OwlTail

Cover image of Masha Sedova

Masha Sedova

12 Podcast Episodes

Latest 11 Sep 2021 | Updated Daily

Weekly hand curated podcast episodes for learning

Episode artwork

Ransomware Risks and “Responding Gracefully” with Masha Sedova

RIMScast

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin is joined by Masha Sedova, the Co-Founder and President of Elevate Security; the leader in human attack surface management. Recently, the risk and RIMS community have been seeing an influx of high-profile ransomware attacks in the news, from the Colonial pipeline to the world’s largest meat supplier. The fallout, disruption to operations, and the costs involved in addressing these attacks are enormous. Luckily for RIMScast listeners, Masha addresses these concerns and shares how risk professionals can actually learn from these attacks and take steps to better protect their organizations. She also discusses the various attacks currently making headlines as well as a variety of other topics on the themes of ransomware and business interruption. Key Takeaways: [:01] About RIMS’s Global Membership. [:26] About today’s episode with Masha Sedova. [:38] Upcoming RIMS Virtual Workshops and Workshops! [1:44] More about today’s episode with Masha Sedova. [2:06] Justin welcomes Masha to RIMScast! [2:21] Masha shares why and how she originally began a career in cybersecurity. [3:50] Is Masha finding that risk professionals and risk managers are adapting more easily to the ever-evolving cyber risk landscape? [5:14] Masha shares her insights on the current high-profile ransomware attacks that are currently in the news. [7:50] What role the human element plays in the overall idea of cybersecurity risk. [9:24] How Masha defines human risk. [11:28] How an organization can measure and quantify human risk. [14:09] Masha’s advice for mitigating human risk and how your organization can implement employee security controls. [16:11] Upcoming RIMS workshops, Spencer’s Risk Manager on Campus Program, and more! [18:33] The current state of measuring and understanding employee risk in organizations today and what the best-in-class companies are doing right now in relation to this. [22:00] Why falling victim to a ransomware attack is often inevitable (and what we can do as risk professionals to respond gracefully). [23:47] Why are frontline workers more susceptible to phishing? [26:13] Are there acceptable levels of human risk? How do you gauge that? [29:56] What elements of human risk should insurance companies start considering in their policies and coverage as it relates to ransomware? [36:09] Justin thanks Masha Sedova for joining RIMScast and shares some of the links to look out for in this episode’s show notes. Mentioned in this Episode: RIMS Events, Webinars, and Services: Did you attend RIMS Live 2021? Sessions are accessible through June 30th, 2021. Log in with your badge number: RIMS LIVE 2021 If you did not attend RIMS Live 2021 but want to access on-demand content, purchase the “Post Event Virtual Pass” for $499 to access the sessions, keynotes, and marketplace until June 30th. Visit: RIMS.org/RIMS2021 Registration for the VIRTUAL Spencer & Gallagher Golf Tournament is now open! Visit SpencerEd.org for more information and to register through August 15th, 2021 (You choose the golf course and team all while continuing to support the Spencer Educational Foundation!) Spencer’s Risk Manager on Campus Program — Volunteer Today! Upcoming Webinars: July 15th, 2021 | “10 Essential Steps to Streamline Vendor Risk Assessments” | Sponsored by OneTrust July 26, 2021 | RIMS and the RIMS Rocky Mountain Chapter Present: “A Discussion of Lloyd’s of London’s ESG Report 2020” — Open Exclusively to RIMS Members! July 29, 2021 | How Better Data Is Transforming Risk Management & The Commercial Property Insurance Industry | Sponsored by Archipelago Upcoming RIMS-CRMP Exam Prep Virtual Workshops (July & August 2021) — Gain an edge with the RIMS-CRMP; the only internationally accredited risk management certification! Mentioned in this Episode: Elevate Security Professional Report: “Elevating Human Attack Surface Management” RIMS Diversity, Equity & Inclusion Council RIMS Virtual Workshops: Claims Management — Register now for July 15‒16th, Aug. 23‒24th, or Nov. 8‒9th RIMS Risk Appetite Management Virtual Workshop — July 21‒22nd Save 15% off July and August Workshops! Use discount code LEARNRISK15 — Offer ends July 9th, 2021 (See the offer details below!) RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops Upcoming RIMS Webinars On-Demand Webinars RIMS Advisory Services — Ask a Peer Related RIMScast Episodes: “Cyber Breach Responses with Kate Fazzini, Flore Albo CEO” “The World of Cybersecurity with NCSA’s Kelvin Coleman” “Cybersecurity Frameworks with NIST Fellow, Ron Ross” “Cyber Risk News & Trends with Tony Anscombe” “Cyberrisk News & Trends with Tony Anscombe, Part 2” “Cybersecurity in a COVID-19 World with Luke Wilson” “Cybersecurity Tips for Small Businesses with Daniel Eliot” “Cybersecurity with Christopher Loeber” “The State of Cybersecurity and 5G Technology with Jason Ruger, Ruby Zefo, and Chris Novak” Download any episode of RIMScast. RIMS Publications, Content, and Links: Risk Management Magazine Risk Management Monitor RIMS Coronavirus Information Center RIMS Risk Leaders Series — New episode with Cheryl Lloyd now available! RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New Interview featuring former RIMS Vice President Steve Pottle Spencer Educational Foundation Elevate Security Want to Learn More? Keep up with the podcast on RIMS.org and listen on iTunes. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook and Twitter, and LinkedIn. Follow up with Our Guest: Masha Sedova’s LinkedIn

