POPULARITY
Guest: Masha Sedova, Co-Founder & President at Elevate SecurityOn LinkedIn | https://www.linkedin.com/in/mashasedovaHost: Dr. Rebecca WynnOn ITSPmagazine
Interested in behavioral science? The training and awareness side of cybersecurity might be for you – and you should hear Masha Sedova's story. She offers a fascinating look at the human attack surface – which presents a whole new set of challenges – and they aren't all technical. She has built a career on solving these challenges, and she sheds light on this lesser-known side of the cybersecurity world.
Today's guest is Masha Sedova, President and co-Founder of Elevate Security. I wanted to talk to her about how she confronts these ideas and how she thinks about measuring and mitigating human risk. Follow Masha: LinkedIn, Twitter.
Since the Target breach in 2013 companies have invested a lot in tools and people to detect and respond but with all the tools and training in place, companies are still no better off, BEC and ransomware are more prevalent than ever before.In this episode Harris D. Schwartz Field CISO at Elevate Security discussed with us the shift in the industry from defensive to offensive security and what that entails. ------------------ We're stronger together. Keep connected with CyberSecurity Heroes at Apple Podcasts, Spotify, Stitcher and Google Podcast. Cyber Security Heroes is brought to you by IRONSCALES. An email security platform powered by AI, enhanced by thousands of customer security teams and built around detecting and removing threats in the inbox. We offer a service that is fast to deploy, easy to operate and is unparalleled in the ability to stop all types of email threats, including advanced attacks like BEC, ATO and more. Learn more at ironscales.com
It's important for employees to be brought into the fold as security's allies, rather than as its adversaries. For cybersecurity teams that operate with an adversarial mindset appropriate for external threats, it can be challenging to approach internal threats differently. You can't treat employees the same way you treat nation-state hackers. But employees play a pivotal role in preventing data leaks, making it important to create a company-wide culture of transparency. Transparency feeds trust, which builds a strong foundation for Security Awareness Training to be truly effective. The CyberWire's Jennifer Eiben hosts this women in cybersecurity podcast. Kathleen Smith of ClearedJobs.Net moderates the panel. Panelists include Michelle Killian from Sponsor Code 42, Sam Humphries of Exabeam, and Masha Sedova of Elevate Security.
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin is joined by Masha Sedova, the Co-Founder and President of Elevate Security; the leader in human attack surface management. Recently, the risk and RIMS community have been seeing an influx of high-profile ransomware attacks in the news, from the Colonial pipeline to the world's largest meat supplier. The fallout, disruption to operations, and the costs involved in addressing these attacks are enormous. Luckily for RIMScast listeners, Masha addresses these concerns and shares how risk professionals can actually learn from these attacks and take steps to better protect their organizations. She also discusses the various attacks currently making headlines as well as a variety of other topics on the themes of ransomware and business interruption. Key Takeaways: [:01] About RIMS's Global Membership. [:26] About today's episode with Masha Sedova. [:38] Upcoming RIMS Virtual Workshops and Workshops! [1:44] More about today's episode with Masha Sedova. [2:06] Justin welcomes Masha to RIMScast! [2:21] Masha shares why and how she originally began a career in cybersecurity. [3:50] Is Masha finding that risk professionals and risk managers are adapting more easily to the ever-evolving cyber risk landscape? [5:14] Masha shares her insights on the current high-profile ransomware attacks that are currently in the news. [7:50] What role the human element plays in the overall idea of cybersecurity risk. [9:24] How Masha defines human risk. [11:28] How an organization can measure and quantify human risk. [14:09] Masha's advice for mitigating human risk and how your organization can implement employee security controls. [16:11] Upcoming RIMS workshops, Spencer's Risk Manager on Campus Program, and more! [18:33] The current state of measuring and understanding employee risk in organizations today and what the best-in-class companies are doing right now in relation to this. [22:00] Why falling victim to a ransomware attack is often inevitable (and what we can do as risk professionals to respond gracefully). [23:47] Why are frontline workers more susceptible to phishing? [26:13] Are there acceptable levels of human risk? How do you gauge that? [29:56] What elements of human risk should insurance companies