Episode 109 - Honest Security with Jason Meller
Hacker Valley Studio8 Joulu 2020

Episode 109 - Honest Security with Jason Meller

In this episode of Hacker Valley Studio podcast, Ron and Chris are joined by Jason Meller, Founder, and CEO of Kolide. Jason has over 10 years of experience in managing and leading security organizations. Jason’s interest in technology and cybersecurity began in the 1990s when he began programming in Visual Basic and building AOL Instant Messenger bots. Building offensive tools accelerated Jason’s interest in defending networks and helped him learn how much honesty plays part in building security solutions.

Jason mentions that the security monitoring software at most organizations have the same functionality as spyware or surveillance tools. In addition, these tools are designed to scrutinize all the actions that occur on a device. COVID-19 has increased the rate of organizations going through a digital transformation; as a result, users at an organization are not in a cubicle but at their home. This could mean that security teams have an extremely elevated level of access to devices without transparency as to what is being monitored to protect an organization. This is why Honest Security was created - to create a transparent relationship between security teams and end-users.

Jason has collaborated with Jesse Kriss from Netflix who is actively working towards incorporating user-focused security. Jason describes that organizations should build a culture based on trusting users, treating them like adults, giving them the tools that they need to do their job, and not treating them as suspects from day one. Instead, organizations and security teams should seek teachable moments by giving recommendations and educating users.

Throughout the episode, Jason describes situations that involve users and security team members maneuvering around security tooling obstacles to get their job done. Since working at home, traditional tools have created friction in the user experience. For instance, not having the ability to use USB ports on work devices, disabling corporate VPN to watch a YouTube video, and having to create a ticket to install software to help them with their job. When this friction is created, users will resort to using their personal devices for work activities and miss the opportunity to benefit from security. In some cases, there are “evil” applications found on a device created by a user - but often bad applications installed by users are Chrome extensions or helper utilities that are sending browsing history to a marketing firm.

In the Honest Security manifesto, there’s a section on empathetic intelligence, Jason describes this concept as thinking of the daily life users, thinking of what challenges are users attempting to solve in their workflow, and what part of that workflow could pose a risk to the organization. An example of this would be a security team member trying to empathize with someone who is a developer- and thinking of their daily workflow. When empathizing the security team may realize that the developer is attempting to fix issues on a production application. While fixing the production application, the developer may try to bring a copy of the application database to their local device. Creating a local copy of the database could pose a security risk the copy of the database is not deleted in a reasonable time or the user has their device auto-backup folders to their corporate or personal cloud storage solution (ie. Google Drive). Creating education for avoiding this mistake is a prime example of empathic intelligence when practicing Honest Security.

As the episode progresses, Jason goes into depth and explains more tenants of Honest Security - The goal is not to give unlimited power to the user or security team but to enable everyone to be in the position to make the right decisions and give appropriate recommendations. When consequences are articulated, users can understand that when maneuvering around security tools can pose a risk to their device and organization. Ie) disconnecting from the corporate VPN. When coaching and education are put as a priority when practicing security, James describes it as empowering the user to be successful and more transparent.

0:00 - Intro

2:28 - This episode features Jason Meller, Founder, and CEO of Kolide!

2:54 - Jason shares his background and his path into cybersecurity.

4:07 - What is Honest Security?

5:22 - Jason’s examples of dishonest security

8:08 - Collaboration with Netflix and User-Focused Security

16:00 - Jason describes Empathetic Security

19:17 - Tenants of Honest Security

35:32 - Wrap Up and Resources for Honest Security

Links:

Learn more about Jason Meller and connect with him on LinkedIn.

Learn more about Honest Security and read the manifesto.

