Attendees Guest: Gadi Naor  Guest Title: VP Software Engineering, Cloud Security @ Rapid7 Topic: Cloud Native Security Foundations Abstract Lately, The CNCF (Cloud Native Computing Foundation) released the cloud native security whitepaper: the first release of security guidelines for organizations who adopt cloud native approaches. In order to better understand the guidelines, we hosted Gadi Naor, VP Software Engineering, Cloud Security @ Rapid7, and co-author of the guidelines, for a conversation about what is cloud native security and why & how organizations should adopt this approach. ...

Attendees Guest: Tzachi Zornstain Guest Title: Co-Founder & CEO, Dustico Topic: Software Package Dependencies Attacks Abstract Supply chain and software dependencies attacks are becoming more popular, and organizations are having a hard time coping with those types of vectors. In this episode, we spoke with Tzach Zornstain, Co-Founder at Dustico, about the difference between malicious software and vulnerable software, and how organizations should use 3rd party software for the development of their own applications securely. ...

Attendees Guest: Yinon Costica Guest title: VP Product  Abstract Wiz is the new star in the cloud security market, founded by veterans with a proven record and raised over $100M in less than a year of operations. In this episode, we talked with Yinon Costica, Co-Founder and VP Product at Wiz, about cloud security challenges, how is Wiz different from others, and how are they going to disrupt the market.  ...

Sponsored By:   ‍‍ Attendees Guest: Malgorzata (Gosia) SteinderGuest title: CTO of Hybrid Cloud Research. IBM researchTopic: Compliance automation and zero trust containers   Abstract Continuous monitoring, containers, zero trust, confidential computing - those are all examples of technologies that will be the main focus in the upcoming years. In this episode, we hosted Malgorzata (Gosia) Steinder, CTO of Hybrid Cloud Research at IBM, who provided her vision on how all those technologies mentioned above, should be integrated into highly secure applications deployments.   Links:  NIST OSCAL standard: https://pages.nist.gov/OSCAL/ Automated compliance Open Source tool  by IBM  https://github.com/IBM/compliance-trestle Security monitoring open source tool by IBM:  https://www.ibm.com/blogs/research/2020/01/sysflow/ workload identity: https://developer.ibm.com/solutions/security/articles/protecting-data-using-secret-management-trusted-service-identity/     ...

Attendees Guest: Assaf Keren Guest Title: VP, Enterprise Cyber Security Company: PayPal Abstract PayPal is one of the most interesting organizations in the world in terms of security. The combination of online presence with the unique line of business is making PayPal one of the most secure hi-tech companies and one of the most innovative financial institutions.  In this episode, we hosted Assaf Keren, VP of enterprise cyber security, for a discussion about PayPal’s cloud journey from traditional on-premise to the multi-cloud / multi-locations giant they are now, and how COVID-19 is changing Paypal’s digital journey with their customers & employees.     ...

Attendees Guest: Asaf Hecht  Guest Title: Security research team leader Company: CyberArk  Abstract With the growth of cloud services, more knowledge is gathered on vulnerabilities and misconfigurations in cloud infrastructure. A great deal of this knowledge is coming from cloud security researchers. In this episode, we host Asaf Hecht, Security research team leader At Cyberark, for a conversation about cloud security research and the vulnerabilities they disclose are various cloud vendors.  ...