Skip to main content
Cybr Podcast

Cybr Podcast

By Cybr, Inc.

Cybersecurity career, technology, and success tips.
Available on
Apple Podcasts Logo
Google Podcasts Logo
Spotify Logo
Currently playing episode

Infiltrating a cybercrime group wearing a wire with ex-FBI Supervisory Special Agent

Cybr PodcastSep 20, 2023

00:00
34:56
Infiltrating a cybercrime group wearing a wire with ex-FBI Supervisory Special Agent

Infiltrating a cybercrime group wearing a wire with ex-FBI Supervisory Special Agent

Shane Sims is back on the show with a gripping story. Seriously, if Netflix decided to make a movie or mini-series about this, I wouldn’t even be surprised…except this really happened and you’re about to get a front-row seat to how it unfolded. Shane wore a wire and infiltrated a cybercrime group back in 2005 that was stealing intellectual property from organizations, including defense contractors. Normally when you think of cybercrime groups, you don’t think in-person meetings or “wearing wires” to catch them in the act. But this group primarily exploited wireless networks to exfiltrate IP and sensitive data, and then turned around to extort the organization. Catching them in the act required Shane to go undercover. They met in hotel rooms with SWAT teams on stand-by, they met in vans to carry out attacks, and they finally gathered enough evidence to arrest and charge the suspects. Hear about all of that from start to finish in this epic episode.

Sep 20, 202334:56
The evolution of cybercrime and career advice with ex-FBI Supervisory Special Agent Shane Sims

The evolution of cybercrime and career advice with ex-FBI Supervisory Special Agent Shane Sims

This is our most intense episode to date, and it's a fascinating one. Peer into the world of the FBI and its response to cybercrime all the way back to the 1990s. Shane was a Supervisory Special Agent responsible for building a cyber offense unit and capabilities & led all cyber offensive operations in support of counterterrorism, counterintelligence, and cybercrime matters. Later, he transferred to the FBI's Critical Incident Response Group to help develop and lead a crisis response organization charged with countering WMD threats on US soil working closely with the Department of Defense's Joint Special Operations Command, White House, and other government agencies. After the FBI, Shane worked at PwC and KPMG for a number of years, and he is now the CEO of Kivu, a full-service cybersecurity consulting firm that offers services in three core divisions: advisory services, managed services, and response services.

Aug 09, 202329:39
AWS Security: Getting started, in-demand jobs, and what to focus on

AWS Security: Getting started, in-demand jobs, and what to focus on

In this episode, Kostas and I discuss how to get started with AWS security, what beginners and practitioners should focus on, and what’s currently hot and in-demand job wise. Kostas is the co-author of our course on Cybr: Introduction to AWS Security.
Jul 26, 202322:11
Land your first Pentester job without prior IT experience

Land your first Pentester job without prior IT experience

In this episode, Cybr community member Eric Gimbel walks us through step-by-step how he landed a Junior Penetration Tester job without having prior cybersecurity or IT experience. If you’ve ever been told “you need help desk experience first” or “you need 5+ years in IT before you can apply” then you need to listen to this episode, because our guest did neither of those to land his Pentester job, and he gives you a step-by-step framework so you can do it too.
Sep 15, 202253:31
DevOps, Containers, Kubernetes, and their security implications

DevOps, Containers, Kubernetes, and their security implications

In this episode, we talk about DevOps, what containers are and when they’re helpful, and Kubernetes. We also discuss security concerns to be aware of when using these technologies. Our guest, Chad Crowell, has extensive experience as a DevOps engineer and working with cloud environments. He’s a Microsoft Certified Trainer and author, and currently a Director of IT for an IT services provider.
Aug 31, 202234:40
Terraform and Infrastructure as Code with Derek Morgan

Terraform and Infrastructure as Code with Derek Morgan

Heard of Terraform and Infrastructure as Code, but not too sure what it is or how to get started? In this episode, Derek Morgan explains why IaC is important, how tools like Terraform can be used, and we talk about an infrastructure delivery platform called Spacelift.
Aug 10, 202228:11
Starting a passwordless authentication company with Dan Frye

