S1:E7 - Interview with Aaron and Raphael at Cockroach Labs - Part 2

Data & Dev with Jon and Mel

English - November 23, 2021 02:54 - 33 minutes - 30.8 MB - ★★★★★ - 3 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: S1:E6 - Interview with Aaron and Raphael at Cockroach Labs

Next Episode: Episode 8: Season Recap

Show Notes

Security is about tradeoffs

Security is a business decision

Product and Security persons need to understand each other. The correct solution depends on understanding how a user is interacting with your platform

New risks in cloud databases

Traffic to databases is now over the internet

Users care about confidentiality and predictability

New role: database programmers now need to build security controls.

Reliability concerns are security concerns

Any potential malfunction is a security concern

Support engineers: new dimensions. How much access do they need to provide the needed support vs. how much access is a customer comfortable providing to receive that support

Entryways into security route

* If not already working in security domain: find anything security adjacent

* exploit exercises

Step out of your comfort zone

Software engineers are not coming with a security background. The way to bridge this gap is from an analysis mentality.

Ask ‘what if…’

Program defensively. Expect errors and program to handle those errors

Records of truth vs. support systems. Technologies that are used on their own vs support other technologies

Location of data concerns

Sharding

Location agnostic: Serverless

Raphael on how to develop, find and create opportunities to a security path