Chris Hughes - Podcast Details

Shows

How to Build a Profitable Nutrition Business40 Marketing Strategies to Grow Your Nutrition BusinessIn this episode of How to Build a Profitable Nutrition Business, Chris is joined by his wife and marketing strategist Stacey Hughes to share over 40 marketing strategies that helped them grow their dietetic business into a thriving seven-figure operation. From humble beginnings with no time for marketing and three kids under three, they dive into how referrer relationships, like weekly meetings with GPs and chronic disease nurses, became the backbone of their growth. They also discuss the creative tools they used to stay top of mind—like branded recipe magazines, co-branded resources, conference speaking gigs, and even old-school postcards th...2025-04-2237 min

How to Build a Profitable Nutrition BusinessHow the Book I Never Wanted to Write Impacted My Career with Natasa DenmanIn this episode of How to Build a Profitable Nutrition Business, Chris Hughes shares the unexpected story of the book he never wanted to write—and how that very book became one of the most powerful tools in his career as a dietitian and entrepreneur. Joining him is the woman who made it all happen: Natasa Denman, founder and CEO of Ultimate 48 Hour Author. Chris opens up about the imposter syndrome that almost kept him from writing a book, the resistance he felt going into the process, and how his wife Stacey quietly signed him up anyway. Wh...2025-03-2627 min

How to Build a Profitable Nutrition BusinessHow to Use Grants to Grow Your Business with Kim YabsleyHave you ever considered how government grants could supercharge your nutrition business? In this episode, Chris Hughes sits down with Kim Yabsley from Growology, the grant specialist who helped transform his dietitian business with over $120,000 in funding. Kim reveals the staggering amount of grant money available—over $74 billion this week alone—and how health and nutrition professionals can tap into these opportunities. Whether you’re looking to expand your team, develop new technology, or scale your services, this episode will show you how to position yourself for success and craft a winning grant application. Chris and Kim break...2025-02-2621 min

Chemical JourneysBattling misinformation and disseminating knowledge in the cosmetics sector - Jen Novakovic, The Eco WellIn this episode I am joined by Jen Novakovic from The Eco Well. Jen is as an influencer and podcaster in the cosmetics space. She focuses in particular on issues of science communication and misinformation. Our conversation covers:Jen's journey and work on science communication in the cosmetics sectorWhat is misinformation, and why is it a problem?The role of social media and human biasesThe need for effective science communication Misinformation on UV filters, coral bleaching and climate changePotential barriers to effective science communicationThe problem with 'Free From' claims, and other perverse incentivesExperiences on different social me...2025-02-051h 12

How to Build a Profitable Nutrition BusinessFrom Zero to Thousands: Building a Profitable Email List with Lead MagnetsIn this episode of How to Build a Profitable Nutrition Business, Chris Hughes is joined by Stacey Hughes—Facebook ad specialist, lead magnet expert, and the driving force behind their seven-figure nutrition business. Stacey dives deep into the power of lead magnets: what they are, how they work, and why they are critical for building a sustainable email list that you own. Whether it’s a calorie calculator, recipe eBook, or a live training, Stacey breaks down how to create lead magnets that attract ideal clients, deliver quick wins, and seamlessly lead into your services. Chris and Stac...2024-12-1720 min

MISFITS of HVACChris Hughes Episode 78Chris Hughes of The Energy Conservatory and The HVAC Grapevine and all around self proclaimed HVAC NERD Joins us on the Episode of the Misfits of HVAC Podcast!2024-12-131h 01

How to Build a Profitable Nutrition BusinessHow to Build a Successful Nutrition Podcast with Danny LennonIn this episode of How to Build a Profitable Nutrition Business, Chris Hughes sits down with Danny Lennon, the creator of Sigma Nutrition, to unpack the secrets behind building a globally respected nutrition brand. From humble beginnings as a biology and physics teacher to becoming one of the most trusted voices in evidence-based nutrition, Danny shares the journey of launching his podcast in 2014—well before podcasts became mainstream—and how consistency and authenticity were the keys to his success. Discover how Danny turned a niche podcast into a thriving business, the challenges he faced when monetizing his plat...2024-12-0344 min

How to Build a Profitable Nutrition BusinessHow to Overcome Limiting Beliefs with Performance Psychologist Rupert BryceIn this episode of How to Build a Profitable Nutrition Business, Chris Hughes sits down with Rupert Bryce, a seasoned performance psychologist who specializes in helping entrepreneurs, executives, and business owners push beyond self-limiting beliefs to reach their fullest potential. Rupert dives deep into the psychological barriers many face, such as imposter syndrome and doubt, which can prevent professionals from fully embracing their worth and charging appropriately for their services. He emphasises that while these self-imposed limitations may offer temporary comfort or safety, they also keep people from achieving their bigger goals. Drawing from his extensive experience...2024-11-0535 min

