Hacker Valley Studio
Episode 116 - Start-Up Secure with Chris Castaldo

Episode 116 - Start-Up Secure with Chris Castaldo

January 26, 2021

In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by Chris Castaldo, Chief Information Security Officer at Crossbeam and author of Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit. Throughout his career, Chris noticed that the same cybersecurity related problems surface but there are many different ways to solve them.

Chris has always been passionate about startups and has plans to one day start his own company. While going through lists of top 10 books for startups and entrepreneurs he didn’t find any that mentioned how to do cybersecurity at a startup. This a significant gap for startups, not baking in cybersecurity early results in expensive rework 4-10 years after the startup is founded. This led to Chris writing Startup Secure - his goal was to create a guide and methodology for startup founders to avoid the expensive mistake of not baking cybersecurity into the startup in the beginning.

As the episode progresses, Chris highlights the difference in challenges for startups that are B2B (Business-to-Business) vs B2C (Business-to-Consumer). Cybersecurity startups must weigh the risks of building a product and building a secure company. It’s easier to implement all of the security controls offered by a solution when the startup is 20 employees or less because there is less impact on users and business functions. When cybersecurity startups are selling to organizations with cybersecurity teams, the startup is asked tough questions. For example:

  • What is your vendor review process?
  • Is your startup leveraging cloud security controls?
  • What is your privacy policy?

 

As a cybersecurity professional, Chris emphases the importance of networking with other professionals. There is an increase in virtual conferences and adoption of LinkedIn. Asking questions to the leaders in the field and providing mentorship to others both provide a significant impact while cultivating your career. Chris also highlights the importance of following up on conversations to build relationships and securing opportunities. 

When transitioning from engineer to CISO, Chris found that being intentional and purposeful with his time was impactful in his transition. He developed these skills by reading books about stoicism. He found that focusing on “the right thing to do” was tough because of constant distractions but being purposeful was the solution to distraction. Instead of focusing on all the things that were on his plate he would break down his goals into smaller chunks and give them his undivided attention for a specific amount of time.

 

Moments During This Podcast:

0:00 - Intro

1:57 - Chris Castaldo on Hacker Valley Studio Podcast

2:47 - Chris’ start in cybersecurity as a red team member

3:50 - Why did Chris write his book Startup Secure

6:58 - Challenges of implementing cybersecurity at a startup

9:56 - What excites Chris about cybersecurity

13:35 - How do you immerse yourself in learning about cybersecurity?

17:33 - Surprises when transitioning from engineer to CISO

22:43 - Core tenants of solving hard problems

25:53 - Protecting the crown jewels at an organization during a breach

33:38 - Advice on sharing knowledge with the world

 

Links:

Pre-order Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit

Learn more about Chris Castaldo and connect with him on LinkedIn.

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Episode 115  - Podcast Takeover with Carole Theriault

Episode 115 - Podcast Takeover with Carole Theriault

January 20, 2021

The tables have turned on Ron and Chris this episode and they are interviewed by guest host, Carole Theriault! Besides being a two-time guest on the Hacker Valley Studio Podcast, Carole is producer and host of the Smashing Security Podcast and Sticky Pickles podcast. Carole put together 7 serious questions and 7 funny questions to interview Ron and Chris.

 

Question #1 - How did you get into podcasting?

Ron - describes his entry into podcasting as a surprise. Ron had set up a studio at his home in San Jose, California with the intention to create YouTube videos. When Chris relocated to the area, he suggested that the two get on the microphones and have a conversation to see where it goes - Where the two began speaking about Cybersecurity Alchemy. 

Chris - Before moving to Silicon Valley, Chris experimented with content creation on Instagram and worked with professionals to document his weight loss journey. This experiment went well but left Chris hoping to make a greater impact through content creation.

 

Question #2 - What are the most surprising lessons you learned from podcasting

Carole begins by describing her most surprising lesson is the sheer amount of work.

Chris was surprised about all of the aspects that go into a quality production. For example, mastering the sound of the podcast.

Ron describes the most surprising lesson being the work that goes into show notes and the conversion of full-length topics into bite sized nuggets.

