Application Security PodCast

Katharina Koerner -- Security as Responsible AI

Dr. Katharina Koerner, a renowned advisor and community builder with expertise in privacy by design and responsible AI, joins Chris and Robert to delve into the intricacies of responsible AI in this episode of the Application Security Podcast. She explores how security intersects with AI, discusses the ethical implications of AI's integration into daily life, and emphasizes the importance of educating ourselves about AI risk management frameworks. She also highlights the crucial role of AI security engineers, the ethical debates around using AI in education, and the significance of international AI governance. This discussion is a deep dive into AI, privacy, security, and ethics, offering valuable insights for tech professionals, policymakers, and individuals.

Links:

• UNESCO Recommendation on the Ethics of Artificial Intelligence: https://www.unesco.org/en/artificial-intelligence?hub=32618
• OECD AI Principles: https://oecd.ai/en/ai-principles
• White House Blueprint for an AI Bill of Rights: https://www.whitehouse.gov/ostp/ai-bill-of-rights/
• NIST AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework
• NIST Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations: https://csrc.nist.gov/pubs/ai/100/2/e2023/ipd
• Microsoft Responsible AI Standard, v2: https://www.microsoft.com/en-us/ai/principles-and-approach
• ==> Microsoft Failure Modes in Machine Learning: https://learn.microsoft.com/en-us/security/engineering/failure-modes-in-machine-learning
• ENISA Securing Machine Learning Algorithms: https://www.enisa.europa.eu/publications/securing-machine-learning-algorithms
• Google Secure AI Framework (SAIF): https://developers.google.com/machine-learning/resources/saif
• ==> Google Why Red Teams Play a Central Role in Helping Organizations Secure AI Systems: https://services.google.com/fh/files/blogs/google_ai_red_team_digital_final.pdf

Recommended Book:

• The Ethical Algorithm: The Science of Socially Aware Algorithm Design by Michael Kearns and Aaron Roth: https://global.oup.com/academic/product/the-ethical-algorithm-9780190948207?cc=us&lang=en&

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mazin Ahmed -- Terraform Security

Mazin Ahmed is a security engineer that specializes in AppSec and offensive security. He is passionate about information security and has previously found vulnerabilities in Facebook, Twitter, Linkedin, and Oracle, to name a few. Mazin is the developer of several popular open-source security tools that have been integrated into security testing frameworks and distributions. Mazin also built FullHunt.io, the next-generation continuous attack surface security platform. He is also passionate about cloud security, where he has been running dozens of experiments in the cloud security world. Mazin joins us to introduce Infrastructure as Code and TerraForm and discuss the security benefits IaC brings to our cloud environments. We hope you enjoy this conversation with...Mazin Ahmed.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Darknet Diaries

141: The Pig Butcher

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world.

Sponsors

Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more.

Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries.

This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopifys single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet.

134: Deviant

Deviant Ollam is a physical penetration specialist. That means hes paid to break into buildings to see if the building is secure or not. He has done this for a long time and has a lot of tricks up his sleeve to get into buildings. In this episode we hear 3 stories of him breaking into buildings for a living.

You can find more about Deviant on the following sites:

https://twitter.com/deviantollam

https://www.instagram.com/deviantollam

https://youtube.com/deviantollam

https://defcon.social/@deviantollam

https://deviating.net/

Sponsors

Support for this show comes fromThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthenyour infrastructure from the ground up with a zero trust posture. ThreatLockers Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more atwww.threatlocker.com.

This show is sponsored by Packetlabs. Theyve created the Penetration Testing Buyers guide - a comprehensive resource that will help you plan, scope, and execute your Penetration Testing projects. Inside, youll find valuable information on frameworks, standards, methodologies, cost factors, reporting options, and what to look for in a provider. https://guide.packetlabs.net/.

Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries.

Defense in Depth

Limitations of Security frameworks

All links and images for this episode can be found on frameworks/" target="_blank" rel="noopener">CISO Series

Why do strongly supported security frameworks have such severe limitations when building a security program?

