Episode 36 - Life and Purpose Mapping Hacks with Craig Filek

In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by co-founders of Material Security, Ryan Noon and Abhishek Agrawal. They co-founded Material Security in 2017, today Ryan serves as the CEO, and Abhishek the CTO. Abishek has a background in engineering, infrastructure and analytics and his MBA from Harvard.  Ryan’s background is in engineering and data analysis, and holds multiple computer science and security degrees from Stanford. Before they moved on to creating their own company, they worked together at DropBox. While they both have a strong engineering background, they are developing a security product. Ryan explains that coding and engineering is why he’s able to work in cyber security, all his years of engineering helped him make a reliable and effective product. Abhishek agrees that both their different backgrounds have carried over into the security industry and says the lessons he learned in productivity and engineering have been incredibly useful. Despite these diverse backgrounds, Ryan says going into security was an easy decision. “Go to where the problems are,” he says. Around the time of the founding of Material Security, there were a lot of problems with email. Abhishek agrees, and says he’s always been interested in email and how it’s being destroyed by threats.  When hackers access your email, what are they looking for? Abhishek explains that they may be downloading all of its contents, or resetting passwords to services like Twitter or Instagram. Material Security works to ask those questions and stop the effectiveness of a breach in email security. This shifts the focus from all the ways someone may hack you, to the implications of that hack. Ryan likens it to a burglary, explaining that their security is less about all the doors and windows - ways to get into your home - but rather what someone may want once they’re inside. There is a lot of hand wringing in startup land, Ryan says, but there is no one right way to do it. The startup can burn you out, and what made Material Security’s leadership work was the reliance on each other, both he and Abhishek and their third co-founder, Chris Park. For them, this was the magic answer, having a third person gives them a tie breaker and someone who could cut through the noise with clarity. Abhishek agrees, joking that they compliment each other by Ryan giving long detailed answers, and Abhishek can summarize his thoughts. In all seriousness, this balance of responsibility and strengths requires a level of trust and lack of ego but makes the team work smoothly. Having unique skill sets is important, but Abhishek explains overlap is important as well because you can speak the same language and push each other for the best solutions. When you come from similar backgrounds, no one is the authority and ideas get pressure tested. One of the challenges is using this overlap of skills for good - not letting it paralyze you. Another challenge they faced is knowing where to question and press industry standards, versus where to accept and excel at current practices. When thinking over their challenges and journey they offer some advice to new founders. Ryan stresses, “stop trying to get into things.” People can fall into the trap of trying to get into college, programs, and industries, and end up giving up some of their productivity and creativity to others. He also encourages people to know their partners and communicate with them about everything. Abhishek says people should divorce the idea of leaving their job from starting a company. Instead you should decide if you’re ready to leave your current job and then if you want to go to a new company or start your own.   0:00 - Intro 1:40 - Listeners are introduced to co-founders of Material Security and the episode ahead. 3:05 - Ryan and Abhishek introduce themselves.  5:38 - How do engineering and cyber security intersect? 8:39 - Why did Ryan and Abhishek decide to go into security? 14:28 - Ryan and Abhishek explain what hackers do when they’ve gotten into email. 18:08 - How do Ryan and Abhishek navigate their relationship? 24:19 - Ron asks Ryan and Abhishek about the challenges of the founder’s journey. 26:45 - What piece of advice do they have for new founders?   Links: Learn more about Material Security. Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.

