Socializing Security

Is the Fight for Privacy Still Alive? – A Special Look BackIn this special edition of Socializing Security, Milou takes listeners on a retrospective journey through 2024, revisiting one of the podcast’s most thought-provoking questions: Is there still really a fight for privacy?Inspired by a conversation with a CTO who claimed privacy was a lost battle and security had taken center stage, Milou reflects on the diverse perspectives shared by guests throughout the past year. This episode compiles compelling insights from the Socializing Network—a lineup of expert speakers who weighed in on whether privacy is still worth fighting for or if it has already been overshadowed by broader security concerns.With so many incredible voices and thought-provoking answers, this discussion is just the beginning. Stay tuned for Part Two next week, where even more industry leaders share their take on privacy in the modern era.Chapters00:00 Welcome to a Special Edition00:38 The Big Question: Is Privacy Still a Fight Worth Having?03:15 The Catalyst: A CTO’s Perspective on Privacy vs. Security08:42 Perspectives from the Socializing Network – Key Takeaways from 202418:30 The Evolution of Privacy Concerns in the Digital Age25:12 Why Some Believe the Fight is Over30:45 The Argument for Keeping Privacy at the Forefront36:20 Wrapping Up – What’s Next in 2025?

In this episode of Socializing Security, Milou and Brian take a step back to reflect on the rollercoaster that was 2024. From the explosive rise of generative AI to personal growth and the power of strong relationships, they unpack the biggest trends, challenges, and wins of the year.They dive into AI’s evolving role in security and privacy, debating whether it’s truly transformative or just another overhyped bubble. The conversation also gets personal as they share what they’ve learned from a year of podcasting—navigating adversity, balancing passion with sustainability, and the unexpected friendships formed along the way.They also get into why soft skills are a game-changer in cybersecurity, why going back to basics is still the best strategy for security programs, and what’s ahead for Socializing Security in 2025. It’s a candid, insightful, and (as always) fun conversation you won’t want to miss!Chapters00:00 Reflecting on 2024: A Year of Growth04:09 Generative AI: Boon or Bane?14:39 Personal Highlights and Relationships in 202419:58 The Journey of Podcasting22:26 Facing Adversity Together26:30 Learning from Challenges28:58 The Importance of Soft Skills31:45 Back to Basics in Cybersecurity36:29 Reflecting on Growth and Future Goals

In this episode, Bharat Jogi, Senior Director of Vulnerability and Threat Research at Qualys, discusses the intricacies of threat research, the growing landscape of vulnerabilities, and the importance of responsible disclosure. He emphasizes the need for curiosity and creativity in cybersecurity roles, the challenges of managing an influx of vulnerabilities, and the balance between privacy and security. Bharat also shares insights from Qualys' annual vulnerability report, highlighting the staggering number of CVEs and the need for effective vulnerability management strategies.Bharat Jogi on LinkedIn: https://www.linkedin.com/in/bharat-jogi-3a680b13Qualys Threat Research Unit: https://www.qualys.com/truregreSSHion vulnerability info: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-serverChapters00:00 Intro00:38 Introduction to Threat Research04:39 The Role of Threat Researchers16:29 Responsible Disclosure and Communication23:24 Annual Reports and Industry Insights27:35 The Challenges of Patch Management34:31 The Balance of Privacy and Security39:37 Reflections48:15 Outro

In this episode, Nathanael Iverson, Chief Evangelist at Zentera, discusses the concept of Zero Trust in cybersecurity. He emphasizes the importance of incremental progress, understanding core principles, and the historical context of Zero Trust. The conversation explores the need for organizational change, executive support, and the business case for cybersecurity investments. Nathanael shares insights on identifying critical assets, risk management, and the journey of implementing Zero Trust effectively.Chapters00:00 Introduction to Nathanael Iverson and Chief Evangelism04:02 The History of Zero Trust07:54 Core Principles of Cybersecurity15:26 Incremental Approaches to Zero Trust Implementation19:13 The Value of Zero Trust24:39 The Zero Trust Journey30:36 Organizational Impacts of Zero Trust33:20 The Fight for Privacy vs. Security37:37 Reflections39:38 OutroNathanael on LinkedIn: https://www.linkedin.com/in/nathanaeliversen/Zentera: https://www.zentera.net

In this episode, Brian and Milou talk with Martin Edwards, a seasoned penetration tester, discussing the intricacies of cybersecurity, the importance of curiosity in IT careers, and the dynamics between red and blue teams. They explore the role of certifications, share fascinating stories from the field, and delve into the hiring process for penetration testers. The conversation also touches on physical penetration testing techniques and the ongoing debate between privacy and security in today's tech landscape.
 
