Podcast appearances and mentions of jeff man

Play Episode Listen Later Mar 9, 2023 180:01

Tune in to ask our PSW hosts anything you want to know! Join the live discussion in our Discord server to ask a question. Visit securityweekly.com/discord for an invite! Larry Pesce, Jeff Man, Tyler Robinson, and more will be answering your questions, including: What is your advice on avoiding burnout? If each of the hosts had to be a distribution of Linux, which one would each of them be? Which host is the worst influence? Why is security so hard? Will any of you be at RSAC this year and where can we come see you? What current projects are you working on? In the Security News: Using HDMI radio interference for high-speed data transfer, Top 10 open source software risks, Dumb password rules, Grand Theft Auto, The false promise of ChatGPT, The “Hidden Button”, How a single engineer brought down twitter, Microsoft's aim to reduce “Tedious” business tasks with new AI tools, The internet is about to get a lot safer, All that, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw775

ai microsoft chatgpt discord hosts linux grand theft auto tyler robinson tedious rsac psw jeff man larry pesce ai hunter

Ask Our PSW Hosts Anything! - PSW #775

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Mar 9, 2023 70:50

Tune in to ask our PSW hosts anything you want to know! Join the live discussion in our Discord server to ask a question. Visit securityweekly.com/discord for an invite! Larry Pesce, Jeff Man, Tyler Robinson, and more will be answering your questions, including: What is your advice on avoiding burnout? If each of the hosts had to be a distribution of Linux, which one would each of them be? Which host is the worst influence? Why is security so hard? Will any of you be at RSAC this year and where can we come see you? What current projects are you working on? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw775

discord hosts linux tyler robinson rsac psw jeff man larry pesce

PSW #775 - Ask Our PSW Hosts Anything!

Play Episode Listen Later Mar 9, 2023 180:01

Tune in to ask our PSW hosts anything you want to know! Join the live discussion in our Discord server to ask a question. Visit securityweekly.com/discord for an invite! Larry Pesce, Jeff Man, Tyler Robinson, and more will be answering your questions, including: What is your advice on avoiding burnout? If each of the hosts had to be a distribution of Linux, which one would each of them be? Which host is the worst influence? Why is security so hard? Will any of you be at RSAC this year and where can we come see you? What current projects are you working on? In the Security News: Using HDMI radio interference for high-speed data transfer, Top 10 open source software risks, Dumb password rules, Grand Theft Auto, The false promise of ChatGPT, The “Hidden Button”, How a single engineer brought down twitter, Microsoft's aim to reduce “Tedious” business tasks with new AI tools, The internet is about to get a lot safer, All that, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw775

ai microsoft chatgpt discord hosts linux grand theft auto tyler robinson tedious rsac psw jeff man larry pesce ai hunter

Ask Our PSW Hosts Anything! - PSW #775

Defense & Aerospace Report

Play Episode Listen Later Mar 9, 2023 70:50

Tune in to ask our PSW hosts anything you want to know! Join the live discussion in our Discord server to ask a question. Visit securityweekly.com/discord for an invite! Larry Pesce, Jeff Man, Tyler Robinson, and more will be answering your questions, including: What is your advice on avoiding burnout? If each of the hosts had to be a distribution of Linux, which one would each of them be? Which host is the worst influence? Why is security so hard? Will any of you be at RSAC this year and where can we come see you? What current projects are you working on? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw775

discord hosts linux tyler robinson rsac psw jeff man larry pesce

Cyber Report [Nov 16, 22] A Conversation w/ Cyber Legend Jeff Man

Play Episode Listen Later Nov 16, 2022 35:33

On this week's Cyber Report, sponsored by Fortress Information Security, Jeff Man, who was one of the first group of “Red Team” hackers at the National Security Agency's “Pit” to improve US government security and is now a senior security consultant at IT services company Online Business Systems and the co-host of the Paul's Security Weekly podcast along with Paul Asadoorian, discusses lessons from his nearly 40-year career including what constitutes a hacker, how threats and defenses have changed over his career, the balance of power between attacks and defenders, training a new generation of talent, the right partnership between government and industry, the efficacy of a certification approach to security, the threat posed by social media sites like TikTok and more with Defense & Aerospace Report Editor Vago Muradian.

tiktok conversations defense cyber pit national security agency red team security weekly jeff man paul asadoorian

