Cigital » The Silver Bullet Security Podcast with Gary McGraw

Wafaa Mamilli is Vice President, Chief Information Security Officer (CISO) at Eli Lilly and Company where she leads a global, enterprise-wide information and product security organization. She started her career consulting in Paris prior to joining Lilly France in 1995. Before being named CISO, Wafaa held several international leadership responsibilities across Lilly, including a stint as Information Officer of their diabetes division. Born and raised in Morocco, Wafaa also lived in the UK, France, and the Middle East before relocating to Indianapolis, Indiana in 2008. She holds a Master’s in Computer Science from INSEA in Rabat, Morocco. She holds another Master’s in Business Applications of Information and Technology from Université Rennes 2 in Rennes, France. Additionally, Wafaa holds a General Management Certificate from the London Business School. Most recently, in 2015, she graduated from the Harvard Business School Advanced Management program. Listen as Gary and Wafaa cover cultural differences in technology management, CISO education, organizational hierarchy, and more. Connect with Wafaa Mamilli on LinkedIn Follow Wafaa Mamilli on Twitter “Executive Women’s Forum Hosts First-Ever Cybersecurity Women on Capitol Hill Event”   The post Show 137: Wafaa Mamilli Discusses Cultural Differences in Technology Management appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 137: Wafaa Mamilli Discusses Cultural Differences in Technology Management appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Pavi Ramamurthy manages the security ecosystem at LinkedIn as a Senior Information Security Manager. The Security Ecosystem team holds much of the responsibility for software security at the firm, including: software security training, awareness, bug herding, application vulnerability response, program management, and security positioning for partners and customers. Pavi has over 20 years of experience in software engineering and development, coupled with 10 years of hands on security experience. She has also worked in various capacities at VMware, Determina, Vitria Technology, and 3Com. Pavi holds an MS in Computer Engineering from Santa Clara University and she lives in Silicon Valley with her family. Listen as Pavi and Gary discuss whether a background in development makes you a better software security resource, CI/CD, security testing, the role that office hours play in software security awareness, and more. Follow Pavi Ramamurthy on Twitter Connect with Pavi Ramamurthy on LinkedIn A Doubter’s Almanac: A Novel The Twentieth Wife: A Novel   The post Show 136: Pavi Ramamurthy discusses the relationship between development and software security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 136: Pavi Ramamurthy discusses the relationship between development and software security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Ksenia Dmitrieva-Peguero is a Principal Consultant within Synopsys’ Software Integrity Group. She is a subject matter expert in a variety of software security practices including static analysis tool design and execution, customization, and deployment. She is also an expert in the areas of penetration testing and threat modeling. Throughout her career as a consultant, Ksenia has established and evolved secure coding guidance and best practices for many different firms, and has delivered numerous software security training sessions. She speaks regularly at events around the world on topics such as HTML5, CSP, and JavaScript. Ksenia holds degrees in Education and Computer Science from Clemson University, and an MS in Computer Science from George Washington University. She lives in Virginia with her husband and newborn daughter. Listen as Gary and Ksenia discuss software security awareness, AngularJS, security conferences, and more. Follow Ksenia on Twitter Connect with Ksenia on Linkedin “How secure is AngularJS?” BSides DC 2015: Fixing XSS with a content security policy Ballroom dancing     The post Show 135: Ksenia Dmitrieva-Peguero discusses software security and AngularJS appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 135: Ksenia Dmitrieva-Peguero discusses software security and AngularJS appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Kelly Jackson Higgins is the Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with over 20 years of experience as a reporter and editor. Publications that Kelly has been associated with include Network Computing, Secure Enterprise Magazine, Communications Week, and more. Kelly’s coverage of computer (i.e., cyber) security has led her to be selected as one of the top 10 cybersecurity journalists in the U.S. She holds a BA from the College of William and Mary where she also played on the women’s soccer team. She currently lives near Charlottesville, VA. Listen as Gary and Kelly discuss how to separate fact from fiction when it comes to news in security, changes in security-focused journalism in recent years, social media, security politics, and more. Follow Kelly Jackson Higgins on Twitter Connect with Kelly Jackson Higgins on LinkedIn Articles by Kelly Jackson Higgins on DarkReading.com “How I Got Here: Kelly Jackson Higgins” Threat Post interview Conversations with Toni Morrison The post Show 134: Kelly Jackson Higgins Discusses Cyber Security Journalism appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 134: Kelly Jackson Higgins Discusses Cyber Security Journalism appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Cheryl Biswas is a Cyber Security Consultant focusing on threat intelligence at KPMG Canada. Her IT career began over 20 years ago at CP Rail’s helpdesk, with further roles in vendor management and change management. She went on to work as an InfoSec researcher at JIG Technologies where she advised her team and clients on security matters and weekly threat intel updates. Cheryl strives to connect people within information