POPULARITY
4 episodes with charlie bell
4 episodes with charlie bell
2 episodes with charlie bell
3 episodes with charlie bell
2 episodes with charlie bell
3 episodes with charlie bell
3 episodes with charlie bell
2 episodes with charlie bell
2 episodes with charlie bell
New York is known for its Italian food but changing demographics have introduced other thriving cuisines. Charlie Bell heads to the Belmont area of the Bronx where authentic Italian-American food continues to shine.See omnystudio.com/listener for privacy information.
We’re looking at a slice of history this week in the shape of Lee Lee’s Baked Goods, which has been serving New Yorkers for nearly 40 years. It’s the story of Alvin Lee Smalls, known as Lee Lee, and the changing face of the iconic Harlem neighbourhood. Lee Lee joins Charlie Bell to speak about his life’s work.See omnystudio.com/listener for privacy information.
In this special episode marking 50 years of Microsoft, host Sherrod DeGrippo is joined by Charlie Bell, Stephanie Calabrese, John Lambert, and Scott Woodgate to take a deeper look at Microsoft's incredible journey in cybersecurity. They share their experiences and reflections on how the company has grown over the last five decades, from the early days of proprietary systems to the transformative rise of cloud computing and AI. As they celebrate this milestone, the conversation dives into the evolution of security practices, the development of key initiatives like the Microsoft Threat Intelligence Center and the Secure Future Initiative, and the culture of collaboration that has always been at the heart of Microsoft's approach to tackling cybersecurity challenges. In this episode you'll learn: How Microsoft evolved to lead the charge in cloud computing and AI Why Microsoft's security efforts have influenced the broader tech industry The evolution of Microsoft's security, from XP Service Pack 2 to the Secure Future Initiative Some questions we ask: How did the company's culture and products impact you early on? How have you seen Microsoft's prioritization toward cybersecurity create change? Resources: View Charlie Bell on LinkedIn View Stephanie Calabrese on LinkedIn View John Lambert on LinkedIn View Scott Woodgate on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
This recording of a live debate between Andrew Bunt and Charlie Bell speaks to sexuality, gender, and identity within the church. Andrew Bunt, Emerging Generations Director at Living Out and author of "Finding Your Best Identity," is a same-sex attracted Christian who has chosen celibacy and believes in traditional male-female marriage. Charlie Bell, a gay Anglican vicar and psychiatrist, is the author of "Queer Holiness" and advocates for the acceptance of gay marriage in the church. In this episode of the Unbelievable? Podcast we're looking at Sexuality and gender identity in Christianity, the recent controversy in the Church of England over gay blessingsl, Biblical perspectives on marriage and LGBTQI+ issues and include an audience Q&A session to get you answers on this topic. Originally Aired: 17 Feb 2023 • Subscribe to the Unbelievable? podcast: https://pod.link/267142101 • More shows, free eBook & newsletter: https://premierunbelievable.com • For online learning: https://www.premierunbelievable.com/training • Support us in the USA: http://www.premierinsight.org/unbelievableshow • Support us in the rest of the world: https://www.premierunbelievable.com/donateThis recording of a live debate between Andrew Bunt and Charlie Bell speaks to sexuality, gender, and identity within the church. Andrew Bunt, Emerging Generations Director at Living Out and author of "Finding Your Best Identity," is a same-sex attracted Christian who has chosen celibacy and believes in traditional male-female marriage. Charlie Bell, a gay Anglican vicar and psychiatrist, is the author of "Queer Holiness" and advocates for the acceptance of gay marriage in the church. In this episode of the Unbelievable? Podcast we're looking at Sexuality and gender identity in Christianity, the recent controversy in the Church of England over gay blessingsl, Biblical perspectives on marriage and LGBTQI+ issues and include an audience Q&A session to get you answers on this topic. Originally Aired: 17 Feb 2023 • Subscribe to the Unbelievable? podcast: https://pod.link/267142101 • More shows, free eBook & newsletter: https://premierunbelievable.com • For online learning: https://www.premierunbelievable.com/training • Support us in the USA: http://www.premierinsight.org/unbelievableshow • Support us in the rest of the world: https://www.premierunbelievable.com/donate
In this milestone 100th episode of Afternoon Cyber Tea, we celebrate with a special "Best Of" compilation featuring some of our most remarkable guests. Join us as we revisit highlights from conversations with Charlie Bell, Marc Goodman, Dr. Andrea Matwyshyn, Dr. Fiona Hill, Runa Sandvik, Hyrum Anderson and Ram Shankar Siva Kumar, MK Palmore, Marene Allison, Mike Hanley, and Theresa Payton. This episode brings together a wealth of knowledge and experience, reflecting on our journey and looking ahead to future challenges and innovations. We extend our deepest gratitude to our dedicated listeners for your invaluable support. Thank you for being a part of our Afternoon Cyber Tea community. Please note: Afternoon Cyber Tea is going on an indefinite hiatus. Resources: View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
Microsoft has recently been criticized for not prioritizing security enough. Following the CSRB's Report on the Storm-0558 attack, Microsoft announced that security is now a top priority, with a commitment to address security issues before new product innovations. In this podcast episode, Andy and Paul Schnackenburg discuss the blog post which analyzes the Secure Future Initiative and its advancements. The conversation brings up the burning question: Was it the Cyber Safety Review Board (CSRB) that catalyzed Microsoft's proactive stance on security? Key takeaways: Microsoft is taking proactive steps to address security vulnerabilities and enhance its security measures following recent incidents. The focus on protecting identities, enforcing multi-factor authentication, and improving network segmentation are crucial for bolstering security. Efforts to align security actions with recommendations from the CSRB demonstrate a commitment to addressing criticisms directly. Timestamps: (06:52) Key Insights from Charlie Bell's Blog Post Addressing Cyber Security Concerns (11:22) Enhancing Security Measures in Response to the CSRB's Report (21:22) Top Security Practices for Protecting Tenants and Production Systems (24:46) Enhancing Cloud Security with Micro Segmentation and Software Supply Chain Protection (30:44) Challenges and Considerations in Cloud Security Logging and Storage (34:37) Enhancing Cloud Security with Microsoft Sentinel and Vulnerability Reporting (37:37) Unveiling Common Vulnerabilities and the Importance of Secure Authentication in Cloud Environments (42:34) Analyzing Microsoft's Response to a Security Incident Episode Resources: The Blog Post from Charlie Bell EP39: Are Passkeys the Future of Authentication? Subcribe to our new YouTube Channel for more
Being a Digital Leader - the Good, Bad AND Ugly of Digital Transformation
Join us in our latest podcast for an insightful conversation with Charlie Bell, a seasoned leader at Contentful. With almost two decades of experience in digital transformation, Charlie's journey from engineering to driving transformative projects and now in a key commercial role at Contentful offers a fresh and dynamic perspective on the evolving digital world.We delve into the role of Contentful in digital transformation, exploring its evolution over the past decade and uncovering lesser-known aspects of the platform. Charlie shares his insights on the current challenges and exciting developments at Contentful, highlighting the intersection of technology and business strategy and the need to innovate or risk stagnating.We explore the shifting dynamics of the digital landscape, from Contentful's origins primarily with developers to its increasing collaboration with marketers. Charlie reflects on his multifaceted career, drawing from experiences on both sides of the table to offer valuable insights into navigating digital transformation effectively.One key focus of our discussion is on composable architectures and the importance of the MACH Alliance in digital transformation. Charlie sheds light on the concept of composable architectures, underscoring its significance in empowering organisations. Charlie shares anecdotes of organisations navigating challenges in selecting digital solutions and managing platform transitions, offering practical strategies for success.Join us for valuable insights and practical advice on digital transformation success in today's rapidly evolving digital landscape.Visit AND Digital's website here for the latest episodes and to stay informed. Follow us on:Linkedin: and_digitalX: AND_digitalInsta: and.digital
Episode Highlights Jason Strayhorn and Sedrick Irvin relive Michigan State Basketball Senior night and reminisce about life living on campus in East Lansing Flintstone Charlie Bell joins the show live to talk playing at Michigan State; overseas and in the NBA and life after basketball SHOP SHOW MERCH AT https://thisisspartamsu.com
Marketing in the Madness is back LIVE in London with a panel of industry leaders on the frontlines of the AI revolution!Let's give a warm round of applause for…
Microsoft Security EVP Charlie Bell joins Ann on this week's episode of Afternoon Cyber Tea. Charlie has over four decades in the tech industry, from developing space shuttle software to leading the creation of Amazon Web Services' decentralized engineering system and now leading Microsoft's effort to make the digital world safe and secure for everyone on the planet. Ann and Charlie discuss AI, the Security ecosystem, and why he thinks speed and acceleration of problem-solving are so relevant today. Resources: View Charlie Bell on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Listen to: Uncovering Hidden Risks Listen to: Security Unlocked Listen to: Security Unlocked: CISO Series with Bret Arsenault Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of The CyberWire Network.
