In this episode of the Cyber Consulting Room podcast, host Gordon Draper sits down with cybersecurity experts Catherine Goodwin Garcia and Bradley Busch to explore their unique journeys into the field and the critical role diversity plays in driving innovation. Catherine opens up about her unconventional transition from ballet to cybersecurity, emphasizing the importance of mentorship and advocating for greater female representation in the industry. Bradley shares his shift from aerospace engineering to cybersecurity, stressing the value of continuous learning and adapting to the evolving tech landscape.

Together, they dive into the challenges women face in cybersecurity, the power of mentorship, and the need for inclusive, supportive environments that foster innovation and resilience. The conversation also highlights the importance of diversity in cybersecurity, not only for fostering creativity but also for improving security strategies.

Brad and Cathy also discuss the evolving threat landscape, focusing on the crucial role of human factors in cybersecurity. Brad underlines the significance of understanding people in tackling threats like social engineering and deepfakes, while Cathy stresses the need for collaboration across teams and the importance of building support networks to combat CISO burnout. They also touch on the changing responsibilities of CISOs and initiatives like Cyber Chix, which are working to create a more inclusive, supportive space for women in the industry.

If you're passionate about making a difference in cybersecurity and want to learn more about building a diverse, inclusive community, tune in and be inspired to take action! Join us in promoting innovation, resilience, and inclusivity in this dynamic field.

In This Episode:

• (00:00:02) Introduction to the guests
• (00:02:29) Catherine's journey into cybersecurity
• (00:09:27) Bradley's background and transition
• (00:12:17) Common biases women face in cybersecurity
• (00:17:13) Unconscious bias in hiring practices
• (00:19:26) Gender expectations in the workplace
• (00:21:03) Biases in design
• (29:53) - The evolving threat landscape
• (30:33) - People as strengths and weaknesses
• (32:08) - Managing emotional responses
• (34:18) - Building support networks
• (35:16) - Emerging cyber threats overview
• (37:43) - Evolving role of CISOs
• (40:03) - CISO burnout and support
• (42:16) - The need for team collaboration
• (47:00) - Advice for women in cybersecurity
• (50:49) - Introduction to Cyber Chicks
• (55:14) - Learning the trade safely
• (56:18) - Resources for aspiring hackers
• (57:42) - Transferable skills in cybersecurity

Notable Quotes

• [00:08:49] “Find somebody who you can talk with, who can actually guide you along, is willing to give you some advice from time to time, and be your friend and hold your hand.” - Catherine
• [00:17:13] “Women over 50 are going to have a harder time getting a job; they're going to have a difficult time doing things because they may have been out of the industry for a while.” - Catherine
• [00:22:33] “One of the things that I really resist is when another male says, ‘Oh, I'm off to do daddy daycare, I've got to look after the kids.’ I'm like, no, that's called parenting. You are that child's parent.” - Bradley
• [00:29:00] “Experience is the thing you get just after you needed it. Now I have experience as I learned from somebody else's place. If age has given me any wisdom, listen

• For more episodes like this visit https://cyberconsultingroom.com
• You can find more information about Cyber Consulting Room Podcast Host at https://www.linkedin.com/in/gordondraper/

Is your cybersecurity strategy truly protecting your business, or just checking boxes? In today’s fast-paced digital landscape, threats evolve faster than updates, and staying compliant can feel like a maze.

In this episode of the Cyber Consulting Room podcast, host Gordon Draper speaks with Chris Hows, Principal Governance, Risk, and Compliance (GRC) Consultant at Mercury Information Security Systems. Chris shares his unconventional journey into cybersecurity, emphasizing the importance of GRC in enhancing organizational cybersecurity. He discusses the significance of understanding various standards, risk management, and aligning security controls with business objectives. Chris also highlights the challenges of compliance, the necessity of tailoring GRC frameworks to specific needs, and offers practical advice for aspiring cybersecurity professionals. The episode provides valuable insights into the critical role of GRC in cybersecurity.

