Have you ever wanted to chat with someone about web security, be it asking them about how they got into the field to what they feel is going to be the biggest threats in the future? Well, you're in luck. On Tuesday, March 12th at 11am MST, Security Intelligence Director Grayson Milbourne will be hosting an Ask Me Anything (AMA) on Reddit. This will be an open discussion hosted on the popular community allowing everyone to jump in and ask questions directly to Grayson. Want to know his favorite band? Come ask. Interested in his position on mobile security? He will answer. It will be a great opportunity for anyone to communicate directly with our Security Intelligence Director and get an amazing insight to the security industry.
We will post a link to update everyone on the location when the event starts.
Page 1 / 1
Community members, are you going to join?
I would love to, but not able to at this time. :( Will there be a transcript of the session available after the fact for those of us who are curious to read the Q's and A's?
David,
At the end of it, we will assemble all the questions and answers into a simple post and share it both in the Reddit thread and here.
At the end of it, we will assemble all the questions and answers into a simple post and share it both in the Reddit thread and here.
Who is Grayson Milbourne? no appropriate emoticom available]
Â
I thought everything I needed to know about internet security I could find right here in the WSA Community Forum? Âno appropriate emoticom available]
Â
Â
Â
I thought everything I needed to know about internet security I could find right here in the WSA Community Forum? Âno appropriate emoticom available]
Â
Â
Grayson Milbourne is Webroot's new Security Intelligence Director, having been promoted from being the head of threat research. In terms of his knowledge on security, it's like the universe and is ever-expanding. He recently spoke at the RSA conference on mobile security threats and their future (http://blog.webroot.com/2013/02/28/recap-from-rsa2013-android-malware-exposed/), and is seen as one of the utmost professionals in the industry on security threats.
As for him hosting the event on Reddit, the opportunity is there for general conversations about security and his profession, reaching an audience who might not want to join the Webroot Community to participate. With Reddit being one of the most active general communities in the world, it provides a great stage, just as RSA did, for Grayson to present.
As for him hosting the event on Reddit, the opportunity is there for general conversations about security and his profession, reaching an audience who might not want to join the Webroot Community to participate. With Reddit being one of the most active general communities in the world, it provides a great stage, just as RSA did, for Grayson to present.
Thanks, Richard! I probably should have known that! ;)
Â
Hopefully, Grayson will be an invaluable and prolific contributor in this forum. 😃
Â
Hopefully, Grayson will be an invaluable and prolific contributor in this forum. 😃
Can we have a link so that we can join?
Thanks,
Daniel
Thanks,
Daniel
Daniel -
The event link will be generated when the event starts tomorrow. We will have it up about 30 minutes before 11 to allow questions to populate a little.
To sign up for Reddit, head over to https://ssl.reddit.com/login
The event link will be generated when the event starts tomorrow. We will have it up about 30 minutes before 11 to allow questions to populate a little.
To sign up for Reddit, head over to https://ssl.reddit.com/login
Thank you Richard! ;)@ wrote:
Daniel -
The link will be generated when the event starts tomorrow. We will have it up about 30 minutes before 11 to allow questions to populate a little.
Daniel
For everyone wanting to join in, follow this link to see what is said and ask your own questions: http://redd.it/1a5kkl
Thank you to everyone who joined in the conversations. Here is the QA transcript.
Here is a full transcript of Grayson's time on Reddit. You can check the original thread out here: http://www.reddit.com/r/IAmA/comments/1a5kkl/iam_grayson_milbourne_security_intelligence/
Q: Would you rather fight a horse sized duck or 100 duck sized horses?
A: The horse sized duck can fly which puts me at a big disadvantage. I would rather take on 100 duck sized horses.Thank you for doing this AMA Grayson, I saw your talk on Android malware and really wanted to know how Webroot's approach is different than the other AV's out there?
What makes Webroot's approach unique is that we leverage what is seen by our endpoints to enhance our awareness. This ensures we see malware which in many cases is only active in the wild for a very short amount of time. Very frequently we track trojans which we see active in the wild for only a matter of hours or less. Malware authors have been very successful at infecting AV protected PC's using micro release cycles for their trojans - knowing that traditional security approaches require a collected sample before a detection signature can be released. Webroot's approach is unique because we leverage our users when collecting security intelligence data and in turn are able to protect our user-base immediately when a new infection is discovered.Grayson thank you for answering. Can you provide a bit more insight? I was an old SpySweeper customer and had WARN enabled, is Webroot's new approach derived from the WARN functionality? Also can you speak to how Webroot's approach is unique versus specific technology like Symantec's Insight and SONOR Global Intelligence Network and McAfee's Global Threat Intelligence/Artemis technology that both captures data from endpoints to stay ahead of threats?
