Silver Lining IL

Guest: Sam Sehgal, Co-Chair for the CSA DevSecOps working group and program Lead - DevSecOps Strategy and Architecture, Dell Language: English   Abstract DevSecOps, the integration of security practices into the DevOps methodology, has become a prominent topic in the field of information security in recent years. This approach emphasizes the collaboration between development, operations, and security teams throughout the software development lifecycle. In this episode, we had the opportunity to speak with Sam Sehgal, co-chair for the DevSecOps Working Group (WG) at the Cloud Security Alliance (CSA). Sam shed light on the six pillars that form the foundation of the DevSecOps methodology and highlighted the vital role played by the WG in driving the integration of security practices within the realms of DevOps and cloud computing.

Guest: Ludovic Perret, Associate Professor at Sorbonne University & Co-founder of CryptoNext Security and Bruno Huttner , Director of Quantum Strategic Initiatives at ID Quantique Language: English   Abstract The Quantum-safe security working group is a Cloud Security Alliance research wg that was created to promote awareness and education on the challenges of Quantum computing. In this episode we spoke to the working group leaders in order to better understand Quantum security challenges and how the security  community can overcome these challenges.  This is the first episode in a series of episodes that will be dedicated to CSA research efforts and the working groups that produce the next generation best practices and researches.

Guest: Shahar Geiger Maor Guest Title:  CISO at DarioHealth Language: English   Abstract Many of the CISOs are often approached by early stage startups asking to be given a chance. Is it worth it? isn't it too risky?  Working with security start-ups can assist the CISO’s to accomplish their goals with many benefits, as long as risks are mitigated. In this episode we spoke with Shahar Gaiger Maor, CISO at DarioHealth to summarize how security startups can be your weapon of choice as a CISO. Link: https://www.linkedin.com/pulse/security-start-ups-design-shahar-geiger-maor

Guest: Vladi Sandler, Co-Founder & CEO, Gafnit Amiga, VP of Research, Lightspin Topic: Researching Cloud giants security mechanisms  Language: English   Abstract The leading cloud providers these days are storing growing parts of human knowledge and businesses , and therefore their services require to be top notch in security and most of the time, they actually provide very resilient security services. But every now and then, a talented security researcher finds vulnerabilities even on the most mature services - In this episode we spoke with Vladi Sandler & Gafnit Amiga from Lightspin regarding the AWS RDS vulnerability they recently discovered and what is the process of researching cloud provider vulnerabilities and how to do responsible disclosure.  As a bonus, we also discussed the open-source tools released by Lightspin and the way they can help organizations protect their cloud resources.   https://blog.lightspin.io/aws-rds-critical-security-vulnerability https://recon.cloud  -  Free CNAPP tool https://github.com/lightspin-tech/red-detector - EC2 vulnerability scanner  https://github.com/lightspin-tech/red-kube - K8S Adversary Emulation

Guest: Boris Gorin Guest Title: CEO & Co-Founder at Canonic Topic: Analyzing SaaS Applications Threats Language: English   Abstract The 2022 history of security incidents proved that SaaS services present major security challenges for organizations. As SaaS adoption grows - more attack vectors are being discovered. In this episode we spoke with Boris Gorin, Co-founder and CEO at Canonic about the attack vector of malicious apps inside SaaS services and the Canonic AppTotal portal for analyzing 3rd party applications.

Guest: Guy Flechter Guest Title: CEO & Co-Founder at Cider Security Topic: Threats on CI/CD pipeline  Language: English   Abstract The main attraction point in cloud for most organizations is the ability to produce scalable and resilient applications - faster. One of the main foundations for that is the ability to create CI/CD pipelines that will automate the integration of new code to old code and the deployment of the code to the various testing and production environments. But as organizations continue to adopt CI/CD - there is an increasing number of attacks on the pipelines. In this episode we spoke with Guy Flechter, Co-founder and CEO at Cider Security - on CI/CD relevant threats and risks and incidents that happened in the past and things we can learn from them.

Guest: Rob Hirschfeld  Guest Title: CEO & Co-Founder at RackN Topic: Automating Infrastructure Pipelines Language: English   Abstract In modern applications, Infrastructure automation is an important piece in the puzzle. Manual infrastructure management and security tasks in the volume required for modern application will probably lead to mistakes, misconfigurations and non compliance platforms.  In this episode we spoke with Rob Hirschfeld, CEO and Co-Founder at RackN, about Infrastructure as code and how organizations should automate their infrastructure pipeline.

Guest: Leonid Sandler Guest title: CTO, Armosec Topic: Securing K8’s Deployments Language: English   Abstract As K8’s adoption grows and matures, we sat down with Leonid Sandler, CTO and Co-Founder of ARMO, to talk about K8’s security - starting from the shared responsibility model, going through the initial configuration and deployment, and all the way to building a runtime protection solution.  ARMO github page - https://github.com/armosec/kubescape

Guest: Niv David Guest title: Customer Cyber Security Director, Ericsson North America; Fellow & Lecturer, Yuval Ne'eman Workshop for Science, Technology and Security, Tel-Aviv University  Language: English   Abstract The 5th generation of cellular networks is not just an upgrade of previous generations such as LTE. 5G is changing the cellular networks infrastructure, deployment, orchestration, operations and security. 5G infrastructure, and Private Networks, blur the traditional distinction between IT, 3GPP, Wi-Fi and Cellular, providing incredible functionality, while creating new challenges. In this episode we spoke with Niv David, Customer Cyber security director at Ericsson North America, about the innovation of 5G networks and how it is changing the networking infrastructure and cloud usage.