Starting a passwordless authentication company with Dan Frye

Dan Frye joins us to talk about becoming a CISO, and then leaving that position to start his own cybersecurity startup company. His startup (Rocketansky) aimed to replace passwords and 2FA with passwordless authentication. We chat about his experience founding that business, the challenges he went through during the 2 years of running it, and why he decided it was time to shut it down.
May 16, 202239:10
Vulnerability assessments, bug bounties, pentests, and red team engagements with Daniel Miessler

Vulnerability assessments, bug bounties, pentests, and red team engagements with Daniel Miessler

Daniel Miessler joins us to talk about how security assessments often get confused and misused. We talk about vulnerability assessments versus bug bounties versus pentests versus red team engagements. Oh and what’s purple team really supposed to be anyway? We wrap up by talking career advice for those interested in a role related to security assessments.
Apr 18, 202236:20
A day in the life of a Threat Researcher at the Microsoft Threat Intelligence Center

A day in the life of a Threat Researcher at the Microsoft Threat Intelligence Center

Roberto Rodriguez (@Cyb3rWard0g) talks to us about what it’s like to be a Threat Researcher at the Microsoft Threat Intelligence Center. We talk about how he got started, what a day in his life looks like, what the differences are between threat research, threat hunting, pentesting, etc...and we talk about resources that he’s created and that could help you out, including his online and interactive book called the Threat Hunter Playbook.

Apr 11, 202245:28
Becoming a Threat Intelligence Analyst and Warrior with Nicole Hoffman

Becoming a Threat Intelligence Analyst and Warrior with Nicole Hoffman

Nicole Hoffman (@threathuntergrl) talks to us about what it’s like to be in threat intelligence and how she became an intel analyst. What I love about her story is that it’s *not* a straightforward path. Her path to cybersecurity is a winding road with lots of twists and turns. I hope that by hearing Nicole’s story, it can help you break through and land your first role or your dream role since she provides actionable advice. Definitely worth a listen if you have any interest in threat intel and threat hunting!
Mar 14, 202228:34
Managing IT & Security for businesses with Joel Miller

Managing IT & Security for businesses with Joel Miller

Joel is an experienced IT security professional with over 25 years of experience in the design, development, deployment, and management of enterprise systems. In this episode, he shares how he manages IT & security for multiple car dealership locations simultaneously, and what he looks for when hiring.
Feb 09, 202226:34
From baker to Full-Stack Developer with Miwha Geschwind

From baker to Full-Stack Developer with Miwha Geschwind

I met Miwha at a local meetup here in Denver, and we started talking about her job, how she got that job, and what led her down the path of web development. She told me that she used to have her own pastry baking business but a series of events led to her joining a coding boot camp, and then getting a full-time dev job soon after that. Then, as we were planning this episode, she announced that she had just landed yet another job! So for this episode, Miwha shares her story with us so that 1) if anyone listening is thinking of transitioning to the IT industry, they can see that it’s absolutely possible, and 2) so that we can get practical tips on how to land a job in the IT industry and in present times.
Nov 15, 202128:48
How to get your first IT/cybersec job with Jenny Codes

How to get your first IT/cybersec job with Jenny Codes

When I met Jenny about a year ago, she was wrapping up her Master’s degree. A year later, she’d transitioned from being an intern, to freelancing, contracting, and now, landing a full-time software engineering role. I invited her to the show so that we could learn how she pulled this off in such a short period of time.
Sep 22, 202127:36
How to get started and breakthrough in Bug Bounty Hunting with Hakluke

