RCR 001: Reduce Cyber Risk Introductions - CISSP Study and Training!

Sep 25, 2018

Podcast: Play In New Window | Download

Subscribe: iTunes | Goggle Play | Stitcher Radio | RSS


Shon Gerber from ShonGerber.com reveals to you the steps each week the information you need to best protect your business and reduce your company’s cyber risk.

Along with being an expert in Chief Information Security Officer (CISO), Shon has over 18 years of experience in government and corporate Cybersecurity.

In this episode (Part 1), Shon will introduce himself and how he can help you with your cybersecurity needs.


welcome to the reduce cyber risk podcast where we give you the tools you need to meet your regulatory requirements while helping keep the evil hacker Hornet Bay hi my name is Sean Gerber and I'm your host for this action packed in Florida podcast join me each week cuz I provide the information you need to protect your business and reduce your risk can you reduce cyber risk to weekly podcast hi my name is Sean Gerber and I'm going to be your host each and every week walking through how to reduce the risk to your business and a goal that is is that we want to to give you the tools to reduce the order business from a cyber security standpoint there's so much that's changing and reality the stuff can get super complicated but I'll also bring a different doesn't have to be so we're going to make this as simple as possible third grade education so I can only handle so much before I my brain just seizes up so we're going to focus on keeping the simple for you guys and so that you understand it if you got questions as we go through this podcast please feel free to add those in because that's how I can answer a lot of your questions is through any feedback you give me on the podcast background about me basically when I was a kid I love computers I love dealing with computers and I am they're about the size of a small house when they first came out when put all this data on a cassette tape hit a play button and it loaded up a program so I thought it was so cool but I never would have thought that my life would have turned the fact is now I'm dealing with cyber-security from a standpoint of global businesses and how to protect them from being hacked and and also meeting regulatory requirements that they may have based on the region the rim cuz I went to school I wanted to be an airline pilot my goal is to be an airline pilot so went to school to be a commercial airline pilot I've got my flight instructors license I've got my commercial license and it was awesome my ticket to fame was going to be flying a 737 for inner liner change a little that happens but then I thought my best bet to do that was to go and join the military so I did and I flew B1 bombers as a weapon systems officer for the B1 I was based out of Kansas did that loved it I mean there's nothing better than screaming and around 600 miles an hour 300 feet off the deck is awesome it was a total Rush all good things come to an end and then it had to come to an end so about 7 years into it my life changed dramatically when what happened was they came out and they said you know what the B ones are going away got to find something else to do and I was like that's not good so thought about being a truck driver that didn't work out so well thought about going and getting new insurance that really wasn't my thing and so what end up happening was is a buddy of mine and myself thought let's go out and let's look and see what we can find and so we found this and it was called basically red teaming look sexy it looked awesome as we dug deeper on this we went and put the proposal to our wing RR military wing and ask them hey can we do this what do you guys think and thankfully some other people that was in leadership bought into it and I thought it was a good idea so we started up this information Warfare aggressor Squadron and the purpose of it was to emulate the quote-unquote what the Meat part about that was was that we would go out we would hack into systems and we would act like the an enemy of the United States how would they do things what you see in today's news write the Russians hacked this in the Chinese hack that those are some of the people that we would emulate it would be from a both computer security and from a physical security which basically means break-in physically it was awesome it was just you couldn't ask for a better job that you can actually physically go in Legally and break into a building it was so cool so I did that for about 10 years ago and it was incredible I started off as a hacker work my way up ended up being as in leadership and eventually I ended up becoming the commander of the Squadron but 82 people consisting of both Network hackers and physical penetration people so old red teaming and that's what we would do against Department of Defense locations it was incredible couldn't ask for a better job like everything in life everything has to change right all good things come to an end and you have to plan for that so what I do is I plan for in the fact of in 2011 I decided to retire from the Air Force so I did I put my paperwork in but before I did I figured you know what I had to learn I knew how to be a hacker I knew how the government worked and I know how to break into building use right now without really go to jail so I don't use that anymore but the thing was I realized I had to get experience with corporate America so what did I do well I end up applying for a job with a very big multinational company one of the biggest in the world and I was able to get on as a security architect to had no clue what the heck a security architect was I'm out I'm going to go join the corporate America and take it from there they thought I was absolutely nuts but I knew at some point I had to leave in the best thing a best advice I can give to anybody listen to this podcast is this it's better to basically choose when you are going to leave versus someone choosing it for you and that's what I did I decided you know what it's time for me to get that experience I'm still young enough where I can get that experience I need to go and do it so I did I jumped out in 2011 I left the military and I joined Corporate America start as a security architect nobody has a good grasp on all of it did that for a few years move my way up became a senior security architect got more responsibility better ability to work with the companies and had more influence within an opportunity came up within the security operations center within their company multi-billion-dollar global company and they had a security operations center play soccer soccer you know what I realized I have to go and do that because I want to learn something else at this time you can understand nobody really knew what does it right