In this episode, I interview Rahul Kashyap, Chief Security Architect and Head of Security Research at Bromium, a company that focuses on stopping cyber-attacks where users are most vulnerable—the endpoint—through virtualization isolation. One of Silicon Valley’s 40 Under 40, Rahul has built a career around developing cyber defense technologies that focus on exploit prevention. At Bromium, Rahul manages R&D and product security, while simultaneously conducting robust industry outreach, speaking at leading security conferences including BlackHat, BlueHat, Hack-In-The-Box, RSA, DerbyCon, BSides, ISSA International, OWASP, InfoSec UK and others. 

Sponsored By:

• CIO Security Scoreboard – Go to VisualCIO.com to learn more about how to communicate the status of your IT Security program visually and in minutes.

Time Stamped Show Notes:

• 02:00 – Rahul joins to the show
• 02:41 – Talking about the 40 Under 40
• 03:30 – The importance of being “unstoppable”—no one believes in you at the front-end—you need to be relentless in your confidence and determination
  • 04:47 – The genesis of being “unstoppable”
• 06:05 – The importance of taking on big challenges versus small challenges—Rahul’s Gandhi example
• 06:43 – We are a function of the problems we choose
• 07:25 – Even when you don’t hit the target when you take on a “big challenge” when you fall, you’ll fall somewhere along the path and that’s a great place to be
• 07:55 – The problems Bromium tackles
  • 08:34 – Attackers have found a soft-spot—the end users—and all it takes is one bad click
  • 09:12 – Attackers have nothing to lose, and end-users will continue to make mistakes
  • 09:44 – No one can build the perfect security engine—it’s impossible
• 10:15 – The key is not worrying about users making mistakes, or attackers attacking—the key is isolating the attack at the end-point and confining it there
• 13:25 – Bromium focuses primarily on desktops, laptops, and tablets
• 14:00 – Micro-virtualization is at the executable side
• 14:46 – Rahul defines Bromium Labs
• 16:09 – Defensive security versus offensive security
  • 16:52 – Every security company should invest in offensive security because it most accurately resembles how hackers think
  • 18:23 – Offensive security gives you the Why
  • 18:44 – Defensive security gives you the How
• 20:04 – Anti-Virus is approximately 5% effective
  • 20:30 – It has lost its efficacy because the technology—in principle—hasn’t evolved
• 22:45 – Bromium Labs’ first focus is to keep your network from getting infected in the first place
• 25:35 – Does Bromium need to be run in isolation or can it bundled into the software stack at the end-point?
• 26:49 – The security architecture behind managing disparate end-points
• 28:02 – Bromium’s pre-deployment analysis tool is under development but will launch soon
• 28:28 – Bromium’s partnership with Microsoft for Windows 10
• 30:33 – The frequency of patching has become SUCH a burden for small business, which is why Bromium developed a unique position towards patching
• 32:15 – Patching is often human error related
• 33:48 – It’s a new way of doing security—isolation versus prevention
• 34:16 – Sandboxing, Hardware enforced isolation, micro virtualization
• 35:18 – Most of your browsers already have a sandbox
• 36:55 – Companies are tired of investing in so many security products…the industry is too fragmented—Bromium is looking to change that
• 38:08 – It’s vital to understand the architectural limitations of each technology
• 38:55 – Rahul’s favorite new technology?—Hive which is exploring the intersection between big data and security
• 40:48 – Rahul shares his thoughts on machine learning and A.I.
• 42:33 – Rahul has taken up kayaking to manage stress and stay focused…and Call of Duty on X-Box One

4 Key Points:

1. We are a function of the problems we choose—an important concept to live by.
2. The true soft-spot in today’s cyber-security market is the end-user—end-users always have, and always will make mistakes that result in compromised systems and networks.
3. It is impossible to engineer a perfect security system—the threats change to rapidly—instead of trying to focus on prevention, let’s focus on technologies that accept attacks as the inevitability they are…technologies that let an attack happen, but isolate it immediately at the end-point.
4. The cyber-security business (like most businesses) can be extremely taxing—find an outlet for healthy stress management.

