Episode 109 - Honest Security with Jason Meller
Hacker Valley Studio8 Dec 2020

Episode 109 - Honest Security with Jason Meller

In this episode of Hacker Valley Studio podcast, Ron and Chris are joined by Jason Meller, Founder, and CEO of Kolide. Jason has over 10 years of experience in managing and leading security organizations. Jason’s interest in technology and cybersecurity began in the 1990s when he began programming in Visual Basic and building AOL Instant Messenger bots. Building offensive tools accelerated Jason’s interest in defending networks and helped him learn how much honesty plays part in building security solutions.

Jason mentions that the security monitoring software at most organizations have the same functionality as spyware or surveillance tools. In addition, these tools are designed to scrutinize all the actions that occur on a device. COVID-19 has increased the rate of organizations going through a digital transformation; as a result, users at an organization are not in a cubicle but at their home. This could mean that security teams have an extremely elevated level of access to devices without transparency as to what is being monitored to protect an organization. This is why Honest Security was created - to create a transparent relationship between security teams and end-users.

Jason has collaborated with Jesse Kriss from Netflix who is actively working towards incorporating user-focused security. Jason describes that organizations should build a culture based on trusting users, treating them like adults, giving them the tools that they need to do their job, and not treating them as suspects from day one. Instead, organizations and security teams should seek teachable moments by giving recommendations and educating users.

Throughout the episode, Jason describes situations that involve users and security team members maneuvering around security tooling obstacles to get their job done. Since working at home, traditional tools have created friction in the user experience. For instance, not having the ability to use USB ports on work devices, disabling corporate VPN to watch a YouTube video, and having to create a ticket to install software to help them with their job. When this friction is created, users will resort to using their personal devices for work activities and miss the opportunity to benefit from security. In some cases, there are “evil” applications found on a device created by a user - but often bad applications installed by users are Chrome extensions or helper utilities that are sending browsing history to a marketing firm.

In the Honest Security manifesto, there’s a section on empathetic intelligence, Jason describes this concept as thinking of the daily life users, thinking of what challenges are users attempting to solve in their workflow, and what part of that workflow could pose a risk to the organization. An example of this would be a security team member trying to empathize with someone who is a developer- and thinking of their daily workflow. When empathizing the security team may realize that the developer is attempting to fix issues on a production application. While fixing the production application, the developer may try to bring a copy of the application database to their local device. Creating a local copy of the database could pose a security risk the copy of the database is not deleted in a reasonable time or the user has their device auto-backup folders to their corporate or personal cloud storage solution (ie. Google Drive). Creating education for avoiding this mistake is a prime example of empathic intelligence when practicing Honest Security.

As the episode progresses, Jason goes into depth and explains more tenants of Honest Security - The goal is not to give unlimited power to the user or security team but to enable everyone to be in the position to make the right decisions and give appropriate recommendations. When consequences are articulated, users can understand that when maneuvering around security tools can pose a risk to their device and organization. Ie) disconnecting from the corporate VPN. When coaching and education are put as a priority when practicing security, James describes it as empowering the user to be successful and more transparent.

0:00 - Intro

2:28 - This episode features Jason Meller, Founder, and CEO of Kolide!

2:54 - Jason shares his background and his path into cybersecurity.

4:07 - What is Honest Security?

5:22 - Jason’s examples of dishonest security

8:08 - Collaboration with Netflix and User-Focused Security

16:00 - Jason describes Empathetic Security

19:17 - Tenants of Honest Security

35:32 - Wrap Up and Resources for Honest Security

Links:

Learn more about Jason Meller and connect with him on LinkedIn.

Learn more about Honest Security and read the manifesto.