39mins

29 Jun 2021

Episode artwork

2020-019-Masha Sedova, customized training, phishing, ransomware, and privacy implications

Brakeing Down Security Podcast

Masha Sedova - Founder, Elevate Security Topic ideas from the PR company: Inability to measure human security behaviors leads to increased risk in our computing environments. For too long, we’ve accepted training completion and mock phishing data as a sufficient way to measure this risk. But where do the vulnerabilities and strengths truly lie?  The secret is, security teams have installed tons of security tooling that can give insights into how our employees are behaving. But we just leave this data on the cutting room floor. Masha Sedova can talk about where to find this goldmine of data and what security teams can do to leverage this new found knowledge.  Technology like vuln scanners or something more? Study after study shows that the reason why people don’t do things is not always because they don’t understand, it’s because they are not motivated. Motivating employees to change their cybersecurity behavior can seem like an overwhelming task but there are simple behavioral science techniques cybersecurity professionals can leverage to motivate employees to do the right thing. Masha Sedova will discuss the power of integrating elements of behavioral science into security in order to influence positive behavior.  Motivation Theory (deming): https://en.wikipedia.org/wiki/W._Edwards_Deming#Key_principles X&Y  https://en.wikipedia.org/wiki/Theory_X_and_Theory_Y Ouchi Z theory https://en.wikipedia.org/wiki/Theory_Z_of_Ouchi http://www.yourarticlelibrary.com/motivation/motivation-theories-top-8-theories-of-motivation-explained/35377 Masha’s suggested topics:  Why do security teams have difficulty in understanding their human risk today? What are the blockers?  What should security teams be measuring to get a holistic view of human risk?  What's the difference between security culture, security behavior change, and security awareness?  Is security culture a core capability in security defense? Why or why not?   Quantifying risk… Is investing in human training a waste of time? Phishing - mock phish or real phishing Pull data to see who is clicking on links Send an ‘intervention’ Gotta move away from training The ‘security team’ will save them… https://www.ncsc.gov.uk/guidance/phishing Books: https://www.amazon.com/Nudge-Improving-Decisions-Health-Happiness/dp/014311526X https://www.amazon.com/Drive-Surprising-Truth-About-Motivates/dp/1594484805/ref=sr_1_1?crid=2QQ59YRRU89YX&dchild=1&keywords=drive+daniel+pink&qid=1588733551&s=books&sprefix=drive%2Cstripbooks%2C240&sr=1-1 Reality broken: https://www.amazon.com/Reality-Broken-Games-Better-Change/dp/0143120611 People centric security: https://www.amazon.com/People-Centric-Security-Transforming-Enterprise-Culture/dp/0071846778/ref=sr_1_1?dchild=1&keywords=people+centric+security&qid=1588733580&s=books&sr=1-1 Deep thought: a Cybersecurity novela: https://www.ideas42.org/blog/project/human-behavior-cybersecurity/deep-thought-a-cybersecurity-story/ https://elevatesecurity.com/ @modmasha Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

