CYBR.SEC.CAST

Cybersecurity has built its learning model around breaches, but as Wendy Nather explains, the real value lies in the incidents that almost happened. In this CYBR.SEC.CAST episode with hosts Michael Farnum and Sam Van Ryder, she makes the case for shifting focus to near-misses: the attacks stopped by a single decision, control, or moment of awareness. These unseen saves reveal how defenses actually work in real time, yet they rarely get shared due to trust, legal, and cultural barriers. Until the industry starts capturing and learning from these quieter wins, it will continue optimizing for failure instead of understanding success.
SHOW NOTES:
Things Mentioned:
The Security Poverty Line: https://www.scrut.io/post/risk-grustlers-ep-20-the-security-poverty-line
1Password talks and expo activity during RSAC 2026: https://1password.com/blog/rsa-2026-leading-the-way-to-secure-agentic-ai
Upcoming CYBR.SEC.Community events: https://www.cybrsecmedia.com/conference/
CYBR.SEC.Careers: https://www.linkedin.com/company/cybr-sec-careers/about/ fundraisers:Cards for a Cause: https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz
CYBR CLAY SHOOT: https://www.linkedin.com/posts/cybr-sec-careers_cybrclayshoot-cybersecurity-cybercareers-activity-7435353518951084033-1iw9
Proceeds support CYBR.SEC.Careers mission is to build a strong, diverse workforce by providing career exposure, access to education and certifications, and mentorship for students and veterans pursuing careers in cybersecurity.

EPISODE 66 Timestamps:
00:00 – 01:30 – Intro, guest setup, and Wendy Nather background
01:30 – 07:00 – CyberSecCon announcements and community initiatives
07:00 – 09:30 – Wendy’s early career: liberal arts → sysadmin → Switzerland
09:30 – 12:30 – Transition into cybersecurity and global security leadership
12:30 – 15:30 – Analyst career, Duo Security, Cisco, and 1Password
15:30 – 18:30 – Career philosophy: ditching the ladder, focusing on impact
18:30 – 22:00 – Current role: advising, speaking, training, and strategy work
22:00 – 25:30 – RSA talk intro: “Less Blood, More Bits” concept
25:30 – 31:00 – The power of near-miss stories and why they matter
31:00 – 36:00 – Real-world near-miss examples and lessons learned
36:00 – 41:00 – Threat intelligence sharing challenges and trust barriers
41:00 – 45:00 – ISACs vs. informal “steak and ale” intelligence sharing
45:00 – 49:00 – Why scaling trust and sharing remains unsolved
49:00 – End – Wrap-up and closing thoughts
Do you have a question for the hosts? Reach out to us at [email protected]

In this episode, hosts Michael Farnum and Sam Van Ryder sit down with Valerie Moon, Executive Director of the Institute for Critical Infrastructure Technology (ICIT) for a wide-ranging discussion about cybersecurity policy, workforce development, and the growing threats facing critical infrastructure.
Things Mentioned:
Website for ICIT: https://www.icitech.org/
Upcoming CYBR.SEC.Community events: https://www.cybrsecmedia.com/conference/
CYBR.SEC.Careers: https://www.linkedin.com/company/cybr-sec-careers/about/ fundraisers:
Cards for a Cause: https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz
CYBR CLAY SHOOT: https://www.linkedin.com/posts/cybr-sec-careers_cybrclayshoot-cybersecurity-cybercareers-activity-7435353518951084033-1iw9
Proceeds support CYBR.SEC.Careers mission is to build a strong, diverse workforce by providing career exposure, access to education and certifications, and mentorship for students and veterans pursuing careers in cybersecurity.
Do you have a question for the hosts? Reach out to us at [email protected] 
Keep up with CYBR.SEC.CON.:
LinkedIn
X
Facebook
Instagram
Keep up with CYBR.SEC.Media:
LinkedIn
X
Facebook
Instagram
Check out our Conferences and Events:
CYBR.SEC.CON.
OT.SEC.CON.
CYBR.HAK.CON.
EXEC.SEC.CON.
CSC User Group
Support CYBR.SEC.Careers Non-Profit Efforts
CYBR.SEC.Careers
Apply to the CYBR.SEC.Careers Scholarship
Taylor Austin Broussard Memorial Scholarship
Listen to our other show:
CYBR.HAK.CAST
Thank you to our Media Partners:
CYBR.SEC.CON. and OT.SEC.CON. 
OGGN (Oil & Gas Global Network)
UtilSec
CYBR.SEC.CON. and CYBR.HAK.CON. 
BarCode Podcast
Cyber Distortion Podcast

Dragos CEO and U.S. National Guard Lt. Col. Rob Lee joins hosts Michael Farnum and Sam Van Ryder to discuss why he returned to military service, the growing cyber threats to critical infrastructure, and the role exercises like Cyber Fortress play in preparing both government and private sector operators for real-world cyber incidents. 
SHOW NOTES:
Things Mentioned:
Cyber Fortress 2026: https://va.ng.mil/Cyber-Fortress/
Upcoming CYBR.SEC.Community events: https://www.cybrsecmedia.com/conference/
CYBR.SEC.Careers: https://www.linkedin.com/company/cybr-sec-careers/about/ fundraisers:Cards for a Cause: https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz
CYBR CLAY SHOOT: https://www.linkedin.com/posts/cybr-sec-careers_cybrclayshoot-cybersecurity-cybercareers-activity-7435353518951084033-1iw9
Proceeds support CYBR.SEC.Careers mission is to build a strong, diverse workforce by providing career exposure, access to education and certifications, and mentorship for students and veterans pursuing careers in cybersecurity.

