Dr. Marian Zaki, Assistant Professor of Computer Science and Cybersecurity at Houston Christian University, joined Michael and Sam on this week’s episode of HOU.SEC.CAST.! They discuss how Marian’s career pivoted from working for the Egyptian Armed Forces to education, the growing threat of quantum computing, and the cybersecurity programs she’s de…

Hosts Michal and Sam catch up with EXEC.SEC.CON./HOU.SEC.CON. speaker and Cyber Point Advisory Founder Dd Budiharto! They talk about how she (accidentally!) ended up in her first cybersecurity role, her personal experience as a whistleblower, and the need for integrity in the industry, particularly as organizations grapple with ethical dilemmas in …

In this episode, hosts Sam and Michael are chatting with Harris Fort-Bend County ESD #100 Director of Technology, and HOU.SEC.CON. Speaker, Dennis Maldonado! They discuss their first meeting at HOU.SEC.CON. 2012, how Dennis found himself working in cybersecurity while still in school, how he built WestCom, and his 2024 talk. Things Mentioned: AT&T,…

We have a very special guest on this week’s show, opening keynote speaker Gene Spafford! Hosts Michael and Sam chat with him about his start in cybersecurity and academia, his new book, and what to expect during his talk. Things Mentioned: · CTF Link (Opens September 14, 2024) - https://www.cisa.gov · Cybersecurity Myths and Misconceptions: Avoidin…

This week hosts Michael and Sam are joined by our day one closing keynote speaker, Andy Ellis! In this episode they discuss an article authored by Andy that covers the growing issue of admin access and its role in cybersecurity vulnerabilities. They also get into Andy’s transition from the Air Force to 21+ years at Akamai, his book, 1% leadership, …

About this episode: HOU.SEC.CAST. Is back after a short summer break and we’re kicking things off with the one and only John Kindervag! In this episode the guys discuss the importance of securing ALL technology, John’s journey into cybersecurity, and his top secret HOU.SEC.CON. keynote presentation. Things Mentioned: · Swiss cow and calf dead after…

Today Michael and Sam are catching up with DevSecOps manager and 2023 HOU.SEC.CON. speaker, Christopher Pope. They discuss the importance of integrating security from the beginning of the development process, the need for building relationships and understanding between developers and security professionals to create secure applications, and the si…

CISOs are typically not the owner of their organization's most critical (or even non-critical) assets and data. There are usually business unit leaders assigned to that, and the CISO's role is to help reduce the risk to those assets. If the CISO does have direct access to those assets, it's a bad architectural design. That's today's #CyberSunday to…

Security conferences and events are often built with a certain audience in mind. Some are for a a general audience, and others are focused on the CISO. But if an event has a focus on the CISO, it should be for a good reason. I discuss some of those reasons in today's #CyberSunday. Things Mentioned: https://www.linkedin.com/posts/kane-n_its-sad-to-s…

Every year HOU.SEC.CON. partners with local universities to involve cybersecurity students at the conference. Today Michael and Sam are sitting down with Samir Saber, Dean of Digital & Information Technology at Houston Community College and long-time champion of HOU.SEC.CON. They discuss Samir's journey in cybersecurity education, the importance of…

Does practice make perfect? Probably not perfect, but it does make you better. That also applies when performing tabletop exercises. But is it feasible to practice as much as you SHOULD when everyone has other jobs to do? That's what Michael is talking about in today's #CyberSunday. Things Mentioned: · Peter Sacawaker’s LinkedIn Post - https://www.…

In today’s show Michael and Sam are joined by Cybersecurity Executive and Adjunct Faculty Member, Dr. Branden Williams. They discuss Branden’s journey into cybersecurity and how those looking to enter the field can get started. They also dive into his 2023 HOU.SEC.CON. talk on automation and bot attacks and the issues organizations and customers ar…

In mentorship, it's often thought that the mentor is doing the teaching and the mentee is doing the learning. But mentors should also be open to and seek out lessons that they can take from the mentee. In this #CyberSunday, I talk about how tenured #cybersecurity professionals can learn about new tech and new concepts from those who are newer to th…

The 2024 RSA Security Conference is here. While I am not going this year, I do want to give a few professional networking pointers for folks who are going, especially if you are a new conference attendee. These conference habits have helped me in my professional career, and I hope they help you as well. #CyberSunday #RSA2024 #securityconference #cy…

Co-hosts Michael and Sam are joined by co-speakers Mak Foss and Rachel Schwalk to discuss their HOU.SEC.CON. presentation on business email compromise. In this episode they talk about their individual journey’s into cyber, the complexities of detecting business email compromise, and the significance of monitoring email rules. Things Mentioned: · Te…

Attack vectors and methods tend to by cyclical, meaning attackers will come back to see if old tricks will yield new results. I talk about one such attack vector that might be coming back in style... with a slight twist. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up w…

