Cybersecurity isn't just a concern for large corporations. It's vital for businesses of all sizes. It's essential for companies to know how to protect sensitive data, restore from backups, and regularly test their systems with internal pen tests to keep their teams safe. Today's guest is Bryce Austin. Bryce is the CEO of TCE Strategy, a cybersecurity advisory firm. They provide vulnerability scans, penetration tests, fractional CISO services, and incident response services. He is also a professional speaker on ransomware. Bryce is the fractional CISO to many companies, including one on the S&P 500.

We talk about the key aspects of cybersecurity for businesses, and how to be proactive with patching, training and strong password management. He shares his experiences with major cyber incidents including ransomware, phishing and the Target breach, and how defense in depth, backups and financial controls are key. Bryce also mentioned the use of password managers, regular vulnerability scanning and external monitoring to increase cyber resilience. We share practical tips for all businesses to protect against ever changing cyber threats.

• [00:59] Bryce started TCE Strategy in 2016. It's their goal to keep their clients one step ahead of cybercriminal risk.
• [01:32] He has a degree in chemistry. Technology was just for fun. He ended up working in the payroll space which was ripe for cyber security concerns.
• [03:00] He was really pushing cybersecurity and then their company was purchased by Wells Fargo. It ended up being amazing training for starting his own cybersecurity business.
• [05:24] Bryce shares how he was affected by the Target security breach. He ended up unemployed and was deeply affected by food stamp requirements for his family.
• [07:34] He wanted to make sure he would never go through this again and started his company.
• [08:19] His public speaking began in 2011.
• [09:17] He was indirectly affected by the Target breach, and he also shares his indirect personal one.
• [12:59] Bryce was actually spearfished in 2018.
• [14:36] Incident response is when something happens from a cybersecurity standpoint and damage has occurred. Oftentimes data is encrypted. This is a ransomware attack.
• [17:18] Bryce tells the story about how a hotel was hacked and a large payment was able to be intercepted.
• [18:31] Phishing attacks are where someone clicks on a bad link.
• [20:38] His biggest Christmas gift was none of his clients getting hacked.
• [21:05] They also had a ransom demand where they had to pay a million dollars.
• [23:02] If they would have been looking harder this wouldn't have happened.
• [26:26] Issues with hooking up to the Internet and having default passwords.
• [28:07] Why it's impractical to make ransomware illegal.
• [31:12] Even criminals have a reputation to uphold and usually hand over the encryption key.
• [33:56] Bryce talks about some of the preventative things that people can do.
• [34:47] Be proactive and have diligent patching.
• [35:37] Don't use the same passwords over and over. Use a password keeper.
• [36:54] Have offline backups.
• [38:09] Follow all processes and procedures when moving money. Use unique passwords.
• [39:27] It's important to encrypt your backups.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Bryce Austin
• (612) 730-9897.
• Bryce Austin on LinkedIn

The CISO role is constantly changing. With all the shifts in cybersecurity, it's crucial to find ways to attract new talent to close the growing skills gap. CISOs now juggle complex systems managed at multiple levels and handle burnout amongst many other responsibilities.

Today's guest is Jill Knesek. Jill is the Chief Information Security Officer for Blackline, a company that does financial SaaS solutions. It’s based out of the Los Angeles area. She’s been there almost three years now as the CISO, running the information security team.

She previously served as Chief Security Officer for BT Global Services. She has more than 15 years' experience directing security programs, including service as a special agent for the FBI assigned to the Cyber Crime Squad in Los Angeles Field Office, where she was involved in several high-profile cases, including Kevin Mitnick.

In this episode, we cover the CISO role evolving from low visibility to a C-level position, managing multi-cloud infrastructures and aligning with other teams and the ongoing cybersecurity skills gap and burnout. Jill also talks about incident response and crisis management and collaboration within the cybersecurity community to fill the blind spots and strengthen the defenses.

