Rob Hughes — CISO at RSA and Champion of a Passwordless Future

No Password Required Season 7: Episode 1 - Rob Hughes

Rob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.

Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA’s Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA’s products and corporate environment.

Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.

The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.

Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/

Chapters:

00:00 Introduction to No Password Required

01:43 Meet Rob Hughes, CISO at RSA

02:05 The Role of a CISO in a Security Company

05:09 Transitioning to the CISO Role

08:00 The Early Days of Geek.com

12:14 Launching a Startup During the Dot Com Boom

14:30 The Push for a Passwordless Future

18:21 Tipping Point for Passwordless Adoption

20:20 Ongoing Learning in Cybersecurity

26:09 Managing Stress in High-Pressure Environments

33:46 The Lifestyle Polygraph Begins

34:15 Career Insights in Cybersecurity

36:08 Dream Cars and Personal Preferences

39:58 Underrated Horror Films

41:19 Creating a Cybersecurity Monster

Gina Yacone — Virtual CISO at Trace3 and Roller Derby Penalty Box Visitor

Live from B-Sides Jacksonville, No Password Required welcomes Gina Yacone, Virtual CISO at Trace3. Jack Clabby of Carlton Fields, P.A. and Sarina Gandy, host and producer of the CyberBay Podcast, host a conversation on Gina’s unconventional career path, leadership under pressure, and the power of community in cybersecurity. With career stops in private investigation, digital forensics, and executive security, Gina brings a people-first, purpose-driven perspective to complex cyber risk.

Gina shares how her early work as a private investigator on high-profile criminal defense cases laid the foundation for her success in cybersecurity. She also reflects on raising her hand for big challenges, the rewards and risks of always saying yes, and how authenticity has guided her. She offers insight on why conference hallway conversations can be just as impactful as keynote sessions.

A visible advocate for the cybersecurity community, Gina speaks openly about setting healthy mentorship boundaries and building resilient professional networks.

The episode wraps with the Lifestyle Polygraph, where Gina lightens the mood with stories from her roller derby days, dream Amazing Race partners, and why John Wick might just be the ultimate executive assistant.

Follow Gina on LinkedIn: https://www.linkedin.com/in/ginayacone/

Chapters:

00:00 Introduction to Cybersecurity and B-Sides Jacksonville

01:16 Gina Yacone's Unique Journey to Cybersecurity

06:22 Navigating Burnout in Cybersecurity

08:06 The Importance of Raising Your Hand

10:04 Adapting Leadership Styles in Different Roles

14:03 Being a Role Model for Women in Cybersecurity

16:34 How to Establish a Good Mentee and Mentor Relationship

18:50 Feedback and Constructive Criticism

22:55 The Value of Hallway Conversations

26:19 The Lifestyle Polygraph: Fun and Insights

38:54 Conclusion and Future Connections

Danny Jenkins — Founder of ThreatLocker and the Zero-Trust Revolution

Danny Jenkins is the CEO of ThreatLocker, the leading cybersecurity company that he built alongside his wife. Hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton of the Cognitive Security Institute follow Danny’s journey from a scrappy IT consultant to leading one of the fastest-growing cybersecurity companies in the world.

Danny shares the moment everything changed: watching a small business nearly collapse after a catastrophic ransomware attack. That experience reshaped his mission and ultimately sparked the creation of ThreatLocker. He also reflects on the gritty early days—cold-calling from his living room, coding through the night, and taking on debt before finally landing their first $5,000 customer.

Danny explains the origins of Zero Trust World, his passion for educating IT teams, and why adopting a hacker mindset is essential for modern defenders.

In the Lifestyle Polygraph, Danny relates his early “revenge tech” against school bullies, the place he escapes to when celebrating big wins, and the movie franchise he insists is absolutely a Christmas classic.

Follow Danny on LinkedIn: https://www.linkedin.com/in/dannyjenkins/

00:00 Introduction to Cybersecurity and ThreatLocker

02:26 The Birth of ThreatLocker: A Personal Journey

05:42 The Evolution of Zero Trust Security

08:35 Real-World Impact of Cyber Attacks

11:25 The Importance of a Hacker Mindset

14:46 The Role of SOC Teams in Cybersecurity

17:34 Building a Culture of Security

20:23 Hiring for Passion and Skill in Cybersecurity

23:44 Understanding Zero Trust: Trust No One

26:32 Lifestyle Polygraph: Personal Insights and Fun

29:41 Conclusion and Future of ThreatLocker

Summary

In this episode of No Password Required, host Jack Clabby and Kayley Melton engage with Steve Orrin, the federal CTO at Intel, discussing the evolving landscape of cybersecurity, the importance of diverse teams, and the intersection of technology and security. Steve shares insights from his extensive career, including his experiences in the startup scene, the significance of AI and IoT, and the critical blind spots in cybersecurity practices. The conversation also touches on nurturing talent in technology and offers valuable advice for young professionals entering the field.

