2020 Podcast Round Up — Carolyn and Eric's Top 10
2020 Podcast Round Up — Carolyn and Eric's Top 10
What a fantastic year of guests, Eric and Carolyn review their top 10 guests in the 2020 podcast round up. Be one of the first 10 to share this episode to receive your choice of one of these books (Spoiler alert): Cyber Nation, David Sanger, Burn-in, Peter Singer, Ghost Fleet, Peter Singer, LikeWar, Peter Singer. This 2020's final episode, Happy Holidays and see you in the new year!
Episode Table of Contents
- 00:50] 2020 Podcast Round Up of Our Favorite Episodes
- [08:01] Remember How COVID Overtook a Ship in the 2020 Podcast Round Up
- 13:25] The Power of the Ask
- [19:50] Efficacy Over Time
- [25:43] 2020 Podcast Round Up on Cyber Offensive and Defensive Capabilities
- Carolyn and Eric's Top 10 Guests
2020 Podcast Round Up of Our Favorite Episodes
Carolyn: We get to do our top 10 countdown of our favorite episodes for 2020. It was hard for me to narrow it down to 10. We did cheat a little bit because we have a couple of double headers. It's our top 10 guests.
Eric: Not to diminish any of the other guests, but I agree. There were some really great ones that stood out to me. I actually found a theme that I'll tell you about, which I learned a little bit about myself in the process. It was great.
Carolyn: Before we dive into our countdown, I want to ask our listeners to go smash the like button. Share this episode, and the first 10 people to share this episode, we're going to give them a book. You know how I love to give books, so we've got to decide what book. What are you reading, Eric?
Eric: I'm reading a lot. This is an interesting one, because that was my theme. I don't want to go into it now, but we'll have a couple of books. They can maybe ask for the book they want.
Carolyn: That's good because The Talent War is one that we can offer. Also, since I'm on video, I noticed I'm wearing my favorite Christmas attire. I'm going to wear it to all the fancy parties I'm going to.
Eric: Darth Vader?
Carolyn: Darth Vader and his StormTroopers.
Eric: You mentioned The Talent War, right here.
Carolyn: Let's hit it. We're doing a Letterman countdown.
Eric: For all the millennials out there, we're going 10 to one, like a rocket launch. We're going from 10 to one, descending order.
America Will Be Okay
Carolyn: Careful, do not offend our millennials. They are half our workforce.
Eric: They're more than half, they are our future. I've actually been reading a great author. I'll share it at some other point. Not cybersecurity related, that basically says America will be okay. It's fascinating. I'll get into it more later, but let's hit the top 10.
Carolyn: You just introduced it. It's George Randall with Episode 101, and it's the talent gap.
Eric: The Talent War.
Carolyn: Yes, the book The Talent War. Then we talked about the talent gap in cybersecurity. First of all, what a fascinating guy to talk to. His co-author, Mike Saraille, is a former Navy Seal. They apply the methodology of the Seals, a lot of that, to the workforce.
Eric: Which really goes to hire for character, train for skill. You can't go and hire a Navy Seal from somebody else. They have to create them. So how do they hire? They look for the right character traits that they can then train and then create Navy Seals, or Special Forces operators. In cyber, we see a lot of the same, which is what I love about it.
Carolyn: You just brought up the point that really stuck with me from that episode. They said, "If we’re only looking for Seals who had seven years experience, which is what most job postings require. So if they only went and found Seals who had seven years of experience, we'd never have a Navy Seal. Exactly zero."
Carolyn: All right, so number nine. Number nine is Episode 98 with Derrick Weeks. It was all about DevSecOps and why we should care about it. I really liked this one because it surprised me.
Putting Out Secure Applications and Doing the Right Things
Carolyn: I've mentioned before I thought it was going to bore me to tears
Eric: No offense, Derrick.
Carolyn: That was the thing. Derrick was so fantastic it kind of got me interested in DevSecOps.
