Valentina Flores Podcast Transcript
Valentina Flores joins host Brian Thomas on The Digital Executive Podcast.
Welcome to Coruzant Technologies, home of The Digital Executive podcast.
Brian Thomas: Welcome to The Digital Executive. Today’s guest is Valentina Flores. Valentina Flores is a recognized leader in modern cybersecurity and inclusive tech leadership. She’s the CEO and co-founder of Red Sentry, a proactive cybersecurity company that breaks into your network so hackers never get the chance.
Before working to help protect companies, she served as a detective on joint federal task forces tracking cyber criminals across digital back alleys. Now a public speaker on hacker psychology. A two-time award-winning cybersecurity leader and a fierce advocate for women in tech. Valentina is redefining what leadership looks like in the industry, championing smarter and more accessible security for all.
Well, good afternoon, Valentina. Welcome to the show!
Valentina Flores: Thanks for having me, Brian.
Brian Thomas: Absolutely, my friend. I appreciate it. And you’re hailing outta that Fort Lauderdale area. Beautiful area, our corporate headquarters. One of the companies I worked at was out there and it’s always great to visit, so I appreciate you making the time, getting on a podcast with me.
So Valentina, if you don’t mind, I’m going to jump into your first question. Your journey from tracking cyber criminals on federal task forces to founding red Century is remarkable. What lessons from law enforcement have most influenced how you lead a cybersecurity company today?
Valentina Flores: You know, there’s so much more overlap than I even realized, and it took me years to draw some of the parallels.
The first being in law enforcement, there’s obviously life threatening need to. Anticipate threats, act quickly. And that’s basically what I’m doing in cybersecurity. Just less fear of getting shot at from the computer. But with ai, you know, you never know. Maybe one day there’s this other aspect of trying to protect people from attacks.
And that’s what I was doing in law enforcement and it’s what I’m doing now. And I think a big part of why I was successful as an investigator was because I could so easily get into the mind of a criminal and figure out what those next steps are. And on the proactive side of cybersecurity pen testing, that’s basically what we’re doing every day is we’re getting into the criminal mindset, figuring out how they will attack this company, and then showing that company where the vulnerabilities are.
And then I think there’s this last element of anyone that’s worked in the public sector. Really understands doing what you can with no resources, no budget, just getting the job done. And so I think, you know, as an entrepreneur, when I came into the startup world, that chaos that everyone talks about is really where I thrived.
And it also helps me talk to companies because I hate when someone’s talking to an SMB and they suggest this. $500,000 security revamp. That’s just not realistic. So, you know, I love meeting companies where they are figuring out their resources, figuring out what’s that next baby step they can do, and just making it realistic for people.
Brian Thomas: Thank you. I appreciate that. Like some of the analogies there, there were some overlapping similarities within law enforcement and cybersecurity, protecting people and property. Right. I like how you try to get inside of the criminal mind to figure out their next move, their next strategy. I think that’s really great.
And love the cybersecurity space. I work in that. Space as well. What I really liked out of the whole conversation we just had is part of your success as an entrepreneur is you really thrive in that chaotic environment. You can actually navigate through that and be successful, so I appreciate the insights on that.
Valentina, Red Century’s model is we break into your network so hackers never get the chance. Can you explain how your proactive approach differs from traditional cybersecurity solutions and why it’s especially effective?
Valentina Flores: I mean, traditional cybersecurity is focused on check boxes, annual tests, compliance reports, static scans, and again, that’s realistic.
A lot of companies start cybersecurity because someone told them they had to, which is fine, but the problem is attackers don’t look at SOC two controls to figure out where they’re going to attack you next. And the good and the bad thing about security frameworks is they really leave it up to the experts to determine how the test is done.
So the traditional model. Of just kind of doing these superficial scans or giving a report with 200 findings that are never gonna be actually checked. It’s just outdated. So what we do is, yes, we’re checking boxes, we’re doing, we do a lot of compliance pen testing, but while we’re doing that, our model is a lot more real world based.
So, we simulate real world attacks in real time with human testers who think creatively like hackers do. Our testers live on the dark web. They’re monitoring all the forums that hackers use. They’re researching their tools. And the result is that you’re not just getting a report, you’re getting this living collaboration that actually helps your team fix findings.
So yes, we’re checking a box, but at the same time, we’re doing a lot more than that and we’re actually improving your security posture, which seems like it should be obvious, but unfortunately it’s not really the standard.
Brian Thomas: And we see a lot of that. There’s a big push to spend some dollars on cybersecurity.
And so there’s a, I’ve seen just in the last five years, the space is kind of crowded and, and everybody’s doing it. And you’re right, I’ve been through those exercises where it’s checking the box, okay, you feel better. But I like how you’re diving a little bit deeper. Your team’s real smart and they are simulating real world scenarios.
They’re engaged in the dark web to see what’s going on, what’s in the minds, what are people talking about in those forums, et cetera. So I really appreciate the share.
Valentina Flores: And if I can, Brian, you know, I think there’s this misconception that you’re either checking the box or you’re doing this like thorough security, and I think that’s completely false.
