Access Control

In this episode, Intel Federal CTO Steve Orrin discusses securing edge devices, enabling trusted AI, and navigating cybersecurity challenges in the public sector. Discover strategies for protecting sensitive data, complying with regulations, and ensuring the trustworthiness of cutting-edge technologies critical to government missions.

In this episode of Access Control, we dive deep into the evolving world of security information and event management (SIEM) with Jack Naglieri, founder and CTO of Panther. Jack shares his insights on transitioning from traditional SIEM systems to modern, cloud-native approaches that leverage detection-as-code. Key topics include: - The importance of intentionality in security operations - Benefits of detection-as-code for governance, collaboration, and scalability - Challenges of monitoring diverse cloud environments and SaaS tools - Strategies for effective alert prioritization and reducing alert fatigue - Cost considerations and selling points for modernizing SIEM systems Jack emphasizes the need for a focused approach to security, starting with identifying an organization's most critical assets and potential threats. He discusses how detection-as-code can improve efficiency, collaboration, and adaptability in security teams. Whether you're a seasoned security professional or new to the field, this episode offers valuable insights on modernizing security operations for today's cloud-centric world. Join us for a thought-provoking discussion on the future of SIEM and practical tips for enhancing your organization's security postur

In this episode of the Access Control Podcast, Ben Arent sits down with Ben Burkert and Chris Stolt, the founders of Anchor Security, to discuss the challenges of managing internal TLS and how private CAs can help simplify the process. Ben and Chris share their experiences dealing with certificate-related outages and the frustrations that led them to start Anchor. They provide an in-depth look at the evolution of web cryptography, from the early days of SSL to the modern era of TLS and the impact of Let's Encrypt and the ACME protocol. The conversation also covers the benefits of using private CAs for internal PKI, including shorter certificate lifetimes, enhanced security, and improved developer experience. Ben and Chris introduce Anchor's new tool, lcl.host, which streamlines local TLS setup for developers. Throughout the episode, Ben and Chris offer practical advice for teams looking to implement internal PKI and MTLS, including best practices for certificate hierarchy design, tips for getting started, and the importance of testing your incident response and key rotation processes. Whether you're a developer, ops engineer, or security professional, this episode provides valuable insights into the world of internal TLS and how private CAs can help you secure your infrastructure more effectively. Tune in to learn from Anchor's experts and discover how to simplify your internal PKI management.

For this 22nd episode of Access Control Podcast, a podcast providing practical security advice for startups, Director of Product at Teleport Ben Arent chats with Rob Picard. Rob is the CEO of Observa, a company that can build and run your security program — helping early-stage companies improve their security, get compliant and ultimately help both secure and grow their businesses. Prior to starting Observa, Rob was a security lead at Vanta, a leading SOC2 compliance platform. Rob's experience bridges pentesting, app security, and varied experience from working in both B2B and B2C apps.

'Access Control,' where we explore the intricate landscape of cryptography and cybersecurity with our esteemed guest, Filippo Valsorda, a distinguished cryptography engineer and an influential open source maintainer. For this 21st episode of Access Control Podcast, a podcast providing practical security advice for startups, Director of Developer Relations at Teleport Ben Arent chats with Filippo Valsorda. Filippo is a cryptography engineer and open-source maintainer. From 2018 to 2022, he worked on the Go Team at Google and was in charge of Go Security. In 2022, he became a full-time open source maintainer and still maintains the cryptography packages that ship as part of the Go Standard library along with maintaining a set of cryptographic tools, such as mkcert, and the file encryption tool, Age. This episode covers cryptography, trust, security and open source.