 

Question #3 - What trait do you like most in your podcast partner

Ron - Chris’ accountability and availability. We meet together daily during the week to discuss goals, challenges, and collaboration opportunities. When help is needed, Chris is consistently there to help.

Chris - Ron’s calm, understated competitiveness nature. The competitive nature pushes both of us to get better everyday. 

 

Question #4 - What do you worry most about when creating an episode of Hacker Valley Studio?

Chris - Capturing great quality audio. During post-production, we can fix nearly everything like “ahs”, “ums”, awkward pauses but not poor quality audio. Carole can relate to this technical difficulty as she has experienced difficulties with hearing feedback from internal microphones on her podcasts

Ron - HVS has had over a hundred episodes and around 10% of the guests have never been on a podcast. When recording with the 10% that have not been on a podcast before Ron’s main goal and concern is to ensure that the guest is comfortable. Creating an environment where guests can share their story and as.king great questions creates raving fans of our content through our listeners and guests

 

Question #5 - Who does more of the work on the podcast?

Ron - Chris is the GOAT for the HVS podcast. In the very beginning, Ron said that he did most of the work. In the beginning Ron was editing the video and audio for the podcast but at some point, Chris became curious about the audio editing process and fell in love with the process and built a strong foundation for rapidly increasing the quality of Hacker Valley Studio content.

 

Follow up to Question #5 - Chris do you appreciate about Ron’s contribution to the podcast?

Chris - Our chemistry. Episode one shows our chemistry because even though we did not have any experience podcasting, we still had a great conversational flow. It didn’t take anytime for us to build this chemistry up because Ron is able to read expressions and see where I’m going with questions and answers. Ron has always been able to pick up where I left off and bring up topics that I may forget.

 

Question #6 - Which episode of HVS sticks out most in your mind and why?

Chris - Episode 40 with Daniel Meade. This episode started out with us speaking with Daniel about AppSec but had many turns where we got to experience Daniel’s authentic humor and moments of growth throughout his life. This episode helped shape the future of Hacker Valley Studio.

Ron - Episode 104 with Robin Black. This episode has very little connection with technology and cybersecurity but focuses on the auxiliary skills that make practitioners at any craft great. Robin is fascinated with his work and crossing the chasm to gain expertise from similar or related fields.

 

Question #7 - What does success mean for Hacker Valley Studio?

Ron - Having fun during the process. Chris and I are extremely successful at this point because we’ve been enjoying creating the process everyday. We are lucky enough to speak to experts, work with vocal coaches, and learn how to make quality productions each week.

Chris - The impact on the listener. We’ve received emails and messages on social media from listeners that have thanked us for helping them get into cybersecurity and promoted within their field. We’ve been able to create our own journey and be part of others journeys.

 

Moments During the Podcast

 

0:00 - Intro

1:22 - Carole Theriault takes over Hacker Valley Studio! 

2:50 - How Chris and Ron got into podcasting

5:06 - Would you rather be 8 foot tall or have eight feet?

5:55 - What are the most surprising lessons you learned from podcasting?

8:13 - If you were on a desert island, what luxury item would you bring?

9:10 - What trait do you like most in your podcast partner?

11:17 - What's your favorite thing to do outside of work and family responsibilities?

14:07 - What do you worry most about when creating an episode of Hacker Valley Studio?

18:55 - What is one thing any friend or family member could do to make you laugh or smile?

20:28 - Who does more of the work on Hacker Valley Studio podcast?

24:50 - Who would play you in a movie?

27:30 - Which episode of HVS sticks out most in your mind and why?

37:16 - How would you define success for Hacker Valley Studio?

 

Links:

Our guest host Carole Theriault

Carole’s podcast - Smashing Security and Sticky Pickles

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek

Episode 114 -  The Good, Bad, and Ugly of Threat Intelligence with Patrick Coughlin

Episode 114 - The Good, Bad, and Ugly of Threat Intelligence with Patrick Coughlin

January 12, 2021

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview Patrick Coughlin, Co-Founder and CEO of TruSTAR. Patrick began his career as a security analyst in Washington D.C. and the middle east. By working with government contractors, multinational corporations, and counter-terrorism units, Patrick learned that the biggest challenge that security analysts have is retrieving the needed information from disparate data sources. This discovery led Patrick to founding TruStar. Patrick’s focus is to help organizations automate the collection and curation of threat intelligence data.

