100% SIGNAL PODCAST

There are great stories in the security industry that aren’t being told. Fascinating people who fly below the radar and aren’t being heard. We know because we encounter them in hallways, hotel lobbies and just about everywhere imaginable across the globe. Everytime we think “I wish I had recorded that conversation so that everyone could hear it…” Our goal with Security Voices is to provide a place for clear-headed dialogue with great people that’s unencumbered by the hyperbole and shouting that’s far too common in security circles. We don’t have anything against sponsors or sales pitches, but they run counter to our goal of cutting through the noise,  so we don’t have either. We’re aiming for 100% clear signal. 

Got feedback? Drop us an email: info@securityvoices.org

haroon_meer.png

Could you create a fake cyber security company and rack up industry awards overnight? How about fabricating a founder and scoring them impressive job offers? Haroon Meer did both of these recently for a presentation titled “The Products We Deserve” as an exploration and commentary on the state of the industry. Jack, Dave & Haroon take on snake oil in security during an hour long conversation to determine exactly how someone could create a great company amidst the pressures that threaten to pull one in the wrong direction.

 

The catalyst for Haroon’s presentation and our discussion is his personal experience at Thinkst where he has focused on building a “bottoms-up”, product first company that has grown steadily since its inception without venture capital. His thoughts, from how to deal with industry analysts to “ball pit marketing” at conferences, come from Thinkst’s direct experience aiming to not only grow the company, but grow it in a way that is true to their own values. 


How Haroon and Thinkst navigate challenges such as having a strong presence for the company at the RSA Conference (sans shenanigans) is an exercise in creative problem solving versus rejecting the experience entirely or simply following the crowd. While it would be easy for an episode such as this to be bleak or even angry, Haroon’s thoughtful approach and optimism give us a portrait of how we might emerge from our awkward adolescence as an industry into a better future.

About Haroon

Haroon Meer is the founder of Thinkst, the company behind the well regarded Thinkst Canary. Haroon has contributed to several books on information security and has published a number of papers and tools on various topics related to the field. Over the past almost two decades, he has delivered research, talks, and keynotes at conferences around the world.

Founder & CEO, Thinkst

23/ HAROON MEER

WD_Small.jpeg

Our 1st episode of 2020 is a story in three parts, beginning with hard fought wisdom of a veteran security practitioner, then diving deep into machine learning (ML) before wrapping up with how both security and AI apply to connected vehicles. 

The first part of our 74 minute conversation with Josh Lemos is the backstory of how he started his career in cybersecurity as a consultant... and left services to join ServiceNow as a practitioner. His time at ServiceNow lays out a solid formula for fixing application security inside a growth company who can little afford to slow down-- or suffer the pain of the inevitable breach if the situation doesn’t improve.

Jack & Dave’s conversation with Josh on ML lays down many of the basics and is intended to be a rough primer for future episodes where we will further explore the topic. We discuss how ML projects often take much more preparation than originally planned and topics that range from class imbalances, the differences between supervised/unsupervised ML, a starter’s toolkit and what to expect along with some rookie mistakes to avoid.

 

As part of Cylance/Blackberry, Josh has recently been involved with connected vehicle projects where standard security techniques for detecting executable malware on laptops and servers can start to look like child’s play in comparison to effort required to properly diagnose events across the diverse hardware and software found in a modern car.  Before wrapping with our speed round, we look ahead at areas where ML may be able to make leaps forward in both vehicles and across cyber security.

About Josh

Josh Lemos is a seasoned leader with over 15 years of professional experience focused on Information Security. Currently, Mr. Lemos is the VP of Research & Intelligence for Cylance, a security endpoint company located in Irvine. In this role, he is responsible for leveraging data science machine learning models to build artificially intelligent predictive software products defending against malware and emerging threats.

 

Frequently called on to advise start-ups and organizations in the security space, Mr. Lemos provides subject-matter expertise in offensive security, defensive countermeasures, product security, and data science for security applications.

 

Josh lives with his family in Carlsbad, CA and can be reached on Twitter at @josh__lemos.

VP of Research & Intelligence for Cylance/Blackberry, Security Journeyman

22/ JOSH LEMOS

Camille%20Headshot%202019_edited.jpg

While visions of sugar plums might be dancing in children’s heads as we close out 2019, the 2020 elections are occupying the head space of many adults in the U.S. In 2016, the importance of election security was made crystal clear. What’s happened since then? Are we ready for 2020? How do experts believe our defenses will hold up when tested by foreign and even domestic attacks?

 

We spent an hour exploring election security (and more) with Camille Stewart, a cyber security attorney with experience working inside tech companies as well as considerable time spent on Capitol Hill in both the Department of Homeland Security and as a consultant. Camille breaks down the major aspects of election security and we discuss why it’s seemingly so fractured across municipalities-- and why that may not be such a bad thing after all.  Jack, Dave and Camille debate how election defenses might be improved, from the role of open source and private services to “defending forward” by taking out troll farms. While Camille declined to grade our readiness for the attacks in 2020 (which have already begun), Camille does make predictions about what will happen during the ‘20 elections, including the likelihood of domestic influence campaigns.

 

Our ~75 minute conversation with Camille showcases the breadth of her experience in both the Silicon Valley and Washington D.C. She explains lessons learned from her time protecting brands at Cyveillance, breaking down the optimal way to get a social media company’s attention when you’d like to have something changed or removed. Camille also explains how State security might be modeled after progressive smaller countries who excel in cyber, leaning on her time working in foreign relations during the Obama Administration.  We wrap up with her recent investigation and resulting paper on how foreign nations, especially China, have been leveraging U.S. bankruptcy proceedings to acquire large amounts of American intellectual property on the cheap.

About Camille

Camille Stewart is an attorney whose crosscutting perspective on complex technology, cyber, and national security, and foreign policy issues has landed her in significant roles at leading government and private sector companies like the Department of Homeland Security and Google. Camille currently leads cybersecurity, privacy, election integrity, and misinformation policy for Google Play & Android.

 

Prior to Google, Camille managed cybersecurity, election security, tech innovation, and risk issues at Deloitte. Camille was appointed by President Barack Obama the Senior Policy Advisor for Cyber Infrastructure & Resilience Policy at the Department of Homeland Security. She was the Senior Manager of Legal Affairs at Cyveillance, a cybersecurity company after working on Capitol Hill. Camille is a New America Cyber Policy Fellow, Truman National Security Fellow, and Council on Foreign Relations Term Member. 

 

Camille on the Board of Women of Color Advancing Peace & Security and leads the Cybersecurity & Emerging Tech working group. She is also leads a project with a DC think tank addressing the exfiltration of national security-related tech and IP through the courts. You can find out more about Camille and her current projects at www.CamilleStewart.com and follow her on Twitter @CamilleEsq.

Cyber Security Attorney, Google Security & Privacy Policy Android+Play

21/ CAMILLE STEWART

  • Facebook
  • Twitter

© 2019 Security Voices.org