POPULARITY
Guest: Masha Sedova, Co-Founder & President of Elevate SecurityOn LinkedIn | https://www.linkedin.com/in/mashasedova/Host: Matthew RosenquistOn ITSPmagazine
Guest: Masha Sedova, Co-Founder & President at Elevate SecurityOn LinkedIn | https://www.linkedin.com/in/mashasedovaHost: Dr. Rebecca WynnOn ITSPmagazine
Interested in behavioral science? The training and awareness side of cybersecurity might be for you – and you should hear Masha Sedova's story. She offers a fascinating look at the human attack surface – which presents a whole new set of challenges – and they aren't all technical. She has built a career on solving these challenges, and she sheds light on this lesser-known side of the cybersecurity world.
Did you miss Black Hat this year? Well you won't miss the great conversations that were had, as Allan captured so many good ones for this special Black Hat retrospective episode. Did you get to attend Black Hat this year? See if your experience was as amazing as Allan's! This show is LIVE and untarnished. It's the real Black Hat experience! In this episode, Allan talks to (in alphabetical order, with timestamps): 1:02 - Dani Woolf, Founder & CEO at Audience 1st 3:06 - Daniel Blackford, Manager of Threat Research @ Proofpoint 6:48 - Dean Sysman, CEO @ Axonius 8:19 - Deepen Desai, Global CISO & Head of Security Research @ ZScaler 15:39 - G. Mark Hardy, host of the CISO Tradecraft Podcast 18:42 - Glen Pendley, CTO @ Tenable 23:54 - Kayne McGladrey, Field CISO @ Hyperproof 24:52 - Leigh Honeywell, CEO @ Tall Poppy 25:52 - Masha Sedova, CEO @ Elevate Security 28:47 - Nate Warfield, Director of Research @ Eclypsium 31:43 - Rich Berthao, Cybersecurity Leader, Planner, and Innovator 32:41 - Rob Labbé, CEO and CISO in Residence for the Mining and Metals ISAC This show captures an amazing week! Sponsored by our good friends at Seraphic Security. Seraphic helps you defend your digital workplace with security and DLP for every browser and essential desktop apps like Microsoft Teams, Slack, Asana, and Notion. Protect against compromise and prevent data loss via the web with Seraphic.
Today's guest is Masha Sedova, President and co-Founder of Elevate Security. I wanted to talk to her about how she confronts these ideas and how she thinks about measuring and mitigating human risk. Follow Masha: LinkedIn, Twitter.
It's important for employees to be brought into the fold as security's allies, rather than as its adversaries. For cybersecurity teams that operate with an adversarial mindset appropriate for external threats, it can be challenging to approach internal threats differently. You can't treat employees the same way you treat nation-state hackers. But employees play a pivotal role in preventing data leaks, making it important to create a company-wide culture of transparency. Transparency feeds trust, which builds a strong foundation for Security Awareness Training to be truly effective. The CyberWire's Jennifer Eiben hosts this women in cybersecurity podcast. Kathleen Smith of ClearedJobs.Net moderates the panel. Panelists include Michelle Killian from Sponsor Code 42, Sam Humphries of Exabeam, and Masha Sedova of Elevate Security.