Learn more about Jason’s company Kolide

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Avsnitt(391)

Hacking, Innovation, & the Formation of the First NSA Red Team with Jeff Man

Hacking, Innovation, & the Formation of the First NSA Red Team with Jeff Man

In this episode, Chris and Ron Eddings are joined by Jeff Man, a legend in cybersecurity. The conversation begins with Jeff sharing his experiences as a member of the first NSA red team and his involvement in groundbreaking projects. He discusses his early days working with computers at the National Security Agency (NSA) in the 1980s and his role in developing a software-based encryption system. Jeff also points to the significance of the first publicly available web browser and the impact it had on the internet and cybersecurity. Later in the episode, Jeff talks about his transition from the NSA to the private sector and his focus on Payment Card Industry Data Security Standard (PCI DSS) compliance. He explains the importance of PCI and how it provides a framework for organizations to protect sensitive data and maintain secure networks. Impactful Moments 0:00 - Intro 01:15 - Welcome Jeff Man 01:51 - Jeff’s introduction to computing and cybersecurity 09:25 - Creation of the first NSA Red Team 15:20 - Leaving NSA and Focusing on PCI 19:41 - Advice for Those Starting in Cybersecurity 21:53 - Staying up to date with Jeff Man Links: Stay in touch with Jeff Man on LinkedIn: https://www.linkedin.com/in/jeffreyeman/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

18 Juli 202322min

Privacy by Design: The Future of Homomorphic Encryption & Secure Data Analytics

Privacy by Design: The Future of Homomorphic Encryption & Secure Data Analytics

In this episode, Chris and Ron interview Derek Wood from Duality Technologies, a leading privacy technology company to discuss the concept of homomorphic encryption and its significance in data security, privacy, and governance. Homomorphic encryption enables users to perform computations on encrypted data without exposing it, revolutionizing the way data is used and analyzed. In this episode, the group discusses the challenges in the current data landscape, the importance of security and privacy, and the potential impact of duality's solutions in various industries such as finance and healthcare. Check out Duality’s webinar, Why Data, Privacy, & Security Leaders are Key to Growth & Innovation Impactful Moments: 00:00 - Introduction 01:09 - What is homomorphic encryption? 04:03 - Misconceptions of security and privacy 06:25 - What is Duality’s mission? 10:04 - Does Google Drive use homomorphic encryption? 13:08 - What homomorphic encryption enables 22:08 - Innovations that Duality is working on 24:37 - Secure data analytics and Homomorphic encryption 31:41 - Impact of AI and LLMs on security and privacy Links: Stay in touch with Derek Wood on LinkedIn: https://www.linkedin.com/in/drwood/ Learn more about Duality Technologies: https://dualitytech.com/  Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

11 Juli 202336min

The Future of AI In Cybersecurity

The Future of AI In Cybersecurity

In this episode, Ron and Chris explore the vast potential of AI in cybersecurity, including its ability to develop cybersecurity solutions, provide recommendations and predictions for cyber practitioners, and even assist attackers in identifying vulnerabilities and creating exploits. Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 00:00 - Introduction 00:56 - The future of AI in cybersecurity 02:24 - Addressing the elephant in the room 03:15 - Amplifying your productivity  05:13 - AI & vulnerability management 09:00 - Remediating vulnerabilities with AI 11:41 - Join our community!  12:32 - Coding, building, & developing 18:13 - Final thoughts

27 Juni 202319min

Vulnerability Hunting & AI with Brian Contos

Vulnerability Hunting & AI with Brian Contos

In this episode, hosts Ron and Chris are joined by Brian Contos, Chief Strategy Officer at Sevco to discuss his “movie-like” career trajectory and the rise of artificial intelligence (AI) in cybersecurity. With two IPOs and eight acquisitions under his career belt, Brian expresses his passion for startups and how getting out of his comfort zone transformed his business knowledge. The group also dives into the rise of artificial intelligence and how it will revolutionize the cybersecurity landscape. Stay in touch with Brian Contos: https://www.linkedin.com/in/briancontos/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 00:00 - Intro 01:09 - Introducing Brian Contos 04:03 - Brian’s passion for startups 06:13 - Emerging tech & AI 07:50 - The intersection of AI & cybersecurity  09:50 - The future impacts of AI 10:58 - How will AI enhance cybersecurity? 15:02 - Data assessment vs data integration 17:46 - Join our community! 18:48 - Getting out of your comfort zone 21:21 - Small touches lead to big finishes

20 Juni 202324min

Balancing Work & Parenting In Cybersecurity

Balancing Work & Parenting In Cybersecurity

In this episode, Ron and Chris discuss the challenges of balancing cybersecurity and parenting. Chris, a father of three, shares his experience of being a parent while also working in cybersecurity. They talk about the sacrifices that come with being a parent and how to prioritize family while still maintaining a career in cybersecurity. They also discuss the importance of having a plan but being flexible enough to adapt to unexpected situations.  Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 02:39 - Balancing cybersecurity and parenting 04:27- Maternity/paternity leave in cyber 08:33 - Skills in parenting for cybersecurity 10:36 - Career sacrifices 14:05 Parenting with a support system 17:31- Being more than a parent

13 Juni 202320min

What Is Security Architecture?