- Thoughts on the operational period of Cruise- a quiet Christmas and New Year period now a tradition- Anecdotes from 'John Wick' - a vigilante saga from Reddit, as it unfolded in Mexico- Dmitry Manarikov's propositions on post-holiday plans and parenting- Dwell into 'engineering excellence' vs 'operational excellence' - insights from Charlie Bell from AWS- Observability and unit tests in programming decoded- Studying AWS and Uber - their business processes under the lens- A gaming session featuring a range of titles, including Nintendo Switch, Punch Club, Dave the Diver, Outer Wilds, Deathloop, Stray, Journey, What Remains of Eddie Switch, and Life Is Strange- Encountered any tribulations with gaming on Apple's M1 chip? Discussing conundrums such as CS2's lack of Mac support and Steam's communication pitfalls- Jessica's long-term memory GPUs - how useful are they?- A peek into the world of stock investment bots - managing performance hiccups and the spotlight on Solana investments- OpenAI's growth trajectory - improvements and impacts- Our shout-out corner - Alexander and Oleg, join the live stream on our YouTube channel or engage with us on our [Discord community](https://discord.gg/T38WpgkHGQ)- An in-depth exploration into Local Language Models (LLMs) - dealing with fine-tuning issues and data collection barriers- Privacy paradox, data governance and AI's ability to discern human behaviour - a deep dive into the data age- Applying 'single responsibility' principle to IoT devices - breaking it down- Hunting for simple and reliable devices for smart home systems - the journey and challengesMake sure to [join our Discord community](https://discord.gg/T38WpgkHGQ) for more engaging discussions.
In today's episode, we are joined by Rhyan Gamet & Charlie Bell. Her company, R&G Remodeling LLC, is one of Maryland's leading construction companies. Rhyan and Charlie share their experiences, from being real estate investors to business partners, the world of investing, and their insights on the real estate market.Soaring to New HealthWe're talking Medicare Stars– what it is, why it's important, challenges & strategies. Listen on: Apple Podcasts Spotify Leadership Lessons From The Great BooksBecause understanding great literature is better than trying to read and understand...Listen on: Apple Podcasts Spotify
New targets of Chinese cyberespionage are uncovered. Monti ransomware is back. An evasive phishing campaign exposed. A Realtors' network taken down by cyberattack. A closer look at NoName057(16). Perspective on cyberwar - remember Pearl Harbor, but don't see it everywhere. Ben Yelin on the Consumer Financial Protection Bureau's plans to regulate surveillance tech. Microsoft's Ann Johnson and Charlie Bell ponder the future of security. And scammers are targeting kids playing Fortnite and Roblox. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/155 Selected reading. Chinese spies who read State Dept. email also hacked GOP congressman (Washington Post) Binary Ballet: China's Espionage Tango with Microsoft (SecurityHQ) Microsoft Exchange hack to be investigated by US Cyber Safety Board (Computing) Monti ransomware targets VMware ESXi servers with new Linux locker (BleepingComputer) Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile (Netskope) Cyberattack on Bay area vendor cripples real estate industry (The Real Deal) Intel insiders go undercover revealing fresh details into NoName hacktivist operations (Cybernews) Why the US Military Wants You To Rethink the Idea of 'Cyber War' (The Messenger) A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight (WIRED)
Microsoft Security EVP Charlie Bell joins Ann on this week's episode of Afternoon Cyber Tea. Charlie has over four decades in the tech industry, from developing space shuttle software to leading the creation of Amazon Web Services' decentralized engineering system and now leading Microsoft's effort to make the digital world safe and secure for everyone on the planet. Ann and Charlie discuss AI, the Security ecosystem, and why he thinks speed and acceleration of problem-solving are so relevant today. Resources: View Charlie Bell on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Listen to: Uncovering Hidden Risks Listen to: Security Unlocked Listen to: Security Unlocked: CISO Series with Bret Arsenault Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of The CyberWire Network.
Anna Belak, Director of The Office of Cybersecurity Strategy at Sysdig, joins Corey on Screaming in the Cloud to discuss the findings in this year's newly-released Sysdig Global Cloud Threat Report. Anna explains the challenges that teams face in ensuring their cloud is truly secure, including quantity of data versus quality, automation, and more. Corey and Anna also discuss how much faster attacks are able to occur, and Anna gives practical insights into what can be done to make your cloud environment more secure. About AnnaAnna has nearly ten years of experience researching and advising organizations on cloud adoption with a focus on security best practices. As a Gartner Analyst, Anna spent six years helping more than 500 enterprises with vulnerability management, security monitoring, and DevSecOps initiatives. Anna's research and talks have been used to transform organizations' IT strategies and her research agenda helped to shape markets. Anna is the Director of The Office of Cybersecurity Strategy at Sysdig, using her deep understanding of the security industry to help IT professionals succeed in their cloud-native journey.Anna holds a PhD in Materials Engineering from the University of Michigan, where she developed computational methods to study solar cells and rechargeable batteries.Links Referenced: Sysdig: https://sysdig.com/ Sysdig Global Cloud Threat Report: https://www.sysdig.com/2023threatreport duckbillgroup.com: https://duckbillgroup.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted guest episode is brought to us by our friends over at Sysdig. And once again, I am pleased to welcome Anna Belak, whose title has changed since last we spoke to Director of the Office of Cybersecurity Strategy at Sysdig. Anna, welcome back, and congratulations on all the adjectives.Anna: [laugh]. Thank you so much. It's always a pleasure to hang out with you.Corey: So, we are here today to talk about a thing that has been written. And we're in that weird time thing where while we're discussing it at the moment, it's not yet public but will be when this releases. The Sysdig Global Cloud Threat Report, which I am a fan of. I like quite a bit the things it talks about and the ways it gets me thinking. There are things that I wind up agreeing with, there are things I wind up disagreeing with, and honestly, that makes it an awful lot of fun.But let's start with the whole, I guess, executive summary version of this. What is a Global Cloud Threat Report? Because to me, it seems like there's an argument to be made for just putting all three of the big hyperscale clouds on it and calling it a day because they're all threats to somebody.Anna: To be fair, we didn't think of the cloud providers themselves as the threats, but that's a hot take.Corey: Well, an even hotter one is what I've seen out of Azure lately with their complete lack of security issues, and the attackers somehow got a Microsoft signing key and the rest. I mean, at this point, I feel like Charlie Bell was brought in from Amazon to head cybersecurity and spent the last two years trapped in the executive washroom or something. But I can't prove it, of course. No, you target the idea of threats in a different direction, towards what people more commonly think of as threats.Anna: Yeah, the bad guys [laugh]. I mean, I would say that this is the reason you need a third-party security solution, buy my thing, blah, blah, blah, but [laugh], you know? Yeah, so we are—we have a threat research team like I think most self-respecting security vendors these days do. Ours, of course, is the best of them all, and they do all kinds of proactive and reactive research of what the bad guys are up to so that we can help our customers detect the bad guys, should they become their victims.Corey: So, there was a previous version of this report, and then you've, in long-standing tradition, decided to go ahead and update it. Unlike many of the terrible professors I've had in years past, it's not just slap a new version number, change the answers to some things, and force all the students to buy a new copy of the book every year because that's your retirement plan, you actually have updated data. What are the big changes you've seen since the previous incarnation of this?Anna: That is true. In fact, we start from scratch, more or less, every year, so all the data in this report is brand new. Obviously, it builds on our prior research. I'll say one clearly connected piece of data is, last year, we did a supply chain story that talked about the bad stuff you can find in Docker Hub. This time we upleveled that and we actually looked deeper into the nature of said bad stuff and how one might identify that an image is bad.And we found that 10% of the malware scary things inside images actually can't be detected by most of your static tools. So, if you're thinking, like, static analysis of any kind, SCA, vulnerability scanning, just, like, looking at the artifact itself before it's deployed, you actually wouldn't know it was bad. So, that's a pretty cool change, I would say [laugh].Corey: It is. And I'll also say what's going to probably sound like a throwaway joke, but I assure you it's not, where you're right, there is a lot of bad stuff on Docker Hub and part of the challenge is disambiguating malicious-bad and shitty-bad. But there are serious security concerns to code that is not intended to be awful, but it is anyway, and as a result, it leads to something that this report gets into a fair bit, which is the ideas of, effectively, lateralling from one vulnerability to another vulnerability to another vulnerability to the actual story. I mean, Capital One was a great example of this. They didn't do