Hacker Valley Studio

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview the brilliant Dr. James Stanger, Chief Technology Evangelist at CompTIA and scuba diving aficionado.  The episode is a kind of journey through time - touching on the past, present, and future of cybersecurity.  

As the conversation begins, James looks to the past, sharing about himself and his background.  He studied English Literature, worked as a technical editor and then writer, worked in education, and finally made his way to a position with CompTIA.  All along, James demonstrated his propensity for combining aspects of his knowledge and experience, a propensity revealed most recently by the way in which his work for CompTIA merges education and cybersecurity.  James’ background has an incredible evolution to it, and has set him up to be a well-rounded and knowledgeable addition to the cybersecurity field.

And his knowledge comes in handy, as much of James’s work involves answering client questions.  James shares with Ron and Chris about current trends of questions he’s facing, as well as how he encourages agility in the face of emerging technology.  Further, he explains the term, “ambient computing” and its tie to emerging tech, concluding that we are entering a hyper- or post-information age in which data is collected at an incredible rate.  Data is in the air, captured, and processed, with massive stores of information about individuals available.  This fact raises questions about how to ethically manage the data, and how to make sure it is used well.  These questions, in turn, lead to considerations of business compliance, ramifications, and the like.  As the conversation winds down, James shares areas of opportunity he sees in approaching cybersecurity from a business perspective, and explores ways in which he’d like to see the future of cybersecurity take shape - including an uptick in IT hiring, a stronger focus on implications, and more!

0:00 - Intro

1:41 - This episode features Dr. James Stanger, who begins by sharing about his background.

5:25 - What kinds of questions are companies and individuals asking these days?

8:04 - How is Dr. Stanger advising companies to pursue agility in light of emerging tech?

11:19 - What is ambient computing?

13:43 - The conversation turns to ethics, understanding of ramifications, and business compliance.

17:02 - What areas of opportunity does James see in approaching cybersecurity from a business perspective?

21:01 - James shares about what he wants the future of cybersecurity to look like.

 

Links: 

Follow James Stanger on Twitter

Connect with James on LinkedIn

Learn more about CompTIA

Follow CompTIA on Youtube 

Learn more about Hacker Valley Studio

Support Hacker Valley Studio on Patreon

Follow Hacker Valley Studio on Twitter

Follow Ronald Eddings on Twitter

Follow Chris Cochran on Twitter

Learn more about ByteChek

Want to take the Introduction to EASY Framework Course with Ron and Chris? Take it for FREE here: www.hackervalley.com/easy

In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by Suzanne Falter, an author, motivational speaker, and podcaster who helps busy women find happiness through self care. In 2012, she ended her relationship, shut down her business, and her 22 year old daughter, Teal unexpectedly died. In the year that followed, she says she did nothing but take exceptional care of herself. Living in a friend’s guest room, she learned to slow down and practice self care.

Years later, Suzanne met the young woman who received Teal’s organs, and her mother, Debbie. Now, Debbie and Suzanne host the Back to Happy podcast together. Suzanne explains their instant chemistry, and how meeting them allowed pieces of life to fall together. These days in addition to the podcast, Suzanne has continued slowing down her life, working as an author and podcaster. She shares that she’s done this through choosing to slow down and practice meditation. She recommends taking a break from screens and starting to do small moments of life without them. It can be difficult, she says to start mindfulness from a healthy mental state, for those with depression or other mental health concerns, she says your first priority is to get help. Help can come in many forms, and it’s okay to reach out and ask for it. 

To keep your alignment in check, and be able to sit in stillness, Suzanne says you have to have strong boundaries. This means recognizing what is encroaching on you. Once you’ve identified it and set that boundary, you can sit and do nothing which takes your brain into default mode. Default mode is where creativity and problem solving happens. In the midst of the pandemic, this can be difficult. Suzanne recommends small tasks that keep your hands busy, but allow your brain to relax as a start. She says avoid telling yourself what you “should” do, and think about what the next right thing to do is instead - one step at a time. 

