Podcasts about alert logic

google ring xbox alert logic

Play Episode Listen Later Jun 16, 2023 8:24

On this episode of First Ring Daily, Google moves out of domains, Xbox has a late date, and the end of the year is near.Check out Alert Logic!

First Ring Daily 1459: A Little Less Eye

ring showdown intel little less alert logic

Play Episode Listen Later Jun 15, 2023 9:31

On this episode of First Ring Daily, Intel drops the I, Paul can't figure out if he wants another monitor, and Showdown is a fun place to be.Check out Alert Logic!

First Ring Daily 1458: Law Degrees

google european union microsoft ring degrees ftc cod alert logic

Play Episode Listen Later Jun 14, 2023 11:24

On this episode of First Ring Daily, EU goes after Google, FTC goes after Microsoft, and we go after COD.Check out Alert Logic! - https://www.alertlogic.com/

First Ring Daily 1457: Don't Buy It

Play Episode Listen Later Jun 13, 2023 8:44

On this episode of First Ring Daily, AI coming to AMD, FTC is coming for Microsoft, and you probably shouldn't upgrade, yet.Check out Alert Logic!

ai microsoft ring ftc amd alert logic

First Ring Daily 1451: Build Day 2 but with 3

ring stephen rose alert logic

Play Episode Listen Later May 25, 2023 45:27

On this episode of First Ring Daily, we are joined by Stephen Rose to cover day two of Build.Check out Alert Logic! - https://www.alertlogic.com/

First Ring Daily 1450: Build Day 1

microsoft ring windows fabric copilot alert logic

Play Episode Listen Later May 24, 2023 13:21

On this episode of First Ring Daily, Windows gets a Co-Pilot, Fabric is now a Microsoft thing, and more news is coming today.Check out Alert Logic!

First Ring Daily 1449: Build Day

ai ring windows file explorer alert logic

Play Episode Listen Later May 23, 2023 11:45

On this pre-build episode of First Ring Daily, the AI is coming, Windows news is probably coming, and File Explorer has an awkward moment.Check out Alert Logic! - https://www.alertlogic.com/

First Ring Daily 1448: Thiry-Seven-ish

microsoft ring thiry alert logic

Play Episode Listen Later May 22, 2023 7:32

On this episode of First Ring Daily, Microsoft does some fun and accurate math, Build is tomorrow, and sometimes you forget what day it is.Check out Alert Logic! https://www.alertlogic.com/

First Ring Daily 1425: More Windows 12

ring mac windows alert logic

Play Episode Listen Later Apr 13, 2023 12:19

On this episode of First Ring Daily, Windows 12 shows up in another video, the Mac is probably fine, and yep, this is the direction they are headed.Check out Alert Logic - https://www.alertlogic.com/

First Ring Daily 1423: Order of Operations

ring operations alert logic

Play Episode Listen Later Apr 11, 2023 12:04

On this episode of First Ring Daily, opening it in the correct order, the printer only prints, and a little bit about trains.Check out Alert Logic! - https://www.alertlogic.com/

First Ring Daily 1422: PC Drops For All

university california co founders cloud platform cybersecurity berkeley cto cornell university computer science devops brian smith multicloud cloud solutions alert logic

Play Episode Listen Later Apr 10, 2023 10:00

On this episode of First Ring Daily, Apple isn't immune to trends, VR is in a funky place, and sometimes you have to think about where the description is placed.Check out Alert Logic! - https://www.alertlogic.com/

apple ring vr drops alert logic

Cybersecurity and Multi-cloud Solutions | Brian Smith

Tech & Main Presents

Play Episode Listen Later Feb 27, 2023 43:32

Brian Smith is a 20-year veteran and entrepreneur in multimedia, cybersecurity, and technologies alike. He is Co-Founder and CTO at Spyderbat, an automated runtime security platform. Spyderbat stops attacks and automates root cause analysis on cloud-native environments by proactively recording Cloud system and container activities into a living 'Google Map'. With Spyderbat, DevOps and Platform teams stop attacks, prevent misconfigurations, and get a full understanding of what happened, how to clean up, and how to prevent it in the future. In 2000, together with Marc Willebeek-LeMair, Brian founded TippingPoint Technologies (acquired by 3Com), and in 2009 he founded Click Security (acquired by Alert Logic). Prior to TippingPoint, Brian received his Ph.D. in Computer Science from the University of California at Berkeley in 1994 and was the Xerox Professor of Computer Science at Cornell University until 1998. He now holds 13 patents and is a fellow of the Alfred P. Sloan Foundation. Connect with Brian: https://www.linkedin.com/in/brian-smith-07a4191/ and https://www.spyderbat.com/ --- Send in a voice message: https://anchor.fm/techandmain/message

The front lines of ransomware attacks.

Hacking Humans

Play Episode Listen Later Jan 19, 2023 50:22

Rohit Dhamankar from Fortra's Alert Logic joins Dave to discuss the decline in ransomware attacks and lessons learned from the front lines. Dave and Joe share some listener follow up from Keith regarding Dave's story from last episode and how he recognizes the scams being mentioned and offers his opinions on the matter. Joe shares two stories this week, one about his ironclad gift he gave to his wife, with his second story following the buzz surrounding OpenAI, creators of ChatGPT, their new interface for their Large Language Model (LLM) and how it works. Dave's story also follows ChatGPT in a different direction. His story is on the latest popular app and its rise to fame in the app store, now charging users almost 8 dollars to use the AI technology. Our catch of the day comes from listener and friend of the show Joel who writes in about how he was contacted at his place of business by a "DEA agent" who claims Joel was committing malpractice, and if he wanted these charges to go away he would need to pay $2500. Links to stories: OPWNAI: AI THAT CAN SAVE THE DAY OR HACK IT AWAY Sketchy ChatGPT App Soars Up App Store Charts, Charges $7.99 Weekly Subscription [Update: Removed] Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

ai chatgpt openai charges front lines dea large language models ransomware attacks alert logic

Rohit Dhamankar: Never close doors prematurely. [Vice President] [Career Notes]

Play Episode Listen Later Dec 4, 2022 9:52

Rohit Dhamankar from Fortra's Alert Logic sits down with Dave Bittner to share his experiences as he navigates the industry. Rohit has over 15 years of security industry experience across product strategy, threat research, product management and development, and customer solutions. Before Alert Logic he served in Product roles for Live Oak Venture Capital at Infocyte and Razberi Technologies. He has previously worked in senior roles in several start-up companies in security analytics, intrusion detection/prevention, end-point protection, and security risk and compliance, including VP, Click Labs Solutions at Click Security, acquired by AlertLogic, and he was a Co-Founder of Jumpshot, acquired by Avast. Rohit shares the advise of never closing a door too prematurely, because you never know what could be behind the door waiting for you. We thank Rohit for sharing his story.

career co founders vice president product doors rohit avast prematurely jumpshot alert logic dave bittner infocyte

Rohit Dhamankar: Never close doors prematurely. [Vice President]

Career Notes

Play Episode Listen Later Dec 4, 2022 9:52

co founders vice president product doors rohit avast prematurely jumpshot alert logic dave bittner infocyte

Recent criminal activity–it's as opportunistic as ever. Cyber risk to the pharma sector. Updates on the hybrid war. Returning Cobalt Strike to the legitimate red teams.

marketing digital vice president security seo incorporate convey channel marketing alert logic

Play Episode Listen Later Nov 22, 2022 26:26

Daixin Team claims ransomware attack against AirAsia. DraftKings users suffer credential harvesting and paycard theft. Assessing cyber risk in the US pharmaceutical industry. Killnet claims successes few others can discern. In Ukraine, kinetic attacks on IT infrastructure eclipse cyberattacks. Carole Theriault on digital echo chambers and what's in it for us. Nancy Wang from Forta's Alert Logic discusses how she is helping more young women get into the STEM field and leadership positions. Google seeks to render Cobalt Strike less useful to threat actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/224 Selected reading. Daixin Team claims AirAsia ransomware attack with five million customer records leaked (Tech Monitor) Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (The Hacker News) DraftKings Users Hacked, Money In Account "Cashed Out" (Action Network) DraftKings says no evidence systems were breached following report of a hack (CNBC) Assessing cyber risk in the US pharmaceutical industry. (CyberWire) Killnet DDoS hacktivists target Royal Family and others (ComputerWeekly.com) Ukraine Data Centers Became Physical Targets When Cyber Attacks Failed (Meritalk) Making Cobalt Strike harder for threat actors to abuse (Google Cloud Blog) Google seeks to make Cobalt Strike useless to attackers (Help Net Security) Google Releases YARA Rules to Disrupt Cobalt Strike Abuse (Dark Reading) Google releases 165 YARA rules to detect Cobalt Strike attacks (BleepingComputer)

"Incorporate The Story: Convey The Message" with Alyssa Fox

Digital Marketing Master

Play Episode Listen Later Nov 11, 2022 13:36

Sarah interviews Alyssa Fox, Vice President of Channel Marketing at Alert Logic. Alyssa discusses how her content marketing strategy seeks to break the misconception that businesses should wait until they're breached to invest in cyber security. She also describes her marketing team's current focus on paid media and SEO, and shares insights about the importance of storytelling as a marketing tool.

“Static expressway” tactics in credential harvesting. Emotet is back. Black Basta linked to Fin7. RomCom hits Ukrainian targets and warms up against the Anglo-Saxons. Cyber cooperation?

spotify secure google podcasts global director podchaser podcast addict listen notes hybrid cloud cloud infrastructure sungard shannon davis alert logic servaas

Play Episode Listen Later Nov 3, 2022 32:39

Leveraging Microsoft Dynamics 365 Customer Voice for credential harvesting. Emotet is back. Black Basta ransomware linked to Fin7. A Russophone gang increases activity against Ukrainian targets. Betsy Carmelite from Booz Allen Hamilton on adversary-informed defense. Our guest is Tom Gorup of Alert Logic with a view on cybersecurity from a combat veteran. And Russia regrets that old US lack of cooperation in cyberspace–things would be so much better if the Anglo-Saxons didn't think cyberspace was the property of the East India Company. Or something like that. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/212 Selected reading. Abusing Microsoft Customer Voice to Send Phishing Links (Avanan) Emotet botnet starts blasting malware again after 5 month break (BleepingComputer) Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor (SentinelOne) RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom (BlackBerry) Russia cyber director warns no U.S. cooperation risks "mutual destruction" (Newsweek)

What is the cyber kill chain and how can it keep your business secure?

IT Availability Now

Play Episode Listen Later Aug 10, 2022 17:38

The mounting threat of ransomware – a 13% increase in attacks year over year, per Verizon's 2022 Data Breach Investigation's Report – has organizations taking a closer look at the cyber kill chain. But what exactly is the cyber kill chain and how can it keep your business secure?On this episode of IT Availability Now, host Servaas Verbiest and guest Shannon Davis, Global Director of Partner Readiness at Alert Logic, discuss this hot-button topic and why businesses today can't neglect the kill chain. Listen to this full episode to learn:The origins of the cyber kill chain, including how the name came aboutHow the cyber kill chain has evolved The key components of the current cyber kill chainWhy the cyber kill chain is such an integral part of a company's security postureHow to ensure your organization maximizes the kill chainAs Director of Product Field Strategy at Sungard AS, Servaas Verbiest assists businesses and organizations in realizing the full potential of cloud computing by thinking strategically, deploying rapidly, and acting as an ambassador for the cloud ecosystem. While at Sungard AS, Servaas has worked with more than 1,000 unique clients across multiple industries on complex application deployments, re-platforming, public cloud integrations, private cloud deployments, application lifecycle, and hybrid cloud model development.Shannon Davis is Global Director of Partner Readiness at Alert Logic, regularly consulting with companies to increase awareness of the current threat landscape and the security solutions and best practices available to stay protected. He is focused on the development of and investment in strategic relationships that allow those concepts and conversations to scale globally across the network of Alert Logic partners. Shannon has over 10 years of IT sales and marketing experience with expertise in Cybersecurity, MSP, MSSP, AWS, Azure, VMware, OpenStack, managed hosting, and more.Listen and subscribe to IT Availability Now on Apple Podcasts, Spotify, Google Podcasts, Podchaser, deezer, Podcast Addict, Listen Notes, and more.

Content Journeys - 018 - Crossover of Traditional Technical Content & Marketing Content

Content Journeys

Play Episode Listen Later May 3, 2022 25:02

Join host, Alan Porter, as he welcomes Alyssa Fox, VP of Channel Marketing at Alert Logic. Alyssa has over 20 years of experience as a Content Strategist across marketing and technical content. On this episode of Content Journeys, Alyssa shares some insights on the crossover between technical content & marketing content, as well as how to take a more holistic view of content throughout the entire business process. Visit Nuxeo's main site at: www.Nuxeo.com Visit Hyland's main site at: www.Hyland.com Podcast produced by: Jarrod.Alberich@hotmail.com

traditional crossover technical journeys jarrod hyland content strategist channel marketing alberich alert logic content marketing content alan porter

Sungard AS X Alert Logic: How to secure a hybrid cloud infrastructure

IT Availability Now

Play Episode Listen Later Apr 6, 2022 13:58

On this episode of IT Availability Now, host Servaas Verbiest and guest Shannon Davis, Global Director of Partner Readiness at Alert Logic have a spirited discussion about a rather timely matter: hybrid cloud transformation and the security skills gap tormenting organizations today.Listen to this full episode to learn:● Why shifting to the cloud can create unforeseen security risks ● What areas to focus on when securing a hybrid cloud infrastructure ● How to combat the current security skills gapAs Director of Product Field Strategy at Sungard AS, Servaas Verbiest assists businesses and organizations in realizing the full potential of cloud computing by thinking strategically, deploying rapidly, and acting as an ambassador for the cloud ecosystem. While at Sungard AS, Servaas has worked with more than 1,000 unique clients across multiple industries on complex application deployments, re-platforming, public cloud integrations, private cloud deployments, application lifecycle, and hybrid cloud model development.Shannon Davis is a Global Partner Security Expert at Alert Logic. As a security expert, he regularly consults with customers and prospects to increase awareness of the current threat landscape and the security solutions and best practices available to protect from and respond to threats. As a partner enablement leader, he is focused on developing and investing in strategic relationships that allow those concepts and conversations to scale globally across a network of Alert Logic partners.Listen and subscribe to IT Availability Now on Apple Podcasts, Spotify, Google Podcasts, Podchaser, deezer, Podcast Addict, Listen Notes, and more.

