Afleveringen
-
Shownotes
Antonio Deliseo has been in the information security industry for decades. Currently working at Telstra, Antonio has enjoyed a long and winding career path and has plenty of stories and insights to share as a result. In this conversation with Cole Cornford, Antonio discusses how he got started in his career studying physics, overseeing cybersecurity at a goldmine, how to advocate for cybersecurity within a large organisation, and plenty more.
Timestamps
1:40 - Antonio's career background
3:30 - Advantages of coming from a non technical background
8:30 - Stories from Antonio's early career working at a goldmine
14:00 - How Antonio moved into the GRC space
17:30 - The role a board of directors plays in cybersecurity
20:00 - Cybersecurity is less like IT, more like gambling or insurance
25:30 - Calculating the cost of a breach in dollar terms
30:30 - How to advocate for cybersecurity as a CISO
40:00 - Cybersecurity often seen as unaffordable by small businesses
42:30 - Pros & cons of networked technology
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
Summary
Ben Gittins is the Principal Security Engineer at Bugcrowd, one of the world's best bug bounty platforms. Ben has previously worked as a Senior DevSecOps Engineer at Canva, as well as DevSecOps Lead at SecureStack.
In this conversation with Cole Cornford, Ben shares his belief that cybersecurity needs more generalists, how coding and AppSec have changed over time, whether cybersecurity qualifications are overrated, and plenty more.
Timestamps3:50 - Why is Aus cybersecurity lagging behind?
9:50 - Over-reliance on purchasing cybersecurity products
14:40 - We ask too much of our AppSec professionals
19:00 - How App development & cybersecurity have changed over time
24:00 - "Greenfield projects" are often not realistic
28:20 - How to bring new people into the AppSec industry
32:00 - Importance of communication skills
38:20 - Cybersecurity qualifications are overrated
43:00 - Rapid fire questions
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
Zijn er afleveringen die ontbreken?
-
Blurb
Shan Kulkarni is the co-founder and CEO of Nullify, a product designed to augment AppSec teams with AI agents capable of carrying out multiple levels of product security work autonomously. Prior to Nullify, Shan worked in roles such as Cloud Operations Lead at UNSW Redback Racing, and Cloud Security Engineer at CMD Solutions Australia.
In this conversation with Cole Cornford, Shan discusses the challenges of starting a business, and in particular the challenges of hiring, the state of AppSec in Australia, what the future might hold for the industry, and plenty more.
Timestamps
1:30 - Shan's career background
5:30 - Why AppSec is so often inefficient and expensive
9:00 - Bigh tech has a monopoly on AppSec talent
12:30 - Shan's journey from consultant to founding a company
15:40 - Biggest mistakes when starting a business
19:20 - Selling products/services to devs is extremely difficult
25:00 - Where Shan sees AppSec going
28:00 - Consolidation of security products
32:00 - What security leaders are struggling with: visibility
34:00 - Rapid fire questions
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
Dan Draper is CEO and Founder of CipherStash, a data-storage platform that helps customers keep data secure. As well as being fascinated by Cryptography and data security, for most of Dan's career he's either been a founder or worked in the leadership team of startups, so has plenty of experience in both business and getting into the nitty gritty details of technical problems.
In this episode Dan chats with Cole Cornford about Cryptography, the challenges and rewards of founding a company, best practices for securing funding for a startup, and plenty more.
Timestamps- 2:00 - Dan's career background
- 8:00 - Dan's lessons from working in government
- 9:30 - When Dan became obsessed with cryptography
- 12:40 - Reflecting on Dan's 1st failed business
- 17:10 - The founding of CipherStash
- 23:40 - Managing data a major challenge in large orgs
- 28:00 - Different types of data breaches
- 32:00 - Potential and limitations of AI in cybersecurity
- 37:00 - Experience raising money for a startup
- 44:10 - Dan's 3 tiers of investors
- 46:00 - Rapid fire questions
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
In this episode, Cole Cornford chats with Matt Jones, co-founder of Elttam, an independent security boutique that provides security assessment services. On top of his role at Elttam, Matt is active in the infosec community in a variety of ways, including helping with BSides Canberra's call for papers and writing open-source tooling such as talkback.sh. Cole and Matt chat about the motivation behind founding Elttam, why Australia's infosec industry is lagging behind other parts of the world, the exploit development space, and plenty more.