As the episode ends, Suzanne gives her advice to listeners for how to get back to happy.

0:00 - Intro

1:42 - Listeners are introduced to Suzanne and the episode ahead.

3:15 - Suzanne shares her background.

5:58 - How do you get back to happy after something tragic happens?

11:43 - Suzanne gives advice for how to slow down.

14:08 - Mindfulness practices.

21:53 - Suzanne explains the default mode.

24:42 - How can folks get back to happy in a pandemic?

32:41 - Suzanne’s advice to listeners.

 

Links:

Learn more about Suzanne Falter and connect with her on Twitter

Learn more about Suzanne’s books.

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor Bytecheck.

In this episode of the Hacker Valley Studio podcast, Ron and Chris are joined by co-founders of Material Security, Ryan Noon and Abhishek Agrawal. They co-founded Material Security in 2017, today Ryan serves as the CEO, and Abhishek the CTO. Abishek has a background in engineering, infrastructure and analytics and his MBA from Harvard.  Ryan’s background is in engineering and data analysis, and holds multiple computer science and security degrees from Stanford. Before they moved on to creating their own company, they worked together at DropBox.

While they both have a strong engineering background, they are developing a security product. Ryan explains that coding and engineering is why he’s able to work in cyber security, all his years of engineering helped him make a reliable and effective product. Abhishek agrees that both their different backgrounds have carried over into the security industry and says the lessons he learned in productivity and engineering have been incredibly useful. Despite these diverse backgrounds, Ryan says going into security was an easy decision. “Go to where the problems are,” he says. Around the time of the founding of Material Security, there were a lot of problems with email. Abhishek agrees, and says he’s always been interested in email and how it’s being destroyed by threats. 

When hackers access your email, what are they looking for? Abhishek explains that they may be downloading all of its contents, or resetting passwords to services like Twitter or Instagram. Material Security works to ask those questions and stop the effectiveness of a breach in email security. This shifts the focus from all the ways someone may hack you, to the implications of that hack. Ryan likens it to a burglary, explaining that their security is less about all the doors and windows - ways to get into your home - but rather what someone may want once they’re inside.

There is a lot of hand wringing in startup land, Ryan says, but there is no one right way to do it. The startup can burn you out, and what made Material Security’s leadership work was the reliance on each other, both he and Abhishek and their third co-founder, Chris Park. For them, this was the magic answer, having a third person gives them a tie breaker and someone who could cut through the noise with clarity. Abhishek agrees, joking that they compliment each other by Ryan giving long detailed answers, and Abhishek can summarize his thoughts. In all seriousness, this balance of responsibility and strengths requires a level of trust and lack of ego but makes the team work smoothly. Having unique skill sets is important, but Abhishek explains overlap is important as well because you can speak the same language and push each other for the best solutions.

When you come from similar backgrounds, no one is the authority and ideas get pressure tested. One of the challenges is using this overlap of skills for good - not letting it paralyze you. Another challenge they faced is knowing where to question and press industry standards, versus where to accept and excel at current practices. When thinking over their challenges and journey they offer some advice to new founders. Ryan stresses, “stop trying to get into things.” People can fall into the trap of trying to get into college, programs, and industries, and end up giving up some of their productivity and creativity to others. He also encourages people to know their partners and communicate with them about everything. Abhishek says people should divorce the idea of leaving their job from starting a company. Instead you should decide if you’re ready to leave your current job and then if you want to go to a new company or start your own.

 

0:00 - Intro

1:40 - Listeners are introduced to co-founders of Material Security and the episode ahead.

3:05 - Ryan and Abhishek introduce themselves. 

5:38 - How do engineering and cyber security intersect?

8:39 - Why did Ryan and Abhishek decide to go into security?

14:28 - Ryan and Abhishek explain what hackers do when they’ve gotten into email.

18:08 - How do Ryan and Abhishek navigate their relationship?

24:19 - Ron asks Ryan and Abhishek about the challenges of the founder’s journey.

