POPULARITY
We catch up on news after a week of BSidesSF and RSAC Conference. Unsurprisingly, AI in all its flavors, from agentic to gen, was inescapable. But perhaps more surprising (and more unfortunate) is how much the adoption of LLMs has increased the attack surface within orgs. The news is heavy on security issues from MCPs and a novel alignment bypass against LLMs. Not everything is genAI as we cover some secure design topics from the Airborne attack against Apple's AirPlay to more calls for companies to show how they're embracing secure design principles and practices. Apiiro CEO & Co-Founder, Idan Plotnik discusses the AI problem in AppSec. This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them! Gen AI is being adopted faster than company's policy and data security can keep up, and as LLM's become more integrated into company systems and uses leverage more AI enabled applications, they essentially become unintentional data exfiltration points. These tools do not differentiate between what data is sensitive and proprietary and what is not. This interview will examine how the rapid adoption of Gen AI is putting sensitive company data at risk, and the data security considerations and policies organizations should implement before, if, and when their employees may seek to adopt a Gen AI tools to leverage some of their undeniable workplace benefits. Customer case studies: https://www.seclore.com/resources/customer-case-studies/ Seclore Blog: https://www.seclore.com/blog/ This segment is sponsored by Seclore. Visit https://securityweekly.com/seclorersac to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-329
We catch up on news after a week of BSidesSF and RSAC Conference. Unsurprisingly, AI in all its flavors, from agentic to gen, was inescapable. But perhaps more surprising (and more unfortunate) is how much the adoption of LLMs has increased the attack surface within orgs. The news is heavy on security issues from MCPs and a novel alignment bypass against LLMs. Not everything is genAI as we cover some secure design topics from the Airborne attack against Apple's AirPlay to more calls for companies to show how they're embracing secure design principles and practices. Apiiro CEO & Co-Founder, Idan Plotnik discusses the AI problem in AppSec. This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them! Gen AI is being adopted faster than company's policy and data security can keep up, and as LLM's become more integrated into company systems and uses leverage more AI enabled applications, they essentially become unintentional data exfiltration points. These tools do not differentiate between what data is sensitive and proprietary and what is not. This interview will examine how the rapid adoption of Gen AI is putting sensitive company data at risk, and the data security considerations and policies organizations should implement before, if, and when their employees may seek to adopt a Gen AI tools to leverage some of their undeniable workplace benefits. Customer case studies: https://www.seclore.com/resources/customer-case-studies/ Seclore Blog: https://www.seclore.com/blog/ This segment is sponsored by Seclore. Visit https://securityweekly.com/seclorersac to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-329
We catch up on news after a week of BSidesSF and RSAC Conference. Unsurprisingly, AI in all its flavors, from agentic to gen, was inescapable. But perhaps more surprising (and more unfortunate) is how much the adoption of LLMs has increased the attack surface within orgs. The news is heavy on security issues from MCPs and a novel alignment bypass against LLMs. Not everything is genAI as we cover some secure design topics from the Airborne attack against Apple's AirPlay to more calls for companies to show how they're embracing secure design principles and practices. Apiiro CEO & Co-Founder, Idan Plotnik discusses the AI problem in AppSec. This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them! Gen AI is being adopted faster than company's policy and data security can keep up, and as LLM's become more integrated into company systems and uses leverage more AI enabled applications, they essentially become unintentional data exfiltration points. These tools do not differentiate between what data is sensitive and proprietary and what is not. This interview will examine how the rapid adoption of Gen AI is putting sensitive company data at risk, and the data security considerations and policies organizations should implement before, if, and when their employees may seek to adopt a Gen AI tools to leverage some of their undeniable workplace benefits. Customer case studies: https://www.seclore.com/resources/customer-case-studies/ Seclore Blog: https://www.seclore.com/blog/ This segment is sponsored by Seclore. Visit https://securityweekly.com/seclorersac to learn more about them! Show Notes: https://securityweekly.com/asw-329
