Episoder
-
Join us this week as we host Eric Fourrier, co-founder and CEO of GitGuardian. Discover the journey of GitGuardian from a side project to a leading code security platform. Eric shares insights on the startup's growth, the integration of AI in security, and the future of protecting digital assets. Tune in for an engaging discussion on advancing code security in our digital world.Show Notes:GitGuardian https://gitguardian.comState of Secrets Sprawl Report https://www.gitguardian.com/state-of-secrets-sprawl-report-2024 GitGuardian Blog https://blog.gitguardian.comEric Fourrier Socials Linkedin: https://www.linkedin.com/in/ericfourrier/inro: 0:00 Origin of GitGuardian: 0:55Why wasn't secrets detection a big problem: 5:08State of Secrets Sprawl Report: 09:50 Can we solve secret leakage: 18:08Finding secrets outside source code: 22:22The evolution of GitGuardian: 25:18Single pane of glass: 30:15The problem of remediation: 32:55The role of AI in security tools: 36:10Best and Worst: 42:25
-
Today we dive into the challenges of securing modern IT infrastructures, focusing on "Secret Zero" and its implications for authentication practices. Our guest, Mattias Gees of Venify, discusses the SPIFFE framework and its role in transitioning from traditional security methods to dynamic workload identities. We explore practical strategies for implementing SPIFFE to enhance digital security across cloud environments. Join us for a comprehensive look at evolving cybersecurity measures and the future of identity management.
Show Notes:
Mattias Social Links
Linkedin - https://www.linkedin.com/in/mattiasgees/
Twitter (X) - https://twitter.com/MattiasGees
You also might like our episode with Uri Sarid - https://www.youtube.com/watch?v=reKbGE1c5IgIntroduction: 0:00 What is secret zero: 1:39 Why is machine identity so hard: 4:15 The machine identifies vs user identities: 11:06 What is SPIFFE? (Secure Production Identity Framework for Everyone): 14:20 SPIFFE fundamentals/architecture: 17:15 GitGuardian: 20:08 How to implement SPIFFE: 21:00Why we aren't leveraging identify best practices: 26:40 Will SPIFFE be the future? 27:27Secrets Managers vs SPIFFEE: 31:05Venify and identify management: 32:38 Best and worst security advice: 38:28 Wrap up: 41:00
-
Mangler du episoder?
-
This week, we dive deep into the world of Kubernetes with John Dietz, co-founder of Kubefirst and a seasoned IT professional with over two decades of experience. John shares his extensive insights into the transformative power of Kubernetes and infrastructure as code (IaC) in modern cloud environments. Reflecting on his personal journey from skepticism about containerization to embracing Kubernetes. John discusses the critical role of governance and security in successfully deploying and managing cloud-native technologies. We also explore challenges and strategies for integrating security practices into DevOps, ensuring robust governance, and leveraging IaC for efficient and secure infrastructure management. Whether you're an IT veteran or new to the field, join us as we unpack the complexities of Kubernetes, security through governance, and the future of cloud-native platforms.Show Notes: Kubefirst: https://kubefirst.io/Johns articles on The News Stack https://thenewstack.io/author/john-dietz/John Dietz sociales X (Twitter): https://twitter.com/vitamindietzLinkedin: https://www.linkedin.com/in/jd-k8s/Introduction: 0:00Kubernetes skeptic to advocate: 1:09Governance in Kubernetes & IaC: 8:30Who owns security with IaC and K8: 24:36Common K8 mistakes: 32:16 Why care about Kubernetes: 38:23 Best and worst: 47:15 Links and show notes: 54:22
-
In this episode we dive deep into the world of authorization with Emre Baran, CEO and co-founder of Cerbos. As a seasoned entrepreneur and software expert, Emre brings over 20 years of experience to the table, discussing the subtle yet significant distinctions between authorization and authentication, and why these concepts are pivotal in today's cloud-based and development environments.In this discussion, Emre explains why many organizations still grapple with these issues in 2024, highlighting common pitfalls in security practices and offering insights into the sophisticated challenges of implementing fine-grained access control. He also shares his views on the evolving landscape of regulatory standards and introduces us to "Cerbos," his solution designed to streamline and secure authorization processes efficiently.Show Notes Learn about Corbos: https://www.cerbos.dev/Cerbos GitHub: https://github.com/cerbos/cerbosFollow Emre Baran X / Twitter - https://twitter.com/emreLinkedin: https://www.linkedin.com/in/emrebaran/ Time Stamps Intro: 0:00Why are we still struggling with authz: 1:12Difference Authentication &Authorization: 6:16 What is Cerbos?: 9:35 The auth trap: 11:58 Is it scalable: 13:20: Scaling Auth Who owns auth: 16:31Regulation and compliance: 20:32 GitGuardian: 22:12 What is ZSP (Zero standing Privileges): 23:00Best and Worst: 28:00 Links and followup: 32:00
