Sign up to save your podcasts
Or
Share How to Use the Cloud to Distinguish Between True and False Information with Morey Haber
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How to Use the Cloud to Distinguish Between True and False Information with Morey Haber
Episode Summary
The cloud is the future for a reason. Besides its massive impact on security and more convenient file storage options, the cloud has fostered the creation of an environment where you can have all the information in the palm of your hand. And speaking of the cloud and technology, the best is yet to come.
However, its ability to deliver tons of information to users worldwide is a double-edged sword. The cloud has a blend of both true and false information, which makes you doubt the credibility of any source you read, whether it's Wikipedia or a random webpage.
In the new episode of Cloud Security Reinvented, Andy Ellis chats with Morey Haber, the Chief Security Officer at BeyondTrust. They get into the significance of the cloud compared to on-premise solutions, the most significant tech opportunities in the future, and the security loopholes that should have been eliminated a long time ago.
##
Guest-at-a-Glance
π‘ Name: Morey Haber
π‘ What he does: Morey is the Chief Security Officer at BeyondTrust.
π‘ Company: BeyondTrust
π‘ Noteworthy: Besides his role as a CSO, Morey is also a prolific writer. So far, he's published three books β Identity Attack Vectors, Privileged Attack Vectors, and Asset Attack Vectors.
π‘ Where to find Morey: LinkedIn
##
Key Insights
β‘ Reliability is the core of the business. For Morey, reliability represents one of the most significant aspects of how he does business. "My parents had a jewelry store in Brooklyn, New York, and its name was Haber's Reliable Jewelry. The word 'reliable' was in the name, and reliability is a personal trait that I hold dear today. I believe in being reliable all the way through. The fact that my career started as a reliability engineer, and I ended up as a CSO, I still hold that word very dear."
β‘ You don't need agents to do things in the cloud. Morey believes that the cloud is superior to on-premise solutions in many ways, which is why he prefers it when doing his business. "I did not want traditional scanning technologies and agent technologies to do it. I wanted a modern approach to getting there, and that's how I've seen the evolution of the cloud. Because you don't need agents in the cloud to do the things that you used to have to do on-premise."
β‘The power of the cloud lies in the information it brings. According to Morey, one of the most significant advantages of the cloud is its ability to bring a ton of information to the user and allow them to access it at any time. However, it has its disadvantages as well. "What the power of the cloud has brought to me is that information, regardless of my job, my role, my location, my vacation, etc. I would never have thought that the cloud could bring so many different types of information together to you in a mobile fashion. And I think the key to protecting all that information is to make sure it's accurate. Fake news has been one of the biggest challenges of the cloud."
##
Episode Highlights
The Cloud Has Brought More Security
"Why would you put your data in someone else's data center that potentially could leak to a hacker that knows how to breach your environment? That lasted for a little while, and then we realized it's safe enough to do that. Then we started storing PII, etc. And in the privileged world, why would you store your passwords in the cloud? If that got leaked, it would be game over. But we've got the security good enough, so it's not a concern to do things like that. As the cloud has matured, the security of the cloud has matured. People are willing to put more PII and sensitive information there and operate their businesses."
Morey Haber: One Baseball Cap, Two Essential Roles
"It's a baseball cap. One direction on the CSO is that I'm overseeing internal resources and cloud resources. Flip my baseball cap around, and I'm the vendor. I use my own products. We use every product we make internally. But I am still a CSO, and I have the same challenges with patching, vulnerability management, ransomware and digital transformation and cyber insurance that everybody else does.
So, I try very hard to make sure that people know which hat I'm wearing. And when I am excluded from going to a conference or something because I'm a vendor, I let them know that they're not going to hear me talk about my products. I'm just trying to solve the same problems, and that doesn't always come across the way I would hope. [...] As a vendor, I have to protect what I'm selling. Let me wear my CSO hat, and I promise that I will not talk about my products unless someone specifically asks me to."