How to Build a Profitable Nutrition BusinessHow to Have Impact Through Client Conversations with Paralympian Kyle CoonIn this episode of How to Build a Profitable Nutrition Business, Chris Hughes sits down with the incredible Kyle Coon, a two-time Paralympian, keynote speaker, and certified "Exactly What to Say" guide. Kyle shares his inspiring journey of losing his vision at the age of six and how that challenge taught him the art of listening and asking meaningful questions. He explains how mastering conversations has not only shaped his sporting career but also enhanced his relationships and business ventures. Kyle provides practical tips for nutrition and fitness professionals, emphasizing the importance of curiosity, empathy, and active...2024-10-2426 min

How to Build a Profitable Nutrition BusinessHow to Stand Out in the Nutrition WorldIn this episode of "How to Build a Profitable Nutrition Business," Chris Hughes sits down with Linda Melone, a renowned copywriter with a rich background in health and fitness. Linda shares her journey from being a pastry chef and personal trainer to becoming a sought-after copywriter for B2B health and fitness brands. She dives deep into the art of crafting conversion-focused copy and emphasizes the importance of having a strong unique value proposition (UVP) to stand out in the crowded nutrition industry. Linda’s expertise is not just about writing; it's about understanding the psychology of your audience an...2024-09-1128 min

How to Build a Profitable Nutrition BusinessFacebook Ads on a BudgetWelcome back to another episode of "How to Build a Profitable Nutrition Business." Today, Chris is joined by a very special guest—his business partner and wife, Stacey Hughes. Stacey has been instrumental in growing their dietetic practice through Facebook ads, and she now runs her own successful business, Stacey Hughes & Co., helping clients worldwide. In this episode, Stacey shares her expertise on leveraging Facebook ads effectively, especially when working with a tight budget. Stacey emphasizes the importance of building your email list as a foundation for nurturing potential clients. She advises offering a valuable lead magnet or...2024-07-3016 min

How to Build a Profitable Nutrition BusinessHow Data Driven Decisions Can Transform Your Nutrition BusinessWelcome back to another episode of "How to Build a Profitable Nutrition Business." In this episode, Chris interviews Dr. Peter Clark, a mentor who played a significant role in shaping his career. Dr. Clark, a seasoned dietitian and successful business owner, shares insights from his groundbreaking PhD research, which aims to fill a massive void in the nutrition and allied health industry. Chris recounts his transformation story, explaining how Dr. Clark's advice on data-driven decision-making helped his solo operation grow into a thriving practice with a team of 18. The discussion highlights the importance of leveraging business metrics and focusing...2024-07-1742 min

How to Build a Profitable Nutrition BusinessBuilding a Nutrition Business from Inception to Sale with Chloe McLeodIn this episode of "How to Build a Profitable Nutrition Business," host Chris Hughes sits down with the remarkable Chloe McLeod, a seasoned dietitian and entrepreneur who has successfully built and sold two nutrition-focused businesses. Chloe shares her incredible journey, from her early days in private practice to becoming the head dietitian for the Parramatta Eels, and eventually founding and selling the Low FODMAP Challenge and Verde Nutrition. Chloe dives deep into the nuances of creating a business with the end goal of selling it, offering invaluable insights into the process of finding the right buyer, negotiating...2024-06-1834 min

How to Build a Profitable Nutrition BusinessFrom Hospital Dietitian to LinkedIn Luminary with Lina BreikIn this episode of "How to Build a Profitable Nutrition Business," host Chris Hughes interviews Lina Breik, an advanced accredited practicing dietitian and founder of Tube Dietitian. Lina shares her journey from working as a clinical dietitian in multiple hospitals across Victoria, Australia, to establishing a successful private practice focused on home tube feeding. She discusses the challenges and opportunities faced during her transition, the importance of creating a humanized approach to tube feeding, and how she leveraged LinkedIn to build her professional brand and grow her business. Lina also emphasizes the significance of investing in clinical...2024-06-0548 min

The HVAC GrapevineLet's talk time.Send us a textIn this episode we discuss time from many different points of view while being in the HVAC trade. Today was Mother's Day, and the wife of Chris Hughes, mother of 3, joins us and gets to share her TOP 5 pet peeves of what its like being married and having children trying to make it all work!Support the show 2024-05-121h 02

How to Build a Profitable Nutrition BusinessOur Top 5 Failures (Learnings) from Building Our 7-Figure Nutrition BusinessAre you struggling to navigate conflicts in your nutrition business? In this episode of "How to Build a Profitable Nutrition Business," hosts Chris and Stacey Hughes open up about their own challenges and lessons learned from owning a successful nutrition business. From nurturing client lists to fostering a positive company culture, they delve into the essential strategies that helped them grow their business from scratch to a substantial revenue of $1.4 million. Throughout the candid discussion, Chris and Stacey reflect on their journey, acknowledging pivotal mistakes such as neglecting to nurture their client list and underestimating the importance...2024-03-2717 min

How to Build a Profitable Nutrition BusinessThe Good & The Bad from Building a 7-Figure Nutrition BusinessJoin Chris and Stacey Hughes in the premiere episode of "How to Build a Profitable Nutrition Business" as they share their transformative journey from financial uncertainty to a 7-figure success. Discover their unique growth strategies, from productizing services to valuing client relationships, and learn from their key insights on list nurturing, cultivating a positive employee culture, and the crucial role of financial literacy. This episode not only sets the stage for future expert insights but also serves as an invaluable resource for nutrition professionals aiming to build sustainable ventures. Stay tuned for actionable advice and the strategies...2024-02-2610 min

