Attendees
Guest: Guy Flechter
Guest title: CISO
Company: AppFlayer
Abstract
One of the biggest challenges facing software companies is how to make sure security policies are enforced across the development cycle without holding R&D ability to innovate. In this episode, Guy Flechter, CISO for Appsflyer, will elaborate on the way he is providing R&D guidelines and support while keeping them motivated and committed to security.
Timing
0:00 |
Intro and introducing Appsflyer and its digital business |
10:29 |
Understanding Appsflyer underlying technology and security challenges |
14:20 |
“We came in peace” Building security foundation at Appsflyer - understanding Guy’s methodology |
19:55 |
the people angle: Building the right team and how to work efficiently with R&D team. |
27.40 |
The technology angel: How to make sure developers don’t need security in everyday life, but they are still on the right tracks |
37.10 |
The process angel: building developers autonomy |
40.25 |
Summary and conclusion |
Attendees Guest: Ohad Maislish Guest Title: Co-Founder & CEO Company: env0 Abstract Infrastructure as code is one of the most interesting technologies in the market. It enables organizations to deploy heavy workloads within seconds and avoid risky configuration mistakes. In this episode, we talked with Ohad Maislish, Co-Founder and CEO at env0, about infrastructure as code technology, how and where it is being used, and how env0 helps organizations to better utilize this technology. Timing 0:00 introducing our guest 2:26 What is infrastructure as a code 10:16 Examples for practical deployment of IaaC 13:55 How IaaC is helping governance 19:20 IaaC behind the scenes 25:18 IaaC in a multi-cloud environment 28:40 Summary and last words ...
Attendees Guest: Nir Valtman Guest title: Product security lead Company: Finastra Abstract Fintech companies drive cloud security forward by setting the highest bar of requirements on cloud providers. In this episode we talk with Nir Valtman, Product security leader at Finastra about the challenges of Fintech companies and dive into API Authentication and Authorization best practices and building eco-system that can support trust between banks and young fintech companies. Timing 0:00 Intro and introducing our guest 2:40 Introducing Finastra and the challenges of traditional banks with modern fintech. 4.50 Building API platforms for banks. Challenges, security considerations and solutions. 8:45 Creating trust between banks and fintech companies - validating applications end to end security from the fintech to the banks. 12.30 Authenticating & Authorizing API requests on banking platforms. Methods, challenges and common use cases 19:30 Detecting anomalies detection and analyzing API’s on top of cloud platforms 25:35 The challenges of application secret management with partners 28.25 Tips for fintech companies ...
Attendees Guest: Dima Revelis Guest title: Senior Devops engineer Company: MoonActive Abstract DevsecOps is accelerating fast as the new buzzword for modern information security practices. In this episode we use the expertise of Dima Revelis in order to dive deep into understanding DevOps practices, what is CI/ CD pipeline and which security tools are relevant for all of those new practices. Timing: 0:00 - Introducing our guest 2:50 - What is devops 7:50 - What is deployment pipeline 14:20 - What is CI and which security testing can be implemented 17:20 - What is CD and which security consideration 18:40 - Dive deeper into security testing - QA, code review, static & dynamic analysis 20:45 - So much automation, do we still need manual testing? 22:30 - Additional security aspects: using Jenkins, authentication and authorization, secret management 26:40 - Availability considerations and disaster recovery 33:30 - Summary and final words ...