Eric: I've been in security a long time now, as I know you have been. It surprised me and totally opened up a world that I wasn't exposed to any great extent before. Especially as we're moving into the cloud and things are changing. We always ask the question, "How do we solve this problem?"
Eric: But a lot of it starts with putting out secure applications and doing the right things from the beginning. That's what Derrick brought out for us. I loved that conversation. We had him back, of course.
Eric: We've had him back twice this year. I thought Derrick was phenomenal. I'm not a developer, so I agree with you. For me, I was like, "Okay, developer. Let's see how this goes." It was great. He was awesome.
Carolyn: It was a great episode. All right, so number eight would be Dave McDonald from the Navy. You say his title because I always mess it up.
Eric: He's the CIO of NCTAMS PAC.
Carolyn: What does that stand for? What’s NCTAMS PAC?
Eric: Navy Communications. I'd have to look it up myself, but basically all Navy telecommunications for the INDOPACOM region. Then he has a couple of peers in the different areas of responsibility, or AORs.
Eric: INDOPACOM is probably the most critical theater these days, with everything that's going on with China. It's certainly the largest theater. All run predominately out of Hawaii, so that's Dave's responsibility. You loved the crisis CIO.
Remember How COVID Overtook a Ship in the 2020 Podcast Round Up
Carolyn: You and Arika got to do that, so I loved it because I got to listen to Arika again. It's two episodes, so it's Episode 77 and 78. He had so many great sound bites. I now embrace the suck, he brought that up. I'm like, "Yeah, that's what we need to be doing right now." Talked about continuity of operations, and how they're actually doing pretty good.
Eric: And resilience. That was, as I recall, early May. We’re a month and a half into COVID. We really didn't know what was going to happen. Didn't know how long this was going to go. We had the aircraft carrier. I'm trying to think of the name of the carrier which had been docked at Guam. They had several deaths, they lost their captain. If you remember that COVID overtook the ship.
Eric: The ship, it was the USS Teddy Roosevelt, I believe, Theodore Roosevelt. Dave took it early on and talked about the crisis CIO. He talked about resilience, which I think was great.
Carolyn: We just had him back and I loved what he talked about now, just that we're in this together. Don't suffer alone. Talk to somebody. That really resonated with me. I'm talking to my friends, I'm talking to you about things that are hard for me right now. It's important that we're in this together. I really love that.
Eric: He wasn't the only person to talk about people. We talk about people in cyber, we talk about the two million person shortage in talent. It's 2021, this coming year, the predictions were, I'll have to check and see where we are, but I think it was ICCC.
We Never Talk About Products in This Podcast
Eric: They had a two million person shortage of cyber talent by 2021. This is going back probably to 2017, 2018. I want to check where we are. Dave and many others talk about the people, how important the people are, not tech. We never talk about products on this podcast, but the people.
Carolyn: That was the theme with so many of our guests. We could go back and I bet 90% they talk about the people. That's their number one concern and that's what you have to take care of first.
Eric: Agreed. What do you have for seven?
Eric: I love Bob. He's always the protagonist. He knows the space. He's not afraid to say what he thinks. He is exciting, a risk taker. I love Bob.
Carolyn: He was former CIA?
Eric: He was former CIO of the CIA. He was responsible for all of their internal systems.
Carolyn: He was great. All right, we are number six, the special edition with RSA. I'll tell you why I loved that one. Rachel Lyons is one of my favorite people. She was just like on point. Nico was there too. I love Nico but man, Rachel just surprised me in that episode. She was talking about people and how important the human side of the story is. That's really where we have to focus.
Eric: Really getting to what it takes for a vendor to come to a show. That was totally impromptu. She was brought in. I carried a mic and my headphones to RSA. She had no idea we were going to do this.
Talk About the Teamwork in the 2020 Podcast Round Up
Eric: We started the podcast. Nico and I had it planned, and Rachel had no idea we were going to record her. She thought she was going to sit there silently. Nico and I turned it on her and made her the subject of the podcast. Talk about how you make an RSA happen, what you're looking for.
