Vancord CyberSound

100 - Securing a Century: Reflecting on 100 Episodes of CyberSound

Vancord Season 1 Episode 100

In the landmark 100th episode of CyberSound, Jason, Steve, and Michael reflect on the podcast's growth and evolution over two years. The team celebrates the journey by reflecting on notable episodes, highlighting honorary guests, and discussing recent expansion into video and broader topics beyond cybersecurity. With humor and enthusiasm, the team underscores CyberSound's mission: to inform, educate, and engage with integrity while helping listeners navigate the ever-evolving landscapes of business and cybersecurity.

______________
Stay up to date on the latest cybersecurity news and industry insights by
subscribing to our channel and visiting our blog at https://www.vancord.com/💻.

Stay Connected with us 🤳
LinkedIn: https://www.linkedin.com/company/vancord
Facebook: https://www.facebook.com/VancordCS
Instagram: https://www.instagram.com/vancordsecurity/
Twitter: https://twitter.com/VancordSecurity

Steven Maresca  00:02

This is CyberSound, your simplified and fundamentals-focused source for all things cybersecurity.


Jason Pufahl  00:10

Welcome to CyberSound. I'm your host, Jason Pufahl, with mainstays, Steve Maresca and Michael Grande. So, exciting episode for us. 100 episodes. This is the 100th episode.


Steven Maresca  00:23

Does not seem impossible.


Jason Pufahl  00:24

Yeah. Two years, we've been working on this, on this project. That's squarely what it feels like. You know, we've grown top 5% podcasts globally, which is, which is a big deal. I know, you're smirking, because, you know, what do those numbers really mean? But you know, it means people are listening, ultimately.


Michael Grande  00:46

And 2 years ago, we were in the 0%. We went from 95% progression.


Steven Maresca  00:53

Well, you know, parents and siblings are fantastic listeners. 


Jason Pufahl  00:57

Well, since we added Michael too, right, he's got a robust following, so we definitely get some some feedback there. So we have grown a lot, though. But the first podcast that we ever did was two or three USB mics, attached to a PC with Audacity. I think and I think we pretty much realized after one recording session that that wasn't going to work really well. We've had Eric who nobody can see on camera, right. But Eric has helped produce two years worth of podcasts. We're going to include a picture of the pod, of the room, of our recording studio. Maybe this is a good time to do that when we're editing it to throw that in there. But, it's really grown. You know, we're at a point now where we've got equipment over there. I'm not even sure what it does, mixers, for sure. I think video inputs, we've got three cameras, we've got a giant giant, we've got lights everywhere, everywhere, right, it's 140 degrees in here.


Michael Grande  00:57

They are. Soundproofing, sound boards, you name it.


Jason Pufahl  01:57

Yeah, I mean, it feels real. The sound is great. We've incorporated video. One of the, you know, we're talking about some of the historic podcasts, podcast that we liked. The Fraud in Higher Education one, that's Episode 83. That included Maurice Simpkins, and he talked about the essentially fraudulent applications in higher ed, right, it's a great episode.


Maurice Simpkins  02:20

Higher education, in recent times has become pretty much the number one target for fraud and for scamming activity. And so as we've seen this uptick in this major swing across the nation, not just in community colleges, or in large institutions, you have Ivy League schools, you have some of the more prestigious schools that are still having these issues, you know, various face. And so when we knew that it was a identifiable problem, ourself, and our team went to work and the Safe platform is what we brought to market and we're having great success with it thus far. 


Jason Pufahl  02:56

The reason I chose that as one of the ones for me to, to sort of focus on was, that was our transition to into video, it was the first one we had published, purely zoom, we actually had a little a little webcam, we're simply in there as part of the Zoom video. But it was our first attempt at saying, well, do we want to do this? And do we want to make investments? And and we ultimately obviously have, so


Steven Maresca  03:17

Visual makes everything easier. Yeah, whether you're listening or participating in conversation at the end of the day. 


