ThreatLocker: Mac Security with Slava Konstantinov (EP 785)
Slava Konstantinov sheds light on the increasing sophistication of cyber threats targeting all operating systems, emphasizing the importance of proactive security measures. From discussing the nuances of Mac security to revealing insights into nation-state cyber warfare, this episode delivers actionable advice for businesses looking to bolster their defenses.
Why Listen?
This episode offers a unique perspective on Mac security within a business context. Slava’s insights into nation-state attacks, combined with practical advice on hardening your systems, make this a must-listen for any IT professional or business owner concerned about cybersecurity. Learn about the latest ThreatLocker features for Mac OS and how to implement a zero-trust security model to protect your organization from evolving threats.
Main Highlights
In this episode, Uncle Marv chats with Slava Konstantinov from ThreatLocker about the world of Mac security in the enterprise environment. Slava shares his journey from a Windows-centric background to becoming ThreatLocker’s Mac OS guru, highlighting the unique challenges and security considerations of the Apple ecosystem.
Mac Security in the Enterprise
Slava explains the differences in security approaches between Mac and Windows, particularly around permissions and user access. He highlights how tools like MDM can help manage these permissions in enterprise environments and make the user experience more seamless.
Slava's Journey into Cybersecurity
Slava recounts his early experiences dealing with Windows malware and adware, which ultimately led him to embrace the Mac platform. He discusses his transition into cybersecurity and his current role at ThreatLocker, focusing on Mac OS development and security solutions.
Nation-State Cybersecurity Threats
Slava shares insights into the growing threat of nation-state actors targeting businesses and critical infrastructure. He discusses how these sophisticated attackers use zero-day vulnerabilities to infiltrate systems and remain undetected, emphasizing the need for robust security measures.
ThreatLocker Product Updates for Mac
Slava discusses the latest ThreatLocker product updates and their availability for Mac OS, including web control, user store, and patch management. He highlights the company's commitment to providing comprehensive security solutions across both Windows and Mac platforms.
Applying the Advice
Listeners can immediately apply Slava's advice by reviewing their current security settings on both Windows and Mac devices. Businesses should consider implementing a zero-trust security model and providing cybersecurity training for employees. Additionally, exploring tools like ThreatLocker can provide an extra layer of protection against sophisticated threats.
=== SPONSORS
- Premier Partner, NetAlly: https://www.itbusinesspodcast.com/netally/
- Internet Provider, Rythmz: https://www.itbusinesspodcast.com/rythmz
- Production Gear Partner, Liongard: https://www.itbusinesspodcast.com/liongard
- Digital Partner, Designer Ready: http://itbusinesspodcast.com/designerready
- Travel Partner, TheatLocker: https://www.threatlocker.com/
=== MUSIC LICENSE CERTIFICATE
- Item Title: Upbeat & Fun Sports Rock Logo
- Item URL: https://elements.envato.com/upbeat-fun-sports-rock-logo-CSR3UET
- Item ID: CSR3UET
- Author Username: AlexanderRufire
- Licensee: Marvin Bee
- Registered Project Name: IT Business Podcast
- License Date: January 1st, 2024
- Item License Code: 7X9F52DNML
=== Show Information
- Website: https://www.itbusinesspodcast.com/
- Host: Marvin Bee
- Uncle Marv’s Amazon Store: https://amzn.to/3EiyKoZ
- Become a monthly supporter: https://ko-fi.com/itbusinesspodcast
[Uncle Marv]
Hello friends, Uncle Marv's back with yet another IT Business Podcast here in Orlando at Zero Trust World 2025, getting close to the end of the day. So I've got a couple more interviews lined up here and I want to introduce a new friend that I found here, Slava Konstantinov, I was close, who is with ThreatLocker and specifically you are in charge of the Mac OS department there. So let me start with that because I assume that would mean that you just make everything work on the Mac platform, but it's really all the same stuff, right?
[Slava Konstantinov]
Yeah, I mean, we're talking about business logic of things like if we're talking ThreatLocker. So we have business logic, every operating system has their own executes, rewrites, like it's file system everywhere and elevation. So from the business standpoint, from like portal, ThreatLocker portal, web portal standpoint, it's all the same for the user.
The products are the same, but Mac is just a different kind of beast. It's now Windows, but yeah.