ESW #264 - Jeff Styles & Andrew Morris

Paul's Security Weekly

Play Episode Listen Later Mar 14, 2022 133:26

Managing firewall rule reviews, especially for PCI-DSS, can be complex but it doesn't have to be. Hear from Jeff Styles as he talks about how you can automate this process to keep you compliant and secure. There's a LOT of noise in the security industry. We've catalogued over 10,000 cybersecurity products and each of the companies behind these products has a marketing team, a twitter account, a blog, and a ton of content to blast at enterprise security buyers. There's an interesting connection between GreyNoise's product, founder, and principles. While building a product that filtered out the noise that wastes most security operations teams' time, Andrew was dead set against building a startup that resembled the typical security startup. We'll discuss Andrew's unique path to market, the latest features of GreyNoise, and where the lines are drawn between malicious and benign scanning. In the Enterprise Security News for this week: Google intends to acquire Mandiant HelpSystems to pick up Alert Logic - at least their 11th security acquisition in the past 3 years, Rumor that Abnormal Security could be our next security unicorn, Axonius raises a $200M Series E, A number of AppSec and cloud security startups raise their first big rounds, SEC requires public companies to report breaches within 4 days,Did we mention Google is buying Mandiant? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw264 Segment Resources: GreyNoise Visualizer (free web tool for researching scanner IPs): https://www.greynoise.io/viz/query/?gnql=last_seen%3A1d GreyNoise Trends for Apache Log4j Exploit Attempts: https://www.greynoise.io/viz/tag/apache-log4j-rce-attempt Visit https://securityweekly.com/firemon to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

google managing rumors sec ips mandiant pci dss appsec andrew morris axonius alert logic abnormal security jeff styles enterprise security weekly enterprise security news

ESW #264 - Jeff Styles & Andrew Morris

Enterprise Security Weekly (Audio)

Play Episode Listen Later Mar 14, 2022 133:26

google managing rumors sec ips mandiant pci dss appsec andrew morris axonius alert logic abnormal security jeff styles enterprise security weekly enterprise security news

Google Acquiring Mandiant, Abnormal Unicorns, SEC Tackles Breaches, & Meme Madness - ESW #264

Paul's Security Weekly TV

Play Episode Listen Later Mar 13, 2022 43:29

In the Enterprise Security News for this week: Google intends to acquire Mandiant HelpSystems to pick up Alert Logic - at least their 11th security acquisition in the past 3 years, Rumor that Abnormal Security could be our next security unicorn, Axonius raises a $200M Series E, A number of AppSec and cloud security startups raise their first big rounds, SEC requires public companies to report breaches within 4 days,Did we mention Google is buying Mandiant? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw264

google madness rumors memes sec unicorns acquiring tackles abnormal breaches mandiant appsec axonius alert logic abnormal security enterprise security weekly enterprise security news

Google Acquiring Mandiant, Abnormal Unicorns, SEC Tackles Breaches, & Meme Madness - ESW #264

Enterprise Security Weekly (Video)

Play Episode Listen Later Mar 11, 2022 43:29

google madness rumors memes sec unicorns acquiring tackles abnormal breaches mandiant appsec axonius alert logic abnormal security enterprise security weekly enterprise security news

Sungard AS X Alert Logic: Partnering to combat the rising threat of ransomware

IT Availability Now

Play Episode Listen Later Oct 8, 2021 10:30 Transcription Available

There were more ransomware attacks in the first half of 2021 than in all of 2020, and attacks are up 185% year over year in the U.S. alone, per recent research.To make matters worse, not only is the upsurge in ransomware attacks likely to continue, but businesses are also much more susceptible than they realize. Fortunately, they can do something about it. In this episode of IT Availability Now, Shawn Burke, Global Chief Security Officer at Sungard Availability Services (Sungard AS), and Shannon Davis, Global Partner Security Expert at Alert Logic, examine preventive measures organizations can take to combat this growing threat. Listen to the full episode to learn:● The most vital technology components every company needs in its security program● The importance of managed detection and response (MDR), how it gives businesses a complete 360-degree view of their security landscape and what it requires to be effective● How a strong incident response plan can minimize disruption● How Sungard AS' new advanced security solutions powered by Alert Logic will allow businesses to take a more proactive approach to cybersecurityBrian Fawcett is a Senior Manager of Global Sales Engagement at Sungard AS. With over 15 years of experience in a range of industries, he specializes in forming enterprise-wide global talent and learning development programs. Brian has enriched corporate learning culture by matching organizational vision and core values to curricula, leading to application and impact.As Sungard AS' Global Chief Security Officer, Shawn Burke is responsible for security governance across the enterprise and real-time protection of the company's global infrastructure. With 17 years of service provider-oriented expertise, Shawn advises on infrastructure evolution and product direction. His core responsibilities include overseeing security strategy, compliance, physical and cyber security, policy, and operations support.Shannon Davis is a Global Partner Security Expert at Alert Logic.As a security expert, he regularly consults with customers and prospects to increase awareness of the current threat landscape and the security solutions and best practices available to protect from and respond to threats. As a partner enablement leader, he is focused on developing and investing in strategic relationships that allow those concepts and conversations to scale globally across a network of Alert Logic partners. Listen and subscribe to IT Availability Now on Apple Podcasts, Spotify, Google Podcasts, Podchaser, deezer, Podcast Addict, Listen Notes, and more.

spotify rising threats google podcasts combat partnering senior manager ransomware podchaser podcast addict mdr listen notes sungard rising threat shannon davis alert logic shawn burke

Ep. 13 Bryan Urioste - The Proof is in Maximizing Your Sales Team

The Master Marketer Show

Play Episode Listen Later Aug 26, 2021 42:37

How would you like to be able to drive upwards of 90% of your direct net new logo pipeline via your BDR function? If that sounds like something you would be interested in, then this is a must listen episode for you. Bryan Urioste, CMO of cybersecurity firm Alert Logic, tells us all about how he creates alignment between the sales and marketing teams to achieve that result. What you'll learn in this episode: Does it matter who owns the BDR function in your organization? How to build and reconcile top-down and bottom-up forecasts What the handoff from marketing to sales should look like How to leverage webinars to drive pipeline How “pipeline is the great equalizer” How to build feedback loops between sales and marketing Bryan's recommendations: Marketing should own pipeline. While marketers and BDRs don't control closed-won deals, they do control pipeline being driven to the sellers. You need to build your bottom up plan from a program/channel perspective, which needs to marry up to a budget plan, which can be used to justify (or argue against) the top down plan. Create prioritization buckets based on intent and engagement. The more intent, the more personalized and 1:1 motion you drive. To create credibility within the organization, marketing needs to be accountable for a pipeline number. For large BDR organizations, create very structured team schedules - Bryan's team has a schedule for every 30 minutes of the day. Everyone should be doing the same thing for every chuck of the day. Maximize your tool stack. Don't bring in any new tools/technology until your existing stack is slowing you down. Here is the tool stack the team at Alert Logic uses: Salesforce Marketo Outreach Drift Smartsheet 6Sense Power BI You'll need to listen to the full episode if you want to hear the Lightning Round, but here are a few highlights: Bryan is looking forward to leveraging podcasts for both demand generation and ABM Bryan can't live without Power BI Proofpoint's POV:We are revenue marketers here at Proofpoint, and just like Bryan, we are big proponents of strong integration between Sales and Marketing. There were three critical things Bryan mentioned during our conversation that stuck out and deserve some more color and attention: For marketing to have credibility, they need to own a pipeline number. While we generally agree with this sentiment, and always look to take ownership of marketing sourced pipeline for our clients, there does also need to be room for marketing to test, and operate against other objectives, without being constrained by short-term quarterly pipeline numbers.For example, you may find that the organization needs to reposition itself in the market. While that will have long-term impacts on pipeline and revenue, short-term it likely won't and will potentially take away from budget that could be spent on short-term objectives. There is also tremendous value in keeping your marketing team's creative juices flowing. Marketing is part art and part science, and if we only focus on short-term pipeline targets, that can stifle creativity which will hurt your organization in the long-run. Not least of which because you will end up with churn on your marketing team. There should always be some percentage of marketing budget that is allocated to tests and pie in the sky ideas. Reconciling top-down and bottom-up plans. This can't be stressed enough. It is critical for marketing leaders to have a good working relationship with the CEO and the board, to ensure that a logical discussion can be had about top-down plans and targets. Because unrealistic targets often just end up hurting marketing performance in the long-run because the pressure to scale incentivizes (P.S. this is one of Bryan's least favorite business words

Ep. 13 Bryan Urioste - The Proof is in Maximizing Your Sales Team

The Master Marketer Show

Play Episode Listen Later Aug 26, 2021 42:37

Ep 62 | A Technical Approach To Marketing | Alyssa Fox

On The Lime

Play Episode Listen Later Jul 6, 2021 38:19

Kayla and Will talk to Alyssa Fox, Senior Director of Partner Marketing at Alert Logic, about changing paths mid-career, creating cohesive teams, and upcoming trends across all forms of marketing. Find out more about Sublime Media Group at www.sublimemediagroup.com

social media marketing tech writing management managing creative security advertising senior director technical cyber partner marketing alert logic

