Episode 109 - Honest Security with Jason Meller
Hacker Valley Studio8 Joulu 2020

Episode 109 - Honest Security with Jason Meller

In this episode of Hacker Valley Studio podcast, Ron and Chris are joined by Jason Meller, Founder, and CEO of Kolide. Jason has over 10 years of experience in managing and leading security organizations. Jason’s interest in technology and cybersecurity began in the 1990s when he began programming in Visual Basic and building AOL Instant Messenger bots. Building offensive tools accelerated Jason’s interest in defending networks and helped him learn how much honesty plays part in building security solutions.

Jason mentions that the security monitoring software at most organizations have the same functionality as spyware or surveillance tools. In addition, these tools are designed to scrutinize all the actions that occur on a device. COVID-19 has increased the rate of organizations going through a digital transformation; as a result, users at an organization are not in a cubicle but at their home. This could mean that security teams have an extremely elevated level of access to devices without transparency as to what is being monitored to protect an organization. This is why Honest Security was created - to create a transparent relationship between security teams and end-users.

Jason has collaborated with Jesse Kriss from Netflix who is actively working towards incorporating user-focused security. Jason describes that organizations should build a culture based on trusting users, treating them like adults, giving them the tools that they need to do their job, and not treating them as suspects from day one. Instead, organizations and security teams should seek teachable moments by giving recommendations and educating users.

Throughout the episode, Jason describes situations that involve users and security team members maneuvering around security tooling obstacles to get their job done. Since working at home, traditional tools have created friction in the user experience. For instance, not having the ability to use USB ports on work devices, disabling corporate VPN to watch a YouTube video, and having to create a ticket to install software to help them with their job. When this friction is created, users will resort to using their personal devices for work activities and miss the opportunity to benefit from security. In some cases, there are “evil” applications found on a device created by a user - but often bad applications installed by users are Chrome extensions or helper utilities that are sending browsing history to a marketing firm.

In the Honest Security manifesto, there’s a section on empathetic intelligence, Jason describes this concept as thinking of the daily life users, thinking of what challenges are users attempting to solve in their workflow, and what part of that workflow could pose a risk to the organization. An example of this would be a security team member trying to empathize with someone who is a developer- and thinking of their daily workflow. When empathizing the security team may realize that the developer is attempting to fix issues on a production application. While fixing the production application, the developer may try to bring a copy of the application database to their local device. Creating a local copy of the database could pose a security risk the copy of the database is not deleted in a reasonable time or the user has their device auto-backup folders to their corporate or personal cloud storage solution (ie. Google Drive). Creating education for avoiding this mistake is a prime example of empathic intelligence when practicing Honest Security.

As the episode progresses, Jason goes into depth and explains more tenants of Honest Security - The goal is not to give unlimited power to the user or security team but to enable everyone to be in the position to make the right decisions and give appropriate recommendations. When consequences are articulated, users can understand that when maneuvering around security tools can pose a risk to their device and organization. Ie) disconnecting from the corporate VPN. When coaching and education are put as a priority when practicing security, James describes it as empowering the user to be successful and more transparent.

0:00 - Intro

2:28 - This episode features Jason Meller, Founder, and CEO of Kolide!

2:54 - Jason shares his background and his path into cybersecurity.

4:07 - What is Honest Security?

5:22 - Jason’s examples of dishonest security

8:08 - Collaboration with Netflix and User-Focused Security

16:00 - Jason describes Empathetic Security

19:17 - Tenants of Honest Security

35:32 - Wrap Up and Resources for Honest Security

Links:

Learn more about Jason Meller and connect with him on LinkedIn.

Learn more about Honest Security and read the manifesto.

Learn more about Jason’s company Kolide

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Jaksot(391)

The Untold Story of Browser Risks: Pioneering Enterprise Browser Security with Or Eshed

The Untold Story of Browser Risks: Pioneering Enterprise Browser Security with Or Eshed

In this episode, Host Ron Eddings and guest Or Eshed, CEO of Layer X, discuss how changes in IT infrastructure, employee behavior and malicious tech have created an era where browser security is a must. Or details how he is spearheading a movement to reposition browsers as our first line of defense. Impactful Moments: 00:00 - Welcome 02:50 - Introducing guest, Or Eshed 05:27 - The Crime Scene: Where Employees Are 07:20 - Educating Users with a Browser Extension 10:13 - The Enablement Game 13:10 - How Malicious Browser Extensions Work 16:07 - From our Sponsor, Layer X 17:33 - Better Than EDR- Know Who Is Doing What 22:53 - Stop Account Takeovers- Stealthily 27:55 - Predictions & GPT Use Case 33:16 - One Step Better… Links: Connect with our guest : https://www.linkedin.com/in/or-eshed/ Check out Layer X: https://layerxsecurity.com/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

