Learning How to Learn: Mastering the Cyber Fundamentals with Rich Greene

In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by Chris Castaldo, Chief Information Security Officer at Crossbeam and author of Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit. Throughout his career, Chris noticed that the same cybersecurity related problems surface but there are many different ways to solve them. Chris has always been passionate about startups and has plans to one day start his own company. While going through lists of top 10 books for startups and entrepreneurs he didn’t find any that mentioned how to do cybersecurity at a startup. This a significant gap for startups, not baking in cybersecurity early results in expensive rework 4-10 years after the startup is founded. This led to Chris writing Startup Secure - his goal was to create a guide and methodology for startup founders to avoid the expensive mistake of not baking cybersecurity into the startup in the beginning. As the episode progresses, Chris highlights the difference in challenges for startups that are B2B (Business-to-Business) vs B2C (Business-to-Consumer). Cybersecurity startups must weigh the risks of building a product and building a secure company. It’s easier to implement all of the security controls offered by a solution when the startup is 20 employees or less because there is less impact on users and business functions. When cybersecurity startups are selling to organizations with cybersecurity teams, the startup is asked tough questions. For example: What is your vendor review process? Is your startup leveraging cloud security controls? What is your privacy policy?   As a cybersecurity professional, Chris emphases the importance of networking with other professionals. There is an increase in virtual conferences and adoption of LinkedIn. Asking questions to the leaders in the field and providing mentorship to others both provide a significant impact while cultivating your career. Chris also highlights the importance of following up on conversations to build relationships and securing opportunities.  When transitioning from engineer to CISO, Chris found that being intentional and purposeful with his time was impactful in his transition. He developed these skills by reading books about stoicism. He found that focusing on “the right thing to do” was tough because of constant distractions but being purposeful was the solution to distraction. Instead of focusing on all the things that were on his plate he would break down his goals into smaller chunks and give them his undivided attention for a specific amount of time.   Moments During This Podcast: 0:00 - Intro 1:57 - Chris Castaldo on Hacker Valley Studio Podcast 2:47 - Chris’ start in cybersecurity as a red team member 3:50 - Why did Chris write his book Startup Secure 6:58 - Challenges of implementing cybersecurity at a startup 9:56 - What excites Chris about cybersecurity 13:35 - How do you immerse yourself in learning about cybersecurity? 17:33 - Surprises when transitioning from engineer to CISO 22:43 - Core tenants of solving hard problems 25:53 - Protecting the crown jewels at an organization during a breach 33:38 - Advice on sharing knowledge with the world   Links: Pre-order Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit Learn more about Chris Castaldo and connect with him on LinkedIn. Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.