Making Compliance Suck Less with AJ Yawn

Screaming in the Cloud

Play Episode Listen Later Jun 17, 2021 34:13

About AJAJ Yawn is a seasoned cloud security professional that possesses over a decade of senior information security experience with extensive experience managing a wide range of cybersecurity compliance assessments (SOC 2, ISO 27001, HIPAA, etc.) for a variety of SaaS, IaaS, and PaaS providers.AJ advises startups on cloud security and serves on the Board of Directors of the ISC2 Miami chapter as the Education Chair, he is also a Founding Board member of the National Association of Black Compliance and Risk Management professions, regularly speaks on information security podcasts, events, and he contributes blogs and articles to the information security community including publications such as CISOMag, InfosecMag, HackerNoon, and ISC2.Before Bytechek, AJ served as a senior member of national cybersecurity professional services firm SOC-ISO-Healthcare compliance practice. AJ helped grow the practice from a 9 person team to over 100 team members serving clients all over the world. AJ also spent over five years on active duty in the United States Army, earning the rank of Captain.AJ is relentlessly committed to learning and encouraging others around him to improve themselves. He leads by example and has earned several industry-recognized certifications, including the AWS Certified Solutions Architect-Professional, CISSP, AWS Certified Security Specialty, AWS Certified Solutions Architect-Associate, and PMP. AJ is also involved with the AWS training and certification department, volunteering with the AWS Certification Examination Subject Matter Expert program.AJ graduated from Georgetown University with a Master of Science in Technology Management and from Florida State University with a Bachelor of Science in Social Science. While at Florida State, AJ played on the Florida State University Men's basketball team participating in back to back trips to the NCAA tournament playing under Coach Leonard Hamilton.Links: ByteChek: https://www.bytechek.com/ Blog post, Everything You Need to Know About SOC 2 Trust Service Criteria CC6.0 (Logical and Physical Access Controls): https://help.bytechek.com/en/articles/4567289-everything-you-need-to-know-about-soc-2-trust-service-criteria-cc6-0-logical-and-physical-access-controls LinkedIn: https://www.linkedin.com/in/ajyawn/ Twitter: https://twitter.com/AjYawn TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Cloud Economist Corey Quinn. This weekly show features conversations with people doing interesting work in the world of Cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It's an awesome approach. I've used something similar for years. Check them out. But wait, there's more. They also have an enterprise option that you should be very much aware of canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It's awesome. If you don't do something like this, you're likely to find out that you've gotten breached, the hard way. Take a look at this. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That's canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I'm a big fan of this. More from them in the coming weeks.Corey: This episode is sponsored in part by our friends at Lumigo. If you've built anything from serverless, you know that if there's one thing that can be said universally about these applications, it's that it turns every outage into a murder mystery. Lumigo helps make sense of all of the various functions that wind up tying together to build applications. It offers one-click distributed tracing so you can effortlessly find and fix issues in your serverless and microservices environment. You've created more problems for yourself; make one of them go away. To learn more, visit lumigo.io.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I'm joined this week by AJ Yawn, co-founder, and CEO of ByteChek. AJ, thanks for joining me.AJ: Thanks for having me on, Corey. Really excited about the conversation.Corey: So, what is ByteChek? It sounds like it's one of those things—‘byte' spelled as in computer term, not teeth, and ‘chek' without a second C in it because frugality looms everywhere, and we save money where we can by sometimes not buying the extra letter or vowel. So, what is ByteChek?AJ: Exactly. You get it. ByteChek is a cybersecurity compliance software company, built with one goal in mind: make compliance suck less. And the way that we do that is by automating the worst part of compliance, which is evidence collection and taking out a lot of the subjective nature of dealing with an audit by connecting directly where the evidence lives and focusing on security.Corey: That sound you hear is Pandora's Box creaking open because back before I started focusing on AWS bills, I spent a few months doing a deep dive PCI project for workloads going into AWS because previously I've worked in regulated industries a fair bit. I've been a SOC 2 control owner, I've gone through the PCI process multiple times, I've dabbled with HIPAA as a consultant. And I thought, “Huh, there might be a business need here.” And it turns out, yeah, there really is.The problem for me is that the work made me want to die. I found it depressing; it was dull; it was a whole lot of hurry up and wait. And that didn't align with how I approach the world, so I immediately got the hell out of there. You apparently have a better perspective on, you know, delivering things companies need and don't need to have constant novel entertainment every 30 seconds. So, how did you start down this path, and what set you on this road?AJ: Yeah, great question. I started in the army as a information security officer, worked in a variety of different capacities. And when I left the military—mainly because I didn't like sleeping outside anymore—I got into cybersecurity compliance consulting. And that's where I got first into compliance and seeing the backwards way that we would do things with old document requests and screenshots. And I enjoyed the process because there was a reason for it, like you said.There's a business value to this, going through this compliance assessments. So, I knew they were important, but I hated the way we were doing it. And while there, I just got exposed to so many companies that had to go through this, and I just thought there was a better way. Like, typical entrepreneur story, right? You see a problem and you're like, “There has to be a better way than grabbing screenshots of the EC2 console.” And set out to build a product to do that, to just solve that problem that I saw on a regular basis. And I tell people all the time, I was complicit in making compliance stuff before. I was in that role and doing the things that I think sucked and not focused on security. And that's what we're solving here at ByteChek.Corey: So, I've dabbled in it and sort of recoiled in horror. You've gone into this to the point where you are not only handling it for customers but in order to build software that goes in a positive direction, you have to be deeply steeped in this yourself. As you're going down this process, what was your build process like? Were you talking to auditors? Were you talking to companies who had to deal with auditors? What aspects of the problem did you approach this from?AJ: It's really both aspects. And that's where I think it's just a really unique perspective I have because I've talked with a lot of auditors; I was an auditor and worked with auditors' hand-in-hand and I understood the challenges of being an auditor, and the speed that you have to move when you're in the consulting industry. But I also talked to a lot of customers because those were the people I dealt with on a regular basis, both from a sales perspective and from, you know, sitting there with the CTOs trying to figure out how to design a secure solution in AWS. So, I took it from the approach of you can't automate compliance; you can't fix the audit problem by only focusing on one side of the table, which is what currently happens where one side of the table is the client, then you get to automate evidence collection. But if the auditors can't use that information that you've automated, then it's still a bad process for both people. So, I took the approach of thinking about this from both, “How do I make this easier for auditors but also make it easier for the clients that are forced to undergo these audits?”Corey: From a lot of perspectives, having compliance achieved, regardless of whether it's PCI, whether it's HIPAA, whether it's SOC 2, et cetera, et cetera, et cetera, the reason that a companies go through it is that it's an attestation that they are, for better or worse, doing the right things. In some cases, it's a requirement to operate in a regulated industry. In other cases, it's required to process credit card transactions, which is kind of every industry, and in still others, it's an easy shorthand way of saying that we're not complete rank amateurs at these things, so as a result, we're going to just pass over the result of our most recent SOC 2 audit to our prospective client, and suddenly, their security folks can relax and not send over weeks of questionnaires on the security front. That means that, for some folks, this is more or less a box-checking exercise rather than an actual good-faith effort to improve processes and posture.AJ: Correct. And I think that's actually the problem with compliance is it's looked at as a check-the-box exercise, and that's why there's no security value out of it. That's why you can pick up a SOC 2 report for someone that's hosted on AWS, and you don't see any mention of S3 buckets. You can do a ctrl+F, and you literally don't see anything in a security evaluation about S3 buckets, which is just insane if you know anything about security on AWS. And I think it's because of what you just described, Corey; they're often asked to do this by a regulator, or by a customer, or by a vendor, and the result is, “Hurry up and get this report so that we can close this deal,”—or we can get to the next level with this customer, or with this investor, whatever it may be—instead of, let's go through this, let's have an auditor come in and look at our environment to improve it, to improve this security, which is where I hope the industry can get to because audits aren't going anywhere; people are going to continue to do them and spend thousands of dollars on them, so there should be some security value out of them, in my opinion.Corey: I love using encrypting data at rest as an example of things that make varying amounts of sense because, sure, on your company laptops, if someone steals an employee's laptop from a coffee shop, or from the back of their car one night, yeah, you kind of want the exposure to the company to be limited to replacing the hardware. I mean, even here at The Duckbill Group, where we are not regulated, we've gone through no formal audits, we do have controls in place to ensure that all company laptops have disk encryption turned on. It makes sense from that perspective. And in the data center, it was also important because there were a few notable heists where someone either improperly disposed drives and corporate data wound up on eBay or someone in one notable instance drove a truck through the side of the data center wall, pulled a rack into the bed of the truck and took off, which is kind of impressive [laugh] no matter how you slice it. But in the context of a hyperscale cloud provider like AWS, you're not going to be able to break into their data centers, steal a drive—and of course, it has to be the right collection of drives and the right machines—and then find out how to wind up reassembling that data later.It's just not a viable attack strategy. Now, you can spend days arguing with auditors around something like that, or you can check the box ‘encrypt at rest' and move on. And very often, that is the better path. I'm not going to argue with auditors about that. I'm going to bend the knee, check the box, and get back to doing the business thing that I care about. That is a reasonable approach, is it not?AJ: It is, but I think that's the fault of the auditor because good security requires context. You can't just apply a standard set of controls to every organization, as you're describing, where I would much rather the auditor care about, “Are there any public S3 buckets? What are the security group situation like on that account? How are they managing their users? How are they storing credentials there in the cloud environment as well?Are they using multiple accounts?” So, many other things to care about other than protecting whether or not someone will be able to pull off the heist of the [laugh] 21st century. So, I think from a customer perspective, it's the right model: don't waste time arguing points with your auditors, but on the flip side, find an auditor that has more technical knowledge that can understand context, because security work requires good context and audits require context. And that's the problem with audits now; we're using one framework or several frameworks to apply to every organization. And I've been in the consulting space, like you, Corey, for a while. I have not seen the same environment in any customers. Every customer is different. Every customer has a different setup, so it doesn't make sense to say every control should apply to every company.Corey: And it feels on some level like you wind up getting staff accustomed to treating it as a box-checking exercise. “Right, it's dumb that we wind up having to encrypt S3 buckets, but it's for the audit to just check the box and move on.” So, people do it, then they move on to the next item, which is, “Okay, great. Are there any public S3 buckets?” And they treat it with the same, “Yeah, whatever. It's for the audit,” box-checking approach? No, no, that one's actually serious. You should invest significant effort and time into making sure that it's right.AJ: Exactly. Exactly. And that's where the value of a true compliance assessment that is focused on security comes into play because it's no longer about checking the box, it's like, “Hey, there's a weakness here. A weakness that you probably should have identified. So, let's go fix the weakness, but let's talk about your process to find those weaknesses and then hopefully use some automation to remediate them.”Because a lot of the issues in the cloud you can trace back to why was there not a control in place to prevent this or detect this? And it's sad that compliance assessments are not the thing that can catch those, that are not the other safeguard in place to identify those. And it's because we are treating the entire thing like a check-the-box exercise and not pulling out those items that really matter, and that's just focusing on security. Which is ultimately what these compliance reports are proving: customers are asking for these reports because they want to know if their data is going to be secure. And that's what the report is supposed to do, but on the flip side, everyone knows the organization may not be taking it that serious, and they may be treating it like a check-the-box exercise.Corey: So, while I have you here, we'll divert for a minute because I'm legitimately curious about this one. At a scale of legitimate security concern to, “This is a check-the-box exercise,” where do things like rotating passwords every 60 days or rotating IAM credentials every 90 days fall?AJ: I think it again depends on the organization. I don't think that you need to rotate passwords regularly, personally. I don't know how strong of a control that is if people are doing that, because they're just going to start to make things up that are easy—Corey: Put the number at the end and increment by one every time. Great. Good work.AJ: Yep. So, I think again, it just depends on your organization and what the organization is doing. If you're talking about managing IAM access keys and rotating those, are your engineers even using the CLI? Are they using their access keys? Because if they're not, what are you rotating?You're just rotating [laugh] stale keys that have never been used. Or if you don't even have any IAM users, maybe you're using SSO and they're all using Okta or something else and they're using an IAM role to come in there. So, it's just—again, it's context. And I think the problem is, a lot of folks don't understand AWS or they don't understand the cloud. And when I say, folks, I mean auditors.They don't understand that, so they're just going to ask for everything. “Did you rotate your passwords? Did you do this? Did you do that?” And it may not even make sense for you based off of your environment, but again, is it worth the fight with the auditor, or do you just give them whatever they want and so you can go about your way, whether or not it's a legit security concern?Corey: Yeah. At some point, it's not worth fighting with auditors, but if you find yourself wanting to fight the auditor all the time, at some level, you start to really resent the auditor that you have. To put that slightly more succinctly, how do you deal with non-technical auditors who don't understand your environment—what they're looking at—without strangling them?AJ: Great question. I think it goes back to before you hire your auditor. Oftentimes, in the sales process, there's questions around, “Who's come from the Big Four on your staff?” Or, “What control frameworks do you all specialize in?” Or, “How long will this take? How much will it cost?” But there's very rarely any questions of, “Who on your staff knows AWS?”And it's similar to going to the doctor: you wouldn't go to an eye doctor to get foot surgery. So, you shouldn't go to an auditor who has never seen AWS, that doesn't know what EC2 is, to evaluate your AWS environment. So, I think organizations have to start asking the right questions during the sales process. And it's not about price or time or anything like that when you're assessing who you're going to work with from an auditing firm. It's, are they qualified to actually evaluate the threats facing your organization so that you don't get asked the stupid question.If you're hosted on AWS, you shouldn't be getting asked where are your firewall configurations. They should understand what security groups are and how they work. So, there's just a level of knowledge that should be expected from the organization side. And I would say, if you're working with a current auditor that you're having those issues with, continue to ask the hard questions. Auditors that are not technical—I have a blog post on our website, and it says this is the section your auditors are the most scared of, and it's the logical access section of your SOC 2 report.And auditors that are not technical run away from that section. So, just keep asking the hard questions, and they'll either have to get the knowledge or they realize they're not qualified to do the assessment and the marriage will split up kind of naturally from there. But I think it goes back to the initial process of getting your auditor. Don't worry about cost or time, worry about their technical skills and if they're qualified to assess your environment.Corey: And in 2021, that's a very different story than it was the first few times I encountered auditors discovering the new era. At a startup, the auditor shows up. “Great, how do we get access to your Active Directory?” “Yeah, we don't have one of those.” “Okay, how do we get on the internet here?” “Oh, here's the wireless