The Application Security PodcastChris Hughes -- Software TransparencyChris Hughes, co-founder of Aquia, joins Chris and Robert on the Application Security Podcast to discuss points from his recent book Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, co-authored with Tony Turner. The conversation touches on the U.S. government in the software supply chain, the definition and benefits of software transparency, the concept of a software bill of materials (SBOM), and the growth of open-source software. The episode also covers crucial topics like compliance versus real security in software startups, the role of SOC 2 in setting security baselines, and the importance...2024-01-2039 min

Resilient CyberS5E7: Darwin Salazar - Data, Detections & the Cybersecurity MarketNikki - Can you tell us a little bit about what interested you in cloud security in the first place? I know you have a particular interest in misconfigurations - was there a singular event that spurred your interest? Chris - What are your thoughts around Guardrails in the cloud and using things such as event based detections?Chris - You interestingly took a Product role, but have a Detection and CloudSec background. How has the Product role been and do you think having the practitioner background helps you be a more effective Product Manager an...2023-11-1429 min

Resilient CyberS5E6: Allie Mellen - SecOps, Detection and AINikki - I have to start with the fact that you've been looking into the vulnerability management space! This is an area I've been focused on for many years and I'm curious - what are the biggest pain points you see now in VulnMgmt? Chris - I recently saw you had a blog regarding Exposure Management and contrasting it with Vulnerability Management. Can you talk about what Exposure Management is, and the differences between the two? Nikki - What got you interested in research? I'm always curious because there is such a niche space within cy...2023-10-2025 min

Resilient CyberS5E4: Jonathan Rau - The Modern Security Data LandscapeNikki - With your current role as a Distinguished Engineer - I know you focus a lot on cloud security. What does being a DE entail? Do you do some research along with your other duties?Chris: We've seen the discussion around data in the security space evolve quite a bit. From legacy environments with a SIEM/SOC centralized approach, oriented around "collecting all the things" to now discussions around data lakes, analytics, and automation among others. Can you discuss the evolution a bit with us and your thoughts on it?Chris: I've been reading...2023-10-0328 min

Resilient CyberS5E3: Patrick Garrity - Vulnerability Research, Management and VisualizationsNikki - I wanted to ask you first what got you so passionate about vulnerability management - what was it that first sparked your curiousity and interest into security research? Nikki - You do a lot of awesome graphics and visualizations of vulnerability data from both CISA KEV and around types of CVE's - what kind of statistics do you think are most important for security practitioners to know - and on the other side, what is most important for executives to understand? Chris - You've now begun to even start to submit known exploited vulne...2023-09-2435 min

Resilient CyberS5E2: Scott Piper - Modern Cloud Security and ResilienceChris: First off, you've been knee deep in CloudSec for several years now, watching trends, incidents and the industry evolve. Where do you think we've made the most headway, and where do you think we still have the largest gaps to close?Nikki: I'm really interested in multi-cloud environments and security - because of the connectivity potential between separate cloud providers. What do you think organizations should be most concerned with when looking at using multiple cloud providers? Chris: You recently contributed to a report with the Atlantic Council about the systemic risks of Cloud a...2023-09-0841 min

Resilient CyberS4E23: Michael Klipstein - Cybersecurity from Sea to SpaceNikki - In addition to your Senior Policy Advisor role, you are also part of several academic institutions, including one we have in common - Capitol Technology University. Can you talk a little bit about why you wanted to be involved in the technical and academic side? Have their been any benefits you've seen in academia that you've brought to the military space, or vice versa? Nikki - We're seeing a ton in the news about software supply chain security, zero trust, AI/ML - but not necessarily how they relate to warfare or protecting our critical ass...2023-06-3030 min

Resilient CyberS4E21: Kelly Shortridge - Security Chaos Engineering & ResilienceChris - For those not familiar with Security Chaos Engineering, how would you summarize it, and what made you decide to author the new book on it?Nikki - In one of your sections of Security Chaos Engineering, you talk about what a modern security program looks like. Can you talk about what this means compared to security programs maybe 5 to 10 years ago? Chris - When approaching leadership, it can be tough to sell the concept of being disruptive, what advice do you have for security professionals looking to get buy-in from their leadership to i...2023-06-0941 min

Resilient CyberS4E19: Mark Montgomery - Securing the Digital DemocracyNikki - What does cyber resiliency mean to you?Nikki - Can you tell us a little bit more about the Cyberspace Solarium Commission or CSC, in particular I'm interested in the promotion of national resilience. Can you talk a little bit about what that means and what's in progress at the moment? Chris - There's been a lot of activity lately with the Cyber EO, OMB Memos, activities by NIST, publications by CISA and of course the National Cyber Strategy. How do you feel about where we're headed as a nation on the Cyber f...2023-05-2650 min

