Episode 109 - Honest Security with Jason Meller
Hacker Valley Studio8 Dec 2020

Episode 109 - Honest Security with Jason Meller

In this episode of Hacker Valley Studio podcast, Ron and Chris are joined by Jason Meller, Founder, and CEO of Kolide. Jason has over 10 years of experience in managing and leading security organizations. Jason’s interest in technology and cybersecurity began in the 1990s when he began programming in Visual Basic and building AOL Instant Messenger bots. Building offensive tools accelerated Jason’s interest in defending networks and helped him learn how much honesty plays part in building security solutions.

Jason mentions that the security monitoring software at most organizations have the same functionality as spyware or surveillance tools. In addition, these tools are designed to scrutinize all the actions that occur on a device. COVID-19 has increased the rate of organizations going through a digital transformation; as a result, users at an organization are not in a cubicle but at their home. This could mean that security teams have an extremely elevated level of access to devices without transparency as to what is being monitored to protect an organization. This is why Honest Security was created - to create a transparent relationship between security teams and end-users.

Jason has collaborated with Jesse Kriss from Netflix who is actively working towards incorporating user-focused security. Jason describes that organizations should build a culture based on trusting users, treating them like adults, giving them the tools that they need to do their job, and not treating them as suspects from day one. Instead, organizations and security teams should seek teachable moments by giving recommendations and educating users.

Throughout the episode, Jason describes situations that involve users and security team members maneuvering around security tooling obstacles to get their job done. Since working at home, traditional tools have created friction in the user experience. For instance, not having the ability to use USB ports on work devices, disabling corporate VPN to watch a YouTube video, and having to create a ticket to install software to help them with their job. When this friction is created, users will resort to using their personal devices for work activities and miss the opportunity to benefit from security. In some cases, there are “evil” applications found on a device created by a user - but often bad applications installed by users are Chrome extensions or helper utilities that are sending browsing history to a marketing firm.

In the Honest Security manifesto, there’s a section on empathetic intelligence, Jason describes this concept as thinking of the daily life users, thinking of what challenges are users attempting to solve in their workflow, and what part of that workflow could pose a risk to the organization. An example of this would be a security team member trying to empathize with someone who is a developer- and thinking of their daily workflow. When empathizing the security team may realize that the developer is attempting to fix issues on a production application. While fixing the production application, the developer may try to bring a copy of the application database to their local device. Creating a local copy of the database could pose a security risk the copy of the database is not deleted in a reasonable time or the user has their device auto-backup folders to their corporate or personal cloud storage solution (ie. Google Drive). Creating education for avoiding this mistake is a prime example of empathic intelligence when practicing Honest Security.

As the episode progresses, Jason goes into depth and explains more tenants of Honest Security - The goal is not to give unlimited power to the user or security team but to enable everyone to be in the position to make the right decisions and give appropriate recommendations. When consequences are articulated, users can understand that when maneuvering around security tools can pose a risk to their device and organization. Ie) disconnecting from the corporate VPN. When coaching and education are put as a priority when practicing security, James describes it as empowering the user to be successful and more transparent.

0:00 - Intro

2:28 - This episode features Jason Meller, Founder, and CEO of Kolide!

2:54 - Jason shares his background and his path into cybersecurity.

4:07 - What is Honest Security?

5:22 - Jason’s examples of dishonest security

8:08 - Collaboration with Netflix and User-Focused Security

16:00 - Jason describes Empathetic Security

19:17 - Tenants of Honest Security

35:32 - Wrap Up and Resources for Honest Security

Links:

Learn more about Jason Meller and connect with him on LinkedIn.

Learn more about Honest Security and read the manifesto.

