security culture

Tanya Janca, also known as SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Application Security' and founder of We Hack Purple. Tanya has been coding and working in IT for over 25 years, has won countless awards, and has been everywhere, from public service to tech giants, writing software, leading communities, founding companies, and 'securing all things'. 

Tanya joins the podcast to discuss the recipe for success for security champions programs. She touches on best practices for recruiting, engagement, education, recognition & rewards, and maintaining a champions program. 

• Welcome to The Security Champions Podcast [0:15]
• Alice and Bob Learn Application Security [3:55]
• Why We Hack Purple? [9:10]
• The Recipe for Succes with Security Champions Programs [14:30]
• How to Engage Your Champions [25:50]
• What to Teach Security Champions [38:28]
• Recognition & Rewards to Drive Engagement [46:45]
• How to Maintain Your Security Champion Program [57:50]
• Collaboration Between Dev & Security [1:06:49]

 Episode Resources:

• Alice & Bob Learn Application Security
• We Hack Purple Podcast

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com.

FOLLOW US to stay up-to-date with new content!

• Twitter (twitter.com/SecurityJourney)
• LinkedIn (linkedin.com/company/security-journey)
• YouTube (youtube.com/c/securityjourney)
• Online (securityjourney.com)
• CONTACT: hello@securityjourney.com

Guest: Ian Hill, Director of Information and Cyber Security at Upp Corporation [@getonupp]

On LinkedIn | https://www.linkedin.com/in/ian-hill-95123897/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

Pentera | https://itspm.ag/penteri67a

✨ ➤ Sponsorship Signup Is Now Open — And Yes, Space Is Limited!

____________________________

Episode Notes

In this Chats on the Road to Infosecurity Europe Conference podcast episode, Ian Hill, a cybersecurity veteran with 25 years in the field, and current Director of Information and Cybersecurity at Upp Corporation, shares his knowledge and experiences. He provides valuable insights into compliance, readiness, and the global challenges that affect cybersecurity.

A main focus is the interplay between compliance and security. Hill emphasizes the importance of prioritizing a robust security strategy that organically leads to compliance, rather than letting compliance requirements dictate security measures. This perspective offers a redefined take on building an effective cybersecurity framework.

The conversation also explores the concept of readiness in cybersecurity. In a domain where technology continually outpaces regulations, understanding what constitutes readiness is not straightforward. However, the discussion highlights its importance in preparing organizations to respond to evolving threats.

The conversation pivots to get a view of global cybersecurity, discussing the cross-border challenges that organizations face in our interconnected world. Hill underscores the implications of navigating diverse laws, cultural attitudes, and standards in a global company, and points to an increasing need for international cooperation to manage the complex, ever-changing threat landscape.

Have a listen. Enjoy. And be sure to catch Ian's keynote presentation and panel discussion during the conference.

____________________________

Resources

Learn more, explore the programme, and register for Infosecurity Europe: https://itspm.ag/iseu23

Be sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverage

Catch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6B

____________________________

If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).

Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndl

For more ITSPmagazine advertising and sponsorship opportunities:

👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcast

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Guests

Linda Gray Martin, Vice President at RSA Conference [@RSAConference]

On LinkedIn | https://www.linkedin.com/in/linda-gray-martin-223708/

On Twitter | https://twitter.com/LindaJaneGray

Cecilia Murtagh Marinier, Cybersecurity Advisor - Strategy, Innovation & Scholars at RSA Conference [@RSAConference]

On LinkedIn | https://www.linkedin.com/in/cecilia-murtagh-marinier-14967/

On Twitter | https://twitter.com/CMarinier

____________________________

Host:

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

BlackCloak | https://itspm.ag/itspbcweb

Brinqa | https://itspm.ag/brinqa-pmdp

SandboxAQ | https://itspm.ag/sandboxaq-j2en

____________________________

Episode Notes

We had an amazing conference and are thrilled to close out our Chats On The Road to (from) RSA Conference 2023 with a recap chat with our good friends as they give us the latest and greatest for what took place at this year's event.

