Enjoy this conversation with Josh Bressers, product security at Elastic and former colleague at Red Hat. Josh answers my questions about password management, general computer security and what matters (or doesn’t) in today’s predominantly online world.


Discussion Highlights

  • How John and Josh met at Red Hat
  • Reliving the old days of testing and releasing security updates
  • Considering overall return on investment (ROI) of your approach to security
  • How do we know that these password managers are really secure? We can’t know with complete certainty
  • What happens if your password manager is compromised and how you would recover?
  • Ultimately you can’t control where your data is stored when you enter “the cloud”
  • Lastpass and 1Password appear to be the leading solutions
  • Backup schemes and philosophies
  • Understanding two factor authentication and its benefits
  • Duo Security
  • “Good enough” vs. “perfect” security
  • Yubikey 4 (two-factor authentication token)
  • You have to draw a line somewhere when you plan around all of the “what if” scenarios of something going bad or getting compromised
  • Making decisions in a way that results in a “hard yes”
  • How becoming a product manager opened Josh’s eyes to the downside of complexity and the importance of practicality
  • Josh’s preference for locked down devices like the iPhone, iPad and Google Chrome Books
  • Dropbox is not secure as some people think

Learn More about Josh Bressers


All songs licensed under Creative Commons