start considering in their policies and coverage as it relates to ransomware? [36:09] Justin thanks Masha Sedova for joining RIMScast and shares some of the links to look out for in this episode's show notes. Mentioned in this Episode: RIMS Events, Webinars, and Services: Did you attend RIMS Live 2021? Sessions are accessible through June 30th, 2021. Log in with your badge number: RIMS LIVE 2021 If you did not attend RIMS Live 2021 but want to access on-demand content, purchase the “Post Event Virtual Pass” for $499 to access the sessions, keynotes, and marketplace until June 30th. Visit: RIMS.org/RIMS2021 Registration for the VIRTUAL Spencer & Gallagher Golf Tournament is now open! Visit SpencerEd.org for more information and to register through August 15th, 2021 (You choose the golf course and team all while continuing to support the Spencer Educational Foundation!) Spencer's Risk Manager on Campus Program — Volunteer Today! Upcoming Webinars: July 15th, 2021 | “10 Essential Steps to Streamline Vendor Risk Assessments” | Sponsored by OneTrust Upcoming RIMS-CRMP Exam Prep Virtual Workshops (July & August 2021) — Gain an edge with the RIMS-CRMP; the only internationally accredited risk management certification! Mentioned in this Episode: Elevate Security Professional Report: “Elevating Human Attack Surface Management” RIMS Diversity, Equity & Inclusion Council RIMS Virtual Workshops: Claims Management — Register now for July 15‒16th, Aug. 23‒24th, or Nov. 8‒9th RIMS Risk Appetite Management Virtual Workshop — July 21‒22nd Save 15% off July and August Workshops! Use discount code LEARNRISK15 — Offer ends July 9th, 2021 (See the offer details below!) RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops Upcoming RIMS Webinars On-Demand Webinars RIMS Advisory Services — Ask a Peer Related RIMScast Episodes: “Cyber Breach Responses with Kate Fazzini, Flore Albo CEO” “The World of Cybersecurity with NCSA's Kelvin Coleman” “Cybersecurity Frameworks with NIST Fellow, Ron Ross” “Cyber Risk News & Trends with Tony Anscombe” “Cyberrisk News & Trends with Tony Anscombe, Part 2” “Cybersecurity in a COVID-19 World with Luke Wilson” “Cybersecurity Tips for Small Businesses with Daniel Eliot” “Cybersecurity with Christopher Loeber” “The State of Cybersecurity and 5G Technology with Jason Ruger, Ruby Zefo, and Chris Novak” Download any episode of RIMScast. RIMS Publications, Content, and Links: Risk Management Magazine Risk Management Monitor RIMS Coronavirus Information Center RIMS Risk Leaders Series — New episode with Cheryl Lloyd now available! RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New Interview featuring former RIMS Vice President Steve Pottle Spencer Educational Foundation Elevate Security Want to Learn More? Keep up with the podcast on RIMS.org and listen on iTunes. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook and Twitter, and LinkedIn. Follow up with Our Guest: Masha Sedova's LinkedIn
Masha Sedova is an award-winning people-security expert, speaker, and entrepreneur focused on helping companies transform employees from a risk into a key element of defense. She has been a part of our OODA Network for years, including speaking at our legacy FedCyber event, where she introduced the behavior-based and gamified cybersecurity training and awareness she put in place at Salesforce. She is the co-founder of Elevate Security delivering an employee-risk management platform that provides visibility into employee risk while motivating employees to make better security decisions. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Masha has been a member of the Board of Directors for the National Cyber Security Alliance and regular presenter at conferences such as Black Hat, RSA, ISSA, Enigma, OWASP and SANS. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners, and customers. The scope of her work ran the gamut from general awareness such as phishing and reporting activity to secure engineering practices by developers and engineers. In addition, Masha is a member of the Board of Directors for the National Cyber Security Alliance and a regular presenter at conferences such as Blackhat, RSA, ISSA, Enigma, and SANS. Other Resources: Masha Sedova on LinkedIn: https://www.linkedin.com/in/mashasedova/ Elevate Security: https://elevatesecurity.com OODA Network Interview with Masha FedCyber Interview with Keynote Speaker Masha Sedova RSA Innovation Sandbox Finalist Presentation
You may have heard that it's a good idea to have a mentor. But how do you find a mentor? How do you build a relationship with them? How important is it that you stay in touch? In this episode, Molly talks with Megan Caldwell, IU alum and Head of Customer at Elevate Security about her experience with mentoring relationships as she navigates her career path. She also shares some insight into her experience mentoring others. Enjoy!