security, with a focus on end users. She shares a passion for learning and security by blogging, speaking at conferences, and through her social media presence. Cheryl holds a B.A. in Political Science from York University. She lives in Toronto, Canada with her three kids. Listen as Gary and Cheryl discuss aligning security to work as a service for the business rather than an imposition for employees, trending cyber security political topics, work-life balance, and more. Follow Cheryl Biswas on Twitter Connect with Cheryl Biswas on LinkedIn Cheryl’s CyberWatch blog Cheryl’s Mom’s the Word blog TiaraCon “Ransomware and Databases: A Mongo Problem” The post Show 133: Cheryl Biswas Discusses the Politicization of Cyber Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 133: Cheryl Biswas Discusses the Politicization of Cyber Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Dr. Chenxi Wang is the founder of the Jane Bond Project. She has built an illustrious security career with experience at Forrester Research, Intel Security, CipherCloud, and Twistlock. Dr. Wang started her career as a computer security faculty member at Carnegie Mellon University. She holds a Ph.D. in Computer Science from the University of Virginia and currently lives in Silicon Valley with her family. Listen as Gary and Chenxi discuss the life of Professor John C. Knight, the Jane Bond Project, the Grace Hopper Conference, the state of software security, DevOps, fixing the diversity in tech issue, and more. Follow Chenxi Wang on Twitter Connect with Chenxi Wang on LinkedIn ”Interview: Chenxi Wang on Information Security’s Mr. Robot Problem and Enforcing IoT Standards” A Security Architecture for Survivability Mechanisms Thinking, Fast and Slow by Daniel Kahneman ”Don’t Talk Diversity, Live It!” Panel at RSA 2017 The post Show 132: Chenxi Wang Discusses DevOps and Diversity in Tech appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 132: Chenxi Wang Discusses DevOps and Diversity in Tech appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Kate Pearce is a Senior Security Consultant at Cisco within the Customer Solutions division. In her career, Kate approaches security from diverse perspectives encompassing defenders, builders, assessors, and attackers. Her approach blends business, academic, and assessment contexts with a clear focus on evidence-driven security approaches. Kate holds an MSc and a BSc in Computer Science from the University of Canterbury. A repatriated Kiwi, she currently lives in Wellington, New Zealand with her wife and cat. Listen as Gary and Kate discuss the state of the software security industry, gender perspectives in the security space, the relationship between biology and security, and more. Visit Kate Pearce’s website Connect with Kate Pearce on LinkedIn Follow Kate Pearce on Twitter What did Kate present at Black Hat 2016? “Researchers” versus Researchers: Gary’s ShmooCon talk Bill Bryson’s A Short History of Almost Everything The post Show 131: Kate Pearce Discusses the Relationship Between Biology and Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 131: Kate Pearce Discusses the Relationship Between Biology and Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Jessy Irwin is Vice President of Security and Privacy at Mercury Public Affairs. Her work focuses on human-centric technology and security. Jessy works tirelessly to make security and privacy accessible to the average person through education and awareness. As an outspoken advocate, she writes and speaks publicly about security research, strong crypto, and security education. She studied Art History and French at Virginia Tech and is now based in San Francisco. Listen as Gary and Jessy discuss social engineering, security research, and security education and accessibility. Connect with Jessy Irwin on LinkedIn Follow Jessy Irwin on Twitter Visit Jessy’s Jessysaurusrex blog “Grooming Students for A Lifetime of Surveillance” “Cryptoparty: An Introduction to Secure, Usable Encryption Tools for All” Steve Bellovin and Matt Green discuss the crypto wars in Show 112 The post Show 130: Jessy Irwin Discusses How to Make Security and Privacy Accessible appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 130: Jessy Irwin Discusses How to Make Security and Privacy Accessible appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Kelly Lum, a.k.a. Aloria, is a Security Engineer at Tumblr and an Adjunct Professor of Graduate Computer Networking and Application Security at NYU. She has 13 years of experience in computer security, having previously worked in both the government and financial services spaces. Kelly is also a frequent speaker on the Black Hat SummerCon Countermeasure circuit where she often focuses on data loss prevention (DLP) and bug hunting. Listen as Gary and Kelly discuss the differences between application security and software security, finding bugs versus fixing bugs, improving code review tools, and how mental illness affects her analytical security outlook. Follow Kelly Lum on Instagram Follow Kelly Lum on Twitter Connect with Kelly Lum on LinkedIn Travers.al blog She’s A Wreck blog The post Show 129: Kelly Lum Discusses Bug Hunting and a Unique Analytical Outlook on Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 129: Kelly Lum Discusses Bug Hunting and a Unique Analytical Outlook on Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Lesley Carhart is the Security Incident Response Lead at a large corporation in the Chicagoland area where she and her team work with digital theft, misconfiguration, and hacking issues. She has 17 years of experience in the IT industry, eight of which focus on incident response and digital forensics. Lesley holds a BS in Network Technologies from DePaul University. She is an active writer, speaker, and works as a member of CircleCityCon staff. Listen as Gary and Lesley discuss the evolution of computer security, incident response, digital forensics, security