Patrick’s analytical prowess originated from working at Booz Allen Hamilton where he learned a fundamental skill that all cybersecurity analysts should have - how to put together a slide deck. This skill helped Patrick articulate the importance of threat intelligence to leaders in the government and private sector. 

As the episode progresses, Patrick details the differences between threat intelligence requirements for national security and enterprise. For enterprise threat intelligence programs, the goal is to accelerate automation of detection and rarely attribution. Patrick also mentions automation is only as effective as the data is cleaned, normalized, and prioritized. 

What about the good, bad, and ugly of threat intelligence? Patrick describes that an organization can thrive by leveraging internal intelligence. This can be overlooked when organizations are fixated on buying threat data feeds and subscribing to ISAC feeds. Most enterprise organizations have a detection and response stack that is constantly providing information about threats relevant to their organization - which serves as great threat intelligence data.

Chris and Ron ask Patrick about the science vs art aspects of cybersecurity and threat intelligence. Patrick describes that there is room for both art and science in threat intelligence. While new concepts are being discovered, there is art in finding the needle in the haystack. However, at some point, intuition can be described into steps that a machine can repeat. For example, after years of analytical practice an analyst can describe how and why they are tagging threat intelligence related data in such a way that can be repeated by other analysts or automation. 

This episode covers an abundance of tactics and techniques for threat intelligence analysts. Patrick describes the best place to begin automating threat intelligence is detection. An analyst can ask the question, “How do I get sources of known bad indicators into my detection stack so that I could drive high fidelity detections?”. As false positives decrease, your mean time to detection (MTTD) and resolution (MTTR) decrease which makes your threat intelligence and security operation team members more effective.

 

0:00 - Intro

1:53 - This episode features Patrick Coughlin, Co-Founder and CEO of TruSTAR

2:30 - Patrick’s background and start as a security analyst

5:19 - How to automate threat intelligence while reducing analyst fatigue

7:05 - How Patrick cultivated his analyst prowess

8:43 - Articulating threat intelligence to government and enterprise organizations

11:09 - Can a threat intelligence program be automated?

17:21 - Patrick’s experience of “good” and “bad” threat intelligence programs

20:31 - Logic vs Intuition in threat intelligence

27:04 - Artificial Intelligence and Machine Learning to make threat intelligence decisions

28:42 - Where to start when automating threat intelligence

30:02 - How to stay in touch with Patrick Coughlin

 

Links: 

Connect with Patrick Coughlin on LinkedIn

Link to Patrick’s company TruSTAR

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek

Take our FREE course for building threat intelligence programs by visiting www.hackervalley.com/easy

Episode 113 - Astonishing Stories with Neil Bearden

Episode 113 - Astonishing Stories with Neil Bearden

January 6, 2021

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview Neil Bearden, storytelling expert and founder of The Story School and Plot Wolf Ltd. Neil originally started his career by teaching statistics and behavioral economics but had an astonishing introduction to storytelling by a stranger in San Francisco.

The episode begins by Neil sharing that he began his career in academia by completing a PhD in psychology which led to him teaching statistics, behavioral economics and behavioral decision-making. At some point, Neil found that he had a passion for storytelling and started the first MBA course at our INSEAD university on storytelling called storytelling workshop. Teaching storytelling at university helped Neil discover that the storytelling market is the entire world! Which ultimately led to his recognition and founding companies that help individuals tell their greatest stories. 

While completing his postdoctoral studies at Duke University in 2005, Neil attended a neuroscience conference in San Francisco where he decided to go for a walk and ran into a stranger that asked him, “Would you like to hear some poetry young man?”. After Neil agreed, the man said:

“They’re latent semantics embedded deep down inside these rambles; these aren't the ravings of a madman alone, the dark with candles. 

These are my notes, the underground they were sent to me from the year 2012

Dusky as he said to a beat these lyrics, they were pinned in a prison cell

Caught up with a knife, sent to the compression of vacuum tubes that articulate expressions 

Are readily answered with a question. 

