Inside Out Security

Systems engineering manager Mike McCabe understands that State, Local and Education (SLED) government agencies want to be responsible stewards of taxpayer’s funds. So it makes sense they want to use security solutions that have proven themselves effective. For the past six years, he’s brought awareness on the tried and true efficacy of how Varonis solutions can secure SLED’s sensitive unstructured data. In our podcast interview, he explains why data breaches are taking place, why scripts aren’t the answer, and how we’re able to provide critical information about access to SLED’s sensitive data. We also make time to learn more about what Mike does outside of work and he has great advice on figuring out what to eat for dinner.

Our community is finally discussing whether computer science researchers should be required to disclose negative societal consequences of their work to the public. Computer scientists argue that they aren’t social scientists or philosophers, but caring about the world isn’t about roles, it’s the responsibility of being a citizen of the world. At the very least, researchers ought to be effective communicators. We’ve seen them work with law enforcement and vulnerability announcements. There must be more they can do!

While some of our colleagues geeked out at Blackhat, some of us vicariously experienced it online by following #BHUSA. The keynote was electric. They’re great ideas and we’ve seen them implemented in certain spaces. However, the reality is, we have a lot more work to do. There was also a serious talk about burn out, stress, and coping with alcohol as a form of escape. We learned that mental health is growing concern in the security space. As more organizations rely on technology, security pros are called on at all hours of the day to remediate and prevent disasters.

Over the past six years, Colleen Rafter has been educating Varonis customers on the latest and greatest data security best practices. Share or NTFS permissions? She has an answer for that. Aware that security pros need to meet the latest GDPR requirements, she has been responsibly reading up on the latest requirements and developing course material for a future class. In our podcast, Colleen advises new Varonis customers what to do once they have our solutions and which classes to take and in what order.

This week’s podcast was inspired by chief information security officer Wendy Nather’s article, The Security Povery Line and Junk Food. It’s 2018 and we’re still struggling to get a proper security budget. Is it a mindset? Is that why when we hire pen testers to identify vulnerabilities, they’re usually able to gain admin access? On the bright side, a company with a bigger budget, Google recently declared victory with a USB key that prevented phishing for an entire year.

Dr. Gemma Galdon-Clavell is a leading expert on the legal, social, and ethical impact of data and data technologies. As founding partner of Eticas Research & Consulting, she traverses in this world every day, working with innovators, businesses, and governments who are are considering the ethical and societal ramifications of implementing new technology in our world. We continue our discussion with Gemma. In this segment, she points out the significant contribution Volvo made when they opened their seat belt patent. Their aim was to build trust and security with drivers and passengers. Gemma also points out that we should be mindful of the long-term drawbacks if you ever encounter a data breach or a trust issue - unfortunately, you’re going to lose credibility as well.

One theme we're always discussing on the Inside Out Security podcast is the tension between law, privacy and security. When we create new technologies, we want security and privacy, economic prosperity and sustainability, accountability but insist on confidentiality. However, we also recognize the urgency businesses have in securing a first place finish. The reality is that it is difficult to embed all of these values in one pass. As technologies get built, it also elucidates some values we hold to a higher regard than others.

When we create new technologies, we want security and privacy, economic prosperity and sustainability, accountability but insist on confidentiality. The reality is that it is difficult to embed all of these values in one pass. As technologies get built, it also elucidates some values we hold to a higher regard than others. To cope with moral overload, some have suggested that we start designing security and privacy controls as a gradient. Or perhaps certain controls get a toggle on/off switch.

For years, technologists wondered why the law can’t keep pace with technology. Instead of waiting for the government to pass a regulation, should we enlist private companies to regulate? However, in a recent interview with privacy and cybersecurity attorney Camille Stewart, she said that laws are built in the same way a lot of technologies are built: in the form of a framework. That way, it leaves room and flexibility so that technology can continue to evolve.

There are many advantages to being first, especially in the business world. Securing a first place finish usually rewards the winner with monopoly-like status and securing the largest and most dominant market share. A byproduct, however, of the winner takes all mentality is sacrificing security.

In part two of my interview with Allison F. Avery, a Senior Diversity & Inclusion Specialist at NYU Langone Medical Center, she clarified common misconceptions about Diversity & Inclusion (D&I) and offered a framework and methodology to implement D&I. She reminded me, “You should not be doing diversity for diversity sake.”

We continue our conversation with cyber and tech attorney Camille Stewart on discerning one's appetite for risk. In other words, how much information are you willing to share online in exchange for something free?  It's a loaded question and Camille takes us through the lines of questioning one would take when taking a fun quiz or survey online. As always, there are no easy answers or shortcuts to achieving the state of privacy savvy nirvana. 

In part one of our interview, Ms. Avery sets the foundation for us by describing what a successful diversity & inclusion program looks like, explaining unconscious bias and her thoughts on hiring based on one's social network.

While reading about our latest technological advances, such as digital license plates and self-driving cars, I wondered about our industry’s core security principles that set the foundation for all our innovation. However, what about user agreements? We’re able to create incredible new advances, however we can’t get our user agreements right. Even though the agreements are for the users, it’s rare that they want to read the legalese. It’s just easier to click ‘accept’. As the author suggests, there’s must be a better way for end users to interact with tech companies.

Many want the law to keep pace with technology, but what's taking so long? A simple search online and you'll find a multitude of reasons why the law is slow to catch up with technology - lawyers are risk averse, the legal world is intentionally slow and also late adopters of technology. Can this all be true? Or simply heresy? I wanted to hear from an expert who has experience in the private and public sector. That's why I sought out the expertise of Camille Stewart, a cyber and technology attorney. In part one of our interview, we talk about the tension between law and tech. And as it turns out, laws are built in the same way a lot of technologies are built: in the form of a framework.