Cyber Consulting Room

• How Can We Foster Inclusivity and Diversity in Cybersecurity with Catherine Goodwin-Gracia & Bradley Busch

  In this episode of the Cyber Consulting Room podcast, host Gordon Draper sits down with cybersecurity experts Catherine Goodwin Garcia and Bradley Busch to explore their unique journeys into the field and the critical role diversity plays in driving innovation. Catherine opens up about her unconventional transition from ballet to cybersecurity, emphasizing the importance of mentorship and advocating for greater female representation in the industry. Bradley shares his shift from aerospace engineering to cybersecurity, stressing the value of continuous learning and adapting to the evolving tech landscape.Together, they dive into the challenges women face in cybersecurity, the power of mentorship, and the need for inclusive, supportive environments that foster innovation and resilience. The conversation also highlights the importance of diversity in cybersecurity, not only for fostering creativity but also for improving security strategies.Brad and Cathy also discuss the evolving threat landscape, focusing on the crucial role of human factors in cybersecurity. Brad underlines the significance of understanding people in tackling threats like social engineering and deepfakes, while Cathy stresses the need for collaboration across teams and the importance of building support networks to combat CISO burnout. They also touch on the changing responsibilities of CISOs and initiatives like Cyber Chix, which are working to create a more inclusive, supportive space for women in the industry.If you're passionate about making a difference in cybersecurity and want to learn more about building a diverse, inclusive community, tune in and be inspired to take action! Join us in promoting innovation, resilience, and inclusivity in this dynamic field.In This Episode:(00:00:02) Introduction to the guests(00:02:29) Catherine's journey into cybersecurity(00:09:27) Bradley's background and transition(00:12:17) Common biases women face in cybersecurity(00:17:13) Unconscious bias in hiring practices(00:19:26) Gender expectations in the workplace(00:21:03) Biases in design(29:53) - The evolving threat landscape(30:33) - People as strengths and weaknesses(32:08) - Managing emotional responses(34:18) - Building support networks(35:16) - Emerging cyber threats overview(37:43) - Evolving role of CISOs(40:03) - CISO burnout and support(42:16) - The need for team collaboration(47:00) - Advice for women in cybersecurity(50:49) - Introduction to Cyber Chicks(55:14) - Learning the trade safely(56:18) - Resources for aspiring hackers(57:42) - Transferable skills in cybersecurityNotable Quotes[00:08:49] “Find somebody who you can talk with, who can actually guide you along, is willing to give you some advice from time to time, and be your friend and hold your hand.” - Catherine[00:17:13] “Women over 50 are going to have a harder time getting a job; they're going to have a difficult time doing things because they may have been out of the industry for a while.” - Catherine[00:22:33] “One of the things that I really resist is when another male says, ‘Oh, I'm off to do daddy daycare, I've got to look after the kids.’ I'm like, no, that's called parenting. You are that child's parent.” - Bradley[00:29:00] “Experience is the thing you get just after you needed it. Now I have experience as I learned from somebody else's place. If age has given me any wisdom, listen For more episodes like this visit https://cyberconsultingroom.com You can find more information about Cyber Consulting Room Podcast Host at https://www.linkedin.com/in/gordondraper/

  --------  

  1:01:24
• The Best Practices for Navigating Governance, Risk, and Compliance in Cybersecurity with Chris Hows

  Is your cybersecurity strategy truly protecting your business, or just checking boxes? In today’s fast-paced digital landscape, threats evolve faster than updates, and staying compliant can feel like a maze.In this episode of the Cyber Consulting Room podcast, host Gordon Draper speaks with Chris Hows, Principal Governance, Risk, and Compliance (GRC) Consultant  at Mercury Information Security Systems. Chris shares his unconventional journey into cybersecurity, emphasizing the importance of GRC in enhancing organizational cybersecurity. He discusses the significance of understanding various standards, risk management, and aligning security controls with business objectives. Chris also highlights the challenges of compliance, the necessity of tailoring GRC frameworks to specific needs, and offers practical advice for aspiring cybersecurity professionals. The episode provides valuable insights into the critical role of GRC in cybersecurity.In This Episode:(00:28) Chris's journey into cybersecurity(01:14) Educational path to GRC(02:07) Advice for aspiring cybersecurity professionals(02:54) Defining governance, risk, and compliance(04:19) Understanding compliance challenges(14:39) Benefits of the ASD essential framework(16:30) Challenges of implementing ISO frameworks(17:40) Understanding control intent(22:44) Zero trust principle(24:14) Identifying cybersecurity risks(29:47) Shared responsibility model(39:33) Software compliance and updates(41:11) Regulatory evolution in cybersecurity(42:18) Accountability for cybersecurity(43:37) Best practices for compliance(45:17) Intent behind compliance frameworksNotable Quotes[05:10] “If you just try to tick a box, potentially you might actually miss one of the core foundational things of what you're trying to do.” - Chris [11:42] “Each business does need to sit down and decide how much risk is appropriate for them based on their context and based on how much they're potentially able to lose.” - Chris [21:19] “You really need to understand what your threat is and tailor your risk assessment and controls to your needs.” - Chris [24:14] “Phishing is so insidious because it’s very simple to double-click on that document someone sent you, and then the game’s already over.” - Chris [37:02] “Privacy is an ever-increasing area of regulation. In Australia, it's being looked at again, and we might see something like GDPR coming in the future.” - Chris [45:17] “A lot of the things that I've seen is, what would a reasonable person do? If it was your information, would you be happy with these controls in place?” - Chris Resources and LinksCyber Consulting RoomCyber Consulting RoomGordon Draperhttps://cybermarket.com/https://www.linkedin.com/in/gordondraper/Chris Howshttps://mercuryiss.com.au/ For more episodes like this visit https://cyberconsultingroom.com You can find more information about Cyber Consulting Room Podcast Host at https://www.linkedin.com/in/gordondraper/