Check out this postfor the discussions that is the basis of our conversation on this weeks episode co-hosted by me,David Spark(@dspark), the producer ofCISO Series, andGeoff Belknap(@geoffbelknap), CISO,LinkedIn. We welcome our sponsored guest Stas Bojoukha, CEO, Compyl.

Thanks to our podcast sponsor, Compyl

GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they cant fix the problems you set to solve. That's why the team over at Compyl created the all-in-one security and compliance automation platform. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete transparency and comprehensive reporting along the way. Start your free trial with Compyl today and see all the efficiency gains you can expect from a leading solution. Learn about Compyl today at www.compyl.com/getstarted.

In this episode:

• Why do strongly supported security frameworks have such severe limitations when building a security program?
• Is it because the product security landscape updates with such speed and ferocity that these frameworks can't keep up?
• Are most regulatory and third-party compliance "programs" simply non-prescriptive?
• Is the intention to achieve compliance with every single control?

Cybersecurity Isnt That Difficult

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-cybersecurity-isnt-that-difficult/

What are you security people complaining about? As compared to 10, 15, 20 years ago, the technical aspects of cybersecurity are not that difficult. We've got the control frameworks, tools, and training that are predecessors didn't have.

Check outthis postfor the basis for our conversation on this weeks episode which features me,David Spark(@dspark), producer of CISO Series, guest co-host Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies, and our guest, John Overbaugh (@johnoverbaugh), vp, security, CareCentrix

Thanks to our podcast sponsor, Trend Micro as bold

Threat actors want what youre storing in the cloud. Trend Micros Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.

In this episode

• What infosec was like "back in the day"
• What's out of alignment: the technology or the culture?
• Can we really stand on the shoulders of giants amid so much change?
• Where is individual cyberhygiene in all of this?

Best Starting Security Framework

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-best-starting-security-framework/)

If you were building a security program from scratch, which many of our listeners have done, which framework would be your starting point?

frameworks-activity-6573747082153246720-Okxt/"> Check out this postinitiated by Sean Walls, vp, CISO of Visionworks, who asked, "If you were building a security program from scratch, would you align with ISO 27001, NIST CSF, or another framework, and why?"

That conversation sparked this weeks episode co-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX).Our guest for this episode is Omar Khawaja (@smallersecurity), CISO, Highmark Health.

Thanks to this weeks podcast sponsor, Palo Alto Networks.

On this episode ofDefenseinDepth, youll learn:

• When determining a starting security framework, always lead with the "Why?" What are you trying to accomplish and achieve?
• In some cases you're building a framework to build trust.
• Although most in security take a risk-based approach. That's not always necessary when picking a framework. frameworks are often very regulatory driven.
• Framework decisions will be built on both internal and external pressures.
• If you don't have a specific security problem, a specific security solution makes no sense.
• The Secure Controls Framework is a free meta-framework that allows users to pick and choose elements from multiple frameworks.
• Check out Allan Alford's four-year mapping of NIST CSF, CIS CSC 20, and ISO 27001.
• While there are plenty of great frameworks out there, for someone who is truly starting from scratch, many security professionals pointed to the CIS top 20 because it maps to frameworks like NIST and ISO.

Secure Controls Framework

Defense in Depthis available atCISOSeries.com.

Is the "free to use" Secure Controls Framework the one meta-framework to rule them all?

Check out this post and discussion for the basis of our conversation on this week's episode which isco-hosted by me,David Spark(@dspark), the creator ofCISO SeriesandAllan Alford(@AllanAlfordinTX), CISO atMitel.Our guest is Tom Cornelius, founder and contributor of the Secure Controls Framework (SCF) (@scf_support).

Thanks to this weeks podcast sponsor, SpyCloud

Learn more about how you can protect employees and customers from account takeover with SpyCloud.

On this episode ofDefense in Depth, youll learn:

• Purpose of the Secure Controls Framework is to have a single framework to address multiple requirements. It's a meta framework that takes into consideration the controls of all other frameworks.
• You only need to use the security controls that are important and relevant to you. For that reason, don't be daunted by the number of controls on SCF (currently 750).
• You can have security without privacy, but you can't have privacy without security. Integrating privacy and security is critical to SCF.

