Episode 5: Guard Rails And Not Gates – How R&D And Security Should Co-Exist Audio Player

Episode 5 July 25, 2019 00:53:07
Episode 5: Guard Rails And Not Gates – How R&D And Security Should Co-Exist Audio Player
SilverLining IL
Episode 5: Guard Rails And Not Gates – How R&D And Security Should Co-Exist Audio Player
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Guy Flechter

Guest title: CISO

Company: AppFlayer

Abstract

One of the biggest challenges facing software companies is how to make sure security policies are enforced across the development cycle without holding R&D ability to innovate. In this episode, Guy Flechter, CISO for Appsflyer, will elaborate on the way he  is providing R&D guidelines and support while keeping them motivated and committed to security.

 

Timing

0:00

Intro and introducing Appsflyer and its digital business

10:29

Understanding Appsflyer underlying technology and security challenges

14:20 

“We came in peace” Building security foundation at Appsflyer - understanding Guy’s methodology

19:55  

the people angle: Building the right team and how to work efficiently with R&D team. 

27.40

The technology angel:  How to make sure developers don’t need security in everyday life, but they are still on the right tracks

37.10

The process angel: building developers autonomy

40.25

Summary and conclusion

Episode Transcript

No transcript available...

Other Episodes

Episode 32

January 05, 2021 00:31:39

Episode 32: Understanding Infrastructure as Code and How to Use it Effectively

Attendees Guest: Ohad Maislish  Guest Title: Co-Founder & CEO  Company: env0 Abstract Infrastructure as code is one of the most interesting technologies in the market. It enables organizations to deploy heavy workloads within seconds and avoid risky configuration mistakes. In this episode, we talked with Ohad Maislish, Co-Founder and CEO at env0, about infrastructure as code technology, how and where it is being used, and how env0 helps organizations to better utilize this technology. Timing 0:00 introducing our guest 2:26 What is infrastructure as a code 10:16 Examples for practical deployment of IaaC 13:55 How IaaC is helping governance  19:20 IaaC behind the scenes 25:18 IaaC in a multi-cloud environment 28:40 Summary and last words ...

Listen

Episode 10

November 24, 2019 00:30:24

Episode 10: Securing The New Fintech Economy

Attendees Guest: Nir Valtman Guest title:  Product security lead Company:  Finastra Abstract Fintech companies drive cloud security forward by setting the highest bar of requirements on cloud providers. In this episode we talk with Nir Valtman, Product security leader at Finastra about the challenges of Fintech companies and dive into API Authentication and Authorization best practices and building eco-system that can support trust between banks and young fintech companies. Timing 0:00 Intro and introducing our guest 2:40 Introducing Finastra and the challenges of traditional banks with modern fintech.  4.50  Building API platforms for banks. Challenges, security considerations and solutions.  8:45   Creating trust between banks and fintech companies - validating applications end to end security from the fintech to the banks. 12.30 Authenticating & Authorizing API requests on banking platforms. Methods, challenges and common use cases 19:30 Detecting anomalies detection and analyzing API’s on top of cloud platforms 25:35 The challenges of application secret management with partners 28.25 Tips for fintech companies ...

Listen

Episode 24

August 19, 2020 00:37:14

Episode 24: Putting The Sec Into DevOps

Attendees Guest: Dima Revelis Guest title: Senior Devops engineer Company: MoonActive Abstract DevsecOps is accelerating fast as the new buzzword for modern information security practices. In this episode we use the expertise of Dima Revelis in order to dive deep into understanding DevOps practices, what is CI/ CD pipeline and which security tools are relevant for all of those new practices. Timing: 0:00 - Introducing our guest 2:50 - What is devops 7:50 - What is deployment pipeline 14:20 - What is CI and which security testing can be implemented 17:20 - What is CD and which security consideration  18:40 - Dive deeper into security testing - QA, code review, static & dynamic   analysis 20:45 - So much automation, do we still need manual testing?  22:30 - Additional security aspects: using Jenkins, authentication and authorization, secret management 26:40 - Availability considerations and disaster recovery 33:30 - Summary and final words ...

Listen