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin is joined by Masha Sedova, the Co-Founder and President of Elevate Security; the leader in human attack surface management. Recently, the risk and RIMS community have been seeing an influx of high-profile ransomware attacks in the news, from the Colonial pipeline to the world's largest meat supplier. The fallout, disruption to operations, and the costs involved in addressing these attacks are enormous. Luckily for RIMScast listeners, Masha addresses these concerns and shares how risk professionals can actually learn from these attacks and take steps to better protect their organizations. She also discusses the various attacks currently making headlines as well as a variety of other topics on the themes of ransomware and business interruption. Key Takeaways: [:01] About RIMS's Global Membership. [:26] About today's episode with Masha Sedova. [:38] Upcoming RIMS Virtual Workshops and Workshops! [1:44] More about today's episode with Masha Sedova. [2:06] Justin welcomes Masha to RIMScast! [2:21] Masha shares why and how she originally began a career in cybersecurity. [3:50] Is Masha finding that risk professionals and risk managers are adapting more easily to the ever-evolving cyber risk landscape? [5:14] Masha shares her insights on the current high-profile ransomware attacks that are currently in the news. [7:50] What role the human element plays in the overall idea of cybersecurity risk. [9:24] How Masha defines human risk. [11:28] How an organization can measure and quantify human risk. [14:09] Masha's advice for mitigating human risk and how your organization can implement employee security controls. [16:11] Upcoming RIMS workshops, Spencer's Risk Manager on Campus Program, and more! [18:33] The current state of measuring and understanding employee risk in organizations today and what the best-in-class companies are doing right now in relation to this. [22:00] Why falling victim to a ransomware attack is often inevitable (and what we can do as risk professionals to respond gracefully). [23:47] Why are frontline workers more susceptible to phishing? [26:13] Are there acceptable levels of human risk? How do you gauge that? [29:56] What elements of human risk should insurance companies start considering in their policies and coverage as it relates to ransomware? [36:09] Justin thanks Masha Sedova for joining RIMScast and shares some of the links to look out for in this episode's show notes. Mentioned in this Episode: RIMS Events, Webinars, and Services: Did you attend RIMS Live 2021? Sessions are accessible through June 30th, 2021. Log in with your badge number: RIMS LIVE 2021 If you did not attend RIMS Live 2021 but want to access on-demand content, purchase the “Post Event Virtual Pass” for $499 to access the sessions, keynotes, and marketplace until June 30th. Visit: RIMS.org/RIMS2021 Registration for the VIRTUAL Spencer & Gallagher Golf Tournament is now open! Visit SpencerEd.org for more information and to register through August 15th, 2021 (You choose the golf course and team all while continuing to support the Spencer Educational Foundation!) Spencer's Risk Manager on Campus Program — Volunteer Today! Upcoming Webinars: July 15th, 2021 | “10 Essential Steps to Streamline Vendor Risk Assessments” | Sponsored by OneTrust Upcoming RIMS-CRMP Exam Prep Virtual Workshops (July & August 2021) — Gain an edge with the RIMS-CRMP; the only internationally accredited risk management certification! Mentioned in this Episode: Elevate Security Professional Report: “Elevating Human Attack Surface Management” RIMS Diversity, Equity & Inclusion Council RIMS Virtual Workshops: Claims Management — Register now for July 15‒16th, Aug. 23‒24th, or Nov. 8‒9th RIMS Risk Appetite Management Virtual Workshop — July 21‒22nd Save 15% off July and August Workshops! Use discount code LEARNRISK15 — Offer ends July 9th, 2021 (See the offer details below!) RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops Upcoming RIMS Webinars On-Demand Webinars RIMS Advisory Services — Ask a Peer Related RIMScast Episodes: “Cyber Breach Responses with Kate Fazzini, Flore Albo CEO” “The World of Cybersecurity with NCSA's Kelvin Coleman” “Cybersecurity Frameworks with NIST Fellow, Ron Ross” “Cyber Risk News & Trends with Tony Anscombe” “Cyberrisk News & Trends with Tony Anscombe, Part 2” “Cybersecurity in a COVID-19 World with Luke Wilson” “Cybersecurity Tips for Small Businesses with Daniel Eliot” “Cybersecurity with Christopher Loeber” “The State of Cybersecurity and 5G Technology with Jason Ruger, Ruby Zefo, and Chris Novak” Download any episode of RIMScast. RIMS Publications, Content, and Links: Risk Management Magazine Risk Management Monitor RIMS Coronavirus Information Center RIMS Risk Leaders Series — New episode with Cheryl Lloyd now available! RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New Interview featuring former RIMS Vice President Steve Pottle Spencer Educational Foundation Elevate Security Want to Learn More? Keep up with the podcast on RIMS.org and listen on iTunes. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook and Twitter, and LinkedIn. Follow up with Our Guest: Masha Sedova's LinkedIn
