Episode 109 - Honest Security with Jason Meller
Hacker Valley Studio8 Joulu 2020

Episode 109 - Honest Security with Jason Meller

In this episode of Hacker Valley Studio podcast, Ron and Chris are joined by Jason Meller, Founder, and CEO of Kolide. Jason has over 10 years of experience in managing and leading security organizations. Jason’s interest in technology and cybersecurity began in the 1990s when he began programming in Visual Basic and building AOL Instant Messenger bots. Building offensive tools accelerated Jason’s interest in defending networks and helped him learn how much honesty plays part in building security solutions.

Jason mentions that the security monitoring software at most organizations have the same functionality as spyware or surveillance tools. In addition, these tools are designed to scrutinize all the actions that occur on a device. COVID-19 has increased the rate of organizations going through a digital transformation; as a result, users at an organization are not in a cubicle but at their home. This could mean that security teams have an extremely elevated level of access to devices without transparency as to what is being monitored to protect an organization. This is why Honest Security was created - to create a transparent relationship between security teams and end-users.

Jason has collaborated with Jesse Kriss from Netflix who is actively working towards incorporating user-focused security. Jason describes that organizations should build a culture based on trusting users, treating them like adults, giving them the tools that they need to do their job, and not treating them as suspects from day one. Instead, organizations and security teams should seek teachable moments by giving recommendations and educating users.

Throughout the episode, Jason describes situations that involve users and security team members maneuvering around security tooling obstacles to get their job done. Since working at home, traditional tools have created friction in the user experience. For instance, not having the ability to use USB ports on work devices, disabling corporate VPN to watch a YouTube video, and having to create a ticket to install software to help them with their job. When this friction is created, users will resort to using their personal devices for work activities and miss the opportunity to benefit from security. In some cases, there are “evil” applications found on a device created by a user - but often bad applications installed by users are Chrome extensions or helper utilities that are sending browsing history to a marketing firm.

In the Honest Security manifesto, there’s a section on empathetic intelligence, Jason describes this concept as thinking of the daily life users, thinking of what challenges are users attempting to solve in their workflow, and what part of that workflow could pose a risk to the organization. An example of this would be a security team member trying to empathize with someone who is a developer- and thinking of their daily workflow. When empathizing the security team may realize that the developer is attempting to fix issues on a production application. While fixing the production application, the developer may try to bring a copy of the application database to their local device. Creating a local copy of the database could pose a security risk the copy of the database is not deleted in a reasonable time or the user has their device auto-backup folders to their corporate or personal cloud storage solution (ie. Google Drive). Creating education for avoiding this mistake is a prime example of empathic intelligence when practicing Honest Security.

As the episode progresses, Jason goes into depth and explains more tenants of Honest Security - The goal is not to give unlimited power to the user or security team but to enable everyone to be in the position to make the right decisions and give appropriate recommendations. When consequences are articulated, users can understand that when maneuvering around security tools can pose a risk to their device and organization. Ie) disconnecting from the corporate VPN. When coaching and education are put as a priority when practicing security, James describes it as empowering the user to be successful and more transparent.

0:00 - Intro

2:28 - This episode features Jason Meller, Founder, and CEO of Kolide!

2:54 - Jason shares his background and his path into cybersecurity.

4:07 - What is Honest Security?

5:22 - Jason’s examples of dishonest security

8:08 - Collaboration with Netflix and User-Focused Security

16:00 - Jason describes Empathetic Security

19:17 - Tenants of Honest Security

35:32 - Wrap Up and Resources for Honest Security

Links:

Learn more about Jason Meller and connect with him on LinkedIn.

Learn more about Honest Security and read the manifesto.