-
In this engaging episode of "The Security Repo," host Dwayne McDaniel and esteemed guest Rachel Stephens, delve into the rapidly evolving world of security tooling, with a special focus on the buzz around Application Security Posture Management (ASPM). They tackle the complexities and confusions surrounding the burgeoning category of security solutions, offering listeners a clear-eyed view of what ASPM means for developers, security professionals, and the tech industry at large. Through a candid and enlightening conversation, they explore the history and potential future of security practices, the push towards simplification and consolidation of tools, and the real challenges of effectively managing security risks in today's dynamic digital environments. Join us for a thought-provoking discussion that demystifies ASPM and provides valuable insights into the direction of security tooling and practices.Show Notes: Learn more about ASPM - https://blog.gitguardian.com/good-application-security-posture-requires-good-data/Learn more about RedMonk https://redmonk.com/ Listen on Spotify: https://open.spotify.com/show/2emgX3m3dJSzlmAG3axBGa Listen on Apple Podcasts: https://podcasts.apple.com/us/podcast/the-security-repo/id1634401017
-
In this episode of The Security Repo podcast, we dive deep into the evolving landscape of security within software development with our guest, Rachel Stephens, a senior analyst at RedMonk. Rachel sheds light on the broader implications of the "shift left" movement, emphasizing the integration of security practices throughout the entire software development lifecycle rather than viewing it as an isolated final step. This conversation explores how developers and security professionals can work together more effectively, the role of tools in aiding or hindering this collaboration, and the importance of understanding security from a holistic viewpoint. With insights into the latest trends, challenges, and solutions in securing our software development processes, this episode is a must-listen for anyone interested in the intersection of development, security, and industry analysis.Show Noteshttps://redmonk.com/ Introduction: 0:00Analyst Role / RedMonk: 2:18Shift Lift: 4:27 Dev and Sec in Conflict: 6:20 Shift Left Where?: 9:35 What about micro applications?: 11:08What is Shift Right?: 15:15GitGuardian:20:22How do you Shift Left?: 21:20 Measure what matters: 25:20Best and Worst Advice: 27:30RedMonk: 29:39
-
This week, join us as we sit down with Huxley Barbee, the lead organizer of B-Sides New York City and a security evangelist at RunZero. With over two decades of experience as a software engineer and security consultant, Huxley shares his profound insights and journey through the evolving landscape of cybersecurity.From his early days attending DefCon in 1999 to spearheading B-Sides conferences that champion technical excellence, community engagement, and accessibility, Huxley's story is one of passion, dedication, and innovation. He offers a fresh perspective on the recent shift of DefCon to the Las Vegas Convention Center and recounts memorable anecdotes that highlight the unique culture of hacker communities.Moreover, Huxley sheds light on the critical topic of exposure management, moving beyond traditional vulnerability scanning to encompass advanced techniques and strategies for securing modern networks. His advice on asset inventory and the importance of understanding your network's vulnerabilities is indispensable for both seasoned professionals and newcomers to the field.So, whether you're a cybersecurity veteran, an aspiring hacker, or simply curious about the digital world's inner workings, this episode is packed with valuable insights, fascinating stories, and practical advice. Don't miss out on this deep dive into the challenges and triumphs of securing our digital future with Huxley Barbee.
