In celebration of our 52nd episode, Eric and Arika recap some of our favorite and our best episodes over the past year.

Episode Table of Contents

• [1:45] Arika's Favorite Episode: Karen Evans
• [3:11] Eric's Favorite Episodes: Dr. Ford, Dan Velez, Mark Kelton
• [5:00] Our Best Episode: Margaret Cunningham and Chase Cunningham
• [6:49] Our Best Episode: George Kamis
• [8:25] Our Best Episode: Chris Krebs and Sanjay Gupta
• [10:04] How Things Could Have Changed In a Year
• [16:38] Things We Look Forward To
• List of Favorite Episodes Mentioned

Commemorating Our Best Episodes Over The Past Year

Eric: You just notified me we're at one year.

Arika: One year. This is actually our 52nd episode. It's pretty exciting.

Eric: It's very exciting. After you said that I was thinking, wow, we've covered a lot of ground over the last year. We have a lot to do, a lot to go, a lot of ground.

Arika: We have. We've talked to a lot of great people. We've had a lot of great government guest, industry guest, covered a lot of topics. We thought today we actually... For those of you who might be new listeners or haven't listened to all of the 51 prior episodes that we sort of give you some of our favorites and some of the ones that we think are definitely worth going and taken a listen to. That sound good to you, Eric?

Eric: I think it's great. I'll start off since it's to the point. What was your favorite? Give me the ideas, couple of your favorites.

Arika: Okay. The few that I really enjoyed actually were the ones that we did in person earlier in the year during the Forcepoint Cybersecurity Forum. Well, it was a long day. I think we did about 14 episodes in one day, but I did enjoy doing them in person. One of my favorite one was when we had Karen Evans on from Department of Energy.

Eric: She was awesome.

Arika's Favorite Episode: Karen Evans

Arika: She was great. Definitely go back and check out that episode if you haven't listened to that one.

Arika: She really took us through what keeps her up at night. We got to learn a lot about her background, which I didn't know about and just all of the challenges that come with critical infrastructure and things within the Department of Energy that I didn't even think about from a cybersecurity standpoint.

Eric: Okay. I believe she talks about risk. She talks about girls in security.

Eric: I've listened to that one I think three times. The most recent, over the summer I was picking my kid up at hockey at Lake Placid, driving across the state of New York to go to Ontario to drop him off at Niagara Falls for another hockey camp. I remember listening to that midway through because there was no radio or anything else.

Arika: Oh wow. Yeah, that was a good one. If you're looking forward, it was on May 28, 2019. That's the episode date. Go check it out.

Eric: Do you know the episode number?

Arika: I don't. We did not list all of them with the number, so we can include that in some of the show notes though. We'll do that for everyone.

Arika: Okay. What was your favorite, Eric? What are your top three?

Eric's Favorite Episodes: Dr. Ford, Dan Velez, Mark Kelton

Eric: I don't even know if I can go to top three. I love doing the podcast, so for me they're all great. Some were exciting. Some different. You know what? The ones I really love are the more theoretical ones. I love talking to Dr. Ford about trust and learning. I've got this lifelong passion for learning, and he's such an amazing educator. The other one was when we spoke on insider threat programs with Dan Velez.

Arika: Oh yeah, that was a good one.

Eric: Really recently. Then finally... Yeah, I'd say if I had to go to three, Mark Kelton. Mark Kelton, another adjunct professor at Georgetown, just schools you on the topic at hand. I love it. It makes me anything,

Arika: We've had Mark on twice, right, if I recall?

Eric: We had him once prior to the FCFL recordings and then we had him live in person that day where he talked about nation state insider threat. He talked about adversarial intent. It was outstanding.

Arika: Yeah, definitely check those two episodes out. He's a great guest. The other thing, Eric, I've really enjoyed when we've been doing the podcast and talking to different folks are people who have backgrounds that are totally different than what you think they would be in terms of how they sort of got to cybersecurity.

