Episode 5: Guard Rails And Not Gates – How R&D And Security Should Co-Exist Audio Player

Episode 5 July 25, 2019 00:53:07
Episode 5: Guard Rails And Not Gates – How R&D And Security Should Co-Exist Audio Player
SilverLining IL
Episode 5: Guard Rails And Not Gates – How R&D And Security Should Co-Exist Audio Player
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Guy Flechter

Guest title: CISO

Company: AppFlayer

Abstract

One of the biggest challenges facing software companies is how to make sure security policies are enforced across the development cycle without holding R&D ability to innovate. In this episode, Guy Flechter, CISO for Appsflyer, will elaborate on the way he  is providing R&D guidelines and support while keeping them motivated and committed to security.

 

Timing

0:00

Intro and introducing Appsflyer and its digital business

10:29

Understanding Appsflyer underlying technology and security challenges

14:20 

“We came in peace” Building security foundation at Appsflyer - understanding Guy’s methodology

19:55  

the people angle: Building the right team and how to work efficiently with R&D team. 

27.40

The technology angel:  How to make sure developers don’t need security in everyday life, but they are still on the right tracks

37.10

The process angel: building developers autonomy

40.25

Summary and conclusion

Other Episodes

Episode 32

January 05, 2021 00:31:39
Episode Cover

Episode 32: Understanding Infrastructure as Code and How to Use it Effectively

Attendees Guest: Ohad Maislish  Guest Title: Co-Founder & CEO  Company: env0 Abstract Infrastructure as code is one of the most interesting technologies in the market. It enables organizations to deploy heavy workloads within seconds and avoid risky configuration mistakes. In this episode, we talked with Ohad Maislish, Co-Founder and CEO at env0, about infrastructure as code technology, how and where it is being used, and how env0 helps organizations to better utilize this technology. Timing 0:00 introducing our guest 2:26 What is infrastructure as a code 10:16 Examples for practical deployment of IaaC 13:55 How IaaC is helping governance  19:20 IaaC behind the scenes 25:18 IaaC in a multi-cloud environment 28:40 Summary and last words ...

Listen

Episode 44

December 22, 2021 00:25:51
Episode Cover

SilverLining Episode 44: Gaining cloud security knowledge & certification - Part 2

Guest: David W. Schropfer Guest Title: Host of DIY Cyber Guy Podcast Abstract:  Many IT & security professionals are asking what Is the best way to enter the world of cloud computing. In this episode we continue our conversation with David W. Schropfer from DIY cyber guy  about the cloud computing career paths   ...

Listen

Episode 18

August 02, 2020 00:38:08
Episode Cover

Episode 18: Testing Cloud Application

Attendees Guest: Bar Hofesh Guest Title:  Co-Founder Company:  Neurolegion Abstract Application security is among the hardest things to get right. In this episode we are talking with Bar Hofesh from Neurolegion about the world of automated security testing - what are the challenges, what are the different stages of integration and delivery and how to perform each stage correctly. Timing: 0:50 - introducing our guest 2:58 - the need to automate security testing - the challenge of developing faster 7:15 - so what is testing automation - describing the process - the code  integration stage 13:50  - security testing the packing and delivery stage 18:50 - testing live application stage 20:20 - appsec finding strategy - what do when found an alert 22:20 - Static analysis vs. dynamic analysis 24:58 - emerging technologies - RASP, IAST 30:50 - Is there still room for manual penetration testing? 34:05 - summary and last words ...

Listen