Open Source Spotlight: Jason Meller of Kolide

With OpenSec 2017 less than a three weeks away, we are catching up with a few of this year’s panelists to hear the breadth of opinions surrounding the current state of open source cybersecurity, and where it is heading.

image-asset-1.jpeg

This week we spoke to Jason Meller, Co-founder and CEO at Kolide. At Kolide, Jason and his team are harnessing the power of Osquery to solve cyber security issues using accurate, timely, and queryable data. Prior to founding Kolide, Jason started as a member of GE’s elite computer incident response team, before moving to the Mandiant corporation and FireEye following Mandiant’s acquisition.

To hear more from Jason and other leaders in the open source community, sign up for OpenSec2017! on May 15th.

How are you related to Osquery and what do you think is so powerful about it?

My co-founder Mark Arpaia created Osquery while he was at Facebook. I started Kolide because I am a fan of Osquery. It just so happened that we were able to recruit him on the team. From my perspective, Osquery is just really exciting. It’s the first open source solution that really resonates with people who want to pull accurate and timely data from their endpoints. I think the fact that it is open source, and that there is so much community support behind it is exciting for many reasons. The first is that the existing proprietary software vendors have their own agents, which are these closed source, black box things. The future of host instrumentation is going to become a commodity. There are finite things you can pull from a host that are going to be interesting. Eventually, someone will produce and agent that will pull all of those things as performantly as possible. I think that solution will be an open source one. I think Osquery is in the best position to do that. As far as building a business, we believe that this thing is going to be a commodity, so the value is in what we do with that data, what insight and value are we driving from the data that Osquery collects. That’s what Kolide is all about – making a big bet on Osquery. We really want to grow that community. We think it is an awesome piece of technology, and that the future of the business isn’t necessarily the collection of the data, but what value can you get from it, which provides insight and lets you make competent security decision, DevOps decisions – or any decision where you need accurate and timely data from the host.

Why do you think Osquery is so popular on GitHub?

We kind of talk about the number of stars it has in relation to other security projects, but I think at the end of the day it’s because it’s so useful that it actually transcends the very narrow use case of cybersecurity. It basically allows you to ask any question you can conceive of the to endpoint and get an accurate answer as quickly as possible. The raw utility of that goes far beyond security. Getting good, accurate information as quickly as possible is an amazing capability to have to solve security problems, but it also solves a lot of other problems. One thing that I was really surprised about when we started Kolide was the number of people that cared about the security aspect, but they also use Kolide to get basic data from what’s going on on the Macs that their employees use: the configuration, is the firewall enabled, is it running these rules etc. These are very basic things that are hard to collect, because no one is really focusing on Mac and Linux from an agent perspective. Osquery treats those as first class citizens.

What will people learn by attending your talk at OpenSec?

I’m going to be talking a lot about Osquery itself. We’re not going to make this a commercial pitch for the product. We want people to get excited about Osquery. If you have never used Osquery before, and want to figure out what it is all about, how to install it, and ways that it can solve some problems out of the box you should attend the talk. We are going to walk you through every important facet of Osquery, and give you the materials you need to consider it seriously for your own use cases at your organization. If you are looking for a nice primer for dealing with Osquery this is the talk to you want to attend. You will get a lot of perspective. We know a lot of the sharp edges, and things to avoid that the documentation doesn’t necessarily state explicitly. It should be a fun talk for people who are psyched about Osquery, but also using open source solutions to deal with security issues surrounding endpoints at small or large organizations.

Want to hear more about OSQuery? Hear Jason and other Opensource security experts talk at OpenSec2017!

Open Source Spotlight: Brian Carrier of Basis Technology

With OpenSec 2017 less than a month away, we are catching up with a few of this year’s panelists to hear the breadth of opinions surrounding the current state of open source cybersecurity and where it is heading.

Brian Carrier of Basis Technology

Brian Carrier of Basis Technology

This week we spoke to Brian Carrier, VP of Digital Forensics at Basis Technology in Cambridge, MA. In this role, Brian builds incident response software, open source software, and custom software to enhance digital investigations, having largely developed open source projects The Sleuth Kit, Autopsy 1 and 2, mac-robber, and TCTUTILs. Additionally, Brian chairs the annual Open Source Digital Forensics Conference (OSDFCon), which examines the latest open source tools and techniques.