  --------  

  47:56
• Episode 15: The Best Practices for Building a Transparent Cyber Security Consultancy with Matt Strahan

  Can you believe there was a time when cybersecurity wasn’t a priority for most organizations? Just 20 years ago, simple passwords and basic firewalls were seen as enough protection. So, what changed? How did we go from minimal defenses to a world where cybersecurity is critical for survival?In this episode of the Cyber Consulting Room podcast, host Gordon Draper sits down with Matt Strahan, director of Volkis Offensive Security Consultancy. They discuss Matt’s nearly two-decade journey in cybersecurity, from his university days to becoming a penetration tester and co-founding Volkis with Alexei Doudkine.The conversation highlights the evolution of cybersecurity, emphasizing the importance of creativity in penetration testing and the challenges of industry commoditization. Matt shares insights into Volkis’s transparent approach to security, the significance of effective reporting, and the growing trend toward continuous testing to tackle emerging threats.They also explore the dual role of offensive security—identifying vulnerabilities while helping organizations address them. Effective communication, empathy, and technical skills are essential in this field. The integration of AI in security practices is discussed, along with the need to balance technology with human intuition. Networking and continuing education are highlighted as vital for professional growth and community support.Don’t miss this insightful episode! Subscribe to the Cyber Consulting Room podcast for more expert discussions, and connect with us on social media to join the conversation.In This Episode:(00:36) Background in cybersecurity(01:02) Early career and penetration testing(02:18) Learning and development(04:09) Challenges in obtaining jobs(05:04) Vulnerability discovery(07:43) Evolution of cybersecurity risks(11:50) Creative problem solving(24:47) Focus in cybersecurity(48:23) Gaps in access control(01:15:57) Passion for education(01:17:10) Community engagement(01:18:13) Conference atmosphere(01:18:01) Closing remarksNotable Quotes[01:02] "Back then, cybersecurity was more of a curiosity, a hobby that people might get attracted to just because it was a bit of fun. It wasn't serious like it is now." — Matt Strahan[45:22] "The identity of the user is now one of the security boundaries, and that raises a lot of complexity with the interaction of multiple software service applications." — Matt StrahanOur GuestMatt Strahan is the Managing Director of Volkis, a leading offensive security consultancy specializing in penetration testing and red teaming. With 17 years of experience in the cybersecurity field, Matthew has played a pivotal role in helping organizations strengthen their defenses against evolving cyber threats. Beyond offensive security, he has guided companies in shaping their security strategies, enhancing compliance, optimizing operations, and managing risk. His expertise spans both technical and strategic aspects of cybersecurity, making him a trusted advisor in the field.Resources and LinksCyber Consulting RoomCyber Consulting RoomGordon Draperhttps://cybermarket.com/https://www.linkedin.com/in/gordondraper/Matt Strahan For more episodes like this visit https://cyberconsultingroom.com You can find more information about Cyber Consulting Room Podcast Host at https://www.linkedin.com/in/gordondraper/

  --------  

  1:19:41
• Episode 14: Bridging the Gap: How to Make Cybersecurity Relevant to Business Leaders with Simona Dimovski