Masha Sedova is an award-winning people-security expert, speaker, and entrepreneur focused on helping companies transform employees from a risk into a key element of defense. She has been a part of our OODA Network for years, including speaking at our legacy FedCyber event, where she introduced the behavior-based and gamified cybersecurity training and awareness she put in place at Salesforce. She is the co-founder of Elevate Security delivering an employee-risk management platform that provides visibility into employee risk while motivating employees to make better security decisions. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Masha has been a member of the Board of Directors for the National Cyber Security Alliance and regular presenter at conferences such as Black Hat, RSA, ISSA, Enigma, OWASP and SANS. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners, and customers. The scope of her work ran the gamut from general awareness such as phishing and reporting activity to secure engineering practices by developers and engineers. In addition, Masha is a member of the Board of Directors for the National Cyber Security Alliance and a regular presenter at conferences such as Blackhat, RSA, ISSA, Enigma, and SANS. Other Resources: Masha Sedova on LinkedIn: https://www.linkedin.com/in/mashasedova/ Elevate Security: https://elevatesecurity.com OODA Network Interview with Masha FedCyber Interview with Keynote Speaker Masha Sedova RSA Innovation Sandbox Finalist Presentation
James Nelson, VP of Infosec, Illumio How has COVID-19 changed cybersecurity? Why is cyber resilience especially important now? What are the most important steps to ensure cyber-resiliency? How do you talk to business leaders about investing in cybersecurity to boost resiliency? The best way for organizations to keep their ‘crown jewels’ secure is adopting a Zero Trust mindset. Organizations need to take advantage of adaptive security infrastructure that can scale to meet current and future organizational needs, and take steps to ensure even third-party hosted data is policy compliant. Most CISOs don’t talk to the board all the time so they don’t understand that’s the conversation they want to have. By making sure that the security team’s spokesperson has an intelligent plan that shows how wrong things could go. Showing how money is directly connected to mitigating the risks is vital to getting the funding needed, and showing why an increase in spend coordinates with decrease of risk. Cyber-Resilence- https://en.wikipedia.org/wiki/Cyber_resilience https://en.wikipedia.org/wiki/Business_continuity_planning#Resilience https://www.darkreading.com/cloud/cyber-resiliency-cloud-and-the-evolving-role-of-the-firewall/a/d-id/1337206 Doug Barth and Evan Gilman - https://brakeingsecurity.com/2017-017-zero_trust_networking_with_doug_barth part1 with Masha Sedova: https://traffic.libsyn.com/secure/brakeingsecurity/Masha_sedova-elevate_security-profiled-education-phishing-part1.mp3 Part2: https://traffic.libsyn.com/secure/brakeingsecurity/2020-019-masha_sedova-privacy-human_behavior-phishing-customized_training.mp3 https://www.helpnetsecurity.com/2017/08/24/assume-breach-world/ Key concepts: Visibility into your environment Controls necessary to repel attackers Architecture of the network to create chokepoints (east/west, north/south isolation) Threat modeling and regular threat assessment Mechanisms to allow for rapid response How long will current security controls hold a determined attacker at bay? Business-wide Risk Management response can often determine resiliency in a Crisis/Breach situation. Cyber-Resilence Framework (per NIST https://csrc.nist.gov/publications/detail/sp/800-160/vol-2/final) What does “cyber resiliency” mean in the to the organization? To the department? To the individual? and what of the mission or business process the system is intended to support? Which cyber resiliency objectives are most important to a given stakeholder? To what degree can each cyber resiliency objective be achieved? How quickly and cost-effectively can each cyber resiliency objective be achieved? With what degree of confidence or trust can each cyber resiliency objective be achieved? (What do we as security people do to ensure that all of these are properly answered? --brbr) Architecture of systems: Depending on the age of our information systems and technology stacks, cruft builds up or one-off systems are setup and forgotten. We (infosec industry) talk about shifting security left in a DevOps environment to ensure security gets put in, but should we do as an organization when we think about adding systems in terms of cyber-resilience? (It would seem that resilience may also be tied to the security or functionality in a piece of hardware and software. Proper understanding of all the systems capabilities/settings/options would be essential for drafting responses --brbr) Some related and tangential suggestions for ideas/comments/themes/topics in case you feel like any fit into the conversation: Comparison of security to the human immune system. Does resilience (i.e., assume breach) imply there are failures you can recover from, yet other, existential risks you need to avoid? And what does that mean in practice? How do you define “most valuable assets”? Value vs. obligations vs. ...? Does a compliance mindset help or hinder resilience, and vice versa? Referring back to a prior show, how does the human element contribute to resilience? NIST doc makes a point that resilience only has meaning when it works across a system, how does this idea impact the cost of entry? And is there a tipping point for resilience? Another point made is that speed should be viewed as an advantage. Is there an application of the OODA loop concept to resilience, then? Cyber resilience resonates in other areas: Pandemics, natural disasters, and geo-political stressors. Could impact supply chain workforce effectiveness, other areas. Ransomware (which is cyber, but has other, knock-on effects). Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Masha Sedova - Founder, Elevate Security Topic ideas from the PR company: Inability to measure human security behaviors leads to increased risk in our computing environments. For too long, we’ve accepted training completion and mock phishing data as a sufficient way to measure this risk. But where do the vulnerabilities and strengths truly lie? The secret is, security teams have installed tons of security tooling that can give insights into how our employees are behaving. But we just leave this data on the cutting room floor. Masha Sedova can talk about where to find this goldmine of data and what security teams can do to leverage this new found knowledge. Technology like vuln scanners or something more? Study after study shows that the reason why people don’t do things is not always because they don’t understand, it’s because they are not motivated. Motivating employees to change their cybersecurity behavior can seem like an overwhelming task but there are simple behavioral science techniques cybersecurity professionals can leverage to motivate employees to do the right thing. Masha Sedova will discuss the power of integrating elements of behavioral science into security in order to influence positive behavior. Motivation Theory (deming): https://en.wikipedia.org/wiki/W._Edwards_Deming#Key_principles X&Y https://en.wikipedia.org/wiki/Theory_X_and_Theory_Y Ouchi Z theory https://en.wikipedia.org/wiki/Theory_Z_of_Ouchi http://www.yourarticlelibrary.com/motivation/motivation-theories-top-8-theories-of-motivation-explained/35377 Masha’s suggested topics: Why do security teams have difficulty in understanding their human risk today? What are the blockers? What should security teams be measuring to get a holistic view of human risk? What's the difference between security culture, security behavior change, and security awareness? Is security culture a core capability in security defense? Why or why not? Quantifying risk… Is investing in human training a waste of time? Phishing - mock phish or real phishing Pull data to see who is clicking on links Send an ‘intervention’ Gotta move away from training The ‘security team’ will save them… https://www.ncsc.gov.uk/guidance/phishing Books: https://www.amazon.com/Nudge-Improving-Decisions-Health-Happiness/dp/014311526X https://www.amazon.com/Drive-Surprising-Truth-About-Motivates/dp/1594484805/ref=sr_1_1?crid=2QQ59YRRU89YX&dchild=1&keywords=drive+daniel+pink&qid=1588733551&s=books&sprefix=drive%2Cstripbooks%2C240&sr=1-1 Reality broken: https://www.amazon.com/Reality-Broken-Games-Better-Change/dp/0143120611 People centric security: https://www.amazon.com/People-Centric-Security-Transforming-Enterprise-Culture/dp/0071846778/ref=sr_1_1?dchild=1&keywords=people+centric+security&qid=1588733580&s=books&sr=1-1 Deep thought: a Cybersecurity novela: https://www.ideas42.org/blog/project/human-behavior-cybersecurity/deep-thought-a-cybersecurity-story/ https://elevatesecurity.com/ @modmasha Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Masha Sedova - Founder, Elevate Security Inability to measure human security behaviors leads to increased risk in our computing environments. For too long, we’ve accepted training completion and mock phishing data as a sufficient way to measure this risk. But where do the vulnerabilities and strengths truly lie? The secret is, security teams have installed tons of security tooling that can give insights into how our employees are behaving. But we just leave this data on the cutting room floor. Masha Sedova can talk about where to find this goldmine of data and what security teams can do to leverage this new found knowledge. Study after study shows that the reason why people don’t do things is not always because they don’t understand, it’s because they are not motivated. Motivating employees to change their cybersecurity behavior can seem like an overwhelming task but there are simple behavioral science techniques cybersecurity professionals can leverage to motivate employees to do the right thing. Masha Sedova will discuss the power of integrating elements of behavioral science into security in order to influence positive behavior. Motivation Theory (deming): https://en.wikipedia.org/wiki/W._Edwards_Deming#Key_principles X&Y: https://en.wikipedia.org/wiki/Theory_X_and_Theory_Y Ouchi Z theory https://en.wikipedia.org/wiki/Theory_Z_of_Ouchi http://www.yourarticlelibrary.com/motivation/motivation-theories-top-8-theories-of-motivation-explained/35377 Why do security teams have difficulty in understanding their human risk today? What are the blockers? What should security teams be measuring to get a holistic view of human risk? What's the difference between security culture, security behavior change, and security awareness? Is security culture a core capability in security defense? Why or why not? Quantifying risk… Is investing in human training a waste of time? Phishing - mock phish or real phishing Pull data to see who is clicking on links Send an ‘intervention’ Gotta move away from training The ‘security team’ will save them… https://www.ncsc.gov.uk/guidance/phishing Books: https://www.amazon.com/Nudge-Improving-Decisions-Health-Happiness/dp/014311526X https://www.amazon.com/Drive-Surprising-Truth-About-Motivates/dp/1594484805/ref=sr_1_1?crid=2QQ59YRRU89YX&dchild=1&keywords=drive+daniel+pink&qid=1588733551&s=books&sprefix=drive%2Cstripbooks%2C240&sr=1-1 Reality broken: https://www.amazon.com/Reality-Broken-Games-Better-Change/dp/0143120611 People centric security: https://www.amazon.com/People-Centric-Security-Transforming-Enterprise-Culture/dp/0071846778/ref=sr_1_1?dchild=1&keywords=people+centric+security&qid=1588733580&s=books&sr=1-1 Deep thought: a Cybersecurity novela: https://www.ideas42.org/blog/project/human-behavior-cybersecurity/deep-thought-a-cybersecurity-story/ https://elevatesecurity.com/ @modmasha Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