Arika: I mean, we've had people who have been former musicians. We've had people who have just been in other walks of life. It's funny how I don't know that I always would connect just so many professions, how they intersect with just technology insecurity. I mean, I loved having the psychologist that we had on just a couple of weeks ago and hearing about-

Our Best Episode: Margaret Cunningham and Chase Cunningham

Eric: Margaret Cunningham?

Arika: Yes. Margaret Cunningham. Yes. Yes. She was fascinating to me because I never thought about really the psychology. She talked about the anatomy of an insider threat. I was like, oh wow, I didn't think about that. I love when we have just sort of a non-traditional background. I think people always think cybersecurity are techie people that like to be locked in a room, put their heads down. No offense.

Eric: Well, I think the landscape's changing as Margaret said. I mean, we've been doing cybersecurity for greater than 30 years now and the problem's just getting worse and worse and worse. Margaret's approach, tying psychology of humans, because that's what it's really about, into cybersecurity is great. I listened to episode two over the weekend on that one. Candidly out on LinkedIn I put a notification out about talking to a psychologist. I got so many responses back on LinkedIn from friends, coworkers, people who didn't even know me because I joked about being on the couch with a psychologist. Probably more response on that episode than any of the last 50 or so over the past year.

Arika: Oh, interesting. Wow. That's definitely interesting. You never know what people are interested in.

Eric: Yeah. Just recently we had Chase Cunningham talk about cloud misery, which I think was outstanding, right?

Arika: Yeah.

Eric: We talked about cloud first, and we talked about cloud smart, and then just dumping everything into the cloud and creating cloud misery, which really... We've talked a lot about the cloud. The cloud is clearly the direction of IT in the future, but also IT security. Another great episode. We've had some amazing guests.

Our Best Episode: George Kamis

Eric: Every week I love getting together on Mondays with you. I just look forward to recording these podcasts and talking with interesting people.

Arika: The other thing I enjoyed that we did, and this is definitely... This was a three-part episode that I definitely encourage our listeners to go check out if you haven't listened to it already. We did how to be the CIO of your own home and practical tips on just protecting your home cybersecurity. I thought that was great. We had George Kamis from Forcepoint. I mean, wow, we covered a lot of topics, so much so that, again, we had to turn it into three episodes. I know Cybersecurity Awareness Month is just ending. If you haven't checked out those three episodes as part of the Cybersecurity Awareness Month, I would definitely go take a listen.

Eric: Listeners, if you want more of that or more of anything, let us know.

Arika: Yeah, absolutely.

Eric: We're very open. We don't talk product. We talk concepts. We talk to people. We generally talk cybersecurity. Let us know which way you'd like us to go, what you'd like us to talk about.

Arika: Yeah, no, I enjoy... I mean, I have learned so much, not just those episodes, but I know we recently talked about how I did click on a phishing email and didn't report it. I think it's also just great to give our listeners some of this practical advice as well. I think that's helpful. We've gotten good feedback on that.

Eric: It's funny, I was thinking back and we started with your Nigerian Prince emails early on in the recording sessions.

Our Best Episode: Chris Krebs and Sanjay Gupta

Eric: You had a couple of phishing emails, which are really they can be catastrophic. I mean, they are the attack vector for ransomware. I was just working with the team on 2020 and beyond projections over the weekend and last week, and ransomware according to Symantec has declined about 20% this year. But if you look at the attacks, it's absolutely going to be a problem in the future. Phishing, the emails you click on, I almost clicked on an email over the weekend. I actually thought about you, Arika. I looked at an email. I said, "Something just doesn't seem right."

Eric: I thought about the sessions we've had where you clicked, and I'm like, you know what? I'm not doing it. I did the research on it. I looked at the URL and I said, "Okay, this is absolutely... It was on my personal account. It wasn't work.

Eric: Absolutely a phishing attempt. Even if it isn't, it's totally irrelevant to my life. I'm not clicking on it.