WARN was a feedback system used in SpySweeper to provide detection information back to the Threat Research team. This is very different from our current technology. The key difference is that the new technology provides the work queue for the research team - we literally actively classify files seen by our users in real time - and all users are instantly protected when a new threat is discovered. Technologies like Insight and SONOR are similar however Webroot pioneered this approach 3 years ago and is one of the only cloud exclusive security products on the market today. What are the connections between security and (online) gaming? It seems like either I run anti-virus and my computer is slower, or I don't and I take a huge risk. Is there a way to optimize your system online without adding more risk?
Security is and should be a big deal for gamers. Many games have a financial component which is attractive for hackers. The problem is that traditional AV's have a bad reputation for impacting system performance, though this doesn't have to be the case. To get around this, some AV's offer a 'gamers mode' which is basically a setting to disable the AV's protection. Not really the best idea.Webroot SecureAnywhere is the smallest and fastest security product on the market which makes it a great choice for gamers. There is no need to disable its protection while you game as it has the smallest system impact of any security solution (]http://www.webroot.com/shared/pdf/Passmark_Endpoint_2013.pdf[1] ). It is also extremely effective at detecting trojans which are after game credentials because of how we leverage our crowd of users. Even if we were to miss a gaming trojan, the ID Shield functionality within SecureAnywhere prevents keygrabbing attempts by unknown processes.How do you respond to allegations that your European threat team exceeds the recommended attractiveness index for IT personnel?
These are clearly biased allegations! The US IT team sets the diamond standard for both attractiveness and charm.WSA was meant to be protecting my laptop. Yesterday I spilt hot coffee on it, now it doesn't work. To say I'm a little disappointed is an understatement.... :-(
The EULA clearly states WSA does not protect against liquid infections ?_?When looking to hire new employees is thier education or work experience more important?
When it comes to hiring someone as a Threat Researcher, experience is most valuable. Education is also very important as a solid understand of how computing and security works is key to being successful.Which mobile OS is the most vulnerable?
Android is the most vulnerable, though Google has released a number of security focused improvements in ICS and Jelly Bean. The problem is that better than 50% of Android devices are using version 2.3x or before which have many know exploits.The term vulnerable might also apply to data security - not malware. In this case, recent studies have shown iOS apps have a tendency to access more personal data than the same app on Android.Thanks for doing this. Love your company, love your product. I actually interviewed years ago to work at Webroot, things didn't work out but that's cool. From a sysadmin who learns something new everyday, what first brought you into Security and what are some great resources or books/websites that I could look into to expand my security knowledge.
When I first started at Webroot I did not know all that much about security - though I did understand that Internet security was a booming industry. It was really my own curiosity into malware and online threats which directed my career in security. As for resources I typically follow a number of security blogs and websites. I really like ]http://arstechnica.com/[1] and I enjoy reading security whitepapers.I have followed Steve Gibson and Brian Krebs a lot. Did you need any certifications for your current role?
I did not need any specific certifications for my current role - other than my experience in the industry. I've been fortunate that my work experience has provided me with a learning environment where over the past 8 years I've grown to be a security industry expert.Is there a way to change the primary Internet application from IE? I keep trying to renew my subscription and can't because Internet explorer just can't open the page.
There is definitely a way to change your default browser. Most often when you install another browser, it will provide an option to make that browser the default.If you are using Windows 7 or 8, just type Default Programs into the start menu and you can select the browser you wish to be the default there.Hello Grayson,
Can you please explain as the cloud has tens of terabytes of information how can the Client react so fast to a peace of detected malware? Also how much bandwidth does WSA use daily with 1 scheduled scan? And one more thing please explain how well a user is protected while offline?
TIA,
Daniel
The reason we are able to react so quickly is largely due to our unique cloud distributed architecture. It enables millions of endpoints around the globe to have access to all of Webroot's security intelligence data instantly. Webroot SecureAnywhere Endpoint uses about 250kb per day in bandwidth. When in offline mode, the agent records all actions taken by unknown process. When an Internet connection becomes available, unknown processes are checked against the cloud for classification. If an infection is detected, changes are rolled back to a pre-infection state.Does social engineering ever play a roll in what you do, if so, how so?
What's your professional take on Microsoft Security Essentials?
If you could recommend a school to study network security, what would it be?
Where do you predict the market will head in the future?
What's your response to recent news (okay not quite so recent but still) that all antivirus devs are having a hard time?
