Shows
The Virtual CISO MomentS7E17 - A Conversation with Joshua CrumbaughJoshua Crumbaugh joins us for a special Thursday edition of The Virtual CISO Moment. With over 20 years of experience in cybersecurity, he is the CEO of PhishFirewall, a company that helps organizations solve their phishing problem. He has a credential in Offensive Security and has published a book on cybersecurity education and awareness. Join us as we discuss the human factor in securing information. Also, if you're in the Huntsville Alabama area, catch his keynote at BSides Huntsville THIS SATURDAY (April 12, 2025), where he will discuss the launch of an exciting new product. Here's a hint from a recent post...2025-04-1026 min
Phishing For AnswersAI in Healthcare Security: Oracle Health's CISO SpeaksSend us a textSteve Fridakis, CISO of Oracle Health, shares his journey through cybersecurity across industries and explores the transformative impact of AI on healthcare security.• 25 years of cybersecurity experience spanning airlines, United Nations, media (HBO), and healthcare• Common security foundations across industries despite significant differences in threat landscapes• AI enabling physicians to capture diagnoses using natural language while validating against patient history• AI security tools helping validate systems and correlate petabytes of daily log information• Current cybersecurity mindset shifting equal focus to recovery capabilities alongside prevention• Zero Trust implementati...2025-03-0744 minPhishing For AnswersTransforming Cybersecurity Training with Engaging StrategiesSend us a textThe episode delves into the essential role of human factors in cybersecurity, emphasizing the need for integrating security awareness into daily operations. Eric Harris shares insights on effective training strategies, the importance of understanding social media risks, and the evolving landscape shaped by AI and deepfakes. • Discussing Eric Harris's background and journey in cybersecurity • Human-centric approach to tackling cybersecurity threats • Analyzing social media risks, especially linked to professional platforms • Strategies for creating effective security awareness programs • The importance of positive reinforcement in training initiatives • Leveraging AI while addressing i...2025-03-0447 min
Phishing For AnswersPhishing Gone Wild: Tales from the TrenchesSend us a textKevin Walsh joins us to share his wealth of experience in cybersecurity and the crucial role of human elements in security strategy. The discussion touches on compliance, phishing simulations, and the impact of AI in the realm of cybersecurity. • Importance of understanding human behavior in cybersecurity • Compliance: Balancing act between requirements and effective security • The security culture: Building a proactive environment • Phishing simulations: Making training relevant and effective • AI's role in modern cybersecurity landscape • Vendor security: Addressing the weakest link • Strategies to engage all levels of staff in security...2025-03-0445 min
Phishing For AnswersHow Quantum Computing Will Change EverythingSend us a textA transformative look at quantum computing's implications for businesses, especially around cybersecurity, with industry expert Bill Genovese from Kyndryl. Key insights into navigating this technology are presented, emphasizing urgency and strategic planning.• Quantum computing's transformative potential in everyday business • Bill's extensive background in leading global tech initiatives • The urgency for businesses to adapt to quantum threats • Exploring post-quantum encryption and its necessity • The convergence of quantum and AI technologies • The importance of developing a strategic framework for risk management • Lessons from past tech disruptions like Y2K • Practical...2025-03-0448 minPhishing For AnswersDeaf Relay Scam Unveiled: Tim Krabeck’s Cybersecurity Journey from Help Desk to FBI PartnershipSend us a textIn this episode, we dive deep into the human element of cybersecurity, exploring how personal experiences inform our understanding of threats and defenses. Tim Krabeck shares his journey from help desk IT to becoming a cybersecurity expert, emphasizing the importance of communication, collaboration, and continuous education in the fight against cyber threats.• Tim's entry into cybersecurity through a phishing scam • Importance of personal stories in understanding cybersecurity • Role of red and blue teams in security practices • Discussing the MITRE ATT&CK framework • The significance of system hardening and user exper...2025-02-1241 minPhishing For AnswersThe Cyber-Psychology Connection: Futureproofing with AISend us a textUncover the fascinating intersection of human behavior and cybersecurity through the eyes of Tolgay Kizilelman, an expert in IT and cybersecurity. Explore how his career journey, from IT management to the pivotal role of CISO at the University of California, has shaped his unique perspective on the human element in cybersecurity. As we exchange stories, I share my own path from marketing to ethical hacking, highlighting the unexpected ways human psychology plays a critical role in both fields. This episode will leave you questioning the traditional approach to cybersecurity and appreciating the complexity...2025-02-1051 minPhishing For AnswersPhishing Exposed: Ashok Kakani’s Game Plan for Cyber Leadership & AI Risk ManagementSend us a textCybersecurity is evolving, with human behavior at its core and the need for robust security awareness training becoming more critical. Through the journey of Ashok Kakani, we explore the intersection of personal experiences, phishing incidents, and innovative approaches to training that engage employees and build a resilient cyber culture.