Be sure to tune in to all of our RSA Conference 2023 USA coverage from San Francisco to hear stories from the keynotes, sessions, speakers, expo hall, community events, and so much more. And, yes, we decided to capture a lot of our coverage on video too, so be sure to check out the RSA Conference 2023 playlist on YouTube as well.

____________________________

Resources

Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw

____________________________

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

👉 https://itspm.ag/rsac23sp

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/podcast-series-sponsorships

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

In episode 131 of The Secure Developer, you’ll hear from former TikTok CISO Roland Cloutier about the realities of securing user-generated content at scale and his belief that we need to take a strictly data-centric approach rather than a humanistic one to solve many of these privacy-related issues. Tuning in, you’ll gain some insight into what it takes to oversee a social media company's cybersecurity, data protection, and crisis management, and find out why Roland believes that an innate understanding of company culture is key to building a large and fast-growing security team in an increasingly virtual world. We also touch on some of the challenges of user identity management, the need for user-driven authentication methods, increased state-level security regulations in the data space, and more, so don’t miss today’s fascinating conversation with cyber security expert and industry veteran, Roland Cloutier!

We dive back into bringing guests onto the show focusing on real problems with real people on the ground. In this episode, we are joined by Hecber Cordova, Director of Cloud Security at RBC. He shares insights around growth into DevSecOps, developing empathy with your engineering teams, creating cloud patterns, paved paths, and building secure architectures from the ground up. If you're interested in hearing from someone who has built strong security cultures in large institutions this is an episode to listen to!

Links mentioned on the show:
https://cloudseclist.com/
https://cloudsecurityforum.slack.com

Guests

Steve Luczynski, Senior Manager / Critical Infrastructure Security, Accenture Federal Services [@Accenture] and Chairman of the Board for the Aerospace Village [@secureaerospace]

On LinkedIn | https://www.linkedin.com/in/steveluczynski/

On Twitter | https://twitter.com/cyberpilot22

Henry Danielson, Adjunct Professor/Lecturer, Cal Poly College of Liberal Arts [@CalPolyCLA], Technical Advisor, California Polytechnic State University California Cybersecurity Institute [@CalPolyCCI], and Volunteer at Aerospace Village [@secureaerospace]

On LinkedIn | https://www.linkedin.com/in/henry-danielson-43a61213/

On Twitter | https://twitter.com/hdanielson

At Cal Poly | https://cci.calpoly.edu/about-cci/staff

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

BlackCloak | https://itspm.ag/itspbcweb

____________________________

Episode Notes

"Discover the exciting world of the Aerospace Village at RSA Conference 2023, and dive into hands-on experiences with cybersecurity experts and cutting-edge technology."
 

Welcome to ITSPmagazine's RSA Conference 2023 coverage, where we dive into the world of cybersecurity and engage with experts in a week full of fun and exciting activities. We're on the road to RSA Conference 2023 in San Francisco, and one event we can't miss is the Sandbox, specifically the Aerospace Village. In this podcast episode, we're joined by our good friends Steve Luczynski and Henry Danielson from the Aerospace Village to discuss what's in store for us at this year's conference.

The Aerospace Village is a small nonprofit run by volunteers from around the world, aiming to build relationships between government, industry, security researchers, and hackers, inspire people to join the cybersecurity workforce, and promote awareness in the aviation and space sectors. This year, RSA Conference 2023 features a Sandbox where attendees can interact with the latest technical hands-on experiences, learn from experts, and explore what's happening in the cybersecurity world.

In this episode, our guests discuss the various partners and activities in the Aerospace Village, such as CT Cubed's drone quadcopter simulation in AR and VR experience, IntelleGenesis's runway lighting scenario demonstration, and Boeing's continuous security level maintenance activity. You'll also get a chance to try out a real Airbus simulator, courtesy of pen test partners, to understand the potential vulnerabilities in electronic flight bags and their impact on pilot operations.