10 Dec 202032min

In this episode of Hacker Valley Studio podcast, Ron and Chris are joined by Jason Meller, Founder, and CEO of Kolide. Jason has over 10 years of experience in managing and leading security organizations. Jason’s interest in technology and cybersecurity began in the 1990s when he began programming in Visual Basic and building AOL Instant Messenger bots. Building offensive tools accelerated Jason’s interest in defending networks and helped him learn how much honesty plays part in building security solutions.  Jason mentions that the security monitoring software at most organizations have the same functionality as spyware or surveillance tools. In addition, these tools are designed to scrutinize all the actions that occur on a device. COVID-19 has increased the rate of organizations going through a digital transformation; as a result, users at an organization are not in a cubicle but at their home. This could mean that security teams have an extremely elevated level of access to devices without transparency as to what is being monitored to protect an organization. This is why Honest Security was created - to create a transparent relationship between security teams and end-users.  Jason has collaborated with Jesse Kriss from Netflix who is actively working towards incorporating user-focused security. Jason describes that organizations should build a culture based on trusting users, treating them like adults, giving them the tools that they need to do their job, and not treating them as suspects from day one. Instead, organizations and security teams should seek teachable moments by giving recommendations and educating users. Throughout the episode, Jason describes situations that involve users and security team members maneuvering around security tooling obstacles to get their job done. Since working at home, traditional tools have created friction in the user experience. For instance, not having the ability to use USB ports on work devices, disabling corporate VPN to watch a YouTube video, and having to create a ticket to install software to help them with their job. When this friction is created, users will resort to using their personal devices for work activities and miss the opportunity to benefit from security. In some cases, there are “evil” applications found on a device created by a user - but often bad applications installed by users are Chrome extensions or helper utilities that are sending browsing history to a marketing firm. In the Honest Security manifesto, there’s a section on empathetic intelligence, Jason describes this concept as thinking of the daily life users, thinking of what challenges are users attempting to solve in their workflow, and what part of that workflow could pose a risk to the organization. An example of this would be a security team member trying to empathize with someone who is a developer- and thinking of their daily workflow. When empathizing the security team may realize that the developer is attempting to fix issues on a production application. While fixing the production application, the developer may try to bring a copy of the application database to their local device. Creating a local copy of the database could pose a security risk the copy of the database is not deleted in a reasonable time or the user has their device auto-backup folders to their corporate or personal cloud storage solution (ie. Google Drive). Creating education for avoiding this mistake is a prime example of empathic intelligence when practicing Honest Security. As the episode progresses, Jason goes into depth and explains more tenants of Honest Security - The goal is not to give unlimited power to the user or security team but to enable everyone to be in the position to make the right decisions and give appropriate recommendations. When consequences are articulated, users can understand that when maneuvering around security tools can pose a risk to their device and organization. Ie) disconnecting from the corporate VPN. When coaching and education are put as a priority when practicing security, James describes it as empowering the user to be successful and more transparent.   0:00 - Intro 2:28 - This episode features Jason Meller, Founder, and CEO of Kolide! 2:54 - Jason shares his background and his path into cybersecurity. 4:07 - What is Honest Security? 5:22 - Jason’s examples of dishonest security 8:08 - Collaboration with Netflix and User-Focused Security 16:00 - Jason describes Empathetic Security 19:17 - Tenants of Honest Security 35:32 - Wrap Up and Resources for Honest Security Links: Learn more about Jason Meller and connect with him on LinkedIn. Learn more about Honest Security and read the manifesto. Learn more about Jason’s company Kolide Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.