How to get started and breakthrough in Bug Bounty Hunting with Hakluke

Luke Stephens (aka Hakluke) has been a Pentester, Bug Bounty Hunter, and he recently worked at Bugcrowd before striking out on his own. In this episode, I ask him about his role at Bugcrowd (a bug bounty platform), how he got started in bug bounty hunting, and how he found his first bug. Coming from a pentesting background, he initially struggled to transition to a bug bounty hunting mindset. He shares what helped him break through that initial struggle, how he balances automation vs manual hunting, and his process to determine how long to spend on a specific target. If you’re interested in bug bounty hunting, this is absolutely an episode you should listen to.
Jun 17, 202134:13
Building and maturing AppSec programs in startups

Building and maturing AppSec programs in startups

Spyros Gasteratos (@0xfde) is an AppSec Lead at a Fintech startup, where he manages their AppSec team in charge of securing their application’s code. We talk about their current architecture, their biggest security challenges as a Fintech organization, and how Spyros helped take the beginnings of an Application Security program to a higher maturity level. This episode contains advice I wish I’d heard years ago on how to involve AppSec early in the product lifecycle, and how to know where to focus your efforts when there’s so much going on. A must-listen if you are a startup or you’re building out an AppSec program.
Jun 02, 202129:18
Landing your first job and certification in cybersecurity with Emily Pearson

Landing your first job and certification in cybersecurity with Emily Pearson

After working in Signals Intelligence for the Navy, Emily decided she wanted to pursue a career in cybersecurity. In this episode, she shares the steps she took to transition from active duty to being a full-time student, getting her Security+ certification, and landing her first job as a SOC Analyst in Seattle. She also shares whether her education and certification helped with getting that job, and other tips for not only getting started, but staying on track with learning goals.
Feb 25, 202130:47
Incident Response as a career with Matt Trostel

Incident Response as a career with Matt Trostel

Hear from a Cybersecurity Incident Response Team Lead at a Fortune 50 company what it’s like to be on the Blue Team fighting off threats and Red Teams with fascinating stories. On top of that, we get career advice from Matt on how to get started in this field with practical tips.
Feb 17, 202134:12
So you want to be CIO? Here’s how to stand out and make the cut (3 of 3)

So you want to be CIO? Here’s how to stand out and make the cut (3 of 3)

In our 3rd episode of the CIO mini-series with Kevin Christ, we talk about the last stretch to becoming CIO. This episode is for those who are mid-career and who want to enhance their chances to join the CIO ranks. The episode starts out with bad news based on chilling facts that odds aren’t in your favor. But, that doesn’t mean you should throw in the towel just yet. Kevin shares actionable advice on how to find opportunities, how to make yourself stand out, and how to increase your chances of earning the title.
Dec 16, 202033:20
Public schools are being targeted by Cybercriminals

Public schools are being targeted by Cybercriminals

In this episode, Eric Lankford and Doug Levin join us to shine a light on the disturbing and dangerous cyber threats academic institutions are facing. Cyberattacks are a significant and growing threat to our nation’s K-12 public schools, students, and employees. There were ~350 publicly disclosed cybersecurity incidents that impacted K-12 schools in 2019. They primarily consisted of data breaches resulting in unauthorized disclosures of student/staff data, ransomware and other malware attacks, phishing attacks, and other social engineering scams as well as denial-of-service attacks. With only 5% of surveyed IT teams feeling that student data is at high risk.

Oct 30, 202030:17
How to increase diversity & inclusion in IT organizations with Roshanda King

How to increase diversity & inclusion in IT organizations with Roshanda King

In this episode, Roshanda King joins Shawna & Christophe in discussing how organizations (and the people within them) can work to proactively increase diversity and inclusion. As she is part of a Diversity & Inclusion Program at her current organization, you will get direct insights into what has worked for them, all the way from onboarding new hires, to best practices for existing employees and managers. This was such an uplifting episode, and we hope you enjoy it as much as we enjoyed recording it!
Oct 06, 202040:21
Have you heard of the National Cyber Moonshot initiative?

Have you heard of the National Cyber Moonshot initiative?

