JJ Agha is the CISO at Compass, the largest real estate brokerage in the US, and previously spent over four years as VP of InfoSec at WeWork, along with time as a security engineer at Vimeo and Priceline. 

Having worked for and advised for multiple startups and Fortune 500 companies he enjoys the challenge of building security teams and maturing programs and disciplines within an organization while embracing and learning new technologies.

In today’s episode, Jack and JJ discuss how he builds his team, buy vs build, what he expects from a modern SIEM, and more! 

Topics include: 

• How JJ went from changing his degree nine times, to a help desk analyst to discovering cybersecurity and entering the industry with Northrop Grumman and Edgecast 

Keep in touch with JJ on LinkedIn at: https://www.linkedin.com/in/jonathanagha/

Kathy Wang is the CISO at Discord, an internationally-recognized malware expert who has researched, developed, evaluated, and operationalized various solutions for detecting and preventing client-side attacks used by advanced persistent threats (APT). 

As a security executive and leader, Kathy has a strong background in project management, research, and business development. She has worked in government, commercial, and technology startup environments, and currently advises security services/products startup companies.

In today’s episode, Jack and Kathy discuss the talent pool in cybersecurity.

Topics discussed in this episode:

• What made Kathy want to go from researcher to security leader 

Keep in touch with Kathy on LinkedIn at: https://www.linkedin.com/in/kathywang/

Nir Rothenberg is the CISO at Rapyd, managing security and IT for the soaring Fintech company, on a mission to ensure that the future of financial services will be democratized and secure. 

Prior to Rapyd, Nir led information security in NSO Group, a well known cyber-intelligence company, where he was charged with protecting a high profile and high risk enterprise. Before NSO Group, Nir worked as a consultant, helping with some of Israel's leading companies to reduce risk and improve information security. Nir is very active in Israel's cyber startup scene, advising and partnering with many of them.

In today’s episode, Nir and Jack discuss lessons learned in transitioning from an on-prem environment to cloud infrastructure, building a modern team, scaling at Rapyd, and tips to help organizations build a modern security team that’s capable of detection and response at scale. 

Topics discussed:

• Nir’s unconventional path to becoming a CISO.

Keep in touch with Nir on LinkedIn at: https://www.linkedin.com/in/nir-rothenberg-5a6b48ba/

Joe Uchill is a Senior Reporter at SC Magazine — the leading trade publication for the cybersecurity industry. Prior to joining SC Magazine in 2020, Joe was a cybersecurity reporter at outlets including Axios and The Hill.

Today’s episode is the first in our mini-series dedicated to interviewing leading cybersecurity journalists. Cybersecurity reporting plays an important role for practitioners, leaders, and the general public to understand recent breaches, latest malware trends, and best practices that can help us all stay safe on the internet. Our goal with this series is to help our audience learn more about who these journalists are and what it's like to be a reporter in this fast-changing industry.

Topics discussed:

• How Joe began covering cybersecurity in 2015 and how the landscape has evolved over the past few years. 

To keep up with Joe’s latest reporting, join him on twitter at https://twitter.com/JoeUchill

Aaron Zollman is the CISO at Cedar — a patient payment and engagement platform for hospitals, health systems, and medical groups that elevates the patient experience. Prior to Cedar, Aaron spent time in security at companies like Bridgewater, Palantir, and MUFG Bank, Japan’s largest bank. 

In today’s episode, Aaron and Jack discuss lessons and tips to help organizations build a modern security team that’s capable of detection and response at scale. 

Topics discussed:

• What Aaron learned as he transitioned from the public sector to the private sector. 

Thomas Kinsella is the COO and co-founder of Tines — a no-code security automation platform that frees teams from manual work so they can focus on higher-value strategic work. In today’s episode, Thomas and Jack explore what it's like to transition from a security practitioner to a startup founder and how tools like Tines and Panther can be used to transform the way security teams operate. 

Topics discussed:

• What Tines does (and what the name means).

What does it take to shape an early-stage security project into a product that solves real problems? 

Understanding your customers is a key first step. Knowing the personas who can use your product and the leverage they can get out of it, it's what ultimately brings value to security teams and even other teams that can seize their benefits.

We had a great conversation with Joren McReynolds who is the VP of Engineering, IT and Security at Panther Labs. In today's episode he shares the experiences and lessons over the course of his journey at Facebook, Airbnb, and how they shaped his knowledge on what building a great product takes.

Topics discussed:

• What led to the creation of osquery and why open source.

Clint Gibler is the Head of Security Research for r2c, the company behind SEMGREP, a popular open-source static analysis security scanning tool used by teams all over the world.

He joined r2c to help build and shape the future of AppSec; one that includes secure defaults along with lightweight enforcement of those defaults.

In today's episode, Clint talks about SEMGREP, operationalization of tools for security teams, intersection between AppSec and D&R as well as tips to succeed in AppSec at scale.  

More topics discussed in this episode:

• SEMGREP's origin story and benefits.

Other resources:

tl;dr Sec Newsletter: tldrsec.com

Robin Smith is the Head of Cyber and Information Security at Aston Martin and he brings a fresh and unique voice to the security industry.

He advocates for a lean, progressive security mindset where it's crucial thinking around processes to make sure that organizations are not unnecessarily wasting resources while committing to continuous improvement at the same time.

Tune in to learn more about what lean security is, why Robin has always seen security as an asset, and how you can embed that value into your organization.

Topic discussed in this episode:

• How Robin arrived in information security.

If you were building a detection program today, what would be your top resources to start with?

As we head into a cloud-based future, the ability of handling increased data sets becomes crucial, teams need to have processes in place that cover the entire detection lifecycle, and develop skills necessary to help build, grow and improve a successful detection program.

In today's episode, we had an insightful conversation with Snowflake’s Global Threat Intelligence and Detection Engineering Leader, Haider Dost and Senior Security Engineer, Daniel Wyleczuk-Stern where we discovered why data and being able to query that data is a critical first step.

Topics discussed in this episode:

• Haider's and Daniel's background in security.