Imagine you're given the secret playbook of the cybersecurity industry, filled with advice from seasoned experts on how to break into this fascinating field. This episode's got you covered, as we chat with industry veteran Israel Brisky, who uncovers how to step foot into this industry, the significance of networking, and the crucial conferences you should make a point to attend. His indispensable insights provide a solid foundation to anyone trying to navigate this complex industry.
Data security and cyber insurance have been buzzwords lately. But do you truly understand their interplay? Our talk takes a deeper look at the intricate relationships between cyber insurers, brokers, risk management firms, vendors, and breach coaches. We also shed light on how the due diligence process for insurance has tightened over the years. Another highlight is our chat with Rick Adams of Hunters, a trailblazing data security company. Rick gives us a low-down on how Hunters is revolutionizing the way we understand and tackle cybersecurity.
Ending this episode on a high note, we have Taylor Lee, the trailblazing CISO and CFO of Leswee LLC sharing her inspiring journey in cybersecurity. Taylor talks about the significance of representation in this field, the need for companies to walk their talk on representation, and the leadership lessons she's learned along the way. Her story is a testament to the power of perseverance and the importance of paving the way for others. So, gear up for another riveting conversation next week. Until then, stay cyber safe!
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
Imagine you're given the secret playbook of the cybersecurity industry, filled with advice from seasoned experts on how to break into this fascinating field. This episode's got you covered, as we chat with industry veteran Israel Brisky, who uncovers how to step foot into this industry, the significance of networking, and the crucial conferences you should make a point to attend. His indispensable insights provide a solid foundation to anyone trying to navigate this complex industry.
Data security and cyber insurance have been buzzwords lately. But do you truly understand their interplay? Our talk takes a deeper look at the intricate relationships between cyber insurers, brokers, risk management firms, vendors, and breach coaches. We also shed light on how the due diligence process for insurance has tightened over the years. Another highlight is our chat with Rick Adams of Hunters, a trailblazing data security company. Rick gives us a low-down on how Hunters is revolutionizing the way we understand and tackle cybersecurity.
Ending this episode on a high note, we have Taylor Lee, the trailblazing CISO and CFO of Leswee LLC sharing her inspiring journey in cybersecurity. Taylor talks about the significance of representation in this field, the need for companies to walk their talk on representation, and the leadership lessons she's learned along the way. Her story is a testament to the power of perseverance and the importance of paving the way for others. So, gear up for another riveting conversation next week. Until then, stay cyber safe!
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
Hello and welcome back to security happy hour. This is the cyber warrior and this is cyber warrior studios. Well, actually, as you can hear by all the noise, we're on site at New Jersey cyber firesides, so it's going to be a very, very interesting show. We've got a lot of things planned and you can see all the people behind me. So look, yes, this is security happy hour. It's a little hectic. We're at a new day, strictly for New Jersey cyber fireside, so it's gonna be an amazing episode. So, as we're about to get started, you know what I love you. Well, oh, we'll be right back here in just a second. You know how I do. I love you, I will be right, but anyways, okay, this is cyber security, this security happy hour. I am the cyber warrior, this cyber warrior studios. We got a lot of people here, so we've got I don't know what 75 people here. So this is what I want for today. We are gonna do. We've got Hunters and Databricks All right, apologies, it's data bricks hunters and data bricks. All our sponsors. This evening. They're sponsoring not only my show but New Jersey cyber fireside, so they are gonna be the first two to talk and then we're gonna get into more and more with Questions from the audience, for everybody else is here and we are talking all facets of cyber security.
Speaker 1:So you name it, ask your questions and we will get them answered, because that is the intent of today. You get answers from the professionals that have been doing his job for years. So it doesn't matter what field whether it's auditing or Red team or blue team or you name it sales, we got them all. And if you want to hear from a few CISOs, we got them too. I don't know why, but we do, apparently, one of our sponsors in a system, apparently. Well, look, start asking your questions in the chat. We're gonna get them answered First. Let's hear from who do you want to hear from first? Don't jump in for just move camera so brisky, if you just want to let them know where you're from and kind of give an instruction about yourself and we'll go from there.
Speaker 3:Sure names Israel brisky CISO Good CISO at my old partners, sec registered investment advisor in New York City. Been there for about five years running their security program.
Speaker 1:That's awesome. So so, brisky, if you were to talk to a junior in the industry, right? What would be Something you would tell them to help them break in Events like this?
Speaker 3:I got my start volunteering at networking events in New York City. So at the time it was New York ISSA the local chapter, the OASP New York City chapter, cloud Cloud Security Alliance local chapter. So how do you get that Local chapter? So find your local chapters that have security. They're delivering security content monthly. Meet as many people as you can and you'll learn. So you'll learn. You'll also network, but don't just attend them. Participate as a. You'll take a lead role. Run the program committee on the cough for papers, run the logistics, anything that you can To With this amazing connections and you'll find jobs With that network over time.
Speaker 1:So we got a really good question here for brisky From our friend Misha. She wants to know are there specific events that are good for beginners?
Speaker 3:I Mean you go really to any. Any security conference, any conference today, large or small though, will usually have beginner tracks, the large ones for sure. So if you want to go to, want to go to RSA it's very large, it's kind of a zoo, you get lost, but they have beginner tracks. You want to go to more targeted conferences like OSP, app set conference, learn about application security They'll have beginner tracks. It's been a long time since I've been going. It's been a while since the conferences I went to growing up I can't remember start with the local chapters, start with those local meetings and then work your way up from there. You'll meet more people, you'll talk them, you get advice from them. But I would stick to the larger conferences because they're mostly you're gonna have a beginner tracks.