Learn more about Jason’s company Kolide

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Jaksot(391)

Build vs. Buy: The Classic Technologist Conundrum

Build vs. Buy: The Classic Technologist Conundrum

It’s a classic technologist conundrum: Should I build or buy the solution I need to solve a problem? The “Build vs. Buy” conundrum is faced by technology teams worldwide. To help approach this riddle, Chris Cochran speaks to two industry veterans, Slavik Markovich co-founder & CEO of Descope, and Rob Fry, co-founder of AKA Identity.  Whether you’re an entrepreneur, a CTO, or just tech-curious, this episode offers invaluable insights. Using the identity market as a case study, we’ll explore the multifaceted considerations needed to make the best choice for your team and organization.   Impactful Moments: 0:00 - Build vs. Buy: The Classic Technologist Conundrum 0:37 - Show Intro 0:57 - Introducing Slavik Markovich and Rob Fry 3:25 - Previous build vs. buy project 6:44 - Decision logic for build vs. buy  15:09 - How does tech sway your decision making? 19:44 - How does data impact decision making? 24:31 - How do processes influence decision making? 29:13 - Maintaining custom tech solutions over time 33:28 - Tenants for building a tech company 41:06 - Build authentication and user journey flows with Descope   Links:  Learn more about Descope: https://www.descope.com/ Connect with our guest Slavik Markovich: https://www.linkedin.com/in/slavikm/ Connect with our guest Rob Fry: https://www.linkedin.com/in/fry-rob-g/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

19 Syys 202343min

AI Is the Tool Not the Toolbox

AI Is the Tool Not the Toolbox

Embrace the AI Revolution in Cybersecurity! Ron Eddings explores the dynamic world of AI, from cybersecurity automation to anomaly detection. Learn how AI is being used by practitioners and creators to stay one step ahead of the adversary and the competition   Impactful Moments 0:00 - Intro 1:35 - Origin into cybersecurity and automation 6:12 - What is Artificial Intelligence? 8:23 - Using AI to Classify Phishing Emails 11:32 - Descript and Claude2 to Summarize Content 17:54 - ChatGPT Advanced Data Analysis 21:41 - Top 4 AI Red Team Attacks 26:09 - Cybersecurity AI Disrupters 27:50 - Cybersecurity Creative Mastermind   Links: Connect with Ron Eddings: https://www.linkedin.com/in/ronaldeddings/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

12 Syys 202328min

Security Teams Can’t Do It All with Rob Wood - REWIND

Security Teams Can’t Do It All with Rob Wood - REWIND

For this week's episode, we brought back a fan favorite Security Teams Can't Do It All. This episode features guest Rob Wood, CISO at CMS, who discusses the challenges of data silos in the workplace and the importance of supportive leadership.   Links: Connect with our guest Rob Wood on LinkedIn Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

5 Syys 202330min

The Art of Creating Cybersecurity Content With Jason Rebholz

The Art of Creating Cybersecurity Content With Jason Rebholz

In this episode, host Ron is joined by the CISO at Corvus Insurance, Jason Rebholz, to talk about the life of being a cybersecurity content creator. From his drive to create cyber content for technical and non-technical audiences to the sometimes harsh realities of content creation, Jason opens up about the importance of having passion and well-balanced goals. Impactful Moments 00:00 - Welcome 01:12 - Introducing guest, Jason Rebholz 02:05 - Jason’s cybersecurity background 04:37 - Everybody loves a former CISO 06:16 - Creating digestable content for all 09:07 - The nuances of MFA 11:16 - Goal setting 14:06 - The harsh reality of content creation 18:56 - Bullets before canon balls 28:53 - Join our mastermind! 29:57 - Balance is key 31:25 - Mastering effective communication 33:29 - Advice for aspiring content creators   Links: Connect with our guest Jason https://www.linkedin.com/in/jrebholz/ Check out Jason’s YouTube channel https://www.youtube.com/@teachmecyber Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

29 Elo 202335min

Humility In Product Management with Eric Avigdor

Humility In Product Management with Eric Avigdor

In this episode, hosts Ron and Chris are joined by special guest Eric Avigdor, VP of Product Management at Votiro. With humility as the focal point, Eric details his journey as a Product Manager — sharing his unique approach to leadership and customer engagement, as well as the art of asking the right questions. Discover how Votiro is spearheading content security innovation, and don't miss Eric's advice for budding Product Managers eager to make their mark in the industry. Impactful Moments: 00:00 - Welcome 01:10 - Introducing guest, Eric Avigdor 02:27 - Cybersecurity is like an orchestra 03:20 - Product Management vs Engineering 04:40 - Misconceptions of Product Management 07:09 - Understanding the product 08:18 - The realities of the job 10:51 - Tying the whole story together 13:32 - Why Votiro? 16:52 - Leading the way in innovation 19:05 - A word about our sponsor 21:24 - A use-case storytime 23:17 - Integrating where content resides 25:06 - Security + collaboration is the goal 27:50 - Advice for aspiring Product Managers Links: Connect with Eric Avigdor: https://www.linkedin.com/in/eric-avigdor-0b561118/  Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

