Claim OwnershipDevSec For Scale from Akeyless
Подписка оформлена: 3Воспроизведенные: 4
Подписаться
© Copyright 2022 All rights reserved.
Описание
InfoSec. AppSec. DevSecOps. Network Security.
Should companies be talking about these subjects only when they are a large organization? NO!
Should security be a priority for every company, no matter the size? YES!
According to a study by BullGuard study in 2020, 43% of SMB owners have no cybersecurity defense plan in place at all – leaving their most sensitive financial, customer and business data, and ultimately their companies, at significant risk.
Many startup and SMB companies will admit that security is not on their list of top 3 things to think about.... maybe even top 5.
This podcast will bring experts, authors, and practitioners from all areas of the the security ecosystem to discuss best practices and better ways for small companies to protect their data and networks.
Should companies be talking about these subjects only when they are a large organization? NO!
Should security be a priority for every company, no matter the size? YES!
According to a study by BullGuard study in 2020, 43% of SMB owners have no cybersecurity defense plan in place at all – leaving their most sensitive financial, customer and business data, and ultimately their companies, at significant risk.
Many startup and SMB companies will admit that security is not on their list of top 3 things to think about.... maybe even top 5.
This podcast will bring experts, authors, and practitioners from all areas of the the security ecosystem to discuss best practices and better ways for small companies to protect their data and networks.
36 Episodes
Reverse
How do you manage infrastructure-as-code and keep it secure? And can you keep open source fully open?
In this episode, Ohad Maislish, Co-Founder and CEO at Env0 and OpenTofu Supporter discuss the evolution of infrastructure management, how OpenTofu started, and how to ensure security is baked into your code.
Check out Ohad's podcast, The IaC Podcast as well: https://www.theiacpodcast.com/
How do you ensure developers make the best security decisions when building their applications?
In this episode, Roy Avrahamy, Application Security Engineer at Akeyless Security gives us great insights into how to make sure your developers keep their minds on application security while still developing code at a fast pace. We discuss ideas about continuous learning, gamification, hackathons, and more.
Can cyber attacks and risk be managed by machines alone?
In this episode, Lidan Hazout, Risk & Fraud Detection Director at Transmit Security talks to us about how he is working to create Machine Learning algorithms to actually stop cybersecurity attacks before they even happen. We get into a lot of detail about how the algorithms decide good versus bad and what the more sophisticated types of attacks are out there.
If you're looking for the website Lidan mentions toward the end where you can practice your cyber skills, check out https://www.kaggle.com/.
Are you working on maturing your company's security?
In this episode of DevSec For Scale, we hear from Raz Probstein, Solution Engineer at Jit, about the various methods companies have been using to up their security game. But one methodology stands out to both her and the company she works for, OWASP DSOMM.
DSOMM focuses on DevSecOps security. There are quite a few differences between DSOMM and other models, and Raz breaks down why you should consider DSOMM when leveling up security.
Check out Raz's slides from her recent talk about this topic at the OWASP AppSecIL 2023 conference: https://docs.google.com/presentation/d/1oI4n_YjXDIhshl8mgEJTlYFMI6UznZHKRsxvkmDvA2U/
Do you wish you could log into all your apps without passwords? Enter asymmetric cryptography.
In this episode, Mike Malone, CEO and Founder of Smallstep walks us through how we got to where we are with password and secrets management and offers us ideas about how to change the way we think about credential security.
How do you actually get started managing secrets?
In this episode of DevSec For Scale, we are joined by Jeroen for a third time to discuss the real ins and outs of getting started with secrets management. We talk about threat modeling, CI/CD, and even multi-cloud secrets management.
What challenges are there with observability in modern microservices environments?
Yosef Arbiv, Engineering Group Leader at Epsagon (Acquired by Cisco), joins the podcast to discuss observability best practices as well as the Open Telemetry project and how observability impacts the overall security health of an organization.
In this episode of DevSec For Scale, we follow up our previous episode with some really great information about how the OWASP WrongSecrets project came about and how they manage everything, as well as how users can join and help with fixes, add challenges, and features. Jeroen also discusses the future of the project.
To learn more, go to https://owasp.org/www-project-wrongsecrets/ or star the repo at https://github.com/commjoen/wrongsecrets/.
How do you approach E2E and Integration testing in the new and complex world of Kubernetes and multi-cloud environments?
Arjun Iyer, CEO & Co-Founder of Signadot joins the podcast for a very interesting and informative episode on how testing needs to shift left as we rapidly grow our development environments to the latest and greatest in infrastructure orchestration and application security.