A live interview with Ev Kontsevoy about the history of access controls and the future of identity-native infrastructure access.

is an enlightening podcast that delves into the world of the Open Computing Facility (OCF) at UC Berkeley. In this episode, the General Manager of OCF provides a detailed overview of the organization and its various roles, including running several software mirrors in the Bay Area. The discussion touches upon the mechanism of how users are automatically opted into the nearest geographical mirror and elaborates on the myriad other services that the lab supports. A significant portion of the conversation is dedicated to the open source projects run by the OCF, with a specific focus on the core services. The General Manager discusses the key infrastructure and security concerns faced by the organization, and how they employ open-source Teleport to address these issues. The podcast delves into the ongoing migration from the legacy tech stack to Teleport, highlighting the anticipated benefits of this transition. Listeners gain insights into the process by which OCF prioritizes which technology services to offer to the UC Berkeley community. The episode also shares success stories of how these services have positively impacted the community. Looking ahead, the General Manager sheds light on the potential evolution of the OCF, exciting new initiatives, and what might be next for them post-Berkeley. The podcast concludes with practical advice for other university labs and startups to improve access control, making this episode a must-listen for those interested in open computing and technology management in an academic setting.

For this 18th episode of Access Control Podcast, a podcast providing practical security advice for startups, Developer Relations Manager at Teleport Ben Arent chats with Yash Kosaraju. Yash is Chief Security Officer at SendBird. Sendbird's mission is to build connections in a digital world, providing APIs and services for chat products with API and tools to integrate into apps. This episode dives into how teams can build multi-layered security systems to go beyond zero-trust to let teams do their work but also provide checks

This panel will discuss how teams have scaled Teleport to support thousands of users and hundreds of servers.

Today we'll dive into how to plan, build and execute a platform team to help support a growing organization; while keeping systems as secure as possible.

Ben Arent interviews Alyssa Miller, a seasoned hacker, highly experienced security executive, and BISO at S&P Global Ratings.

Key topics on Access Control Podcast: Episode 14 - Securing CI/CD and Supply Chain - What is CI/CD? CI/CD stands for continuous integration, continuous deployment. - With regard to software supply chain problems, as with other similar problems, there's always the question of how long have we known about something versus how long has it been happening. - Continuous deployment is important for remediation because the length of time to push a deployment impacts the duration of exposure to a given security problem. - The SolarWinds incident was caused by a compromised build server and involved sophisticated loading of a backdoor into the deployed Orion system. - Prior to recent security incidents, traditional CI/CD's focussed around image and artifact scanning. Securing Tokens and Build Infrastructure have been a key part of the solution to keep CI/CD secure. - As companies string together a large number of tools, it's important for them to ask: What is the security model we have here? We'll discuss this in detail with this eposide.

Interview with Hisham Alhakim about FedRAMP, FISMA, Nist, FIPS, SBOM, Zero Trust, collaboration with engineers.

In this episode we go deep into SOC2, Cryptography and how to get started building a security practice.

For this 11th episode of Access Control Podcast, a podcast providing practical security advice for startups, Developer Relations Engineer at Teleport Ben Arent chats with Elvis Chan. Elvis is Assistant Special Agent in charge assigned to the San Francisco FBI Field office. Chan manages a squad responsible for investigating national security cyber matters and has over 14 years of experience in the bureau.

How Figma protects internal tools using off the shelf AWS services with Max Burkhardt, a security engineer at Figma

In this ninth episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Mario Loria. Mario is a Senior SRE at Carta who has been leading their move to Kubernetes and other cloud native technologies. Carta helps companies and investors manage their cap tables, valuations, investments, and equity plans. As users of Carta, we hope their security is top notch. Today we'll be chatting about orchestrating Kubernetes, training teams on cloud native, and optimizing for the developer experience!

In this eighth episode of Access Control, a podcast providing practical security advice for startups, Developer Relations Engineer at Teleport Ben Arent chats with Andrew Martin, CEO of Control Plane. Control Plane is a London-based Kubernetes consultancy. Helping architect, install, audit, and secure Kubernetes clusters using Cloud Native technologies. Andrew was previously a DevOps Lead at the UK Home office and has helped lead teams implementing high-volume critical national infrastructure projects for the UK government. We'll deep-dive into securing Kubernetes and strategies for partnering with the public sector. Andrew is co-author of O'Reilly's Hacking Kubernetes, a great book in progress (and due November 21) to better understand the Kubernetes defaults, Kubernetes threat models and how you can protect against those attacks.