A rhythm that's progressing

It keeps the head nodding like you agreeing with the lesson

Your freedom, It's called the question - Free will. That's obsolescent. 

It's a myth from long ago. It's no longer relevant to the present. 

So you must obey then all your thoughts young man, you must replace them with this prism. You’re plugged into the system. You too are now in prison. 

In the matrix of your mind known as walls, ancient wisdom in a system of symbols, encrypted and deeply hidden 

In the depths of your unconscious as if it were forbidden from outside awareness, by the id who does its bidding”

The man introduced himself as Osiris, a poet. For several hours, Neil and Osiris shared life experiences together while Osiris recited poems at his own accord throughout the night. After departing, Neil never had the opportunity to meet Osiris again but did attempt to track him down years later with no luck.

After the introduction to Osiris, Neil made a commitment that he’d begin writing poetry and cultivate the courage to share his stories publicly. Neil learned that he could halt beer bottles from clinking, discussions happening, and have listeners lean in while telling a great story. This compelled Neil to pivot from teaching statistics at university to teaching storytelling. After teaching storytelling for many years, Neil realized that he wanted to make a bigger impact and become an entrepreneur and teach storytelling to anyone who needs it.

Today, Neil helps companies and individuals add spice to their stories by extracting the details of a story that helps listeners internalize and visualize the nutrient rich details of a story. Neil is often humbled by the fact that he was able to pivot to a psychology PhD to storyteller organically and is able to help so many through having conversations. 

As the podcast progresses, Neil highlights the difference between a story and a “crappy little speech”. While telling a story, the presenter needs to invoke a visual experience for the audience and provide a mental movie. Providing description of looks, taste, and feel helps build a mental model for the audience when being told a story. Everyone has experiences and knowledge that is story worthy.

 

0:00 - Intro

2:52 - This episode features Neil Bearden, founder of The Story School and Plot Wolf Ltd

3:57 - Neil’s introduction to storytelling by Osiris, the poet.

12:20 - The search for Osiris after 2005

15:09 - How Neil helps companies and individuals with storytelling
18:03 - Difference between a story and a crappy little speech

23:51 - Shaking the dust off of a story and making it great

26:00 - Using previous experience from statistics to tell stories

36:36 - Advice for beginning to tell your story

41:00 - How to stay in touch with Neil Bearden

 

Links: 

Connect with Neil Bearden on LinkedIn

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek

Episode 112  - Cybersecurity and Ambient Computing with Dr. James Stanger

Episode 112 - Cybersecurity and Ambient Computing with Dr. James Stanger

December 17, 2020

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview the brilliant Dr. James Stanger, Chief Technology Evangelist at CompTIA and scuba diving aficionado.  The episode is a kind of journey through time - touching on the past, present, and future of cybersecurity.  

As the conversation begins, James looks to the past, sharing about himself and his background.  He studied English Literature, worked as a technical editor and then writer, worked in education, and finally made his way to a position with CompTIA.  All along, James demonstrated his propensity for combining aspects of his knowledge and experience, a propensity revealed most recently by the way in which his work for CompTIA merges education and cybersecurity.  James’ background has an incredible evolution to it, and has set him up to be a well-rounded and knowledgeable addition to the cybersecurity field.

And his knowledge comes in handy, as much of James’s work involves answering client questions.  James shares with Ron and Chris about current trends of questions he’s facing, as well as how he encourages agility in the face of emerging technology.  Further, he explains the term, “ambient computing” and its tie to emerging tech, concluding that we are entering a hyper- or post-information age in which data is collected at an incredible rate.  Data is in the air, captured, and processed, with massive stores of information about individuals available.  This fact raises questions about how to ethically manage the data, and how to make sure it is used well.  These questions, in turn, lead to considerations of business compliance, ramifications, and the like.  As the conversation winds down, James shares areas of opportunity he sees in approaching cybersecurity from a business perspective, and explores ways in which he’d like to see the future of cybersecurity take shape - including an uptick in IT hiring, a stronger focus on implications, and more!