26 Jan 202135min

The tables have turned on Ron and Chris this episode and they are interviewed by guest host, Carole Theriault! Besides being a two-time guest on the Hacker Valley Studio Podcast, Carole is producer and host of the Smashing Security Podcast and Sticky Pickles podcast. Carole put together 7 serious questions and 7 funny questions to interview Ron and Chris.   Question #1 - How did you get into podcasting? Ron - describes his entry into podcasting as a surprise. Ron had set up a studio at his home in San Jose, California with the intention to create YouTube videos. When Chris relocated to the area, he suggested that the two get on the microphones and have a conversation to see where it goes - Where the two began speaking about Cybersecurity Alchemy.  Chris - Before moving to Silicon Valley, Chris experimented with content creation on Instagram and worked with professionals to document his weight loss journey. This experiment went well but left Chris hoping to make a greater impact through content creation.   Question #2 - What are the most surprising lessons you learned from podcasting Carole begins by describing her most surprising lesson is the sheer amount of work. Chris was surprised about all of the aspects that go into a quality production. For example, mastering the sound of the podcast. Ron describes the most surprising lesson being the work that goes into show notes and the conversion of full-length topics into bite sized nuggets.   Question #3 - What trait do you like most in your podcast partner Ron - Chris’ accountability and availability. We meet together daily during the week to discuss goals, challenges, and collaboration opportunities. When help is needed, Chris is consistently there to help. Chris - Ron’s calm, understated competitiveness nature. The competitive nature pushes both of us to get better everyday.    Question #4 - What do you worry most about when creating an episode of Hacker Valley Studio? Chris - Capturing great quality audio. During post-production, we can fix nearly everything like “ahs”, “ums”, awkward pauses but not poor quality audio. Carole can relate to this technical difficulty as she has experienced difficulties with hearing feedback from internal microphones on her podcasts Ron - HVS has had over a hundred episodes and around 10% of the guests have never been on a podcast. When recording with the 10% that have not been on a podcast before Ron’s main goal and concern is to ensure that the guest is comfortable. Creating an environment where guests can share their story and as.king great questions creates raving fans of our content through our listeners and guests   Question #5 - Who does more of the work on the podcast? Ron - Chris is the GOAT for the HVS podcast. In the very beginning, Ron said that he did most of the work. In the beginning Ron was editing the video and audio for the podcast but at some point, Chris became curious about the audio editing process and fell in love with the process and built a strong foundation for rapidly increasing the quality of Hacker Valley Studio content.   Follow up to Question #5 - Chris do you appreciate about Ron’s contribution to the podcast? Chris - Our chemistry. Episode one shows our chemistry because even though we did not have any experience podcasting, we still had a great conversational flow. It didn’t take anytime for us to build this chemistry up because Ron is able to read expressions and see where I’m going with questions and answers. Ron has always been able to pick up where I left off and bring up topics that I may forget.   Question #6 - Which episode of HVS sticks out most in your mind and why? Chris - Episode 40 with Daniel Meade. This episode started out with us speaking with Daniel about AppSec but had many turns where we got to experience Daniel’s authentic humor and moments of growth throughout his life. This episode helped shape the future of Hacker Valley Studio. Ron - Episode 104 with Robin Black. This episode has very little connection with technology and cybersecurity but focuses on the auxiliary skills that make practitioners at any craft great. Robin is fascinated with his work and crossing the chasm to gain expertise from similar or related fields.   Question #7 - What does success mean for Hacker Valley Studio? Ron - Having fun during the process. Chris and I are extremely successful at this point because we’ve been enjoying creating the process everyday. We are lucky enough to speak to experts, work with vocal coaches, and learn how to make quality productions each week. Chris - The impact on the listener. We’ve received emails and messages on social media from listeners that have thanked us for helping them get into cybersecurity and promoted within their field. We’ve been able to create our own journey and be part of others journeys.   Moments During the Podcast   0:00 - Intro 1:22 - Carole Theriault takes over Hacker Valley Studio!  2:50 - How Chris and Ron got into podcasting 5:06 - Would you rather be 8 foot tall or have eight feet? 5:55 - What are the most surprising lessons you learned from podcasting? 8:13 - If you were on a desert island, what luxury item would you bring? 9:10 - What trait do you like most in your podcast partner? 11:17 - What's your favorite thing to do outside of work and family responsibilities? 14:07 - What do you worry most about when creating an episode of Hacker Valley Studio? 18:55 - What is one thing any friend or family member could do to make you laugh or smile? 20:28 - Who does more of the work on Hacker Valley Studio podcast? 24:50 - Who would play you in a movie? 27:30 - Which episode of HVS sticks out most in your mind and why? 37:16 - How would you define success for Hacker Valley Studio?   Links: Our guest host Carole Theriault Carole’s podcast - Smashing Security and Sticky Pickles Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.

