Displaying all 29 episodes

Standing in the Rain Isn't Diving in the Sea

Natural events certainly have their effect on security, and this week Jesse tells us how in the aftermath of Hurricane Ida. The two most pressing components that natural events effect? Connectivity and business continuity. Jesse breaks down the importance of the two in regards to your security needs. In the news: Microsoft Azure Cloud’s security soft spot exposed, Shinyhunter Treat Group on the prowl, some new AWS security training coming in the fall, and more! Tune in for the rest!

Can You Hear Me, Can You See My Screen?

In the age of Zoom, Google Meet, and all the other various offenders—why do our conference calls still suck? Well, this week Jesse has some insight into how even now, in 2021, sometimes our meetings can feel like an overseas Skype call in 2010. Tune in for his take! In the news: top five security issues to watch out for, attackers laucnhing assualts agains Linux in the cloud, the three biggest inovations tha thave transformed cloud security, and more!

Attacks, Tools, and Ails

How do you understand attacks? This week Jesse tells us. The function of software languages, and how hardware memory works are places to start. Join Jesse as he takes a look at the attacks that often result in security breaches and offers some advice on how to alleviate them. In the news: re:Inforce canceled in Houston, cue Marty Robbin’s for IBM’s Big Iron, how small healthcare is under threat from cyberattacks, and more!

The Castle is Lost

Man the perimeter! This week Jesse divulges some of the latest on perimeter defense, to include recent news thats changed how its done! There is no large perimeter anymore. These days everything thats on a network is subject to security risks. Be it a phone, computer, or any other device. Tune in for how to keep your guard up! In the news: cloud security basics for CIOs and CTOs, simplify that private cloud, ransomware gangs on the prowl, and more!

Security Summer Camp

for a chance to form those foundational security memories! Jesse keeps us up to date on your summer security needs as cloud-native micro services become even more complex. The key, Cloud Security Posture Management or CSPM. In the news: four factors you certainly should include in your cybersecurity strategy, 1 TB data breach cuases leaks in the world of oil, the future of FedRAMP, and more!

All Roads Lead to Cloud

Building new things in the cloud can be fun! But it comes with its own difficulties. Tune in this week as Jesse discusses the different migrations strategies for moving legacy infrastructures and the forms those strategies take. In the news: What does it take to use containers? Kubernetes Cloud Clusters are under cyberattack! GitHub steps it up for Go modules, and more!

Compliance, Ransomware and Privacy, Oh My!

Compliance, privacy, ransomware, and DevSecOps are common topics in the realm of cybersecurity. You may notice that these themes emerge from the topics covered each week. Join Jesse as he elaborates on each topic using common definitions. In the News: Malware is being used to spy on journalists, politicians and human rights activists! How does the new Colorado Privacy Bill stack up against California and Virginia? Detecting brand impersonation is becoming easier, yet more complex. Tune in for more in this week’s episode of Meanwhile in Security.

Who's Fooling Who?

Join Jesse as he talks about learning FOOLS, which is an entire AWS functional objection orientation language suite of tools and APIs services. The first public rollout of AWS FOOLS set the stage for AWS Infinidash, which exploded onto the internet last week. Will the AWS infinimarathon see the light of day? In the News: The Pentagon cancels JEDI contract with Microsoft, fake Amazon cloud service AWS InfiniDash quickly goes viral - tune in for more in this week’s episode of Meanwhile in Security.

Use a Vault Before Ransomware Does It For You

Don’t get held ransom by ransomware! Remember to balance your production and your security. This week there are ways to keep it all secure across the systems. Ransomware isn’t a joke folks! Tune in to see useful ways to keep yourself secure. In the news: is cybersecurity insurances worth it? More useless laws for cybersecurity, NSA rings the warning bells on Russia, and more from security and the cloud!

Thesauruses are fun: Adaptable Durable Flexible

In an age of fail themed YouTube compilations and memes, do we even fail gracefully anymore? If we do, or ever did, what does it mean to do so? Join Jesse this week as he ponders pontifically on the possibilities of how to do just that. Jesse asks why do we let the old systems crash and burn, instead of a gentle bow as they leave the stage? Turn in to a success compilation on the how's and why's to do so. Following on with the latest in security news: how is the world of cyber security reacting to John McAfee’s death, avoid the dangers of cloud migration, Zoom’s onslaught of security challenges in lieu of the pandemic, and much more.