anything that was outright negligent like leaving an S3 bucket open; it was a determined sophisticated attacker who went from one mistake to one mistake to one mistake to, boom, keys to the kingdom. And that at least is a little bit more understandable even if it's not great when it's your bank.Anna: Yeah. I will point out that in the 10% that these things are really bad department, it was 10% of all things that were actually really bad. So, there were many things that were just shitty, but we had pared it down to the things that were definitely malicious, and then 10% of those things you could only identify if you had some sort of runtime analysis. Now, runtime analysis can be a lot of different things. It's just that if you're relying on preventive controls, you might have a bad time, like, one times out of ten, at least.But to your point about, kind of, chaining things together, I think that's actually the key, right? Like, that's the most interesting moment is, like, which things can they grab onto, and then where can they pivot? Because it's not like you barge in, open the door, like, you've won. Like, there's multiple steps to this process that are sometimes actually quite nuanced. And I'll call out that, like, one of the other findings we got this year that was pretty cool is that the time it takes to get through those steps is very short. There's a data point from Mandiant that says that the average dwell time for an attacker is 16 days. So like, two weeks, maybe. And in our data, the average dwell time for the attacks we saw was more like ten minutes.Corey: And that is going to be notable for folks. Like, there are times where I have—in years past; not recently, mind you—I have—oh, I'm trying to set something up, but I'm just going to open this port to the internet so I can access it from where I am right now and I'll go back and shut it in a couple hours. There was a time that that was generally okay. These days, everything happens so rapidly. I mean, I've sat there with a stopwatch after intentionally committing AWS credentials to Gif-ub—yes, that's how it's pronounced—and 22 seconds until the first probing attempt started hitting, which was basically impressively fast. Like, the last thing in the entire sequence was, and then I got an alert from Amazon that something might have been up, at which point it is too late. But it's a hard problem and I get it. People don't really appreciate just how quickly some of these things can evolve.Anna: Yeah. And I think the main reason, from at least what we see, is that the bad guys are into the cloud saying, right, like, we good guys love the automation, we love the programmability, we love the immutable infrastructure, like, all this stuff is awesome and it's enabling us to deliver cool products faster to our customers and make more money, but the bad guys are using all the same benefits to perpetrate their evil crimes. So, they're building automation, they're stringing cool things together. Like, they have scripts that they run that basically just scan whatever's out there to see what new things have shown up, and they also have scripts for reconnaissance that will just send a message back to them through Telegram or WhatsApp, letting them know like, “Hey, I've been running, you know, for however long and I see a cool thing you may be able to use.” Then the human being shows up and they're like, “All right. Let's see what I can do with this credential,” or with this misconfiguration or what have you. So, a lot of their initial, kind of, discovery into what they can get at is heavily automated, which is why it's so fast.Corey: I feel like, on some level, this is an unpleasant sharp shock for an awful lot of executives because, “Wait, what do you mean attackers can move that quickly? Our crap-ass engineering teams can't get anything released in less than three sprints. What gives?” And I don't think people have a real conception of just how fast bad actors are capable of moving.Anna: I think we said—actually [unintelligible 00:07:57] last year, but this is a business for them, right? They're trying to make money. And it's a little bleak to think about it, but these guys have a day job and this is it. Like, our guys have a day job, that's shipping code, and then they're supposed to also do security. The bad guys just have a day job of breaking your code and stealing your stuff.Corey: And on some level, it feels like you have a choice to make in which side you go at. And it's, like, which one of those do I spend more time in meetings with? And maybe that's not the most legitimate way to pick a job; ethics do come into play. But yeah, there's it takes a certain similar mindset, on some level, to be able to understand just how the security landscape looks from an attacker's point of view.Anna: I'll bet the bad guys have meetings too, actually.Corey: You know, you're probably right. Can you imagine the actual corporate life of a criminal syndicate? That's a sitcom in there that just needs to happen. But again, I'm sorry, I shouldn't talk about that. We're on a writer's strike this week, so there's that.One thing that came out of the report that makes perfect sense—and I've heard about it, but I haven't seen it myself and I wanted to dive into on this—specifically that automation has been weaponized in the cloud. Now, it's easy to misinterpret that the first time you read it—like I did—as, “Oh, you mean the bad guys have discovered the magic of shell scripts? No kidding.” It's more than that. You have reports of people using things like CloudFormation to stand up resources that are then used to attack the rest of the infrastructure.And it's, yeah, it makes perfect sense. Like, back in the data center days, it was a very determined attacker that went through the process of getting an evil server stuffed into a rack somewhere. But it's an API call away in cloud. I'm surprised we haven't seen this before.Anna: Yeah. We probably have; I don't know if we've documented before. And sometimes it's hard to know that that's what's happening, right? I will say that both of those things are true, right? Like the shell scripts are definitely there, and to your point about how long it takes, you know, to stopwatch, these things, on the short end of our dwell time data set, it's zero seconds. It's zero seconds from, like, A to B because it's just a script.And that's not surprising. But the comment about CloudFormation specifically, right, is we're talking about people, kind of, figuring out how to create policy in the cloud to prevent bad stuff from happening because they're reading all the best practices ebooks and whatever, watching the YouTube videos. And so, you understand that you can, say, write policy to prevent users from doing certain things, but sometimes we forget that, like, if you don't want a user to be able to attach user policy to something. If you didn't write the rule that says you also can't do that in CloudFormation, then suddenly, you can't do it in command line, but you can do it in CloudFormation. So there's, kind of, things like this, where for every kind of tool that allows this beautiful, programmable, immutable infrastructure, kind of, paradigm, you now have to make sure that you have security policies that prevent those same tools from being used against you and deploying evil things because you didn't explicitly say that you can't deploy evil things with this tool and that tool and that other tool in this other way. Because there's so many ways to do things, right?Corey: That's part of the weird thing, too, is that back when I was doing the sysadmin dance, it was a matter of taking a bunch of tools that did one thing well—or, you know, aspirationally well—and then chaining them together to achieve things. Increasingly, it feels like that's what cloud providers have become, where they have all these different services with different capabilities. One of the reasons that I now have a three-part article series, each one titled, “17 Ways to Run Containers on AWS,” adding up for a grand total of 51 different AWS services you can use to run containers with, it's not just there to make fun of the duplication of efforts because they're not all like that. But rather, each container can have bad acting behaviors inside of it. And are you monitoring what's going on across that entire threatened landscape?People were caught flat-footed to discover that, “Wait, Lambda functions can run malware? Wow.” Yes, effectively, anything that can bang two bits together and return a result is capable of running a lot of these malware packages. It's something that I'm not sure a number of, shall we say, non-forward-looking security teams have really wrapped their heads around yet.Anna: Yeah, I think that's fair. And I mean, I always want to be a little sympathetic to the folks, like, in the trenches because it's really hard to know all the 51 ways to run containers in the cloud and then to be like, oh, 51 ways to run malicious containers in the cloud. How do I prevent all of them, when you have a day job?Corey: One point that it makes in the report here is that about who the attacks seem to be targeting. And this is my own level of confusion that I imagine we can probably wind up eviscerating neatly. Back when I was running, like, random servers for me for various projects I was working on—or working at small companies—there was a school of thought in some quarters that, well, security is not that important to us. We don't have any interesting secrets. Nobody actually cares.This was untrue because a lot of these things are running on autopilot. They don't have enough insight to know that you're boring and you have to defend just like everyone else does. But then you see what can only be described as dumb attacks. Like there was the attack on Twitter a few years ago where a bunch of influential accounts tweeted about some bitcoin scam. It's like, you realize with the access you had, you had so many other opportunities to make orders of magnitude more money if you want to go down that path or to start geopolitical conflict or all kinds