for what you should do insecurities and honestly there really is no Define career path it's what you make it but I saw this opportunity to manage the security operations center well the security operations center is basically the brains of all the security mechanisms that pump data into these brain and it gets alert and it says hey somebody's doing something bad over here or this might be bad you need to take a look at it the year learned a ton again opportunities when they come up you got to jump on them even if you don't know what you're doing just take it because at the end of the day most people have no idea what they're doing a special in today's world people make it up as I go so I try to figure it out as I go and if you do that you'll be very successful so then once that happened I was no longer the manager or as the mention out the security operations center I did that for a year and an opportunity came up to work as a chief information security officer for one of these companies it's under the main umbrella the main multinational umbrella and I thought you know what I got to do it I got to jump one more time again didn't know what I was doing the Cicero that seat the Chief Information Security Officer for this multinational company it was awesome and it is today I still do it love it great company learn a ton and we deal with manufacturing and chemical manufacturing so there are requirements regulatory requirements compliance requirements there's also all kinds of issues when it comes to information security this is a great place to be if you want to grow your career awesome opportunities that I got to do it as the Cisco for this a multinational is also the dub or they call digital marketing lead for this company and I deal with all of our web presence of work on the fact that we secure that from a secure development lifecycle standpoint right what to do but the cool part about it is is that I don't have a background I don't have a college degree in computer science I've been able to get in a position where I've been able to get a move up with an account in a lot of it I'll be honest comes down to influence how do you influence and help businesses reduce their cyber risk that's what I've been very successful at and that's what I'm going to teach you on this podcast we're going to have fun doing this because in reality it's all about having fun because this stuff is super dry if you want to go to sleep at night all I got to do is listen to what some of these podcast out there about cyber security and risk management you two can have your own cyber security risk management profile we will help you build a cyber security program boring it's mind-numbing boring so we're going to do our best to make sure that it's not boring now be honest they're probably times when it might be boring so if it's boring you know what just put it on fast for lipid some start talking like a chipmunk then it won't be as boring so that's the cool part about this podcast we are here with reduce cyber risk to give you what you need to help you secure your business to meet any requirements you have made BB from a regulation stamp or compliance standpoint or just the fact you want to protect your business we're here for you finding cybersecurity people as hard the purpose of this website and the purpose of this podcast is to help you bridge that Gap give some of your it folks or some of the people that are managing all of your security the skills they need to help protect your business all right any concerns please feel free to help to read out reach out to me I'll be happy to answer any of your questions that you may have rehab research and gone over and we'll talk about it from a training standpoint well this is going to play out what you should be concerned about one good example is Chinese China you better pay attention to it right if you got business United States GDP are in the European Union it's coming to the United States as well just a matter of time so we're going to go through all of those and where to provide training is for you around these specific topics I'm also going to have like a pro tip of the week and we'll have something for you on a professional tip help reduce the risk for your business also will have guests from different areas of the field it maybe somebody that is in the information security space it could also be someone that's a business owner it could be a vendor possibly even and we'll have some of that we're not going to have a lot of it but we'll have some of it and we'll go back and forth to kind of help give you some of the so what are you going to hear in this podcast you're going to hear news about what's going on in the cybersecurity space about what's affecting regulations what's affecting your compliance things research on how to reduce the risk for your business again its goals to keep this simple I'm all about keeping simple some of these the different content that's out there in the train that's out there to help you secure your business the week and that Pro tip of the week is things that you can do and Implement immediately to help reduce the risk for your business that's the goal whether it's dealing banking whether it's dealing with how you have a safe security program for your business what are some key things to do what is root cause analysis if you ever get hacked what should you do around that how should you deal with it what are some lawyers that you should have on your on your Rolodex contact with in the event something bad happened those are some key pros at Pro tips at we're going to give you guys on what you should do looking to have some potential guests and these guests are going to be from other Information Security Professionals it could be from business owners they could be from vendors as well so it's going to be a mix we're going to see how it goes what time mix it up keep it real and keep it simple that's the goal right available for business owners on how to basically reduce the risk if you have any questions please feel free to let me know get reach out to me either on mice website go ahead and leave a comment in the iTunes or one of those other locations where we might have the podcast just please reach out to me I'd love to help you out anyway I possibly can that's what it's about is reducing your cyber risk got any questions other than that we're going to call this podcast put it in the record books will be seeing some more releases here very very soon alright let's get going

Stay connected with news and updates!

Join our mailing list to receive the latest news and updates from our team. You'r information will not be shared.


Don't you want to pass the CISSP....the FIRST time?

Get my FREE CISSP training videos (Domains 1 - 4) so I can show you how to pass the CISSP Exam...the FIRST time! .