Learn more about Jason’s company Kolide

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Avsnitt(390)

Ditch the Spreadsheets: Smarter Crypto Security with Michael Klieman

Ditch the Spreadsheets: Smarter Crypto Security with Michael Klieman

Still tracking certificates in a spreadsheet? You’re not alone—and there’s a better way. In this special episode from RSA 2025, Ron sits down with Michael Klieman, Global Vice President of Product Management for Digital Security Solutions at Entrust, to discuss how leading organizations are rethinking cryptographic security. From simplifying certificate management to preparing for a post-quantum future, this conversation covers real-world risks, surprising breach stories, and practical steps for bringing order to crypto chaos—without the stress.   Impactful Moments: 00:00 – Introduction 04:00 – Three major problems with crypto today 06:45 – Certificates often missing from inventories 08:30 – Managing EV charging infrastructure with spreadsheets 11:00 – The two biggest certificate-related risks 12:50 – Expired certs can tank brand trust 14:45 – Automation usually comes after spreadsheets 16:30 – Why quantum risk grows every year 18:15 – Start with a cryptographic inventory 20:30 – Nation-state threats and critical infrastructure 22:15 – AI could fast-track quantum breakthroughs 24:45 – Entrust’s new unified crypto security platform 26:35 – One question every CISO must answer in 2025   Links: Connect with our guest, Michael Klieman: https://www.linkedin.com/in/mklieman/ Learn more about Entrust at: https://www.hackervalley.com/entrust   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

8 Maj 29min

Protecting People, Not Just Perimeters with Andrey Suzdaltsev

Protecting People, Not Just Perimeters with Andrey Suzdaltsev

AI is reshaping the cybersecurity battlefield, and cyber adversaries are getting smarter. In this episode, Ron Eddings welcomes Andrey Suzdaltsev, Co-Founder and CEO of Brightside AI, for a look into the evolution of social engineering, AI’s role in personalized phishing, and how Brightside is turning the tables with automation and human-centric protection. From offensive AI simulations to family-inclusive cyber safety, Andrey shares how his team secures both professional and personal perimeters before cybercriminals can strike.   Impactful Moments 00:00 Cyber criminals get a theatrical glow-up 01:47 AI models + personal data = mass fraud 03:42 Brightside’s 3-part solution explained 07:32 Why security must get personal 11:16 Ron’s reaction to Brightside’s realism 13:16 AI research tools now used by hackers 19:33 Why deepfake detection may fail 15:16 Automating attacks with AI agents 37:34 Protecting families = smarter security 41:56 Brightside’s vision for defending human risk   Links Connect with our guest, Andrey Suzdaltsev: https://www.linkedin.com/in/ndrey Learn more about Brightside: www.brside.com Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

24 Apr 45min

Digital Clutter and the Death of Passwords with Collin Sweeney & Chase Cunningham

Digital Clutter and the Death of Passwords with Collin Sweeney & Chase Cunningham

Passwords are the original digital clutter—messy, overstuffed, and way too easy to forget. Like a junk drawer full of old keys and cables, we keep tossing more into them, hoping they’ll somehow keep working. But what if it’s time to throw the whole thing out? In this episode, Ron Eddings is joined by Collin Sweeney of ZKX Solutions and Dr. Chase Cunningham, a.k.a. “Dr. Zero Trust,” for a bold conversation on the future of authentication. From the failures of MFA to the promise of zero-knowledge proofs, the crew breaks down how we got stuck with broken access systems—and what it’ll take to finally fix them. Whether it’s SIM swapping, face IDs, or security keys on the battlefield, this is the real talk on identity security you don’t want to miss. Impactful Moments: 00:00 – Introduction 03:45 – ZKX’s origin: voice verification breakthrough 06:45 – Collin’s “oh crap” SolarWinds realization 09:15 – Why MFA still fails in practice 13:15 – Zero-knowledge proofs explained with a coin 15:30 – How ZKPs reduce identity attack surfaces 17:45 – Making MFA faster, smarter, more human 20:00 – MFA fatigue and ice skating uphill 24:00 – Why people still cling to passwords 30:54 – Quantum fears vs real-world encryption limits Links: Connect with Collin Sweeney: https://www.linkedin.com/in/collin-sweeney-6ab6a5176/ Check out ZKX Solutions new product, Helix: zkxsolutions.com/helix Connect with Chase Cunningham: https://www.linkedin.com/in/dr-chase-cunningham/ Grab a copy of Chase Cunningham's book “vArIable: A Novel in the gAbrIel Series” here: www.amazon.com/vArIable-gAbrIel-Dr-Chase-Cunningham-ebook/dp/B0DVMWCWCD?ref_=ast_author_mp     Check out Hacker Valley’s upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord B