password.” “Wait, there's not a separate guest network?” “That's right.” “Well, now I have privileged access because I'm on your network.”It's like, “Technically, that's true because if you weren't on this network, you wouldn't be able to print to that printer over there in the corner. But that's the only thing that it lets you do.” Everything else is identity-based, not IP address allow listing, so instead, it's purely just convenience to get the internet; you're about as privileged on this network as you would be at a Starbucks half a world away. And they look at you like you're an idiot. And that should have been the early warning sign that this was not going to be a typical audit conversation. Now, though in 2021, it feels like it's time to find a new auditor.AJ: Exactly. Yeah. Especially because organizations—unfortunately, last year security budgets were some of the things that were first cut when budgets were cut due to the global pandemic, S0—Corey: Well, I'm sure that'll have no lasting repercussions.AJ: Right. [laugh]. That's always a great decision. So compliance, that means compliance budgets have been significantly slashed because that's the first thing that gets cut is spending money on compliance activities. So, the cheaper option, oftentimes, is going to mean even less technical resources.Which is why I don't think manual audits, human audits are going to be a thing moving forward. I think companies are realizing that it doesn't make sense to go through a process, hire an auditor who's selling you on all this technical expertise, and then the staff that's showing up and assigned to your project has never seen inside the AWS console and truly doesn't even know what the cloud is. They think that iCloud on their phone is the only cloud that they're familiar with. And that's what happens; organizations are sold that they're going to get cybersecurity technical experts from these human auditors and then somebody shows up without that experience or expertise. So, you have to start to rely on tools, rely on technologies, and that can be native technologies in the cloud or third-party tools.But I don't think you can actually do a good audit in the cloud manually anyways, no matter how technical you are. I know a lot about AWS but I still couldn't do a great audit by myself in the cloud because auditing is time-based, you bill by the hour and it doesn't make sense for me to do all of those manual things that tools and technologies out there exist to do for us.Corey: So, you started a software company aimed at this problem, not a auditing firm and not a consulting company. How are you solving this via the magic of writing code?AJ: It's just connecting directly where the evidence lives. So, for AWS, I actually tried to do this in a non-software way prior, when I was just a typical auditor, and I was just asking our clients to provision us cross-account access to go in their environment with some security permissions to get evidence directly. And that didn't pass the sniff test at my consulting firm, even though some of the clients were open to it. But we built software to go out to the tools where the evidence directly lives and continuously assess the environment. So, that's AWS, that's GitHub, that Jira, that's all of the different tools where you normally collect this evidence, and instead of having to prove to auditors in a very manual fashion, by grabbing screenshots, you just simply connect using APIs to get the evidence directly from the source, which is more technically accurate.The way that auditing has been done in the past is using sampling methodologies and all these other outdated things, but that doesn't really assess if all of your data stores are configured in the right way; if you're actually backing up your data. It's me randomly picking one and saying, “Yes, you're good to go.” So, we connect directly where the evidence lives and hopefully get to a point where when you get a SOC 2 report, you know that a tool checked it. So, you know that the tool went out and looked at every single data store, or they went out and looked at every single EC2 instance, or security group, whatever it may be, and it wasn't dependent on how the auditor felt that day.Corey: This episode is sponsored in part by ChaosSearch. As basically everyone knows, trying to do log analytics at scale with an ELK stack is expensive, unstable, time-sucking, demeaning, and just basically all-around horrible. So why are you still doing it—or even thinking about it—when there's ChaosSearch? ChaosSearch is a fully managed scalable log analysis service that lets you add new workloads in minutes, and easily retain weeks, months, or years of data. With ChaosSearch you store, connect, and analyze and you're done. The data lives and stays within your S3 buckets, which means no managing servers, no data movement, and you can save up to 80 percent versus running an ELK stack the old-fashioned way. It's why companies like Equifax, HubSpot, Klarna, Alert Logic, and many more have all turned to ChaosSearch. So if you're tired of your ELK stacks falling over before it suffers, or of having your log analytics data retention squeezed by the cost, then try ChaosSearch today and tell them I sent you. To learn more, visit chaossearch.io.Corey: That sounds like it is almost too good to be true. And at first, my immediate response is, “This is amazing,” followed immediately by that's transitioning into anger, that, “Why isn't this a native thing that everyone offers?” I mean, to that end, AWS announced ‘Audit Manager' recently, which I haven't had the opportunity to dive into in any deep sense yet, because it's still brand new, and they decided to release it alongside 15,000 other things, but does that start getting a little bit closer to something companies need? Or is it a typical day-one first release of an Amazon service where, “Well, at least we know the direction you're heading in. We'll check back in two years.”AJ: Exactly. It's the day-one Amazon service release where, “Okay. AWS is getting into the audit space. That's good to know.” But right now, at its core, that AWS service, it's just not usable for audits, for several reasons.One, auditors cannot read the outputs of the information from Audit Manager. And it goes back to the earlier point where you can't automate compliance, you can't fix compliance if the auditors can't use the information because then they're going to go back to asking dumb questions and dumb evidence requests if they don't understand the information coming out of it. And it's just because of the output right now is a dump of JSON, essentially, in a Word document, for some strange reason.Corey: Okay, that is the perfect example right there of two worlds colliding. It's like, “Well, we're going to put JSON out of it because that's the language developers speak. Well, what do auditors prefer?” “I don't know, Microsoft Word?” “Okay, sounds good.” Even Microsoft Excel is a better answer than [laugh] that. And that is just… okay, that is just Looney Tunes awful.AJ: Yep. Yeah, exactly. And that's one problem. The other problem is, Audit Manager requires a compliance manager. If we think about that tool, a developer is not going to use Audit Manager; it's going to be somebody responsible for compliance.It requires them to go manually select every service that their company is using. A compliance manager, one, doesn't even know what the services are; they have no clue what some of these services are, two, how are they going to know if you're using Lambda randomly somewhere or, or a Systems Manager randomly somewhere, or Elastic Beanstalk's in one account or one region. Config here, config—they have to just go through and manually—and I'm like, “Well, that doesn't make any sense because AWS knows what services you're using. Why not just already have those selected and you pull those in scope?” So, the chances of something being excluded are extremely high because it's a really manual process for users to decide what are they actually assessing.And then lastly, the frameworks need a lot of work. Auditing is complex because their standards or regulations and all of that, and there's just a gap between what AWS has listed as a service that addresses a particular control that—there was a few times where I looked at Audit Manager and I had no clue what they were mapping to and why they're mapping. So, it's a typical day-one service; it has some gaps, but I like the direction it's going. I like the idea that an organization can go into their AWS console, hit to a dashboard, and say, “Am I meeting SOC 2?” Or“ am I meeting PCI?” I feel like this is a long time coming. I think you probably could have done it with Security Hub with less automation; you have to do some manual uploads there, but the long answer to say it has a long way to go there, Corey.Corey: I heard a couple of horror stories of, “Oh, my god, it's charging me $300 a day and I can't turn it off,” when it first launched. I assume that's been fixed by now because the screaming has stopped. I have to assume it was. But it was gnarly and surprising people with bills. And surprising people with things labeled ‘audit' is never a great plan.AJ: Right. Yeah, the pricing was a little ridiculous as well. And I didn't really understand the pricing model. But that's typical of a new AWS service, I never really understand. That's why I'm glad that you exist because I'm always confused at first about why things cost so much, but then if you give it some time, it starts to make a little bit more sense.Corey: Exactly. The first time you see a new pricing dimension, it's novel and exciting and more than a little scary, and you dive into it. But then it's just pattern recognition. It's, “Oh, it's one of these things again. Great.” It's why it lends itself to a consulting story.So, you were in the army for a while. And as you mentioned, you got tired of sleeping on the ground, so you went into corporate life. And you were at a national cybersecurity professional services firm for a while. What was it that finally made you, I guess, snap for lack of a better term and, “I'm going to start my own thing?” Because in my case, it was, “Well, okay. I get fired an awful lot. Maybe I should try setting out my own shingle because I really don't have another great option.” I don't get the sense, given your resume and pedigree, that that was your situation?AJ: Not quite. I surprisingly, don't do well with authority. So, a little bit I like to challenge things and question the norm often, which got me in trouble in the military, definitely got me in trouble in corporate life. But for me it was, I wanted to change; I wanted to innovate. I just kept seeing that there was a problem with what we were doing and how we were doing it, and I didn't feel like I had the ability to innovate.Innovating in a professional services firm is updating a Google Sheet, or adding a new Google Form and sending that off to a client. That's not really the innovation that I was looking to do. And I realized that if I wanted to create something that was going to solve this problem, I could go join one of the many startups out there that are out there trying to solve this problem, or I could just try to go do it myself and leverage my experience. And two worlds collided as far as timing and opportunity where I financially was in a position to take a chance like this, and I had the knowledge that I finally think I needed to feel comfortable going out on my own and just made the decision. I'm a pretty decisive person, and I decided that I was going to do it and just went with it.And despite going about this during the global pandemic, which presented its own challenges last year, getting this off the ground. But it was really—I collected a bunch of knowledge. I realized, maybe, two and a half years ago, actually, that I wanted to start my own business in this space, but I didn't know what I wanted to do just yet. I knew I wanted to do software, I didn't know how I wanted to do it, I didn't know how I was going to make it work. But I just decided to take my time and learn as much as I can.And once I felt like I acquired enough knowledge and there was really nothing else I could gain from not doing this on my own, and I knew I wasn't going to go join a startup to join them on this journey, it was a no-brainer just to pull the trigger.Corey: It seems to have worked out for you. I'm starting to see you folks crop up from time-to-time, things seem to be going well. How big are you?AJ: Yeah, we're doing well. We have a team of seven of us now, which is crazy to think about because I remember when it was just me and my co-founder staring at each other on Zoom every day and wondering if they're ever going to be anybody else on these [laugh] calls and talking to us. But it's going really well. We have early customers that are happy and that's all that I can ask for and they're not just happy silently; they're being really public about being happy about the platform, and about the process. And just working with people that get it and we're building a lot of momentum.I'm having a lot of fun on LinkedIn and doing a lot of marketing efforts there as well. So, it's been going well; it's been actually going better than expected, surprisingly, which I don't know, I'm a pretty optimistic entrepreneur and I thought things will go well, but it's much better than expected, which means I'm sleeping a lot less than I expected, as well.Corey: Yeah, at some point, when you find yourself on the startup train, it's one of those, “Oh, yeah. That's right. My health is in the gutter, my relationships are starting to implode around me.” Balance is key. And I think that that is something that we don't talk about enough in this world.There are periodically horrible tweets about how you should wind up focusing on your company, it should be the all-consuming thing that drives you at all hours of the day. And you check and, “Oh, who made that observation on Twitter? Oh, it's a VC.” And then you investigate the VC and huh, “You should only have one serious bet, it should be your all-consuming passion” says someone who's invested in a wide variety of different companies all at the same time, in the hopes that one of them succeeds. Huh.Almost like this person isn't taking the advice they're giving themselves and is incentivized to give that advice to others. Huh, how about that? And I know that's a cynical take, but it continues to annoy me when I see it. Where do you stand on the balance side of the equation?AJ: Yeah, I think balance is key. I work a lot, but I rest a lot too. And I spend—I really hold my mornings as my kind of sacred place, and I spend my mornings meditating, doing yoga, working out, and really just giving back to myself. And I encourage my team to do the same. And we don't just encourage it from just a, “Hey, you guys should do this,” but I talk to my team a lot about not taking ourselves too seriously.It's our number one core value. It's why our slogan is ‘make compliance suck less' because it's really my military background. We're not being shot at; we're sleeping at home every night. And while compliance and cybersecurity, it's really important, and we're protecting really important things, it's not that serious to go all-in and to not have balance, and not to take time off not to relax. I mean, a part of what we do at ByteChek is we have a 10% rule, which means 10% of the week, I encourage my team to spend it on themselves, whether that's doing meditation, going to take a nap.And these are work hours; you know, go out, play golf. I spent my 10% this morning playing golf during work hours. And I encourage all my team, every single week, spend four hours dedicated to yourself because there's nothing that we will be able to do as a company without the people here being correct and being mentally okay. And that's something that I learned a long time ago in the military. You spend a year away from home and you start to really realize what's important.And it's not your job. And that's the thing. We hire a lot of veterans here because of my veteran background, and I tell all the vets that come here when you're in the military, your job, your rank, and your day-to-day work is your identity. It's who you are. You're a Marine or you're a Soldier, or you're a Sailor; you're an Airman if that's a bad choice that you made. Sorry for my Air Force guys.Corey: Well, now there's a Spaceman story as well, I'm told. But I don't know if they call them spacemen or not, but remember, there's a new branch to consider. And we can't forget the Coast Guard either.AJ: If they don't call themselves Spacemen, that is their name from now on. We just made it, today. If I ever meet somebody in the Space Force, [laugh] I'm calling them the Spacemen. That is amazing. But I tell our interns that we bring from the military, you have to strip that away.You have to become an individual because ByteChek is not your identity. And it won't be your identity. And ByteChek's not my identity. It's something that I'm doing, and I am optimistic that it's going to work out and I really hope that it does. But if it doesn't, I'm going to be all right; my team is going to be all right and we're going to all continue to go on.And we just try to live that out every day because there's so many more important things going on in this world other than cybersecurity compliance, so we really shouldn't take ourselves too seriously. And that advice of just grinding it out, and that should be your only focus, that's only a recipe for disaster, in my opinion.Corey: AJ, thank you so much for taking the time to speak with me. If people want to hear more about what you have to say, where can they find you?AJ: They can find me on LinkedIn. That's my one spot that I'm currently on. I am going to pop on Twitter here pretty soon. I don't know when, but probably in the next few weeks or so. I've been encouraged by a lot of folks to join the tech community on Twitter, so I'll be there soon.But right now they can find me on LinkedIn. I give four hours back a week to mentoring, so if you hear this and you want to reach out, you want to chat with me, send me a message and I will send you a link to find time on my calendar to meet. I spend four hours every Friday mentoring, so I'm open to chat and help anyone. And when you see me on LinkedIn, you'll see me talking about diversity in cybersecurity because I think really the only way you can solve a cybersecurity skills shortage is by hiring more diverse individuals. So, come find me there, engage with me, talk to me; I'm a very open person and I like to meet new people. And that's where you can find me.Corey: Excellent. And we'll of course throw a link to your LinkedIn profile in the [show notes 00:29:44]. Thank you so much for taking the time to speak with me. It's really appreciated.AJ: Yeah, definitely. Thank you, Corey. This is kind of like a dream come true to be on this podcast that I've listened to a lot and talk about something that I'm passionate about. So, thanks for the opportunity.Corey: AJ Yawn, CEO and co-founder of ByteChek. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you hated this podcast, please leave a five-star review on your podcast platform of choice along with a comment that's embedded inside of a Word document.Announcer: This has been this week's episode of Screaming in the Cloud. You can also find more Corey at screaminginthecloud.com, or wherever fine snark is sold.This has been a HumblePod production. Stay humble.