Timestamps
2:00 - Matt's career background
7:00 - Matt's early challenges finding an opportunity in cybersecurity
11:00 - Why Matt chose to co-found Elttam
13:00 - Cole: Australia's infosec industry is immature compared to US
19:00 - The importance of specialisation
20:30 - Better to do 1 thing really well when bootstrapping
24:00 - Using the right approach for the right context
25:30 - Risks of using a bug bounty program
31:10 - Cole: the bar for pen testing reports should be much higher
37:10 - Training & education for infosec
39:00 - Cole: is infosec a cottage industry?
44:00 - Product vs service approach to cybersecurity
47:50 - Cole: I like looking at source code from 80s and 90s
49:00 - Rapid fire questions
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
Summary
In this episode of Secured, host Cole Cornford interviews Bruce Large, a security architect and evangelist at Secolve, the OT security specialists in Australia. They discuss the importance of threat modelling in operational technology systems and the need for engineers to consider the potential for cyber attacks. Bruce also shares insights from the ISA/IEC 62443 series of standards, which provides guidelines for secure system development in OT. Additionally, they touch on the significance of unions in the tech industry and the benefits of joining organisations like Professionals Australia. Tune in for a fascinating conversation on application security and more.
Timestamps1:25 - Bruce's professional background
2:40 - Defining "engineer" in different contexts
6:20 - Differences between computer engineers and civil engineers
8:20 - Threat modeling
12:40 - How we treat safety in software vs other industries
18:30 - Bruce: we should be encouraging lifelong learning
24:00 - ISA/IEC 62443 safety standard
29:00 - The Year 2038 Problem
34:20 - Unions & industrial relations
43:40 - Rapid fire questions
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
Summary
Paul McCarty is CEO and founder of SecureStack, a DevSecOps visibility & automation company, and GitLab's Red Team leader. Paul's been involved in software security in Australia for decades. In his conversation with Cole Cornford, Paul discusses how Australia's software security industry has changed since the early 2000's, whether security professionals aught to know how to code, and plenty more.
Timestamps
2:50 - Paul's career background
7:00 - Spicy take: people on LinkedIn are too blindly positive
10:00 - Understanding what went wrong when there's a breach
13:00 - Cole doesn't think "zero trust" is feasible
14:10 - Cole: maturity of cybersecurity in Aus is weak generally
16:00 - Cole hires for dev experience, not sec ops, because dev is harder to teach
18:30 - Aus market different to US, which has lots of software companies
21:50 - Paul: we've devalued the importance of operations
22:20 - The "holy trinity" of offensive security
26:30 - What percentage of ASX companies have a bug bounty program?
28:50 - Cole's free pizza exploit
31:00 - Got to be in security for the long haul
31:40 - The book that changed Paul's life
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
Jay Hira is a cybersecurity director with 18 years of experience working in a variety of roles both in Australia and internationally. Today he is Director of Cyber Security: Financial Services at KPMG Australia, and Founder and Executive Director of MakeCyberSimple. In this conversation Jay and Cole Cornford avoid getting too deep into technical details, and instead discuss a zoomed out perspective on cybersecurity strategy for large organisations, how the current macroeconomic climate affects approaches to cybersecurity, tips for clear communication between technical and non-technical stakeholders, and plenty more.
Timestamps
1:40 - Advantages of generalisation vs specialisation
4:00 - Tips for communicating effectively to leaders
6:00 - Clarity comes from simplicity
9:30 - Importance of reporting structure in a large org
14:20 - Core foundations of a cyber strategy
20:00 - How current economic climate is affecting cybersecurity budgets
24:30 - How do you maintain intrinsic motivation?
27:00 - Work life balance
30:30 - Rapid fire questions
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
Tara Whitehead is Security Engagement Manager at MYOB. Prior to becoming a cybersecurity specialist, Tara had an eclectic career, including working in advertising and international relations. In this episode Tara chats with Cole about how her non-technical background has in many ways been an asset working in security, leading change management in large enterprises, the importance of great communication skills, and plenty more.
Secured by Galah Cyber website
Timecodes
7:15 - Tara's first days in AppSec
10:00 - How to influence people
12:30 - Why we should dial back on the doomsday conversation
14:10 - Find your change champions
21:30 - Is a non-technical background help or hindrance?