Chapters

00:00 Introduction to Cybersecurity and the Edge

01:48 Steve Orrin's Role at Intel

04:51 The Evolution of Security Technology

09:07 The Startup Scene in the 90s

13:00 The Intersection of Biology and Technology

15:52 The Importance of AI and IoT

20:30 Blind Spots in Cybersecurity

25:38 Nurturing Talent in Technology

28:57 Advice for Young Cybersecurity Professionals

32:10 Lifestyle Polygraph: Fun Questions with Steve

Starbucks’ Security Pro Went from Cyber Competitions to Corporate Red Teaming

DeMarcus Williams, a senior security engineer at Starbucks, has built a career defined by creativity, intuition, and persistence. With roles at the U.S. Department of Defense, AWS/Amazon, and now Starbucks, he specializes in offensive security, red teaming, and adversary emulation. In this episode, DeMarcus joins Jack Clabby of Carlton Fields, P.A. and Cyber Florida’s Sarina Gandy (guesting hosting) to share how his love of video games first sparked his cybersecurity journey—and how competitions like the Southeast Collegiate Cyber Defense Competition (SECCDC) cemented his path.

DeMarcus opens up about overcoming imposter syndrome, the unique work-life balance he’s found at Starbucks, and why half of his red teaming comes down to gut instinct. He shares the difference between penetration testing and red teaming, what it’s like preparing for full-scale global operations, and the hacker mindset that still kicks in whenever he walks into a Starbucks café.

In the Lifestyle Polygraph segment, Sarina poses the ultimate face-off: what’s the bigger moment—the walk-up to a boxing ring or to the DEF CON keynote stage? And, between Stone Cold, The Rock, and The Undertaker, who would dominate in a Capture the Flag competition?

Follow DeMarcus on Twitter: https://x.com/medarkus_ @ medarkus_

Chapters

00:00 Introduction to Cybersecurity and Curiosity

02:47 Day-to-Day Life of a Senior Security Engineer

05:30 The Role of Gut Instinct in Cybersecurity

08:31 Early Inspirations and the Journey into Cybersecurity

11:35 The Importance of Competitions in Career Development

14:33 Transitioning from Student to Professional

17:34 The Red Team Experience and Its Impact

20:25 Recruitment Opportunities in Cybersecurity Competitions

23:33 Navigating Corporate Culture in Cybersecurity

26:31 Mentorship and People-First Approach

29:11 Lifestyle Polygraph and Fun Insights

Keywords

cybersecurity, product management, career development, market strategy, customer insights, hacking, music, team building, startup life, risk management

Summary

In this episode of No Password Required, host Jack Clabby and co-host Kayleigh Melton engage in a lively conversation with John Shipp, a product strategist at Rapid7. They explore John's unique journey from a metalhead to a cybersecurity expert, discussing the importance of passion in career development, the intricacies of product management, and the significance of customer insights in shaping cybersecurity solutions. John shares his early experiences in hacking, the influence of music on his life, and the value of building strong teams and company culture. The episode concludes with a fun segment called the Lifestyle Polygraph, where John answers quirky questions about his ideal cyber team and his dream day with Ric Flair.

Takeaways

Being a metalhead prepares you for the boardroom.

You can follow your passion and thrive in your career.

Product management involves understanding customer needs and market dynamics.

Curiosity is a key driver in the tech field.

Great teams are built on strong leadership and culture.

Startup life requires a willingness to take risks.

Networking and building relationships are crucial in cybersecurity.

Understanding your risk appetite is important when considering career moves.

Music can be a significant influence on personal and professional life.

Mentorship and sharing knowledge are vital for growth in the industry.

Titles

From Metal to Management: A Cybersecurity Journey

Passion and Profession: Finding Your Path in Cybersecurity

Sound bites

"You can follow your passion and thrive."

"I learned security at scale."

"Curiosity drives my passion for tech."