In this episode we meet Masha Sedova, co-founder of Elevate Security, a company which uses data and behavioral analytics to help organizations build a strong security culture. Masha was recently announced as finalist for the 2020 Innovation Sandbox Award at RSA, which tells you something about how unique and interesting her solution is. We also chat about certain challenges that she faced setting her company up, and also what it's like to be a female entrepreneur setting up a business in the cybersecurity industry...let's just say Hazel nearly fell off her chair when Masha told her what happened during one particular investor meeting!Also in this episode, Ben talks about the resurgence of digital extortion scams, what they tend to include, and what to do about them.And finally for our "On this Day" feature we’re only going back 3 years this time, but it’s a biggie. It’s been three years WannaCry, so we revisit the timeline of the attack, how it all unfolded, and the significance the WannaCry attack still has today.Links to further resources mentioned in the episode: Digital extortion scams: https://blogs.cisco.com/security/your-money-or-your-life-digital-extortion-scamsTalos ransomware discussion: https://blog.talosintelligence.com/2019/07/ransomware-extortion-roundtable-government-payments.htmlRegistration for Cisco Live June 2-3 https://www.ciscolive.com
Today my guest is Masha Sedova, the co-founder of Elevate Security delivering the first people-centric security platform that leverages behavioral-science to transform employees into security superhumans. Elevate's unique Security Behavior Platform uses data to score employee risks, show actionable trends and practical feedback to motivate, reward and reinforce smart security behaviors of employees. This new approach to security awareness earned Elevate Security a spot in the 10 Finalists in the Innovation Sandbox Competition at the RSA 2020 Conference. Masha is a member of the Board of Directors for the National Cyber Security Alliance and a regular presenter at conferences such as Blackhat, RSA, ISSA, Enigma, and SANS. As we begin our conversation, Masha emphasizes the importance, no the urgency, of looking for the ‘silver lining’ of our disruptive event and how we can embrace the opportunities it presents to emerge with unique outcomes for positive change. Since human error accounts for about 90% of all breaches, Masha explains how new thinking and understanding of security awareness and training can be one of your ‘crisis opportunities’ to improve. It’s all about the data. One of RedZone's big ambitions is to essentially create a biological response on the networks, creating systems that are automated at scale. So, I ask Masha why she thinks we haven’t begun using data in the workplace the way we use it in other areas of our lives – like fitness. You may have a fully integrated Fitbit, so why haven’t we considered implementing similar data integration and thinking into our organization’s security awareness platform? There are some really great concepts and tools that we discuss here. This conversation will give you a chance to understand how to get out of the tactical fear part of your brain and really look into the strategy of security. This is an episode that you do not want to miss. Here are some of things that you will learn in this podcast episode: - Human error creates 90% of threat events - Behavioral Science behind changing behaviors – You must have all three Ability Motivation Trigger or reminder - Motivating factors Gamification Social proof Celebrity social proof - Heroes, Champions and Risk Takers | Segmenting an Organization into a concept called ‘cohorts’ - Including the user as part of the ‘team’ with ongoing communication acknowledgement for A+ results encouragement for improving results motivation for adequate results solutions and coaching for failing results - The Learning Pyramid – Organizations should develop training with the best methods of retention. - Empowering people has an exponential impact within the organization How to Connect with Masha Sedova LinkedIn Twitter Website Resources + Books Mentioned The Power of Habit: Why We Do What We Do In Life and Business, by Charles Duhigg. Published by Random House Publishing Group, February 2012. About Bill Murphy Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter. If you are interested in learning more about my company, RedZone Technologies, and our security expertise, in particular related to Cloud and Email Security Kill Chain Strategy, Techniques and Tactics you can email cloudkill@redzonetech.net. Leave A Review Love this episode? Share it with your LinkedIn community here. If you haven't already, please make sure you leave us a review on iTunes or Stitcher. Not sure how to leave a review? Check out the instructions here. Credits + Other Stuff Music provided by Ben’s Sound: http://www.bensound.com/ Other Ways to Listen to the Podcast: iTunes | Libsyn | Soundcloud | RSS | LinkedIn
Hacker's Mind by Elevate Security gamifies the security training process resulting in employees who understand their importance in securing your organization. Turn every employee into a security superhero, and equip the organization to succeed against today's people-centered risk. About Masha Sedova: Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the Co-Founder of Elevate Security, delivering the first people-centric security platform that leverages behavioral-science to transform employees into security super-humans. Before Elevate Security, Sedova was a Security Executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Sedova has been a member of the board of directors for the National Cyber Security Alliance and a regular presenter at conferences such as Black Hat, RSA, ISSA, Enigma and SANS. LinkedIN: https://www.linkedin.com/company/elevate-security Twitter: @hello_elevate The Gamification Quest Podcast Host is Monica Cornetti, President of Sententia, Inc. (www.SententiaGamification.com) and GameMaster of GamiCon - The Annual International Conference for the Gamification of Learning (www.GamiCon.us). Connect with Monica on LinkedIn.