Eric: There are so many customers there, there are so many vendors there. What I've never seen before was talk about sausage making. What is it like to put something like that together? How do you do it? What do you think about it? I think that's good for customers, and for other vendors.
Carolyn: Just talking about the teamwork, just that human side of it again.
Eric: Right, but we're talking to somebody in public relations. No offense, Rachel, who they're so critical to the business. But people don't think about the PR side of the house. What does it take to put that together, to make that happen? I thought that was a great episode, I loved the surprise. Okay, what number are we at now?
Carolyn: Five. He's my guy, so this is Peter Singer. That's right, PW Singer. This is Episode 80. We brought him on to talk about his new book, Burn-In. He's an author of what he likes to call useful fiction. It's a blend of the real stuff, so non-fiction, fiction, real stuff that's going on right now.
Carolyn: He's super tech-savvy, so is everything in his books. The first one I read of his was Ghost Fleet and they're all accurate.
Eric: Ghost Fleet, LikeWar, Burn-In. He's with New America, he's a smart dude.
The Power of the Ask
Carolyn: Talk about the power of the ask, Eric. I've been a little obsessed with PW Singer since I read Ghost Fleet back in 2011. You know the reason I read it is because it was required reading for a lot of people in the DOD.
Carolyn: I was like, "Oh, okay. I'll check it out." Loved it. Like, it's my jam. I just decided that I wanted to get him on the podcast. And I was like, "You know what, I'm just going to ask him." I fell out of my chair when I got an email back from him saying, "Sure, I'll do it."
Eric: He's brilliant. I love blending fiction, the art of the possible. This could really happen with data information. We talk about disinformation. In fact, I've written and spoken a lot about it lately. What makes disinformation so powerful is that we're fusing credible information with fiction, with fictitious information.
Eric: It's really hard to go out and determine what's accurate, what's not. You can research but it's as long as you fold in that legitimate information. When you research, you typically find that. The mind says, "Okay, this is the way it works, right?"
Eric: This is true, this is accurate because I looked up some data. If people even look it up. He almost does the opposite side. I want to talk to him about this should we ever have him back, where he brings in factual information. This is the way cyber works.
Eric: This is the way something happens. He folds it in with the future, the art of the possible. Could be scary, could be great, but he did it. He does it with LikeWar, he does it with Burn-In using robotics.
2020 Podcast Round Up of Stories Wrapped Around the Real Stuff
Eric: Like this is what it could look like down the road. I think the best thing about PW, I'd say, in proving just how valuable a thinker, a futurist he is.
Eric: He became the afterward of Burn-In. He became the beginning of The Cyber Solarium Commission's this is what this could look like if we don't do something. He's changing policy. I loved it.
Carolyn: You know, he's briefed the White House. He is a smart dude. It's the way I learn. The way he writes is the way I learn. I like the story wrapped around the real stuff.
Eric: I agree, and I don't have LikeWar, Ghost Fleet or Burn-In on my desk, because they're not reference books, if you will. I've got them all three here on my bookshelves.
Carolyn: Same. We're at four, David Sanger.
Eric: Another author.
Carolyn: But not only that, he's a three-time Pulitzer prize winner.
Eric: Let me show you my Sanger novel. In books, reference books, I will mark them with Post-It notes. I will highlight things that I want to focus on. Probably my number one nation-state type of book, The Perfect Weapon. It's coming out.
Carolyn: It's on HBO Max right now.
Eric: Boom, there you go.
Carolyn: That one really lit a fire under me to just learn more about cybersecurity. It just really emphasized for me how important cyber is. I think you said it in the episode, that it's scarier than nuclear. It is.
Eric: Because there isn't mutually assured destruction. It's very one-sided, very unilateral in many ways. You can't attribute. It's really hard.
