Once a month, a new 20-30 minute podcast by two self proclaimed grumpy security professionals talk security risk, how they’ve managed it in the past and looking forward discussions with guests working in information security and risk management. Co-hosts Doug Leece and Tim McCreight have been approaching security risk management from both the technical and managerial levels for a number of years yet share a common philosophy.
Guest #10 – Doug Millward
Doug Millward obtained his first degree in Computer Science and Management Science from the University of Keele a (very) long time ago. He obtained his post graduate certificate in Higher Education teaching and learning several years later from the University of Wolverhampton. He is now working on his third degree with the University of Essex.
His involvement with security and risk started at Turnbull Control Systems, a SCADA/ control systems company based in Sussex. He worked as a support engineer designing and delivering solutions to system problems for the likes of ICI and Shell. This led to a number of years globe-trotting as a technical consultant working on risk and security issues in engineering and network systems. During this time he lived in Denver, Colorado and worked in the USA, Canada, Africa, Australia, Singapore and of course from time to time in the UK.
His second career was as a freelance consultant, providing security design advice, support and hands on engineering experience to web startups, training centres and various network-related companies in the UK and elsewhere. He also found time to dabble in some teaching at sixth form level and even a bit of audio engineering and production.
Doug’s third career was with blue chip outsourcing companies like EDS, CSC, and Atos. He started as a senior developer writing .Net code (while it was still at Beta release) before progressing to solution architect, systems architect, and eventually Enterprise Architect and Head of Division. During this time, he worked on cloud solutions using .Net, Java, and eventually moved on to designing public and hybrid cloud solutions for UK Government departments as well as many large enterprises in the transport, medical and education sectors.
Now into his fourth career, Doug applied his corporate experience and teaching/ training skills to HE when he became a senior lecturer at Wolverhampton University, teaching at all levels from HND to Masters, designing a number of Security and Computer Science modules and also working as a lead researcher on the Biolive project – examining privacy issues for vulnerable adults. This fourth career has continued with work at Kaplan/ the University of Essex Online where he has designed and taught a number of computer science modules at Masters level, specialising in Cyber Security.
Doug is actively involved in research around cybersecurity, specialising in designing and modeling security in composable systems, the use of secure languages and data representations, and the application of risk frameworks and taxonomies at both the micro and macro levels.
Here’s a quick excerpt of our interview with Doug!
Guest #9 – Paul Smith
Paul Smith has spent close to 20 years in the automation control space, tackling the “red herring” problems that are thrown his way. He has handled unique issues such as measurement imbalances resulting from flare sensor saturation, database migration mishaps, and many more.
This ultimately led to the latter part of his career, where he has been spending most of his time in the industrial cybersecurity space pioneering the use of new security technology in the energy, utility, and critical infrastructure sectors. Paul is also helping develop cybersecurity strategies through the use of red team/penetration testing engagements, cybersecurity risk assessments, and tabletop exercises for some of the world’s largest government contractors, industrial organizations, and municipalities.
Here’s a quick excerpt of our interview with Paul!
Guest #8 – Michelle Finneran Dennedy
Before co-founding Privatus Consulting, Michelle Finneran Dennedy was CEO of DrumWave, Inc. Previously, she was Vice President and Chief Privacy Officer at Cisco, where she worked to raise awareness and create tools that promote privacy, quality, respect, trust, and asset-level possibilities for data.
She is a unique visionary in the field of privacy and the IT industry, bringing together multifaceted approaches that provide sincere privacy protections and drive business value.
A licensed attorney, Michelle has led security and privacy initiatives, ranging from regulatory compliance, privacy engineering, advocacy and education efforts, and litigation at companies including Cisco, McAfee/Intel Security, Oracle, and Sun Microsystems.
Michelle is a sought-after keynote speaker, and the co-author of The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value.
Here’s a quick excerpt of our interview with Michelle!
