Jimmy Sanders, head of information security at Netflix DVD joins Cobalt CSO, Caroline Wong, for a great conversation on everything from leadership to growing and connecting with the security community.

Gisela Hinojosa is a Senior Security Consultant at Cobalt, executing IoT penetration tests and red teaming exercises with a wide variety of security teams. With over 13 years of experience in the tech world, Gisela has held roles in admin, software engineering, QA, consulting, and penetration testing. In this episode, she shares what vulnerabilities she discovers and how security teams can extract as much value as possible from each pentest engagement. For more on this topic, make sure to check out the industry report "The State of Pentesting 2023": https://resource.cobalt.io/state-of-pentesting-2023

Tejpal Garhwal is the director of DevSecOps and application security at Pega. With more than 26 years of experience in application development and product security, he has led multiple security and dev teams, and set the direction for information security, application architecture, policy, and processes within numerous organizations. In this episode, Caroline gets his perspective on how leaders can bring security and development teams together, aligned towards a shared goal: building software that is both outstanding and secure.

Carving an unconventional path towards information security, Yael advises many a CISO, CIO and CRO. Leadership roles at BlackRock and JPMorgan during periods of crisis and growth have given her a unique technical and business perspective — instead of saying “Here’s why that won’t work.”, she asks “But what if we tried this?” In this episode you’ll learn more about Yael’s story, why she started Yass Partners, and how security teams can approach new situations with equal parts established processes and creative thinking.

Whether you're stepping into your first managerial role, or you're about to inherit a fully formed team, you might be facing self-doubt and uncertainty. Security veteran Tia Hopkins — Chief Cyber Resilience Officer and Field CTO at eSentire, adjunct professor, LinkedIn instructor — shares with Caroline how to overcome impostor syndrome as you progress, how to connect with your team, and how to set them up for success so well, others want to join.

Return guest Robert Wood is the CISO for the Centers for Medicare and Medicaid Services. He leads enterprise cyber security, compliance, privacy, and counter intelligence functions at CMS and ensures the Agency complies with secure IT requirements while encouraging innovation. In this episode, Robert discusses with Caroline how big changes and organizational pivots can bring just as much opportunity as they do anxiety. He shares his perspective on how he guides his team through turbulent times, and what other leaders can do to support their people and help them pursue new ideas on how to work better together and achieve even bigger goals than before. If you like this episode, we recommend checking out another initiative Robert is working on — The Soft Side of Cyber (https://www.softsideofcyber.com/), where security practitioners can develop their communication, critical thinking, and leadership skills.

Bipin Gajbhiye is a security practitioner, advisor, and investor. These three roles coalesce into a unique perspective on how cybersecurity professionals can achieve their goals — whether it's negotiating with the board, landing a critical investment, or advancing in their careers.

Geoff Huston has been working on the Internet since the early 80’s and, in his own words, “did his bit” to set up the Internet in Australia, as well as to set up the early global Internet in the academic and research community. In this episode, he shares with Caroline the leaps and bounds hardware has made over the decades to bring us opportunities we could have never imagined...and how the human condition inadvertently makes it all complex and insecure. If you like this episode, make sure to check Geoff's writings at www.potaroo.net/

Is the manager role the only path ahead in cybersecurity? Seif Hateb, Security Architect at Twilio, shares his view on the Individual Contributor vs Manager dilemma, and how people in the field can pursue the type of role that fits them best. And if you're just starting in the cybersecurity field, make sure to check out Seif's YouTube channel, full of expert advice on security fundamentals and how to kickstart your career -- with or without a technical degree: https://www.youtube.com/c/seifhateb

As the CISO of North America at Checkmarx, Peter works towards providing the technology, expertise, and intelligence that enable developers and enterprises to secure the world’s applications. A lifelong developer at heart, Peter shares with Caroline his insights on what motivates Dev teams to prioritize security, and why so many current strategies are failing. You’ll learn more about how to not let your tools bury you in work, how to implement mutual accountability around security, and tactics to prevent open source code from blowing up your entire application when a new 0-day comes up.

What felt like science fiction 40 years ago is our reality today. What about the technology that will come in the next 40-50 years? What could change, and how can people band together to craft a bright and equitable future? Eugene Spafford — technologist and professor of Computer Sciences at Purdue University — talks with Caroline about how advances in technology like robotics and machine learning are already impacting people’s lives, in both good and bad ways. We have a responsibility to not just consider what new tech to build, but also what we're building it for. At the end of the day, technology isn't the most important part — it's the people. If you enjoyed this episode, we recommend the upcoming book Eugene has co-authored: “Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us.” Here’s an overview: Cybersecurity is fraught with hidden and unsuspected dangers and difficulties. Despite our best intentions, there are common and avoidable mistakes that arise from folk wisdom, faulty assumptions about the world, and our own human biases. Cybersecurity implementations, investigations, and research all suffer as a result. Many of the bad practices sound logical, especially to people new to the field of cybersecurity, and that means they get adopted and repeated despite not being correct. For instance, why isn’t the user the weakest link? You can pre-order the book at https://informit.com/cybermyths. If you order now, you can use the discount code CYBERMM to receive a 35% discount.