Resilient CyberS4E18: Joseph Lewis - Cybersecurity & Servant LeadershipNikki - You're a newly minted CISO and SES - how's it going? How have the first few months been in the role? Nikki - With your background in both Academia as an Adjunct Professor and with your cyber and executive leadership experience - how important would you say the intersection of academia, research, and leadership go? Chris - We know you're a big proponent in servant leadership. What does being a Servant Leader in Cybersecurity and more broadly in general mean to you?Chris - We have been discussing soft skills lately wit...2023-05-1922 min

Resilient CyberS4E17: Yotam Perkal - Vulnerability Management and ModernizationChris - To set the stage for the discussion of vulnerability management, Rezilion recently had a report that found that organizations had over 100,000 backlogged vulnerabilities. Why do you think things have gotten so bad?Chris - Leaders also stated that they are able to patch less than half of that backlog, thousands of vulnerabilities never get addressed. Doesn't this create a situation ripe for malicious actors to exploit?Nikki - You have a background in both data science and security research - where do you feel like the intersection of both of these areas meets...2023-05-1232 min

Resilient CyberS4E16: Alfredo Hickman - SaaS Security & Third-Party Risk ManagementChris - Why do you think SaaS security is so overlooked in the conversation around cloud security, despite SaaS being so pervasive?Chris - SaaS obviously involves a lot of third-party integrations. What are the risks o f these ungoverned integrations and can they have a cascading impact if one of the providers has an incident?Nikki - Chris and I have talked a lot about software security, SBOM's, and what does open source security look like. As a leader in the cybersecurity community, what are you most concerned with when it comes to third-party r...2023-05-0527 min

Resilient CyberS4E15: Tom Pace - Firmware, IoT and Cyber Physical Systems (CPS)Chris: First off, tell us a bit about NetRise, what you all do, and what your focus is on?Chris: There's been a tremendous focus as of late on software supply chain security, as you know, but much of it focuses on things such as Cloud, SaaS, Containers etc. at NetRise you all take a focus on Firmware, IoT and Cyber Physical Systems (CPS). Why is that and what are some concerns folks overlook with these vectors?Nikki: You just announced the launch of ETHOS - a cooperation between several organizations to investigate threat indicators...2023-04-2837 min

Resilient CyberS4E14: Josh Reiter - U.S. Navy Workforce and Cyber SuperiorityChris: Can you tell us a bit about your background and what the role of the Deputy Principal Cyber Advisor does?Nikki: When we talk about workforce challenges, I think about the types of skills that someone is looking for in a cyber program. What types of skills do you look for in hiring and what kinds of skills do we still need in the cyber profession? Chris: We know you've been focused heavily on the Cybersecurity workforce for DoN. In our discussions of digital modernization, the focus is often on tech, such as cloud, ze...2023-04-2133 min

Resilient CyberS4E12: Kristin Saling - U.S. Army Workforce Modernization & AnalyticsNikki - First - tell me a little bit about yourself and your background Nikki - You have a ton of experience with the Army, can you talk a little bit about what you like most about working with the military and specifically in HR? Chris - We hear a lot about digital transformation in the DoD, Cloud, Cyber, Zero Trust, and so on - but how critical do you think the workforce is to make all of these transformation efforts successful Chris - We know the DoD has historically struggled to attract and...2023-04-0724 min

Resilient CyberS4E11: John Speed Meyers - Data Science & Software Supply Chain SecurityChris: I have been following your research for several years now, dating back to your role before Chainguard. As you have watched the conversation around Software Supply Chain Security unfold in the industry, do you feel like we're making positive headway?Chris: You have done a lot of research into software supply chain security, and of course SBOM's. One recent study you took a look at the quality of SBOM's in the OSS ecosystem, compared to say the NTIA defined minimum elements for SBOM. Can you tell us a bit about the study and implications of the...2023-03-3136 min

Resilient CyberS4E10: Lily Zeleke - DoD Cloud & Software ModernizationChris: Before we dive into some technical topics and questions, we would love to hear a bit about your background and careerChris: - We've now seen the introduction of JWCC into the mix after quite a challenging road to get there. What major changes do you see JWCC playing in the DoD cloud landscape and cloud adoption journey?Nikki: - There's been a tremendous focus on software supply chain security, with a 742% increase in software supply chain attacks in the last three years. What are your thoughts on how the DoD is approaching securing...2023-03-2730 min

Resilient CyberS4E9: Resilient Cyber Show w/ Day JohnsonNikki - With your experience in various cloud and Cybersecurity roles, what would you say the top 3 concerns are right now for cloud security? Nikki - I see you do a lot of work Cybersecurity and cloud education, do you feel like we have better tools and resources today than a few years ago? Or too many resources? Chris - We know you have a Detection Engineering background. For folks not familiar with Detection Engineering can you tell us a bit about it and the role it plays in Cloud Security?Chris - It...2023-03-2427 min