Speaker 1:Yeah, that's awesome and that's and that's one of the big things that I talk about. A lot is setting up. You know different conferences, networking especially on social media and B sides, and you know even something like this, which is something that not a lot of people know about, is New Jersey Cyberfire site. So you know, I do you know and, talking to Alex, know that it's gonna go a little bit further and he's trying to expand out. So with that, would you suggest looking into other conferences beyond the norm? Right, so you've got black hat, defcon and B sides. What other big conferences would you suggest that that people look into beyond those? You know big ones.
Speaker 3:So if you're in financial services, I tell you to go to an FS I sec annual summit. So it's kind of it's not easy to get into because those you have to be Working at a financial services firm that's a member of FS I sec. That's criteria. But if you're working at a bank or any financial services that's that is a member of the FS I sec, I would urge you to go to those. Or there are very targeted to financial services. You get to meet all the other doesn't screen that other banks and they're beyond banks now. They're credit unions, the hedge funds, their alternative investor firms and it's it's really seeing on this industry. It's a very financial services have complex technology, complex infrastructure. You learn a lot in any of those firms. I would say go check that, check that conference out.
Speaker 1:Yeah, definitely, that's very important, and I think those are things that people neglect, even us in our industry. Neglect is this If you consider it, I'm going to conferences outside of just cybersecurity. If you go to things like you know, your healthcare conferences, your your financial conferences and things of that nature, then I think that it would lend to being able to speak more to the people that are on the ground floor doing the work, versus just always talking to the executives that are just looking to spend money. Now you're talking to the people that will actually matter. So what would you say to someone who wanted to go to say, I Don't know, maybe in healthcare conference in it had no CISO, no cyber security, no, no, nothing was involved. But, as a cyber security person wanted to go there and hear what they had to say.
Speaker 3:I think that's important. You'll learn. You'll learn new things there. You'll learn if you're ready in cybersecurity and you know the principles of how to protect data. Mayfin interesting. I mean find your secure job out help and anything that's heavily regulated. There's plenty of opportunity, plenty of jobs in security.
Speaker 1:Yeah, definitely I can't disagree with you there. What I would like, though, is you know, I love hearing from you, but we've got a lot of people here, let's see if anybody else has any other perspectives to give. Who's next? He was number one. No, number two is whoever stands up.
Speaker 5:Oh we got Tom.
Speaker 3:Oh.
Speaker 5:What's that make me first loser?
Speaker 1:So, tom, the question is you know, from your perspective, what are the good and bad of cyber security right now, and what advice can you give to newcomers in the industry? So good and bad of cyber.
Speaker 5:Interesting, I would say. One of the bad things is people have started to move to a new paradigm, to what is more like what's good enough. It would be the first thing I'd say. That's become a new habit. It's like it's like the cop. If it's free, it's for me and that would be one of the problems I see in the old days to be like okay, what's the best tools out there? How can I secure myself? The other downfall is they don't pay for a training as much anymore. So part of the skills gap is based on the training. You know, I always look at it as it's like technology without limits. I mean this job is like. The good part is it's like a life of endless learning, so you're always learning, keeping your brain fresh. So that's my perspective on this.
Speaker 1:Yeah, definitely, that's a good perspective to have because, if you look at it, this is a field that you are you, you are constantly learning, you're constantly growing and you should always be doing more to learn every day. And I see that missing a lot of people when they chase money versus when they actually chase education or opportunity or have a passion for the field itself. So, from your perspective, we have a question here from Michelle which actually is very, very valid on on the point here. You know, what Is the one mistake you see people who are changing careers to cybersecurity make?
Speaker 5:waste in our money on college.
Speaker 1:So so you think well, what do you think truly college is? Is a waste, or do you think it's the way it is, just a price?
Speaker 5:No. So a couple of us are on advisory boards for a bunch of universities and I could tell you from our experience everything they're teaching at universities is five to ten years too old, even the foundations. They're not even teaching that correctly. It's like my buddy over there, tom Brennan. We were on a call one day and I like, oh, we just came out with our networking class and I like, okay, do you teach cloud? No, but we teach networking. I'm like, okay, I have fun with that. Tell me how quick students and hired.
Speaker 5:I think students need to be measured on how quick they get hired, how quick they learn. You know, not on every other scenario. There's so much I mean Elon Musk even said it passed I mean there's so much free education out there right now you can go to you, to me, you can go to YouTube and how much you willing to learn on your own before you actually blow 200,000 on a degree. Me personally, if you are gonna go for a degree, it should be like a business degree and have your job pay for it, meaning, okay, I'm moving into leadership, maybe I should go for business management. That's how I see May. I've been doing this for Red team side 24 years.
Speaker 1:You see, I don't have mixed opinions on that, because I think some colleges are teaching the foundations correctly, but I think others are not. So I think, depending on where you're at and what they're teaching, you could have good and bad things about it. But at the same time, I see where you're coming from, because they are just like the military, that the big thing is. The military is always behind and the education and all that they're teaching is the foundations of IT and the foundations of science. So I think we can still hear you on that. Everybody else could hear me, but the people here on stream could not. I think Alex did that on purpose. They heard it from the other. Mike, this is going to be a fun stream. Just say oh no, I love you all, but no, so I do. I think it's one of those things that some colleges get right, some do not.
