Episode 13: Creating Trust & Awareness

Episode 13 December 31, 2019 00:31:56
Episode 13: Creating Trust & Awareness
SilverLining IL
Episode 13: Creating Trust & Awareness
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Vladi Sandler

Guest title: Cloud Security team leader

Company: cymotive.com

Abstract

Gaining trust and developing awareness with customers is one of the hardest challenges for providers. It is almost an art. In this episode we talk with Vladi Sandler from Cymotive about creating healthy relationships with customers and how a mixture of personal awareness and technical proficiency are crucial in the customer-provider relationships.

Timing:

0:25 introducing our guest

03:30 Introducing Cymotive  

5:55 Cymotive challenges with their market targets

10:10 relevant Security teams for protecting automotive 

11:50 The concepts of car security

13:55 Challenges when creating trust - The people angle

17:48 Challenges when creating trust - The process angle

22:00 Challenges when creating trust - The technology angle

27:50 Summary and final words

Other Episodes

Episode 7

September 02, 2019 00:36:26
Episode Cover

Episode 7: Creating Trust in Cloud

Attendees Guest: Damir Savanović Guest title: Senior researcher Company: Cloud Security Alliance Abstract Creating trust is one of the major challenges for cloud providers and consumers, without trust customers will not be able to move workloads into cloud environments, but trust is a very elusive term that is hard to achieve. In  this episode we talk with Damir Savanović from the Cloud Security Alliance on how cloud providers and consumers can use certifications for increasing trust and how is CSA preparing to the new requirements of continuous monitoring that are arriving with the new EU cyber laws. Timing 0:00 Intro and introducing our guest and overview of Damir activities in the area of cloud security 5:40 Introducing Cloud Security Alliance activities and major projects (STAR and CCSK) 9.17  The true meaning of trust in cloud computing. Using attestation and certification for establishing trust 14:50   The difference between certification and attestation and the effect of the new EU cybersecurity law on compliance 17.50 Understanding CSA STAR methodology from self assessment to certification or attestation and continuous monitoring 24.20 Behind the scenes of continuous monitoring - the CSA STAR methodology  32.00 Summary and conclusions ...

Listen

Episode 22

August 03, 2020 00:32:39
Episode Cover

Episode 22: How To Do Add Open Source Code To Your Applications, Securely

Attendees Guest: Liran Tal Guest title: Developer Advocate Company:  Synk Abstract Open source software takes a big part in our daily lives, and also in our development environments. Many applications developers rely on open source libraries &  tools and integrating it into their code. This is a great improvement for developers allowing them to innovate quickly and efficiently. But all this good comes with a big responsibility - open source software should be carefully examined in order to make sure its reliability. In this episode we talk with Liran Tal from Synk about the growing importance of adding security evaluation of open source software in the development cycle. Timing:  0:00 introducing our guest 5:50 what is the challenge of open-source security 10:05 - open source security - the people angel 16:00 - open source security - the process angel 24:55 - open source security - the technology angel 29:42 summary and last words ...

Listen

Episode 18

August 02, 2020 00:38:08
Episode Cover

Episode 18: Testing Cloud Application

Attendees Guest: Bar Hofesh Guest Title:  Co-Founder Company:  Neurolegion Abstract Application security is among the hardest things to get right. In this episode we are talking with Bar Hofesh from Neurolegion about the world of automated security testing - what are the challenges, what are the different stages of integration and delivery and how to perform each stage correctly. Timing: 0:50 - introducing our guest 2:58 - the need to automate security testing - the challenge of developing faster 7:15 - so what is testing automation - describing the process - the code  integration stage 13:50  - security testing the packing and delivery stage 18:50 - testing live application stage 20:20 - appsec finding strategy - what do when found an alert 22:20 - Static analysis vs. dynamic analysis 24:58 - emerging technologies - RASP, IAST 30:50 - Is there still room for manual penetration testing? 34:05 - summary and last words ...

Listen