Episode 109 - Honest Security with Jason Meller
Hacker Valley Studio8 Dec 2020

Episode 109 - Honest Security with Jason Meller

In this episode of Hacker Valley Studio podcast, Ron and Chris are joined by Jason Meller, Founder, and CEO of Kolide. Jason has over 10 years of experience in managing and leading security organizations. Jason’s interest in technology and cybersecurity began in the 1990s when he began programming in Visual Basic and building AOL Instant Messenger bots. Building offensive tools accelerated Jason’s interest in defending networks and helped him learn how much honesty plays part in building security solutions.

Jason mentions that the security monitoring software at most organizations have the same functionality as spyware or surveillance tools. In addition, these tools are designed to scrutinize all the actions that occur on a device. COVID-19 has increased the rate of organizations going through a digital transformation; as a result, users at an organization are not in a cubicle but at their home. This could mean that security teams have an extremely elevated level of access to devices without transparency as to what is being monitored to protect an organization. This is why Honest Security was created - to create a transparent relationship between security teams and end-users.

Jason has collaborated with Jesse Kriss from Netflix who is actively working towards incorporating user-focused security. Jason describes that organizations should build a culture based on trusting users, treating them like adults, giving them the tools that they need to do their job, and not treating them as suspects from day one. Instead, organizations and security teams should seek teachable moments by giving recommendations and educating users.

Throughout the episode, Jason describes situations that involve users and security team members maneuvering around security tooling obstacles to get their job done. Since working at home, traditional tools have created friction in the user experience. For instance, not having the ability to use USB ports on work devices, disabling corporate VPN to watch a YouTube video, and having to create a ticket to install software to help them with their job. When this friction is created, users will resort to using their personal devices for work activities and miss the opportunity to benefit from security. In some cases, there are “evil” applications found on a device created by a user - but often bad applications installed by users are Chrome extensions or helper utilities that are sending browsing history to a marketing firm.

In the Honest Security manifesto, there’s a section on empathetic intelligence, Jason describes this concept as thinking of the daily life users, thinking of what challenges are users attempting to solve in their workflow, and what part of that workflow could pose a risk to the organization. An example of this would be a security team member trying to empathize with someone who is a developer- and thinking of their daily workflow. When empathizing the security team may realize that the developer is attempting to fix issues on a production application. While fixing the production application, the developer may try to bring a copy of the application database to their local device. Creating a local copy of the database could pose a security risk the copy of the database is not deleted in a reasonable time or the user has their device auto-backup folders to their corporate or personal cloud storage solution (ie. Google Drive). Creating education for avoiding this mistake is a prime example of empathic intelligence when practicing Honest Security.

As the episode progresses, Jason goes into depth and explains more tenants of Honest Security - The goal is not to give unlimited power to the user or security team but to enable everyone to be in the position to make the right decisions and give appropriate recommendations. When consequences are articulated, users can understand that when maneuvering around security tools can pose a risk to their device and organization. Ie) disconnecting from the corporate VPN. When coaching and education are put as a priority when practicing security, James describes it as empowering the user to be successful and more transparent.

0:00 - Intro

2:28 - This episode features Jason Meller, Founder, and CEO of Kolide!

2:54 - Jason shares his background and his path into cybersecurity.

4:07 - What is Honest Security?

5:22 - Jason’s examples of dishonest security

8:08 - Collaboration with Netflix and User-Focused Security

16:00 - Jason describes Empathetic Security

19:17 - Tenants of Honest Security

35:32 - Wrap Up and Resources for Honest Security

Links:

Learn more about Jason Meller and connect with him on LinkedIn.

Learn more about Honest Security and read the manifesto.

Learn more about Jason’s company Kolide

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Avsnitt(390)

Recon Like An Adversary: Uncovering Modern Techniques in Attack Surface Management with Jason Haddix

Recon Like An Adversary: Uncovering Modern Techniques in Attack Surface Management with Jason Haddix

Ever wondered how the best defenders become unstoppable? They think like the attackers. In this episode with Jason Haddix, we reveal the strategies hackers don’t want you to know about and show you how to use them to your advantage. Jason, CEO of Arcanum Information Security and Field CISO at Flare, helps us step into the mind of a hacker. With stories and insights that will change how you think about cybersecurity, he talks about the tactics that can turn any security program into a fortress. From exploiting the overlooked to using AI for unbeatable defense, this conversation will revolutionize your approach to cybersecurity.   00:00 Introduction 01:29 Jason Haddix, CEO at Arcanum and Field CISO for Flare 04:48 Origins of Arcanum 07:04 Recon in Cybersecurity 12:22 Recon Discoveries 27:41 Flare's Role in Credential Management 33:47 Tooling for Small Businesses 35:47 Using AI for Cybersecurity 41:23 Flare Platform Deep Dive 43:20 Conclusion   Links: Connect with our guest, Jason Haddix: https://www.linkedin.com/in/jhaddix/ Check out Flare here: https://try.flare.io/hacker-valley-media/ Check out Arcanum here: https://www.arcanum-sec.com/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