Speaker 5:The problem is, everybody doesn't get to go to those colleges you go to, like Carnegie Mellon or MIT or any of those Stanford. The average person in the industry doesn't get to go to those.
Speaker 1:And I don't disagree. I think Carnegie Mellon has always been huge about teaching foundations, but they're expensive, extremely expensive, so I don't disagree with that. No, degrees don't need to be cybersecurity degrees. Degrees are MBA. Get a degree and you can get a job. It's just like the military You'll be an officer, right. But anyways, before you go, because we want to bring someone else on, if you give any bit of advice to anybody trying to break it in, what would you say?
Speaker 5:Come be an intern for Alex. Come to fireside chats. I'll honestly find out. Any of the local groups, isc, squared, elwas, whatever. Go out and network and learn from people, because when we first started in this industry I started in 99. It was literally me going out learning from other people.
Speaker 1:Yeah, that'll be. The biggest thing is just learning from others. That's the best way for us to learn.
Speaker 5:Yes, Alex is here to recruit interns.
Speaker 1:So we are going, we got someone new, alex, everything else.
Speaker 5:Go ahead.
Speaker 1:Hold, go ahead and choose yourself.
Speaker 2:My name is Sean Malito and there's a delay and it's really annoying, so I'm managing direct and I don't do this usually, as you can tell. Managing director for Cypher, we're a company that does ransomware negotiations and settlements and recovery and remediation. That's awesome.
Speaker 1:So I got a question here from one of my good friends, an Army veteran. If you were asked to hire someone, what green flags green flags, not red flags what green flags would you look for in an entry level resume? And what are some green flags you would look for in an interview with an entry level applicant?
Speaker 2:On the data security side of things, forensics recovery and remediation? Yep, You're asking the wrong guy. I'll be totally honest with you. I do the relationships between cyber insurance companies breach coaches. That said, I got to think that my team would love people who are willing to learn, that are disciplined.
Speaker 1:So what about from your perspective, in sales or the partnership building that you do? So?
Speaker 2:yeah, it's a huge industry now, cyber insurance. You've got the cyber insurers themselves. You've got the cyber brokers who place the business with the end clients. You've got the risk management firms. You've got the vendors, like people who do what I do, and then you've got the breach coaches, who are the privacy lawyers that handle the claims as they come in. It's kind of it's this massive ecosystem and my job is to know who everybody is and put everybody together when somebody's had a ransomware attack and they need help.
Speaker 1:So, from your perspective, especially in ransomware, are you seeing companies, are you seeing insurance companies, rather especially in that industry, doing more due diligence to seeing whether or not corporations and companies are implementing the right policies, procedures, regulations, frameworks and things like that, or is it still a lot of? Yeah, I checked the box, so you now get insured and you get everything along those lines.
Speaker 2:Yeah, no, the due diligence is a lot more in depth than it was three or four years ago. There's a large cyber insurer called CFC, which they don't even say what they. It used to be called click for cover and you could just basically click a couple of boxes and you get yourself some cyber insurance. They don't do that anymore. There's very, very in depth questionnaires, pages of questions all the way down to is it MFA? Where is it enabled? What systems all of that and if you lie on any of that, there's a good chance you're going to have your claim denied. So people are taking it a lot more seriously now than they did years ago.
Speaker 1:Yeah, definitely. So last question before we move on, because we do have a lot of people here that we want to try to get on If you have any advice for anybody trying to break into cybersecurity or even in the field you're in with developing these partnerships and kind of building these relationships what would you give them?
Speaker 2:It's a great time to get in. I know that there's been a lot of layoffs, but we're not seeing it on the cyber insurance side of things. So if you want to get on the pre-breach side where you work doing pen tests, vulnerability assessments I know a lot of companies are hiring on the insurance side or on the data security side there, and then anybody for any of the vendors where I work and where people like Sentinel-1 and people on the back end work as well.
Speaker 1:Yeah, definitely, and I want to thank you for coming on. It's been awesome having you here. So what we're going to do now is we're going to see who wants to come up next.
Speaker 4:Where's number four?
Speaker 1:Hit the hot mic. Take a good job, man Nice work.
Speaker 6:How are we doing today? Frank Angioleli, I am the Managing Director of MSOC. We are a managed security operations center and our goal is to accurately detect attacks before they cause damage and either prevent them or respond quickly before it gets worse.
Speaker 1:So, as the Managing Director of MSOC, attacks always happen and you can't guarantee ever 100% security. So what would you say is the best way to really lock down something like a ransomware attack or something that hits immediately?
Speaker 6:No complex question, but there's two aspects to SOC, to understand it well. The first one is our adversary is sentient, so we're fighting against human beings, and the second one is they always have the initiative, meaning they can attack anywhere, anytime, from any place. It's almost like defending England against a Viking invasion, and so at that point in time, one of the strategies that really works very well is military type strategies like Cuswitzy. And strategy which are trying to do is you're trying to defend at your strong point and attack them at their weak point. You're trying to interdict their operations where they're weak. And believe me when I tell you red teams adversaries, they have weak points.