SIEM (Security Incident and Event Management) has been a round a long time. But there are some recent trends and new vendors that are creating fresh ways to implement and operationalize SIEM. I'm discussing a couple of the larger SIEM and security operations trends on today's #CyberSunday. Want to reach out to the host? Email us at podcast@houstons…

Your favorite co-founders and co-hosts Michael Farnum and Sam Van Ryder are reunited for the latest edition of HOU.SEC.CAST. with special guest David Balcar! In today’s episode they discuss: · The evolving landscape of insider threats and the vulnerabilities they exploit. · The importance of vigilance in monitoring outbound traffic and the need for…

How can you tell if a new #cybersecurity concept (think Zero Trust) in cybersecurity is a just a flash in the pan or a valuable idea that can be utilized in your program? In this #CyberSunday, I talk about an unusual method for being able to potentially tell the difference. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted…

Co-Host Sam Van Ryder flies solo for this episode with Executive Industry Consultant, Roya Gordon! They share insights on SBOMs and their significance in OT security, discuss what current security conferences are doing right (and where they could improve!), and the importance of building local cybersecurity communities. Things Mentioned: · Southern…

There is a lot of fear of the security implications about AI and other new and/or improved technologies. And while some fear is healthy, we also can't let it keep us from thinking about uses for that same tech to improve security. Let's talk about it in this #CyberSunday. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted B…

Michael talked about security control monitoring a few weeks ago. In this #CyberSunday, he is digging in a bit around an essential part of control monitoring: configuration management/monitoring. What is config management/monitoring, what do you need to do before you can even start monitoring and managing configs, etc. Want to reach out to the host…

In this episode, hosts Michael and Sam pull HOU.SEC.CON. Program Director (and HOU.SEC.CAST. producer) Lauren Lynch in front of the camera to share her perspective as HSC’s first full time employee! They chat about her start in marketing and cyber, other cybersecurity communities she’s engaging with to level up, and why it’s important to get involv…

There is a lot of talk and advice on social media, blogs, etc. about the Cybersecurity job market. There's no doubt it's a tough market right now, but does that mean you should stay away? Here's my opinion on the topic and some quick advice of my own for experienced cyber folks who are having trouble getting interviews. Things Mentioned: https://ww…

An X/Twitter thread about technology vs communication in #cybersecurity inspired today's video. Which one do you think is more important or more difficult? Watch today's #CyberSunday to get Michael's opinion. Things Mentioned: https://x.com/mikepsecuritee/status/1760299590337622309?s=20 Want to reach out to the host? Email us at podcast@houstonsecc…

In this episode, hosts Michael and Sam meet with Arthi Vasudevan, a cybersecurity product line leader at GE Vernova and the author of the popular children's book "Cyberama." They delve into the recent legislative developments extending online protections for children, Arthi’s journey into cybersecurity, and how her experience at HOU.SEC.CON. inspir…

Today's #CyberSunday is about monitoring controls regularly (as opposed to a point-in-time assessment). Michael gets into some methods of monitoring and what you should monitor them against (hint: monitoring is NOT just technical). Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lync…

Many of us were affected by the cell carrier outage last week. Some initial explanations have come out, but are those explanations plausible? And is a #cyberattack just - or more - plausible than the explanation that AT&T gave? On today's #cybersunday, Michael talks about the outage, the explanations both given and imagined, and some ideas on what …

We have a special episode today featuring EXEC.SEC.CON. hosts Marc Crudgington and Kyle Lai! They’ll talk a bit about their backgrounds and what qualifies them to host an event of this caliber, how they started the CISO Track that lead to this stand-alone event, and what to expect at the conference. Things Mentioned: · Marc’s Books - https://www.am…

Indecision and apathy from alert fatigue are big issues in #cybersecurity. But have you thought about how FUD marketing can cause some of the same problems? And it's not just vendors throwing the FUD. In today's cybersunday, Michael talks about the issues with FUD and how you need to watch out for it from some unusual sources. Things Mentioned: htt…

It's #cybersunday, and it's also time for the Big Game (can't use the real name because reasons). Michael is a big American Football fan, so he's getting into #cybersecurity football analogies. But he's also trying to dig a little deeper and staying away from some obvious analogies. Let us know what you think about them! Want to reach out to the ho…

In this episode hosts Michael and Sam talk to HOU.SEC.CON. speaker and CEO and Founder Dan Gunter. They discuss his career journey from the Air Force to founding Insane Forensics, insights on threat hunting in industrial networks, and the importance of adaptability in operational technology. Things Mentioned: · US disabled Chinese hacking network t…

Michael is in the snow in Michigan to record today's Cyber Sunday. The cold weather and road conditions inspire a cybersecurity analogy around making decisions and determining priorities for your security program. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with HOU…