Remote Work and Finding Your Voice with Jeff Smith

Screaming in the Cloud

Play Episode Listen Later Jul 26, 2022 40:42

About JeffJeff Smith has been in the technology industry for over 20 years, oscillating between management and individual contributor. Jeff currently serves as the Director of Production Operations for Basis Technologies (formerly Centro), an advertising software company headquartered in Chicago, Illinois. Before that he served as the Manager of Site Reliability Engineering at Grubhub.Jeff is passionate about DevOps transformations in organizations large and small, with a particular interest in the psychological aspects of problems in companies. He lives in Chicago with his wife Stephanie and their two kids Ella and Xander.Jeff is also the author of Operations Anti-Patterns, DevOps Solutions with Manning publishing. (https://www.manning.com/books/operations-anti-patterns-devops-solutions) Links Referenced: Basis Technologies: https://basis.net/ Operations Anti-Patterns: https://attainabledevops.com/book Personal Site: https://attainabledevops.com LinkedIn: https://www.linkedin.com/in/jeffery-smith-devops/ Twitter: https://twitter.com/DarkAndNerdy Medium: https://medium.com/@jefferysmith duckbillgroup.com: https://duckbillgroup.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored by our friends at Fortinet. Fortinet's partnership with AWS is a better-together combination that ensures your workloads on AWS are protected by best-in-class security solutions powered by comprehensive threat intelligence and more than 20 years of cybersecurity experience. Integrations with key AWS services simplify security management, ensure full visibility across environments, and provide broad protection across your workloads and applications. Visit them at AWS re:Inforce to see the latest trends in cybersecurity on July 25-26 at the Boston Convention Center. Just go over to the Fortinet booth and tell them Corey Quinn sent you and watch for the flinch. My thanks again to my friends at Fortinet.Corey: Let's face it, on-call firefighting at 2am is stressful! So there's good news and there's bad news. The bad news is that you probably can't prevent incidents from happening, but the good news is that incident.io makes incidents less stressful and a lot more valuable. incident.io is a Slack-native incident management platform that allows you to automate incident processes, focus on fixing the issues and learn from incident insights to improve site reliability and fix your vulnerabilities. Try incident.io, recover faster and sleep more.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. One of the fun things about doing this show for long enough is that you eventually get to catch up with people and follow up on previous conversations that you've had. Many years ago—which sounds like I'm being sarcastic, but is increasingly actually true—Jeff Smith was on the show talking about a book that was about to release. Well, time has passed and things have changed. And Jeff Smith is back once again. He's the Director of Product Operations at Basis Technologies, and the author of DevOps Anti-Patterns? Or what was the actual title of the book it was—Jeff: Operations Anti-Patterns.Corey: I got hung up in the anti-patterns part because it's amazing. I love the title.Jeff: Yeah, Operations Anti-Patterns, DevOps Solutions.Corey: Got you. Usually in my experience, alway been operations anti-patterns, and here I am to make them worse, probably by doing something like using DNS as a database or some godforsaken thing. But you were talking about the book aspirationally a few years ago, and now it's published and it has been sent out to the world. And it went well enough that they translated it to Japanese, I believe, and it has seen significant uptick. What was your experience of it? How did it go?Jeff: You know, it was a great experience. This is definitely the first book that I've written. And the Manning process was extremely smooth. You know, they sort of hold your hand through the entire process. But even after launch, just getting feedback from readers and hearing how it resonated with folks was extremely powerful.I was surprised to find out that they turned it into an audiobook as well. So, everyone reaches out and says, “Did you read the audiobook? I was going to buy it, but I wasn't sure.” I was like, “No, unfortunately, I don't read it.” But you know, still cool to have it out there.Corey: My theory has been for a while now that no one wants to actually write a book; they want to have written a book. Now that you're on the other side, how accurate is that? Are you in a position of, “Wow, sure glad that's done?” Or are you, “That was fun. Let's do it again because I like being sad all the time.” I mean, you do work Kubernetes for God's sake. I mean, there's a bit of masochism inherent to all of us in this space.Jeff: Yeah. Kubernetes makes me cry a little bit more than the writing process. But it's one of the things when you look back on it, you're like, “Wow, that was fun,” but not in the heat of the moment, right? So, I totally agree with the sentiment that people want to have written a book but not actually gone through the process. And that's evident by the fact that how many people try to start a book on their own without a publisher behind them, and they end up writing it for 15 years. The process is pretty grueling. The feedback is intense at first, but you start to get into a groove and you—I could see, you know, in a little while wanting to write another book. So, I can see the appeal.Corey: And the last time you were on the show, I didn't really bother to go in a particular topical direction because, what's the point? It didn't really seem like it was a top-of-mind issue to really bring up because what's it matter; it's a small percentage of the workforce. Now I feel like talking about remote work is suddenly taking on a bit of a different sheen than it was before the dark times arrived. Where do you land on the broad spectrum of opinions around the idea of remote work, given that you have specialized in anti-patterns, and well, as sarcastic as I am, I tend to look at almost every place I've ever worked is expressing different anti-patterns from time to time. So, where do you land on the topic?Jeff: So, it's funny, I started as a staunch office supporter, right? I like being in the office. I like collaborating in person; I thought we were way more productive. Since the pandemic, all of us are forced into remote work, I've hired almost half of my team now as remote. And I am somewhat of a convert, but I'm not on the bandwagon of remote work is just as good or is better as in person work.I've firmly landed in the camp of remote work is good. It's got its shortcomings, but it's worth the trade off. And I think acknowledging what those trade-offs are important to keeping the team afloat. We just recently had a conversation with the team where we were discussing, like, you know, there's definitely been a drop in productivity over the past six months to a year. And in that conversation, a lot of the things that came up were things that are different remote that were better in person, right, Slack etiquette—which is something, you know, I could talk a little bit about as well—but, you know, Slack etiquette in terms of getting feedback quickly, just the sort of camaraderie and the lack of building that camaraderie with new team members as they come on board and not having those rituals to replace the in-person rituals. But through all that, oddly enough, no one suggested going back into the office. [laugh].Corey: For some strange reason, yeah. I need to be careful what I say here, I want to disclaim the position that I'm in. There is a power imbalance and nothing I say is going to be able to necessarily address that because I own the company and if my team members are listening to this, they're going to read a lot into what I say that I might not necessarily intend. But The Duckbill Group, since its founding, has been a fully distributed company. My business partner lives in a different state than I do so there's never been the crappy version of remote, which is, well, we're all going to be in the same city, except for Theodore. Theodore is going to be timezones away and then wonder why he doesn't get to participate in some of the conversations where the real decisions get made.Like that's crappy. I don't like that striated approach to things. We don't have many people who are co-located in any real sense, nor have we for the majority of the company's life. But there are times when I am able to work on a project in a room with one of my colleagues, and things go a lot more smoothly. As much as we want to pretend that video is the same, it quite simply isn't.It is a somewhat poor substitute for the very high bandwidth of a face-to-face interaction. And yes, I understand this is also a somewhat neurotypical perspective, let's be clear with that as well, and it's not for everyone. But I think that for the base case, a lot of the remote work advocates are not being fully, I guess, honest with themselves about some of the shortcomings remote has. That is where I've mostly landed on this. Does that generally land with where you are?Jeff: Yeah, that's exactly where I'm at. I completely agree. And when we take work out of the equation, I think the shortcomings lay themselves bare, right? Like I was having a conversation with a friend and we were like, well, if you had a major breakup, right, I would never be like, “Oh, man. Grab a beer and hop on Zoom,” right? [laugh]. “Let's talk it out.”No, you're like, hey, let's get in person and let's talk, right? We can do all of that conversation over Zoom, but the magic of being in person and having that personal connection, you know, can't be replaced. So, you know, if it's not going to work, commiserating over beers, right? I can't imagine it's going to work, diagramming some complex workflows and trying to come to an answer or a solution on that. So again, not to say that, you know, remote work is not valuable, it's just different.And I think organizations are really going to have to figure out, like, okay, if I want to entice people back into the office, what are the things that I need to do to make this realistic? We've opened the floodgates on remote hiring, right, so now it's like, okay, everyone's janky office setup needs to get fixed, right? So, I can't have a scenario where it's like, “Oh, just point your laptop at the whiteboard, right?” [laugh]. Like that can't exist, we have to have office spaces that are first-class citizens for our remote counterparts as well.Corey: Right because otherwise, the alternative is, “Great, I expect you to take the home that you pay for and turn it into an area fit for office use. Of course, we're not going to compensate you for that, despite the fact that, let's be realistic, rent is often larger than the AWS bill.” Which I know, gasp, I'm as shocked as anyone affected by that, but it's true. “But oh, you want to work from home? Great. That just means you can work more hours.”I am not of the school of thought where I consider time in the office to be an indicator of anything meaningful. I care if the work gets done and at small-scale, this works. Let me also be clear, we're an 11-person company. A lot of what I'm talking about simply will not scale to companies that are orders of magnitude larger than this. And from where I sit, that's okay. It doesn't need to.Jeff: Right. And I think a lot of the things that you talk about will scale, right? Because in most scenarios, you're not scaling it organizationally so much as you are with a handful of teams, right? Because when I think about all the different teams I interact with, I never really