SilverLining IL

The podcast for Security Architecture Hosted by Moshe Ferber and Ariel Munafo. The world of software development has changed rapidly in the last years due to various factors – Cloud Computing, Digital Transformation, CI/CD & ...more

Hosted by

Latest Episodes

6

August 12, 2019 00:33:45
Episode 6: The Cloud Octagon Model Framework for Cloud Adoption

Episode 6: The Cloud Octagon Model Framework for Cloud Adoption

Attendees Guest: Olaf Streutker Guest title: CISO Advisor Company: ABN Amro Abstract The Cloud Octagon Model is a new framework for cloud adoption (mostly SaaS adoption). The model was designed in cooperation between ABN-Amro and the Cloud Security Alliance and assists organizations to identify, represent, and assess risks in the context of their cloud implementation across multiple factors by introducing a logical approach to holistically dealing with security aspects involved in moving to the cloud. Link to CSA Cloud Octagon Model: https://cloudsecurityalliance.org/artifacts/cloud-octagon-model/   Timing   0:00 Intro and introducing the guest and ABN Amro cloud adoption methodology 12:10 The evolution of the Cloud Octagon Model and basic concepts 11:28  How ABN-Amro are dealing with IaaS/PaaS vs. SaaS 15:30 The different phases of the Cloud Octagon Model: Classification 20.30 Core banking applications in the cloud 24.20 The different phases of the Cloud Octagon Model 31.20 Summary and conclusions   ...

Listen

5

July 25, 2019 00:53:07
Episode 5: Guard Rails And Not Gates – How R&D And Security Should Co-Exist Audio Player

Episode 5: Guard Rails And Not Gates – How R&D And Security Should Co-Exist Audio Player

Attendees Guest: Guy Flechter Guest title: CISO Company: AppFlayer Abstract One of the biggest challenges facing software companies is how to make sure security policies are enforced across the development cycle without holding R&D ability to innovate. In this episode, Guy Flechter, CISO for Appsflyer, will elaborate on the way he  is providing R&D guidelines and support while keeping them motivated and committed to security.   Timing 0:00 Intro and introducing Appsflyer and its digital business 10:29 Understanding Appsflyer underlying technology and security challenges 14:20  “We came in peace” Building security foundation at Appsflyer - understanding Guy’s methodology 19:55   the people angle: Building the right team and how to work efficiently with R&D team.  27.40 The technology angel:  How to make sure developers don’t need security in everyday life, but they are still on the right tracks 37.10 The process angel: building developers autonomy 40.25 Summary and conclusion ...

Listen

4

July 09, 2019 00:39:27
Episode 4: Kubernetes On Steroids

Episode 4: Kubernetes On Steroids

Attendees Guest: Demi Ben Ari Guest title: CTO Company: Panorays Abstract K8 is rapidly becoming the leading orchestration tool and infrastructure for many companies applications. K8 bring tremendous advantages, provide operations with flexibility and enabling multi cloud deployments. But with all that good there are also challenges. In this podcast we talk with Demi Ben Ari, Founder and R&D at Panorays, A saas company that deployed K8 as infrastructure for fleet of scanners and crawlers. Demi will share his experience with the platform and steps he took in order to utilize most benefits from K8. ...

Listen

3

June 24, 2019 00:51:19
Episode Cover

Episode 3: Cloud Configuration Pitfalls

Attendees Guest: Evgeny Zislis Guest title:  CTO Company:  ProdOPS Abstract Over 90% of IaaS/PaaS security incidents happens on consumer fault. Cloud platforms are complicated, with steep learning curve and it is easy to make mistakes. In this podcast, we talk with Evgeny Zislis, CTO for ProdOPS about the common IaaS/PaaS security mistakes and misconfigurations, categorize them and talk about measures to reduce those mistakes and identify them on time.  Timing: 0:00 – 2:10 - intro and introducing our guest 2:10 -   31:05 - What are the common cloud misconfiguration and mistakes  Improper security group configuration Object storage negligence - open buckets on s3 Insecure storing of API/Access Keys - config file in open Github repo is not the best place to store access keys Vulnerable servers exposed (exposing your 5 years old, not updated linux server is not recommended) Fail to segregate different services into different accounts / vpc / subnets Everyday use of root account and relying on one account only 31:05 -  34:20  Avoiding cloud misconfigurations:  the process angle 34:20 -  38:33 Avoiding cloud misconfigurations:  the people angle 38:33 -  49:00 Avoiding cloud misconfigurations:  the technology angle    49.00 – 52:00 Summary and conclusions ...

Listen

2

April 22, 2019 00:33:27
Episode 2: Security Challenges Of Moving From Monolith To Micro-Services

Episode 2: Security Challenges Of Moving From Monolith To Micro-Services

Attendees Guest: Yuval Reut,  Guest title:  CIO & CISO  Company:  Riskified  Micro-services can bring enormous benefits into the organizations – giving flexibility and driving innovation. But Micro-services are also challenging from a security point of view. In this podcast, Yuval Reut, CIO & CISO for Riskified, will share his experience of moving an entire monolith application to a group of integrated micro services. Timing: 0:00 – 3:39 - intro and learning about Riskified 3:39 - 9:55 - CISO & CIO positions at SaaS startups 9:55 - 12:20 - moving from Monolith to Microservices – reasons for the move. 12:20 - 19:30 - technology challenges when moving to Micro services 19:30 - 25:00 - People challenges when moving to Micro services 25:00 – 29:35 - Process challenges when moving to Micro services        29.40 – 33:00 - Summary and conclusions ...

Listen

1

November 04, 2018 00:37:41
Episode 1: Security Challenges With The Growing World Of Serverless Functions

Episode 1: Security Challenges With The Growing World Of Serverless Functions

Attendees Guest: Ory Segal, Puresec Guest title:  CTO & Co-Founder at PureSec Company:  Puresec is the global leader in serverless architectures security.   Serverless functions are one the most interesting things that is happening in architecture of application development. With Serverless, application developers can stop worry about the underlying infrastructure and scalability of the application, but they must address other risks at application level. In this podcast we are interviewing Puresec CTO, Ory Segal , co-author of the top 12 risks to serverless applications   Timing 0:00 – 2:35 – intro 2:35 – 8:05 - what are Serverless functions 8:05- 12:20 - how Serverless is different (security wise) 12:20 -  19:40 - Serverless risks & threats 19:40 -  24:00 - common mistakes and misconfiguration with Serverless 24:00 – 29:30 - Serverless effect on people, process and technology 29:30 – 37:00 – Summary and conclusions ...

Listen