POPULARITY
RSAC Conference 2025 has been full on, with cybersecurity experts from all over the world descending on San Francisco to share trends, data, and announcements.This year, ITPro has been providing both remote and on the ground coverage from the event, across talks covering topics such as AI security and threat actor methodology.In this episode, Jane speaks to Rory about some of his RSAC coverage and key takeaways from the event.Read more:RSAC Conference 2025 was a sobering reminder of the challenges facing cybersecurity professionalsRSAC Conference Day One: Vibe Is 'All In' on AI for Security“Governance is an irreplaceable role”: Microsoft Security VP on why diversity and sector expertise will keep security workers relevant in the age of agentic AIRSAC Conference day two: A focus on what attackers are doing"There needs to be an order of magnitude more effort"": AI security experts call for focused evaluation of frontier models and agentic systemsCyber defenders need to remember their adversaries are human, says Trellix research headRSAC Conference day three: using AI to do more with less and facing new attack techniques"China has almost doubled their aggression in cyber': Kevin Mandia and Nicole Perlroth warn organizations aren't waking up to growing APT threats
The cybersecurity landscape gets more complicated every year, with emerging technologies such as AI and the shifting geopolitical landscape bringing extra chaos to any CISO's desk.Though automated defense systems are a welcome feather in cap for any company, it's not just the good guys who have access to the latest tools. Off-the-shelf frameworks to launch attacks are becoming more common and businesses can't rely on any single service to be a silver bullet.What are the individual forces at play here? And how can security teams keep up?In this episode, Rory speaks with Kevin Mandia, founder and former CEO at Mandiant and current board member at cybersecurity firm Expel, and Dave ‘Merk' Merkel, co-founder and CEO at Expel, to learn more about the current global cybersecurity landscape and what the future holds for security teams.Read more:State-sponsored cyber attacks: The new frontierThe new ransomware groups worrying security researchers in 2025Stopping cyber attackers from targeting the weakest links in securityStealthy malware: The threats hiding in plain sightWhy attacks against critical national infrastructure (CNI) are such a threat – and how governments are respondingWhy vendor breaches still haunt enterprise IT leadersLondon council claims it faces 20,000 cyber attacks per dayI love magic links – why aren't more services using them?How to create a secure password policyMajority of firms using generative AI experience related security incidents – even as it empowers security teams
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of MITRE ATT&CK with CyberWire Hash Table guests Frank Duff, Tidal Cyber's Chief Innovation Officer, Amy Robertson, MITRE Threat Intelligence Engineer and ATT&CK Engagement lead, and Rick Doten, Centene's VP of Information Security. References: Amy L. Robertson, 2024. ATT&CK 2024 Roadmap [Essay]. Medium. Blake E. Strom, Andy Applebaum, Doug P. Miller, Kathryn C. Nickels, Adam G. Pennington, Cody B. Thomas, 2018. MITRE ATT&CK: Design and Philosophy [Historical Paper]. MITRE. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Historic Paper]. Lockheed Martin Corporation. Nick Selby, 2014. One Year Later: The APT1 Report [Essay]. Dark Reading. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard, 2020. Intrusion kill chains: a first principle of cybersecurity. [Podcast]. The CyberWire. Rick Howard, 2022. Kill chain trifecta: Lockheed Martin, ATT&CK, and Diamond. [Podcast]. The CyberWire. Rick Howard, 2020. cyber threat intelligence (CTI) (noun) [Podcast]. Word Notes: The CyberWire. Kevin Mandia, 2014. State of the Hack: One Year after the APT1 Report [RSA Conference Presentation]. YouTube. SAHIL BLOOM, 2023. The Blind Men & the Elephant [Website]. The Curiosity Chronicle. Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. 05 July 2011. The Diamond Model of Intrusion Analysis. Center for Cyber Threat Intelligence and Threat Research.[Historical Paper] Staff, n.d. Home Page [Website]. Tidal Cyber. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of the 2 Minute Drill, Drex covers the latest cybersecurity news in healthcare. Ascension's cyber event transparency efforts receive praise and scrutiny while facing new lawsuits. The Department of Health and Human Services launches the UPGRADE program to bolster hospital cybersecurity. Kevin Mandia, founder of Mandiant, announces his retirement. Stay informed and stay secure with these updates!Contributions & Community:Become part of the conversation and help shape future episodes by contributing stories and insights. Visit thisweekhealth.com/news and click on "Become a Contributor."Stay Connected:Don't miss out on our upcoming episodes focused on hacking healthcare. Follow our podcast, like and share this post to spread the word, and join the new 229 cyber and risk community for more in-depth discussions and resources.Stay Informed, Stay Secure:Visit thisweekhealth.com/security for more information and resources to bolster your cybersecurity knowledge and defenses.Remember, Stay a little paranoid.
Kevin Mandia is the Founder and CEO of Mandiant, the widely recognized leader in cybersecurity incident response which was recently acquired by Google for $5.4 Billion. On today's episode, Jon Sakoda speaks with Kevin on why he founded Mandiant, and his personal journey to create a company to defend companies against cyber surveillance advanced persistent threats from Russia, China, and North Korea:Seeing the Future of Inevitable Breaches [15:32- 16:05] - Kevin started Mandiant after seeing the most advanced cyber surveillance attacks against this country. His big bet was that even the very best companies would struggle to protect themselves against nation states and that the uneven playing field would create opportunities for a firm that specialized in responding to breaches. Why Mandiant Went Public to Expose Chinese Military Attacks [26:52- 30:44] - In 2013, Mandiant was the first company to go public with an advanced persistent attack (APT-1) that was traced to a Chinese military facility, PLA Unit 61398. Kevin retells the story about how nobody believed him until the New York Times broke the news after 9 years of recorded attacks.How Services Companies Can Become Software Companies [36:24-37:58] - Kevin created his products as a software company by automating the most advanced and sophisticated workflows of his security researchers. Mandiant was built on the premise that great services are the foundation to great software.
Guest: Kevin Mandia, CEO at Mandiant, part of Google Cloud Topics: When you look back, what were the most surprising cloud breaches in 2023, and what can we learn from them? How were they different from the “old world” of on-prem breaches? For a long time it's felt like incident response has been an on-prem specialization, and that adversaries are primarily focused on compromising on-prem infrastructure. Who are we seeing go after cloud environments? The same threat actors or not? Could you share a bit about the mistakes and risks that you saw organizations make that made their cloud breaches possible or made them worse? Conversely, what ended up being helpful to organizations in limiting the blast radius or making response easier? Tim's mother worked in a network disaster recovery team for a long time–their motto was “preparing for the inevitable.” What advice do you have for helping security teams and IT teams get ready for cloud breaches? Especially for recent cloud entrants? Anton tells his “2000 IDS story” (need to listen for details!) and asks: what approaches for detecting threats actually detects threats today? Resources: EP148 Decoding SaaS Security: Demystifying Breaches, Vulnerabilities, and Vendor Responsibilities "Microsoft lost its keys, and the government got hacked" news article SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures (must read by every CISO!)
