Guest: Leonid Sandler
Guest title: CTO, Armosec
Topic: Securing K8’s Deployments
As K8’s adoption grows and matures, we sat down with Leonid Sandler, CTO and Co-Founder of ARMO, to talk about K8’s security - starting from the shared responsibility model, going through the initial configuration and deployment, and all the way to building a runtime protection solution.
ARMO github page - https://github.com/armosec/kubescape
Guest: Alex Gestin Guest title: CISO, Riseup Language: English Abstract The growing number of fintech companies represent a shift in the market from traditional banking & financing to new models and tools that are empowered by technology. But fintech companies face security challenges - they need to provide customers and financial partners with assurance & security at a level of giant institutes - while being young and small companies. In this episode we spoke with Alex Gestin, CISO for Riseup - about the challenges of Fintech companies and how Riseup builds environments that provide assurance and trust with regulators, consumers and other banks. ...
Guest: Ravid Circus Guest title: Co-Founder, Seemplicity Language: English Abstract As organizations develop more software, and in faster cycles, greater responsibility is laid on security teams who have a full-stack responsibility for infrastructure, applications, IT services and many other aspects in the business. In this episode we spoke with Ravid Circus co-founder and CPO at Seemplicity to understand how security teams can efficiently scale their risk reduction efforts and interact with their counterparts productively by using digital workflows for security operations. ...
Attendees Guest: Evgeny Zislis Guest title: CTO Company: ProdOPS Abstract Over 90% of IaaS/PaaS security incidents happens on consumer fault. Cloud platforms are complicated, with steep learning curve and it is easy to make mistakes. In this podcast, we talk with Evgeny Zislis, CTO for ProdOPS about the common IaaS/PaaS security mistakes and misconfigurations, categorize them and talk about measures to reduce those mistakes and identify them on time. Timing: 0:00 – 2:10 - intro and introducing our guest 2:10 - 31:05 - What are the common cloud misconfiguration and mistakes Improper security group configuration Object storage negligence - open buckets on s3 Insecure storing of API/Access Keys - config file in open Github repo is not the best place to store access keys Vulnerable servers exposed (exposing your 5 years old, not updated linux server is not recommended) Fail to segregate different services into different accounts / vpc / subnets Everyday use of root account and relying on one account only 31:05 - 34:20 Avoiding cloud misconfigurations: the process angle 34:20 - 38:33 Avoiding cloud misconfigurations: the people angle 38:33 - 49:00 Avoiding cloud misconfigurations: the technology angle 49.00 – 52:00 Summary and conclusions ...