Masha Sedova - Founder, Elevate Security Topic ideas from the PR company: Inability to measure human security behaviors leads to increased risk in our computing environments. For too long, we’ve accepted training completion and mock phishing data as a sufficient way to measure this risk. But where do the vulnerabilities and strengths truly lie? The secret is, security teams have installed tons of security tooling that can give insights into how our employees are behaving. But we just leave this data on the cutting room floor. Masha Sedova can talk about where to find this goldmine of data and what security teams can do to leverage this new found knowledge. Technology like vuln scanners or something more? Study after study shows that the reason why people don’t do things is not always because they don’t understand, it’s because they are not motivated. Motivating employees to change their cybersecurity behavior can seem like an overwhelming task but there are simple behavioral science techniques cybersecurity professionals can leverage to motivate employees to do the right thing. Masha Sedova will discuss the power of integrating elements of behavioral science into security in order to influence positive behavior. Motivation Theory (deming): https://en.wikipedia.org/wiki/W._Edwards_Deming#Key_principles X&Y https://en.wikipedia.org/wiki/Theory_X_and_Theory_Y Ouchi Z theory https://en.wikipedia.org/wiki/Theory_Z_of_Ouchi http://www.yourarticlelibrary.com/motivation/motivation-theories-top-8-theories-of-motivation-explained/35377 Masha’s suggested topics: Why do security teams have difficulty in understanding their human risk today? What are the blockers? What should security teams be measuring to get a holistic view of human risk? What's the difference between security culture, security behavior change, and security awareness? Is security culture a core capability in security defense? Why or why not? Quantifying risk… Is investing in human training a waste of time? Phishing - mock phish or real phishing Pull data to see who is clicking on links Send an ‘intervention’ Gotta move away from training The ‘security team’ will save them… https://www.ncsc.gov.uk/guidance/phishing Books: https://www.amazon.com/Nudge-Improving-Decisions-Health-Happiness/dp/014311526X https://www.amazon.com/Drive-Surprising-Truth-About-Motivates/dp/1594484805/ref=sr_1_1?crid=2QQ59YRRU89YX&dchild=1&keywords=drive+daniel+pink&qid=1588733551&s=books&sprefix=drive%2Cstripbooks%2C240&sr=1-1 Reality broken: https://www.amazon.com/Reality-Broken-Games-Better-Change/dp/0143120611 People centric security: https://www.amazon.com/People-Centric-Security-Transforming-Enterprise-Culture/dp/0071846778/ref=sr_1_1?dchild=1&keywords=people+centric+security&qid=1588733580&s=books&sr=1-1 Deep thought: a Cybersecurity novela: https://www.ideas42.org/blog/project/human-behavior-cybersecurity/deep-thought-a-cybersecurity-story/ https://elevatesecurity.com/ @modmasha Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Masha Sedova - Founder, Elevate Security Inability to measure human security behaviors leads to increased risk in our computing environments. For too long, we’ve accepted training completion and mock phishing data as a sufficient way to measure this risk. But where do the vulnerabilities and strengths truly lie? The secret is, security teams have installed tons of security tooling that can give insights into how our employees are behaving. But we just leave this data on the cutting room floor. Masha Sedova can talk about where to find this goldmine of data and what security teams can do to leverage this new found knowledge. Study after study shows that the reason why people don’t do things is not always because they don’t understand, it’s because they are not motivated. Motivating employees to change their cybersecurity behavior can seem like an overwhelming task but there are simple behavioral science techniques cybersecurity professionals can leverage to motivate employees to do the right thing. Masha Sedova will discuss the power of integrating elements of behavioral science into security in order to influence positive behavior. Motivation Theory (deming): https://en.wikipedia.org/wiki/W._Edwards_Deming#Key_principles X&Y: https://en.wikipedia.org/wiki/Theory_X_and_Theory_Y Ouchi Z theory https://en.wikipedia.org/wiki/Theory_Z_of_Ouchi http://www.yourarticlelibrary.com/motivation/motivation-theories-top-8-theories-of-motivation-explained/35377 Why do security teams have difficulty in understanding their human risk today? What are the blockers? What should security teams be measuring to get a holistic view of human risk? What's the difference between security culture, security behavior change, and security awareness? Is security culture a core capability in security defense? Why or why not? Quantifying risk… Is investing in human training a waste of time? Phishing - mock phish or real phishing Pull data to see who is clicking on links Send an ‘intervention’ Gotta move away from training The ‘security team’ will save them… https://www.ncsc.gov.uk/guidance/phishing Books: https://www.amazon.com/Nudge-Improving-Decisions-Health-Happiness/dp/014311526X https://www.amazon.com/Drive-Surprising-Truth-About-Motivates/dp/1594484805/ref=sr_1_1?crid=2QQ59YRRU89YX&dchild=1&keywords=drive+daniel+pink&qid=1588733551&s=books&sprefix=drive%2Cstripbooks%2C240&sr=1-1 Reality broken: https://www.amazon.com/Reality-Broken-Games-Better-Change/dp/0143120611 People centric security: https://www.amazon.com/People-Centric-Security-Transforming-Enterprise-Culture/dp/0071846778/ref=sr_1_1?dchild=1&keywords=people+centric+security&qid=1588733580&s=books&sr=1-1 Deep thought: a Cybersecurity novela: https://www.ideas42.org/blog/project/human-behavior-cybersecurity/deep-thought-a-cybersecurity-story/ https://elevatesecurity.com/ @modmasha Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