What Is Security Architecture?

In this episode of Hacker Valley Studio, Ron and Chris take a deep dive into all things Security Architecture and the essential skills you need to thrive in your role. Ron shares insights from his personal journey into security architecture as well as his expert advice on how to break in and stand out in the field. Links: Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 01:22 - What is Security Architecture? 03:04 - Day in the life of a security architect 04:01 - Different types of security architects 06:01 - Ron’s journey into security architecture 07:49 - What skills do you need? 08:40 - Join our community! 09:21 - Ron’s best practices 10:24 - Finding the right solutions 11:36 - What is the salary potential? 12:59 - How to stand out 13:52 - Advice for those breaking into the field

6 Juni 202315min

Technical Dojos: Cultivating Skills and Navigating Change in Cybersecurity

Technical Dojos: Cultivating Skills and Navigating Change in Cybersecurity

In this cybersecurity podcast episode, Chris Cochran and Ron Eddings discuss the concept of 'dojos' as environments for growth and learning, drawing on experiences from their own career paths in cybersecurity. The 'dojo' metaphor is applied to various life experiences, with an emphasis on cybersecurity communities and events. Chris describes his journey to the west coast where he lived in a hacker house, a form of dojo where he, along with his roommates, focused on cybersecurity, technology, personal growth, and development. This life-changing experience spurred the creation of their podcast. Links: Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 0:00 - Intro 00:55 - What is a dojo? 02:25 - Technical/cybersecurity dojos 05:17 - Getting started 07:21 - What should you look for in a dojo community? 09:06 - How to level up and give back 10:14 - Join our community! 11:36 - When is it time to move on? 12:50 - Learning hurts - embrace it! 13:59 - What’s your next dojo?

30 Maj 202315min

Attack Surface Management: The Grit Needed for True Cyber Resilience with Nabil Hannan

Attack Surface Management: The Grit Needed for True Cyber Resilience with Nabil Hannan

Join hosts Ron and Chris as they dive into the world of Attack Surface Management (ASM) in this episode recorded live at RSAC 2023. Special guest Nabil Hannan, a seasoned industry expert and Field CISO at NetSPI, shares his wealth of knowledge and expertise in this critical field. Together, they explore the evolving landscape of ASM, highlighting NetSPI's unique approach compared to other solution providers and shedding light on the state of ASM to empower listeners to enhance their security posture. NetSPI has a team of skilled pen-testers that can help you find those critical vulnerabilities and become your partner in creating the right remediation game plan for you. Check them out at https://www.netspi.com/HVM Links: Connect with Nabil Hannan on LinkedIn: https://www.linkedin.com/in/nhannan/ Connect with us on LinkedIn: https://www.linkedin.com/company/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 01:08 - Introducing Nabil Hannan 01:25 - Relationship-building through play 04:39 - The power of authenticity 05:39 - What is a Field CISO? 07:02 - The rise of attack surface management 09:17 - What makes NetSPI different? 11:26 - A word from our sponsor 12:17 - Attack surface management for SMBs 15:15 - ASM solutions & false positives 17:16 - An ASM case study 21:15 - Red teaming influence on ASM 24:12 - Where do I get started with ASM?

23 Maj 202325min

Populärt inom Utbildning

bygga-at-idioter
historiepodden-se
det-skaver
rss-bara-en-till-om-missbruk-medberoende-2
alska-oss
nu-blir-det-historia
svd-ledarredaktionen
harrisons-dramatiska-historia
allt-du-velat-veta
johannes-hansen-podcast
roda-vita-rosen
not-fanny-anymore
rikatillsammans-om-privatekonomi-rikedom-i-livet
i-vantan-pa-katastrofen
sa-in-i-sjalen
sektledare
handen-pa-hjartat
rss-max-tant-med-max-villman
rss-sjalsligt-avkladd
jagaren