• Ashok's transition from science to cybersecurity • Importance of front-line training in mitigating phishing • Real-life phishing incident and lessons learned • The role of AI in enhancing and complicating security • Dangers of inadequate PII management • Need for role-based training to combat specifi...2025-02-1046 minPhishing For AnswersPhishing for Answers: Maxing Out Cyber Defense with Nigel MillerSend us a textWe explore how human behavior is the front line of cybersecurity, reshaping interactions between security teams and employees for a more collaborative approach. Nigel Miller highlights the significance of role-based training, the evolving threats posed by AI, and the importance of building a community around security awareness.• The shift from “Department of No” to enabling security culture • Importance of role-based training tailored to job functions • AI creates new phishing challenges but also enhances training methodologies • Psychological principles can deepen training impacts on behavior • Fostering an open community encourages proacti...2025-02-0746 minPhishing For AnswersLicense to Secure: Joshua Kuntz on Protecting Texas from Cyber ThreatsSend us a textJosh Kuntz shares his extensive journey through cybersecurity, emphasizing the balance of compliance, risk management, and the mentorship of the next generation. The episode discusses the evolution of security roles, the impact of AI, and the importance of understanding organizational objectives in strengthening cybersecurity culture.• Biography of Josh Kuntz and his career path• Transitioning from military to civilian cybersecurity roles• Importance of compliance and developing security programs• Adapting to remote work during COVID-19 challenges• Concept of risk acceptance in cybersecurity practices• Significance of training and mentorship in building...2025-02-0748 minPhishing For AnswersWhy Washington’s CISO Says You’re Targeting the Wrong RiskSend us a textWe discuss the evolving landscape of cybersecurity with Ralph Johnson, emphasizing the importance of collaboration, training, and the role of AI in addressing modern threats. Key topics include motivating teams, learning from past incidents, and the necessity of tailored, engaging security awareness programs. • Ralph’s personal journey into cybersecurity • Carrot vs. stick: motivation in teams • Embracing AI in training and security protocols • A real ransomware case study and its lessons • The importance of security hygiene and basic practices • Role-based training for diverse job functions • Gamification techniques to engage employees 2025-02-0654 minPhishing For AnswersCIO Confession: The #1 Mistake Holding Back City SecuritySend us a textArt Thompson, CIO of the city of Detroit, shares essential cybersecurity insights in this interactive discussion. He emphasizes the importance of open communication and the need for role-based training to safeguard against the growing number of phishing attempts.• Art’s journey from supply chain to IT and cybersecurity• Emphasis on zero tolerance for suspicious activities• Importance of communication regarding cybersecurity at work and home• Personal anecdote highlighting the need for multi-factor authentication• Discussion on the increasing threat of phishing attacks and deep fakes• Need for updated, role-based tra...2025-02-0638 minPhishing For AnswersFrom the Air Force to CISO: Ellison De La Cruz on Cybersecurity Leadership, AI Advancements, and Enhancing Threat AwarenessSend us a textEllison De La Cruz, a seasoned cybersecurity leader, shares his journey in tech and invaluable lessons learned in the changing landscape of cybersecurity. The episode emphasizes the importance of soft skills and behavioral science in security, exploring the relevance of role-based training and insights into evolving threats like phishing and AI. • Transition from technical skills to leadership roles • Importance of understanding behavioral science in security training • Role of AI in shaping cybersecurity challenges • Necessity for role-based training in enhancing effectiveness • Stories highlighting the impact of human behavior on cybersecurit...2025-02-0545 minPhishing For AnswersSecuring AI and Minds: Steve Winterfeld on Cyber Threats, Behavioral Science, and Building Robust Security CulturesSend us a textOur conversation with Steve Winterfeld unveils critical insights for anyone looking to forge a successful career in cybersecurity. We discuss the importance of strategic planning, building a security culture, and adapting to the rapid evolution of threats, especially phishing and social engineering attacks.