Episode 109 - Honest Security with Jason Meller
Hacker Valley Studio8 Joulu 2020

Episode 109 - Honest Security with Jason Meller

In this episode of Hacker Valley Studio podcast, Ron and Chris are joined by Jason Meller, Founder, and CEO of Kolide. Jason has over 10 years of experience in managing and leading security organizations. Jason’s interest in technology and cybersecurity began in the 1990s when he began programming in Visual Basic and building AOL Instant Messenger bots. Building offensive tools accelerated Jason’s interest in defending networks and helped him learn how much honesty plays part in building security solutions.

Jason mentions that the security monitoring software at most organizations have the same functionality as spyware or surveillance tools. In addition, these tools are designed to scrutinize all the actions that occur on a device. COVID-19 has increased the rate of organizations going through a digital transformation; as a result, users at an organization are not in a cubicle but at their home. This could mean that security teams have an extremely elevated level of access to devices without transparency as to what is being monitored to protect an organization. This is why Honest Security was created - to create a transparent relationship between security teams and end-users.

Jason has collaborated with Jesse Kriss from Netflix who is actively working towards incorporating user-focused security. Jason describes that organizations should build a culture based on trusting users, treating them like adults, giving them the tools that they need to do their job, and not treating them as suspects from day one. Instead, organizations and security teams should seek teachable moments by giving recommendations and educating users.

Throughout the episode, Jason describes situations that involve users and security team members maneuvering around security tooling obstacles to get their job done. Since working at home, traditional tools have created friction in the user experience. For instance, not having the ability to use USB ports on work devices, disabling corporate VPN to watch a YouTube video, and having to create a ticket to install software to help them with their job. When this friction is created, users will resort to using their personal devices for work activities and miss the opportunity to benefit from security. In some cases, there are “evil” applications found on a device created by a user - but often bad applications installed by users are Chrome extensions or helper utilities that are sending browsing history to a marketing firm.

In the Honest Security manifesto, there’s a section on empathetic intelligence, Jason describes this concept as thinking of the daily life users, thinking of what challenges are users attempting to solve in their workflow, and what part of that workflow could pose a risk to the organization. An example of this would be a security team member trying to empathize with someone who is a developer- and thinking of their daily workflow. When empathizing the security team may realize that the developer is attempting to fix issues on a production application. While fixing the production application, the developer may try to bring a copy of the application database to their local device. Creating a local copy of the database could pose a security risk the copy of the database is not deleted in a reasonable time or the user has their device auto-backup folders to their corporate or personal cloud storage solution (ie. Google Drive). Creating education for avoiding this mistake is a prime example of empathic intelligence when practicing Honest Security.

As the episode progresses, Jason goes into depth and explains more tenants of Honest Security - The goal is not to give unlimited power to the user or security team but to enable everyone to be in the position to make the right decisions and give appropriate recommendations. When consequences are articulated, users can understand that when maneuvering around security tools can pose a risk to their device and organization. Ie) disconnecting from the corporate VPN. When coaching and education are put as a priority when practicing security, James describes it as empowering the user to be successful and more transparent.

0:00 - Intro

2:28 - This episode features Jason Meller, Founder, and CEO of Kolide!

2:54 - Jason shares his background and his path into cybersecurity.

4:07 - What is Honest Security?

5:22 - Jason’s examples of dishonest security

8:08 - Collaboration with Netflix and User-Focused Security

16:00 - Jason describes Empathetic Security

19:17 - Tenants of Honest Security

35:32 - Wrap Up and Resources for Honest Security

Links:

Learn more about Jason Meller and connect with him on LinkedIn.

Learn more about Honest Security and read the manifesto.

Learn more about Jason’s company Kolide

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Jaksot(390)

Understanding the Psychology of Cyber Risk with David Shipley

Understanding the Psychology of Cyber Risk with David Shipley

Most people think cybersecurity training is about knowledge, but what if motivation is the real key to success? David Shipley, CEO and Field CISO at Beauceron Security, shares how psychology and neuroscience reshape how we approach security awareness, reducing risks in ways tech alone never could. In this episode, Ron and David examine why people, not technology, are at the core of effective cybersecurity. David teaches us about the SCARF model, warns us about the dangers of overconfidence in training, and explains how gamification can drive meaningful behavior change when it comes to cybersecurity awareness and risk reduction.    Impactful Moments: 00:00 – Introduction 02:00 – David Shipley’s journey from journalist to cybersecurity leader 06:10 – Why motivation outshines knowledge in security training 08:20 – The Dunning-Kruger effect: Overconfidence in cybersecurity 11:17 – How overreliance on tech increases click rates 17:03 – Cybercriminals’ evolving tactics and emotional manipulation 25:00 – Gamification in cybersecurity: Changing security behaviors 30:56 – Using the SCARF model to enhance security culture 39:45 – Emotional intelligence as a defense against AI threats Links: Connect with our guest, David Shipley: https://www.linkedin.com/in/dbshipley/ Learn more about Beauceron Security here: www.beauceronsecurity.com/partner   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