[Uncle Marv]
And what most of us as a Windows user has an issue with is when we go to deploy something on a Mac, it's got its own permissions that a lot of times we have to tell the user, can you please allow this and stuff? So how does that work?
[Slava Konstantinov]
Yeah, so basically it's a trade-off between privacy and security, because so they want to make Macs more secure because as far as on Windows, any app can have access to camera, for example, right? You don't need permission for that. On the Mac, you have to ask, any app does not allow to use anything, like even having a disk access, it's called full disk access, they're not allowed to do that.
So it's painful for the enterprise standpoint, I know that, I've been through that a lot, but if they use like MDM, for example, a managed device, yeah, so you can do it automatically.
[Uncle Marv]
Okay, I'll have to look at that, because I've got a few Macs and I haven't mastered the automatic pull-out stuff. Okay, let's go back a little bit, because I want to get your history, because I'm assuming that Mac wasn't a part of the original ThreatLocker landscape, so how did you, what were you doing before and then how did you become involved with ThreatLocker?
[Slava Konstantinov]
I mean, I've been Mac dev for, I don't know, like six, seven, I don't remember how many years, yeah, but I used to be dev, security dev for Windows too, I used to write drivers and like, it was different kind of, for AVs, for protections, custom files, it was like completely different scope, because I worked at the outsource company and we used to work with a lot of other companies around the world, so I've done a lot of projects on Windows, but I've never been a Windows guy, I mean, I was back in the day, but the problem is...
[Uncle Marv]
You tolerated us, is what you're saying.
[Slava Konstantinov]
No, no, no, no, I wasn't back at your camp, basically, but the problem I had, I had, when I was back in school or like starting like university, I had so many friends having Windows problems and everyone keep asking me to help them and they had viruses, they had a lot of things and it just didn't work, I mean, if you set it up properly, if you use it properly, it will work, but users tend to do a lot of crazy things with their computers, so I probably got PTSD from that, I was like, I just can't do it anymore and it was back in the day, I remember this Mac versus PC like ads and they said like, oh, Mac doesn't have any viruses and I, obviously it does, but yeah, I believed that, I was young, so basically I switched to Mac and it was pretty seamless experience and after that, I just loved that and also I've been doing like a little bit like as a hobby, music, so I've been using music software.
[Uncle Marv]
And there you go, Apple is better with music, I hear.
[Slava Konstantinov]
Yes, yes, I mean, Windows is good too, I mean, I've seen a lot of...
[Uncle Marv]
Yeah, but Windows doesn't have GarageBand.
[Slava Konstantinov]
Yeah, I mean, for home, but for professional, I've never been professional, but I work with my friends who are professional musicians, so you can do the same things on Windows.
[Uncle Marv]
Let me ask, okay, so being in the podcast space, I see a little bit of those applications and stuff, so which applications were you using music-wise for the Apple platform?
[Slava Konstantinov]
Mostly like Logic Pro, that was my favorite, but it was Pro Tools, it was Cubase, so Pro Tools and Cubase available on Windows.
[Uncle Marv]
Yeah, I saw that, that's why I looked at that, but the others were a little pricey.
[Slava Konstantinov]
Yeah, so basically, that's how I ended up with Macs and I've worked with Windows, but I just like, I tried to move away from it because I had Mac at home and I was like, you know what, I just want to use the same platform everywhere. This is just my thing, maybe, because like ThreatLocker, I mean, we have Mac product, it's getting better and better, we had our problems before, but like, it's more Windows-centric, I mean, they started as a Windows platform, and Danny, our CEO, he hates Macs, he loves the product. I wasn't going to say that.
Oh, everyone knows that. He keeps picking on Macs all the time. So yeah, and we're basically, sometimes I'm helping with Windows stuff just a little bit, but I'm more Mac-focused.
[Uncle Marv]
Alright. So, did you start in Mac dev? I mean, because I can't imagine anybody starting in dev work, I mean, is that what you studied in school?
[Slava Konstantinov]
I mean, I was just curious how it works. So back in the day with Windows, my friends, they had a lot of viruses, too. And it was not even just viruses, it was some small things like, you know, I forgot how it's called.
[Uncle Marv]
Driver incompatibilities? No, Adware.
[Slava Konstantinov]
Adware, yeah. Yeah, Adware. I haven't seen it, like, I mean, it's still there, but I haven't seen it recently.