In this seventh episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Ben Sadeghipour ( AKA (https://twitter.com/NahamSec ), Head of Hacker Education at https://www.hackerone.com/ and Hacker by night. This episode is a deep dive into how startups can leverage the power of crowd sourced hackers to find bugs and security issues in your apps. Ben Sadeghipour has over 685 vulnerabilities found in major sites such as Snapchat, AirBnB and even the U.S. Department of Defense, Hacker One helps companies by providing tools to help with response assessments and running their bug bounty programs.

Key Topics on Access Control Podcast: Episode 6 – HIPAA Compliance for Startups - VerticalChange was founded to create impact for the social sector and help its agencies digitize manual processes. - VerticalChange provides a solution that combines CRM, analytics, and dynamic form-building. - Regulations like HIPAA, HITRUST, and FERPA are very strict, and agencies have to put in place many controls in order to comply. - Startups in the healthcare space need to have someone who understands HIPAA and is willing to put the time in to write all the policies and procedures that need to be in place to meet security and privacy rules. - Using a combination of CloudTrail, Auth0 logs, and Teleport logs, VerticalChange is able to create a log flow and see what people are doing within the application.

This episode is a deep dive with Julien Vehent about his book Securing DevOps: Security in the Cloud. We touch on security topics at Mozilla and Google GCP and provide updated advice on securing the cloud since its publication. In this fifth episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Julien Vehent, Author of Securing DevOps and a security engineer at Google Cloud. Julien was previously on the Firefox Operations Security team, where he built and grew a remote DevSecOps team from the ground up. I picked up Julien's book a year ago, and it's loaded with practical tips for bringing security to DevOps, making Julien an ideal guest for today's episode. This episode isn't sponsored by Julien or Manning Press, but I would highly recommend picking up a copy. We'll have a link to the book in the show notes.

In this fourth episode of Access Control, a podcast providing practical security advice for startups, Developer Relations Engineer at Teleport Ben Arent chats with [Adam Baldwin](https://www.linkedin.com/in/evilpacket/), aka [evilpacket](https://twitter.com/adam_baldwin), Offensive Security at Auth0. Adam was previously the VP of security at npm and founder of ^Lift Security, an application and penetration testing company focused on the JavaScript Ecosystem. Adam is a two-time DEFCON Black Badge holder.

In this third episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Luca Carettoni, co-founder of Doyensec. Doyensec is an independent security research and development company focused on vulnerability discovery and remediation. The Teleport team has been working with Doyensec for the last two years and have worked together on security assessment for Teleport. In this episode, we'll get a pentester's view on the current state of startup security.

In this second episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Dave Mangot, Principal at Mangoteque, a consultancy focused on helping companies become better at delivering software. Dave is prolific in the DevOps space and has helped improve the lives of thousands of IT Professionals through his best-selling video course, Mastering DevOps. - Not just developers and operations, but the entire business, needs to deliver value to customers. - DevOps is a movement — a way of looking at delivering software or delivering anything else. - Security is a huge, important part of delivering software — not building it in, early on, risks losing customers later when issues arise. - Efficiently increasing feedback loops and continual experimentation, to ensure testing prior to deployment, is a win for business goals.

In this first episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Donnie Hasseltine, CSO at Xenon Partner and CEO at TeamPassword & TeamsID. Donnie talks about his time working as a CSO at a boutique private equity firm, how they go about performing a security review before and during an acquisition. The chat deep-dives into how using a password manager can help secure your org to prevent phishing attempts and into Donnie's transition from the US Army to cybersecurity to CSO and how to overcome imposter syndrome.