Episode 30:  The challenges of CISO in a security company

Episode 30 December 08, 2020 00:29:55
Episode 30:  The challenges of CISO in a security company
SilverLining IL
Episode 30:  The challenges of CISO in a security company
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Eitan Satmary

Guest Title: CISO 

Company: Tufin

Abstract

Being a CISO is challenging, being a CISO at a security vendor is even more challenging. In this episode we host Eitan Satmary, CISO for Tufin, to talk about the good and bad of being a CISO in a cyber security vendor. We will talk about CISO's ability to influence innovation and product roadmap in the company and how the transition from on-prem offering to SaaS offering changed the company's security posture.

Timing:

0:00 introducing our guest

4:20 CISO in a security company:  influence the innovation team

10:30 the relationship between CISO and the sales department

12:30 the company journey of adding cloud capabilities

15:00 CISO’s first steps

20:11 Risk management considerations for SaaS companies

25:00  Summary and final thoughts

Other Episodes

Episode 18

August 02, 2020 00:38:08
Episode Cover

Episode 18: Testing Cloud Application

Attendees Guest: Bar Hofesh Guest Title:  Co-Founder Company:  Neurolegion Abstract Application security is among the hardest things to get right. In this episode we are talking with Bar Hofesh from Neurolegion about the world of automated security testing - what are the challenges, what are the different stages of integration and delivery and how to perform each stage correctly. Timing: 0:50 - introducing our guest 2:58 - the need to automate security testing - the challenge of developing faster 7:15 - so what is testing automation - describing the process - the code  integration stage 13:50  - security testing the packing and delivery stage 18:50 - testing live application stage 20:20 - appsec finding strategy - what do when found an alert 22:20 - Static analysis vs. dynamic analysis 24:58 - emerging technologies - RASP, IAST 30:50 - Is there still room for manual penetration testing? 34:05 - summary and last words ...

Listen

Episode 9

October 29, 2019 00:35:01
Episode Cover

Episode 9: Challenges With Cloud Management Logs

Attendees Guest: Shira Shamban Guest title:  Cloud Security Company:  Check Point (Dome9) Cloud providers has invested heavily in adding visibility, monitoring and logging capabilities of networking and administrative activities. In this session with talk with Shira Shamban, a cloud security expert from Check Point about the challenges of collecting the different logs exist in cloud platforms and the challenges of gaining insights from them. Abstract Cloud providers has invested heavily in adding visibility, monitoring and logging capabilities of networking  and administrative activities. In this session with talk with Shira Shamban, a cloud security expert from Check Point about the challenges of collecting the different logs exist in cloud platforms  and the challenges of gaining insights from them.  0:00 Introducing Shira and her activities in CheckPoint and community activities (Security-Diva, CSA Top Threat working group, OWASP-IL)  11:55 Introducing the challenges of cloud log management: enabling correctly,  long term storage, analysis challenges, lack of info  19.45  The challenges of monitoring cloud assets using IP addresses  21:25   How to properly do cloud based log collection: Enrichment, external threat service 24.20 Values of log visualization  28.05 Log storage management 31:21 Summary and last words ...

Listen

Episode 2

April 22, 2019 00:33:27
Episode Cover

Episode 2: Security Challenges Of Moving From Monolith To Micro-Services

Attendees Guest: Yuval Reut,  Guest title:  CIO & CISO  Company:  Riskified  Micro-services can bring enormous benefits into the organizations – giving flexibility and driving innovation. But Micro-services are also challenging from a security point of view. In this podcast, Yuval Reut, CIO & CISO for Riskified, will share his experience of moving an entire monolith application to a group of integrated micro services. Timing: 0:00 – 3:39 - intro and learning about Riskified 3:39 - 9:55 - CISO & CIO positions at SaaS startups 9:55 - 12:20 - moving from Monolith to Microservices – reasons for the move. 12:20 - 19:30 - technology challenges when moving to Micro services 19:30 - 25:00 - People challenges when moving to Micro services 25:00 – 29:35 - Process challenges when moving to Micro services        29.40 – 33:00 - Summary and conclusions ...

Listen