In This Episode:

• (00:28) Chris's journey into cybersecurity
• (01:14) Educational path to GRC
• (02:07) Advice for aspiring cybersecurity professionals
• (02:54) Defining governance, risk, and compliance
• (04:19) Understanding compliance challenges
• (14:39) Benefits of the ASD essential framework
• (16:30) Challenges of implementing ISO frameworks
• (17:40) Understanding control intent
• (22:44) Zero trust principle
• (24:14) Identifying cybersecurity risks
• (29:47) Shared responsibility model
• (39:33) Software compliance and updates
• (41:11) Regulatory evolution in cybersecurity
• (42:18) Accountability for cybersecurity
• (43:37) Best practices for compliance
• (45:17) Intent behind compliance frameworks

Notable Quotes

• [05:10] “If you just try to tick a box, potentially you might actually miss one of the core foundational things of what you're trying to do.” - Chris
• [11:42] “Each business does need to sit down and decide how much risk is appropriate for them based on their context and based on how much they're potentially able to lose.” - Chris
• [21:19] “You really need to understand what your threat is and tailor your risk assessment and controls to your needs.” - Chris
• [24:14] “Phishing is so insidious because it’s very simple to double-click on that document someone sent you, and then the game’s already over.” - Chris
• [37:02] “Privacy is an ever-increasing area of regulation. In Australia, it's being looked at again, and we might see something like GDPR coming in the future.” - Chris
• [45:17] “A lot of the things that I've seen is, what would a reasonable person do? If it was your information, would you be happy with these controls in place?” - Chris

Resources and Links

Cyber Consulting Room

• Cyber Consulting Room

Gordon Draper

• https://cybermarket.com/
• https://www.linkedin.com/in/gordondraper/

Chris Hows

• https://mercuryiss.com.au/

• For more episodes like this visit https://cyberconsultingroom.com
• You can find more information about Cyber Consulting Room Podcast Host at https://www.linkedin.com/in/gordondraper/

Can you believe there was a time when cybersecurity wasn’t a priority for most organizations? Just 20 years ago, simple passwords and basic firewalls were seen as enough protection. So, what changed? How did we go from minimal defenses to a world where cybersecurity is critical for survival?

In this episode of the Cyber Consulting Room podcast, host Gordon Draper sits down with Matt Strahan, director of Volkis Offensive Security Consultancy. They discuss Matt’s nearly two-decade journey in cybersecurity, from his university days to becoming a penetration tester and co-founding Volkis with Alexei Doudkine.

The conversation highlights the evolution of cybersecurity, emphasizing the importance of creativity in penetration testing and the challenges of industry commoditization. Matt shares insights into Volkis’s transparent approach to security, the significance of effective reporting, and the growing trend toward continuous testing to tackle emerging threats.

They also explore the dual role of offensive security—identifying vulnerabilities while helping organizations address them. Effective communication, empathy, and technical skills are essential in this field. The integration of AI in security practices is discussed, along with the need to balance technology with human intuition. Networking and continuing education are highlighted as vital for professional growth and community support.

Don’t miss this insightful episode! Subscribe to the Cyber Consulting Room podcast for more expert discussions, and connect with us on social media to join the conversation.

In This Episode:

• (00:36) Background in cybersecurity
• (01:02) Early career and penetration testing
• (02:18) Learning and development
• (04:09) Challenges in obtaining jobs
• (05:04) Vulnerability discovery
• (07:43) Evolution of cybersecurity risks
• (11:50) Creative problem solving
• (24:47) Focus in cybersecurity
• (48:23) Gaps in access control
• (01:15:57) Passion for education
• (01:17:10) Community engagement
• (01:18:13) Conference atmosphere
• (01:18:01) Closing remarks

Notable Quotes

• [01:02] "Back then, cybersecurity was more of a curiosity, a hobby that people might get attracted to just because it was a bit of fun. It wasn't serious like it is now." — Matt Strahan
• [45:22] "The identity of the user is now one of the security boundaries, and that raises a lot of complexity with the interaction of multiple software service applications." — Matt Strahan

Our Guest

Matt Strahan is the Managing Director of Volkis, a leading offensive security consultancy specializing in penetration testing and red teaming. With 17 years of experience in the cybersecurity field, Matthew has played a pivotal role in helping organizations strengthen their defenses against evolving cyber threats. Beyond offensive security, he has guided companies in shaping their security strategies, enhancing compliance, optimizing operations, and managing risk. His expertise spans both technical and strategic aspects of cybersecurity, making him a trusted advisor in the field.

Resources and Links

Cyber Consulting Room

• Cyber Consulting Room

Gordon Draper

• https://cybermarket.com/
• https://www.linkedin.com/in/gordondraper/

Matt Strahan

• For more episodes like this visit https://cyberconsultingroom.com
• You can find more information about Cyber Consulting Room Podcast Host at https://www.linkedin.com/in/gordondraper/