39mins

20 May 2020

Similar People

Episode artwork

2020-018- Masha Sedova, bespoke security training, useful metrics to tailor training

Brakeing Down Security Podcast

Masha Sedova - Founder, Elevate Security Inability to measure human security behaviors leads to increased risk in our computing environments. For too long, we’ve accepted training completion and mock phishing data as a sufficient way to measure this risk. But where do the vulnerabilities and strengths truly lie?  The secret is, security teams have installed tons of security tooling that can give insights into how our employees are behaving. But we just leave this data on the cutting room floor. Masha Sedova can talk about where to find this goldmine of data and what security teams can do to leverage this new found knowledge.  Study after study shows that the reason why people don’t do things is not always because they don’t understand, it’s because they are not motivated. Motivating employees to change their cybersecurity behavior can seem like an overwhelming task but there are simple behavioral science techniques cybersecurity professionals can leverage to motivate employees to do the right thing. Masha Sedova will discuss the power of integrating elements of behavioral science into security in order to influence positive behavior.  Motivation Theory (deming): https://en.wikipedia.org/wiki/W._Edwards_Deming#Key_principles X&Y: https://en.wikipedia.org/wiki/Theory_X_and_Theory_Y Ouchi Z theory https://en.wikipedia.org/wiki/Theory_Z_of_Ouchi http://www.yourarticlelibrary.com/motivation/motivation-theories-top-8-theories-of-motivation-explained/35377 Why do security teams have difficulty in understanding their human risk today? What are the blockers?  What should security teams be measuring to get a holistic view of human risk?  What's the difference between security culture, security behavior change, and security awareness?  Is security culture a core capability in security defense? Why or why not?   Quantifying risk… Is investing in human training a waste of time? Phishing - mock phish or real phishing Pull data to see who is clicking on links Send an ‘intervention’ Gotta move away from training The ‘security team’ will save them… https://www.ncsc.gov.uk/guidance/phishing Books: https://www.amazon.com/Nudge-Improving-Decisions-Health-Happiness/dp/014311526X https://www.amazon.com/Drive-Surprising-Truth-About-Motivates/dp/1594484805/ref=sr_1_1?crid=2QQ59YRRU89YX&dchild=1&keywords=drive+daniel+pink&qid=1588733551&s=books&sprefix=drive%2Cstripbooks%2C240&sr=1-1 Reality broken: https://www.amazon.com/Reality-Broken-Games-Better-Change/dp/0143120611 People centric security: https://www.amazon.com/People-Centric-Security-Transforming-Enterprise-Culture/dp/0071846778/ref=sr_1_1?dchild=1&keywords=people+centric+security&qid=1588733580&s=books&sr=1-1 Deep thought: a Cybersecurity novela: https://www.ideas42.org/blog/project/human-behavior-cybersecurity/deep-thought-a-cybersecurity-story/ https://elevatesecurity.com/ @modmasha Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