Join us for an exciting, fun-filled week at RSA Conference 2023, where you can learn, network, and discover the latest trends in cybersecurity. Don't miss out on this unique opportunity to interact with experts, explore cutting-edge technologies, and immerse yourself in the world of aerospace cybersecurity. Be sure to listen, share, and subscribe to ITSPmagazine's podcast for more exciting episodes and insights from the RSA Conference 2023!

____________________________

Resources

Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw

____________________________

Catch the video here: https://www.youtube.com/watch?v=Htvn7AkCJSs

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

👉 https://itspm.ag/rsac23sp

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/podcast-series-sponsorships

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-society-podcast

Guests

Linda Gray Martin, Vice President at RSA Conference [@RSAConference]

On LinkedIn | https://www.linkedin.com/in/linda-gray-martin-223708/

On Twitter | https://twitter.com/LindaJaneGray

Britta Glade, Senior Director, Content & Curation at RSA Conference [@RSAConference]

On LinkedIn | https://www.linkedin.com/in/britta-glade-5251003/

On Twitter | https://twitter.com/brittaglade

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

This Episode’s Sponsors

BlackCloak | https://itspm.ag/itspbcweb

____________________________

Episode Notes

We are thrilled to kick off our event coverage with our traditional first Chats On The Road to RSA Conference 2023, chatting with our good friends as they give us the latest and greatest for what we can expect at this year's event.

Listen in to hear more about the theme, keynotes, sessions, speakers, expo hall, community events, and so much more. And, yes, we decided to capture this one on video too, so be sure to give that a watch for a funny moment as well.

Tune in and be sure to join us for all of our coverage coming to you before, from, and after RSA Conference USA 2023!

____________________________

Resources

Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw

____________________________

Catch the video here: https://www.youtube.com/watch?v=Htvn7AkCJSs

For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage

Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?

👉 https://itspm.ag/rsac23sp

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/podcast-series-sponsorships

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Guests: Taylor Hersom, Founder at Eden Data [@edendatainc]

On LinkedIn | https://linkedin.com/taylorhersom

On Twitter | https://twitter.com/taylorhersom

Ashish Rajan, CISO, CyberSecurity Influencer, SANS [@SANSInstitute] Trainer for Cloud Security, and Host of the Cloud Security Podcast [@CloudSecPod]

On LinkedIn | https://www.linkedin.com/in/ashishrajan/

On Twitter | https://twitter.com/hashishrajan

On TikTok | https://www.tiktok.com/@hashishrajan

On YouTube | https://www.youtube.com/channel/UCRrWf6aQnFbdS7WRlv_o0Tw

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Edgescan | https://itspm.ag/itspegweb

___________________________

Episode Notes

Join Sean, Ashish, and Taylor, as they discuss the evolution of cloud computing, cloud security, and their experiences in the field. The conversation explores the different types of cloud services, the shift from on-premises to cloud infrastructure, and the growing need for professionals with specific cloud security knowledge.

The guests address the challenge of shadow IT, where people within an organization use cloud services without the knowledge of the IT team or leadership. They stress the importance of collaboration, focusing on a "security champions" program that bridges the gap between security professionals and developers. They emphasize building security from the beginning rather than patching holes later and highlight the importance of adapting to the ever-changing landscape of cloud security.

They also discuss the use of ChatGPT as a learning tool, its potential impact on the security community, and its potential benefits and risks, exploring the possibility of using ChatGPT for compliance and its impact on external auditors. While acknowledging the potential benefits of ChatGPT, they caution against overreliance on technology and stress the importance of maintaining critical thinking, problem-solving, and respect within the security community.