Send us a textJourney into the world of cybersecurity with Idan Plotnik, a true pioneer in the field, as he revisits the path that led him to become a leading figure in tech innovation. Starting with a childhood fascination for computers, Idan advanced to play a pivotal role in the Israeli cyber security unit, eventually founding Erato, which caught the eye of Microsoft. He shares insights from his tenure as General Manager for Software Engineering at #Microsoft and how his encounters with Satya Nadella ignited his passion to launch his first company in 2019. This episode unravels the stark differences between nimble startups and the often sluggish corporate giants, offering a compelling narrative for aspiring entrepreneurs and industry veterans alike. Explore the sophisticated challenges of ensuring software and cloud security in today's fast-paced tech environments. With cloud platforms like AWS, Azure, and GCP enabling swift deployments, safeguarding software architecture before cloud deployment becomes crucial. Dive into the intricacies of Apiiro's ASPM platform, which revolutionizes the detection and management of code changes for enhanced security measures. The conversation expands into the realm of AI, highlighting emerging threats and innovative risk-management strategies employed by companies like Apiiro. This episode promises essential insights into balancing development speed with security needs, preparing listeners for the future trajectory of AI in software security.Support the showFollow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today
Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and trust. Segment Resources: https://www.cisa.gov/news-events/news/lessons-xz-utils-achieving-more-sustainable-open-source-ecosystem https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094 https://www.cisa.gov/securebydesign/pledge https://tidelift.com/about/press-releases/tidelift-study-reveals-that-despite-increasing-demands-from-government-and-industry-60-of-maintainers-are-still-unpaid-volunteers https://blog.tidelift.com/paying-maintainers-the-howto Application security posture management has quickly become a hot commodity in the world of AppSec, but questions remain around what is defined by ASPM. Vendors have cropped up from different corners of the AppSec space to help security teams make their programs more effective, improve their security postures, and connect the dots between developers and security. Apiiro is setting the diamond standard for ASPM, combining deep code analysis, runtime context, and native risk detection with a 100% open platform approach, providing more valuable prioritization and a more powerful policy engine. This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them! Bots accounted for nearly half of all internet traffic in 2023, with bad bot traffic rising for a fifth consecutive year. Malicious bot activity is a significant risk for businesses as it can result in account compromise, higher infrastructure and support costs, customer churn, and more. Tune in to learn about the security risks of these automated threats and what trends Imperva has monitored. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-287
Application security posture management has quickly become a hot commodity in the world of AppSec, but questions remain around what is defined by ASPM. Vendors have cropped up from different corners of the AppSec space to help security teams make their programs more effective, improve their security postures, and connect the dots between developers and security. Apiiro is setting the diamond standard for ASPM, combining deep code analysis, runtime context, and native risk detection with a 100% open platform approach, providing more valuable prioritization and a more powerful policy engine. This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them! Bots accounted for nearly half of all internet traffic in 2023, with bad bot traffic rising for a fifth consecutive year. Malicious bot activity is a significant risk for businesses as it can result in account compromise, higher infrastructure and support costs, customer churn, and more. Tune in to learn about the security risks of these automated threats and what trends Imperva has monitored. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Show Notes: https://securityweekly.com/asw-287
Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and trust. Segment Resources: https://www.cisa.gov/news-events/news/lessons-xz-utils-achieving-more-sustainable-open-source-ecosystem https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094 https://www.cisa.gov/securebydesign/pledge https://tidelift.com/about/press-releases/tidelift-study-reveals-that-despite-increasing-demands-from-government-and-industry-60-of-maintainers-are-still-unpaid-volunteers https://blog.tidelift.com/paying-maintainers-the-howto Application security posture management has quickly become a hot commodity in the world of AppSec, but questions remain around what is defined by ASPM. Vendors have cropped up from different corners of the AppSec space to help security teams make their programs more effective, improve their security postures, and connect the dots between developers and security. Apiiro is setting the diamond standard for ASPM, combining deep code analysis, runtime context, and native risk detection with a 100% open platform approach, providing more valuable prioritization and a more powerful policy engine. This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them! Bots accounted for nearly half of all internet traffic in 2023, with bad bot traffic rising for a fifth consecutive year. Malicious bot activity is a significant risk for businesses as it can result in account compromise, higher infrastructure and support costs, customer churn, and more. Tune in to learn about the security risks of these automated threats and what trends Imperva has monitored. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-287