In this episode we meet Masha Sedova, co-founder of Elevate Security, a company which uses data and behavioral analytics to help organizations build a strong security culture. Masha was recently announced as finalist for the 2020 Innovation Sandbox Award at RSA, which tells you something about how unique and interesting her solution is. We also chat about certain challenges that she faced setting her company up, and also what it's like to be a female entrepreneur setting up a business in the cybersecurity industry...let's just say Hazel nearly fell off her chair when Masha told her what happened during one particular investor meeting!Also in this episode, Ben talks about the resurgence of digital extortion scams, what they tend to include, and what to do about them.And finally for our "On this Day" feature we’re only going back 3 years this time, but it’s a biggie. It’s been three years WannaCry, so we revisit the timeline of the attack, how it all unfolded, and the significance the WannaCry attack still has today.Links to further resources mentioned in the episode: Digital extortion scams: https://blogs.cisco.com/security/your-money-or-your-life-digital-extortion-scamsTalos ransomware discussion: https://blog.talosintelligence.com/2019/07/ransomware-extortion-roundtable-government-payments.htmlRegistration for Cisco Live June 2-3 https://www.ciscolive.com
Today my guest is Masha Sedova, the co-founder of Elevate Security delivering the first people-centric security platform that leverages behavioral-science to transform employees into security superhumans. Elevate's unique Security Behavior Platform uses data to score employee risks, show actionable trends and practical feedback to motivate, reward and reinforce smart security behaviors of employees. This new approach to security awareness earned Elevate Security a spot in the 10 Finalists in the Innovation Sandbox Competition at the RSA 2020 Conference. Masha is a member of the Board of Directors for the National Cyber Security Alliance and a regular presenter at conferences such as Blackhat, RSA, ISSA, Enigma, and SANS. As we begin our conversation, Masha emphasizes the importance, no the urgency, of looking for the ‘silver lining’ of our disruptive event and how we can embrace the opportunities it presents to emerge with unique outcomes for positive change. Since human error accounts for about 90% of all breaches, Masha explains how new thinking and understanding of security awareness and training can be one of your ‘crisis opportunities’ to improve. It’s all about the data. One of RedZone's big ambitions is to essentially create a biological response on the networks, creating systems that are automated at scale. So, I ask Masha why she thinks we haven’t begun using data in the workplace the way we use it in other areas of our lives – like fitness. You may have a fully integrated Fitbit, so why haven’t we considered implementing similar data integration and thinking into our organization’s security awareness platform? There are some really great concepts and tools that we discuss here. This conversation will give you a chance to understand how to get out of the tactical fear part of your brain and really look into the strategy of security. This is an episode that you do not want to miss. Here are some of things that you will learn in this podcast episode: - Human error creates 90% of threat events - Behavioral Science behind changing behaviors – You must have all three Ability Motivation Trigger or reminder - Motivating factors Gamification Social proof Celebrity social proof - Heroes, Champions and Risk Takers | Segmenting an Organization into a concept called ‘cohorts’ - Including the user as part of the ‘team’ with ongoing communication acknowledgement for A+ results encouragement for improving results motivation for adequate results solutions and coaching for failing results - The Learning Pyramid – Organizations should develop training with the best methods of retention. - Empowering people has an exponential impact within the organization How to Connect with Masha Sedova LinkedIn Twitter Website Resources + Books Mentioned The Power of Habit: Why We Do What We Do In Life and Business, by Charles Duhigg. Published by Random House Publishing Group, February 2012. About Bill Murphy Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter. If you are interested in learning more about my company, RedZone Technologies, and our security expertise, in particular related to Cloud and Email Security Kill Chain Strategy, Techniques and Tactics you can email cloudkill@redzonetech.net. Leave A Review Love this episode? Share it with your LinkedIn community here. If you haven't already, please make sure you leave us a review on iTunes or Stitcher. Not sure how to leave a review? Check out the instructions here. Credits + Other Stuff Music provided by Ben’s Sound: http://www.bensound.com/ Other Ways to Listen to the Podcast: iTunes | Libsyn | Soundcloud | RSS | LinkedIn
Hacker's Mind by Elevate Security gamifies the security training process resulting in employees who understand their importance in securing your organization. Turn every employee into a security superhero, and equip the organization to succeed against today's people-centered risk. About Masha Sedova: Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the Co-Founder of Elevate Security, delivering the first people-centric security platform that leverages behavioral-science to transform employees into security super-humans. Before Elevate Security, Sedova was a Security Executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Sedova has been a member of the board of directors for the National Cyber Security Alliance and a regular presenter at conferences such as Black Hat, RSA, ISSA, Enigma and SANS. LinkedIN: https://www.linkedin.com/company/elevate-security Twitter: @hello_elevate The Gamification Quest Podcast Host is Monica Cornetti, President of Sententia, Inc. (www.SententiaGamification.com) and GameMaster of GamiCon - The Annual International Conference for the Gamification of Learning (www.GamiCon.us). Connect with Monica on LinkedIn.