• Exploring three career paths in cybersecurity • The importance of strategic career objectives • Carrot versus stick: fostering an inclusive security culture • Evolving threats: phishing beyond email • The role of AI in enhancing and challenging security • Understanding cognitive biases in decision-making • Effective metrics for measuring security a...2025-02-0550 minPhishing For AnswersFrom Bangladesh to Cybersecurity Leadership: Javed Ikbal on Navigating Culture, Phishing Threats, and AI GovernanceSend us a textJaved Ikbal shares his transformative experiences as a CISO, highlighting the challenges of cultivating a security-centric culture in organizations. He emphasizes the importance of communication, understanding user psychology, and establishing foundational practices to navigate the complexities of cybersecurity today. • Importance of cybersecurity culture in organizations • Challenges faced as a CISO in different environments • User psychology impacts on reporting security issues • The need for clear policies around AI usage • Lessons learned for aspiring CISOs and cybersecurity leadersJoshua Crumbaugh is a world-renowned ethical hacker and a subject matte...2025-02-0445 minPhishing For AnswersCyber Storytelling: Cecil Pineda on Revolutionizing Security Communication, AI Threats, and Innovative Training SolutionsSend us a textCecil Pineda, the CISO at R1RCM, shares his journey into cybersecurity, emphasizing the importance of communication, emotional intelligence, and effective risk management in CISO roles. He discusses how emotional awareness and tailored training approaches can significantly enhance cybersecurity awareness and compliance across organizations.• Importance of storytelling and communication in cybersecurity risk management • Emotional responses play a critical role in user learning and engagement • Value of marketing principles in cybersecurity communication • AI's dual impact: enhancing threats and defensive capabilities • Need for targeted and micro training in busy professional e...2025-02-0443 min
Phishing For AnswersRed Team Tactics Uncovered: Building Skills for a Cybersecurity FutureSend us a textThis episode features Philip Wiley, a cybersecurity expert, who discusses the nuances of penetration testing versus red teaming, shares thrilling hacking experiences, and emphasizes the importance of addressing human errors in security. He provides insights into effective cybersecurity training and the relevance of networking for career growth in the industry. • Understanding the differences between penetration testing and red teaming • The significance of web app pen testing and its role in security • Thrilling hacking stories that highlight the art of ethical hacking • Importance of social engineering and user awareness training • Address...2025-02-0343 minPhishing For AnswersSafeguarding Investments: Bob Flores on Cybersecurity in Private Equity, AI-Driven Threats, and Empowering TeamsSend us a textThis podcast episode emphasizes the critical intersection of cybersecurity and private equity, highlighting the importance of conducting thorough cybersecurity assessments before acquisitions. Bob Flores, an experienced CIO and CISO, discusses key issues like the rise of AI in cyber threats, user education, and effective role-based training as vital components for safeguarding investments against sophisticated attacks. • Significance of cybersecurity inspections in private equity transactions • Insights into the evolving landscape of cyber threats, especially with AI • The need for user education on cybersecurity risks • Importance of role-based training for vulnerable job function...2025-02-0337 minPhishing For AnswersFrom Technician to CISO: Rob LaMagna-Reiter on Cybersecurity Leadership, AI Threats, and Effective Communication StrategiesSend us a textThis episode delves into the human side of cybersecurity, featuring insights from Rob LaMagna-Reiter on the importance of communication, mentorship, and understanding AI-related threats. By focusing on personalized training and fostering a culture of open dialogue, organizations can empower their workforce to effectively navigate evolving risks in cyber defense. • Highlighting the role of mentorship in personal development • Importance of clear communication across all organizational levels • Relationship between cybersecurity and business operations • Strategies for effective phishing and awareness training • Addressing AI-driven threats and their implications for cybersecurity • Understanding visibility and dec...2025-01-3155 minPhishing For AnswersCyber Insights: Cody Burrows on Ethical Hacking, Leadership Evolution, and Cultivating a Vigilant WorkforceSend us a textThis episode delves into the critical intersection of cybersecurity and the human element, emphasizing the importance of effective training and mentoring. Cody Burrows shares insights from his extensive experience, advocating for a shift from punitive training to one that nurtures understanding and encourages proactive behavior. • Cody's journey