23 Tammi 202435min

Cyber Defense Reinvented: The New Era of Attack Surface Management with Isaac Clayton

Cyber Defense Reinvented: The New Era of Attack Surface Management with Isaac Clayton

In this episode, Host Ron Eddings talks with guest Isaac Clayton, Senior Research Engineer at NetSPI. Ron and Isaac discuss the importance of ASM for organizations of all sizes, the challenges of asset identification, and framing a practical strategy to handle ASM.   Impactful Moments: 00:00 - Welcome 03:00 - Introducing guest, Isaac Clayton 04:25 - Understanding ASM 07:57 - Factoring in Attackers 10:47 - “Admit it’s a hard problem” 12:35 - Challenges & Surprises 15:03 - From our Sponsor, NetSPI 15:41 - The Right Medicine, The Right Dosage 19:04 - Zero Trust is Not Enough 20:37 - Prioritization— Baked In! 21:33 - The ASM Learning Curve 26:12 - “Not all ASM is Created Equal”   Links: Connect with our guest, Isaac Clayton : https://www.linkedin.com/in/isaac-clayton-24088696/ Check out NetSPI: asm.netspi.com Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

16 Tammi 202432min

Cyber Resilience Unpacked: Securing Tomorrow Today with Bill Bernard

Cyber Resilience Unpacked: Securing Tomorrow Today with Bill Bernard

In this episode, Host Ron Eddings dives deep into crafting a resilient cybersecurity approach with guest speaker Bill Bernard, VP of Security Strategy at Deepwatch. Bill discusses the necessity of understanding business objectives to protect valuable assets but emphasizes focusing on risk-based strategies in addition to stronger detection and response mechanisms to help you play the long game.   Impactful Moments 00:00 - Welcome 01:43 - Introducing guest, Bill Bernard 04:22 - Understanding Emerging Threats 06:19 - What’s Old is New Again 08:48 - Buy a Helmet, Not a Bodysuit 11:57 - Defining Cyber Resilience 15:30 - Deepwatch’s Strategy for Resilience 18:31 - From our Sponsor 20:03 - MDR and Effective MDR Engagements 27:18 - Where Does AI Fit In With MDR? 32:57 - Staying One Step More Resilient 35:05 - Deepwatch- The Right Fit for You   Links: Connect with our guest, Bill Bernard : https://www.linkedin.com/in/billbernardchicago/ Take a Tour of the Deepwatch Managed Security Platform https://www.deepwatch.com/deepwatch-platform/#platform-tour Read the Move Beyond Detection and Response to Accelerate Cyber Resilience white paper, here: https://www.deepwatch.com/resource/go-beyond-cybersecurity-become-cyber-resilient/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

9 Tammi 202437min

Looking Backward to GROW Forward in Cybersecurity in 2024

Looking Backward to GROW Forward in Cybersecurity in 2024

In this episode, we’ll take a walk down memory lane. Hacker Valley looks back to 2023 to bring you some of the best clips with great advice and insight into being more creative, reflective, and resourceful with the hopes of inspiring you in 2024 to grow beyond where you are today. Impactful Moments 00:00 - Welcome 00:54 - A New Year is on the Way! 01:54 - ChatGPT and Cybersecurity 04:40 - Becoming an Industry Creative 07:47 - Leveraging AI in the Future with Storytelling - with Scott Sunderland 09:12 - Advice for your Content Creation Journey - with Jason Rebholz 11:15 - How to Start your Cybersecurity Book - with Kim Crawley 14:13 - Join our Mastermind 14:50 - The Right Platform for You - with Phillip Wylie 17:08 - Finding your Focus - with Simone Biles & Amy Bream 20:41 - Leveraging Human Resources in Cyber   Links: Check out the episodes highlighted: ChatGPT & Industry Creative-https://www.youtube.com/watch?v=-u6m0SXFTmA Scott Sunderland-https://www.youtube.com/watch?v=5pwTruINFiM Jason Rebholz-https://www.youtube.com/watch?v=Ao81IRnffc8 Kim Crawley-https://www.youtube.com/watch?v=rKny7kVeRM0 Phillip Wylie-https://www.youtube.com/watch?v=z5B1E2vp0DY Simone Biles & Amy Bream-https://www.youtube.com/watch?v=DiebZS9s7sg Cyber Resources-https://www.youtube.com/watch?v=UoTk3w_78co Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

2 Tammi 202423min

What’s Lurking In Your Containers? AMBERSQUID Operations, Freejacking, and Microservice Exploitation

