Guest: Alex Gestin
Guest title: CISO, Riseup
Language: English
Abstract
The growing number of fintech companies represent a shift in the market from traditional banking & financing to new models and tools that are empowered by technology. But fintech companies face security challenges - they need to provide customers and financial partners with assurance & security at a level of giant institutes - while being young and small companies.
In this episode we spoke with Alex Gestin, CISO for Riseup - about the challenges of Fintech companies and how Riseup builds environments that provide assurance and trust with regulators, consumers and other banks.
Attendees Guest: Yuval Reut, Guest title: CIO & CISO Company: Riskified Micro-services can bring enormous benefits into the organizations – giving flexibility and driving innovation. But Micro-services are also challenging from a security point of view. In this podcast, Yuval Reut, CIO & CISO for Riskified, will share his experience of moving an entire monolith application to a group of integrated micro services. Timing: 0:00 – 3:39 - intro and learning about Riskified 3:39 - 9:55 - CISO & CIO positions at SaaS startups 9:55 - 12:20 - moving from Monolith to Microservices – reasons for the move. 12:20 - 19:30 - technology challenges when moving to Micro services 19:30 - 25:00 - People challenges when moving to Micro services 25:00 – 29:35 - Process challenges when moving to Micro services 29.40 – 33:00 - Summary and conclusions ...
Attendees Guest: Evgeny Zislis Guest title: CTO Company: ProdOPS Abstract Over 90% of IaaS/PaaS security incidents happens on consumer fault. Cloud platforms are complicated, with steep learning curve and it is easy to make mistakes. In this podcast, we talk with Evgeny Zislis, CTO for ProdOPS about the common IaaS/PaaS security mistakes and misconfigurations, categorize them and talk about measures to reduce those mistakes and identify them on time. Timing: 0:00 – 2:10 - intro and introducing our guest 2:10 - 31:05 - What are the common cloud misconfiguration and mistakes Improper security group configuration Object storage negligence - open buckets on s3 Insecure storing of API/Access Keys - config file in open Github repo is not the best place to store access keys Vulnerable servers exposed (exposing your 5 years old, not updated linux server is not recommended) Fail to segregate different services into different accounts / vpc / subnets Everyday use of root account and relying on one account only 31:05 - 34:20 Avoiding cloud misconfigurations: the process angle 34:20 - 38:33 Avoiding cloud misconfigurations: the people angle 38:33 - 49:00 Avoiding cloud misconfigurations: the technology angle 49.00 – 52:00 Summary and conclusions ...
Attendees Guest: Tsachi Lutaty Guest title: R&D manager Company: PlainID Abstract In the past years we have reached important progress in authentication. Multi factor authentication and Identity Federation solved many of the identity authentication challenges. So it is now time to focus on the second aspect of Identity & Access Management - the aspect of Identity Authorization. In this podcast we are talking with Tsachi Lutaty, R&D manager for PlainID, about the move from Role based access controls to Policy based access controls and how organizations can better engineer their authorization scheme and policies. Timing: 0:41 introducing our guest 1:25 Introducing PlainID 2:45 Authorization challenges - what are modern authorization challenges 8:00 Role based access control vs. Attribute / Policy based access control 15:30 Existing authorization standards 18:58 How can we better engineer authorization system - The technology angle 26:15 How can we better engineer authorization system - The process angle 29:30 How can we better engineer authorization system - The people angle 32:50 Summary and final words ...