Hacker's Mind by Elevate Security gamifies the security training process resulting in employees who understand their importance in securing your organization. Turn every employee into a security superhero, and equip the organization to succeed against today's people-centered risk. About Masha Sedova: Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the Co-Founder of Elevate Security, delivering the first people-centric security platform that leverages behavioral-science to transform employees into security super-humans. Before Elevate Security, Sedova was a Security Executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Sedova has been a member of the board of directors for the National Cyber Security Alliance and a regular presenter at conferences such as Black Hat, RSA, ISSA, Enigma and SANS. LinkedIN: https://www.linkedin.com/company/elevate-security Twitter: @hello_elevate The Gamification Quest Podcast Host is Monica Cornetti, President of Sententia, Inc. (www.SententiaGamification.com) and GameMaster of GamiCon - The Annual International Conference for the Gamification of Learning (www.GamiCon.us). Connect with Monica on LinkedIn.
Join Kristen Hayer in conversation with Megan Caldwell, Head of CS at Elevate Security as they talk about how to identify your most important customers, and direct your focus toward them.
Humans are often deemed the “weakest link” in security, and if organizations maintain that attitude with their employees then nothing will change. An encouraging and positive company culture can turn them into the most powerful weapon. Masha Sedova, co-founder of Elevate Security, takes listeners through the ways they can foster a more people-centered security approach for better results.
Humans are often deemed the “weakest link” in security, and if organizations maintain that attitude with their employees then nothing will change. An encouraging and positive company culture can turn them into the most powerful weapon. Masha Sedova, co-founder of Elevate Security, takes listeners through the ways they can foster a more people-centered security approach for better results.
In today's episode, we will be talking with our good friend, Masha Sedova. Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the Co-Founder of Elevate Security, delivering the first people-centric security platform that leverages behavioral-science to transform employees into security super-humans. Before Elevate Security, Sedova was a Security Executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Sedova has been a member of the board of directors for the National Cyber Security Alliance and a regular presenter at conferences such as Black Hat, RSA, ISSA, Enigma and SANS. Listen in and get a deep understanding of the way social proof and behavioral science influence security awareness training. Masha suggested the following people to be aware of: Regina Spekter (http://www.reginaspektor.com/) and Kelly Shortridge (https://twitter.com/swagitda_?s=20). You can connect with Masha in the following ways: LinkedIn: https://www.linkedin.com/in/msedova/ and Twitter: https://twitter.com/ModMasha. At Tech & Main, we want to be YOUR technology partner. Let our 20+ years of expertise help you achieve the outcomes that are best for your business: cloud, SD-WAN, data center, security or anything else. We have engineers and project managers available to assist you. Call our office at 678-575-8515, email us at info@techandmain.com or visit us at www.techandmain.com. Thanks for listening! --- Send in a voice message: https://anchor.fm/techandmain/message
All images and links for this episode can be found on CISO Series (https://cisoseries.com/who-are-the-perfect-targets-for-ransomware/) If you've got lots of critical data, a massive insurance policy, and poor security infrastructure, you might be a perfect candidate to be hit with ransomware. This week and this week only, it's an extortion-free episode of CISO/Security Vendor Relationship Podcast. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Sean Walls (@sean_walls2000), vp, cybersecurity, Eurofins. Thanks to this week's podcast sponsor Core Security Assigning and managing entitlements rapidly to get employees the access they need is critical, but it can come at the cost of accuracy and security. Core Security’s identity governance and administration (IGA) solutions provide the intelligent, visual context needed to efficiently manage identity related security risks across any enterprise. On this week's episode How CISOs are digesting the latest security news An article in the NYTimes points to a new trend in ransomware that is specifically attacking small governments with weak computer protections and strong insurance policies. Payments from $400-$600K. Lake City, Florida, population 12K paid $460K to extortionists. They got some of their information back but they have been set back years of what will require rescanning of paper documents. Mike, I know your standard philosophy is to not pay the ransom, but after a ransomware attack against the city of Atlanta, the mayor refused to pay $51,000 in extortion demands, and so far it's cost the city $7.2 million. Probably more. These payments by the small cities must be incentivizing more attacks. Does this information change the way you're willing to approach ransomware. What can a small city with zero cybersecurity staff do to create a program to reduce their risk to such a ransomware attack? Ask a CISO Bindu Sundaresan, AT&T Consulting Solutions, asks a very simple question, "How is each security initiative supporting the right business outcome?" Do you find yourself selling security into the business this way? If not, would you be more successful selling security to the business if you did do this? What's Worse?! We've got a split decision on what information we prefer after a breach. Listen up, it’s security awareness training time Jon Sanders, Elevate Security, said, "Security awareness involves A LOT of selling… there’s no cookie cutter approach in security awareness or sales!" Is the reason security training is so tough because so many security people are not born salespeople? I've interviewed many and there's a lot of "just listen to me attitude," which really doesn't work in sales. Cloud Security Tip, sponsored by OpenVPN We talk a lot about penetration testing here, given that it remains a staple of proactive IT security. But not everyone feels it’s all it’s cracked up to be. Or should that be, all it’s hacked up to be?” More than one cybersecurity organization points out there are a few flaws in the pen testing concept that make it worth a second look. Pen testing often consists of a small collection of attacks performed within a set time period against a small sample of situations. Some experts doubt the efficacy of testing against a limited field of known vulnerabilities, without knowing what other weaknesses exist in plain sight, or merely invisible to jaded eyes. More on CISO Series... What do you think of this pitch? We have a pitch from Technium in which our CISOs question what exactly are they selling?