8 Dec 202036min

In this episode of the Hacker Valley Studio podcast, Ron and Chris host a special episode featuring one of their favorite guests.  Carole Theriault is the co-host of both the Smashing Security podcast and the Sticky Pickles podcast, and she is also the founder and director of her own company, Tick Tock Social.  Carole joins Ron and Chris to talk about her passion for being behind the mic, the impact of COVID-19 on the 2020 holiday season, and more! As the interview gets underway, Ron and Chris ask Carole about her background and what she’s up to now.  At this point, Carole says, she’s in “podcast land.”  She works in tech and IT security, as well, and in her work with Tick Tock Social, she aims to help people simplify their messaging and make it palatable for the representatives of companies they’re propositioning.  Turning to her podcasts, Carole shares about her co-host for Smashing Security, Graham Cluley, her friend (or frenemy, perhaps?) with whom she also previously worked for Sophos.  To conclude her brief personal introduction, Carole notes that she also fills some of her time with hobbies, such as yoga, baking bread, and painting.   Moving forward in the conversation, Ron and Chris are first curious about how Carole got into podcasting in the first place.  She explains that a business trip for Sophos involved her listening to This American Life and falling in love with the podcast medium.  After she stopped working for Sophos, she started her own projects, and she was eventually able to convince Graham to host a podcast with her.  And it is this podcast that once included Chris as a guest!  So, Chris asks, how did he do?  The question kick starts a conversation about quality podcast and radio production, which involves voice quality, radio technique, and more.  Fortunately, Carole finds that Chris (like Ron) has a great radio voice, and (unlike Graham) she also finds him to have a good laugh.  While it can be challenging to find guests with strong radio presence, one benefit of 2020 is that people have had lots of opportunity in lockdown to work on the relevant skills! Another area in which potential guests often struggle is that of communicating and making themselves the “star,” so to speak.  Carole skillfully takes pressure off of guests and highlights them herself, and she is able to do so because she is not running her show for a boss or a company, but for herself and in order to have fun.  Her work is designed to be light! The lightness is born out of experience, though, as Carole is able to choose content for the show because of a well-developed instinct.  She developed her instinct, in part, through her work at Sophos.  Looking back, Carole details her transition away from Sophos.  Over her 15 years there, the company grew and changed, Carole took on too much, and she found she needed to leave.  She and Graham decided on the same day to leave Sophos, not knowing where their friendship was yet to lead! Carole’s journey has certainly been one of stepping into her personal power, and her philosophy in all her endeavors is to be herself.  While missing personal contact, she has navigated the pandemic well in her professional life.  More personally, she, Ron, and Chris look ahead to the upcoming holidays, which will certainly be usual!  They also share a benefit of the pandemic: people having more free time to join podcasts as guests.  In fact, Carole is excited to feature Tim Harford of the BBC’s More or Less podcast soon (and, hopefully in 2021, Ron!). As the conversation winds toward a close, Carole explains her approach to finding guests, which focuses on finding “win-win” scenarios.  She likens the departure of co-host Anna (from Sticky Pickles) to a breakup, asks about Ron and Chris’s friendship, and offers advice both to a new podcaster and listeners looking to ensure their cybersecurity this holiday season! 0:00 - Intro 1:40 - This special episode features Carole Theriault! 2:44 - Turning to Carole, the hosts ask her to share her background and what she’s up to now. 5:00 - How did Carole get into podcasting in the first place? 6:50 - Chris asks, “How did I do?” 10:03 - What are some techniques to highlight a guest and make him/her the star? 12:10 - Carole and her hosts get into content selection. 15:13 - Carole tells the story of her decision to leave Sophos. 19:00 - This journey has been an experience of stepping into her own power. 21:01 - She is herself in her work; COVID-19 has not hindered this (though she misses people!) 23:26 - The group talks holiday preparations. 27:49 - Next, they talk future podcast guests and how to choose guests. 30:07 - How long have Ron and Chris known each other? 32:32 - What’s Carole’s advice for new podcasters and for holiday cybersecurity?   Links: Learn more about Carole Theriault and connect with her on Twitter. Learn more about the Smashing Security podcast and connect on Twitter. Learn more about the Sticky Pickles podcast and connect on Twitter. Learn more about Tick Tock Social. Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.

2 Dec 202038min

Hello HVS family! We are beyond proud to introduce a new leadership focused show for you listening pleasure. This account is still the home of the HVS episode you know and love but to subscribe to this show be sure to visit the link below! https://link.chtbl.com/marqetaleadslaunch   In this inaugural episode, Ron and Chris sit down with Marqeta CEO, Jason Gardner, to discuss his journey through leadership and explain the tools he has used over his successful entrepreneurial career.   0:00 - Intro 1:00 - 3:00  — Learn about Jason’s first business venture and starting business in tech. Jason speaks about mindsets for entrepreneurship.  5:30 — Jason speaks about the importance of leading from values and finding his own style of communication.  7:30 — Learn where Jason’s leadership comes from and how it lent itself to a more steady vision. 10:00-12:00 — Communication is key, Jason speaks about his superpower and why he views leadership as a type of service. 13:00-15:00  — Jason shares about the weight of responsibility that a leader must become accustomed to. He shares how he navigated a very difficult time in Marqeta’s development as a company and platform. 16:00-20:00  — How Jason adjusted to physically distanced work and the gifts and challenges it has presented.  20:00 — Jason speaks a bit about leadership culture and why is it important to Marqeta’s values. 22:00 — Some advice from Jason on how to be a leader. If you want to keep up with what’s going on with Marqeta and Jason, follow Marqeta on social media!   Thanks for listening please do check out our social media for the latest. Marqeta's Twitter   Marqeta's Linkedin