Arika: My work here is done then.

Eric: You actually taught me. Exactly. Exactly. You made me think.

Arika: Well, that's what I'm here to do. You know what also, Eric? We've had some really great beyond Karen Evans. We've had some really great government guests. We've had Chris Krebs, which he was fantastic. We had Sonia Gupta up from SBA. I really enjoyed hearing also just some of the straight from CIOs, just straight from them, things that they're facing in terms of threats with cybersecurity. We know election security is definitely a hot issue right now. We talked a lot about that with Chris Krebs. That was a really great episode.

Things We Could Have Done Differently

Eric: It was. My biggest regret is we don't, and I know why we don't do it, but we don't record the before and after. The prep and the thank you after we finish a recording. Chris must have spoken with us for another five to eight minutes on the psychology, the mentality of riding to work even in the cold, how he clears his head. We talk about motivation sometimes that maybe they're not... Either we're to the point, so we run out of time, or we just didn't get to it or they don't want to necessarily talk about it with everybody. But every guest we have, they're people. They're humans. They've got a fascinating story. Their lives are fascinating. They're all very intelligent. There's a lot there and I wish we could capture all of it.

Arika: No, you're right. We do have some time some of the best conversations are before we start recording or sometimes after. I love the question that you always ask people, what do you do in your spare time, and that's how we heard from Chris that he rides his bike 365 basically every single day to work no matter the weather. He said that's how he clears his mind and he gets ready for whatever the day has to face.

Arika: Just probably not what I would have thought his answer would have been. It's great to get to know people on a personal level as well, but that's a great episode for folks to go in and check out if you haven't heard it. He really I thought covered a lot of topics, and we learned about also how he just got to where he is in terms of his cybersecurity career.

How Things Could Have Changed In a Year

Eric: He has a big family and he has a big job. That's his mechanism to task switch between the two and kind of leave the never ending job at work and focus on his family, which is what we all need to find ways to do.

Arika: Right. Right. Find that balance. Well, Eric, let me ask you a question, Where do you think in terms of a year ago when we were talking about things such as trust and the threat landscape, what's different in your opinion? Is anything different? What headwinds have you seen or just changes have you seen from a landscape perspective or industry perspective in this past year?

Eric: I don't think a lot has changed. Our government customers, our commercial customers, they've definitely migrated more to the cloud. They've moved more into the cloud. We have another election coming up, which we need to deal with. We'll deal with election security. We've had a lot happen over the last year. I mentioned ransomware earlier in the podcast. A lot of cities, a lot of state and local authorities have been attacked. It's a very easy, low risk, low cost way to make money on the internet if you're an adversary, right, if you're a bad actor somewhere in the country or outside. It's very hard to capture people, so low risk. I don't think a lot's changed though. Let's be honest, right?

Eric: What really has changed? We moved more people to the cloud and has security gotten better? More technologies have come out, technologies have been upgraded, and customers have implemented more capability.

A Watershed Moment

Eric: They've moved further along in their programs, but the adversary has shifted too. The adversary has changed. I don't feel safer this year than I did a year ago. Do you?

Arika: No, I feel more aware. I do feel as though I'm... We've seen more about just how to be safer online. I think we're more aware of the hacks that are happening, the breaches that are happening, but I don't know that a lot has changed. I mean, I think we still have... Again, I know one of the things we have talked about is just from a generational standpoint how we're so accustomed to things now that we don't take... When we hear that, I don't know, X company has had a data breach and you may want to check things out to see if there's anything, if your personal information is vulnerable, we don't even always take those steps. I think we're more aware, but I don't know that we're more protected per se.

Eric: No, I agree with you. Margaret Cunningham, I don't have the line in front of me. I was listening to it as I said over the weekend, but she talked about us being human. She spoke about we're not going to train our way out of this problem.