Speaker 1:You know I laugh about that and I was saying something because Natalie Baker, who is in the chat right now, she calls herself the SOC queen on occasion, depending on what you're looking at, what platform. But she actually loves SOC and what you're talking about, and so you know, one of the biggest things for her has always been you know, you have to be reactive but also proactive at the same time. Right, so you're trying to stop attacks, at the same time, you have to be able to react. So, in that same vein, how would the MSOC not only help prevent, but what is the reactionary measure like? Where do you really put more of your focus when you're doing things?
Speaker 6:It's an excellent question, and so to describe that, I'll put it to you this way Most people will spell a word the wrong way, but they'll spell it that same wrong way every time. When I do this, I spell a particular word, when I type it out the wrong way, but I do it the same way every time. Adversaries and attackers have the same issues, they will do repeatable patterns, they'll stick with what they know, they'll go for the path of least resistance, and so what you can do in that scenario is, as they come in an attack pattern, they're going to replicate certain things and you can, you know, almost like pulling the pin out of a machine. That makes the whole machine fall apart. That's the goal. The goal isn't to solve this volumetrically, because it can attack anywhere, anytime, and so there's commonalities in their attacks, there's commonalities in the laboratories, and if you can find them, you can drop them in very key points.
Speaker 6:Think about from a funding perspective. In SOC, people will always say, oh, we need more people. Why? We need more people? Because they can attack from everywhere, why? And so today, the solution to that isn't in funding more and more and more with huge, huge amounts of money. It's about using those patterns to find out how you can interdict that adversary without an overwhelming amount of funding and cost and source, because SOC is expensive and we need to keep it manageable to manage the risk level.
Speaker 1:Yeah, definitely. Now, before we go and before we move on to someone else that we want to keep going with more and more, I want to ask if you had any advice to give someone breaking into cybersecurity right now. So you're talking to your juniors, your college students. Whatever the case may be, what advice would you give them?
Speaker 6:Yeah, so I would give you three points In order to be successful. Look for things that you like, that you're good at and that people will pay you for. If you can make those three, you will make a career.
Speaker 1:I love that and and honestly thank you for being on and thank you for being here. And you know what, here at New Jersey Cyberfire Sides, we have a lot of people back there. Holy Jesus, we're going to keep it going, but with that, let's let's get someone new here on the stage and let's hear what they have to say. Alright, so, andy, why don't you give a little bit of an introduction who you're here with and what you're all about?
Speaker 7:Andy Hutchinson. I am a solution architect at Databricks and I support the financial services vertical as well as the cyber asset me.
Speaker 1:That is. That's awesome, so being involved with with that side of things. So is it right for me to say you're more involved with the sales side of how things go?
Speaker 7:Yes, but at the same time I have to share. Sales reps guide the customer in the right technical direction and they're not promising things that we can't deliver on the technical side. So while day to day I spend a lot of time with sales folk, when I'm working with directly with customers, it's mostly technical engineers, you know, directors, things like that, and then in the cyberspace it's directors up all the way to the CISO.
Speaker 1:So so, from a Databricks side, give me a, give me a little insight. You know, being from Databricks is something I haven't heard of before. It's a new company to me.
Speaker 7:Give me a little insight on on how they are innovating and doing things different, yeah, so those who are familiar with Databricks, we are the pioneers in the Lakehouse platform, which is bringing together the centralization of data, browsing and data lakes under one roof. But we also have a kind of advanced cyber SME group. We have a lot of ex government, ex Splunk who have started building things into the platform that make data ingestion as scale easier, as well as detections and automations into the platform based off those data's that you know. We're talking about petabytes worth of data and not just small terabytes.
Speaker 1:And that's huge because you know, when I look at sim, when I look at data lakes, when I look at all these things that ingest data, being able to parse it, being able to really ingest it and do all this different things with it, having that capability is huge. So, in that space and what you do, you know as a solutions architect and being what you're able to deliver through Databricks and things of that nature, what would you say is the key factor to being able to get to where you're at and have the knowledge in this space of Databricks kind of what they do.
Speaker 7:Honestly, when I first started Databricks, I didn't know anything about Spark. I didn't know anything about cyber security, and the best way I learned was by doing. You know, I built my cyber security background by helping one of the largest media and entertainment companies build out their cyber security stack and, you know, learning with them and educating them on all the things Databricks can do.
Speaker 1:That's huge because I think, when you look at it back to being able to learn from the front, being able to you know no matter where you come from, you can really pick up on the field. So, as you were learning, as you were growing in the industry over the past two years, what would you say was the biggest asset to you in being able to learn?
Speaker 7:that All the people around me and the fact that when you're able to ask questions, they'll give you, you know, very straightforward answers, and if you don't ask questions, you're never going to learn from people who know what they're talking about and the experts in the field.
Speaker 1:And that's awesome and I got. I got one more question here. I don't know if you're going to be able to answer it, but we're going to figure it out. How can you get an entry-level internship for Databricks?
Speaker 7:We actually have a pretty robust internship program, usually both from a engineering perspective, and we may even branch out into the candidate headquarters as well.
Speaker 1:That's fantastic. I love internships. I think the more internships that are out there, the better. Final question and this one is for me personally, because I always throw it out there what advice would you give to any newcomer breaking into the cyber security space?
Speaker 7:Don't be afraid to ask questions. Google is your friend for you to get started. But you know, surround yourself with people who know what they're talking about and experts in the field and lean on them for your early education and then you know, grow from that, that's awesome, so.
Speaker 1:So this is what I'm going to do, guys. I'm going to give everybody here we're about 30 minutes in I'm going to give them all a two minute break and we are going to roll with it here in a minute. The mic was muted, so let's try that again. Howard, go ahead and reintroduce me. Can you hear me now, there we go All right.