• [01:23] She's now the Chief Information Security Officer for Blackline, a company that does financial SaaS solutions.
• [02:00] She was also an FBI special agent for 3 and 1/2 years working cybercrime. She was super excited, because this was her lifelong dream.
• [03:35] She loved the FBI, but she knew she could do more for the industry on the private side.
• [04:21] Jill talks about how the CISO role has evolved. It's now a C-level position.
• [06:26] Some of the boards were very interested in what was going on with security. There has to be a balance with funding and proving your success.
• [07:39] Now complexity is an issue.
• [09:03] The cloud adds so many connecting services.
• [11:45] CISOs are getting more responsibility and need more qualified people in their teams. There's a gap with not enough people coming into the cybersecurity industry.
• [12:30] How the idea of stress and working nights and weekends can deter some graduates from the cybersecurity industry.
• [15:15] Boards and executive committees expect the CISO to be right in the middle of things. They want real-time updates and to know what everyone is working on right now.
• [17:47] The importance of keeping a calm level-headed view when something goes wrong.
• [21:41] We learn about the flow of straightening out curves or incidents. Learn during the small incidents and practice the process.
• [23:57] The importance of not scolding the team for being too quick to react. It's better to have a false alarm than to ignore a serious problem.
• [25:10] Jill does a one-to-one with everyone on her team each quarter. She tries to Mentor them with some of the things that she's learned.
• [30:29] We hear about a couple of incidents where ransomware got into the environment.
• [35:01] When someone else reported that something weird was going on in the network.
• [38:27] To help with the talent gap, we need to start introducing cybersecurity at the high school level.
• [42:15] It's important for CISOs to be connected with other groups and events.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Jill Knesek at Blackline
• Jill Knesek on LinkedIn

With the increase in targeted cyber attacks, it's more important than ever for organizations to quickly identify and respond to threats. AI is helping security teams by acting as virtual analysts, handling much of the investigation work. However, human oversight is still essential for the final steps and judgment.

Today's guest is Michael Lyborg. Michael is the Chief Information Security Officer at Swimlane. Prior to taking his current role, Michael was Global Vice President of Advisory Services, a highly sought-after expert by the world's largest Fortune 500 companies and global government agencies to advise on the creation and operation of industry-leading security operations.

In this episode Michael shares his experience and wisdom on today’s cybersecurity challenges. We talk about the balance of automation and human oversight, the risks and rewards of putting AI into security operations, and defense in depth strategies. Michael also covers how military style threat assessments can help with cybersecurity, how AI is evolving for threat prioritization and analysis, and the need for continuous testing and monitoring to prevent automation failures. If you want to know how to stay ahead in a complex cyber world, this episode is full of practical advice.

• [01:06] Michael has been with Swimlane for about 7 years mainly focusing on larger enterprises, government clients, and partners. He's helping with the automation journey and experience. He also built security programs for other companies and was a Marine.
• [02:07] Prior to the Marines, he did IT and network security. Michael is originally from Sweden.
• [04:22] Operational risk management or conducting a limited threat assessment. He's always thinking like a hacker and looking for gaps in security.
• [06:29] Michael tells a story about his wife's recent experience with a cybersecurity scam.
• [12:11] How a company decides what level of friction is appropriate to implement proper security.
• [13:59] Michael talks about balancing what is and isn’t automated.
• [16:16] Michael shares the story about his early days of automation.
• [17:23] Continuously review and monitor your automations.
• [18:41] Starting with documentation is a good first step.
• [21:45] Michael talks about how awesome it is being able to work in security and automation and help businesses grow and achieve outcomes. He believes in automating the mundane tasks.
• [22:26] We learn about AI being involved in the defensive side of cybersecurity.
• [24:50] AI can also bridge the gap between the security team and non-technical people.
• [26:33] We discuss places where AI probably shouldn't be used.
• [27:58] Find where AI works for you and then think about incorporating it in your security services.
• [31:01] The importance of having controls in place when using AI whether it's for security or data analysis.
• [33:00] Risk can be reduced by training on specific tasks.
• [34:18] Michael shares the value of mixing human and artificial intelligence through Swimlane.
• [39:08] The importance of bridging gaps and getting rid of silos.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Michael Lyborg on Swimlane
• Michael Lyborg on LinkedIn

The landscape of cybersecurity training and collaboration is changing, interactive education sessions and cross team communication is key. Building a security culture and staying ahead of the modern threats has never been more important. Today’s guest is Howard Goodman, Senior Technical Director at Skybox Security.