Host Luke McNamara is joined for this special episode highlighting October as Cybersecurity Awareness Month by Kevin Mandia and DHS Secretary Alejandro Mayorkas. Secretary Mayorkas and Kevin discuss the threat landscape, collaboration between the private sector and government, improving the talent gap in cyber, and ongoing DHS initiatives to foster greater cyber security. For more on the Department of Homeland Security and their work, please see: Cybersecurity | Homeland Security (dhs.gov)Shields Up | CISAJoint Cyber Defense Collaborative | CISAhttps://www.cisa.gov/securebydesignhttps://www.cisa.gov/secure-our-world https://www.cisa.gov/cybersecurity-awareness-monthAlejandro Mayorkas | Homeland Security (dhs.gov)
After nearly a decade, Instacart investors are finally getting their exit. Reddit co-founder and 776 founder Alexis Ohanian was one of Instacart's early investors, and he explains the headwinds and tailwinds facing the business on the day of its long-awaited IPO. In the wake of cyber breaches at Clorox, MGM, and Caesars, cybersecurity CEO Kevin Mandia explains the network of cybercriminals targeting corporations and the cyber defense strategies that will thwart attackers. Mandia led FireEye and is now CEO of Mandiant, a cyber threat intelligence subsidiary of Google. Plus, Elon Musk might start charging users to post on X, and UAW strikers continue their push against US automakers. Leslie Picker - 13:28Alexis Ohanian - 19:33Kevin Mandia - 31:04 In this episode:Alexis Ohanian, @alexisohanianKevin Mandia, @MandiantLeslie Picker, @LesliePickerAndrew Ross Sorkin, @andrewrsorkinJoe Kernen, @JoeSquawkBecky Quick, @BeckyQuickKatie Kramer, @Kramer_Katie
This week, we start with the news: 2 weeks of news to catch up on! 16 funding stories, 4 M&A stories, Cybereason prunes its valuation… a lot, First Republic Bank seized by FDIC, Ransomware is irrelevant Sun Tzu hates infosec, AI Trends, Kevin Mandia's 7 tips for defense, & How much time should we spend automating tasks? Christopher will delve into what lateral security/lateral movement are and identify key lateral security tools (network segmentation, micro-segmentation, advanced threat prevention systems, network sandboxes, and network traffic analysis/network detection and response). He will also touch on why automation is important when it comes to consistent security and the current threat landscape. This segment is sponsored by VMware. Visit https://securityweekly.com/vmwarenetsecrsac to learn more about them! AT&T Cybersecurity released its 12th annual Cybersecurity Insights Report, “Edge Ecosystem,” which highlights the dramatic shift in computing underpinned by 5G, the edge, and the convergence of networking and security. The report found that business and technology leaders are finally coming together not just to understand the new edge computing ecosystem, but to make more predictable, data-informed business decisions. Collaboration among these leaders, as well as external partners in the ecosystem, will be critical for the edge journey ahead – but more progress must be made to better leverage the edge and transform the business. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attrsac to learn more about them! EASM is a critical component of continuous threat exposure management and a necessary step in improving validation and vulnerability management processes. Gartner recently published a report describing the evolution of EASM and where it's headed in the market. We're excited to see the market move in this direction because, at NetSPI, we're already committed to investing in our team and technology to stay ahead of these trends. We already have a head start. This segment is sponsored by NetSpi. Visit https://securityweekly.com/netspirsac to learn more about them! “Man plans, the Universe laughs” - unfortunately, that's been the saying for far too long when it comes to cybersecurity. Security leaders know it's only a matter of time before their organization gets breached, but instead of being ready for it, they rely on fixing the problem after it happens. In Cisco's newest report, the first ever Cybersecurity Readiness Index, it was found that a small minority of businesses globally (15%) consider themselves to be ready and able to defend against the expanding array of cybersecurity risks and threats of today. Organizations need to get ready and stay ready with solutions they can trust. This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them! OpenText Cybersecurity is on a mission to simplify security by delivering smarter, innovative solutions. Geoff Bibby, the SVP of OpenText Cybersecurity Marketing & Strategy, will offer insight into the company's purpose-built approach to create a powerhouse cybersecurity portfolio that scales to meet the security needs of large enterprises down to individual consumers. This segment is sponsored by OpenText. Visit https://securityweekly.com/opentextrsac to learn more about them! The continued headcount shortage facing cybersecurity teams is driving many organizations to embrace Managed Detection and Response (MDR) as a way to combat cyber threats. With this demand, dozens of MDR companies have emerged over the past two years. Critical Start's CTO, Randy Watkins, will discuss the origin of MDR, share evaluation tips, and reveal some of the potential pitfalls. This segment is sponsored by Critical Start. Visit https://securityweekly.com/criticalstartrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw316
This week, we start with the news: 2 weeks of news to catch up on! 16 funding stories, 4 M&A stories, Cybereason prunes its valuation… a lot, First Republic Bank seized by FDIC, Ransomware is irrelevant Sun Tzu hates infosec, AI Trends, Kevin Mandia's 7 tips for defense, & How much time should we spend automating tasks? Christopher will delve into what lateral security/lateral movement are and identify key lateral security tools (network segmentation, micro-segmentation, advanced threat prevention systems, network sandboxes, and network traffic analysis/network detection and response). He will also touch on why automation is important when it comes to consistent security and the current threat landscape. This segment is sponsored by VMware. Visit https://securityweekly.com/vmwarenetsecrsac to learn more about them! AT&T Cybersecurity released its 12th annual Cybersecurity Insights Report, “Edge Ecosystem,” which highlights the dramatic shift in computing underpinned by 5G, the edge, and the convergence of networking and security. The report found that business and technology leaders are finally coming together not just to understand the new edge computing ecosystem, but to make more predictable, data-informed business decisions. Collaboration among these leaders, as well as external partners in the ecosystem, will be critical for the edge journey ahead – but more progress must be made to better leverage the edge and transform the business. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attrsac to learn more about them! EASM is a critical component of continuous threat exposure management and a necessary step in improving validation and vulnerability management processes. Gartner recently published a report describing the evolution of EASM and where it's headed in the market. We're excited to see the market move in this direction because, at NetSPI, we're already committed to investing in our team and technology to stay ahead of these trends. We already have a head start. This segment is sponsored by NetSpi. Visit https://securityweekly.com/netspirsac to learn more about them! “Man plans, the Universe laughs” - unfortunately, that's been the saying for far too long when it comes to cybersecurity. Security leaders know it's only a matter of time before their organization gets breached, but instead of being ready for it, they rely on fixing the problem after it happens. In Cisco's newest report, the first ever Cybersecurity Readiness Index, it was found that a small minority of businesses globally (15%) consider themselves to be ready and able to defend against the expanding array of cybersecurity risks and threats of today. Organizations need to get ready and stay ready with solutions they can trust. This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them! OpenText Cybersecurity is on a mission to simplify security by delivering smarter, innovative solutions. Geoff Bibby, the SVP of OpenText Cybersecurity Marketing & Strategy, will offer insight into the company's purpose-built approach to create a powerhouse cybersecurity portfolio that scales to meet the security needs of large enterprises down to individual consumers. This segment is sponsored by OpenText. Visit https://securityweekly.com/opentextrsac to learn more about them! The continued headcount shortage facing cybersecurity teams is driving many organizations to embrace Managed Detection and Response (MDR) as a way to combat cyber threats. With this demand, dozens of MDR companies have emerged over the past two years. Critical Start's CTO, Randy Watkins, will discuss the origin of MDR, share evaluation tips, and reveal some of the potential pitfalls. This segment is sponsored by Critical Start. Visit https://securityweekly.com/criticalstartrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw316
This week, we start with the news: 2 weeks of news to catch up on! 16 funding stories, 4 M&A stories, Cybereason prunes its valuation… a lot, First Republic Bank seized by FDIC, Ransomware is irrelevant Sun Tzu hates infosec, AI Trends, Kevin Mandia's 7 tips for defense, & How much time should we spend automating tasks? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw316
This week, we start with the news: 2 weeks of news to catch up on! 16 funding stories, 4 M&A stories, Cybereason prunes its valuation… a lot, First Republic Bank seized by FDIC, Ransomware is irrelevant Sun Tzu hates infosec, AI Trends, Kevin Mandia's 7 tips for defense, & How much time should we spend automating tasks? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw316
For our last episode of the year, Mandiant CEO Kevin Mandia joins host Luke McNamara for a year in review of 2021. The discussion includes a look back at the SolarWinds incident one year later as well as look forward to 2022 with the three things that are top of his mind going into the New Year. Additionally, Kevin touches on the future of Mandiant and the Mandiant Advantage platform.
Sen. Angus King (I-Maine) and FireEye CEO Kevin Mandia join The Post to discuss the looming cybersecurity threats to both government and private systems and share what measures can be deployed to counter the growing problem.
Jesse Trucks is the Minister of Magic at Splunk, where he consults on security and compliance program designs and develops Splunk architectures for security use cases, among other things. He brings more than 20 years of experience in tech to this role, having previously worked as director of security and compliance at Peak Hosting, a staff member at freenode, a cybersecurity engineer at Oak Ridge National Laboratory, and a systems engineer at D.E. Shaw Research, among several other positions. Of course, Jesse is also the host of Meanwhile in Security, the podcast about better cloud security you're about to listen to.Show Notes:Links: ABT1 Report: https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf Securing Your Cloud Transformation Journey: https://onwireco.com/2021/06/08/securing-your-cloud-transformation-journey/ TeamTNT Strikes Again: A Wake-Up Call to Start Securing Cloud Entitlements: https://securityboulevard.com/2021/06/teamtnt-strikes-again-a-wake-up-call-to-start-securing-cloud-entitlements/ Secure Access Trade-offs for DevSecOps Teams: https://beta.darkreading.com/vulnerabilities-threats/secure-access-trade-offs-for-devsecops-teams?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple Cyber Gangs: Who are they in 2021 and what do they Want?: https://securityintelligence.com/articles/cyber-crime-gangs-who-are-they-today/ Required MFA is not Sufficient for Strong Security: A Report: https://www.darkreading.com/cloud/required-mfa-is-not-sufficient-for-strong-security-report/d/d-id/1341263 With Cloud, CDO and CISO Concerns are Equally Important: https://www.itsecuritynews.info/with-cloud-cdo-and-ciso-concerns-are-equally-important/ Colonial Pipeline CEO: Ransomware Attack Started via Pilfered ‘Legacy' VPN Account: https://beta.darkreading.com/attacks-breaches/colonial-pipeline-ceo-ransomware-attack-started-via-pilfered-legacy-vpn-account Cloud Security: Why Being Intentional in Encryption Matters: https://securityintelligence.com/articles/cloud-security-intentional-encryption/ CSPM explained: Filling the gaps in cloud security: https://www.csoonline.com/article/3620049/cspm-explained-filling-the-gaps-in-cloud-security.html Five worthy reads: Confidential computing–the way forward in cloud security: https://securityboulevard.com/2021/06/five-worthy-reads-confidential-computing-the-way-forward-in-cloud-security/ Data Protection in the K-12 Cloud: https://securityboulevard.com/2021/06/data-protection-in-the-k-12-cloud/ Cybersecurity Executive Order 2021: What it Means for Cloud and SaaS Security: https://thehackernews.com/2021/06/cybersecurity-executive-order-2021-what.html Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users: https://thehackernews.com/2021/06/hackers-can-exploit-samsung-pre.html Top 10 security items to improve in your AWS account: https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/ TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Announcer: Are you building cloud applications with a distributed team? Check out Teleport, an open-source identity-aware access proxy for cloud resources. Teleport provides secure access for anything running somewhere behind NAT SSH servers, Kubernetes clusters, internal web apps, and databases. Teleport gives engineers superpowers. Get access to everything via single sign-on with multi-factor authentication, list and see all SSH servers, Kubernetes clusters, or databases available to you, and get instant access to them using tools you already have. