Unspoken Security ZeroFox

In this episode of Unspoken Security, host A.J. Nash welcomes Ana Aslanishvili and Shawn Abelson from Pine Risk Management. Together, they dive into the often-overlooked intersection of cyber and physical security. With a combined experience of 30 years, Ana and Shawn share their insights on the importance of integrating these two realms to fortify organizational defenses against evolving threats.

The conversation highlights the critical distinctions between penetration testing and red teaming. Ana and Shawn explain how red teaming goes beyond traditional pen testing by adopting an adversary's perspective, aiming to challenge and improve the existing security measures. This approach not only tests the effectiveness of physical and cyber security controls but also enhances the overall resilience of organizations against sophisticated attacks.

The episode sheds light on the synergy between intelligence and security practices. By
leveraging threat intelligence, Ana and Shawn illustrate how organizations can anticipate and mitigate potential security breaches. Their expertise underscores the necessity of a holistic security strategy that encompasses both cyber and physical aspects, urging businesses to reassess and strengthen their security posture.

In this episode of Unspoken Security (sponsored by ZeroFox), AJ Nash is joined by Senior Threat Intelligence Analyst (and PhD candidate) Freddy Murre. Freddy brings his years of intelligence and security experience across military service and consulting into a discussion about one of the most common challenges many of us face: demonstrating the value of Intelligence.

Freddy and AJ discuss some of the consistent challenges they see in building intelligence-driven security programs, including educating leadership on the differences between data, information, and Intelligence, structured analytic techniques, and how to speak the language of leadership needed to secure and grow budgets. They go on to share their views on building trust and demonstrating value to leadership, as well as available tools to measure that value in objective, defensible ways.

As always, the show wraps up with our guest revealing something that had, to this point, gone "unspoken." Freddy, like every guest, didn't disappoint with his candid answers.

P.S. Freddy referenced his mind map project, so we wanted to ensure you could find it!
- https://github.com/Errum/IntelArchitectureMap

In this episode of Unspoken Security (sponsored by ZeroFox), AJ Nash is joined by Roman Sannikov, the President of Constellation Cyber LLC. Before his current efforts conducting research and delivering Intelligence reports for various clients, Roman has led multiple teams focused on combatting threats in the Deep and Dark Web.
Roman and AJ give a brief overview of what we all mean when we say "Deep Web" or "Dark Web" to ensure we're all speaking the same language and then discuss the subcultures and self-regulation within some of the busiest criminal marketplaces. Roman provided insights into things that have changed over the last couple of decades (and what has remained the same) as cybercriminals have become more structured and professionalized.

The discussion turned to an exploration of things people often misunderstand when it comes to cybercriminal marketplaces and how easily people can go wrong in their choices for how to combat these threats. From there, the show focused on some of the myths and true stories from Roman's long and storied career as a resident within the cybercriminal underground, including some fascinating stories about his work on behalf of the FBI.

As always, the show wraps up with our guest revealing something that had, to this point, gone "unspoken." While I don't want to give too much away, Roman didn't disappoint when he revealed his "unspoken" truth.

In this episode of Unspoken Security (sponsored by ZeroFox), AJ Nash is joined by our first social media star...Gabrielle Hempel! Also known as LadyG on Twitter (@gabsmashh) - with over 100,000 followers - she also focuses on making the world a safer place as a Customer Solutions Engineer for LogRhythm.

(NOTE: Gabrielle was actually recorded as AJ's second guest on Unspoken Security - way back in October! - but we saved her appearance until we built our own audience so we weren't just taking advantage of her following.)
Gab and AJ have a fun and interesting conversation about Gabrielle's unusual path from working in an auto repair shop in Ohio - where she was almost stabbed! - to become an expert and influencer in cybersecurity. Gab shares how she grew from a shy child into a confident, powerful voice in cybersecurity, including some incredible stories of overcoming the opinions and assumptions of others. She learned how to assess risk and resolve conflicts in some dangerous real-world scenarios, and combined that with her incredible education (B.A., in Psychology, B.S. in Neuroscience, & MS in Global Security, Conflict, and Cybercrime from NYU).

With all the things in her life - social media, public speaking, a cybersecurity career, and a family - Gab offers her lessons learned and advice (including the power of saying "no") to get closer to the work/life balance most people need to avoid burning out in an industry where it is so easy to do. AJ added some interesting insights and leadership tactics he's also used to help teammates maintain a more balanced life.

This episode even had an additional special guest when AJ's dog Ryleigh couldn't resist meeting Gab! Ryleigh probably heard how much fun AJ and Gab were having and wanted to get some camera time, too.

As always, the show wraps up with our guest revealing something that had, to this point, gone "unspoken." Download this episode to find out Gabrielle's secret because you will ABSOLUTELY want to give her (and probably AJ) a hard time after you hear this!

In this episode of Unspoken Security (sponsored by ZeroFox), AJ Nash is joined by Brian Mohr, the founder and CEO of Reqfast, a technology startup dedicated to helping security teams document and prioritize their needs to better focus on work instead of workflow. 
Brian and AJ talk define what is meant when we talk about Intelligence requirements, why they are important, how to document requirements and use them to measure the value of intelligence (that all-important metric needed to justify investing in Intelligence, and their personal observations on the progress made when it comes to understanding and accepting the need for Intelligence requirements to justify spending and drive successful security practices.

Finally, as always, the show wraps up with our guest revealing something that had, to this point, gone "unspoken." In Brian's case, his secret has to do with the novel way he has been keeping track of his passwords which is both simple and feels a bit James Bond-ish.

In this episode of Unspoken Security (sponsored by ZeroFox), AJ Nash is joined by Lisa Ackerman, the Deputy Chief Information Security Officer for GSK (formerly known as GlaxoSmithKline, a British multinational pharmaceutical and biotechnology company.  
Lisa and AJ talk about the value of building Intelligence-driven security programs, particularly the vital aspect of impacting decision-making. They also both shared the complicated - perhaps unusual? - ways that career Intelligence professionals think and communicate about threats, risks, and preparedness.
Perhaps most interestingly, Lisa shares how she not only took her skills from the Intelligence Community (IC) into the private sector to build threat intelligence programs based on the IC’s best practices, but has become one of the very few Intelligence professionals to become a leader in the CISO career path.

Having transitioned from being a provider of Intelligence to being more of the consumer (on the CISO side), Lisa talked about how her perspective has changed, how it hasn’t, and who she thinks CISOs trust the most these days…the “CISO Whisperer” is.

Finally, as always, the show wraps up with Lisa revealing something that had, to this point, gone "unspoken”...and Lisa delivered some great stories and insights about how having the guts to leap into challenging situations can be a key to growing a career.