This week Allan attended the HIP Global conference in New Orleans, which happens to be Allan's favorite city in America. The conference was outstanding - no sales pitches, no nonsense, just many experts speaking on the topic of securing identity.  Entra ID, Okta, AD folks all were present, and it was amazing. Allan got to interview some AMAZING guests from all walks of identity life, including one gentleman whose pedigree includes a rather critical national role right out the White...

In this episode Allan and Drew consult Tim Rohrbaugh, who has done quite a lot of research and work on the practical applications, deployment, use cases and limits of GenAI and LLM. Flavors and incarnations of AI - GenAI, Expert Systems, ML... Biomimicry and Allan's weird sea cucumber references Practical LLM deployment - Tim's maxims Offline or online?  Open or proprietary models? Precision, accuracy, asking the right questions in the first place Your smartest employee as your limiting...

Howdy, y'all!  With American presidential elections already under way, Allan and Drew decided that scrambling to get Kirsten Davies on the show for this week's show (the last one before formal Election Day) was paramount.  Kirsten has been on our potential guest list for years now, as she is a multiple-times Fortune 500 CISO. But now Kirsten is CEO and Founder of The Institute for Cyber Civics, a non-partisan non-profit aimed at empowering poll workers and poll volunteers to recognize and...

Our guest today is Babbette Jackson, aka Technically__Rose of YouTube and Instagram fame! Babbette is in DLP and Insider threat analysis.  She has worked in places as far flung as Edward Jones, Juniper Networks, and Bank of America.  More importantly, Babbette is quite involved in the intersection of social media and community engagement. How do we use social media to engage others across generations and to and encourage community participation? Allan, Drew and Babbette discuss: We’ve been...

Who and what you are, your personality, your style, your thoughts...  That’s all about to change.  For one thing you are already a product on “free to use” social media.  You don’t really own things you think you own (We're looking at you, Steam!)  Even your intellectual property is up for grabs now in ways you can’t see coming.  Hollywood actors are selling the rights to their digital likenesses, and meanwhile, others are stealing such rights via technological loopholes.  All media exists,...

Jason Shockey, CISO of Cenlar FSB, and 25 year veteran of cybersecurity, has a formula for running an excellent cybersecurity program. He studied a great deal in his various cybersecurity roles before leaping into a CISO role, and the studying paid off! Jason and Allan and Drew discuss the following: Identifying Common Pitfalls Promoting Team Well-Being and Efficiency Engaging and Education the Board Strategies for Effective Program Design ALL in the span of one rapid-fire show!  Do give it a...

Cyber as precursor to kinetic warfare?  What about cyber AS warfare?  And social media infiltration and propaganda?  Join Allan and Drew as they invite Dave Schroeder, a renowned expert in this field, to discuss the active use of cybersecurity and social media as warfare between the Western World and China, Iraq, Russia and North Korea.  They cover: Insertion of fake IT employees into key companies Political influence operations (divide and conquer) Precursors to kinetic war being the...

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  Our guest today is Tim Brown.  If you don’t’ know who Tim Brown is, he is the CISO at SolarWinds, and as such, is one of us. Or maybe in a way, he is all of us, really.  Tim advises and has held various other roles in the past, including product roles, which our listeners know are well-respected skills down at the 'Ranch. The topic today is cyber regulation.  It can range from self-regulation to associations, principles, practices,...

What can we established cybersecurity practitioners ACTUALLY do to help those new in the field besides blathering back and forth about the problem in the echo chamber that is LinkedIn? Drew got the clever idea of inviting three folks who are brand new to the field or barely started on their cyber journey, and, get this: ASKING them what they're experiencing and what they need! Clever, huh? It's an eye-opening show for a CISO. We are join on this week's episode by Amé Venter, May Ferreira, and...

Howdy, y’all!  Our guest today is Wade Baker, cybersecurity researcher, entrepreneur, professor…  Wade is a Board of Directors member of the FAIR Institute, was an Advisory Board Member at the RSA Conference, was VP of Strategy & Risk Analytics at ThreatConnect, and is now Co-Founder of Cyentia Institute, which aims to advance cybersecurity knowledge and practice through data-driven research.  Wade joins Drew and Allan to talk about (go figure!) data-driven cybersecurity.  The three smash...

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  Our guest is Michael Santarcangelo, Founder and President at Security Catalyst.  He’s a former podcaster – co-creator of Business Security Weekly, he even did a stint on Down the Security Rabbit Hole with Raf and James.  True fact, hearing Santa (as his friends call him) and Paul Asadoorian on Business Security Weekly is what inspired Allan to become a podcaster in the first place!  But "Santa" (as his friends call him) has done the...

Your organization runs on commercial software far more than it does open source.  But all you are delivered is binaries.  What is your technical control to ensure that you are safe from this software? Such software is composed of: Open source libraries Proprietary code 3rd-party proprietary libraries You need to be able to see it, understand it, probe it for malware, backdoors, corruption, CVEs, KEVs, etc.  Well now you can.  SBOMs are just the beginning... Allan and Drew are joined by Sasa...