23:30 - Communication and influencing key skills
26:00 - Communicating with execs
28:20 - Rapid fire questions
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
Episode summary
Daniel Grzelak is currently the Chief Innovation Officer at Plerion, and has had a storied career at a variety of technology firms around Australia. In this conversation Daniel brings his experience and insight to the topic of common myths and misconceptions within the cybersecurity industry, and with Cole Cornford tackles questions like:
Does a cybersecurity professional need to know how to code?
Is there a workforce shortage in the industry?
Should pen testers write remediation advice?
Timestamps
1:50 - Does a cybersecurity professional need to know how to code?
5:40 - Is there a workforce shortage in cybersecurity?
9:30 - Questions to ask when interviewing potential cybersecurity hires
12:30 - Are people in cybersecurity bad at promoting their own skills?
17:00 - Should pen testers write remediation advice?
20:20 - Daniel's career advice: start writing
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
After working as a cybersecurity consultant in Europe for over a decade, Jacqui Loustau was struck by how cybersecurity professionals in Australia were overwhelmingly male. This led Jacqui to found the Australian Women in Security Network (AWSN), a not-for-profit association and network with the goal of increasing the number of women in the security community.
In this episode, Jacqui chats with Cole Cornford about how businesses can change their approach to hiring to improve diversity, the importance of supporting kids and students of all backgrounds who have an interest in the field, as well as some of her thoughts on the future of the industry.
Secured by Galah Cyber website
Timestamps4:30 - Jacqui’s career background.
9:30 - How Jacqui became inspired to tackle the issue of diversity within cyber.
10:00 - At Jacqui’s first cyber event in Aus, struck by a sea of men.
13:00 - Achievements Jacqui is proud of from the last 10 years.
15:20 - What can businesses do to encourage diversity.
19:00 - Cole: what are some systemic issues we need to tackle?
22:00 - Jacqui: you can always teach technical skills.
23:00 - How we can support kids & students to move into cyber.
25:00 - Rapid fire questions.
27:10 - What will be the theme in cyber for 2024.
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
While working as Head of Cyber Security Business Services at Australia Post, Susie Jones worked on a product that was designed to support small businesses that had suffered a data breach. Susie came to believe that existing cybersecurity tools and support was generally either too expensive for Australian small businesses, or didn’t suit their needs. And so she co-founded Cynch Security, which aims to fill this gap.
In this conversation Susie chats with Cole Cornford about Susie’s career, the benefits of coming from a non-technical background, and they do a deep dive on the security needs of small businesses in Australia.
Secured by Galah Cyber website
4:36 - Susie’s career background
5:40 - benefits of coming from a non-technical background
7:15 - Challenges of running your own business
7:40 - Cole: you’re selling protection, it’s a pure cost
8:10 - Susie’s motivation to become a founder
9:00 - Consequences of breaches “the worst working day of their life”
10:30 - Most common security challenges for small businesses
13:00 - Big businesses that work with small businesses share cyber risk
14:40 - Supply chains and small businesses in Australia
17:20 - 90% of employers in Aus aren’t served by our current cyber solutions
18:00 - Worst examples of advice not suited to small business
19:20 - Tips Susie would give to small businesses
21:20 - Password managers are a no brainer
25:00 - Rapid fire questions
26:10 - One cybersecurity myth Susie would like to debunk
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
In this episode Cole Cornford chats with Nathan Morelli, Head of Cyber Security and IT Resilience at SA Power Networks, which is the sole electricity provider for the entire state of South Australia. Making sure that 1.7 million people have electricity is a pretty important job, and Nathan shares his perspective on how the organisation maintains resilience in the face of potential breaches.
They also discuss the importance of financial management skills in a management role, the Australian government’s updates to the Essential 8 and the national Six Shields cyber strategy, the importance of work life balance, and plenty more.
Secured by Galah Cyber website
4:00 - Nathan’s career overview
8:00 - “Not if, but when” and the principle of acting like a breach has already occurred
10:40 - Cyber resilience is critical
11:00 - Finding value in the impact of your work
15:00 - Matching cybersecurity strategy to the resources available
17:20 - High regulation/barriers to entry restrict quality security advice
19:00 - Importance of access to affordable cybersecurity tools
19:30 - Australian government “Six shields” update
23:50 - Australian government update to “Essential 8”
27:40 - Why Nathan adopted financial management concepts in his cybersecurity work
31:10 - Cybersecurity decisions are made for financial reasons
33:10 - Typical career trajectory: follow money, then people, then problems
35:40 - Importance of work-life balance
40:40 - Rapid fire questions
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
In this episode, Cole Cornford chats with Mat Franklin, founder and managing director of the consulting firm MF & Associates. Founded in 2019, Mat has quickly grown the company to be 70 or so employees, with their largest team being a cybersecurity team. With a focus on diversity and representation, MF & Associates are made up of approx 70% women, as well as having strong representation of LGBTQ+ and people with disabilities.