The World of the Possible
Carolyn: It's easy, it's cheap. It really opened up my eyes. He was so fun to interview too. That was a really fun interview.
Eric: Great guy. I've got to tell you, he's been doing this a long time. He is an expert in space. David Sanger is probably the most informed and educated cybersecurity professional I've met in my lifetime. He doesn't even touch a keyboard other than to write.
Eric: Politicians, operators, cybersecurity personnel, vendors, when you talk to him he has a way of pulling the big picture. He's done the research, he's lived in the space, he’s talked to so many people at so many levels. He knows the space better than anybody I've met before.
Eric: He just has this objective view into cybersecurity. It's one of my top cybersecurity books, top two or three that I recommend to everybody.
Carolyn: You call it a reference book, but for me it wasn't a really hard read.
Eric: It's a story. It's like PW Singer, they're telling stories. Sanger happens to be telling hey, this is what happened. Singer's telling, hey this is the world of the possible here. They're both telling stories.
Eric: Human society communications, storytelling has been the foundation, the bedrock of society, from the beginning of time. That's what both of these authors really grasp onto. Which is what makes them so powerful in space, in my opinion.
Carolyn: All right, number three, Steve Grobman.
Eric: Another book, another author. The Second Economy.
Carolyn: He broke my head. I'm not going to lie. We talked about quantum computing, we talked about securing the upcoming election, The Grobman curve.
Efficacy Over Time
Eric: Efficacy over time. When we first detect a piece of malware or some type of attack vector, the adversary has the advantage. Then the defender creates a product or capability or something to address that. The defender shifts and you want to shrink that time curve from detection to creating some capability.
Eric: Then once you have that capability, you want to continually iterate or evolve it. So the duration of that capability, sand boxing is a great example. We had a problem, so we were able to sandbox. All of a sudden, we could keep up with the adversary. We could detect what they were doing.
Eric: The adversary learned very quickly how to detect sand boxing. How long does it take from proof of concept to development to deployment to the adversary pivoting. I can tell that's a VM running in a sandbox. That's the important piece that the Grobman curve points out, regardless of technology.
Eric: Steve, an Intel fellow, one of the most brilliant men. I put him up there with Bill Gates. Also with a couple of other just luminaries in the business. The way they're able to think through a problem without getting too focused on the problem. What does this look like long term? Grobman curve. It was great
Carolyn: It was a really good episode. All right, number two.
Eric: Quantum blew my mind, right?
Carolyn: I still don't really understand quantum physics.
Eric: Why do we care about quantum computing? Well, it could invalidate all the encryption that you're doing right now.
Eric: That's pretty easy to understand. It opened up my eyes very rapidly, like this could be a problem.
2020 Podcast Round Up of the Nation-State Problem
Eric: Same thing with the election. Do we really have a nation-state problem if we do mail-in ballots? Probably not because of the scale. Is it possible that some nation-state could steal or corrupt some ballots? Absolutely, but they can't do it at scale.
Eric: Therefore we probably don't have as significant a problem as we would if we did it all electronically. They had access to voting systems and things like that. Fortunately, we're at the post-election right now. It looks like we really had the most secure election ever, according to Chris Krebs, one of our prior guests.
Eric: We will see more of him in the future. That's my prediction for 2021. I think Chris Krebs will be back, better and bigger than ever. He was awesome. We had a great election, but Steve opened my mind with no mail-in. The adversary can't deal with the scale.
Carolyn: Did you watch Krebs on 60 Minutes? He's like the number one thing that we needed to make sure we had in 2020 were paper ballots. Talking about how corrupting those. He just echoed exactly what Grobman said, with the paper ballots and the mail-in ballots.
Eric: Steve's a genius. We should have him back. I love the way he thinks.
Carolyn: Number two, Katie Arrington.
Eric: She's fire. I've got her on a call, later on today. I can't wait.