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. And best of all, Teleport doesn't get in the way. Download Teleport at goteleport.com. That's goteleport.com.Jesse: Us security people and the general news media like talking about APT this and APT that however, like most things with cybersecurity, the term isn't even explained. The term is Advanced Persistent Threat—or APT—and it came from Kevin Mandia, founder of Mandiant, a security company, in the famous ABT1 Report as it's called, released in early 2013, is a fascinating read. Well, maybe some of us love reading these things.There's a lot of hype around APTs and what it all means. An APT is essentially a well-funded hacking group, usually with nation-state backing. This means some government is funding and/or training and otherwise supporting the efforts of what amounts to a criminal enterprise attacking assets. Most of us shouldn't care much about APTs though, as long as we secure our cloud accounts and use properly configured multi-factor authentication, or MFA.Meanwhile, in the news. Securing Your Cloud Transformation Journey. Plan, build, run, repeat. Plan, build, run, repeat. It's so simple, however, the details are complex and varied at every one of these stages to reduce the possibility of something catastrophic happening.TeamTNT Strikes Again: A Wake-Up Call to Start Securing Cloud Entitlements. If you don't secure your IAM credentials for cloud services, the keys to your kingdom will be shared about by nefarious actors. I've recently pointed out that this ABT group, the TeamTNT, was harvesting easy-to-obtain credentials. I love a chance to hammer on basic protocols and methodology since almost nobody actually follows them correctly. Go secure your cloud credentials right now.Secure Access Trade-offs for DevSecOps Teams. Proper security is a balance between the needs of service delivery or data availability and safety. Work with your development groups at the left end, or start of your development process, to find that balance early.Cyber Gangs: Who are they in 2021 and what do they Want? I found this a tad on the sensationalist side of things, and because it focuses on the human-driven, highly targeted attacks, it seems like the world is caving under the pressure of cyber street gangs tearing us all apart. Despite this, it has good advice, and I think the topic is a very interesting peek into things most of us don't see.Required MFA is not Sufficient for Strong Security: A Report. Multi-factor authentication—or MFA—is not the pinnacle of protection. MFA is highly valuable, but only when you set it up correctly and close all the side and back doors of your floating house in the clouds. Don't forget to lock up on your way out.With Cloud, CDO and CISO Concerns are Equally Important. Now, most of us won't have a Chief Data Officer—or CDO—but that doesn't mean we shouldn't include the creators and curators of our precious data. Just say no to the culture of no.Colonial Pipeline CEO: Ransomware Attack Started via Pilfered ‘Legacy' VPN Account. Really? Really? In most situations like this, there's a root cause here that most people overlook: incomplete or inaccurate asset management systems. If you don't know what you have, you can't track how to secure it. Do you want to become international news because you forgot to monitor some VPN system nobody actually uses?Cloud Security: Why Being Intentional in Encryption Matters. Of course we should encrypt all the things, but we should do it sanely. Ensure you have personally identifiable information—or PII—and protected health information—or PHI—and other highly sensitive materials encrypted both at rest, which means sitting on storage devices or services of some sort, like S3 buckets and in transit, which means a network transaction such as sending query result records for a web app.Announcer: If your mean time to WTF for a security alert is more than a minute, it's time to look at Lacework. Lacework will help you get your security act together for everything from compliance service configurations to container app relationships, all without the need for PhDs in AWS to write the rules. If you're building a secure business on AWS with compliance requirements, you don't really have time to choose between antivirus or firewall companies to help you secure your stack. That's why Lacework is built from the ground up for the cloud: low effort, high visibility, and detection. To learn more, visit lacework.com. That's lacework.com.Jesse: CSPM explained: Filling the gaps in cloud security. Cloud security posture management—or CSPM. Great, another acronym for another security product category. This might grow legs and go places, so bone up on it while we all experiment with it to see how useful and reliable it actually is.Five worthy reads: Confidential computing–the way forward in cloud security. I love me a meta-post; you are listening to one right now. So, I'll reference another source that's just a list of other sources, yeah? These are great pointers to more in-depth coverage on confidential computing and what that means. Confidential computing is essentially encryption of data via hardware, rather than the software or application layer. In theory, this makes it harder to decrypt the data. I'm in a wait-and-see place with that though.Data Protection in the K-12 Cloud. Being the principal for a K-through-five school, I love this one. It's a great read or listen—it's a podcast with a partial transcript—and I highly recommend listening to this one. Elementary schools often have huge budget shortfalls, even the private schools. It makes it difficult for us to implement proper security at such a small scale. It is, however, worth every second you spend on security and privacy.Cybersecurity Executive Order 2021: What it Means for Cloud and SaaS Security. Biden's executive order on improving the nation's cybersecurity is a dense read, but Hacker News breaks it down for us normal people. Can you guess my favorite part in the executive order? Email me with your answer.Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users. I try not to pick on any particular company because everyone fails in some way or another, and everyone gets pwned at some point. However, I've heard Android users complain about the Samsung builds being full-up with junk you don't need. Now, there's even more reason to be suspicious of the default software. If I ran Android devices still, I'd consider going back to the days when I ran CyanogenMod and broke my phone every few days. Nah, I'll keep my Apple device, thanks.And now for the tip of the week. Read the AWS Security Blog starting with Top 10 security items to improve in your AWS account entry from last year in March. This walks you through what AWS sees as the most critical things to look at and do, such as using MFA—correctly please—responding to things found in GuardDuty, and limiting security groups. For some of us implementing all of these things might be a big ask and large hurdle to leap over. However, their work will pay off handsomely.And that's it for the week, folks. Securely yours Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.
If you’ve ever worked for a bigger company, you know that it’s easy to get bogged down by software and other restrictions in the name of security. Heck, I was once told I couldn’t work off-site because of it, and we had a VPN! Well, Jason Meller was sick of that and he suspected others were too, so he started Kolide. We talk all about what inspired him to take the leap and start a company, how he and his team built the software and the honest security manifesto! In Build Something More, we talk about cybersecurity and fear-mongering. (more…) View on separate page Transcript Joe Casabona: Real quick before we get started, I want to tell you about the Build Something Weekly newsletter. It is weekly, it is free, and you will get tips, tricks, and tools delivered directly to your mailbox. I will recap the current week’s episode and all of the takeaways, I’ll give you a top story, content I wrote, and then some recommendations that I’ve been using that I think you should check out. So it is free, it is a weekly, it’s over at howibuilt.it/subscribe. Go ahead and sign up over at howibuilt.it/subscribe. Hey, everybody, and welcome to Episode 218 of How I Built It, the podcast that asks: how did you build that?, the podcast that offers actionable tech tips for small business owners. My name is Joe Casabona, I’m your host. Today our sponsors are TextExpander, Restrict Content Pro, and the Events Calendar. You’ll be hearing about them more later in the show. Right now I want to bring on our guest, Jason Meller. He is the CEO and founder of Kolide. We’re going to be talking about restructuring, how SAS products are built, how comprehensive solutions can impact scalability, and of course, we’ll learn a little bit about Kolide. Jason, how are you today? Jason Meller: Good. Thanks for having me on. I really appreciate it. Excited to talk about SAS. Joe Casabona: Likewise, thanks for coming on the show. When y’all reached out to me, I was excited to kind of hear… You know, we’ve talked about SAS before on this show, but a lot of stuff has happened since that episode. The global pandemic is one thing that happened. But also we still… Jason Meller: Just a little thing. Joe Casabona: Yeah, just that small thing that’s been going on for a year now as we record this. But also we’ve seen a big rise in things like no-code solutions and things like that. So I’m excited to talk more. The show is also pivoted from a big focus on WordPress products, so just general technology products. So I’m excited with that in mind to get started. But before we talk about all things SAS, why don’t you tell us a little bit about who you are and what you do? Jason Meller: As you said, my name is Jason Meller. I’m the CEO and founder of Kolide. But before that, my whole career has really been about cybersecurity. And not just securing devices and organizations and things like that, but actually building products for other folks that are in cybersecurity discipline. I found out very early on in my career that while I really enjoyed the practitioner part of being an incident responder and looking at it like cyber intelligence and things like that, as an engineer and someone who’s really obsessed with product, I found I got way more out of actually building the tools and capabilities that made those people a lot smarter, better, and faster for jobs. I found that out my first real job doing this professionally at General Electric on their Computer Incident Response Team, where I was hired on the team to really be doing intelligence type stuff, and then I just kind of was like, “Man, I really want to build really cool tools for these really smart people in my team.” And I ended up doing that and then basically building an entire career out of that. I moved on from GE to a company called Mandiant. They were sort of the company that you would call if you were compromised by one of those super advanced threat actors. I’m talking about nation states like Russia and China. You would call this company and then they would send these consultants in suits and ties. We were called the million-dollar company because if you gave us a call and we actually sent out consultants, you were probably going to be paying us at least a million dollars to deal with a major incident response effort. So in that context, it was a lot of fun building products there. And then over time, I realized that I was really good at the business side of this as well, and I wanted to strike out and do my own thing. And that’s how I started to Kolide. In 2016 is really a point in my life where I decided, “You know what? I think I can build my own product. I want to build a business around it. I want to do a startup.” And I transitioned from my last organization to starting the company. Joe Casabona: That’s fantastic. It sounds like you’re doing some really… I was going to say high level stuff, but it’s probably more low level stuff, right? You’re building products help with cybersecurity. Mandiant, it seems like they’re probably pretty busy given the current events that are going on and all the breaches that we’ve been hearing about lately. Jason Meller: Yeah, yeah. The CEO there, Kevin Mandia, he was actually just doing a congressional testimony a week or so ago over the solar winds hack, where they found basically all this malware in this very, very popular security product that most companies have and directly attributing it to major nation state that was using it to do reconnaissance and other types of really scary stuff on all our organizations. So, when I was working there, Kevin was always on the ground floor of probably the most important incidents of that time period. We were responding to all the major ones that were happening when I was there in the early 2000s. You mentioned I really like to kind of go low level into the stuff. The reality is, is the reason why I got into building products in the first place is I actually like distilling down really complicated topics to people who have never been exposed to them before. So a big part of what we do at Kolide is we try to make these really complex topics, something that’s accessible to someone who’s entering the industry, they’re a first time practitioner, or even end-users who have this type of software endpoint monitoring software on their devices. I’ll talk a little bit about that later in terms of the ethics around that. But ultimately, I really love talking about these types of topics with beginners and people who are just interested in the industry. Joe Casabona: That’s really fantastic. And