of other stuff. I have to wonder how much these days are attacks targeted versus well, we found an endpoint that doesn't seem to be very well secured; we're going to just exploit it.Anna: Yeah. So, that's correct intuition, I think. We see tons of opportunistic attacks, like, non-stop. But it's just, like, hitting everything, honeypots, real accounts, our accounts, your accounts, like, everything. Many of them are pretty easy to prevent, honestly, because it's like just mundane stuff, whatever, so if you have decent security hygiene, it's not a big deal.So, I wouldn't say that you're safe if you're not special because none of us are safe and none of us are that special. But what we've done here is we actually deliberately wanted to see what would be attacked as a fraction, right? So, we deployed a honey net that was indicative of what a financial org would look like or what a healthcare org would look like to see who would bite, right? And what we expected to see is that we probably—we thought the finance would be higher because obviously, that's always top tier. But for example, we thought that people would go for defense more or for health care.And we didn't see that. We only saw, like, 5% I think for health—very small numbers for healthcare and defense and very high numbers for financial services and telcos, like, around 30% apiece, right? And so, it's a little curious, right, because you—I can theorize as to why this is. Like, telcos and finance, obviously, it's where the money is, like, great [unintelligible 00:14:35] for fraud and all this other stuff, right?Defense, again, maybe people don't think defense and cloud. Healthcare arguably isn't that much in cloud, right? Like a lot of health healthcare stuff is on-premise, so if you see healthcare in cloud, maybe, you, like, think it's a honeypot or you don't [laugh] think it's worth your time? You know, whatever. Attacker logic is also weird. But yeah, we were deliberately trying to see which verticals were the most attractive for these folks. So, these attacks are infected targeted because the victim looked like the kind of thing they should be looking for if they were into that.Corey: And how does it look in that context? I mean, part of me secretly suspects that an awful lot of terrible startup names where they're so frugal they don't buy vowels, is a defense mechanism. Because you wind up with something that looks like a cat falling on a keyboard as a company name, no attacker is going to know what the hell your company does, so therefore, they're not going to target you specifically. Clearly, that's not quite how it works. But what are those signals that someone gets into an environment and says, “Ah, this is clearly healthcare,” versus telco versus something else?Anna: Right. I think you would be right. If you had, like… hhhijk as your company name, you probably wouldn't see a lot of targeted attacks. But where we're saying either the company and the name looks like a provider of that kind, and-slash-or they actually contain some sort of credential or data inside the honeypot that appears to be, like, a credential for a certain kind of thing. So, it really just creatively naming things so they look delicious.Corey: For a long time, it felt like—at least from a cloud perspective because this is how it manifested—the primary purpose of exploiting a company's cloud environment was to attempt to mine cryptocurrency within it. And I'm not sure if that was ever the actual primary approach, or rather, that was just the approach that people noticed because suddenly, their AWS bill looks a lot more like a telephone number than it did yesterday, so they can as a result, see that it's happening. Are these attacks these days, effectively, just to mine Bitcoin, if you'll pardon the oversimplification, or are they focused more on doing more damage in different ways?Anna: The analyst answer: it depends. So, again, to your point about how no one's safe, I think most attacks by volume are going to be opportunistic attacks, where people just want money. So, the easiest way right now to get money is to mine coins and then sell those coins, right? Obviously, if you have the infrastructure as a bad guy to get money in other ways, like, you could do extortion through ransomware, you might pursue that. But the overhead on ransomware is, like, really high, so most people would rather not if they can get money other ways.Now, because by volume APTs, or Advanced Persistent Threats, are much smaller than all the opportunistic guys, they may seem like they're not there or we don't see them. They're also usually better at attacking people than the opportunistic guys who will just spam everybody and see what they get, right? But even folks who are not necessarily nation states, right, like, we see a lot of attacks that probably aren't nation states, but they're quite sophisticated because we see them moving through the environment and pivoting and creating things and leveraging things that are quite interesting, right? So, one example is that they might go for a vulnerable EC2 instance—right, because maybe you have Log4J or whatever you have exposed—and then once they're there, they'll look around to see what else they can get. So, they'll pivot to the Cloud Control Plane, if it's possible, or they'll try to.And then in a real scenario we actually saw in an attack, they found a Terraform state file. So, somebody was using Terraform for provisioning whatever. And it requires an access key and this access key was just sitting in an S3 bucket somewhere. And I guess the victim didn't know or didn't think it was an issue. And so, this state file was extracted by the attacker and they found some [unintelligible 00:18:04], and they logged into whatever, and they were basically able to access a bunch of information they shouldn't have been able to see, and this turned into a data [extraction 00:18:11] scenario and some of that data was intellectual property.So, maybe that wasn't useful and maybe that wasn't their target. I don't know. Maybe they sold it. It's hard to say, but we increasingly see these patterns that are indicative of very sophisticated individuals who understand cloud deeply and who are trying to do intentionally malicious things other than just like, I popped [unintelligible 00:18:30]. I'm happy.Corey: This episode is sponsored in part by our friends at Calisti.Introducing Calisti. With Integrated Observability, Calisti provides a single pane of glass for accelerated root cause analysis and remediation. It can set, track, and ensure compliance with Service Level Objectives.Calisti provides secure application connectivity and management from datacenter to cloud, making it the perfect solution for businesses adopting cloud native microservice-based architectures. If you're running Apache Kafka, Calisti offers a turnkey solution with automated operations, seamless integrated security, high-availability, disaster recovery, and observability. So you can easily standardize and simplify microservice security, observability, and traffic management. Simplify your cloud-native operations with Calisti. Learn more about Calisti at calisti.app.Corey: I keep thinking of ransomware as being a corporate IT side of problem. It's a sort of thing you'll have on your Windows computers in your office, et cetera, et cetera, despite the fact that intellectually I know better. There were a number of vendors talking about ransomware attacks and encrypting data within S3, and initially, I thought, “Okay, this sounds like exactly a story people would talk about some that isn't really happening in order to sell their services to guard against it.” And then AWS did a blog post saying, “We have seen this, and here's what we have learned.” It's, “Oh, okay. So, it is in fact real.”But it's still taking me a bit of time to adapt to the new reality. I think part of this is also because back when I was hands-on-keyboard, I was unlucky, and as a result, I was kept from taking my aura near anything expensive or long-term like a database, and instead, it's like, get the stateless web servers. I can destroy those and we'll laugh and laugh about it. It'll be fine. But it's not going to destroy the company in the same way. But yeah, there are a lot of important assets in cloud that if you don't have those assets, you will no longer have a company.Anna: It's funny you say that because I became a theoretical physicist instead of experimental physicist because when I walked into the room, all the equipment would stop functioning.Corey: Oh, I like that quite a bit. It's one of those ideas of, yeah, your aura just winds up causing problems. Like, “You are under no circumstances to be within 200 feet of the SAN. Is that clear?” Yeah, same type of approach.One thing that I particularly like that showed up in the report that has honestly been near and dear to my heart is when you talk about mitigations around compromised credentials at one point when GitHub winds up having an AWS credential, AWS has scanners and a service that will catch that and apply a quarantine policy to those IAM credentials. The problem is, is that policy goes nowhere near far enough at all. I wound up having fun thought experiment a while back, not necessarily focusing on attacking the cloud so much as it was a denial of wallet attack. With a quarantined key, how much money can I cost? And I had to give up around the $26 billion dollar mark.And okay, that project can't ever see the light of day because it'll just cause grief for people. The problem is that the mitigations around trying to list the bad things and enumerate them mean that you're forever trying to enumerate something that is innumerable in and of itself. It feels like having a hard policy of once this is compromised, it's not good for anything would be the right answer. But people argue with me on that.Anna: I don't think I would argue with you on that. I do think there are moments here—again, I have to have sympathy for the folks who are actually trying to be administrators in the cloud, and—Corey: Oh God, it's hard.Anna: [sigh]. I