The Cyber Ranch Podcast

On this episode of The Cyber Ranch Podcast, host Allan Alford is joined by Ron Eddings and Chris Cochran from Hacker Valley Studio. The episode begins with Ron and Chris sharing how they came to cyber security and the roles they’ve held in the space.
While they came up in the cyber security space through different channels, they now work together at Marqeta, Ron as a Security Architect Leader and Chris as the Director of Security Engineering. Additionally, together they host the Hacker Valley Podcast. Allan is curious how the podcast affects their day jobs and their day jobs influence the podcast. Ron and Chris explain that it has given them wider contacts with people in the security industry and the opportunity to speak with them about their interests and expertise.
Allan asks Ron and Chris how they stay passionate about their work. Chris says both he and Ron believe in getting better everyday, even if it’s in small increments. Reading books, taking classes, speaking to mentors are all ways that he improves himself and makes sure he stays sharp. Ron shares that he is a collector, and it has led him to collecting experiences. Through these experiences, he is also able to continue getting better and improving himself.
They both share that through the podcast and their jobs, they need to continue learning and working. They’ve taken voice coaching and storytelling lessons to keep on the cutting edge of podcasting. Everyone has a story and the ability to share your own and help others share theirs is essential not only to impeccable podcasting but also being an empathetic and engaged human. In threat intelligence and user awareness training along with other technical skills storytelling is integral to meeting people where they’re at.
As the episode ends, Allan asks Ron and Chris about the future for them and their podcast.
Key Ideas:
:22 - Chris and Ron are introduced.
4:46 - How the podcast influences their day jobs and vice versa.
12:08 - Allan asks Chris and Ron about infusing passion in their work.
16:39 - The importance of storytelling in podcasting.
24:00 - What does the future look for Ron, Chris, and the podcast?
Links:
Follow Allan Alford on LinkedIn and Twitter
Learn more about Hacker Valley Studio and The Cyber Ranch Podcast
Follow Chris Cochran on LinkedIn and Twitter
Follow Ron Eddings on LinkedIn and Twitter
Support Hacker Valley Studio on Patreon.
Sponsored by our good friends at Axonius

Allan Alford interviews Anne Marie Zettlemoyer about the topic of vulnerability management. Anne Marie is a visiting fellow with the National Security Institute at George Mason University, and one of the all-around sharpest minds Allan knows in information security!
Anne Marie is deeply entrenched in the world of information security, and she loves her work. She began her career in accounting and finance, but by serendipity was introduced to security through a position updating a company’s payment system. From there, she was recruited into the Secret Service, where she developed a passion for the information security field - a field she hasn’t left since! Anne Marie is driven by the energy and nobility of her profession, and she values work as a protector and defender. At the same time, she feels a high level of responsibility to her company and her customers to navigate information security well.
The baseline for security work, Anne Marie says, is the fundamentals. The first line of a security officer’s responsibility is to maintain this sort of system hygiene; this is why Anne Marie is passionate about vulnerability management. In a changing threat landscape, vulnerability management is a basic necessity to keep products and clients safe. Of course, this does not make vulnerability management an easy task.
Practitioners of vulnerability management must also attend to a variety of factors, from issues of regulation and compliance, to CVSS scores and tooling for contextualization, to determining the way in which vulnerability management should be situated within their broader security program (often as a key driver). Within the world of information security, vulnerability management is one of many complex pieces to juggle together, and people like Anne Marie stand at the center of the balancing act. Anne Marie leaves listeners with an idea of how best to approach information security today, but she also leaves them with the prospect of exciting changes on the horizon in the areas of data governance and bridging the gap between speed and security.
Key Takeaways
0:17 - Listeners are introduced to Allan Alford and his guest, Anne Marie Zettlemoyer.
1:12 - Allan asks Anne Marie to walk through her day job.
1:56 - Why is vulnerability management important to Anne Marie?
4:13 - Allan shifts to the subject of motivating people to fix vulnerabilities.
6:26 - Anne Marie’s broad experience gives her a unique experience.
8:41 - Remediations must be obtainable.
10:27 - Overall, fundamentals, partnership, and understanding are needed.
11:27 - Allan and Anne Marie turn to metrics, tooling, and context.
14:38 - Within the security program, where does vulnerability management fit?
18:00 - How did Anne Marie get into vulnerability management?
20:15 - Her job and its responsibilities require certain things.
20:56 - What keeps Anne Marie in the game?
22:20 - What is she looking forward to in the field?
Learn more about Anne Marie Zettlemoyer and connect with her on Twitter and LinkedIn.
Learn more about Allan Alford and connect with him on Twitter and LinkedIn.
Learn more about The Cyber Ranch Podcast, part of the Hacker Valley Studio family.
Learn more about podcast sponsor Axonius.
Support Hacker Valley Studio on Patreon.
Follow Hacker Valley Studio on Twitter.

Behavioral Economics has altered our perceptions of what actually motivates human beings. How do these theories about our more primitive behaviors as well as our intellectual biases apply to information security? Allan Alford & Kelly Shortridge discuss in the context of infosec programs and events in a whirlwind of conversation. Sponsored by our friends at AttackIQ
Podcast: The Cyber Ranch Podcast
Episode 2: Behavioral Economics and InfoSec with Kelly Shortridge
On this episode of The Cyber Ranch Podcast, host Allan Alford is joined by Kelly Shortridge, VP of Product Management at Capsule8. Their conversation begins with Kelly introducing herself and her work. She works in products for a security vendor, and she’s done research into applying behavioral economics to security. Kelly says she grew up with a love of computers, but was mostly about building gaming rigs side of things. Her career in information security began in the investment banking industry, which led her to fall in love with security.
Next, Allan asks Kelly about her work in behavioral economics. Economics is the study of choice, behavioral economics looks at the way humans actually behave by conducting experiments and observing natural occurrences. Humans don’t always behave in the rational, textbook way, but Kelly explains that often their choices are rational when you factor in competing priorities. In information security, this shows up when folks find themselves reacting to threats that have the most attention, rather than those that are proven to be the most pressing. Information security is also affected by hindsight and outcome biases. Kelly explains how our brains try to trick us into blaming a single factor in a crisis, but that is not how the real world or cyber attacks work.
Now that behavioral economics has clued us in to the biases formed by what Kelly affectionately refers to as our “lizard brains,” Allan wonders if we should be optimistic about how we may think and prevent attacks in the future. Kelly isn’t so sure. She explains that changing some systems to be more compatible with our lizard brain has been effective, however knowing how we think doesn’t help people think differently. In InfoSec, there are opportunities to continue making the secure way the easiest way, and circumvent the lizard brain. Other industries have been designing systems and workloads based on the way people behave; Kelly says InfoSec is just behind the curve.
As the episode ends, Allan asks Kelly what keeps her still in InfoSec. Kelly says it is spite. There are still inefficiencies and an industry that pats itself on the back for doing little, that makes her spiteful she says. She wants to be an industry member that adds value to organizations and highlights the user.
Follow Kelly on Twitter as @swagitda_ or on LinkedIn at Kelly Shortridge
Learn more about Allan and the Cyber Ranch Podcast at Hacker Valley Studio
Sponsored by our good friends at AttackIQ

A one minute introduction to the show and its format