Key Resources:

• Rahul Kashyap – Today’s guest—Chief Security Architect and Head of Security Research at Bromium
• Sandboxing – Default security mechanism that operates through isolation of threats, now available on most browsers
• Bromium Labs – Dedicated to advancing the “state of the art” of information security by performing advanced research into current and future security threats.
• The Hive – An incubator that uses deep learning (a new discipline in AI) and neural network models to automate the learning of data representations and features.
• Micro Virtualization – A proprietary technology that abstracts applications and sub-processes from hardware and runs them in isolated environments.

Credits:

Show Notes provided by Mallard Creatives

In this episode I interview Michelle Gielan, Founder of the Institute for Applied Positive Research, former CBS News anchor, and author of the Bestselling book, Broadcasting Happiness. As a psychology researcher, Michelle’s work has been featured in The New York Times, Washington Post, FORBES, Harvard Business Review, and on the CNN and FOX News networks. Listen as Michelle and I discuss the power of positivity, our responsibility as individual broadcasters, and how business leaders can radically improve employee performance by bringing the right attitude to the office. 

Sponsored By:

• CIO Security Scoreboard – Go to VisualCIO.com to learn more about how to communicate the status of your IT Security program visually and in minutes.

Time Stamped Show Notes:

• 01:02 – Bill welcomes Michelle to the show
• 01:30 – How Michelle went from being a computer engineer, to news anchor, to psych researcher
• 01:55 – Do work that fits your calling—that helps you serve the world
• 02:30 – At the height of the recession, Michelle was broadcasting negativity every day which took its toll and is ultimately why she left
• 03:30 – Defining positive psychology
  • 03:50 – How can we—once we get people to baseline—get them to thrive?
• 04:45 – When we make small changes in the way we communicate with people it radically alters how impactful our interactions can be
• 05:09 – The science behind positive psychology
  • 05:43 – We’re all broadcasters—we all have influence and power over others
  • 06:12 – When leaders come into the office with a negative/stress mindset, it’s broadcast to the employees
  • 07:48 – The pre-frontal cortex
  • 08:05 – The dopamine hit and the risks of addiction
• 08:35 – Small complements to employees result in small dopamine hits which results in better productivity
• 10:05 – The brain is like a muscle—we can change it, we are not dealt a set hand of cards
• 11:05 – How much support your organization provides can radically alter the on-job performance of your employees
  • 11:50 – Work optimism
  • 12:00 – Positive Engagement
  • 12:06 – Support Provision
• 12:45 – What you give is what you get in terms of positivity
• 13:28 – Look at challenging or stressful situations as opportunities to be a hero
• 14:30 – Exercises and habits to re-writing how we think
  • 14:58 – The Power Lead
• 16:25 – Michelle’s work with Nationwide Insurance
  • 17:28 – The changes invoked via Michelle’s team 3X’d Nationwide’s sales
• 17:39 – Rethinking small business practices, and showing up fully as leaders can radically improve your operation
• 18:55 – Those small conversations you have with your employees in the hallway, in the breakroom, etc. add up in a BIG way
• 19:45 – As a leader, you are complete responsible for how you show up
• 21:09 – Michelle’s practical tips
  • 21:27 – Beware To-Do lists—make sure it includes “wins”
  • 23:09 – Instead of trying to fix flaws, focus on strengths and accomplishments
• 24:37 – BUSY PEOPLE!—craft your early morning experience with positivity so it can fuel you the rest of the day
• 25:43 – Transformative Journalism—less on the problem, more on the solution
• 26:48 – Negative events will befall us…it’s what we do with those experiences that matters
• 27:10 – Michelle’s idea billboard—you are a broadcaster and the message you choose to broadcast will radically alter those around you.
• 27:55 – Broadcasting Happiness Website

4 Key Points:

1. We’re not dealt a fixed set of cards—don’t be afraid to change directions and pivot your focus, that’s how Michelle went from computer engineer to broadcaster to author.
2. Stop dwelling on the negatives in your life—focus on your strengths and accomplishments.
3. We are ALL broadcasters and we are all responsible for the message(s) we broadcast.
4. Rethink your small business practices—cherish those hallway or lunchroom conversations with employees, and make sure you show up in a state of positivity every day.