Application security posture management has quickly become a hot commodity in the world of AppSec, but questions remain around what is defined by ASPM. Vendors have cropped up from different corners of the AppSec space to help security teams make their programs more effective, improve their security postures, and connect the dots between developers and security. Apiiro is setting the diamond standard for ASPM, combining deep code analysis, runtime context, and native risk detection with a 100% open platform approach, providing more valuable prioritization and a more powerful policy engine. This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them! Bots accounted for nearly half of all internet traffic in 2023, with bad bot traffic rising for a fifth consecutive year. Malicious bot activity is a significant risk for businesses as it can result in account compromise, higher infrastructure and support costs, customer churn, and more. Tune in to learn about the security risks of these automated threats and what trends Imperva has monitored. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Show Notes: https://securityweekly.com/asw-287
Today we're talking to Yonatan Eldar, Co-Founder & CTO at Apiiro. We discuss Yonatan's philosophy behind application security posture management, the leadership insights that he's uncovered from co-founding his company, and the technology that he's always wished was real. All of this right here, right now, on the Modern CTO Podcast! To learn more about Apiiro, check out their website here. Have feedback about the show? Let us know here. Produced by ProSeries Media. For booking inquiries, email booking@proseriesmedia.co
DSO Overflow S4EP3Paving the Road to Effective Software DevelopmentwithSarah WellsIn this month's episode, Jess and Glenn speak with Sarah Wells an independent tech consultant, author formerly the Technical Director for Engineering Enablement at the Financial Times to talk about how to balance developer autonomy with standardisation.Sarah is a technology leader, consultant and conference speaker with a focus on microservices, engineering enablement, observability and devops. She has over 20 years experience as a developer, principal engineer and tech director across product, platform, SRE and devops teams.She spent over a decade at the Financial Times, leading as it transformed into a true cloud native organisation, releasing code 250 times as often and embracing autonomous empowered teams.In this episode, Sarah shares her experience of transforming a software devlivery programme throgh balancing autonomy with standardisation. She discusses how she moved from monthly releases to multiple releases a day bringing focus, flow and joy to the organisation's engineering community.Resources mentioned in this podcast:Sarah's LinkedIn profileEnabling Microservice Success bookSarah's consultancy websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors: Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com
DSO Overflow S4EP2Resilient CybersecuritywithKennedy TorkuraIn this month's episode, Steve and Glenn speak with Kennedy Torkura from Mitigant to talk about how to build cyber resiliency into your organisation.Kennedy is a cybersecurity professional, CTO and co-founder at Mitigant who specialises continuous security verification and making cybersecurity resilience a first-class citizen in the cloud. Kennedy holds a doctorate in cybersecurity whose thesis covers continuous security paradigms in cloud-native infrastructure. He is also a contributor to the book Security Chaos Engineering released in 2023.In this episode, Kennedy talks about security chaos engineering and how to build security resilience into your organisation. He tells us wha security security chaos engineering (SCE) is, how to start with SCE, and how SCE builds resilience. We also discuss the concepts around detect and respond and how cyber attack emulation creates a more cyber resilient mindset.Resources mentioned in this podcast:Kennedy's LinkedIn profileKennedy's Mitigant blogKennedy's MediumMitigant.ioSecurity Chaos Engineering (book)Netflix Chaos MonkeyDSO Overflow with Aaron Rinehart and Kennedy TorkuraDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors: Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com
Navigating modern application security in a world of Cloud, DevSecOps and now AI is getting rather complex. We spoke to Idan Plotnik, who has 24 years of cybersecurity experience under his belt and is the Co-Founder of Apiiro about world of Application Security Posture Management (ASPM) and their relevance in both large and small organizations. Idan speaks about the challenges faced in managing vast quantities of repositories and tackles common misconceptions about ASPM, confirming that it's not intended to replace existing security pipelines. Guest Socials: Idan Plotnik Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (04:58) A bit about Idan Plotnik (05:56) Application Security tools explained (08:09) Why Application Security Orchestration Correlation (ASOC) didn't work? (09:14) Difference between Cloud Security and Application Security Tools (14:51) Why is there a growing need for Application Security Tools today? (19:07) Do Small to Medium size businesses need Application Security Tools? (21:46) Managing Cybersecurity Tools (26:08) API Security for Applications (30:29) Dealing with Regulatory Requirements in Cybersecurity (34:16) Evolving Goals in Application Security (35:49) Deciphering MTTR in Cybersecurity (37:54) The Fun Questions (39:37) Where you can connect with Idan?
