Episode 85: Supply Chain Attacks and Hacking Diversity with Leon Johnson

In this week’s Podcast (#85), we’re joined by Adam Meyers of the firm CrowdStrike to talk about that company’s Global Threat Report for 2018. Also: we continue our observation of Black History Month in the US by talking to prominent information security professionals from the black community. This week, our guest is Leon Johnson, a principal pen tester at the firm Rapid 7 about becoming the first person in his family to go to college and then finding his way to information security.

Supply Chain Attacks on Tap

The last 12 months brought some of the most severe and damaging cyber attacks in history. Malware like WannaCry and NotPetya crippled hospitals, shipping firms and thousands of small businesses across Europe, Russia, Asia and North America.

What does 2018 hold in store? To find out, we invited Adam Meyers of the firm CrowdStrike in to talk to us about that company’s Global Threat Report for 2018.  CrowdStrike has done some of the most pointed research on advanced persistent threat groups, including the Russian state sponsored groups like Fancy Bear that attacked the US Presidential campaign of Hillary Clinton.

Meyers said that among the most concerning trends is the uptick in so-called supply chain attacks, in which legitimate software firms are targeted by hackers and used to distribute malicious code in the form of seemingly legitimate software updates.

Hacking Diversity with Pen Tester Leon Johnson

You don’t need a demographer to tell you that the information security industry has a crippling diversity problem. One look out at the sea of white, bearded faces at any security event should be enough. By official estimates, just three percent of Information security professionals are black, even though 12 percent of the US population is. In recognition of Black History Month in February.

Still, there are still black professionals surviving and thriving in the information security field. And their stories can help us to understand what draws men and women of color to cyber security -and what keeps them away.

Our guest this week, Leon Johnson, is the principal penetration tester at the security firm Rapid7 and a long time information security professional.

Leon talks about growing up half black and half hispanic in Texas, the son of parents who divorced when he was young and who were not college educated themselves. Leon was the first person in his family to go to college and the road wasn’t always straight or without bumps.

Stubbornness and determination played a key role in his success, Johnson said. But he also credits the help and advice of older security professionals along the way.