Ep.12 Advisory Board | The Advisors Have Arrived!
In This episode of The Cybrary Podcast we are happy to welcome Cybrarys new Advisory Board. The members include Chris Kubecka the CEO of HypaSec, Chris Hodson the CISO of Tanium, Vishal Gupta the Global CTO and SVP of Unisys, and Ed Amoroso the CEO of Tag Cyber. It was hard to contain all this knowledge in one show but we are glad to have them on the Cybrary Team!
Share it with friends now!
Cybrary Inc. has been in the field of teaching cybersecurity since the past few years and has over 25 million members on the platform. But do you really know what fire-power has been behind the creation of the content and who is the advising team behind all the awesome content that you study? Well, in this episode Leif Jackson introduces you to the awesome people of the Advisory Board at Cybrary. Chris Kubecka who is the CEO of HypaSec in Netherlands works on advising governments about strategies and tactics involved in cyber warfare and offensive security. She aims to help Cybrary to provide quick and accessible training to be able to fight against all the security threats. Next up is Chris Hodson who is a CISO at Tanium. He got to know about Cybrary through some of his employees and he aims to provide the amazing members of Cybrary with the best and updated curriculum in the field of cybersecurity. Another awesome person is Vishal Gupta, CTO at UniSys who is also the member of Forbes Technology Council and the Wall Street Journal CIO Council. He learned about Cybrary through some of his teammates at Symantec and he joined in the goal of Cybrary of informing and teaching as many people about cybersecurity as possible and to create a highly accessible platform where people can learn about cybersecurity. Next up is Ed Amoroso who runs a company by the name, Tag Cyber. He informs that he has been in a teaching and training environment which has always been about instructors with chalk and blackboard and he is intrigued by the method that Cybrary uses to teach their members in a virtual way. He got to know about Cybrary through Leif himself and he came as an instructor on Cybrary and he has been loving the journey since then. Cybrary’s Advisory Board Podcast then starts the discussion on some of the newer trends in cybersecurity and how Cybrary is playing a role in filling in those trends. The conversation is started by Chris Hodson who discusses the application and how you would embed the DevSecOps in workloads. And he reminds that in his time the whole process of penetration and security testing, discussing over the problems and then figuring out what to do and what not to do took over 3 months and now in today’s world the same things have not changed and we still have to complete the same requirements of cybersecurity. The only difference seen is that instead of taking 3 months you now have to do the same thing at much swifter speeds. Leif then inquires how he sees how Cybrary is filling those gaps and Chris praises the way that Cybrary is keeping the content fresh and up to date and adapting to the fast-changing technology. Later Ed Amoroso shares a personal experience when he tried to submit his book to a publishing press and they had an amazing reaction when they were suspicious as to why you would need to publish a book on cybersecurity when a book was presently in the market that someone wrote seven years ago. If we look at today’s time, seven years have changed everything and Ed puts it that it took a lot of convincing to publish that book. Further on Vishal Gupta puts forward the point building upon the previous two points that we need a lot of good training to make the people more aware and much better in the field as there are going to a lot of jobs in this field. On the point of development Chris Kubecka says that how the world has gone from analog to digital and everything is interconnected and cloud controlled and thus it requires more secure methods and better people in cybersecurity. Thus then the points continue to show how there are many services that are faster and better to allow people to condense a whole 700 page book into a 15 minute summary. And how the newer generation is able to grasp so much information in a minute time period and the standard of education has changed from just 10 years or 12 years to lifelong education. This should be used in the betterment of the world to provide training to students to improve the standard of cybersecurity and fill in the gaps of the digital world.
Leif Jackson: Hi everybody Leif Jackson here with our Advisory Board super excited to have you all here I'm just really excited for today Quick question for all of you so just want to have you introduce yourselves and then talk a little bit about you know why cybrary and you know why I joined the board right So Chris can we start with you?
Chris Kubecka: Oh sure. My name is Chris Kubecka and I'm the CEO of HypaSec in the Netherlands And I do a lot of stuff and things in cyber warfare and offensive security and advising governments on various strategies and tactics and I joined the board of Cybrary because from at least my point of view the way that the digital world is going is we have digital bombs flying at us at the speed of light and we need to have accessible and quick training to be able to thwart a lot of those different threats.
Leif Jackson: Cool And how'd you find us originally?
Chris Kubecka: Well I ended up finding Cybrary through a friend who happened to do a course whose name is Jeffman and he brought me to a party over in Las Vegas and I ended up talking to some of the Cybrary folks there and I got to know Cybrary then and I thought well why not try to join forces?
Leif Jackson: Awesome, Chris how about you?