Social engineering is one of the most effective ways hackers gain access to protected systems and definitely plays a roll in what I do. I spend a good deal of time looking into these tactics and spreading education to protect users. Microsoft Security Essentials is not a good security solution and they recently failed to achieve any level of certification from AVtest.org. I'm not the best one to ask about network security schools. The future will bring more internet connected devices which will create a new landscape for security. Users need to be aware of what data IP ready devices are after and how this data is used. As for my response to recent news - read my reply to that article here http://blog.webroot.com/2013/01/07/novel-approach-to-malware-discovery-in-todays-threat-landscape/Grayson, how did you get started in security, and what advice could you give to potential computer security researchers out there?
Interesting story - I wanted to be a pilot since I was about 2 years old and was in school for aviation when 9/11 took place. This terrible event forever changed the aviation industry and lead me to consider other industries. I happened to know the founders of Webroot and started working here back in 2004. From that point forward I was very interested in Internet security and malware. Placing my focus on these areas lead me to my position today.Thank you for doing this AMA. My girlfriend is in a Masters program for Cyber Security and it offers a specialization in Intelligence and/or Computer Forensics. She was sure that she wanted to go the route of Intelligence, but now she is thinking that she should specialize in both. Soon she will be already one year into the program.
-What are your thoughts on which specialization holds more merit? -What would you recommend for her to do in order to make herself a more viable candidate for a job/career once she finishes her degree?
Thank you!
They both hold a lot of merit and I see both being very strong fields of the future. It really depends on what she finds most interesting - though knowing both fields results in a more rounded understanding of the security industry.Having experience and showing your own initiative is a great way to stick out in an interview. I'd suggest starting a security project and blogging about it.How do you respond to allegations that all of the reviews for your product are scammed?
For instance, threat researchers watching the keycodes of reviewers in real time and marking folders as good/bad depending on what needs to occur in order to pass the review?
Great question and to be honest, it’s a valid concern. A company would love to rig the reviews if they could, right? Thankfully, the great reviews of our SecureAnywhere product line from top industry reviewers are in line with the testimonials and ratings we see from actual customers on both Amazon.com and our post-purchase emails. See a full feed of our product reviews here: http://bit.ly/XoMDeR
Here is a full transcript of Grayson's time on Reddit. You can check the original thread out here: http://www.reddit.com/r/IAmA/comments/1a5kkl/iam_grayson_milbourne_security_intelligence/
Q: Would you rather fight a horse sized duck or 100 duck sized horses?
A: The horse sized duck can fly which puts me at a big disadvantage. I would rather take on 100 duck sized horses.Thank you for doing this AMA Grayson, I saw your talk on Android malware and really wanted to know how Webroot's approach is different than the other AV's out there?
What makes Webroot's approach unique is that we leverage what is seen by our endpoints to enhance our awareness. This ensures we see malware which in many cases is only active in the wild for a very short amount of time. Very frequently we track trojans which we see active in the wild for only a matter of hours or less. Malware authors have been very successful at infecting AV protected PC's using micro release cycles for their trojans - knowing that traditional security approaches require a collected sample before a detection signature can be released. Webroot's approach is unique because we leverage our users when collecting security intelligence data and in turn are able to protect our user-base immediately when a new infection is discovered.Grayson thank you for answering. Can you provide a bit more insight? I was an old SpySweeper customer and had WARN enabled, is Webroot's new approach derived from the WARN functionality? Also can you speak to how Webroot's approach is unique versus specific technology like Symantec's Insight and SONOR Global Intelligence Network and McAfee's Global Threat Intelligence/Artemis technology that both captures data from endpoints to stay ahead of threats?
WARN was a feedback system used in SpySweeper to provide detection information back to the Threat Research team. This is very different from our current technology. The key difference is that the new technology provides the work queue for the research team - we literally actively classify files seen by our users in real time - and all users are instantly protected when a new threat is discovered. Technologies like Insight and SONOR are similar however Webroot pioneered this approach 3 years ago and is one of the only cloud exclusive security products on the market today. What are the connections between security and (online) gaming? It seems like either I run anti-virus and my computer is slower, or I don't and I take a huge risk. Is there a way to optimize your system online without adding more risk?
Security is and should be a big deal for gamers. Many games have a financial component which is attractive for hackers. The problem is that traditional AV's have a bad reputation for impacting system performance, though this doesn't have to be the case. To get around this, some AV's offer a 'gamers mode' which is basically a setting to disable the AV's protection. Not really the best idea.Webroot SecureAnywhere is the smallest and fastest security product on the market which makes it a great choice for gamers. There is no need to disable its protection while you game as it has the smallest system impact of any security solution (]http://www.webroot.com/shared/pdf/Passmark_Endpoint_2013.pdf[1] ). It is also extremely effective at detecting trojans which are after game credentials because of how we leverage our crowd of users. Even if we were to miss a gaming trojan, the ID Shield functionality within SecureAnywhere prevents keygrabbing attempts by unknown processes.How do you respond to allegations that your European threat team exceeds the recommended attractiveness index for IT personnel?
