Defense in Depth Simple Security Solutions That Deliver a Big Impact
Feb 5, 2026
Rob Allen, Chief Product Officer at ThreatLocker, a product-driven security leader. He discusses getting permissions right and preferring groups over individual rights. They cover patching and secure baselines, the importance of knowing your assets, and automating configuration hygiene. Simple process controls and phone verification for high-risk requests get attention too.
AI Snips
Chapters
Transcript
Episode notes
Use Role-Based Group Permissions
- Apply permissions to well-defined roles and add users to groups instead of assigning permissions to individual users.
- This makes auditing and troubleshooting far easier and reduces unnecessary privileged access.
Assume Privilege Escalation Happens
- Assume privilege escalation will happen and design controls accordingly rather than relying solely on least privilege.
- Minimize permissions but anticipate escalation paths and limit their impact proactively.
Patch And Harden Critical Assets
- Maintain regular, timely patching and enforce secure baselines like CIS benchmarks for critical assets.
- Treat patching and hardening as necessary hygiene, but combine them with other defenses for full protection.