To hear more from Brian and other leaders in the open source community, sign up for OpenSec 2017 on May 15th.

How did you start in Cybersecurity? What initially pulled you in?

I was an intern in the mid-90's when the company got their first internet connection. I got involved with setting up their Linux-based firewall. I then got interested in forensics when the first open source tools started to be released in 2000ish (The Coroner's Toolkit) and started to expand on them because I wanted to learn more. I was working at @stake at the time and we needed incident response tools for our work, so we built them and released them out as open source. I've been maintaining and involved with The Sleuth Kit and Autopsy ever since.

What are some products or solution spaces you're watching and exciting to see grow?

I focus a lot of my time on easy to use products that help companies do their own basic incident response and forensics. The basic idea being that as companies get more security maturity, they need to be able to respond to incidents, but most won't have forensics experts on staff.

Many companies will respond to a SIEM alert by looking at antivirus logs. If the antivirus is happy, then they are happy and that is all they can do. We want to enable companies to go a bit deeper and help them analyze additional data, which is why we've been building our Cyber Triage product.

I think this is a growing space because more companies need to do basic investigations, but don't have the skills or resources to do it.

What do you think makes open source different?

I like open source because it allows for a community to be built around the software. We organize an annual Open Source Digital Forensics (OSDFCon) conference each year (http://www.osdfcon.org) that attracts over 400 people and it’s great to see the developers and users all get together. They are both passionate about the software and what it can do.

From a digital forensics perspective, there is also the benefit of the software being reviewable when entering digital evidence into a court trial. Anyone can verify how it works and you do not need to rely on a software vendor to testify.

Interested in hearing more from Brian? See him talk at OpenSec 2017!

Wells Fargo CyberSecurity Event Recap

Last Wednesday, 2/1, HackSecure hosted a CyberSecurity panel at Wells Fargo (Thanks to WF for sponsoring!) in Boston. The panel included Tim Byrd, SVP at Wells Fargo, Clement Cazalot, VP of Tech at Intralinks and John McAleer, Senior Manager of IT Security at AthenaHealth. The conversation bounced between how their respective companies look at working with young security startups, what they see as the biggest risk threats for their teams moving forward and what they have on their security roadmaps for 2017. Certainly a fruitful conversation for those able to attend and plenty of advice for young companies targeting enterprise customers. Again thanks to Wells Fargo for hosting and a thank you to every who showed up + stayed for drinks after.

Onward and Upward

I was advised by many in venture that I wouldn’t last 5 months in venture; I was too impatient, too controlling, too much. Well 5 years later they get to be right, well kind of….

I am stepping down as a General Partner of Accomplice and will not be a GP in Accomplice’s next fund.

Hack Reduce and Hack Secure have proven to be incredibly valuable vehicles to achieve my goal of developing the next generation of great data science and cybersecurity entrepreneurs. Over the past 5 years we’ve built a community of over 7,000 members, having hosted hundreds of events, which led to the funding of over a dozen companies. I’m excited to continue cultivating both ecosystems with the goal of starting many more cybersecurity and data science companies (If you're one of them, get in touch). This requires a tremendous amount of my time and focus.

I also plan on continuing to lead The St. Baldrick’s Foundation’s $100M Tech Fundraising Campaign to end childhood cancer. In the U.S., more children die of childhood cancer than any other disease and I am committed to working with the amazing team at The St. Baldrick’s Foundation to do something about that.

I will continue to represent Accomplice on my portfolio company boards and remain involved with Accomplice as a Senior Advisor. I will continue to work with my seed investments independently and will spend time identifying, investing in and developing entrepreneurs.

Accomplice has become the brand for early stage venture capital in Boston. We've made a ton of progress in our short time, and I'm honored and proud to be a co-founder during this spectacular climb to the top. Our successes give me the opportunity to dig into my personal mission to continue to make Boston great, by focusing on my entrepreneurs, both those I’ve invested in and others I will in the future.

