Episode 109 - Honest Security with Jason Meller
Hacker Valley Studio8 Joulu 2020

Episode 109 - Honest Security with Jason Meller

In this episode of Hacker Valley Studio podcast, Ron and Chris are joined by Jason Meller, Founder, and CEO of Kolide. Jason has over 10 years of experience in managing and leading security organizations. Jason’s interest in technology and cybersecurity began in the 1990s when he began programming in Visual Basic and building AOL Instant Messenger bots. Building offensive tools accelerated Jason’s interest in defending networks and helped him learn how much honesty plays part in building security solutions.

Jason mentions that the security monitoring software at most organizations have the same functionality as spyware or surveillance tools. In addition, these tools are designed to scrutinize all the actions that occur on a device. COVID-19 has increased the rate of organizations going through a digital transformation; as a result, users at an organization are not in a cubicle but at their home. This could mean that security teams have an extremely elevated level of access to devices without transparency as to what is being monitored to protect an organization. This is why Honest Security was created - to create a transparent relationship between security teams and end-users.

Jason has collaborated with Jesse Kriss from Netflix who is actively working towards incorporating user-focused security. Jason describes that organizations should build a culture based on trusting users, treating them like adults, giving them the tools that they need to do their job, and not treating them as suspects from day one. Instead, organizations and security teams should seek teachable moments by giving recommendations and educating users.

Throughout the episode, Jason describes situations that involve users and security team members maneuvering around security tooling obstacles to get their job done. Since working at home, traditional tools have created friction in the user experience. For instance, not having the ability to use USB ports on work devices, disabling corporate VPN to watch a YouTube video, and having to create a ticket to install software to help them with their job. When this friction is created, users will resort to using their personal devices for work activities and miss the opportunity to benefit from security. In some cases, there are “evil” applications found on a device created by a user - but often bad applications installed by users are Chrome extensions or helper utilities that are sending browsing history to a marketing firm.

In the Honest Security manifesto, there’s a section on empathetic intelligence, Jason describes this concept as thinking of the daily life users, thinking of what challenges are users attempting to solve in their workflow, and what part of that workflow could pose a risk to the organization. An example of this would be a security team member trying to empathize with someone who is a developer- and thinking of their daily workflow. When empathizing the security team may realize that the developer is attempting to fix issues on a production application. While fixing the production application, the developer may try to bring a copy of the application database to their local device. Creating a local copy of the database could pose a security risk the copy of the database is not deleted in a reasonable time or the user has their device auto-backup folders to their corporate or personal cloud storage solution (ie. Google Drive). Creating education for avoiding this mistake is a prime example of empathic intelligence when practicing Honest Security.

As the episode progresses, Jason goes into depth and explains more tenants of Honest Security - The goal is not to give unlimited power to the user or security team but to enable everyone to be in the position to make the right decisions and give appropriate recommendations. When consequences are articulated, users can understand that when maneuvering around security tools can pose a risk to their device and organization. Ie) disconnecting from the corporate VPN. When coaching and education are put as a priority when practicing security, James describes it as empowering the user to be successful and more transparent.

0:00 - Intro

2:28 - This episode features Jason Meller, Founder, and CEO of Kolide!

2:54 - Jason shares his background and his path into cybersecurity.

4:07 - What is Honest Security?

5:22 - Jason’s examples of dishonest security

8:08 - Collaboration with Netflix and User-Focused Security

16:00 - Jason describes Empathetic Security

19:17 - Tenants of Honest Security

35:32 - Wrap Up and Resources for Honest Security

Links:

Learn more about Jason Meller and connect with him on LinkedIn.

Learn more about Honest Security and read the manifesto.

Learn more about Jason’s company Kolide

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Jaksot(391)

How Threat Actors Are Accessing Your SaaS Environments with Jaime Blasco

How Threat Actors Are Accessing Your SaaS Environments with Jaime Blasco

Ron Eddings and Jaime Blasco, Co-Founder and CTO at Nudge Security, discuss how well-known adversaries are taking advantage of enterprises that don’t have visibility into their full SaaS footprint, and therefore can’t secure it. Grab a front-row seat to gain a new perspective on your vulnerabilities through the eyes of an attacker.   Impactful Moments: 00:00 - Welcome 01:10 - Introducing guest, Jaime Blasco 02:30 - Real World Impact of SaaS Vulnerabilities 07:35 - Exploring AI & Security Implications 09:50 - Evolution of Threat Actors & Targeted Companies 15:45 - From our Sponsor, Nudge 17:17 - Attackers, Tokens & Ticketing Systems 22:50 - Lazarus & Malicious SaaS Apps 26:50 - The Attackers are Talking with You… 29:18 - Run it In the Cloud & Make Honey Tokens 34:04 - Future of SaaS & AI in Cybersecurity 39:00 - Increase Visibility, Reduce Risk   Links: Connect with our guest, Jaime Blasco: Check out our friends at Nudge: Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