In this episode, our guests Bobbie Stempfley, Tom Patterson, and Eric Lankford explain and share what the National Cyber Moonshot initiative is, and the six strategic pillars for a safe and secure internet to bring economic growth, national security, enhanced privacy, technology advances, and global leadership benefits. Specifically, this episode focuses on the Cyber Education workshop, which is convening with leading experts and practitioners to look at breakthrough concepts and realities in use across the nation and around the world. The goal of the Education Pillar is to dramatically increase the availability, quality, and diversity of cybersecurity talent in the United States for Cybersecurity Moonshot Initiative strategic focus areas, while also educating all citizens of their shared responsibilities in creating a safe and secure internet environment. Bobbie has served at both DHS and CERT and now works for Dell’s office of the CISO. Tom is the Chief Trust Officer of Unisys, and Eric is the founding partner of K12 SIX.

Sep 30, 202019:21
Build a career story that will kick open the doors to CIO with Kevin Christ (2 of 3)

Build a career story that will kick open the doors to CIO with Kevin Christ (2 of 3)

In this 2nd episode (series of 3), we welcome back Kevin Christ to pick up where we left off with the 1st episode: answering the question of “what can I do in my early career to set myself up for the CIO position?” If you have aspirations to become a CIO/CTO/etc... then definitely check out this episode because it will be full of actionable tips you can implement now.
Sep 28, 202031:42
Luck is when opportunity meets preparation. Start preparing to become a CIO now, with Kevin Christ (1 of 3)

Luck is when opportunity meets preparation. Start preparing to become a CIO now, with Kevin Christ (1 of 3)

In this episode, we explain what it means to be a CIO/CTO and we answer the question of “who makes it to that level, and how?” We explain the roles and responsibilities that CIOs face, how those are constantly evolving every few years, and how CIOs must re-invent themselves over time. We then talk about the typical paths to becoming a CIO, as well as tips & tricks that our guest has collected throughout his career. Our guest, Kevin Christ, is an IT consulting leader, CIO coach, and transformational interim CIO with many years of experience at both large and boutique consulting firms. He was named a top 25 consultant by consulting magazine for excellence in technology. In short, this is right up his alley! This is definitely an episode full of actionable career advice that you won’t want to miss.
Sep 02, 202027:21
A day in the life at a SOC, and entry-level positions, skills, and success tips with Bob Salmans

A day in the life at a SOC, and entry-level positions, skills, and success tips with Bob Salmans

Bob Salmans, a repeat guest, has led a Security Operations Center (SOC) team with various roles and responsibilities including: threat hunting, pen testing, incident response, security risks assessments, compliance, and training. In this episode, he shares what a day in the life of a SOC team looks like, as well as tips, skills, and knowledge to focus on for an entry-level position in a SOC. We also discuss potential career paths once you’ve been in a SOC team, and more.
Jul 17, 202035:40
Top skills and technologies to focus on as a beginner in cybersecurity with Bob Salmans

Top skills and technologies to focus on as a beginner in cybersecurity with Bob Salmans

Bob Salmans has over 25 years of IT experience in various roles, including serving as the Security Team Lead for the AME Group which is an IT Services company, where he leads a team that provides managed security services to their clients. In this episode, we talk about top skills to build if you’re a beginner in cybersec looking for entry-level jobs, and we talk about the top technologies that are most critical to learn for aspiring cybersec job candidates. We also talk about overcoming that dreaded “lack of experience” response when applying for jobs, and more!
Jul 17, 202027:01
Lack IT or cybersecurity experience? Here’s how to stand out with Tom Sweet

Lack IT or cybersecurity experience? Here’s how to stand out with Tom Sweet

Tom Sweet is a VP of IT Solutions at GM Financial, where he has successfully implemented and led training and upskilling programs. In this episode, he shares tips on how to overcome a lack of experience when applying for IT or cybersec jobs, and what skills/technologies to focus on learning. He also shares advice on how to make your resume, experience, and online presence stand out from the crowd, and more. Tons of actionable advice in this episode!
Jul 12, 202032:21