-
This episode of The Security Repo Podcast features an insightful discussion with Gregory Zagraba on the challenges and strategies of integrating security practices within the DevOps landscape. Covering the evolution of DevOps, the emergence of DevSecOps, and the importance of a culture shift in large organizations, the conversation delves into practical advice on automation, the significance of backups, and fostering a security-conscious mindset. Through real-world examples and expert insights, the episode sheds light on creating robust, secure systems in the fast-paced world of software development and data protection.
Show Notes:
Git Protect https://gitprotect.io/
Git Protect Blog https://gitprotect.io/blog/
-
In this episode of the Security Repo podcast, listeners will dive into the intriguing world of hacking the hackers with Vangelis Stykas. Stykas, a notable figure in cybersecurity, shares his experiences and methodologies for compromising C2 servers—central nodes used by hackers to control malware-infected computers. He reveals how simple web application vulnerabilities can lead to significant breaches in the security of these servers. The discussion also covers the ethical and legal nuances of Stykas' work, including the challenges and risks involved in targeting these digital underworld operatives. Additionally, Stykas touches on his professional journey, including his role as the CTO of Atropos, a company specializing in web application and API security. This episode promises to uncover key discoveries about the shadowy aspects of cybersecurity and the ongoing battle between hackers and those who hack them.Show Notes:Atropos - https://atropos.ai/Stalking the Stakers Blog Post - https://atropos.ai/stalking-the-stalkers/ DefCon Talk - https://www.youtube.com/watch?v=fMxSRFYXMV0Social Media X.com - https://twitter.com/evstykas Linkedin - https://www.linkedin.com/in/vangelis-stykas/
-
In this episode, we delve into the mind of Erik Cabetas, a renowned figure in offensive security and Defcon CTF winner. Erik shares his unique journey from hacking to offensive security, detailing the critical turning points that shaped his career. Together with Mackenzie and Dwayne, Eric discusses the evolution of security practices, the importance of ethical hacking in today's digital world, and offers some advice for aspiring hackers. Join us to explore the fascinating intersection of technology, ethics, and security through Erik's expert lens.
-
In this episode of The Security Repo, Jayson E. Street delves into his unconventional journey into cybersecurity, emphasizing the essence of hacking as a manifestation of curiosity rather than mere technical skill. He shares anecdotes from his extensive experience in ethical hacking, including bank heists and corporate security breaches, to underscore the importance of creative problem-solving in security. Street also critiques the narrow perceptions of hacking, advocates for diversity in the security field, and offers unconventional advice for enhancing corporate security awareness. His stories, ranging from audacious exploits to thoughtful reflections on personal and professional growth, provide a compelling narrative on the importance of thinking outside the box in cybersecurity.
More links on Jayson
Hacker Answers Penetration Test Questions From Twitter https://www.youtube.com/watch?v=6i-84wqc_qU
Penetration tester Jayson E. Street helps banks by hacking them https://www.youtube.com/watch?v=02Vf3NjTPsI
Social Links
X - https://twitter.com/jaysonstreet
Linkedin - https://www.linkedin.com/in/jstreet/
-
In this episode of "The Security Repo," hosts Dwayne McDaniel and Mackenzie Jackson delve into the intricate world of cybersecurity with Buck Bundhund, an expert from Centripetal Networks. The conversation kicks off with an exploration of the pervasive issue of data noise – the influx of non-intended data into organizational networks, posing significant challenges for security operations.Buck sheds light on the complexities of distinguishing between legitimate and illegitimate traffic and the detrimental effects of alert fatigue within security teams. Through real-world examples and insights, the discussion unfolds to reveal the limitations of traditional security tools in handling the massive volume and dynamic nature of data noise.Listeners gain valuable insights into innovative strategies employed by Centripetal Networks, leveraging comprehensive threat intelligence and AI to filter out illegitimate traffic effectively. Buck underscores the importance of not only technological advancements but also human intuition and analysis in identifying and mitigating security threats.Join "The Security Repo" team as they navigate the ever-evolving landscape of cybersecurity, offering practical perspectives and solutions to combat data noise and enhance security posture in today's digital age.Links: Buck on Linkedin https://www.linkedin.com/in/buck-bundhund-8496862/Centripetal Networks https://www.centripetal.ai/
-
In security you have likely heard the expression turtles all the way down, the concept the world is held up on the back of a turtle who is standing on the back other another turtle, and so on.. This can be used to describe the current state of security, where everything can dramatically fall over if the bottom turtle fails. In this episode, we discuss solving the bottom turtle, solving authentication.