20 Jan 202141min

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview Patrick Coughlin, Co-Founder and CEO of TruSTAR. Patrick began his career as a security analyst in Washington D.C. and the middle east. By working with government contractors, multinational corporations, and counter-terrorism units, Patrick learned that the biggest challenge that security analysts have is retrieving the needed information from disparate data sources. This discovery led Patrick to founding TruStar. Patrick’s focus is to help organizations automate the collection and curation of threat intelligence data. Patrick’s analytical prowess originated from working at Booz Allen Hamilton where he learned a fundamental skill that all cybersecurity analysts should have - how to put together a slide deck. This skill helped Patrick articulate the importance of threat intelligence to leaders in the government and private sector.  As the episode progresses, Patrick details the differences between threat intelligence requirements for national security and enterprise. For enterprise threat intelligence programs, the goal is to accelerate automation of detection and rarely attribution. Patrick also mentions automation is only as effective as the data is cleaned, normalized, and prioritized.  What about the good, bad, and ugly of threat intelligence? Patrick describes that an organization can thrive by leveraging internal intelligence. This can be overlooked when organizations are fixated on buying threat data feeds and subscribing to ISAC feeds. Most enterprise organizations have a detection and response stack that is constantly providing information about threats relevant to their organization - which serves as great threat intelligence data. Chris and Ron ask Patrick about the science vs art aspects of cybersecurity and threat intelligence. Patrick describes that there is room for both art and science in threat intelligence. While new concepts are being discovered, there is art in finding the needle in the haystack. However, at some point, intuition can be described into steps that a machine can repeat. For example, after years of analytical practice an analyst can describe how and why they are tagging threat intelligence related data in such a way that can be repeated by other analysts or automation.  This episode covers an abundance of tactics and techniques for threat intelligence analysts. Patrick describes the best place to begin automating threat intelligence is detection. An analyst can ask the question, “How do I get sources of known bad indicators into my detection stack so that I could drive high fidelity detections?”. As false positives decrease, your mean time to detection (MTTD) and resolution (MTTR) decrease which makes your threat intelligence and security operation team members more effective.   0:00 - Intro 1:53 - This episode features Patrick Coughlin, Co-Founder and CEO of TruSTAR 2:30 - Patrick’s background and start as a security analyst 5:19 - How to automate threat intelligence while reducing analyst fatigue 7:05 - How Patrick cultivated his analyst prowess 8:43 - Articulating threat intelligence to government and enterprise organizations 11:09 - Can a threat intelligence program be automated? 17:21 - Patrick’s experience of “good” and “bad” threat intelligence programs 20:31 - Logic vs Intuition in threat intelligence 27:04 - Artificial Intelligence and Machine Learning to make threat intelligence decisions 28:42 - Where to start when automating threat intelligence 30:02 - How to stay in touch with Patrick Coughlin   Links:  Connect with Patrick Coughlin on LinkedIn Link to Patrick’s company TruSTAR Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.  Take our FREE course for building threat intelligence programs by visiting www.hackervalley.com/easy

12 Jan 202130min

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview Neil Bearden, storytelling expert and founder of The Story School and Plot Wolf Ltd. Neil originally started his career by teaching statistics and behavioral economics but had an astonishing introduction to storytelling by a stranger in San Francisco. The episode begins by Neil sharing that he began his career in academia by completing a PhD in psychology which led to him teaching statistics, behavioral economics and behavioral decision-making. At some point, Neil found that he had a passion for storytelling and started the first MBA course at our INSEAD university on storytelling called storytelling workshop. Teaching storytelling at university helped Neil discover that the storytelling market is the entire world! Which ultimately led to his recognition and founding companies that help individuals tell their greatest stories.  While completing his postdoctoral studies at Duke University in 2005, Neil attended a neuroscience conference in San Francisco where he decided to go for a walk and ran into a stranger that asked him, “Would you like to hear some poetry young man?”. After Neil agreed, the man said: “They’re latent semantics embedded deep down inside these rambles; these aren't the ravings of a madman alone, the dark with candles.  These are my notes, the underground they were sent to me from the year 2012 Dusky as he said to a beat these lyrics, they were pinned in a prison cell Caught up with a knife, sent to the compression of vacuum tubes that articulate expressions  Are readily answered with a question.  A rhythm that's progressing It keeps the head nodding like you agreeing with the lesson Your freedom, It's called the question - Free will. That's obsolescent.  It's a myth from long ago. It's no longer relevant to the present.  So you must obey then all your thoughts young man, you must replace them with this prism. You’re plugged into the system. You too are now in prison.  In the matrix of your mind known as walls, ancient wisdom in a system of symbols, encrypted and deeply hidden  In the depths of your unconscious as if it were forbidden from outside awareness, by the id who does its bidding” The man introduced himself as Osiris, a poet. For several hours, Neil and Osiris shared life experiences together while Osiris recited poems at his own accord throughout the night. After departing, Neil never had the opportunity to meet Osiris again but did attempt to track him down years later with no luck. After the introduction to Osiris, Neil made a commitment that he’d begin writing poetry and cultivate the courage to share his stories publicly. Neil learned that he could halt beer bottles from clinking, discussions happening, and have listeners lean in while telling a great story. This compelled Neil to pivot from teaching statistics at university to teaching storytelling. After teaching storytelling for many years, Neil realized that he wanted to make a bigger impact and become an entrepreneur and teach storytelling to anyone who needs it. Today, Neil helps companies and individuals add spice to their stories by extracting the details of a story that helps listeners internalize and visualize the nutrient rich details of a story. Neil is often humbled by the fact that he was able to pivot to a psychology PhD to storyteller organically and is able to help so many through having conversations.  As the podcast progresses, Neil highlights the difference between a story and a “crappy little speech”. While telling a story, the presenter needs to invoke a visual experience for the audience and provide a mental movie. Providing description of looks, taste, and feel helps build a mental model for the audience when being told a story. Everyone has experiences and knowledge that is story worthy.   0:00 - Intro 2:52 - This episode features Neil Bearden, founder of The Story School and Plot Wolf Ltd 3:57 - Neil’s introduction to storytelling by Osiris, the poet. 12:20 - The search for Osiris after 2005 15:09 - How Neil helps companies and individuals with storytelling 18:03 - Difference between a story and a crappy little speech 23:51 - Shaking the dust off of a story and making it great 26:00 - Using previous experience from statistics to tell stories 36:36 - Advice for beginning to tell your story 41:00 - How to stay in touch with Neil Bearden   Links:  Connect with Neil Bearden on LinkedIn Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.