Guest #7 – Larry Whiteside
Larry Whiteside Jr. is a veteran CISO, former USAF Officer, and thought leader in the Cybersecurity field. He has 25+ years experience in building and running cybersecurity programs, holding C Level Security executive roles in multiple industries including DoD, Federal Government, Financial Services, Healthcare, and Critical Infrastructure.
Larry currently serves as the Chief Trust Officer and Chief Technology Officer at CyberClan, a full service Global Incident Response and Managed Security Services Provider for the small to medium sized business.
Larry is also the Co-Founder, President, and on the Board of Directors at the International Consortium of Minority Cybersecurity Professionals (ICMCP), a 501(c)3 non-profit association that is dedicated to increase the number of minorities and women in the cybersecurity career field through providing workforce development that includes skills assessment, training, education, mentorship, and opportunity.
Since 2009, via Whiteside Security, which he founded, Larry has advised several corporate security executives and companies across the cybersecurity industry on how to make Cyber Security a number one objective to their business. He has helped CEOs and board members of private cybersecurity companies achieve their goals in sales, marketing, and customer retention.
Larry has spoken in front of C Level leadership and Board of Directors of some of the largest private and public sector organizations in America. A thought leader in the industry with extensive experience presenting at conferences such as the Gartner Security Summit, RSA Conference, and SC World Congress, Larry has been featured in many articles relating to information security and risk management.
Larry received his Bachelor of Science degree in Computer Science at Huston-Tillotson University, an HBCU that is the oldest institution of higher learning in the State of Texas.
Here’s a quick excerpt of our interview with Larry!
Podcast #6 – Back to Work, Just in Time for Summer!
We took some time out of our summer holidays to interview each other!
We really wanted to chat about some issues that are top of mind – returning to work after a year and a half at home, what are some of the security implications we need to look at, and are we finding out what our “new normal” is going to be?
We also chatted about ransomware, among a few topics :). It was also a chance to really look at the world we’re seeing now from a cyber security perspective and if it’s getting scarier…
It was a great chance to chat and learn from each other…
Guest #5 – Dave Tyson
Dave Tyson is the President of Apollo Information Systems, a concierge Cyber Security consultancy with operations across the USA and Canada. Over 30 years of experience in Cyber & Physical security leadership, battling organized crime and nation state attackers has prepared him for all aspects of Enterprise Security Risk Management. He is also the co-founder of Cyber Easy Learning, an online and classroom Cyber Security training program that teaches Cyber Security in plain English!
His previous role was as Chief Information Security Officer for SC Johnson, a global consumer package goods firm. Prior to joining SCJ he led security programs for the largest Power Utility in the USA, was the Global Security operations lead for the largest E-commerce company in the world, and the Chief Security Officer for the Host City of the 2010 Winter Olympics.
Dave has a Master’s degree in Business Administration (MBA), specializing in Digital Technology Management. He’s also Board Certified in Security Management and obtained his Certified Protection Professional (CPP) designation. Dave is also a Certified Information Systems Security Professional (CISSP).
Dave is frequent speaker at conferences and education events in North and South America, ASIA and Europe. He has published dozens of articles in industry magazines and published the first book on Security Convergence via Butterworth Heinemann.
Here’s a quick excerpt from our interview with Dave!
Guest #4 – Terry Ingoldsby
Terry Ingoldsby has acquired over 25 years of cybersecurity experience. He is the President of Amenaza Technologies Ltd., and the chief technical architect of their advanced, attack tree based threat modeling.
He regularly teaches an advanced attack tree analysis course to aerospace and defense contractors, critical control system operators and IT providers.
Terry has conducted consulting engagements around the world! That’s an incredible accomplishment for a firm headquartered in Calgary, Alberta Canada! Terry has achieved his BSc in Physics, and his MSc in Computer Science. He’s also active in the Calgary IT community and has done presentations and interviews on attack tree threat modeling.
Here’s a quick excerpt from our interview with Terry!
Guest #3 – Scott Klososky
Scott began his career fresh out of high school, where his job in a new computer division of an office products company was his springboard into the world of technology. He became the leader of their new computer sales division and then purchased it as his own company. It was eventually built into a twelve-store operation in three states.
