Guest: Dima Revelis
Guest title: Senior Devops engineer
DevsecOps is accelerating fast as the new buzzword for modern information security practices. In this episode we use the expertise of Dima Revelis in order to dive deep into understanding DevOps practices, what is CI/ CD pipeline and which security tools are relevant for all of those new practices.
0:00 - Introducing our guest
2:50 - What is devops
7:50 - What is deployment pipeline
14:20 - What is CI and which security testing can be implemented
17:20 - What is CD and which security consideration
18:40 - Dive deeper into security testing - QA, code review, static & dynamic analysis
20:45 - So much automation, do we still need manual testing?
22:30 - Additional security aspects: using Jenkins, authentication and authorization, secret management
26:40 - Availability considerations and disaster recovery
33:30 - Summary and final words
Attendees Guest: Ori Troyna Guest title: Global head of product security at Payu Company: Payu Abstract Payu, a global fintech gaint acquired Zooz , a small payment startup. In this episode we talk with Ori Troyna, Global head of product security at Payu about the challenges that such a merger between two very different companies with different engineering methodologies and how they cope with those challenges. Timing: 1.14 Ori introduce himself 11.40 challenges of merging small companies into financial giants. Integrating different technologies stacks into one. 18.33 how to build the organizational structure the consolidate the different companies and technology stacks 21.30 understanding the acquisition considerations of PayU and its effect on security considerations 27.0 solving the consolidation challenges - the people angel. Moving to tribes and clans and providing security goals 34.30 the difference between product security and IT security 36.0 solving the consolidation challenges - the process angel. How to integrate different tribes and clans to create one joint development backlog and mature devops 46.40 solving the consolidation challenges - the technology angel. Building global infrastructure that support multiple projects 53.22 summary and last words ...
Attendees Guest: Ofer Maor Guest title: Co-Founder & CTO Company: Mitiga Abstract The recent increase of cloud based attacks gives us an opportunity to examine new attack vectors and how attackers exploit new services. In this episode we talked with Ofer Maor, Co-Founder at Mitiga, about new attack vectors in cloud computing and how attackers exploit new services such as marketplaces, community repos and other examples. Timing: 0:00 Introducing our guest and Mitiga 3:32 Preparing for cloud incident response 7:15 Cloud attack vector - malicious AMI 11:00 More attack vectors on marketplaces 13:18 Github attack vectors 18:15 attack vector - Business email compromise on 365 25:44 how to mitigate cloud incidents 27:58 Summary and last words ...
Attendees Guest: Beau Woods Guest title: Member Company: We-Are-The-Cavalry, Atlantic Council Abstract IOT devices such as Medical embedded devices, autonomous vehicle and smart homes are currently the Achilles heel of information security. The technology is advancing fast, but the security frameworks are not advancing at the same pace. In this episode we talk with Beau woods, founder for I-am-the-cavalry, about the steps governments, regulators and vendors should take in order to produce safer IOT devices. Timing 0:00 Intro and introducing our Beau activities and I-AM-The-Cavalry community 5:20 What are the unique challenges of IOT security? 9.05 It is not a question of connectivity 11:35 How do better engineer IOT devices - fail fast, detect failure and maintain an ability to fix failures 17.15 Engineering is not enough - how the IOT consumers should be trained for and aware of 22.20 Summary and conclusions ...