Michael Grande  03:23

And it's, I've noticed the positive trend, with the YouTube videos being posted now and being able to jump to different sections, people pointed out, hey, this, you know, this part of the video, I really enjoyed it, whereas before, it's really just sort of the cadence of the, of the, of the discussion. So there's, it's a lot more in depth for the, for the audience. 


Jason Pufahl  03:47

And you know, we, I guess maybe a plug for YouTube to some degree as well, that our data is better. So it is easier to understand, you know, how, how much are people listening? You know, is there a spot where people are dropping off? And can we address that, like, it actually gives us now, the ability to tailor these to more what people want, which I think is a big deal, but that'll get us to the top 4% or 3%? Right? This is the goal. Right? So, so that was my first episode. I'm not sure. What do you guys want to show?


Steven Maresca  04:13

I don't know, just speaking generally. This podcast is our way of expressing our philosophy for engaging with the world, our customers, security as a discipline. And I think it does come through, it matters a lot. Yeah, there's a lot of, you know, selling a fear out there. We try not to do that. And I do hear positive feedback from a lot of customers from a lot of other people that you know, it's appreciated. So I think it's working. 


Michael Grande  04:41

There's a sort of there was a there's a, there's a term in banking, that that went around, and it's still applicable very much today, but I think it sort of works and you know, know your customer, right? If you're familiar with your customer and what's happening, you know, the trends and you know, sort of what to expect. This is a little bit of a flip on that right? It's a little bit about, you know, know who your service provider is, and get to know a little bit more about them and have a great history of understanding both their relationships that we have with a lot of different people and our perspectives. And I think to your point, right, well, how do we approach things? What are our core values? And, you know, what do we stick to? And what do we try to deliver it for every engagement and beyond that, right, because we bring in a lot of folks who maybe are in the competitive space, we're open to those things in partnerships. So it's been great.


Jason Pufahl  05:27

But so and we just had that two day planning session that we worked on. And one of the words that came out during that was everybody, we feel like everybody has a lot of virtue, right? Virtuous company, we care a lot about the way we engage with clients. It's interesting, as I have some, frankly, sales discussions with people now when we talk about our desire to be impactful to educate, etcetera, you can refer to something like this, right? And it just drives home, that idea of being virtuous, like, not only are we saying, hey, if we have a conversation it's going to be informative, it's going to be educative. And we're not necessarily pushing hard on the sales side. And by the way, here's things that we do that demonstrate our commitment to the education process, which is important to me.


Steven Maresca  06:08

I feel being able to refer to this, you know, even a year and a half ago has enabled us to engage with people that might have, you know, had questions. You know, it's a way to sort of see what you're getting. 


Jason Pufahl  06:22

So I know, I know that what Steve's favorite, favorite themes without a doubt, are the holiday the holiday themes. Oh, without a doubt, what do you call them?


Steven Maresca  06:33

I call them the goofball, groan-worthy, I don't know,


Jason Pufahl  06:37

I saw I loved the I put Tech in a Top Hat as one of the things I think that that sort of recent one around AI, I just got a kick out of personally,


Steven Maresca  06:47

You know, Frosty first came around maybe in the 1950s. And you have to remember, the military industrial complex after World War Two was idle, it needed a lot of support. They had to transition somehow. This was a skunkworks project. And if you don't know about a skunkworks project, it's really, you know, kind of a dark research opportunity. It's where your YouTube planes were developed. Frosty is one of them. He's a weapon. Yeah, absolutely. Well, it depends how you look at it. Right? You know, the public record, may present one visible, he seems like a good natured, right. He's bringing joy, hey, propaganda is a really strong thing. You have to present an outward positive image.


Jason Pufahl  07:35

But you know, going back even further, we had the, the Santa Claus is Coming to Town. And that was the first attempt at saying, hey, let's do something fun for Christmas. I think we've done a couple of Christmas episodes, Valentine's Day, Independence Day, right? Those are fun. Honestly, I think they're just fun. 


Steven Maresca  07:52

I really enjoyed the, How Does Santa REALLY Know What to Bring You? That was, could have gone off the rails, but it was OK.