Speaker 8:So my name is Rick Adams. I'm a senior sales engineer for hunters out of the US East. I'm based out of Tampa, florida. Glad to be here in New Jersey for the fireside chat. Glad to meet everybody online as well too, that's awesome so.
Speaker 1:So yeah, it was for all those in chat. Look, the mic was muted because we stepped away. I didn't want you all here and all that. Don't be all up in arms, but anyway. So you're here from Hunter. So, as you're here from hunters and you are one of our sponsors, yes, give me a little insight on what hunters can do.
Speaker 8:So hunters effectively can. We're working on what we call about movie on Sim. Okay, so we're effectively a Sim replacement. So if you kind of think about in terms of like Sims, a lot of folks today are very, very unhappy with where their Sim deployments are from a cost ingestion perspective. You kind of think about, the fact is, sims are very costly, right, data ingest is extremely costly. The other thing that we do is we are really automating the meantime to identify and respond to incidents.
Speaker 8:Okay, so what we're doing is we're automating the data onboarding process, vendors out there and we're effectively building that into a data pipeline. Now, our data pipeline is built on top of Databricks as well, so we actually do Databricks on the back end to actually align that, which is really cool. So we're actually building out a security data lake for our customers. So we're building that into a common schema and then we feed it into what we call our detection pipeline. Now, the cool thing that hunters does is right out of the box. Hunters has a number of hundreds of detectors that are built out of the box. So your analysts are now curating and building detectors. They're not building up, parsing data, onboarding data.
Speaker 8:We actually simplify the onboarding of the data process and then, effectively, what we're doing is we then feed it into what we call our investigation engine. So we're doing for an analyst tier one to tier three is we're simplifying the time it's going to take them to onboard detect signals from the actual sources that we're bringing in, and then we're doing the cross correlation of those data sources. So we're tying, for instance, your EDR source to your identity source, to your cloud source, and we're actually not only building out what the actual alert was, we're tying it to all the events in the attack chain. So that's what we're doing with hunters. We're really kind of simplifying that time for the tier one to tier three analysts to identify and respond to those incidents. So that's essentially what we do in a 10,000 foot for you.
Speaker 1:That's awesome. So, as I said, we have our sought queen here, natalie Baker, and Natalie has asked an amazing question, and actually two now. So the first is are you?
Speaker 8:a sore? No, we are not a sore platform. So we do have essentially everything but the R in the sore right so we can do the automation and orchestration, but we're not there. We actually response okay. So what we're doing is we're not a remediation engine. What we're going to do is give you the fidelity. We're going to cross stitch all the different data sources together and do the auto investigation, but the remediation typically tied to third party sore vendors. So, for example, we partner with Tines and Torq to actually build out playbooks and actually do the remediation steps for our customers, right? So that's not what we're doing. We're not focused on the remediation part of the sore, so we're not a sore platform All right.
Speaker 1:And so now we got another question. Sure, Do they? Do you cross reference to any compliance standards to make ops life easier?
Speaker 8:Yeah. So, for example, if you think like compliance, I mean you're talking about like NIST or something like that, or looking at like different, like our. So one of the reasons why I asked the question is because one of the things that we align to from a detection perspective is we're aligned to the MITRE attack framework. So everything we do with our, our platform, is aligned to MITRE and then, in addition to that, we have a team of threat analysts that actually add additional threat techniques into the MITRE attack framework for our detection rules that are built into Hunter. So we actually show you the coverage, the gaps and essentially what are what we call the what if scenarios on new, on on new data sources that we would onboard. What about Fed? So we want FedRAMP certified. Today we're going through that process, so it's going to be. It's essentially, it's obviously it's a lengthy process, but today we're not, we are not FedRAMP certified.
Speaker 1:Yes, all right, and so this is going to be the last question I take from Natalie on this Dang dang. She's killing me today. Do you partner with Swim Lane at all?
Speaker 8:So I don't know at the top of my head if we actually partner with Swim Lane. It's like I don't know if that's something. I'd have to double check to see if we do that specifically, but I don't know if that's actually. Jared, who's here, would probably know that better than me, but I don't know of top of my head. So that's awesome and so you know.
Speaker 1:I'm trying to get more. We got a ton of people here so I want to get more and more through. So, not to cut you short, but if you can give any advice to somebody breaking this cybersecurity, and especially what you do, what advice would you give them? So, actually, for me, I actually have a lot of people who are in the community.
Speaker 8:So actually for me, I actually got into cyber about seven years ago. I'm formerly Cisco. I actually came over to Hunters about a year ago. I got into actually the sim space about a year ago too as well, and I will tell you honestly and I've heard a lot of folks talk about you know, careers and where they're trying to establish themselves I've been in this business for 35 years.
Speaker 8:I'm going to tell you right now, this is clearly the space to be in, specifically on threat detection and analysis, and I'll tell you, this is an area that I think most folks should really focus. It's actually been the most valuable for me and actually my colleagues, and so I feel that you know, obviously, the folks that are like kind of listening on this podcast, if you're kind of going through this yes, you talked about the fact that you don't have to go for formalized schooling but definitely I would definitely focus on, you know, threat analysis and detection, because this is what we're actually doing on investigations and that's typically where I find a lot of the growth is happening in the business. So that's kind of like where I come in from my perspective. It's only an opinion, it's not a fact. So that's what those were coming from.