26:45 - What piece of advice do they have for new founders?

 

Links:

Learn more about Material Security.

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

In this episode of Hacker Valley Studio podcast, Ron and Chris are joined by Jason Meller, Founder, and CEO of Kolide. Jason has over 10 years of experience in managing and leading security organizations. Jason’s interest in technology and cybersecurity began in the 1990s when he began programming in Visual Basic and building AOL Instant Messenger bots. Building offensive tools accelerated Jason’s interest in defending networks and helped him learn how much honesty plays part in building security solutions. 

Jason mentions that the security monitoring software at most organizations have the same functionality as spyware or surveillance tools. In addition, these tools are designed to scrutinize all the actions that occur on a device. COVID-19 has increased the rate of organizations going through a digital transformation; as a result, users at an organization are not in a cubicle but at their home. This could mean that security teams have an extremely elevated level of access to devices without transparency as to what is being monitored to protect an organization. This is why Honest Security was created - to create a transparent relationship between security teams and end-users. 

Jason has collaborated with Jesse Kriss from Netflix who is actively working towards incorporating user-focused security. Jason describes that organizations should build a culture based on trusting users, treating them like adults, giving them the tools that they need to do their job, and not treating them as suspects from day one. Instead, organizations and security teams should seek teachable moments by giving recommendations and educating users.

Throughout the episode, Jason describes situations that involve users and security team members maneuvering around security tooling obstacles to get their job done. Since working at home, traditional tools have created friction in the user experience. For instance, not having the ability to use USB ports on work devices, disabling corporate VPN to watch a YouTube video, and having to create a ticket to install software to help them with their job. When this friction is created, users will resort to using their personal devices for work activities and miss the opportunity to benefit from security. In some cases, there are “evil” applications found on a device created by a user - but often bad applications installed by users are Chrome extensions or helper utilities that are sending browsing history to a marketing firm.

In the Honest Security manifesto, there’s a section on empathetic intelligence, Jason describes this concept as thinking of the daily life users, thinking of what challenges are users attempting to solve in their workflow, and what part of that workflow could pose a risk to the organization. An example of this would be a security team member trying to empathize with someone who is a developer- and thinking of their daily workflow. When empathizing the security team may realize that the developer is attempting to fix issues on a production application. While fixing the production application, the developer may try to bring a copy of the application database to their local device. Creating a local copy of the database could pose a security risk the copy of the database is not deleted in a reasonable time or the user has their device auto-backup folders to their corporate or personal cloud storage solution (ie. Google Drive). Creating education for avoiding this mistake is a prime example of empathic intelligence when practicing Honest Security.

As the episode progresses, Jason goes into depth and explains more tenants of Honest Security - The goal is not to give unlimited power to the user or security team but to enable everyone to be in the position to make the right decisions and give appropriate recommendations. When consequences are articulated, users can understand that when maneuvering around security tools can pose a risk to their device and organization. Ie) disconnecting from the corporate VPN. When coaching and education are put as a priority when practicing security, James describes it as empowering the user to be successful and more transparent.

 

0:00 - Intro

2:28 - This episode features Jason Meller, Founder, and CEO of Kolide!

2:54 - Jason shares his background and his path into cybersecurity.

4:07 - What is Honest Security?

5:22 - Jason’s examples of dishonest security

8:08 - Collaboration with Netflix and User-Focused Security

16:00 - Jason describes Empathetic Security

19:17 - Tenants of Honest Security

35:32 - Wrap Up and Resources for Honest Security

Links:

Learn more about Jason Meller and connect with him on LinkedIn.

Learn more about Honest Security and read the manifesto.

Learn more about Jason’s company Kolide

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.

In this episode of the Hacker Valley Studio podcast, Ron and Chris host a special episode featuring one of their favorite guests.  Carole Theriault is the co-host of both the Smashing Security podcast and the Sticky Pickles podcast, and she is also the founder and director of her own company, Tick Tock Social.  Carole joins Ron and Chris to talk about her passion for being behind the mic, the impact of COVID-19 on the 2020 holiday season, and more!