Learn more about Jason’s company Kolide

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Jaksot(390)

The AI Shift You Can’t Ignore with Marco Figueroa

The AI Shift You Can’t Ignore with Marco Figueroa

AI isn’t just evolving—it’s sprinting, and cybersecurity needs to keep up.  Ron Eddings is joined again by cybersecurity leader Marco Figueroa, Program Manager for Gen AI at the ODIN Bug Bounty Program, who called it in January: 2025 is the year of AI agents, and the early signs are already here. From Grok 3’s speed advantage to AI-powered red teaming for $25K, this is the reality check security leaders need. No more six-month security projects—it’s all about speed, automation, and staying ahead.     Impactful Moments: 00:00 - Introduction 01:45 - Breaking down Palantir’s stock drop 07:15 - Why Grok 3 is a game-changer 10:24 - The real difference between GPT-4 and Grok 17:25 - AI-powered red teaming for $25K? 22:00 - The death of six-month security projects 26:24 - OpenAI’s Operator: The future or a gimmick? 34:22 - How AI is eliminating busywork 36:55 - Next month’s prediction: Agents building agents Links: Connect with our guest, Marco Figueroa: https://www.linkedin.com/in/marco-figueroa-re/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

28 Helmi 37min

Superhuman Productivity and AI Mastery with Pedram Amini

Superhuman Productivity and AI Mastery with Pedram Amini

What if you could have a conversation with yourself—years into the future? Or leave behind an AI-powered avatar that understands your thoughts, philosophies, and even your voice? In this episode, we explore the mind-blowing potential of AI and its impact on cybersecurity, productivity, and even legacy. Pedram Amini, Chief Scientist at OPSWAT, joins Ron Eddings to discuss his journey from bootstrapped startups to AI-driven innovation. Together they cover topics like the role of AI in cybersecurity, the rise of fake identities in hiring, the ethics of AI-generated content, and why mastering AI tools is no longer optional—it's essential. Pedram shares his workflow for superhuman productivity, his thoughts on deepfakes, and how AI is reshaping how we work and communicate. Impactful Moments: 00:00 - Introduction 02:00 - Meet Pedram Amini, cyber innovator 03:07 - The $17M North Korea insider threat case 06:00 - Fake job candidates and AI hiring scams 09:28 - Deepfakes and AI-driven deception 14:00 - Future of AI-powered personal assistants 20:49 - The reality of bootstrapping vs. VC funding 26:00 - AI in cybersecurity: risk or revolution? 31:00 - “AI isn’t taking your job—someone using AI is” 35:00 - The ultimate AI-powered legacy project   Links: Connect with our guest, Pedram Amini: https://www.linkedin.com/in/pedramamini/ Check out the entire article about the $17M North Korea insider threat case here: https://www.theregister.com/2025/02/12/arizona_woman_laptop_farm_guilty/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

21 Helmi 36min

Cybersecurity Meets AI: The Good, The Bad & The Janky

Cybersecurity Meets AI: The Good, The Bad & The Janky

There’s no doubt that AI is changing the game in cybersecurity, but not always in the ways we expect. In this episode, Ron Eddings shares his firsthand experience with AI-powered tools that make him a cyber superhero—when they work. From automating security tasks to turbocharging programming workflows, AI is proving its value, but also revealing its limits. Through live walkthroughs and real-world examples, he showcases how AI automates security tasks, accelerates programming, and enhances research—while also showing why some cybersecurity actions should stay human-led.   Impactful Moments: 00:00 - Introduction 02:00 - The good and bad of AI in security 04:00 - Google’s AI weapons controversy 06:30 - Deepfake scams and AI-powered phishing 09:00 - How AI helps (and fails) at programming 12:00 - Automating security research with AI 18:00 - AI-generated meeting notes & productivity hacks 21:00 - What AI should NEVER do 23:00 - The future of AI in cybersecurity   Links: Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

