# Herbert: Manage threats, risks, and vulnerabilities

<div aria-label="toggle video from My name is Herbert and I am a Security Engineer at Google." class="rc-Phrase css-ugczj4" data-cue="1" data-cue-index="0" id="bkmrk-my-name-is-herbert-a" role="button"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">My name is Herbert and I am a Security Engineer at Google. </span></div><div aria-label="toggle video from I think I've always been interested in security," class="rc-Phrase css-ugczj4" data-cue="2" data-cue-index="1" id="bkmrk-i-think-i%27ve-always-" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">I think I've always been interested in security, </span></div><div aria-label="toggle video from in high school our school gave us these huge Dell laptops." class="rc-Phrase css-ugczj4" data-cue="3" data-cue-index="2" id="bkmrk-in-high-school-our-s" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">in high school our school gave us these huge Dell laptops. </span></div><div aria-label="toggle video from There wasn't a whole lot of security within those computers." class="rc-Phrase css-ugczj4" data-cue="4" data-cue-index="3" id="bkmrk-there-wasn%27t-a-whole" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">There wasn't a whole lot of security within those computers. </span></div><div aria-label="toggle video from So, many of my friends would have cracked versions of like video games like Halo," class="rc-Phrase css-ugczj4" data-cue="5" data-cue-index="4" id="bkmrk-so%2C-many-of-my-frien" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">So, many of my friends would have cracked versions of like video games like Halo, </span></div><div aria-label="toggle video from that's really where I learned how to start manipulating computers to kind of do what" class="rc-Phrase css-ugczj4" data-cue="6" data-cue-index="5" id="bkmrk-that%27s-really-where-" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">that's really where I learned how to start manipulating computers to kind of do what </span></div><div aria-label="toggle video from I want." class="rc-Phrase css-ugczj4" data-cue="7" data-cue-index="6" id="bkmrk-i-want.%C2%A0" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">I want. </span></div><div aria-label="toggle video from current lecture segment: I guess [LAUGH] my day to day consists of analyzing security risks and" class="rc-Phrase active css-ugczj4" data-cue="8" data-cue-index="7" id="bkmrk-i-guess-%5Blaugh%5D-my-d" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">I guess \[LAUGH\] my day to day consists of analyzing security risks and </span></div><div aria-label="toggle video from providing solutions to those risks." class="rc-Phrase css-ugczj4" data-cue="9" data-cue-index="8" id="bkmrk-providing-solutions-" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">providing solutions to those risks. </span></div><div aria-label="toggle video from A typical task for" class="rc-Phrase css-ugczj4" data-cue="10" data-cue-index="9" id="bkmrk-a-typical-task-for%C2%A0" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">A typical task for </span></div><div aria-label="toggle video from cybersecurity analysts would usually be something like exceptions requests." class="rc-Phrase css-ugczj4" data-cue="11" data-cue-index="10" id="bkmrk-cybersecurity-analys" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">cybersecurity analysts would usually be something like exceptions requests. </span></div><div aria-label="toggle video from Analyzing if someone needs to have special access to a device or document" class="rc-Phrase css-ugczj4" data-cue="12" data-cue-index="11" id="bkmrk-analyzing-if-someone" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">Analyzing if someone needs to have special access to a device or document </span></div><div aria-label="toggle video from based on the role that the person has or the project that they're working on." class="rc-Phrase css-ugczj4" data-cue="13" data-cue-index="12" id="bkmrk-based-on-the-role-th" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">based on the role that the person has or the project that they're working on. </span></div><div aria-label="toggle video from One of the more common threats that we come across is misconfigurations or" class="rc-Phrase css-ugczj4" data-cue="14" data-cue-index="13" id="bkmrk-one-of-the-more-comm" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">One of the more common threats that we come across is misconfigurations or </span></div><div aria-label="toggle video from requesting access for something that you don't really need." class="rc-Phrase css-ugczj4" data-cue="15" data-cue-index="14" id="bkmrk-requesting-access-fo" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">requesting access for something that you don't really need. </span></div><div aria-label="toggle video from For example, I recently had a case where a vendor we" class="rc-Phrase css-ugczj4" data-cue="16" data-cue-index="15" id="bkmrk-for-example%2C-i-recen" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">For example, I recently had a case where a vendor we </span></div><div aria-label="toggle video from were working with had changed their OAuth scope requests." class="rc-Phrase css-ugczj4" data-cue="17" data-cue-index="16" id="bkmrk-were-working-with-ha" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">were working