Digital Forensic Survival Podcast

DFSP # 398 - OODA & JOHARI

This week I will discuss the use of the OODA loop and JOHARI window in security incident response investigations. These two frameworks are designed to help organizations quickly and effectively respond to security incidents, and can be used in combination to enhance incident response capabilities....

Down the Security Rabbithole Podcast

DtSR Episode 367 - Cloud Babies

Send the hosts a message - try it now!

This week, #DtSR Podcast is recordedlive from Dallas at the Armor SecureCon inaugural user conference. Rafal had the occasion (and good fortune) to get a few minutes to sit down with Jeff Collins (CSO, Lightstream) and Kristopher Russo (Security Architect, Herman Miller) and chat cloud.

P.S. - Welove in-person conversations!

Highlights from this week's episode include...

• Jeff talks about Lightstream's cloud foundational framework and why it's a must-do if you're thinking cloud
• Kristopher some inner wisdom on architecture and business alignment
• Rafal makes a snarky comment about frameworks

Guests

• Jeff Collins, CSO Lighstream -https://www.linkedin.com/in/jmcollins/
• Kristopher Russo, Architect, Herman Miller -https://www.linkedin.com/in/krisrusso/

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

Forensic Fix

Forensic Fix Episode 18

Jessica Hyde's journey into digital forensics is unconventional and inspiring.

Her military background significantly shaped her career path.

The transition from traditional forensics to mobile forensics is crucial.

Education plays a vital role in developing skilled professionals in the field.

Hands-on experience and research are essential for success in digital forensics.

The importance of validating forensic tool results cannot be overstated.

Jessica emphasizes the need for mission-focused work in digital forensics.

Training should encompass both tool usage and foundational knowledge.

The digital forensics field is rapidly evolving, requiring continuous learning.

Hexordia aims to provide education and support for the next generation of forensics professionals. Foundational training is crucial for forensic professionals.

Understanding unsupported applications is essential for effective investigations.

Changes in app support can lead to data loss in investigations.

Open-source tools provide valuable resources for forensic analysis.

Contextual understanding is vital for accurate forensic testimony.

Legal frameworks often lag behind technological advancements.

Education for legal professionals is critical to understanding digital evidence.

The role of AI in forensics is evolving and requires careful consideration.

Preservation of evidence is a key concern in forensic investigations.

Forensic professionals must navigate complex policy challenges.

Thank you for listening to Forensic Fix - a podcast brought to you from MSAB. 

To contact us about the show please visit Forensic Fix - MSAB

Hacking Humans

MITRE ATT&CK (noun) [Word Notes]

MITRE ATT&CK (noun) [Word Notes]

OWASP vulnerable and outdated components (noun) [Word Notes]

Phillip Wylie Show

Celina Stewart: Demystifying Cyber Risk Management

Summary

In this episode of the Phillip Wylie Show, Celina Stewart, Directory of Cyber Risk Management at Neuvik, discusses her journey in cybersecurity, focusing on the often-overlooked area of risk management. She emphasizes the importance of translating technical cybersecurity insights into business language, the need for diverse career paths in the field, and the value of education and certifications. The conversation also covers frameworks for effective risk management, the challenges faced in the industry, and the importance of communication between technical and non-technical teams.

Takeaways

• Risk management is essential for understanding business impact.
• There is a significant divide between offensive security and risk management.
• Non-technical skills can be valuable in cybersecurity roles.
• Understanding risk can enhance communication with executives.
• Education and certifications are important for a career in risk management.
• Familiarity with NIST frameworks is crucial for risk management professionals.
• Risk quantification is a specialized skill that is in demand.

• Effective communication is key to translating technical findings for business leaders.

• Mindset shifts are necessary for executives to embrace risk management.

• There are numerous opportunities for diverse backgrounds in cybersecurity.

Sound Bites

• "Risk management is crucial in cybersecurity."

• "Communication is key in risk management."

• "Mindset shifts are needed in risk management."

