Sign California Banking Permission Slip Secure

Industry sign banking california permission slip secure

today on cyberwork kelly conlon of jamf joins me to discuss all things apple security in this episode you'll learn about securing devices across multiple os's the hidden and plain sight apple security bible and why kelly's mom isn't allowed to use the 15 year old mac laptop kelly is still hanging on to after all these years remember that cyberwork listeners are eligible for a free month of infosec skills by going to infosecinstitute.com skills and using the promo code cyberwork when joining that's 30 days of free security courses hands-on cyber ranges skills assessments and certification practice exams all when you use the promo code cyberworkonsignup that's infosecinstitute.com skills and now let's begin the show welcome to this week's episode of the cyberwork with infosec podcast each week we talk with a different industry thought leader about cybersecurity trends the way those trends affect the work of infosec professionals and offer tips for breaking in or moving up the ladder in the cyber security industry kelly conlon is a security solutions specialist at jamf focused on helping organizations to be more secure with apple prior to joining jamf kelly was an intelligence agent in the u.s air force supporting special operations before starting an i.t career path kelly currently lives in tampa florida with her husband son two cats and a miserable husky and that that is a mood for 2020. our topic today is the specific security issues around apple's platform and apple products even lay people without a lot of security background know to some degree that apple seems built just to a different sort of schematic than linux or other os's and as you imagine this comes with variants and security remedies as well as specific and inherent security issues so today we're going to talk about uh what apple security's framework is like what security issues you should be on the lookout for with apple products and what you need to do uh know if you want to learn about securing apple products and systems especially in a career role uh kelly welcome to cyberwork thanks for being here today oh thank you for having me uh so let's start with your background here uh you said uh you know that's uh you that you started out in the uh as intelligence analyst in the us air force uh before starting an i.t career path can you talk about sort of your your tech uh you know hero's journey uh like how far back does it does it go back with you were you uh you know computer programmers a kid did you find it sort of later in life um i mean always i i instinctively picked up to computers when i was younger um i mean we had one of the old like weird beige uh like compacts growing up that my mom never could use but i always was like internal home i.t um from a very young age and uh once i got into high school um that i was i'm very lucky that the school i went to had um a lot of different avenues for like creatives and so i got into um i want to say av because there's not like a proper um label to it but it was like our school's uh like announcement program like we did the school news but it was all like video editing and videography and photography and so that's actually where i got introduced to max was using in that program using video editing software um and then i became a mac hobbyist because it wasn't always in schools it was my personal computers obviously like at work they didn't really come across a lot of macs uh then and yeah so computers have always just been a huge interest macs were always just my personal choice and then i uh joined the air force i had all this like photography and like video background and they're like hey you would be really good as an imagery analyst when i go to the recruiter and i'm like oh sure imagery analyst that sounds fun no that's not what it was um i don't know that term what what what does that entail so essentially um it's a part of the intelligence community and intelligence kind of gathering uh structure and that particular method of um intelligence is just analyzing what you can see um and reporting back off that so in modern times um that position and what i did for the air force was all drone work um satellite imagery analysis um right monitoring videos from drones um doing that kind of reporting and i mean it was amazing it sounds very jack ryan right yeah like explain it um and i mean there's times there it was super cool and uh i was always in a classified space because it was intel and i just missed i wanted to work on computers right like i was using computers as an analyst and i just was magnetically drawn to like i i just want to support this like i was constantly bothering it because i would write a script that would make it so my computer couldn't lock me out and i was just kind of a pain um and so eventually i decided to make that switch um and for dod if you want to work in intel a lot of the times they just need a lot of certs or require certain certs so i got comptia security plus um at the jump um so i could work on classified systems and then it just kind of dovetailed from there uh yeah well cool let's let's let's sort of talk about your role now as a security solution specialist at jamf uh what is what is your average day look like like do you have a a a pretty like you know this two hours of the day i do this this two hours or is it sort of different every day uh what are your primary roles and responsibilities things like that so it's definitely different every day um pacing can be very pretty dramatically um the the role that i am in is a technical resource um for new customers i'm not on the internal jam information security team so i'm not actually looking at like our employees machines data or like telemetry from security events on their devices i'm more focused on how our customers can have a better security increase or security posture overall with jamf's products um and just kind of explaining that okay so you're working sort of case by case with each new yeah and so you're