I’ve know Martina Lauchengco for more than 2 decades, and she is one of the smartest product marketers there is. As the Marketing Operating Partner at Costanoa Ventures she advises the firm’s portfolio on everything go to market. Costanoa’s security investments include BugCrown, Elevate Security, Kenna Security and others. Martina and I talk about what it takes to be a successful start-up marketing and what investors look for in go to market approaches and investments. If you’re 3 pillar messages are “Protect, Monitor, Secure” than Martina will tell you you are in good company, in a bad way! Martina talks about communicating what you do, how it’s different and why you are different and getting to the next layer down. We talk about story-telling, why Reddit is a good early radar system for investors to find the buzz, atomic narrative nuggets, category strategy, fitting in and standing out, and how investors check out the “real story” not the one you are telling. And don’t miss how Martina explains how fundamentally founders and executives don’t understand marketing, creating market pull, positioning, sequencing investments and why spending more doesn’t always equal success, and the alignment and accountability between sales and marketing. Martina recommends that you check out portfolio member Elevate Security’s website for a shift in messaging that excites an investor. Martina recommends all marketers read Chip and Dan Heath’s Made to Stick and that you follow @BenThompson of stratechery.com . You can find Martina on Twitter with her handle @mavinmartina and on Linked In here. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode I am joined by Masha Sedova. Masha is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first people-centric security platform that leverages behavioral-science to transform employees into security superhumans. Masha and I talk about everything from the her being “surrounded by dudes” in her first cybersecurity job to the challenges of reaching CISO, secret slack channels, what she thinks is “broken” in cybersecurity marketing and how to fix it. And her view on hiring from outside of Cybersecurity marketing folks might just surprise you a bit. It’s a fresh perspective and one that she is implementing at Elevate. In our “How I Market Cyber” speed round, I throw her the softball of “Fear or Hope”. By the time you get there, the answer will be obvious. And Masha’s advice to her younger self - “Connect the dots that others can’t”. Mentioned and recommended in this episode: Crossing the Chasm by Geoffrey Moore Follow Mike Johnson and his CISO Podcast - https://www.linkedin.com/in/mikevj and Alex Stamos former Facebook CISO Elevate Security TechbyChoice GirlsCodeIt You can follow Masha at @modmasha on Twitter and on LinkedIn here. Learn more about your ad choices. Visit megaphone.fm/adchoices
Masha Sedova comes from a history of computer scientists! Her grandmother was in the first Computer Science graduating class in 1954 under Stalin in the Soviet Union!! She loves challenges and is now utilizing what she thought was a waste of time in Liberal Arts to conquer challenges in Information Security using behavioral science, emotional intelligence, and other human factors. BIO: Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first people-centric security platform that leverages behavioral-science to transform employees into security superhumans. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Masha has been a member of the Board of Directors for the National Cyber Security Alliance and regular presenter at conferences such as Black-hat, RSA, ISSA, Enigma and SANS. Notes: Grandmother was in the first Computer Science graduating class in 1954 under Stalin in the Soviet Union!! Her Grandma taught her dad and her dad taught her programming around the 6th grade. Had access to a computer only through the local University. Masha began her search into 3 disciplines Game Theory Positive Psychology Behavioral Science Leaderboards are better for only a small subset Quotes: "You can't patch a human being." "We've taken a technology solution to a human problem, and I think that's totally wrong way of going about it." "Without the human interaction