The podcast for Security Architecture
Hosted by Moshe Ferber and Ariel Munafo.
The world of software development has changed rapidly in the last years due to various factors – Cloud Computing, Digital Transformation, CI/CD & DevOps – they all changed the way we build new applications. Young startups today got access to enterprise-grade infrastructure enabling them to produce scalable, robust applications faster and cheaper. But as companies innovate faster, security challenges arise. The security community has not mastered yet the full art of developing software fast, at scale, and secure and variety of companies still struggle to found the right foundation for their security posture.
SilverLining podcast was created to help you do just that – find the right combination of people, processes, and technologies to build more secure and reliable services. We will focus on the latest development in infrastructure and software development and talk with people who mastered how to secure those. In each episode, we will host an expert for discussion on the security aspects of new technologies and provide insights, best practices, and knowledge in creating more secure software architecture.
Episode 35: Compliance Automation and Zero Trust Containers
Guest: Malgorzata (Gosia) SteinderGuest title: CTO of Hybrid Cloud Research. IBM researchTopic: Compliance automation and zero trust containers
Continuous monitoring, containers, zero trust, confidential computing - those are all examples of technologies that will be the main focus in the upcoming years. In this episode, we hosted Malgorzata (Gosia) Steinder, CTO of Hybrid Cloud Research at IBM, who provided her vision on how all those technologies mentioned above, should be integrated into highly secure applications deployments.
NIST OSCAL standard: https://pages.nist.gov/OSCAL/
Automated compliance Open Source tool by IBM https://github.com/IBM/compliance-trestle
Security monitoring open source tool by IBM: https://www.ibm.com/blogs/research/2020/01/sysflow/
workload identity: https://developer.ibm.com/solutions/security/articles/protecting-data-using-secret-management-trusted-service-identity/
Episode 34: PayPal cloud journey
Guest: Assaf Keren
Guest Title: VP, Enterprise Cyber Security
PayPal is one of the most interesting organizations in the world in terms of security. The combination of online presence with the unique line of business is making PayPal one of the most secure hi-tech companies and one of the most innovative financial institutions.
In this episode, we hosted Assaf Keren, VP of enterprise cyber security, for a discussion about PayPal’s cloud journey from traditional on-premise to the multi-cloud / multi-locations giant they are now, and how COVID-19 is changing Paypal’s digital journey with their customers & employees.
Episode 33: Researching Cloud Vulnerabilities
Guest: Asaf Hecht
Guest Title: Security research team leader
With the growth of cloud services, more knowledge is gathered on vulnerabilities and misconfigurations in cloud infrastructure. A great deal of this knowledge is coming from cloud security researchers. In this episode, we host Asaf Hecht, Security research team leader At Cyberark, for a conversation about cloud security research and the vulnerabilities they disclose are various cloud vendors.
Episode 32: Understanding Infrastructure as Code and How to Use it Effectively
Guest: Ohad Maislish
Guest Title: Co-Founder & CEO
Infrastructure as code is one of the most interesting technologies in the market. It enables organizations to deploy heavy workloads within seconds and avoid risky configuration mistakes. In this episode, we talked with Ohad Maislish, Co-Founder and CEO at env0, about infrastructure as code technology, how and where it is being used, and how env0 helps organizations to better utilize this technology.
0:00 introducing our guest
2:26 What is infrastructure as a code
10:16 Examples for practical deployment of IaaC
13:55 How IaaC is helping governance
19:20 IaaC behind the scenes
25:18 IaaC in a multi-cloud environment
28:40 Summary and last words
Episode 31: Understanding Cloud Native Security Basics
Guest: Benjy Portnoy
Guest Title: Sr. Director, Solution Architects
Company: Aqua Security
A cloud-native security strategy entails protecting the infrastructure, build, and running workloads. In this episode, we spoke with Benjy Portnoy, Sr Director of Solution Architects at Aqua Security regarding cloud-native security fundamentals. We also delve into various attacks identified in the recently published Cloud Native Threat Report by Aqua's security research team, Nautilus.
0:00 introducing our guest
2:50 what is cloud native security
5:11 Sorting out between CWPP, CSPM & DevSecOps
8:01 Protecting the build, the platform and workload
10:30 Understanding what is CASB
12:45 diving into the kinsing attack
29.11 Summary and last words
Episode 30: The challenges of CISO in a security company
Guest: Eitan Satmary
Guest Title: CISO
Being a CISO is challenging, being a CISO at a security vendor is even more challenging. In this episode we host Eitan Satmary, CISO for Tufin, to talk about the good and bad of being a CISO in a cyber security vendor. We will talk about CISO's ability to influence innovation and product roadmap in the company and how the transition from on-prem offering to SaaS offering changed the company's security posture.
0:00 introducing our guest
4:20 CISO in a security company: influence the innovation team
10:30 the relationship between CISO and the sales department
12:30 the company journey of adding cloud capabilities
15:00 CISO’s first steps
20:11 Risk management considerations for SaaS companies
25:00 Summary and final thoughts
Customer ReviewsSee All
תודה על פרקים מצויינים