0:00 - Intro

1:41 - This episode features Dr. James Stanger, who begins by sharing about his background.

5:25 - What kinds of questions are companies and individuals asking these days?

8:04 - How is Dr. Stanger advising companies to pursue agility in light of emerging tech?

11:19 - What is ambient computing?

13:43 - The conversation turns to ethics, understanding of ramifications, and business compliance.

17:02 - What areas of opportunity does James see in approaching cybersecurity from a business perspective?

21:01 - James shares about what he wants the future of cybersecurity to look like.

 

Links: 

Follow James Stanger on Twitter

Connect with James on LinkedIn

Learn more about CompTIA

Follow CompTIA on Youtube 

Learn more about Hacker Valley Studio

Support Hacker Valley Studio on Patreon

Follow Hacker Valley Studio on Twitter

Follow Ronald Eddings on Twitter

Follow Chris Cochran on Twitter

Learn more about ByteChek

Want to take the Introduction to EASY Framework Course with Ron and Chris? Take it for FREE here: www.hackervalley.com/easy

Episode 111 - Getting Back to Happy with Suzanne Falter

Episode 111 - Getting Back to Happy with Suzanne Falter

December 14, 2020

In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by Suzanne Falter, an author, motivational speaker, and podcaster who helps busy women find happiness through self care. In 2012, she ended her relationship, shut down her business, and her 22 year old daughter, Teal unexpectedly died. In the year that followed, she says she did nothing but take exceptional care of herself. Living in a friend’s guest room, she learned to slow down and practice self care.

Years later, Suzanne met the young woman who received Teal’s organs, and her mother, Debbie. Now, Debbie and Suzanne host the Back to Happy podcast together. Suzanne explains their instant chemistry, and how meeting them allowed pieces of life to fall together. These days in addition to the podcast, Suzanne has continued slowing down her life, working as an author and podcaster. She shares that she’s done this through choosing to slow down and practice meditation. She recommends taking a break from screens and starting to do small moments of life without them. It can be difficult, she says to start mindfulness from a healthy mental state, for those with depression or other mental health concerns, she says your first priority is to get help. Help can come in many forms, and it’s okay to reach out and ask for it. 

To keep your alignment in check, and be able to sit in stillness, Suzanne says you have to have strong boundaries. This means recognizing what is encroaching on you. Once you’ve identified it and set that boundary, you can sit and do nothing which takes your brain into default mode. Default mode is where creativity and problem solving happens. In the midst of the pandemic, this can be difficult. Suzanne recommends small tasks that keep your hands busy, but allow your brain to relax as a start. She says avoid telling yourself what you “should” do, and think about what the next right thing to do is instead - one step at a time. 

As the episode ends, Suzanne gives her advice to listeners for how to get back to happy.

0:00 - Intro

1:42 - Listeners are introduced to Suzanne and the episode ahead.

3:15 - Suzanne shares her background.

5:58 - How do you get back to happy after something tragic happens?

11:43 - Suzanne gives advice for how to slow down.

14:08 - Mindfulness practices.

21:53 - Suzanne explains the default mode.

24:42 - How can folks get back to happy in a pandemic?

32:41 - Suzanne’s advice to listeners.

 

Links:

Learn more about Suzanne Falter and connect with her on Twitter

Learn more about Suzanne’s books.

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor Bytecheck.

Episode 110 - Becoming Material Security with Ryan Noon and Abhishek Agrawal

Episode 110 - Becoming Material Security with Ryan Noon and Abhishek Agrawal

December 10, 2020

In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by co-founders of Material Security, Ryan Noon and Abhishek Agrawal. They co-founded Material Security in 2017, today Ryan serves as the CEO, and Abhishek the CTO. Abishek has a background in engineering, infrastructure and analytics and his MBA from Harvard.  Ryan’s background is in engineering and data analysis, and holds multiple computer science and security degrees from Stanford. Before they moved on to creating their own company, they worked together at DropBox.

