SilverLining IL MarkeTech Group

Guest: Sam Sehgal, Co-Chair for the CSA DevSecOps working group and program Lead - DevSecOps Strategy and Architecture, Dell
Language: English
 
Abstract
DevSecOps, the integration of security practices into the DevOps methodology, has become a prominent topic in the field of information security in recent years. This approach emphasizes the collaboration between development, operations, and security teams throughout the software development lifecycle.
In this episode, we had the opportunity to speak with Sam Sehgal, co-chair for the DevSecOps Working Group (WG) at the Cloud Security Alliance (CSA). Sam shed light on the six pillars that form the foundation of the DevSecOps methodology and highlighted the vital role played by the WG in driving the integration of security practices within the realms of DevOps and cloud computing.

Guest: Ludovic Perret, Associate Professor at Sorbonne University & Co-founder of CryptoNext Security and Bruno Huttner , Director of Quantum Strategic Initiatives at ID Quantique
Language: English
 
Abstract
The Quantum-safe security working group is a Cloud Security Alliance research wg that was created to promote awareness and education on the challenges of Quantum computing. In this episode we spoke to the working group leaders in order to better understand Quantum security challenges and how the security  community can overcome these challenges. 
This is the first episode in a series of episodes that will be dedicated to CSA research efforts and the working groups that produce the next generation best practices and researches.

Guest: Shahar Geiger Maor
Guest Title:  CISO at DarioHealth
Language: English
 
Abstract
Many of the CISOs are often approached by early stage startups asking to be given a chance. Is it worth it? isn't it too risky? 
Working with security start-ups can assist the CISO’s to accomplish their goals with many benefits, as long as risks are mitigated.
In this episode we spoke with Shahar Gaiger Maor, CISO at DarioHealth to summarize how security startups can be your weapon of choice as a CISO.
Link: https://www.linkedin.com/pulse/security-start-ups-design-shahar-geiger-maor

Guest: Vladi Sandler, Co-Founder & CEO, Gafnit Amiga, VP of Research, Lightspin
Topic: Researching Cloud giants security mechanisms 
Language: English
 
Abstract
The leading cloud providers these days are storing growing parts of human knowledge and businesses , and therefore their services require to be top notch in security and most of the time, they actually provide very resilient security services. But every now and then, a talented security researcher finds vulnerabilities even on the most mature services - In this episode we spoke with Vladi Sandler & Gafnit Amiga from Lightspin regarding the AWS RDS vulnerability they recently discovered and what is the process of researching cloud provider vulnerabilities and how to do responsible disclosure.  As a bonus, we also discussed the open-source tools released by Lightspin and the way they can help organizations protect their cloud resources.
 
https://blog.lightspin.io/aws-rds-critical-security-vulnerability
https://recon.cloud  -  Free CNAPP tool
https://github.com/lightspin-tech/red-detector - EC2 vulnerability scanner 
https://github.com/lightspin-tech/red-kube - K8S Adversary Emulation

Guest: Boris Gorin
Guest Title: CEO & Co-Founder at Canonic
Topic: Analyzing SaaS Applications Threats
Language: English
 
Abstract
The 2022 history of security incidents proved that SaaS services present major security challenges for organizations. As SaaS adoption grows - more attack vectors are being discovered.
In this episode we spoke with Boris Gorin, Co-founder and CEO at Canonic about the attack vector of malicious apps inside SaaS services and the Canonic AppTotal portal for analyzing 3rd party applications.

Guest: Guy Flechter
Guest Title: CEO & Co-Founder at Cider Security
Topic: Threats on CI/CD pipeline 
Language: English
 
Abstract
The main attraction point in cloud for most organizations is the ability to produce scalable and resilient applications - faster. One of the main foundations for that is the ability to create CI/CD pipelines that will automate the integration of new code to old code and the deployment of the code to the various testing and production environments. But as organizations continue to adopt CI/CD - there is an increasing number of attacks on the pipelines.
In this episode we spoke with Guy Flechter, Co-founder and CEO at Cider Security - on CI/CD relevant threats and risks and incidents that happened in the past and things we can learn from them.