100% SIGNAL PODCAST

There are great stories in the security industry that aren’t being told. Fascinating people who fly below the radar and aren’t being heard. We know because we encounter them in hallways, hotel lobbies and just about everywhere imaginable across the globe. Everytime we think “I wish I had recorded that conversation so that everyone could hear it…” Our goal with Security Voices is to provide a place for clear-headed dialogue with great people that’s unencumbered by the hyperbole and shouting that’s far too common in security circles. We don’t have anything against sponsors or sales pitches, but they run counter to our goal of cutting through the noise,  so we don’t have either. We’re aiming for 100% clear signal. 

Got feedback? Drop us an email: info@securityvoices.org

sven_edited.jpg

26/ SVEN KRASSER

Chief Scientist, CrowdStrike

In this episode we step far beyond the hype cycle and dive into the details of scaling a data science team in the security industry with Dr. Sven Krasser. Sven joined CrowdStrike in the early days and the initial part of the conversation with Dave is an incredibly timely conversation covering how to structure and work with remote teams effectively. The interview was recorded a week before the 2020 RSA Conference in San Francisco when the early impact of COVID19 in the U.S. was just starting to be felt.

There are 2 dominant themes in our conversation. First, Sven covers the hard realities of machine learning (ML) and warns against both over dependence and hyperbole. There are many areas where a more simplistic approach is going to get the job done faster and cheaper without the need to maintain a costly model. Sven shares his approach to choosing the right tool for the job and a handy tip for determining where ML marketing has gone astray.

The second theme is the attack surface of ML itself. Seemingly long gone are the days when companies boasted that ML was the coup de grace for the defenders in the endless game of cybersecurity 'cat and mouse'. Today, we know that there are tactics aplenty for both weakening and defeating ML-based defenses that are available to everyone and easier than ever. Our longstanding cat and mouse game isn't over, it's simply more complex than before. 

Our nearly 70 minute conversation with Sven serves as both a "102" exploration of applied ML in cybersecurity and a chat between friends.  We cover the less obvious advantages of being based in Los Angeles, the criticality of data quality to effective ML and exactly which marketing myths rankle data scientists the most.

About Sven

Dr. Sven Krasser currently serves as Chief Scientist at CrowdStrike where he leads the machine learning efforts utilizing CrowdStrike’s Big Data information security platform. He has productized machine learning-based systems for over a decade, has authored numerous peer-reviewed publications, and is co-inventor of more than thirty patented network and host security technologies.

jack_edited.jpg

25/ SECURITY BSIDES

Jack Daniel, Co-founder

The second half of our Day Jobs series is the very first Security Voices episode we recorded: Dave interviewing Jack on the origins, shenanigans and future of BSides. Jack charts the history of the conference from its inception at a rental house in Las Vegas where a couple hundred people met apart from the Black Hat conference to today where Security BSides is a global movement that has eclipsed 500 events (and growing).

 

One of the most unique aspects of BSides is that anyone can create their own event. It is a nonprofit organization that has as its heart a single, potent principle: be good to and for your community. The flexibility of BSides to be molded to the needs of the local community wherever it goes, from Memphis to Riyadh, is a core ingredient of its success. Jack explains how they carefully walk the line of letting each organizer shape their own BSides conference and stepping in only as necessary to lend a helping hand or occasionally correct course when things have come off the rails. 

 

The “just enough” guidance approach extends all the way to allowing new events to change names completely and blossom into different conferences. Security BSides in Phoenix became CactusCon, an event in the Bay Area became Bay Threat and MiSec traces its roots back to a BSides in Michigan. All of these offshoots are not only encouraged but celebrated by Jack and the BSides crew who see this as yet another way of shaping the event to the unique needs of the local community.

 

Security BSides often serves as the starting point of open dialogue on critical industry topics such as gender diversity and mental health that the larger conferences only address years later. Jack takes us through the first “Feathers will Fly” session in Las Vegas which served as a meaningful catalyst for future conversations on gender inequality and (the lack of) diversity in cyber security. 

 

We wrap up with Jack musing on the future of BSides and what it could become long past the year 2020.

About Jack

Jack Daniel is a displaced auto mechanic who somehow wandered into technology and security. Jack is a storyteller, mentor, and podcaster; a community builder and co-founder of Security BSides; an infosec historian, creator and maintainer of the Shoulders of InfoSec Project. In his meandering career Jack has held a variety of practitioner and management roles in technology and security for small to mid-sized businesses and for security vendors. Jack formerly put letters after his name but he doesn't anymore; some fell off, others were pushed.

Open Raven

24/ OPEN RAVEN

Dave + Mark + Mike + Brady + MD + Oliver + Chum & Jason

Our February Security Voices episodes are a 2 part series where Jack and I focus on our “day jobs”, starting with the current episode on Open Raven. Part 2 will be our very first recorded, but unreleased episode where Dave interviews Jack on the origins ands escapades of B-Sides. Look for it later this month.  

 

This is close as we intend to come to promoting anything explicitly on Security Voices and if you’re completely allergic to even the scent of such things, join us back in March where we’ll pick back up with an interview of the Chief Scientist at a prominent security company.  In the meantime, we thought you might appreciate a little background on what Jack and Dave do outside of Security Voices as it understandably colors our perspective, from the questions we ask to the stories we tell. 

 

Open Raven was officially founded in April of 2019 by Dave and Mark Curphey, whom some will recall was the focus of episode 5 of Security Voices. Rather than solely focus on the founders, something we feel happens entirely too much, we felt you might like to hear from the people building the product itself.  Consequently, Dave emcees the episode as we interview the Open Raven team members on topics from the graph back-end to how the company is branded and thinks about UX. The content is at times a little technical but should still be approachable by most and it should give you a sense of the design decisions one makes in an early stage company.

 

Throughout the episode you will hear the authentic voice of the team as they share the principles driving what Open Raven is building along with the pain and successes along the journey. The episode sequencing is as follows:

  • Matthew & Oliver explaining the unique Open Raven deployment model

  • Mike shares the underpinnings of the Open Raven graph 

  • Jason discusses DMAP, a data store fingerprinting service

  • Brady provides the background on the Open Raven brand itself

  • Chum, head of product design, gives the details of the user experience

  • Mark covers the company’s approach to open source and why Open Raven believes it can balance commercial success with permissive licensing

  • Facebook
  • Twitter

© 2019 Security Voices.org