There are great stories in the security industry that aren’t being told. Fascinating people who fly below the radar and aren’t being heard. We know because we encounter them in hallways, hotel lobbies and just about everywhere imaginable across the globe. Everytime we think “I wish I had recorded that conversation so that everyone could hear it…” Our goal with Security Voices is to provide a place for clear-headed dialogue with great people that’s unencumbered by the hyperbole and shouting that’s far too common in security circles. We don’t have anything against sponsors or sales pitches, but they run counter to our goal of cutting through the noise, so we don’t have either. We’re aiming for 100% clear signal.
Melanie Ensign Doesn’t like Clubhouse, Press Releases & FUDー & Neither Should You
Communications professionals are often quiet coaches. They work their magic behind the scenes. They hold their opinions tightly and express them infrequently. In short, their influence is everywhere but their fingerprints are often invisible.
Melanie Ensign is having none of that. And we’re all the better for it.
In this 64 minute interview, you’ll have the pleasure of meeting one of the most influential and outspoken communications executives in the world of cybersecurity and privacy. We begin with her role as press department lead for DEFCON, a role she’s held for 8 years and explains is that exact inverse of what you think it is.
In our next topic, Melanie breaks out the verbal chainsaw and applies it with vigor to the voice-based social network Clubhouse. From privacy mistakes to seeming indifference to community feedback on the topic, she explains in detail why she recommends her clients (and anyone else) avoid Clubhouse until they clean up their act.
The remainder of the conversation is a mini-master class on how to succeed in communications for everyone from startups to new CISOs. Melanie dissects press releases and what to do instead of hitting Business Wire every Tuesday if you’re a young company. Young or old company, she shares why using fear uncertainty and doubt (FUD) to persuade people ultimately fails and how we can move past it as an industry.
Much of Melanie’s work at her company Discernible is working with CISOs and their teams on their internal communications. Influenced by her time working at Uber and Facebook, Melanie offers a game plan for moving from reactive to proactive communications. Her advice is not for the weak-willed: she refuses to clean up anyone’s mess and doesn’t think you should either.
This quickly has become one of our favorite episodes and there’s truly something for everyone in the dialogue-- except for those who dislike a little profanity to season their conversations. Note the explicit tag and enjoy the ride.
Cybersecurity Burnout - Recognition & Recovery Mini-Episode
We’ve met and passed the 1 year anniversary of the COVID-19 pandemic and cases of burnout are off the charts. We’re tired of Zoom. We’re tired of masks. Far too many kids are stuck at home instead of at school. The list could go on but the result is obvious: we’re burned out. The effect can be all the more profound for beleaguered security professionals who often struggle with burn-out even at the best of times.
Jack and Dave return in this mini-episode for a quick conversation about how to identify and respond when you’re feeling like you’re burnt. While often it’s Dave and a guest doing most of the talking, in this episode Jack is driving. He shares from his deep experience on the topic, starting with an explanation of Maslach’s burn-out inventory which provides a structured, clear guide for determining just how crispy you are. The inventory is tailored for different professions, and while there is not one specific to cybersecurity, Jack and Dave explore specific aspects of our industry that up the stakes for burn out.
Importantly, Jack explains why getting help from a pro versus leaning on friends and family can be essential. We wrap up with some time-honored approaches to restoring yourself so that you’re ready to jump back in the action once again.
Note: For this short episode we tested a new production service and you’ll also note we updated the website and our branding as well. And transcripts! We now have 100% more (raw) transcripts than before. We’ll be unleashing all this magic soon on a new full-length podcast we recorded this past week with the one and only Melanie Ensign.
Sh*t Talkin’, Deep Thoughts & Really Scary Phishing w/ Material Security
This episode of Security Voices is different.
