Company news · 6 MIN READ · DAVE JOHNSON · DEC 17, 2025 · TAGS: Announcement / Expletives
Dave Johnson is a Pre-Sales Technical Director at Expel with almost 30 years of experience in cybersecurity. He’s the creator and co-host of the Job Security Podcast, where he connects with cybersecurity professionals, educators, and community leaders to share stories, insights, and practical expertise. When he’s not recording, Dave is probably on walkabout in the nearest downtown area, bumping into interesting people and chatting about all sorts of things, organizing security community events, or working on his next maker/hacker space project.
TL;DR
- You can listen to episodes 0-4 of the Job Security Podcast now wherever you get your podcasts
- The Job Security Podcast focuses on the stories of the cybersecurity community, and sharing them with folks who wouldn’t normally hear them
- New episodes premiere every three weeks; if you or someone you know has a great cybersecurity story to tell or is doing unique work in the industry, contact the podcast at podcast@expel.com
“I am here to chew bubblegum and do cybersecurity, and I am all out of bubblegum.” (a common Dave-ism)
There’s this moment that happens at every security conference. You know the one. You’re standing in a hallway between sessions, or sitting at a bar after the expo floor closes, and you strike up a conversation with the familiar stranger next to you and start sharing stories. Then the conversation pivots, and someone says something like, “Hey, we’ve been dealing with this problem for months. You work in that area—what would you do?” These are the very moments the great 90’s philosopher, Vanilla Ice, once opined that we “stop, collaborate, and listen” for.
What follows is never a polished presentation. It’s raw, honest, and real. It’s the kind of conversation where someone shares what actually worked (and what spectacularly failed). Where you learn about the human side of incident response, the politics of getting budget approved, or how someone pivoted from being a retail clerk to running a SOC.
Those conversations—the ones that happen in the margins of our industry—are some of the most valuable learning experiences in cybersecurity. But they’re ephemeral. They happen once, between two people, and then they’re gone.
I’ve been in cybersecurity for 27 years. I’ve organized and have been elected to run user groups, built maker/hacker spaces, and spent countless hours connecting with people in many mediums (even podcasting). And I kept thinking: what if we could capture those hallway conversations? What if we could create a space where those unstructured, genuine but deep discussions could reach the people who need to hear them most—especially those who think cybersecurity is somehow out of their reach?
That’s why we started the Job Security Podcast, sponsored by Expel.
What makes this cybersecurity podcast different
There are plenty of great security podcasts out there, but many of them focus heavily on current news and breaking security threats. While that’s valuable, I wanted to create something different. I wanted to focus on the community itself—the individuals, their stories, their real-world perspectives, and their practical expertise.
The Job Security Podcast is about the kinds of conversations you may strive to have with people at conferences or in social settings when someone says, “Hey, have you run into this before? What did you do to fix that?” Or “What’s that DEF CON® Village like anyway? I’ve been curious about it.” Or even something like, “The local college keeps asking me if I want to be a cybersecurity professor. What’s that like?” Those unstructured, genuine discussions are where some of the best learning happens, and it’s what this podcast aims to capture.
The philosophy behind Job Security
The name itself reflects something that’s always been in the back of my mind as a seasoned practitioner: the worse things get on the world wide web, the more job security we have in cybersecurity. It’s an unfortunate reality, but it’s true, and it’s a philosophical conundrum I consider frequently. At the same time, I wanted to use that as a starting point to think about what we can do to improve our corner of the community and make security more accessible to everyone who wants to be part of it. We need all the help we can collectively get.
I partnered with coworkers (and now my co-hosts) Ben Baker and Tyler Zito. Ben, our personality (and mustache) hire if you will, brings the hosting to the next level, and Tyler has deep cybersecurity expertise; we all share a love for podcasts and stories. We’ve been able to create conversational opportunities that wouldn’t normally happen organically. We’re highlighting unsung heroes, talking to nonprofit cyber-related organizations with great social causes, and connecting with community leaders who are doing tremendous work.
Who this podcast is for
I would argue Job Security is everyone’s podcast. But if I had to identify an audience focus on, we could probably identify two main standouts. First, the folks who remember floppy disks with both a mild, and admittedly impractical, nostalgia. Those were literally “the days” when cyber was new, before “cyber” was even a word.