Resources

https://www.linkedin.com/in/celina-r-stewart/

https://neuvik.com/

Ricky Allen: The Evolution of Cybersecurity Challenges

Chris Marks: From Network Technician to Security Management

About The Guest:
Chris Marks is a cybersecurity professional with a background in engineering and architecture. He has worked in various roles in the cybersecurity field, including system engineer, senior analyst, and security manager. Chris is passionate about helping others enter the cybersecurity industry and is involved in mentoring and advising students at community colleges and universities.

Summary:
Chris Marks shares his journey into the cybersecurity field, starting from his interest in hacking and his involvement in the Tiger Trap Group. He discusses his experience applying for jobs and the challenges he faced before finally landing a position in Dallas. Chris emphasizes the importance of passion in cybersecurity and advises aspiring professionals to focus on their interests rather than just the potential for financial gain. He also highlights the significance of certifications and degrees in opening doors and advancing in the field. Chris concludes by discussing his current role in security management and his desire to help others succeed in cybersecurity.

Key Takeaways:

• Passion is crucial in the cybersecurity field, as it can help individuals overcome challenges and stay motivated.
• Certifications and degrees can significantly enhance career opportunities in cybersecurity.
• Compliance work is an often overlooked but rewarding area of cybersecurity that offers good job prospects.
• The cybersecurity field offers various career paths, including application security, cloud security, digital forensics, and more.
• It is essential to stay updated with the latest frameworks and compliance requirements in the cybersecurity industry.

Quotes:

• "If this is not your passion, if this is not your passion, you will get burned out no matter what avenue it goes." -Chris Marks
• "You need to invest in your offensive line." -Chris Marks
• "The money will come, but don't get into this for the money because you will not like it." -Chris Marks
• "We're not the business to make money, but we are the business to save money." -Chris Marks
• "If you want to do cybersecurity, there's ways. There's universities, there's community colleges. Definitely reach out to people who know it, who've done it, and then see where it takes you." -Chris Marks
• "Passion is crucial in the cybersecurity field, as it can help individuals overcome challenges and stay motivated." -Chris Marks
• "Compliance work is an often overlooked but rewarding area of cybersecurity that offers good job prospects." -Chris Marks
• "The cybersecurity field offers various career paths, including application security, cloud security, digital forensics, and more." -Chris Marks
• "It is essential to stay updated with the latest frameworks and compliance requirements in the cybersecurity industry." -Chris Marks

Socials and Resources:

https://twitter.com/DaBootWolverine

https://www.linkedin.com/in/christopher-marks-7357441b/

The Social Engineer Podcast

Ep. 209 - The Doctor Is In Series - The TRUTH Behind Conspiracy Theories

Welcome to the Social-Engineer Podcast: The Doctor Is In Series where we will discuss understandings and developments in the field of psychology.

In todays episode, Chris and Abbie are discussing: Conspiracy theories. They will talk about what makes a Conspiracy Theory and why we believe them. [May 1, 2023]

00:00 - Intro

00:17 - Dr. Abbie Maroo Intro

00:59 - Intro Links

- Social-Engineer.com- http://www.social-engineer.com/

- Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/

- Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/

- AdversarialSimulations- https://www.social-engineer.com/services/social-engineering-penetration-test/

- Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb

- CLUTCH- http://www.pro-rock.com/

- innocentlivesfoundation.org- http://www.innocentlivesfoundation.org/

04:45 - The Topic of the Day: The TRUTH Behind Conspiracy Theories

05:54 - What is a Conspiracy Theory?

07:39 - What's the harm?

10:20 - WHY???

11:17 - Pattern Seekers

13:15 - Cognitive Closure

17:04 - The Role of Critical Thinking

19:18 - An Existential Element

20:41 - Don't Forget the Lizards!

22:35 - What about Bigfoot?

24:30 - Escapism

30:15 - Reading the Emotions

32:29 - Social Motive

33:31 - Emotions vs Critical Thinking

36:42 - Prove Me Wrong!