cybersecurity is definitely something that I am interested in as well. I want to dig more into it. I think that’s probably a great topic for us to talk about in Build Something More. So if you are a member, you will get that in the episode you’re listening to right now. If you’re not, you can sign up over at buildsomething.club. So we’ll talk about cybersecurity in Build Something More. I’m really excited about that. Let’s get back into SAS stuff because I just started thinking about all these questions for later. So your current SAS, Kolide, is focused on cybersecurity or data security in some way, right? Jason Meller: Yeah, we actually call it HONEST Security. A big thing that I wanted to tackle when we started Kolide was I just felt that the current security industry was really almost sick, in the sense that we as engineers and people who work for large organizations, we started these companies, and then we are provisioned these laptops or sometimes we’re even allowed to bring our own and all this cybersecurity software sort of foisted onto that laptop. Now that we’re working from home and everything, it just felt weird to me that the software which can open up programs, it can really understand what your web browser history is, and you do all these things in the name of security, it just felt like to me that we really need to explore the privacy and the rules of engagement for how the security team should really be interacting with end users. End users in the security don’t really have like a really good relationship at most companies, even really technical organizations. The people who are building stuff feel really frustrated by the limitations imposed by the security you get in these laptops, they’re super locked down. “Oh, I can’t get Docker working. Is it because my firewall is messed up. And oh, I can’t even play with the firewall because all the options are grayed out.” This is pretty typical. And there’s just no one out there that was really thinking about this. So I wanted to build a security product that really focused on making that relationship between the security team and the end users a lot better, and actually putting them on the same page on a lot of different cybersecurity issues, like keeping their computer up to date and working properly without having to lock it down. So while cybersecurity and endpoint security are huge technical topics. Our application is actually really simple. It’s actually a web app and it also is a Slack app. So we work with companies that use Alack and we use an application that we built and we serve from the Slack App Store. And we actually work together with them to build this experience where you can actually work with the security team and collaborate on all the maybe the issues that you have in your device, like the firewall being off or you’re missing patches. And it’s really about having a hand on your shoulder from the security team, letting me know how you can manually get your device into a secure state without having to opt in to all this additional management, which could really impact productivity. So I wanted to build a product in that space, which is not a space that exists. So I had to write a whole manifesto about what HONEST Security was. That’s free. It’s on a website called honest.security. That’s the whole domain. So if you go there and check it out, you can kind of get a sense of what we’re going for with that entire topic. But yeah, that’s what the product is in essence. Sponsor: This episode is brought to you by Restrict Content Pro. If you need a fast, easy way to set up a membership site for yourself or your clients, look no further than the Restrict Content Pro WordPress plugin. Easily create premium content for members using your favorite payment gateway, manage members, send member-only emails, and more. You can create any number of subscription packages, including free levels and free trials. But that’s not all. Their extensive add-ons library allows you to do even more, like drip out content, connect with any number of CRMs and newsletter tools, including ConvertKit and Mailchimp and integrate with other WordPress plugins like bbPress. Since the Build Something Club rolled out earlier this year, you can bet it’s using Restrict Content Pro. And I have used all of the things mentioned here in this ad read. I have created free levels. I’ve created coupons. I use ConvertKit and I’m using it with bbPress for the forums. I’m a big fan of the team, and I know they do fantastic work. The plugin has worked extremely well for me and I was able to get memberships up and running very quickly. Right now, they are offering a rare discount for how I built it listeners only: 20% off your purchase when you use RCPHOWIBUILTIT at checkout. That’s RCPHOWIBUILTIT, all one word. If you want to learn more about Restrict Content Pro and start making money with your own membership site today, head on over to howibuilt.it/rcp. That’s howibuilt.it/rcp. Thanks to Restrict Content Pro for supporting the show. And now let’s get back to it. Joe Casabona: You know, I was self-employed for a long time, then I worked for my alma mater, the University of Scranton, which for all intents and purposes most higher education are giant corporations with nonprofit budgets. There was a back and forth between me a web developer who likes to try out new tools and new local development environments and the lockdown nature of my machine. I couldn’t access certain ports. I had to put in requests with the other department in our IT area to get. And it would take me a couple of… I just started bringing my own laptop and doing things. Jason Meller: There you go. That’s exactly the problem we’re trying to solve. Because I think there’s a lot of security teams out there that believe that they are actually solving a security issue by locking down these devices. But what they’re really doing is they’re actually killing their own visibility into the issue because people are bringing their own laptops in because they feel so you’re trapped by these restrictions. They can’t get their work done. And they need to. I mean, it’s their livelihood, they have projects, they have expectations that they’ve made with their boss. You don’t really want to wake up like 10 minutes before you’re about to give a presentation and realize, “Oh, I can’t even turn off screen lock, my demo is going to get all interrupted when I’m recording because it’s like set to some insane degree.” At Kolide, we believe that end users really do have enough capability and knowledge to manage the security of their device. They just need to know what to do, and understand what the expectations are of the security team. It should be giving a little bit of nuance and I would say some latitude in terms of how they really can manage that based on the circumstances that they’re in. If I’m in an airport, that’s probably the right place for me to really set the screen lock to be like two minutes, because I might get up, I might go to the bathroom, I’m going to leave the whole thing out. But if I am at home, and we’re all home from COVID-19 working remotely, I don’t need it to be two minutes. I’m here. I’m surrounded by trusted family. No one’s coming over. Those are decisions I can make. As long as I’m staying within the parameters of what the security team really expects me to do and I can have a conversation with them, then that’s a much better solution than just wholesale locking down everybody to the worst possible level because that’s the only way you can do it. Joe Casabona: Right. And not to mention… I mean, I’m a savvy enough person to know what I should and shouldn’t be doing on the internet. Most times. I’m not saying I’m foolproof. But the big warning signs are there. But for the faculty at the University who might not know better, who are equally as frustrated, who then bring their laptops in, they might be even more compromised now because now they’re currently on the network, they’re doing stuff. We one time… maybe this is a story for Build Something More. But we one time had this JavaScript inserted into every single page of our content management system. So maybe I will tell that story and Build Something More. But it’s frustrating. It seems like you had the passion for this, you have the domain knowledge. Did you do other research to see if this was something that was viable from a market standpoint? Jason Meller: Yeah. I guess a piece of advice for the folks out there thinking, “I want to do a startup and maybe I want to build SAS products specifically.” I remember when I was a lot younger, I would often have ideas and then the first thing I would do is I would go on Google and I would go and see if anyone else had thought of that idea before. And then if I found any version of that idea out there, I was immediately discouraged. I was like, “Oh, this isn’t a new thing. I don’t want to do it.” But what I’ve learned over time is that oftentimes your passion for something doesn’t necessarily… just because there’s something out there doesn’t necessarily mean you have to avoid doing it. You can have a better iterative take on something out there that already exists without… you don’t have to come up with something completely brand new novel 100% in order to be successful in business. Sometimes it’s just an improvement or just a spin on something that exists out there. For HONEST Security, there was really nothing out there that I would say existed that really kind of focused on this issue. But there’s an entire industry of endpoint security products that are out there that have maybe little aspects of this. Like they have Slack notifications, but maybe they’re not interacting with end users. I think it would have been foolish for me to kind of look at those little starts and fits that other companies are doing and say, “Okay, they’re clearly going to head in that direction so I’m just going to give up.” I think if you’re really focused and passionate about a problem, you should still go for it if there are existing incumbents in the space. And sometimes you’ll find, you know, as you build out the entire idea and actually go through iterations of building it and getting in front of real people, that where you started from actually changes completely by the time you actually ship something by the end of it, and you ended up in a completely different direction, but you’re grateful for that journey. So I think if you’re passionate about a problem, sometimes doing your market research can help but I wouldn’t let that influence your decision 100% or whether or not you should actually move forward with it or not. Joe Casabona: I think that’s great advice, and it harkens back to a few previous episodes of great advice I got. First of all, maybe there’s a pre-existing product that doesn’t tell a good story or present the solution as good. So there’s that. If there is a pre-existing product, it means that there is a market for what you want to do, right? Jason Meller: Right. Joe Casabona: So just because there’s competition it doesn’t necessarily… I mean look at all the calculator or weather apps on the App Store. Then the other one is from a friend of mine, Scott Bollinger, who talked about kind of what you said about getting it out there into the hands of users. Get an MVP out there as soon as possible and start getting feedback. Because ultimately, the users will shape the direction your product goes in. Jason Meller: And there’s a good example of that. At Kolide, when we first started this process, we really wanted to focus on connecting the security team with the end users. And the first step of that was really the security team be able to convey what issues are on those devices and give users step by step feedback. But when we did that, we realized that it felt really strange for an end user who didn’t even know what Kolide was to suddenly get this ping out of nowhere. Like, “Hey, your devices missing these patches and your firewall is disabled, and here are the steps of how you can resolve that.” It’d be like if you know someone just burst in your house and there’s just demanding things. That wasn’t something that we… It sounds funny in hindsight but it wasn’t something that we thought about when we were building the MVP version of this experience. So we spent a lot of time thinking about how can we really put people at ease on the privacy aspect of this. And we actually arrived at an area where they actually self-install the agent. So we actually reach out to them via slack as an introduction, explain what this whole thing is, and then you actually install the installation package that puts the endpoint agent, that thing that gets all the telemetry on the device. Yourself versus it just being sort of foisted upon you by the IT security team. And that’s something that doesn’t exist. We’re the only security company that I’m aware of that actually encourages you to have the end users to install the main piece that makes it work. That was not something that we just got in the room and we thought of just out of the sky. It was based on talking with real people and hearing their concerns. So the most novel parts I think about our system are due to the feedback that we’ve had from our earliest iterations, not things that we thought of before we embarked on building anything. Joe Casabona: That’s such a great story and it makes perfect sense. I want to ask you the title question here, “how did you build it?” before pivoting into the more blue sky philosophical sort of questions, I guess. So you mentioned that this was a web app and a Slack app? Jason Meller: Yes. Yes. Funny story. We built it twice. The first time we did not build it well, and I think it’s because we took a very traditional I think VC-backed startup approach to how are we going to build our MVP. And we kind of embraced all the hot tech that was out there. We were like, “Okay, what’s the…” This is