sort of tailoring it to their specific security needs is that yeah exactly just kind of being that translation um telling them okay well that's your that's your need this is how jamf can help with that i also work a lot with our marketing teams um coming up with blog posts hosting webinars as well as working really closely with our internal developers giving them that feedback that i'm hearing from customers um security concerns that kind of thing okay um do you keep regular hours are you kind of on call all the time um so i've always been remote since i've been with jamf and this was my first um at-home position and so i was at the the beginning um i'm i was always available i had um our communicator on our my phone um answered emails before i went to bed um and i've slowly like loosened that i mean it is hard because i like to be responsive i like to help and so um trying to turn that off so i don't really have like set hours i am kind of always available um so it's just kind of a day-by-day thing yeah but that's that's not necessarily the parameters of the position that's you talking okay yeah that's a personal choice okay got it yeah um okay so uh and and i guess uh sort of winding back from that in terms of uh you know your skill sets you've talked about a little bit about you know you got security plus and what and where you sort of got started with things but like what were the sort of skill sets and things that you knew that you know made you a good fit for jam like if people wanted to do the kind of work that you do like what were the things that jam were looking for in terms of this role so i started as at jam in a position called a systems engineer or sales engineer so i presented our products to um new customers or interested customers from a technical level and um i was a jam customer before i came to jam so i worked at a company that was a full mac shop and we used jamf pro to manage our macs and our ipads um so i was very familiar with jamf as a company because i was purchased from them and um i jf was just became a goal of a company i wanted to work at i loved their product specifically we're going after them that's great yeah i i really wanted to work there and i actually applied a couple of times um and didn't get didn't get the positions and then finally was able to move in um as a systems engineer and then when we um purchased the company digital security and created our security tool jf protect i um was kind of they knew my background um and i was very quick to pick up the product i was very excited about it and then when we had this position open up i was very eager to apply and um kind of step into that role okay um so as we mentioned at the start of the show today's episode is all about all things apple we've been talking about apple you're apple uh evangelist from a long way back so to just start right at the very bottom here uh at the very beginning how does apple's os differ structurally from pc and linux in terms of like a security perspective you know i know i i feel like apple has the reputation and has for a long time of being kind of you know the the interface for everybody you know it's like all the stuff is here you don't need to know coding or even the perception of coding and things like that so um you know how does the interface like that come about and and and so forth i so um obviously i don't work for apple and i don't know there yeah yeah i'm not gonna ask you guys what's their recipe yeah tell me um i mean i think the focus that apple has always had on the user is one of the big key differences between them because they kept such a control on software and hardware so they can control that user experience and that kind of expectation of what the user has because they've kind of cut out that variable of multiple hardware vendors right for their software um like like you get on the windows side and so i think that's the big key difference is that they've kept a hold of that they produce their hardware they produce their software okay um so they can keep that focus on the end user and i think that's why a lot of people um i don't i don't know if this is like the right term but kind of drink that apple kool-aid um because they feel so like appreciated um right like this computer gets me i get this i can pick this up quick and they feels nice yeah they've made it very easy to adopt um the their products yeah yeah do you get a sense i mean this is a total tangent but i feel like there there are you know like it sounds like you were kind of an apple family like i feel like like it's sort of like computer preferences seem to go by family like i was a pc family my wife's family was an apple family like across the board and and like sort of straying from that would be sort of like almost sort of like uh you know a dishonor to the family right it's like pepsi or coke yeah yeah right if your mom drinks diet coke you can't all of a sudden bring in a two liter of pepsi yeah no exactly you're working purposes there i am the oddball of the family so my mom is not you're right she doesn't list this she's not the most technical person um she got iphones when iphones became a thing and were cool in the hot new hotness right but she was never a mac user i i have old um like imacs that i use for testing or that i've just like taken apart um and she constantly asks me for it like she's like you just have it sitting in your office i want that and i'm like you don't like this is not the computer you are used to i would have to like retrain your brain yeah um but yeah i i i used max at school in video editing and then i just like fell in love and begged her and begged her like please i need a i need an apple computer i need the apple machine and okay finally broke her down so nice um so for uh this might be a perception issue and you can feel free to sort of like pop the balloon but for those of us that are old enough to remember when when apple you know sort of first became the player on the scene i feel like there was a long time where apple products were perceived you know whether right or wrong as