SilverLining IL

The podcast for Security Architecture Hosted by Moshe Ferber and Ariel Munafo. The world of software development has changed rapidly in the last years due to various factors – Cloud Computing, Digital Transformation, CI/CD & ...more

Hosted by

Latest Episodes

37

April 13, 2021 00:27:16
SilverLining Episode 37: Software Package Dependencies Attacks

SilverLining Episode 37: Software Package Dependencies Attacks

Attendees Guest: Tzachi Zornstain Guest Title: Co-Founder & CEO, Dustico Topic: Software Package Dependencies Attacks Abstract Supply chain and software dependencies attacks are becoming more popular, and organizations are having a hard time coping with those types of vectors. In this episode, we spoke with Tzach Zornstain, Co-Founder at Dustico, about the difference between malicious software and vulnerable software, and how organizations should use 3rd party software for the development of their own applications securely. ...

Listen

36

March 09, 2021 00:30:44
Episode 36: Wiz

Episode 36: Wiz

Attendees Guest: Yinon Costica Guest title: VP Product  Abstract Wiz is the new star in the cloud security market, founded by veterans with a proven record and raised over $100M in less than a year of operations. In this episode, we talked with Yinon Costica, Co-Founder and VP Product at Wiz, about cloud security challenges, how is Wiz different from others, and how are they going to disrupt the market.  ...

Listen

35

February 24, 2021 00:33:05
Episode 35: Compliance Automation and Zero Trust Containers

Episode 35: Compliance Automation and Zero Trust Containers

Sponsored By:   ‍‍ Attendees Guest: Malgorzata (Gosia) SteinderGuest title: CTO of Hybrid Cloud Research. IBM researchTopic: Compliance automation and zero trust containers   Abstract Continuous monitoring, containers, zero trust, confidential computing - those are all examples of technologies that will be the main focus in the upcoming years. In this episode, we hosted Malgorzata (Gosia) Steinder, CTO of Hybrid Cloud Research at IBM, who provided her vision on how all those technologies mentioned above, should be integrated into highly secure applications deployments.   Links:  NIST OSCAL standard: https://pages.nist.gov/OSCAL/ Automated compliance Open Source tool  by IBM  https://github.com/IBM/compliance-trestle Security monitoring open source tool by IBM:  https://www.ibm.com/blogs/research/2020/01/sysflow/ workload identity: https://developer.ibm.com/solutions/security/articles/protecting-data-using-secret-management-trusted-service-identity/     ...

Listen

34

February 08, 2021 00:49:02
Episode 34: PayPal cloud journey

Episode 34: PayPal cloud journey

Attendees Guest: Assaf Keren Guest Title: VP, Enterprise Cyber Security Company: PayPal Abstract PayPal is one of the most interesting organizations in the world in terms of security. The combination of online presence with the unique line of business is making PayPal one of the most secure hi-tech companies and one of the most innovative financial institutions.  In this episode, we hosted Assaf Keren, VP of enterprise cyber security, for a discussion about PayPal’s cloud journey from traditional on-premise to the multi-cloud / multi-locations giant they are now, and how COVID-19 is changing Paypal’s digital journey with their customers & employees.     ...

Listen

33

January 18, 2021 00:31:24
Episode 33: Researching Cloud Vulnerabilities

Episode 33: Researching Cloud Vulnerabilities

Attendees Guest: Asaf Hecht  Guest Title: Security research team leader Company: CyberArk  Abstract With the growth of cloud services, more knowledge is gathered on vulnerabilities and misconfigurations in cloud infrastructure. A great deal of this knowledge is coming from cloud security researchers. In this episode, we host Asaf Hecht, Security research team leader At Cyberark, for a conversation about cloud security research and the vulnerabilities they disclose are various cloud vendors.  ...

Listen

32

January 05, 2021 00:31:39
Episode 32: Understanding Infrastructure as Code and How to Use it Effectively

Episode 32: Understanding Infrastructure as Code and How to Use it Effectively

Attendees Guest: Ohad Maislish  Guest Title: Co-Founder & CEO  Company: env0 Abstract Infrastructure as code is one of the most interesting technologies in the market. It enables organizations to deploy heavy workloads within seconds and avoid risky configuration mistakes. In this episode, we talked with Ohad Maislish, Co-Founder and CEO at env0, about infrastructure as code technology, how and where it is being used, and how env0 helps organizations to better utilize this technology. Timing 0:00 introducing our guest 2:26 What is infrastructure as a code 10:16 Examples for practical deployment of IaaC 13:55 How IaaC is helping governance  19:20 IaaC behind the scenes 25:18 IaaC in a multi-cloud environment 28:40 Summary and last words ...

Listen