Cloud Security Today artwork

AppSec: Engineering, Attackers, and Defense

Cloud Security Today

English - August 21, 2023 10:00 - 50 minutes - 34.6 MB - ★★★★★ - 13 ratings
Technology devsecops cloud security cloud aws azure google supply chain Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Securing Democracy: DNC's Cyber Cop
Next Episode: SBOMs: Good but less than a silver bullet

Episode Summary

In today’s episode, AppSec CTO at Palo Alto Networks, Daniel Krivelevich, joins Matt to talk about AppSec for the modern engineering ecosystem. Daniel is a Cybersecurity expert and problem solver with a proven track record from working with numerous enterprises across several different industries, with a focus on Application and Cloud Security. He has served in the Intelligence Corps of the IDF, 8200, as a Security Specialist at LivePerson, and as the Cloud & Application Security Lead at Sygnia. He is also the Co-Founder of Cider Security, which was acquired by Palo Alto Networks in December 2022.

Today, Daniel talks about how his views have been shaped by his experience on both sides of the equation, the rapid pace of software development, and the role of codification. Why is visibility such a vital part of mitigating threats? Hear about the changing role of security, the struggle with maintaining cybersecurity 101, and Daniel’s recommended sources to stay up to date.

 

Timestamp Segments

·       [02:43] How Daniel’s experiences have shaped his AppSec views.

·       [09:27] The software engineering paradigm shift.

·       [12:24] The role of security.

·       [16:42] Is it realistic for security to keep up with software development?

·       [20:27] How the engineers’ freedom of choice impacts security.

·       [26:14] The role of codification to reduce the attack surface.

·       [30:21] Tools as targets.

·       [34:47] How to mitigate threats of the increasingly complex ecosystems.

·       [39:21] What’s next?

·       [44:40] The struggle with cybersecurity 101.

·       [47:03] How Daniel stays sharp.

 

Notable Quotes

·       “The attacks that abuse the engineering ecosystem, they’re not theory anymore.”

·       “The challenge is helping defenders focus on what matters.”

·       “Attackers always choose the path of least resistance.”

·       “Once you have that visibility, you are usually capable of significantly reducing your attack surface.”

·       “It’s not the zero days that are what’s leading.”

 

Relevant Links

Website:          www.paloaltonetworks.com.

LinkedIn:         Daniel Krivelevich.

 

Resources:

AppSec for the Modern Engineering Ecosystem.

Secure applications from code to cloud.
Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.