mean, a lot of the things we choose to do as cloud users and cloud admins are things that are very hard to check for security goodness, if you will, right, like, the security quality of the naming convention of your user accounts or something like that, right? One of the things we actually saw in this report it—and it almost made me cry, like, how visceral my reaction was to this thing—is, there were basically admin accounts in this cloud environment, and they were named according to a specific convention, right? So, if you were, like, admincorey and adminanna, like, that, if you were an admin, you've got an adminanna account, right? And then there was a bunch of rules that were written, like, policies that would prevent you from doing things to those accounts so that they couldn't be compromised.Corey: Root is my user account. What are you talking about?Anna: Yeah, totally. Yeah [laugh]. They didn't. They did the thing. They did the good accounts. They didn't just use root everybody. So, everyone had their own account, it was very neat. And all that happened is, like, one person barely screwed up the naming of their account, right? Instead of a lowercase admin, they use an uppercase Admin, and so all of the policy written for lowercase admin didn't apply to them, and so the bad guy was able to attach all kinds of policies and basically create a key for themselves to then go have a field day with this admin account that they just found laying around.Now, they did nothing wrong. It's just, like, a very small mistake, but the attacker knew what to do, right? The attacker went and enumerated all these accounts or whatever, like, they see what's in the environment, they see the different one, and they go, “Oh, these suckers created a convention, and like, this joker didn't follow it. And I've won.” Right? So, they know to check with that stuff.But our guys have so much going on that they might forget, or they might just you know, typo, like, whatever. Who cares. Is it case-sensitive? I don't know. Is it not case-sensitive? Like, some policies are, some policies aren't. Do you remember which ones are and which ones aren't? And so, it's a little hopeless and painful as, like, a cloud defender to be faced with that, but that's sort of the reality.And right now we're in kind of like, ah, preventive security is the way to save yourself in cloud mode, and these things just, like, they don't come up on, like, the benchmarks and, like the configuration checks and all this other stuff that's just going, you know, canned, did you, you know, put MFA on your user account? Like, yeah, they did, but [laugh] like, they gave it a wrong name and now it's a bad na—so it's a little bleak.Corey: There's too much data. Filtering it becomes nightmarish. I mean, I have what I think of as the Dependabot problem, where every week, I get this giant list of Dependabot freaking out about every repository I have on Gif-ub and every dependency thereof. And some of the stuff hasn't been deployed in years and I don't care. Other stuff is, okay, I can see how that markdown parser could have malicious input passed to it, but it's for an internal project that only ever has very defined things allowed to talk to it so it doesn't actually matter to me.And then at some point, it's like, you expect to read, like, three-quarters of the way down the list of a thousand things, like, “Oh, and by the way, the basement's on fire.” And then have it keep going on where it's… filtering the signal from noise is such a problem that it feels like people only discover the warning signs after they're doing forensics when something has already happened rather than when it's early enough to be able to fix things. How do you get around that problem?Anna: It's brutal. I mean, I'm going to give you, like, my [unintelligible 00:24:28] vendor answer: “It's just easy. Just do what we said.” But I think [laugh] in all honesty, you do need to have some sort of risk prioritization. I'm not going to say I know the answer to what your algorithm has to be, but our approach of, like, oh, let's just look up the CVSS score on the vulnerabilities. Oh, look, 600,000 criticals. [laugh]. You know, you have to be able to filter past that, too. Like, is this being used by the application? Like, has this thing recently been accessed? Like, does this user have permissions? Have they used those permissions?Like, these kinds of questions that we know to ask, but you really have to kind of like force the security team, if you will, or the DevOps team or whatever team you have to actually, instead of looking at the list and crying, being like, how can we pare this list down? Like anything at all, just anything at all. And do that iteratively, right? And then on the other side, I mean, it's so… defense-in-depth, like, right? I know it's—I'm not supposed to say that because it's like, not cool anymore, but it's so true in cloud, like, you have to assume that all these controls will fail and so you have to come up with some—Corey: People will fail, processes will fail, controls will fail, and great—Anna: Yeah.Corey: How do you make sure that one of those things failing isn't winner-take-all?Anna: Yeah. And so, you need some detection mechanism to see when something's failed, and then you, like, have a resilience plan because you know, if you can detect that it's failed, but you can't do anything about it, I mean, big deal, [laugh] right? So detection—Corey: Good job. That's helpful.Anna: And response [laugh]. And response. Actually, mostly response yeah.Corey: Otherwise, it's, “Hey, guess what? You're not going to believe this, but…” it goes downhill from there rapidly.Anna: Just like, how shall we write the news headline for you?Corey: I have to ask, given that you have just completed this report and are absolutely in a place now where you have a sort of bird's eye view on the industry at just the right time, over the past year, we've seen significant macro changes affect an awful lot of different areas, the hiring markets, the VC funding markets, the stock markets. How has, I guess, the threat space evolved—if at all—during that same timeframe?Anna: I'm guessing the bad guys are paying more than the good guys.Corey: Well, there is part of that and I have to imagine also, crypto miners are less popular since sanity seems to have returned to an awful lot of people's perspective on money.Anna: I don't know if they are because, like, even fractions of cents are still cents once you add up enough of them. So, I don't think [they have stopped 00:26:49] mining.Corey: It remains perfectly economical to mine Bitcoin in the cloud, as long as you use someone else's account to do it.Anna: Exactly. Someone else's money is the best kind of money.Corey: That's the VC motto and then some.Anna: [laugh]. Right? I think it's tough, right? I don't want to be cliche and say, “Look, oh automate more stuff.” I do think that if you're in the security space on the blue team and you are, like, afraid of losing your job—you probably shouldn't be afraid if you do your job at all because there's a huge lack of talent, and that pool is not growing quick enough.Corey: You might be out of work for dozens of minutes.Anna: Yeah, maybe even an hour if you spend that hour, like, not emailing people, asking for work. So yeah, I mean, blah, blah, skill up in cloud, like, automate, et cetera. I think what I said earlier is actually the more important piece, right? We have all these really talented people sitting behind these dashboards, just trying to do the right thing, and we're not giving them good data, right? We're giving them too much data and it's not good quality data.So, whatever team you're on or whatever your business is, like, you will have to try to pare down that list of impossible tasks for all of your cloud-adjacent IT teams to a list of things that are actually going to reduce risk to your business. And I know that's really hard to do because you're asking now, folks who are very technical to communicate with folks who are very non-technical, to figure out how to, like, save the business money and keep the business running, and we've never been good at this, but there's no time like the present to actually get good at it.Corey: Let's see, what is it, the best time to plant a tree was 20 years ago. The second best time is now. Same sort of approach. I think that I'm seeing less of the obnoxious whining that I saw for years about how there's a complete shortage of security professionals out there. It's, “Okay, have you considered taking promising people and training them to do cybersecurity?” “No, that will take six months to get them productive.” Then they sit there for two years with the job rec open. It's hmm. Now, I'm not a professor here, but I also sort of feel like there might be a solution that benefits everyone. At least that rhetoric seems to have tamped down.Anna: I think you're probably right. There's a lot of awesome training out there too. So there's, like, folks giving stuff away for free that's super resources, so I think we are doing a good job of training up security folks. And everybody wants to be in security because it's so cool. But yeah, I think the data problem is this decade's struggle, more so than any other decades.Corey: I really want to thank you for taking the time to speak with me. If people want to learn more, where can they go to get their own copy of the report?Anna: It's been an absolute pleasure, Corey, and thanks, as always for having us. If you would like to check out the report—which you absolutely should—you can find it ungated at www.sysdig.com/2023threatreport.Corey: You had me at ungated. Thank you so much for taking the time today. It's appreciated. Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig. This promoted guest episode has been brought to us by our friends at Sysdig and I'm Cloud Economist Corey Quinn.If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an insulting comment that no doubt will compile into a malicious binary that I can grab off of Docker Hub.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.