In today’s episode Michael and Sam chat with HOU.SEC.CON. speaker and Deputy CTO of Tenable, Marty Edwards. Their conversation revolves around the need for collaboration between IT and OT teams, the importance of implementing cybersecurity fundamentals before investing in products and solutions, and the real-life consequences that result from not p…

Michael is wrapping up his Risk Management/Assessment series on today's #CyberSunday. His two points today are around risk assessment frameworks and a caution about GRC tools. We hope you enjoyed the series! If there's anything you'd like to see Michael cover in future videos, let us know! Want to reach out to the host? Email us at podcast@houstons…

About this episode: In our first episode of 2024 Michal and Sam chat with Principal Industrial Hunter John Burns to talk about his presentation “The Distinct Imperatives of Threat Hunting in OT Environments”. In this conversation John also touches on his interesting industrial IT origin story, shares insights into his role as a principal industrial…

Michael tells a story from his professional past explaining some of the differences between Risk Mitigation and Risk Avoidance. The scenario on today's #CyberSunday runs through some of the reasons and calculations that went into the decision leadership made between fixing the risk or avoiding it. Want to reach out to the host? Email us at podcast@…

2024 is almost here, and that means a special end-of-year CyberSunday to close out the year. Today, Michael is talking about three topics that warrant special consideration for enterprise security programs in the new year. Listen in and tell us what you think! Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael F…

It is crucial to know what role the CISO/security leader plays when it comes to risk. In today's #CyberSunday Michael talks about working with asset owners/business leaders before, during, and after a risk assessment. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editing By: Lauren Lynch Keep up with…

Risk assessments have inherent value for the business if done correctly. But there can also be explicit value for the business in performing a risk assessment and implementing a security program based on that assessment. In this #CyberSunday, Michael talks about both. Mentioned Twitter/X Post: https://x.com/mattjay/status/1730618458272866622?s=46&t…

About this episode: We’re back with our regularly scheduled programming! This week our hosts sat down with Tony Turner, CEO of Opswright and HSC Speaker, to discuss his talk “Leveraging Historical Software Failures to Strengthen Cybersecurity: The Nexus Between Catastrophe and Cyber Resilience”. They also dig into OT infrastructure, how security fi…

Before you can figure out what risks to accept, you have to prioritize the risk. Before you can prioritize risk, you have to get visibility in your environment to determine what your risks are made of. In today's #CyberSunday, Michael talks about the benefits of risk prioritization and visibility into your environment to find those risks. Mentioned…

We’re back with another episode from HOU.SEC.CON 2023! In the second part of this series Michael and Sam are joined on stage by Tom Cline, Sales Director with Skybox Security and past guest Phillip Wylie, Security Director at Alias Cybersecurity. The guys discuss how cybersecurity posture management tools have exploded due to the extensible and ubi…

A CISO recently shared a LinkedIn post regarding speaking engagements. In this post he advised security leaders to ONLY accept paid engagements as their time is valuable. In this week’s #cybersunday Michael, who is not only a CISO but the founder of a cybersecurity conference, pushes back on this idea in favor of giving back to the community by sha…

Did you miss HOU.SEC.CON 2023? No worries! We recorded two episodes of HOU.SEC.CAST on stage just for you! In our first episode Michael and Sam are joined on stage by Kent Noyes, Senior Director of AI Security at WWT and Brad Green, Cortex Systems Engineer at Palo Alto to discuss everyone’s favorite topic – Artificial Intelligence. This episode was…

Reviewing accepted risks is a crucial part of a risk management program. In today's #cybersunday, Michael talks about some important best practices like considering risk tolerance changes, involving business units in your review process, and others. Want to reach out to the host? Email us at podcast@houstonseccon.com Hosted By: Michael Farnum Editi…

Some recent notable #cybersecurity breaches have come from #socialengineering attacks. Humans are always going to fall for this, but we can help lessen the success of these attacks via awareness training. Michael talks in today’s #cybersunday about how #securityawarenesstraining can be targeted and doesn’t have to be so boring and difficult. Want t…

If you're looking for an MDR (Managed Detection and Response) vendor, the temptation is to think of them as a product company versus a services company. On this #cybersunday, Michael talks about why that happens, why it can lead to more confusion when trying to decide which vendor to go with, and some of the things you need to think about that can …

We’re just over 2 weeks away from this year’s conference and we’re bringing you another episode featuring one of our upcoming speakers, Thomas Pace! Tom chats with Michael and Sam about the relevance of college degrees in the cybersecurity industry, the big gap he saw in industrial control systems leading to the founding of Netrise, building a star…

The Barracuda ESG Vulnerability is still causing havoc, with the vendor telling their customers to replace the box. In this CyberSunday, Michael discusses some of the implications and considerations of this kind of vulnerability in an important and widely-deployed security device. Things Mentioned: · https://www.mandiant.com/resources/blog/barracud…