as quote unquote safer than pcs and windows because as i heard that most viruses and attack software were designed for pc and as such apple seemed safer by virtue of being hidden slightly in the background and obviously that's not the case anymore um but speaking to that was apple truly safer at one time and how does the relative security posture of apple now vary from windows systems in present day um so that's so hard to i i i won okay i blame jamf a little bit for um the how apples um or just max in particular their um bit them as a target for security threats has kind of grown and i think that's because there are solutions like jff pro that allow it to be easier for an organization to manage max right where that's always just been a pc thing like if when you're at work it was a pc of some variation and um because pcs were so dominant in enterprises and organizations hospitals and schools they're an easy target these are so many of them right it's like shooting fish i'm not shooting fish in a barrel that's a bad oh wait no yeah there's more fish in the barrel that's what that means okay yeah yeah there's more targets shooting a barrel full of lots of fish yes exactly okay um you're gonna hit something exactly yeah they're they were an easier target and and so i don't necessarily think that it was easier to attack a pc from like a functional level than it was to attack a mac um i think it's just it was based off numbers and now those numbers are starting to get a little closer and it and also people a lot of people use max from like the individual consumer right like at home um so if you're trying to attack an individual you can have a better chance if you know their their system and and that kind of stance okay so i don't think they were always safer right than than the pc from like a technical standpoint i i mean i don't know there's so many different ways to kind of argue that point because like from a hardware perspective because there are so many variables in vendors um there could be different um like physical security risks because of the hardware differences where the mac that hardware was always really controlled so um i think it just comes down to like your interpretation of security yeah but i think they are more on an even uh playing field and they definitely have a similar landscape now for sure yeah i think it was it was not so much like attacks like in terms of hackers but i just feel like i remember hearing that like viruses were customized so much to pcs that exactly you know people who are like well you know it's not going to necessarily come through my email because it's not really mac specific but i feel like at this point there's just a lot of everything right yeah exactly 100 okay um can you speak at all to this is some something that you know we had we had a suggestion from someone in in staff here uh i think they heard it on a podcast somewhere um but uh speaking of apple's um you know system across multiple types of devices you know it's it's on one hand it makes things easier to protect but it also means that zero day attacks can be you know more pervasively destructive as they cover sort of thousands of times the surface area that a target attack might otherwise have and i'm not sure if i'm i'm getting that right but is there sort of like a uniformity of like um you know apple's structure or whatever that makes zero days especially vulnerable um so apple doesn't have the same operating system across all the devices there's mac os there's ipad os there's ios tv os watch os each device does have its own separated opera separated operating system but apple is taking approaches to make that more uniform allowing to be able to pick something up from your phone and then be able to pick it back up on your mac or on your ipad so they are allowing that kind of cross uh use against the different operating systems they are making that more like uniform and so i don't know i i could totally see what the potential risks there especially as apps made for ipads or ios devices being added to the app store and being available on a mac um because even though apple is pretty strict on their developers and what they allow in the app store we i mean they just had a case recently where they actually notarized mac malware to be able to be downloaded notarization was one of their big kind of security approaches to help only allow things that are authorized and kind of been blessed off so they're not in there there's no perfect defense um right like you have to be aware of everything there's always things that are going to possibly slip in so i do see that there could be potential risk with that for sure okay um yeah so so speaking to that uh you know it sounds like it's pretty hard is it is it pretty hard to sort of get one over uh you know via the app store in that way that you know they were able to authorize this thing was so what happened with that was it just that it looked very very realistic and just sort of didn't it passed the sniff test or something yeah exactly um and then it just turned out to be malware um okay and that but that's that's that's not a common case no and and that's the first i've heard of there may have been more but that was the first that was kind of like publicly made that was a big knowledge yeah it's like okay so we mostly want to talk obviously you're a bit of a mac guru here and a mac enthusiast we want to talk about mac specific um security risks that people should be aware of like what are some some common errors first of all that are made by apple users you know just out in the world that open them up to big security risks uh being careful what you click on i mean i think that goes across any user for computer not just mac specific um but yeah just being cautious of what you click on apple does a really good job of trying to put in some protections to the end user um so not disabling things in the operating system right so like if you go to stack exchange looking for how to hey how do i do this really cool thing on my mac and then they recommend that you disable internal