Let’s say you sat down at the end of a long day and had a casual drink with a few industry friends before dinner. The conversation quickly turns to serious topics which are all discussed with thoughtful insight, biting humor and some well-placed profanity. Welcome to the latest episode of Security Voices where Jack & Dave wander off the beaten path with Abhishek Agrawal and Ryan Noon, co-founders of email protection company Material Security. This one isn’t for the easily offended or as the soundtrack to a drive with the kiddos.
“How not to suck as a vendor” is our introductory question, prompting an earnest conversation that starts with “don’t be an active cancer”, covers The Market for Silver Bullets and ultimately explains why the pandemic has made already questionable cyber security marketing even worse.
After exploring some of our top influences, from The Autobiography of Malcom X and The Origin of Consciousness to Joe Frank’s avant garde radio show, The Other Side, we talk email security. In a year that changed so many things, Abhishek and Ryan explain how truly little changed for phishing attacks. While the trend is not compelling, the reason why is. They walk us through what truly makes phishing attacks successful: distracted people reacting to well-timed messages. This hard truth confounds the market for anti-phishing training as ultimately our susceptibility has much more to do with our emotional state at the time than it does our factual knowledge or even our learned behavior.
If you’ve wondered what the difference between phishing and business email compromise (BEC) is, this episode is for you. Abhishek provides a clear explanation of both topics before we forecast an ominous new threat on the horizon: Really Scary Phishing™.
Our wrap-up eschews the usual speed round and instead asks “What can cybersecurity can learn from other industries?” Jack lays out how the service industry has much to teach us about taking care of our own while Dave explains what he learned about empathy and innovation from the advertising industry. We depart on a hopeful note, as Ryan relays a story reminding how small acts of kindness can have a large impact on others.
We’ll be taking a short break before the next episode as Jack and Dave attend to some important “life stuff”. See you in the Spring!
Cloud Security Series Wrap-up w/ Justin Brodley: A look back at 2020, a glance ahead at 21's top threats & key trends
In our 1st episode of ‘21, we cap off our cloud security series with a recap of the major milestones, key trends and surprises across 2020 through the eyes of cloud expert and podcaster, Justin Brodley. If you think you might have missed a few things that happened in the public cloud last year while waiting for news on COVID-19 vaccines, hitting refresh on election results or wondering when the four horsemen were finally going to show up, this episode is your chance to catch up and look ahead through the lens of both a practitioner and a pundit.
Recorded during AWS Re:invent, we examine the cloud service provider conferences across the year to find a clear absence of security topics making their way to center stage. While there were some notable developments, such as services providing easier cloud traffic analysis, much of the attention was elsewhere. Multi-cloud, in particular, leapt to the forefront for even Amazon who had been reluctantly dragging their feet.
Our comparison of the different cloud service providers (CSP) conferences gives way to Justin’s take on key differences in their security strategies. From Google’s cloud native approach to Microsoft’s gambit to compete with stand-alone security offerings seemingly inspired by their experience on-premises, we breakdown the CSP’s strengths and weaknesses in cybersecurity.
We chart the big moments of 2020 in the cloud, starting with outages that began with pandemic-strained capacity at Azure to the longest AWS outage witnessed in years around Thanksgiving. While security news didn’t penetrate the headlines in many instances, Justin mentions some noticeable developments and what we hoped to see, but didn’t.
Justin shares his top advice for anyone moving to the cloud to shore up their defenses. Given the vast amount of phishing, social engineering and misconfiguration issues in the cloud, it turns out that this has a lot more to do with improving our humans than it does our technology. Nonetheless, the threat landscape meaningfully advanced with more complex, serious attacks in 2020 which moved well beyond “S3 bucket negligence” that's perhaps best exemplified by the sophisticated Capital One breach.
In the waning moments of our 6 episode cloud series, we look to the trends that will define 2021 and end with a hopeful signal that us security types just might be starting to get the hang of this cloud thing.