Resilient CyberS4E8: Jim Dempsey - Cyber Policy & RegulationChris - I have to start with the intersection of law and cybersecurity. We're seeing major strides in regulations, both federal and state (like NYFDS), to regulate and enforce cybersecurity policies and program-based guidance. What are some of the emerging trends we're seeing in cyber law? Chris - As you know, we recently saw the new National Cyber Strategy, which makes a push for shifting the burden/responsibility for cybersecurity on the vendor or those best positioned to address it. Why do you think it has taken us so long to get to this point? I know y...2023-03-1044 min

Resilient CyberS4E7:Jeff Williams - DevSecOps and Application Security (AppSec)Nikki: I have to start with an article you wrote a couple of years ago, about how we explain and provide context around vulnerabilities. I love the analogy of a 'vulnerability recipe' and how we can step through an explanation of vulnerabilities. Can you talk a little bit about the process and what compelled you to explore this topic? Nikki: I saw you spoke to Ron Ross recently, we had him on the show last year talking about cyber resiliency and of course software supply chain. Can you talk a little bit about security assurance and what t...2023-03-0441 min

Resilient CyberS4E6: Matt Cronin - Cyber Law & National Cyber StrategyNikki: I saw you recently did a Cyber Jeopardy Panel at the American Bar Association about cybersecurity and cyber law - can you talk a little bit about the intersection of cybersecurity and law?Chris: Continuing on that thread a little more, and you and I have chatted about this, what are some of the dichotomies or challenges of Cybersecurity in a democratic society versus say an authoritative regime or nation?Chris: I know you have a background with the DoJ and U.S. Attorney's office, are there some challenges with say cyber investigations in...2023-02-2439 min

Resilient CyberS4E5: Robert Wood - The Soft Side of CyberChris: First off, why do you think soft skills are so often overlooked or undervalued in our field of cybersecurity?Chris: I'm curious your perspective on how to help people build soft skills, much like technical skills, some may have more of an aptitude for technical work or prefer not interacting with people as often. Any advice for folks who may be a bit more of an introvert and finding dealing with people intimidating?Niki: I wanted to first talk about the Learning resources you have on your site - the softsideofcyber.com - I...2023-02-1234 min

Resilient CyberS4E4: Derek Fisher - The AppSec HandbookNikki: My first question is about your book, The Application Security Handbook - who do you think most benefits from this type of book and why do you think they need it?Nikki: What inspired you to write this? You have a ton of experience from being a security architect, to working in an IAM group, to application security - I would imagine all of that expertise allows you to see application security through a unique lens.Chris: In your book you touch on the dichotomy of shifting security left while minimizing friction between the...2023-02-0337 min

Resilient CyberS4E2: Karen Scarfone - Secure Software Development & NISTNikki - What do you see as emerging trends around cybersecurity guidance and frameworks? With the newer NIST 800-53r5 and the SSDF, there is a TON of literature coming out from NIST. What's next? Chris - I wanted to dig into SSDF a bit. Can you tell us a bit about being involved in that? How it came about after the Cyber EO and your experience writing it? Chris - We know OMB is now requiring Federal agencies to start to self-attest to secure software development practices, specifically SSDF practices. How does it feel to...2023-01-1526 min

Resilient CyberS4E1: Stephen Carter - The Vulnerability Management LandscapeNikki: To start us off, I'm curious about your opinion on the current state of vulnerability management guidance and documentation available for organizations. There are some references from NIST, but a lot of it centers around compliance. Chris: How do you think things such as Cloud, DevSecOps and shift-left security have changed vulnerability management? Nikki: Can you talk a little bit about what organizations and their vulnerability management programs should be working on right now? With more sophistication of attacks by malicious actors, we have to create more Chris: Most of us know the...2023-01-0928 min

Resilient CyberS3E28: Chris Hetner - Cyber, the Board and RegulationsNikki - I wanted to start with the major explosion of ransomware and ransomware-as-a-service across all industries. This seems like a good starting point for why cybersecurity advisors belong in the boardroom. Do you think the sophistication and ease of purchase with ransomware should be part of the conversation to bring more cyber experts in? Nikki - You made a post recently about the vast cybersecurity risk that API's pose to organizations. API security has been top of mind given how prevalent they are and how useful they are to both administrators and developers. Do you think AP...2022-12-1645 min

Resilient CyberS3E25: Richard Stiennon - Cyber Industry Research and AnalysisNikki: With your latest book, the Security Yearbook for 2022 ,this is the third iteration of the series right? It started in 2020 and has only grown since then. Can you talk a little bit about why you started this annual compilation of research? Nikki: For any other security practitioners or anyone in the field who's interested in writing a book or putting together a comprehensive manuscript or research, do you have any tips or advice for them to get started?Chris: Can you tell us about your endeavors with IT-Harvest and your IT industry research, what i...2022-11-1228 min

Resilient CyberS3E22: Steve Springett - Navigating the Digital Supply ChainChris: Before we dive into too many specific topics, one thing I wanted to ask is, you've been working in/around the topic of SBOM and Software Supply Chain for sometime via NTIA, CycloneDX, SCVS etc. How did you have the foresight or what drove you to focus on this topic well before many others in the industry?Nikki: You mentioned recently about the SBOM Forum and their recommendation of the NVD adopt Package URL. I think the recommendations are great for NVD, because the NVD, CVE ID mechanisms, and CWE's weren't technically built for al ot...2022-09-3044 min

