Episode 34: PayPal cloud journey

Episode 34 February 08, 2021 00:49:02
Episode 34: PayPal cloud journey
SilverLining IL
Episode 34: PayPal cloud journey
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Assaf Keren

Guest Title: VP, Enterprise Cyber Security

Company: PayPal

Abstract

PayPal is one of the most interesting organizations in the world in terms of security. The combination of online presence with the unique line of business is making PayPal one of the most secure hi-tech companies and one of the most innovative financial institutions. 

In this episode, we hosted Assaf Keren, VP of enterprise cyber security, for a discussion about PayPal’s cloud journey from traditional on-premise to the multi-cloud / multi-locations giant they are now, and how COVID-19 is changing Paypal’s digital journey with their customers & employees.

 

 

Other Episodes

Episode 33

January 18, 2021 00:31:24
Episode Cover

Episode 33: Researching Cloud Vulnerabilities

Attendees Guest: Asaf Hecht  Guest Title: Security research team leader Company: CyberArk  Abstract With the growth of cloud services, more knowledge is gathered on vulnerabilities and misconfigurations in cloud infrastructure. A great deal of this knowledge is coming from cloud security researchers. In this episode, we host Asaf Hecht, Security research team leader At Cyberark, for a conversation about cloud security research and the vulnerabilities they disclose are various cloud vendors.  ...

Listen

Episode 19

August 02, 2020 00:40:22
Episode Cover

Episode 19: Understanding Cloud Attack Vectors

Attendees Guest: Or Kamara Guest Title:  Senior team lead  Company:  Synk Abstract Cloud computing can bring interesting and new attack vectors. In this episode, we talk with Or Kamara, Senior team lead at Synk, about the Capital-one hacking and what can be learned from the event in order to better protect our networks. We will analyze the attack step by step and add mitigating controls that can help in preventing the next attack. Timing: 0:35 Introducing our guest 4:10 introducing the story the capital one hack  5:45 The phases of the Capital One hack 7:50 The first misconfiguration - servers exposed to the internet unintentionally 11:05 the SSRF vulnerability and understanding meta-data service 19:38 Using API keys for browsing S3 and how to mitigate it 26:00 things that Capital One did right and additional insights 28:00 how should developers and IT  30:50 shifting from traditional security to new cloud security mindset 36:00 summary and final words ...

Listen

Episode 6

August 12, 2019 00:33:45
Episode Cover

Episode 6: The Cloud Octagon Model Framework for Cloud Adoption

Attendees Guest: Olaf Streutker Guest title: CISO Advisor Company: ABN Amro Abstract The Cloud Octagon Model is a new framework for cloud adoption (mostly SaaS adoption). The model was designed in cooperation between ABN-Amro and the Cloud Security Alliance and assists organizations to identify, represent, and assess risks in the context of their cloud implementation across multiple factors by introducing a logical approach to holistically dealing with security aspects involved in moving to the cloud. Link to CSA Cloud Octagon Model: https://cloudsecurityalliance.org/artifacts/cloud-octagon-model/   Timing   0:00 Intro and introducing the guest and ABN Amro cloud adoption methodology 12:10 The evolution of the Cloud Octagon Model and basic concepts 11:28  How ABN-Amro are dealing with IaaS/PaaS vs. SaaS 15:30 The different phases of the Cloud Octagon Model: Classification 20.30 Core banking applications in the cloud 24.20 The different phases of the Cloud Octagon Model 31.20 Summary and conclusions   ...

Listen