With over 20 years of experience Howard has become a well known figure in the cybersecurity world, he combines strategic planning with hands-on application across many industries. In this episode we talk about; security culture, the evolution of cybersecurity training and how Howard got phished during COVID. We also cover organisational challenges, best practices and the future of cybersecurity.

• [00:48] Howard has a doctorate in cyber operations from Dakota State University. Besides working for Skybox Security, he's also an adjunct professor teaching graduate courses about cyber security.
• [01:48] Howard shares a phishing experience when he and his wife were selling on eBay during COVID.
• [03:34] If the pros can fall for something, regular people can too. We need to be on our game 100% of the time.
• [04:53] We talk about opportunities for adversaries to get in when companies have large cybersecurity teams with a lot of moving parts.
• [05:29] A lot of people ignore phishing attempts instead of reporting them.
• [06:04] It comes down to organizations training their people properly. Cyber security training is becoming more interesting, because the boring stuff just doesn't hold people's attention.
• [10:13] When talking about threats, they focus on the exposure side and the exploitability side. With most businesses, functionality comes before security.
• [12:47] Formal testing is required before upgrading security patches to make sure that they don't break down the whole system.
• [13:47] The importance of being able to leverage other security controls while testing patches. Teams need to be able to communicate and act fast.
• [14:52] Knowing about potential risk is the only way to be proactive.
• [16:36] Looking at costs and gaps in technology. Failures are often due to a breakdown in communication.
• [19:33] The approach of starting out security first.
• [25:08] Best practices include cross-training. Working together and training together. Organizations need to run simulations and see how they react as an organization.
• [31:06] Skybox talks to organizations about gaps in security.
• [35:57] We discuss the loss that can happen from not having proper security measures in place.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Dr. Howard Goodman - Skybox Security
• Dr. Howard Goodman on LinkedIn

How do phishing scams, AI-powered attacks, and strategic governance intersect? Together, they're redefining the future of cybersecurity. Organizations are navigating a mix of challenges and implementing innovative solutions to proactively address today's threats.

Today's guest is Kelly Hood. She is the EVP and cybersecurity engineer at Optics Cyber Solutions. She is a CISSP who specializes in implementing cybersecurity and privacy best practices to manage risks and to achieve compliance. She supports the NIST cybersecurity framework and serves as a CMMC registered practitioner, helping organizations strengthen their cybersecurity posture and develop effective risk management strategies.

• [01:06] - Kelly is a cyber security engineer at Optic Cyber Solutions. It's her job to help companies protect themselves.
• [02:17] - Don't be embarrassed if you fall for a phishing scam.
• [03:01] - These attempts are getting more realistic. Kelly shares how she was briefly fooled by a phishing scam that looks like an email from her mother.
• [05:25] - The NIST Cybersecurity Framework is a voluntary framework for defining cybersecurity. An update was put out in February of 2024. They also added a new function.
• [06:01] - The five functions that organize a cybersecurity program have been to identify, protect, detect, respond, and recover. They recently added the govern function.
• [06:38] - The govern function is about defining your business objective and then putting protections in place that makes sense for those objectives.
• [09:01] - The identify function is focused on knowing what we have.
• [09:40] - Protect includes everything from identity management, authentication, training, data security, and platform security.
• [10:12] - Detect is looking at what's happening around us. It's continuous monitoring and knowing what happens if something goes wrong.
• [11:00] - Respond is knowing what the plan is when something does happen.
• [12:01] - Recover is about getting back to normal after something happens.
• [16:22] - Data centers want to make sure that they have redundant power supplies.
• [17:33] - We discuss some of the things that people might forget when identifying cybersecurity assets. Data and people need to be thought about as well as systems and hardware.
• [21:00] - We need to write things down and understand what systems and data connections we have.
• [23:10] - We talk about the importance of being aware of the physical space and who is actually supposed to be there.
• [24:46] - Data is one of the assets that often gets overlooked for protection. There are many new requirements that require data to be protected.
• [27:54] - Monitoring to understand what traffic you should expect and what is and isn't normal activity is also important.
• [31:10] - Transparency and communication are paramount for creating trust.
• [33:51] - Sometimes recovery doesn't mean 100%. Get up and running and prioritize the systems that matter most.
• [36:56] - With governance, you really want to look at what you're trying to do with the business and then translate cybersecurity to fit that objective.
• [37:27] - Have guidance documentation in place and have oversight.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Optic Cyber Solutions
• (MaPT) Maturity and Progress Tracker
• Optic Cyber Solutions on LinkedIn
• Optic Cyber YouTube
• NIST Cybersecurity Framework

When you search for customer service numbers online, you might come across a scammer’s number instead. It’s important to be cautious when sharing personal information, and to verify identities before responding to requests for sensitive data.