In the conversation, Cole and Mat chat about the importance of diversity and representation in tech and cybersecurity, what Mat looks for in a potential employee, what lessons cybersecurity professionals can learn from other industries like health and law, and plenty more.
Secured by Galah Cyber website
14:40 - How to improve diversity within a team
17:00 - What Mat looks for in a potential employee during a job interview
19:40 - The stereotype of cybersecurity professionals
20:00 - The movie The Web, and portrayal of cyber in film
24:00 - Cole: example of bad behaviour at a cybersecurity expo
26:30 - How did Mat build his business?
30:40 - Taking inspiration from how other industries operate
31:40 - Mat’s company targeting ex-nurses for employees
33:30 - The importance of brevity in corporate communication
35:50 - It’s not possible or useful to try and know everything in cyber
37:20 - Rapid fire questions
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
The cybersecurity industry is made up of people from all sorts of different backgrounds, and Michael Collins is a perfect example. After spending 8 years in the Australian navy, Michael moved to Cairns and became a diving instructor. After 5 years, Michael decided it was time for a career change and enrolled in a course to become a Microsoft certified systems engineer.
Today, he’s Chief Information Security Officer at Judo Bank. In this episode we chat about how Michael has managed major transitions in his career, the importance of aligning cybersecurity strategies with business goals, systems thinking as a framework for approaching cybersecurity, and plenty more.
Systems Thinking Made Simple - by Derek Cabrera:
https://www.amazon.com.au/Systems-Thinking-Made-Simple-Problems/dp/1520740492
Secured by Galah Cyber website
2:20 - A good summary of Judo Bank
7:10 - How Michael became a CISO
9:00 - How Michael almost bailed on his cybersecurity training after day one
12:00 - The joys of scuba diving
14:30 - Advantages of systems thinking
16:30 - How someone can get started with systems thinking
17:40 - DSRP thinking (Distinctions, Systems, Relationships and Perspectives)
24:20 - Delivering AppSec by meeting the business where it is, not being idealistic
25:20 - “It’s not all about downsides”, businesses succeed by taking risks
27:10 - How we can promote more business-mindedness in cyber
32:50 - Michael’s transition from techie role to CISO
39:50 - Cole: “Leadership is a funny thing”
43:30 - Rapid fire questions
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
Seth Law is Founder and Principal Consultant of Redpoint Security, an AppSec consulting firm that focuses on code security, as well as co-host of the fantastic Absolute AppSec podcast. Seth has plenty of experience with the nitty gritty details of software development, and Cole Cornford had a great time nerding out with him about static analysis tools and code reviews.
They chat about the potential for AI to improve AppSec, the unhelpful tendency to idolise big tech companies, the importance of good communication between developers and AppSec, and plenty more.
Secured by Galah Cyber website
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
Jeanette Gill is Principal Customer Success Manager at Secure Code Warrior. Jeanette comes from a non-technical background, having worked in the aviation industry for over a decade. When she made the leap into AppSec, it was her communication skills and focus on providing a great experience for customers which proved invaluable.
Jeanette chats with Cole Cornford about some common misconceptions about AppSec, the sometimes uneasy relationship between developers and AppSec, the potential for AI to change our industry, and plenty more.
Secured by Galah Cyber website
7:30 - Jeanette’s career background in aviation
10:40 - Working for airline “best years of my life”
13:10 - Giving up career to move to Australia
15:20 - Jeanette’s current role at Secure Code Warrior
16:40 - Developers being wary of appsec
20:40 - Cole: I don’t think education issue, but incentive issue
24:00 - Using AI to improve appsec
24:40 - What is Secure Code Warrior
28:00 - What do teams struggle with in terms of Appsec?
36:00 - Management leading by example
38:40 - Often, devs don’t want to hear from appsec team
43:00 - How did Jeanette get involved with appsec after moving to Aus
46:50 - Value of webinars, podcasts, and people sharing knowledge online
47:30 - Developers, programmers or engineers, what’s the correct term?
