In Episode 25 of Tattoos, Code, and Data Flows, Matt Rose interviews , Paul Asadoorian, Firmware Security Evangelist at Eclypsium.

Paul Asadoorian spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. He is the founder of the Security Weekly podcast network, offering freely available shows on the topics of information security and hacking. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.

Paul and Matt talk about:

↳ The lack of updates from firmware

↳ Building a management interface into your device

↳ Most common security issues with firmware

↳ Supply chain risk vs firmware risk

And so much more.

Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode.

We hope you enjoy it!

In Episode 24 of Tattoos, Code, and Data Flows, Matt Rose interviews Robert Wood, CISO of Centers for Medicare & Medicaid Services.

Robert Wood leads enterprise cyber security, compliance, privacy, and counter intelligence functions at CMS and ensures the Agency complies with secure IT requirements while encouraging innovation. He has over 10 years of experience in information technology, information security and management consulting. Prior to CMS, Robert has built and managed several security programs in the technology sector. He was also formerly a Principal Consultant for Cigital where he advised enterprises about their software security programs. He also founded and led the red team assessment practice with Cigital, focused on holistic adversarial analysis, helping organizations identify and manage risks from alternative perspectives.

Robert and Matt talk about:

↳ Transitioning from start-ups to working for a federal enterprise

↳ The problem with "zero trust" today

↳ Shifting everywhere in the CI/CD pipeline

↳ Robert's story to becoming a successful CISO

And so much more.

Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode.

We hope you enjoy it!

In Episode 23 of Tattoos, Code, and Data Flows, Matt Rose interviews Debbie Gordon, Founder & CEO of Cloud Range.

Debbie has focused her work on businesses that improve people’s lives. Her career began in technical education and certification, and she has built and sold several companies in eCommerce, IT asset management, and training. She is currently on the board of directors of Entrepreneurs’ Organization - Nashville. Debbie is a frequent speaker on cybersecurity readiness, simulation training, and team effectiveness at conferences and seminars all around the world.

Debbie's current role is founder and CEO of Cloud Range, the industry-leading cybersecurity simulation training solution that helps organizations reduce cyber risk. A globally recognized technology entrepreneur, Debbie founded Cloud Range on the premise that simulation training is as integral in cybersecurity as it is in other fields like medicine, aviation, or the military. The result was that Cloud Range led the development of a new category in cybersecurity. Only three years later, organizations around the globe are incorporating the company’s cyber readiness solution as a core element of their security programs.

Debbie and Matt talk about:

↳ The evolution of cybersecurity and finding talent

↳ Refining your technology stack and understanding your tools

↳ Investing in the people that make up your company

↳ Different types of simulation scenarios

And so much more.

Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode.

We hope you enjoy it!

In Episode 22 of Tattoos, Code, and Data Flows, Matt Rose interviews Jason Rebholz, the Chief Information Security Officer at Corvus

Jason has over a decade of experience performing forensic investigations into sophisticated cyber attacks and helping organizations build secure and resilient environments. As Corvus’s CISO, Jason leverages his incident response, security, and infrastructure expertise to drive security strategy and reduce the risk of security threats internally at Corvus and for Corvus's policyholders. Prior to joining Corvus, Jason held leadership roles at Mandiant, The Crypsis Group, Gigamon, and MOXFIVE.

Jason and Matt talk about:

↳ Assessing the risk of companies at scale in cyber insurance

↳ Must have technology stack for businesses

↳ Path to/responsibilities of becoming a successful CISO

↳ Application & Cloud Security Posture Management

And so much more.

Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode.

We hope you enjoy it!

In Episode 21 of Tattoos, Code, and Data Flows, Matt Rose interviews Brian Lowy, an application security expert that has extensive experience in the industry for decades.

Brian Lowy has been in the internet space since 1993 with companies such as PSInet, DIGEX, BBN, Genuity, Akamai, and Savvis. Brian also ran his own business in the financial sector, which was sold off in 1992! Brian has most recently been focused on Quantum Safe Encryption solutions. He has been hugely successful in his roles as an engineer, sales director, and now as a director of client assurance information security.

Brian and Matt talk about:

↳ Analyzing current and emerging risk factors

↳ Dealing with audits (SOC 1, SOC 2, PCI, Client)

↳ Interconnectivity between security products

↳ Quantum Computing and it's importance/future

And so much more.

Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode.

We hope you enjoy it!

In Episode 20 of Tattoos, Code, and Data Flows, Matt Rose interviews Sean Casey, Director of Sales Engineering at Checkmarx.

Sean Casey has had 13 years of experience as a Web Developer working with numerous companies in the security world. Sean later transitioned into the Sales Engineer world for the last 6 years, and has been crushing it ever since. In 2019, he received the 2019 CEO Employee Excellence award for North America!

Sean and Matt talk about:

↳ The responsibilities of a successful sales engineer

↳ Supply Chain Risks vs OWASP Top 10 Risks

↳ The rise of the Site Reliability Engineer

↳ The problems with auto-remediation today

And so much more.

Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode.

We hope you enjoy it!

In Episode 19 of Tattoos, Code, and Data Flows, Matt Rose discusses the importance of understanding your application security posture in production, rather than focusing on shifting left and testing only in the pre-production stages.

Matt is a technical Application Security Testing (AST) leader with a record of consistent accomplishments in sales and sales engineering management roles. He has more than 20 years of experience in application security sales, sales engineering leadership, software development, marketing, and consulting.

Matt was a key thought leader for two AST vendors growing from startup phase to major acquisition (Fortify and Checkmarx). Also, Matt is a very accomplished public speaker and has been quoted in 50+ AST industry media publications.

After being in the SAST world from the beginning (15+ years) Matt decided to join forces with Bionic to help define a new concept in security and risk identification. Application Security Posture Management (ASPM) is something Matt had been talking about, in concept, for years.

Today, Matt covers:

💭 What the Application & Cloud Security industry looks like right not

🚨 Why the industry is deciding to "shift left" and how it's a bad mindset

✅ How to secure business critical apps in production

🔐 The perfect tech stack for securing business-critical apps in production

And so much more.

Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode.

We hope you enjoy it!

In Episode 18 of Tattoos, Code, and Data Flows, Matt Rose interviews Peter Chestna, CISO of North America at Checkmarx. He is also a Board Member for the DevSecCon Global Community and MergeBase.

Peter is a proven engineering and security leader with deep technical experience. He is an outspoken expert on DevOps/DevSecOps and has 16 years of experience in the Application Security Industry. He is effective in building, leading and developing high velocity Agile and DevOps teams with security as a first class citizen. He also speaks internationally at both security and developer conferences.

Peter and Matt talk about:

↳ Defining DevOps and Agile

↳ CI/CD automation vs functionality/capability

↳ Application Security fundamentals and hygiene

↳ The challenges and intentions of being a CISO

And so much more.

Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode.

We hope you enjoy it!