In this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss malicious Chrome extensions, the cybersecurity job market, mouse jigglers and security policy, and the impact of the recent ransomware wave. They share insights from their experiences, exploring the challenges of managing browser security policies, job burnout, and banning ransom payments.

Stories:

• Millions under threat from malicious browser extensions — what to do: https://www.tomsguide.com/news/millions-under-threat-from-malicious-browser-extensions-what-to-do

• Demand for better cybersecurity fuels a booming job market: https://www.washingtonpost.com/business/2024/06/21/cybersecurity-job-demand-boot-camps/

• Wells Fargo Fires Over a Dozen for ‘Simulation of Keyboard Activity’: https://www.bloomberg.com/news/articles/2024-06-13/wells-fires-over-a-dozen-for-simulation-of-keyboard-activity

• London hospitals cancel nearly 1,600 operations and appointments in one week due to hack: https://www.theguardian.com/technology/article/2024/jun/14/london-hospitals-cancelled-nearly-1600-operations-and-appointments-in-one-week-due-to-hack

• Cyberattacks crippled thousands of car dealers. Here's what to know. https://www.washingtonpost.com/business/2024/06/21/car-dealers-cyberattack-cdk-global/

• Ticketmaster hackers send death threats to cybercrime investigators: https://www.thetimes.com/uk/technology-uk/article/ticketmaster-hackers-death-threats-cybercrime-unc5537-msjgqw92w

• CVE-2024-5806: Progress MOVEit Transfer Authentication Bypass Vulnerability: https://www.tenable.com/blog/cve-2024-5806-progress-moveit-transfer-authentication-bypass-vulnerability

Hosts:

Jerry Perullo: https://www.linkedin.com/in/perullo/

Mario Duarte: https://www.linkedin.com/in/mario-duarte-7855237/

Sounil Yu: https://www.linkedin.com/in/sounil/

In this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the recent wave of cyber-attacks using Snowflake and the model of shared fate. They debate the effectiveness of banning ransom payments and explore the complexities of cybersecurity regulation, using recent events involving UnitedHealth and Jerry's former employer as case studies. The conversation also touches on the ethical dilemmas CISOs face when interacting with venture capital, highlighting personal experiences and the fine line between advisory roles and conflicts of interest.

Stories:

• UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion: https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion
• SEC Charges Intercontinental Exchange and Nine Affiliates Including the New York Stock Exchange with Failing to Inform the Commission of a Cyber Intrusion: https://www.sec.gov/news/press-release/2024-63
• Why cybercriminals are targeting small businesses: https://www.marketplace.org/2024/05/30/why-cybercriminals-are-targeting-small-businesses/
• UnitedHealth leaders 'should be held responsible' for installing inexperienced CISO, senator says: https://therecord.media/unitedhealth-ciso-wyden-letter-sec-ftc
• The Gili Ra’anan model: Questions emerging from Cyberstarts' remarkable success: https://www.calcalistech.com/ctechnews/article/b1a1jn00hc

Hosts:

Jerry Perullo: https://www.linkedin.com/in/perullo/

Mario Duarte: https://www.linkedin.com/in/mario-duarte-7855237/

Sounil Yu: https://www.linkedin.com/in/sounil/

Joined by fellow Interim CISO veterans Yael Nagler of Yass Partners and Aurobindo Sundaram of RELX, host Jerry Perullo reflects on his experience as the Interim CISO of Silicon Valley Bank and explores the challenges of the role from hiring manager and candidate perspectives.

Yael Nagler: https://www.linkedin.com/in/yaelnagler/

Aurobindo Sundaram: https://www.linkedin.com/in/aurobindosundaram/

Returning from 6 months as the interim CISO of Silicon Valley Bank, host Jerry Perullo speaks about Board/CISO interaction on the FS-ISAC Insights podcast. Full video interview at fsisac.com/insights

Bugcrowd founder Casey Ellis joins #lifeafterCISO to talk about bug bounty programs in the wake of the Joe Sullivan Uber trial. Whether you've been running bounty programs for years or just learned of them last week, this conversation will take you from basics straight into the most interesting and controversial bits.

Sounil Yu joins the #lifeafterCISO podcast and shares the idea of "retiring many times". Sounil is the renowned author of the Cyber Defense Matrix and lauded by the CISO community for his ability to step back and view problems in a new light. Host Jerry Perullo and Sounil go on to look at the Equifax breach from a new angle, talk about CISO accountability, and finally offer up their early thoughts on the Twitter whistleblower report.

01:43 Returning to work as a CISO

10:30 Do CISOs spend too much time on tech?

11:38 CDM and the Equifax breach

15:00 CISO accountability

19:45 The Twitter whistleblower complaint

Learn more about Sounil and his work at https://www.cyberdefensematrix.com/

An essential part of moving on from a long tech career is just figuring out when the time is right. Join host Jerry Perullo and retired Netflix CISO Jason Chan for a discussion about picking your time, "Identity Management" after retirement, and the Psychology of Happiness.

Links to the material discussed by Jason Chan include:

https://arthurbrooks.com/podcast_show/the-art-of-happiness-with-arthur-brooks/

https://www.coursera.org/learn/the-science-of-well-being

In this Episode host Jerry Perullo talking about cybersecurity in higher education. A Professor of the Practice in the Georgia Tech School of Cyber Security and Privacy, Perullo thinks aloud on the challenges that have prevented cyber from taking off at the undergraduate level before focusing on specific steps you might take to pursue this career path.

00:00:55 A Brief History of Cyber in Higher Ed

00:03:11 The Archetype Cyber Curriculum

00:08:03 Enter the CISO: t-5

00:13:25 When You Are Ready to Take the Leap

00:16:01 Is It Worth It?