurity and the potential for change in the lives of young hackers.

Takeaways

• Hieu Minh Ngo transitioned from a cyber-criminal to a cybersecurity advocate.
• His journey began with curiosity about computers and the internet.
• He faced severe consequences for his hacking activities, including imprisonment.
• Prison became a time for self-reflection and personal growth for Hieu.
• He emphasizes the importance of being honest with oneself.
• After prison, he was recruited by the Vietnamese government for cybersecurity work.
• Hieu now mentor’s young hackers to use their skills for good.
• He believes in the power of community and positive influences.
• Hieu encourages young hackers to participate in bug bounty programs.
• He stresses that good things will happen when you do the right thing.

Chapters

• 00:00 Introduction to Cybercrime and Transformation
• 11:56 The Journey from Hacking to Cybersecurity
• 23:48 The Dark Web and Identity Theft
• 29:46 Finding Purpose in Prison
• 31:41 The Journey to Redemption
• 35:59 Consequences and Redemption
• 37:27 Life After Prison: A New Beginning
• 42:31 Using Skills for Good
• 49:23 Awards and Recognition
• 51:22 Future Aspirations and Mentorship

In this episode of the Security by Default podcast, host Joe Carson speaks with Filipi Pires, a cybersecurity expert with a diverse background in both technical and sales roles. They discuss Filipi's journey into cybersecurity, the importance of identity in security, and the challenges organizations face with misconfiguration. The conversation also covers tools and techniques used in cybersecurity research, the significance of observability, and the need for continuous learning in the field. Filipi shares insights on community engagement and the importance of respecting the journey in one's cybersecurity career.

Takeaways

• Identity is a central theme in cybersecurity.
• Misconfiguration is a leading cause of security issues.
• Continuous learning is essential in the cybersecurity field.
• Tools should be used to understand techniques, not just for their own sake.
• Community engagement is vital for knowledge sharing.
• Phishing remains a simple yet effective attack method.
• Legacy software poses significant risks to organizations.
• Observability is crucial for effective security management.
• Respecting the journey in cybersecurity is important for growth.

Chapters

• 00:00 Introduction to Cybersecurity Journey
• 02:49 Exploring Cybersecurity Research and Trends
• 05:32 Tools and Techniques in Cybersecurity Research
• 08:34 Learning Through Capture The Flag Events
• 11:28 Identity Threats and Misconfigurations
• 14:16 Legacy Systems and Their Impact on Security
• 25:40 Understanding Use Cases in Security Permissions
• 27:36 The Principle of Least Privilege
• 29:31 The Complexity of Identity Management
• 30:28 Challenges in Observability and Access Control
• 32:16 Navigating Multi-Cloud Permissions
• 34:07 Tools for Enhancing Security Visibility
• 36:14 Continuous Learning in Cybersecurity
• 41:53 Community Engagement and Knowledge Sharing
• 45:32 Respecting the Journey in Cybersecurity

In this conversation, Joseph Carson and Martin Sandren delve into the evolving landscape of Identity Governance and Access Management (IGA). They discuss the significance of IGA in modern organizations, the challenges faced, and the impact of cloud solutions and AI on identity management. The conversation highlights the need for contextual and adaptive policies, the importance of interoperability, and the role of community engagement through conferences to stay updated in this rapidly changing field.

Key Takeaways

• IGA is essential for managing access and compliance in organizations.
• The shift to cloud-based IGA solutions has transformed the landscape.
• Contextual and adaptive policies are becoming the norm in identity management.
• AI is playing a crucial role in enhancing identity governance.
• Interoperability between systems is a significant challenge.
• Phishing attacks are increasingly sophisticated due to AI advancements.
• Zero trust principles emphasize reducing friction in access management.
• Shadow IT and shadow AI pose risks to organizational security.
• The signal-to-noise ratio in ITDR systems is a major concern.
• Engagement in conferences and communities is vital for professional growth in IGA.

Chapters

• 00:00 Introduction to Identity Governance and Administration
• 01:43 Understanding IGA vs. IAM
• 04:02 Challenges and Shortcomings of IGA
• 10:05 The Role of IGA in Modern Organizations
• 17:20 Modernizing IGA: Cloud Solutions and Innovations
• 19:07 The Acceleration of Cloud Adoption
• 21:01 Evolving Identity Management Landscape
• 22:53 AI's Role in Identity Governance
• 24:41 Managing Non-Human Identities
• 26:05 The Rise of Shadow IT and AI
• 28:37 Future of AI in Identity Management
• 30:35 Staying Updated in a Rapidly Changing Field

Resources:

Join an IdentiBeer meetup near you

https://identi.beer/

In this episode, Joe Carson interviews Joe Grand, a renowned hardware hacker and educator. They discuss Joe Grand's journey into hacking, the importance of community and collaboration in the field, and the evolution of technology and security challenges over the years. Joe shares his early experiences with computers, his transition from engineering to hardware hacking, and the pivotal role of the Loft in shaping his career. The conversation also touches on the founding of @Stake (ATstake, Inc.) and the challenges of balancing passion with corporate expectations in the cybersecurity industry.

In this conversation, Joe Grand discusses his journey in the hacking community, including his experiences designing badges for Defcon, the importance of artistic engineering, and the impact of live hacking events. He shares insights on parenting in the digital age, the significance of legacy software security, and the challenges of vendor communication. Joe also highlights his current projects, the learning process through failure, and resources for aspiring hackers, culminating in a discussion about his involvement in a film related to cryptocurrency.

• Community and collaboration are vital in the hacking world.
• Hacking is a continuous learning process; you never know everything.
• Early experiences with computers often start with games and curiosity.
• The Loft provided a transformative experience for Joe Grand.
• Transitioning from engineering to hacking can be a natural progression.
• AtStake was a significant step in Joe's career, merging hacking with business.
• Finding purpose in teaching others about hardware hacking is fulfilling.
• The importance of viewing security from an adversarial perspective.
• Hacking and engineering can complement each other in unique ways. Joe Grand returned to design the Defcon badge after years away.
• He emphasizes the blend of art and engineering in hacking.
• Live events showcase the real-time problem-solving process in hacking.
• Parenting involves guiding children through the digital landscape.
• Not all hacks need to be groundbreaking to be significant.
• Legacy software security remains a critical issue.
• Effective communication between vendors and hackers is essential.
• Current projects focus on refining fault injection techniques.
• Learning through failure is a vital part of the hacking process.
• Documentation is crucial for replicating and building on work.

• 00:00 Introduction to the Podcast and Guest
• 01:43 The Journey of a Hardware Hacker
• 05:16 The Importance of Community in Hacking
• 09:50 Early Experiences and Hacker Origins
• 14:41 Transitioning from Engineering to Hardware Hacking
• 18:16 The Loft: A Transformational Experience
• 23:51 From Passion to Career: The AtStake Journey
• 30:56 Finding Purpose in Teaching and Hacking
• 33:21 Reviving the Defcon Badge Design
• 34:47 Exploring Artistic Engineering in Hacking
• 35:44 The Impact of Live Hacking Events
• 37:33 Parenting in the Digital Age
• 39:28 Lessons from Hacking Time
• 42:48 The Importance of Legacy Software Security
• 46:37 Vendor Communication and Security
• 48:58 Current Projects and Future Directions
• 51:51 Learning Through Failure
• 54:54 Resources for Aspiring Hackers
• 58:56 The Intersection of Hacking and Film

https://grandideastudio.com/

https://www.youtube.com/watch?v=o5IySpAkThg

https://www.imdb.com/title/tt27307826/