His next endeavor was as founder and CEO of Paragraph, Inc., a Soviet/American joint venture founded in 1988, as this country was just opening up to western business models. Half of the company was sold to Silicon Graphics, and the other half sold as well a few years later.
Scott then collaborated with H.R. Haldeman to publish a diary of his years as the Chief of Staff to President Nixon, which was a bestseller (Putnam Publishing), and involved Sony Interactive in the release of a book companion CD-ROM.
In 1995 Scott started another company named Avant Digital Marketing which was later renamed Webcasts.com. This start-up was an early producer of webcasted media ranging from corporate and government communications to sporting events and entertainment. It was sold in 2000 for $115 million.
In 2007 Scott once again founded a start-up called Alkami Technology. This company developed a second-generation online banking platform with innovative features non-existent in current systems. The company is today headquartered in Dallas and has over 250 employees.
Along the way Scott has participated as a board member with a number of firms. Examples include WeGoLook which sold in 2017 for approximately $40 million and First Fidelity Bank in Oklahoma and Phoenix.
He is the author of four books including his most recent title, Did God Create the Internet? The Impact of Technology on Humanity.
Here’s a quick excerpt from our interview with Scott!
Guest #2 – Winn Schwartau
Winn has lived Security since 1983, and now says “I think, maybe, I’m just starting to understand it“. His predictions about the internet and global security problems have been scarily spot on. He coined the term “Electronic Pearl Harbor” while testifying before Congress in 1991 and showed the world how and why massive identify theft, cyber-espionage, nation-state hacking and cyber-terrorism would be an integral part of our future. He was named the “Civilian Architect of Information Warfare” by Admiral Patrick Tyrrell of the British Ministry of Defense.
He is currently the Chief Visionary Officer, running Research & Development for SAC Labs, developing techniques to enhance human resilience to social engineering attacks on businesses, individuals and global critical infrastructures.
His new book, “Analogue Network Security” is a mathematical, time-based and probabilistic approach to justifiable security. His goal is to provide a first set of tools and methods to “fix security and the internet”, including fake news, spam, phishing, Distributed Denial of Service (DDoS) attacks and more.
There’s a great quote from Winn that came from his testimony to the Congressional Subcommittee on Technology and Competitiveness, Committee on Science, Space and Technology about the state of security in the private sector and government:
“Government and commercial computer systems are so poorly protected today they can essentially be considered defenseless – an Electronic Pearl Harbor waiting to happen. As a result of inadequate security planning on the part of both the government and the private sector, the privacy of most Americans has virtually disappeared.“
The testimony we’re quoting was provided June 27, 1991. Almost thirty years ago…
Here’s a quick excerpt from our interview with Winn!
Guest #1 – Rachelle Loyear
As Vice President of Innovation and Product Management for G4S Americas, Rachelle Loyear leads the G4S Innovation team and the Enterprise Security Risk Management approach at G4S.
Rachelle has spent her career managing programs in corporate security organizations. Focusing strongly on security risk management, she has been responsible for ensuring enterprise resilience in the face of many different types of risks, both physical and cyber.
In 2017, she released the book The Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity, and is a co-author of the 2018 book, Enterprise Security Risk Management: Concepts and Applications.
Rachelle serves on the Cybersecurity Advisory board for SIA, and the IT Security Community, ESRM, and Crisis Management steering committees of ASIS International. She is a Certified Information Security Manager (CISM) through ISACA, a Master Business Continuity Professional (MBCP) through DRI International, an Associate Fellow of Business Continuity International (AFBCI) and a certified Project Management Professional (PMP) through the Project Management Institute (PMI).
She’s also working on some really cool projects:
- She’s refining and releasing a Global ESRM approach to customer solution development for G4S,
- She’s part of the team revamping the ASIS Protection of Assets material to include an ESRM underlying philosophy, and
- She’s working with customer focus groups to understand what the security industry really needs to manage risk – using Design Thinking principles.
Here’s a quick excerpt from our interview with Rachelle!!