22 Elo 202329min

Leadership In Cybersecurity with Marty Overman

Leadership In Cybersecurity with Marty Overman

Host Chris Cochran is joined by Marty Overman, Senior VP at Imperva, to discuss the importance of self-awareness and transparency in cybersecurity leadership. The two emphasize the need for leaders to recognize their strengths and weaknesses and understand and empathize with the needs and experiences of those they lead. Impactful Moments 00:00 - Welcome 00:52 - Introducing guest, Marty Overman 01:26 - What makes a great sales leader? 04:50 - The power of asking questions 07:27 - Building strong team cultures 11:58 - Creating opportunities for collaboration 14:28 - Setting goals and expectations 17:24 - Creating team identity together 24:15 - Identifying areas for improvement 28:09 - Psychological safety in leadership 30:12 - Creating a safe space 34:52 - Adults and the inner child 37:26 - Empathy and understanding Links: Connect with Marty Overman: https://www.linkedin.com/in/martyoverman/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

15 Elo 202338min

SaaS Opportunities & Consequences of Using AI

SaaS Opportunities & Consequences of Using AI

In this episode, host Ron is joined by Jamie Blasco, co-founder and CTO at Nudge Security, to discuss the opportunities of SaaS as well as the security implications of AI. Jamie also considers the importance of striking a balance between productivity and security when employees adopt new tools. Lastly, he emphasizes his philosophy of treating employees as part of the solution and creating a culture where they feel valued and included in the company's security efforts. Impactful Moments: 00:00 - Welcome 01:35 - Introducing guest, Jamie Blasco 02:25 - How does SaaS fit into AI today? 03:52 - Areas of opportunity for AI & SaaS 05:17 - A walk down Jamie’s memory lane 09:56 - Finding the shadow IT 15:08 - What are the risks? 18:26 - A word from our sponsor! 20:40 - 3rd party risk & data usage 24:33 - Types of AI Nudge is utilizing 26:38 - The premise behind Nudge 30:50 - Employees as part of the solution 33:13 - SaaS — critical but risky 36:43 - Jamie’s final words of advice Links: Connect with Jamie Blasco: https://www.linkedin.com/in/jaimeblasco/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

1 Elo 202338min

Mastering The Art Of Storytelling In Cybersecurity

Mastering The Art Of Storytelling In Cybersecurity

How do you effectively persuade team members and stakeholders to take action, convey the importance of new projects, or request additional resources? Communicating technical security information often leads to disconnection or worse, falls on deaf ears. During this hour-long livestream, hosts Ron and Chris tackle how you can turn the tables by leveraging the primal power of storytelling, enhancing attention and engagement. Impactful Moments: 00:00 - Introduction 04:39 - Storytelling & conveying information  07:39 - How do I tell better stories? 14:25 - The Story Circle & The Hero's Journey 22:11 - Understanding your audience 24:41 - Simplifying cybersecurity  30:20 - The impact of storytelling 36:01 - Mastering storytelling in cybersecurity  Links: Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

25 Heinä 202338min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
rss-vegaaneista-tykkaan
adhd-tyylilla
psykologia
aamukahvilla
rss-narsisti
rss-duodecim-lehti
rss-valo-minussa-2
rss-vapaudu-voimaasi
aloita-meditaatio
jari-sarasvuo-podcast
rss-tripsteri
dear-ladies
rss-lasnaolon-hetkia-mindfulness-tutuksi
rss-koira-haudattuna
avara-mieli
adhd-podi
ihminen-tavattavissa-tommy-hellsten-instituutti