Episode 2 is live. We sat down with Josh Yavor, CEO and Co-Founder of Credible Security, who has more than a decade of experience with deception technology.
Josh brings a practitioner's perspective, having deployed everything from complex malware analysis environments to lightweight canary tokens across different organisations. He shares what he's learned about making deception technology work in the real world.
Why deception isn't just for mature programs
Josh tackles a common misconception in the industry: that canaries are something you deploy later in your security journey. He explains why the opposite is often true, and shares examples of simple, high-value deployments that any organisation can implement.
Real signals vs. industry reports
Josh explains the difference between reading annual threat intelligence reports and having actual signals from your own environment. He shares why that distinction matters for prioritising security work.
If it doesn't fire, is it working?
Josh addresses a question that comes up often: if a canary doesn't trigger, has it provided value? He explains why absence of signal doesn't mean absence of value, and shares his perspective on what makes canaries different from other security tools when it comes to signal-to-noise ratios.
Creative deployments
Josh walks through some unusual use cases he's deployed, including protecting sensitive IP during third-party data sharing and using canaries during active incident response. These stories show how flexible deception technology can be when you think creatively about the problems you're trying to solve.
Listen to Episode 2 here.