engineering, security certifications, and more. Follow Lesley Carhart on Twitter Connect with Lesley Carhart on LinkedIn “Avoiding burnout: Ten tips for hackers working incident response” “Threat Modeling the Minecraft Way” Ruger MK III The post Show 128: Lesley Carhart Discusses Incident Response and Digital Forensics appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 128: Lesley Carhart Discusses Incident Response and Digital Forensics appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Dr. Marie Moe is a Security Researcher at SINTEF and an Associate Professor at the Norwegian University of Science and Technology. She was previously a Team Leader at NorCERT, the Norwegian national CERT, where she managed incident response to cyberattacks against national critical infrastructure. Marie’s recent work focuses on public safety and security systems that impact human life. She is renowned for her work in medical device security; in fact, her own life depends on a pacemaker. She holds a PhD in Information Security and an MSc in Industrial Mathematics from NTNU. She lives in Trondheim, Norway with her family. Listen as Gary and Marie discuss her research and the future of medical device security. Follow Marie Moe on Twitter SINTEF “Living with a vulnerable implanted device“ “Go Ahead, Hackers, Break My Heart“ “Why We Should Worry About Hackable Hearts“ “Could hackers break my heart via my pacemaker?“ “How the ‘Internet of Things’ could be fatal“ The post Show 127: Dr. Marie Moe Discusses Medical Device Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 127: Dr. Marie Moe Discusses Medical Device Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Mike Pittenger is the VP of Security Strategy at Black Duck Software where he is responsible for strategic leadership of security solutions, including product direction and strategic alliances. He has 30 years of experience in technology and business, more than 25 years of management experience, and has spent the past 15 years focusing on security. Mike previously served as VP and General Manager of the product division of @stake. After @stake’s acquisition, he led the spin-out of his team to form Veracode. He later served as VP of the product and training division of Cigital. Mike also works as an independent consultant helping security companies identify, define, and prioritize their security product approaches. Listen as Gary and Mike discuss open source security including OpenSSL, containerization, and progress being made in the industry. Black Duck Software Connect with Mike Pittenger on LinkedIn GNU General Public License Ghost of Paul Revere The post Show 126: Mike Pittenger Discusses Open Source Software Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 126: Mike Pittenger Discusses Open Source Software Security appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and secure engineering. He is also the founder of Brakeman Security which produces a Ruby on Rails security scanner. He is a volunteer and Former Global Board Member of the Open Web Application Security Project (OWASP) and the author of Iron-Clad Java: Building Secure Web Applications. With nearly 20 years of software development experience, and over 10 years of application security experience, Jim is a highly sought after speaker on security practices specializing in the notion of building as opposed to breaking. Listen as Gary and Jim discuss recent developments with static analysis, the relationship between open source and security, programming languages frameworks and how they impact tools, developer training, enterprises moving to the cloud, and island life. Connect with Jim Manico on LinkedIn Follow Jim Manico on Twitter Manicode Manicode blog Brakeman Security OWASP Application Security Verification Standard Project Iron-Clad Java: Building Secure Web Applications   The post Show 125: Jim Manico Discusses Static Analysis, Open Source, and Developer Training appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 125: Jim Manico Discusses Static Analysis, Open Source, and Developer Training appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Lance Cottrell is the Chief Scientist at Ntrepid where he works on the Passages product. He founded Anonymizer, Inc. in 1995, which was later acquired in 2008. Lance has been at the cutting edge of Internet privacy, anonymity, and security for over 20 years. He is on the board of the North Bay Angels and is a mentor for SoCo Nexus Sprout. He lives in Sonoma County, California where he also dabbles in winemaking. Listen as Gary and Lance discuss privacy, anonymity, Tor, attribution issues, browser security, geolocation, anonymity tools, and more. Connect to Lance Cottrell on LinkedIn Follow Lance Cottrell on Twitter Ntrepid Anonymizer, Inc. North Bay Angels SoCo Nexus Sprout “Cryptopolitik and the Darknet” by Thomas Rid Lance Cottrell’s blog The post Show 124: Lance Cottrell Discusses Anonymity and Privacy appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 124: Lance Cottrell Discusses Anonymity and Privacy appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.

Yanek Korff is the owner of Korff Consulting, LLC where he is a strategic consultant advising firms on information security topics. Having worked at Bell Atlantic, Cigital, AOL, and Mandiant, Yanek has well over a decade of experience in security operations, development, and infrastructure. Listen as Gary and Yanek discuss outsourcing, people vs. automation, incident response, and what he has learned about building and maintaining a successful technical team. Connect to Yanek Korff on LinkedIn Mastering FreeBSD and OpenBSD Security Ntrepid “Building Trust in Four Steps” The post Show 123: Yanek Korff Discusses How to Build a Successful Technical Team appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw. The post Show 123: Yanek Korff Discusses How to Build a Successful Technical Team appeared first on Cigital » The Silver Bullet Security Podcast with Gary McGraw.