Exploring Information Security - Exploring Information Security
Timothy De Block
100 episodes
3 days ago
Summary:
In this episode, Timothy De Block sits down with a panel of cybersecurity leaders—Chris Anderson, Roger Brotz, and Mike Vetri—to discuss the realities of moving from "boots on the ground" technical roles to senior leadership. The conversation explores the challenges of letting go of the keyboard, the critical importance of emotional intelligence, and why "empathy" is a high-performance tool in a high-stress industry.
Meet the Panel
Chris Anderson: Security Consultant and Architect known for his "pot-stirring" approach to solving complex organizational security problems.
Roger Brotz: CISO at Arcadia Healthcare with over four decades of experience, starting his journey in 1977.
Mike Vetri: Senior Director of Security Operations at Veeva and former Air Force cyber operations officer.
Main Topics & Key Takeaways
The "Passion" to Lead
The panel dives into the true meaning of leadership, noting that the word "passion" stems from the Latin word for "suffering". Leading a cyber team means being willing to suffer through mistakes and high-pressure incidents alongside your team.
Empathy as a Business Metric
Mike shares a pivotal study indicating that leaders who embrace emotional intelligence and empathy often exceed their annual revenue goals by 20%. Conversely, a lack of empathy directly correlates to high burnout and employee turnover.
Learning to Fail Fast
The leaders recount personal failures, from failing to recognize team burnout during 16-hour-a-day incident responses to the "pride" of holding onto technical tasks for too long. They emphasize that failure is not a roadblock but a necessary inflection point for growth.
Bridging the Gap: Technical vs. Business
A major challenge for new leaders is translating "this is bad" into actionable business risk. Leaders must learn to speak the language of the boardroom, focusing on profit protection and risk management rather than just technical vulnerabilities.
Actionable Advice for Aspiring Leaders
Set Boundaries Early: Don't let your job intrude on your personal life until it's too late; once you establish a habit of always being available, it’s hard to pull back.
Find Your Barometer: Use a spouse or a trusted peer as a "barometer" to tell you when your stress levels are negatively impacting your leadership style.
Work-Life Harmony: Move away from the idea of a perfect "50/50 balance" and strive for harmony where your professional and personal lives can coexist.
All content for Exploring Information Security - Exploring Information Security is the property of Timothy De Block and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Summary:
In this episode, Timothy De Block sits down with a panel of cybersecurity leaders—Chris Anderson, Roger Brotz, and Mike Vetri—to discuss the realities of moving from "boots on the ground" technical roles to senior leadership. The conversation explores the challenges of letting go of the keyboard, the critical importance of emotional intelligence, and why "empathy" is a high-performance tool in a high-stress industry.
Meet the Panel
Chris Anderson: Security Consultant and Architect known for his "pot-stirring" approach to solving complex organizational security problems.
Roger Brotz: CISO at Arcadia Healthcare with over four decades of experience, starting his journey in 1977.
Mike Vetri: Senior Director of Security Operations at Veeva and former Air Force cyber operations officer.
Main Topics & Key Takeaways
The "Passion" to Lead
The panel dives into the true meaning of leadership, noting that the word "passion" stems from the Latin word for "suffering". Leading a cyber team means being willing to suffer through mistakes and high-pressure incidents alongside your team.
Empathy as a Business Metric
Mike shares a pivotal study indicating that leaders who embrace emotional intelligence and empathy often exceed their annual revenue goals by 20%. Conversely, a lack of empathy directly correlates to high burnout and employee turnover.
Learning to Fail Fast
The leaders recount personal failures, from failing to recognize team burnout during 16-hour-a-day incident responses to the "pride" of holding onto technical tasks for too long. They emphasize that failure is not a roadblock but a necessary inflection point for growth.
Bridging the Gap: Technical vs. Business
A major challenge for new leaders is translating "this is bad" into actionable business risk. Leaders must learn to speak the language of the boardroom, focusing on profit protection and risk management rather than just technical vulnerabilities.
Actionable Advice for Aspiring Leaders
Set Boundaries Early: Don't let your job intrude on your personal life until it's too late; once you establish a habit of always being available, it’s hard to pull back.
Find Your Barometer: Use a spouse or a trusted peer as a "barometer" to tell you when your stress levels are negatively impacting your leadership style.
Work-Life Harmony: Move away from the idea of a perfect "50/50 balance" and strive for harmony where your professional and personal lives can coexist.