The Transition from the Pre-Cloud World
"What most resonate today are the two primary attack vectors β vulnerability and exploits and privileged accounts. It doesn't matter where the software is running; you still have to be able to identify a mistake, flaw, or vulnerability, if it is exploitable, and how you are going to correct it. Secondly, any type of privileges that can allow authentication β how are those being managed, governed, and monitored are the biggest disciplines. On the other hand, the one that I wish would go away is patch management. Vendors that have solutions where you have to use third parties to deploy patches drive me nuts. Every solution that's out there, either cloud or on-premise, should be able to auto-update itself. [...] Almost all infiltration happens because an account was compromised or something wasn't patched. Why can't vendors just patch themselves?"
The Cloud Does Bring Information. But Google Tree Octopus and John Titor
"Fake news has been one of the biggest challenges of the cloud. [...] I use two examples. One is the Tree Octopus. If you've never heard of it, google it. Google John Titor. It is a rat hole. You will go on for endless hours. That's where the cloud becomes a problem. [...] It's lore. There's no better way to state it. But if anybody wants to go down a rat hole, just google it, and you'll understand. That's the negative side of the cloud β conspiracy theories, problems, and bad information that shouldn't be there in the first place.
Unfortunately, it's just a part of the day and age that we live in, where a single statement can become fact and is supported by the internet with all that data in the cloud. You have to trust yourself to state whether that's true or not."
A Piece of Advice: Listen and Shut Up
"Listen, or just shut up. You're in a conversation to process information and formulate an opinion, but your opinion right up front is not necessarily the right answer. It is so important to be able to not talk but listen and not respond, just so you can respond.
Your voice is very important in a security aspect, but your answers have got to be reliable. They've got to be accurate. They've got to be to the point. [...] Try to speak about once every 15 to 20 minutes in a large room setting because people are more apt to listen to you when you talk less frequently with concise answers and affirm opinions."
Words of Wisdom for Future Authors
"If you have all of these ideas built in your head, start with a basic outline, something that you learned in high school. Take an outline and start writing it out. Take each bullet and break it out even further. Then start writing sentences for each bullet. Sooner or later, you're going to have 30, 40, 50, 100 pages, and you've written a book. Break it down into manageable chunks, and I think anybody could be an author."
View all episodes
By Orca Security
5
88 ratings
Episode Summary
The cloud is the future for a reason. Besides its massive impact on security and more convenient file storage options, the cloud has fostered the creation of an environment where you can have all the information in the palm of your hand. And speaking of the cloud and technology, the best is yet to come.
However, its ability to deliver tons of information to users worldwide is a double-edged sword. The cloud has a blend of both true and false information, which makes you doubt the credibility of any source you read, whether it's Wikipedia or a random webpage.
In the new episode of Cloud Security Reinvented, Andy Ellis chats with Morey Haber, the Chief Security Officer at BeyondTrust. They get into the significance of the cloud compared to on-premise solutions, the most significant tech opportunities in the future, and the security loopholes that should have been eliminated a long time ago.
##
Guest-at-a-Glance
π‘ Name: Morey Haber
π‘ What he does: Morey is the Chief Security Officer at BeyondTrust.
π‘ Company: BeyondTrust
π‘ Noteworthy: Besides his role as a CSO, Morey is also a prolific writer. So far, he's published three books β Identity Attack Vectors, Privileged Attack Vectors, and Asset Attack Vectors.
π‘ Where to find Morey: LinkedIn
##
Key Insights
β‘ Reliability is the core of the business. For Morey, reliability represents one of the most significant aspects of how he does business. "My parents had a jewelry store in Brooklyn, New York, and its name was Haber's Reliable Jewelry. The word 'reliable' was in the name, and reliability is a personal trait that I hold dear today. I believe in being reliable all the way through. The fact that my career started as a reliability engineer, and I ended up as a CSO, I still hold that word very dear."
β‘ You don't need agents to do things in the cloud. Morey believes that the cloud is superior to on-premise solutions in many ways, which is why he prefers it when doing his business. "I did not want traditional scanning technologies and agent technologies to do it. I wanted a modern approach to getting there, and that's how I've seen the evolution of the cloud. Because you don't need agents in the cloud to do the things that you used to have to do on-premise."