The podcast concludes with an emphasis on the importance of culture, collaboration, and trust in cybersecurity. The guests note the role of security champions programs in bridging knowledge gaps and highlight the need to customize security frameworks like NIST for specific IT environments. They touch on the softening stigma around cybersecurity and point out that people already practice security in their daily lives, encouraging them to apply the same mindset to their digital work.

Listen up and comment on this episode to share your thoughts with the community.

____________________________

Resources

Cloud Security Podcast: https://www.cloudsecuritypodcast.tv

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guests: Dr. Hunter LaCroix, Adjunct Professor, University of Maryland Global Campus [@umdglobalcampus] and EMT Firefighter Rescue Technician Hazmat Specialist, State of Maryland [@StateMaryland]

On LinkedIn | https://www.linkedin.com/in/hunter-l-035498234/

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, Sean Martin is joined by Dr. Hunter LaCroix and Marco Ciappelli to discuss the intersection of emergency management and cybersecurity. Dr. LaCroix argues that there is a significant disconnect between the two areas, with emergency management professionals not considering cyber attacks as a true area of disaster. This is despite increasing cybercriminal activity targeting local and state governments and their supporting critical infrastructure. The conversation points out that there is a need for a cyber capability that develops around the physical disaster response framework, similar to the response we often see when a natural disaster occurs.

States such as Ohio and California have implemented cybersecurity volunteer reserves and cybersecurity watch centers, respectively. The National Guard units also assist local entities during cyber incidents and play a vital role in emergency management relationships. Pre-existing relationships with the National Guard can be leveraged and building public-private partnerships is critical in cybersecurity incident response. The private sector and cybersecurity professionals trust the National Guard to be a leader in local and state cybersecurity incident response. Still, there is a widespread problem at the local and state level of operations and a lack of broader implementation and utilization of these services.

Dr. LaCroix has written about this topic, with a book being published shortly. You can read the abstract for the book below.

Book Abstract

Cybersecurity is a national priority for the Homeland Security enterprise. Yet, despite a prioritization at the federal level, municipal and state governments have struggled to incorporate the National Guard in cyber incident response. Cyber incidents strain municipalities and states, which have spent significant resources to mitigate cyber threats. The glaring gap in the National Guard’s role in municipal and state cyber incident response warrants two key questions as to why the National Guard isn’t more readily used. “Is it cost prohibitive to use National Guard assets when compared to private entities?” Or “is there an underlying sociological disconnect regarding the National Guard’s role in cyber disaster when compared to physical disasters.”? Both questions and the National Guard’s role have largely been under-examined by Homeland Security professionals and academia requires additional examination.

This dissertation seeks to study via a sequential mixed method approach answers to both questions. First, using a quantitive analysis method examining case studies this study seeks to examine if “it is less expensive for municipal and state governments to use the National Guard instead of private sector assistance for cyber incident responses?" Sequentially if it is less expensive, this dissertation seeks to utilize a survey-based questionnaire from associations of National Guard and Emergency response personal to answer, “is there and underlying sociological misperceptions that contribute to National Guard’s underutilization for cyber disasters when compared to their role in traditional disaster response?” 

This study achieved complimenting results: with quantitative testing affirming the initial hypothesis regarding the National Guard’s cost effectiveness versus private sector entities in case studies examined. This led to qualitative studies using surveys to examine possible misperceptions of the National Guard’s role in cyber incident response for municipal and state level operations. Surveys revealed both a lack of understanding and disconnect between the National Guard’s role in cyber incident response when compared it is normal role in physical disasters. This research creates opportunity and future growth for homeland Security professionals to prioritize the understanding and growing role of the National Guard for public and private enterprise at the municipal and state level of cyber incident response.