While they both have a strong engineering background, they are developing a security product. Ryan explains that coding and engineering is why he’s able to work in cyber security, all his years of engineering helped him make a reliable and effective product. Abhishek agrees that both their different backgrounds have carried over into the security industry and says the lessons he learned in productivity and engineering have been incredibly useful. Despite these diverse backgrounds, Ryan says going into security was an easy decision. “Go to where the problems are,” he says. Around the time of the founding of Material Security, there were a lot of problems with email. Abhishek agrees, and says he’s always been interested in email and how it’s being destroyed by threats. 

When hackers access your email, what are they looking for? Abhishek explains that they may be downloading all of its contents, or resetting passwords to services like Twitter or Instagram. Material Security works to ask those questions and stop the effectiveness of a breach in email security. This shifts the focus from all the ways someone may hack you, to the implications of that hack. Ryan likens it to a burglary, explaining that their security is less about all the doors and windows - ways to get into your home - but rather what someone may want once they’re inside.

There is a lot of hand wringing in startup land, Ryan says, but there is no one right way to do it. The startup can burn you out, and what made Material Security’s leadership work was the reliance on each other, both he and Abhishek and their third co-founder, Chris Park. For them, this was the magic answer, having a third person gives them a tie breaker and someone who could cut through the noise with clarity. Abhishek agrees, joking that they compliment each other by Ryan giving long detailed answers, and Abhishek can summarize his thoughts. In all seriousness, this balance of responsibility and strengths requires a level of trust and lack of ego but makes the team work smoothly. Having unique skill sets is important, but Abhishek explains overlap is important as well because you can speak the same language and push each other for the best solutions.

When you come from similar backgrounds, no one is the authority and ideas get pressure tested. One of the challenges is using this overlap of skills for good - not letting it paralyze you. Another challenge they faced is knowing where to question and press industry standards, versus where to accept and excel at current practices. When thinking over their challenges and journey they offer some advice to new founders. Ryan stresses, “stop trying to get into things.” People can fall into the trap of trying to get into college, programs, and industries, and end up giving up some of their productivity and creativity to others. He also encourages people to know their partners and communicate with them about everything. Abhishek says people should divorce the idea of leaving their job from starting a company. Instead you should decide if you’re ready to leave your current job and then if you want to go to a new company or start your own.

 

0:00 - Intro

1:40 - Listeners are introduced to co-founders of Material Security and the episode ahead.

3:05 - Ryan and Abhishek introduce themselves. 

5:38 - How do engineering and cyber security intersect?

8:39 - Why did Ryan and Abhishek decide to go into security?

14:28 - Ryan and Abhishek explain what hackers do when they’ve gotten into email.

18:08 - How do Ryan and Abhishek navigate their relationship?

24:19 - Ron asks Ryan and Abhishek about the challenges of the founder’s journey.

26:45 - What piece of advice do they have for new founders?

 

Links:

Learn more about Material Security.

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Episode 109 - Honest Security with Jason Meller

Episode 109 - Honest Security with Jason Meller

December 8, 2020

In this episode of Hacker Valley Studio podcast, Ron and Chris are joined by Jason Meller, Founder, and CEO of Kolide. Jason has over 10 years of experience in managing and leading security organizations. Jason’s interest in technology and cybersecurity began in the 1990s when he began programming in Visual Basic and building AOL Instant Messenger bots. Building offensive tools accelerated Jason’s interest in defending networks and helped him learn how much honesty plays part in building security solutions. 

Jason mentions that the security monitoring software at most organizations have the same functionality as spyware or surveillance tools. In addition, these tools are designed to scrutinize all the actions that occur on a device. COVID-19 has increased the rate of organizations going through a digital transformation; as a result, users at an organization are not in a cubicle but at their home. This could mean that security teams have an extremely elevated level of access to devices without transparency as to what is being monitored to protect an organization. This is why Honest Security was created - to create a transparent relationship between security teams and end-users. 

Jason has collaborated with Jesse Kriss from Netflix who is actively working towards incorporating user-focused security. Jason describes that organizations should build a culture based on trusting users, treating them like adults, giving them the tools that they need to do their job, and not treating them as suspects from day one. Instead, organizations and security teams should seek teachable moments by giving recommendations and educating users.