Humans are often deemed the “weakest link” in security, and if organizations maintain that attitude with their employees then nothing will change. An encouraging and positive company culture can turn them into the most powerful weapon. Masha Sedova, co-founder of Elevate Security, takes listeners through the ways they can foster a more people-centered security approach for better results.
Humans are often deemed the “weakest link” in security, and if organizations maintain that attitude with their employees then nothing will change. An encouraging and positive company culture can turn them into the most powerful weapon. Masha Sedova, co-founder of Elevate Security, takes listeners through the ways they can foster a more people-centered security approach for better results.
In today's episode, we will be talking with our good friend, Masha Sedova. Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the Co-Founder of Elevate Security, delivering the first people-centric security platform that leverages behavioral-science to transform employees into security super-humans. Before Elevate Security, Sedova was a Security Executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Sedova has been a member of the board of directors for the National Cyber Security Alliance and a regular presenter at conferences such as Black Hat, RSA, ISSA, Enigma and SANS. Listen in and get a deep understanding of the way social proof and behavioral science influence security awareness training. Masha suggested the following people to be aware of: Regina Spekter (http://www.reginaspektor.com/) and Kelly Shortridge (https://twitter.com/swagitda_?s=20). You can connect with Masha in the following ways: LinkedIn: https://www.linkedin.com/in/msedova/ and Twitter: https://twitter.com/ModMasha. At Tech & Main, we want to be YOUR technology partner. Let our 20+ years of expertise help you achieve the outcomes that are best for your business: cloud, SD-WAN, data center, security or anything else. We have engineers and project managers available to assist you. Call our office at 678-575-8515, email us at info@techandmain.com or visit us at www.techandmain.com. Thanks for listening! --- Send in a voice message: https://anchor.fm/techandmain/message
In this episode I am joined by Masha Sedova. Masha is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first people-centric security platform that leverages behavioral-science to transform employees into security superhumans. Masha and I talk about everything from the her being “surrounded by dudes” in her first cybersecurity job to the challenges of reaching CISO, secret slack channels, what she thinks is “broken” in cybersecurity marketing and how to fix it. And her view on hiring from outside of Cybersecurity marketing folks might just surprise you a bit. It’s a fresh perspective and one that she is implementing at Elevate. In our “How I Market Cyber” speed round, I throw her the softball of “Fear or Hope”. By the time you get there, the answer will be obvious. And Masha’s advice to her younger self - “Connect the dots that others can’t”. Mentioned and recommended in this episode: Crossing the Chasm by Geoffrey Moore Follow Mike Johnson and his CISO Podcast - https://www.linkedin.com/in/mikevj and Alex Stamos former Facebook CISO Elevate Security TechbyChoice GirlsCodeIt You can follow Masha at @modmasha on Twitter and on LinkedIn here. Learn more about your ad choices. Visit megaphone.fm/adchoices
Masha Sedova comes from a history of computer scientists! Her grandmother was in the first Computer Science graduating class in 1954 under Stalin in the Soviet Union!! She loves challenges and is now utilizing what she thought was a waste of time in Liberal Arts to conquer challenges in Information Security using behavioral science, emotional intelligence, and other human factors. BIO: Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first people-centric security platform that leverages behavioral-science to transform employees into security superhumans. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Masha has been a member of the Board of Directors for the National Cyber Security Alliance and regular presenter at conferences such as Black-hat, RSA, ISSA, Enigma and SANS. Notes: Grandmother was in the first Computer Science graduating class in 1954 under Stalin in the Soviet Union!! Her Grandma taught her dad and her dad taught her programming around the 6th grade. Had access to a computer only through the local University. Masha began her search into 3 disciplines Game Theory Positive Psychology Behavioral Science Leaderboards are better for only a small subset Quotes: "You can't patch a human being." "We've taken a technology solution to a human problem, and I think that's totally wrong way of going about it." "Without the human interaction we would not have been able to get that alert." "Focus on failure as an eventual outcome." "I like