26 Maalis 202445min

The Future of Endpoint Threats and Why Zero Trust is the Only Option with Rob Allen

The Future of Endpoint Threats and Why Zero Trust is the Only Option with Rob Allen

Get ready for a SPECIAL episode! Ron Eddings will take you on an inside look at Threatlocker’s rapidly growing event, Zero Trust World, and will talk with Rob Allen, Chief Product Officer at Threatlocker, to discuss what you can find out from your endpoints (hint: it’s more than remote access tools you didn’t know were running!)   Impactful Moments: 00:00 - Welcome 01:24 - Zero Trust World Sneak Peek! 02:21 - From our Sponsor, Threatlocker 03:50 - Introducing guest, Rob Allen 05:03 - What’s Zero Trust World 10:40 - Technical Executive Leaders 16:24 - Managing from the Top Down 20:33 - More Than Allow Listing 24:38 - Rubber Ducky, You’re the One… 26:59 - Assume Breach 29:30 - Some Interesting Finds 35:55 - Where Most of the Action Happens 26:30 - One Step Better…   Links: Connect with our guest, Rob Allen: https://www.linkedin.com/in/threatlockerrob/  Check out https://www.threatlocker.com/  to learn more! See the Zero Trust World recap portion here on our YouTube Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

20 Maalis 202443min

Slugging it Out in the SOC to Find Your Niche in Cyber with Nate Malicoat

Slugging it Out in the SOC to Find Your Niche in Cyber with Nate Malicoat

Ron Eddings sits down in-person with Nate Malicoat, Threat Intel Engineer at ContraForce, for a down-to-earth interview about entering the cybersecurity workforce from the Marines. Impactful Moments: 00:00 - Welcome 01:20 - Introducing guest, Nate Malicoat 03:00 - Marines to Computer Life 05:13 - Importance of Mentoring & Mentors 10:04 - Participating in the Industry 12:42 - Why Aim For the CISO role? 14:40 - Be Persistent, But Not Annoying   Links: Connect with our guest, Nate Malicoat: https://www.linkedin.com/in/nate-malicoat-58760a143/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

5 Maalis 202416min

Creating Value in the Cyber Industry with Nick Lantuh

Creating Value in the Cyber Industry with Nick Lantuh

Nick Lantuh, CEO of Interpres Security, joins Ron Eddings on the mic at Hacker Valley’s “On the Big Screen” event to talk about how Nick’s previous career experience have given him unique insight into the cybersecurity industry. Ron and Nick discuss everything from Nick’s immigrant background and his experience with helping customers, to threat modeling and starting up companies.   Impactful Moments: 00:00 - Welcome 01:05 - Introducing guest, Nick Lantuh 03:06 - The Differentiator 06:21 - Wanting to ‘Be Your Own Boss’ 10:00 - Being the Executive Chairman 12:47 - The Go-To-Market Side 15:11 - The Turnaround 18:01 - Making the Ecosystem Better 21:20 - Bridging the Gap 24:14 - Exposure Management 29:59 - One Step Better…   Links: Connect with our guest, Nick Lantuh: https://www.linkedin.com/in/nicklantuh/ Check out Interpres Security: https://interpressecurity.com/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

27 Helmi 202431min

AI & Phishing: Fighting Fire with Fire

AI & Phishing: Fighting Fire with Fire

In this episode, Host Ron Eddings is joined by Vishal Dixit, Co-founder & CTO at Graphus Inc., and Sven Bechmann, Senior Product Manager of Email Security at Kaseya to dig into how phishing attacks are evolving and how you can keep your business safe.   Get the ultimate email security software and stop phishing attacks that others miss! Request a demo from our friends at Graphus, today! -- and don't miss their 5-minute guide to phishing attacks and prevention.    Impactful Moments: 00:00 - Welcome 01:37 - Introducing guests Vishal & Sven 02:50 - The Current State of Phishing 06:40 - Phishing & Career Path 10:47 - From our Sponsor, Graphus Inc 12:07 - Phishing & Email Security 14:27 - “Security Is an Afterthought” 17:29 - What are Hackers Doing with AI? 23:08 - AI & Phishing Detection 31:30 - Phishing Evolution 35:30 - One Step Better…   Links: Connect with our guests: Vishal Dixit: https://www.linkedin.com/in/dixitvishal/ Sven Bechmann: https://www.linkedin.com/in/sven-bechmann-product-management/ Learn more from Graphus.ai: https://www.graphus.ai/hackervalley Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

20 Helmi 202437min

Andrew Forgie's Path From Apache Mechanic to Cybersecurity Sales Leader and Mastering Cyber Sales

Andrew Forgie's Path From Apache Mechanic to Cybersecurity Sales Leader and Mastering Cyber Sales