6 Jan 202141min

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview the brilliant Dr. James Stanger, Chief Technology Evangelist at CompTIA and scuba diving aficionado.  The episode is a kind of journey through time - touching on the past, present, and future of cybersecurity.   As the conversation begins, James looks to the past, sharing about himself and his background.  He studied English Literature, worked as a technical editor and then writer, worked in education, and finally made his way to a position with CompTIA.  All along, James demonstrated his propensity for combining aspects of his knowledge and experience, a propensity revealed most recently by the way in which his work for CompTIA merges education and cybersecurity.  James’ background has an incredible evolution to it, and has set him up to be a well-rounded and knowledgeable addition to the cybersecurity field. And his knowledge comes in handy, as much of James’s work involves answering client questions.  James shares with Ron and Chris about current trends of questions he’s facing, as well as how he encourages agility in the face of emerging technology.  Further, he explains the term, “ambient computing” and its tie to emerging tech, concluding that we are entering a hyper- or post-information age in which data is collected at an incredible rate.  Data is in the air, captured, and processed, with massive stores of information about individuals available.  This fact raises questions about how to ethically manage the data, and how to make sure it is used well.  These questions, in turn, lead to considerations of business compliance, ramifications, and the like.  As the conversation winds down, James shares areas of opportunity he sees in approaching cybersecurity from a business perspective, and explores ways in which he’d like to see the future of cybersecurity take shape - including an uptick in IT hiring, a stronger focus on implications, and more! 0:00 - Intro 1:41 - This episode features Dr. James Stanger, who begins by sharing about his background. 5:25 - What kinds of questions are companies and individuals asking these days? 8:04 - How is Dr. Stanger advising companies to pursue agility in light of emerging tech? 11:19 - What is ambient computing? 13:43 - The conversation turns to ethics, understanding of ramifications, and business compliance. 17:02 - What areas of opportunity does James see in approaching cybersecurity from a business perspective? 21:01 - James shares about what he wants the future of cybersecurity to look like.   Links:  Follow James Stanger on Twitter Connect with James on LinkedIn Learn more about CompTIA Follow CompTIA on Youtube  Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about ByteChek Want to take the Introduction to EASY Framework Course with Ron and Chris? Take it for FREE here: www.hackervalley.com/easy