interact with the organization as a whole, I interact with my little neighborhood in the organization. So, it is definitely something that scales.But again, when it comes to companies, like, enticing people back into the office, now that I'm talking about working from home five days a week, I've invested in my home setup. I've got the monitor I want, I've got the chair that I want, I've got the mouse and keyboard that I want. So, you're going to bring me back to the office so I can have some standard Dell keyboard and mouse with some janky, you know—maybe—21-inch monitor or something like that, right? Like, you really have to decide, like, okay, we're going to make the office a destination, we're going to make it where people want to go there where it's not just even about the collaboration aspect, but people can still work and be effective.And on top of that, I think how we look at what the office delivers is going to change, right? Because now when I go to the office now, I do very little work. It's connections, right? It's like, you know, “Oh, I haven't seen you in forever. Let's catch up.” And a lot of that stuff is valuable. You know, there's these hallway conversations that exist that just weren't happening previously because how do I accidentally bump into you on Slack? [laugh]. Right, it has to be much more it of a—Corey: Right. It takes some contrivance to wind up making that happen. I remember back in the days of working in offices, I remember here in San Francisco where we had unlimited sick time and unlimited PTO, I would often fake a sick day, but just stay home and get work done. Because I knew if I was in the office, I'd be constantly subjected to drive-bys the entire time of just drive-by requests, people stopping by to ask, “Oh, can you just help me with this one thing,” that completely derails my train of thought. Then at the end of the day, they'd tell me, “You seem distractible and you didn't get a lot of work done.”It's, “Well, no kidding. Of course not. Are you surprised?” And one of the nice things about starting your own company—because there are a lot of downsides, let me be very clear—one of the nice things is you get to decide how you want to work. And that was a study in, first, amazement, and then frustration.It was, “All right, I just landed a big customer. I'm off to the races and going to take this seriously for a good six to twelve months. Great sky's the limit, I'm going to do up my home office.” And then you see how little money it takes to have a nice chair, a good standing desk, a monitor that makes sense and you remember fighting tooth-and-nail for nothing that even approached this quality at companies and they acted like it was going to cost them 20-grand. And here, it's two grand at most, when I decorated this place the first time.And it was… “What the hell?” Like, it feels like the scales fall away from your eyes, and you start seeing things that you didn't realize were a thing. Now I worry that five years in, there's no way in the world I'm ever fit to be an employee again, so this is probably the last job I'll ever have. Just because I've basically made myself completely unemployable across six different axes.Jeff: [laugh]. And I think one of the things when it comes to, like, furniture, keyboard, stuff like that, I feel like part of it was just, like, this sort of enforced conformity, right, that the office provided us the ability to do. We can make sure everyone's got the same monitor, the same keyboard that way, when it breaks, we can replace it easily. In a lot of organizations that I've been in, you know, that sort of like, you know, even if it was the same amount or ordering a custom keyboard was a big exception process, right? Like, “Oh, we've got to do a whole thing.” And it's just like, “Well, it doesn't have to be that complicated.”And like you said, it doesn't cost much to allow someone to get the tools that they want and prefer and they're going to be more productive with. But to your point really quickly about work in the office, until the pandemic, I personally didn't recognize how difficult it actually was to get work done in the office. I don't think I appreciated it. And now that I'm remote, I'm like, wow, it is so much easier for me to close this door, put my headphones on, mute Slack and go heads down. You know, the only drive-by I've got is my wife wondering if I want to go for a walk, and that's usually a text message that I can ignore and come back to later.Corey: The thing that just continues to be strange for me and breaks in some of the weirdest ways has just been the growing awareness of how much of office life is unnecessary and ridiculous. When you're in the office every day, you have to find a way to make it work and be productive and you have this passive-aggressive story of this open office, it's for collaboration purposes. Yeah, I can definitively say that is not true. I had a boss who once told me that there was such benefits to working in an open plan office that if magically it were less expensive to give people individual offices, he would spare the extra expense for open plan. That was the day I learned he would lie to me while looking me in the eye. Because of course you wouldn't.And it's for collaboration. Yeah, it means two loud people—often me—are collaborating and everyone else wears noise-canceling headphones trying desperately to get work done, coming in early, hours before everyone else to get things done before people show up and distracted me. What the hell kind of day-to-day work environment is that?Jeff: What's interesting about that, though, is those same distractions are the things that get cited as being missed from the perspective of the person doing the distracting. So, everyone universally hates that sort of drive-by distractions, but everyone sort of universally misses the ability to say like, “Hey, can I just pull on your ear for a second and get your feedback on this?” Or, “Can we just walk through this really quickly?” That's the thing that people miss, and I don't think that they ever connect it to the idea that if you're not the interruptee, you're the interruptor, [laugh] and what that might do to someone else's productivity. So, you would think something like Slack would help with that, but in reality, what ends up happening is if you don't have proper Slack etiquette, there's a lot of signals that go out that get misconstrued, misinterpreted, internalized, and then it ends up impacting morale.Corey: And that's the most painful part of a lot of that too. Is that yeah, I want to go ahead and spend some time doing some nonsense—as one does; imagine that—and I know that if I'm going to go into an office or meet up with my colleagues, okay, that afternoon or that day, yeah, I'm planning that I'm probably not going to get a whole lot of deep coding done. Okay, great. But when that becomes 40 hours a week, well, that's a challenge. I feel like being full remote doesn't work out, but also being in the office 40 hours a week also feels a little sadistic, more than almost anything else.I don't know what the future looks like and I am privileged enough that I don't have to because we have been full remote the entire time. But what we don't spend on office space we spend on plane tickets back and forth so people can have meetings. In the before times, we were very good about that. Now it's, we're hesitant to do it just because it's we don't want people traveling before the feel that it's safe to do so. We've also learned, for example, when dealing with our clients, that we can get an awful lot done without being on site with them and be extraordinarily effective.It was always weird have traveled to some faraway city to meet with the client, and then you're on a Zoom call from their office with the rest of the team. It's… I could have done this from my living room.Jeff: Yeah. I find those sorts of hybrid meetings are often worse than if we were all just remote, right? It's just so much easier because now it's like, all right, three of us are going to crowd around one person's laptop, and then all of the things that we want to do to take advantage of being in person are excluding the people that are remote, so you got to do this careful dance. The way we've been sort of tackling it so far—and we're still experimenting—is we're not requiring anyone to come back into the office, but some people find it useful to go to the office as a change of scenery, to sort of, like break things up from their typical routine, and they like the break and the change. But it's something that they do sort of ad hoc.So, we've got a small group that meets, like, every Thursday, just as a day to sort of go into the office and switch things up. I think the idea of saying everyone has to come into the office two or three days a week is probably broken when there's no purpose behind it. So, my wife technically should go into the office twice a week, but her entire team is in Europe. [laugh]. So, what point does that make other than I am a body in a chair? So, I think companies are going to have to get flexible with this sort of hybrid environment.But then it makes you wonder, like, is it worth the office space and how many people are actually taking advantage of it when it's not mandated? We find that our office time centers around some event, right? And that event might be someone in town that's typically remote. That might be a particular project that we're working on where we want to get ideas and collaborate and have a workshop. But the idea of just, like, you know, we're going to systematically require people to be in the office x many days, I don't see that in our future.Corey: No, and I hope you're right. But it also feels like a lot of folks are also doing some weird things around the idea of remote such as, “Oh, we're full remote but we're going to pay you based upon where you happen to be sitting geographically.” And we find that the way that we've done this—and again, I'm not saying there's a right answer for everyone—but we wind up paying what the value of the work is for us. In many cases, that means that we would be hard-pressed to hire someone in the Bay Area, for example. On the other hand, it means that when we hire people who are in places with relatively low cost of living, they feel like they've just hit the lottery, on some level.And yeah, some of them, I guess it does sort of cause a weird imbalance if you're a large Amazon-scale company where you want to start not disrupting local economies. We're not hiring that many people, I promise. So, there's this idea of figuring out how that works out. And then where does the headquarters live? And well, what state laws do we wind up following on what we're doing? Just seems odd.Jeff: Yeah. So, you know, one thing I wanted to comment on that you'd mentioned earlier, too, was the weird things that people are doing, and organizations are doing with this, sort of, remote work thing, especially the geographic base pay. And you know, a lot of it is, how can we manipulate the situation to better us in a way that sounds good on paper, right? So, it sounds perfectly reasonable. Like, oh, you live in New York, I'm going to pay you in New York rates, right?But, like, you live in Des Moines, so I'm going to pay you Des Moines rates. And on the surface, when you just go you're like, oh, yeah, that makes sense, but then you think about it, you're like, “Wait, why does that matter?” Right? And then, like, how do I, as a manager, you know, level that across my employees, right? It's like, “Oh, so and so is getting paid 30 grand less. Oh, but they live in a cheaper area, right?” I don't know what your personal situation is, and how much that actually resonates or matters.Corey: Does the value