SilverLining Episode 41: Securing ci/cd pipeline using policy as code

Episode 41 August 25, 2021 00:40:02
SilverLining Episode 41: Securing ci/cd pipeline using policy as code
SilverLining IL
SilverLining Episode 41: Securing ci/cd pipeline using policy as code
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Guest: Eran Leib (vp product), Maor Goldberg (CEO)

Guest Title:  Founders at Apolicy (a sysdig company)

Abstract: Infrastructure and policy as code is one of the hottest topics in security today. In this episode we spoke with Eran & Maor, founders at aPolicy (acquired by Sysdig shortly after the recording) ,  about cloud native security and how organizations should use automated policy templates for security CI/CD pipelines.

 

Other Episodes

Episode 5

July 25, 2019 00:53:07
Episode Cover

Episode 5: Guard Rails And Not Gates – How R&D And Security Should Co-Exist Audio Player

Attendees Guest: Guy Flechter Guest title: CISO Company: AppFlayer Abstract One of the biggest challenges facing software companies is how to make sure security policies are enforced across the development cycle without holding R&D ability to innovate. In this episode, Guy Flechter, CISO for Appsflyer, will elaborate on the way he  is providing R&D guidelines and support while keeping them motivated and committed to security.   Timing 0:00 Intro and introducing Appsflyer and its digital business 10:29 Understanding Appsflyer underlying technology and security challenges 14:20  “We came in peace” Building security foundation at Appsflyer - understanding Guy’s methodology 19:55   the people angle: Building the right team and how to work efficiently with R&D team.  27.40 The technology angel:  How to make sure developers don’t need security in everyday life, but they are still on the right tracks 37.10 The process angel: building developers autonomy 40.25 Summary and conclusion ...

Listen

Episode 26

September 16, 2020 00:49:26
Episode Cover

Episode 26: Current Challenges With Cloud

This is a special episode where both of us (Moshe & Ariel – no guests this time) discuss the future of cloud computing and challenges that should be solved. We take a detailed look at shortage in manpower and knowledge, privacy laws and their influence on innovation and technology challenges such as multi tenancy, APi’s, encryption, continuous monitoring and more. Agenda Opening words  - 5 min  introducing the podcast  - Moshe / Ariel  Introducing our guest - Ariel Introducing myself - Moshe Introducing the topic and context of the podcast - Moshe  Security challenges   People Shortage in manpower:  There are missing jobs for cyber professional and especially application security Shortage in knowledge: security professional lag behind learning new technologies Process Malicious insider - one of the biggest challenges for cloud providers Shared responsibility model collapsing Privacy laws are creating islands of data - Privacy laws are limiting the transfer of data Jurisdiction, Court orders and government access to data - as cloud provider host more data - they are a target for more & more government interest Technology API security best practices - there will be more & more API’s, we did not master how to protect them Encryption and key management - the holy grail for holding your own encryption keys is fading Multi tenancy - we don't have clear practices on building multi tenant applications Identity based access controls - network access controls are useless in cloud ...

Listen

Episode 47

February 23, 2022 00:30:24
Episode Cover

SilverLining Episode 47: Understanding Service Mesh Technologies

Guest: Oren Penso Guest title: Senior Product Line Manager, VMware Language: English   Abstract As k8’s adoption grows and flourish, organizations are starting to ask themselves how they should manage the complex network settings inside K8’s. Services mesh is a technology that adds a layer of networking & security capabilities on top of traditional K8’s environment. In this episode we discuss service mesh technology, its past and its future with Oren Penso, Senior product line manager in VMware and he provided us with interesting insights on the future on networking & microservices architecture. ...

Listen