Chris Hodson: Hi Leif! Chris Hodson, CISO of Tanium I'm just trying to think how I got to know about Cybrary I think it was just through some of my employees and maybe some people in the industry that I was speaking with who wanted access to Chris's point to kind of a real kind of broad set of cybersecurity information and also making sure that that's multimedia as well not just videos but actually being able to back that up with some community conversations and learning from others in the industry so I came on board actually as a mentor originally kind of helping people in the industry I've worked in end-user environments for kind of I think 16 or 17 years as a CISO and architect a designer an engineer so I want to get real world experience to give to people starting out in cybersecurity so moved on from there to the Advisory Board where you know we have the opportunity again to give our views from the field on sort of shaping the direction for curriculum for Cybrary giving that feedback
Leif Jackson: Awesome Thanks Chris. And Vishal!
Vishal Gupta: Hey Leif, and team this is Vishal Gupta I'm the CTO at UniSys I'm also in the Member of the Forbes Technology Council and the Wall Street Journal CIO Council I learned about Cybrary more from some of my teammates at Symantec first and I was intrigued that this company was actually local since I'm based in DC as well and then I had the opportunity to get to know Leif And I did think you know I was inspired by the mission because you know we know in 2021 there'll be 35 million unfulfilled jobs in cyber and Cybrary has 25 million people on this platform so I thought if anybody can do it these guys can and so you know here I am and you know hoping to see if we can change the balance and get a little bit ahead of the challenge that we're facing with Cybrary.
Leif Jackson: Awesome. Appreciate it. And Ed?
Ed Amoroso: Well great. I'm Ed Amoroso I run a company called Tag Cyber the research and advisory I've been doing cybersecurity for almost 40 years now seems like forever and have had a lifelong commitment to training and education mostly in kind of traditional areas so I guess I represent maybe a a demographic that grew up with opinions about learning that might be kind of traditional perhaps even a bit curmudgeon at times where I was always sort of in a staunch advocate that you know the way God intended learning to be as even the instructor in front of a room with a blackboard and a piece of chalk and be quiet and listen but I've learned over the years that that can really be improved on and I know so I'm an example of somebody who you know old dog being taught some new tricks and Leif when you and I met we did a couple of courses together so I kind of came to Cybrary as an Instructor frankly and I loved it and and I've grown to really appreciate the community aspect and some of the things that are really quite innovative about the way the company works in the way you know these new approaches to learning you know progress so I'm glad that I've was at least somewhat flexible enough to to take on some new approaches so I'm very happy to be here helping and it's it's been a fun, fun journey.
Leif Jackson: Well thank you Ed! I think you speak to hey we're with the Blackboard kind of thing you're using 20th century tools to solve a 21st century problem so here we are right, and we appreciate having you as well so, I mean just so excited so many questions but I think let's just start with like some of the trends that you're seeing in the space and how do you see Cybrary helping out in those trends? So, anyone want to start?
Chris Hodson: Oh I'll take a few around ensuring that you don't just have technical training, that you have training around methodologies and processes something I get asked about fairly regularly is around this whole DevOps Culture, and DevSecOps more pertinently how would you embed security into environments where you have ephemeral workloads? You have continuous integration and continuous delivery pipelines I remember in my end user days you would have a security assurance activity You could run a pentest for let's say five days you'd have the results sent to your organization you'd have five days to discuss them and then someone might make a decision on go-no-go the whole end to end process is like three months those requirements for cybersecurity still exist protect information but we now have to do that at breakneck speed so that's a trend that I'm seeing you know when we have infrastructure as code and you can deploy servers in seconds how would you ensure that you still have that security assurance and that integrity of solutions? So that's probably number one and I suppose directly related to that is kind of cloud architecture when I did my MCSE and my CompTIA Exams way back when everything was on prem everything was physical hardware in a data center and challenge I'm seeing now people trying to shift from that world to learning about micro-segmentation zero trust and like I said a femoral workloads So there were a couple that I'm seeing at the moment.
Leif Jackson: And how do you see us playing in those spaces?
Chris Hodson: Just keeping the creator network up to date keeping content fresh getting feedback from your students as well over kind of maybe potential gaps in areas that they want you to explore further but you know we never seen technology change this quickly so the curriculum needs to adapt and I think that's why having us here to give our opinions I hope anyway is going to be useful.
Leif Jackson: Absolutely.
