Cybersecurity Training from Boring to Engaging With Howard Goodman

The landscape of cybersecurity training and collaboration is
changing, interactive education sessions and cross team
communication is key. Building a security culture and staying
ahead of the modern threats has never been more important.
Today’s guest is Howard Goodman, Senior Technical Director at
Skybox Security.


With over 20 years of experience Howard has become a well known
figure in the cybersecurity world, he combines strategic planning
with hands-on application across many industries. In this episode
we talk about; security culture, the evolution of cybersecurity
training and how Howard got phished during COVID. We also cover
organisational challenges, best practices and the future of
cybersecurity.
Show Notes:

[00:48] Howard has a doctorate in cyber operations from
Dakota State University. Besides working for Skybox Security,
he's also an adjunct professor teaching graduate courses about
cyber security.

[01:48] Howard shares a phishing experience when he and his
wife were selling on eBay during COVID.

[03:34] If the pros can fall for something, regular people
can too. We need to be on our game 100% of the time.

[04:53] We talk about opportunities for adversaries to get in
when companies have large cybersecurity teams with a lot of
moving parts.

[05:29] A lot of people ignore phishing attempts instead of
reporting them. 

[06:04] It comes down to organizations training their people
properly. Cyber security training is becoming more interesting,
because the boring stuff just doesn't hold people's
attention. 

[10:13] When talking about threats, they focus on the
exposure side and the exploitability side. With most businesses,
functionality comes before security.

[12:47] Formal testing is required before upgrading security
patches to make sure that they don't break down the whole system.

[13:47] The importance of being able to leverage other
security controls while testing patches. Teams need to be able to
communicate and act fast.

[14:52] Knowing about potential risk is the only way to be
proactive.

[16:36] Looking at costs and gaps in technology. Failures are
often due to a breakdown in communication.

[19:33] The approach of starting out security first.

[25:08] Best practices include cross-training. Working
together and training together. Organizations need to run
simulations and see how they react as an organization.

[31:06] Skybox talks to organizations about gaps in security.

[35:57] We discuss the loss that can happen from not having
proper security measures in place.



Thanks for joining us on Easy Prey. Be sure to subscribe to
our podcast on iTunes and leave a nice review. 
Links and Resources:

Podcast Web Page

Facebook Page

whatismyipaddress.com

Easy Prey on Instagram

Easy Prey on Twitter

Easy Prey on LinkedIn

Easy Prey on YouTube

Easy Prey on Pinterest

Dr. Howard Goodman - Skybox Security

Dr. Howard Goodman on LinkedIn