26 episodes

The podcast for Security Architecture
Hosted by Moshe Ferber and Ariel Munafo.

The world of software development has changed rapidly in the last years due to various factors – Cloud Computing, Digital Transformation, CI/CD & DevOps – they all changed the way we build new applications. Young startups today got access to enterprise-grade infrastructure enabling them to produce scalable, robust applications faster and cheaper. But as companies innovate faster, security challenges arise. The security community has not mastered yet the full art of developing software fast, at scale, and secure and variety of companies still struggle to found the right foundation for their security posture.

SilverLining podcast was created to help you do just that – find the right combination of people, processes, and technologies to build more secure and reliable services. We will focus on the latest development in infrastructure and software development and talk with people who mastered how to secure those. In each episode, we will host an expert for discussion on the security aspects of new technologies and provide insights, best practices, and knowledge in creating more secure software architecture.

SilverLining IL MarkeTech

    • Technology
    • 5.0 • 2 Ratings

The podcast for Security Architecture
Hosted by Moshe Ferber and Ariel Munafo.

The world of software development has changed rapidly in the last years due to various factors – Cloud Computing, Digital Transformation, CI/CD & DevOps – they all changed the way we build new applications. Young startups today got access to enterprise-grade infrastructure enabling them to produce scalable, robust applications faster and cheaper. But as companies innovate faster, security challenges arise. The security community has not mastered yet the full art of developing software fast, at scale, and secure and variety of companies still struggle to found the right foundation for their security posture.

SilverLining podcast was created to help you do just that – find the right combination of people, processes, and technologies to build more secure and reliable services. We will focus on the latest development in infrastructure and software development and talk with people who mastered how to secure those. In each episode, we will host an expert for discussion on the security aspects of new technologies and provide insights, best practices, and knowledge in creating more secure software architecture.

    Episode 26: Current Challenges With Cloud

    Episode 26: Current Challenges With Cloud

    This is a special episode where both of us (Moshe & Ariel – no guests this time) discuss the future of cloud computing and challenges that should be solved. We take a detailed look at shortage in manpower and knowledge, privacy laws and their influence on innovation and technology challenges such as multi tenancy, APi’s, encryption, continuous monitoring and more.
    Agenda
    Opening words  - 5 min 

    introducing the podcast  - Moshe / Ariel 
    Introducing our guest - Ariel
    Introducing myself - Moshe
    Introducing the topic and context of the podcast - Moshe 

    Security challenges  
    People


    Shortage in manpower:  There are missing jobs for cyber professional and especially application security
    Shortage in knowledge: security professional lag behind learning new technologies


    Process


    Malicious insider - one of the biggest challenges for cloud providers
    Shared responsibility model collapsing
    Privacy laws are creating islands of data - Privacy laws are limiting the transfer of data
    Jurisdiction, Court orders and government access to data - as cloud provider host more data - they are a target for more & more government interest


    Technology


    API security best practices - there will be more & more API’s, we did not master how to protect them
    Encryption and key management - the holy grail for holding your own encryption keys is fading
    Multi tenancy - we don't have clear practices on building multi tenant applications
    Identity based access controls - network access controls are useless in cloud computing, but our ability to create granular access controls based on identity is not mature yet 
    Multi tenancy 
    Continuous monitoring
    Automation and devops - Security automation is still maturing. We still don't know how to integrate developers and operation without breaking best practices
    Using the wrong tools 


    Closure (5 min)

    Moshe - Summersing 
    Ariel - closing 

    • 49 min
    Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles

    Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles

    Attendees
    Guest: Shira Shamban
    Guest title: CEO & Co-Founder
    Company: Solvo
    Abstract
    In modern cloud environments, Identity and Access Management controls are crucial controls. Many of the access decisions are now made not based on networking structure but rather on roles and permissions. In this episode we talk (again) with Shira Shamban, founder at Solvo about cloud IAM challenges - why is it so hard to get IAM right and how Solvo is planning to revolutionize the IAM management process. 
    Timing:
    0:00 Introducing our guest
    3:00 Introducing cloud identity challenges 
    6:20 Why role management is not enough
    11:40 Why we fail to create least-privilege-roles  
    15:10 How to manage IAM securly - the people angle
    18:13 How to manage IAM securly - the process angle
    21:08 How to manage IAM securly - the technology angle
    31:08 Summary and last words

