InfoSec. AppSec. DevOps. DevSecOps. Network Security.
Should companies be talking about these subjects only when they are a large organization? NO!
Should security be a priority for every company, no matter the size? YES!
According to a study by BullGuard study in 2020, 43% of SMB owners have no cybersecurity defense plan in place at all – leaving their most sensitive financial, customer and business data, and ultimately their companies, at significant risk.
Many startup and SMB companies will admit that security is not on their list of top 3 things to think about.... maybe even top 5.
This meetup will bring together experts, authors, and practitioners from all areas of the the security ecosystem to discuss best practices and better ways for growth companies to protect their data and networks at scale.
We're here to make security a first-class citizen in early stage companies.
Infra-as-Code, OpenTofu, and Security w/ Ohad Maislish, Env0
How do you manage infrastructure-as-code and keep it secure? And can you keep open source fully open?
In this episode, Ohad Maislish, Co-Founder and CEO at Env0 and OpenTofu Supporter discuss the evolution of infrastructure management, how OpenTofu started, and how to ensure security is baked into your code.
Check out Ohad's podcast, The IaC Podcast as well: https://www.theiacpodcast.com/
Shift-Left Developer Security w/ Roy Avrahamy, Akeyless Security
How do you ensure developers make the best security decisions when building their applications?
In this episode, Roy Avrahamy, Application Security Engineer at Akeyless Security gives us great insights into how to make sure your developers keep their minds on application security while still developing code at a fast pace. We discuss ideas about continuous learning, gamification, hackathons, and more.
Machine Learning Against Cyber Attacks w/ Lidan Hazout, Transmit Security
Can cyber attacks and risk be managed by machines alone?
In this episode, Lidan Hazout, Risk & Fraud Detection Director at Transmit Security talks to us about how he is working to create Machine Learning algorithms to actually stop cybersecurity attacks before they even happen. We get into a lot of detail about how the algorithms decide good versus bad and what the more sophisticated types of attacks are out there.
If you're looking for the website Lidan mentions toward the end where you can practice your cyber skills, check out https://www.kaggle.com/.
DSOMM and Security Maturity Models w/ Raz Probstein, Jit
Are you working on maturing your company's security?
In this episode of DevSec For Scale, we hear from Raz Probstein, Solution Engineer at Jit, about the various methods companies have been using to up their security game. But one methodology stands out to both her and the company she works for, OWASP DSOMM.
DSOMM focuses on DevSecOps security. There are quite a few differences between DSOMM and other models, and Raz breaks down why you should consider DSOMM when leveling up security.
Check out Raz's slides from her recent talk about this topic at the OWASP AppSecIL 2023 conference: https://docs.google.com/presentation/d/1oI4n_YjXDIhshl8mgEJTlYFMI6UznZHKRsxvkmDvA2U/
Moving to a Password-less World w/ Mike Malone, Smallstep
Do you wish you could log into all your apps without passwords? Enter asymmetric cryptography.
In this episode, Mike Malone, CEO and Founder of Smallstep walks us through how we got to where we are with password and secrets management and offers us ideas about how to change the way we think about credential security.
Secrets Management Pt 3: Managing Secrets for Real w/ Jeroen Willemsen
How do you actually get started managing secrets?
In this episode of DevSec For Scale, we are joined by Jeroen for a third time to discuss the real ins and outs of getting started with secrets management. We talk about threat modeling, CI/CD, and even multi-cloud secrets management.
Lots of essential info in this show!
Love the show 🚀📈🚀📈
Really enjoying this show so far
I loved the episode with Greg Edwards! He provided a really interesting look into ransomware.