Resources Mentioned:

• Microsoft Hololens –The first fully untethered, holographic computer
• Broadcasting Happiness – Michelle’s book on Amazon
• Michelle Gielan – Today’s guest
• Transformative Journalism – Journalism that’s about moving forward not backward
• Broadcasting Happiness Website – The website for Michelle’s quiz and contact info

Credits

Show Notes provided by Mallard Creatives

In Episode #38 Bill interviews Eric Vanderburg, a thought-leader and Director of Information Systems and Security at JurInnov, a cyber security and forensics company that helps businesses get back on their feet following a security breach.  Listen as Bill and Eric discuss life as “Sherriff of the Internet,” virtual versus augmented reality, and various elements of upscale IT security. 

Sponsored By:

• CIO Security Scoreboard – Go to VisualCIO.com to learn more about how to communicate the status of your IT Security program visually and in minutes.

Time Stamped Show Notes:

• 01:40 – Bill welcomes Eric to the show
• 02:01 – What it’s like being the “Sherriff of the Internet”?
• 03:10 – Microsoft Hololens—Microsoft’s take on Google Glass
• 04:48 – Eric defines an innovative, real world application for Microsoft Hololens
  • 05:47 – Fashion
  • 07:31 – Other applications for Hololens
  • 07:59 – Video conferencing
• 08:53 – Eric defines his idea generating process
• 09:39 – Virtual reality is cutting us away from the real world, whereas augmented reality allows reality and the virtual to coexist
• 10:49 – The problem with technology is that it allows us to connect at such grand scale that—in some ways—it prevents us from actually connecting
• 11:30 – Virtual reality and augmented reality are both industry terms
• 12:19 – How Eric forms his ideas and brings them to market
• 13:27 – Eric’s top 2-3 sites for leveraging security information
• 14:44 – Ideas can be lost real fast—capture them as they arise
• 16:09 – David Cross of Microsoft Azure
• 16:50 – Muse
• 18:58 – Data can help us to train our brains
• 19:19 – Heartmath
• 21:25 – The medical device industry is growing at 400% per year in terms of technological advancement
• 21:46 – Explaining corporate espionage and how inter-company hacks work
• 23:34 – The dark web makes it incredibly easy to perform corporate espionage
• 24:44 – Countries go through a maturity process where technologies are simply stolen
• 27:00 – Eric’s role as an expert witness in IT Security trials
• 29:15 – The importance of the investigative track
• 30:00 – eDiscovery as it pertains to email and file systems
• 31:09 – Before adopting a technology, you need to fully understand and appreciate all the potential impact it can have
• 32:20 – You can say something 1000x times but until it actually happens to them, most people don’t pay attention to all the risks
• 33:08 – Top questions for a CIO to ask to start the impetus to plan for an attack
• 36:48 – Hybrid clouds versus full-cloud deployments
• 38:44 – When data is in unstructured file types, the normal tools used to run against it are ineffective
• 39:46 – Subtopic for a CIO Mastermind—finding qualified talent
• 41:01 – How AI will impact IT Security and Business IT Leadership moving forward
• 42:26 – Theses days, data is used to gather even more data, which is then used to create revenue
• 43:00 – Bots are just the new wave of malware
• 43:27 – We are in the midst of the Cold War of technology
• 44:38 – Businesses are struggling to even deploy anti-virus software
• 45:12 – It behooves business owners to evaluate the methods and means in which their IT will be used
• 46:58 – IT Security awareness needs to be ramped up

3-5 Key Points:

1. The future isn’t in virtual reality, it’s in augmented reality.
2. Technology has given us the ability to connect in ways never before imagined—that being said, if abused or misused, it actually drives us further apart.
3. Fully understand a technology before bringing it into your home or business.
4. As the years progress, expect most businesses to favor hybrid cloud solutions over full-cloud deployments.

Resources Mentioned:

• Microsoft Hololens –The first fully untethered, holographic computer
• Muse – Brain tracking and meditation device
• Heartmath – A company that helps correlate the relationship between the heart and mind
• @evanderburg – Eric’s Twitter handle
• Security Thinking Cap – Eric’s blog and access to his publications

Credits

Show Notes provided by Mallard Creatives