7 Tammi 44min

From Landscaping to Cyber Leadership with Cole Lisko

From Landscaping to Cyber Leadership with Cole Lisko

How does a scorching July day in a van with no air conditioning lead to a career at one of the world’s top cybersecurity companies? In this episode, Cole Lisko shares his journey from landscaping to becoming the Cortex Team Manager at Palo Alto Networks.  Joined by his bestie Cole, Ron weaves the conversation through their history of friendship with laughs and lessons learned along the way. Discussing career pivots, unexpected opportunities, and the impact of mentorship, this conversation offers relatable motivation and a candid look at the power of meaningful connections.   Impactful Moments: 00:00 - Introduction 03:00 - Cole’s first exposure to cybersecurity 06:30 - Pivotal moment: a call for mentorship 11:40 - Breaking into cleared work 18:30 - Lessons learned at Booz Allen 22:00 - The art of work-life compartmentalization 27:45 - Leadership insights from landscaping days 32:50 - What’s next for Cole at Palo Alto Networks Links: Connect with our guest, Cole Lisko: https://www.linkedin.com/in/matthewlisko/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

24 Joulu 202434min

Think Like a Hacker, Solve Like a Leader featuring Ted Harrington

Think Like a Hacker, Solve Like a Leader featuring Ted Harrington

What if the key to innovation is breaking the rules? Ted Harrington, Executive Partner at Independent Security Evaluators and a pioneering ethical hacker, explores the power of commitment, curiosity, creativity, and nonconformity to rethink cybersecurity and life itself. From hacking the first iPhone to disrupting misconceptions about security testing, Ted shows why the hacker mindset matters more now than ever. Join Ron and Ted as they discuss strategies for using the hacker mindset to solve problems, address risks like AI-driven deepfakes, and uncover unconventional opportunities in both business and personal growth.   Impactful Moments: 00:00 - Intro 03:15 - The four traits of a hacker mindset 07:40 - Hacking the first iPhone and Tesla 11:50 - Why penetration testing is misunderstood 16:30 - Risks and realities of AI deepfakes 21:20 - Applying hacker traits to entrepreneurship 28:45 - Ted’s upcoming book: Inner Hacker 33:00 - Why mindset matters most   Links: Connect with our guest, Ted Harrington: https://www.linkedin.com/in/securityted/ Order Ted Harrington’s book “Hackable” here: https://www.amazon.com/Hackable-How-Application-Security-Right-ebook/dp/B08MFTQ7Q4 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

17 Joulu 202441min

Hacking Trust with AI and Deepfakes featuring Iain Jackson

Hacking Trust with AI and Deepfakes featuring Iain Jackson

What happens when cutting-edge AI meets the art of deception? In this episode, Iain Jackson, Academy Hive Leader at CovertSwarm, takes us through the uncanny potential and risks of synthetic voices and AI in cybersecurity.  Together, Ron and Iain discuss how adversaries are using AI to bypass human intuition. From synthetic voice calls to automating phishing attacks at scale, this episode explores how hackers leverage technology using these tactics and what you can do to stay one step ahead.    Impactful Moments: 00:00 - Introduction 01:56 - Iain shares his journey with AI 03:29 - Demonstrating voice cloning in real-time 06:31 - Risks of automated synthetic voice attacks 09:46 - Impact of AI on social engineering tactics 11:00 - Importance of "vibe checks" in cybersecurity 15:17 - Real-world phishing and HR scam example 20:00 - Uncanny Valley: Defense against AI deception 23:37 - The future of AI in adversary emulation   Links: Connect with our guest, Iain Jackson: https://www.linkedin.com/in/iain-j-98578a238/ Learn more about CovertSwarm here: https://covertswarm.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

12 Joulu 202425min

Championing the Human in Cybersecurity with Julie Haney

Championing the Human in Cybersecurity with Julie Haney

What happens when cybersecurity puts people first? Julie Haney, Human-Centered Cybersecurity Program Lead at NIST, shares how designing security with humans at the center leads to greater adoption, reduced frustration, and stronger protection. In this episode, Julie discusses how to improve user adoption by simplifying complex security processes, why empathy is a game-changer for effective security, and strategies for empowering people to feel confident and secure online. This conversation will inspire you to rethink how we protect people in the digital age and shares a fresh perspective on making cybersecurity work for all. Impactful Moments: 00:00 - Introduction 07:15 - Breaking down barriers in user design 15:40 - Why empathy matters in cybersecurity solutions 21:05 - Challenges in bridging tech and humanity 28:30 - Designing systems with people, not just for them 35:10 - Practical steps to empower users in security 42:45 - Final reflections on human-centered innovation   Links: Connect with our guest, Julie Haney here: https://www.linkedin.com/in/julie-haney-037449119 Check out NIST’s Online Community of Interest here: https://csrc.nist.gov/Projects/human-centered-cybersecurity/hcc-coi Learn more about Human-Centered Cybersecurity on NIST’s website here: https://csrc.nist.gov/projects/human-centered-cybersecurity   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