going all the way back to like 2017 or so. Like, “We want to build it in Golang because Golang is really good right now, everybody’s really talking about that, we’re going to host it on Kubernetes because Google just released their own container, you know, hosted version of Kubernetes, so let’s put it on there. And we want to, of course use React, and we want this to be micro services,” and so on and so forth. What we ended up realizing was that we didn’t suit the technologies that we chose to the actual talents that we had within the organization. We just assumed, I would say, sort of naively that we could just instantly transitions from tech that we had known and grown up with to I think really modern tech. And that ended up causing a lot of issues. In fact, most of the discussion at the company and the innovation that we were building was really just on the technical aspects of managing all these components, versus what we should have been talking about, which is actually building the product and having product discussions in order… what is the user experience of this going to look like, and not really worrying so much about the architecture. So we kind of crashed and burned pretty hard, I would say, at the end of 2018 or so, and we decided, “You know what? We are just building on top of this shifting sand and we just need to start over.” And that’s exactly what we did. The model from that point forward was “let’s keep it as simple as possible and let’s not concern ourselves with these major architectural designs and future scalability issues.” I think that a lot of engineers really worry too early about scalability when it’s not warranted. In fact, they’re worried that they’re going to have to scale up really, really fast, and they’re not going to be able to do it. Like their product is just going to be so successful, it’s going to be like the next Twitter, or they’re going to have the same reaction that Clubhouse is having right now. And then suddenly, they’re going to be completely hosed and they’re going to lose their moment. But that is so rare in practice. In fact, the thing that you should be optimizing for is that scaling up, but scaling down when your idea isn’t quite right. If you make all of these financial investments, financial investments in the form of your time as an engineer, but also shelling out money to, you know, Google Cloud Platform and AWS for all these expensive servers and container frameworks and things like that, it becomes really, really hard to actually scale that down to a financially feasible slow burn as you actually get your first few customers in the door and really understand what your product is. I think it’s more important that you protect yourself from not the outcome of your products going to exceed past your wildest machinations. It’s can you actually protect yourself in a scenario, the most likely scenario where your product isn’t going to do well? And you need to learn a lot more about why. And you need to at least a year or two of timeframe to really be able to do that and make the iteration is necessary. So try to figure out how you can scale your solution and your architecture down or make it so that it’s easy to do that, so you have as much time as possible. In Kolide, for us specifically, I was always a Ruby on Rails developer. I started off in PHP and then I really kind of fell in love with Ruby around the time. PHP really started taking off with classes and things like that that really, really kind of just grabbed me in. So we just focused on that. Instead of like trying to host it ourselves, we just went to Heroku and we hosted the whole thing there. And you know what? It turns out these platforms as service providers, like Heroku and some of the other ones that are out there, they’re probably the Laravel community and everything, they are really, really good at helping you scale when you are successful. So right now the biggest part of our app that’s I think challenging from an architecture perspective is the fact that we have all these devices out there for our customers, like tens of thousands of devices, and they’re all checking in on a regular interval to our device server. And there’s a lot of traffic to handle there. But the reality is is that it’s web traffic, and we can put the data in the database. And we don’t need all these crazy, hot technologies to layer into that to perform I would say, very, very basic operations. Like data comes in, we save it in the database, we visualize it in a web app that’s built-in Ruby on Rails. And then on the Slack app side, Slack has made it really, really easy with some very basic API [unintelligible 00:24:43] to have a really compelling experience. So we built that inside of the Rails app as well. And it’s really, really simple. and it’s something that we can maintain with three or four engineers, not like this hoard of hundreds of engineers that are really focused on the infrastructure and the operations and “oh, we need a front end engineer, and that front end engineer needs to collaborate with someone who’s going to really be building a back end API so they can plumb everything together.” That’s just not the reality of how the financials work at an early stage startup. You need to be able to have features go out the door without a lot of different hands touching them. The companies that have built all these crazy new technologies that are not so much new now, they’re huge. And they built these technologies to solve organizational issues at their size. That doesn’t necessarily mean these technologies are appropriate for companies that only have two or three people in them because those problems are just non-existent at a company of that scale. Sponsor: This episode is brought to you by TextExpander. In our fast-paced world, things change constantly, and errors in messaging often have significant consequences. With TextExpander, you can save time by converting any text you type into keyboard shortcut called a snippet. Say goodbye to repetitive text entry, spelling and message errors, and trying to remember the right thing to say. When you use TextExpander, you can say the right thing in just a few keystrokes. TextExpander lets you make new approved messaging available to every team member instantly with just a few keystrokes, ensuring your team remains consistent, current, and accurate. TextExpander can also be used in any platform, any app and anywhere you type. So take back your time and increase your productivity. But that’s not all it does. With its advanced snippets, you can create fill-ins, pop-up fields, and more. You can even use JavaScript or AppleScript. I can type out full instructions for my podcast editor, hi, Joel, in just a few keystrokes. Another one of my favorite and most used snippets is PPT. This will take whatever text I have on my keyboard and convert it to plain text. No more fighting formatting is I’m copying from Word or anyplace else. Last month I saved over two hours in typing alone. That doesn’t even take into the account the time I saved by not having to search for the right link, text, address, or number. You have no idea how many times I want to type out a link to a blog post or an affiliate link and I can’t remember it and then I have to go searching for it. That generally takes minutes. But since I have a TextExpander snippet, it takes seconds. TextExpander is available on Mac OS, Windows, Chrome, iPhone, and iPad. I’ve been using it a lot more on my iPhone lately because I’ve been working from my iPhone more because there are days when I’m just not in front of my computer right now. If you’ve been curious about trying TextExpander or simple automation in general, now is the time. Listeners can get 20% off their first year. Just visit textexpander.com/podcast and let them know that I sent you. Thanks so much to TextExpander for sponsoring the show. And now let’s get back to it. Joe Casabona: I’m a web developer… I’m sure this is for all programmers, but it’s like, “Oh, did you see the new thing? .js or whatever? We should use the new thing .js.” And I’m like, “I don’t want to use it. Why do I need to learn a new thing when I don’t know if I’m even going to need it?” I was working on an app for a hosting company a couple of years ago and they’re like, “We should make this headless WordPress and use Gatsby.” And I’m like, “Why? There’s no reason for us to use Gatsby. I don’t know Gatsby. And if I have to learn Gatsby, I’m going to charge you the hours it takes me to learn Gatsby because we don’t really need it.” So I think you’re absolutely right. Actually, this conversation here is timely to when we record this because I was lamenting how I was going to build out the community aspect of the membership. Again, I’m a web guy, I’m a WordPress guy, I was like, “I’ll just use like bbPress or BuddyPress, two plugins that bolt on the community. But no offense to the people who maintain bbPress, but it definitely looks like it was made in 2004 and I wanted something that looked nicer. And I was like, “I could invest all of my own development time to make bbPress and BuddyPress work the way I want, or I could just pay Circle.so 30 or 40 bucks a month and have everything. And on Twitter, I got a lot of well like, “You should just build it yourself. That’s what I did.” Someone said like, “That’s what I did, though nobody’s using the community.” They kind of said tongue in cheek. And I’m like, “So you invested all this time for nobody to even use the community.” Jason Meller: Right. That’s right. Joe Casabona: In two months, if nobody’s using the community, I can just stop paying for Circle instead of burning hours. You triggered me a little bit there but in the best way possible. Again, do the minimum viable thing instead of burning development hours when you don’t need to for the sake of trying the new thing or using this tool that you want to try out. Jason Meller: Yeah. I think that you touched on something. You said you’ve been doing web development for a while, and I have as well. And I think that there’s almost like a self-deprecating ages and thing that can kind of come up when you reach a certain age and you suddenly feel like there’s all this new technology that’s… it was a slow burn, like it was really kind of coming up, and then it just appeared and then everybody started using it. And then you almost feel like, “Oh, my gosh, am I becoming that old dude that doesn’t know what’s going on anymore? Am I going to be left behind.” I think that type of anxiety and that sort of self-deprecating “am I really in the mix anymore?” can force really bad errors of judgment in terms of “You know what? I need to learn something” that you really don’t need to learn, and in fact, might actually be worse than the thing that you already know. I think that when you’re really young and inexperienced, everything is brand new and you don’t have the benefit of the history of how all these things came together. So something that may not be optimal is fine by you and you’re going to learn that thing. But when you’re older and you have experience, you can compare and contrast how this new thing works compared to how used to build stuff. And sometimes the new thing is way worse. And you’re just like, “Why did I do this when I actually was much happier and more productive and there’s more maturity in the libraries and there’s more things for me to be able to kind of plug into this thing? What am I doing?” I think that’s where we ended up. And it sounds like it’s a very easy problem to avoid. But when you get in your own head, and you start thinking about those things, it can really force these errors that really just don’t need to happen early on in your company. Joe Casabona: Yeah, absolutely. I mean, in the WordPress space, Gutenberg is the big thing, and everyone’s like, “You need to learn React.” I haven’t learned React yet and so far I’m okay. I’m like, “I haven’t lost a job because I haven’t learned React. I’m reluctant. I mean, now it’s probably I know it’s around to stay. But I learned Angular Version 1 and then Angular was like, “We’re changing everything in Version 2.” And then React came out, and then Vue came out. And I’m like, “I’m just going to solve the problem the best way I know how.” So I think that this is really important. Jason Meller: True. Joe Casabona: This can be translated to… Jason Meller: I was just going to say, by the way, don’t feel bad about learning React. We don’t build a stitch of React that Kolide and we have an incredibly successful web application. I am 100% anti-React. That’s basically what I was alluding to earlier when I said there’s these new things. I’m 100% on this camp of let’s bring as much back to the server side as possible. I grew up in an era where when you were coding for the web and you got to pick whatever language you want. It didn’t have to be JavaScript. You could pick anything. You could build a web app in C++, you could build it in COBOL if you wanted to. It really didn’t matter. And that’s the thing that’s really special about the web is that if you know HTML and you want to build something on the back end, you could do it in anything. And that is not the case with really any other platform that’s out there. Like if you want to build an iOS app, yes, there’s Electron and React Native and all these other technologies. But if you really want to build a good app, you have to do it in Swift or Objective-C. Like you just have to. That’s the lingua franca of the device. But on the web, that isn’t the case. And I feel like these React folks are now bringing like Server-side React, and they’re trying to make JavaScript the language of the web on both sides, which is fine for them. But someone who hates JavaScript, I don’t want to go there. I think that that actually is really important that we preserve that aspect of the web and how it came from and the flexibility and the freedom that’s