from pen tester to CISO • The ego problem within cybersecurity • The necessity of mentorship and support in pen testing • Role-based training versus traditional security awareness • Using behavioral science principles in training • Importance of positive reinforcement in security culture • Trusting instincts an...2025-01-3153 minPhishing For AnswersFrom Buddhism to Cybersecurity: Jess Vachon on Leading with Empathy, Innovative Training, and Balancing Budgets in a Digital WorldSend us a textJess Vachon shares insights into her calm approach as a CISO and how empathy in cybersecurity can significantly transform organizational culture. The episode emphasizes the importance of effective communication, role-based training, and the evolving impact of artificial intelligence on how organizations secure their operations. • Exploring personal journeys into cybersecurity • Importance of mentorship and coaching in the field • Balancing cybersecurity budgets and investments • Communication as a key to successful cybersecurity strategies • Tailored role-based training for improved retention • Challenges and opportunities presented by AI in security • Building a compassionate and c...2025-01-3046 minPhishing For AnswersCrafting Security Cultures in the Age of AI with Tim ChaseSend us a textThe episode focuses on the evolving threats posed by phishing scams enhanced by artificial intelligence, particularly in corporate settings. Tim Chase shares real-life experiences and insights into the changing landscape of cybersecurity and the need for tailored training to empower employees in recognizing and combating these threats.• Discusses a significant gift card scam incident • Examines the evolution of phishing tactics and AI's role • Emphasizes the necessity of role-based security training • Highlights the importance of social engineering awareness • Advocates for creating a culture of communication about suspicious emails • Suggests...2025-01-3047 minPhishing For AnswersEmpowering Your Workforce: Andrew Obadiaru on Balancing Cybersecurity Awareness, AI Impacts, and Innovative Training StrategiesSend us a textThe episode emphasizes the critical role of security awareness in protecting organizations from cyber threats, particularly phishing attacks. Andrew Obadiaru, CISO of Cobalt, discusses strategies for enhancing employee education, implementing phishing simulations, and leveraging AI to stay ahead of evolving cybercriminal tactics.• The human element is key in cybersecurity defense • Importance of security awareness training for all employees • Insights into conducting phishing simulations and their benefits • Current trends in phishing attacks and use of AI • Strategies for engaging employees in security training • Tips for maintaining vigilance against cyber thr...2025-01-2948 minPhishing For AnswersPhishing Fallout: Angela Chen on Combating Cyber Threats in Higher Education and Building a Secure Digital CultureSend us a textIn our latest episode, Angela Chen, CIO of the University of Delaware, shares her personal experience with phishing, revealing the profound emotional and psychological impacts of these attacks. We discuss the importance of making cybersecurity a collective responsibility that spans generational divides and the need for tailored education to enhance awareness among vulnerable populations. • Angela's personal experience highlights the emotional toll of phishing • The impact of phishing on trust and mental health is profound • Younger and older generations are particularly vulnerable • Universities face challenges in effectively educating students on cybersecu...2025-01-2951 minPhishing For AnswersUnmasking Vulnerabilities in Security Awareness with Wendy NatherSend us a textEver thought attending a security awareness class could make you more vulnerable to phishing attacks? Join us as Wendy Nather, a former CISO, unravels this unexpected phenomenon and challenges industry norms. We tackle the complexities of security training and explore why traditional methods might not be hitting the mark. Wendy shares insights into designing systems that protect against human errors, advocating for a collaborative approach that includes everyone from developers to IT staff in building robust cybersecurity frameworks.Our conversation takes a turn as we highlight the importance of role-based training...2025-01-2845 minPhishing For AnswersRethinking Security: Dr. Joshua Scarpino on AI, Ethical Practices, and Gamified Training for a Safer TomorrowSend us a textWhat if the key to fortifying your organization's cybersecurity was hidden in the ethical deployment of AI? Join us for an enlightening conversation with Dr. Joshua Scarpino, a dual expert in cybersecurity as CISO VP of Information Security at TrustEngine and CEO of Assess Intelligence. Our episode charts the powerful intersection of AI and cybersecurity, exploring how AI can both shield against and execute cyber threats, and why a comprehensive risk management approach is crucial for any enterprise. Dr. Scarpino's insights highlight the pressing need for responsible AI practices, addressing biases, and maintaining...2025-01-2846 min