Did you know the best way to bring down hackers is to punch them in the face? That if you don’t have a seven screen set up you’re a rogue amateur? Or that the best hackers have fins?

This Episode we are joined by Simon Painter a senior software engineer with nearly 20 years of experience in the industry and author of the book Functional Programming with C#.

In this episode, Hack The Movies! The Best And Worst Hacker Movies Part 2! Our regular programming has been hijacked to bring you a discussion on the best, and worst, hacker movies! In this episode we cover The Beekeeper (2024), Swordfish (2001), Jonny Mnemonic (1995), Paper Man (1971) and The Italian Job (1969).

So boot up that modem, turn off the lights and enter the deepest darkest web of hacker forums, and try not overload your memory bank, as we explore this sometimes brilliant and sometimes bonkers sub-genre!

Show Notes

A Developer Goes to The Movies! Simon’s fantastic history on how technology features in films

Paper Man (1971)

About SIMON PAINTER

With nearly 20 years of software engineering experience across various industries, Simon is a Senior Software Engineer at Talos360. Simon is also a Microsoft Most Valuable Professional (MVP) since 2023, an O'Reilly technical book author, and a public speaker at IT events worldwide.

His core competencies include C#, JavaScript, React.js, and Microsoft Azure, as well as ITIL and computer security.

LINKS FOR SIMON PaINTER

Simon’s Website

Simon’s Linkedin

Simon’s Book, Functional Programming with C#

We all know running a cybersecurity function is expensive and many of us have a hard time successfully negotiating the budgets we need to keep our organisation safe.

But what if we let you in on the secrets of successfully securing your cybersecurity budget?

This week we are joined by Scott Robertson, CFO of CreateFuture and he gives us the insights on what you should ask for when it comes to your next yearly budget, how to ask for it and crucially (because timing is everything when it comes to money!) when to ask for it!

Key Takeaways:

What Does a CFO do? A CFO is not just about managing financials but also safeguarding assets and ensuring future stability through effective risk management.

Time Your Requests Strategically: Discover the optimal timing to approach your CFO for budget increases and how to align your requests with the organisation's financial planning.

Quantify the Cost of Risk: Learn how to effectively communicate the potential financial impact of cyberattacks and the value of preventive measures.

Build Strong Relationships: Cultivate relationships with key stakeholders, including the CFO and other executives, to foster trust and support.

Prioritise and Justify: Identify critical security needs, prioritise investments, and present a compelling business case to secure the necessary budget.

The data landscape is changing faster than ever, and with it, the security threats - so whose responsibility is it to make sure your data is safe? Is it the data team? Or is it the cyber team? We tackle this question and more with Head of Data at AND Digital, Tim Hatton.

From leveraging AI to secure data to the importance of real user testing, to how Tim threat models his client’s data capability, you won’t want to skip this ever-important topic!

We also talk about ‘data mesh’ and if you’re not familiar with that term - it’s a data management framework that decentralises data ownership and responsibility to the teams that use the data. The idea is to make data more accessible and available to business users by directly connecting data owners, data producers, and data consumers.

So you can see why we thought that was an important topic to cover because, with this model, comes a lot of trust in others doing the right thing when it comes to data security!

So you won’t want to ‘mesh it up’ if people are following this framework in your organisation.

Key Takeaways:

Test User Journeys with Real People: Assumptions don't cut it—Tim emphasizes the importance of validating user journeys with real-world testing to ensure effective data usage.

AI and the Data Deluge: Friend or Foe? We explore the booming trend of AI in data management, but also ask the tough questions: Can AI be used for good in cybersecurity? Can it even help solve cold cases?

Holistic Data Security Assessments: Discover Tim's approach to assessing clients' data capabilities and security, involving both data and cybersecurity teams for comprehensive protection.

Maturity Matters: Responsibility for Data Protection. Tim reveals a surprising trend - immature organizations might have stricter controls! Discover how your organization's maturity level defines data security ownership.

The Future of Self-Sovereign Data: Explore the concept of self-sovereign data and why it might be the future of personal data management and security.

Show Notes

Book - Wicked Beyond Belief (The one I mistakenly said was Helter Skelter)

An Article on Self-Sovereign Data

About Tim Hatton

Tim Hatton has been working in digital since before it was called digital. Over the course of his career, he has worked on data and digital transformation projects for some of the biggest companies in the world.

He joined AND Digital in 2016 and is currently Head of Data. At AND he has worked on data strategy projects for clients in industries including finance, travel, publishing and retail as well as for several government departments.

Tim joined AND from Accenture Digital, and prior to this Tim ran his own digital marketing agency for many years, and co-founded a number of dotcom start-ups during the 1990s, none of which made him a millionaire but all of which taught him a great deal.

Tim is a regular speaker on digital topics at AND Digital events, for AND’s clients and in the media.

LINKS FOR Tim Hatton

Tim’s LinkedIn

LinkedIn is very divisive! Some people love it, and others hate it and everything it stands for. And if you’ve ever hangout on the subreddit, LinkedIn lunatics, then you can see why.