So Adware, and so the different browsers, different, like, custom, like, default browsers. So they, and I wrote a tool to remove all of it because I knew there was the same things all over again. So I wrote a tool just to remove it.
So that's how I started, like, to be in cyber, and it wasn't cybersecurity, but I just, I hated that. I was like, I hate doing the same thing over and over again.
[Uncle Marv]
Right.
[Slava Konstantinov]
So I wrote a tool that cleaned that up, basically.
[Uncle Marv]
Okay, very nice. And what was it that brought you to ThreatLocker?
[Slava Konstantinov]
Yeah, so they needed a Mac guy, they wanted to start, yeah, yeah, yeah, and no one wanted to get involved. So yeah, they hired me to do the POC. So because Mac is a different kind of, so if, for example, on Windows, you can have drivers.
On a Mac, you're not allowed to do that anymore. Right. Yeah.
So it's harder to implement things for Mac, from my, from developer standpoint. So they hired someone to do the, to do that work, dirty work. Yeah.
Yeah. So I was the one, so I started with POC, and just after that, we just grew and grew, and we have almost all of the products on Mac that we have on Windows, except we don't have Detect yet. It's coming pretty soon.
[Uncle Marv]
I mean, that's still kind of relatively new. It's what, two, two years old?
[Slava Konstantinov]
Three years since POC. Okay. So, but yeah, it's two years, I would say.
[Uncle Marv]
What about the other products that they announced today, in terms of the M365 cloud?
[Slava Konstantinov]
That's a cloud thing, yeah.
[Uncle Marv]
The user control.
[Slava Konstantinov]
Yeah, so web control.
[Uncle Marv]
Oh, user store, I'm sorry.
[Slava Konstantinov]
Oh, user store, it's going to work on Mac, too.
[Uncle Marv]
Okay.
[Slava Konstantinov]
And they have web control. So web control is coming on Mac. So basically, we need to support Safari.
It's the only, because we use Chromium extension, it's going to be Edge extension, Firefox. So I've implemented the Safari extension part, obviously implemented in the agent itself.
[Uncle Marv]
Okay.
[Slava Konstantinov]
Yeah. So then Insights, it's coming a little bit later. It's not hard to implement at all, but I just need time, because we're trying to keep up with Windows.
And there's also third, patch management.
[Uncle Marv]
Patch management, yeah.
[Slava Konstantinov]
Yeah, so it's coming, too. Okay.
[Uncle Marv]
How many people are on your team now?
[Slava Konstantinov]
So now, we have a pretty small team now. So we have like three people. I mean, it's just devs.
We're growing. So I started alone a couple of years ago, three years ago.
[Uncle Marv]
How long did you do it alone?
[Slava Konstantinov]
I don't remember, but around a year, probably. Maybe, yeah, maybe. So they weren't sure about Mac.
[Uncle Marv]
Did they stick you in like a little corner closet and say, hey, go figure this out?
[Slava Konstantinov]
No, no. Actually, I have my guy in the company, Rob. You met him?
[Uncle Marv]
Rob, yeah.
[Slava Konstantinov]
Yeah, so Rob, he's the Mac guy.
[Uncle Marv]
Oh, I didn't know that.
[Slava Konstantinov]
Yeah, yeah. He's an Apple guy, so he's my guy.
[Uncle Marv]
We didn't talk about that. Okay.
[Slava Konstantinov]
So he's on my side. Okay. All right.
You can say dark side.
[Uncle Marv]
I'm not saying anything there. All right. Now, when I was told that you might be somebody to interview, one of the things that popped up was that you are involved with cybersecurity as it relates to nation states.
[Slava Konstantinov]
Yes, yes.
[Uncle Marv]
Okay. Is there stuff that you can legally talk about?
[Slava Konstantinov]
I mean, not all the stuff I can talk about, obviously. But so what I can say, so there's state actors, APT groups. Basically, they try to breach into your system.
So what they want to be, they want to stay there. So this is the basic part. It doesn't matter, Mac, Windows, Linux.
So they want to breach into your system and stay there for as long as they can. And at some moment when they need something, they just kind of steal data or break something. Like if we're talking about infrastructure, they can break things.
Right. Like China, I mean, North Korea, actually, they try to do that. So there's a lot of things.