17 Dec 202024min

In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by Suzanne Falter, an author, motivational speaker, and podcaster who helps busy women find happiness through self care. In 2012, she ended her relationship, shut down her business, and her 22 year old daughter, Teal unexpectedly died. In the year that followed, she says she did nothing but take exceptional care of herself. Living in a friend’s guest room, she learned to slow down and practice self care. Years later, Suzanne met the young woman who received Teal’s organs, and her mother, Debbie. Now, Debbie and Suzanne host the Back to Happy podcast together. Suzanne explains their instant chemistry, and how meeting them allowed pieces of life to fall together. These days in addition to the podcast, Suzanne has continued slowing down her life, working as an author and podcaster. She shares that she’s done this through choosing to slow down and practice meditation. She recommends taking a break from screens and starting to do small moments of life without them. It can be difficult, she says to start mindfulness from a healthy mental state, for those with depression or other mental health concerns, she says your first priority is to get help. Help can come in many forms, and it’s okay to reach out and ask for it.  To keep your alignment in check, and be able to sit in stillness, Suzanne says you have to have strong boundaries. This means recognizing what is encroaching on you. Once you’ve identified it and set that boundary, you can sit and do nothing which takes your brain into default mode. Default mode is where creativity and problem solving happens. In the midst of the pandemic, this can be difficult. Suzanne recommends small tasks that keep your hands busy, but allow your brain to relax as a start. She says avoid telling yourself what you “should” do, and think about what the next right thing to do is instead - one step at a time.  As the episode ends, Suzanne gives her advice to listeners for how to get back to happy. 0:00 - Intro 1:42 - Listeners are introduced to Suzanne and the episode ahead. 3:15 - Suzanne shares her background. 5:58 - How do you get back to happy after something tragic happens? 11:43 - Suzanne gives advice for how to slow down. 14:08 - Mindfulness practices. 21:53 - Suzanne explains the default mode. 24:42 - How can folks get back to happy in a pandemic? 32:41 - Suzanne’s advice to listeners.   Links: Learn more about Suzanne Falter and connect with her on Twitter Learn more about Suzanne’s books. Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor Bytecheck.

14 Dec 202034min

In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by co-founders of Material Security, Ryan Noon and Abhishek Agrawal. They co-founded Material Security in 2017, today Ryan serves as the CEO, and Abhishek the CTO. Abishek has a background in engineering, infrastructure and analytics and his MBA from Harvard.  Ryan’s background is in engineering and data analysis, and holds multiple computer science and security degrees from Stanford. Before they moved on to creating their own company, they worked together at DropBox. While they both have a strong engineering background, they are developing a security product. Ryan explains that coding and engineering is why he’s able to work in cyber security, all his years of engineering helped him make a reliable and effective product. Abhishek agrees that both their different backgrounds have carried over into the security industry and says the lessons he learned in productivity and engineering have been incredibly useful. Despite these diverse backgrounds, Ryan says going into security was an easy decision. “Go to where the problems are,” he says. Around the time of the founding of Material Security, there were a lot of problems with email. Abhishek agrees, and says he’s always been interested in email and how it’s being destroyed by threats.  When hackers access your email, what are they looking for? Abhishek explains that they may be downloading all of its contents, or resetting passwords to services like Twitter or Instagram. Material Security works to ask those questions and stop the effectiveness of a breach in email security. This shifts the focus from all the ways someone may hack you, to the implications of that hack. Ryan likens it to a burglary, explaining that their security is less about all the doors and windows - ways to get into your home - but rather what someone may want once they’re inside. There is a lot of hand wringing in startup land, Ryan says, but there is no one right way to do it. The startup can burn you out, and what made Material Security’s leadership work was the reliance on each other, both he and Abhishek and their third co-founder, Chris Park. For them, this was the magic answer, having a third person gives them a tie breaker and someone who could cut through the noise with clarity. Abhishek agrees, joking that they compliment each other by Ryan giving long detailed answers, and Abhishek can summarize his thoughts. In all seriousness, this balance of responsibility and strengths requires a level of trust and lack of ego but makes the team work smoothly. Having unique skill sets is important, but Abhishek explains overlap is important as well because you can speak the same language and push each other for the best solutions. When you come from similar backgrounds, no one is the authority and ideas get pressure tested. One of the challenges is using this overlap of skills for good - not letting it paralyze you. Another challenge they faced is knowing where to question and press industry standards, versus where to accept and excel at current practices. When thinking over their challenges and journey they offer some advice to new founders. Ryan stresses, “stop trying to get into things.” People can fall into the trap of trying to get into college, programs, and industries, and end up giving up some of their productivity and creativity to others. He also encourages people to know their partners and communicate with them about everything. Abhishek says people should divorce the idea of leaving their job from starting a company. Instead you should decide if you’re ready to leave your current job and then if you want to go to a new company or start your own.   0:00 - Intro 1:40 - Listeners are introduced to co-founders of Material Security and the episode ahead. 3:05 - Ryan and Abhishek introduce themselves.  5:38 - How do engineering and cyber security intersect? 8:39 - Why did Ryan and Abhishek decide to go into security? 14:28 - Ryan and Abhishek explain what hackers do when they’ve gotten into email. 18:08 - How do Ryan and Abhishek navigate their relationship? 24:19 - Ron asks Ryan and Abhishek about the challenges of the founder’s journey. 26:45 - What piece of advice do they have for new founders?   Links: Learn more about Material Security. Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.