39:09 - The Takeaway: Empathy

40:57 - Wrap Up & Outro

- www.social-engineer.com

- www.innocentlivesfoundation.org

Find us online:

- Twitter: https://twitter.com/abbiejmarono

- LinkedIn: linkedin.com/in/dr-abbie-maroo-phd-35ab2611a

- Twitter: https://twitter.com/humanhacker

- LinkedIn: linkedin.com/in/christopherhadnagy

References:

Abalakina-Paap, M., Stephan, W. G., Craig, T., & Gregory, L. (1999). Beliefs in conspiracies. Political Psychology, 20, 637647.

Adams, G., OBrien, L. T., & Nelson, J. C. (2006). Perceptions of racism in Hurricane Katrina: A liberation psychology analysis. Analyses of Social Issues and Public Policy, 6, 215235.

Bilewicz, M., Winiewski, M., Kofta, M., & Wjcik, A. (2013). Harmful ideas: The structure and consequences of antiSemitic beliefs in Poland. Political Psychology, 34, 821839.

Bost, P. R., & Prunier, S. G. (2013). Rationality in conspiracy beliefs: The role of perceived motive. Psychological Reports, 113, 118128

Crocker, J., Luhtanen, R., Broadnax, S., & Blaine, B. E. (1999). Belief in U.S. government conspiracies against Blacks among Black and White college students: Powerlessness or system blame? Personality and Social Psychology Bulletin, 25, 941953.

Dieguez, S., Wagner-Egger, P., & Gauvrit, N. (2015). Nothing happens by accident, or does it? A low prior for randomness does not explain belief in conspiracy theories. Psychological Science, 26, 17621770.

Dieguez, S., Wagner-Egger, P., & Gauvrit, N. (2015). Nothing happens by accident, or does it? A low prior for randomness does not explain belief in conspiracy theories. Psychological Science, 26(11), 17621770. https://doi. org/10.1177/0956797615598740

DiFonzo, N., Bordia, P., & Rosnow, R. L. (1994). Reining in rumors. Organizational Dynamics, 23(1), 4762. https://doi. org/10.1016/0090-2616(94)90087-6

Douglas, K. M., & Leite, A. C. (2017). Suspicion in the workplace: Organizational conspiracy theories and workrelated outcomes. British Journal of Psychology, 108, 486506.

Douglas, K. M., & Sutton, R. M. (2008). The hidden impact of conspiracy theories: Perceived and actual impact of theories surrounding the death of Princess Diana. Journal of Social Psychology, 148, 210221.

Douglas, K. M., Sutton, R. M., & Cichocka, A. (2017). The psychology of conspiracy theories. Current directions in psychological science, 26(6), 538-542.

Douglas, K. M., Sutton, R. M., Callan, M. J., Dawtry, R. J., & Harvey, A. J. (2016). Someone is pulling the strings: Hypersensitive agency detection and belief in conspiracy theories. Thinking & Reasoning, 22, 5777.

Douglas, K. M., Uscinski, J. E., Sutton, R. M., Cichocka, A., Nefes, T., Ang, C. S., & Deravi, F. (2019). Understanding conspiracy theories. Political psychology, 40, 3-35.

Keeley, B. L. (1999). Of conspiracy theories. The journal of Philosophy, 96(3), 109-126.

Kim, M., & Cao, X. (2016). The impact of exposure to media messages promoting government conspiracy theories on distrust in the government: Evidence from a two-stage randomized experiment. International Journal of Communication, 10(2016), 38083827. Retrieved from http://ijoc.org/index.php/ijoc/article/view/5127

Klein, C., Clutton, P., & Dunn, A. G. (2018). Pathways to conspiracy: The social and linguistic precursors of involvement in Reddits conspiracy theory forum. Retrieved frompsyarxiv.com/8vesf

Nefes, T. S. (2017). The impacts of the Turkish Governments interest rate lobby theory about the Gezi Park Protests. Social Movement Studies, 16(5), 610622. https://doi.org/10.1080/14742837.2017.1319269

Nera, K., Pantazi, M., & Klein, O. (2018). These are just stories, Mulder: Exposure to conspiracist fiction does not produce narrative persuasion. Frontiers in Psychology, 9, https://doi.org/10.3389/fpsyg.2018.00684

Swift, A. (2013). Majority in U.S. still believe JFK killed in a conspiracy. Retrieved from http://www.gallup.com/ poll/165893/majority-believe-jfk-killed-conspiracy.aspx

Tetlock, P. E. (2002). Social-functionalist frameworks for judgment and choice: The intuitive politician, theologian, and prosecutor. Psychological Review, 109, 451472.