Chapters

00:00 Introduction to Cybersecurity and Personal Journeys

02:49 The Role of Passion in Career Development

05:21 Navigating Product Management and Market Strategy

08:23 The Evolution of Cybersecurity Skills

11:37 The Importance of Customer Insights in Product Development

14:35 Early Experiences in Hacking and Cybersecurity

17:24 The Influence of Music on Personal and Professional Life

20:19 Building Teams and Company Culture

23:10 Startup Life and Risk Management

26:08 Lifestyle Polygraph: Fun Questions and Insights

29:13 Final Thoughts and Connections

Keywords

cybersecurity, military transition, Tampa cybersecurity, mentorship, cyber law, incident response, private sector, cybersecurity misconceptions, legal perspectives, cybersecurity growth

Summary

In this episode of No Password Required, hosts Jack Clabby and Kayley Melton sit down with Kurt Sanger — former Deputy General Counsel at U.S. Cyber Command — to talk about the evolving world of cyber law, the wild ride from government service to private sector strategy, and what keeps him grounded in a field that’s constantly shifting. Kurt dives into the fast-growing cybersecurity scene in Tampa, the power of mentorship, and why people still get cyber law so wrong. Plus: insights on responding to incidents under pressure and what role the government should (and shouldn’t) play in the digital fight.

Takeaways

Kurt emphasizes that newcomers to cybersecurity are not as far behind as they think.

The transition from military to private sector can be challenging but rewarding.

Tampa is becoming a significant hub for cybersecurity talent and companies.

Understanding cybersecurity misconceptions is crucial for decision-makers.

Mentorship plays a vital role in navigating career challenges in cybersecurity.

Military and civilian cyber law have distinct differences in enforcement and flexibility.

The stakes in private sector cybersecurity can be incredibly high for clients.

Kurt's experience highlights the need for collaboration between government and private sectors.

Cybersecurity is an ever-evolving field that requires continuous learning.

Kurt finds excitement in helping clients during their most challenging times.

Sound bites

"You're only six months behind."

"We're all in the same boat."

"The government needs to step back."

Chapters

00:00 NPR S6E7 Kurt Sanger

52:53 NPR S6E7 Kurt Sanger

01:45:47 Introduction to Cybersecurity Conversations

01:48:22 Transitioning from Military to Private Sector Cybersecurity

01:51:11 The Growth of Tampa as a Cybersecurity Hub

01:54:05 Understanding Cybersecurity Misconceptions

01:57:15 The Role of Mentorship in Cybersecurity Careers

02:00:24 Military vs. Civilian Cybersecurity Law

02:03:07 The Excitement of Cyber Command vs. Private Sector

02:13:52 High Stakes in Cybersecurity for Small Organizations

02:15:44 The Role of Legal Experts in Cybersecurity

02:17:21 Translating Technical Jargon for Clients

02:18:57 Challenges of Explaining Cyber Operations to Commanders

02:22:43 Lifestyle Polygraph: Fun Questions and Insights

02:23:30 The 10,000 Hour Rule in Cybersecurity

02:29:34 Creative Freedom with LEGO Bricks

02:31:27 Tampa's Culinary Delights and Local Favorites

Summary

In this episode of the No Password Required podcast, host Jack Clabby and co-host Kaylee Melton welcome Kathy Collins, a security consultant at Secure Ideas. Kathy shares her unique journey from working in IT to pursuing a culinary career, and then back to cybersecurity. The conversation explores the transferable skills between cooking and cybersecurity, the unpredictability of physical penetration testing, and the high-pressure situations faced in both fields. Kathy also recounts memorable experiences from her culinary career and discusses the lack of horror films centered around cybersecurity. In this engaging conversation, the speakers delve into various aspects of cybersecurity, including the use of the dark web in penetration testing, the importance of community events like B-Sides, and the fun of the Lifestyle Polygraph segment. They also share personal anecdotes about music, childhood memories, and culinary skills, creating a rich tapestry of insights and experiences in the cybersecurity field.

Chapters

00:00 Introduction to Cybersecurity and Culinary Journeys

02:46 From IT to Culinary Arts: A Unique Transition

06:02 The Shift Back to Cybersecurity

09:00 Experiences in Physical Penetration Testing

11:48 High-Pressure Situations: Cooking vs. Cybersecurity

15:02 Unexpected Challenges in Culinary Events

17:54 The Intersection of Horror and Cybersecurity

23:32 Exploring the Dark Web in Pen Testing

25:34 Engaging with the B-Sides Community

27:09 The Lifestyle Polygraph: Fun and Games

31:09 Bonding Over Music and Childhood Memories

34:17 Culinary Skills and Competition Insights