Carolyn: I'm jealous. So Episodes 62 and 63, and she was so fun. She's running the CMMC program. There were a few things that she said. The one I still think about that she said is, "Cyber is in every part of our lives. Right down to the Apple on my desk."
We’ve Got to Do Better for Our Kids
Carolyn: I'm like, "Yeah." We've got to make this secure, we've got to do better for our kids.
Eric: That was in the beginning of 2020. They’re going to release CMMC for the first contracts at the end of Q3, September time frame. They fell a little bit behind. I'm very proud to say December 1, last week, they released CMMC, the first pieces of it to the street. We're going to see it in the contract. That's awesome. They got it done. Three months, we'll be okay.
Carolyn: She's just so passionate about it. I mean, she really believes in what she's doing.
Eric: She cares. We love that. It's about the people. She cares about what she does. Okay, what's the last one?
Carolyn: We're to number one. I don't know if this will be much of a surprise.
Eric: We've counted from 10 to one successfully.
Carolyn: Our 100th episode, General Stanley McChrystal. Another author, Team of Teams. What a fantastic book, and what a fantastic man.
Eric: He brought it to cyber for us.
Carolyn: It made so much sense. I've had people who don't know anything about cyber, are not technical, listen to that episode. They text me or write to me and say, "I never thought of it like that. I’ve never thought of it like a human immune system, and it makes so much sense." What a great guy. That's a highlight of my career, talking to him.
Eric: Outstanding. I love this show, but that's quite an announcement there. General McChrystal had a way of putting it into words that I think anybody could understand. He doesn't have a deep cyber background, being a four-star general in the Army.
2020 Podcast Round Up on Cyber Offensive and Defensive Capabilities
Eric: He obviously did have cyber offensive and defensive capabilities, but it's not like he grew up in the space. The way he looked at the problem, the way he associated with the body, with resilience. With looking at how we think about the problem.
Eric: Once again, going back to people. Another one blew my mind. That's what I love about these shows we do. They're so different in the way they work, the people we talk to, but we learn so much. We've got one heck of a catalog. 2020 was a great year for the show and our listeners.
Carolyn: You and I said this would be a short episode. We've got to wrap it up and let's offer our listeners the books that they can choose from.
Eric: I have them right here, except I was missing a PW Singer book, Burn-In, LikeWar or Ghost Fleet. But we have The Talent War.
Carolyn: The Talent War by George Randall and Mike Saraille.
Eric: Team of Teams. You can get The Second Economy. We'll get it to you. I have enough copies. This is more of a college PhD-level class read. It's really good. There are some great stories in here. Just disregard the page after page of footnote at the end of each chapter. Steve really did his research with Allison Cerra.
Carolyn: All right, Steve Grobman. The Perfect Weapon, from Dave Sanger. Those are your choices. I'm going to throw in the Cult of the Dead Cow too, by Joseph Menn.
Eric: Two-part episode.
Carolyn: I really liked that book.
Eric: Mudge is getting a job in the new administration.
Carolyn: That's awesome. He was one of my heroes.
Tag and Share to Get Free Books
Eric: He's getting a job in the new administration, so more to follow.
Carolyn: What a great guy. All right, so there are the books to choose from. Listeners, go like us and share on LinkedIn. Tag me and let me know that you have shared, then you can choose the book that you want. I'll send it to you. The first 10.
Eric: First 10. And you'll get the number right. Anyway, thank you for a great 2020, everybody. Carolyn, this is the year of you. We started with Arika and she moved on. We'll have her back, but I've really enjoyed doing this show with you. The guests, the format, so far, so good. Listeners, tell us what you like, tell us what you dislike. We're looking forward to an incredible 21.
Carolyn: That's what I wanted to note. Listeners, tell us what your favorite episode was. Let me know. We will talk to you next week.
To The Point Cybersecurity was recently named one of the 30 top Federal IT influencers 2019 and 2020 because of fantastic guests. We are always looking for great thought leaders to interview. Please email me with guests you would like to have on the podcast email@example.com.