10 Sep 202446min

I Failed Over 300 Times Trying To Get Into Security ft. Joe South

I Failed Over 300 Times Trying To Get Into Security ft. Joe South

Joe South is a testament to resilience, unconventional decisions, and finding success in unexpected places. If you’ve ever felt stuck in a rut or on the verge of giving up, Joe’s experience might be the jolt you need to keep pushing forward. Joe, Principal Security Engineer and host of the “Security Unfiltered” podcast, shares his journey into cybersecurity and battling depression after being rejected more than 300 times when applying for security roles. Joe shares advice on breaking into cybersecurity, dealing with rejection, the importance of mentorship, and staying persistent.   00:00 Introduction 01:00 Joe South, Principal Security Engineer and Host of the Security Unfiltered podcast 02:34 Early Career Struggles and Breakthrough 03:59 The Turning Point: From Help Desk to Cybersecurity 06:44 Rejection and Finding Success 11:17 Advice for Aspiring Cybersecurity Professionals 16:19 The Importance of Continuous Learning in Cybersecurity 18:10 Join the Hacker Valley Creative Mastermind! 19:10 Securing AI Models: Challenges and Strategies 20:10 The Importance of Communication in Security 21:22 Experience and Career Advancement 21:52 Rethinking Success: The Value of Being Number Two 23:57 Pressure and Rewards of Being a CISO 26:16 The Benefits of Podcasting and Content Creation 32:28 Balancing Personal and Public Information 35:27 Overcoming Adversity and Putting Yourself Out There 38:01 Final Thoughts and Advice for Aspiring Content Creators Links: Connect with our guest, Joe South: https://www.linkedin.com/in/joseph-south/ Check out the Security Unfiltered podcast here: https://securityunfiltered.com   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

3 Sep 202440min

Cybersecurity Challenges: AI, Burnout, and Insider Threats with Kayla Williams

Cybersecurity Challenges: AI, Burnout, and Insider Threats with Kayla Williams

At Black Hat 2024, we sat down with Kayla Williams, Chief Information Security Officer at Devo, to discuss her career journey, the role of AI in cybersecurity, and the pervasive issue of burnout among SOC analysts. Through her research with Wakefield Research, Kayla and her team discovered that 83% of IT professionals are burnt out due to stress, lack of sleep, and anxiety. IT and Security burnout leads to breaches. For the past 4 years, Devo has been hosting SOC Analyst Appreciation Day, a virtual event where they shower SOC analysts with the love, appreciation and recognition that they deserve.   Impactful Moments: 00:00 - Introduction 01:25 - Kayla Williams, Chief Information Security Officer at Devo 01:38 - How Kayla Became a CISO 03:06 - Challenges and Rewards 04:23 - Burnout in Cybersecurity 04:31 - 83% of IT professionals are Burnt Out 09:38 - How AI Fits into the SOC 09:59 - Key Use Cases for AI in Cybersecurity 15:07 - Insider Threat and Employees Stealing Company Data 18:14 - Non-Traditional Paths into Cybersecurity 21:00 - Future of Cybersecurity and AI 22:31 - Advice for Aspiring CISOs   Links: Connect with our guest, Kayla Williams: https://www.linkedin.com/in/kaylamwilliams1/ Check out Devo: https://www.devo.com/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

27 Aug 202424min

Offensive Security: Unlocking Hidden ROI with Seemant Sehgal

Offensive Security: Unlocking Hidden ROI with Seemant Sehgal

In this episode, Ron sits down at Black Hat with guest Seemant Sehgal, Founder & CEO of BreachLock, to learn more about how offensive security, such as red teaming and pen testing, fits into the cyber ecosystem. Seemant highlights how his background as a practitioner has helped him better understand the pain points that customers feel and assist them in making the most of their budget. Impactful Moments: 00:00 - Welcome 00:50 - Introducing Guest, Seemant Sehgal 02:47 - Penetration Testing vs Red Teaming 05:22 - What A Hacker Wants 06:17 - From our Sponsor, BreachLock 07:35 - There’s Always A ‘Low Hanging Fruit’ 08:49 - Trusted Partners 10:49 - Closing Doors On Hackers 13:08 - Advice to Entrepreneurs: Knowing Your ‘Why’   Links: Connect with our guest, Seemant Sehgal: https://www.linkedin.com/in/s-sehgal/ Check out BreachLock: https://www.breachlock.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