Now for all the braggarts and the ‘what working during my wedding taught me about b2b sales’ posts, there is a lot to like about LinkedIn and many opportunities to be had…if you do it right!

We can all learn how to be good LinkedIn citizens, So if you’re LinkedIn has two followers, or 20,000, there is plenty to be getting your ears around in this conversation with John Moore -the question is…have you endorsed me yet?

Key Takeaways:

Why Humour Makes You Human (and Helps You Get Hired): Ditch the cringe! Learn how humour can break the ice and make your cybersecurity expertise more relatable.

Building Your Personal Brand Brick by Brick: Discover John's three-pronged approach to building a lasting LinkedIn legacy (think Time, Effort, and Commitment!).

Embrace the Journey: Failure is Fertilizer (But Not Fertilizer for Your Profile): Don't shy away from sharing lessons learned.

The Power of Storytelling: Learn how to craft compelling narratives that resonate with your audience and build genuine connections.

LinkedIn as Your Digital Shopfront: Make sure your profile shines!

Show Notes

Negotiate Anything Podcast

Humour is Serious Business in Cybersecurity Compliance

About John Moore

John C. Moore brings over two decades of dynamic experience in recruitment and operations management to his role at TekBank. With a keen eye for talent assessment and acquisition, John has mastered the art of full-cycle recruitment, excelling in sourcing, screening, and onboarding top-tier candidates. His expertise extends across diverse areas, including IT recruitment for commercial and government sectors.

LINKS FOR John Moore

John’s LinkedIn

TekBank

No new episode this week because we’re are both speaking at the AI for the Rest of Us conference this week.

So instead we’ve hit up the vaults for the wonderful Paula Cizek, Chief Research Officer at Nobl. She guides leaders and teams through the change management process, from assessing the organization’s readiness for change to implementing initiatives. In this episode, we explore the fascinating topic of Corporate Change and how its lessons can be applied to cybersecurity.

Normal service resumes next week but for now keep secure!

Show Notes

Asana’s guide to running Project Pre-mortems

How to “Start with the Skateboard” - Spotify

Explaining Fail save vs Safe to Fail changes - NOBL

Barriers to Change - NOBL

How long does it take to make organisational change? NOBL

Complexity Science Explained - Complexity Explained

An introduction to Network theory

Blending Complexity Science and Network Theory

Disentangling Risk and Uncertainty: When Risk-Taking Measures Are Not About Risk

Negotiation Tips - Getting Comfortable being Uncomfortable

Psychological Safety - McKinsey

About Paula Cizek

Paula Cizek is the Chief Research Officer of NOBL, where she guides organizations through large-scale transformation. A thought leader in change management and change resistance, she specializes in translating complex concepts into simple, practical tactics that deliver immediate and meaningful change.

Before joining NOBL, she was Innovation Manager at the IPG Media Lab, advising brand and media clients on emerging technology. Prior to that, she was Senior Innovation Consultant at Mandalah, where she led consumer behavior and brand strategy research for brands around the world. She's worked with a diverse roster of clients including Warner Bros., Chanel, Capital One, Bayer Pharmaceuticals, Airbnb, Chipotle, Grupo Bimbo, and more, and she's been published or quoted in publications like BrandingMag and Women's Wear Daily. She graduated from Georgetown University, majoring in Marketing and International Business.

LINKS FOR Paula Cizek

Paula’s LinkedIn

NOBL

Dreaming of a career in Cybersecurity? Currently a Student and wondering how to succeed?

In this episode, we are joined by Dr. Thalita Vergilio. Thalita is a passionate technologist and cybersecurity expert dedicated to demystifying complex concepts.

This episode is for those dreaming of a thrilling career in cybersecurity as Thalita gives her roadmap for success from cybersecurity student to your first job in cyber.

She also highlights where cybersecurity professionals can do better now that she’s on the other side, working with developers as a consultant at Create Future. So it’s not just an episode for students!

Key Takeaways:

From Consultant to Lecturer to Consultant Again!: Thalita shares her unconventional path, including hacking into the university system as part of her job interview!

Are Universities REALLY Preparing Students for the Real World of Cyber? Spoiler alert: It's a complex issue, and Dr. Vergilio spills the tea and makes a bee-line for lecturer of the year (in our opinion!)

What Qualities Do The Best Cybersecurity Students Have?: Learn about the skills and experiences that make a good cybersecurity student, including passion for the subject, tenacity, and resilience.

From Academic to Action: Industry Skills You NEED to Know to Get Your First Job in Cyber: Your education is just the start, so in this competitive market, what are you going to do to stand out?

Bridging the Cyber-Engineering Gap: Developers must be aware of the security implications of their code to avoid vulnerabilities, so how do you go about doing that?

Show Notes

About Dr. Thalita Vergilio

Dr. Thalita Vergilio is a passionate technologist and cybersecurity expert dedicated to demystifying complex concepts. Her extensive experience in organisational transformations and streamlining large-scale systems provides a unique perspective on the intersection of engineering and cybersecurity. Having previously worked as a Senior Lecturer, Thalita is keen to share her knowledge and insights, making complex technical concepts accessible to a broad audience.