1 Dec 202026min

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview AJ Yawn in an episode that is a mix between a master class and a founder’s journey.  AJ is the founder and CEO of ByteCheck, with a personal and company goal to “make compliance suck less.”  He is a cloud security expert, and brings to the conversation a wealth of wisdom on cybersecurity, leadership, and personal growth.  The episode focuses on topics surrounding a major event in the past week for AJ and ByteChek, addressing AJ’s background, the work surrounding ByteCheck’s genesis, AJ’s thoughts on compliance, and more!   The interview begins with a look at AJ’s background.  AJ grew up a military brat, and eventually found himself in the Army for a time.  While he did not place much consideration on technology before he entered the Army, it was during his Army career that AJ developed an interest in cybersecurity.  He became passionate about cybersecurity and the cloud, and he went all in!  After he left the service, he began a job in cybersecurity consulting, and he’s been in the field ever since.   This episode is recorded at another momentous shift in AJ’s career, though, and Ron and Chris invite him to share about the past week, focusing on highs and lows.  AJ shares about how he and his friend Jeff just launched ByteChek days ago, choosing as their launch date the significant holiday of Veterans Day!  This choice was a way to honor AJ’s family members who served before him, and Ron and Chris also thank AJ for his own service to his country.   In light of this exciting time, AJ explains what the early days of the company have been like and considers some influences that have shaped him.  In this stage of his company, AJ has capitalized on LinkedIn.  He had previously not been accustomed to using the site or to the more general task of business promotion, but he’s found that networking on LinkedIn is a great way to grow a new business.  He also explores ways in which his background in sports and as a middle child among nine siblings have shaped him as a cybersecurity worker and entrepreneur.  Such factors of his youth helped him to foster a growth mindset and competitive nature, and also taught him to stand in his power.  Next, AJ talks about the thinking behind the tagline, “make compliance suck less,” which is honest, humorous, and relevant to the problem that drove AJ to start the company.  As he navigates issues of business, compliance, and the like, AJ demonstrates remarkable capacities for focus.  Ron and Chris wonder how he manages to focus on a single subject and to stay intentional for months or even years at a time, and AJ answers that he focuses on the process.  In order to do so, he relies on the 90-91 model (which calls for the first 90 minutes of his day to be centered on a certain thing), as well as an array of goals. AJ is also deeply committed to an active pursuit of personal growth.  One of the clearest demonstrations of this commitment came in the years leading up to the launch of ByteChek.  AJ saw the need for such a company years ago and had it in mind to start his own company, knowing that he needed to take a chance to make the impact he wanted to make.  However, he also knew that he was not yet ready to start a business, so he created a masterclass for himself to prepare.  Since, in first forming the company, he needed to place special focus on learning the business and marketing side of things, his successful navigation of LinkedIn is just one testament to the effectiveness of his intentional training. Even in the midst of the fear surrounding the COVID-19 pandemic (and many problems for businesses), AJ was confident in betting on himself and launching ByteChek.  And he’s confident in the future of the company, as well.  He invests himself in making compliance exciting for clients, and among his projections for the future of compliance, he even includes plans for a ByteChek Academy!  As the conversation reaches a close, AJ provides listeners with a final nugget of wisdom pertaining to the two most prominent themes of the conversation: betting on oneself and stepping into one’s personal power.     1:35 - This episode features AJ Yawn! 2:53 - AJ and his hosts turn to background info and what AJ is doing today. 4:35 - This past week has been huge for AJ because of his company launch! 6:33 - Did AJ’s interest in cybersecurity start while he was in the Army? 8:49 - The group speaks of AJ’s family background, including the fact that he is one of nine kids! 10:00 - Has being in the middle of a big family and playing sports shaped AJ? 12:52 - AJ and his hosts consider ByteChek’s tagline. 15:21 - How does AJ focus so well? 17:18 - Why did he launch the company now, even in the midst of COVID-19? 21:21 - AJ created a masterclass for himself. 25:38 - How does AJ make compliance exciting? 29:39- AJ is asked about the future of compliance. 33:45 - What’s one nugget of wisdom AJ can offer concerning two main themes of the episode?   Links: Connect with AJ on LinkedIn. Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about ByteChek, and mention Hacker Valley Studio to receive a limited time offer!