Eric: For me that was a... I don't want to say it was a watershed moment. I've always recognized that. We talk about the endless draining we all go through, and it hasn't solved the problem. We need to do training, but she spoke about having to design systems for fallible humans, right? We're not perfect. We're going to make mistakes. For me that made me...

The Human Element and How to Deal

Eric: I guess when we recorded it afterwards, I took a step back and I thought about it. How can I do a better job with my teams? How can we as an industry, as a business do a better job making systems, making technology, recognizing that we're dealing with humans and humans are fallible? They make mistakes. They're going to make mistakes.

Eric: In fact, Margaret I think would argue, you could almost predict in many cases the mistakes they're going to make, right? We joke about your phishing attempts, but you're human.

Eric: Let's focus on the fact that you're going to make mistakes, that you are human, and what do we do when you click on that link.

Arika: Right. I think we also... I mean, I think we've talked about it a ton, but it goes back to trust, right, and just having that. Giving people, even people we don't know that had sent as phishing emails, the benefit of the doubt and trusting that they're sending this email asking for this information for good, not for, you know, nefarious purposes.

Eric: When they make a mistake, it's not due to them intentionally trying to cause harm to the business or do something. It's literally that, a mistake.

Arika: Right, exactly. The human element.

Eric: Let's plan on humans making mistakes. Let's help them. Let's encourage them. Mark Kelton talks about the insider threat piece. That was a great session where he talks about one of the most important pieces, and then Dan Velez reiterated it, was notifying people that there's a program in place, notifying people of the intentions of the program.

Things We Look Forward To

Eric: Why we're doing it, why it's so critical to put this program there to protect our employees and the business at the same time.

Arika: Absolutely. Absolutely. Well, I will say this, it's been fun this past year, Eric, and I have enjoyed all of the guests that we've had on. I'm looking forward to some new guests and also inviting back some of our past guests. I think we've had quite a few people on here that I'd love to just pick their brain again, or we didn't get to cover everything in our limited to the point timeframe.

Eric: No, I agree with you. I think let's keep moving forward, new guests, new ideas. We'll revisit some new ideas with older guests or existing guests, prior guests. The other thing I think is there's a lot that's going to happen this year. As long as we can keep educating the population, that's a good thing.

Eric: I look forward to more feedback. The feedback really drives our direction.

Arika: Yes. Let us know what you like to hear. Let us know what some of your favorite episodes have been or other guests you'd like us to talk to or topics you'd like for us to cover. We're open. Send us a note. Give us a rating on iTunes or the podcast platform of your choice and keep subscribing and keep tuning in to us every week.

Episodes Mentioned

• How the Department of Energy is Working to Secure Our Critical Energy Infrastructure, w/Special Guest Asst. Secretary Karen Evans - Ep. 33
• Rethinking the Concept of Digital Trust with Dr. Richard Ford - Ep. 10
• The Future of TRUST w/Dr. Richard Ford - Ep. 38
• Building an Insider Threat Program, Lessons Learned with Dan Velez, Part 1 - Ep. 46
• Building an Insider Threat Program, Lessons Learned with Dan Velez, Part 2 - Ep. 47
• Walking Upright & Right Through Your Doors, a Conversation on Insider Threat with Guest Mark Kelton - Ep. 32
• The Anatomy of a Human Breach w/Data Scientist and Behavioral Psychologist Margaret Cunningham Part 1 - Ep. 48
• The Anatomy of a Human Breach w/Data Scientist and Behavioral Psychologist Margaret Cunningham Part 2 - Ep. 49
• CyberTalk with Dr. Zero Trust - Chase Cunningham - Ep. 50
• Raising the Bar on Government Cybersecurity w/Guest George Kamis (CTO of Forcepoint) - Ep. 3
• Burn the Bridge Behind You: Innovation in Government with SBA’s CTO Sanjay Gupta - Ep. 16
• Q&A w/Chris Krebs, Cybersecurity and Infrastructure Security Agency Director - Ep. 45