that they provide to your company materially change based upon where they happen to be sitting that week?Jeff: Right, exactly. But it's a good story that you can tell, it sounds fair at first examination. But then when you start to scratch the surface, you're like, “Wait a second, this is BS.” So, that's one thing.Corey: It's like tipping on some level. If you can't afford the tip, you can't afford to eat out. Same story here. If you can't afford to compensate people the value that they're worth, you can't afford to employ people. And figure that out before you wind up disappointing people and possibly becoming today's Twitter main character.Jeff: Right. And then the state law thing is interesting. You know, when you see states like California adopting laws similar to, like, GDPR. And it's like, do you have to start planning for the most stringent possibility across every hire just to be safe and to avoid having to have this sort of patchwork of rules and policies based on where someone lives? You might say like, “Okay, Delaware has the most stringent employer law, so we're going to apply Delaware's laws across the board.” So, it'll be interesting to see how that sort of plays out in the long run. Luckily, that's not a problem I have to solve, but it'll be interesting to see how it shakes out.Corey: It is something we had to solve. We have an HR consultancy that helps out with a lot of these things, but the short answer is that we make sure that we obey with local laws, but the way that we operate is as if everyone were a San Francisco employee because that is—so far—the locale that, one, I live here, but also of every jurisdiction we've looked at in the United States, it tends to have the most advantageous to the employee restrictions and requirements. Like one thing we do is kind of ridiculous—and we have to do for me and one other person, but almost no one else, but we do it for everyone—is we have to provide stipends every month for electricity, for cellphone usage, for internet. They have to be broken out for each one of those categories, so we do 20 bucks a month for each of those. It adds up to 100 bucks, as I recall, and we call it good. And employees say, “Okay. Do we just send you receipts? Please don't.”I don't want to look at your cell phone bill. It's not my business. I don't want to know. We're doing this to comply with the law. I mean, if it were up to me, it would be this is ridiculous. Can we just give everyone $100 a month raise and call it good? Nope. The forms must be obeyed. So, all right.We do the same thing with PTO accrual. If you've acquired time off and you leave the company, we pay it out. Not every state requires that. But paying for cell phone access and internet access as well, is something Amazon is currently facing a class action about because they didn't do that for a number of their California employees. And even talking to Amazonians, like, “Well, they did, but you had to jump through a bunch of hoops.”We have the apparatus administratively to handle that in a way that employees don't. Why on earth would we make them do it unless we didn't want to pay them? Oh, I think I figured out this sneaky, sneaky plan. I'm not here to build a business by exploiting people. If that's the only way to succeed, and the business doesn't deserve to exist. That's my hot take of the day on that topic.Jeff: No, I totally agree. And what's interesting is these insidious costs that sneak up that employees tend to discount, like, one thing I always talk about with my team is all that time you're thinking about a problem at work, right, like when you're in the shower, when you're at dinner, when you're talking it over with your spouse, right? That's work. That's work. And it's work that you're doing on your time.But we don't account for it that way because we're not typing; we're not writing code. But, like, think about how much more effective as people, as employees, we would be if we had time dedicated to just sit and think, right? If I could just sit and think about a problem without needing to type but just critically think about it. But then it's like, well, what does that look like in the office, right? If I'm just sitting there in my chair like this, it doesn't look like I'm doing anything.But that's so important to be able to, like, break down and digest some of the complex problems that we're dealing with. And we just sort of write it off, right? So, I'm like, you know, you got to think about how that bleeds into your personal time and take that into account. So yeah, maybe you leave three hours early today, but I guarantee you, you're going to spend three hours throughout the week thinking about work. It's the same thing with these cellphone costs that you're talking about, right? “Oh, I've got a cell phone anyways; I've got internet anyways.” But still, that's something that you're contributing to the business that they're not on the hook for, so it seems fair that you get compensated for that.Corey: I just think about that stuff all the time from that perspective, and now that I you know, own the place, it's one of those which pocket of mine does it come out of? But I hold myself to a far higher standard about that stuff than I do the staff, where it's, for example, I could theoretically justify paying my internet bill here because we have business-class internet and an insane WiFi system because of all of the ridiculous video production I do. Now. It's like, like, if anyone else on the team was doing this, yes, I will insist we pay it, but for me, it just it feels a little close to the edge. So, it's one of those areas where I'm very conservative around things like that.The thing that also continues to just vex me, on some level, is this idea that time in a seat is somehow considered work. I'll never forget one of the last jobs I had before I started this place. My boss walked past me and saw that I was on Reddit. And, “Is that really the best use of your time right now?” May I use the bathroom when I'm done with this, sir?Yeah, of course it is. It sounds ridiculous, but one of the most valuable things I can do for The Duckbill Group now is go on the internet and start shit posting on Twitter, which sounds ridiculous, but it's also true. There's a brand awareness story there, on some level. And that's just wild to me. It's weird, we start treating people like adults, they start behaving that way. And if you start micromanaging them, they live up or down to the expectations you tend to hold. I'm a big believer in if I have to micromanage someone, I should just do the job myself.Jeff: Yeah. The Reddit story makes me think of, like, how few organizations have systematic ways of getting vital information. So, the first thing I think about is, like, security and security vulnerabilities, right? So, how does Basis Technologies, as an organization, know about these things? Right now, it's like, well, my team knows because we're plugged into Reddit and Twitter, right, but if we were gone Basis, right, may not necessarily get that information.So, that's something we're trying to correct, but it just sort of highlights the importance of freedom for these employees, right? Because yeah, I'm on Reddit, but I'm on /r/sysadmin. I'm on /r/AWS, right, I'm on /r/Atlassian. Now I'm finding out about this zero-day vulnerability and it's like, “Oh, guys, we got to act. I just heard about this thing.” And people are like, “Oh, where did this come from?” And it's like it came from my network, right? And my network—Corey: Mm-hm.Jeff: Is on Twitter, LinkedIn, Reddit. So, the idea that someone browsing the internet on any site, really, is somehow not a productive use of their time, you better be ready to itemize exactly what that means and what that looks like. “Oh, you can do this on Reddit but you can't do that on Reddit.”Corey: I have no boss now, I have no oversight, but somehow I still show up with a work ethic and get things done.Jeff: Right. [laugh].Corey: Wow, I guess I didn't need someone over my shoulder the whole time. Who knew?Jeff: Right. That's all that matters, right? And if you do it in 30 hours or 40 hours, that doesn't really matter to me, you know? You want to do it at night because you're more productive there, right, like, let's figure out a way to make that happen. And remote work is actually empowering us ways to really retain people that wasn't possible before I had an employee that was like, you know, I really want to travel. I'm like, “Dude, go to Europe. Work from Europe. Just do it. Work from Europe,” right? We've got senior leaders on the C-suite that are doing it. One of the chief—Corey: I'm told they have the internet, even there. Imagine that?Jeff: Yeah. [laugh]. So, our chief program officer, she was in Greece for four weeks. And it worked. It worked great. They had a process. You know, she would spent one week on and then one week off on vacation. But you know, she was able to have this incredible, long experience, and still deliver. And it's like, you know, we can use that as a model to say, like—Corey: And somehow the work got done. Wow, she must be amazing. No, that's the baseline expectation that people can be self-managing in that respect.Jeff: Right.Corey: They aren't toddlers.Jeff: So, if she can do that, I'm sure you can figure out how to code in China or wherever you want to visit. So, it's a great way to stay ahead of some of these companies that have a bit more lethargic policies around that stuff, where it's like, you know, all right, I'm not getting that insane salary, but guess what, I'm going to spend three weeks in New Zealand hanging out and not using any time off or anything like that, and you know, being able to enjoy life. I wish this pandemic had happened pre-kids because—Corey: Yeah. [laugh].Jeff: —you know, we would really take advantage of this.Corey: You and me both. It would have very different experience.Jeff: Yeah. [laugh]. Absolutely, right? But with kids in school, and all that stuff, we've been tethered down. But man, I you know, I want to encourage the young people or the single people on my team to just, like, hey, really, really embrace this time and take advantage of it.Corey: I come bearing ill tidings. Developers are responsible for more than ever these days. Not just the code that they write, but also the containers and the cloud infrastructure that their apps run on. Because serverless means it's still somebody's problem. And a big part of that responsibility is app security from code to cloud. And that's where our friend Snyk comes in. Snyk is a frictionless security platform that meets developers where they are - Finding and fixing vulnerabilities right from the CLI, IDEs, Repos, and Pipelines. Snyk integrates seamlessly with AWS offerings like code pipeline, EKS, ECR, and more! As well as things you're actually likely to be using. Deploy on AWS, secure with Snyk. Learn more at Snyk.co/scream That's S-N-Y-K.co/screamCorey: One last topic I want to get into before we call it an episode is, I admit, I read an awful lot of books, it's a guilty pleasure. And it's easy to fall into the trap, especially when you know the author, of assuming that snapshot of their state of mind at a very fixed point in time is somehow who they are, like a fly frozen in amber, and it's never true. So, my question for you is, quite simply, what have you learned since your book came out?Jeff: Oh, man, great question. So, when I was writing the book, I was really nervous about if my audience was as big as I thought it was, the people that I was targeting with the book.Corey: Okay, that keeps me up at night, too. I have no argument there.Jeff: Yeah. You know what I mean?Corey: Please, continue.Jeff: I'm surrounded, you know, by—Corey: Is anyone actually listening