Episode 64 Timestamps:
6:48 – Why Lee returned to military service
Lee explains how calls from government and military leaders prompted him to return to the National Guard to help address unresolved questions around defending operational technology (OT) during conflict.
9:33 – Role in the 91st Cyber Brigade
Lee describes his position as executive officer and the mission of the Army National Guard’s cyber brigade.
14:52 – Cyber Fortress exercise explained
Lee walks through the origins of Cyber Fortress and how it evolved from a state-level exercise into a broader operational technology training environment.
17:53 – How Cyber Fortress works
The exercise combines training, red-team simulations, and participation from infrastructure operators to practice responding to real OT cyber incidents.
20:10 – Cyber conflict and civilian infrastructure
Lee discusses the growing risk of state actors targeting hospitals, utilities, and other civilian infrastructure.
24:23 – Cyber attacks that lead to loss of life
Lee argues the cybersecurity community must acknowledge that cyber operations have already contributed to real-world deaths.
27:04 – The role of cyber in modern warfare
The discussion explores how cyber capabilities are increasingly intertwined with traditional military conflict.
Do you have a question for the hosts? Reach out to us at [email protected]

In this episode of CYBR.SEC.CAST, the hosts sit down with Dr. Kelley Misata, CEO of Sightline Security, to explore the often-overlooked cybersecurity challenges facing nonprofit organizations. Misata shares her powerful origin story — how a personal experience with cyberstalking led her to pursue a PhD in cybersecurity and ultimately launch a nonprofit dedicated to helping mission-driven organizations assess and improve their security posture.

She also discusses the misconceptions surrounding nonprofit cybersecurity, the communication gap between security professionals and nonprofit leaders, and why “nonprofit” is simply a tax designation, not a reflection of an organization’s sophistication or risk exposure.

Misata also explains how Sightline Security’s Kickstart program, built around a simplified interpretation of the NIST Cybersecurity Framework, helps nonprofits identify practical security priorities and build sustainable cyber resilience.

SHOW NOTES:
Things Mentioned:
Website for Sightline Security: https://sightlinesecurity.org/
Kickstarter program: https://sightlinesecurity.org/kickstart
Upcoming CYBR.SEC.Community events: https://www.cybrsecmedia.com/conference/
CYBR.SEC.Careers: https://www.linkedin.com/company/cybr-sec-careers/about/ fundraisers:
Cards for a Cause: https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz
CYBR CLAY SHOOT: https://www.linkedin.com/posts/cybr-sec-careers_cybrclayshoot-cybersecurity-cybercareers-activity-7435353518951084033-1iw9
Proceeds support CYBR.SEC.Careers mission is to build a strong, diverse workforce by providing career exposure, access to education and certifications, and mentorship for students and veterans pursuing careers in cybersecurity.

EPISODE 63 Timestamps:
4:14 – Kelley Misata’s origin story
Dr. Misata explains how she unexpectedly entered cybersecurity after being the victim of cyberstalking while working at a technology company.
5:25 – Turning a personal crisis into a cybersecurity PhD
Instead of retreating from the experience, Misata pursued a PhD in cybersecurity to better understand how the technology behind the attacks worked.
6:09 – Early work with the Tor Project and open source security
Her research journey led to working with the Tor Project and later serving as president of the Open Information Security Foundation.
6:27 – Researching cybersecurity risks facing nonprofits
Misata describes her doctoral research studying nonprofits that assist domestic violence and human trafficking victims, focusing on how organizations protect both their operations and the people they serve.
8:44 – The moment she realized nonprofits cared about cybersecurity
Her dissertation survey received far more responses than expected, revealing that nonprofit organizations were eager to engage on cybersecurity issues.
9:00 – From dissertation to mission: founding Sightline Security
Encouraged by colleagues, Misata launched Sightline Security in 2018 to help nonprofits understand and assess their cybersecurity posture.
12:00 – Debunking the “security poverty line” myth
Misata explains that nonprofits aren’t necessarily under-resourced—they simply operate under different financial and operational models than traditional businesses.
14:24 – The communication gap between security pros and nonprofits
She shares an example where security practitioners assumed nonprofits lacked basic controls, but the real issue was simply a language mismatch around security terminology.
16:09 – The wide range of nonprofit cybersecurity maturity
Nonprofits span the entire spectrum—from small volunteer organizations to large institutions with enterprise-level infrastructure and IT teams.
19:57 – Why “nonprofit” is just a

Phil and Michael are joined by Kevin Pentecost, Information Security Director at SMP and co-host of the Cyber Distortion podcast, and co-host Jason Papillon, Founder & CEO of Cipher Nova.