Real Risk vs Movie Risk

The magic weaver himself, Jesse Trucks, is back at it again and this time he is going after Hollywierd and all its misinformation. Unlike in the movies (password: pencil, you’re in the clear) real hacking risks are something to be taken with a heap of salt. Its safe to say that real APTs aren’t out to get you, but if you leave your data out in the wild then you’re asking for it. Take those extra steps towards securing your information! Following on with some news: via Amazon Sidewalk Mesh Network remember, don’t confuse privacy with security. Cognyte, CVS, and Wegman’s sprout some leaks! Find some useful tips for traveling and cybersecurity in our brave new world as it begins to open up. This and more here at Meanwhile in Security! Stay tuned for more ways to keep spunky high school hackers from changing your grades!

You Down with ATP? Yeah, You Know Me

Join Jesse as he talks about Advanced Persistent Threats, otherwise known as APTs. He touches upon the easiest way to stop worrying about APTs, why you need to secure your IAM credentials, how proper security is the balance between the needs of service delivery and data availability, how you can’t track what you don’t know you have, the rise of cloud security posture management and why you might want to experiment with it, how confidential computing is essentially encryption of data via hardware, whether you can guess Jesse’s favorite part to Biden’s executive order on cybersecurity, and more.

Pirates and Castles

Join Jesse as he talks about the two types of security mindsets and why both are wrong, why you should embrace the principle of least privilege, why you’re going to get owned sooner or later if you don’t secure your credentials, why we should teach kids about cybersecurity so they don’t make dumb decisions when they’re adults, how only 17 percent of organizations are encrypting at least half of their data in the cloud, why zero trust is a horrible name for the concept of dynamic contextual authorization, and more.

Caution with Automation

Join Jesse as he talks about the critical role automation plays in security, why you need to be cautious when automating tasks, why you need to patch your Pulse Secure VPN, the M&A extravaganza going on in the cybersecurity space, why you should just let out a big sign and deploy into a zero-trust architecture today, how it’s important to know wrong behavior but even more useful to know what’s right, how cloud security breaches have officially surpassed on-prem breaches for the first time, why you should enable multi-factor authentication for cloud account access, and more.

Stop Using Passwords, No Really, Stop

Join Jesse as he explains why you should stop using passwords and use a password vault instead, why you should use passphrases when you have to memorize one and what those passphrases should look like, how password vaults are life-changing in remote environments, yet another reason why security teams should shift left, how cybersecurity is an arms race and why teams should implement algorithmic analysis of environments to find suspicious behavior, how there are 193 billion credential stuffing attempts each year, why you should encrypt all data in transit, and more.

A Jump To The Left Not A Step To The Right

Join Jesse as he explores the ins and outs of shifting left and what it means for software development, why you should begin writing code with security top of mind, why you need to check your basic permissions on things like storage and services, how things are changing and security needs to get with the times, how we all struggle to secure all the things and also to secure any of the things, how virtual keyboards can protect you against ransomware attacks, why you should make security training funny, and more.

The Grid Has Fallen and It Can't Get Up

Join Jesse as he examines the importance of infrastructure security and touches upon why it’ll take months or years before it catches up to mainstream cybersecurity, why you should never put keys or passwords into your apps in ways that expose your sensitive data, why your team should be practicing DevSecOps if you aren’t already, why you should always assume your systems are flawed and breakable, the future of nation-state hacking and cracking, how there’s a talent shortage in the security space, why it’s important to understand the way government thinks about cybersecurity and tech, and more.

Meanwhile in Security Trailer

Cloud security is a minefield of news that assumes the word "Security" is lurking somewhere in your job description. It doesn't have to be this way. Weekly cloud security news for people with other jobs to do. Cloud Security For Humans.

All Changes Are Permanent Until Replaced

Join Jesse as he talks about how quick fixes often become de facto supported production implementations, how all changes are permanent until replaced, why you should implement hard controls if you don’t want temporary changes happening in your environment, how Jesse met Duckbill Group CEO Mike Julian, how three of the biggest companies my market capitalization are U.S. tech giants that happen to also be cloud giants, the challenge of securing non-person identities, why you should turn off instances, containers, and cloud services you’re not using, and more.

Hooked on Compliance

Join Jesse as he explores the wonderful world of compliance requirements and talks about why you don’t necessarily need to know the intricate details of every law and framework, some of the best security training and certifications you can get, the NIST cybersecurity framework, why password managers are great as long as you do two things, five objectives for establishing an API-first security strategy, why you need to have your critical services and all of your data in multiple availability zones and spread across multiple regions if possible, why you should always assign permissions to AWS IAM user groups, and more.

ZTA: What's Your Plan?