β‘The power of the cloud lies in the information it brings. According to Morey, one of the most significant advantages of the cloud is its ability to bring a ton of information to the user and allow them to access it at any time. However, it has its disadvantages as well. "What the power of the cloud has brought to me is that information, regardless of my job, my role, my location, my vacation, etc. I would never have thought that the cloud could bring so many different types of information together to you in a mobile fashion. And I think the key to protecting all that information is to make sure it's accurate. Fake news has been one of the biggest challenges of the cloud."
##
Episode Highlights
The Cloud Has Brought More Security
"Why would you put your data in someone else's data center that potentially could leak to a hacker that knows how to breach your environment? That lasted for a little while, and then we realized it's safe enough to do that. Then we started storing PII, etc. And in the privileged world, why would you store your passwords in the cloud? If that got leaked, it would be game over. But we've got the security good enough, so it's not a concern to do things like that. As the cloud has matured, the security of the cloud has matured. People are willing to put more PII and sensitive information there and operate their businesses."
Morey Haber: One Baseball Cap, Two Essential Roles
"It's a baseball cap. One direction on the CSO is that I'm overseeing internal resources and cloud resources. Flip my baseball cap around, and I'm the vendor. I use my own products. We use every product we make internally. But I am still a CSO, and I have the same challenges with patching, vulnerability management, ransomware and digital transformation and cyber insurance that everybody else does.
So, I try very hard to make sure that people know which hat I'm wearing. And when I am excluded from going to a conference or something because I'm a vendor, I let them know that they're not going to hear me talk about my products. I'm just trying to solve the same problems, and that doesn't always come across the way I would hope. [...] As a vendor, I have to protect what I'm selling. Let me wear my CSO hat, and I promise that I will not talk about my products unless someone specifically asks me to."
The Transition from the Pre-Cloud World
"What most resonate today are the two primary attack vectors β vulnerability and exploits and privileged accounts. It doesn't matter where the software is running; you still have to be able to identify a mistake, flaw, or vulnerability, if it is exploitable, and how you are going to correct it. Secondly, any type of privileges that can allow authentication β how are those being managed, governed, and monitored are the biggest disciplines. On the other hand, the one that I wish would go away is patch management. Vendors that have solutions where you have to use third parties to deploy patches drive me nuts. Every solution that's out there, either cloud or on-premise, should be able to auto-update itself. [...] Almost all infiltration happens because an account was compromised or something wasn't patched. Why can't vendors just patch themselves?"
The Cloud Does Bring Information. But Google Tree Octopus and John Titor
"Fake news has been one of the biggest challenges of the cloud. [...] I use two examples. One is the Tree Octopus. If you've never heard of it, google it. Google John Titor. It is a rat hole. You will go on for endless hours. That's where the cloud becomes a problem. [...] It's lore. There's no better way to state it. But if anybody wants to go down a rat hole, just google it, and you'll understand. That's the negative side of the cloud β conspiracy theories, problems, and bad information that shouldn't be there in the first place.
Unfortunately, it's just a part of the day and age that we live in, where a single statement can become fact and is supported by the internet with all that data in the cloud. You have to trust yourself to state whether that's true or not."
A Piece of Advice: Listen and Shut Up
"Listen, or just shut up. You're in a conversation to process information and formulate an opinion, but your opinion right up front is not necessarily the right answer. It is so important to be able to not talk but listen and not respond, just so you can respond.
Your voice is very important in a security aspect, but your answers have got to be reliable. They've got to be accurate. They've got to be to the point. [...] Try to speak about once every 15 to 20 minutes in a large room setting because people are more apt to listen to you when you talk less frequently with concise answers and affirm opinions."
Words of Wisdom for Future Authors
"If you have all of these ideas built in your head, start with a basic outline, something that you learned in high school. Take an outline and start writing it out. Take each bullet and break it out even further. Then start writing sentences for each bullet. Sooner or later, you're going to have 30, 40, 50, 100 pages, and you've written a book. Break it down into manageable chunks, and I think anybody could be an author."