SilverLining Episode 50: Building security workflow at scale

Episode 50 May 11, 2022 00:24:30
SilverLining Episode 50: Building security workflow at scale
SilverLining IL
SilverLining Episode 50: Building security workflow at scale
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Guest: Ravid Circus

Guest title: Co-Founder, Seemplicity

Language: English

 

Abstract

As organizations develop more software, and in faster cycles, greater responsibility is laid on security teams who have a full-stack responsibility for infrastructure, applications, IT services and many other aspects in the business.

In this episode we spoke with Ravid Circus co-founder and CPO at Seemplicity to understand how security teams can efficiently scale their risk reduction efforts and interact with their counterparts productively by using digital workflows  for security operations.

Other Episodes

Episode 21

August 03, 2020 00:26:59
Episode Cover

Episode 21: Building The Next Generation Of Cloud Services

Attendees Guest: Eran Feigenbaum Guest title:  CSO, Oracle Cloud Abstract The first generation of cloud services began about 15 years ago and stretched until now, but it came with many built-in challenges due to lack of maturity and the fact that security was added on top and not present from the start. In this episode we talk with Eran Feigenbaum, CISO of Oracle cloud about the next generation of cloud services - how can we build cloud that is more secure,, immuned to miss-configuration and other pitfalls that are relevant to today's cloud services. Timing: 0:00 introducing our guest 5:40 Generation one of cloud infrastructure 8:40 so what is second generation of cloud infrastructure 10:30 how Oracle is planning to change the cloud market 11:40 how second generation cloud services can help with common mistakes such as misconfiguration 13:35 what cloud provider should do in order to increase security 16:05 how cloud providers can  be proactive with their customers 19:00 handling miss-configuration such as open buckets and lost API’s keys 23:40 summary and last words ...

Listen

Episode 26

September 16, 2020 00:49:26
Episode Cover

Episode 26: Current Challenges With Cloud

This is a special episode where both of us (Moshe & Ariel – no guests this time) discuss the future of cloud computing and challenges that should be solved. We take a detailed look at shortage in manpower and knowledge, privacy laws and their influence on innovation and technology challenges such as multi tenancy, APi’s, encryption, continuous monitoring and more. Agenda Opening words  - 5 min  introducing the podcast  - Moshe / Ariel  Introducing our guest - Ariel Introducing myself - Moshe Introducing the topic and context of the podcast - Moshe  Security challenges   People Shortage in manpower:  There are missing jobs for cyber professional and especially application security Shortage in knowledge: security professional lag behind learning new technologies Process Malicious insider - one of the biggest challenges for cloud providers Shared responsibility model collapsing Privacy laws are creating islands of data - Privacy laws are limiting the transfer of data Jurisdiction, Court orders and government access to data - as cloud provider host more data - they are a target for more & more government interest Technology API security best practices - there will be more & more API’s, we did not master how to protect them Encryption and key management - the holy grail for holding your own encryption keys is fading Multi tenancy - we don't have clear practices on building multi tenant applications Identity based access controls - network access controls are useless in cloud ...

Listen

Episode 33

January 18, 2021 00:31:24
Episode Cover

Episode 33: Researching Cloud Vulnerabilities

Attendees Guest: Asaf Hecht  Guest Title: Security research team leader Company: CyberArk  Abstract With the growth of cloud services, more knowledge is gathered on vulnerabilities and misconfigurations in cloud infrastructure. A great deal of this knowledge is coming from cloud security researchers. In this episode, we host Asaf Hecht, Security research team leader At Cyberark, for a conversation about cloud security research and the vulnerabilities they disclose are various cloud vendors.  ...

Listen