In Southern Arizona you might be lucky enough to see Sonoran pronghorns. In this podcast, we learn from Stephanie Fuest, the lead wildlife biologist for the recovery of the endangered Sonoran pronghorn. She walks us through the history of the species in the area, recovery efforts, and best practices should you encounter one while riding. She also explains what is different about them, compared to pronghorns found further north. Sonoran pronghorns can be found on several of our gravel bike routes in the southwest corner of Arizona that take you through the Cabeza Preita National Wildlife Refuge or the Organ Pipe Cactus National Monument. They both represent spectacular ecoscapes of Sonoran Desert beauty. Our free gravel bike route guides include Charlie Bell, Ajo Peaks Tour, Puerto Blanco Drive and Ajo Mountain Drive. We also encourage you to also visit the historic and vibrant town of Ajo and the visitor's center at the Cabeza Preita National Wildlife Refuge. Photo credit: USFWS. -------------------------------------------------------------------------------------- This podcast is produced by Dirty Freehub, a nonprofit organization that publishes hand-curated (and great!) gravel cycling route guides. Our mission is to connect gravel cyclists to where they ride through stories about culture, history, people, places, and lands with the hope that they will become involved as advocates, volunteers, or donors with organizations that protect and preserve recreation spaces. Our Podcast Channel / The Connection Our Route Guides / Dirty FreehubOur Ask / Donate
Charlie Bell is a priest in the Church of England (St John the Divine, Kennington, in the Diocese of Southwark) and has also published in the field of theology, with a book on psychology, sexuality and theology (Queer Holiness) and an upcoming book (May 2023) on the medical-theological interface (Light to those in darkness: total pain and the Body of Christ). Charlie is also a College Lecturer in Medicine and teach Biochemistry to first year undergraduates the Director of Studies for pre-clinical medicine (first year). He previously supervised biochemistry, human reproduction and physiology to medical students and biological natural scientists. Other Academic Clinical Fellow with King's College, London and South London and Maudsley NHS Foundation Trust. Digital Fellow, Maudsley Learning. Praelector of Girton College (Joint with Simone Maghenzani, January 2019). National Medical Director's Clinical Fellow at the Health and Social Care Committee, House of Commons and the National Audit Office (2019-20). Module Leader and author, Healthcare Systems and Resource Management, Global MBA, University of London. Faculty Lead, Changing Face of Medicine Commission. Visiting Senior Fellow, Lincoln International Business School.
Tracy Daszkiewicz was Wiltshire Council's director of public health when ex-Russian spy Sergei Skripal and his daughter Yulia were targeted in March 2018 with the deadly nerve agent novichok. Three months after the Salisbury poisonings, two other people fell ill at a flat several miles away in Amesbury and one of them died. Later this month, an inquiry into Dawn Sturgess' death will have another preliminary hearing. On the Sky News Daily, Niall Paterson speaks to Ms Daszkiewicz about the impact Ms Sturges' death had on her and how she felt about being depicted in a TV drama about the poisonings. TV DRAMA CREDIT: The Salisbury Poisonings, starring Anne-Marie Duff and created by Adam Patterson and Declan Lawn. Annie Joyce – senior podcast producer Alex Edden - interviews producer Jada-Kai Meosa John and Charlie Bell - junior producers Philly Beaumont and Paul Stanworth - editors
Four months of negotiations appear to have paid off – for now – as Rishi Sunak's plan for post-Brexit trade rules has been signed off by the EU. The prime minister met European Commission president Ursula von der Leyen – who also met King Charles - during her visit to the UK on Monday. The Northern Ireland Protocol - negotiated during Brexit talks to allow goods to move without checks across the border with the Republic of Ireland – has been problematic for the DUP, who boycotted power sharing in Stormont last summer because they were unhappy with the arrangement. On the Sky News Daily podcast, Niall Paterson is joined by our deputy political editor Sam Coates and Sky's senior Ireland correspondent David Blevins as we examine the deal itself and what it means for the prime minister, Northern Ireland and EU relations going forward. Annie Joyce – senior podcast producer Charlie Bell – junior producer Philly Beaumont – editor
Manchester United is known around the world but the club has faced tough times in recent years with fans deeply unhappy with its owners. But could that be about to change? Earlier this month, we found out the British billionaire entrepreneur Sir Jim Ratcliffe and Qatari Sheikh Jassim bin Hamad Al Thani had officially submitted bids for the Premier League club. On the Sky News Daily, Sally Lockwood takes a closer look at the two men vying to get their hands on Man Utd with our sports correspondent Rob Harris. Plus, we look at the power of money in football and its importance in the sport and for local communities with Keith Harris - a former chairman of the Football League, football financier and Man Utd fan. Annie Joyce – senior podcast producer Alex Edden – interviews producer Jada-Kai Meosa John and Charlie Bell – junior producers Simon Windsor – archive researcher Philly Beaumont – editor
Andrew Bunt, Emerging Generations director at Living Out and author of 'Finding Your Best Identity', is a same-sex attracted Christian who has chosen celibacy and believes marriage is male-female. Charlie Bell, a gay Anglican vicar who also works as a psychiatrist, is the author of 'Queer Holiness' and wants to see gay marriage accepted in the church. In a live show with audience Q&A they discuss sexuality, gender and identity, recent controversy in the CofE over gay blessings, and what the Bible says about marriage and LGBT. Give today and receive our e-book 'Why You Can Believe' https://www.premierunbelievable.com/donate/ For Andrew Bunt: https://ivpbooks.com/finding-your-best-identity For Living Out: https://www.livingout.org/ For Charlie Bell: https://www.dartonlongmantodd.co.uk/titles/2359-9781913657925-queer-holiness • Subscribe to the Unbelievable? podcast: https://pod.link/267142101 • More shows, free eBook & newsletter: https://premierunbelievable.com • For live events: http://www.unbelievable.live • For online learning: https://www.premierunbelievable.com/training • Support us in the USA: http://www.premierinsight.org/unbelievableshow • Support us in the rest of the world: https://www.premierunbelievable.com/donate
On The Cloud Pod the team reviews the multi-billion-dollar DOD contract formerly known as Jedi awarded to big tech companies; Microsoft buys a stake in LSE, raising questions; Werner shares his 2023 tech predictions and posts the Distributed Computing manifesto to his blog; and lastly, at Azure, Bell hits bumps while trying to make Microsoft safer. A big thanks to this week's sponsor, Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights
Zero BS in this conversation. This one is about as a real as it gets! We are honored to have Joe Alexander on the podcast today for an episode that we will never forget. His basketball story is like no other and we get to learn all about it.Joe Alexander's journey is hoops is about as unique as it gets. Unlike the kids who grew up in the United States, Joe had very little access to NBA games, trainers and all of the other luxuries that most kids with NBA dreams had. Joe simply put in the WORK every single day to follow his NBA dreams. He starred at West Virginia and went on to sky rocket up the draft board to become the 8th overall pick of the NBA draft. He played with Milwaukee, Chicago and then went on to have a successful career overseas.Joe shares great stories about growing up in China, recruiting process, Bob Huggins, NCAA tourney run, Draft night, Charlie Bell, Shaq, Richard Jefferson, wild experiences overseas, his book and MUCH more!Big thanks to Joe Alexander for taking the time to hang out with us today. Joe tells it exactly how it is and tells us NOT what you want to hear, but what you should hear. That is exactly how his book will be and we know his book is going to have a huge impact in the basketball world. We can't thank Joe enough for his time.Thanks Joe Alexander!Be sure to follow his YouTube page and give his page a follow to keep up for when his book is released!https://m.youtube.com/channel/UCsX4ObOI99aNdLexJWcWzHg?fbclid=PAAaaglfWGfGBoQsV0mjsMDqkrLrhaGhUTRmsHe2pK6P0TEsCPRDKV3kZI-m4Follow us on social media for news, updates and highlight reels!Facebook - https://www.facebook.com/notin.myhouse.79Instagram- @Not_in_my_house_podcastTwitter - @NOTINMYHOUSEpc