LIVE: Unraveling the SharePoint Zero-Day Exploit (CVE-2025-53770)
Exploring Information Security - Exploring Information Security
38 minutes 27 seconds
4 months ago
LIVE: Unraveling the SharePoint Zero-Day Exploit (CVE-2025-53770)
Summary:
Link to the live recording: https://www.youtube.com/live/DHbGpRtDvIw?si=h6tHumVLrl3HOgq0
Join Timothy De Block and special guest Ben Miller for a deep dive into the SharePoint zero-day exploit, CVE-2025-53770. This episode breaks down the technical details of the "goofy authentication bypass" and its serious implications for on-premise systems. The discussion also expands into broader topics, including the critical role of human intelligence in security, the shift to Managed Security Service Providers (MSSPs), and the importance of addressing business processes and mental health in the industry.
Key Takeaways
The SharePoint Exploit (CVE-2025-53770): Ben Miller describes this vulnerability as an unauthenticated "zero-click" exploit that requires no user interaction. It's a "goofy authentication bypass" that allows an attacker to gain full control of an on-premise SharePoint server by simply sending a web request. Once an attacker gains access, they can steal keys and maintain persistent control.
On-Premise vs. Cloud: The vulnerability primarily affects on-premise SharePoint servers, which are managed directly by businesses. Ben explains that even organizations that have moved their systems to a cloud like Azure might still be vulnerable if they've retained old, vulnerable configurations.
Challenges with Detection and Remediation: Many businesses lack adequate logging and internal threat hunters, making it nearly impossible to detect if a breach occurred. The widespread use of SharePoint makes its vulnerabilities particularly dangerous, and entrenched intruders can be so difficult to remove that they may require a complete system overhaul.
The Human Element in Security: The speakers discuss how humans are the "trust link" and "determiner" in a security program, not just the weakest link. If one person's single action can compromise a system, it points to a process problem, not a human one. The episode also highlights the powerful role of social engineering, even with something as simple as using food to gain access to a network.
MSSPs and Career Advice: The conversation touches on the growing trend of organizations using Managed Security Service Providers (MSSPs) for their security operations. Ben suggests that MSSPs are a great entry point for aspiring security professionals, as they provide broad exposure to a variety of incidents. For long-term career success, Ben advises being able to translate security needs into business sense and becoming an expert in your field.
Community and Mental Health: Ben and Timothy encourage listeners to attend the BSides St. Louis conference on September 27th. Timothy even offered to pay for a ticket for anyone who can't afford it. The episode concludes with a discussion on mental health, with Ben encouraging people to view therapy as "a form of hygiene" and to seek help when needed.
Connect with Ben Miller & BSides St. Louis:
Website: bsidesstl.org
Event Date: September 27th
Event Location: Washington University's McKelvey School of Engineering
Exploring Information Security - Exploring Information Security
Summary:
In this episode, Timothy De Block sits down with a panel of cybersecurity leaders—Chris Anderson, Roger Brotz, and Mike Vetri—to discuss the realities of moving from "boots on the ground" technical roles to senior leadership. The conversation explores the challenges of letting go of the keyboard, the critical importance of emotional intelligence, and why "empathy" is a high-performance tool in a high-stress industry.
Meet the Panel
Chris Anderson: Security Consultant and Architect known for his "pot-stirring" approach to solving complex organizational security problems.
Roger Brotz: CISO at Arcadia Healthcare with over four decades of experience, starting his journey in 1977.
Mike Vetri: Senior Director of Security Operations at Veeva and former Air Force cyber operations officer.
Main Topics & Key Takeaways
The "Passion" to Lead
The panel dives into the true meaning of leadership, noting that the word "passion" stems from the Latin word for "suffering". Leading a cyber team means being willing to suffer through mistakes and high-pressure incidents alongside your team.
Empathy as a Business Metric
Mike shares a pivotal study indicating that leaders who embrace emotional intelligence and empathy often exceed their annual revenue goals by 20%. Conversely, a lack of empathy directly correlates to high burnout and employee turnover.
Learning to Fail Fast
The leaders recount personal failures, from failing to recognize team burnout during 16-hour-a-day incident responses to the "pride" of holding onto technical tasks for too long. They emphasize that failure is not a roadblock but a necessary inflection point for growth.
Bridging the Gap: Technical vs. Business
A major challenge for new leaders is translating "this is bad" into actionable business risk. Leaders must learn to speak the language of the boardroom, focusing on profit protection and risk management rather than just technical vulnerabilities.
Actionable Advice for Aspiring Leaders
Set Boundaries Early: Don't let your job intrude on your personal life until it's too late; once you establish a habit of always being available, it’s hard to pull back.
Find Your Barometer: Use a spouse or a trusted peer as a "barometer" to tell you when your stress levels are negatively impacting your leadership style.
Work-Life Harmony: Move away from the idea of a perfect "50/50 balance" and strive for harmony where your professional and personal lives can coexist.