16 Aug 202415min

Black Hat 2024 Conference Pre-Game

Black Hat 2024 Conference Pre-Game

In this episode, Ron and Jen welcome you to Vegas and discuss a little background on Black Hat and DEF CON and how to make the most of your time professionally. Impactful Moments: 00:00 - Welcome 00:56 - Hello From Vegas! 01:41 - Conference Anxiety 03:43 - Origins of Black Hat 06:17 - Which Conference? 08:18 - Conference Strategy 11:47+ - You Can Only Pick One…   Links: Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

9 Aug 202413min

The Present and Future of AI in Cyber

The Present and Future of AI in Cyber

In this episode, Hosts Ron Eddings and Jen Langdon discuss questions about AI in Cyber. From the current state to where AI could be going, to resources to help you engage and up-level, there’s a little bit of everything for everyone in this episode.   Impactful Moments: 00:00 - Welcome 00:46 - Introduction 02:29 - Engineering AI 06:54 - Was it Made By AI? 09:07 - Join Our Mastermind 10:15 - AI in the Future 13:26 - AI in 2044 17:56 - AI & Resources 19:40 - AI Resources! 20:55 - One Step Better…   Links: Check out some resources shared during this episode: https://www.futuretools.io/   https://theresanaiforthat.com/ https://www.google.com/books/edition/On_Intelligence/Qg2dmntfxmQC?hl=en&gbpv=0 https://www.youtube.com/channel/UCbfYPyITQ-7l4upoX8nvctg   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

30 Juli 202423min

Leaving an Impression: Strategies for Captivating a Massive Audience

Leaving an Impression: Strategies for Captivating a Massive Audience

In this episode, hosts Ron Eddings and Jen Langdon discuss the power of storytelling through various media. Whether your goal is to create video content, deliver keynotes on stage, or be creative through other digital mediums, there will be something for everyone! Impactful Moments: 00:00 - Welcome 01:05 - Introductions 04:55 - Storytelling in Story Circle 09:23 - Crossing Across the Story Circle 12:15 - Join Our Mastermind! 12:57 - Is ‘Speaking’ Your Thing? 19:33 - Audience Considerations 22:24 - Speaking vs Writing 25:24 - Video/Digital Media 28:30 - Making it Captivating 32:03 - Last Reminders…   Links: Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

23 Juli 202432min

How Can I Best Proactively Secure My SaaS?

How Can I Best Proactively Secure My SaaS?

In this episode, Ron Eddings will explore the massive adaptation of SaaS applications and ways to tame the beast. Our guest Yoni Shohet, Co-Founder & CEO at Valence Security, will help provide insight into the capabilities of a SaaS Security Posture Management (SSPM) platform and best practices for implementing a SaaS security solution. Impactful Moments: 00:00 - Welcome 01:59 - Introducing guest, Yoni Shohet 03:25 - Founding A SaaS Security Company 06:30 - What is SSPM? 08:27 - From our Sponsor, Valence 09:30 - Before Clicking ‘Allow’ 11:54 - Users Want Their LLMs! 14:37 - Common Missteps 19:08 - Can You Manage SaaS w/o Technology? 24:15 - SaaS Breaches & MFA & APIs 32:42 - One Step Better…   Links: Connect with our guest, Yoni Shohet: https://www.linkedin.com/in/yonishohet/ Check out Valence Security: https://www.valencesecurity.com Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

17 Juli 202434min

Populärt inom Utbildning

bygga-at-idioter
historiepodden-se
det-skaver
rss-bara-en-till-om-missbruk-medberoende-2
alska-oss
nu-blir-det-historia
svd-ledarredaktionen
harrisons-dramatiska-historia
johannes-hansen-podcast
allt-du-velat-veta
roda-vita-rosen
not-fanny-anymore
rikatillsammans-om-privatekonomi-rikedom-i-livet
rss-max-tant-med-max-villman
sa-in-i-sjalen
sektledare
i-vantan-pa-katastrofen
rss-sjalsligt-avkladd
jagaren
handen-pa-hjartat