Episode 109 - Honest Security with Jason Meller
Hacker Valley Studio8 Dec 2020

Episode 109 - Honest Security with Jason Meller

In this episode of Hacker Valley Studio podcast, Ron and Chris are joined by Jason Meller, Founder, and CEO of Kolide. Jason has over 10 years of experience in managing and leading security organizations. Jason’s interest in technology and cybersecurity began in the 1990s when he began programming in Visual Basic and building AOL Instant Messenger bots. Building offensive tools accelerated Jason’s interest in defending networks and helped him learn how much honesty plays part in building security solutions.

Jason mentions that the security monitoring software at most organizations have the same functionality as spyware or surveillance tools. In addition, these tools are designed to scrutinize all the actions that occur on a device. COVID-19 has increased the rate of organizations going through a digital transformation; as a result, users at an organization are not in a cubicle but at their home. This could mean that security teams have an extremely elevated level of access to devices without transparency as to what is being monitored to protect an organization. This is why Honest Security was created - to create a transparent relationship between security teams and end-users.

Jason has collaborated with Jesse Kriss from Netflix who is actively working towards incorporating user-focused security. Jason describes that organizations should build a culture based on trusting users, treating them like adults, giving them the tools that they need to do their job, and not treating them as suspects from day one. Instead, organizations and security teams should seek teachable moments by giving recommendations and educating users.

Throughout the episode, Jason describes situations that involve users and security team members maneuvering around security tooling obstacles to get their job done. Since working at home, traditional tools have created friction in the user experience. For instance, not having the ability to use USB ports on work devices, disabling corporate VPN to watch a YouTube video, and having to create a ticket to install software to help them with their job. When this friction is created, users will resort to using their personal devices for work activities and miss the opportunity to benefit from security. In some cases, there are “evil” applications found on a device created by a user - but often bad applications installed by users are Chrome extensions or helper utilities that are sending browsing history to a marketing firm.

In the Honest Security manifesto, there’s a section on empathetic intelligence, Jason describes this concept as thinking of the daily life users, thinking of what challenges are users attempting to solve in their workflow, and what part of that workflow could pose a risk to the organization. An example of this would be a security team member trying to empathize with someone who is a developer- and thinking of their daily workflow. When empathizing the security team may realize that the developer is attempting to fix issues on a production application. While fixing the production application, the developer may try to bring a copy of the application database to their local device. Creating a local copy of the database could pose a security risk the copy of the database is not deleted in a reasonable time or the user has their device auto-backup folders to their corporate or personal cloud storage solution (ie. Google Drive). Creating education for avoiding this mistake is a prime example of empathic intelligence when practicing Honest Security.

As the episode progresses, Jason goes into depth and explains more tenants of Honest Security - The goal is not to give unlimited power to the user or security team but to enable everyone to be in the position to make the right decisions and give appropriate recommendations. When consequences are articulated, users can understand that when maneuvering around security tools can pose a risk to their device and organization. Ie) disconnecting from the corporate VPN. When coaching and education are put as a priority when practicing security, James describes it as empowering the user to be successful and more transparent.

0:00 - Intro

2:28 - This episode features Jason Meller, Founder, and CEO of Kolide!

2:54 - Jason shares his background and his path into cybersecurity.

4:07 - What is Honest Security?

5:22 - Jason’s examples of dishonest security

8:08 - Collaboration with Netflix and User-Focused Security

16:00 - Jason describes Empathetic Security

19:17 - Tenants of Honest Security

35:32 - Wrap Up and Resources for Honest Security

Links:

Learn more about Jason Meller and connect with him on LinkedIn.

Learn more about Honest Security and read the manifesto.

Learn more about Jason’s company Kolide

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Avsnitt(391)

Enterprise Browsers: Work’s Natural Next Step

Enterprise Browsers: Work’s Natural Next Step

In this episode, Ron Eddings and Jen Langdon talk about the evolution of browsers and how enterprise browsers have entered to change the game for corporations. Special guest Bradon Rogers, Chief Customer Officer at Island, joins to explain how enterprise browsers expand capabilities in asset management, security, and user experience. They also discuss how enterprise browsers can streamline IT infrastructure, offering a glimpse into the future and AI's role in it. Impactful Moments: 00:00 - Welcome 04:25 - Introducing guest, Bradon Rogers 07:23 - Extension vs Browser 14:53 - Security Use Cases 18:12 - From our Sponsor 19:34 - Better User Decisions 24:01 - Tool Reduction 26:24 - IT & Security Should Play Nice 29:41 - Data Protection   Links: Connect with our guest, Bradon Rogers: https://www.linkedin.com/in/bradon/ Check out Island’s website here: https://www.island.io/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

