About the Guest:
Jeff Man is a seasoned professional in the cybersecurity industry, with a rich history in penetration testing and security. He began his career at the National Security Agency (NSA) and has since become renowned for his expertise and contributions to the field. Jeff is also a co-host on Paul Security Weekly and frequently shares his insights at notable security conferences. His vast experience and deep understanding of the industry's evolution make him a respected figure in cybersecurity.
Episode Summary:
In this captivating episode of the Phillip Wylie Show, host Phillip Wylie welcomes cybersecurity veteran Jeff Man. Known for his storied career starting at the NSA, Jeff dives into his unique hacker origin story and the evolution of penetration testing. This episode is packed with insights, anecdotes, and practical advice for anyone interested in the cybersecurity landscape.
Jeff Man shares his early experiences working at NSA, highlighting key moments such as his involvement in creating the first software-based cryptosystem. He delves into the early days of penetration testing, describing how methodologies and technologies have transformed over the years. Jeff also discusses the importance of understanding penetration testing's true objectives and offers guidance on how organizations can maximize the value of these tests. His reflections on the cybersecurity community, vendor relationships, and the need for precise terminology provide valuable perspectives for practitioners and enthusiasts alike.
Key Takeaways:
• Jeff's Striking Background: Learn about Jeff Man's remarkable career trajectory, from his start at the NSA to his present role as a cybersecurity expert and podcaster.
• Evolution of Pen Testing: Understand the shifts in penetration testing methods, technologies, and industry perceptions over the past three decades.
• Maximizing Pen Test Effectiveness: Discover practical advice on how organizations can make the most out of their penetration testing efforts by setting clear objectives and collaborating with trusted advisors.
• Cybersecurity Insights: Jeff emphasizes the importance of understanding and correctly using industry terminology and the value of a comprehensive security program.
• Community and Learning: Hear Jeff's thoughts on the cybersecurity community, including his participation in conferences and his ongoing mission to educate and mentor upcoming professionals.
Notable Quotes:
• "I've always tried to ascribe to that. You might lose something in the near term by saying, well, what we have really isn't the best thing for you right now."
• "Pen testers are the unsung heroes of the industry, often with relatively boring stories, but they are crucial to the security landscape."
• "Very rarely do I see a pen test report that's actually, we tried to break in, or we tried to gain access, or we tried to gain unannounced access."
• "I've always been a consultant. I've always been sort of in this trusted advisor role."
• "And I have clients that I've been working with now for 15, 20, 25 years. Not all the time, but when they need something, they're like, hey, let me give Jeff a call and see what he has to say."
Resources:
Jeff Man LinkedIn: https://www.linkedin.com/in/jeffreyeman/
Jeff Man X(formerly Twitter): https://x.com/MrJeffMan
Jeff Man on Paul Security Weekly: https://www.scmagazine.com/security-weekly