protections like you shouldn't do that like just because some dude on the internet told you um not worth it yeah exactly and like there's always those targeted tools that are like let's clean up your mac your max like here's your pop-up right that yeah i mean that that that happens a lot on the mac side because they are very focused on like your mac is contaminated you need to download this um kind of thing so i think there's always that risk um and depending on the type of attack and uh what what the attacker's like motives are is there's always that like sense of urgency right like you need to do this right now because you're yeah you're short circuiting their common sense it's like yeah right before i can think about it just do it exactly yeah you just have to kind of take a step back right like is this really is something bad um but that's hard i think there's there's always that pressure um as a user to just be aware um but people like max because it's easy to use they don't need to know all the ins and outs of everything um like people don't know where their launch daemons and launch incidents are at and that there may be potential persistent tool there um so i think it's just keeping being patient being weary of things that they download and click on um keep the native security functionality that apple gives you enabled don't turn it off um and just be more investigative into what they want me to add i think would be my biggest like just for any any end user yeah it's a pretty solid i mean you know there's always that sort of you know balance between sort of putting it all on security awareness it's like well if you hadn't if you hadn't thought of you know you if you hadn't took that pizza coupon as we wouldn't be here versus the sort of like really restrictive endpoint thing of like you can't click on anything without five authorizations you know so there's gotta be a balance in there somewhere yeah and i think because of my military background and like specifically working in intel i i am naturally more of a paranoid person i don't think i am but i guess i am and i it's just i think of the same thing like just because somebody tells you hey you should leave your front door open um because it's gonna make your house so much cooler all day like you're not gonna leave your front door like wide open and just let anybody in um it's just the same thing like don't just download this tool because they're like hey your memory is all used up we can help you there like yeah well i mean that also sort of speaks to uh just what people actually do with their computers in terms of i i just use it as a tool versus like i actually understand the sort of behind meanings like you know you would never sort of blame you know your house well i just i just live here it's not like i actually know enough not to lock my door in the front you know but a lot of people can can sort of give that excuse of like i'm i've just wanted to write emails to my grandkids you know how was i supposed to know so yeah so i mean what are your thoughts on sort of like ways to get that kind of baseline sort of technology people who are just using you know you know what's what's known as the easiest you know interface in great possible way um so i think apple does a really good job of they don't tell the end user hey you need to know this they have those kind of protections in place but they're silent like you're not going to get a ton of pop-ups because like hey we completed a scan everything's good like apple everything kind of updates behind the scenes while you're exactly yeah right they kind of want it to be easy to use they want they're kind of um taking ownership of like let's make it the best um and allow for the end user to have the best experience and like so um yeah so um you know speaking uh in you know we start with the sort of individual level here but you know obviously most offices uh even before the pandemic were mixed use in terms of who was using what operating system and and you know or even more so now that people are working from home you know maybe some of them are using a work computer and maybe a little bit of their own devices in the evenings and stuff like that so uh what are the differences in trying to secure window devices versus macs or linux um all right so some of the i mean the biggest differences are the different types of attacks right or just being aware of the different types of attacks and what those different methods look like um i know that having like uniform protection across like all of the devices you manage seems like it would be the like solid thing and like the right answer but you need to make sure that like whatever you're doing to secure your device is like specific to that device right like you're the um like with a mac um putting in certain like root um kind of permissions and ensuring like the end users don't have access from an administrative level to modify things that they shouldn't be doing is just as important as doing that from the windows side but they're done differently um so it's understanding how they differ and mapping that out like you can't i don't think there's one um like device hardening plan that you could have as a like as an organization that would fit everything from windows to the max um i do think you have to kind of go through and really understand the the differences in those operating systems do you have any sort of thoughts on how this you know this sort of non-uniformity of of of devices should be dealt with at an i.t level in terms of like making this kind of hardening plan um i so personally i think well so my i.t background started in secure facilities right so we didn't have like dedicated like infosec like built out teams like it wasn't like here's your infosec department here's your i.t department right we were already working on devices that were so heavily secured that like i t was infosec kind of a structure um so moving from dod and like federal government to like commercial spaces that's one been one thing that i've been kind of shocked by is that there is such a