Axonius is proud to be the Season 2 Sponsor for Hacker Valley Blue, the cybersecurity podcast from Webby Award nominated hosts Ron Eddings and Chris Cochran. In this post, we give a short recap of the 2nd season "Know Thyself." Have a quick look and subscribe to the podcast!
What is Hacker Valley Studio?
I was first introduced to the Hacker Valley Studio podcast when our own CISO Lenny Zeltser was interviewed on the role of the CISO during RSA and have been hooked ever since. Ron and Chris are able to weave between the technical aspects of cybersecurity and the human element while always getting guests to share insightful stories and advice.
Chris Cochran started his career as Network Intelligence Analyst at the US Marine Corps, supporting the NSA as a subject matter expert in Digital Networks Intelligence. He and has been an Instructor and Red Team Member at The CORE Group, Senior Cyber Threat Analyst at Noblis, Founder and Managing Partner at Ashlar Cyber Solutions, Principal Consultant at Mandiant, Lead Associate at Booz Allen Hamilton, Associate Director at United Technologies, CompTIA Cybersecurity Advisor, Threat Intelligence and Operations Lead at Netflix, Visiting Fellow at National Security Institute, and Advisor at Cloud Vector. Currently he's the Founder and Producer at Hacker Valley Media and Director of Security Engineering at Marqeta.
Ronald Eddings began his career as Offensive Security Engineer and Analyst at Booz Allen Hamilton, and was Security Researcher at McAfee, Cyber Fusion Analyst for Threat Intel and Intrusion Prevention at Intel, a Security Architect at Palo Alto Networks, Security and Automation Architect at Demisto, and is currently the host of Hacker Valley Studio and is in Security R&D, Architecture, and Engineering at Marqeta.
Season 2: Know Thyself
This season of Hacker Valley Blue is themed "Know Thyself". Rather than focusing on the enemy or threat landscape, this season of the podcast is about understanding what exists in the organizations we're trying to secure. This includes things like cybersecurity asset management, but also the human element including the strengths of the security team, and the business context. We talk a lot about how nailing the fundamentals has immediate downstream impact on everything we do in cybersecurity, and this season of the podcast highlights the importance of the foundational elements of cybersecurity.
In this episode, Ron and Chris introduce the season and cover what they mean by cybersecurity fundamentals. This includes things like asset management, understanding the crown jewels in the organizations, and setting the baseline by which you can map and measure progress in your cybersecurity maturity. Ron gives the analogy of going to the gym and seeing people doing impressive things with their bodies, but wondering whether to jump ahead to do what looks cool vs. building the core. When he first got into cybersecurity he saw hackers working on impressive exploits, but he decided to get laser-sharp on understanding how computers speak to each other and how the business works. Chris gives his Formula 1 analogy: there are only 20-22 drivers in the circuit and that's where a lot of the focus goes. But the security team at an organization is like the pit crew. Those people that can tell the driver that the tires are running raw, the engine is running hot, and telling the driver to bring it in for a pit stop. They tell the driver how hard and fast they can push the car. That's the role of cybersecurity practitioners.
Marcus Carey was the Founder and CEO at Threatcare (acquired by ReliaQuest) and is author of Tribe of Hackers, and in this episode he presents the idea that we overemphasize what we're bad at and end up celebrating the "cybersecurity ball hogs" rather than understanding and doubling down on our strengths. He encourages everyone in cybersecurity to learn as much as they can and then share as much as they can to help others learn.
Chani Simms is vCISO at Meta Defence Labs, supporting multiple SMBs, and is an award-winning cybersecurity leader. Her TEDx talk entitled "Stop Chasing the Magic Security Box" shares why we need to be human centric in cybersecurity with emotional intelligence. In this episode, she explains cyber essentials, security hygiene, but above all else when asked if she could solve any problem with a magic box, what she would solve, the answer was "people"!
Returning to Hacker Valley Studio for his second visit, Axonius CISO and SANS Faculty Fellow Lenny Zeltser talked about looking into the root cause of the day-to-day fires we fight and then leveraging the data and tools we already have to solve problems. He speaks about the growth of REMnux, as well as the biggest discovery about himself and advice to others.
In this episode, Jamie Dicken, former Manager, Applied Security and Security Engineering at Cardinal Health and current director at Resilience along with Aaron Rinehart, former Chief Enterprise Security Architect at UnitedHealth and current CTO and founder of Verica discuss chaos engineering. They discuss how to introduce chaos into a system to see the conditions by which the system will fail before it actually fails.
John Strand is the Owner at Black Hills Information Security, a penetration testing and security architecture company and is a contributor to the industry shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks. His core philosophy is that if you want to get really good at security, you have to understand the fundamentals of operating systems, networking, coding languages, and then move on to giving talks even if no one shows up. His webcast, "John Strand's 5 Year Plan into InfoSec"outlines what he feels are the fundamentals that anyone can follow to set the groundwork for a successful career in InfoSec (PDF of Slides).
Kevin Allison literally wrote the book on sharing incredible stories. He is the host of the Risk! podcast, that has featured incredible true stories from famous folks like Janeane Garofalo, Marc Maron, Aisha Tyler, Trevor Noah, Margaret Cho and more, and Slate.com called RISK! “Hilarious, jaw-dropping and just plain touching,” and Rolling Stone named it one of its top podcasts. In this episode, Kevin talks about the importance of using stories to get people to understand the point you're trying to convey rather than giving a Wikipedia-style overview of a topic. Don't summarize. Instead, give sensory details that contextualize what you're trying to get listeners to understand. Cybersecurity - in many ways - is performance.
In the finale, Ron and Chris wrap up the season with what they've learned from each guest and apply the lessons to what we can all do to improve our security posture, learn from each other, communicate better, understand how to improve the interpersonal dynamics within both security teams and stakeholders, and how focusing on the fundamentals will let you do great things in your cybersecurity program.
Subscribe, Rate, and Enjoy
We hope you enjoy the show as much as we do, and we thank Ron and Chris for the opportunity to sponsor the season. Be sure to subscribe and rate on Apple Podcasts, Google Podcasts, Spotify, Amazon Music, or on the Hacker Valley Studio site.