Join Jesse as he talks about Zero Trust Architecture through the lens of a zombie apocalypse. In this episode, Jesse discusses the basic components of Zero Trust Architecture, how you can go about implementing ZTA, the five key things you need to do to turn ZTA into a reality in your environment, what Zero Trust looks like in the real world, the importance of securing your cloud storage, why you should be auditing your storage on a regular basis, and more.

Zero Trust: Do You Trust Me?

Join Jesse as he takes a look at the Zero Trust model of security and discusses how it works using a multi-tenant office building as a metaphor, how Zero Trust opens possibilities for automating complex access authorization schemes, why Jesse recommends using the NIST ZTA as a foundation for your approach to Zero Trust implementation, how to implement Zero Trust (spoiler: tune in next week!), how the ability to quickly change access rules for accounts connecting to resources or services is at the very core of Zero Trust, and more.

AWS, Verizon, and MEC: Demystified

Join Jesse as talks about Verizon’s deepening partnership with AWS and the launch of a private mobile edge computing (MEC) service. In this episode, he explores what the new MEC service does, the differences between public and private MECs, how AWS Outpost is essentially AWS managed cloud offering in a box or rack of servers in your own data center, the two changes Outpost introduces to the shared security model, AWS Nitro and how it allows for a secure implementation of AWS cloud services while also protecting customer environments and data, the impact MEC might or might not have on your environment, and more.

Know News Is Good News

Join Jesse as he talks about the endless amount of news out there for security professionals and how to find the signal in the noise, how understanding your organizational mission helps you understand your risks, how to develop a news strategy, what your attack surface is and how to think about it, Jesse's recommendation on how to triage your news needs, why you should scan major publications to see what sources are saying across the board before determining what critical elements warrant deeper investigation, and more.

Trilogy of Threes and a New Mantra

Join Jesse as he talks about why it's useful to know how to build a security program from the ground up yet how people never really have the luxury to do so, the difference between security in cloud and on-prem environments, why Jesse encourages newcomers to AWS or the cloud in general to spend ten hours perusing aws.training, the importance of understanding cloud security fundamentals, how securing S3 buckets is the cloud version of securing FTP, why you should always be thinking about the fundamentals of great security, and more.

The Holy Trinity & the CIA Triad

Join Jesse as he explores the Holy Trinity of security: confidentiality, integrity, and availability of all data and services. Find out why Jesse thinks access to and use of services fits under the scope of confidentiality, software supply chain attacks and what you can do to prevent them, DDoS attacks and what you can do to prevent them, how the Golden Triangle of security relates to the Holy Trinity of security, how to ensure your security program is both comprehensive and comprehensible to IT staff and users—not just security professionals and auditors—and more.

The Golden Triangle

In this episode, Jesse opines on the fact that defensive security is much more important than the offensive security that’s portrayed in media, why defending systems is more challenging and rewarding than most people realize, the Golden Triangle and the role people, processes, and technology play in defensive security, what to look for in the people you hire for your security team (spoiler: domain knowledge), how SolarWinds could have protected itself against a recent data breach, why even the smallest of environments still needs tools to monitor incidents, and more.

Welcome and Why Does Security Matter?

Jesse Trucks is the Minister of Magic at Splunk, where he consults on security and compliance program designs and develops Splunk architectures for security use cases, among other things. He brings more than 20 years of experience in tech to this role, having previously worked as director of security and compliance at Peak Hosting, a staff member at freenode, a cybersecurity engineer at Oak Ridge National Laboratory, and a systems engineer at D.E. Shaw Research, among several other positions. Of course, Jesse is also the host of Meanwhile in Security, the podcast about better cloud security you’re about to listen to. In this episode, Jesse establishes the foundation for an effective security approach while touching upon the importance of security as a mindset instead of a tool, how security is often driven by management or budgetary concerns, which results in waste and frustration, the importance of understanding the why behind security, why organizations often lose sight of the fact that their security plans aren’t the actual goal—protecting data and infrastructure is, Simon Sinek and the neuroscience behind why it’s important to know why you are doing something, how purchasing the right tool is wasted resources without a success plan for implementing said tool, and more.

Introducing Meanwhile in Security

Ever noticed how security tends to be one of those things that isn't particularly welcoming to folks who don't already have the word "security" somewhere in their job title? Introducing our fix to that: Meanwhile in Security. Featuring Jesse Trucks.

Join the newsletter

Cloud Security For Humans

Got it. You're on the list!

Meanwhile in Security is a production of The Duckbill Group. Check out our other publications, Last Week in AWS, Screaming in the Cloud, and AWS Morning Brief.

© The Duckbill Group, 2021