Our guest Ethan Heilman has a PhD in Computer Science and the current CTO of BastionZero where he is currently working on Open PubKey, a protocol for leveraging OpenID Providers (OPs) to bind identities to public keys.
Links:
OpenPubkey - https://github.com/openpubkey/openpubkey
BastionZero - https://www.bastionzero.com/
Social Connections for Ethan
Masterdon - [email protected]
X - @Ethan_Heilman
-
In this episode, James Berthoty shares insights into his project, Latio Tech, which provides a comprehensive list of cloud security tools and resources. James highlights the challenges of vendor assessments and the importance of bridging knowledge gaps in cloud security. He also shares trends in the security tooling industry and offers advice for smaller teams or organizations with limited budgets seeking effective security solutions. This episode is perfect for anyone looking into purchasing new security tools or wanting to understand the purchasing process.Show Links:Latio Tech - https://www.latio.tech/James Linkedin - https://www.linkedin.com/in/james-berthoty/
-
In this episode, Mackenzie and Dwayne dive into a discussion on API security with special guest Isabelle Mauny, co-founder and CTO of 42Crunch. We walk through the differences API security has compared with traditional application security, and its growing importance in today's technology landscape. We also have a discussion about the challenges and risks associated with API security, the need for developers to be actively involved in securing APIs, and the tools and practices that can help integrate security into the development workflow. Show Links 42Crunch website - https://42crunch.com/42 Crunch Blog - https://42crunch.com/blog/Isabelle Mauny Linkedin - https://www.linkedin.com/in/isamauny/ Quote's from the episode "It's shift left not shove left" - Isabelle Mauny"The minute you put something on the Internet, it is public." - Isabelle Mauny"Shift left is not about saying to the developers, 'You're responsible for one more thing, which is security.' It's about giving them the tools that fit into their workflow." - Isabelle Mauny
-
In this episode of The Security Repo, Mackenzie Jackson sits down with Nipun Gupta, the Chief Operating Officer of Bearer, a leading security company at the forefront of innovation in the cybersecurity landscape. Join us as we delve deep into the world of Static Application Security Testing (SAST) and explore why traditional SAST tools are struggling to keep pace with the demands of modern development environments.In today's fast-paced software development ecosystem, developers are continuously seeking ways to improve code quality, enhance security, and accelerate their workflows. However, traditional SAST tools often fall short, failing to meet the specific needs of developers. Nipun Gupta sheds light on these challenges and discusses how Bearer is breaking new ground by redefining SAST for the modern era.Discover the fascinating insights and solutions that Bearer brings to the table, making SAST more accessible and effective for developers. Learn how their innovative approach is not only improving code security but also enabling AI-generated code to be more secure and trustworthy. Uncover the synergy between SAST and AI in this thought-provoking episode and gain valuable insights that can help your organization stay ahead in the ever-evolving cybersecurity landscape.Tune in to "Revolutionizing SAST: Bridging the Gap for Modern Developers with Nipun Gupta" to stay informed and inspired in the realm of cybersecurity and software development.Follow Nipun on Linkedin - https://www.linkedin.com/in/guptanipun/Learn more about Bearer today at - https://www.bearer.com/
-
In this episode of "The Security Repo," your hosts Mackenzie Jackson and Dwayne McDaniel are joined by a distinguished guest, Dan Barahona, as they embark on an eye-opening exploration of API security. As the digital landscape evolves at breakneck speed, APIs (Application Programming Interfaces) have become the backbone of modern applications, making them an attractive target for cyber threats.Join the conversation as Mackenzie, Dwayne, and Dan delve into the fundamentals of API security and why it has emerged as an integral aspect of both application security and the broader realm of cybersecurity. Discover the ins and outs of protecting these crucial gateways, learn about the common vulnerabilities that threat actors exploit, and gain insights into best practices and cutting-edge strategies for fortifying your digital fortress.Whether you're a developer, a security professional, or simply curious about the ever-evolving world of cybersecurity, this episode promises to provide you with invaluable knowledge on API security and equip you with the tools to safeguard your digital assets. Tune in to "The Security Repo" for an illuminating discussion that could mean the difference between vulnerability and resilience in our interconnected digital world.AppSec University: https://www.apisecuniversity.com/Dan Barahona Linkedin: https://www.linkedin.com/in/rdbarahona/