ceo director amazon master science zoom balance board bachelor blog ncaa captain starbucks cloud soldiers marine air force ebay ip i am saas national association vc compliance oftentimes georgetown university hurry sailors screaming risk management aws social sciences space force github florida state technically hubspot innovating iso apis coast guard united states army devops florida state university looney tunes elk logical hipaa icloud equifax s3 soc big four auditing spaceman klarna pmp yawn lambda microsoft word google sheets pci okta google forms json paas jira airman cli ctos ajit auditors iaas sso cissp technology management active directory suck less ec2 spacemen config hackernoon corey quinn education chair isc2 nmap alert logic systems manager duckbill group audit manager thinkst elastic beanstalk aj yawn bytechek last week in aws humblepod

Data Center War Stories with Mike Julian

Screaming in the Cloud

Play Episode Listen Later Jun 15, 2021 32:36

About MikeBeside his duties as The Duckbill Group's CEO, Mike is the author of O'Reilly's Practical Monitoring, and previously wrote the Monitoring Weekly newsletter and hosted the Real World DevOps podcast. He was previously a DevOps Engineer for companies such as Taos Consulting, Peak Hosting, Oak Ridge National Laboratory, and many more. Mike is originally from Knoxville, TN (Go Vols!) and currently resides in Portland, OR.Links: Software Engineering Daily podcast: https://softwareengineeringdaily.com/category/all-episodes/exclusive-content/Podcast/ Duckbillgroup.com: https://duckbillgroup.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It's an awesome approach. I've used something similar for years. Check them out. But wait, there's more. They also have an enterprise option that you should be very much aware of canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It's awesome. If you don't do something like this, you're likely to find out that you've gotten breached, the hard way. Take a look at this. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That's canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I'm a big fan of this. More from them in the coming weeks.Corey: This episode is sponsored in part by our friends at Lumigo. If you've built anything from serverless, you know that if there's one thing that can be said universally about these applications, it's that it turns every outage into a murder mystery. Lumigo helps make sense of all of the various functions that wind up tying together to build applications. It offers one-click distributed tracing so you can effortlessly find and fix issues in your serverless and microservices environment. You've created more problems for yourself; make one of them go away. To learn more, visit lumigo.io.Corey: This episode is sponsored in part by ChaosSearch. As basically everyone knows, trying to do log analytics at scale with an ELK stack is expensive, unstable, time-sucking, demeaning, and just basically all-around horrible. So why are you still doing it—or even thinking about it—when there's ChaosSearch? ChaosSearch is a fully managed scalable log analysis service that lets you add new workloads in minutes, and easily retain weeks, months, or years of data. With ChaosSearch you store, connect, and analyze and you're done. The data lives and stays within your S3 buckets, which means no managing servers, no data movement, and you can save up to 80 percent versus running an ELK stack the old-fashioned way. It's why companies like Equifax, HubSpot, Klarna, Alert Logic, and many more have all turned to ChaosSearch. So if you're tired of your ELK stacks falling over before it suffers, or of having your log analytics data retention squeezed by the cost, then try ChaosSearch today and tell them I sent you. To learn more, visit chaossearch.io.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I spent the past week guest hosting the Software Engineering Daily podcast, taking listeners over there on a tour of the clouds. Each day, I picked a different cloud and had a guest talk to me about their experiences with that cloud.Now, there was one that we didn't talk about, and we're finishing up that tour here today on Screaming in the Cloud. That cloud is the obvious one, and that is your own crappy data center. And my guest is Duckbill Group's CEO and my business partner, Mike Julian. Mike, thanks for joining me.Mike: Hi, Corey. Thanks for having me back.Corey: So, I frequently say that I started my career as a grumpy Unix sysadmin. Because it isn't like there's a second kind of Unix sysadmin you're going to see. And you were in that same boat. You and I both have extensive experience working in data centers. And it's easy sitting here on the tech coast of the United States—we're each in tech hubs cities—and we look around and yeah, the customers we talked to have massive cloud presences; everything we do is in cloud, it's easy to fall into the trap of believing that data centers are a thing of yesteryear. Are they?Mike: [laugh]. Absolutely not. I mean, our own customers have tons of stuff in data centers. There are still companies out there like Equinix, and CoreSite, and DRC—is that them? I forget the name of them.Corey: DRT. Digital Realty [unintelligible 00:01:54].Mike: Digital Realty. Yeah. These are companies still making money hand over fist. People are still putting new workloads into data centers, so yeah, we're kind of stuck with him for a while.Corey: What's fun is when I talked to my friends over in the data center sales part of the world, I have to admit, I went into those conversations early on with more than my own fair share of arrogance. And it was, “[laugh]. So, who are you selling to these days?” And the answer was, “Everyone, fool.” Because they are.People at large companies with existing data center footprints are not generally doing fire sales of their data centers, and one thing that we learned about cloud bills here at The Duckbill Group is that they only ever tend to go up with time. That's going to be the case when we start talking about data centers as well. The difference there is that it's not just an API call away to lease more space, put in some racks, buy some servers, get them racked. So, my question for you is, if we sit here and do the Hacker News—also known as the worst website on the internet—and take their first principles approach to everything, does that mean the people who are building out data centers are somehow doing it wrong? Did they miss a transformation somewhere?Mike: No, I don't think they're doing it wrong. I think there's still a lot of value in having data centers and having that sort of skill set. I do think the future is in cloud infrastructure, though. And whether that's a public cloud, or private cloud, or something like that, I think we're getting increasingly away from building on top of bare metal, just because it's so inefficient to do. So yeah, I think at some point—and I feel like we've been saying this for years that, “Oh, no, everyone's missed the boat,” and here we are saying it yet again, like, “Oh, no. Everyone's missing the boat.” You know, at some point, the boat's going to frickin' leave.Corey: From my perspective, there are advantages to data centers. And we can go through those to some degree, but let's start at the beginning. Origin stories are always useful. What's your experience working in data centers?Mike: [laugh]. Oh, boy. Most of my career has been in data centers. And in fact, one interesting tidbit is that, despite running a company that is built on AWS consulting, I didn't start using AWS myself until 2015. So, as of this recording, it's 2021 now, so that means six years ago is when I first started AWS.And before that, it was all in data centers. So, some of my most interesting stuff in the data center world was from Oak Ridge National Lab where we had hundreds of thousands of square feet of data center floor space across, like, three floors. And it was insane, just the amount of data center stuff going on there. A whole bunch of HPC, a whole bunch of just random racks of bullshit. So, it's pretty interesting stuff.I think probably the most really interesting bit I've worked on was when I was at a now-defunct company, Peak Hosting, where we had to figure out how to spin up a data center without having anyone at the data center, as in, there was no one there to do the spin up. And that led into interesting problems, like you have multiple racks of equipment, like, thousands of servers just showed up on the loading dock. Someone's got to rack them, but from that point, it all has to be automatic. So, how do you bootstrap entire racks of systems from nothing with no one physically there to start a bootstrap process? And that led us to build some just truly horrific stuff. And thank God that's someone else's problem, now. [laugh].Corey: It makes you wonder if under the hood at all these cloud providers if they have something that's a lot cleaner, and more efficient, and perfect, or if it's a whole bunch of Perl tied together with bash and hope, like we always built.Mike: You know what? I have to imagine that even at AWS at a—I know if this is true at Facebook, where they have a massive data center footprint as well—there is a lot of work that goes into the bootstrap process, and a lot of these companies are building their own hardware to facilitate making that bootstrap process easier. When you're trying to bootstrap, say, like, Dell or HP servers, the management cards only take you so far. And a lot of the stuff that we had to do was working around bugs in the HP management cards, or the Dell DRACs.Corey: Or you can wind up going with some budget whitebox service. I mean, Supermicro is popular, not that they're ultra-low budget. But yeah, you can effectively build your own. And that leads down interesting paths, too. I feel like there's a sweet spot where working on a data center and doing a build-out makes sense for certain companies.If you're trying to build out some proof of concept, yeah, do it in the cloud; you don't have to wait eight weeks and spend thousands of dollars; you can prove it out right now and spend a total of something like 17 cents to figure out if it's going to work or not. And if it does, then proceed from there, if not shut it down, and here's a quarter; keep the change. With data centers, a lot more planning winds up being involved. And is there a cutover at which point it makes sense to evacuate from a public cloud into a physical data center?Mike: You know, I don't really think so. This came up on a recent Twitter Spaces that you and I did around, at what point does it really make sense to be hybrid, or to be all-in on data center? I made the argument that a large-scale HPC does not fit cloud workloads, and someone made a comment that, like, “What is large-scale?” And to me, large-scale was always, like—so Oak Ridge was—or is famous—for having supercomputing, and they have largely been in the top five supercomputers in the world for quite some time. A supercomputer of that size is tens of thousands of cores. And they're running pretty much constant because of how expensive that stuff is to get time on. And that sort of thing would be just astronomically expensive in a cloud. But how many of those are there really?Corey: Yeah, if you're an AWS account manager listening to this and reaching out with, “No, that's not true. After committed spend, we'll wind up giving you significant discounts, and a whole bunch of credits, and jump through all these hoops.” And, yeah, I know, you'll give me a bunch of short-term contractual stuff that's bounded for a number of years, but there's no guarantee that stuff gets renewed at that rate. And let's face it. If you're running those kinds of workloads today, and already have the staff and tooling and processes that embrace that, maybe ripping all that out in a cloud migration where there's no clear business value derived isn't the best plan.Mike: Right. So, while there is a lot of large-scale HPC infrastructure that I don't think particularly fits well on the cloud, there's not a lot of that. There's just not that many massive HPC deployments out there. Which means that pretty much everything below that threshold could be a candidate for cloud workloads, and probably would be much better. One of the things that I noticed at Oak Ridge was that we had a whole bunch of SGI HPC systems laying around, and 90% of the time they were idle.And those things were not cheap when they were bought, and at the time, they're basically worth nothing. But they were idle most of the time, but when they were needed, they're there, and they do a great job of it. With AWS and GCP and Azure HPC offerings, that's a pretty good fit. Just migrate that whole thing over because it'll cost you less than buying a new one. But if I'm going to migrate Titan or Gaia from Oak Ridge over to there, yeah, some AWS rep is about to have a very nice field day. That'd just be too much money.Corey: Well, I'd be remiss as a cloud economist if I didn't point out that you can do this stuff super efficiently in someone else's AWS account.Mike: [laugh]. Yes.Corey: There's also the staffing question where if you're a large blue-chip company, you've been around for enough decades that you tend to have some revenue to risk, where you have existing processes and everything is existing in an on-prem environment, as much as we love to tell stories about the cloud being awesome, and the capability increase and the rest, yadda, yadda, yadda, there has to be a business case behind moving to the cloud, and it will knock some nebulous percentage off of your TCO—because lies, damned lies, and TCO analyses are sort of the way of the world—great. That's not exciting to most strategic-level execs. At least as I see the world. Given you are one of those strategic level execs, do you agree? Am I lacking nuance here?Mike: No, I pretty much agree. Doing a data center migration, you got to have a reason to do it. We have a lot of clients that are still running in data centers as well, and they don't move because the math doesn't make sense. And even when you start factoring in all the gains from productivity that they might get—and I stress the word might here—even when you factor those in, even when you factor in all the support and credits that Amazon might give them, it still doesn't make enough sense. So, they're still in data centers because that's where they should be for the time because that's what the finances say. And I'm kind of hard-pressed to disagree with them.Corey: While we're here playing ‘ask an exec,' I'm going to go for another one here. It's my belief that any cloud provider that charges a penny for professional services, or managed services, or any form of migration tooling or offering at all to their customers is missing the plot. Clearly, since they all tend to do this, I'm wrong somewhere. But I don't see how am I wrong or are they?Mike: Yeah, I don't know. I'd have to think about that one some more.Corey: It's an interesting point because it's—Mike: It is.Corey: —it's easy to think of this as, “Oh, yeah. You should absolutely pay people to migrate in because the whole point of cloud is that it's kind of sticky.” The biggest indicator of a big cloud bill this month is a slightly smaller one last month. And once people wind up migrating into a cloud, they tend not to leave despite all of their protestations to the contrary about multi-cloud, hybrid, et cetera, et cetera. And that becomes an interesting problem.It becomes an area—there's a whole bunch of vendors that are very deeply niched into that. It's clear that the industry as a whole thinks that migrating from data centers to cloud is going to be a boom industry for the next three decades. I don't think they're wrong.Mike: Yeah, I don't think they're wrong either. I think there's a very long tail of companies with massive footprint staying in a data center that at some point is going to get out of a data center.Corey: For those listeners who are fortunate enough not to have to come up the way that we did. Can you describe what a data center is like inside?Mike: Oh, God.Corey: What is a data center? People have these mythic ideas from television and movies, and I don't know, maybe some Backstreet Boys music video; I don't know where it all comes from. What is a data center like? What does it do?Mike: I've been in many of these over my life, and I think they really fall into two groups. One is the one managed by a professional data center manager. And those tend to be sterile environments. Like, that's the best way to describe it. They are white, filled with black racks. Everything is absolutely immaculate. There is no trash or other debris on the floor. Everything is just perfect. And it is freezingly cold.Corey: Oh, yeah. So, you're in a data center for any length of time, bring a jacket. And the soulless part of it, too, is that it's well-lit with fluorescent lights everywhere—Mike: Oh yeah.Corey: —and it's never blinking, never changing. There are no windows. Time loses all meaning. And it's strange to think about this because you don't walk in and think, “What is that racket?” But there's 10,000, 100,000 however many fans spinning all the time. It is super loud. It can clear 120 decibels in there, but it's a white noise so you don't necessarily hear it. Hearing protection is important there.Mike: When I was at Oak Ridge, we had—all of our data centers, we had a professional data center manager, so everything was absolutely pristine. And to get into any of the data centers, you had to go through a training; it was very simple training, but just, like, “These are things you do and don't do in the data center.” And when you walked in, you had to put in earplugs immediately before you walked in the door. And it's so loud just because of that, and you don't really notice it because you can walk in without earplugs and, like, “Oh, it's loud, but it's fine.” And then you leave a couple hours later and your ears are ringing. So, it's a weird experience.Corey: It's awful. I started wearing earplugs every time I went in, just because it's not just the pain because hearing loss doesn't always manifest that way. It's, I would get tired much more quickly.Mike: Oh, yeah.Corey: I would not be as sharp. It was, “What is this? Why am I so fatigued?” It's noise.Mike: Yeah. And having to remember to grab your jacket when you head down to the data center, even though it's 95 degrees outside.Corey: At some point, if you're there enough—which you probably shouldn't be—you start looking at ways to wind up storing one locally. I feel like there could be some company that makes an absolute killing by renting out parkas at data centers.Mike: Yeah, totally. The other group of data center stuff that I generally run into is the exact opposite of that. And it's basically someone has shoved a couple racks in somewhere and they just kind of hope for the best.Corey: The basement. The closet. The hold of a boat, with one particular client we work with.Mike: Yeah. That was an interesting one. So, we had a—Corey and I had a client where they had all their infrastructure in the basement of a boat. And we're [laugh] not even kidding. It's literally in the basement of a boat.Corey: Below the waterline.Mike: Yeah below the waterline. So, there was a lot of planning around, like, what if the hold gets breached? And like, who has to plan for that sort of thing? [laugh]. It was a weird experience.Corey: It turns out that was—was hilarious about that was while they were doing their cloud migration into AWS, their account manager wasn't the most senior account manager because, at that point, it was a small account, but they still stuck to their standard talking points about TCO, and better durability, and the rest, and it didn't really occur to them to come back with a, what if the boat sinks? Which is the obvious reason to move out of that quote-unquote, “data center?”Mike: Yeah. It was a wild experience. So, that latter group of just everything's an absolute wreck, like, everything—it's just so much of a pain to work with, and you find yourself wanting to clean it up. Like, install new racks, do new cabling, put in a totally new floor so you're not standing on concrete. You want to do all this work to it, and then you realize that you're just putting lipstick on a pig; it's still going to be a dirty old data center at the end of the day, no matter how much work you do to it. And you're still running on the same crappy hardware you had, you're still running on the same frustrating deployment process you've been working on, and everything still sucks, despite it looking good.Corey: This episode is sponsored in part by ChaosSearch. As basically everyone knows, trying to do log analytics at scale with an ELK stack is expensive, unstable, time-sucking, demeaning, and just basically all-around horrible. So why are you still doing it—or even thinking about it—when there's ChaosSearch? ChaosSearch is a fully managed scalable log analysis service that lets you add new workloads in minutes, and easily retain weeks, months, or years of data. With ChaosSearch you store, connect, and analyze and you're done. The data lives and stays within your S3 buckets, which means no managing servers, no data movement, and you can save up to 80 percent versus running an ELK stack the old-fashioned way. It's why companies like Equifax, HubSpot, Klarna, Alert Logic, and many more have all turned to ChaosSearch. So if you're tired of your ELK stacks falling over before it suffers, or of having your log analytics data retention squeezed by the cost, then try ChaosSearch today and tell them I sent you. To learn more, visit chaossearch.io.Corey: The worst part is playing the ‘what is different here?' Game. You rack twelve servers: eleven come up fine and the twelfth doesn't.Mike: [laugh].Corey: It sounds like, okay, how hard could it be? Days. It can take days. In a cloud environment, you have one weird instance. Cool, you terminate it and start a new one and life goes on whereas, in a data center, you generally can't send back a $5,000 piece of hardware willy nilly, and you certainly can't do it same-day, so let's figure out what the problem is.Is that some sub-component in the system? Is it a dodgy cable? Is it, potentially, a dodgy switch port? Is there something going on with that node? Was there something weird about the way the install was done if you reimage the thing? Et cetera, et cetera. And it leads down rabbit holes super quickly.Mike: People that grew up in the era of computing that Corey and I did, you start learning tips and tricks, and they sound kind of silly these days, but things like, you never create your own cables. Even though both of us still remember how to wire a Cat 5 cable, we don't.Corey: My fingers started throbbing when you said that because some memories never fade.Mike: Right. You don't. Like, if you're working in a data center, you're buying premade cables because they've been tested professionally by high-end machines.Corey: And you still don't trust it. You have a relatively inexpensive cable tester in the data center, and when—I learned this when I was racking stuff the second time, it adds a bit of time, but every cable that we took out of the packaging before we plugged it in, and we tested on the cable tester just to remove that problem. And it still doesn't catch everything because, welcome to the world of intermittent cables that are marginal that, when you bend a certain way, stop working, and then when you look at them, start working again properly. Yes, it's as maddening as it sounds.Mike: Yeah. And then things like rack nuts. My fingers hurt just thinking about it.Corey: Think of them as nuts that bolts wind up screwing into but they're square and they have clips on them so they clip into the standard rack cabinets, so you can screw equipment into them. There are different sizes of them, and of course, they're not compatible with one another. And you have—they always pinch your finger and make you bleed because they're incredibly annoying to put in and out. Some vendors have quick rails, which are way nicer, but networking equipment is still stuck in the ‘90s in that context, and there's always something that winds up causing problems.Mike: If you were particularly lucky, the rack nuts that you had were pliable enough that you could pinch them and pull them out with your fingers, and hopefully didn't do too much damage. If you were particularly unlucky, you had to reach for a screwdriver to try to pry it out, and inevitably stab yourself.Corey: Or sometimes pulling it out with your fingers, it'll—like, those edges are sharp. It's not the most high-quality steel in some cases, and it's just you wind up having these problems. Oh, one other thing you learn super quickly, is first, always have a set of tools there because the one you need is the one you don't have, and the most valuable tool you'll have is a pair of wire cutters. And what you do when you find a bad cable is you cut it before throwing it away.Mike: Yep.Corey: Because otherwise someone who is very well-meaning but you will think of them as the freaking devil, will, “Oh, there's a perfectly good cable sitting here in the trash. I'll put it back with the spares.” So you think you have a failed cable you grab another one from the pile of spares—remember, this is two in the morning, invariably, and you're not thinking on all cylinders—and the problem is still there. Cut the cable when you throw it away.Mike: So, there are entire books that were written about these sorts of tips and tricks that everyone working [with 00:19:34] data center just remembers. They learned it all. And most of the stuff is completely moot now. Like, no one really thinks about it anymore. Some people are brought up in computing in such a way that they never even learned these things, which I think it's fantastic.Corey: Oh, I don't wish this on anyone. This used to be a prerequisite skill for anyone who called themselves a systems administrator, but I am astonished when I talk to my AWS friends, the remarkably senior engineers I talk to who have never been inside of an AWS data center.Mike: Yeah, absolutely.Corey: That's really cool. It also means you're completely divorced from the thing you're doing with code and the rest, and the thing that winds up keeping the hardware going. It also leads to a bit of a dichotomy where the people racking the hardware, in many cases, don't understand the workloads that are on there because if you have the programming insight, and ability, and can make those applications work effectively, you're probably going to go find a role that compensates far better than working in the data center.Mike: I [laugh] want to talk about supply chains. So, when you build a data center, you start planning about—let's say, I'm not Amazon. I'm just, like, any random company—and I want to put my stuff into a data center. If I'm going to lease someone else's data center—which you absolutely should—we're looking at about a 180-day lead time. And it's like, why? Like, that's a long time. What's—Corey: It takes that long to sign a real estate lease?Mike: Yeah.Corey: No. It takes that long to sign a real estate lease, wind up talking to your upstream provider, getting them to go ahead and run the thing—effectively—getting the hardware ordered and shipped in the right time window, doing the actual build-out once everything is in place, and I'm sure a few other things I'm missing.Mike: Yeah, absolutely. So yeah, you have all these things that have to happen, and all of them pay for-freaking-ever. Getting Windstream on the phone to begin with, to even take your call, can often take weeks at a time. And then to get them to actually put an order for you, and then do the turnup. The turnup alone might be 90 days, where I'm just, “Hey, I've bought bandwidth from you, and I just need you to come out and connect the [BLEEP] cables,” might be 90 days for them to do it.And that's ridiculous. But then you also have the hardware vendors. If you're ordering hardware from Dell, and you're like, “Hey, I need a couple servers.” Like, “Great. They'll be there next week.” Instead, if you're saying, “Hey, I need 500 servers,” they're like, “Ooh, uh, next year, maybe.” And this is even pre-pandemic sort of thing because they don't have all these sitting around.So, for you to get a large number of servers quickly, it's just not a thing that's possible. So, a lot of companies would have to buy well ahead of what they thought their needs would be, so they'd have massive amounts of unused capacity. Just racks upon racks of systems sitting there turned off, waiting for when they're needed, just because of the ordering lead time.Corey: That's what auto-scaling looks like in those environments because you need to have that stuff ready to go. If you have a sudden inrush of demand, you have to be able to scale up with things that are already racked, provisioned, and good to go. Sometimes you can have them halfway provisioned because you don't know what kind of system they're going to need to be in many cases, but that's some up-the-stack level thinking. And again, finding failed hard drives and swapping those out, make sure you pull the right or you just destroyed an array. And all these things that I just make Amazon's problem.It's kind of fun to look back at this and realize that we would get annoyed then with support tickets that took three weeks to get resolved in hardware, whereas now three hours in you and I are complaining about the slow responsiveness of the cloud vendor.Mike: Yeah, the amount of quick turnaround that we can have these days on cloud infrastructure that was just unthinkable, running in data centers. We don't run out of bandwidth now. Like, that's just not a concern that anyone has. But when you're running in a data center, and, “Oh, yeah. I've got an OC-3 line connected here. That's only going to get me”—Corey: Which is something like—what is an OC-3? That's something like, what, 20 gigabit, or—Mike: Yeah, something like that. It's—Corey: Don't quote me on that.Mike: Yeah. So, we're going to have to look that up. So, it's equivalent to a T-3, so I think that's a 45 megabit?Corey: Yeah, that sounds about reasonable, yeah.Mike: So, you've got a T-3 line sitting here in your data center. Like that's not terrible. And if you start maxing that out, well, you're maxed out. You need more? Again, we're back to the 90 to 180 day lead time to get new bandwidth.So, sucks to be you, which means you'd have to start planning your bandwidth ahead of time. And this is why we had issues like companies getting Slashdotted back in the day because when you capped the bandwidth out, well, you're capped out. That's it. That's the game.Corey: Now, you've made the front page of Slashdot, a bunch of people visited your site, and the site fell over. That was sort of the way of the world. CDNs weren't really a thing. Cloud wasn't a thing. And that was just, okay, you'd bookmark the thing and try and remember to check it later.We talked about bandwidth constraints. One thing that I think the cloud providers do—at least the tier ones—that are just basically magic is full line rate between any two instances almost always. Well, remember, you have a bunch of different racks, and at the top of every rack, there's usually a switch called—because we're bad at naming things—top-of-rack switches. And just because everything that you have plugged in can get one gigabit to that switch—or 10 gigabit or whatever it happens to be—there is a constraint in that top-of-rack switch. So yeah, one server can talk to another one in a different rack at one gigabit, but then you have 20 different servers in each rack all trying to do something like that and you start hitting constraints.You do not see that in the public cloud environments; it is subsumed away, you don't have to think about that level of nonsense. You just complain about what feels like the egregious data transfer charge.Mike: Right. Yeah. It was always frustrating when you had to order nice high-end switching gear from Cisco, or Arista, or take your pick of provider, and you got 48 ports in the top-of-rack, you got 48 servers all wired up to them—or 24 because we want redundancy on that—and that should be a gigabit for each connection, except when you start maxing it out, no, it's nowhere even near that because the switch can't handle it. And it's absolutely magical, that the cloud provider's like, “Oh, yeah. Of course, we handle that.”Corey: And you don't have to think about it at all. One other use case that I did want to hit because I know we'll get letters if we don't, where it does make sense to build out a data center, even today, is if you have regulatory requirements around data residency. And there's no cloud vendor in an area that suits. This generally does not apply to the United States, but there are a lot of countries that have data residency laws that do not yet have a cloud provider of their choice region, located in-country.Mike: Yeah, I'll agree with that, but I think that's a short-lived problem.Corey: In the fullness of time, there'll be regions everywhere. Every build—a chicken in every pot and an AWS availability zone on every corner.Mike: [laugh]. Yeah, I think it's going to be a fairly short-lived problem, which actually reminds me of even our clients that have data centers are often treating the data center as a cloud. So, a lot of them are using your favorite technology, Corey, Kubernetes, and they're treating Kubernetes as a cloud, running Kube in AWS, as well, and moving workloads between the two Kube clusters. And to them, a data center is actually not really data center; it's just a private cloud. I think that pattern works really well if you have a need to have a physical data center.Corey: And then they start doing a hybrid environment where they start expanding to a public cloud, but then they treat that cloud like just a place to run a bunch of VMs, which is expensive, and it solves a whole host of problems that we've already talked about. Like, we're bad at replacing hard drives, or our data center is located on a corner where people love to get drunk on the weekends and smash into the power pole and take out half of the racks here. Things like that great, yeah, cloud can solve that, but cloud could do a lot more. You're effectively worsening your cloud experience to improve your data center experience.Mike: Right. So, even when you have that approach, the piece of feedback that we give the client was, you have built such a thing where you have to cater to the lowest common denominator, which is the constraints that you have in the data center, which means you're not able to use AWS the way that you should be able to use it so it's just as expensive to run as a data center was. If they were to get rid of the data center, then the cloud would actually become cheaper for them and they would get more benefits from using it. So, that's kind of a business decision for how they've structured it, and I can't really fault them for it, but there are definitely some downsides to the approach.Corey: Mike, thank you so much for joining me here. If people want to learn more about what you're up to, where can they find you?Mike: You know, you can find me at duckbillgroup.com, and actually, you can also find Corey at duckbillgroup.com. We help companies lower their AWS bills. So, if you have a horrifying bill, you should chat.Corey: Mike, thank you so much for taking the time to join me here.Mike: Thanks for having me.Corey: Mike Julian, CEO of The Duckbill Group and my business partner. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice and then challenge me to a cable-making competition.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

united states god ceo amazon time game portland hearing cloud cat origin oc hp api cisco screaming knoxville gaia aws hubspot backstreet boys devops elk data centers equifax s3 war stories kubernetes bleep klarna drc unix gcp vms oak ridge hpc arista tco hacker news equinix supermicro kube oak ridge national laboratory cdns devops engineer corey quinn mike it mike you nmap slashdot mike no digital realty mike yeah software engineering daily mike so alert logic duckbill group mike oh oak ridge national lab thinkst mike thanks mike right mike julian chief cloud economist last week in aws mike yep humblepod monitoring weekly