51:50 - The importance of titles and job descriptions
52:30 - Rapid fire questions
59:30 - Jeanette: hug your appsec team
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
Edward Farrell is Director & Principal Consultant for the Australian company Mercury Information Security Services. Edward has nearly two decades experience in the IT sector, having worked early on in network design and IT operations, before transitioning into a focus on infosec. He’s an Industry Fellow at the University of NSW, teaching in the cyber security masters program, and a board member and advisor to multiple organisations. In this episode, Cole Cornford chats with Edward about his career journey, using automation to make teams more efficient, his belief that the infosec industry would benefit from further professionalisation, and plenty more.
Secured by Galah Cyber website
Time Stamps6:25 - Edward’s career background
10:00 - Did Edward enjoy living in Wollongong?
11:20 - Value of work experience while at Uni
14:00 - What led Edward to start his own business
15:40 - Using automation to make a business more efficient
18:10 - Career pathways within info security
19:00 - The big 4 firms in cybersecurity
20:40 - A broader issue with the Australian market
22:30 - Financial planning
25:40 - The best blog posts that Edward has written recently
27:10 - The professionalisation of cybersecurity
32:00 - Too many tech solutions, not enough service providers?
36:00 - Edward anecdote: one guy in the company who knows all the systems
37:20 - Rapid fire questions
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
In this special episode of Secured, Abhijeth Dugginapeddi takes the reins as guest host and Cole Cornford answer the questions for once. Cole discusses some of the ups and downs of his career, what advice he has to share, and plenty more.
Abhijeth Dugginapeddi is currently Head of AppSec at BigCommerce, an ecommerce platform used by thousands of companies across 150 countries, as well as lecturer at the University of New South Wales. Abhijeth has worked in cybersecurity for well over a decade, including roles at Adobe and Commonwealth Bank.
Secured by Galah Cyber website
2:56 - Cole’s career background
4:30 - Cole rapidly becoming head of AppSec function
8:20 - Looking back, was Cole’s career background a good start?
10:20 - Cole’s advice for people getting into cybersecurity
13:30 - The 3 “A”s of consulting
16:00 - Is elitism still common in cybersecurity?
16:50 - Cybersecurity: we’re taught an adversarial mindset by default
20:10 - What were the motivations and challenges for Cole starting a company?
22:40 - Cole’s experience at a recruitment fair
25:50 - What a day in the life of Cole looks like
31:00 - Tips for leaders on how to build a successful security team
34:00 - Importance of good relationships/communication among team
35:30 - Does Cole have frustrating days? What are some challenges he’s overcome?
44:00 - Rapid fire questions
Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy -
Karissa Breen is the founder of KBI, a marketing and communications agency that works with cybersecurity and deep tech companies. After working in technical roles early in her career, Karissa saw that the complexity of cybersecurity often made it challenging for companies to communicate clearly, especially to those outside of the cyber industry.
An entrepreneur at heart, Karissa took a leap of faith, quit her job, and has since focused on helping those with technical expertise tell their stories more effectively.
In this episode Cole Cornford chats with Karissa about her experiences with podcasting, producing a TV show, the ups and downs of entrepreneurship, and plenty more.
Secured by Galah Cyber website
Time Stamps
4:20 - Karissa’s career background.6:30 - Moving away from a purely technical role.7:20 - Cole: is a uni degree important for a career in cyber?11:10 - Karissa being inquisitive in her early years.11:50 - Treating people the same regardless of their job/rank.13:00 - Cole: lots of students think a uni degree will be enough to get them a job.15:00 - Karissa’s decision to pursue entrepreneurship.16:40 - Cole: starting out in business, naivety can be valuable.18:40 - Karissa’s journey building her business and getting into media.23:30 - In the early days of Karissa’s podcasting, what worked well and what didn’t.26:40 - Cole gives a shoutout to W2D1.27:30 - Karissa: podcast hosts need to enjoy/care about hosting their podcast.31:30 - Karissa’s TV show.38:00 - The importance of preparation for a podcast.38:30 - Karissa’s entrepreneurship journey.39:20 - Karissa: Entrepreneurs are a different breed.43:00 - Entrepreneurship is constantly challenging.44:30 - The importance of a good support network.45:10 - rapid-fire questions.Mentioned in this episode:
Call for Feedback
This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy - Laat meer zien