44mins

13 May 2020

Episode artwork

5: People Powered Security with Masha Sedova

Security Stories

In this episode we meet Masha Sedova, co-founder of Elevate Security, a company which uses data and behavioral analytics to help organizations build a strong security culture.  Masha was recently announced as finalist for the 2020 Innovation Sandbox Award at RSA, which tells you something about how unique and interesting her solution is.  We also chat about certain challenges that she faced setting her company up, and also what it's like to be a female entrepreneur setting up a business in the cybersecurity industry...let's just say Hazel nearly fell off her chair when Masha told her what happened during one particular investor meeting!Also in this episode, Ben talks about the resurgence of digital extortion scams, what they tend to include, and what to do about them.And finally for our "On this Day" feature we’re only going back 3 years this time, but it’s a biggie.  It’s been three years WannaCry, so we revisit the timeline of the attack, how it all unfolded, and the significance the WannaCry attack still has today.Links to further resources mentioned in the episode: Digital extortion scams: https://blogs.cisco.com/security/your-money-or-your-life-digital-extortion-scamsTalos ransomware discussion: https://blog.talosintelligence.com/2019/07/ransomware-extortion-roundtable-government-payments.htmlRegistration for Cisco Live June 2-3 https://www.ciscolive.com

1hr 7mins

10 May 2020

Most Popular

Episode artwork

Masha Sedova - Hacker's Mind

The Gamification Quest

Hacker’s Mind by Elevate Security gamifies the security training process resulting in employees who understand their importance in securing your organization. Turn every employee into a security superhero, and equip the organization to succeed against today’s people-centered risk.  About Masha Sedova:  Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the Co-Founder of Elevate Security, delivering the first people-centric security platform that leverages behavioral-science to transform employees into security super-humans. Before Elevate Security, Sedova was a Security Executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Sedova has been a member of the board of directors for the National Cyber Security Alliance and a regular presenter at conferences such as Black Hat, RSA, ISSA, Enigma and SANS. LinkedIN: https://www.linkedin.com/company/elevate-security Twitter: @hello_elevate  The Gamification Quest Podcast Host is Monica Cornetti, President of Sententia, Inc. (www.SententiaGamification.com) and GameMaster of GamiCon - The Annual International Conference for the Gamification of Learning (www.GamiCon.us). Connect with Monica on LinkedIn.

35mins

27 Apr 2020

Episode artwork

Behavioral Science and Security Awareness Training | Masha Sedova

Tech & Main Presents

In today's episode, we will be talking with our good friend, Masha Sedova. Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the Co-Founder of Elevate Security, delivering the first people-centric security platform that leverages behavioral-science to transform employees into security super-humans. Before Elevate Security, Sedova was a Security Executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Sedova has been a member of the board of directors for the National Cyber Security Alliance and a regular presenter at conferences such as Black Hat, RSA, ISSA, Enigma and SANS.  Listen in and get a deep understanding of the way social proof and behavioral science influence security awareness training.Masha suggested the following people to be aware of: Regina Spekter (http://www.reginaspektor.com/) and Kelly Shortridge (https://twitter.com/swagitda_?s=20). You can connect with Masha in the following ways: LinkedIn: https://www.linkedin.com/in/msedova/ and Twitter: https://twitter.com/ModMasha.At Tech & Main, we want to be YOUR technology partner.  Let our 20+ years of expertise help you achieve the outcomes that are best for your business: cloud, SD-WAN, data center, security or anything else.  We have engineers and project managers available to assist you. Call our office at 678-575-8515, email us at info@techandmain.com or visit us at www.techandmain.com.  Thanks for listening!--- Send in a voice message: https://anchor.fm/techandmain/message