As the interview gets underway, Ron and Chris ask Carole about her background and what she’s up to now.  At this point, Carole says, she’s in “podcast land.”  She works in tech and IT security, as well, and in her work with Tick Tock Social, she aims to help people simplify their messaging and make it palatable for the representatives of companies they’re propositioning.  Turning to her podcasts, Carole shares about her co-host for Smashing Security, Graham Cluley, her friend (or frenemy, perhaps?) with whom she also previously worked for Sophos.  To conclude her brief personal introduction, Carole notes that she also fills some of her time with hobbies, such as yoga, baking bread, and painting.  

Moving forward in the conversation, Ron and Chris are first curious about how Carole got into podcasting in the first place.  She explains that a business trip for Sophos involved her listening to This American Life and falling in love with the podcast medium.  After she stopped working for Sophos, she started her own projects, and she was eventually able to convince Graham to host a podcast with her. 

And it is this podcast that once included Chris as a guest!  So, Chris asks, how did he do?  The question kick starts a conversation about quality podcast and radio production, which involves voice quality, radio technique, and more.  Fortunately, Carole finds that Chris (like Ron) has a great radio voice, and (unlike Graham) she also finds him to have a good laugh.  While it can be challenging to find guests with strong radio presence, one benefit of 2020 is that people have had lots of opportunity in lockdown to work on the relevant skills!

Another area in which potential guests often struggle is that of communicating and making themselves the “star,” so to speak.  Carole skillfully takes pressure off of guests and highlights them herself, and she is able to do so because she is not running her show for a boss or a company, but for herself and in order to have fun.  Her work is designed to be light!

The lightness is born out of experience, though, as Carole is able to choose content for the show because of a well-developed instinct.  She developed her instinct, in part, through her work at Sophos.  Looking back, Carole details her transition away from Sophos.  Over her 15 years there, the company grew and changed, Carole took on too much, and she found she needed to leave.  She and Graham decided on the same day to leave Sophos, not knowing where their friendship was yet to lead!

Carole’s journey has certainly been one of stepping into her personal power, and her philosophy in all her endeavors is to be herself.  While missing personal contact, she has navigated the pandemic well in her professional life.  More personally, she, Ron, and Chris look ahead to the upcoming holidays, which will certainly be usual!  They also share a benefit of the pandemic: people having more free time to join podcasts as guests.  In fact, Carole is excited to feature Tim Harford of the BBC’s More or Less podcast soon (and, hopefully in 2021, Ron!).

As the conversation winds toward a close, Carole explains her approach to finding guests, which focuses on finding “win-win” scenarios.  She likens the departure of co-host Anna (from Sticky Pickles) to a breakup, asks about Ron and Chris’s friendship, and offers advice both to a new podcaster and listeners looking to ensure their cybersecurity this holiday season!

0:00 - Intro

1:40 - This special episode features Carole Theriault!

2:44 - Turning to Carole, the hosts ask her to share her background and what she’s up to now.

5:00 - How did Carole get into podcasting in the first place?

6:50 - Chris asks, “How did I do?”

10:03 - What are some techniques to highlight a guest and make him/her the star?

12:10 - Carole and her hosts get into content selection.

15:13 - Carole tells the story of her decision to leave Sophos.

19:00 - This journey has been an experience of stepping into her own power.

21:01 - She is herself in her work; COVID-19 has not hindered this (though she misses people!)

23:26 - The group talks holiday preparations.

27:49 - Next, they talk future podcast guests and how to choose guests.

30:07 - How long have Ron and Chris known each other?

32:32 - What’s Carole’s advice for new podcasters and for holiday cybersecurity?

 

Links:

Learn more about Carole Theriault and connect with her on Twitter.

Learn more about the Smashing Security podcast and connect on Twitter.

Learn more about the Sticky Pickles podcast and connect on Twitter.

Learn more about Tick Tock Social.

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek.