Guest: Eitan Satmary
Guest Title: CISO
Being a CISO is challenging, being a CISO at a security vendor is even more challenging. In this episode we host Eitan Satmary, CISO for Tufin, to talk about the good and bad of being a CISO in a cyber security vendor. We will talk about CISO's ability to influence innovation and product roadmap in the company and how the transition from on-prem offering to SaaS offering changed the company's security posture.
0:00 introducing our guest
4:20 CISO in a security company: influence the innovation team
10:30 the relationship between CISO and the sales department
12:30 the company journey of adding cloud capabilities
15:00 CISO’s first steps
20:11 Risk management considerations for SaaS companies
25:00 Summary and final thoughts
Attendees Guest: Bar Hofesh Guest Title: Co-Founder Company: Neurolegion Abstract Application security is among the hardest things to get right. In this episode we are talking with Bar Hofesh from Neurolegion about the world of automated security testing - what are the challenges, what are the different stages of integration and delivery and how to perform each stage correctly. Timing: 0:50 - introducing our guest 2:58 - the need to automate security testing - the challenge of developing faster 7:15 - so what is testing automation - describing the process - the code integration stage 13:50 - security testing the packing and delivery stage 18:50 - testing live application stage 20:20 - appsec finding strategy - what do when found an alert 22:20 - Static analysis vs. dynamic analysis 24:58 - emerging technologies - RASP, IAST 30:50 - Is there still room for manual penetration testing? 34:05 - summary and last words ...
Attendees Guest: Shira Shamban Guest title: Cloud Security Company: Check Point (Dome9) Cloud providers has invested heavily in adding visibility, monitoring and logging capabilities of networking and administrative activities. In this session with talk with Shira Shamban, a cloud security expert from Check Point about the challenges of collecting the different logs exist in cloud platforms and the challenges of gaining insights from them. Abstract Cloud providers has invested heavily in adding visibility, monitoring and logging capabilities of networking and administrative activities. In this session with talk with Shira Shamban, a cloud security expert from Check Point about the challenges of collecting the different logs exist in cloud platforms and the challenges of gaining insights from them. 0:00 Introducing Shira and her activities in CheckPoint and community activities (Security-Diva, CSA Top Threat working group, OWASP-IL) 11:55 Introducing the challenges of cloud log management: enabling correctly, long term storage, analysis challenges, lack of info 19.45 The challenges of monitoring cloud assets using IP addresses 21:25 How to properly do cloud based log collection: Enrichment, external threat service 24.20 Values of log visualization 28.05 Log storage management 31:21 Summary and last words ...
Attendees Guest: Yuval Reut, Guest title: CIO & CISO Company: Riskified Micro-services can bring enormous benefits into the organizations – giving flexibility and driving innovation. But Micro-services are also challenging from a security point of view. In this podcast, Yuval Reut, CIO & CISO for Riskified, will share his experience of moving an entire monolith application to a group of integrated micro services. Timing: 0:00 – 3:39 - intro and learning about Riskified 3:39 - 9:55 - CISO & CIO positions at SaaS startups 9:55 - 12:20 - moving from Monolith to Microservices – reasons for the move. 12:20 - 19:30 - technology challenges when moving to Micro services 19:30 - 25:00 - People challenges when moving to Micro services 25:00 – 29:35 - Process challenges when moving to Micro services 29.40 – 33:00 - Summary and conclusions ...