to this? Yeah.Jeff: Right. [laugh]. So, after the book got finished and it got published, I would get tons of feedback from people that so thoroughly enjoyed the book, they would say things like, you know, “It feels like you were in our office like a fly on the wall.” And that was exciting, one, because I felt like these were experiences that sort of resonated, but, two, it sort of proved this thesis that sometimes you don't have to do something revolutionary to be a positive contribution to other people, right? So, like, when I lay out the tips and things that I do in the book, it's nothing earth-shattering that I expect Google to adopt. Like, oh, my God, this is the most unique view ever.But being able to talk to an audience in a way that resonates with them, that connects with them, that shows that I understand their problem and have been there, it was really humbling and enlightening to just see that there are people out there that they're not on the bleeding edge, but they just need someone to talk to them in a language that they understand and resonate with. So, I think the biggest thing that I learned was this idea that your voice is important, your voice matters, and how you tell your story may be the difference between someone understanding a concept and someone not understanding a concept. So, there's always an audience for you out there as you're writing, whether it be your blog post, the videos that you produce, the podcasts that you make, somewhere there's someone that needs to hear what you have to say, and the unique way that you can say it. So, that was extremely powerful.Corey: Part of the challenge that I found is when I start talking to other people, back in the before times, trying to push them into conference talks and these days, write blog posts, the biggest objection I get sometimes is, “Well, I don't have anything worth saying.” That is provably not true. One of my favorite parts about writing Last Week in AWS is as I troll the internet looking for topics about AWS that I find interesting, I keep coming across people who are very involved in one area or another of this ecosystem and have stories they want to tell. And I love, “Hey, would you like to write a guest post for Last Week in AWS?” It's always invite only and every single one of them has been paid because people die of exposure and I'm not about that exploitation lifestyle.A couple have said, “Oh, I can't accept payment for a variety of reasons.” Great. Pick a charity that you would like it to go to instead because we do not accept volunteer work, we are a for-profit entity. That is the way it works here. And that has been just one of the absolute favorite parts about what I do just because you get to sort of discover new voices.And what I find really neat is that for a lot of these folks, this is their start to writing and telling the story, but they don't stop there, they start telling their story in other areas, too. It leads to interesting career opportunities for them, it leads to interesting exposure that they wouldn't have necessarily had—again, not that they're getting paid in exposure, but the fact that they are able to be exposed to different methodologies, different ways of thinking—I love that. It's one of my favorite parts about doing what I do. And it seems to scale a hell of a lot better than me sitting down with someone for two hours to help them build a CFP that they wind up not getting accepted or whatnot.Jeff: Right. It's a great opportunity that you provide folks, too, because of, like, an instant audience, I think that's one of the things that has made Medium so successful as, like, a blogging platform is, you know, everyone wants to go out and build their own WordPress site and launch it, but then it like, you write your blog post and it's crickets. So, the ability for you to, you know, use your platform to also expose those voices is great and extremely powerful. But you're right, once they do it, it lights a fire in a way that is admirable to watch. I have a person that I'm mentoring and that was my biggest piece of advice I can give. It was like, you know, write. Just write.It's the one thing that you can do without anyone else. And you can reinforce your own knowledge of a thing. If you just say, you know, I'm going to teach this thing that I just learned, just the writing process helps you solidify, like, okay, I know this stuff. I'm demonstrating that I know it and then four years from now, when you're applying for a job, someone's like, “Oh, I found your blog post and I see that you actually do know how to set up a Kubernetes cluster,” or whatever. It's just extremely great and it—Corey: It's always fun. You're googling for how to do something and you find something you wrote five years ago.Jeff: Right, yeah. [laugh]. And it's like code where you're like, “Oh, man, I would do that so much differently now.”Corey: Since we last spoke, one of the things I've been doing is I have been on the hook to write between a one to two-thousand-word blog post every week, and I've done that like clockwork, for about a year-and-a-half now. And I was no slouch at storytelling before I started doing that. I've given a few hundred conference talks in the before times. And I do obviously long Twitter threads in the past and I write reports a lot. But forcing me to go through that process every week and then sit with an editor and go ahead and get it improved, has made me a far better writer, it's made me a better storyteller, I am far better at articulating my point of view.It is absolutely just unlocking a host of benefits that I would have thought I was, oh, I passed all this. I'm already good at these things. And I was, but I'm better now. I think that writing is one of those things that people need to do a lot more of.Jeff: Absolutely. And it's funny that you mentioned that because I just recently, back in April, started to do the same thing I said, I'm going to write a blog post every week, right? I'm going to get three or four in the can, so that if life comes up and I miss a beat, right, I'm not actually missing the production schedule, so I have a steady—and you're right. Even after writing a book, I'm still learning stuff through the writing process, articulating my point of view.It's just something that carries over, and it carries over into the workforce, too. Like, if you've ever read a bad piece of documentation, right, that comes from—Corey: No.Jeff: Right? [laugh]. That comes from an inability to write. Like, you know, you end up asking these questions like who's the audience for this? What is ‘it' in this sentence? [laugh].Corey: Part of it too, is that people writing these things are so close to the problem themselves that the fact that, “Well, I'm not an expert in this.” That's why you should write about it. Talk about your experience. You're afraid everyone's going to say, “Oh, you're a fool. You didn't understand how this works.”Yeah, my lived experiences instead—and admittedly, I have the winds of privilege of my back on this—but it's also yeah, I didn't understand that either. It turns out that you're never the only person who has trouble with a concept. And by calling it out, you're normalizing it and doing a tremendous service for others in your shoes.Jeff: Especially when you're not an expert because I wrote some documentation about the SSL process and it didn't occur to me that these people don't use the AWS command line, right? Like, you know, in our organization, we sort of mask that from them through a bunch of in-house automation. Now we're starting to expose it to them and simple things like oh, you need to preface the AWS command with a profile name. So, then when we're going through the setup, we're like, “Oh. What if they already have an existing profile, right?” Like, we don't want to clobber that.SSo, it just changed the way you write the documentation. But like, that's not something that initially came to mind for me. It wasn't until someone went through the docs, and they're like, “Uh, this is blowing up in a weird way.” And I was like, “Oh, right. You know, like, I need to also teach you about profile management.”Corey: Also, everyone has a slightly different workflow for the way they interact with AWS accounts, and their shell prompts, and the way they set up local dev environments.Jeff: Yeah, absolutely. So, not being an expert on a thing is key because you're coming to it with virgin eyes, right, and you're able to look at it from a fresh perspective.Corey: So, much documentation out there is always coming from the perspective of someone who is intimately familiar with the problem space. Some of the more interesting episodes that I have, from a challenge perspective, are people who are deep technologists in a particular area and they love they fallen in love with the thing that they are building. Great. Can you explain it to the rest of us mere mortals so that we can actually we can share your excitement on this? And it's very hard to get them to come down to a level where it's coherent to folks who haven't spent years thinking deeply about that particular problem space.Jeff: Man, the number one culprit for that is, like, the AWS blogs where they have, like, a how-to article. You follow that thing and you're like, “None of this is working.” [laugh]. Right? And then you realize, oh, they made an assumption that I knew this, but I didn't right?So, it's like, you know, I didn't realize this was supposed to be, like, a handwritten JSON document just jammed into the value field. Because I didn't know that, I'm not pulling those values out as JSON. I'm expecting that just to be, like, a straight string value. And that has happened more and more times on the AWS blog than I can count. [laugh].Corey: Oh, yeah, very often. And then there's other problems, too. “Oh, yeah. Set up your IAM permissions properly.” That's left as an exercise for the reader. And then you wonder why everything's full of stars. Okay.Jeff: Right. Yep, exactly, exactly.Corey: Ugh. It's so great to catch up with you and see what you've been working on. If people want to learn more, where's the best place to find you?Jeff: So, the best place is probably my website, attainabledevops.com. That's a place where you can find me on all the other places. I don't really update that site much, but you can find me on LinkedIn, Twitter, from that jumping off point, links to the book are there if anyone's interested in that. Perfect stocking stuffers. Mom would love it, grandma would love it, so definitely, definitely buy multiple copies of that.Corey: Yeah, it's going to be one of my two-year-old's learning to read books, it'd be great.Jeff: Yeah, it's perfect. You know, you just throw it in the crib and walk away, right? They're asleep at no time. Like I said, I've also been taking to, you know, blogging on Medium, so you can catch me there, the links will be there on Attainable DevOps as well.Corey: Excellent. And that link will of course, be in the show notes. Thank you so much for being so generous with your time. I really do appreciate it. And it's great to talk to you again.Jeff: It was great to catch up.Corey: Really was. Jeff Smith, Director of Product Operations at Basis Technologies. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice or smash the like and subscribe buttons on the YouTubes, whereas if you've hated this podcast, do the exact same thing—five-star review, smash the buttons—but also leave an angry, incoherent comment that you're then going to have edited and every week you're going to come back and write another incoherent comment that you get edited. And in the fullness of time, you'll get much better at writing angry, incoherent comments.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

