Joining the podcast this week is Maria Roat, who has had an impressive career in both government and the private sector for more than 35 years. She shares insights on the power of thinking from her time in government. Among the many roles, she held included Deputy Federal CIO and Small Business Administration CIO. The opportunities she helped identify to change the system from the inside out. 

In honor of November as Infrastructure Awareness Month, we wanted to bring back this episode from our 2021 archives with Rob Lee, CEO and co-founder of Dragos. He breaks down the Operational Technology (OT) challenge that many businesses are facing today including a lack of clarity on who within the business owns OT and defining what acceptable OT risk means within the business.

Joining the podcast this week is Eric Mill. He’s Senior Advisor on Technology and Cybersecurity to the Federal CIO in the Office of Management and Budget (OMB). We discuss some of the latest and impactful security initiatives, policies, and technologies in the U.S. Government today, including highlights from some that OMB is helping to drive.

Joining us this week is Peter W. Singer. He’s a New York Times bestselling author of books including Ghost Fleet, LikeWar, and the techno-thriller Burn In. He shares details on the New America non-profit organization and its awesome #SharetheMicinCyber program helping to bring a diversity of thought to the cybersecurity front lines. 

This week we officially welcome Petko Stoyanov as the new co-host for the To The Point podcast. Petko shares his perspective on how he found his way to cyber, the origin of the name “Petko”, and differences in working in government and the private sector. We also discuss the state of the cybersecurity landscape and the ongoing challenge of attribution – which is really asking the question, “Who is smarter” in executing cyber attacks?

We’re excited to welcome back Derek Weeks, recognized as the world’s foremost researcher on the topic of DevSecOps and securing software supply chains! Derek shares insights on how little has changed relative to securing software supply chains and using SBOMs in the two years since we last caught up with him.

Joining the podcast this week is Eva Galperin, Director of Cybersecurity for the Electronic Frontier Foundation (EFF). She is also the co-founder of the Coalition Against Stalkerware and has long been a champion for providing digital privacy and security for vulnerable populations around the world. “What is stalkerware?” many may ask. Stalkerware is considered a more personal way of invading someone's privacy such as using malware to track a person’s activity on a device.

 Joining us this week are Richard Grabowski, Acting Program Manager for CISA’s CDM Program, and Jonathan McBride, Chief of Adversary Pursuit for CISA’s Threat Hunting Subdivision. We dive into the hot topics of threat hunting, adversary pursuit, the evolution of CISA over the years including the growth and maturity of the organization, the power of public/private partnerships, and the drive for innovation.

Joining us this week is Christian Folini (@chrfolini), co-lead of the OWASP Core Rule Set project, co-author of the second edition of ModSecurity Handbook, and one of the few teachers on this subject. He brings a first to the podcast – a discussion on ModSecurity and the OWASP project! For those that are new to these topics, Christian shares many insights on the OWASP volunteer organization mission and how it serves as the first line of defense against web application attacks.

Closing out Insider Threat Awareness Month with us is Dr. Maria Bada, Ph.D., a Lecturer in Cyberpsychology at Queen Mary University in London and a RISCS Fellow in cybercrime. Maria shares insights on the insider risk challenge through a human-centric lens and the criticality of educational awareness, transparency, and training (Note: check out AwareGo!) to better mitigate the threat. When 98% of organizations are vulnerable to insider risks, and the “accidental” insider is the one most often reported, empowering employees with tools and knowledge to understand and be aware of the threats can really make a positive impact.