With us today is Derly Gutierrez, Head of Security at 1010 Data, and veteran. Derly is here with us today to talk about the journey to passwordless authentication and the flaws and strenghts of today's authentication methoods. Allan and Derly refer to studies and surveys about the problems with passwords and the challenges of implementing passwordless approaches. Derly emphasizes the need for other complementary technologies such as Role-Based Access Control (RBAC), Privileged Access Management ...
Jun 23, 2021•29 min•Ep. 24
With us today is Taylor Lehmann, former ciso several times over in the healthcare sector, and currently Americas leader for security, networking, identity, and compliance solution architecture at AWS. Taylor and Allan talk about application security: why it's important, who are the personas, the value of threat modeling, infrastructure as code, how to get started, and relationships with developers. Taylor, a Boston boy, starts the show trying to say, "Howdy!" correctly. Taylor started at PWC and...
Jun 16, 2021•29 min•Ep. 23
With us today is Ian Thornton-Trump, Chief Information Security Officer at Cyjax and an ITIL-certified IT professional with 25 years of experience in IT security and information technology. Ian shares his background which started back in the Canadian military. During those times, "IT" was called "automated data processing", and it is quite clear how far this has advanced. He joined the Royal Canadian Mounted Police and spent a year working on criminal intelligence. Soon after he became a consult...
Jun 09, 2021•29 min•Ep. 22
With us today is Drew Brown, IT Security Manager at the Commonwealth of Pennsylvania. Drew is here to talk about FAIR and his real-world usage of it and testing it in the trenches. Drew shares a little bit about his background in cyber, and a little bit about his day job. He spent 15 years in IT. That opened the door then for him to be the CISO for one of the state agencies. Now his title is IT Security Manager but essentially he is responsible for communicating security and risks and working wi...
Jun 02, 2021•26 min•Ep. 21
With us today is Andy Ellis, operating partner at YL Ventures, former Akamai CSO and newly inducted member of the CSO Hall of Fame. We're here to talk about nonstandard hiring practices and how Andy has built an amazing team using nonstandard approaches. Andy began his career in cyber ("I remember back then, you know, we didn't call it cyber, but I think we've all given up and, and that's now the name for our career field.") as an Air Force ROTC cadet, spent 20 years at Akamai, and joined an adv...
May 26, 2021•29 min•Ep. 20
Today we talk with Richard Seiersen, co-author of “How to Measure Anything in Cybersecurity Risk”. Richard shared that at his first CISO position, he was challenged with addressing prioritization of risk, which led to his authoring a book with Doug Hubbard. What can cyber learn from older risk disciplines? The life table used broadly to measure time-to-event data goes back 500 years. Businesses keep falling back to the classic 5x5 "likelihood and impact" matrix which is an inconsistent, non-math...
May 19, 2021•30 min•Ep. 19
With us today, is a very special guest, Accidental CISO, of Twitter fame. His anonymity on Twitter, allows him to be a little more “truthy” about the CISO game than a lot of us can afford to be on social media. We have distorted his voice a bit to protect that anonymity. “Accidental” shares how he got into cyber, and that is a culmination of being in a career where he had to fill “all” the hats. He stepped away from his CISO role a few years ago and is now in consulting where he has the opportun...
May 12, 2021•29 min•Ep. 18
Today we talk with Marlys Rodgers, who has been in cyber for over 20 years. She currently is CISO for CSAA Insurance Group and is running security for the company as well as running governance risk and compliance for technology. She shares that it feels like she is constantly balancing assessing with preventing. Allan brings up breach and attack simulation (BAS), and when it is most appropriate to implement in the context of the maturity of a security program. Marlys feels BAS is most effective ...
May 05, 2021•27 min•Ep. 17
With us today is John Petrie, Counselor to the NTT Global CISO. He is responsible for managing the growing internal security challenges for the NTT operating companies across the globe. Retired in 1996 from the Marines John began his career in multiple security positions. He shares that his major responsibility of today is creating the enterprise security architecture (“ESA”) for NTT. Allan used to work for NTT DATA Services, and shares that John is working for the ultimate parent company of the...
Apr 28, 2021•28 min•Ep. 16
With us today are Lynn Dohm, Executive Director of Women in Cybersecurty (WiCyS) and Martha Laughman, Veterans Iniative Lead at WiCyS and Director of Workforce Development at Smoothstack. Lynn and Martha are here to talk about the amazing programs for women and women veterans at WiCyS. WiCyS is so much more than a conference for women in cybersecurity. Its presence spans the globe and its programs are myriad. Mentorship, student scholarships, training, special interest groups, job boards, vetera...
Apr 26, 2021•29 min•Ep. 15
Howdy, y’all, and welcome to The Cyber Ranch Podcast! With us today is Patrick Benoit, Global Head of Cyber GRC, and BISO at CBRE. Patrick is here to talk about Data Risk Governance, a slightly new twist on an old problem. Like our host, Patrick is also from the Dallas-Fort Worth area of Texas. To start the conversation, Allan asks Patrick to share a little about himself, his background in information security and what he does at his day job. Patrick began his career in the military, eventually ...
Apr 21, 2021•31 min•Ep. 14
Welcome to The Cyber Ranch Podcast, recorded under the big blue skies of Texas, where one CISO explores the cybersecurity landscape with the help of friends and experts! Today, host and CISO Allan Alford interviews Mike Manrod, CISO at Grand Canyon Education. Mike has done quite a bit of research on vishing, smishing and the upcoming STIR/SHAKEN legislation meant to combat those two. To start the conversation, Allan asks Mike to share a little about himself, his background in information securit...