Bringing Visibility to Cloud Backups with Chadd Kenney

Screaming in the Cloud

Play Episode Listen Later May 27, 2021 33:35

About ChaddChadd Kenney is the Vice President of Product at Clumio. Chadd has 20 years of experience in technology leadership roles, most recently as Vice President of Products and Solutions for Pure Storage. Prior to that role, he was the Vice President and Chief Technology Officer for the Americas helping to grow the business from zero in revenue to over a billion. Chadd also spent 8 years at EMC in various roles from Field CTO to Principal Engineer. Chadd is a technologist at heart, who loves helping customers understand the true elegance of products through simple analogies, solutions use cases, and a view into the minds of the engineers that created the solution.Links: Clumio: https://clumio.com/ Clumio AWS Marketplace: https://aws.amazon.com/marketplace/pp/prodview-ifixh6lnreang TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by ChaosSearch. As basically everyone knows, trying to do log analytics at scale with an ELK stack is expensive, unstable, time-sucking, demeaning, and just basically all-around horrible. So why are you still doing it—or even thinking about it—when there’s ChaosSearch? ChaosSearch is a fully managed scalable log analysis service that lets you add new workloads in minutes, and easily retain weeks, months, or years of data. With ChaosSearch you store, connect, and analyze and you’re done. The data lives and stays within your S3 buckets, which means no managing servers, no data movement, and you can save up to 80 percent versus running an ELK stack the old-fashioned way. It’s why companies like Equifax, HubSpot, Klarna, Alert Logic, and many more have all turned to ChaosSearch. So if you’re tired of your ELK stacks falling over before it suffers, or of having your log analytics data retention squeezed by the cost, then try ChaosSearch today and tell them I sent you. To learn more, visit chaossearch.io.Corey: This episode is sponsored in part by our friends at Lumigo. If you’ve built anything from serverless, you know that if there’s one thing that can be said universally about these applications, it’s that it turns every outage into a murder mystery. Lumigo helps make sense of all of the various functions that wind up tying together to build applications.It offers one-click distributed tracing so you can effortlessly find and fix issues in your serverless and microservices environment. You’ve created more problems for yourself; make one of them go away. To learn more, visit lumigo.io.Corey: Welcome to Screaming in the Cloud. I’m Corey Quinn. Periodically, I talk an awful lot about backups and that no one actually cares about backups, just restores; usually, they care about restores right after they discover they didn’t have backups of the thing that they really, really, really wish that they did. Today’s promoted guest episode is sponsored by Clumio. And I’m speaking to their VP of product, Chadd Kenney. Chadd, thanks for joining me.Chadd: Thanks for having me. Super excited to be here.Corey: So, let’s start at the very beginning. What is a Clumio? Possibly a product, possibly a service, probably not a breakfast cereal, but again, we try not to judge.Chadd: [laugh]. Awesome. Well, Clumio is a Backup as a Service offering for the enterprise, focused in on the public cloud. And so our mission is, effectively, to help simplify data protection and make it a much, much better experience to the end-user, and provide a bunch of values that they just can’t get today in the public cloud, whether it’s in visibility, or better protection, or better granularity. And we’ve been around for a bit of time, really focused in on helping customers along their journey to the cloud.Corey: Backups are one of those things where people don’t spend a lot of time and energy thinking about them until they are, I guess, befallen by tragedy in some form. Ideally, it’s something minor, but occasionally it’s, “Oh, yeah. I used to work at that company that went under because there was a horrible incident and we didn’t have backups.” And then people go from not caring to being overzealous converts. Based upon my focus on this, you can probably pretty safely guess which side of that [chasm 00:02:04] I fall into. But let’s start, I guess, with positioning; you said that you are backup for the enterprise. What does that mean exactly? Who are your customers?Chadd: We’ve been trying to help customers into their cloud journey. So, if you think about many of our customers are coming from the on-prem data center, they have moved some of their applications, whether they’re lift-and-shift applications, or whether they’ve, kind of, stalled doing net-new development on-prem and doing all net new development in the public cloud. And we’ve been helping them along the way and solving one fundamental challenge, which is, “How do I make sure my data is protected? How do I make sure I have good compliance and visibility to understand, you know, is it working? And how do I be able to restore as fast as possible in the event that I need it?”And you mentioned at the beginning backup is all about restore and we a hundred percent agree. I feel like today, you get this [unintelligible 00:02:51] together a series of solutions, whether it’s a script, or it’s a backup solution that’s moved from on-prem, or it’s a snapshot orchestrator, but no one’s really been able to tackle the problem of, help me provide data protection across all of my accounts, all of my regions, all of my services that I’m using within the cloud. And if you look at it, the enterprise has transitioned dramatically to the cloud and don’t have great solutions to latch on to solve this fundamental problem. And our mission has been exactly that: bring a whole bunch of cool innovation. We’re built natively in the public cloud; we started off on a platform that wasn’t built on a whole bunch of EC2 instances that look like a box that was built on-prem, we built the thing mostly on Lambda functions, very event-driven. All AWS native services. We didn’t build anything proprietary data structure for our environment. And it’s really been able to build a better user experience for our end customers.Corey: I guess there’s an easy question to start with, of why would someone consider working with Clumio instead of AWS Backup, which came out a few months after re:Invent, I want to say 2018, but don’t quote me on that; may have been 2019. But it has the AWS label on the tin, which is always a mark of quality.Chadd: [laugh]. Well, there’s definitely a fair bit to be desired on the AWS Backup front. And if you look at it, what we did is we spent, really, before going into development here, a lot of time with customers to just understand where those pains are. And I’ve nailed it, kind of, to four or five different things that we hear consistently. One is that there’s near zero insights; “I don’t know what’s going on with it. I can’t tell whether I’m compliant or not compliant, or protecting not enough or too much.”They haven’t really provided sufficient security on being able to airgap my data to a point where I feel comfortable that even one of my admins can’t accidentally fat-finger a script and delete, you know, whether the primary copy or secondary copy. Restore times have a lot to be desired. I mean, you’re using snapshots. You can imagine that doesn’t really give you a whole bunch of fine-grained granularity, and the timeframe it takes to get to it—even to find it—is kind of a time-consuming game. And they’re not cheap.The snapshots are five cents per gig per month. And I will say they leave a lot to be desired for that cost basis. And so all of this complexity kind of built-in as a whole has given us an opportunity to provide a very different customer experience. And what the difference between these two solutions are is we’ve been providing a much better visibility just in the core solution. And we’ll be announcing here, on May 27, Clumio Discover which gives customers so much better visibility than what AWS Backup has been able to deliver.And instead of them having to create dashboards and other solutions as a whole, we’re able to give them unique visibility into their environment, whether it’s global visibility, ensuring data is protected, doing cost comparisons, and a whole bunch of others. We allow customers to be able to restore data incredibly faster, at fine-grained granularities, whether it’s at a file level, directory level, instance level, even in RDS we go down to the record level of a particular database with direct query access. And so the experience just as a whole has been so much simpler and easier for the end consumer, that we’ve been able to add a lot of value well beyond what AWS Backup uses. Now, that being said, we still use snapshots for operational recovery at some level, where customers can still use what they do today but what Clumio brings is an enhanced version of that by actually using airgap protection inside of our service for those datasets as well. And so it allows you to almost enhance AWS Backup at some level if you think about it. Because AWS Backups really are just orchestrating the snapshots; we can do that exact same thing, too, but really bring the airgap protection solution on top of that as well.Corey: I’ve talked about this periodically on the show. But one of the last, I guess, big migration projects I did when I was back in my employee days—before starting this place—was a project I’d done a few times, which was migrating an environment from EC2-Classic into a VPC world. Back in the dark times, before VPCs were a thing, EC2-Classic is what people used. And they were not just using EC2 in those environments, they were using RDS in this case. And the way to move an RDS database is to stop everything, take a final snapshot, then restore that snapshot—which is the equivalent of backup—to the new environment.How long does that take? It is non-deterministic. In the fullness of time, it will be complete. That wasn’t necessarily a disaster restoration scenario, it was just a migration, and there were other approaches we theoretically could have taken, but this was the one that we decided to go with based upon a variety of business constraints. And it’s awkward when you’re sitting there, just waiting indefinitely for, it turns out, about 45 minutes in this case, and you think everything’s going well, but there’s really nothing else to do during those moments.And that was, again, a planned maintenance, so it was less nerve-wracking then the site is down and people are screaming. But it’s good to have that expectation brought into it. But it was completely non-transparent; there was no idea what was going on, and in actual disasters, things are never that well planned or clear-cut. And at some level, the idea of using backup restoration as a migration strategy is kind of a strange one, but it’s a good way of testing backups. If you don’t test your backups, you don’t really have them in the first place. At least, that’s always been my philosophy. I’m going to theorize, unless this is your first day in business, that you sort of feel the same way, given your industry.Chadd: Definitely. And I think the interesting parts of this is that you have the validation that backups occurring, which is—you need visibility on that functioning, at some level; like, did it actually happen? And then you need the validation that the data is actually in a state that I can recover—Corey: Task failed successfully.Chadd: [laugh]. Exactly. And then you need validation that you can actually get to the data. So, there’s snapshots which give you this full entire thing, and then you got to go find the thing that you’re looking for within it. I think one of the values that we’ve really taken advantage of here is we use a lot of the APIs within AWS first to get optimization in the way that we access the data.So, as an example—on your EC2 example—we use EBS direct APIs, and we do change block tracking off of that, and we send the data from the customers tenancy into our service directly. And so there’s no egress charges, there’s no additional cost associated to it; it just goes into our service. And the customer pays for what they consume only. But in doing that, they get a whole bunch of new values. Now, you can actually get file-level indexing, I can search globally for files in an instance without having to restore the entire thing, which seems like that would be a relatively obvious thing to get to.But we don’t stop there. You could restore a file, you could go browse the file system, you could restore to an AMI, you could restore to another EC2 instance, you could move it to another account. In RDS, not an easy service to protect, I will say. You know, you get this game of, “I’ve got to restore the entire instance and then go find something to query the thing.” And our solution allows you direct query access, so we can see a schema browser, you can go see all of your databases that are in it, you can see all the tables, the rows in the table, you can do advanced queries to join across tables to go [unintelligible 00:10:00] results.And that experience, I think, is what customers are truly looking forward to be able to provide additional values beyond just the restoration of data. I’ll give you a fun example that a SaaS customer was using. They have a centralized customer database that keeps all of the config information across all of the tenants.Corey: I used to do something very similar with Route 53, and everyone looks at me strangely when I say it, but it worked at the time. There are better approaches now. But yeah, very common pattern.Chadd: And so you get into a world where it’s like, I don’t want to restore this entire thing at that point in time to another instance, and then just pull the three records for that one customer that they screwed up. Instead, it would be great if I could just take those three records from a solution and then just imported into the database. And the funny part of this is that the time it takes to do all these things is one component, the accidentally forgetting to delete all the stuff that I left over from trying to restore the data for weeks at a time that now I pay for in AWS is just this other thing that you don’t ever think about. It’s like, inefficiencies built in with the manual operations that you build into this model to actually get to the datasets. And so we just think there’s a better way to be able to see and understand datasets in AWS.Corey: One of my favorite genres of fiction is reading companies’ DR plans for how they imagine a disaster is going to go down. And it’s always an exercise in hilarity. I was not invited to those meetings anymore after I had the temerity to suggest that maybe if the city is completely uninhabitable and we have to retreat to a DR site, no one cares about this job that much. Or if us-east-one has burned to the ground over in AWS land, that maybe your entire staff is going to go quit to become consultants for 100 times more money by companies that have way bigger problems than you do. And then you’re not invited back.But there’s usually a certain presumed scale of a disaster, where you’re going to swing into action and exercise your DR plan. Okay, great. Maybe the data center is not a smoking crater in the ground; maybe even the database is largely where; what if you lost a particular record or a particular file somewhere? And that’s where it gets sticky, in a lot of cases because people start wondering, “Do I just spend the time and rebuild that file from scratch, kind of? Do I do a full restore of the”—all I have is either nothing or the entire environment. You’re talking about row-level restores, effectively, for RDS, which is kind of awesome and incredible. I don’t think I’ve ever seen someone talking about that before. How does that map as far as, effectively, a choose-your-own-disaster dial?Chadd: [laugh]. There’s a bunch of cool use cases to this. You’ve definitely got disaster recovery; so you’ve got the instance where somebody blew something away and you only need a series of records associated to it; maybe the SQL query was off. You’ve got compliance stuff. Think about this for a quick sec: you’ve got an RDS instance that you’ve been backing up, let’s say you keep it for just even a year.How many versions of that RDS database has AWS gone through in that period of time so that when you go restore that actual snapshot, you’ve got to rev the thing to the current version, which would take you some time [laugh] to get up and running, before you can even query the thing. And imagine if you do that, like, years down the road, if you’re keeping databases out there, and your legal team’s asking for a particular thing for discovery, let’s say. And you’ve got to now go through all of these iterations to try to get it back. The thing we decided to do that was genius on the [unintelligible 00:13:19] team was, we wanted to decouple the infrastructure from the data. So, what we actually do is we don’t have a database engine that’s sitting behind this.We’re exporting the RDS snapshot into a Parquet file, and the Parquet file then gets queried directly from Athena. And that allows us to allow customers to go to any timeframe to be able to pull not-specific database engine data into—whether it’s a restore function, or whether I want to migrate to a new database engine, I can pull that data out and re-import it into some other engine without having to have that infrastructure be coupled so closely to the dataset. And this was, really, kind of a way for customers to be able to leverage those datasets in all sorts of different ways in the future, with being able to query the data directly from our platform.Corey: It’s always fun talking to customers and asking them questions that they look at me as if I’ve grown a second head, such as, “Okay. So, in what disaster scenario are you going to need to restore your production database to a state that was in nine months ago?” And they look at me like I’ve just asked a ridiculous question because, of course, they’re never going to do that. If the database is restored to a copy that backed up more than 15 minutes or so in the past, there are serious problems. That’s why the recovery point objective—or RPO—of what is your data window of loss when you do a restore is so important for these plannings.And that’s great. “Okay then, why do you have six years of snapshots of your database taken on an interval going back all that time, if you’re never going to ever restore to any of them?” “Well, something compliance.” Yeah. There are better stories for that. But people start keeping these things around almost as digital packrats, and then they wind up surprised that their backup bill has skyrocketed. I’m going to go out on a limb presume—because if not, this is going to be a pretty awkward question—that you do not just backup management but also backup aging as far as life cycles go.Chadd: Yeah. So, there’s a couple different ways that are fun for us is we see multiple different tiers within backup. So, you’ve got the operational recovery methodology, which is what people usually use snapshots for. And unfortunately, you pay that at a pretty high premium because it’s high value. You’re going to restore a database that maybe went corrupt, or got somehow updated incorrectly or whatever else, and so you pay a high number for that for, let’s say, a couple days; or maybe it’s just even a couple hours.The unfortunate part is, that’s all you’ve got, really, in AWS to play with. And so, if I need to keep long-term retention, I’m keeping this high-value item now for a long duration. And so what we’ve done is we’ve tried to optimize the datasets as much as possible. So, on EC2 and EBS, we’ll dedupe and compress the datasets, and then store them in S3 on our tenancy. And then there’s a lower cost basis for the customer.They can still use operational recovery, we’ll manage that as part of the policy, but they can also store it in an airgap protected solution so that no one has access to it, and they can restore it to any of the accounts that they have out there.Corey: Oh, separating access is one of those incredibly important things to do, just because, first, if someone has completely fat-fingered something, you want to absolutely constrain the blast radius. But two, there is the theoretical problem of someone doing this maliciously, either through ransomware or through a bad actor—external or internal—or someone who has compromised one of your staff’s credentials. The idea being that people with access to production should never be the people who have access to, in some cases, the audit logs, or the backups themselves in some cases. So, having that gap—an airgap as you call it—is critical.Chadd: Mm-hm. The only way to do this, really, in AWS—and a lot of customers are doing this and then they move to us—is they replicate their snapshots to another account and vault them somewhere else. And while that works, the downside—and it’s not a true airgap, in a sense; it’s just effectively moving the data out of the account that it was created in. But you double the cost, so that sucks because you’re keeping your local copy, and then the secondary copy that sits on the other account. The admins still have access to it, so it’s not like it’s just completely disconnected from the environment. It’s still in the security sphere, so if you’re looking at a ransomware attack, trust me, they’ll find ways to get access to that thing and compromise it. And so you have vulnerabilities that are kind of built into this altogether.Corey: “So-what’s-your-security-approach-to-keeping-those-two-accounts-separated?” “The sheer complexity that it takes to wind up assuming a role in that other account that no one’s going to be able to figure it out because we’ve tried for years and can’t get it to work properly.” Yeah, maybe that’s not plan A.Chadd: Exactly. And I feel like while you can [unintelligible 00:17:33] these things together in various scripts, and solutions, and things, people are looking for solutions, not more complexity to manage. I mean, if you think about this, backup is not usually the thing that is strategic to that company’s mission. It’s something that protects their mission, but not drives their mission. It is our mission and so we help customers with that, but it should be something we can take off their hands and provide as a service versus them trying to build their own backup solution as a whole.Corey: This episode is sponsored by ExtraHop. ExtraHop provides threat detection and response for the Enterprise (not the starship). On-prem security doesn’t translate well to cloud or multi-cloud environments, and that’s not even counting IoT. ExtraHop automatically discovers everything inside the perimeter, including your cloud workloads and IoT devices, detects these threats up to 35 percent faster, and helps you act immediately. Ask for a free trial of detection and response for AWS today at extrahop.com/trial.Corey: Back when I was an employee if I was being honest, people said, “So, what is the number one thing you’re always sure to do on a disaster recovery plan?” My answer is, “I keep my resume updated.” Because, on some level, you can always quit and go work somewhere else. That is honest, but it’s also not the right answer in many cases. You need to start planning for these things before you need them.No one cares about backups until right after you really needed backups. And keeping that managed is important. There are reasons why architectures around this stuff are the way that they are, but there are significant problems around how a lot of AWS implements these things. I wound up having to use a backup about a month or so ago when some of my crappy code deleted data—imagine that—from a DynamoDB table, and I have point-in-time restores turned on. Cool. So, I just roll it back half an hour and that was great. The problem is, there was about four megabytes of data in that table, and it took an hour to do the restore into a new table and then migrate everything back over, which was a different colossal pain. And I’m sure there are complicated architectural reasons under the hood, but it’s like, that is almost as slow as someone who’s retyped it all by hand, and it’s an incredibly frustrating experience. You also see it with EBS snapshots: you backup an EBS volume with a snapshot—it just copies the data that’s there. Great—every time there’s another snapshot taken, it just changes the delta. And that’s the storage it gets built to. So, what does that actually cost? No one really knows. They recently launched direct APIs for EBS snapshots; you can start at least getting some of that data out of it if you just write a whole bunch of code—preferably in a Lambda function because that’s AWS’s solution for everything—but it’s all plumbing solution where you’re spending all your time building the scaffolding and this tooling. Backups are right up there with monitoring and alerting for the first thing I will absolutely hurl to a third party.Chadd: I a hundred percent agree. It’s—Corey: I know you’re a third-party. You’re, uh, you’re hardly objective on this.Chadd: [laugh].Corey: But again, I don’t partner with anyone. I’m not here to shill for people. You can’t buy my opinion on these things. I’ve been paying third parties to back things up for a very long time because that’s what makes sense.Chadd: The one thing that I think, you know, we hit on at the beginning a little bit was this visibility challenge—and this was one of the big launch around Clumio Discover that’s coming out on May 27th there—is we found out that there was near-zero visibility, right? And so you’re talking about the restore times, which is one key component, but [laugh]—Corey: Yeah, then you restore after four hours and discover you don’t have what you thought you did.Chadd: [laugh]. And so, I would love to see, like, am I backing things up? How much am I paying for all of these things? Can I get to them fast? I mean, the funny thing about the restore that I don’t think people ever talk about—and this is one of the things that I think customers love the most about Clumio—is, when you go to restore something, even that DynamoDB database you talked about earlier, you have to go actually find the snapshot in a long scroll.So first, you had to go to the service, to the account, and scroll through all of the snapshots to find the one that you actually want to restore with—and by the way, maybe that’s not a monster amount for you, but in a lot of companies that could be thousands, tens of thousands of snapshots they’re scrolling through—and they’ve got a guy yelling at them to go restore this as soon as possible, and they’re trying to figure out which one it is; they hunt-and-peck to find it. Wouldn’t it be nice if you just had a nice calendar that showed you, “Here’s where it is, and here’s all the different backups that you have on that point in time.” And then just go ahead and restore it then?Corey: Save me from the world of crappy scripts for things like this that you find on GitHub. And again, no disrespect to the people writing these things, but it’s clear that people are scratching their own itch. That’s the joy of open-source. Yeah, this is the backup script—or whatever it is—that works on the ten instances I have in my environment. That’s great.You roll that out to 600 instances and everything breaks. It winds up hitting rate limits as it tries to iterate through a bunch of things rather than building a queue and working through the rest of it. It’s very clearly aimed at small-scale stuff and built by people who aren’t working in large-scale environments. Conversely, you wind up with sort of the Google problem when you look at solving it for just the giant environments. Great, that you wind up with this overengineered, enormously unwieldy solution. Like, “Oh yeah, the continental saw. We use it to wind up cutting continents in half.” It’s, “I’m trying to cut a sandwich in half here. What’s the problem here?”It becomes a hard problem. The idea of having something that scales and has decent user ergonomics is critically important, especially when you get to something as critical as backups and restores. Because you’re not generally allowed to spend months on end building a backup solution at a company, and when you’re doing a restore, it’s often 3 a.m. and you’re bleary-eyed and panicked, which is not the time to be making difficult decisions; it’s the time to be clicking the button.Chadd: A hundred percent agree. I think the lack of visibility, this being a solution, less a problem I’m trying to solve [laugh] on my own is, I think, one area no one’s really tackled in the industry, especially around data protection. I will say people have done this on-prem at a decent level, but it just doesn’t exist inside the public cloud today. Clumio Discover, as an example, is one thing that we just heard constantly. It was like, “Give me global visibility to see everything in one single pane of glass across all my accounts, ensure all of my data is protected, optimized the way that I’m spending in data protection, identify if I’ve got massive outliers or huge consumers, and then help me restore faster.”And the cool part with Discover is that we’re actually giving this away to customers for free. They can go use this whether they’re using AWS Backup or us, and they can now see all of their environment. And at the same time, they get to experience Clumio as a solution in a way that is vastly different than what they’re experiencing today, and hopefully, they’ll continue to expand with us as we continue to innovate inside of AWS. But it’s a cool value for them to be able to finally get that visibility that they’ve never had before.Corey: Did, you know, that AWS users can have multiple accounts and have resources in those accounts in multiple regions?Chadd: Oh, yeah. Lots of them.Corey: Yeah. Because—the reason that you know that, apparently, is that you don’t work for AWS Backup where, last time I checked, there are still something like eight or nine regions that they are not present in. And you have to wind up configuring this, in many cases, separately, and of course, across multiple accounts, which is a modern best practice: separate things out by account. There we go. But it is absolutely painful to wind up working with.Sure, it’s great for small-scale test accounts where I have everything in a single account and I want to make sure that data doesn’t necessarily go on walkabout. Great. But I can’t scale that in the same way without creating a significant management problem for myself.Chadd: Yeah, just the amount of accounts that we see in enterprises is nuts. And with people managing this at an account level, it’s unbearable. And with no visibility, you’re doing this without really an understanding of whether you’re successfully executing this across all of those accounts at any point in time. And so this is one of the areas that we really want to help enterprises with. It’s, not only make the protection simple but also validate that it’s actually occurring. Because I think the one thing that no one likes to talk about in this is the whole compliance game, right? Like—Corey: Yeah, doing something is next to useless; you got to prove that you’re doing the thing.Chadd: Yeah. I got an auditor who shows up once a quarter and says, “Show me this backup.” And then I got to go fumble to try to figure out where that is. And, “Oh, my God. It’s not there. What do I tell the guy?” Well, wouldn’t it be nice if you had this global compliance report that showed you whether you were compliant, or if it wasn’t—which, you know, maybe it wasn’t for a snapshot that you created—at least would tell you why. [laugh]. Like, an RPO was exceeded on the amount of time it took to take the snapshot. Okay, well, that’s good to know. Now, I can tell the guy something other than just make something up because I have no information.Corey: So, you’d have multiple snapshots in flight simultaneously; always a great plan. Talk to me a little bit about Discover, your new offering? What is it? What led to it?Chadd: I love talking to customers, for one, and we spend a lot of time understanding where the gaps exist in the public cloud. And our job is to help fill those gaps with really cool innovation. And so the first one we heard was, “I cannot see multiple services, regions, accounts in one view. I had to go to each one of the services to understand what’s going on in it versus being able to see all of my assets in one view. I’ve got a lot of fragment reporting. I’ve got no compliance view whatsoever. I can’t tell if I’m over-protecting or under-protecting.”Orphan snapshots are the bane of many people’s existence, where they’ve taken snapshots at some point, deleted an EC2 instance, and they pay monthly for these things. We’ve got an orphan snapshot report. It will show you all of the snapshots that exist out there with no EC2 instance associated to it, and you can go take action on it. And so, what Discover came from is customers saying, “I need help.” And we built a solution to help them.And it gives them actionable insights, globally, across their entire set of accounts, across various different services, and allows them to do a whole bunch of fun stuff, whether it’s actionable and, “Help me delete all my orphan snapshots,” to, “I’ve got a 30-day retention period. Show me every snapshot that’s over 30 days. I’d like to get rid of that one, too.” Or, “How much are my backups costing me in snapshots today?”Corey: Yeah, today, the answer is, “[mumble].”Chadd: [laugh]. And imagine being able to see that with, effectively, a free tool that gives you actionable insights. That’s what Discovery is. And so you pair that with Clumio Protect, which is our backup solution, and you’ve got a really awesome solution to be able to see everything, validate it’s working, and actually go protect it, whether it’s operational recovery, or a true airgap solution, of which it’s really hard to pull off in AWS today.Corey: What problem that’s endemic to the backup space is that from a customer perspective, you are either invisible, or you have failed them. There are remarkably few happy customers talking about their experience with their backup vendor. So, as a counterpoint to that, what do the customers love about you, folks?Chadd: So, first and foremost, customers love the support experience. We are a SaaS offering, and we manage the backups completely for the end-user; there’s no cloud infrastructure the customer has to manage. You know, there’s a lot of these fake SaaS offerings out there where I better deploy a thing and manage it in my tenancy. We’ve created an experience that allows our support organization to help customers proactively support it, and we become an extension to those infrastructure teams, and really help customers to make sure they have great visibility and understanding what’s going on in their environment. The second part is just a completely new customer experience.You’ve got simplicity around the way that I add accounts, I create a policy, I assign a tag, and I’m off and running. There’s no management or hand-holding that you need to do within the system. The system scales to any size environment, and you know, you’re off and running. And if you want to validate anything, you can validate it via compliance reports, audit reports, activity reports. And you can see all of your accounts, data assets, in one single pane of glass, and now with Clumio Discover, you get the ability to be able to see it in one single view and see history, footprint, and all sorts of other fun stuff on top of it. And so it’s a very different user experience than what you see in any other solution that’s out there for data protection today.Corey: Thank you so much for taking the time to speak with me today. If people want to learn more about Clumio and kick the tires for themselves, what should they do?Chadd: So, we are on AWS Marketplace, so you can get us up and running there and test us out. We give you $200 of free credits, so you can not only use our operational recovery, which is, kind of, snapshot management, similar database backup, which is free. You can check out Clumio Discover, which is also free, and see all of your accounts and environments in one single pane of glass with some awesome actionable insights, as we mentioned. And then you can reach out to us directly on clumio.com, where you can see a whole bunch of great content, blog posts, and the like, around our solution and service. And we’re looking forward to hearing from you.Corey: Excellent. And we will, of course, throw links to that in the [show notes 00:29:57]. Thank you so much for taking the time to speak with me today. I appreciate it.Chadd: Well, thank you so much for having me. I had an awesome time. Thank you.Corey: Chadd Kenney, VP of product at Clumio. I’m Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you’ve enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you’ve hated this podcast, please leave a five-star review on your podcast platform of choice along with a very long-winded comment that you accidentally lose because the page refreshes, and you didn’t have a backup.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