These are clearly biased allegations! The US IT team sets the diamond standard for both attractiveness and charm.WSA was meant to be protecting my laptop. Yesterday I spilt hot coffee on it, now it doesn't work. To say I'm a little disappointed is an understatement.... :-(
The EULA clearly states WSA does not protect against liquid infections ?_?When looking to hire new employees is thier education or work experience more important?
When it comes to hiring someone as a Threat Researcher, experience is most valuable. Education is also very important as a solid understand of how computing and security works is key to being successful.Which mobile OS is the most vulnerable?
Android is the most vulnerable, though Google has released a number of security focused improvements in ICS and Jelly Bean. The problem is that better than 50% of Android devices are using version 2.3x or before which have many know exploits.The term vulnerable might also apply to data security - not malware. In this case, recent studies have shown iOS apps have a tendency to access more personal data than the same app on Android.Thanks for doing this. Love your company, love your product. I actually interviewed years ago to work at Webroot, things didn't work out but that's cool. From a sysadmin who learns something new everyday, what first brought you into Security and what are some great resources or books/websites that I could look into to expand my security knowledge.
When I first started at Webroot I did not know all that much about security - though I did understand that Internet security was a booming industry. It was really my own curiosity into malware and online threats which directed my career in security. As for resources I typically follow a number of security blogs and websites. I really like ]http://arstechnica.com/[1] and I enjoy reading security whitepapers.I have followed Steve Gibson and Brian Krebs a lot. Did you need any certifications for your current role?
I did not need any specific certifications for my current role - other than my experience in the industry. I've been fortunate that my work experience has provided me with a learning environment where over the past 8 years I've grown to be a security industry expert.Is there a way to change the primary Internet application from IE? I keep trying to renew my subscription and can't because Internet explorer just can't open the page.
There is definitely a way to change your default browser. Most often when you install another browser, it will provide an option to make that browser the default.If you are using Windows 7 or 8, just type Default Programs into the start menu and you can select the browser you wish to be the default there.Hello Grayson,
Can you please explain as the cloud has tens of terabytes of information how can the Client react so fast to a peace of detected malware? Also how much bandwidth does WSA use daily with 1 scheduled scan? And one more thing please explain how well a user is protected while offline?
TIA,
Daniel
The reason we are able to react so quickly is largely due to our unique cloud distributed architecture. It enables millions of endpoints around the globe to have access to all of Webroot's security intelligence data instantly. Webroot SecureAnywhere Endpoint uses about 250kb per day in bandwidth. When in offline mode, the agent records all actions taken by unknown process. When an Internet connection becomes available, unknown processes are checked against the cloud for classification. If an infection is detected, changes are rolled back to a pre-infection state.Does social engineering ever play a roll in what you do, if so, how so?
What's your professional take on Microsoft Security Essentials?
If you could recommend a school to study network security, what would it be?
Where do you predict the market will head in the future?
What's your response to recent news (okay not quite so recent but still) that all antivirus devs are having a hard time?
Social engineering is one of the most effective ways hackers gain access to protected systems and definitely plays a roll in what I do. I spend a good deal of time looking into these tactics and spreading education to protect users. Microsoft Security Essentials is not a good security solution and they recently failed to achieve any level of certification from AVtest.org. I'm not the best one to ask about network security schools. The future will bring more internet connected devices which will create a new landscape for security. Users need to be aware of what data IP ready devices are after and how this data is used. As for my response to recent news - read my reply to that article here http://blog.webroot.com/2013/01/07/novel-approach-to-malware-discovery-in-todays-threat-landscape/Grayson, how did you get started in security, and what advice could you give to potential computer security researchers out there?
Interesting story - I wanted to be a pilot since I was about 2 years old and was in school for aviation when 9/11 took place. This terrible event forever changed the aviation industry and lead me to consider other industries. I happened to know the founders of Webroot and started working here back in 2004. From that point forward I was very interested in Internet security and malware. Placing my focus on these areas lead me to my position today.Thank you for doing this AMA. My girlfriend is in a Masters program for Cyber Security and it offers a specialization in Intelligence and/or Computer Forensics. She was sure that she wanted to go the route of Intelligence, but now she is thinking that she should specialize in both. Soon she will be already one year into the program.