21 Maj 202434min

Building Tech and Adding Value in the Era of AI with Josh Danielson

Building Tech and Adding Value in the Era of AI with Josh Danielson

In this episode, Ron Eddings talks with guest Josh Danielson, CEO at Kustos, about how his journey at a previous organization has led him to build and create new products in the industry. They’ll discuss everything from how AI is currently being used to how there are still many ways to optimize in the cybersecurity product and service space. Listen to learn more about how you could create the next great thing in cyber! Impactful Moments: 00:00 - Welcome 00:43 - Introducing guest, Josh Danielson 03:20 - Cutting Edge Tech 07:34 - To CISO or not to CISO 10:33 - Join Our Creative Mastermind 11:20 - Balancing Product & Services 14:37 - Not Taking Advantage of AI 18:10 - Getting Better Value out of Tooling 21:35 - One Step Better…   Links: Connect with our guest, Josh Danielson: https://www.linkedin.com/in/joshua-danielson-a82b7342/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Check out our upcoming events: hackervalley.com/livestreams Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

14 Maj 202424min

Building Fast and Not Breaking Things with Shlomi Matichin

Building Fast and Not Breaking Things with Shlomi Matichin

In this episode, Ron Eddings and guest Shlomi Matichin, Co-Founder & CTO at Valence Security, discuss how the hurdles and triumphs in the journey of establishing Valence Security resulted in a reduction in SaaS misconfigurations and vulnerabilities. Impactful Moments: 0:00 - Welcome 01:50 - Introducing guest, Shlomi Matichin 02:46 - Founder’s Journey 04:30 - Building Fast 07:37 - Building Fast vs Building Intentionally 08:13 - From Our Sponsor, Valence Security 09:18 - How SaaS Breaches Occur 13:38 - Google Workspace Security 19:55 - The Uninstall Journey 25:00 - What Worries You? 27:48 - Building SaaS Fast 31:08 - One Step Better   Links: Connect with our guest, Shlomi Matichin: https://www.linkedin.com/in/shlomi-matichin/ Check out Valence Security: valencesecurity.com Check out our upcoming events: hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

7 Maj 202432min

Leaping Over the ‘BAR’ to Leading Cyber in Africa with Confidence Staveley

Leaping Over the ‘BAR’ to Leading Cyber in Africa with Confidence Staveley

In this episode, Host Ron Eddings gets to know guest Confidence Staveley, founder of Merkel Fence and CyberSafe Foundation. He uncovers Confidence’s inspiring story, not only about how she transforms her community and the people around her through her non-profit, but the grit she needed to overcome the obstacles to get to a career in cyber and build her own company. In addition to learning about the potential of Africa as a booming tech talent hub, you’ll better understand what it takes to foster that growth in the tech industry. Impactful Moments: 00:00 - Welcome 00:44 - Introducing guest, Confidence Staveley 04:03 - Learning About Computers 06:46 - Women in Cyber & Access to Tech Careers 12:30 - Pushing Forward & Inspiring Others 15:05 - Solving the Cyber Problem 19:11 - Time Commitment to Get a Job in Cyber 24:45 - How CyberSafe Works 29:29 - Building a SOC in Africa 32:29 - One Step Better…   Links: Connect with our guest, Confidence Staveley: https://www.linkedin.com/in/confidencestaveley/ Check out the CyberSafe Foundation: https://cybersafefoundation.org/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

30 Apr 202435min

How to Hack your Career: Building a vCISO Business with Ayman Elsawah

How to Hack your Career: Building a vCISO Business with Ayman Elsawah

In this episode, Ron Eddings gets a chance to speak with Ayman Elsawah, Founder of Cloud Security Labs, and have him share his experience with becoming a vCISO. Ayman will break down the vast business of security consulting and help you determine the best approach and next steps to catalyze you on your way to owning your time and your own business. Impactful Moments: 00:00 - Welcome 01:14 - Introducing guest, Ayman Elsawah 07:08 - Types of vCISOs 09:55 - How to Become a vCISO 13:40 - Join Our Mastermind! 14:24 - Is vCISO Right for You? 17:22 - Marketing as A vCISO 22:33 - Anticipated vCISO Salary 26:15 - vCISO Time Commitment   Links: Connect with Ayman: https://www.linkedin.com/in/infosecleader/ Twitter & YouTube: @coffeewithayman Check out Ayman’s vCISO Course: coffeewithayman.com/hackervalley —------------------------------------------------------------------------- Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