Speaker 1:So that's awesome and thank you for being on. And look, that's what we're going to do. We're going to keep it rolling. We're going to keep it moving. All right, we're going to keep it going. So let's, get someone else up to the stage. I think you've got one more coming up. There you go. Hopefully that went. Okay, I try to get your contact info for now.
Speaker 8:Oh, yeah, sure, absolutely yeah.
Speaker 1:You gotta love answering questions while I'm on camera, not realizing I'm on camera. You know it happens, all right anyway. So we got someone new coming up to the stage. You're gonna answer some questions, but first let's get into introduction. Hey, is your mic hot? Is it red or green?
Speaker 4:Green, all right you're good, all right. Hey, I'm Josh Berkowitz, the owner of Crestview Public Adjusters. We represent policyholders when they first party claims against insurance companies, and now we're here just to get more educated on cyber insurance and help people understand what we do.
Speaker 1:So, knowing that, what I would like to do, though, so about this, is, you know, tell me a little less about the organization Now, tell me a little bit more about you, because we got a variety of people.
Speaker 4:So I gotta talk, or I gotta talk people.
Speaker 1:So we're gonna get a little bit of everything in here, sure, so for today, you know, give me a little update on how you got into cybersecurity and kind of what's going on, can you?
Speaker 4:hear me you can hear me right. Okay, so my background is really representing owners of real estate commercial owners of real estate when they have property damage, and a couple of years ago I met with a individual who represented big companies when they got breached against insurance companies to represent them. So, being an expert in the field of representing policyholders against insurance companies with property damage, I started getting more educated on the subject about two and a half years ago and then we got our first lead in our first claim. So after handling that and getting our feet wet, we started building up what we call like a cyber ops team to help us and help our clients when they have claims against insurance companies in the cyberspace. So that's really how we've kind of evolved. I became an expert in the property damage side and, using those skills, negotiated with insurance companies on behalf of policyholders kind of using that to our advantage to help the policyholder out.
Speaker 1:That is absolutely awesome because it just shows the transition of being able to do one career field and bring that into the other, and that's a lot about. What I talk about is being able to take what you know, bring that into to cybersecurity and be able to establish that. So that is absolutely awesome. I love hearing that and so, going from that, what do you think was the biggest benefit? You know what, whether it's a hard skill or something, what was the biggest skill took from the other?
Speaker 4:And the policyholder and being an advocate for the policyholder against insurance companies. We should understand insurance policy better than the insurance company. So that's one aspect of this business where we kind of are above everyone else. We don't really let them tell us where there's coverage. We're kind of telling them hey, this is where it says what it says in the policy and this is why you should cover XYZ for happening. And that's really important because you want to make sure you have an advocate on your side when you have, you know, any type of insurance claim, especially cyber, insurance breach or any type of claim.
Speaker 1:So would you say in that aspect, would you say that cyber insurance? I'm trying to think of how to phrase this question because I have a huge issue with the way cyber insurance initially came in versus where there are now, because I still relegate my mindset to where they came in at of oh, you did the bare minimum, so with where you're at now. So bringing real estate and real estate has always been a huge insurance. They investigate everything the code, the helpings of bills how it was designed everything.
Speaker 1:Do you think cyber insurance is at that level, or do they still have a way to go?
Speaker 4:They still have a ways to go. I mean, I've been doing this for six years, I've been in real estate for 15 years, but they still have a long ways to go. There's a tremendous long way to go, I think. To be honest with you, what's scary is what's going to happen in five years from now, because insurance companies are losing a ton of money by paying out claims. So are they still going to be in a space of insurance?
Speaker 4:Cyber insurance? That's what really could be potential here. But hopefully they stay in the space and they're just going to make it stricter for people to get insurance and they're going to increase premiums because they when you were talking about the start of the space, when they started getting the space premiums for anyone to get insurance and people were talking about earlier to get insurance within 30 seconds you can have cyber insurance. That's no longer available to anyone at this point. You have to, they have to have pen test, different steps to take in order to get insurance now. So there's still a long ways to go. That's all the more so why we could, why there's more of a need for someone on the policy other side to help out against insurance.
Speaker 1:All right, so I got two more questions for you. First one is do you think that auditors, especially constant auditors? I don't know if I have a backstory on this, by the way, so I will advise on that.
Speaker 4:To be honest, I'm not. I don't really know. I don't want to give them. I don't have an opinion on that.
Speaker 1:All right. So the reason, the reason I asked that question, is because I have seen auditors who make friends with the owners of the companies and the CEOs and things like that, and so they get passed every time on their audits as if they're doing everything right. So when it goes to the insurance companies, the insurance companies see oh yeah, they passed on their audits, they're good to go, they're doing their due diligence. But knowing, insight, information that is not always the case.
Speaker 4:Well, I think it's always better to have a third party come in and analyze situation, not even an auditor. You have an auditor and you have someone that is looking at the auditor. I don't there's such a thing as that, but I to your point. I think that's probably, you know, not the best. There's probably some unethical situation there if they're just going to keep auditing them over and over again.
Speaker 1:You're absolutely right, and that was the big thing I was getting to is being able. You have to. I think their needs to come into play. If you're going to have auditing and insurance, you need to have auditors change every year, two years, whatever the case may be. There needs to be a plan in place for the insurance adjusters to be able to say hey, you had the same auditor for like 10 years, the same exact guy. There's an issue here, sure, and so I think that's where a lot of the problem comes into play. Now the final question is and like I've been doing this entire night if you could give any advice to anybody breaking into cybersecurity, whether it's in insurance or whatever you know about cybersecurity, what advice do you?