10 Dec 202032min

In this episode of Hacker Valley Studio podcast, Ron and Chris are joined by Jason Meller, Founder, and CEO of Kolide. Jason has over 10 years of experience in managing and leading security organizations. Jason’s interest in technology and cybersecurity began in the 1990s when he began programming in Visual Basic and building AOL Instant Messenger bots. Building offensive tools accelerated Jason’s interest in defending networks and helped him learn how much honesty plays part in building security solutions.  Jason mentions that the security monitoring software at most organizations have the same functionality as spyware or surveillance tools. In addition, these tools are designed to scrutinize all the actions that occur on a device. COVID-19 has increased the rate of organizations going through a digital transformation; as a result, users at an organization are not in a cubicle but at their home. This could mean that security teams have an extremely elevated level of access to devices without transparency as to what is being monitored to protect an organization. This is why Honest Security was created - to create a transparent relationship between security teams and end-users.  Jason has collaborated with Jesse Kriss from Netflix who is actively working towards incorporating user-focused security. Jason describes that organizations should build a culture based on trusting users, treating them like adults, giving them the tools that they need to do their job, and not treating them as suspects from day one. Instead, organizations and security teams should seek teachable moments by giving recommendations and educating users. Throughout the episode, Jason describes situations that involve users and security team members maneuvering around security tooling obstacles to get their job done. Since working at home, traditional tools have created friction in the user experience. For instance, not having the ability to use USB ports on work devices, disabling corporate VPN to watch a YouTube video, and having to create a ticket to install software to help them with their job. When this friction is created, users will resort to using their personal devices for work activities and miss the opportunity to benefit from security. In some cases, there are “evil” applications found on a device created by a user - but often bad applications installed by users are Chrome extensions or helper utilities that are sending browsing history to a marketing firm. In the Honest Security manifesto, there’s a section on empathetic intelligence, Jason describes this concept as thinking of the daily life users, thinking of what challenges are users attempting to solve in their workflow, and what part of that workflow could pose a risk to the organization. An example of this would be a security team member trying to empathize with someone who is a developer- and thinking of their daily workflow. When empathizing the security team may realize that the developer is attempting to fix issues on a production application. While fixing the production application, the developer may try to bring a copy of the application database to their local device. Creating a local copy of the database could pose a security risk the copy of the database is not deleted in a reasonable time or the user has their device auto-backup folders to their corporate or personal cloud storage solution (ie. Google Drive). Creating education for avoiding this mistake is a prime example of empathic intelligence when practicing Honest Security. As the episode progresses, Jason goes into depth and explains more tenants of Honest Security - The goal is not to give unlimited power to the user or security team but to enable everyone to be in the position to make the right decisions and give appropriate recommendations. When consequences are articulated, users can understand that when maneuvering around security tools can pose a risk to their device and organization. Ie) disconnecting from the corporate VPN. When coaching and education are put as a priority when practicing security, James describes it as empowering the user to be successful and more transparent.   0:00 - Intro 2:28 - This episode features Jason Meller, Founder, and CEO of Kolide! 2:54 - Jason shares his background and his path into cybersecurity. 4:07 - What is Honest Security? 5:22 - Jason’s examples of dishonest security 8:08 - Collaboration with Netflix and User-Focused Security 16:00 - Jason describes Empathetic Security 19:17 - Tenants of Honest Security 35:32 - Wrap Up and Resources for Honest Security Links: Learn more about Jason Meller and connect with him on LinkedIn. Learn more about Honest Security and read the manifesto. Learn more about Jason’s company Kolide Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.

8 Dec 202036min