10 Apr 43min

What Most Cybersecurity Advice Misses—And How to Fix It with Robert Hansen

What Most Cybersecurity Advice Misses—And How to Fix It with Robert Hansen

What if the biggest threat to cybersecurity isn’t attackers—but the defenders themselves? Why are we still building tools for experts in a world where technical skills are fading fast? In this episode, Ron Eddings sits down with legendary hacker and investor Robert Hansen (aka RSnake) to talk about startup strategy, LLM-powered workflows, and the uncomfortable truth about skill decline in security teams. You’ll hear how he built an AI-powered threat intel engine, why most cybersecurity advice is outdated, and his hard-earned wisdom on surviving—and thriving—in a landscape built to break you.   Impactful Moments: 00:00 - Introduction 01:30 - Meeting RSnake at Hacker Hoedown 04:50 - AI-powered newsletter curation 08:15 - Ranking news by global impact 13:00 - Keeping LLM costs under 25 cents/day 16:10 - Paths to revenue for cybersecurity pros 24:00 - Why venture capital often kills innovation 33:20 - Cloud migration and the crocodile problem 37:00 - Decline in practitioner technical skill 40:00 - Designing tools for non-experts Links: Connect with our guest, Robert “RSnake” Hansen: https://www.linkedin.com/in/roberthansen3/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

3 Apr 36s

Hackers Have HR Now? featuring Christopher Budd

Hackers Have HR Now? featuring Christopher Budd

The internet once came this close to crashing—and Microsoft was on the front line. In this episode, cybersecurity veteran Christopher Budd takes us inside the Microsoft Security Response Center during one of the most chaotic cyber events in modern history. From the Nimda worm of 2001 to ransomware turf wars, and the weird future where threat actors post job ads for ransom note writers, Christopher lays it all out with perspective only decades in the game can bring. If you think AI or ransomware is the endgame, you’re not seeing the whole board.   Impactful Moments: 00:00 - Introduction 04:35 - Breaking down the Nimda attack 07:00 - “We carried 90% of the internet” 10:37 - Ransomware gangs fighting for headlines 15:26 - Secure perimeter is officially dead 17:31 - AI as your cybernetic exosuit 24:00 - Filtering 100,000 security emails with AI 27:05 - Privacy tension in AI-powered defense 32:00 - The inevitable swing back to local control 35:31 - “You will”: when sci-fi became real   Links: Connect with our guest, Christopher Budd: https://www.linkedin.com/in/christopherbudd/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

27 Mars 36min

Staying Ahead in the Age of AI Agents with Marco Figueroa

Staying Ahead in the Age of AI Agents with Marco Figueroa

Marco Figueroa is back, and his AI predictions aren’t just coming true—they’re unfolding faster than anyone expected. AI agents aren’t on the horizon—they’re already here, and security teams are scrambling to keep up. Building on his bold January prediction that 2025 would be the Year of the AI Agent, Marco returns to break down real-world threats, including an insider attack using an infinite logic bomb. From the rise of AI-driven security tools to the biggest risks companies aren’t ready for, this episode is your roadmap to staying ahead in the new AI era.   Impactful Moments: 00:00 - Introduction 02:00 - Insider threat case: Infinite logic bomb attack 06:00 - Why AI will transform security forever 10:00 - AI agents will replace entire workflows 16:00 - The AI pricing war is heating up 22:00 - How to structure AI-driven security workflows 30:00 - The mind-blowing AI coding method you need 38:00 - The future of AI-assisted cybersecurity teams   Links: Connect with our guest, Marco Figueroa: https://www.linkedin.com/in/marco-figueroa-re/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