we would not have been able to get that alert." "Focus on failure as an eventual outcome." "I like picking hard challenges and very tall mountains to climb and computer science seemed like a tall mountain." "If you give people the correct amount of challenge, that is a state of happiness." "I found that leaderboards are effective for a small subset of people." "The reasons people don't do things is not because they don't know." Links: 6:1 Positive Feedback Ratio for Performance: https://medium.com/@Praiseworthy/harvard-research-finds-employees-need-a-6-1-positive-feedback-ratio-to-perform-their-best-8f14160a8fbd Dr Gottman: https://en.wikipedia.org/wiki/John_Gottman Reality is broken by Jane McGonigal: https://www.amazon.com/Reality-Broken-Games-Better-Change/dp/0143120611 Flow by Mihaly Csikszentmihalyi: https://www.amazon.com/Flow-Psychology-Experience-Perennial-Classics/dp/0061339202/ BJ Fogg: https://www.bjfogg.com/ Opower Report: https://www.povertyactionlab.org/evaluation/opower-evaluating-impact-home-energy-reports-energy-conservation-united-states Predictably Irrational by Dan Ariely: https://www.amazon.com/Predictably-Irrational-Hidden-Forces-Decisions/dp/006135323X Intro Music (Cascadia by Trash80): https://trash80.com/#/content/133/weeklybeats-2012-week5 Outro Music (Quincas Moreira - Entire): https://www.youtube.com/watch?v=DoKpuXyIyVs Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/
Paul and Matt discuss some Funding and M&A, such as Elevate Security announces an $8 million series A to alter employee security behavior, Armorblox raises 16.5 million in series A, Bandura Cyber raises 10 million in venture funding, and much more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode128 Visit http://securityweekly.com/esw for all the latest episodes!
This week, Paul is joined by Matt Alderman to discuss some Funding and M&A, such as Elevate Security announces an $8 million series A to alter employee security behavior, Armorblox raises 16.5 million in series A, Bandura Cyber raises 10 million in venture funding, and much more! In the Enterprise Security News, Capsule8 expands threat detection platform for PCI DSS, BitSight unveils peer analytics for more effective security performance management, Imperva advances autonomous application protection capabilities, and Synopsys launches Polaris Software integrity platform! Full Show Notes: https://wiki.securityweekly.com/ES_Episode128 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul is joined by Matt Alderman to discuss some Funding and M&A, such as Elevate Security announces an $8 million series A to alter employee security behavior, Armorblox raises 16.5 million in series A, Bandura Cyber raises 10 million in venture funding, and much more! In the Enterprise Security News, Capsule8 expands threat detection platform for PCI DSS, BitSight unveils peer analytics for more effective security performance management, Imperva advances autonomous application protection capabilities, and Synopsys launches Polaris Software integrity platform! Full Show Notes: https://wiki.securityweekly.com/ES_Episode128 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Paul and Matt discuss some Funding and M&A, such as Elevate Security announces an $8 million series A to alter employee security behavior, Armorblox raises 16.5 million in series A, Bandura Cyber raises 10 million in venture funding, and much more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode128 Visit http://securityweekly.com/esw for all the latest episodes!
CylancePROTECT now available on AWS marketplace, Attivo Networks enhances deception platform with Forensic Collection, Cyber Security market will reach $365.26B by 2026, and Elevate Security raises $8M in Series A! Full Show Notes: https://wiki.securityweekly.com/ES_Episode127 Visit http://securityweekly.com/esw for all the latest episodes!
CylancePROTECT now available on AWS marketplace, Attivo Networks enhances deception platform with Forensic Collection, Cyber Security market will reach $365.26B by 2026, and Elevate Security raises $8M in Series A! Full Show Notes: https://wiki.securityweekly.com/ES_Episode127 Visit http://securityweekly.com/esw for all the latest episodes!