Ed Amoroso: You know on this topic of speed and agility I have a personal story that it might might help show the difference between the old days back in 1990 I started writing a textbook in cybersecurity and and about two years later I pitched it to what's now MacMillan and it was then Prentice Hall and I'll never forget the reaction they had them when I sent this manuscript 400 page manuscript on cybersecurity they said we already have a book Dorothy Denning wrote one seven years ago, so why do we need another cybersecurity book? And I said well a couple of things have changed and it took quite a bit of push for them to agree to publish the book thinking why would you possibly need a second cybersecurity textbook when we had a I mean just compare that to where we are now where things changed so quickly. Threat changes, Technology changes, the expectations of teams around your ability to ingest and then get real productive fast as have all changed and I just think it's funny to compare it back to a time when we measured progress in decades as opposed to minutes so that again I think that's part of the the value of a community such as the one Cybrary sets up because it's supportive it's not easy, it was easier than if you'd read a book and it was worth it because it would stick with you for a while now you really do need the supportive elements of of a network and a community to help you keep up it's not so easy anymore.
Leif Jackson: Makes sense.
Vishal Gupta: So maybe just building on that I think as we're all discussing the world is changing and changing very fast I think we need a new way to learn and I do think Cybrary has the opportunity to be that platform because the threats are evolved, you know we need learning at the speed of threat and if you think about what that means there are 58% of the organizations got breached you know in the last two years this means you know we need not just to bring new people into cybersecurity we need to also train the existing people that are there into how the threat landscape is changing. As Chris said you know cloud will do $500 billion in 2023 a lot of the workload is shifting there the way you protect a cloud is way different than how you protect on prem the way you protect an IOT device which is out in the field is very different than what you can do with your computer you know how to even track it How do you get visibility to it? And so I think the world needs a new learning platform that can be personalizable that can be nonlinear that can scale fast that can scale at the speed of the challenge and that I think is the opportunity that we all have.
Chris Kubecka: Yeah I mean the world has definitely changed We have gone from an analog world to a digital world and everything is basically an IOT device and one way shape or form and you can think about aircraft you can think about cargo ships you can think about building management systems there are elevators that are connected to the internet and this has gotten to be so concerning that I was speaking on an event for transparency and control of IOT devices at the United nations IGF in November and presenting some of those threats and risks. Now how do you address that if you are not able to take the newest and greatest training that has matched up with some of those threats it's moving so fast continuous in cybersecurity. And how do you also do that if you would have to go to a more traditional training place and travel and get things approved for travel and miss out work miss out on your familyI see Cybrary as very beneficial because you can take short bite size exactly what you need pick and pull at the moment that you need it anytime and anywhere just like the digital world is now because of cloud become from a very very big analog world to a very very small digital world and data is everywhere and you need it now. So I see a lot of benefits in the model of Cybrary because of that.
Leif Jackson: Absolutely. Thanks very much! And you know building on that like what do you think the world looks like if we're successful, right in the next 10 years or so?
Chris Hodson: I think Ed was some summing it up well when he talked about kind of pace of change in books you know if you're successful and information is consumed in a bite size model, then that's the way that people will receive that I think we're already seeing that outside of the cyber world. So I mean I subscribe to a service called Blinkist so instead of reading a book cover to cover that might be 700 pages there's a 15 minute version of it to get the salient points now you might miss some of the detail and the detail might be relevant for a particular role or maybe even personal enjoyment but you're still getting the information you need to do your job. Now as Chris was saying about technology being so vast and there being so many different connected devices in different sets of technology you know you don't have the luxury always of having a 700-page book that you can go through to cover to cover you need to find an index you need to be able to go somewhere get what you need when you need it and I think if Cybrary is successful that will be the de facto way of learning.
Ed Amoroso: You know you can kind of talk about things that won't change and things that well like like here's what won't change in the irony is I'm going to describe things that that are changing that's what won't change but threat for example it's going to continue to progress don't even think that's going to slow down In fact it probably accelerates technology change that's going to continue to progress. You just have to assume that you know something you learned now is likely to be obsolete in some short period of time. So that is a given and then the business landscape continues to change. You look at it's fun to look at the like the Fortune 100, 30 years ago and you see a lot of companies go, wow, they went out of business and then wow it's a very different profile. So as a career learner you have to start with this assumption that those things will continue to change but here's some things that won't change. Or you know things that I think in a sense are important for a human being I don't think your ability to ingest information and to learn as a human being at some point will like you're going to hit a hit a wall like I think you can read so much you can ingest so much I don't think you could do any more than young people do now online. Right? I mean you look at the kinds of things that young people are being exposed to on the internet. I think your brain will explode if it's any anymore. So I do think at some point you know your question where's this all going I think at some point you have to level out and there has to be a common kind of approach to learning that's not this future way of doing it becomes the accepted way well subject to the things that changed before and I think these themes that we talk about community network online supportive those sound like the right words to me So I think if you get to the point where that's normal as opposed to, wow let me tell you about this innovative thing we do with community and network I think that has to be the norm again in cybersecurity we have to assume threat business technology, those things are going to be changed those are definitely if to assume that but maybe we can get to a point where you match up community network support with with the human being's ability to learn And that becomes a new norm I hope we can get to that and it was a lot of complex themes that are in there but it's important because the vast majority of people right now learn in a school setting that's still pretty traditional and then you go look I'm guilty I teach in two universities. It's still pretty traditional, I still stand on Blackboard and I lecture. Is that optimal? I think probably not. And I think that if anything getting to the point where it's assumed that community means learning and it's assumed that you don't just zero in on something on your own and learn without a network of supportive people and it's and we know the technology and people all those things go together that'd be a nice future I hope we can get to that point We're definitely not there today, you know sort of global I think Cybrary gives a little peek into what it can look like but I hope we get to that norm because then that probably makes us all smarter it makes it a little easier to ingest and learn. So I hope that's where we go.