____________________________

Resources

Book: Coming (Date: TBD)

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: Patricia Muoio, Ph.D, General Partner, SineWave Ventures [@SineWaveVC]

On LinkedIn | https://www.linkedin.com/in/patricia-muoio-10037775/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

The Chief Information Security Officer's (CISO's) role in an enterprise is challenging due to ambiguity around security requirements, lack of clear understanding of security as a business imperative, and the increasing complexity of technology. Placing the CISO closer to engineering and IT can help make better recommendations and choices but may require additional views of risk management alongside other types of business risks.

This conversation highlights the changing role of CISOs in companies and the potential need for multiple CISOs (or sub-CISOs) to manage different aspects of security may be on the horizon, something startups may not be ready for but should begin to prioritize during the early build stage if they are to avoid costly situations later.

____________________________

Resources

Podcast: CISO Stories Recounted By The World's First CISO | A Conversation With Steve Katz: https://itspmagazine.simplecast.com/episodes/ciso-stories-recounted-by-the-worlds-first-ciso-a-conversation-with-steve-katz

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guests: Dr. Charles Camarda Ph.D
Dr. Charles Camarda retired from NASA in May 2019 after 46 years of continuous service as a research engineer and technical manager at Langley Research Center (LaRC), an Astronaut and Senior Executive (Director of Engineering) at Johnson Space Center (JSC), and as the Senior Advisor for Innovation and Engineering Development at NASA LaRC.

On ITSPmagazine  👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/dr-charlie-camarda

Host: Marco Ciappelli
Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
_____________________________

This Episode’s Sponsors

Bugcrowd 👉 https://itspm.ag/itspbgcweb

BlackCloak 👉 https://itspm.ag/itspbcweb

_____________________________

Episode Introduction

"In this Redefining Society podcast episode, retired NASA engineer and astronaut Charles Camarda discusses the importance of a research culture and the dangers of normalization of deviance in space exploration, particularly in light of the Columbia accident. Camarda also highlights the need for psychological safety and encourages open communication to ensure a safer environment."

Welcome to Redefining Society, a podcast that explores the intersection of technology and culture. Today's guest is astronaut Charles Camarda, who flew on STS-114 and worked as a research engineer at NASA Langley Research Center for 22 years. He is now retired from NASA but remains passionate about space exploration and NASA's culture.

In this episode, Charles and the host, Marco Ciappelli, discuss the normalization of deviance and the importance of a research culture in space exploration. They also touch on the importance of psychological safety in high-performing teams and the lessons that can be learned from the Columbia tragedy.

Charles introduces himself as the oldest rookie ever to fly in space at 53, but his past and present are so much more than that. Charles is passionate about innovation and safety in space exploration and believes that NASA's culture needs to change to return to its glory days of research and innovation.

The podcast delves into the normalization of deviance and how NASA's production culture led to a need for more focus on safety. The conversation also touches on the importance of psychological safety and having an environment where everyone's voice is heard.

The podcast ends on a positive note, with Charles emphasizing the need for a research culture at NASA and the importance of passionate individuals who want to make space exploration safer and better for humanity.

Overall, this episode of Redefining Society is a thought-provoking and informative discussion that will inspire anyone interested in space exploration, technology, and culture.

Dr. Charles Camarda retired from NASA in May 2019 after 46 years of continuous service as a research engineer and technical manager at Langley Research Center (LaRC), an Astronaut and Senior Executive (Director of Engineering) at Johnson Space Center (JSC), and as the Senior Advisor for Innovation and Engineering Development at NASA LaRC.

Immediately following the Columbia disaster, he was selected as an Astronaut Candidate in 1996 and flew as a Mission Specialist on STS-114, NASA's Return-to-Flight (RTF) mission. He invented the on-orbit, wing leading edge repair capability, which he flew and tested on his mission.

Stay tuned for more Redefining Society Episodes, and subscribe to the podcast on your favorite podcast player to never miss one of our inspiring conversations.