-What are your thoughts on which specialization holds more merit? -What would you recommend for her to do in order to make herself a more viable candidate for a job/career once she finishes her degree?
Thank you!
They both hold a lot of merit and I see both being very strong fields of the future. It really depends on what she finds most interesting - though knowing both fields results in a more rounded understanding of the security industry.Having experience and showing your own initiative is a great way to stick out in an interview. I'd suggest starting a security project and blogging about it.How do you respond to allegations that all of the reviews for your product are scammed?
For instance, threat researchers watching the keycodes of reviewers in real time and marking folders as good/bad depending on what needs to occur in order to pass the review?
Great question and to be honest, it’s a valid concern. A company would love to rig the reviews if they could, right? Thankfully, the great reviews of our SecureAnywhere product line from top industry reviewers are in line with the testimonials and ratings we see from actual customers on both Amazon.com and our post-purchase emails. See a full feed of our product reviews here: http://bit.ly/XoMDeR
Thank you for posting this Richard!
Thanks Richard for the transcript. Grayson was interviewed in funny and educative manner and his replies kept pace. He's really smart guy.
Richard, I visited the redd.it forum and even posted on the thread.@ wrote:
For everyone wanting to join in, follow this link to see what is said and ask your own questions: http://redd.it/1a5kkl
Candidly, after reviewing the thread, I am surprised and disappointed at the amount of bashing and ad hominem attacks. Much of that content would never fly on a tightly run site and would have been purged.:@
You can't do much about internet trolls unfortunately. :(@ wrote:
Richard, I visited the redd.it forum and even posted on the thread.@ wrote:
For everyone wanting to join in, follow this link to see what is said and ask your own questions: http://redd.it/1a5kkl
Candidly, after reviewing the thread, I am surprised and disappointed at the amount of bashing and ad hominem attacks. Much of that content would never fly on a tightly run site and would have been purged.:@
TH
Respectfully disagree, TH. That's why you have moderators. Someone should have stepped in! 😠@ wrote:
You can't do much about internet trolls unfortunately. :(@ wrote:
TH
I do agree that it is disappointing, but it is the nature of the internet, and ultimatley Reddit. It is an anonymous forum, where you go an hide behind a veil of digits as a screen name. And while the negativity was there, we did expect it as its the nature of people. But, on the bright side, many of the detractors and negative Nancys were put to bed by the Reddit community members who are active.
Overall, we had a great time doing it and are looking to future, similarlly open events to host in the future.
Overall, we had a great time doing it and are looking to future, similarlly open events to host in the future.
Richard, perhaps a better site could be selected for future events, should WSA wish to host them.
Â
No one benefits or wins when bashing or ad hominem attacks occur and are left to fester and proliferate on an open thread. There are only losers in such a situation. JMHO.
Â
No one benefits or wins when bashing or ad hominem attacks occur and are left to fester and proliferate on an open thread. There are only losers in such a situation. JMHO.
RWM - There is a place for everything. In the case of an open, non focused discussion hosted by an individual like Grayson, Reddit happens to be the best place. As he is becoming a more prominent face in the Threat Blog, bringing attention to our security solutions and technology to those outside our current customers was the goal of this event, and it proved to be very successful. As for other events in the future, they will of course be held on a website that is best for the goals.
Regarding the negative comments on the Reddit forum, they are nothing worse then what any company runs into when it comes to being public facing, and while it may lead to a one or two people questioning the validity of our products and technology and Grayson, the average user inside Reddit and coming to that thread will see these posts as blatant attacks and not constructive to the whole conversation. Thus, by these Negative Nancy's own accord and language, they eliminate any chance of festering.
With 43 million users, 400 million unique visitors, and 37 Billion Page Views, it's considered to be the number one community in the world, and is the number one website of open conversations like this.
Regarding the negative comments on the Reddit forum, they are nothing worse then what any company runs into when it comes to being public facing, and while it may lead to a one or two people questioning the validity of our products and technology and Grayson, the average user inside Reddit and coming to that thread will see these posts as blatant attacks and not constructive to the whole conversation. Thus, by these Negative Nancy's own accord and language, they eliminate any chance of festering.
With 43 million users, 400 million unique visitors, and 37 Billion Page Views, it's considered to be the number one community in the world, and is the number one website of open conversations like this.
I actually found his responses to the detracting comments to be humorous and fun, but also informative at the same time.
Richard, with all due respect to Grayson, I think he would have come across better had he stayed above the fray!   Sorry if I may offend some folks here, but I call it as I see it. Enough said from me.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.