    • 35 min
    Episode 24: Putting The Sec Into DevOps

    Episode 24: Putting The Sec Into DevOps

    Attendees
    Guest: Dima Revelis
    Guest title: Senior Devops engineer
    Company: MoonActive
    Abstract
    DevsecOps is accelerating fast as the new buzzword for modern information security practices. In this episode we use the expertise of Dima Revelis in order to dive deep into understanding DevOps practices, what is CI/ CD pipeline and which security tools are relevant for all of those new practices.
    Timing:
    0:00 - Introducing our guest
    2:50 - What is devops
    7:50 - What is deployment pipeline
    14:20 - What is CI and which security testing can be implemented
    17:20 - What is CD and which security consideration 
    18:40 - Dive deeper into security testing - QA, code review, static & dynamic   analysis
    20:45 - So much automation, do we still need manual testing? 
    22:30 - Additional security aspects: using Jenkins, authentication and authorization, secret management
    26:40 - Availability considerations and disaster recovery
    33:30 - Summary and final words

    • 37 min
    Episode 23: Understanding Microsoft Cloud Security Pillars

    Episode 23: Understanding Microsoft Cloud Security Pillars

    Attendees
    Guest: Yoad Dvir
    Guest title: Security Lead, Central and Eastern Europe
    Company: Microsoft
    Abstract
    Microsoft security portfolio has been growing and diversifying in the last couple of years, adding more capabilities at various areas of information security. In order to better understand Microsoft strategy and offering, we talked with Yoad Dvir, Cyber Security Lead at Microsoft, about the Microsoft new security pillars:  Monitoring, Threat Protection and Information Protection.
    Timing:
     0:00 - Introducing our guest
    5:45  - Introducing Microsoft security strategy
    12:50 - Security monitoring pillars - Azure monitor, Sentinel, Azure analytics and more
    21:10 - Microsoft Threat Protection family - Cloudapp, O365 ATP, Defender ATP, Azure ATP
    30:50 - diving deeper into Cloudapp
    35:30 - Microsoft Information Protection 
    44:00 - summary and last words

    • 47 min
    Episode 22: How To Do Add Open Source Code To Your Applications, Securely

    Episode 22: How To Do Add Open Source Code To Your Applications, Securely

    Attendees
    Guest: Liran Tal
    Guest title: Developer Advocate
    Company:  Synk
    Abstract
    Open source software takes a big part in our daily lives, and also in our development environments. Many applications developers rely on open source libraries &  tools and integrating it into their code. This is a great improvement for developers allowing them to innovate quickly and efficiently. But all this good comes with a big responsibility - open source software should be carefully examined in order to make sure its reliability. In this episode we talk with Liran Tal from Synk about the growing importance of adding security evaluation of open source software in the development cycle.
    Timing:
     0:00 introducing our guest
    5:50 what is the challenge of open-source security
    10:05 - open source security - the people angel
    16:00 - open source security - the process angel
    24:55 - open source security - the technology angel
    29:42 summary and last words

    • 32 min
    Episode 21: Building The Next Generation Of Cloud Services

    Episode 21: Building The Next Generation Of Cloud Services

    Attendees
    Guest: Eran Feigenbaum
    Guest title:  CSO, Oracle Cloud
    Abstract
    The first generation of cloud services began about 15 years ago and stretched until now, but it came with many built-in challenges due to lack of maturity and the fact that security was added on top and not present from the start. In this episode we talk with Eran Feigenbaum, CISO of Oracle cloud about the next generation of cloud services - how can we build cloud that is more secure,, immuned to miss-configuration and other pitfalls that are relevant to today's cloud services.
    Timing:
    0:00 introducing our guest
    5:40 Generation one of cloud infrastructure
    8:40 so what is second generation of cloud infrastructure
    10:30 how Oracle is planning to change the cloud market
    11:40 how second generation cloud services can help with common mistakes such as misconfiguration
    13:35 what cloud provider should do in order to increase security
    16:05 how cloud providers can  be proactive with their customers
    19:00 handling miss-configuration such as open buckets and lost API’s keys
    23:40 summary and last words

    • 26 min

Customer Reviews

5.0 out of 5
2 Ratings

2 Ratings

dvid namorsky ,

נהנה לשמוע

תודה על פרקים מצויינים

Top Podcasts In Technology