Resilient CyberS3E21: Josh Bressers - Securing Open Source SoftwareChris: To start us off, why do you think OSS and the software supply chain are now beginning to get so much attention, despite being widely used for years now?Chris: When it comes to OSS, any thoughts on how we balance security while also not stifling the innovative creative environment that is the OSS ecosystem?Nikki: On one of your recent podcast episodes, you discussed how open source can be unfair, whether that's to users or to developers. Can you break that down a little bit for our audience?Nikki: I think...2022-09-2334 min

Resilient CyberS3E20: Ken Myers - Federal ICAM & Zero TrustChris: What do you think some of the fundamental changes of IAM are from on-prem to cloud?Chris: What are some of the key tradeoffs and considerations for using IDaaS offerings?Nikki: There are a lot of solutions out there that discuss zero trust as a product or a service that can be leveraged to 'bake in' zero trust into an environment. But I'm curious on your perspective - do you think we need additional tools to configure zero trust principles, or leverage the technology at hand to implement zero trust?Nikki: There's...2022-09-2039 min

Resilient CyberS3E18: Jacques Chester - Vulnerability Scoring and Software Supply ChainChris: For those not familiar with CVSS, what exactly is it, and why is vulnerability scoring important?Chris: What are some of the most notable critiques of CVSS?Nikki: I read your article 'A Closer look at CVSS Scores" and have had a lot of similar thoughts. The CVSS SIG is doing great work, and there are other scoring methods out there to help determine the real threat of vulnerabilities. Do you have any advice for organizations that are struggling with the amount of High and Critical vulnerabilities they see based on this scoring method? 2022-09-0227 min

Resilient CyberS3E17: Anil Karmel - Compliance Innovation & RegOpsChris: So you're a proponent of a term called RegOps, can you explain what that is to us a bit and how it differs from traditional compliance?Nikki: I'm interested in your background from Solutions Architect, to CTO, to Co-founding and running companies. Do you have any advice for other architects or IT and security practitioners for building up leadership skills and transitioning to business ownership? Chris: Do you think the evolution of Cloud and API enabled platforms is positioning us to innovate in compliance and potentially keep pace with DevSecOps? Nikki: What ar...2022-09-0227 min

Resilient CyberS3E16: Greg Thomas - Secure Service Mesh & Cloud-native NetworkingNikki - In one of your recent posts you speak about how more organizations are looking to leverage service mesh in their own environments. Can you talk a little bit about why a team may be interested in moving to a more service mesh architecture? Nikki: What do you think may impede or stop an organization from adopting updated networking practices and technologies, like service mesh, and how can they get started adopting it?Chris: What role do you think Service Mesh plays in the push for Zero Trust and maturing security in cloud-native environments?2022-09-0232 min

Resilient CyberS3E13: Jimmy Mesta - Kubernetes Security & ComplianceChris: For those not familiar with Kubernetes, can you tell us what it is and why there is so much buzz around it?Chris: Kubernetes, while it has many benefits also is a very complex technology, what are some of the key things organizations should keep in mind when using Kubernetes securely?Nikki: What kind of role do you see RBAC playing with Kubernetes? I don't hear a lot of talk around this subject and I'm curious what you think may be the importance of RBAC around KubernetesChris: Any nuances or recommendations...2022-08-1043 min

Resilient CyberS3E14: Jon Meadows - The Secure Software Factory Nikki: In some ways I think "software supply chain security" has become almost a buzz word, or buzz phrase? But to me it's more of a concern for security programs at large, since so many products and services are being developed in-house at organizations. What are the top three concerns that CISO's or security leaders should know? Chris: We're obviously seeing a lot of buzz around SBOM, and now VEX. What are your thoughts on where things are headed with software component inventory and SBOM as part of cyber vulnerability management?Chris: You were in...2022-08-1034 min

Resilient CyberS3E8: Maril Vernon - Purple Teaming & Personal BrandingChris - Lets start off with discussing what is Purple Teaming exactly, and what is it not?Nikki - The industry can be somewhat siloed between job roles, and purple teaming really breaks down those barriers - do you see purple teaming being adopted more in the industry? Or do you think that too many industry experts hold too closely to their areas of expertise? Chris - People often conflate Red Teaming, Pen Testing and Purple Teaming - how do we help clear up that confusion? Nikki - Purple teaming is supposed to be an iterative continuous pr...2022-06-2231 min

Resilient CyberS3E6: Walter Haydock - Software Supply Chain & Vulnerability ManagementNikki - You have some really awesome content on LinkedIn around Vulnerability management - one of my favorite posts you made recently was asking "Is vulnerability management dead". Can you explain a little bit about what you mean? I'm curious on your take, because there isn't a ton of modern guidance around vulnerability management Nikki - One of the biggest challenges I think we face around vulnerability identification, and specifically prioritization, is that a lot of emphasis is put around CVSS scores and CVE ID's specifically. And while an incredibly helpful tool, plenty of vulnerabilities are not ID...2022-06-1627 min