Watch this episode on our YouTube channel: https://youtu.be/iMZVJSK2-BA 

_____________________________

Resources

Personal Website: http://charliecamarda.com/podcast.html
The Mentor Project: https://mentorproject.org

____________________________

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/advertise-on-itspmagazine-podcast

Guests:

Jay Thoden Van Velzen, Strategic Advisor to the CSO at SAP [@SAP]

On LinkedIn | https://www.linkedin.com/in/jay-thoden-van-velzen/

On Twitter | https://twitter.com/JayThvV

On Mastodon | https://infosec.exchange/@jaythvv

Mehran Farimani, CEO at RapidFort [@RapidFortInc]

On LinkedIn | https://www.linkedin.com/in/farimani/

On Twitter | https://twitter.com/farimani

On Mastodon | https://infosec.exchange/@farimani

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

Imperva: https://itspm.ag/imperva277117988

HITRUST: https://itspm.ag/itsphitweb

___________________________

Episode Notes

Cybersecurity is a vast field with many categories and seemingly countless products and services. Some workflows can be implemented and automated to great effect if the organization understands them. However, many solutions within the cybersecurity space focus on the threat and the response but not on the environment of the organization and its business goals. An overload of options and this lack of understanding lead to an ineffective approach to security and wasted time and money.

Inspired by a post on Mastodon, Mehran Farimani and Jay Thoden Van Velzen join Sean Martin and special guest, Marco Ciappelli to discuss the challenges with the alphabet soup that is the cybersecurity industry.

____________________________

Resources

Inspiring Post: https://infosec.exchange/@jaythvv/109530373418320875

Community Containers: https://github.com/rapidfort/community-images

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

After 20 years in the same role at Canon, Quentyn Taylor knows a thing or two about what it takes to be a successful CISO; in this episode, he shares his insights on the importance of technical skills, business skills, and storytelling to make the role of CSO one You will learn the role of the CISO in communicating with the Board of Directors.

"I strongly believe in educating users about the importance of comprehensive security programs and to try to improve security in a cost-effective way for organizations."

Quentyn Taylor is the senior Director of Product, Information, Security and Global Response at Canon Europe, Middle East and Africa. He has over 20 years of experience in both the It and information security environments and is focused on building business relationships within his organization and cybersecurity community. He strongly believes in educating users about the importance of comprehensive security programs and to try to improve security in a cost effective way for organizations.

In this episode, you will learn the following:

1. Why do tiny things matter in information security?

2. What is the secret to Quentyn Taylor's success as a CISO?

3. What is the best way for a CISO to communicate with the Board of Directors?

About Quentyn Taylor

• LinkedIn: https://www.linkedin.com/in/quentyntaylor
• Twitter: https://twitter.com/quentynblog
• YouTube: https://www.youtube.com/c/QuentynTaylor

Show Notes:

• Security Engineering, by Ross Anderson - https://a.co/d/22nCFaJ
• Secrets & Lies, by Bruce Schneier - https://a.co/d/33ehPld
• Fotango buyout by Canon - https://www.campaignlive.co.uk/article/canon-goes-online-fotango-buyout/133990

KnowBe4 Resources

• KnowBe4 Blog: https://blog.knowbe4.com
• Erich Kron - https://www.linkedin.com/in/erichkron
• Jelle Wieringa - https://www.linkedin.com/in/jellewieringa
• James McQuiggan - https://www.linkedin.com/in/jmcquiggan
• Javvad Malik: https://www.linkedin.com/in/javvad
• Music Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.com
• Announcer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions - https://propodcastsolutions.com/

In this episode of Security Masterminds, Tanya Janca shares her insights on application security, OWASP, and her community, "We Hack Purple." 

"I would say software developers are more interested in security than they ever have been before they're being pushed that way, but I think a lot of them are just becoming interested in it."

Tanya Janca is the director of Developer Relations at Bright Security and  founder of the We Hacks Purple community. She is a software developer with over 20 years of experience and is the author of the book Alice and Bob Learn Application Security.