Jason Pufahl  08:01

I mean, and I think, you know, I'll say maybe you weren't so enthusiastic with the Santa episode way back when, but you brought your A game for Tech in a Top Hat, right and your thinking around, and we'll probably play a snippet of the thinking around Frosty as part of like a government conspiracy.


Michael Grande  08:01

And I think I took a lot of guidance. I would say from that episode, in our most one of our very recent Valentine's Day episodes, where, you know, when you really start to apply some thought to when you want to know a lot about your significant other? Well, there's a lot of ways to do that. So I felt a little sinister after, I was great. Love weapon from a military industrial complex.


Jason Pufahl  08:47

We're a serious business.


Michael Grande  08:49

And we've had some really great guests also, especially, you know, over the last, really guests throughout, but we've learned so much from them and some of the services they offer, you know, from, you know, the state senators talking about AI and legislation to, you know, open banking with a company as large as MasterCard, all the way to more local considerations with CBIA and Christi Vatima joining us, it's just been, you know, it's been great to have some flavor and some, you know, additional light outside of just paid strictly cybersecurity issues, right. How are things affecting different lines of business?


Steven Maresca  09:33

And we're not the experts in everything. We want to actually engage with the people who are and have them heard.


Jason Pufahl  09:38

Yeah, yeah. You know, one of my one of my takeaways because we have, you know, Bill Roberts that we talked about, right, sort of that legal side, ManufactureCT will be coming up. From a format standpoint, we expect to do more guest speaking. I think what I didn't expect when we started this was how everybody kind of wants to participate in a podcast. I think generally, when we ask people the response is, hey, that sounds, that sounds neat. I'd like to join. And I think that's a fun aspect of this, getting to meet people that you otherwise might not have sort of some of these conversations. 


Michael Grande  10:12

Having some conversations that, you know, are probably, as you just said, sort of outside of our normal comfort zone, learning, and bringing that to our audience. 


Steven Maresca  10:20

I think it's also enjoyable to share stories in an expertise with people who understand that we are curious, yes. And recognize that they are experts in the field, because they just want to share with others and guide and do exactly what we're trying to do too, it kind of resonates mutually.


Jason Pufahl  10:40

Yeah, but it's a complex space. So, anything we can do to help, right. The maybe another one that I wanted to call out, here honestly might not be the most exciting episode we ever did. But we did it twice, which was the security fundamentals. And, you know, we certainly talked about patching and vulnerability management. Basically, totally free, a lot of this stuff is actually built right into your, your operating system. So the systems you run, discuss, have conversations around security threats, right security awareness training internally, it can be made complicated, it can be really easy. If you just have some basic conversations, focus a little bit on phishing, make sure folks understand data privacy requirements for sure. Talk about credential management, password management, look at multi factor two factor, right, there's a variety of ways to describe that. Really, I think two factors become such a standard now that we want people to utilize that. Obviously, backup your data, I think the idea of having a business impact analysis, even if it's a discussion around the conference room table with the people who know something about the business, do that and take steps accordingly. And then look at your AV or or EDR. Right. EDR being the gold standard, if you can potentially afford it. The reason I thought that that was kind of an important one to speak to was it's just so relevant still, I listened to it. And in preparation for this and everything we talked about two years ago, and then basically one year ago, for many businesses still applies today. And it's just, it's got takeaways, right I really like, 


Steven Maresca  12:16

I mean, security fundamentals, or even well expressed in a mature organization, things that need nurturing, they compensate, erode, you know, people change, staff rotates, technology shift, it never really ends. I think we'll revisit it again, candidly.


Jason Pufahl  12:34

Yeah. Yeah. Probably. And maybe they'll maybe we'll add one to that. 


Steven Maresca  12:37

Sure, I really enjoyed talking about finding privacy in public data.


Jason Pufahl  12:44

Be informed, understand. In this case, right, we're not talking about private sites, right, understand how data in the public domain is created and stored and what you might be, what might be out there about you, and, and kind of, you'll find your comfort level, because I think you do have some recourse if you do want to get if you do want to ask for some of it to be expanded, perhaps, but determine what your comfort level is, and make some decisions around the data that you have out there.