Throughout the episode, Jason describes situations that involve users and security team members maneuvering around security tooling obstacles to get their job done. Since working at home, traditional tools have created friction in the user experience. For instance, not having the ability to use USB ports on work devices, disabling corporate VPN to watch a YouTube video, and having to create a ticket to install software to help them with their job. When this friction is created, users will resort to using their personal devices for work activities and miss the opportunity to benefit from security. In some cases, there are “evil” applications found on a device created by a user - but often bad applications installed by users are Chrome extensions or helper utilities that are sending browsing history to a marketing firm.

In the Honest Security manifesto, there’s a section on empathetic intelligence, Jason describes this concept as thinking of the daily life users, thinking of what challenges are users attempting to solve in their workflow, and what part of that workflow could pose a risk to the organization. An example of this would be a security team member trying to empathize with someone who is a developer- and thinking of their daily workflow. When empathizing the security team may realize that the developer is attempting to fix issues on a production application. While fixing the production application, the developer may try to bring a copy of the application database to their local device. Creating a local copy of the database could pose a security risk the copy of the database is not deleted in a reasonable time or the user has their device auto-backup folders to their corporate or personal cloud storage solution (ie. Google Drive). Creating education for avoiding this mistake is a prime example of empathic intelligence when practicing Honest Security.

As the episode progresses, Jason goes into depth and explains more tenants of Honest Security - The goal is not to give unlimited power to the user or security team but to enable everyone to be in the position to make the right decisions and give appropriate recommendations. When consequences are articulated, users can understand that when maneuvering around security tools can pose a risk to their device and organization. Ie) disconnecting from the corporate VPN. When coaching and education are put as a priority when practicing security, James describes it as empowering the user to be successful and more transparent.

 

0:00 - Intro

2:28 - This episode features Jason Meller, Founder, and CEO of Kolide!

2:54 - Jason shares his background and his path into cybersecurity.

4:07 - What is Honest Security?

5:22 - Jason’s examples of dishonest security

8:08 - Collaboration with Netflix and User-Focused Security

16:00 - Jason describes Empathetic Security

19:17 - Tenants of Honest Security

35:32 - Wrap Up and Resources for Honest Security

Links:

Learn more about Jason Meller and connect with him on LinkedIn.

Learn more about Honest Security and read the manifesto.

Learn more about Jason’s company Kolide

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

Episode 108 - Behind the Mic with Carole Theriault

Episode 108 - Behind the Mic with Carole Theriault

December 2, 2020

In this episode of the Hacker Valley Studio podcast, Ron and Chris host a special episode featuring one of their favorite guests.  Carole Theriault is the co-host of both the Smashing Security podcast and the Sticky Pickles podcast, and she is also the founder and director of her own company, Tick Tock Social.  Carole joins Ron and Chris to talk about her passion for being behind the mic, the impact of COVID-19 on the 2020 holiday season, and more!

As the interview gets underway, Ron and Chris ask Carole about her background and what she’s up to now.  At this point, Carole says, she’s in “podcast land.”  She works in tech and IT security, as well, and in her work with Tick Tock Social, she aims to help people simplify their messaging and make it palatable for the representatives of companies they’re propositioning.  Turning to her podcasts, Carole shares about her co-host for Smashing Security, Graham Cluley, her friend (or frenemy, perhaps?) with whom she also previously worked for Sophos.  To conclude her brief personal introduction, Carole notes that she also fills some of her time with hobbies, such as yoga, baking bread, and painting.  

Moving forward in the conversation, Ron and Chris are first curious about how Carole got into podcasting in the first place.  She explains that a business trip for Sophos involved her listening to This American Life and falling in love with the podcast medium.  After she stopped working for Sophos, she started her own projects, and she was eventually able to convince Graham to host a podcast with her. 

And it is this podcast that once included Chris as a guest!  So, Chris asks, how did he do?  The question kick starts a conversation about quality podcast and radio production, which involves voice quality, radio technique, and more.  Fortunately, Carole finds that Chris (like Ron) has a great radio voice, and (unlike Graham) she also finds him to have a good laugh.  While it can be challenging to find guests with strong radio presence, one benefit of 2020 is that people have had lots of opportunity in lockdown to work on the relevant skills!