a lot of the times there's such a departmental like harsh line on info second i.t and i think when it comes to device management from the it level and policies that infosec are putting in play i think they need to be closer than they are um i think instead of infosec being like hey you need to go enforce all these settings it should be able to have a say say like well if we do that the end user is going to they're going to be mad and they're going to just turn that off or they're going to constantly put a ticket um yeah i and so i would love to see a world where those two teams are have a closer relationship just naturally there isn't that separation um and just like yeah more kind of cross um that line needs to blur especially with everything being mobile um nowadays right like you've got to be prepared for that well that's that jumps perfectly into my next question here because obviously you you mentioned uh you know that you you are very much a you know still checking your email just before bed and yep all hours of the day so as the notion of the fixed day work gets more amorphous and employees work on projects at different points in the day from a wide range of devices uh do you have any sort of safety tips to keep you from compromising your company's valuable files even if you plan on say working on some spreadsheets while you're watching tv yeah so this is this is hard and apple has made it hard harder because they have that um cross-platform like use and i can log into my iphone with my icloud information and i can log on to my work computer with my icloud information and all of that is cross-transferred um so i think it is i the first step i would take is make sure end users understand acceptable use policy um right like if they have a work machine what are they allowed and not allowed to do on that work machine what personal things can they handle there as well as like on their mobile devices like if you expect me to have um email on my mobile device are there things i'm not allowed to have on my device because email's there um i think there's there needs to be a lot more education um to employees and staff on unacceptable use instead of just a super dry 10-page contract in your employee handbook where people just sign it i think there needs to be clear boundaries there um and i am personally like my phone is my most personal device that i could have right like my banking information is there my family's photos um my routes that i take right like when i go for a run i log on my routes so if somebody wanted to attack me and they wanted to do it when i'm loan and vulnerable right all they could need to do is get access to my like route plans right for my workouts so um i acceptable use is the big one there like really defining out what you're okay with from your end users um and where that bleed of personal and work is allowed to cross without you know um going into i guess maybe going into specifics but like how do you secure what what what are your steps for your function i think a lot of us have that back of head feeling like oh i probably should be more secure on on my mobile devices like what what what do you do to give you the sort of peace of mind to go running and not worry about your your schedule being impactful i do two-factor for everything okay um i don't do the same password i i love apple's um random password suggestion tool that they have when you're creating new accounts um i've slowly started moving into the um like apple account that they have been out announced i think it was last year at their developer conference where you can now sign in with apple um when like creating new apps so i've tried to like migrate to that because they don't share your email address um and and i do a lot of research on apps and software that i use on like what do they what of my data are they going to publish where is that gonna get sent um i so a big part of the intel piece that i did was location data um so i'm more cautious on like location information like i don't tag like i'm at this place on like instagram yeah those i try and avoid that as much as possible i am not some like celebrity where people are gonna be like oh she's at starbucks on 54th street let's you know uh i don't have to have that concern but i do think there's a lot of people that do have that um kind of draw to them or if people are wanting to know where you are at um because of what they're putting out on social media it is easy to find um so like i use the the running app i use is not a community facing one so like my routes are not published to a community for people to give me kudos right i don't want that out there like that because there's a ton of applications that do that um and people don't realize what they're what they're giving out so again i'm just more more paranoid than the average person i think i think that's worthwhile yeah no there is definitely that feeling of uh you know yeah catch me at you know the 7-eleven here or whatever exactly i also listen to a lot of true crime i'm a big truth i've always been a big true crime fan so i've always got that like caution behind me oh the more that you listen to especially from the 70s you're just amazed at people's in their windows and their doors and they're nothing secured their window open all night on their first why not what's the worst that could happen crazy people um so um you know to uh for listeners who are maybe trying to break into cyber security we have you know a lot of listeners who are just sort of considering security as a you know a stepping stone or a first step um you know obviously there's there's some uh other platforms that have specific certifications there's linux plus there's mchd is there is there an apple specific certification and if not what what do you go about like what do you study to sort of like study apple security so i the only like apple certification from a security level that i've seen is i want to say it's a company called black bag i i think that's the name of it no yeah black bag tech they have an apple forensics course so investigating