DSO Overflow S4EP1Contract First DevelopmentwithHolly CumminsIn this month's episode, Steve, Jess and Glenn speak with Holly Cummins to talk about how to API contracts and Contract First Development.Holly Cummins is a Senior Principal Software Engineer on the Red Hat Quarkus team and a Java Champion. Over her career, Holly has been a full-stack javascript developer, a WebSphere Liberty build architect, a client-facing consultant, a JVM performance engineer, and an innovation leader. Holly has used the power of cloud to understand climate risks, count fish, help a blind athlete run ultra-marathons in the desert solo, and invent stories (although not at all the same time). She gets worked up about sustainability, technical empathy, extreme programming, the importance of proper testing, and automating all the things. You can find her at http://hollycummins.com, or follow her on socials at @holly_cummins(@hachyderm.io)Resources mentioned in this podcast:PactMicrocksMore on Quarkus' Pact support (and contract testing in general)A nice introduction to ‘contract-first' app development, with a deeper discussion of an ‘ideal' lifecycleSam Newman's book (Building Microservices)Holly's coordinates:Mastodon: https://hachyderm.io/@holly_cumminsLinkedIn: https://www.linkedin.com/in/holly-k-cummins/X/Twitter: https://twitter.com/holly_cumminsHolly's site: https:// hollycummins.comDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors: Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com
Software supply chain security is a major challenge in the modern engineering environment. Many teams are working to establish best practices to proactively identify, fix, and prevent risks in their applications. Apiiro is a platform designed to solve this problem and gives risk visibility, prioritization, and remediation. Yonatan Eldar is the Co-Founder and CTO at The post Apiiro Security Posture Management with Yonatan Eldar appeared first on Software Engineering Daily.
Software supply chain security is a major challenge in the modern engineering environment. Many teams are working to establish best practices to proactively identify, fix, and prevent risks in their applications. Apiiro is a platform designed to solve this problem and gives risk visibility, prioritization, and remediation. Yonatan Eldar is the Co-Founder and CTO at The post Apiiro Security Posture Management with Yonatan Eldar appeared first on Software Engineering Daily.
Software supply chain security is a major challenge in the modern engineering environment. Many teams are working to establish best practices to proactively identify, fix, and prevent risks in their applications. Apiiro is a platform designed to solve this problem and gives risk visibility, prioritization, and remediation. Yonatan Eldar is the Co-Founder and CTO at The post Apiiro Security Posture Management with Yonatan Eldar appeared first on Software Engineering Daily.