Speaker 4:have to give. My advice is if you want to help out the policy holder and people you know, large companies, get a public adjuster license and contact us, because there aren't many people in our space and there's a big opportunity in the cyber space to represent policy holders against insurance companies.
Speaker 1:And what is the best way to break into auditing if you know?
Speaker 4:Just get a license, start getting education, networking, going to networking events and things like that. I mean going to networking events like this is definitely where you meet people, yeah definitely.
Speaker 1:I completely agree with you. Thank you for joining me this evening and I will say this for anybody who's trying to break into any industry it is the smaller events, it is the B-size, it is this New Jersey cyber fireside and a few others when you will find these people. When you go to things like Def Con and Black Hat and things like that, it is very commercialized and you are not necessarily going to find people of all industries Not that they won't be there just that you're going to find your crowd and kind of blend into them, whereas smaller events like this you get to meet everybody and you are not blown away and just tied into a small little crowd. So get to the smaller organizations, get to the smaller events and that is where you will find success in being able to meet everybody from all aspects of cybersecurity.
Speaker 1:Okay now, moving on from that, I am pretty sure we have another guest coming up and let's figure out who it is. Who was our next guest? Who is next on the chopping block? People, you are me All right, let's do one more and I will call tonight. No, no, jason doesn't want to. All right, so look, hey, this is how we're gonna run this night right now.
Speaker 2:One more one more.
Speaker 1:Bring your drink. What are you doing in a security happy hour? Bring the drink. She was about to not bring the drink.
Speaker 9:I'm green all right, I'm green all right. Hey guys, I'm green so introduce yourself please. Hey, I'm Taylor Lee from was we LLC. I'm actually the CISO and that's the CFO. We are a risk management, compliance and grant acquisition firm in Montclair, new Jersey, who services the public and private sector.
Speaker 1:All right, so I ain't gonna lie. Alex kind of took me away. He did you know, but I'm okay. We're good, we're gonna run with it. I love you.
Speaker 9:Everyone. We're here with it.
Speaker 1:We are, that's how we do so, like this one, I want to ask with what you do? I heard four letters. If I'm not mistaken, gotcha, you said CISO am I correct?
Speaker 9:Yes, you did, and you heard CFO, I am both. Yes, it's a headache, yes, it's hard work.
Speaker 1:So so this woman here is a Is a CISO and a CFO. So here in chat, if you don't have questions, I'm gonna smack you all come on. I know who you all are. Bring on the question. I'm just saying let's go.
Speaker 9:I know you all love me, guys.
Speaker 1:Let's go so bring some good ones, come on. This is the first question I got to ask, though. Where did you get your start in cybersecurity?
Speaker 9:So my start in cybersecurity, believe it or not. First I'm gonna be upfront with you guys. Guess what? I'm 26 years old, so my start in cybersecurity actually started completely by myself, learning it on my own self, teaching. And then what I did is I started gaining mentors and realize, you know what? I need to get some more training and learn actually the real ins and outs of cybersecurity. So guess what? Although education, I do not recommend going to college specifically for a cybersecurity degree. I did. I graduated last month, guys, cheers to that. But that's actually how I broke in and I started my company in 2016 with my business partner Over there, cynthia slaney. She has an amazing background in environmental and healthcare and Literally from there, I'm here in front of you today and CFO and CISO, loud and proud.
Speaker 1:So I have just been informed that if I do not mention my good friend and a fellow warrior, I'm on a walk to harbour to you. She is going to kill me. So I'm gonna mention her to you and you need to talk to her. We'll get connected. Well, we'll. We'll change details, absolutely. I got a lot of people that would love to work for you. Just absolutely.
Speaker 9:I like to hear that because, literally, we've actually launched our summer internship program and it's actually been amazing. So, guys, we will be actually launching another internship program after the summer internship programs. So, for my students, come on out there. Cyber security internships we have info set, secure internships, as well as marketing and so many others. So, guys, come on down.
Speaker 1:That is. That is absolutely awesome. I've got a lot of people in this chat, so I don't you know Me and you were just meeting today.
Speaker 9:It's started, I know, that.
Speaker 1:So I'm gonna let you know me and my warriors. They they looking for jobs, they looking to link up with you.
Speaker 9:Okay, because opportunity is knocking at your door and one thing about it here at was we LLC is we also make sure that you get educated. So one thing about it is that's a huge component of grant acquisition is making sure that the employees at work at was we LLC Can also make sure that they get tuition reimbursement from grants and other grants that was we LLC applies to In-house, so that you can actually thrive and not actually have to deal with Tuitions and all of those other crazy.
Speaker 1:I gotta say this because here's the thing a lot of what I see hey, I've got Natalie Baker again, the saw Queen, who wants you as a guest on her podcast. Yes, I, queen, and we are gonna get you as a one-on-one on mine also. Yes, beyond all this, you're coming one-on-one, we're gonna do it all for it. But I want to say this is you know, the big talk within our industry and I have seen it time and time and time again is representation. You being here today is one step forward in that, and showing what you've done is a CISO, cfo and everything you've done for your career. So, for those who are preaching Representation in all this and all this stuff, what advice do you have for them?