apple from more on like the analyst side of things sure um that's one of the first ones i've seen that's been focused on apple covering ios and mac os um but yeah there isn't a ton i mean there's certifications for being apple administrators jamf has a few that we offer um but not a ton like that's focused on security one thing that i don't think a ton of people know is apple produces a platform security guide that's made available to the public um they updated every os or just changes and it isn't i know that it's a beautiful document um i mean they really cover why they've taken these approaches what enhancements they've done and they get into like that technical um deep so if you're wanting to know more on apple's just general security approach that's such a great place to start okay um so i'm guessing you know if you're if you're learning to secure multiple different types of operating systems you know pcs apples linux uh it might be kind of like trying to learn spanish portuguese and catalan all at the same time you know there'll be a lot of similarities but enough variances it might be hard to kind of keep track of what goes where so can you speak to learning about security issues uh that vary between different types of oss um yes i i think understanding the fundamentals of what cybersecurity means right there's network um security vulnerabilities right that that could affect multiple os's social engineering tactics um what potentials could happen to that end user so i think starting with fundamentals is such a great place to begin obviously i mean a lot of people don't even think about that they're like well i want to be a linux security admin i'm going to start here it's like i think you should take at least five steps back um go through like just basic infosec practices um just get used to the terminology get used to types of attack like people don't realize that like if when you say viruses and trojans and ransomware and malware like it also can be interchangeable depending on the attack depending on the um kind of techniques that hacker has taken and so i think start with the basics and then build that path from there there's so much information out there and there's so many different ways to learn i'm very hands-on i have to like observe somebody actually doing things for it to really set into me and i have to do a lot of correlation i have to do or not correlate like an association um like i have like when i think of investigating a cyber threat i think like a police officer right like i have to build my evidence i have to understand a story line or build up that timetable and um i think very much like that because i i'm a true crime fan and i put that that association there cool um so what what um you as someone who's kind of come to this uh through sort of a securities wrote what what job or learning tips do you have for professionals that want to get into this type of field or these specific types of uh security work are there any particular job titles to aspire to if you want to work on security at this level um i i would recommend so i didn't take a traditional path um to to be in a security role um i love the idea of starting out as like an analyst um working in a sock um actually seeing data as it's flowing through getting your hands like dirty and in data um i think is super helpful and there's just there's so many routes you can take like you can be a stock analyst you can work on the developers i had worked for a company making security software and be like a an engineer or build python scripts for testing companies um they're the cyber security world is just so big and there's so many chances there um i mean i still don't 100 know what i want to do when i grow up and like where where that's gonna leave me um yeah exactly and there's come i mean most companies have a c-suite level position that is in charge of security information security or security as a whole and physical um so i think starting from the analysis level because you're gonna see the data meet that telemetry i think would be really helpful um and there's so much information out there there's so many blogs uh actually speaking of like mac specific or apple specific um two really great blogs that i would love to just plug our objective c which is patrick wardle's blog he is a jamf employee but he is this crazy mac security genius um he has some great free tools that he's built he i mean he blogs all new mac threats as they come available really amazing amazing uh tool just his blog alone just a knowledge source is awesome and then also um the blog called the mit and mac uh it's all on like apple forensics or we'll just mac forensics and understanding um that security side of things okay uh so as we sort of wrap up and we start moving into the speculative area of things based on current business practices at apple do you have any thoughts on what future security issues might where they might be coming from i know that there were some some ads on some nfl games recently where apple was stressing user privacy and so whether there is or not they definitely see like a perception issue in terms of how people view their privacy and things do you have any i know it's not necessarily for you to speak about but do you have any thoughts in the directions of security and privacy issues in the coming years um so okay i personally have very um different opinions because i've worked as an analyst analyzing data right the more data you have the easier analysis is the easier you can build your um your like assumption you can make facts out of different pieces of data because you can build out a full story so i love the idea of having access to data but then i'm i think from a personal level do i want everybody to know all of that about me like heck no um and and i think a lot of people don't realize what like cyber or just data privacy really truly means and like oh well i'm just so and so living in iowa they don't really care about me of course they can just have all my information right um but there you don't really know what that could lead