Dr. Charlie Bell College position(s) Fellow, Director of Studies, College Officer Subject: Medicine Specialising in: John Marks Official Fellow in Medicine and Praelector Degrees, Awards and Prizes MA (Dunelm 2021), MA (Cantab 2015), MB BChir (Cantab 2017), PhD (Cantab 2015), PGDipLATHE (Oxon), SFHEA, FRSA, AFFMLM Research Themes I undertook a PhD investigating the immunogenetic mechanisms responsible for the development of type 1 diabetes with Professor John Todd in the Cambridge Institute for Medical Research, with involvement in clinical trials and driving in vivo and in vitro laboratory studies. I was previously an Exchange Scholar at Mt Sinai Hospital, in New York City, characterizing the role of the immune system in melanoma. My clinical training is in psychiatry, and my research interests primarily relate to personality disorders and their interaction with forensic services, from a biological perspective. My research is based at the Institute of Psychiatry, Psychology and Neuroscience at King's College, London. I am currently undertaking work to determine biomarkers of psychopathy, with a view to stratifying patients and developing novel treatment approaches. Responsibilities I am a College Lecturer in Medicine and teach Biochemistry to first year undergraduates. I am the Director of Studies for pre-clinical medicine (first and second year). I previously supervised biochemistry, human reproduction and physiology to medical students and biological natural scientists. Other Academic Clinical Fellow with King's College, London and South London and Maudsley NHS Foundation Trust. Digital Fellow, Maudsley Learning. Praelector of Girton College (Joint with Simone Maghenzani, January 2019). National Medical Director's Clinical Fellow at the Health and Social Care Committee, House of Commons and the National Audit Office (2019-20). Module Leader and author, Healthcare Systems and Resource Management, Global MBA, University of London. Faculty, Changing Face of Medicine. Visiting Senior Fellow, Lincoln International Business School. Outside of medicine: I am a deacon in the Church of England and have also published in the field of theology, with a book on psychology, sexuality and theology (Queer Holiness) due out this May (2022). Research Fellow and Associate Tutor, St Augustine's College, West Malling. Assistant Curate, St John the Divine, Kennington. Board Member, Affirming Catholicism. I am also a Liveryman of the City of London. Connect with Dr. Bell Website Facebook Twitter Instagram
Can the online world move from the digital equivalent of medieval times to a new era of civilization?That was the question on Charlie Bell's mind when the veteran engineering leader decided to leave Amazon after more than 23 years and join Microsoft to lead its $15 billion cybersecurity business, taking on what he described as “one of the greatest challenges of our time.” More than a year into that quest, Bell joined us recently at the GeekWire Summit for a status report — sharing insights on the state of digital security, and the potential for progress in the years ahead. On this episode of the GeekWire Podcast, we're featuring highlights from Bell's conversation on stage with GeekWire co-founder Todd Bishop. Special Coverage: GeekWire Summit 2022. See omnystudio.com/listener for privacy information.
Disembarking people from a plane, row by row during the height of COVID, but then cramming all the passengers into a bus to the terminal…where is the common sense in that? Best selling author Martin Lindstrom laments that we are drowning in bureaucracy and that technology is contributing to the death of common sense in society. Founder and chairman of Lindstrom Company, Martin Lindstrom is also the best selling author of seven New York Times best-selling books. We talk with Martin about his most recent book, “The Ministry Of Common Sense: How to Eliminate Bureaucratic Red Tape, Bad Excuses, and Corporate BS”. Our conversation covers a lot of ground in a short time, including how John F. Kennedy was a trendsetter for the way businessmen dress today, why Martin lives without a phone, as well as how to cultivate more human-to-human connections. And since no conversation on Behavioral Grooves would be complete without a chit-chat about music, we find out what artists Martin would choose to take with him to a desert island. If you are a regular listener to Behavioral Grooves, please consider donating to our work through Patreon. We really appreciate all our listeners' support, thanks. Topics (2:55) Welcome to Martin and speed round. (8:19) Is technology contributing to the death of common sense? (9:51) Separating private life and work life. (14:45) What is the Ministry of Common Sense about? (22:58) Compliance and being different. (27:07) What musical artists would Martin take to a desert island? (30:03) Grooving Session with Kurt and Tim on common sense. © 2022 Behavioral Grooves Links Martin Lindstrom's book: “The Ministry Of Common Sense: How to Eliminate Bureaucratic Red Tape, Bad Excuses, and Corporate BS”: https://amzn.to/3z0CJ7M Martin Lindstrom: https://www.martinlindstrom.com/ Whitney Johnson, Episode 285: “The Three Phases of Growth and Learning”: https://behavioralgrooves.com/episode/three-phases-of-growth/ Charlie Bell: https://en.wikipedia.org/wiki/Charlie_Bell_(businessman) Human Risk Podcast: https://www.human-risk.com/podcast Nir Eyal, Episode 303 “From Distracted To Focused: Nir Eyal's Secrets On How To Be Indistractable”: https://behavioralgrooves.com/episode/nir-eyal-how-to-be-indistractable/ Vanessa Bohns, Episode 253 “Why You Don‘t Need to be Powerful to be Influential”: https://behavioralgrooves.com/episode/influence-vanessa-bohns/ Robert Cialdini, Episode 226 “The Power of Unity: Robert Cialdini Expands His Best Selling Book Influence”: https://behavioralgrooves.com/episode/cialdini-unity-in-influence/ Andrea Belk Olson, Episode 304 “Finding Out What Your Customers Want and Why It Matters”: https://behavioralgrooves.com/episode/what-your-customers-wants/ Behavioral Grooves Patreon page: https://www.patreon.com/behavioralgrooves Musical Links Tina Turner “Proud Mary”: https://www.youtube.com/watch?v=TTfYnRQgKgY&ab_channel=TinaTurner Phil Collins “A Groovy Kind of Love”: https://www.youtube.com/watch?v=HsC_SARyPzk&ab_channel=PhilCollins Mozart “Requiem”: https://www.youtube.com/watch?v=Zi8vJ_lMxQI Vivaldi “Four Seasons”: https://www.youtube.com/watch?v=GRxofEmo3HA
Recruitment Journeys: The Podcast Series (from Mint Recruitment)
For as long as I can remember, there's always been a bit of a morbid fascination with what I do within the Recruitment Industry, namely Rec2Rec. So why not get over 50 years of R2R experience together, on the same podcast, and lift the lid on what we do? On this episode of “Recruitment Journeys”, we have a bit of a special one… I'm simply calling this “The Rec2Rec Special”. Joining me in this chat is Grace Marlin in New York, James Vizor in London and Charlie Bell in Melbourne, and I ask why the hell they entered such a notoriously difficult recruitment sector in the first place… Why they love the R2R space… How they coped through the barren Covid months… What they think we can do better as a Rec2Rec community! And much more! Hope you enjoy “The Rec2Rec Special”…