-
In this episode of The Security Repo, your hosts Mackenzie Jackson and Dwyane McDaniel are joined by the brilliant Reanna Schultz, a seasoned expert in the field of cybersecurity. Together, they delve deep into the world of social engineering, exploring what it is, how to detect it, and crucially, how to arm your staff against its deceptive tactics.Social engineering is a crafty, manipulative art used by cybercriminals to exploit human psychology. Our trio dissects the various techniques employed by malicious actors, shedding light on the ever-evolving landscape of digital deception. Learn how to recognize the red flags and protect your organization from falling victim to these cunning ploys.But that's not all; in this episode, we also peer into the fascinating intersection of artificial intelligence and cybersecurity. Discover how AI is shaping the cyber landscape and making it harder to detect social engineering activities. Join us for an enlightening conversation that's essential for anyone navigating the complex world of cybersecurity. Tune in to "Unmasking the Shadows: Social Engineering, AI, and Cybersecurity" and fortify your defenses against the lurking dangers of the digital realm.Show Links:Follow Renna on Linkedin - https://www.linkedin.com/in/reanna-schultz/ GitHub Phising Simulation - https://github.com/reannaschultz/PhishingSimulation/wiki
-
In this eye-opening episode of The Security Repo, we welcome James Wickett, the CEO and co-founder of DryRun Security, a visionary in the realm of cybersecurity. James unveils a groundbreaking concept known as "Contextual Security," a game-changer that empowers developers with unprecedented security insights while they write code.As our hosts and cybersecurity enthusiasts Mackenzie and Dwaybne guide the conversation, James delves into the heart of Contextual Security, offering listeners an inside look at how this innovative approach is transforming the way developers view and implement cybersecurity in their projects. Discover how Contextual Security is redefining the role of developers in the fight against cyber threats.James also takes us on a journey through the realm of artificial intelligence, sharing his insights on its pivotal role in the future of cybersecurity. As he paints a vivid picture of the evolving threat landscape, you'll gain valuable perspective on why traditional security measures are falling short, particularly for developers.Don't miss this engaging and thought-provoking episode as we explore the forefront of cybersecurity with James Wickett, a trailblazer whose mission is to equip developers with the tools and knowledge they need to fortify their code against today's evolving threats. Tune in to "The Security Repo" and be prepared to redefine your understanding of cybersecurity in the digital age.
Show Links:
https://www.dryrun.security/
James personal webiate https://wickett.me
Linkedin: https://www.linkedin.com/in/wickett/
-
In this captivating episode of The Secuerity Repo, we delve into the world of physical security with our esteemed guest, Brice Self. With over a decade of experience in the field, Brice brings a wealth of knowledge and real-world insights to the table.This episode takes a deep dive into the intricate aspects of physical security, particularly in high-stakes environments like banking institutions. Brice shares his experiences and the strategies that have led him to a remarkable 100% success rate in penetrating security measures at various banks - a testament to his expertise and the critical vulnerabilities in existing security systems. Prepare to be enthralled by Brice's recounting of his most challenging break-ins, the creative tactics he employed, and the lessons learned from each successful operation. The discussion also touches upon the evolution of security measures, the importance of continuously adapting strategies, and the future of physical security in an increasingly digital world.
- Se mer