Justin Brodley is an IT Executive with 20+ years in SaaS, Cloud, and IT operations. Most recently as VP of Cloud Operations at ICE Mortgage Technology (formerly Ellie Mae). He has helped companies transform their SaaS business, adopt cloud-native practices, and drive the cultural change of DevOps and DevSecOps. He is also one of the hosts of https://www.thecloudpod.net a weekly cloud news show covering AWS, GCP, Azure, DevOps, and more.
Winners, Losers & Long Shots: Kleiner Perkins’ Bucky Moore Breaks Down Cloud Security
Investors make their money seeing things others don’t. Making big bets based on both digging into painstaking detail and their ability to forecast what will happen many years into the future. In this 5th and (almost!) final episode of our series on public cloud security, we get deep into the mind of Bucky Moore from Kleiner Perkins to learn how the flow of funding is both responding to and shaping our industry’s transformation from protecting our own data centers to renting them from others.
Bucky begins by laying down our mile marker in the global cloud journey, answering the eternal question of “Are we there yet?” with a clear answer of “Not even close.” We follow these remarks to a walk through the different corners of the cyber security industry to see how they’re keeping pace. While many fail to impress, one of the legacy behemoths stands out from the pack as having impressively galvanized their business to meet the cloud challenge.
Setting companies aside, Bucky, Jack & Dave identify what technologies are the likely casualties are long-term cloud transition followed by a look at the obvious new areas to invest. Bucky describes a few more obscure tech opportunities he and Kleiner Perkins are watching that may produce a surprise hit in the future.
We explore the eye-popping amount of money raised by managed security services companies in 2020 such as Arctic Wolf, deepwatch & Pondurance and how they differ from the not-so-glamorous past of the MSSP market. Our discussion explains the hidden forces driving the new managed services opportunity and how we think it will play out over the years ahead.
If you’re looking to understand the insanely high valuations of companies like Snowflake and CrowdStrike-- or wondering what a SPAC is-- Bucky weighs in on these topics as well as we also dive into the surprise investing frenzy of 2020. Spoiler alert: it has a lot to do with both money and investors having no better places to go.
Cloud native invasion! An interview with Datadog’s Marc Tremsal in Public Cloud Security Series #4
As longstanding cybersecurity companies lumber their way into the public cloud and "born in the cloud" startups fight for attention, cloud observability titan Datadog entered the security market in 2020 with two new products. This is far from the first time a company has used an adjacent market to make the cybersecurity leap. Oftentimes it fails, but Splunk immediately comes to mind as a crossover success. Jack and Dave interview Datadog’s Marc Tremsal in this episode to provide a view into what cybersecurity looks like from the lens of a company steeped in the world of cloud infrastructure.
Datadog did not break down the doors of the industry, but rather was invited to enter by their customers whose needs were not being met by cybersecurity companies. Marc explains the mistakes that incumbents have made that have left a considerable opening for others— they have very little to do with technology and a lot to do with marketing and sales. From selling to CISOs rather than the people doing the work to overheated marketing claims, cybersecurity companies have alienated would-be cloud customers who openly wonder why they can’t buy protection the same way they purchase the rest of their infrastructure.
Marc talks through the challenges of staffing a cloud security product team— how much do you value deep domain expertise? Do you shrug it off and simply hire the best developers? We explain how the hottest talent on the market will be cybersecurity veterans who take the time to retool for the public cloud as they will hit the “goldilocks” spot for a growing throng of potential employers.
We wrap up a surprisingly optimistic conversation with a glance ahead to 2021 where Marc reckons consolidation of providers will be a key trend alongside a hard look at just how immutable some of our infrastructure truly is.
Customer ReviewsSee All
Valuable insights from knowledgeable industry SMEs
Dave Cole and Jack Daniels host great subject matter experts with practical security insights based on their experiences in the industry. No filler. Useful without the boring fluff. Add to this that they don't accept sponsorship $ to muddy the waters: you get clear-headed discussion uncolored by product pitches.
Love this sample and initial launch of fascinating conversations. Keep them coming!!
Fascinating Infosec Stories
Excellent new infosec podcast with knowledgeable hosts and interesting guests.