In this episode of HACKED, Ben talks with the owner of Penetration Testing firm, Black Hills Information Security about the business and profession of pen testing and their incident response card game

In this podcast, Ben chats with David Yakobovitch, a Data Scientist and host of the HumAIn Podcast. The conversation covers the ethics behind Artificial Intelligence, Robots and the importance of higher education in the field.

Paul McGough is an industry veteran having been on the forefront of cybersecurity with the government in the 80’s. He has seen the evolution of hackers, the profession, and how skills are defined. We also debate certifications vs. experience and how it plays into todays job market. Paul shares some great ideas on how complexity may not be the best option for security. We dive into the company he co-founded, Qwyit, how they have simplified processes (in IoT and Telecom) and the importance of encryption. Learn more about Qwyit’s solution at Qwyit.com.

We dive deep into Chaos Engineering’s use in security and Aaron Rinehart’s brain child, ChaoSlinger. Aaron dives into the impact of objective monitoring for security components and techniques for learning how components actually function in the environment. We also dive into the difference between building a program based on regulations vs. building as an engineering discipline. You can find more on Aaron Rinehart and ChaoSlinger on LinkedIn at Aaron Rinehart and on Twitter @aaronrinehart.

Travis Baker and Ben go back in forth about recruitment techniques given the unique landscape of the security profession. We talk about how candidates are consumers, techniques for proactive recruitment, effectively identifying key skills, non-traditional talent, and why culture can make or break your recruitment efforts. We also dive into effective relationships between the hiring team and HR/Talent acquisition and how candidates can be smart consumers as they navigate the job market.

Allen Burzen experienced first-hand the impact of having your identity stolen. He has now taken his misfortune and made it his mission to help others who have been impacted in a similar way. Having lead a post-breach incident response team, he shares insight to the evolution of data breaches, how they are advancing, how to build and test a post breach response, and why, as a community, we need to talk about these sensitive issues.

Come take a dive into the minds and motivations of Black Hats from across the world. E.J. Hilbert shares stories and insights of his time in the cyber crime unit of the FBI, being on the forefront of identify and financial data theft, and working with Max Popov, a Ukrainian prisoner shackled to a conference room desk at Ant City. We also dive into Infosec education and why higher education has been slow to adopt it as a major as well as why physical/personnel security and information security are one in the same. If you want to read more about E.J.’s time with Max Popov and Ant City, here is the link: https://www.wired.com/2016/05/maksym-igor-popov-fbi/

Ben chats with Chris Barnes about the importance of cybersecurity for small to mid-sized business. Chris talks about his SMB advisory practice, threat landscape for SMB’s, ways to build an effective program with few to no resources, and the importance of a trusted advisor when building a program. During Overrated/Underrated, we get his take on security vulnerabilities with Amazon Alexa/Google Home and building backdoors into applications.

Sandra Crosswell, CISO/CSO @sonicwall joins the HACKED podcast. We dive deep into Red Teams and all sorts of penetration testing topics. She gives an inside look to her role and the challenges of being the first individual in the seat. Additionally, she shares her thoughts on the talent gap and hiring penetration testers. During Overrated/Underrated, we get her opinion on hacking certifications and black hats moving into corporate roles.

On this episode of HACKED: Into the Minds of Cybersecurity Leaders, Ben gets to grill Joshua Danielson (CISO at Copart) on all sort of topics in Infosec. We discuss end user training programs, vulnerabilities and vulnerability management, establishing effective relationships with the C-suite, and the future of the CISO role. During Overrates/Underrated, Josh shares a different view on penetration testing and the mac ROOT vulnerability.