Guest: Ravid Circus Guest title: Co-Founder, Seemplicity Language: English   Abstract As organizations develop more software, and in faster cycles, greater responsibility is laid on security teams who have a full-stack responsibility for infrastructure, applications, IT services and many other aspects in the business. In this episode we spoke with Ravid Circus co-founder and CPO at Seemplicity to understand how security teams can efficiently scale their risk reduction efforts and interact with their counterparts productively by using digital workflows  for security operations.

Guest: Alex Gestin Guest title:  CISO, Riseup Language: English   Abstract The growing number of fintech companies represent a shift in the market from traditional banking &  financing to new models and tools that are empowered by technology. But fintech companies face security challenges - they need to provide customers and financial partners with assurance & security at a level of giant institutes - while being young and small companies. In this episode we spoke with Alex Gestin, CISO for Riseup - about the challenges of Fintech companies and how Riseup builds environments that provide assurance and trust with regulators, consumers and other banks.

Guest: Yan Michalevsky Guest title:  Co-Founder and CTO at Anjuna Language: English   Abstract Confidential computing is one of the more interesting technologies that is developed today. The combination of using secure hardware features, advanced cryptography with tight virtualization integration enables us to protect data at untrusted environments and protect from very illusive threats such as government access and malicious insiders. In this episode we spoke with Yan Michalevsky, Co-Founder and CTO at Anjuna, regarding confidential computing and why we should pay attention to it.

Guest: Oren Penso Guest title: Senior Product Line Manager, VMware Language: English   Abstract As k8’s adoption grows and flourish, organizations are starting to ask themselves how they should manage the complex network settings inside K8’s. Services mesh is a technology that adds a layer of networking & security capabilities on top of traditional K8’s environment. In this episode we discuss service mesh technology, its past and its future with Oren Penso, Senior product line manager in VMware and he provided us with interesting insights on the future on networking & microservices architecture.

Guest: Alex Peleg Guest title: Co-founder and CVO at Cynergy Language: English   Abstract Small and medium businesses are currently the most vulnerable sector in the market. They don’t have the knowledge and awareness to secure their own operations, and security vendors and IT services companies often neglect this sector. In this episode we spoke with Alex Peleg, CVO at Cynergy, on the challenges of securing SMB and how regulators, Security vendors and the security community should bridge the gap of knowledge and awareness in the SMB market.  

Guest: Omri Segev Moyal Guest title: Co-Founder and CEO at Profero Language: English   Abstract Incident response and forensics of cloud breaches is one of the most challenging topics in Information security. In this episode, (recording date Aug 2021) Omri Segev Moyal, co-founder & CEO at Profero, shares fascinating stories regarding recent incidents his team was involved in and provides insights, recommendations and best practices that are really eye opening for any organization out there.   

Guest: David W. Schropfer Guest Title: Host of DIY Cyber Guy Podcast Abstract:  Many IT & security professionals are asking what Is the best way to enter the world of cloud computing. In this episode we continue our conversation with David W. Schropfer from DIY cyber guy  about the cloud computing career paths  

Guest: David W. Schropfer Guest Title: Host of DIY Cyber Guy Podcast Abstract:  Many IT & security professionals are asking what Is the best way to enter the world of cloud computing. In this episode we had the privilege of cooperating with David W. Schropfer from the successful podcast DIY cyber guy to discuss the career paths that are relevant for beginners or experienced professionals who wish to explore how cloud computing can promote their career.

Guest: Hemi Gur-Ary  Guest Title: Co-Founder & CEO at VATA Abstract:  Various organizations around the world are struggling to build & mature their devsecops operations. DSOM (Devsecops Maturity Model) is an OWASP project designed to help organizations plan and prioritize their devsecops strategies. In this episode, Hemi Gur-Ary, co-founder at VATA and senior devsecops consultant, shares his insights about DSOM and how organizations can use it for reshaping their devsecops practices.  

Guest: Eran Leib (vp product), Maor Goldberg (CEO) Guest Title:  Founders at Apolicy (a sysdig company) Abstract: Infrastructure and policy as code is one of the hottest topics in security today. In this episode we spoke with Eran & Maor, founders at aPolicy (acquired by Sysdig shortly after the recording) ,  about cloud native security and how organizations should use automated policy templates for security CI/CD pipelines.  

Guest: Adam Gavish Guest Title: Co-Founder and CEO, DoControl.io Topic: Protecting SaaS services using automation & continuous monitoring Abstract: SaaS services are blooming and organizations are adopting more and more of them. In this episode, we hosted Adam Gavish, co-founder, and CEO at DoControl - an innovative startup that is reshaping the way we govern and monitor SaaS applications -  about the business case of SaaS services, the market gaps, and how organizations should catalog, protect and monitor their SaaS portfolio.