Speaker 9:So one thing I'm actually gonna say about these companies that preach that is it's bull crap. For, you know, companies like myself, we practice it, we preach it and we are it. Representation is critical, it matters. And representation also matters when you're being a leader of Influence and being that person that if it's a student or if it's someone that's breaking into cybersecurity or IT, that they can just come to you and ask those questions. So I really think representation it starts with really being that main point of contact and being okay with Somebody asking you some questions that yeah, it may have been a tricky cybersecurity threat that you dealt with, but how did you handle it? So I always say representation it starts with you being honest and really being forward and being open in there for others, as you know, in Mentorship or just help, or for partners.
Speaker 1:So one of the questions I have along those lines is how, how hard did you find it getting to from where? Again, I'm 36 years old. I still I'm not in your position. I've not where you're at. I don't know what the hell stopped me from getting where you're at, but you are damn well ahead of me and I ain't even mad at it. I want to learn from you, that's right. So, with where you're at in your career, with the things that you've done, what drove you to there? Was it upbringing? Was it family? Was it social there? Was it upbringing? Was it family? Was it support? What? What got you to where you're at?
Speaker 9:So one thing I'm actually gonna say is a major driver for me was I actually suffered from an injury in my 12th grade year when I actually was bedridden. My 12th grade year. I was not in high school, so I had to do homeschool. So during that time I got to do some research and really so find out that I Want a lot more for myself. So I actually started in the pharmaceutical industry.
Speaker 9:Um, so you're like, how does she start in the pharmaceutical industry right from an injury? Yes, because I wanted to know what drugs I was taking, what was going on. So it started there, and then what actually happened is I was like, hey guys, this isn't enough money, it's too many hours, it's breaking my back. Um, so I actually had to move on and find something else. So I was just actually Swimming through and, you know, doing my networking, and really how it broke through was making sure that I was building those connections and finding out what I love most and what I wanted to do and what I was passionate about Was the key that drove me to say, all right, this is it. Let me see what cybersecurity is about, let me see what I can do and let me see how I can do it. So it was literally that was, I would say, my main driver that just took it off from here to there.
Speaker 1:So I got one more question for you and then, and then we're gonna move on. How. I have a hard time with this question and me and you can discuss off air why and this woman knows why Me and her are gonna be fighting for her asking it because I love her. Um, but when did it go? All right, how hard was it for you, being a black woman In cybersecurity, to get to sysso, and what were some of the stumbling blocks you ran across?
Speaker 9:So actually I would say there was a lot of opposition, um, and a lot of doubt. So one for me, being young, there was already you're too young, you can't get into this, you can't do this. And then, of course, me being black, and normally you would generally see me with an afro. So I normally, if you see my linkedin um, you can find me on linkedin at taylor lee. You would see me with an afro generally when you see me walking around. So Actually, I would say the hardest thing about that and some challenges that I faced during that would be a lot of opposition in doubt. So that made me say the heck with that. You go ahead and doubt me because I'm going to prove you guys wrong um, time after time.
Speaker 9:And then another thing I would say is that I guess would be an opposition was Always making sure that you're resourceful, um, invaluable. That has been a major driver for me, um, and really making sure those stereotypical Views and different things that you deal with, especially, um, for people who are black, um, that may face. So I always bring, say, bring value in that room, bring knowledge in that room, bring something new, um, and you can change the view. So I would say in the beginning there's tons of opposition, but um after you really make those Um views change about you, you usually are respected, just like everyone else in the room.
Speaker 1:So I have one last question for you, me personally, and this is coming from me um, do you feel that and it's because of our political climate, so I'm going to ask this question? I love that bring it. Do you feel being a black woman has held you back from where you want to be in life?
Speaker 9:So I love this question, because I even get this question from my community. Um, I'm going to completely say what held me back was completely myself. I'm not going to say it helped me me being black. Um, I go for any opportunity that I want. So what that looks like is, if I want to own my company and I want it to be the leading risk management, compliance and grant acquisition firm in new jersey, that is what it's going to be. I have to work toward it and I can get it. Um, what? Of course, everyone's not going to love me. Everyone's not going to love what I bring. But you have to also look at the side of things where, um, you, you don't have. Those things don't matter to you. Your goal and what you want to come out of it matters. So I would say that should never and has never really stopped me personally. Others maybe, um, but no, don't let it stop you. Let it be a amazing driver, um an influence for you to keep going.
Speaker 1:I absolutely love that. Thank you for joining us this evening.
Speaker 9:We're gonna get.
Speaker 1:One more For guests on this show and I gotta say I've got to get your information Natalie Baker on linkedin, and she's a good friend of mine. So, queen, she's gonna get your information and I got to hook you up what. Mrs Sarver, I've been drinking so she knows I ain't gonna pronounce her name, right, I'm gonna hook you up with her. She is a good friend of mine, she's one of my warriors, she's my sister. We're gonna. We're gonna get it all hooked up. All right, cool, let's get awesome. Let's get one more up here. We got one more guest. We got to get up here. That one's just. You know that's sent everybody up, so we're gonna go. We got one more, let's go.
Speaker 1:Who's coming to the stage? Who's coming to the stage? Nobody. All right, look, we got to go to keynote. This is new jersey cyber firesides. We're gonna go keynote. Get on with the show. Look, I love you all. This has been security happy hour. You know, I'm all here for you and I will talk to you all All next, actually this Friday. So y'all take care and enjoy yourselves.