Steven Maresca  13:10

There's, there's something enjoyable about trying to translate things that are just out of reach for the average person. You know, everyone that, you know, in your social sphere probably has made a comment like, hey, you know, I got an advertisement on my phone. I was talking about it just before that, but, but how does that happen? You know, talking about some of that, and revealing whether that's a true, a true thing, or if it's more of a serendipitous alignment of data, I don't know. But that was a good episode, because we gave some pointers about how to regain control over your personal data, how to clamp down on, you know, some of the stuff that people don't know about unless they're guided to it. Right.


Michael Grande  13:54

And just the recently, the 23andMe episode regarding Privacy and Disclosure and sort of where the position a large company may take that may be divergent from what you'd expect, in some cases. You know, that was, was enlightening for me participating in that, you know, one of the other areas, and I think it's just been trending, obviously, everywhere, right? Is is AI, and I don't know the number. It's gotta be three, four or five episodes that we've done?


Jason Pufahl  14:22

We're gonna record another one on AI Privacy soon. 


Steven Maresca  14:25

Even some prior to that, that we didn't call AI but were more machine learning.


Michael Grande  14:29

Right. Yeah, it's just it's it's, it's expanded. It's in the public purview. And it's amazing to think that in November of 2023, maybe October, I don't know that it was as commonly discussed in general circles. And then, you know, that release comes out of ChatGPT. And what's happening, and then it's just been an onslaught since then. 


Steven Maresca  14:51

It's true. Yeah.


Jason Pufahl  14:52

Yeah. And that actually, that's one of the hard things about this podcast, because if we really go back, you mentioned machine learning. We did have a podcast where we do you, me and Matt really sort of said, AI? You know, it's kind of just machine learning. We weren't quite as bullish, as I'd say two years later. 


Steven Maresca  15:09

All the same, I don't feel that the statements made them.


Jason Pufahl  15:13

Totally appropriate. 


Steven Maresca  15:14

I think they're still accurate today. It's a matter of understanding the technology and whether it's applicable or useful, and trying to interpret reality from marketing.


Jason Pufahl  15:26

In this, in this kind of format, like what you say, you know, it stays there for two years. And people can say, well, it's true. Two years ago, they said this, and now they're saying this, 


Steven Maresca  15:33

But looking back, I don't feel that we missed the mark, even even if we shifted the terminology to what, you know, became a common subject of generative AI.


Jason Pufahl  15:43

With maybe a little more enthusiasm, at least on my part, I'll say that, yeah.


Steven Maresca  15:46

At the time, in the market, things were a little more immature. Yeah, sure. Things changed.


Michael Grande  15:51

Now, one of the key aspects of our business, one of our capabilities, and I think something that was brought in was, you know, experiencing a breach or an attack. And I think we had an episode. You know, what, you know, what the first 48 hours was like?


Jason Pufahl  16:07

Yeah. I think that one of the things that we've see so often is when incidences begin, nobody's really sure what the what the correct next steps always are, right. And in my opinion, often tend to wait a little too long, kind of hoping things might resolve themselves, or maybe they can deal with them on that case by case basis. You know, a lot of times we see them just sort of grow in complexity and ultimately turn to that bigger event.


Matt Fusaro  16:32

Or it's the knee jerk reaction on everything had shut off. Right. Yeah. Which is, I mean, it's worth noting, it's tried to avoid that if you if you are feeling very nervous about something that's happened. Unplugging network cables, that's probably okay. We like to keep machines on if you don't turn it off, so that when you do have someone come in, we there's something for us to look at. 


Steven Maresca  16:54

And I enjoyed that episode quite a bit. We've done a lot of incident response, people in that moment, panic, and there's real urgency in trying to regain calm and control and be collected and make decisions in a clean, informed way. That episode, I think, did a really decent job about outlining the steps that our organization should take to produce a good outcome, in what what could be an otherwise unpleasant event really,


Michael Grande  17:23

It really outlined are what you refer to it like our core philosophy.


Steven Maresca  17:26

Yeah, in that episode, you know, just to restate it here, if others haven't heard it comes from us performing incident response many, many, many, many, many times.


