A Tale of Two Woes: Security and DevOps

Securing the Cloud with Zero Trust Architecture

Zero trust security has become a buzzword of sorts. Nonetheless, its principles are powerful and necessary in a digital world where the “Trust but verify” model is no longer enough. The threat landscape has significantly increased in the complex world of cloud computing, cloud-native applications, Kubernetes, microservices..etc. Designing and building your architecture with the “Never trust, always verify” mindset or rather the zero-trust principles can enable companies to build secure infrastructure and reap the promised benefits of all that is in the cloud. According to the 2020 Security Priorities Study [https://www.idg.com/tools-for-marketers/2020-security-priorities-study/], 28% of the security professionals surveyed were either piloting zero trust or had it in production and 40% claim it’s on their plan. In this episode of the SaC, we will discuss with Daniel Feldman, Zero Trust Architecture, the SPIFFE and SPIRE project, and what the future holds for zero-trust networks.  Some of the questions we tackle in this episode are: * What is Zero Trust and what does it mean for organizations? * The importance of zero-trust security for hyperscalers (such as Google and Amazon). * How the regulated industries (such as Fintech and Healthcare) need zero trust * SPIFFE and SPIRE Project: how it started and where it is now. * How does the future of zero trust architecture ABOUT OUR GUEST Daniel Feldman [https://www.linkedin.com/in/dfeldman/]is a cloud security architect at Hewlett Packard Enterprise. He’s a member of the CNCF SPIFFE project for zero trust tooling and co-authored the book Solving the Bottom Turtle [https://spiffe.io/book/], a book presenting SPIFFE and SPIRE standards.

A CISO’s Take on How to Build a Security-First Culture

In this episode, Mo has a candid conversation with Kevin Eberman about security in the cloud-based infrastructure and applications, its challenges, and how to build a security-first culture in the workplace.  With a wealth of experience in the technology industry, Kevin has a lot of experience and stories to share revolving around: * The transition from DevOps to Security: the good, the bad, and the ugly * Cultural and on-the-ground challenges in adopting an information security leadership role * How to kickoff a security program in a FinTech company * How security, teams, ops, and developers should collaborate to build cyber-resilient infrastructure ABOUT OUR GUEST Kevin Eberman [https://www.linkedin.com/in/kevin-eberman-12a413/] is currently the  Senior Director of Information Security at MineralTree.  A veteran in the technology space, Kevin has over 20 years of experience managing information, security, operations, and IT groups. For more info check The SaC Podcast at Magalix [https://www.magalix.com/thesac]

A Tale of Two Woes: Security and DevOps

In recent years, the risk landscape has changed drastically. Cyberattacks are rising in frequency, complexity, and impact as attackers take advantage of security risks to infiltrate enterprise infrastructure. As such, more organizations are amending their business priorities to include cybersecurity strategies. That pushed companies to think differently about the role of security and their engagement with the rest of the organization. Some have specialized ops and security teams. Others have roles combined in the same team. The number one challenge is helping teams working together from different disciplines. In this episode of the SaC, Mo, Magalix CEO and co-founder, talks to Peter Samaan [https://www.linkedin.com/in/peterjsamaan/], an Infrastructure Engineering Manager at Remitly, about building and maintaining a secure infrastructure in the DevOps world. We tackle different topics, such as: * Should DevOps be security-aware? * How people-related factors pose the greatest challenges to DevOps initiatives * Peter’s experience in leading the infrastructure Operations team at Remitly * What should be the security team's priority and focus on enabling a healthy DevSecOps culture? For more info check The SaC Podcast at Magalix [https://www.magalix.com/thesac]

Deep Dive in Policies and Where they can be Applied?

Most of the major cloud providers offer dozens of services and products. AWS alone has more than 200 products and services at the time of this episode. As a matter of fact, a company uses on average 20 to 30 cloud services and products. With all the possible ways things can go wrong with these services, the operational and security complexity is exponentially increasing.  We are discussing in this episode how codified policies can help these three functions work harmoniously. Some of the discussed points: * What does policy as code mean in simple terms? * Is there a correlation between the increased complexity of cloud infrastructure and the rising popularity of codified policies? * What problems does policy as code solve for engineering teams? * Who is policy as code built for? * How can codified policies help engineering teams work closer together? About this episode's guest Tony has been on quite a journey. With over 20 years of experience, Tony has played virtually every role in technology, beginning with telephone tech support. In 2016, as Cofounder & CTO, he raised over 4 million USD in venture capital to help content creators earn sustainable wages. Based on his experiences, he's written a book about his leveraging values when building and growing technical teams in startups. Currently, he's a Solutions Architect at Magalix securing digital transformations for Cloud-Native businesses. For more info check The SaC Podcast at Magalix [https://www.magalix.com/thesac]

What is Security-as-Code?

In this episode of the SaC podcast, I held a casual conversation with Ahmed Badran, CTO, and co-founder of Magalix, about Security-as-Code and why it matters to build the right DevSecOps culture in your team We will get Badran's take on DevSecOps, Security-as-Code, and how companies can leverage the power and convenience of the cloud, both sustainably and securely.  In other words, how to balance security with operational agility. Modern Security Practices - 7000 years old! While we might think of the reduced attack surface security practice as a modern invention or technique, the ancient Egyptian civilization tells a different story.  Listen to the podcast to learn how the old Egyptians applied something similar to the IT firewalls to protect the tombs of the pharos. ABOUT OUR GUEST: Ahmed Badran is the CTO and Co-Founder of Magalix Corporation.  He comes with a wealth of experience in all that cloud. He's working at AWS back in its early days, Disney, Blue Origin, among a few other companies. For more info check The SaC Podcast at Magalix [https://www.magalix.com/thesac]