13 Helmi 22min

A Human-Centric Approach to Cybersecurity with Edna Conway

A Human-Centric Approach to Cybersecurity with Edna Conway

What if cybersecurity was more than just tech—what if it was about the people it serves? In this episode, Edna Conway, Founder and CEO of EMC Advisors, shares her incredible journey from law to cybersecurity and explores the human element often overlooked in technology.  Recorded live at InfoSec Nashville 2024, Edna discusses the intersection of innovation and tradition, the critical role of accuracy in AI, and her vision for cybersecurity's future. From anomaly detection to the wisdom of creating "enclaves," her insights remind us that tech is here to serve people, not the other way around.   Impactful Moments: 00:00 – Introduction 01:22 – Keynote insights: Innovation meets tradition 02:39 – From prosecutor to cybersecurity leader 07:00 – Human-first approach to AI and security 11:40 – LLMs in cybersecurity: opportunities and accuracy 16:34 – Balancing risk with AI use in business 23:06 – Bringing diverse talent into cybersecurity 32:30 – Advice on leadership and collaboration   Links: Connect with our guest, Edna Conway: https://www.linkedin.com/in/ednaconway/ Learn more about ISSA Middle TN here: https://issamidtn.org/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

4 Helmi 35min

Rise of the Machines: Why Your Attack Surface Has More Holes Than You Think ft Pandian Gnanaprakasam

Rise of the Machines: Why Your Attack Surface Has More Holes Than You Think ft Pandian Gnanaprakasam

Did you know nearly half of your enterprise devices are agentless—leaving your attack surface wide open? In this episode, Ron is joined by Pandian Gnanaprakasam, Co-Founder and Chief Product Officer at Ordr, to discuss the critical risks posed by agentless devices and how orchestration can strengthen your defenses. Pandian shares key findings from Ordr’s 2024 "Rise of the Machines" report, highlighting the risks of overlooked agentless devices. He covers the rapid growth of these devices, strategies to manage vulnerabilities, and how automation can strengthen your defenses.   Impactful Moments: 00:00 - Introduction 04:15 - Why agentless devices dominate the next decade 06:30 - Insights from Ordr's “Rise of the Machines” report 08:50 - Hidden risks: 42% of devices are agentless 11:15 - Solving the "Swiss cheese" problem of security gaps 14:30 - Prioritizing vulnerabilities with business context 18:10 - Orchestration vs. automation: The harmony difference 22:00 - Why visibility is the foundation of security 27:30 - Ordr’s unique approach to securing the attack surface Links: Connect with our guest, Pandian Gnanaprakasam: https://www.linkedin.com/in/gpandian/ Check out Ordr’s Rise of the Machines report here: https://ordr.net/resources/rise-of-the-machines-report-2024 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

28 Tammi 38min

How a Game Turned a Watchmaker into a Cybersecurity Pro with Simeon Kakpovi

How a Game Turned a Watchmaker into a Cybersecurity Pro with Simeon Kakpovi

What if cybersecurity training could be as engaging as your favorite game? In this episode, Simeon Kakpovi, founder of the KC7 Foundation, shares how his gamified approach is changing lives and reshaping the cybersecurity pipeline by making cybersecurity education accessible.  From his journey as a threat hunter to building a free online game that teaches real-world blue team skills, Simeon joins Ron to show how creativity and inclusion can unlock potential in unexpected places. Plus, listen to the remarkable story about how a watchmaker with no cyber background landed a dream job at Microsoft—all thanks to KC7.   Impactful Moments 00:00 - Introduction 01:11 - The evolution of cybersecurity 03:03 - Cybersecurity Mergers & Acquisitions 05:38 - Meet our guest: Simeon Kakpovi of KC7 Foundation 06:00 - KC7 wins “Team of the Year” at the SANS DMAs 8:43 - Founding the KC7 Foundation 10:00 - Lessons from Lockheed Martin’s Cyber Analyst Challenge 11:46 - How KC7 gamifies real-world cybersecurity 14:52 - Bringing KC7 to high school and middle school students 16:52 - Expanding access to cybersecurity careers 25:09 - A watchmaker’s journey to Microsoft 34:00 - How to get started with KC7     Links Connect with our guest, Simeon Kakpovi on LinkedIn: https://www.linkedin.com/in/kakpovi/ Check out the Cybersecurity M&A Roundup Article here: https://www.securityweek.com/cybersecurity-ma-roundup-37-deals-announced-in-december-2024/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

