Cyber Work Podcast

Join us in the fight against cybercrime with weekly conversations about cybersecurity skills, jobs and industry trends.

Listen on your favorite podcast platform

Get $100 for your feedback!

Take this short survey about the Cyber Work podcast and be entered for a chance to win a $100 gift card!

Previous Cyber Work episodes

Threat modeling: Breaking the design with pen, paper and creativity

Go deep into the weeds of Threat Modeling with Infosec Skills author Geoffrey Hill. He shares his Arnold Schwarzenegger impersonation, waxes rhapsodic about the Radio Shack TRS-80 computer and explains threat modeling as a controlled form of sci-fi storytelling: "you can imagine a completely different world every day." He also provides excellent insight into the day-to-day duties of a threat modeler.

Geoffrey Hill has been in the IT industry since 1990, when he wrote and sold C++ based solutions to measure risk in the commodities markets in New York City. Since then he has worked around the world, specifically New York, Sydney, Tokyo, Emmerich-am-Rhein and London. In the mid-2000s, He was the main custodian of the Microsoft Security Development Lifecycle (SDL) initiative in the UK and then international services organization as part of the Microsoft Security Center of Excellence (SCOE). From 2013 – 2018, he worked as the sole application security architect for Visa Europe in London, where he started Tutamantic Ltd, a producer of software risk automation. Geoff is the inventor of the Rapid Threat Model Prototyping (RTMP) methodology. This threat model methodology allows for quick modelling in Agile and DevOps environments.
Listen now

NICE Cybersecurity Workforce Framework: Close your skills gap with role-based training

The demand for skilled cybersecurity professionals continues to grow, and effectively closing that gap requires a shared set of expectations around common work roles, core competency areas and upskilling employees.

Join Leo Van Duyn, Cybersecurity & Technology Workforce Development Strategy at JPMorgan Chase & Co., and Bill Newhouse, Deputy Director of the National Initiative for Cybersecurity Education (NICE) to learn how your organization can use the NICE Cybersecurity Workforce Framework (soon to be renamed the Workforce Framework for Cybersecurity) to establish a common language around skill development, provide targeted role-based training, create custom role profiles to match your organization, and better identify, hire and cross-train employees.
Listen now

API security, vulnerability research and LGBTQ+ representation

Alissa Knight returns as the first ever three-peat Cyber Work guest, and the topic this week is — herself! Recorded at the end of pride month, Alissa talks about the benefits of diversity and inclusion when it comes to cybersecurity, her work hacking Bluetooth LE smart devices, her new company Knight Ink and a concept she’s created called “adversarial content.”

Alissa Knight is a published author, the managing partner at Knight Ink, principal analyst at Alissa Knight & Associates and group CEO at Brier & Thorn. She is a recovering hacker of 20 years and as a serial entrepreneur has started and sold two companies prior to her ventures she runs now. Alissa is a cybersecurity influencer working for market leaders and challenger brands in cybersecurity as a content creator. Follow her on Twitter and LinkedIn, and subscribe to her YouTube channel to follow her adventures in entrepreneurship and cybersecurity.
Listen now

From network engineer to pentester: Tips for moving into cybersecurity

Today we're discussing a common career path, moving from networking to cybersecurity. Brad Pierce, Director of Network Security for HORNE Cyber, is a former network engineer turned pentesting and security professional. He does a great job of explaining the different skill sets required for network engineering versus cybersecurity, where those skills overlap and tips he picked up during his career transition.

With 15 years of experience in IT and cybersecurity, Brad Pierce, Director of Network Security for HORNE Cyber, focuses on collaborating with executive leadership teams to strengthen their security posture. He has experience working with organizations in various industries to uncover and remediate vulnerabilities and develop and implement security programs. Brad manages HORNE Cyber’s cybersecurity operations center where he, along with a team of cyber analysts, monitors live network traffic for clients in search of active threats. Brad creates information security awareness programs and guides clients on how to best address cyber risks and remediate vulnerabilities.
Listen now

Inside a purple team: Pentesting, vulnerabilities and other key skills

We love red teaming here at Cyber Work, and this week we're excited to explore a topic just few shades down the spectrum: purple teaming! Luke Willadsen of EmberSec dives into the ways combining red and blue team operations can help stress-test your security department — and explains the benefits of a purple team better than we've ever heard it before. He also has some great stuff to say about the importance of soft skills like writing, reporting and, most crucially, empathy, since it may feel like a pentester holds the security team's career in their hands.

Luke Willadsen currently serves as a security consultant with EmberSec, a By Light company. He began his cybersecurity career in the U.S. Navy, where he trained to conduct offensive security operations for the Department of Defense. He participated in daily computer network exploitation missions in support of national intelligence requirements and protection against foreign nation-state sponsored hackers. After separating from the U.S. Navy, Luke joined the start-up company IronNet Cybersecurity where he conducted penetration tests and vulnerability assessments, while also providing product development support and threat hunting capabilities. Following his time at IronNet, Luke worked as a director at a security consulting firm, where he specialized in red teaming, penetration testing, intelligence gathering, threat hunting, digital forensics and technical writing. Luke has an M.S. degree from Eastern Michigan University and is CISSP, OSCP and CEH certified.
Listen now

How to become a malware analyst

Uncover the dark, sticky details of malware, ransomware and other nasties that reside one unguarded click away. On today's episode, Danny Jenkins, CEO and Co-Founder of ThreatLocker®, talks about some of the ways these ever-evolving malware types can ruin your digital life, the nuts and bolts of malware analysis, and why your CISO should be "annoying you if they're doing their job."

Danny Jenkins is a technical guru with a deep understanding of corporate IT and cybersecurity. He has an entrepreneurial background and two decades of experience in building and securing corporate networks. Before taking the reins at ThreatLocker, Danny held CEO and CTO positions at multiple IT companies and founded a few cybersecurity businesses of his own.
Listen now

About the Cyber Work Podcast

Knowledge is your best defense against cybercrime. Each week on Cyber Work, host Chris Sienko sits down with a new industry thought leader to discuss the latest cybersecurity trends — and how those trends are affecting the work of infosec professionals. Together we’ll empower everyone with the knowledge to stay one step ahead of the bad guys.

Chris Sienko

Cyber Work Host

Connect on LinkedIn