![Data & Dev with Jon and Mel artwork](https://is1-ssl.mzstatic.com/image/thumb/Podcasts115/v4/89/e9/87/89e9875f-b315-0d46-57b7-cc40fb6e3027/mza_1590648930114699607.jpg/100x100bb.jpg)
S1:E7 - Interview with Aaron and Raphael at Cockroach Labs - Part 2
Data & Dev with Jon and Mel
English - November 23, 2021 02:54 - 33 minutes - 30.8 MB - ★★★★★ - 3 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Show Notes
Security is about tradeoffs
Security is a business decision
Product and Security persons need to understand each other. The correct solution depends on understanding how a user is interacting with your platform
New risks in cloud databases
Traffic to databases is now over the internet
Users care about confidentiality and predictability
New role: database programmers now need to build security controls.
Reliability concerns are security concerns
Any potential malfunction is a security concern
Support engineers: new dimensions. How much access do they need to provide the needed support vs. how much access is a customer comfortable providing to receive that support
Entryways into security route
* If not already working in security domain: find anything security adjacent
* exploit exercises
Step out of your comfort zone
Software engineers are not coming with a security background. The way to bridge this gap is from an analysis mentality.
Ask ‘what if…’
Program defensively. Expect errors and program to handle those errors
Records of truth vs. support systems. Technologies that are used on their own vs support other technologies
Location of data concerns
Sharding
Location agnostic: Serverless
Raphael on how to develop, find and create opportunities to a security path
Learn more about our guests.
Aaron Blum:
Previous interview: Database Security Capabilities of CockroachDB
Raphael Poss
Capture the flag:
Books:
---
Send in a voice message: https://podcasters.spotify.com/pod/show/data-and-dev/message