honest.security
This guide was written (with a lot of help) by Jason Meller.
Jason is the Co-Founder and CEO of Kolide a startup that helps organizations implement the principles found in this guide through a beautifully designed Slack app.
Jason began his professional security career in 2010 when he started as a Cyber Threat Analyst defending General Electric’s networks from persistent nation-state sponsored actors.
After GE, Jason has worked at Mandiant, Threat Stack, FireEye, and now Kolide where he has dedicated career to building and shipping products that help security and IT practitioners.
Jason codes in Ruby, and builds all his web apps and products in Rails.
Jason lives in Cambridge, Massachusetts with his wife Amy, his daughter Lucy, and his tuxedo cat, Belly.
While I believe that the precise configuration of ideas and philosophies presented in this guide are novel to the majority of readers, they certainly are not original. Honest Security would not be possible without people generously sharing their techniques and ideas. I specifically want to call out the following people who have contributed significantly to the ideas embodied in the Honest Security guide.
Jesse Kriss’ work promoting Netflix’s User Focused Security (UFS) approach was the single biggest influence on my work at Kolide. Our discussions over the years about user respecting security tools have informed this document. Jesse and the rest of the UFS team had the vision to open source the tools they use to implement UFS internally at Netflix.
Jesse and the team continue innovating in this space. Netflix now has a dedicated User Focused Security Engineering team, led by Nicole Grinstead. Jesse and Christina Camilleri also recently gave a talk at QCon on User Adaptive Security which discusses the adaptations of their existing methodology to some of the new constraints thrust upon us by COVID-19.
I also want to thank Jeremy Daer who works on the Security, Infrastructure, Performance team at Basecamp. Jeremy created a tool at Basecamp called Shipshape that embodies many of the values presented in the guide. In late 2018, when I was looking for people who would share their experiences deploying security strategies that aligned with their company’s value system, Jeremy spent hours on the phone walking me through Basecamp’s approach. I cannot thank him enough for that time.
While Geoff was the CISO of Slack, his work leveraging Slack to do distributed security alerting heavily inspired Kolide’s focus on chat-based interactions to help foster the relationship between end-users and the security team.
A big thank you to Wailin Wong, one of the hosts of the Re:Work podcast for allowing me to discuss our approach at Kolide and the merits of user focused security.
A massive thank you to Ron Eddings and Chris Cochran from the Hacker Valley Studio podcast for allowing me to talk about and promote this guide on their show.
Last but not least, thank you to the hundreds of Kolide customers for embracing our vision of Honest Security and providing so much of the feedback that elevated this guide beyond an academic musing.