What’s Lurking In Your Containers? AMBERSQUID Operations, Freejacking, and Microservice Exploitation

In this episode, Host Ron Eddings, discusses new tactics of adversaries with Director of Threat Research at Sysdig, Michael Clark. Michael digs into the cloud and shares trends about the AMBERSQUID operation and how to protect yourself from potential container-based threats.   Impactful Moments 00:00 - Welcome 01:20 - Introducing guest Michael Clark 03:09 - Finding AMBERSQUID 06:46 - Mining and Monitoring AWS Services 10:47 - Defending Against AMBERSQUID 14:03 - The Speed of Container-Based Threats 18:13 - The Costs of Freejacking 23:08 - Attribution & The Future Threat 26:30 - CIEMs Like You Have Secrets   Links: Connect with Michael Clark: https://www.linkedin.com/in/michaelclarkinpa/ Check out Sysdig’s Threat Research: https://sysdig.com/threat-research/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

19 Joulu 202323min

Pivotal Policy in the Age of AI with AJ Grotto

Pivotal Policy in the Age of AI with AJ Grotto

In this episode, Host Chris Cochran chats it up with former White House Senior Director for Cyber Policy, AJ Grotto. AJ shares his viewpoints about the current state of AI policies, the potential risks and benefits of AI technology, and the challenges in crafting effective policies in the field of cybersecurity. Impactful Moments 00:00 - Welcome 00:45 - Introducing guest, AJ Grotto 01:14 - Are Cyber and AI Separate? 03:37 - US Cyber Policy 08:06 - The Reality of AI Risk 11:20 - From Law to Cyber Policy 14:47 - Join our Mastermind! 15:36 - Policy Implementations 18:55 - Cyber Warfare and AI 22:13 - Advice for Getting into Cyber Policy   Links: Connect with AJ: https://www.linkedin.com/in/andrew-grotto-2534b510a/ More about AJ and his current work: https://fsi.stanford.edu/people/andrew-j-grotto Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

12 Joulu 202324min

Ransomware: How to Use AI to Create a Readiness Kit with Scott Sutherland

Ransomware: How to Use AI to Create a Readiness Kit with Scott Sutherland

The adversary is using Artificial Intelligence. Why aren’t you? In this episode, Host Chris Cochran talks with Scott Sutherland, VP of Research at NetSPI, about everyone’s favorite hot topics; ransomware and AI. Scott will detail his experience with simulating ransomware attack scenarios, as well as discussing the difficulties businesses face when dealing with ransomware threats and prevention mechanisms and how AI can be leveraged to help. Impactful Moments 00:00 - Welcome 01:10 - Introducing guest, Scott Sunderland 03:24 - Interactions with Generative AI Chatbots 04:14 - Use of AI and Readiness 15:16 - A word from our Sponsor, NetSPI 15:55 - Using AI to develop Exercises 20:46 - Collaboration beats Adversaries 25:08 - Ransomware Bots 26:15 - Role of AI in Storytelling Continuously keep pace with your expanding attack surface with the most comprehensive suite of offensive security solutions: https://www.netspi.com/hackervalley Links: Connect with Scott Sutherland: https://www.linkedin.com/in/scottpsutherland/ Learn more about our sponsor, NetSPI: https://www.netspi.com/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

5 Joulu 202328min

Cover Your SaaS: Navigating OAuth and SaaS Security Challenges

Cover Your SaaS: Navigating OAuth and SaaS Security Challenges

SaaS misconfigurations may be responsible for up to 63% of security incidents. Do your SaaS applications have risky OAuth grants and misconfigurations? Let’s not find out. We will unravel the complexities of OAuth and how attackers are using OAuth to move from one app to another. Our special guest Jaime Blasco, co-founder and CTO at Nudge Security, shares techniques to protect your SaaS apps and identify risky and malicious OAuth grants. Are you ready to cover your SaaS and avoid finding yourself in the hot seat?    Show some love to our sponsor Nudge Security and win a Steam Deck: https://www.nudgesecurity.com/steamdeck   Links: Connect with Jamie Blasco: https://www.linkedin.com/in/jaimeblasco/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

28 Marras 202345min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
rss-vegaaneista-tykkaan
adhd-tyylilla
rss-narsisti
aamukahvilla
psykologia
rss-duodecim-lehti
rss-valo-minussa-2
rss-vapaudu-voimaasi
aloita-meditaatio
jari-sarasvuo-podcast
dear-ladies
rss-tripsteri
rss-koira-haudattuna
avara-mieli
rss-lasnaolon-hetkia-mindfulness-tutuksi
queen-talk
puhutaan-koiraa