3 Joulu 20242min

Do You Deserve To Be Hacked? Featuring Ilan Fehler and Dahvid Schloss

Do You Deserve To Be Hacked? Featuring Ilan Fehler and Dahvid Schloss

Do you deserve to be hacked? With that bold tagline, CovertSwarm is pushing leaders to rethink how they test and defend their systems, and in this episode, they’re sharing firsthand how organizations can prepare for adversaries in the wild. Recorded at Black Hat 2024, Ron is joined by Ilan Fehler, US Sales Lead at CovertSwarm, and Dahvid Schloss, Hive Leader at CovertSwarm to explore the world of adversary emulation. From physical breaches to API exploits, this conversation covers the human, digital, and physical elements of cybersecurity. Impactful Moments: 00:00 - Introduction 01:25 - You Deserve To Be Hacked 03:05 - Emulating criminal behavior: The hive structure 07:55 - Social engineering tactics that really work 20:16 - Physical breaches: Pentesting in action 24:09 - Past the firewall: Second- and third-layer testing 29:14 - Digital exploits and real-world vulnerabilities 35:24 - Why organizations hesitate to invest in red teams 37:33 - Building muscle memory for security   Links: Connect with our guests, Ilan Fehler https://www.linkedin.com/in/fehler/ and Dahvid Schloss https://www.linkedin.com/in/dahvidschloss/ Learn more about CovertSwarm here: https://covertswarm.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

26 Marras 202440min

Transforming SOC Operations with AI featuring Roy Halevi

Transforming SOC Operations with AI featuring Roy Halevi

Cybersecurity is evolving fast, and AI is at the center. Roy Halevi, Co-Founder and CTO of Intezer, explains how AI automates SOC operations, improving speed and accuracy while freeing up teams to focus on critical threats. In this conversation with host Ron Eddings, Roy explains how AI automates critical tasks like alert investigation and response, reducing noise and improving accuracy. Roy shares insights on overcoming challenges in adopting AI, the future of SOC roles, and how organizations can optimize their defenses using AI driven tools.   Impactful Moments 00:00 – Intro and the AI revolution in cybersecurity 01:16 – Meet Roy Halevi, Co-Founder and CTO of Intezer 03:00 – The story behind the name ‘Intezer’ 06:14 – Key challenges facing today’s SOC teams 15:04 – Top use cases for AI in the SOC 21:27 – How Intezer automates alert triage and response 37:32 – Future predictions for SOC and cybersecurity roles 48:23 – Closing thoughts and call to action   Links: Connect with our guest, Roy Halevi: https://www.linkedin.com/in/royhalevi Learn more about Intezer here: https://intezer.com   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

20 Marras 202449min

From Shadow IT to Full Asset Visibility with Wes Wright

From Shadow IT to Full Asset Visibility with Wes Wright

Can you truly protect what you can't see? Wes Wright, Chief Healthcare Officer at Ordr, joins Ron to share how organizations can shine a light on their network and asset blind spots and take control of their digital assets. In this episode, Ron and Wes discuss the importance of asset visibility in cybersecurity, outlining the potential of CAASM (Cyber Asset and Attack Surface Management) and how it empowers teams to expose hidden vulnerabilities, streamline operations, and stay ahead of security threats, vulnerabilities, and exposures.   Impactful Moments: 00:00 - Introduction 01:35 - Asset visibility and blind spots 03:47 - What keeps CTOs and CISOs up at night 08:45 - Bridging IT and OT: CAASM explained 12:10 - Real-world use cases for CAASM 18:37 - The power of automated asset management 25:00 - Why continuous inventory is a game-changer 35:59 - Wes’s advice for getting started with Ordr Links: Connect with our guest, Wes Wright: https://www.linkedin.com/in/4kidwes/ Learn more about Ordr here: https://ordr.net/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

12 Marras 202437min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
rss-vegaaneista-tykkaan
aamukahvilla
psykologia
rss-narsisti
rss-valo-minussa-2
adhd-tyylilla
rss-duodecim-lehti
rss-vapaudu-voimaasi
aloita-meditaatio
jari-sarasvuo-podcast
adhd-podi
rss-uskonto-on-tylsaa
rss-koira-haudattuna
queen-talk
dear-ladies
rss-tripsteri
avara-mieli