Guest: Vladi Sandler
Guest title: Cloud Security team leader
Gaining trust and developing awareness with customers is one of the hardest challenges for providers. It is almost an art. In this episode we talk with Vladi Sandler from Cymotive about creating healthy relationships with customers and how a mixture of personal awareness and technical proficiency are crucial in the customer-provider relationships.
0:25 introducing our guest
03:30 Introducing Cymotive
5:55 Cymotive challenges with their market targets
10:10 relevant Security teams for protecting automotive
11:50 The concepts of car security
13:55 Challenges when creating trust - The people angle
17:48 Challenges when creating trust - The process angle
22:00 Challenges when creating trust - The technology angle
27:50 Summary and final words
Attendees Guest: Damir Savanović Guest title: Senior researcher Company: Cloud Security Alliance Abstract Creating trust is one of the major challenges for cloud providers and consumers, without trust customers will not be able to move workloads into cloud environments, but trust is a very elusive term that is hard to achieve. In this episode we talk with Damir Savanović from the Cloud Security Alliance on how cloud providers and consumers can use certifications for increasing trust and how is CSA preparing to the new requirements of continuous monitoring that are arriving with the new EU cyber laws. Timing 0:00 Intro and introducing our guest and overview of Damir activities in the area of cloud security 5:40 Introducing Cloud Security Alliance activities and major projects (STAR and CCSK) 9.17 The true meaning of trust in cloud computing. Using attestation and certification for establishing trust 14:50 The difference between certification and attestation and the effect of the new EU cybersecurity law on compliance 17.50 Understanding CSA STAR methodology from self assessment to certification or attestation and continuous monitoring 24.20 Behind the scenes of continuous monitoring - the CSA STAR methodology 32.00 Summary and conclusions ...
Attendees Guest: Liran Tal Guest title: Developer Advocate Company: Synk Abstract Open source software takes a big part in our daily lives, and also in our development environments. Many applications developers rely on open source libraries & tools and integrating it into their code. This is a great improvement for developers allowing them to innovate quickly and efficiently. But all this good comes with a big responsibility - open source software should be carefully examined in order to make sure its reliability. In this episode we talk with Liran Tal from Synk about the growing importance of adding security evaluation of open source software in the development cycle. Timing: 0:00 introducing our guest 5:50 what is the challenge of open-source security 10:05 - open source security - the people angel 16:00 - open source security - the process angel 24:55 - open source security - the technology angel 29:42 summary and last words ...
Attendees Guest: Bar Hofesh Guest Title: Co-Founder Company: Neurolegion Abstract Application security is among the hardest things to get right. In this episode we are talking with Bar Hofesh from Neurolegion about the world of automated security testing - what are the challenges, what are the different stages of integration and delivery and how to perform each stage correctly. Timing: 0:50 - introducing our guest 2:58 - the need to automate security testing - the challenge of developing faster 7:15 - so what is testing automation - describing the process - the code integration stage 13:50 - security testing the packing and delivery stage 18:50 - testing live application stage 20:20 - appsec finding strategy - what do when found an alert 22:20 - Static analysis vs. dynamic analysis 24:58 - emerging technologies - RASP, IAST 30:50 - Is there still room for manual penetration testing? 34:05 - summary and last words ...