picking hard challenges and very tall mountains to climb and computer science seemed like a tall mountain." "If you give people the correct amount of challenge, that is a state of happiness." "I found that leaderboards are effective for a small subset of people." "The reasons people don't do things is not because they don't know." Links: 6:1 Positive Feedback Ratio for Performance: https://medium.com/@Praiseworthy/harvard-research-finds-employees-need-a-6-1-positive-feedback-ratio-to-perform-their-best-8f14160a8fbd Dr Gottman: https://en.wikipedia.org/wiki/John_Gottman Reality is broken by Jane McGonigal: https://www.amazon.com/Reality-Broken-Games-Better-Change/dp/0143120611 Flow by Mihaly Csikszentmihalyi: https://www.amazon.com/Flow-Psychology-Experience-Perennial-Classics/dp/0061339202/ BJ Fogg: https://www.bjfogg.com/ Opower Report: https://www.povertyactionlab.org/evaluation/opower-evaluating-impact-home-energy-reports-energy-conservation-united-states Predictably Irrational by Dan Ariely: https://www.amazon.com/Predictably-Irrational-Hidden-Forces-Decisions/dp/006135323X Intro Music (Cascadia by Trash80): https://trash80.com/#/content/133/weeklybeats-2012-week5 Outro Music (Quincas Moreira - Entire): https://www.youtube.com/watch?v=DoKpuXyIyVs Getting Into Infosec: Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/
Look, we agree with you: passwords are the worst. But you know what else is the worst? Someone hacking your account, or big security breaches that expose your email, your credit card information, your government-issued identification number, and more. We should hold companies accountable for better security, but we also need to hold ourselves accountable for having good password hygiene. So let's tackle this once and for all. Hear from Buzzfeed's Mat Honan, who endured a brutal hack a few years ago when hackers exploited password-recovery tools; Mark Wilson from Fast Company, who wants to ban passwords altogether (though admits it's not the best idea); Masha Sedova of Elevate Security who says that, yes, security companies have failed us – but we have to use passwords anyway; and Matt Davey of 1Password, who offers a solution that Mozilla can get behind: use a password manager. A simple, game-changing tool that will help you take back control of your accounts, and secure yourself as best as you can. IRL is an original podcast from Mozilla. For more on the series go to irlpodcast.org Your passwords protect more than your accounts. They protect every bit of personal information that resides in them. And hackers rely on bad habits, like using the same password everywhere or using common phrases (p@ssw0rd, anyone?), so that if they hack one account, they can hack many. Password managers like 1Password, LastPass, Dashlane, and Bitwarden generate strong, unique passwords. They also store passwords securely and fill them into websites for you. IRL listeners can sign up to 1Password and get their first three months for free. Just visit 1password.com/promo/IRL and give it a try. And, if you use Firefox on your iPhone, try out Firefox Lockbox. It securely gives you access to all the logins you've saved to Firefox, in a secure app on your phone. As we mention in this episode of IRL, Gabriela Ivens cataloged hundreds of secret recipes that were leaked during data breaches. Firefox teamed up with her to show the personal impact a security breach can have on someone. As a bonus, we let you in on those precious recipes to drive the point home. Go have a look — and be sure to try the “Exposed BBQ Spice Rub” — at dataleeks.com. Want more? Mozilla has teamed up with 826 Valencia to bring you perspectives written by students on IRL topics this season. Zues C. from De Marillac Academy wrote this piece on managing your passwords, and managing your life. And, check out this article from Common Sense Media, on real-world reasons parents should care about kids and online privacy. Three cheers for good passwords (and password managers). Leave a rating or review in Apple Podcasts so we know what you think.
This week, Paul is joined by Matt Alderman to interview Masha Sedova, Co-Founder of Elevate Security! In the Article Discussion, “Senior Executives Get More Sleep Than Everyone Else”, “The Changing Face of B2B Marketing”, “The Best Mentors Ask These 8 Questions”, and more! In Tracking Security Innovation, Fortinet acquired Bradford Networks, Qualys acquired Second Front Systems, and more on this episode of Business Security Weekly! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode88 Visit https://www.securityweekly.com/bsw for all the latest episodes! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first human-centric security platform that leverages behavioral-science to transform employees into security superhumans. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode88 Visit http://securityweekly.com/category/sswfor all the latest episodes!
Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first human-centric security platform that leverages behavioral-science to transform employees into security superhumans. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode88 Visit http://securityweekly.com/category/sswfor all the latest episodes!
This week, Paul is joined by Matt Alderman to interview Masha Sedova, Co-Founder of Elevate Security! In the Article Discussion, “Senior Executives Get More Sleep Than Everyone Else”, “The Changing Face of B2B Marketing”, “The Best Mentors Ask These 8 Questions”, and more! In Tracking Security Innovation, Fortinet acquired Bradford Networks, Qualys acquired Second Front Systems, and more on this episode of Business Security Weekly! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode88 Visit https://www.securityweekly.com/bsw for all the latest episodes! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
In episode 16 of The Secure Developer, Guy is joined by Masha Sedova, co-founder of Elevate Security, to discuss how training for employees (even developers) can help companies stay one step ahead of the pack when it comes to preventing a breach. The post Ep. #16, Security Training with Elevate's Masha Sedova appeared first on Heavybit.
Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first human-centric security platform that leverages behavioral-science to transform employees into security superhumans. Full Show Notes: https://wiki.securityweekly.com/Episode554 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly
Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first human-centric security platform that leverages behavioral-science to transform employees into security superhumans. Full Show Notes: https://wiki.securityweekly.com/Episode554 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly
This week, Katherine Teitler, Director of Content for MISTI joins us for our first feature interview! Masha Sedova, Co-Founder of Elevate Security joins us for our second feature interview! In the news, Intel drops plans to develop Spectre microcode for ancient chips, critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking, Facebook and Twitter may be forced to identify bots, and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode554 Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, Katherine Teitler, Director of Content for MISTI joins us for our first feature interview! Masha Sedova, Co-Founder of Elevate Security joins us for our second feature interview! In the news, Intel drops plans to develop Spectre microcode for ancient chips, critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking, Facebook and Twitter may be forced to identify bots, and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode554 Visit https://www.securityweekly.com/psw for all the latest episodes!
As businesses struggle with security awareness training for employees, Elevate Security co-founder Masha Sedova argues that the focus should be on “behavior change” and recommends the use of positive motivation and available tools to get employees to make better security decisions.
Join us for a special episode this week! I (Bryan) was able to attend my first Source Seattle convention. Two days of talks, technical and non-technical, combining red/blue team concepts, as well as professional development, to help you navigate the corporate waters easier. I was able to interview a number of people from the conference. You can see a partial list of them here: http://www.sourceconference.com/single-post/2016/09/30/SOURCE-Seattle-Highlights Interviewed Chip McSweeney from OpenDNS (@chipmcmalware) and Rob Cheyne about the conference and got a bit of information about Chip's talk on "Domain Generating Algorithms" (DGA) that #malware use for domain C&C, and how to detect and reverse certain algos. Rob Cheyne is the organizer of Source, so we talked a bit about the history and difficulties putting on 3 of these a year, and what makes the "Source" conference format so different. Masha Sedova was one of the keynote speakersto discuss how she gamified her information security program and got everyone involved. Really excellent talk about changing organizational behavior. Rob Fuller gave two days of Metasploit training, to show the versatility and to teach about the effectiveness of this tool. I also ask if Metasploit has reached it's end, since it's easily detected in many environments. Rob is a great interview and gives me his unvarnished opinion. Mike Shema from https://cobalt.io/ discussed expanding and tailoring your bug bounty program to suit your organization and to ensure that your bug bounty program is mature. Using private bug bounties, and ensuring proper follow through in a timely manner can ensure maximum bang for the buck. Last but not least, Deidre Diamond who did a keynote about 'Words to Stop Using now'. Deidre is the CEO of a national cyber security staffing company (Cyber Security Network) and Founder of a not-for-profit that empowers women in the infosec industry. Hear her thoughts on how leadership training is needed in the corporate environment, I ask her why we still need recruiters with hiring sites and why job descriptions are still a thorn in everyone's sides. Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-042-Source_Seattle_2016_audio.mp3 iTunes: https://itunes.apple.com/us/podcast/2016-042-audio-from-source/id799131292?i=1000377063127&mt=2 YouTube: https://www.youtube.com/watch?v=sj_SD2k7zXw #RSS: http://www.brakeingsecurity.com/rss #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582