there. So my hope is that React maybe can stand the client side and doesn’t end up being this thing that just eats the world. Because I think you can build really, really well-designed web apps that are performant, that are exciting, and making millions of dollars without even writing a stitch of it. And I hope that that continues to be the case. And I’m advocating for a world that exists. I didn’t expect to say that on this podcast, but here I am. Joe Casabona: Oh, that’s perfect. We can talk about more on this in Build Something More if it suits us because I have a lot of opinions about that as well. Jason Meller: Sure. Joe Casabona: Now that we’ve gotten really nerdy I’ll probably add chapters, like podcast player chapters to this one because I do want to bring it back to the small business owner who is maybe interested in building a SAS, but we’re a year into a pandemic as we record this, maybe there’s some economic uncertainty. It seems like the outlook changes every week. Why would we want to build a SAS right now? Jason Meller: It is a really great question. I think it’s very counterintuitive to say that actually it’s a really good time to start thinking about new business ideas, and specifically SAS products right now. But that’s actually how I feel. When you have these big societal shifts like the pandemic and everybody working remotely, they create opportunities that were none existed before. That’s very much the case at Kolide. We started it before the pandemic but we realized, because of the pandemic, people’s attitudes were really shifting about how security agents and the surveillance they were having on their device, the context of that just felt different when everybody was working from home than when you’re in a cubicle or in an office that’s really maintained by your employer. Suddenly, solutions like Slack and Microsoft Teams and all these things were way greater use than they were, most startups were using them and engineering style organizations were, but not every company on the earth. And now suddenly, these organizations, they’re looking for ways to use the existing apps that they’ve always used but now in a context where everybody is remote. And they really want them to be integrated in these chat-like experiences. So we just happen to be in the right place the right time. But my advice to folks who are thinking about how do you capitalize on this pandemic specifically is start looking at what is the ideal interactions that these business owners and business employees are really looking for in terms of dealing with their HR app, and how do I deal with expenses and things like that. Suddenly, all the incumbents in the space are on their back foot because new players can enter in and really offer a compelling experience that feels way more relevant to folks who are really not working from home, and doing 100% of their communication through a chat window or maybe Zoom. I think that that’s the seed that can generate this entire ecosystem of new stuff. Obviously, the pandemic is really scary, and people are losing their jobs, and there’s a lot of uncertainty there. But if you are someone who has an entrepreneurial spirit, you’ll often find opportunity in those lowest points. Now, I’m speaking from a position of privilege because I had the money to be able to kind of have the savings to be able to strike off and do it on my own. I had some investors come in and things like that. And not everybody has that opportunity. But I encourage folks who can do that and feel confident in their ability to do that, to find an opportunity, see where something isn’t working and draw from your own experience. If you’re frustrated by something, it probably means there’s tons of other folks that are frustrated by that exact same thing. It doesn’t have to be this huge, massive multimillion-dollar startup, it can just be something small that you sell online, and you just get on gumroad and just throw something out there. It doesn’t have to be even technology. It could just be an idea that you codified into a book that eventually can become something that’s backed by software or something else that you can sell a subscription for. So I encourage folks to take these dark times and look for opportunities there because that’s where new solutions can be born out of just changing circumstances. This pandemic is certainly a big example of that. Sponsor: This episode is brought to you by the Events Calendar, the original calendar for WordPress. This free plugin helps you with calendaring, ticketing, and more powerful tools to help you manage your events from start to finish. Whether you run school events, concert at a venue, or fundraisers for nonprofits, the Events Calendar gives you the tools you need to make it your own. And with the Events Calendar Pro, you can create custom views, recurring events, add your own custom fields to events, and much more. Run virtual events? No problem. With the Virtual Events add on you can quickly and easily manage your online-only or hybrid events. With deep Zoom integration, custom virtual event coding for search engine optimization, and the ability to embed video feeds directly on your website, the Events Calendar makes putting virtual and hybrid events together easier. And I can’t stress this one enough. Let me tell you, I have tried to roll my own webinar software, my own live stream event software, and it is difficult. And I have 20 years’ experience making websites. The Events Calendar is the tool that you need to make virtual events a lot easier. You can even sell tickets and only show the stream to ticket holders. If you run events, whether in-person or online, you need the Events Calendar. Head on over to howibuilt.it/events to learn more. That’s howibuilt.it/events to start running your events more efficiently today. Thanks so much to the Events Calendar for supporting the show. And now let’s get back to it. Joe Casabona: It is important to highlight that certain people are afforded certain opportunities more than others. But I still in 2020, I am a firm believer in the American dream and I know that there are a lot of people who are still able to pull themselves up by their bootstraps and do things in a way to put themselves in a better situation. Jason Meller: That’s true Joe Casabona: With the government handing out money right now, if it’s a little extra money that maybe… I’m not a financial adviser. But if it’s extra money that maybe you can put aside, invest in yourself a little bit and put that money towards having an MVP developed or something like that. Jason Meller: You know, everybody’s situation is a little bit different. There’s Maslow’s hierarchy of needs—you got to take care of your essentials before you can really start thinking about these things. I don’t want to get into the whole social-economic situation of our country right now, but the reality is, is that when you don’t have a lot of money, and I know this from experience, graduating from college and not having a lot of money, it weighs on you mentally. Suddenly, a simple trip to the grocery store, where today I can fly into the grocery store, now I don’t even go. I just order online and they just deliver it to me. But before, like last year, I would just go and I really wouldn’t be looking too hard at the prices because I didn’t have to. But when you’re on a really tight budget, suddenly something as simple as going to the grocery store becomes very exhausting because you’d have to do all this math. “Oh, is this check going to bounce if I got this extra thing?” And it can add up over time. I’m hoping that the relief from COVID-19 I think helps folks. I think it has a chilling effect that maybe all those anxious thoughts, and maybe people can start thinking about higher order activities like career and building things and things like that. That’s what that aid can sometimes help with. And my hope is that people see it that way. Joe Casabona: That’s a much better point than I made. Listen to Jason. Awesome. Well, man, we covered a lot of ground here: cybersecurity, how things are built, starting a SAS, socio-economic conditions. Before we wrap up, I do need to ask you my favorite question, which is, do you have any trade secrets for us? Jason Meller: Yes. I kind of gave it away earlier. I was saving that for the trade secret. But again, taking stock into how things change over time and then understanding where the opportunity is generated. And I just talked about how that was the case Kolide with this pandemic and people really starting to wake up from the work from home situation. But there’s things like that that happen all the time. And they don’t have to be these monumental society shifts. Sometimes it’s more of like a slow burn. Sometimes they’re political, sometimes it’s something that’s in the news. But things change all the time. And we sometimes just take for granted that all the things that we’re doing today are going to be the things that we do forever. But it was just 20 years ago that we’re driving to Blockbuster and renting movies that way. And everything has changed if you really think about it. It’s very important to kind of pinpoint those moments where it tips just a little bit too much where suddenly something that made a lot of sense and everybody wanted to do, it doesn’t make any sense anymore and nobody wants to do it. And that’s where you need to seize that opportunity and see that moment before anyone else does, and then hyper-focus on building something that solves a problem. And it’s very important not to think about that academically. You want to think about it from your own experience. Because if you’re feeling that pain, others are feeling it as well, and you’re solving a real problem, versus like I think this is a problem, I’m just gonna take a guess. The second best thing to do is talk to people. But even better than that is you just have so much empathy for the problem because you are facing it. Those are the best places to start. You can save a lot of time and shortcut, a lot of market research if you know the problem inside and out because it’s one that you have. So that’s the trade secret is pick the problems that suit you because you’re not going to have a lot of time to like meet thousands of people that experience this problem and come up to speed and then build a whole thing yourself. Solve problems that you’re familiar with and you understand because then you can get on podcasts like this and passionately talk about them without having to do a ton of research because they’re just part of you. So that is my trade secret is solve problems that you have. And you can build businesses on top of that if you do it well enough. Joe Casabona: I love that. I feel like you read the blog post I published a couple of weeks ago where I basically say that. It’s called What Baby Clothes Can Teach You About Your Business or something like that. Basically, how we have these baby clothes that must have been designed by a parent because they’re so easy. In the pre-show… I don’t know if you want to make this public or not. Jason Meller: No, it’s fine. Go for it. Joe Casabona: In the pre-show, we were talking about how you’re a new parent, eight-month -ld baby girl. I have an eight-month-old son. Man, that smile on your face right now that nobody can see but me is just the pure joy that a kid brings you right before they throw up all over you. Jason Meller: That’s right. Joe Casabona: So you’ve probably been awake in the middle of the night trying to change your kid. And these pajamas—this is a tangent—they have a reverse zipper on them so that you zip up to unzip them. They must have been designed by a parent. Because the snap-on ones are definitely just designed by some random person who’s never touched a kid before. But the reverse zipper ones, this person understood the problem, the way that Jason is telling you to understand and solve problems. So bringing it back, Jason, this has been such a great conversation. If people want to learn more about you, where can they go? Jason Meller: I mentioned this earlier in the podcast. But if there’s one thing that you want to look into me about is I want you to read HONEST Security. You can find that just by going to honest.security. That’s the whole URL. If you want to learn a little bit more about Kolide, you can visit us on the web at Kolide.com. Kolide with a K. And if you want to follow me on Twitter, you can hit me up @JMeller. Joe Casabona: Awesome. This has been absolutely fantastic. Stick around for Build Something More, where we’re going to talk about cybersecurity, maybe Clubhouse and JavaScript tools. There’s a lot that we could cover honestly. For all the show notes as well as a link to the club, you can go over to howibuilt.it/218. Thanks so much to our sponsors: TextExpander, Restrict Content Pro, and the Events Calendar. And Jason, thanks so much for your time. I really appreciate it. Jason Meller: Thanks for having me. Joe Casabona: And until next time, get out there and build something. Sponsored by:Restrict Content Pro: Launch your membership site TextExpander: Get 20% off your first year by visiting the this link. The Events Calendar Source
Never before has a hack of this sophistication and scale been seen. But now that 18,000 organizations are considered breached, what can the hacked information be used for? We walk through the worst case scenario possibilities of what the cyberattackers could do with the SolarWinds hack data -- from espionage to overwhelming electric grids -- and what that could mean for all of us, including those in the high performance computing industry. We also explore the Senate and congressional hearing testimonies given by Kevin Mandia, CEO of FireEye, and Brad Smith, President of Microsoft, about what the hackers went after once they were in the system, and whether the future of cloud poses a greater risk or a stronger solution.