DSO Overflow S3EP12The world of OWASPwithSam StepanyanIn this month's episode, Steve and Glenn speak with Sam Stepanyan who was recently voted onto the OWASP board. Sam tells us about his involvement with OWASP, the origins of OWASP, and what the future hold for OWASP.Sam is an OWASP London Chapter Leader, elected OWASP board member and an Independent Application Security Consultant with over 20 years of experience in the IT industry with a background in software engineering and web application development. Sam has worked for various financial services institutions in the City of London specialising in Application Security consulting, Secure Software Development Lifecycle (SDLC), developer training, source code reviews and vulnerability management. Sam holds a Master's degree in Software Engineering and a CISSP certification.Resources mentioned in this podcast:Sam's LinkedIn ProfileSam's X (formerly Twitter)OWASP ProjectsOWASP Application Security Verification Standard (ASVS)OWASP Mobile Application SecurityOWASP Low-Code/No-Code Top 10OWASP AI ExchangeOWASP Top 10 for LLMsOWASP CheatSheet seriesOWASP MembershipDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors: Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com
DSO Overflow S3EP11Storing secretswithMackenze JacksonIn this month's episode, Steve, Jess and Glenn speak with Mackenzie Jackson to talk about managing secrets and digital authentication credentials in distributed architectures. In particular, Mackenzie digs into the concepts of secrets sprawl, and how we can keep secrets safe.Mackenzie is currently the developer advocate at GitGuardian, a developer-first cybersecurity company based in Paris that is focused on helping keep secrets and credentials out of source code.Mackenzie is passionate about technology and building a community of engaged developers to shape future tools and systems. As the co-founder and former CTO of startup Conpago, Mackenze understands the importance of solid operational and security foundations in any tech team and the importance of in-depth security processes and policies.Resources mentioned in this podcast:Mackenzie's LinkedIn profileMackenzie's X (FKA Twitter)GitGuardianDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors: Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com
DSO Overflow S3EP10Private end-pointswithJonathan D'AloiaIn this episode, Glenn, Jess and Steve are joined by Jonathan D'Aloia from Adatis to talk about benefits and challenges of using private end-points. Jonathan is a Principal DevOps Engineer at Adatis (part of Telefonica Tech) and is also an Azure Certified DevOps engineer and certified Cloud Solution Architect.Jonathan works with Infrastructure as code languages such as BICEP, Terraform and ARM templates, writes and designs YAML templates to automate the deployment of the Infrastructure as well as pipelines to deploy the code base to these resources.In this episode, Jonathan talks about his journey to Azure certification, the challenges of using public end-points and how private end-points can help overcome those challenges. He also explains some of the pitfalls of using private end-points ensuring our listeners are better informed when they decide to review their end-point security architecture.Resources mentioned in this podcast:Jonathan's LinkedIn profileAzure certification by MicrosoftAdatis (part of Telefonica Tech)DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors: Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com
DSO Overflow S3EP9Container SecuritywithRony MoshkovichIn this episode, Glenn and Jess are joined by Rony Moshkovich, co-founder & CPO at Prevasio, an AlgoSec company to talk about adopting a container security programme. Rony has extensive experience with cloud platform development, developing cloud-hosted service platforms for companies such as NTT, Symantec, HCL, CA, and more. A true veteran of the antivirus industry, Rony has worked as Development Director and Malware Research Lab Manager for CAHCL and PC ToolsSymantec. Having many years of extensive experience in building and managing security research labs, Rony is a recognised expert in Threat Management and Identity Access Management solutions for various markets.Resources mentioned in this podcast:Rony's LinkedIn profileCloud Native Computing Foundation (CNCF)Prevasio (and AlgoSec company)DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors: Prisma Cloud,, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com
Idan Plotnik is a half Russian and half Moroccan, which mainly shows up in the way he cooks. First and foremost though, he is a geek, having worked in computer security from his early days. Outside of tech, he is married to a professional surfer, so he and his wife surf Israel's waves regularly. He is a dad as well, and stays busy putting together lego sets, or cooking delicious fish dishes, in traditional moroccan style.In the past, Idan sold two companies, one of which to Microsoft. At Microsoft, he felt the challenge and the pain of talking to risk management and security folks, begging them to integrate their tooling into the development process - which slowed down delivery. After spending so much time on non-value add activities, he decided to set out and optimize this process.This is the creation story of Apiiro.SponsorsCipherstashTreblleCAST AI FireflyTursoMemberstackLinksWebsite: https://apiiro.com/LinkedIn: https://www.linkedin.com/in/idanplotnik/Support this podcast at — https://redcircle.com/code-story/donationsAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy
DSO Overflow S3EP8Static Application Security TestingwithNipun GuptaIn this episode, Glenn is joined by Nipun Gupta, a seasoned technology executive, entrepreneur, and speaker to talk about static code analysis, its benefits, its pitfalls and how best to integrate tools into developer workflows. Based nowadays in London, UK after a decade in Silicon Valley, Nipun has developed a reputation as a thought leader and innovator in cybersecurity at places like NCC Group, Deutsche Bank, and Deloitte. Prior to leading Integrations Product at Devo, he served as the Vice President, Global Cyber Security Strategy & Innovation Lead at Deutsche Bank's Silicon Valley office. Currently serving as the COO at Bearer, a fast-growing static code analysis platform that is redefining what code security can do, Nipun is at the forefront of the DevSecOps revolution, helping companies of all sizes adopt modern approaches to software development and security.Resources mentioned in this podcast:Nipun's LinkedIn profileNipun's Twitter FeedBearer CLI documentationBearer on GitHubBearer on TwitterDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors: Prisma Cloud,, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com
Have you ever pondered how the world of cybersecurity is transforming rapidly, with application security at the forefront? Join us as we dive deep into this intriguing realm with our esteemed guest, Moti Gindi from Apiiro, a military veteran and product management whiz with a fascinating journey from the Israeli Cyber Units to incubating a security business at Microsoft.Beginning his tryst with technology during his 7-year military service, Moti's unique blend of computer science and linguistics armed him with an uncanny ability to filter vast amounts of data swiftly. His spell with the Israeli Defense Force and subsequent stint at Microsoft, leading the telecom mobile group and nurturing a security business from scratch, is a testament to his exceptional skill set. With his current focus on the challenging terrain of application security, Moti deciphers the rapid changes in the market and underlines the critical need for a holistic approach. He sheds light on the importance of investing in cloud infrastructure security, application security, and security posture management to safeguard modern applications. A thought-provoking discussion that unravels the intricacies of code writing, AI, and generative technology, this episode promises to fuel your curiosity and leave you eager for more insights into the world of cybersecurity. Are you as excited as we are? Tune in and join the conversation as we navigate through this transformative landscape.LinkedIn: https://www.linkedin.com/in/moti-gindi-7667b/Apiiro: https://apiiro.com/10k Media: https://www.10kmedia.co/Support the showAffiliate Links:NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902 Follow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today
DSO Overflow S3EP7Open Source Cloud SecuritywithMatt JohnsonIn this episode, Steve, Jess and I are joined by Matt Johnson, developer advocate at Palo Alto Networks to talk to us about open source cloud security. Matt is a Developer Advocate for all things cloud security and open source at Prisma Cloud (part of Palo Alto). Hobbyist pentester, network and container geek, he specialises in Cloud Infrastructure and developer ecosystem security. Matt introduces us to the Checkov and Yor open source projects and talks about how AI may affect cloud security in the future.Resources mentioned in this podcast:Matt's LinkedIn profileCheckovYorCICD Goat on GitHubKubernetes Goat on GitHubDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors: Prisma Cloud,, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com
DSO Overflow S3EP6Notes from JapanwithJohn WillisIn this episode, Glenn is joined by John Willis, DevOps advocate and co-author of the DevOps Handbook to talk about our recent trip to Japan in which we visited a number of organisations to gain an understanding of lean principles. Listen to John as he shares his views of the trip and what he learned about quality, community, society and of course, Deming.Resources mentioned in this podcast:John's LinkedIn profileJohn's Profound Deming blogJohn's lates book on DemingThe DevOps HandbookDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors: Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com
Adam sits down with Payton to discuss the blurring of infrastructure and application security, marketing strategies for startups versus enterprises, and the art of category creation.