god amazon google discover talk service vice president product discovery cloud products americas saas route enterprise restore backup iot visibility screaming aws github orphan hubspot apis chief technology officer conversely devops invent elk equifax s3 sql kenney backups klarna lambda rds emc rpo periodically principal engineer chadd parquet ebs ec2 pure storage vpc dynamodb corey quinn aws marketplace extrahop alert logic vpcs duckbill group chief cloud economist last week in aws humblepod

Jack Danahy Discusses Why “Cybersecurity-as-a-Service” Makes the Most Sense

Podcasts – TechSpective

Play Episode Listen Later May 24, 2021 47:36

TechSpective Podcast Episode 060 Jack Danahy joined me for this episode of the TechSpective Podcast. I had the opportunity to work with and for Jack during our time together at Alert Logic, which acquired Barkly, a company he had co-founded. Prior to Barkly, Jack had been involved in launching other successful cybersecurity startups. Currently, he [...] The post Jack Danahy Discusses Why “Cybersecurity-as-a-Service” Makes the Most Sense appeared first on TechSpective.

service sense cybersecurity makes alert logic barkly jack danahy

Episode 57: Network Security with Alert Logic

AnexiPod – Anexinet

Play Episode Listen Later May 19, 2021 38:44

Show Notes Anexinet Infrastructure Modernization Podcast: Network Security with Alert Logic Episode 57 Chris and Dave are joined by Bharath Vasudevan, security expert and Product VP at Alert Logic. The conversation revolves around understanding the impact of the SolarWinds hack and the lessons learned for companies large and small. Data exfiltration is discussed, along with network security and monitoring of devices and the intelligent analysis required of the logs they all generate. Hosts Chris Hayner, Infrastructure Enterprise Architect, Anexinet Dave Mahoney, Enterprise Services Architect, Anexinet Guests Bharath Vasudevan – Product Marketing VP, Alert Logic Music Credits lophiile : Preach djscoutmusic@gmail.com https://soundcloud.com/lophiile Twitter/Instagram: @lophiile Audio Editor Dustin Karrat About Us The Anexinet Infrastructure Modernization Podcast is a product of Anexinet. We use this platform to allow industry professionals and subject matter experts to discuss current trends and technology topics. If you have any questions please call us at (610)-239-8100, or email us at info@anexinet.com. We are online at https://anexinet.com.

data cybersecurity preach solarwinds network security alert logic

#29: SAM 1.0 with Alex Wood

companies library kevin macleod armor hubspot alex wood amazon s3 cheery monday alert logic

Play Episode Listen Later Sep 15, 2020 38:15 Transcription Available

You can find Alex on Twitter as @alexwwood he blogs at alexwood.codes.We discussed the Amazon Builder's Library here and the SAM's repos below:SAM GitHub: https://aws.amazon.com/builders-librarySAM CLI GitHub: https://github.com/awslabs/aws-sam-cliFor more stories about real-world use of serverless technologies, please follow us on Twitter as @RealWorldSls and subscribe to this podcast.This episode is sponsored by ChaosSearch.Have you heard about ChaosSearch? It’s the fully managed log analytics platform that uses your Amazon S3 storage as the data store! Companies like Armor, HubSpot, Alert Logic and many more are already using ChaosSearch as a critical part of their infrastructure and processing terabytes of log data every day. Because ChaosSearch uses your Amazon S3 storage, there’s no moving data around, no data retention limits and you can save up to 80% vs other methods of log analysis. So if you’re sick and tired of your ELK Stack falling over, or having your data retention squeezed by increasing costs, then visit ChaosSearch.io today and join the log analysis revolution!Opening theme song:Cheery Monday by Kevin MacLeodLink: https://incompetech.filmmusic.io/song/3495-cheery-mondayLicense: http://creativecommons.org/licenses/by/4.0

#28: Serverless Machine Learning with Carl Osipov

companies kevin macleod machine learning armor manning hubspot serverless amazon s3 cheery monday alert logic

Play Episode Listen Later Sep 8, 2020 41:55 Transcription Available

You can find Carl on LinkedIn here and he blog at cloudswithcarl.com.You can find his upcoming book "Cloud Native Machine Learning" by Manning here.Manning has kindly offered 40% off all their products to the listeners of this podcast. Use the promo code podrealserv20 during check out.For more stories about real-world use of serverless technologies, please follow us on Twitter as @RealWorldSls and subscribe to this podcast.This episode is sponsored by ChaosSearch.Have you heard about ChaosSearch? It’s the fully managed log analytics platform that uses your Amazon S3 storage as the data store! Companies like Armor, HubSpot, Alert Logic and many more are already using ChaosSearch as a critical part of their infrastructure and processing terabytes of log data every day. Because ChaosSearch uses your Amazon S3 storage, there’s no moving data around, no data retention limits and you can save up to 80% vs other methods of log analysis. So if you’re sick and tired of your ELK Stack falling over, or having your data retention squeezed by increasing costs, then visit ChaosSearch.io today and join the log analysis revolution!Opening theme song:Cheery Monday by Kevin MacLeodLink: https://incompetech.filmmusic.io/song/3495-cheery-mondayLicense: http://creativecommons.org/licenses/by/4.0

#27: Serverless at A Cloud Guru with Dale Salter

companies kevin macleod armor hubspot salter serverless graphql amazon s3 cheery monday cloud guru alert logic appsync