Today’s guest is Mona Terry. As Chief Victims Officer at Identity Theft Resource Center, she navigates the complexities of identity protection and identity crime recovery and management of multi-million dollar federal grants. She analyzes victim experiences to create ITRC’s Identity Report and to provide information about new and ongoing trends in identity crimes.

• [0:55] - Mona describes her role as Chief Victims Officer at Identity Theft Resource Center and how she found herself in this job.
• [3:18] - Identity crimes include theft, compromise, and misuse. What’s the difference?
• [4:26] - The number one recorded compromise is through scams, where people give their information to someone else.
• [5:30] - It is also becoming more common for someone to search for a customer service number and come across a scammer’s number instead.
• [7:01] - Some of the strategies in detecting fake websites are not helpful any longer with scammers using AI tools to make things look more legitimate.
• [10:10] - Misuse is when someone else takes over your account and is making charges or establishing new accounts in your name.
• [11:41] - Account takeovers don't only include credit cards. Social media account takeovers can be just as dangerous and more common.
• [13:28] - Identity theft is what it sounds like—stealing information with the intent to misuse it.
• [15:24] - If you suspect something is compromised, Mona recommends freezing your credit account.
• [16:45] - Freezing your account and checking credit reports is easier than it used to be.
• [19:32] - Mona describes how the Identity Theft Resource Center walks victims through the steps in resolving problems.
• [21:23] - Some situations are harder to resolve than others.
• [23:51] - Team members at Identity Theft Resource Center are not therapists, but they are trauma informed and listen to victims as they are guided through a process.
• [26:27] - When working with the Identity Theft Resource Center, clients get a recovery plan.
• [29:08] - If victims have tried something or don’t feel comfortable with something, ITRC can step in and help.
• [31:50] - Don’t be afraid to check for problems. Sometimes problems don’t show themselves immediately.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Identity Theft Resource Center Website

We often put off changes and schedule them to start on January 1st. Many of these idealistic resolutions fail shortly after beginning, so it is important to be thoughtful when planning so that you can set yourself up for success.

Today’s guest is Dr. Leslie Becker-Phelps. Leslie is a noted psychologist who authored a number of books, including Insecure in Love, The Insecure in Love Workbook, and Bouncing Back from Rejection. She writes the Authentically You Blog and the Psychology Today Making Change Blog. Additionally, she is a national speaker and hosts a YouTube channel.

• [1:00] - Leslie describes what she does in her career as a psychologist and author.
• [2:32] - Throughout her work, Leslie continued to go back to the question, “What makes it so hard for some people to change?”
• [5:47] - There’s nothing wrong with New Year's Resolutions. But waiting to start making a change till a specific day is not effective.
• [7:02] - You can feel good about yourself and recognize that change is good to move towards.
• [8:23] - When people are insecurely attached, they have a negative sense of self. What is driving them forward is negativity.
• [9:58] - It takes a lot of work to be able to be compassionate with yourself.
• [11:49] - Leslie discusses some small changes she made for herself that allowed her to be consistent.
• [15:04] - Leslie explains the Michelangelo Effect.
• [17:47] - Relationships you are in have an impact on your self-esteem.
• [19:02] - Just because it feels true, doesn’t mean it is true.
• [20:17] - Adding in the word “yet” gives us an idea of a future that will be different.
• [21:24] - Setbacks will happen, but they are not failures.
• [24:18] - You have to be persistent in making changes you want to make.
• [26:47] - If you can’t seem to make a change, you have to get into the micro parts of yourself and find out why.
• [28:32] - Leslie suggests making different levels of goals.
• [30:15] - Prepare yourself for good days and bad days. How can you support yourself on a down day?
• [33:10] - When you are having really good days, you can clearly remember the days you struggle. Write a letter to your future self on a down day.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Dr. Leslie Becker-Phelps Website
• Dr. Leslie Becker-Phelps on YouTube