DSO Overflow S3EP5Workload authentication and authorisation using SPIFEE and OPAwithCharlie EgainIn this episode, Steve, Jess and I are joined by Charlie Egan, developer advocate and Styra to talks to us about using SPIFFE (Secure Production Identity Framework For Everyone) and OPA (Open Policy Agent) to authenticate and authorise workloads. Charlie explains what SPIFFE is, how to start using it, and the challenges it helps organisations overcome.Resources mentioned in this podcast:Charlie's LinkedIn profileSPIFFEOPADSO Overflow S1Ep7 on Open Policy AgentDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors: Prisma Cloud,, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com
Moshe Zioni, VP of Security Research at Apiiro, a leader in Cloud-Native Application Security, discusses Apiiro's recently released research on the topic of secrets management in private repositories. He also explains how secrets are exposed, how to protect secrets when posting code snippets to public and private repositories, the importance of education, how developers and application security professionals can scale and have greater visibility of code commits. Moshe also explains how Apiiro can help improve both operational efficiency and security of enterprises. https://apiiro.com/ https://apiiro.com/secrets-insights-2022/ Secure Talk Podcast shorturl.at/BJKL2
Moshe Zioni, VP of security research at Apiiro has been researching security for over 20 years in multiple industries. In this episode of Cybersecurity Unplugged, Zioni discusses the downstream dependencies on other open source programs that are called by API, how organizations can best mitigate future ransomware attacks, specifically around supply chain and open source, and the difference between private and public repositories, giving the eight-times the number of exposed secrets in private repositories.
Idan: CEO and co-founder of Apiiro, securing software supply chains for cloud native applications Founder and CEO of Aorato which was acquired by Microsoft Founder of a cybersecurity services company Fellow surfer! Check out the episode for our discussion on contextualizing application security risk, acquisition decision-making, and RSA's Innovation Sandbox challenge. Links: https://apiiro.com/
Russia reroutes Internet traffic in occupied regions of Ukraine through Russian services. The Stormous gang, hacking on behalf of Russia. DNS poisoning risk. Updates on Chinese cyberespionage campaigns. Our guest Chetan Mathur of Next Pathway finds similarities between the cloud industry and the 1849 California Gold Rush. Eldan Ben-Haim of Apiiro on why cybersecurity is largely a culture issue. Notes on ransomware operations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/85 Selected reading. Microsoft sees Russian cyberattacks on Ukraine 'getting more and more disruptive' (Inside Defense) Sergey Lavrov claims Hitler had 'Jewish blood' (The Telegraph) Lavrov's anti-Semitic outburst exposes absurdity of Russia's “Nazi Ukraine” claims (Atlantic Council) Russia likens Zelensky to Hitler as Mariupol says Russia worse than Nazis (Newsweek) Russia reroutes internet in occupied Ukrainian territory through Russian telcos (The Record by Recorded Future) Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine (Trustwave) Zhadnost ‘stamps' out Ukrainian National Postal Service's website. (SecurityScorecard) Industrial cybersecurity researchers, looking for help, go public with unpatched IoT bug (The Record by Recorded Future) Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk (Nozomi Networks) Chinese "Override Panda" Hackers Resurface With New Espionage Attacks (The Hacker News) Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector (The Hacker News) New Black Basta Ransomware Possibly Linked to Conti Group (SecurityWeek) Experts Analyze Conti and Hive Ransomware Gangs' Chats With Their Victims (The Hacker News) Conti and Hive ransomware operations: What we learned from these groups' victim chats (Cisco Talos) Conti and Hive ransomware operations: (Cisco Talos)
Moshe Zioni of Apiiro talks about threat research and how to properly report discovered code vulnerabilities. We discuss the ways that vulnerabilities can find their way into code despite your best intentions, the difference between full disclosure and responsible disclosure, and being in the last generation to still grow up before the internet changed everything. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Cybersecurity threat research 2:21 - Getting interested in computers3:25 - Penetration testing and threat research 6:15 - Code vulnerabilities 10:58 - Research process for vulnerabilities 17:05 - Proper reporting of threats23:11 - Full disclosure vs proper disclosure25:53 - Current security threats30:20 - Day-to-day work of security researchers 32:02 - Tips for working in pentesting 35:32 - What is Apiiro?39:11 - Learn more about Moshe Zioni 39:42 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It's our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