Apr 14, 2021•24 min•Ep. 13
Welcome to The Cyber Ranch Podcast, recorded under the big blue skies of Texas, where one CISO explores the cybersecurity landscape with the help of friends and experts! Today, host and CISO Allan Alford interviews Gabe Lawerence, General Manager of Cyber Security Protection at Toyota Motor North America. Gabe has seen the good and bad of purple teaming, and we’re here today to discuss what a mature purple teaming organization looks like. To start the conversation, Allan asks Gabe to share a lit...
Apr 07, 2021•29 min•Ep. 12
In this episode, host and CISO Allan Alford interviews his friend Dutch Schwartz, Principal Security Specialist at Amazon Web Services. Dutch is a vendor, but do not press 'stop' just yet! Dutch is an empathetic outsider, an observor, and a constant learner and researcher. He brings some unique insights to our practice. Dutch talks about his encounters with CISOs and their direc staffs, and opines on the debate as to how technical a CISO should be (versus business-oriented). Allan and Dutch disc...
Mar 31, 2021•30 min•Ep. 11
In this episode, host and CISO Allan Alford interviews his friend Chris Foulon, Sr. Manager of Cybersecurity at a leading fintech compnay, and co-host of the "Breaking into Cybersecurity" podcast. Chris has 15 years in information security, having started at the helpdesk years ago. His biggest desire in infosec is helping others. In his day job Chris gets to work with every part of the business. On the subject of the personnel shortage in cybersecurity, Chris believes that there is no shortage. ...
Mar 24, 2021•27 min•Ep. 10
Today, host and CISO Allan Alford interviews friend and fellow CISO Gary Hayslip. Besides being a brilliant business leader, Gary is an author, mentor, and one of the best all-around humans Allan knows! To start the conversation, Allan asks Gary to share about himself and his background in cybersecurity. While he had a natural interest in computers and technology more generally, Gary’s formal entrance to the cybersecurity field came during his time in the military. He developed a love for securi...
Mar 17, 2021•28 min•Ep. 9
In this show, host Allan Alford interviews Dr. Rebecca Wynn about information security decisions made during COVID and what the 2021 "reckoning" might look like. Dr. Wynn is a well-recognized CISO and Chief Privacy Officer, who faced some large-scale challenges during 2020. Allan welcomes Dr. Wynn to the cyber ranch! The show starts with Allan asking Dr. Wynn to introduce herself and to tell the listeners a bit about her background. Dr. Wynn has received quite a lot of recognition in the field. ...
Mar 15, 2021•28 min•Ep. 8
In this show, host Allan Alford interviews his friend Chris Castaldo about how to align information security with the business. Chris is the CISO at Crossbeam, and is also the author of the book "Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit", available for pre-order at Amazon. Chris, like Allan, views himself as a very business-oriented CISO. Allan welcomes Chris down to the ranch to discuss business orientation and alignment of information security in detail. Th...
Mar 10, 2021•28 min•Ep. 7
Today, host and CISO Allan Alford interviews Omkhar Arasaratnam, a veteran of the cybersecurity industry, on the topic of supply chain security. With a career in security going all the way back to 2004, and with experience working for IBM and several financial institutions before becoming an Engineering Director at Google, Omkhar brings much hard-earned insight to the table! Looking to tap into that insight, Allan poses two questions for Omkhar. First, how would he characterize or define supply ...
Mar 03, 2021•28 min•Ep. 6
In this show, host Allan Alford interviews his friend Will Lin about startups and venture capital. Will Lin is a venture capitalist with ForgePoint Capital, focusing exclusively on the information security space. First and foremost, Will views his current role as a way to help others. Allan welcomes Will on to the show to help his listeners learn more about the startup world, the venture capital world, and how those two intersect. The show starts with Allan asking Will why he thinks startups are...
Feb 24, 2021•27 min•Ep. 5
On this episode of The Cyber Ranch Podcast, host Allan Alford is joined by Ron Eddings and Chris Cochran from Hacker Valley Studio. The episode begins with Ron and Chris sharing how they came to cyber security and the roles they’ve held in the space. While they came up in the cyber security space through different channels, they now work together at Marqeta, Ron as a Security Architect Leader and Chris as the Director of Security Engineering. Additionally, together they host the Hacker Valley Po...
Feb 22, 2021•27 min•Ep. 4
Allan Alford interviews Anne Marie Zettlemoyer about the topic of vulnerability management. Anne Marie is a visiting fellow with the National Security Institute at George Mason University, and one of the all-around sharpest minds Allan knows in information security! Anne Marie is deeply entrenched in the world of information security, and she loves her work. She began her career in accounting and finance, but by serendipity was introduced to security through a position updating a company’s payme...
Feb 10, 2021•24 min•Ep. 3
Behavioral Economics has altered our perceptions of what actually motivates human beings. How do these theories about our more primitive behaviors as well as our intellectual biases apply to information security? Allan Alford & Kelly Shortridge discuss in the context of infosec programs and events in a whirlwind of conversation. Sponsored by our friends at AttackIQ Podcast: The Cyber Ranch Podcast Episode 2: Behavioral Economics and InfoSec with Kelly Shortridge On this episode of The Cyber Ranc...
Feb 03, 2021•25 min•Ep. 2
A one minute introduction to the show and its format
Jan 15, 2021•57 sec•Ep. 1
