Security Yearbook creator Richard Stiennon joins today’s podcast to share his career journey. He talks about creating the first ISP in the Midwest in the ‘90s, the role of the Security Yearbook in telling the history of cybersecurity and the best place to start your cybersecurity career. Hint: It’s not necessarily with the big firms!

0:00 - Infosec Skills Monthly Challenge
0:50 - Intro
2:50 - How Richard got started in cybersecurity
7:22 - Penetration testing in the ‘90s
10:17 - Working as a research analyst
14:39 - How the cyberwar landscape is changing
19:33 - Skills needed as a cybersecurity researcher
20:30 - Launching the Security Yearbook
27:20 - Security Yearbook 2021
29:00 - Importance of cybersecurity history
30:48 - How do cybersecurity investors see the industry
34:08 - Impact of COVID-19 and work from home
35:50 - Using the Security Yearbook to guide your career
40:38 - How cybersecurity careers are changing
43:29 - Current pentesting trends
47:06 - First steps to becoming a research analyst
48:20 - Plans for Security Yearbook 2022
50:20 - Learn more about Richard Stiennon
51:09 - Outro

Cybersecurity hiring managers, and the entire cybersecurity industry, can benefit from recruiting across a wide range of backgrounds and cultures, yet many organizations still struggle with meaningfully implementing effective diversity, equity and inclusion (DEI) hiring processes.

Join a panel of past Cyber Work Podcast guests as they discuss these challenges, as well as the benefits of hiring diversely:
– Gene Yoo, CEO of Resecurity, and the expert brought in by Sony to triage the 2014 hack
– Mari Galloway, co-founder of Women’s Society of Cyberjutsu
– Victor “Vic” Malloy, General Manager, CyberTexas

This episode was recorded live on August 19, 2021.

The topics covered include:
0:00 - Intro
1:20 - Meet the panel
3:28 - Diversity statistics in cybersecurity
4:30 - Gene on HR's diversity mindset
5:50 - Vic's experience being the "first"
10:00 - Mari's experience as a woman in cybersecurity
12:22 - Stereotypes for women in cybersecurity
15:40 - Misrepresenting the work of cybersecurity
17:30 - HR gatekeeping and bias
25:56- Protecting neurodivergent employees
31:15 - Hiring bias against ethnic names
37:57 - We didn't get any diverse applicants!
43:20 - Lack of developing new talent
46:48 - The skills gap is "nonsense"
49:41- Cracking the C-suite ceiling
53:56 - Visions for the future of cybersecurity
58:15 - Outro

PLEASE NOTE: Around minute 47, I incorrectly say that Eric Milam, author of the definitive report on the BAHAMUT threat group, is employed by HP. He is, in fact, employed by Blackberry. I sincerely apologize to Mr. Milam for the error.

In this special episode, we look back at how the show has evolved over the past three years and celebrate our amazing guests and viewers. You've helped grow the Cyber Work Podcast to nearly a million plays!

To give back, we're launching a brand new way for EVERYONE to build their cybersecurity skills. It's free. It's hands-on. Oh, and did we mention there's more than $1,000 in prizes EVERY MONTH.

Huge thank you to all the past guests who shared their expertise over the past 200 episodes. The timings of everyone in this episode are listed below. Happy listening!

0:00 - Intro
0:42 - Monthly challenges and $1,000 in prizes!
1:30 - Cyber Work Podcast origins
2:32 - First episode with Leighton Johnson
3:16 - Finding our first guests
3:46 - Keatron Evans on incident response
6:54 - Susan Morrow on two-factor authentication
8:54 - Susan Morrow on GDPR
11:03 - Susan Morrow on "booth babes" and speaking up
13:20 - Alissa Knight on getting arrested for hacking at 17
16:39 - Alissa Knight on API security
19:14 - Ron Gula on cybersecurity challenges
23:23 - Amber Schroader on the real work of digital forensics
26:19 - Theme of the Cyber Work Podcast
27:01 - Jeff Williams on creating the OWASP Top Ten
31:23 - David Balcar on the biggest APTs
33:46 - Elie Bursztein on breaking into cybersecurity
37:37 - Sam King on AppSec frameworks and analysis
41:17 - Gary DeMercurio on getting arrested for red teaming
47:19 - Eric Milam on the BAHAMUT threat group
53:39 - Feedback from Cyber Work Podcast listeners
55:16 - Alyssa Miller on finding your career path
57:24 - Amber Schroader on computer forensics tasks
59:07 - Richard Ford on malware analyst careers
1:02:02 - Career action you can take today
1:02:19 - Rita Gurevich on reading and learning
1:03:20 - Snehal Antani on transitioning careers
1:04:26 - Promoting underrepresented voices
1:05:09 - Mari Galloway on women in cybersecurity
1:05:31 - Alyssa Miller on diversity "dog whistles"
1:10:11 - Christine Izuakor on creating role models
1:10:52 - We want to hear your story
1:11:40 - Monthly challenges and outro

Gemma Moore of Cyberis Limited talks about her incredible pentesting career and shares her advice for aspiring pentesters. She also discusses security as it regards the human cost of social engineering, which is the title of a recent article Gemma wrote.

0:00 - Intro
5:26 - Becoming a world-class pentester
13:55 - 2004 pentesting versus now
17:25 - Early years of pentesting
19:30 - Natural skills to be a pentester
23:12 - Advice for aspiring pentesting
25:50 - Working in pentesting
27:50 - Red teaming
31:08 - How to be a great pentester
33:04 - Learn about CREST
36:13 - What should be on my resume?
37:45 - Cyberis Limited
40:25 - Diversity and inclusion
43:42 - The human cost of social engineering
50:06 - Training staff positively
52:54 - Current projects
54:20 - Outro

Ning Wang of Offensive Security talks to us about her role as CEO of Offensive Security. In her role she is responsible for the company culture, vision, strategy and execution. We talk about Wang’s cybersecurity journey, her direction at OffSec and the ways that white hat hackers can be recruited into the industry, possibly riding the interest of big news-story hacking events like the Colonial Pipeline hack to do so.

0:00 - Intro
2:21 - Origin story
5:31 - Changing careers
7:46 - Skills learned throughout Wang’s career
11:46 - Taking a chance on a new career
12:50 - What is Offensive Security?
16:19 - Try harder mindset
19:42 - Offensive Security certification
23:02 - Recruiting ethical hackers
28:12 - Civic responsibility
33:10 - Ethical hacking job specialties
36:49 - Tips for ethical hacking learners
40:09 - Women in cybersecurity
43:56 - Offensive Security’s future
46:35 - Feedback from students
48:11 - Learn more about Wang OS
48:48 - Outro

Adam Levin of CyberScout talks to us about scams, identity theft and more across the cybersecurity industry from the 1970s until today. He also tells us about his podcast, What the Hack with Adam Levin, which is focused on hacking, fraud and theft.

0:00 - Intro
3:01 - Origin story
7:07 - Bank safety in the old days
8:02 - Fraud and scams over the years
9:27 - Tactics today
13:15 - Scam experiences
14:33 - Scam embarrassment and stigma
18:17 - What the Hack podcast
20:22 - A taste of What the Hack
21:28 - How do you pursue stories for the podcast?
25:38 - How do you structure episodes?
26:44 - Humor in cybersecurity environment
28:43 - Work from home balance
30:25 - What is hot in fraud right now
36:50 - Credit reports
38:28 - Consumer protection and fraud careers
42:53 - Cyber savvy countries
44:31 - Predictions on fraud evolution
48:26 - Benefit to nationwide education?
50:42 - Optimism for security education
52:26 - Find out more about What the Hack
52:58 - Outro