In this episode, you will learn: 

• Tanya Janca's experience as a software developer, musician, and pentester 
• The importance of networks and community in cybersecurity 
• The shift towards increased security awareness among software developers

About Tanya Janca

• Website: https://shehackspurple.ca/ 
• Social Media: https://twitter.com/shehackspurple
• Bright Security - https://brightsec.com/vulnerabilities
• Cyber Mentoring Monday - https://twitter.com/hashtag/CyberMentoringMonday
• We Hack Purple Academy (on Brightsec) https://community.wehackpurple.com
• Alice & Bob Learn Series - AliceAndBobLearn.com 
• LinkedIn: https://www.linkedin.com/in/tanya-janca
• Email: tanya.janca@brightsec.com

Show Notes:

• OWASP - https://owasp.org/
• Sherif Koussa - https://www.linkedin.com/in/sherifkoussa/
• Katie Moussoouris, Luta Security - https://www.linkedin.com/in/kmoussouris/
• ASVS - https://owasp.org/www-project-application-security-verification-standard/

KnowBe4 Resources

• KnowBe4 Blog: https://blog.knowbe4.com
• Erich Kron - https://www.linkedin.com/in/erichkron
• Jelle Wieringa - https://www.linkedin.com/in/jellewieringa
• James McQuiggan - https://www.linkedin.com/in/jmcquiggan
• Javvad Malik: https://www.linkedin.com/in/javvad
• Music Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.com
• Announcer: Sarah McQuiggan - https://www.sarahmcquiggan.com

This show's sound is edited by ProPodcastSolutions - https://propodcastsolutions.com/

Thanks for tuning in to a brand new episode of the Secure Developer! Joining us in conversation today is Peter Oehlert, Chief Security Officer at Highspot. We hear about Peter’s journey with Facebook, Smartsheet, and Microsoft, learn the difference between establishing a new security practice when there is an existing security culture and when there isn’t, and find out why taking ownership is more important than having all the necessary information. Peter is passionate about every aspect of product security, and tells the story of modeling for threats at Highspot, where he attributes one of his biggest challenges at any company to working with and educating people. Hear about the hurdles attached to dealing with the cloud, what has surprised him moving from security to CSO reality, and why it has been so important to have open communication in order to build the necessary bridges to navigate this change. Find out what he would do differently, what has changed within SaaS and product security over the past few years, and what direction he would take if he had access to unlimited resources. Tune in to hear all this and more today!

Find out how a researcher uncovered a secret German intelligence agency using an Apple AirTag, and how Ozzy Osbourne's (yes, you read that right) NFT project turned into a scam – all in this episode’s Watchtower Weekly. 

We also invite Kolide CEO and founder, Jason Meller, to discuss user-first endpoint management, empowering the end-user, and creating a culture of security. 

Plus, Anna gets revenge in Ridiculous Requirements: Capital City edition! 🏙

🏰   Watchtower Weekly

• Mandatory Olympics iOS and Android apps are spying on athletes for China
• Ozzy Osbourne’s NFT project shared a scam link, and followers lost thousands of dollars
• Apple's AirTag uncovers a secret German intelligence agency

🎙  Guest Interview –  Jason Meller from Kolide

• Visit kolide.com
• Follow @jmeller on Twitter
• Follow @kolide on Twitter
• 📚Jason's book: Honest Security
• 1Password shadow IT research
• 1Password guide to creating a culture of security

🚫  Ridiculous Requirements!

The game where we work together to come up with passwords (not advised) that fit the honestly ridiculous requirements.

🗣  1Password Forum

Want to ask us a question or chat about today's show? Join the discussion in the 1Password Forum!

📲   Follow Us…

• Visit 1Password.com
• Check out our blog
• Tweet us @1Password
• Find us on Facebook or Instagram

❤️   Review Us...

If you're loving the show, please leave us a review on Apple Podcasts or wherever you listen to podcasts.