Play Episode Listen Later Sep 1, 2020 43:49 Transcription Available

You can find Dale Salter on Twitter as @enepture.We spoke extensively about GraphQL in this episode. If you want to learn GraphQL and AppSync with a hands-on tutorial, then check out the AppSync Masterclass.For more stories about real-world use of serverless technologies, please follow us on Twitter as @RealWorldSls and subscribe to this podcast.This episode is sponsored by ChaosSearch. Have you heard about ChaosSearch? It’s the fully managed log analytics platform that uses your Amazon S3 storage as the data store! Companies like Armor, HubSpot, Alert Logic and many more are already using ChaosSearch as a critical part of their infrastructure and processing terabytes of log data every day. Because ChaosSearch uses your Amazon S3 storage, there’s no moving data around, no data retention limits and you can save up to 80% vs other methods of log analysis. So if you’re sick and tired of your ELK Stack falling over, or having your data retention squeezed by increasing costs, then visit ChaosSearch.io today and join the log analysis revolution!Opening theme song:Cheery Monday by Kevin MacLeodLink: https://incompetech.filmmusic.io/song/3495-cheery-mondayLicense: http://creativecommons.org/licenses/by/4.0

#26: Serverless chatbots with Gillian Armstrong

companies kevin macleod armor chatbots hubspot serverless liberty mutual amazon s3 uk ireland cheery monday gillian armstrong alert logic

Play Episode Listen Later Aug 25, 2020 35:06 Transcription Available

You can find Gillian on Twitter as @virtualgill.Liberty Mutual is hiring, check out their jobs:UK/Ireland: https://www.liberty-it.co.uk/current-vacanciesUS: https://jobs.libertymutualgroup.com/careers/digital-technologyClick here to listen to episode #18 where we discussed voice technologies with Aleksandar Simovic.If you want to learn how to apply the well-architected principles to build production-ready serverless applications, then check out my upcoming workshops at productionreadyserverless.com and get 15% OFF with the promo code "yanprs15".For more stories about real-world use of serverless technologies, please follow us on Twitter as @RealWorldSls and subscribe to this podcast.This episode is sponsored by ChaosSearch.Have you heard about ChaosSearch? It’s the fully managed log analytics platform that uses your Amazon S3 storage as the data store! Companies like Armor, HubSpot, Alert Logic and many more are already using ChaosSearch as a critical part of their infrastructure and processing terabytes of log data every day. Because ChaosSearch uses your Amazon S3 storage, there’s no moving data around, no data retention limits and you can save up to 80% vs other methods of log analysis. So if you’re sick and tired of your ELK Stack falling over, or having your data retention squeezed by increasing costs, then visit ChaosSearch.io today and join the log analysis revolution!Opening theme song:Cheery Monday by Kevin MacLeodLink: https://incompetech.filmmusic.io/song/3495-cheery-mondayLicense: http://creativecommons.org/licenses/by/4.0

#25: Well-Architected Serverless with Heitor Lessa

companies kevin macleod armor hubspot serverless heitor amazon s3 lessa cheery monday architected alert logic

Play Episode Listen Later Aug 18, 2020 43:59 Transcription Available

You can find Heitor on Twitter as @heitor_lessa.Here are the resources that were mentioned during the show:Well-Architected frameworkWell-Architected framework Serverless Application LensThe serverless-airline example projectThe serverless-ecommerce example projectThe CDK Patterns project by Matt CoulterHow Alma Media is using AWS Cloud Development Kit (CDK)AWS Lambda Powertools (Python)DAZN Lambda Powertools (Node.js)Amazon Leadership PrinciplesAnd check out the episode with Alma Media which was mentioned in this week's episode: #23: Serverless at Alma Media with Ari PaloIf you want to learn how to apply the well-architected principles discussed in this episode and build production-ready serverless applications, then check out my upcoming workshops at productionreadyserverless.com and get 15% OFF with the promo code "yanprs15".For more stories about real-world use of serverless technologies, please follow us on Twitter as @RealWorldSls and subscribe to this podcast.This episode is sponsored by ChaosSearch.Have you heard about ChaosSearch? It’s the fully managed log analytics platform that uses your Amazon S3 storage as the data store! Companies like Armor, HubSpot, Alert Logic and many more are already using ChaosSearch as a critical part of their infrastructure and processing terabytes of log data every day. Because ChaosSearch uses your Amazon S3 storage, there’s no moving data around, no data retention limits and you can save up to 80% vs other methods of log analysis. So if you’re sick and tired of your ELK Stack falling over, or having your data retention squeezed by increasing costs, then visit ChaosSearch.io today and join the log analysis revolution!Opening theme song:Cheery Monday by Kevin MacLeodLink: https://incompetech.filmmusic.io/song/3495-cheery-mondayLicense: http://creativecommons.org/licenses/by/4.0

DtSR Episode 395 - Can We Fix the MSSP

Down the Security Rabbithole Podcast

Play Episode Listen Later May 18, 2020 47:27

Special thanks to our friends at AlertLogic - for providing some great discussion points and John for the episode! This week, as DtSR hits episode 395 on our way to Episode 400, James and Rafal take some time out to ask: "Hey John, how's the hair?" It's great to be able to spend time with old friends and just talk about solving some long-standing problems our industry faces. One of the perennial favorites is why MSSPs are all terrible. Well - we have some ideas! Listen in if you've ever been frustrated with your MSSP... and are maybe interested in how the industry can collectively do better. Guest John Pirc LinkedIn: https://www.linkedin.com/in/johnpirc/ Rafal's personal note: John's a badass who has more experience in solving broad-scale problems and helping customers and companies through some difficult challenges. His advice is sage... you should probably listen in

rafal mssp mssps alert logic

S3 E4 Can security keep up with digital transformation?

CloudSpotting

Play Episode Listen Later May 7, 2020 38:05

For the latest CloudSpotting episode, we recruited Dan Pitman, Principal Security Architect at Alert Logic, to join our timely discussion about security. With everything moving so quickly in tech, the truth is organisations are more vulnerable than ever and attacks are always imminent. In fact, despite all our modern cybersecurity, breach dwell time is higher than ever. Dan explains the importance of enhancing the detection and response process, as a locked door is no longer enough, we need to bring in the guard dogs! Here's some links we mention: Previous security episode with Danny O'Neill: https://soundcloud.com/user-741930142/keepingitreel The MDR Manifesto: https://www.alertlogic.com/docs/the-mdr-manifesto.pdf

security previous digital transformation keep up alert logic danny o'neill

IT Security Roundtable Part One

AVANT Technology Insights with Ken Presti

Play Episode Listen Later Apr 29, 2020 35:28

Defenses against phishing a ransomware factor HUGELY In Part One of our special panel discussion, based on the AVANT 6-12 Report on IT Security. Join AVANT's Ken Presti with Jack Danahy of AlertLogic, Leo Taddeo of the Cyxtera Federal Group and Ray Watson of Masergy for a lively discussion.

security roundtable avant defenses it security alert logic masergy jack danahy

IT Security 6-12 Roundtable Part Two

AVANT Technology Insights with Ken Presti

Play Episode Listen Later Apr 29, 2020 26:27

Fast cars can go faster because they have good brakes! Find out what that has to do with IT security in Part Two of my panel discussion with Jack Danahy of AlertLogic, Leo Taddeo of the Cyxtera Federal Group, and Ray Watson of Masergy. We also talk about securing home networks (and related liability), credential theft, and a whole lot more.

security roundtable alert logic masergy jack danahy

Alyssa Fox Talks with Thompson

Talks with Thompson

Play Episode Listen Later Mar 23, 2020 46:07

Alyssa Fox is the Senior Director of Partner Marketing for cybersecurity firm Alert Logic. In this episode, she talks with RJ about transitioning her career from technical communications to marketing. NOTE: there were some technical issue with this episode.

social media business marketing design storytelling thompson senior director rj partner marketing alert logic

Paul McBratney w/ Alert Logic discusses the Solution Engineer role & his advice for newbies.

Solutions for Customers - The Sales Engineering & Customer Success Podcast

Play Episode Listen Later Feb 24, 2020 58:18

Season 2 is finally here! On this episode, we invited Paul McBratney, Senior Solution Engineer with Alert Logic based in Atlanta to join the show. Paul brings a wealth of knowledge and background on the role of a PreSales Engineer, Problem Solver and Story Teller.Paul is a bi-lingual SE who discusses how getting your teeth cut early into areas such as physical devices (taking apart and rebuilding servers for example), troubleshooting and more helped him early on. He walks through the conversation about how to methodically work with customers but also set the right expectations and the value of “no” when needed. His organization at Alert Logic was founded in 2002 and has a slew of offerings including their SIEMless Threat Management portfolio providing security, compliance and more Globally. Let’s dig into the conversation with Paul.Paul McBratney: https://www.linkedin.com/in/paulmcbratney/Alert Logic: www.alertlogic.comAbout the Host, Gary SloperFor 20 Years, Gary Sloper has led high-performing Tech Sales Engineering and Customer Success teams Globally. Growing up as a programmer and eventually a Sales Engineer, he explores the scrappy environments people in these roles face and the fun they have. After years of being nudged by his colleagues to come speak to the masses about the inner workings of supporting customers in fast-moving Tech, it's now here for all to listen and interact with. Please join future topics!Connect, chat and interact with Gary on Linkedin: https://www.linkedin.com/in/gsloper/ or email: solutions4customers@gmail.com

advice tech solution engineers storytellers globally newbies customer success problem solvers sales engineers alert logic

We Lower the Security and Pass the Savings on to You

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Jan 7, 2020 36:42

All links and images for this episode can be found on CISO Series (https://cisoseries.com/we-lower-the-security-and-pass-the-savings-on-to-you/) We're racing to the bottom in terms of price and security on the latest episode of CISO/Security Vendor Relationship Podcast. This episode was recorded in person in San Francisco. It is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Seth Rosenblatt (@sethr), editor-in-chief, The Parallax. Thanks to this week's podcast sponsor, Encryptics. Now you can share data without ever losing control of it. Our advanced architecture makes data self-protecting, intelligent and self-aware – wherever it goes, no matter who has it. Our .SAFE patented multi-key technology enables data to evaluate its own safety conditions, including geo-sensing, recipient authentication, and policy changes from its owner. Contact Encryptics today and see for yourself. On this week's episode Are we making the situation better or worse? Are big Internet giants' privacy violations thwarting startup innovation? That's been presidential candidate Elizabeth Warren's argument, and it's why she wants to break up companies like Facebook and Google for what she sees as anti-competitive practices. According to Seth Roseblatt's article, it appears all of a sudden Facebook and Google are very concerned about privacy. Nine years ago, I remember seeing Eric Schmidt, then CEO of Google, proudly admit that they tracked people's movements so thoroughly that they can accurately predict where you're going to go next. Nobody blinked about the privacy implications. But today, users are upset but they don't seem to be leaving these services at all. Is it all talk on both sides? Have you seen any movement to improve privacy by these companies and would regulation be the only answer? And heck, what would be regulated? Here's some surprising research Over the past 15 years, home WiFi routers have been manufactured to be less secure. Seth reported on this study by the Cyber Independent Testing Lab, which we also discussed on an episode of Defense in Depth. The most notorious weakening is the use of default passwords, but there's a host of other firmware features that don't get updated. Is there any rationale to why this happens? And has this study done anything to turn things around? Is this a cybersecurity disinformation campaign? Fighting "fake news" like it's malware. In Seth's story, he noted there are structural and distribution similarities. I envision there are some similarities between fake news and adware which isn't necessarily designed for negative intent. Fake news appears to be an abuse of our constitutional acceptance of free speech. How are security tactics being used to thwart fake news and how successful is it? When you set up your new home assistant, try not to position it close to a window, because someone across the street might be preparing to send voice commands, such as “open the garage door” by way of a laser beam. Researchers from the University of Michigan and The University of Electro-Communications in Tokyo have successfully used laser light to inject malicious commands into smart speakers, tablets, and phones across large distances and through glass windows. They use standard wake commands modulated from audio signals and pair them with brute forcing of PINS where necessary. They have also been successful in eavesdropping, and in unlocking and starting cars. Their research shows how easy it is and will be to use lasers to not only penetrate connected devices but to deploy acoustic injection attacks that overwhelm motion detectors and other sensors. More information including access to the white paper is available at lightcommands.com. More from our sponsor ExtraHop. Look at this, another company got breached Tip of the hat to Malcolm Harkins at Cymatic for posting this story on Forbes by Tony Bradley of Alert Logic who offers a rather pessimistic view of the cybersecurity industry. It's broken, argues Bradley. We spend fortunes on tools and yet still get hacked year over year using the same tools. The article quotes Matt Moynahan, CEO, Forcepoint, who said we wrongly think of security as an "us" vs. "them" theory or "keeping people out" when in actuality most hacks are because someone got access to legitimate user credentials, or a user within our organization did something unintentional or potentially malicious. Are we wrongheaded about how we envision cybersecurity, and if so, is there a new overarching philosophy we should be embracing?

Michael Farnum Chats about ICS Security

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Aug 5, 2019 76:48

Podcast: Podcasts – TechSpectiveEpisode: Michael Farnum Chats about ICS SecurityPub date: 2019-08-05Inner Circle Podcast Episode 037 My friend Michael Farnum is my guest for this episode of the Inner Circle podcast for an insightful discussion on increased threats against industrial control systems (ICS) and the need for ICS security. Michael and I have known each other for years after meeting at a Security Blogger's Meetup at RSA many years ago. We both live in the Houston area, and every once in awhile the Venn diagram of our kids' extracurricular activities overlap and we run into one another. Farnum and I worked together for a short time while we were both at Alert Logic. I'm still at Alert Logic by day, but Farnum's knowledge and skills could not be contained within the world of marketing and he left for Set Solutions where he could get back in the trenches and work directly with customers solving cybersecurity challenges. On this episode of the Inner Circle podcast we talk about cybersecurity for industrial control systems. ICS security is a significant challenge--especially in the Houston area with all of the companies in the oil and gas industry--and it's a primary focus for Farnum lately at Set Solutions. We also talk about the Houston Security Conference. Michael is a co-founder of the event and one of the chief conference organizers. He has hosted the Houston Security Conference for over a decade now, and it continues to grow--both in terms of attendance and in terms of its prestige. I had the privilege of presenting a session at the 2019 Houston Security Conference. My session differed from the cybersecurity advice and insight and focused on the cybersecurity industry through a marketing and journalism lens. Listen to the podcast and feel free to share your thoughts or ask questions in the comments below. Please subscribe to the Inner Circle podcast through your favorite podcast platform, and share the podcast with your peers and friends. It would also be awesome if you could take 2 minutes to rate and review the podcast on iTunes, or wherever you listen.The podcast and artwork embedded on this page are from Podcasts – TechSpective, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

security inner circle venn rsa ics listen notes farnum alert logic

Episode 18: Cloud 101 - Is cloud as secure as your data centre?

CLOUDBUSTING

Play Episode Listen Later Jun 25, 2019 51:04

With security being the top priority at AWS re:Inforce this week, we thought we would dedicate our latest episode to the discussion of cloud security. Dan Pitman from Alert Logic lends his expertise to the team, to help Jez and Dave dance around the cyber security handbag and wade through the myths and misconceptions to help answer the all-important question: Is the cloud as secure as your data centre? 0:00 - Introductions 2:30 - News - Microsoft and Oracle to Interconnect Microsoft Azure and Oracle Cloud 11:10 - Jez’s new job (?) 12:30 - Cloudy Cliffhanger Question 17:58 - Deep Dive - Is the cloud as secure as your data centre? 21:00 - The ‘immutable infrastructure’ 22:00 - SecDevOps - Start with security 24:30 - Security is an enabler: Security as Code 27:17 - Jez’s analogy - Security in a traditional data centre vs security in the cloud 32:00 - How much do I have to pay you to not get hacked? 32:57 - Define the distinction between a vulnerability and a breach 37:25 - Is security more of a challenge in the cloud? 39:52 - What cyber advice would you have for IT organization leaders who are about to set foot in the cloud? 41:16 - The verdict - Is the cloud as secure as your data centre? 42:00 - Cloudy Cliffhanger Answer 46:09 - Ten Second Recommendations

public security code cloud define secure oracle cyber aws jez data centres oracle cloud news microsoft inforce alert logic

Power grids, accidents, the challenge of forensics, and the nature of deterrence. BlueKeep considerations. Third- and fourth-party risks.