Her doctoral research focused on developing a vendor-agnostic, multi-cloud solution for big data stream processing, showcasing her expertise in innovative and efficient data management strategies. Through this podcast, she aims to explore the fascinating world of cybersecurity, drawing on her PhD research and teaching background to offer valuable perspectives and practical insights.

LINKS FOR Dr. Thalita Vergilio

LinkedIn

This episode we are joined by Marcy Charollois. Marcy is a socialtech writer, content strategist, and the founder of Merci Marcy and The Safe Place. Her mission is to enable teams to embody a culture of genuine inclusion beyond superficial measures.

This week we explore the complex, important, and under-discussed topic of diversity, equity and inclusion in cybersecurity.

As an industry, we do an alright job talking about hiring diversity in cyber, but that is not where the topic should end. With more and more people from a wide range of backgrounds and abilities interacting with our security controls, we need to think about whether the security measures we put in place are accessible.

We explore how can make a more accessible cybersecurity user journey, design inclusive password patterns, how to be an ally in this space and make sure that we always act ethically when we think about security.

This episode is a must-listen for anyone interested in creating a more equitable and effective cybersecurity landscape.

Key Takeaways:

Inclusive Security Controls: Marcy explains why diversity and inclusion should be integral to our security controls. It’s not just about who we hire but how we design our systems to be inclusive for all users.

Purposeful Technology: Avoid creating technology for technology’s sake. Always consider the end-users and their diverse needs to ensure the technology serves everyone effectively.

Inclusive Passwords: Traditional password systems can be exclusionary. Marcy discusses how we can make password fields more accessible and inclusive, particularly for those with disabilities.

The Coded Gaze: Our current coding practices often reflect a narrow societal view, excluding many groups. Marcy urges the adoption of accessible design practices to create better security solutions.

Allyship and Continuous Improvement: Being an ally involves continuous learning, listening, and taking concrete actions. Marcy provides a recipe for inclusive UX to help check biases and improve user experiences for marginalised communities.

Show Notes

Marcy’s Talk at WebDevCon - Racism Fuels User Experiences

Unmasking AI: My Mission to Protect What is Human in a World of Machines by Joy Buolamwini

Alba Villamil’s LinkedIn

W3.Org’s Accessibility Standards for Authentication

About Marcy Charollois

Marcy Charoloois is a social tech writer, content strategist, and the founder of Merci Marcy and The Safe Place. She served as the editor-in-chief of WeLoveDevs for two years, where she made history as the first woman, as well as the first racialised and LGBTQIA+ woman, to be hired.

Recognising the lack of representation for people like herself in the tech industry, Marcy took a committed stance to promote diversity. She is dedicated to breaking through the pretence of corporate values and advocating for real cohesion within teams. Her mission is to enable teams to embody a culture of genuine inclusion beyond superficial measures.

LINKS FOR Marcy CHarollois

LinkedIn

Blue Sky

In this Episode we are joined by Kelly Paxton. Kelly Paxton has more than 20 years of investigative experience. Kelly is a Certified Fraud Examiner, author, and podcast host-founder of Fraudish.

This week’s episode asks why it is so hard to commit a crime these days! But when people do, what is their motivation behind it! We also look at the nature of surveillance, how it can be used to catch criminals but also the implications of being willing to bring in surveillance devices into your home and life - yes I’m looking at you iPhone! How fraud in the workplace happens, what are the signs to spot for and how to prevent it happening and how sometimes it’s not so pretty in pink, as we explore Kelly’s specialism, Pink Collar Crime!

Key Takeaways:

I Always Feel Like Somebody’s Watching Me: From personal devices to public spaces, surveillance is a constant presence in our lives. While it can deter crime, it also presents opportunities for criminals to exploit our vulnerabilities.

The Impact of Dishonesty: Delving into the profound repercussions of workplace dishonesty on trust and employee behaviours.

Pink-Collar Crime: Often committed by low to medium-level employees, primarily women, pink-collar crime is more prevalent than you might think. These crimes are usually subtle, with fraudsters blending seamlessly into their environments.

The Impact of Tone at the Top: A company's culture and leadership play a crucial role in influencing employee behavior. Ethical leadership and a positive work environment can discourage dishonest actions.

Show Notes

The BeeKeeper Film

LinkedIn page for Avi Klein

Artist uses CCTV cameras to selfies back to their Instagram page - VICE

LinkedIn page for Mish Aal

Number Go Up: Inside Crypto’s Wild Rise and Staggering Fall by Zeke Faux

Nobody’s Fool: Why We Get Taken In and What We Can do About It by Daniel Simons and Christopher Chabris

About Kelly Paxton

Kelly Paxton is a Certified Fraud Examiner, Private Investigator, and Professional Speaker. She also is the founder of the Fraudish (formerly Great Women in Fraud) podcast. She published Embezzlement: How to Prevent, Detect and Investigate Pink-Collar Crime in December, 2020.

LINKS FOR Kelly Paxton

LinkedIn

Pink Collar Crime Website

Kelly’s Podcast Fraudish