Never before has a hack of this sophistication and scale been seen. But now that 18,000 organizations are considered breached, what can the hacked information be used for? We walk through the worst case scenario possibilities of what the cyberattackers could do with the SolarWinds hack data -- from espionage to overwhelming electric grids -- and what that could mean for all of us, including those in the high performance computing industry. We also explore the Senate and congressional hearing testimonies given by Kevin Mandia, CEO of FireEye, and Brad Smith, President of Microsoft, about what the hackers went after once they were in the system, and whether the future of cloud poses a greater risk or a stronger solution.
THIS IS PART TWO - CONTINUATION FROM EPISODE 38A fool is a person who acts unwisely or imprudently. A Tool Fool is someone who unwisely or imprudently loves tools. They don't necessarily love the tools they have; they just love tools. The more tools, the better.Don't be offended. We're all fools from time to time. When it comes to our information security, we do the best we know how. We don't intentionally act the fool, but when it comes to our tools, too many of us ARE the fool.Don't be the Tool Fool!Here's are 10 things about the Tool Fool:1. Brags about their tools, but they don't know how to use them.2. Brags about a big budget, but they can't justify it.3. Thinks “tool first” instead of a “needs first”.4. Thinks tools fix process.5. Thinks tools makes problems easier to solve.6. Likes easy but confuses “easy” with “simple”.7. Has tools they don't know they have.8. Advocates for tools because fools like company.9. Oblivious to they're most significant risks.10. Knows how to use some of their tools but won't to use them well*.The Tool Fool costs the organization more than they know. Tool Fools waste money on tools they don't need, don't understand, and/or can't use. The Tool Fool can convince themselves that their tools will keep them secure when the opposite is true. Worst yet, the Tool Fool's work has convinced management of the same.The Tool Fool has a false sense of security. The Tool Fool makes security worse.The Tool Fool is the topic for this Thursday's (3/4) Security Shit Show with Chris, Evan, and Ryan. Be sure to catch the show LIVE on YouTube at 10pm/2200 CST!*This is relevant to a dialog between Senator Wyden (D-OR) and witnesses (Kevin Mandia, Sudhakar Ramakrishna, Brad Smith, and George Kurtz) in the recent open hearing, “Hearing on the Hack of U.S. Networks by a Foreign Adversary” before the U.S. Senate Intelligence Committee (2/23). This particular exchange happens at 1:22:08 in the recording here: https://www.intelligence.senate.gov/hearings/open-hearing-hearing-hack-us-networks-foreign-adversary, and has been transcribed here: https://evanfrancen.com/unsecurity-episode-121-show-notes/
A fool is a person who acts unwisely or imprudently. A Tool Fool is someone who unwisely or imprudently loves tools. They don't necessarily love the tools they have; they just love tools. The more tools, the better.Don't be offended. We're all fools from time to time. When it comes to our information security, we do the best we know how. We don't intentionally act the fool, but when it comes to our tools, too many of us ARE the fool.Don't be the Tool Fool!Here's are 10 things about the Tool Fool:1. Brags about their tools, but they don't know how to use them.2. Brags about a big budget, but they can't justify it.3. Thinks “tool first” instead of a “needs first”.4. Thinks tools fix process.5. Thinks tools makes problems easier to solve.6. Likes easy but confuses “easy” with “simple”.7. Has tools they don't know they have.8. Advocates for tools because fools like company.9. Oblivious to they're most significant risks.10. Knows how to use some of their tools but won't to use them well*.The Tool Fool costs the organization more than they know. Tool Fools waste money on tools they don't need, don't understand, and/or can't use. The Tool Fool can convince themselves that their tools will keep them secure when the opposite is true. Worst yet, the Tool Fool's work has convinced management of the same.The Tool Fool has a false sense of security. The Tool Fool makes security worse.The Tool Fool is the topic for this Thursday's (3/4) Security Shit Show with Chris, Evan, and Ryan. Be sure to catch the show LIVE on YouTube at 10pm/2200 CST!*This is relevant to a dialog between Senator Wyden (D-OR) and witnesses (Kevin Mandia, Sudhakar Ramakrishna, Brad Smith, and George Kurtz) in the recent open hearing, “Hearing on the Hack of U.S. Networks by a Foreign Adversary” before the U.S. Senate Intelligence Committee (2/23). This particular exchange happens at 1:22:08 in the recording here: https://www.intelligence.senate.gov/hearings/open-hearing-hearing-hack-us-networks-foreign-adversary, and has been transcribed here: https://evanfrancen.com/unsecurity-episode-121-show-notes/
Consensus is growing around a series of recommendations that the government can implement to help safeguard both the public and private sectors against major cyberattacks. In the wake of the SolarWinds breach, lawmakers turned to industry for recommendations on how to ensure that kind of incident doesn’t happen again. More from Federal News Network's David Thornton.
On December 8th, 2020, news broke that FireEye, a leading global cybersecurity firm, had been hacked by a foreign entity. Immediately following the release, CEO Kevin Mandia demonstrated a refreshing approach to leading his company through this difficult period - he was forthright and honest about the breach. In our inaugural episode, Claudette sits down with Kevin to find out exactly what happened. Joining Claudette is former Intelligence Agent, David, to discuss how individuals and organizations can tap into different ways to increase personal protection and resiliency.
Last year Russia infiltrated the digital networks of federal agencies and many of America’s largest corporations, and last week’s armed insurrection on the US Capitol was fomented through disinformation campaigns on social media. Cyberattacks and manipulation of elections and domestic affairs threaten national security and global relations. John Carlin of the Aspen Institute’s Cybersecurity & Technology Program leads a conversation with Kevin Mandia, CEO of FireEye, the cybersecurity company that uncovered last year’s massive Russian hack, Senator Mark Warner, Vice Chair of the Senate Intelligence Committee, and Luta Security’s founder and digital defense expert Katie Moussouris. They discuss how the Russian hack was discovered and what it means for the future of digital security worldwide, including how to assign responsibility for cybersecurity and social media failures. Senator Warner also shares his assessment of the damage of a foreign-led cyber attack compared to the domestic insurgence he experienced at the Capitol. Their conversation was recorded on January 7, 2021.
In this Holiday edition of the podcast I discuss the Top 5 cyber incidents of 2020, give a few honorable mentions and play part of Kevin Mandia's Face The Nation interview, because when Kevin talks, I listen. Thank you for listening and telling your friends. If you have questions or thoughts on the podcast, please email me at Darren@thecyburguy.com.
On this episode of What Lies Beneath, we're featuring a conversation from Interos' 2020 summit for the Financial Services Industry (FSI) featuring Meg Anderson from Principal Financial Group, Jim Routh from MassMutual, and Phil Venables from Goldman Sachs, in conversation with Kevin Mandia, CEO of FireEye. With decades of experience in digital risk, they provide lessons learned on how to integrate into C-suite and Board conversations and priorities to help improve enterprise resilience against epic business disruptions. As part of the summit, the panel discussed: The biggest supply chain risks facing companies as a result of the COVID pandemic What we worry about in the supply chain, and how to address those supply chain risks The new normal that we're all facing as we navigate through a global pandemic Some of the challenges facing those in the cybersecurity industry are facing at this point, and how they're protecting enterprise operations in the midst of it all. All guests' participation in our summit was purely as a public service and is in no way an endorsement of Interos.