23 Apr 202431min

Hyperautomation, Open Security Data Architecture, and the Future of SIEM with Neal Humphrey

Hyperautomation, Open Security Data Architecture, and the Future of SIEM with Neal Humphrey

Ron Eddings and Neal Humphrey, Vice President of Market Strategy at Deepwatch, discuss the changes in Security Operations infrastructure, and how these changes in structure, data, and automation are going to impact operations in the near future. Their discussion will revolve around more than just SIEM, alerts, and responses; it will go into market changes, vendor movement, and how the future of SOC is demanding a shift in mindset and strategy beyond "Let a machine handle it..." Impactful Moments: 00:00 - Welcome 01:05 - Introducing guest, Neal Humphrey 03:09 - Looking Back at SecOps 06:11 - Modern SOC Wall 11:49 - Hyperautomation; the Future of SOAR? 15:02 - Hyperautomation & Normalization 17:29 - From our Sponsor, Deepwatch 19:18 - OSDA & Deepwatch 25:32 - Hyperautomaiton or OSDA 1st 30:25 - Can I Show The Value of A Tool? 34:30 - Who is OSDA White Paper for? 36:43 - One Step Better…   Links: Connect with our guest, Neal Humphrey: https://www.linkedin.com/in/neal-humphrey-b909773/ Check out the White paper by Deepwatch: https://www.deepwatch.com/the-security-operations-center-cannot-hold/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

16 Apr 202440min

Securing Your SaaS and Cyber Influencer Networking with CRO Bob Horn

Securing Your SaaS and Cyber Influencer Networking with CRO Bob Horn

Ron Eddings sits down with Bob Horn, Chief Revenue Officer at Valence Security. Their conversation centers around the world of SaaS security, examining the current landscape and challenges in managing SaaS risks. Bob also shares experiences from his 25-year career in sales, focusing on the importance of storytelling in sales and innovative approaches of marketing through leveraging cybersecurity influencers. Impactful Moments: 00:00 - Welcome 00:44 - Introducing guest, Bob Horn 03:36 - Sales & Storytelling in Cybersecurity 07:13 - Current State of SaaS 09:28 - From our Sponsor, Valence Security 10:29 - More SaaS, More Problems 13:52 - Great Security Improves Your Team 17:01 - Consequence of Being Attacked 19:10 - Influencer & In-Person Marketing 25:55 - The Future of SaaS 28:01 - One Step Better…   Links: Check out Valence Security: https://www.valencesecurity.com/ Connect with our guest, Bob Horn: https://www.linkedin.com/in/bob-horn-699a70/ Join us LIVE with Shlomi Matachin on Tuesday, April 16th at 12p ET / 9a PT: https://www.linkedin.com/events/7181368974062895106/comments/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

9 Apr 202430min

From ‘Hand-to-Hand Combat’ To Management in Cyber with Ofer Gayer

From ‘Hand-to-Hand Combat’ To Management in Cyber with Ofer Gayer

HVS Host Ron Eddings chats it up with guest Ofer Gayer, VP of Product at Hunters. While both of them reminisce about their first love in security research, Ofer clarifies how he diverted his path and reached the VP stage, while also helping to level up his teams. They’ll conclude by discussing how AI is the ‘zeitgeist of our time’ and how you can get better at whatever you’re doing in cyber. Impactful Moments: 00:00 - Welcome 01:10 - Introducing guest, Ofer Gayer 03:12 - ‘Start-up’ in Research 07:55 - Security Research- First Love 10:55 - “A lot of People Want to be Product Managers” 14:46 - “I Had IT Remove My Privileges” 18:20 - Transitioning to Visionary/Zeitgeist 25:30 - Embracing AI Solutions 32:30 - One Step Better…   Links: Connect with our guest, Ofer Gayer: https://www.linkedin.com/in/ofer-gayer/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

2 Apr 202435min

Populärt inom Utbildning

bygga-at-idioter
historiepodden-se
det-skaver
rss-bara-en-till-om-missbruk-medberoende-2
nu-blir-det-historia
alska-oss
svd-ledarredaktionen
allt-du-velat-veta
harrisons-dramatiska-historia
johannes-hansen-podcast
not-fanny-anymore
roda-vita-rosen
rikatillsammans-om-privatekonomi-rikedom-i-livet
i-vantan-pa-katastrofen
sa-in-i-sjalen
sektledare
rss-max-tant-med-max-villman
handen-pa-hjartat
rss-sjalsligt-avkladd
jagaren