  Did you know that Australian businesses are facing a rapidly evolving cybersecurity landscape? In this episode of the Cyber Consulting Room podcast, host Gordon Draper interviews cybersecurity expert Simona Dimovski. Simona shares her journey into the field, emphasizing the importance of understanding business strategy and the human element in technology. She offers advice for aspiring cybersecurity professionals, stressing continuous learning and networking. The discussion covers current trends and challenges in Australian cybersecurity, including regulatory compliance and ransomware. Simona also discusses her roles in the Australian Information Security Association and as a New South Wales Cyber Ambassador, focusing on raising cybersecurity awareness and promoting best practices.In This Episode:(00:02) Introduction of Simona Dimovski(01:08) Simona's journey into cybersecurity(02:39) Advice for aspiring cybersecurity professionals(03:35) Networking opportunities at conferences(04:22) Redefining networking(06:15) Mentorship and community support(08:25) Current trends in cybersecurity(17:36) Cyber awareness initiatives(23:10) Secure by design(24:52) Cultural shift in security practices(34:34) Ongoing security awareness initiatives(53:59) Challenges of transitioning to local government(57:52) Impact of COVID-19 on digital transformation(59:02) Closing remarks and contact informationNotable Quotes[01:21] "My journey into cybersecurity was a natural progression from technology and risk management, and as I took on more leadership roles, I saw how integral cybersecurity was to business continuity and success." — Simona Dimovski[34:34] "Security is actually everyone's responsibility. It's not something you can just assign to one person to take care of the whole organization." — Simona DimovskiOur GuestsSimona Dimovski is a visionary executive with over 20 years of experience in digital and data strategy development. She excels in optimizing business strategies, driving innovation, and transforming business models. Simona creates high-performing teams, fostering a culture of collaboration, trust, and continuous development. As a humanistic designer of solutions, she sets a futurist strategy for customer experience through digital enablement, leveraging her passion for technology to drive business value and growth.Resources and LinksCyber Consulting RoomCyber Consulting RoomGordon Draperhttps://cybermarket.com/https://www.linkedin.com/in/gordondraper/Simona Dimovskihttps://au.linkedin.com/in/simona-dimovski-100 For more episodes like this visit https://cyberconsultingroom.com You can find more information about Cyber Consulting Room Podcast Host at https://www.linkedin.com/in/gordondraper/

  --------  

  1:00:00
• Episode 13: The Greatest Insights from Black Hat USA and DEF CON 2024

  Are cybersecurity conferences just another industry event, or are they the driving force behind the next big leap in the field? When you think about the future of cybersecurity, do you consider the role of gatherings like Black Hat USA and DEF CON?In this episode of the Cyber Consulting Room podcast, host Gordon Draper explores the recent Black Hat USA and DEF CON conferences. He is joined by Edward Farrell, an offensive security expert and owner of Mercury Information Security Services, and Shanna Daly, an incident response specialist with Khrushchev. Edward discusses his career in vulnerability hunting and the importance of mentorship, while Shanna shares her experiences as a speaker coach and Call for Papers review board member. They reflect on conference highlights, emerging cybersecurity trends, and the value of community engagement and networking in the ever-evolving field of cybersecurity.In This Episode:(01:07) Guests introduction(01:34) Mentorship in cybersecurity(19:23) Themes from the conferences(19:36) Black Hat research focus(20:28) Vendor tools at Black Hat(24:11) AI in cybersecurity discussions(27:08) Threat intelligence insights(31:56) Conference attendance strategy(39:39) Managing health at conferences(40:34) Post-conference recovery(41:21) Sensory overload in Vegas(43:14) Defcon badge discussion(46:38) Volunteering at Defcon(49:39) Future of cybersecurity innovation(51:35) Consolidation in cybersecurity practices(53:02) Human element in cybersecurityNotable Quotes[00:02:14] "The reward for me wasn't necessarily gaining knowledge or imparting it as I have done in previous years, but mentoring a brand new speaker at B-Sides and supporting my own team who attended DEF CON." — Edward Farrell[00:09:52] "You don't need to prove anything to anyone at this point. The fact that you got selected is already a really, really, really awesome thing. Now you just tell your story." — Shanna DalyOur GuestsShanna Daly, with 20+ years in information security, excels in data breach investigations and leading expert consulting teams.Edward Farrell, a cyber security consultant with 14 years of experience, leads Mercury and has managed over 900 audits and incident responses. With IRAP accreditation and board roles at ISC2 and CREST, he excels in technical, operational, and strategic consulting. Edward also presents globally and develops training materials for the Australian Defence Force.Resources and LinksCyber Consulting RoomCyber Consulting RoomGordon Draperhttps://cybermarket.com/https://www.linkedin.com/in/gordondraper/Shanna Daly https://www.linkedin.com/in/shannadaly/https://mercuryiss.com.au/Edward Farrellhttps://www.linkedin.com/in/31337au/?originalSubdomain=auhttps://mercuryiss.com.au/ For more episodes like this visit https://cyberconsultingroom.com You can find more information about Cyber Consulting Room Podcast Host at https://www.linkedin.com/in/gordondraper/

  --------  

  54:05

More Technology podcasts

Trending Technology podcasts

About Cyber Consulting Room