Hosted By
Guest: Eran Leib (vp product), Maor Goldberg (CEO)
Guest Title: Founders at Apolicy (a sysdig company)
Abstract: Infrastructure and policy as code is one of the hottest topics in security today. In this episode we spoke with Eran & Maor, founders at aPolicy (acquired by Sysdig shortly after the recording) , about cloud native security and how organizations should use automated policy templates for security CI/CD pipelines.
Attendees Guest: Guy Flechter Guest title: CISO Company: AppFlayer Abstract One of the biggest challenges facing software companies is how to make sure security policies are enforced across the development cycle without holding R&D ability to innovate. In this episode, Guy Flechter, CISO for Appsflyer, will elaborate on the way he is providing R&D guidelines and support while keeping them motivated and committed to security. Timing 0:00 Intro and introducing Appsflyer and its digital business 10:29 Understanding Appsflyer underlying technology and security challenges 14:20 “We came in peace” Building security foundation at Appsflyer - understanding Guy’s methodology 19:55 the people angle: Building the right team and how to work efficiently with R&D team. 27.40 The technology angel: How to make sure developers don’t need security in everyday life, but they are still on the right tracks 37.10 The process angel: building developers autonomy 40.25 Summary and conclusion ...
This is a special episode where both of us (Moshe & Ariel – no guests this time) discuss the future of cloud computing and challenges that should be solved. We take a detailed look at shortage in manpower and knowledge, privacy laws and their influence on innovation and technology challenges such as multi tenancy, APi’s, encryption, continuous monitoring and more. Agenda Opening words - 5 min introducing the podcast - Moshe / Ariel Introducing our guest - Ariel Introducing myself - Moshe Introducing the topic and context of the podcast - Moshe Security challenges People Shortage in manpower: There are missing jobs for cyber professional and especially application security Shortage in knowledge: security professional lag behind learning new technologies Process Malicious insider - one of the biggest challenges for cloud providers Shared responsibility model collapsing Privacy laws are creating islands of data - Privacy laws are limiting the transfer of data Jurisdiction, Court orders and government access to data - as cloud provider host more data - they are a target for more & more government interest Technology API security best practices - there will be more & more API’s, we did not master how to protect them Encryption and key management - the holy grail for holding your own encryption keys is fading Multi tenancy - we don't have clear practices on building multi tenant applications Identity based access controls - network access controls are useless in cloud ...
Guest: Oren Penso Guest title: Senior Product Line Manager, VMware Language: English Abstract As k8’s adoption grows and flourish, organizations are starting to ask themselves how they should manage the complex network settings inside K8’s. Services mesh is a technology that adds a layer of networking & security capabilities on top of traditional K8’s environment. In this episode we discuss service mesh technology, its past and its future with Oren Penso, Senior product line manager in VMware and he provided us with interesting insights on the future on networking & microservices architecture. ...