to how that can be affected and there's a lot of great uses to user data as well like it's such a such a fine line um like from a marketing perspective making it easier for you to find things that oh you really like this you'll also really love this um that that kind of thing and i so i respect apple's approach um like on the window side like with windows 10 like i don't think people people realized how much of their data was being able to be extracted like all their cortana usage like all of that was just turned on by default and i don't think people were aware of how much of that information could have gotten it's a whole other labyrinth yeah exactly um so i don't know what that's going to look like i think there's going to be a lot more focus on apple security i think there's going to be a lot of people who want to get those gotcha moments right like i took advantage of it this is i was able to hack apple and um i think there's gonna be a lot of attempts like that um so i don't i don't know where it's gonna be uh i don't it's such a hard question i think yeah apple is definitely gonna get bigger there's gonna be a lot more adoption for larger organizations um for sure coming coming in the next couple years so i think they're going to be a bigger player and they're going to have a bigger target for sure okay so as we wrap up today uh tell us a little bit about jamf and some of the projects and products that you're working on right now or things that you're excited about i want to talk about um so jamf is a apple management uh provider we provide apple management software um it's it's such a cool company i love i really this is one of the first places that i've worked at that i'm like these are my people they get me um it's a nice feeling and you guys i love it um and so our approach of helping organizations succeed with apple like that's the company like motto it's so simple but it's perfect like we just want you to have a better experience using apple products in your organization whether it's a school a hospital financial institutions right it we want to have across the board you have a good experience and so with that and as things have changed we introduced jamf protect which is our security solution so um i've been heavily focused on that and i love the possibilities of where it can go um it's a very different approach to like third-party security software um because it we took the approach of what we thought would be as respectful to apple as possible or just respectful to the os like what is already in the mac os and what will work best with that but still give administrators and security teams the level of information that they need without impacting the end user right like i said we're not like and have pop-ups like hey scan complete you're all clear um that's just not part of the our product um because it's not something we thought apple would do because that's not something they've done um and when it comes to security software i think it if an institution has more visibility if they can see what's happening they can kind of loosen the reins of restrictions right like if you have more insight and you know what's going on then maybe you don't have to be so controlling um and push things down because you can have a little bit more peace of mind um and i think that's something really unique that you get with protect yeah i think that's i think that's that's worth noting in terms of like you said uh people it just comes down to their perception of like i don't really know what's going on back there so let's just turn all the protections on and right and and so you can you can be more more freed up if you know someone else is at least minding the store exactly yeah no no trust because i i can't see it so if i can't see it i'm not going to trust it okay um yeah great so uh last question for all the marbles if people want to know more about kelly conlon or jam where can they go online so obviously jamf.com i'll talk about jam first because there's way more that has access to um j-a-m-f for those yes very good if you've ever had any question from a technical level on apple if you've googled anything i guarantee you've probably come across a jamf nation post um so jamf nation is our users community you don't even have to be a jam customer to be a part of damp nation it's a mac admins community it is the coolest thing um and such a big part of jamf and why i wanted to come work at jam um so definitely jam.com we've got jamf nation and they've got i think it's jam oh i'm gonna get yelled at i think it's jam software on like twitter and instagram like the social media perspective um i i have social medias i'm not my my twitter is like retweeting real housewives and uh posting about maps and security so okay no worries it's a craziness but i mean i'm on linkedin would love to connect to people there i could message them okay k-e-l-l-i conlon and ln exactly all right kelly thank you for being our guest on cyber work today there's a lot of fun yeah thank you so much for having me this is a podcast dream i'm a big podcast fan so this is fantastic that's great we both both of our dreams came true today then uh thank you and to all you listeners whose dreams came true as well thank you for listening and watching if you enjoyed today's video you can find many more of them on our youtube page just go to youtube.com and type in cyberwork with infosec check out our collection of tutorials interviews and past webinars if you'd rather have us in your ears during your workday all of our videos are also available as audio podcasts so you can just search cyber work with infosec in your favorite podcast catcher of choice and as ever if you'd like a free month of our infosec skills platform which includes hundreds of cyber security classes and evaluation exams and cyber ranges just go to infosec institute dot com slash skills type in promo code cyberwork c-y-b-e-r-w-r-k no no capital letters and you get one free month thank you once again to kelly conlon and thank you all for watching and listening and we will speak to you next week