21 Mars 40min

I Built an AI Version of Myself – Here’s Why with Marcus J. Carey

I Built an AI Version of Myself – Here’s Why with Marcus J. Carey

The best time to be alive is right now—if you know how to use AI. Marcus J. Carey, Principal Research Scientist at ReliaQuest, is harnessing AI to supercharge creativity, cybersecurity, and career development. In this episode, he shares the workflows he uses that redefine productivity, from dictating books in a week to building a personal AI twin. In this episode, Ron and Marcus highlight AI’s true power—when used right. They discuss why intuition is the secret ingredient, how AI is reshaping cybersecurity, and why people who master AI will lead the future. Plus, Marcus breaks down how he built his own personal GPT, his approach to learning, and why he sees AI as a tool, not a threat.   Impactful Moments: 00:00 - Introduction 01:18 - Meet Marcus J. Carey 03:00 - Using AI to write a book fast 06:00 - Creating a personal AI twin 09:00 - AI’s impact on cybersecurity defense 15:00 - The power of intuition in AI 22:00 - Why learning fundamentals still matters 30:00 - AI-enhanced workflows for coding 36:00 - The reality of AI "hallucinations" 39:00 - Final thoughts on mastering AI Links: Connect with our guest, Marcus J. Carey: https://www.linkedin.com/in/marcuscarey/ Grab a copy of Marcus’ book, “Hacker, Inc.: Mindset For Your Career” here: https://a.co/d/8i7waDc   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

14 Mars 39min

Cyber Warfare, Digital Deception, and the Hidden Threats We Ignore with Dr. Eric Cole

Cyber Warfare, Digital Deception, and the Hidden Threats We Ignore with Dr. Eric Cole

We’re already in World War III—just not the kind you’re thinking of. Cyber warfare is here, and the battlefield is your inbox, your bank account, and your digital identity. So why are we still acting like it’s peacetime? Dr. Eric Cole, cybersecurity pioneer and former CIA hacker, joins the show to drop hard truths about the state of cyber warfare, AI’s role in our digital future, and why most people are sleepwalking through a war they don’t even realize they’re in. From the rise of deepfakes to North Korea’s billion-dollar hacking economy, this episode is one you can’t afford to ignore.   Impactful Moments: 00:00 - Introduction 02:00 - Dr. Eric Cole’s journey from the CIA to cybersecurity leadership 07:20 - The fundamentals of hacking and why they still matter 11:00 - AI is only as smart as the data we give it 17:00 - The rise of deepfakes and digital deception 19:45 - Cyber warfare: How North Korea funds its economy through hacking 23:50 - The problem with America’s peacetime mentality 30:00 - Should we be worried about AI replacing humans? 36:10 - The key to success: mastering people skills, not just tech skills 40:30 - Final thoughts and where to follow Dr. Eric Cole   Connect with Dr. Eric Cole on LinkedIn: https://www.linkedin.com/in/ericcole1/ Check out Dr. Eric Cole’s books –  Cyber Crisis: Protecting Your Business from Real Threats in the Virtual World: https://www.amazon.com/Cyber-Crisis-Protecting-Business-Threats/dp/B093X3YNPT Online Danger: How to Protect Yourself and Your Loved Ones from the Evil Side of the Internet: https://www.amazon.com/Online-Danger-Protect-Yourself-Internet-ebook/dp/B078WK39TT Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

8 Mars 41min

Populärt inom Utbildning

bygga-at-idioter
historiepodden-se
det-skaver
rss-bara-en-till-om-missbruk-medberoende-2
alska-oss
nu-blir-det-historia
svd-ledarredaktionen
harrisons-dramatiska-historia
johannes-hansen-podcast
allt-du-velat-veta
roda-vita-rosen
not-fanny-anymore
rikatillsammans-om-privatekonomi-rikedom-i-livet
rss-max-tant-med-max-villman
sa-in-i-sjalen
sektledare
i-vantan-pa-katastrofen
rss-sjalsligt-avkladd
jagaren
handen-pa-hjartat