Jason Pufahl  17:38

Yeah, but I think so we're, we're avoiding those episodes, you don't really like a few of them. But I actually think we have fewer of them now. I feel like if I were to look back, there were definitely a handful, for sure you and I walked out saying hopefully that one resonates, we're not sure. And I think we've got better now at understanding who's reasonable guests to bring on, what reasonable topics are, probably broadened things a little bit. We had the episode, I forget what we call it about with Darren that was kind of more of like business and financial protection, licensed insurance. Yeah, we've gotten further afield from pure security to more risk management stuff, which, which I also think is really good. Yeah.


Michael Grande  18:13

And it was sort of expanding our scope. And again, bringing different layers of what could be complex subject matters to art to the audience. You know, I think that might be a good segue, just to think about, you talked about the evolution of the show, certainly, technically, we've done a lot. But the people, I mean, there's a lot of people participating in this process outside of us. And shout out to Matt Fusaro, who isn't available for our episode today. Yeah, it was too bad. But certainly a core a core member of what we've been able to do with CyberSound. But you know, it's been, it's expanded, you know, sort of like a little bit of a production. We've got our own production. 


Steven Maresca  18:54

I think there's somewhere in the neighborhood of 12 people who are involved in some capacity on a regular basis. 


Jason Pufahl  19:01

Finding topics, producing. We've got internal support with Olivier now doing some recording. I mean, we're adding we're adding people internally now to help, it's a labor of love. Ultimately, I think we've talked a couple of times around you, it's fair amount of effort. And every time we roll in, it's alright, we've got we've got work to do. Yeah, we're here because we like doing it. And I and, you know, I think one of the things that if I were gonna say, maybe more in closing, we really do care to make this a useful podcast for people, right. And we want people to get the value out of it. They're putting 15, 20, 25 minutes into it. We want them to get value out of it. So topic ideas, we're wide open. Yeah. You know, if you think you want to join, let us know. We're happy to chat with you on that. But our goal is to make this valuable, continue making it valuable continuing to improve it. I think we've we've done a lot to mature it. Maybe from production, the only thing I would say is maybe a bigger room by people. So we didn't know I'd have to say, right. But otherwise, we've come a long way.


Michael Grande  20:04

Yeah. Well, I'll extend some thanks to both of you, Jason for for I think, coming up, the idea came out somewhere. 


Steven Maresca  20:13

We talked about it for a good 10 years.


Jason Pufahl  20:15

I mean, this was a, this was a New Park, our marketing company that we work with suggested doing it. And I said, oh, that sounds great. And I don't know if I knew what I was getting into.


Michael Grande  20:24

A trial balloon. Yeah. No, but both of you. And of course, Matt, sort of building the setting the building blocks of what we have now and are really fantastic guests that we've been able to bring in. And we have a lot more coming, which is really exciting. A lot of cool topics on the agenda. So it'll be really exciting. Another 2024, 2025 and on. Yeah, 100 episodes, we're gonna look back on that. 


Jason Pufahl  20:50

Top 2% of 200 episodes. So that means you gotta have goals. So well, I want to thank both of you for participating. Because it is work for sure. Yeah. But I think it's good work. And, you know, we're getting enough people now to watch it that I think we're I'm feeling some amount of like recognition, frankly.


Steven Maresca  21:07

And thanks also to anyone who has provided feedback. I mean, most importantly, I've received it from many. I appreciate that.


Michael Grande  21:14

Thanks to the audience. And always we were supposed to say like, hit the like button. 


Jason Pufahl  21:20

That was what Brian said. Smash that like button!


Michael Grande  21:23

Although we're not surprised, maybe we're not supposed to. 


Jason Pufahl  21:25

I don't know. I got I got a lot of play internally. That's exactly, yeah. Yeah, of course. Thanks, everybody, for listening. We appreciate it. We're all ears for topics, feedback, good and bad. Anything we can do to improve. Alright, thanks, guys. 


21:41

We'd love to hear your feedback. Feel free to get in touch at Vancord on LinkedIn. And remember, stay vigilant, stay resilient. This has been CyberSound.