Resilient CyberS3E2: Jacob Horne - Security vs. ComplianceNikki - You have a varied background between being a security engineer, consultant, manager, etc. What made you decide to focus more on the compliance aspects of cybersecurity?Chris - It is often said "Compliance doesn't equal Security". Why do you think this phrase has taken hold, do you think its accurate and how do we evolve beyond it? Nikki - Based on some of your posts about compliance - one specifically about implementing frameworks and guidance from NIST and the CMMC standards - do you think there's a need in the industry to focus mo...2022-05-2333 min

Resilient CyberS3E3: Dan Lorenc - Software Supply Chain, Sigstore and OSSChris: We're undoubtedly seeing a growing discussion around Software Supply Chain, with several notable events and also now evolving guidance/legislation such as the Cyber EO, NIST guidance etc. Any thoughts on why this is just now becoming such a focused concern?Nikki: When a lot of people discuss software supply chain security, it can quickly turn into a discussion about SBOM or Log4j and SolarWinds. I think about software supply chain security as being part of a really good threat detection and response program - what are your thoughts on that?Nikki: I...2022-05-2323 min

Resilient CyberS3E4: Dr. Butler - Cybersecurity & AcademiaChris - We know there's a massive Cyber workforce challenge, what role do you think academia plays there and how can it improve to close the gap?Nikki - Speaking of the young professionals in cybersecurity, what do you think are some of the in-demand skillsets and career paths available for individuals interested in pursuing a career in cybersecurity?Chris - There's often a debate between academics and practitioners, why do you think that is, and do you think we're seeing that gap dissolve with new degree programs and more practitioner focused curriculum? N...2022-05-2333 min

Resilient CyberS3E1: Bob Zukis - Cybersecurity in the BoardroomChris: So let's start with how we've gotten here. With digital systems accounting for 60% of global GDP, how do we still not have requirements or adoption of cyber expertise on public board?Nikki: You mention in your article about the SEC mandating cyber leadership into board rooms - do you think that the type of experience expected on boards should be geared specifically to risk management, or a mix of highly technical and governance experience?Chris: For those looking to fill some of those upcoming board opportunities, what recommendations do you have?Nikki...2022-05-2325 min

Resilient CyberS2E22: HackerOne - Bug Bounty, Vulnerability Disclosure and EthicsNikki: I've spent a number of years studying vulnerability chaining and using low and medium vulnerabilities in combination to create very critical attacks. Do you see this as a common method for attacks in the wild?Chris: we're continuing to see the growth of bug bounty programs, such as HackerOne. How do you think these programs contrast (or compliment) companies internal pen test/red teams for example? Nikki: Vulnerability management is an incredibly complex topic for a lot of organizations. Do you think bug bounty programs and Vulnerability Disclosure Programs (VDP) are helping to mature t...2022-03-2529 min

Resilient CyberS2E18: John Guckian - EDR, XDR and Modern Endpoint ProtectionNikki - What does EDR look like right now and where is it going?Nikki - What are the differences between typical A/V and EDR?Chris - What role do you see EDR playing in the push for Zero Trust? Nikki - How do you integrate EDR into your environments and how do you feel about using EDR with SIEMs?Chris - Do you feel that the boon for working from home has impacted the EDR space?Nikki - Can you talk a little bit about what DLP is and how it relates to EDR roll outs?Chris - B...2022-02-2327 min

Resilient CyberS2E17: Ron Ross (NIST) - DevSecOps, Resilience and Compliance InnovationNikki - Can you tell us a little bit about what you're currently working on right now at NIST?Chris - Software Supply Chain Security has become a hot topic lately. We know NIST published 800-161 covering C-SCRM, C-SCRM is a complex topic. Where do you see the industry going forward in terms of maturing C-SCRM practices?Nikki - Speaking of maturing C-SCRM practices, do you feel that there is a need to provide more documentation for maturing other aspects of cybersecurity? I do not see a lot of people in the industry discussing vulnerability...2022-02-1539 min

Resilient CyberS2E16: Dr. Nagi Mei - Drone Security, Forensics and RegulationNikki - Please tell us a little bit about your dissertation and why you felt like drone forensics needed further research?Chris - We know you have a Doctorate where your focus was UAV systems forensics framework. My background is largely with DoD which is increasingly embracing UAV/Drones etc. Are there any major security concerns a community like that should consider as they embrace these technologies?Nikki - Do you feel like there is still a need to create more comprehensive policies and frameworks around drone forensics?Chris - I noticed you...2022-02-1018 min

Resilient CyberS2E15: Shubhi Mishra - Government Innovation & Women in TechNikki - First, I need to hear about how you feel about women in technology and any words of encouragement for women who are interested in starting a business? Chris - We know your organization raft is up to some innovative work in the Federal space, can you tell us a bit about that?Nikki - You have such a unique background with business and law and technology, I've actually considered getting a law degree. Do you think that has altered your perspective as a business owner?Chris - In your experience what ha...2022-02-0229 min

