A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Контент предоставлен Security Voices. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Security Voices или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
Player FM - приложение для подкастов
Работайте офлайн с приложением Player FM !
Работайте офлайн с приложением Player FM !
Fixing Security's Human Problem: Behavioral Engineering at Robinhood
MP3•Главная эпизода
Manage episode 345237134 series 2495524
Контент предоставлен Security Voices. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Security Voices или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
In cybersecurity, we have teams focused on managing vulnerabilities. We have SOCs who spend their days obsessing over threats. App sec teams. Data privacy teams. In the typical, modern cybersecurity team, we have exactly zero people focused on helping humans defend themselves and the organization in spite of a massive increase in scams and fraud that are squarely aimed at tricking people into making bad decisions. Are we really more at risk from a new foreign adversary or CVSS 9 vulnerability than we are from an executive or someone in Finance being deceived by a scammer?
Enter Behavioral Engineering. A new-ish discipline introduced by forward leaning cybersecurity teams that recognizes the pivotal role that humans and key behaviors play as part of our overall security posture. What do we mean by key behaviors? How we share sensitive information. What we do when we authenticate. How we react when we see something suspicious. And so on.
In this episode of Security Voices, Jack and Dave interview the Behavioral Engineering (BE) team of Robinhood, Masha Arbisman and Margaret Cunningham, as well the CISO, industry veteran Caleb Sima. In this roughly 60 minute session we establish a clear definition for BE, explain how it works in the real world and how it contrasts with commonplace practices such as “name and shame” benchmarking of vulnerability remediation progress. We’ll also clarify why security awareness training often sucks and how BE addresses historical security program deficiencies.
Before wrapping up with practical advice of how and why to get started with your own BE program, we learn why you should never say that humans are the weakest link. And why you probably should actually click on things. Lots of things. And just tell someone about it afterwards it went funky.
…
continue reading
Enter Behavioral Engineering. A new-ish discipline introduced by forward leaning cybersecurity teams that recognizes the pivotal role that humans and key behaviors play as part of our overall security posture. What do we mean by key behaviors? How we share sensitive information. What we do when we authenticate. How we react when we see something suspicious. And so on.
In this episode of Security Voices, Jack and Dave interview the Behavioral Engineering (BE) team of Robinhood, Masha Arbisman and Margaret Cunningham, as well the CISO, industry veteran Caleb Sima. In this roughly 60 minute session we establish a clear definition for BE, explain how it works in the real world and how it contrasts with commonplace practices such as “name and shame” benchmarking of vulnerability remediation progress. We’ll also clarify why security awareness training often sucks and how BE addresses historical security program deficiencies.
Before wrapping up with practical advice of how and why to get started with your own BE program, we learn why you should never say that humans are the weakest link. And why you probably should actually click on things. Lots of things. And just tell someone about it afterwards it went funky.
66 эпизодов
MP3•Главная эпизода
Manage episode 345237134 series 2495524
Контент предоставлен Security Voices. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Security Voices или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
In cybersecurity, we have teams focused on managing vulnerabilities. We have SOCs who spend their days obsessing over threats. App sec teams. Data privacy teams. In the typical, modern cybersecurity team, we have exactly zero people focused on helping humans defend themselves and the organization in spite of a massive increase in scams and fraud that are squarely aimed at tricking people into making bad decisions. Are we really more at risk from a new foreign adversary or CVSS 9 vulnerability than we are from an executive or someone in Finance being deceived by a scammer?
Enter Behavioral Engineering. A new-ish discipline introduced by forward leaning cybersecurity teams that recognizes the pivotal role that humans and key behaviors play as part of our overall security posture. What do we mean by key behaviors? How we share sensitive information. What we do when we authenticate. How we react when we see something suspicious. And so on.
In this episode of Security Voices, Jack and Dave interview the Behavioral Engineering (BE) team of Robinhood, Masha Arbisman and Margaret Cunningham, as well the CISO, industry veteran Caleb Sima. In this roughly 60 minute session we establish a clear definition for BE, explain how it works in the real world and how it contrasts with commonplace practices such as “name and shame” benchmarking of vulnerability remediation progress. We’ll also clarify why security awareness training often sucks and how BE addresses historical security program deficiencies.
Before wrapping up with practical advice of how and why to get started with your own BE program, we learn why you should never say that humans are the weakest link. And why you probably should actually click on things. Lots of things. And just tell someone about it afterwards it went funky.
…
continue reading
Enter Behavioral Engineering. A new-ish discipline introduced by forward leaning cybersecurity teams that recognizes the pivotal role that humans and key behaviors play as part of our overall security posture. What do we mean by key behaviors? How we share sensitive information. What we do when we authenticate. How we react when we see something suspicious. And so on.
In this episode of Security Voices, Jack and Dave interview the Behavioral Engineering (BE) team of Robinhood, Masha Arbisman and Margaret Cunningham, as well the CISO, industry veteran Caleb Sima. In this roughly 60 minute session we establish a clear definition for BE, explain how it works in the real world and how it contrasts with commonplace practices such as “name and shame” benchmarking of vulnerability remediation progress. We’ll also clarify why security awareness training often sucks and how BE addresses historical security program deficiencies.
Before wrapping up with practical advice of how and why to get started with your own BE program, we learn why you should never say that humans are the weakest link. And why you probably should actually click on things. Lots of things. And just tell someone about it afterwards it went funky.
66 эпизодов
Все серии
×Добро пожаловать в Player FM!
Player FM сканирует Интернет в поисках высококачественных подкастов, чтобы вы могли наслаждаться ими прямо сейчас. Это лучшее приложение для подкастов, которое работает на Android, iPhone и веб-странице. Зарегистрируйтесь, чтобы синхронизировать подписки на разных устройствах.