Uscinski, J. E., & Parent, J. M. (2014). American conspiracy theories. New York, NY: Oxford University Press.

Uscinski, J. E., Klofstad, C., & Atkinson, M. D. (2016). What drives conspiratorial beliefs? The role of informational cues and predispositions. Political Research Quarterly, 69, 5771.

van Prooijen, J.-W., & Acker, M. (2015). The influence of control on belief in conspiracy theories: Conceptual and applied extensions. Applied Cognitive Psychology, 29, 753761.

van Prooijen, J.-W., & Jostmann, N. B. (2013). Belief in conspiracy theories: The influence of uncertainty and perceived morality. European Journal of Social Psychology, 43, 109115.

Whitson, J. A., & Galinsky, A. D. (2008). Lacking control increases illusory pattern perception. Science, 322, 115117.

Ep. 162 - Security Awareness Series - What Cows Can Teach You About Infosec with John Strand

Wake UP X - Securing Tomorrow, Empowering Today with Efren L. Salazar

Breaking Into Cybersecurity with Gustavo Mastroianni & Efren L. Salazar

Exciting Announcement! Follow: Gustavo Mastroianni - CISO Follow: Efren L. Salazar - Wake UP X - Podcast Im thrilled to introduce Gustavo Mastroianni as the first guest on my virtual podcast! Gustavo Mastroianni is a Chief Information Security Officer (CISO) responsible for overseeing technical and cybersecurity operations in his organization. With his vast expertise and leadership in the field, this conversation promises to be insightful and inspiring. A huge thank you to Gustavo Mastroianni for being my first guest! Im excited to announce that this podcast will be launching on all platforms, including YouTube and LinkedIn, so be sure to keep an eye out for it! Heres a sneak peek at the topics well cover: 1. Lets Chat About Your JourneyWell start by exploring Gustavo's personal journey into cybersecurity:How did he get started in the field?What challenges did he face, and what pivotal moments shaped his career? 2. Recommended frameworks and WhyGustavo will share his thoughts on the best cybersecurity frameworks, including:NIST, CIS, and others.Why these frameworks are effective and how theyve influenced his approach to security. 3. GRC vs. Cybersecurity: Which Path Is Better?Well dive into the differences between Governance, Risk, and Compliance (GRC) roles and traditional cybersecurity roles:Which path offers more career growth?How do personal interests and goals shape this decision? 4. Cybersecurity Across IndustriesWhich industries are poised for the most growth in cybersecurity?Healthcare, schools, or government?Gustavos perspective on where the demand will rise and why. 5. Skills and Mindset for SuccessWhat does it take to excel in cybersecurity?The balance between technical expertise and leadership skills.Why leadership may or may not be necessary in this field. 6. Certifications vs. ExperienceAre certifications or hands-on experience more valuable in cybersecurity?Gustavos advice on achieving credibility and growth in the industry.Whether professionals should aim for both. 7. Starting Salaries and ExpectationsWhats a reasonable pay range for new grads with little to no experience?Insights on entering the field, growth potential, and setting realistic expectations.8. Future Trends in CybersecurityLooking ahead:What trends will shape the future of cybersecurity?Is this field worth pursuing long-term, and what are the upsides and challenges? 9. Resources for BeginnersGustavos recommendations for entry-level professionals:Tools, software, hardware, books, courses, and videos to get started. 10. Open Discussion and Final ThoughtsGustavo Mastroianni will share more about his journey, key lessons, and emerging trends hes excited about.Any additional advice for those breaking into cybersecurity.This is going to be an incredible conversation filled with insights and inspiration. Dont forget to follow me for updates and stay tuned for the official launch!