24 Nov 202039min

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview longtime friend David Tsao.  David is a security advisor who leads security engineering at Marqeta, and he is an ever-innovating wealth of knowledge.  Ron and Chris ask David about his background, philosophy of leadership, and more!  David took a nontraditional route into the security field, as he had a background in chemistry and pharma before breaking into the security community.  Ron and Chris ask David to explain various aspects of his experience, including decisions regarding when to buy or build things, how vendors may find problems to tackle, and his own founder’s journey as a team builder.  David’s story of team-building opens the door to conversation about his role as a leader in the field, and he tells Ron and Chris about his expectations about leadership and how they matched reality, strategies for assuring opportunity for team impact and giving individual employees opportunities, and what he looks for in his work of hiring employees. Another major topic of conversation is David’s philosophy concerning the social commentary of the day.  More specifically, Ron and Chris wonder how he thinks about issues surrounding both diversity and inclusion and wealth and income gaps.  David explains his thoughts and desire to partner with others in work for change, and also shares the story of a past experience tasting social change and feeling like he made a difference.  Finally, David offers advice to listeners eager to make an impact on their own community, as well as listeners looking with a broad vision and wanting to bring change to the world.  1:34 - This episode features David Tsao and starts with a look at his background. 3:48 - David handles questions of building vs. buying and operating as a vendor. 9:54 - The conversation turns to David’s founder’s journey. 13:26 - David is asked about his first step into leadership, including expectations and reality. 15:05 -David gets into some team strategies and ways to best serve individual employees.  20:48 - What does David look for in hiring people new to the security field? 23:59 - Ron and Chris want to know David’s philosophy on social commentary going on now. 28:14 - They ask David to share a story about seeing and contributing to social change. 30:47 - Where should people who want to make a community impact start? 33:37 - What’s one piece of advice to listeners wanting to bring change in the world?   Links: Connect with David on LinkedIn. Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about ByteChek, and mention Hacker Valley Studio to receive a limited time offer!

18 Nov 202036min

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris provide a very special episode as they interview Robin Black.  Robin is a martial arts practitioner and commentator, and he is arguably the best martial arts analyst in the world.  He believes secrets to the universe lie in the sacred moments of combat - and that couldn’t be any more true in cyber security.  So what does cyber security have to do with martial arts and analysis?  Ron and Chris invite listeners into the conversation to find out! As the conversation begins, Robin shares about his background, emphasizing the fact that he has the privilege of doing what he loves.  Robin’s work involves taking events and crafting a story in real time; the task is in many ways similar to that of cyber security, but as a general rule,  it requires more speed.  And so, Ron and Chris wonder, what is Robin’s mindset as an analyst?  Robin explains how he developed his interest and skill as an analyst, slowly building skill, sharpening his ability with language, and consciously deciding to go back to the roots of martial arts in his analysis rather than approaching the work as a television announcer typically would.  He is an art curator of violence, so to speak, and is committed to “nutrient rich” commentary.  Moving forward in the conversation, Ron and Chris wonder about what advice Robin would offer to the “little guy.”  Using the example of Brazilian Jiu Jitsu, Robin explains the value of knowing more, having more knowledge, being able to change, and being confident.  Such strengths help the apparent underdog in both fighting and cyber security.  Much like they considered unhackability with previous guests, Ron and Chris also raise the notion of an unbeatable fighter, and Robin details the reasons why such a fighter is a myth.  Listeners will learn about such things as the cracks and flaws in fighting (which are located in the root of fighting - within belief systems), the workings and danger of muscle memory, how Robin dissects fighters, and how Robin thinks about cyber security!   1:45 - This special episode features Robin Black! 3:19 - The conversation first turns to Robin’s background and what he’s doing today. 5:31 - What is Robin’s mindset as an analyst? 11:21 - Ron and Chris wonder what advice Robin would give to the “little guy.” 14:02 - Is there such a thing as an unbeatable fighter? 17:17 - The episode turns to the flaws and cracks within fighting. 20:54 - What is the component of muscle memory, and what role does it play? 24:31 - Ron and Chris want to know how Robin dissects fighters. 33:24 - Does Robin have any questions about cyber security?   Links: Follow Robin on Twitter, Instagram. Follow Bellator MMA on Youtube. Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about ByteChek, and mention Hacker Valley Studio to receive a limited time offer!

11 Nov 202036min

In this episode, our guest is Kiersten Todd, a cybersecurity innovator for small and medium sized businesses. Kiersten is also behind creating the legislation for Department of Homeland security. There are very few subjects that Kiersten doesn't have experience on in cybersecurity. She's also the managing director of the cyber readiness Institute. Chris and Ron had a great time speaking to Kiersten and she comes with a wealth of knowledge.    The Cyber Readiness Institute  Kiersten's LinkedIn Email: ktodt@cyberreadinessinstitute.org  Take our Free AttackIQ course and earn your badge here: www.hackervalley.com/easy Get your free audiobook from Audible.com Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter

2 Nov 202030min