The Security Influencer's Channel

Today I'm thrilled to have with us Jacob West. He's the Chief Architect for Security Products at NetSuite. In his role, West leads research and development for technology to identify and mitigate security threats, particularly in cloud deployments and at the software layer. West has over a decade of experience developing, delivering, and monetizing innovative security solutions beginning with static analysis research at the University of California, Berkeley and as an early researcher at Fortify Software. 

Thanks, everyone, for joining us on the Security Influencers Channel. We're hosting a series of brief and highly informative interviews with influential security leaders and in 2015, we're talking about the implications of rapid software development and continuous security.Today, I'm pleased to have with us, Casey Fleming. Casey is the Chairman and CEO of BLACKOPS Partners. Prior to BLACKOPS, Casey was the CEO of Strategic Security Partners. He was a Senior VP and General Manager of Good Technology and he previously held executive positions with Deloitte Consulting and IBM Global Services. 

Thanks, everyone, for joining us on the Security Influencers Channel. We're hosting a series of brief and highly informative interviews with influential security leaders and in 2015, we're talking about the implications of rapid software development and continuous security. Today we're joined by Doug DePeppe who has about ten different jobs in cyber security, including being a member of the Aspire IP Law Group, he's a former White House adviser with the 60-day Cyber Space Review, he's a co-founder of the Cyber Resilience Institute, and the Chair of the Cyber Security Working Group for the DHS-affiliated Regional Consortium Coordinating Council. He also co-sponsors a new transatlantic Darknet intelligence partnership, he's co-founded several cyber preparedness initiatives, and he's an Assistant Professor of the Cyber Security Master's program at UMUC, University of Maryland University College.

We're hosting a series of brief and highly informative interviews with influential security leaders and in 2015, we're talking about the implications of rapid software development and continuous security. Today we're joined by Ed Alcantara. Following an event of stolen identity in 2008, Ed was compelled to develop methodologies and protocols that allow actionable real-time intelligence from bad actors and Darknet denizens to be the genesis for his new company. It was originally known a AFX Corporation, and now they're doing business as Darknet BlackOps Intelligence, or DBI.

Thanks, everyone, for joining us on the Security Influencers Channel. We're hosting a series of brief and highly informative interviews with influential security leaders and in 2015, we're talking about the implications of rapid software development and continuous security. Today, I'm pleased to have with us Stuart McClure. Stuart is an acclaimed security visionary. He's the lead author of "Hacking Exposed: Network Security Secrets & Solutions" which is on my bookshelf, by the way. He's currently the CEO and President of Cylance, Inc. Prior to Cylance, he was an EVP, global CTO and General Manager at McAfee.

Thanks everyone for joining us onThe Security Influencers Channel. We're hosting brief and highly informative interviews with influential security leaders. Today, I'm thrilled to have Adam Shostackwith us. Adam is a technologist, entrepreneur, author and game designer. (We'll talk about that a little bit.) He's a member of the Black Hat Review Board. He helped found the CVE. He's the author of "Threat Modeling - Designing for Security." Lead designer of Microsoft's SDL threat modeling tool, version three and the game "Elevation of Privilege." He's also the co-author of "The New School of Information Security" and he co-designed "Control-Alt-Hack."  

Thanks everyone for joining us on The Security Influencers Channel. We're hosting brief and highly informative interviews with influential security leaders. Today we're joined by my friend, Josh Corman. Josh is currently the CTO at Sonatype. He's the co-founder of Rugged Software. He's the co-founder of I Am The Calvary and he is a very highly coveted speaker. Previously Josh worked in security at Akamai, where he was hired to build and run a new team called Security Intelligence. The team was put together to do research, analysis, thought leadership, work closely with high risk organizations and drive actionable intelligence into the public sector, government, and critical infrastructure. Josh also lead the Enterprise Security Practice for The 451 Group and IBM's internet security division.

Thanks for joining us on another episode of The Security Influencers Channel, as we host brief and highly informative interviews with influential security leaders. Today we're joined by Nancy Zayed. Nancy is founder and Chief Technology Officer at MagicCube, a digital commerce security startup. 

On this episode of The Security Influencer's Channel, we're joined by Bill Brenner. He's the Senior Program Manager for Editorial in the Information Security Group at Akamai. Prior to that, he was the managing editor for CSO Online and CSO Magazine. According to Bill, he fights the never-ending battle against cyber-evil one article at a time. 

On this episode of The Security Influencer's Channel, we have with us Patrick Peterson. He's the CEO and Founder of Agari, a cloud-based solution providing visibility and controls to secure the email channel. Agari is the culmination of years of innovation, customer feedback and intense product development. Their cloud-based solution provide revolutionary visibility, response and protection from email threats attacking their customers and partners by stealing your email identity. Patrick is one of the top experts in the world on email security.

On this episode of The Security Influencer's Channel, I'm pleased to welcome Dr. John Johnson, who is the global security strategist and domain architect for John Deere. John has been responsible for architecting solutions that have been critical to maintaining global network security at John Deere since 1999. His projects have involved every aspect of corporate security, from the management of enterprise security systems, to developing standards and policies, and overseeing the security of business acquisitions and divestitures. Prior to John Deere, he worked at Los Alamos National Laboratory as a staff physicist and network security manager. John has spoken at such industry conferences as Black Hat, RSA Conference and SC Magazine World Congress on various computer security topics. John has developed computer security courses for St. Ambrose University, ITT Tech, Laureate/Walden University and Excelsior College. He is an Advisory Board Member for the University of Advancing Technology and an adjunct faculty member for St. Ambrose University, Eastern Iowa Community Colleges and Excelsior College, having taught more than 30 courses since 2003. John serves on industry boards and advisory councils, and he is an active security blogger.