22 Tammi 35min

Managing and Mitigating Cyber Risks For Your Assets with Jerich Beason and Wes Wright

Managing and Mitigating Cyber Risks For Your Assets with Jerich Beason and Wes Wright

What’s the key to mitigating unseen cyber risks? In this episode, Wes Wright, Chief Healthcare Officer at Ordr and Jerich Beason, CISO at WM uncover the complexities of attack surface management (ASM) and its impact on cybersecurity.  Together with Ron, they explain what constitutes an attack surface and introduce practical frameworks like See-Know-Secure, emphasizing the need for complete visibility and data-driven risk mitigation.  Impactful Moment: 00:00 - Introduction 03:00 - Defining attack surface management 06:13 - See-Know-Secure framework  09:05 - Analogies for explaining ASM to stakeholders 15:33 - Building an inventory for asset visibility 20:42 - Convincing leadership: Budget strategies 25:00 - Tools and methodologies for ASM 36:57 - Managed services vs. in-house approaches 43:00 - Starting your ASM journey   Links: Connect with our guests – Wes Wright: https://www.linkedin.com/in/4kidwes/ Jerich Beason: https://www.linkedin.com/in/jerich-beason/ Learn more about Ordr: https://ordr.net/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

14 Tammi 44min

The Year of the Agent: AI, Bug Bounties, and Cybersecurity Insights with Marco Figueroa

The Year of the Agent: AI, Bug Bounties, and Cybersecurity Insights with Marco Figueroa

How will AI redefine cybersecurity in 2025? According to Marco Figueroa, Program Manager for Gen AI at the ODIN Bug Bounty Program, this year is set to be the "Year of the Agent," where AI systems and integrations take a central role.  In this special New Year bonus episode, Ron sits down with Marco to discuss the transformative role of AI in solving cybersecurity challenges. Marco breaks down AI jailbreak techniques, the impact of bug bounty programs on securing AI systems, and why 2025’s fast-evolving tech landscape demands creative thinking. Learn how tools like ChatGPT and Gemini 2.0 are reshaping the industry and why staying adaptable is essential.   Impactful Moments: 00:00 - Introduction 02:14 - Speed vs. safety: AI system challenges 05:30 - Why experience matters more than information 07:45 - Legal stakes for deepfakes and AI 18:36 - Marco’s creative journey in cybersecurity 28:00 - Jailbreaks: Risks and surprising AI findings 37:13 - 2025 predictions: The rise of agents 41:00 - Closing thoughts and the power of community Links: Connect with our guest, Marco Figueroa: https://www.linkedin.com/in/marco-figueroa-re/ Chuck Brooks' 2025 Cybersecurity Predictions article: https://www.forbes.com/sites/chuckbrooks/2024/12/24/cybersecurity-trends-and-priorities-to-watch-for-2025/ Focus Areas for the FaccT Conference News: https://facctconference.org/2025/focusareas “Unreasonable Hospitality” by Will Guidara Book Link: https://www.amazon.com/Unreasonable-Hospitality-Remarkable-Giving-People/dp/0593418573 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

10 Tammi 41min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
rss-vegaaneista-tykkaan
aamukahvilla
psykologia
rss-narsisti
rss-valo-minussa-2
adhd-tyylilla
rss-duodecim-lehti
rss-vapaudu-voimaasi
aloita-meditaatio
jari-sarasvuo-podcast
adhd-podi
rss-uskonto-on-tylsaa
rss-koira-haudattuna
queen-talk
dear-ladies
rss-tripsteri
avara-mieli