This is our third and final episode of this miniseries.  In this episode we are joined by Ross Young, a well-established member of the cybersecurity community with a storied background and penchant for giving back via various means.  Ross joins Allan and Drew in exploring the role of technology in the People, Process and Technology triad. Questions covered: The traditional triad of people, process, technology has been with us since 1964, from an era when digital systems were in their infancy...

Howdy, y'all!  In part two of our three-part miniseries, we tackle Process with Malcolm Harkins.  Malcolm is former CISO at Intel, a good friend of Allan's, former Cylance Chief Trust and Security Officer, member of the board of director over at TrustMAPP (where Allan used to be COO), and is now at Hidden Layer, working to secure AI.  Hidden Layer did not sponsor this show. Allan, Drew and Malcolm discuss the following: People, process technology – what is the role of process in that...

Thanks for listening, y'all!  Our next show is all about Process (we already did a show on People) and after that comes Technology. Y'all be good now!

Jeremiah Roe has held many roles in cybersecurity:  Field CISO, Red Teamer, Advisor, Consultant, Etc.  He currently advises for OffSec, who provide quality cybersecurity training.  Drew Simonis and Allan Alford determined that Jeremiah would be a great guest for launching a 3-part mini series - each of the three shows exploring People, Process and Technology respectively. The three cover the following topics in a lively conversation that journeys into several aspects of People as they relate...

Drew and Allan were skeptical about SABSA, as it is a model one CISO friend described as being "only good for a graduate student writing a paper!"  Another CISO pointed out that SABSA was designed long before modern engineering practices. Andrew Townley, a long-term SABSA consultant, on the other hand, gets straight to the practicality of it.  There is indeed an academic and theoretical foundation behind SABSA, but it is most definitely leveraged for one purpose -  to achieve desirable...

Hang on to your saddle for this one!  Drew Simonis joins Allan as his new co-host in a show where the two of them explore alternative models for selling and funding the cyber mission! You probably know about corporate social responsibility initiatives. Did you know that it's not a a new idea in the history of capitalism, but rather a throwback? Before shareholder capitalism, there was stakeholder capitalism: Stakeholder capitalism proposes that corporations should serve the interests of all...

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  Our guest toda is Tomer Schwartz, co-founder and CTO over at Dazz  Yup!  He’s a vendor!  And OMG he’s a sponsoring vendor too! Whatever will we do?  But wait, y’all know Allan's rule:  Vendors are allowed on the show if and when they can add more value on a given subject vs. any practitioners in The Cyber Ranch network.  Tomer fits that bill perfectly!  Tomer has worked in the Microsoft Security Response Center, he’s the former Armis...

If leadership exists in good and bad forms, so must followership. Leadership can exist both by designation, and dynamically, as manifested by folks who may not have an official leader title. And yet we don't measure followership, and our measurements of leadership leave something to be desired... Join Allan Alford as he flies solo this week exploring these topics and suggesting a better way forward. Y'all be good now!

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  Our guest is Nathan Case, who is a previous guest from a multi-guest show.  Nate has been a CISO, CTO, Strategist, consultant, CEO, and all kinds of other things.  His career is as colorful and varied as Allan's – maybe even more so.  Nat's chosen topic is “There is no such thing as security!”  So without further ado, let’s dive in! What do you mean when you say “There is no such thing as security!”? Nate outlines declares it as way to...

In this show, Allan interviews seven guests and asks them questions from a list of 21: Omkhar Arasaratnam“How do we leverage LLMs for our own use in cybersecurity?”"How do you challenge your own precepts and assumptions to stay current in your role?" Ofer Klein“How do you describe what you do in cybersecurity to someone at a cocktail party who knows nothing about cyber?""How do you explain to the business the value you bring and the risks you solve?" Rick Doten"What message do you have for...

In this show, Allan interviews seven guests and asks them questions from a list of 21:   Chris "Cpat" Patteson “Why do so many CISOs think cybersecurity insurance is snake oil?”   Johann Balaguer “People, process, technology - Which is the most important and why?” "What do you want your fellow community of CISOs to know?"   Lee Krause “What are we still doing wrong in cybersecurity?"   Ken Foster “What are we still doing wrong in cybersecurity?" "How do we articulate risk to the...

In this show, Allan interviews nine guests and asks them questions from a list of 21:   Dr. Deanna Caputo “How do you measure and articulate risk to the business?” “People, process or technology?”   Carlos Guerrero “How do we foster community in cybersecurity?”   Elliott Franklin “Governance, Risk Management, and Compliance – Which of the three is most important?” “What does progress look like in cybersecurity?”   Corey Bodzin “With regards to AI & LLM, what is the impact to...