Developers are now responsible for implementing digital security policies in software, but few understand the fundamentals of cybersecurity. In this episode, Samir Sherif, CISO of Imperva, and Yonatan Eldar, CTO of Apiiro discuss ways to bridge the gap between security and development, as well as share best practices for cloud security and much more.---------“I think the talent that we're going to see evolving sooner than later is more technologists becoming better risk professionals, because cyber risk and information security challenges are not solved purely by security professionals. If we're going to continue to evolve and deal with this threat landscape, I think a change in industry from a talent perspective needs to be the adoption of risk capabilities.” - Samir Sherif“From the security perspective, the smart thing for companies to do now is to push some of the responsibilities, knowledge, and awareness to the developers… We need to do that from day one. We need to think about security this way.” - Yonatan Eldar---------Time Stamps:* (1:00) Samir and Yonatan's roles at Imperva and Apiiro* (3:00) Changing landscape of cybersecurity* (8:45) Securing funding for cybersecurity * (13:15) Key security roles needed in the future* (21:55) Maximizing security with the sacrifice * (22:41) Benefits of using a multi-cloud infrastructure * (27:00) Lessons learned from past cyber attacks * (31:25) Security secrets not enough execs know * (36:50) Samir and Yonatan ask each other questions--------SponsorThis podcast is brought to you by Asana. Asana is a leading work management platform that empowers teams to orchestrate their work — from daily tasks to big strategic initiatives — all in one place. By enabling the world's teams to work together effortlessly, Asana helps organizations of all sizes and industries achieve their goals, faster. Learn more at Asana.com.--------LinksConnect with Samir on LinkedInConnect with Yonatan on LinkedInLearn more about ImpervaLearn more about Apiiro
Contextual AppSec Testing, Open Source Security, Log4j, and MoreIn this episode of Agent of Influence, Nabil speaks with Idan Plotnik, CEO and Co-Founder of Apiiro. They dig into the concept of contextual application security testing, the importance of contributing to the open source community, dependency confusion, steps organizations should take to address Log4j (and similar vulnerabilities), and more.
Running fast is good but not headfirst into a brick wall. Similarly, software development needs to move fast, but moving too fast typically is not secure and can cause headaches. Furthermore, old security protocols are insufficient and inefficient. Idan Plotnik, the Co-Founder & CEO of Apiiro, makes the case for a platform that quickly provides contextualized information concerning codingMain TakeawaysContextualized Info: An old way of checking code often involved the coders themselves answering a long list of questions. This was inefficient and ineffective. A more helpful approach is to have a platform that quickly provides contextualized information concerning the coding, the process, and potential breaks in the chain. With this type of info, security risks can much more efficiently be discovered and addressed. Establishing Trust: A platform that provides contextualized information can assist in communication between AppSec teams and developers. If an AppSec team is able to approach the developers with helpful information, then that can establish trust between all parties. With trust established, everybody can work together to reduce the security risk. Mission-oriented: An entrepreneur, or a company, should have passion for their mission, whether that's in securing software development or otherwise. In Israel, there is certainly a connection between innovation and the lessons that many entrepreneurs have learned during their military service. Mission-oriented values seem to translate to successful business outcomes.IT Visionaries is brought to you by the Salesforce Platform - the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation - with the customer at the center of everything you do. Learn more at salesforce.com/platform
Cross-chain attack steals millions in cryptocurrency. LockBit claims to have hit Accenture, but Accenture says with negligible consequences. Emissary Panda flies a false Iranian flag. Ekranoplan posts a key for the REvil strain used against Kaseya. AlphaBay has risen from the grave, sort of. Johannes Ullrich has thoughts on resetting 2FA. Our guest is Idan Plotnik from Apiiro on their win of the 2021 RSAC Innovation Sandbox Contest. And you can't fool us, you bought-and-paid-for influencers you: no vaccine is going to turn us into monkeys. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/154
Idan Plotnik, CEO of Apiiro, joins Dennis Fisher to talk about taking a risk-based approach to code and securing the software development lifecycle.