Another area in which potential guests often struggle is that of communicating and making themselves the “star,” so to speak.  Carole skillfully takes pressure off of guests and highlights them herself, and she is able to do so because she is not running her show for a boss or a company, but for herself and in order to have fun.  Her work is designed to be light!

The lightness is born out of experience, though, as Carole is able to choose content for the show because of a well-developed instinct.  She developed her instinct, in part, through her work at Sophos.  Looking back, Carole details her transition away from Sophos.  Over her 15 years there, the company grew and changed, Carole took on too much, and she found she needed to leave.  She and Graham decided on the same day to leave Sophos, not knowing where their friendship was yet to lead!

Carole’s journey has certainly been one of stepping into her personal power, and her philosophy in all her endeavors is to be herself.  While missing personal contact, she has navigated the pandemic well in her professional life.  More personally, she, Ron, and Chris look ahead to the upcoming holidays, which will certainly be usual!  They also share a benefit of the pandemic: people having more free time to join podcasts as guests.  In fact, Carole is excited to feature Tim Harford of the BBC’s More or Less podcast soon (and, hopefully in 2021, Ron!).

As the conversation winds toward a close, Carole explains her approach to finding guests, which focuses on finding “win-win” scenarios.  She likens the departure of co-host Anna (from Sticky Pickles) to a breakup, asks about Ron and Chris’s friendship, and offers advice both to a new podcaster and listeners looking to ensure their cybersecurity this holiday season!

0:00 - Intro

1:40 - This special episode features Carole Theriault!

2:44 - Turning to Carole, the hosts ask her to share her background and what she’s up to now.

5:00 - How did Carole get into podcasting in the first place?

6:50 - Chris asks, “How did I do?”

10:03 - What are some techniques to highlight a guest and make him/her the star?

12:10 - Carole and her hosts get into content selection.

15:13 - Carole tells the story of her decision to leave Sophos.

19:00 - This journey has been an experience of stepping into her own power.

21:01 - She is herself in her work; COVID-19 has not hindered this (though she misses people!)

23:26 - The group talks holiday preparations.

27:49 - Next, they talk future podcast guests and how to choose guests.

30:07 - How long have Ron and Chris known each other?

32:32 - What’s Carole’s advice for new podcasters and for holiday cybersecurity?

 

Links:

Learn more about Carole Theriault and connect with her on Twitter.

Learn more about the Smashing Security podcast and connect on Twitter.

Learn more about the Sticky Pickles podcast and connect on Twitter.

Learn more about Tick Tock Social.

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek. 

Introducing the Marqeta Leads Podcast

Introducing the Marqeta Leads Podcast

November 30, 2020

Hello HVS family! We are beyond proud to introduce a new leadership focused show for you listening pleasure. This account is still the home of the HVS episode you know and love but to subscribe to this show be sure to visit the link below!

https://link.chtbl.com/marqetaleadslaunch

 

In this inaugural episode, Ron and Chris sit down with Marqeta CEO, Jason Gardner, to discuss his journey through leadership and explain the tools he has used over his successful entrepreneurial career.

 

0:00 - Intro

1:00 - 3:00  — Learn about Jason’s first business venture and starting business in tech. Jason speaks about mindsets for entrepreneurship. 

5:30 — Jason speaks about the importance of leading from values and finding his own style of communication. 

7:30 — Learn where Jason’s leadership comes from and how it lent itself to a more steady vision.

10:00-12:00 — Communication is key, Jason speaks about his superpower and why he views leadership as a type of service.

13:00-15:00  — Jason shares about the weight of responsibility that a leader must become accustomed to. He shares how he navigated a very difficult time in Marqeta’s development as a company and platform.

16:00-20:00  — How Jason adjusted to physically distanced work and the gifts and challenges it has presented. 

20:00 — Jason speaks a bit about leadership culture and why is it important to Marqeta’s values.

22:00 — Some advice from Jason on how to be a leader. If you want to keep up with what’s going on with Marqeta and Jason, follow Marqeta on social media!

 

Thanks for listening please do check out our social media for the latest.

Marqeta's Twitter   Marqeta's Linkedin