What is the importance of Secrets Management and how has it evolved to where it is now?
In this episode of the DevSec For Scale podcast, Jeroen Willemsen, one of two project leads for the OWASP WrongSecrets project, gives us a short history of secrets management in the OWASP universe and goes into how he sees the future of secrets in the enterprise.
Check out the WrongSecrets Project: https://owasp.org/www-project-wrongsecrets/
What's it like to go from a DevOps engineer in large organizations with expert security engineers, to a small startup that requires you to be the security engineer?
In this episode, Gil Zellner, Infrastructure Lead at HourOne.ai talks about his personal experience being thrown into the deep end of security as a developer. He discusses some of the changes he had to make on his journey from companies like Oracle, AppsFlyer, and Wix to his current early stage employer.
Gil also brings some interesting stories about things he has learned becoming a de facto security engineer.
How has threat modeling evolved and how can security help make it easier for developers to implement that practically into their code?
In this episode, Maran Gunasekaran, Principal Security Consultant at Practical DevSecOps gives us a rundown of what threat modeling used to mean and how developers can translate threat models into actual threat modeling as code. He also offers real-world examples of how security and developers align on threat modeling when shipping code.
Why do security teams and developers clash, and how can we ensure there is better collaboration between them?
In this episode, Ravid Circus, Co-Founder & CPO at Seemplicity talks about his experience with security teams and how their requests are handled by the development teams. He also gets into how security teams should track progress and handle backlogs based on priorities.
Why is there still friction between Dev and Sec? How can we bridge that gap better?
In this episode, Duane Gran, Corporate Director of Information Security at Converge Technology Solutions dives into how he has seen developers and security butt heads and about his personal journey from dev to sec.
Duane offers great advice on getting developer buy-in and making sure security and dev tasks are more aligned.
Is there a simple way to detect and manage ransomware attacks?
In this episode, Greg Edwards, CEO of CryptoStopper introduces us to the evolution and basics of ransomware as well as how to get better at detecting sophisticated attacks, such as file-less ransomware, before they can damage your system. He also gives us insights into how developers can ensure they aren't the reason for a ransomware attack through vigilance and preparation.
If you've ever worked with containers, or specifically Kubernetes, you are probably familiar with the basics of cluster configuration. But are you ensuring your clusters are secured properly?
In this episode, Rotem Refael, Director of Engineering at ARMO elaborates on a research study that the company did by scanning tens of thousands of repos to find out if the most obvious security configurations are being adhered to, as well as the more advanced ones.
Interestingly enough, they found that 100% of the clusters had at least one misconfiguration. We dive into some of the most frequent misconfigurations Rotem has come by and discuss how this happens and how it can be prevented.
Are development environments important enough for us to even care about securing? The answer is a resounding yes.
In this episode, Guy Flecther, CEO & Co-Founder of Cider Security goes in-depth into why security is not just a requirement for production, but also development environments. And development environment security also has an impact on the rest of the organization being that we're seeing most teams are using DevOps methodologies.
Guy also talks about how to increase visibility into those environments and mitigate risk.
How do you ensure secure development while maintaining the release velocity of your applications?
In this episode, Harshit Chitalia, CTO & Founder at Tromzo, talks with me about his recent research study where he asked over 400 developers about their biggest Application Security challenges.
We get into some of the interesting findings of the report and also discuss how vulnerabilities are found and fixed as well as tooling developers can use to do just that.
--
State of Modern Application Security: https://www.tromzo.com/resources/state-of-modern-application-security
Voice of the Modern Developer Research: https://www.tromzo.com/resources/voice-of-the-modern-developer
Whether it's leaving a database on a public IP or waiting to put proper VPN access in place, there are many security issues startups can sometimes fall victim to.
In this episode, Dan Yelovitch, Chief DevOps Architect at develeap, wows us with stories about actual clients he works with that have made mistakes that have been costly. We learn about the problem, fixes, and ways to ensure your small organization can install automation and cultural practices to stay more secure.
What are best practices for protecting your production pipeline?
In this episode, we welcome Zan Markan, Senior Developer Advocate at CircleCI to talk about how he looks at basic security aspects related to continuous deployment as well as common configuration issues that come up. We also discuss code and dependency scanning as well as policy enforcement.
---
Follow Zan at:
https://twitter.com/zmarkan
https://circleci.com
https://twitter.com/circleci
Комментарии
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
Загрузить из Google Play
Загрузить из App Store
United States