united states god new york director amazon california chicago europe google china work talk san francisco zoom japanese new zealand mom illinois bs reddit medium cloud greece integration bay area wifi i am developers delaware basis slack centro wordpress cfp last week manning remote work screaming gdpr aws des moines finding your voice devops pto dns pipelines ides deploy grubhub kubernetes atlassian ssl jeff smith json repos cli fortinet sso ecr eks snyk site reliability engineering corey quinn amazonians inforce jeff it jeff man jeff yeah duckbill group jeff you jeff no jeff oh jeff so chief cloud economist jeff is boston convention center jeff right last week in aws humblepod corey is

ESW #279 - Mark St. John, Branden Williams, Jeff Man, Len Noe

Enterprise Security Weekly (Audio)

Play Episode Listen Later Jul 15, 2022 119:11

Over the past year, we've seen more buzz develop around attack surface management. In fact, major analyst firms Forrester and Gartner recently released research about this topic. But what exactly is it? In this segment, join Mark St. John, LookingGlass's SVP of Product, to learn more about how to define your attack surface, how to manage it, and how it can help your organization improve its cybersecurity. This segment is sponsored by LookingGlass Cyber. Visit https://securityweekly.com/lookingglass to learn more about them! As the push toward digital transformation continues, every organization is having to choose: Security or experience first? We are entering an era where Security and Identity professionals work together to eliminate tradeoffs and rapidly evolve from technical experts to experience artists. Using solutions that customize, code, and integrate for you while boosting security through MFA, passwordless logins, and risk modernizes your identity experience. This segment is sponsored by Ping. Visit https://securityweekly.com/ping to learn more about them! PCI DSS v4.0 was released on March 31st, 2022 and we've got Jeff Man joining us today to discuss some of the more notable changes that folks should be aware of. Some great resources from Jeff and his employer on PCI 4.0: https://info.obsglobal.com/pci-4.0-resources And the PCI Council's own summary of changes between PCI 3.2.1 and 4.0: https://securityweekly.com/wp-content/uploads/2022/06/PCI-DSS-Summary-of-Changes-v3_2_1-to-v4_0.pdf Extortion, business disruption, and monumental payouts. We'll cover trends in attacker “innovation” and role of identities and credentials. This segment is sponsored by CyberArk. Visit https://securityweekly.com/cyberark to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw279

identity security product svp mfa st john ping gartner looking glass forrester extortion pci pci dss cyberark mark st jeff man branden williams

ESW #279 - Mark St. John, Branden Williams, Jeff Man, Len Noe

Play Episode Listen Later Jul 15, 2022 119:11

Over the past year, we've seen more buzz develop around attack surface management. In fact, major analyst firms Forrester and Gartner recently released research about this topic. But what exactly is it? In this segment, join Mark St. John, LookingGlass's SVP of Product, to learn more about how to define your attack surface, how to manage it, and how it can help your organization improve its cybersecurity. This segment is sponsored by LookingGlass Cyber. Visit https://securityweekly.com/lookingglass to learn more about them! As the push toward digital transformation continues, every organization is having to choose: Security or experience first? We are entering an era where Security and Identity professionals work together to eliminate tradeoffs and rapidly evolve from technical experts to experience artists. Using solutions that customize, code, and integrate for you while boosting security through MFA, passwordless logins, and risk modernizes your identity experience. This segment is sponsored by Ping. Visit https://securityweekly.com/ping to learn more about them! PCI DSS v4.0 was released on March 31st, 2022 and we've got Jeff Man joining us today to discuss some of the more notable changes that folks should be aware of. Some great resources from Jeff and his employer on PCI 4.0: https://info.obsglobal.com/pci-4.0-resources And the PCI Council's own summary of changes between PCI 3.2.1 and 4.0: https://securityweekly.com/wp-content/uploads/2022/06/PCI-DSS-Summary-of-Changes-v3_2_1-to-v4_0.pdf Extortion, business disruption, and monumental payouts. We'll cover trends in attacker “innovation” and role of identities and credentials. This segment is sponsored by CyberArk. Visit https://securityweekly.com/cyberark to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw279

identity security product svp mfa st john ping gartner looking glass forrester extortion pci pci dss cyberark mark st jeff man branden williams

What's New With PCI v4.0 - Jeff Man - ESW #279

Enterprise Security Weekly (Video)

Play Episode Listen Later Jul 1, 2022 45:02

PCI DSS v4.0 was released on March 31st, 2022 and we've got Jeff Man joining us today to discuss some of the more notable changes that folks should be aware of. Some great resources from Jeff and his employer on PCI 4.0: https://info.obsglobal.com/pci-4.0-resources And the PCI Council's own summary of changes between PCI 3.2.1 and 4.0: https://securityweekly.com/wp-content/uploads/2022/06/PCI-DSS-Summary-of-Changes-v3_2_1-to-v4_0.pdf Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw279

pci pci dss jeff man

What's New With PCI v4.0 - Jeff Man - ESW #279

Play Episode Listen Later Jun 30, 2022 45:02

PCI DSS v4.0 was released on March 31st, 2022 and we've got Jeff Man joining us today to discuss some of the more notable changes that folks should be aware of. Some great resources from Jeff and his employer on PCI 4.0: https://info.obsglobal.com/pci-4.0-resources And the PCI Council's own summary of changes between PCI 3.2.1 and 4.0: https://securityweekly.com/wp-content/uploads/2022/06/PCI-DSS-Summary-of-Changes-v3_2_1-to-v4_0.pdf Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw279

pci pci dss jeff man

A Conversation With Information Security Evangelist Jeff Man | Securing Bridges With Alyssa Miller | Episode 5

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Apr 8, 2022 47:20

In this episode, Alyssa talks to Jeff Man about everything from three letter agencies to three letter compliance programs. They discuss the business value of compliance, how it can be used to drive better messaging, and where we fall short in risk discussions in particular.________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestJeff ManSr. Information Security Consultant at Online Business Systems [@obs_global] and Co-Host, Paul's Security Weekly Podcast [@SecWeekly]On Twitter | https://twitter.com/MrJeffManOn LinkedIn | https://www.linkedin.com/in/jeffreyeman/________________________________HostAlyssa MillerOn ITSPmagazine

A Conversation With Jeff Man | Securing Bridges With Alyssa Miller | Episode 5

Securing Bridges

Play Episode Listen Later Apr 8, 2022 47:20

In this episode, Alyssa talks to Jeff Man about everything from three letter agencies to three letter compliance programs. They discuss the business value of compliance, how it can be used to drive better messaging, and where we fall short in risk discussions in particular.________________________________It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.It's time to build and secure the bridge to the business.________________________________GuestJeff ManSr. Information Security Consultant at Online Business Systems [@obs_global] and Co-Host, Paul's Security Weekly Podcast [@SecWeekly]On Twitter | https://twitter.com/MrJeffManOn LinkedIn | https://www.linkedin.com/in/jeffreyeman/________________________________HostAlyssa MillerOn ITSPmagazine

Jeff Man mix live disco house mars 2022

MONTE LE SON JEFF MAN MIX LIVE

Play Episode Listen Later Mar 7, 2022 62:51

1 h de mix disco house !!

mars disco house mix live jeff man

Hacker Highschool: Pete Herzog [ML BSide]

Malicious Life

Play Episode Listen Later Jan 17, 2022 28:53

In the late '80s to early 2000s, the NSA transitioned from being a hardware-first organization - that is, creating and operating physical spying devices - to software-first: excelling in hacking networks, tracking people online, etc. That transition was by no means easy: the NSA, by that point, was a huge organization - and big organizations are notorious for being very resistant to change. Jeff Man, our guest today, was one of the first people at the NSA to make the transition from hardware to software, and he shares with us his experiences from that period.

high school hackers nsa herzog b side jeff man

How the Internet Changed the NSA (B-Side) [Malicious Life]

כל תכני עושים היסטוריה

Play Episode Listen Later Jan 4, 2022 36:13

In the late '80s to early 2000s, the NSA transitioned from being a hardware-first organization - that is, creating and operating physical spying devices - to software-first: excelling in hacking networks, tracking people online, etc. That transition was by no means easy: the NSA, by that point, was a huge organization - and big organizations are notorious for being very resistant to change. Jeff Man, our guest today, was one of the first people at the NSA to make the transition from hardware to software, and he shares with us his experiences from that period.