with had changed their OAuth scope requests. </span></div><div aria-label="toggle video from And basically that means that they were requesting more permissions to use Google" class="rc-Phrase css-ugczj4" data-cue="18" data-cue-index="17" id="bkmrk-and-basically-that-m" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">And basically that means that they were requesting more permissions to use Google </span></div><div aria-label="toggle video from services than they had before in the past." class="rc-Phrase css-ugczj4" data-cue="19" data-cue-index="18" id="bkmrk-services-than-they-h" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">services than they had before in the past. </span></div><div aria-label="toggle video from We weren't sure really how to go about that because that wasn't" class="rc-Phrase css-ugczj4" data-cue="20" data-cue-index="19" id="bkmrk-we-weren%27t-sure-real" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">We weren't sure really how to go about that because that wasn't </span></div><div aria-label="toggle video from a situation we've come across before." class="rc-Phrase css-ugczj4" data-cue="21" data-cue-index="20" id="bkmrk-a-situation-we%27ve-co" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">a situation we've come across before. </span></div><div aria-label="toggle video from So it's still ongoing, but" class="rc-Phrase css-ugczj4" data-cue="22" data-cue-index="21" id="bkmrk-so-it%27s-still-ongoin" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">So it's still ongoing, but </span></div><div aria-label="toggle video from we're working with partner teams to kind of develop a solution for that." class="rc-Phrase css-ugczj4" data-cue="23" data-cue-index="22" id="bkmrk-we%27re-working-with-p" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">we're working with partner teams to kind of develop a solution for that. </span></div><div aria-label="toggle video from I think another thing that we've seen is outdated systems," class="rc-Phrase css-ugczj4" data-cue="24" data-cue-index="23" id="bkmrk-i-think-another-thin" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">I think another thing that we've seen is outdated systems, </span></div><div aria-label="toggle video from machines that need to be patched." class="rc-Phrase css-ugczj4" data-cue="25" data-cue-index="24" id="bkmrk-machines-that-need-t" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">machines that need to be patched. </span></div><div aria-label="toggle video from That sounds like an IT issue, but it's also definitely a cybersecurity issue." class="rc-Phrase css-ugczj4" data-cue="26" data-cue-index="25" id="bkmrk-that-sounds-like-an-" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">That sounds like an IT issue, but it's also definitely a cybersecurity issue. </span></div><div aria-label="toggle video from Having outdated machines, not having proper device management policies," class="rc-Phrase css-ugczj4" data-cue="27" data-cue-index="26" id="bkmrk-having-outdated-mach" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">Having outdated machines, not having proper device management policies, </span></div><div aria-label="toggle video from working with a team or many teams is a huge part of the job." class="rc-Phrase css-ugczj4" data-cue="28" data-cue-index="27" id="bkmrk-working-with-a-team-" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">working with a team or many teams is a huge part of the job. </span></div><div aria-label="toggle video from In order to get really anything done, you need to communicate with not just the team" class="rc-Phrase css-ugczj4" data-cue="29" data-cue-index="28" id="bkmrk-in-order-to-get-real" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">In order to get really anything done, you need to communicate with not just the team </span></div><div aria-label="toggle video from that you're a part of, but with other teams." class="rc-Phrase css-ugczj4" data-cue="30" data-cue-index="29" id="bkmrk-that-you%27re-a-part-o" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">that you're a part of, but with other teams. </span></div><div aria-label="toggle video from Ten years ago I was working at a pizza joint and ten years later," class="rc-Phrase css-ugczj4" data-cue="31" data-cue-index="30" id="bkmrk-ten-years-ago-i-was-" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">Ten years ago I was working at a pizza joint and ten years later, </span></div><div aria-label="toggle video from here I am, at Google as a Security Engineer." class="rc-Phrase css-ugczj4" data-cue="32" data-cue-index="31" id="bkmrk-here-i-am%2C-at-google" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">here I am, at Google as a Security Engineer. </span></div><div aria-label="toggle video from If I told my 16 year old self that I would be here," class="rc-Phrase css-ugczj4" data-cue="33" data-cue-index="32" id="bkmrk-if-i-told-my-16-year" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">If I told my 16 year old self that I would be here, </span></div><div aria-label="toggle video from I wouldn't have believed myself, but it is possible." class="rc-Phrase css-ugczj4" data-cue="34" data-cue-index="33" id="bkmrk-i-wouldn%27t-have-beli" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-1j071wf cds-139">I wouldn't have believed myself, but it is possible.</span></div>