I am very proud of my Atlas and Accomplice partners and my investments over the past five years. I have every expectation to contribute to the delivery of three excellent funds and will always support, enjoy and have an active interest in where Jeff and Ryan take Accomplice from the strong base we’ve built.

My five years in venture has given me the opportunity to spend more time with my family, and collaborate with some incredible entrepreneurs. For this I am incredibly grateful. I want to thank Jeff and Ryan for their friendship, partnership, and for giving me the opportunity to reinvent myself over the last five years as the anti-VC and now to re-invent myself yet again… Stay tuned!

Chris @LynchBigData

Tech Tackles Cancer Raises Over $500k to Support St.Baldrick's and Childhood Cancer Research [Photos and Video]

The Boston Tech community has stepped up big and is providing the leadership necessary to kick off our $100M campaign for Tech Tackles Cancer. Your generosity in support of finding a cure for kids cancer through support of St. Baldrick’s, we raised more than $500k, is legend. I want to tell you all how proud I am to know you and say thanks to each and every individual who helped make our 5th annual St. Baldrick’s event at The Landsdowne Pub, such great success and a rocking good time!

Once again, our event had over 500 people: shavees, volunteers, sponsors, Patriots, Celtics, start-up folks, raffle items galore, the great Savtones featuring Chris Cote (who crushed Yellowcard playing down the street). When all is said and done the total to St. Baldricks is over $505k with donations still coming in — we met and exceeded our ambitious goal!

Nationally, St. Baldrick’s is the single largest investor in pediatric cancer research next to the U.S. Government. Unfortunately, every 2 minutes a child is diagnosed with this terrible disease, and it kills more children in the U.S. than all other major diseases combined. Kids cancer is very different from adult cancers and hence requires specific research. Eighty percent of children with cancer have had it spread before being diagnosed and for those who survive 70% have shorter life spans marred with chronic health issues. In spite of these facts, only 4% of US Federal funding is solely focused on children’s cancer research. Further, 60% of adult cancer research funding comes from big pharmaceutical companies, with almost none for childhood cancer research because these drugs are not profitable. This is why we need St. Baldrick’s; 100% of their grant’s go to children’s cancer research, and not to one institution, but to the best and brightest researchers around the world-this is a different and winning strategy.

An event of this magnitude takes a lot of work behind the scenes, so I would like to give a special thanks to the committee responsible for organizing our St. Baldrick’s event. My first thanks is to Ben Hux, Volunteer Event Organizer, and Cort Johnson, Mayor of Tech Boston and hack/secure fame, who have stuck by me to make this happen. My goal is for this event is for it to be a Boston legacy we leave the next generation of entrepreneurs, serving to give us perspective, inspiration, strength, and unity.

Thanks also to Accomplice, Matt Burke, Cynthia Ferranzzani, Will Brierly, Lauren Wedell, Josh Terry, Josh Darling, Brittany Vogel, Boston Celtics Dancers, Patriots Cheerleaders, JLL, DLT, City National Bank, The Savtones, Galen Moore and Kyle Gross of BostInno, and Keith Cline of Venture Fizz for support of the event. Without these people and their assistance, this event would not have succeeded. Thanks to Em Vision films for producing the video to promote the event; and to photographer Winslow Martin and videographer Rosemary Jeneth for documenting the event. I also want to thank the Lyon’s Group, for hosting the event and all of the shavees, stylists, volunteers, and raffle items donors.

The generosity of Boston and the surrounding areas is incredible. I am very fortunate to have people like Mike Egan, Jit Saxena, Art Coviello and Jeff Fagnan in my corner. The sacrifice of the shavees alone is unbelievable. I thank them for their commitment to such a deserving cause.

The St. Baldrick’s Foundation is a volunteer-driven charity committed to funding the most promising research to find cures for childhood cancers and give survivors long and healthy lives. The St. Baldrick’s Foundation does this with the guiding principles of integrity, efficiency, transparency, a pioneering spirit and a sense of fun. It’s never too late to donate, I’ll keep the link live.