internet nsa b side jeff man malicious life

How the Internet Changed the NSA [ML BSide]

Malicious Life

Play Episode Listen Later Jan 3, 2022 36:13

In the late '80s to early 2000s, the NSA transitioned from being a hardware-first organization - that is, creating and operating physical spying devices - to software-first: excelling in hacking networks, tracking people online, etc. That transition was by no means easy: the NSA, by that point, was a huge organization - and big organizations are notorious for being very resistant to change. Jeff Man, our guest today, was one of the first people at the NSA to make the transition from hardware to software, and he shares with us his experiences from that period.

internet nsa b side jeff man

jeff man mix live disco house decembre 2021

MONTE LE SON JEFF MAN MIX LIVE

Play Episode Listen Later Dec 17, 2021 65:25

1 h de mix disco house by jeff man https://www.facebook.com/jeffmanofficiel

disco house mix live decembre jeff man

Too Authentic - SCW #97

discord authentic worse jeff man

Play Episode Listen Later Dec 2, 2021 91:29

There's something happening here – and what it is ain't exactly clear to O.G hackers like John Threat or our own Mr. Jeff Man. We're going to devote an episode talking about how things used to be back in the day from a hacker/penetration perspective and discuss how things are today. Are things better? Worse? Depends on your attack vector, perhaps? Join us on Discord and participate in the discussion of what's right and what's wrong in our industry today and what can we do about it. All from a hacker's perspective. Show Notes: https://securityweekly.com/scw97 Visit https://www.securityweekly.com/scw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Too Authentic - SCW #97

Security and Compliance Weekly (audio)

Play Episode Listen Later Dec 2, 2021 91:29

There's something happening here – and what it is ain't exactly clear to O.G hackers like John Threat or our own Mr. Jeff Man. We're going to devote an episode talking about how things used to be back in the day from a hacker/penetration perspective and discuss how things are today. Are things better? Worse? Depends on your attack vector, perhaps? Join us on Discord and participate in the discussion of what's right and what's wrong in our industry today and what can we do about it. All from a hacker's perspective. Show Notes: https://securityweekly.com/scw97 Visit https://www.securityweekly.com/scw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

discord authentic worse jeff man

Hacker Situational Awareness, Part 2 - John Threat - SCW #97

threats discord worse hackers 2john situational awareness jeff man

Play Episode Listen Later Dec 2, 2021 50:38

There's something happening here – and what it is ain't exactly clear to O.G hackers like John Threat or our own Mr. Jeff Man. We're going to devote an episode talking about how things used to be back in the day from a hacker/penetration perspective and discuss how things are today. Are things better? Worse? Depends on your attack vector, perhaps? Join us on Discord and participate in the discussion of what's right and what's wrong in our industry today and what can we do about it. All from a hacker's perspective. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw97

GRC: ”Now What?” w/ Security & Compliance Weekly

The Cyber Ranch Podcast

Play Episode Listen Later Dec 1, 2021 43:22

This week, Allan is joined by Frederick Lee aka “Flee”, Chief Security Officer and Head of IT at Gusto, Jeff Man, host of Security & Compliance Weekly, and notorious infosec curmudgeon, and by Kat Valentine, Security and Compliance Weekly co-host. A few weeks ago Allan appeared on their show to discuss “GRC: ‘What?' and ‘So What?'. In that episode, found here, they take a deep dive into GRC in terms of understanding is purpose and value. In this crossover episode, the group continues the conversation to talk about “GRC: ‘Now what?' (The cultural impact and implementation, risk register, achieving actionable results and much more). Join Allan and the Security & Compliance Weekly team as they dive into overcoming cultural barriers, a continued conversation on the order of priority (“RGC” vs. “GRC”, for example), and enlisting allies in the business. Key Takeaways: 2:20 Implementing GRC culturally – Flee's take 4:13 Jeff's take 6:16 Kat's take 10:43 The CISO – Turning compliance data into actionable results – Jeff's take as an assessor 13:56 Kat's take as an assessor 15:41 Flee's take as a CISO 21:13 Understanding perspectives from all parties 28:10 Sharing problems upstream/Audits vs. Assessments 34:48 Flee's take on “governance vs. doctrine” 37:43 Risk register – training for self sufficiency 42:40 Get in touch! Links: Check out Security and Compliance Weekly! Follow Flee on LinkedIn and Twitter Follow Jeff Man on LinkedIn and Twitter Follow Kat Valentine on LinkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at AttackIQ

head sharing risk security compliance flee gusto audits grc chief security officer rgc jeff man hacker valley studio attackiq

Hacker Situational Awareness, Part 1 - John Threat - SCW #97

threats discord worse hackers 1 john situational awareness jeff man

Play Episode Listen Later Dec 1, 2021 41:01

There's something happening here – and what it is ain't exactly clear to O.G hackers like John Threat or our own Mr. Jeff Man. We're going to devote an episode talking about how things used to be back in the day from a hacker/penetration perspective and discuss how things are today. Are things better? Worse? Depends on your attack vector, perhaps? Join us on Discord and participate in the discussion of what's right and what's wrong in our industry today and what can we do about it. All from a hacker's perspective. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw97

75 - Jeff Man - From the NSA to PCI

The InfoSec & OSINT Show

Play Episode Listen Later Oct 7, 2021 61:51

In episode 75, Jeff Man joins us to talk about his time in the NSA, PCI, Hak4Kidz and content creation. My 3 main takeaways were 1) What red teaming was like in the 80s 2) Why PCI gets a bad reputation and 3) His tips for giving great conference talks. For more information, including the show notes check out: https://breachsense.io/podcast

nsa pci jeff man

Jeff Man Talks about PCI-DSS and the State of Security Compliance

Podcasts – TechSpective

Play Episode Listen Later Sep 7, 2021 50:35

TechSpective Podcast Episode 076 Compliance frameworks and mandates are just a fact of life for anyone working in IT or cybersecurity. The PCI-DSS (Payment Card Industry Data Security Standard) guidelines provided by the credit card industry has had a significant impact. When a compliance mandate includes penalties that might prevent a business from being allowed [...] The post Jeff Man Talks about PCI-DSS and the State of Security Compliance appeared first on TechSpective.

state security compliance mantalks pci dss jeff man

Windows Vulns Galore, Homoglyph Domains, Pegasus, & "Trust No One"! - PSW #703

Play Episode Listen Later Jul 25, 2021 92:47

This week in the Security News: Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor!Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw703

Online Safety & Security: Dating Apps & Online Marketplaces - Jeff Tinsley - PSW #703

Play Episode Listen Later Jul 24, 2021 61:48

Safety in online dating spaces is an issue the dating industry has grappled with for some time; with the surge of dating app usage during the pandemic, the demand for dating apps to take responsibility and ensure safer online interactions is at an all-time high. RealMe is a technology platform that hopes to solve this problem on dating apps (and other online marketplaces) by providing in-app background checks that aggregate publicly available information on criminal records, sex offender status, personal reviews, and more. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw703

safety security scams dating apps spying phishing online safety baiting realme tyler robinson online marketplaces ethical hacking vishing jeff man paul asadoorian leeneely

CyberMarket & Democratisation/Globalisation of CyberSecurity Consulting - Gordon Draper - PSW #703

Play Episode Listen Later Jul 24, 2021 50:30

CyberMarket.com is a marketplace where CyberSecurity Consultancies and clients can find each other. There is a growing trend where CyberSecurity Consultants recognize the gap between what they are worth to a consultancy as being sold out for a daily rate compared to what they get paid. There are a number of consultants who are leaving consultancies to start the next generation of independent / boutique consultancies but they don't have a sales pipeline and sales staff like their old consultancies do. CyberMarket.com is a place to help facilitate the sales pipeline for cybersecurity consultancies of various sizes. Segment Resources: https://www.cybermarket.com There is a blog at https://www.cybermarket.com/homes/blog where an article to help people to start up their own cybersecurity consultancy can be found. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw703

consulting cybersecurity cso draper ciso globalisation tyler robinson democratisation jeff man cybersecurity consulting paul asadoorian segment resources securitydegree securitycareers securitycertifications leeneely