On today's episode of The Security Influencer's Channel, I sit down with Andrew Jaquith. Andrew's the CTO and SVP of Cloud Strategy at Silver Sky. At SilverSky, Andrew helps guide strategy, serves as chief spokesperson and works with customers, analysts and the press to advance the company's cloud agenda. Andrew played a key role in launching SilverSky, the successor to Perimeter E-Security and USA.NET.  Prior to SilverSky, Andrew was a senior analyst at Forrester, where he led coverage for data leak prevention and mobile security. He also wrote "Security Metrics: Replacing Fear, Uncertainty and Doubt," which sold more than 10,000 copies and was praised as "one of the best written security books ever." 

Welcome to The Security Influencer's Channel. Every week we interview experts in information security, application security, and network security. We're asking industry thought leaders to share their experiences and ideas about security in the future. For 2014, we're focused on the implications of rapid software development and continuous security. Today we're talking with Michele Chubirka. Michele has over 15 years experience in design, engineering and architecture of enterprise application and network security solutions, including maintenance and administration of multiple vendor technologies. She's a security architect, freelance writer, blogger, podcast host, industry analyst, and just overall expert.

Welcome to The Security Influencer's Channel. Every week we interview experts in information security, application security, and network security. We're asking industry thought leaders to share their experiences and ideas about security in the future. For 2014, we're focused on the implications of rapid software development and continuous security. On today's episode we have with us Kevin Peterson. He's a Senior Manager of Risk at McKesson's Enterprise Information Solutions line of business. Kevin's got 20 years of experience and he spans, I think, just about every role in security that you can have. He's also a globally recognized champion of what he calls "Introsect by Design."

Welcome to The Security Influencer's Channel. Every week we interview experts in information security, application security, and network security. We're asking industry thought leaders to share their experiences and ideas about security in the future. For 2014, we're focused on the implications of rapid software development and continuous security. So today, we have with us Mike Murray. He's the director of Cyber Security Assessment and Consulting at GE Healthcare. Prior to GE, Mike spent 15 years working from companies across all range - startups that built security products, consulting companies, and even a large financial services firm. In 2008, He partnered with a couple of other like-minded individuals and built the Hacker Academy, and then, in 2010 we co-founded MAD Security which subsumed The Hacker Academy as part of a security consulting, resale and system integration firm.

Today we're talking with Jeff Schilling. Jeff is the Chief Security Officer at FireHost, and prior to that, he was a director of the global Incident Response practice for Dell SecureWorks. Colonel Schilling retired from the U.S. Army, where in his last assignment, he was the director of the Army's global Security Operations Center under the U.S. Army Cyber Command. Jeff and I discuss his tenure in the Army doing global Security Operations, Monitoring, and Incident Response, for over a million computer systems. Jeff explains the challenges of bringing network security to a stack that was not designed to be defended. We talk about his current position at Firehost, what makes them different, and why companies can benefit from moving their applications from their internal IT staff. A lot of companies out there are good at running a network for their primary line of business, but the challenges lie in running a secure one. Jeff also shares his toughts on the future of DevOps and application security and what he sees as the new trends moving forward.

Today, I'm pleased to have Troy Hunt with us. Troy has been building web applications in the finance, media and healthcare industries since the early days of the web in the mid '90s. Based out of Sydney Australia, he now works as an architect for Pfizer Pharmaceuticals’ Emerging Markets.  His software interests focus on enabling people to be productive in delivering high quality applications within proven frameworks. He regularly blogs about application security, improving the software development process and all things technology related. Troy and I discuss all of the recent high profile security breaches of Target, Home Depot and Apple and what that means for the state of security in today's landscape. He shares his thoughts on application security as it relates to the "internet of things" and the interconnected-ness of more and more mobile apps.  This leads into my belief that businesses can simply do a better job of delivering secure software and Troy thinks starts with helping developers better understanding the vulnerabilities in their code.

Today, we're talking with my good friend, Samy Kamkar. Samy is a security and privacy researcher, computer hacker, whistleblower, entrepreneur. At the age of 17, he co-founded Fonality. It's a unified communications company which ended up raising $24 million in private funding. And ever since, he's been doing amazing security research. Samy is probably most recently famous for creating SkyJack, a custom drone which hacks into any nearby Parrot drones allowing them to be controlled by the operator. We discuss what led Samy to create SkyJack, his continual work on RFID security, and the implications of XSS ten years after the "Samy Worm."

In today's episode, I have the pleasure of talking with my friend, Neil Matatall, who is a security engineer at Twitter. He also runs the OWASP Orange County chapter, and he was the organizer of the hugely successful AppSec California Conference which I spoke at. Neil and I discuss his philosophy on automating applications security and doing continuous delivery. Neil shares his process and focus at Twitter and how he chooses and fine tunes tools that help developers code more securely. I also pick Neil's brain on the idea of a common language in the application security world where every tool could report vulnerabilities in the same format.

In today's episode, I have the pleasure of talking to John Howie. John is the Chief Operating Officer at the Cloud Security Alliance. John has over 20 years of experience in information and communications technology in a variety of industry sectors, from financial to telecom, and entertainment to education. Today, we discuss the mission of the Cloud Security Alliance and what the organization seeks to accomplish. John talks about "The Notorious Nine: Cloud Computing Top Threats in 2013" and how people are responding to data breech and other security threat categories. I also ask John's take on the acceleration of software development on the cloud, mobile, dev ops and software-defined networking.