Vishal Gupta: That's a great one, and it's hard to top that so I'll just maybe give some brief thoughts. I think you know in my mind it's not if but it's a when. So “when Cybrary is successful” not “if cyber is successful”. What I think that success will look like are maybe three parameters. One you know we're headed to this world of not one time but rather a lifelong learning and and my hope is for the world of Cybrary is going to be able to make that lifelong learning vision happen for the people who are interested in working in this field. The second piece which I thought was very eloquently mentioned by Ed was you know we don't need we already have a hundred times more content than before and if all Cybrary did was multiply that by another a hundred times that's not what's useful. What's useful is to actually be able to very dynamically assess what's truly needed and be able to present that in a compelling digestible way, so we can more intelligently go after this threat landscape instead of everybody watching you know reading 500 books of 800 pages each or watching you know a million hours of video. So none of those two approaches will work right? So it's a dynamic consumable interactive content that will work. And I would say the third part of it which I think as Cybrary becomes useful as I do think cyber is key to our digital future. Right now cyber is slowing the digital future because we've already about anything becoming digital and and what the impact will be the IOT hasn't fully taken off because of the issues with cyber the cloud gets people are afraid to adopt cloud because of the issue with cyber and I think as cyber becomes successful and as cyber become just like we have internet access It's there we don't think about it so my hope is we're ultimately able to make cyber as just another thing that we have to just bake in as we create a product, an offering and the learning that cyber provides is able to enable that vision.
Leif Jackson: I appreciate that! I appreciate all the advice and support that you give us. Just for our audience any concluding thoughts?
Ed Amoroso: I'll offer one quickly. I think that the idea that lifelong learning Is the new approach is kind of cool Right? Cause we all grew up with this idea that you know when did you go to school? Oh I went to such and such and I graduated at such and such and then it's like I'm done I don't want to do that anymore I think the idea that maybe it never ends is freely cool I love that idea of you know instead of this thing you learn and then you live it that that's a really cool concept and something that I would recommend that you guys continue to push I think it's good for everyone.
Leif Jackson: Yep Absolutely. Yeah!
Chris Kubecka: The world is a very dynamic place and one of the things that I look for when I hire people and hire teams and set up teams for, like really large incident management is are they continually learning? Do they have a passion for it? What are they doing? A hands on to keep that going and Cybrary also provides hands-on learning experiences as well so you can try things out in a safe environment Then you have the support of the community and mentors as well so if you have any questions to ask you can go ahead and ask directly to those individuals those content community creators so I really enjoy that because when I need people today I need people with today's skills and that's one of the reasons why I like Cybrary so much.
Chris Hodson: Just a final point for me following on from Chris's point there I think cybersecurity for far too long has had this obsession with specializing very early on in your career I think it's the opposite of let's say the medical profession where you go and try various different areas and then you specialize there I don't know anesthetist or something in cyber we seem very quick to say that someone is like I don't know an AppSec Engineer or they work in Cryptography and I think what Cybrary gives people is that opportunity to be curious to go out and try various different types of content because I've seen too many good people leave the profession because they just got pigeonholed into an area far too early
Vishal Gupta: So I think I would just add saying you know if we can enable for the individuals to be the lifelong learners for the companies to be you know fearless digital natives who where they can ultimately solve their up their cyber talent challenge that they've had forever and then for creators of new ideas enable cyber to be an accelerator and not an inhibitor which is what has become then I think that's the vision I think that's the opportunity that we have in front of us and I think that's what Cybrary can truly help enable.
Leif Jackson: Wonderful! Well I appreciate it guys. Thank you so much for your advice and support and and I've learned so much from all of you. So I appreciate that.
Chris Hodson: Thanks Leif.
Leif Jackson: Thanks so much.
Chris Kubecka: Thanks