I can't talk about specific stuff.
[Uncle Marv]
Can you give an approximate percentage of how much of the attacks we have to worry about are coming from foreign states? I mean, they're more sophisticated. Well, they're government funded, for one.
[Slava Konstantinov]
Yes, yes, yes. I mean, sometimes they try to reach as many people as they can, but usually they're more sophisticated, targeted people. It's growing.
[Uncle Marv]
It's growing, okay.
[Slava Konstantinov]
Yes, it's growing. I can't say it's everywhere, obviously. But if you're critical infrastructure, if you're government or something like that.
[Uncle Marv]
They're coming after you. Yes, yes. All right.
Now, let me ask this question and see if this works. My guess is a lot of them try to implant themselves here in the U.S. in either a data center and stuff so that they don't think we're looking in our own backyard. So we're in our firewalls, in our DNS.
We're blocking China. We're blocking Korea. We're blocking all the stands.
But if they get a foothold in a data center in the U.S., we may overlook that. Is that happening?
[Slava Konstantinov]
Yes, yeah. I mean, they usually use zero-day vulnerabilities. Basically, that hasn't been discovered or patched yet.
So they reach into your system and try just lurking in and waiting for something. Or they can steal something and just clean themselves up. So you never know that they've been there.
[Uncle Marv]
Okay. All right. Any tips or tricks that you can give to us out here outside of using the ThreatLocker products?
But anything else that we could be looking for?
[Slava Konstantinov]
I mean, obviously, just harden your security. I mean, not ThreatLocker-wise. Just look at your settings, firewalls.
It doesn't matter. Windows Defender, for example. Or in the macOS, enable all of the protections that you have.
This is my first tip. Obviously, if you're an organization, do some trainings. It doesn't help all the time, obviously.
[Uncle Marv]
Right.
[Slava Konstantinov]
But honestly, for me, now, zero trust is a pretty good security model. Because no one can run anything except if you're not allowed. So from that perspective, I haven't thought about that much before joining ThreatLocker.
But now I can see how, because we've seen a lot of data. A lot of people try to run some weird things on their computers and try to get approval. So they need to request to run something.
So we've seen some weird things.
[Uncle Marv]
Okay. And I'll ask this question to kind of wrap us up here. How hard has it been to hold on to information until it was announced today?
Was there a lot of stuff that you knew about but couldn't say anything?
[Slava Konstantinov]
Yeah, but it wasn't hard for me. I'm not super public.
[Uncle Marv]
Because you're in a corner somewhere. Okay. All right.
So you've been with them three years. Have you been to all the previous Zero Trust Worlds? Previous one.
Okay.
[Slava Konstantinov]
I was here. I was just watching.
[Uncle Marv]
Okay.
[Slava Konstantinov]
I didn't do anything.
[Uncle Marv]
But now you're more active because you're here being interviewed by me. Yeah. So that means you're pretty out there.
[Slava Konstantinov]
Yes, yes. Obviously, I want to talk about Macs. Red Locker want to talk about Macs.
Because people tend to think they're more secure. And in some ways, they are. But in some ways, there's nothing perfect.
And I made a demo on a Mac to see if you have any just regular app, whether we can bypass some Mac security. Apple patches it all the time. Okay.
So what I showed, they already patched that. But you don't know what's going on there. Zero days.
Same Windows. It doesn't matter. I mean, variabilities are everywhere.
There is no perfect OS.
[Uncle Marv]
Right.
[Slava Konstantinov]
You can't have Linux. It's not perfect too.
[Uncle Marv]
Well, and that's more open source. So there's a lot more room for finding things. Yeah, that's true.
All right. All right. Well, Slava, thank you very much for stopping by.
And I'm going to try your name one last time. Konstantinov.
[Slava Konstantinov]
Yes, correct.
[Uncle Marv]
Boom. So it was nice to meet you. Thanks for coming.
I know it's been a long day.
[Slava Konstantinov]
Yeah.
[Uncle Marv]
But enjoy and have fun at the party tonight.
[Slava Konstantinov]
Thank you. You too. All right.
[Uncle Marv]
See you there. All right, folks. That's going to do it.
We'll see you soon. Signing off here from Orlando, Florida. Zero Trust World.
Holla. Bye. Bye.