In this episode, Andrew Forgie takes us on his journey from his early days as an Apache helicopter mechanic in the military to his current role as a regional sales manager in cybersecurity.  Andrew shares his trials and challenges, the significant shift from being in a service role to mastering the art of sales in the highly competitive tech industry. His story illustrates the power of adapting to change and the critical role of personal development in achieving professional success. 00:00 - Introduction 00:42 - Introduction to the episode and guest Andrew Forgie, regional sales manager at RMS. 01:29 - Andrew discusses his transition from the military to cybersecurity sales. 02:43 - Insight into Andrew's early struggles and successes in sales. 04:13 - How "Selling for Dummies" transformed Andrew's approach to sales. 06:02 - The importance of attitude and creating a buying environment in sales. 08:09 - Andrew shares his life vision exercise and its impact on his career. 12:09 - Discussion on the value of relationships in cybersecurity sales. 24:19 - Advice for those looking to enter or excel in cybersecurity sales. Links: Connect with our guest Andrew Forgie: https://www.linkedin.com/in/andrewforgie/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

14 Helmi 202426min

Zinet Kemal's Journey From Ethiopian Immigrant to TEDx Speaker & Cloud Security Engineer at Fortune

Zinet Kemal's Journey From Ethiopian Immigrant to TEDx Speaker & Cloud Security Engineer at Fortune

In this episode of Hacker Valley Studio, we dive into the inspiring journey of Zinet Kamal, an immigrant from Ethiopia who has carved a niche for herself in cybersecurity. Despite starting her journey with limited access to technology and not having mentors until 2020, Zinet's resilience and passion led her to become a cloud security engineer at a Fortune 500 company. Her story is a testament to the human spirit's capability to overcome barriers and make significant strides in the tech industry.   This episode is a story of personal growth, cultural transitions, and the drive to empower the next generation through education and cybersecurity awareness. As a mother of four, a multi-award-winning cybersecurity advocate, and a best-selling author, Zinet brings a unique perspective on the importance of diversity in tech and the role of mentorship in shaping future leaders. 00:00 - Welcome 01:32 - Introducing Guest, Zinet Kemal 03:09 - Growing up in Africa 07:12 - “I Never Had a Children’s Book” 12:52 - Culture Shock 16:02 - From Legal to Cybersecurity 18:50 - CCDC Competition 21:55 - Role of Community in Resetting 24:34 - “Oh No… Hacked Again!” 30:00 - Online Safety Empowerment 34:50 - Moving up in Cyber   Links: Connect with Zinet Kemal: https://www.linkedin.com/in/zinetkemal/ Zinet’s LinkedIn Course:  https://www.linkedin.com/learning/cybersecurity-careers-build-your-brand-in-cybersecurity/grow-your-cybersecurity-career-with-personal-branding?course Check out Zinet's Books: https://www.amazon.com/stores/Zinet-Kemal/author/B099P5B8FD Watch Zinet's TEDx Talk: https://www.youtube.com/watch?v=J61K1Gu97jM Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

6 Helmi 202438min

Paving the Path for CISOs of the Future with Gary Hayslip

Paving the Path for CISOs of the Future with Gary Hayslip

In this episode, Host Ron Eddings catches up with repeat guest, Gary Hayslip, CISO at SoftBank Investment Advisors and co-author of CISO Desk Reference guide. Gary explains that the varied nature of his current CISO role contrasts with the broader industry trends. He discusses how that nature plays into the CISO hiring process and career path, as well as how his books are helping to bridge the gap among professionals.   Impactful Moments: 00:00 - Welcome 00:59 - Introducing guest, Gary Hayslip 01:38 - The Path to Becoming a CISO 08:04 - CSO vs CISO 10:47 - “I'm firing you…” 15:03 - Interviewing for the CISO role 17:56 - Join Our Mastermind 18:39 - Being ‘Mr. Maybe’ 21:41 - CISO- A Day in the Life 24:50 - Using Books to Pave the Way   Links: Connect with our guest Gary Hayslip: https://www.linkedin.com/in/ghayslip/ Check out Gary’s Books: https://www.amazon.com/stores/Gary-Hayslip/author/B01IJN838A?ref=ap_rdr&isDramIntegrated=true&shoppingPortalEnabled=true Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

30 Tammi 202429min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
rss-vegaaneista-tykkaan
adhd-tyylilla
rss-narsisti
aamukahvilla
psykologia
rss-duodecim-lehti
rss-valo-minussa-2
rss-vapaudu-voimaasi
aloita-meditaatio
jari-sarasvuo-podcast
dear-ladies
rss-tripsteri
rss-koira-haudattuna
avara-mieli
rss-lasnaolon-hetkia-mindfulness-tutuksi
queen-talk
puhutaan-koiraa