The same people who appreciate hearing from practitioners without pomp and circumstance, and in a more natural conversation than they’d normally have access to from the comfort of their commute. We’ve already recorded episodes with professors who are part of the first generation of cybersecurity educators, and understanding things from their perspective has been incredibly helpful. Not only to help inform others who may be considering a professorship in the future, but also to companies who may be looking to hire the next generation of graduates.
Second, and perhaps more importantly, this podcast is for people who are brand new to cybersecurity or who think cybersecurity is out of reach for them. One of the biggest problems in our industry is that we create this perception that one could never be smart enough to be part of it. We write job descriptions asking for decades of experience and PhDs in technologies that don’t even exist yet. I’ve helped countless people recognize the disconnect between what they think is required and what they actually bring to the table shouldn’t be a barrier to entry, and we continue that tradition here. Security is everyone’s job; security is for everyone, and so is the Job Security Podcast.
It has to be a team effort. We can’t do this alone. We need all kinds of different perspectives and areas of expertise. I want the person who was a chemist or mechanical engineer. I want the person who was a retail clerk—because guess who’s going to know where all the front-end POS or industrial systems security problems are?
Relevant experience is a spectrum, and we want to capture and share all of it in its full prismatic display.
What we’re experimenting with
We’re just getting started, and we’re already running some experiments I don’t think any other podcast is doing. For example (spoiler alert; this episode isn’t out yet), after interviewing one guest who is an author, I mentioned that I was planning to start an asynchronous book club via podcast. I wanted to read through cybersecurity books (like theirs) and discuss them virtually, creating something like a book club that people could follow at their own pace as they readand listen along.
Their response? “Sounds great. I’d like to be there too.” Wait…what book club has the author participating in the discussion? We’re going to do it, and I think it’s going to be fantastic.
We’ve also created a miniseries called Early Adopters, where we chat with people who have deep histories in cyber about their earliest experiences in cybersecurity and let the conversation flow naturally from there. It’s intentionally unstructured—like a dinner party conversation where someone asks, “How’d you get into this anyhow?”
Why now?
I believe we’re going through an inflection point in cybersecurity right now. Things are changing at a rate I’ve seen before—when the internet became widely accessible, when SIEMs became a thing, when managed services took off. Now AI and several other developments are becoming real forces that will change our industry and culture significantly.
Considering this industry is only about 30 to 40 years old, now is a good time to reflect on where we’ve been and think about where we’re going next. I want to help people have those conversations and share them for others to learn from. Think The Working Tapes by Studs Terkel with a lower daily step goal.
Connecting the community
At its core, the Job Security Podcast exists to help connect the community and make security more approachable for everybody. I especially want to have conversations that wouldn’t occur otherwise and share them with people who can benefit from hearing them. When we have multiple guests on the show, they stay in touch and stay connected—we’ve even reconnected some people across episodes. To me, generating inspiration and connecting people is the goal.
We’re looking for individuals who love to tell stories in cybersecurity, people with unique backgrounds, and community leaders who want to talk about what their organizations do. I’m particularly interested in talking with all the DEF CON® Villages, for example, and recognizing the tremendous, valuable work they do for our community. We’ve already recorded with the Red Team Village and Mental Health Hackers Village, and it’s my goal to recognize and promote every village on the podcast.
Breaking down barriers to entry
This podcast isn’t about putting anyone on a pedestal. It’s about showing that cybersecurity professionals are human, approachable, and that there’s no magical barrier preventing someone from joining this field (being nerdy about tech helps, but it’s not the only criteria anymore). We also aim to help organizations and security leaders recognize how they might find new opportunities to cultivate talent, feed passion, and be part of helping people grow to get the most valuable expertise from their teams.
Cybersecurity is everybody’s job—and we practice that pretty well now compared to when I first heard that phrase. But it’s also true that cybersecurity careers are for everybody. We need it to be true. Otherwise, we can’t succeed.
If you’re curious about hearing these kinds of stories, learning from practitioners’ real-world experiences, or exploring what a career in security could look like, I invite you to reach out to us at podcast@expel.com.
We’re building something special, one conversation at a time.