19mins

17 Feb 2020

Episode artwork

Masha Sedova - From Generations of CS to Behavioral Science and Entrepreneurship

Getting Into Infosec

Masha Sedova comes from a history of computer scientists! Her grandmother was in the first Computer Science graduating class in 1954 under Stalin in the Soviet Union! She loves challenges and is now utilizing what she thought was a waste of time in Liberal Arts to conquer challenges in Information Security using behavioral science, emotional intelligence, and other human factors. BIO Masha Sedova is an industry-recognized people-security expert, speaker, and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security, delivering the first people-centric security platform that leverages behavioral-science to transform employees into security superhumans. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners, and customers. In addition, Masha has been a member of the Board of Directors for the National Cyber Security Alliance, and a regular presenter at conferences such as Black Hat, RSA, ISSA, Enigma, and SANS. Notes Grandmother was in the first Computer Science graduating class in 1954 under Stalin in the Soviet Union!! Her Grandma taught her dad and her dad taught her programming around the 6th grade. Had access to a computer only through the local University. Masha began her search into 3 disciplines Game Theory Positive Psychology Behavioral Science Leaderboards are better for only a small subset Quotes "You can't patch a human being." "We've taken a technology solution to a human problem, and I think that's totally wrong way of going about it." "Without the human interaction we would not have been able to get that alert." "Focus on failure as an eventual outcome." "I like picking hard challenges and very tall mountains to climb and computer science seemed like a tall mountain." "If you give people the correct amount of challenge, that is a state of happiness." "I found that leaderboards are effective for a small subset of people." "The reasons people don't do things is not because they don't know." Links 6:1 Positive Feedback Ratio for Performance: https://medium.com/@Praiseworthy/harvard-research-finds-employees-need-a-6-1-positive-feedback-ratio-to-perform-their-best-8f14160a8fbd Dr. Gottman: https://en.wikipedia.org/wiki/John_Gottman Reality is Broken by Jane McGonigal: https://www.amazon.com/Reality-Broken-Games-Better-Change/dp/0143120611 Flow by Mihaly Csikszentmihalyi: https://www.amazon.com/Flow-Psychology-Experience-Perennial-Classics/dp/0061339202/ BJ Fogg: https://www.bjfogg.com/ Opower Report: https://www.povertyactionlab.org/evaluation/opower-evaluating-impact-home-energy-reports-energy-conservation-united-states Predictably Irrational by Dan Ariely: https://www.amazon.com/Predictably-Irrational-Hidden-Forces-Decisions/dp/006135323X Intro Music (Cascadia by Trash80): https://trash80.com/#/content/133/weeklybeats-2012-week5 Outro Music (Quincas Moreira - Entire): https://www.youtube.com/watch?v=DoKpuXyIyVs Getting Into Infosec Twitter: https://twitter.com/coffeewithayman YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/ See omnystudio.com/listener for privacy information.

45mins

22 Mar 2019

Episode artwork

Masha Sedova Explains how Elevate Security’s game Hacker’s Mind Teaches Security

The New Stack Podcast

Joining TC Currie for this episode of The New Stack Makers is Masha Sedova, co-founder and CPO of Elevate Security, one of this year’s winner of CloudNOW’s Top Women in Cloud Innovation award, and creator of the game Hacker’s Mind.“It doesn’t matter what people know, it matters what they do,” said Sedova. "We’ve done a good job of telling people that they need to be concerned about security, but we haven’t told them what they need to do about it."  So engineers across tech are uncomfortably numb.  They’re concerned, she said, but un-empowered.After seeing really boring (and totally ineffective) security training, she and co-founder Robert Fly decided to focus on what they call people-powered security.  With the explosion  CI/CD pipelines, so much automation is taking place in the areas of QA and testing but security remains one of the last holdouts for integration into the pipeline.

27mins

25 Feb 2019

Episode artwork

Masha Sedova, Elevate Security - Business Security Weekly #88

Business Security Weekly (Video)

Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first human-centric security platform that leverages behavioral-science to transform employees into security superhumans. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode88 Visit http://securityweekly.com/category/sswfor all the latest episodes!

36mins

12 Jun 2018

Episode artwork

Ep. #16, Security Training with Elevate’s Masha Sedova

The Secure Developer

In episode 16 of The Secure Developer, Guy is joined by Masha Sedova, co-founder of Elevate Security, to discuss how training for employees (even developers) can help companies stay one step ahead of the pack when it comes to preventing a breach.The post Ep. #16, Security Training with Elevate’s Masha Sedova appeared first on Heavybit.

36mins

15 May 2018

Loading