Attendees
Guest: Eliav Gnessin
Guest title: CTO
Company: DeviceTone
Abstract
IOT present one of the hottest topics in the industry today. In this episode we talk with Eliav Gnessin, CTO for DeviceTone, about securely engineering IOT solution end to end. During the episode Eliav guides us through IOT journey starting from the chipset of the device itself and all the way up to the IOT cloud based management. Eliav will explain about different implementations consideration, latest developments in the market and the efforts made by chipmakers & cloud provider to create more secure IOT.
Timing
0:00 |
Intro and introducing Eliev and DeviceTone |
2:05 |
Why is it so hard to built secure IOT solutions? |
9.00 |
How to properly build an IOT solutions: the technology angle |
18:50 |
How to properly build an IOT solutions: the people angle |
22.40 |
How to properly build an IOT solutions: the process angle |
28:10 |
Doing over-the-air updates |
31:40 |
The different approaches to IOT coming from the cloud providers |
38.20 |
Tips to IOT developers |
Attendees Guest: Evgeny Zislis Guest title: CTO Company: ProdOPS Abstract Over 90% of IaaS/PaaS security incidents happens on consumer fault. Cloud platforms are complicated, with steep learning curve and it is easy to make mistakes. In this podcast, we talk with Evgeny Zislis, CTO for ProdOPS about the common IaaS/PaaS security mistakes and misconfigurations, categorize them and talk about measures to reduce those mistakes and identify them on time. Timing: 0:00 – 2:10 - intro and introducing our guest 2:10 - 31:05 - What are the common cloud misconfiguration and mistakes Improper security group configuration Object storage negligence - open buckets on s3 Insecure storing of API/Access Keys - config file in open Github repo is not the best place to store access keys Vulnerable servers exposed (exposing your 5 years old, not updated linux server is not recommended) Fail to segregate different services into different accounts / vpc / subnets Everyday use of root account and relying on one account only 31:05 - 34:20 Avoiding cloud misconfigurations: the process angle 34:20 - 38:33 Avoiding cloud misconfigurations: the people angle 38:33 - 49:00 Avoiding cloud misconfigurations: the technology angle 49.00 – 52:00 Summary and conclusions ...
Attendees Guest: Vladi Sandler Guest title: Cloud Security team leader Company: cymotive.com Abstract Gaining trust and developing awareness with customers is one of the hardest challenges for providers. It is almost an art. In this episode we talk with Vladi Sandler from Cymotive about creating healthy relationships with customers and how a mixture of personal awareness and technical proficiency are crucial in the customer-provider relationships. Timing: 0:25 introducing our guest 03:30 Introducing Cymotive 5:55 Cymotive challenges with their market targets 10:10 relevant Security teams for protecting automotive 11:50 The concepts of car security 13:55 Challenges when creating trust - The people angle 17:48 Challenges when creating trust - The process angle 22:00 Challenges when creating trust - The technology angle 27:50 Summary and final words ...
Attendees Guest: Yoad Dvir Guest title: Security Lead, Central and Eastern Europe Company: Microsoft Abstract Microsoft security portfolio has been growing and diversifying in the last couple of years, adding more capabilities at various areas of information security. In order to better understand Microsoft strategy and offering, we talked with Yoad Dvir, Cyber Security Lead at Microsoft, about the Microsoft new security pillars: Monitoring, Threat Protection and Information Protection. Timing: 0:00 - Introducing our guest 5:45 - Introducing Microsoft security strategy 12:50 - Security monitoring pillars - Azure monitor, Sentinel, Azure analytics and more 21:10 - Microsoft Threat Protection family - Cloudapp, O365 ATP, Defender ATP, Azure ATP 30:50 - diving deeper into Cloudapp 35:30 - Microsoft Information Protection 44:00 - summary and last words ...