Chapters
00:00 Introduction to Martin Edwards and Penetration Testing04:24 Understanding Red Team vs Blue Team Dynamics06:50 The Value of Certifications in Cybersecurity08:16 Favorite Penetration Testing Stories14:05 Physical Pen Testing Techniques and Insights21:07 The Business Value of Penetration Testing32:07 The Evolving Landscape of Privacy and Security36:10 Reflections

In this episode, AJ Nash, founder of Unspoken Security, discusses the challenges and rewards of podcasting in the security space. He emphasizes the importance of authenticity in conversations about security, the need to break the taboo surrounding these discussions, and the generational shift in attitudes towards privacy and security. The conversation also touches on the role of ignorance in security awareness and the challenges of personal security practices. AJ shares insights on creating safe spaces for dialogue and the importance of community in enhancing security awareness.Connect with AJ: https://www.unspokensecurity.com/https://www.linkedin.com/in/nashaj Chapters00:00 Introduction to AJ Nash and Unspoken Security Podcast00:37 Introduction to AJ Nash03:45 Podcasting About the Unspoken Parts of Cybersecurity08:18 Making Security More Approachable14:07 Breaking the Taboo: Why Security Topics Remain Unspoken19:23 The Challenge of Acknowledging Ignorance32:20 The State of Privacy in a Digital Age38:15 Reflections41:25 Outro

In this episode of Socializing Security, Milou and Brian discuss the complexities of job searching during the holiday season, sharing personal experiences with layoffs and the evolving job market in the technology industry. They explore the impact of freelancing and consulting as alternative income sources, the importance of financial planning for job security, and the value of building a supportive network during transitions. The conversation emphasizes lessons learned from their experiences and offers insights for navigating the current job landscape. Chapters00:00 Navigating Job Market Challenges During the Holidays03:03 Personal Experiences with Layoffs and Job Searches05:48 The Impact of Freelancing and Consulting09:04 Financial Planning and Job Security12:09 Building a Supportive Network During Job Transitions14:51 Lessons Learned and Moving Forward21:02 Navigating Job Search Challenges24:25 The Importance of Networking27:13 Effective Job Posting Strategies29:33 Leveraging Social Media for Job Search32:51 Building a Personal Brand35:14 Utilizing Diverse Platforms for Job Opportunities38:33 The Value of Informational Interviews

In this episode of Socializing Security, Milou and Brian discuss various cybersecurity frameworks, their applications, and the importance of compliance in building effective information security programs. They explore the NIST Cybersecurity Framework, MITRE frameworks, CIS Critical Security Controls, and compliance standards like SOC 2 and ISO 27001. The conversation emphasizes the need for organizations to adopt a comprehensive approach to cybersecurity that goes beyond mere compliance, focusing on continuous improvement and maturity models to enhance security posture.
Chapters
00:00 Introduction and Context Setting01:34 Exploring Cybersecurity Frameworks09:24 Deep Dive into NIST Cybersecurity Framework12:48 Understanding MITRE Frameworks15:01 CIS Critical Security Controls Overview18:17 Compliance Frameworks: SOC 2 and ISO 2700121:30 Governance and IT Management Frameworks25:35 Industry-Specific Compliance Standards29:51 Maturity Models in Cybersecurity35:49 Conclusion and Future Discussions

In this episode, Amanda Berlin discusses the importance of mental health in the tech industry, particularly within cybersecurity. She shares her journey in founding Mental Health Hackers, a nonprofit organization aimed at providing support and safe spaces for individuals struggling with mental health issues. The conversation explores the challenges faced by tech professionals, the impact of keynote talks on mental health awareness, and the significance of community support. Amanda emphasizes the need for open discussions about mental health, coping strategies, and the balance between privacy and security in the tech world.Links and Resourceshttps://www.mentalhealthhackers.org https://infosecindustry.com/category/podcasts/brakeing-down-security/If you need help, and it’s an emergency, don’t hesitate and call 988. For less severe situations, Mental Health Hackers has a wealth of information here: https://www.mentalhealthhackers.org/resources-and-links/Chapters00:00 Introduction to Amanda Berlin04:39 The Birth of Mental Health Hackers10:36 Expanding Mental Health Conversations in Tech13:08 Helping Others With Mental Health Hackers21:56 Giving People Space for Mental Health28:31 Finding Professional Help32:17 The Fight for Privacy36:24 Reflections41:25 Outro