This week, we interview Cody Cornell, Founder and CEO at Swimlane to discuss Security Orchestration, Automation, and Response! In the Enterprise Security News, CylancePROTECT now available on AWS Marketplace, Attivo Networks enhances deception platform with forensic collection, cyber security market will reach $365.26 billion dollars by 2026, and Elevate Security raises 8 million dollars in Series A! Full Show Notes: https://wiki.securityweekly.com/ES_Episode127 Visit http://securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we interview Cody Cornell, Founder and CEO at Swimlane to discuss Security Orchestration, Automation, and Response! In the Enterprise Security News, CylancePROTECT now available on AWS Marketplace, Attivo Networks enhances deception platform with forensic collection, cyber security market will reach $365.26 billion dollars by 2026, and Elevate Security raises 8 million dollars in Series A! Full Show Notes: https://wiki.securityweekly.com/ES_Episode127 Visit http://securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Look, we agree with you: passwords are the worst. But you know what else is the worst? Someone hacking your account, or big security breaches that expose your email, your credit card information, your government-issued identification number, and more. We should hold companies accountable for better security, but we also need to hold ourselves accountable for having good password hygiene. So let's tackle this once and for all. Hear from Buzzfeed's Mat Honan, who endured a brutal hack a few years ago when hackers exploited password-recovery tools; Mark Wilson from Fast Company, who wants to ban passwords altogether (though admits it's not the best idea); Masha Sedova of Elevate Security who says that, yes, security companies have failed us – but we have to use passwords anyway; and Matt Davey of 1Password, who offers a solution that Mozilla can get behind: use a password manager. A simple, game-changing tool that will help you take back control of your accounts, and secure yourself as best as you can. IRL is an original podcast from Mozilla. For more on the series go to irlpodcast.org Your passwords protect more than your accounts. They protect every bit of personal information that resides in them. And hackers rely on bad habits, like using the same password everywhere or using common phrases (p@ssw0rd, anyone?), so that if they hack one account, they can hack many. Password managers like 1Password, LastPass, Dashlane, and Bitwarden generate strong, unique passwords. They also store passwords securely and fill them into websites for you. IRL listeners can sign up to 1Password and get their first three months for free. Just visit 1password.com/promo/IRL and give it a try. And, if you use Firefox on your iPhone, try out Firefox Lockbox. It securely gives you access to all the logins you've saved to Firefox, in a secure app on your phone. As we mention in this episode of IRL, Gabriela Ivens cataloged hundreds of secret recipes that were leaked during data breaches. Firefox teamed up with her to show the personal impact a security breach can have on someone. As a bonus, we let you in on those precious recipes to drive the point home. Go have a look — and be sure to try the “Exposed BBQ Spice Rub” — at dataleeks.com. Want more? Mozilla has teamed up with 826 Valencia to bring you perspectives written by students on IRL topics this season. Zues C. from De Marillac Academy wrote this piece on managing your passwords, and managing your life. And, check out this article from Common Sense Media, on real-world reasons parents should care about kids and online privacy. Three cheers for good passwords (and password managers). Leave a rating or review in Apple Podcasts so we know what you think.
This week, Paul is joined by Matt Alderman to interview Masha Sedova, Co-Founder of Elevate Security! In the Article Discussion, “Senior Executives Get More Sleep Than Everyone Else”, “The Changing Face of B2B Marketing”, “The Best Mentors Ask These 8 Questions”, and more! In Tracking Security Innovation, Fortinet acquired Bradford Networks, Qualys acquired Second Front Systems, and more on this episode of Business Security Weekly! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode88 Visit https://www.securityweekly.com/bsw for all the latest episodes! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first human-centric security platform that leverages behavioral-science to transform employees into security superhumans. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode88 Visit http://securityweekly.com/category/sswfor all the latest episodes!
This week, Paul is joined by Matt Alderman to interview Masha Sedova, Co-Founder of Elevate Security! In the Article Discussion, “Senior Executives Get More Sleep Than Everyone Else”, “The Changing Face of B2B Marketing”, “The Best Mentors Ask These 8 Questions”, and more! In Tracking Security Innovation, Fortinet acquired Bradford Networks, Qualys acquired Second Front Systems, and more on this episode of Business Security Weekly! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode88 Visit https://www.securityweekly.com/bsw for all the latest episodes! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first human-centric security platform that leverages behavioral-science to transform employees into security superhumans. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode88 Visit http://securityweekly.com/category/sswfor all the latest episodes!
In episode 16 of The Secure Developer, Guy is joined by Masha Sedova, co-founder of Elevate Security, to discuss how training for employees (even developers) can help companies stay one step ahead of the pack when it comes to preventing a breach. The post Ep. #16, Security Training with Elevate's Masha Sedova appeared first on Heavybit.
Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first human-centric security platform that leverages behavioral-science to transform employees into security superhumans. Full Show Notes: https://wiki.securityweekly.com/Episode554 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly
Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first human-centric security platform that leverages behavioral-science to transform employees into security superhumans. Full Show Notes: https://wiki.securityweekly.com/Episode554 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly
This week, Katherine Teitler, Director of Content for MISTI joins us for our first feature interview! Masha Sedova, Co-Founder of Elevate Security joins us for our second feature interview! In the news, Intel drops plans to develop Spectre microcode for ancient chips, critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking, Facebook and Twitter may be forced to identify bots, and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode554 Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Katherine Teitler, Director of Content for MISTI joins us for our first feature interview! Masha Sedova, Co-Founder of Elevate Security joins us for our second feature interview! In the news, Intel drops plans to develop Spectre microcode for ancient chips, critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking, Facebook and Twitter may be forced to identify bots, and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode554 Visit https://www.securityweekly.com/psw for all the latest episodes!
As businesses struggle with security awareness training for employees, Elevate Security co-founder Masha Sedova argues that the focus should be on “behavior change” and recommends the use of positive motivation and available tools to get employees to make better security decisions.