SilverLining Episode 49: Security for Fintech Companies

Episode 49 April 06, 2022 00:37:28
SilverLining Episode 49: Security for Fintech Companies
SilverLining IL
SilverLining Episode 49: Security for Fintech Companies
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Guest: Alex Gestin

Guest title:  CISO, Riseup

Language: English

 

Abstract

The growing number of fintech companies represent a shift in the market from traditional banking &  financing to new models and tools that are empowered by technology. But fintech companies face security challenges - they need to provide customers and financial partners with assurance & security at a level of giant institutes - while being young and small companies.

In this episode we spoke with Alex Gestin, CISO for Riseup - about the challenges of Fintech companies and how Riseup builds environments that provide assurance and trust with regulators, consumers and other banks.

Episode Transcript

No transcript available...

Other Episodes

Episode 2

April 22, 2019 00:33:27
Episode Cover

Episode 2: Security Challenges Of Moving From Monolith To Micro-Services

Attendees Guest: Yuval Reut,  Guest title:  CIO & CISO  Company:  Riskified  Micro-services can bring enormous benefits into the organizations – giving flexibility and driving innovation. But Micro-services are also challenging from a security point of view. In this podcast, Yuval Reut, CIO & CISO for Riskified, will share his experience of moving an entire monolith application to a group of integrated micro services. Timing: 0:00 – 3:39 - intro and learning about Riskified 3:39 - 9:55 - CISO & CIO positions at SaaS startups 9:55 - 12:20 - moving from Monolith to Microservices – reasons for the move. 12:20 - 19:30 - technology challenges when moving to Micro services 19:30 - 25:00 - People challenges when moving to Micro services 25:00 – 29:35 - Process challenges when moving to Micro services        29.40 – 33:00 - Summary and conclusions ...

Listen

Episode 3

June 24, 2019 00:51:19
Episode Cover

Episode 3: Cloud Configuration Pitfalls

Attendees Guest: Evgeny Zislis Guest title:  CTO Company:  ProdOPS Abstract Over 90% of IaaS/PaaS security incidents happens on consumer fault. Cloud platforms are complicated, with steep learning curve and it is easy to make mistakes. In this podcast, we talk with Evgeny Zislis, CTO for ProdOPS about the common IaaS/PaaS security mistakes and misconfigurations, categorize them and talk about measures to reduce those mistakes and identify them on time.  Timing: 0:00 – 2:10 - intro and introducing our guest 2:10 -   31:05 - What are the common cloud misconfiguration and mistakes  Improper security group configuration Object storage negligence - open buckets on s3 Insecure storing of API/Access Keys - config file in open Github repo is not the best place to store access keys Vulnerable servers exposed (exposing your 5 years old, not updated linux server is not recommended) Fail to segregate different services into different accounts / vpc / subnets Everyday use of root account and relying on one account only 31:05 -  34:20  Avoiding cloud misconfigurations:  the process angle 34:20 -  38:33 Avoiding cloud misconfigurations:  the people angle 38:33 -  49:00 Avoiding cloud misconfigurations:  the technology angle    49.00 – 52:00 Summary and conclusions ...

Listen

Episode 12

December 10, 2019 00:35:29
Episode Cover

Episode 12: Diving Into Authorization And Policy Bases Access Controls

Attendees Guest: Tsachi Lutaty Guest title: R&D manager Company: PlainID Abstract In the past years we have reached important progress in authentication. Multi factor authentication and Identity  Federation solved many of the identity authentication challenges. So it is now time to focus on the second aspect of Identity & Access Management - the aspect of Identity Authorization.  In this podcast we are talking with Tsachi Lutaty, R&D manager for PlainID, about the move from Role based access controls to Policy based access controls and how organizations can better engineer their authorization scheme and policies. Timing: 0:41 introducing our guest 1:25 Introducing PlainID  2:45 Authorization challenges - what are modern authorization challenges 8:00 Role based access control vs. Attribute / Policy  based access control  15:30 Existing authorization standards   18:58 How can we better engineer authorization system - The technology angle 26:15 How can we better engineer authorization system - The process angle 29:30 How can we better engineer authorization system - The people angle 32:50 Summary and final words ...

Listen