In our last 'Blackout Series' of 2020, a special segment with Brigadier General Gregory Touhill, the former #CISO of President Barack Obama, we covered takeaway lessons from leaders who have been made in crisis. This was such a timely episode - especially in the aftermath of FireEye's announcement of their attack by a Nation State Actor. Greg discussed with Podcast host, Shamane Tan, their example of getting things right in a breach. From the positive lessons that we can learn today from FireEye's response to the pro-active leadership that Kevin Mandia is showing in a time of crisis, Greg also shared about the best #BCP that he has seen. From the frequency of the technical drills and executive training that should be conducted, to what should be included in the #board education and some of the lessons we can takeaway from the military when it comes to communicating a #crisis externally... Greg also walked through an example of a hacked company that didn't do it right and went bankrupt. Don't miss the last bonus segment as Greg even predicts what 2021 will look like for businesses. Gregory Touhill - https://www.linkedin.com/in/gregorytouhill/ Shamane Tan - https://www.linkedin.com/in/shamane/ #cybersecurity #hacked #cyberattack #crisis #CISO #fireeye #breach
COVID has affected every business differently, forcing many to make increasingly difficult decisions, many of which have unintended consequences for cybersecurity. On this episode of What Lies Beneath?, we talk to Kevin Mandia, the CEO of FireEye. Prior to assuming his current role, Kevin served as FireEye's President, and before that was the founder and CEO of his own company Mandiant, which rose to national prominence in 2013 after exposing Chinese cyber-espionage. We talk about: -The top 5 Risks in Cyber right now -Unique challenges presented by data Storage -How achievable is the Zero Trust Supply Chain? -Check out our October 1 Digital Summit here for more from Kevin, along with Sen. Mark Warner (D-VA), Dr. Richard Haass, Jim Routh (MassMutual), and others!
Listen to Adriana Sanford, Cyber Security Legal Expert, give her opinions on why countries are reacting to Blockchain Technology differently, how crypto currencies like Bitcoin are using Blockchain to record digital transactions, and how Blockchain technology is transforming business around the globe. Sanford also discusses the debate among lawyers and regulators around the world as to whether or not Bitcoin is a legitimate currency and what the future of Bitcoin and other crypto currencies looks like moving forward into the future. In this episode, host George Rettas also discusses the consequences of what a Cyber War would be between Russia and the United States, and what private companies should do to protect themselves.
In our 166th episode of the Steptoe Cyberlaw Podcast—a companion to episode 165—Stewart Baker is joined by guest Kevin Mandia, CEO and Board Director of FireEye, where they discuss FireEye’s report entitled Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.
On Friday, March 31st, the Senate Select Committee on Intelligence held its first open hearing in its investigation into Russian interference in the U.S. election on "Disinformation: A Primer in Russian Active Measures and Influence Campaigns." The experts before the committee, including Eugene Rumer, Roy Godson, Clint Watts, Kevin Mandia, General Keith Alexander, and Thomas Rid, gave a useful rundown of the scope and mechanics of Russian influence. There's just one problem: their testimony ran five hours long. So once again, we've cut down the hearing to a snappy two hours, bringing you just the good parts.
Kevin Mandia, chief executive of cyber security firm FireEye, joins the FT's Hannah Kuchler to discuss how Russian hackers changed the rules of engagement of cyber espionage. Mr Mandia and his company, Mandiant, came to prominence in 2013 when it released a report implicating China in cyber spying. The company was later sold to FireEye for $1bn. This interview was recorded in early December 2016. See acast.com/privacy for privacy and opt-out information.
FireEye exec and cyber security expert Kevin Mandia talks about the Sony hack and what it means for tech at our event in San Francisco. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Today, Kevin Mandia is on the show talking about the State of the Incident Response, CyberSpeak Listeners get big discount to SANS Forensic Summit (CODE: Cyberspeak10), Ovie and Bret discuss listener email, PC Magazine's Cybercrime hall of fame hackers, Shawn Henry gets a promotion as the new FBI AD Cyber-Division and legalalities of boarder searches. Web site picks of the week are http://vajachoice.com/index1.html and http://privnote.com
This week we talk about Mandiant's webinar, vmware, DOJ CCIPS, police using data brokers, Blackhat, the top 100 security tools, Windows call back, a Washington Post story incorrectly quoting Kevin Mandia, and ZoHoShow.
Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference
During the course of 2004 and 2005, we have responded to dozens of computer security incidents at some of America's largest organizations. Mr. Mandia was on the front lines assisting these organizations in responding to international computer intrusions, theft of intellectual property, electronic discovery issues, and widespread compromise of sensitive data. Our methods of performing incident response have altered little in the past few years, yet the attacks have greatly increased in sophistication. Mr. Mandia addresses the widening gap between the sophistication of the attacks and the sophistication of the incident response techniques deployed by "best practices." During this presentation, Mr. Mandia re-enacts some of the incidents; provides examples of how these incidents impacted organizations; and discusses the challenges that each organization faced. He demonstrates the "state-of-the-art" methods being used to perform Incident Response, and how these methods are not evolving at a pace equal to the threats. He outlines the need for new technologies to address these challenges, and what these technologies would offer. He concludes the presentation by discussing emerging trends and technologies that offer strategic approaches to minimize the risks that an organization faces from the liabilities the information age has brought. Kevin Mandia is an internationally recognized expert in the field of information security. He has been involved with information security for over fifteen years, beginning in the military as a computer security officer at the Pentagon. He has assisted attorneys, corporations, and government organizations with matters involving information security compliance, complex litigation support, computer forensics, expert testimony, network attack and penetration testing, fraud investigations, computer security incident response, and counterintelligence matters. Mr. Mandia established Red Cliff specifically to bring together a core group of industry leaders in this field and solve client's most difficult information security challenges. Prior to forming Red Cliff, Kevin built the computer forensics and investigations group at Foundstone from its infancy to a multi-million dollar global practice that performed civil litigation support and incident response services. As technical and investigative lead, Mr. Mandia responded on-site to dozens of computer security incidents per year. He assisted numerous financial services and large organizations in handling and discretely resolving computer security incidents. He also led Foundstone's computer forensic examiners in supporting numerous criminal and civil cases. He has provided expert testimony on matters involving theft of intellectual property and international computer intrusion cases.
Black Hat Briefings, Las Vegas 2005 [Video] Presentations from the security conference
During the course of 2004 and 2005, we have responded to dozens of computer security incidents at some of America's largest organizations. Mr. Mandia was on the front lines assisting these organizations in responding to international computer intrusions, theft of intellectual property, electronic discovery issues, and widespread compromise of sensitive data. Our methods of performing incident response have altered little in the past few years, yet the attacks have greatly increased in sophistication. Mr. Mandia addresses the widening gap between the sophistication of the attacks and the sophistication of the incident response techniques deployed by "best practices." During this presentation, Mr. Mandia re-enacts some of the incidents; provides examples of how these incidents impacted organizations; and discusses the challenges that each organization faced. He demonstrates the "state-of-the-art" methods being used to perform Incident Response, and how these methods are not evolving at a pace equal to the threats. He outlines the need for new technologies to address these challenges, and what these technologies would offer. He concludes the presentation by discussing emerging trends and technologies that offer strategic approaches to minimize the risks that an organization faces from the liabilities the information age has brought. Kevin Mandia is an internationally recognized expert in the field of information security. He has been involved with information security for over fifteen years, beginning in the military as a computer security officer at the Pentagon. He has assisted attorneys, corporations, and government organizations with matters involving information security compliance, complex litigation support, computer forensics, expert testimony, network attack and penetration testing, fraud investigations, computer security incident response, and counterintelligence matters. Mr. Mandia established Red Cliff specifically to bring together a core group of industry leaders in this field and solve client's most difficult information security challenges. Prior to forming Red Cliff, Kevin built the computer forensics and investigations group at Foundstone from its infancy to a multi-million dollar global practice that performed civil litigation support and incident response services. As technical and investigative lead, Mr. Mandia responded on-site to dozens of computer security incidents per year. He assisted numerous financial services and large organizations in handling and discretely resolving computer security incidents. He also led Foundstone's computer forensic examiners in supporting numerous criminal and civil cases. He has provided expert testimony on matters involving theft of intellectual property and international computer intrusion cases.
Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference
During the course of 2005 and 2006, we have responded to dozens of computer security incidents at some of America’s largest organizations. Mr. Mandia was on the front lines assisting these organizations in responding to international computer intrusions, theft of intellectual property, electronic discovery issues, and widespread compromise of sensitive data. Our methods of performing incident response have altered little in the past few years, yet the attacks have greatly increased in sophistication. Mr. Mandia addresses the widening gap between the sophistication of the attacks and the sophistication of the incident response techniques deployed by "best practices." During this presentation, Mr. Mandia re-enacts some of the incidents; provides examples of how these incidents impacted organizations; and discusses the challenges that each organization faced. He demonstrates the "state-of-the-art" methods being used to perform Incident Response, and how these methods are not evolving at a pace equal to the threats. He outlines the need for new technologies to address these challenges, and what these technologies would offer. He concludes the presentation by discussing emerging trends and technologies that offer strategic approaches to minimize the risks that an organization faces from the liabilities the information age has brought. "
Black Hat Briefings, Las Vegas 2006 [Audio] Presentations from the security conference
"During the course of 2005 and 2006, we have responded to dozens of computer security incidents at some of America’s largest organizations. Mr. Mandia was on the front lines assisting these organizations in responding to international computer intrusions, theft of intellectual property, electronic discovery issues, and widespread compromise of sensitive data. Our methods of performing incident response have altered little in the past few years, yet the attacks have greatly increased in sophistication. Mr. Mandia addresses the widening gap between the sophistication of the attacks and the sophistication of the incident response techniques deployed by "best practices." During this presentation, Mr. Mandia re-enacts some of the incidents; provides examples of how these incidents impacted organizations; and discusses the challenges that each organization faced. He demonstrates the "state-of-the-art" methods being used to perform Incident Response, and how these methods are not evolving at a pace equal to the threats. He outlines the need for new technologies to address these challenges, and what these technologies would offer. He concludes the presentation by discussing emerging trends and technologies that offer strategic approaches to minimize the risks that an organization faces from the liabilities the information age has brought. "
In this episode we interview President of Red Cliff Consulting, Mr. Kevin Mandia, about trends in incident response. Also we talk about the windows registry, what not to do when interviewing for a tech job, brief talk with Nicholas Harbour about new version of DCFLDD, and NSA document redaction guidelines.