Being passionate about security at a time when industry hadn’t caught on yet, Bryan D. Payne found himself working for the National Security Agency (NSA). During his time there, and in the years that followed where he focused his efforts on research, he learned a number of valuable lessons which he was able to take with him first to a small start up and then to the giant that is Netflix. In today’s conversation, Bryan and I discuss what his role as the Engineering Director of Product and Application Security at Netflix consisted of, the company culture, and how the teams within the company work together to achieve the most effective results. We also get into Bryan’s thoughts on detection methods, data integrity, and how to deal with mistakes that are inevitable when working in the security sphere.

Today we have a fun episode lined up for you! Over the last year of 2021, we’ve been honored to have some incredibly smart people on the show to share their views and practices in the DevSecCon space with us all. And in each episode, they were asked a slightly open-ended question: if you took out your crystal ball and you thought about someone sitting in your position or your type of role in five years’ time, what would be most different about their reality? For this special installment, we’ve put together some highlights of these brilliant answers! Hear perspectives that cover everything from changes on the data, AI, and ML front to the idea of ownership when it comes to security. We also touch on the increased fragmentation in the DevOps scene that we’re going to need to work with, bigger picture concerns about how regulation might be different in five years, and some final optimistic predictions on ways we could all be in a much better place! We hear some golden nuggets from the likes of Robert wood from CMS, cybersecurity influencer Ashish Rajan, Liz Rice from eBPF pioneers Isovalent, our very own Simon Maple who weighs in with his concrete expectations of what will happen, Dev Akhawe, Daniel Bryant, Rinki Sethi, and so many more! So to hear what these top industry professionals have to say about the future, join us today!

There is a lot of conversation among IT security leaders about engaging the workforce in order to mitigate threats. But how do security professionals actually win people over to their side? Many employees are willing to comply but what can be done to really get through to those that are resistant? Johanna Baum, the CEO and Founder of S3 (Strategic Security Solutions), contends that to enact change, leaders must involve those that are most reluctant to go along with security protocols — especially the person still keeping their login password on a post-it note on their computer. In order to change the security culture of a company, Johanna suggests seeking out the person at a company who is least likely to comply.

Main Takeaways

• It Comes Down to the People: There’s always going to be a security tech stack. A security platform and relevant apps will help reduce threats. But, fundamentally, people are still required to act with any given platform or system as part of the security solution. Furthermore, employees also need to engage in secure behaviors that reduce the overall risk to the company.
• Involve the Malcontents: Cultural change concerning security is only as strong as the weakest link. Leaders must seek out the malcontents in order to engage them in the process. Leaders must put employees who are reluctant to accept security protocols in situations where they can test out measures and be part of the solution. 
• Keep Security Simple: Because there are so many security threats, there can be a tendency to assume risk mitigation must be very complicated and beyond human capacity. Although artificial intelligence and automation can certainly be helpful to thwart so many threats, there are also really simple things people can do on their own to embolden security. For instance, this can be as basic as ensuring people log out or use effective passwords. On a company-wide level, it can be as elemental as making sure there is an up to date list of all the users at the organization.

IT Visionaries is brought to you by the Salesforce Platform - the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation - with the customer at the center of everything you do. Learn more at salesforce.com/platform

• Louisa and Beverley are at the SIT Summit today in Melbourne and this episode is an event special to help amplify the learnings for those who couldn't attend, wherever they are in the world!
• The Security Influence and Trust Group, founded in late 2015, is a community of people who believe that collaboration, consistent messages and simple actions are key to empower people to protect themselves in the digital world.
• They are working together to amplify consistent tips that help the community to build online safety skills.
• They are industry professionals with a long history of building security aware cultures.
• The 4th SIT Summit was hosted by Telstra in Melbourne on 27th November 2019.
• Event agenda sit-summit-2019-agenda
• Event photos (under SIT News) https://sitempowers.com

See omnystudio.com/listener for privacy information.