Resilient CyberS2E14: Jacquelyn Schneider - U.S. Cybersecurity Policy & Cyber DeterrenceNikki - You are currently a Fellow with Stanford University - could you talk a little about the journey you've made to this point and how cybersecurity plays into the Fellowship?Chris - We know you served as a Senior Policy Advisor for the U.S. Cyberspace Solarium Commission. Can you speak about that, for those that aren’t familiar with the commission, and knowing the government has acted on some of the commission's recommendations, do you think we’re making the progress needed as a nation when it comes to Cyber?2022-01-2625 min

Resilient CyberS2E10: Shane Barney - Federal Zero Trust, Cloud, and DevSecOpsChris - There's quite a push for Zero Trust in the Federal Government, with the Cyber EO and ZT publications from CISA. What do you see as some of the biggest impediments for the Government's adoption of ZT? What are some of the biggest opportunities?Nikki - One of your recent posts you mention the difference between zero trust being a concept vs being something to act on. What do you think the right way to implement a zero-trust architecture is?Nikki - Do you have any resources for practitioners who are looking to ensure...2021-12-1437 min

Resilient CyberS2E9: Ron Gula - Cybersecurity Founding, Investing and Board AdvisingNikki - As someone who has such wide ranging experience in cybersecurity from practitioner and business owner to investor - what would you say are the largest concerns in cybersecurity right now? Zero trust? Incident Response? Cloud security?Chris - You hold several advisory and board member roles. For Cybersecurity professionals looking to perform similar roles, do you have any recommendations?Nikki - With your background in a company like Tenable and the security tool industry, do you feel like cybersecurity practitioners have the tools that they need to perform tasks? Do you think there...2021-12-0721 min

Resilient CyberS2E7: Rock Lambros - Cybersecurity, Business & The Evolution of The CISOChris - You have a book coming out titled The CISO Evolution - Business Knowledge for Cybersecurity Executives. How critical do you think it is for CISO's to understand the business, and how do they balance their technical skills with business acumen?Nikki - I see you've posted several videos on LinkedIn - my favorite so far is the "paralysis-by-analysis" concept. We've discussed before cognitive limitations and just how much data we could actually put into our decision making when it comes to risk. Where do you think the sweet spot is with amount of data vs...2021-11-1721 min

Resilient CyberS2E6: Tracy Bannon - DevSecOps, Innovation & The Public SectorChris - We know you are extremely passionate about DevSecOps in Government. What do you think some of the biggest impediments for widespread Government adoption of DevSecOps is?Nikki - I see you spoke recently about minimum viable continuous delivery - can you tell us a little bit about what that is and what it means? And what you think the possible implications may be on development cycles? Chris - Do you feel there is often a disconnect between leadership and practitioners when it comes to successful DevSecOps implementation, and if so, what do you t...2021-11-0926 min

Resilient CyberS2E5: Lonye Ford - Cybersecurity Workforce & LeadershipNikki - I'm so impressed with your wide range of cybersecurity - and with that experience you also are a Co-Founder and CEO. Can you talk a little bit about the transition from full time practitioner to business owner? Chris - If you had to list 1-2 top issues facing the Cybersecurity community within Government in particular?Nikki - What would you say are some of the biggest challenges that you've faced running your own company in the security and intelligence space? Chris - We know there is a big push for cATO/On...2021-11-0334 min

Talking With DouglasReal Talk With Fitness Consultant Chris HughesA discussion on health you don't want to miss. You don't have to live in pain, the belief we have to settle for certain things isn't true and our health and well being is included. You can contact Chris for additional fitness help through powerwithprecision.fitness and Chris@powerwithprecision.fitness. We apologize for the slight technical difficulties. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/talkingwithdouglas/message Support this podcast: https://anchor.fm/talkingwithdouglas/support 2021-08-0940 min

Resilient CyberResilient Cyber - Episode 10 - Nikki Robinson - Vulnerability Management ChallengesToday's episode is a conversation between Dr. Nikki Robinson and Chris Hughes on Vulnerability Management. Dr. Nikki has a PhD which focuses in Vulnerability Chaining and the co-hosts discuss the difficulties of Vulnerability Management.What would you say are the biggest reasons why vulnerability management is still so difficult for organizations?Why is it so important to patch or mitigate end-of-life software, and what are some of the challenges around that?Is vulnerability scanning still a major component to secure your network in a continuous monitoring program?2021-05-0226 min

Resilient CyberResilient Cyber - Episode 6 - Chris Hughes - Cloud Security, Adoption, and Automation-What first interested you in cloud technology and pursuing a career in cloud security? -Do you feel that learning a cloud platform is essential for todays' IT and security workforce -Do you recommend hybrid cloud environments? Do you think it adds too much complexity to provide proper security controls?-What are some of the biggest threats to cloud and hybrid environments?-What are some emerging trends in cloud security?How do you think cyber resiliency specifically applies to cloud environments?2021-04-0425 min

Hughes of BalmainFlying FoxChris tries out the Flying Fox at Waiau Waterworks 2009-01-2035 min