Guest: Sam Sehgal, Co-Chair for the CSA DevSecOps working group and program Lead - DevSecOps Strategy and Architecture, Dell

Language: English

Abstract

DevSecOps, the integration of security practices into the DevOps methodology, has become a prominent topic in the field of information security in recent years. This approach emphasizes the collaboration between development, operations, and security teams throughout the software development lifecycle.

In this episode, we had the opportunity to speak with Sam Sehgal, co-chair for the DevSecOps Working Group (WG) at the Cloud Security Alliance (CSA). Sam shed light on the six pillars that form the foundation of the DevSecOps methodology and highlighted the vital role played by the WG in driving the integration of security practices within the realms of DevOps and cloud computing.

Guest: Ludovic Perret, Associate Professor at Sorbonne University & Co-founder of CryptoNext Security and Bruno Huttner , Director of Quantum Strategic Initiatives at ID Quantique

Language: English

Abstract

The Quantum-safe security working group is a Cloud Security Alliance research wg that was created to promote awareness and education on the challenges of Quantum computing. In this episode we spoke to the working group leaders in order to better understand Quantum security challenges and how the security community can overcome these challenges.

This is the first episode in a series of episodes that will be dedicated to CSA research efforts and the working groups that produce the next generation best practices and researches.

Guest: Shahar Geiger Maor

Guest Title: CISO at DarioHealth

Language: English

Abstract

Many of the CISOs are often approached by early stage startups asking to be given a chance. Is it worth it? isn't it too risky?

Working with security start-ups can assist the CISO’s to accomplish their goals with many benefits, as long as risks are mitigated.

In this episode we spoke with Shahar Gaiger Maor, CISO at DarioHealth to summarize how security startups can be your weapon of choice as a CISO.

Link: https://www.linkedin.com/pulse/security-start-ups-design-shahar-geiger-maor

Guest: Vladi Sandler, Co-Founder & CEO, Gafnit Amiga, VP of Research, Lightspin

Topic: Researching Cloud giants security mechanisms

Language: English

Abstract

The leading cloud providers these days are storing growing parts of human knowledge and businesses , and therefore their services require to be top notch in security and most of the time, they actually provide very resilient security services. But every now and then, a talented security researcher finds vulnerabilities even on the most mature services - In this episode we spoke with Vladi Sandler & Gafnit Amiga from Lightspin regarding the AWS RDS vulnerability they recently discovered and what is the process of researching cloud provider vulnerabilities and how to do responsible disclosure. As a bonus, we also discussed the open-source tools released by Lightspin and the way they can help organizations protect their cloud resources.

https://blog.lightspin.io/aws-rds-critical-security-vulnerability

https://recon.cloud - Free CNAPP tool

https://github.com/lightspin-tech/red-detector - EC2 vulnerability scanner

https://github.com/lightspin-tech/red-kube - K8S Adversary Emulation

Guest: Boris Gorin

Guest Title: CEO & Co-Founder at Canonic

Topic: Analyzing SaaS Applications Threats

Language: English

Abstract

The 2022 history of security incidents proved that SaaS services present major security challenges for organizations. As SaaS adoption grows - more attack vectors are being discovered.

In this episode we spoke with Boris Gorin, Co-founder and CEO at Canonic about the attack vector of malicious apps inside SaaS services and the Canonic AppTotal portal for analyzing 3rd party applications.

Guest: Guy Flechter

Guest Title: CEO & Co-Founder at Cider Security

Topic: Threats on CI/CD pipeline

Language: English

Abstract

The main attraction point in cloud for most organizations is the ability to produce scalable and resilient applications - faster. One of the main foundations for that is the ability to create CI/CD pipelines that will automate the integration of new code to old code and the deployment of the code to the various testing and production environments. But as organizations continue to adopt CI/CD - there is an increasing number of attacks on the pipelines.

In this episode we spoke with Guy Flechter, Co-founder and CEO at Cider Security - on CI/CD relevant threats and risks and incidents that happened in the past and things we can learn from them.

Guest: Rob Hirschfeld

Guest Title: CEO & Co-Founder at RackN

Topic: Automating Infrastructure Pipelines

Language: English

Abstract

In modern applications, Infrastructure automation is an important piece in the puzzle. Manual infrastructure management and security tasks in the volume required for modern application will probably lead to mistakes, misconfigurations and non compliance platforms.

In this episode we spoke with Rob Hirschfeld, CEO and Co-Founder at RackN, about Infrastructure as code and how organizations should automate their infrastructure pipeline.

Guest: Leonid Sandler

Guest title: CTO, Armosec

Topic: Securing K8’s Deployments

Language: English

Abstract

As K8’s adoption grows and matures, we sat down with Leonid Sandler, CTO and Co-Founder of ARMO, to talk about K8’s security - starting from the shared responsibility model, going through the initial configuration and deployment, and all the way to building a runtime protection solution.

ARMO github page - https://github.com/armosec/kubescape