Windows Vulns Galore, Homoglyph Domains, Pegasus, & "Trust No One"! - PSW #703

Play Episode Listen Later Jul 24, 2021 92:47

This week in the Security News: Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor!Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw703

CyberMarket & Democratisation/Globalisation of CyberSecurity Consulting - Gordon Draper - PSW #703

Play Episode Listen Later Jul 23, 2021 50:30

CyberMarket.com is a marketplace where CyberSecurity Consultancies and clients can find each other. There is a growing trend where CyberSecurity Consultants recognize the gap between what they are worth to a consultancy as being sold out for a daily rate compared to what they get paid. There are a number of consultants who are leaving consultancies to start the next generation of independent / boutique consultancies but they don't have a sales pipeline and sales staff like their old consultancies do. CyberMarket.com is a place to help facilitate the sales pipeline for cybersecurity consultancies of various sizes. Segment Resources: https://www.cybermarket.com There is a blog at https://www.cybermarket.com/homes/blog where an article to help people to start up their own cybersecurity consultancy can be found. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw703

consulting cybersecurity cso draper ciso globalisation tyler robinson democratisation jeff man cybersecurity consulting paul asadoorian segment resources securitydegree securitycareers securitycertifications leeneely

Online Safety & Security: Dating Apps & Online Marketplaces - Jeff Tinsley - PSW #703

Security and Compliance Weekly (audio)

Play Episode Listen Later Jul 23, 2021 61:48

Safety in online dating spaces is an issue the dating industry has grappled with for some time; with the surge of dating app usage during the pandemic, the demand for dating apps to take responsibility and ensure safer online interactions is at an all-time high. RealMe is a technology platform that hopes to solve this problem on dating apps (and other online marketplaces) by providing in-app background checks that aggregate publicly available information on criminal records, sex offender status, personal reviews, and more. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw703

safety security scams dating apps spying phishing online safety baiting realme tyler robinson online marketplaces ethical hacking vishing jeff man paul asadoorian leeneely

Constantly Frustrated - SCW #80

Play Episode Listen Later Jul 23, 2021 68:55

This week, we welcome Joseph Kirkpatrick, President at KirkpatrickPrice, to talk about Your Security Is ALWAYS in Scope! Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope. Show Notes: https://securityweekly.com/scw80 Visit https://www.securityweekly.com/scw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

president policy privacy compliance frustrated scope risk management jeff man

Constantly Frustrated - SCW #80

president policy privacy compliance frustrated scope risk management jeff man

Play Episode Listen Later Jul 23, 2021 68:55

This week, we welcome Joseph Kirkpatrick, President at KirkpatrickPrice, to talk about Your Security Is ALWAYS in Scope! Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope. Show Notes: https://securityweekly.com/scw80 Visit https://www.securityweekly.com/scw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Your Security Is ALWAYS in Scope, Part 2 - Joseph Kirkpatrick - SCW #80

security policy privacy compliance scope risk management kirkpatrick jeff man

Play Episode Listen Later Jul 22, 2021 34:01

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw80

Your Security Is ALWAYS in Scope, Part 1 - Joseph Kirkpatrick - SCW #80

security policy privacy compliance scope risk management kirkpatrick jeff man

Play Episode Listen Later Jul 21, 2021 35:03

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw80

The BIOS Disconnect - Scott Scheferman - PSW #702

Play Episode Listen Later Jul 17, 2021 63:12

Eclypsium researchers identified vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This disconnect impacted 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. With cyber-attacks on the rise, firmware security, while often overlooked, might be the next battleground for attackers who continue to target enterprise VPNs and other network devices. Segment Resources: https://eclypsium.com/2021/06/24/biosdisconnect/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw702

education threats windows hacking linux disconnect pcs ransomware malware patches scanning bios vulnerabilities exploits vpns reverse engineering mac os x patching secure boot jeff man eclypsium paul asadoorian segment resources leeneely

The Journey from Network Security Engineer to Podcast Host - Jack Rhysider - PSW #702

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Jul 17, 2021 60:32

In this segment of Paul's Security Weekly, Paul and crew interview Jack Rhysider about how he got his start in Information Security, the projects and careers he worked on over the years, and how he transitioned from a Network Security Engineer to the host of Darknet Diaries Podcast. Segment Resources: https://darknetdiaries.com/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw702

education threats podcast hosts hacking ransomware malware scanning vulnerabilities exploits information security reverse engineering jack rhysider security news security weekly jeff man paul asadoorian network security engineer segment resources leeneely

Glorious Purpose - PSW #702

Play Episode Listen Later Jul 16, 2021 200:03

This week, we kick off the show with an interview featuring Scott Scheferman, Principal Strategist at Eclypsium, to talk about The BIOS Disconnect and vulnerabilities affecting the BIOSConnect feature within the Dell Client BIOS! Next up, we welcome Jack Rhysider, Podcaster and Host of the Darknet Diaries Podcast, to discuss the The Journey from a Network Security Engineer to a Podcast Host! In the Security News, the White House Announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR product gave root to a project developer for years, Trickbot Malware Returns with a new VNC Module to Spy on its Victims, and some of the absolute funniest quotes about cyber security & tech in 2021! Show Notes: https://securityweekly.com/psw702 Segment Resources: https://eclypsium.com/2021/06/24/biosdisconnect/ Visit https://securityweekly.com/eclypsium to learn more about them! https://darknetdiaries.com/ Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

amazon education microsoft ring podcasters threats spies glorious victims podcast hosts hacking ransomware malware scanning vulnerabilities exploits breaches reverse engineering cryptography jack rhysider security news jeff man ransomware task force eclypsium paul asadoorian network security engineer segment resources ai hunter leeneely

Glorious Purpose - PSW #702

Play Episode Listen Later Jul 16, 2021 200:03

This week, we kick off the show with an interview featuring Scott Scheferman, Principal Strategist at Eclypsium, to talk about The BIOS Disconnect and vulnerabilities affecting the BIOSConnect feature within the Dell Client BIOS! Next up, we welcome Jack Rhysider, Podcaster and Host of the Darknet Diaries Podcast, to discuss the The Journey from a Network Security Engineer to a Podcast Host! In the Security News, the White House Announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR product gave root to a project developer for years, Trickbot Malware Returns with a new VNC Module to Spy on its Victims, and some of the absolute funniest quotes about cyber security & tech in 2021! Show Notes: https://securityweekly.com/psw702 Segment Resources: https://eclypsium.com/2021/06/24/biosdisconnect/ Visit https://securityweekly.com/eclypsium to learn more about them! https://darknetdiaries.com/ Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

amazon education microsoft ring podcasters threats spies glorious victims podcast hosts hacking ransomware malware scanning vulnerabilities exploits breaches reverse engineering cryptography jack rhysider security news jeff man ransomware task force eclypsium paul asadoorian network security engineer segment resources ai hunter leeneely

The Journey from Network Security Engineer to Podcast Host - Jack Rhysider - PSW #702

Play Episode Listen Later Jul 16, 2021 60:32

In this segment of Paul's Security Weekly, Paul and crew interview Jack Rhysider about how he got his start in Information Security, the projects and careers he worked on over the years, and how he transitioned from a Network Security Engineer to the host of Darknet Diaries Podcast. Segment Resources: https://darknetdiaries.com/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw702

education threats podcast hosts hacking ransomware malware scanning vulnerabilities exploits information security reverse engineering jack rhysider security news security weekly jeff man paul asadoorian network security engineer segment resources leeneely

The BIOS Disconnect - Scott Scheferman - PSW #702

Play Episode Listen Later Jul 16, 2021 63:12

Eclypsium researchers identified vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This disconnect impacted 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. With cyber-attacks on the rise, firmware security, while often overlooked, might be the next battleground for attackers who continue to target enterprise VPNs and other network devices. Segment Resources: https://eclypsium.com/2021/06/24/biosdisconnect/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw702

education threats windows hacking linux disconnect pcs ransomware malware patches scanning bios vulnerabilities exploits vpns reverse engineering mac os x patching secure boot jeff man eclypsium paul asadoorian segment resources leeneely

Tell the Truth - SCW #79