You know, I think compliance and checking the box gets a bad rep. Like I think the boxes are important. I think the reason these frameworks were developed is because people weren’t taken security seriously enough. So I think checking the box is important because it gives you that base level. It’s just that while we’re checking the box, we can also do more.
So I think you can have your cake and eat it too, there.
Brian Thomas: Absolutely. Yeah, I would certainly agree with you that you still, there’s still a certain process you need to follow, but I like how you take it a step further. Valentina, as a public speaker on hacker psychology, what insights can you share about how attackers think and how companies can use that knowledge to better defend themselves?
Valentina Flores: I mean, we still have this mindset that hackers are all guys in hoodies, wearing hoodies and basements. And while sometimes that’s true, I think it causes companies to underestimate their skillset a lot. And some of these hacking organizations operate like real enterprises. There’s some that have HR teams, you know, it’s this complex thing where they’re looking for automation and scalability the same.
Things that companies are doing, hackers are doing as well. So I think that’s really important for companies to not underestimate them. And I think that guy in the hoodie in the basement tends to do that sometimes. And especially with that scalability. You know, a lot of hackers nowadays are not just spending years trying to get into the one big, huge company.
They’re realizing that, okay, well instead of spending years on this one company, I can. Do a simple attack that breaks into 3000 law firms all at once. ’cause they’re all using the same vendors, they all have the same vulnerability. So it’s that scalability, you know, they’re basically breaking into the SMB market the same way businesses do.
So with that, you know, it’s really important for companies to understand those motivations and figure out how to build defenses. That remove those easy wins for attackers. Hackers are very opportunistic. They’re gonna find the easiest way in, and then they’re just gonna keep going deeper. They’re not looking for the most complicated entry point.
They’re looking for the easy way in. So removing those easy wins and disrupting that momentum early is really important.
Brian Thomas: Thank you. And I think that’s key for people to understand. You know, our listeners, they are looking for that opportunity to get in. You know, I’ve seen things over the years where people plugged into a print report and they were able to do some things.
So you definitely have to be on the lookout. And there is a misconception. I’d like to how you highlighted companies think, oh, it’s just a, a teenager or a hacker in a hoodie in a basement somewhere. But we do know there are advanced complex organizations, teams of people that are well-funded that are looking to take down large financial institutions.
So I,
Valentina Flores: well, in that teenager that isn’t a hoodie in a basement can disrupt an entire government, you know, so it’s, it’s both sides. There are these complex organizations. And then even that stereotype being true is still way more powerful than we give it credit for sometimes.
Brian Thomas: Absolutely. They’re both a threat. Definitely agree. Valentina. Last question of the day. With threats evolving faster than ever, where do you see the biggest opportunities and vulnerabilities, emerging in the next three to five years?
Valentina Flores: I mean, obviously the big one everyone’s talking about is ai, and it’s a double-edged sword in cybersecurity.
It’s making the hackers better and faster and smarter and more convincing. The biggest example is social engineering and phishing. You know, those emails are getting more realistic than ever, but it’s also giving defenders and people on the defensive side, incredible tools for detecting and automating that response.
So as far as AI goes, you know, it’s on both sides. I think it’s like any other technology, it’s. Advancing, which means both sides, you know, have to evolve to it. But there are some cybersecurity companies now that are taking humans completely out of it and moving to automated scans only. And while I think that could be a reality in the future, I think.
It’s really underestimating that hacker skill and expertise. I think the biggest opportunity is integrating human creativity and then AI precision. So that’s kind of where we like to focus, is how to make pen testing faster, more continuous, more accessible to clients, but still keeping that human creativity.
The complex vulnerability chaining that human element’s really important to us, and that expertise and creativity of our testing team is why our reports are so actionable. So, you know, the biggest vulnerability is gonna continue to be the human element. Social engineering isn’t going away. So for companies, I think.
The ones that are going to win and the ones that are going to be truly secure are the companies that combine not only technology, which is where a lot of people put all their focus, but combining that technology with process and with security culture to make security second nature throughout the company.
Security should not just be a tech issue. It shouldn’t just be something that the CTO is dealing with, or the CISO Security should be ingrained in every single level of an organization. And I think that’s really what’s missing, and I’m hoping that’s where we’re evolving over the next three to five years is making it ubiquitous throughout the company, um, and making it second nature.
Brian Thomas: Absolutely. It’s a team effort and we certainly do that. Obviously you’ve got all types of tools and training and security awareness, training for your end users to make your team stronger. I like how you highlighted AI is making everything better. Including the bad guys. Obviously there’s ways that both sides are making strides to either protect or attack in their particular environments.
The one thing I did highlight is some companies, and I hadn’t seen this, but you said some companies are looking to use AI solely for scanning and monitoring, and I agree with you. We need to keep humans in the loop. I think the strongest teams will leverage both humans and machines together. I don’t think we’re quite at Skynet yet, or, or the Matrix, but that may be coming down the road so I appreciate that.
And Valentina, it was such a pleasure having you on today and I look forward to speaking with you real soon.
Valentina Flores: Thank you so much, Brian.
Brian Thomas: Bye for now.
Valentina Flores Podcast Transcript. Listen to the audio on the guest’s Podcast Page.