About YoavYoav is a security veteran recognized on Microsoft Security Response Center's Most Valuable Research List (BlackHat 2019). Prior to joining Orca Security, he was a Unit 8200 researcher and team leader, a chief architect at Hyperwise Security, and a security architect at Check Point Software Technologies. Yoav enjoys hunting for Linux and Windows vulnerabilities in his spare time.Links Referenced: Orca Security: https://orca.security Twitter: https://twitter.com/yoavalon TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at Vultr. Optimized cloud compute plans have landed at Vultr to deliver lightning fast processing power, courtesy of third gen AMD EPYC processors without the IO, or hardware limitations, of a traditional multi-tenant cloud server. Starting at just 28 bucks a month, users can deploy general purpose, CPU, memory, or storage optimized cloud instances in more than 20 locations across five continents. Without looking, I know that once again, Antarctica has gotten the short end of the stick. Launch your Vultr optimized compute instance in 60 seconds or less on your choice of included operating systems, or bring your own. It's time to ditch convoluted and unpredictable giant tech company billing practices, and say goodbye to noisy neighbors and egregious egress forever. Vultr delivers the power of the cloud with none of the bloat. "Screaming in the Cloud" listeners can try Vultr for free today with a $150 in credit when they visit getvultr.com/screaming. That's G E T V U L T R.com/screaming. My thanks to them for sponsoring this ridiculous podcast.Corey: Finding skilled DevOps engineers is a pain in the neck! And if you need to deploy a secure and compliant application to AWS, forgettaboutit! But that's where DuploCloud can help. Their comprehensive no-code/low-code software platform guarantees a secure and compliant infrastructure in as little as two weeks, while automating the full DevSecOps lifestyle. Get started with DevOps-as-a-Service from DuploCloud so that your cloud configurations are done right the first time. Tell them I sent you and your first two months are free. To learn more visit: snark.cloud/duplocloud. Thats's snark.cloud/D-U-P-L-O-C-L-O-U-D. Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Periodically, I would say that I enjoy dealing with cloud platform security issues, except I really don't. It's sort of forced upon me to deal with much like a dead dog is cast into their neighbor's yard for someone else to have to worry about. Well, invariably, it seems like it's my yard.And I'm only on the periphery of these things. Someone who's much more in the trenches in the wide world of cloud security is joining me today. Yoav Alon is the CTO at Orca Security. Yoav, thank you for taking the time to join me today and suffer the slings and arrows I'll no doubt be hurling your way.Yoav: Thank you, Corey, for having me. I've been a longtime listener, and it's an honor to be here.Corey: I still am periodically surprised that anyone listens to these things. Because it's unlike a newsletter where everyone will hit reply and give me a piece of their mind. People generally don't wind up sending me letters about things that they hear on the podcast, so whenever I talk to somebody listens to it as, “Oh. Oh, right, I did turn the microphone on. Awesome.” So, it's always just a little on the surreal side.But we're not here to talk necessarily about podcasting, or the modern version of an AM radio show. Let's start at the very beginning. What is Orca Security, and why would folks potentially care about what it is you do?Yoav: So, Orca Security is a cloud security company, and our vision is very simple. Given a customer's cloud environment, we want to detect all the risks in it and implement mechanisms to prevent it from occurring. And while it sounds trivial, before Orca, it wasn't really possible. You will have to install multiple tools and aggregate them and do a lot of manual work, and it was messy. And we wanted to change that, so we had, like, three guiding principles.We call it seamless, so I want to detect all the risks in your environment without friction, which is our speak for fighting with your peers. We also want to detect everything so you don't have to install, like, a tool for each issue: A tool for vulnerabilities, a tool for misconfigurations, and for sensitive data, IAM roles, and such. And we put a very high priority on context, which means telling you what's important, what's not. So, for example, S3 bucket open to the internet is important if it has sensitive data, not if it's a, I don't know, static website.Corey: Exactly. I have a few that I'd like to get screamed at in my AWS account, like, “This is an open S3 bucket and it's terrible.” I look at it the name is assets.lastweekinaws.com. Gee, I wonder if that's something that's designed to be a static hosted website.Increasingly, I've been slapping CloudFront in front of those things just to make the broken warning light go away. I feel like it's an underhanded way of driving CloudFront adoption some days, but not may not be the most charitable interpretation thereof. Orca has been top-of-mind for a lot of folks in the security community lately because let's be clear here, dealing with security problems in cloud providers from a vendor perspective is an increasingly crowded—and clouded—space. Just because there's so much—there's investment pouring into it, everyone has a slightly different take on the problem, and it becomes somewhat challenging to stand out from the pack. You didn't really stand out from the pack so much as leaped to the front of it and more or less have become the de facto name in a very short period of time, specifically—at least from my world—when you wound up having some very interesting announcements about vulnerabilities within AWS itself. You will almost certainly do a better job of relating the story, so please, what did you folks find?Yoav: So, back in September of 2021, two of my researchers, Yanir Tsarimi and Tzah Pahima, each one of them within a relatively short span of time from each other, found a vulnerability in AWS. Tzah found a vulnerability in CloudFormation which we named BreakingFormation and Yanir found a vulnerability in AWS Glue, which we named SuperGlue. We're not the best copywriters, but anyway—Corey: No naming things is hard. Ask any Amazonian.Yoav: Yes. [laugh]. So, I'll start with BreakingFormation which caught the eyes of many. It was an XXE SSRF, which is jargon to say that we were able to read files and execute HTTP requests and read potentially sensitive data from CloudFormation servers. This one was mitigated within 26 hours by AWS, so—Corey: That was mitigated globally.Yoav: Yes, globally, which I've never seen such quick turnaround anywhere. It was an amazing security feat to see.Corey: Particularly in light of the fact that AWS does a lot of things very right when it comes to, you know, designing cloud infrastructure. Imagine that, they've had 15 years of experience and basically built the idea of cloud, in some respects, at the scale that hyperscalers operate at. And one of their core tenets has always been that there's a hard separation between regions. There are remarkably few global services, and those are treated with the utmost of care and delicacy. To the point where when something like that breaks as an issue that spans more than one region, it is headline-making news in many cases.So it's, they almost never wind up deploying things to all regions at the same time. That can be irksome when we're talking about things like I want a feature that solves a problem that I have, and I have to wait months for it to hit a region that I have resources living within, but for security, stuff like this, I am surprised that going from, “This is the problem,” to, “It has been mitigated,” took place within 26 hours. I know it sounds like a long time to folks who are not deep in the space, but that is superhero speed.Yoav: A small correction, it's 26 hours for, like, the main regions. And it took three to four days to propagate to all regions. But still, it's speed of lighting in for security space.Corey: When this came out, I was speaking to a number of journalists on background about trying to wrap their head around this, and they said that, “Oh yeah, and security is always, like, the top priority for AWS, second only to uptime and reliability.” And… and I understand the perception, but I disagree with it in the sense of the nightmare scenario—that every time I mention to a security person watching the blood drain from their face is awesome—but the idea that take IAM, which as Werner said in his keynote, processes—was it 500 million or was it 500 billion requests a second, some ludicrous number—imagine fails open where everything suddenly becomes permitted. I have to imagine in that scenario, they would physically rip the power cables out of the data centers in order to stop things from going out. And that is the right move. Fortunately, I am extremely optimistic that will remain a hypothetical because that is nightmare fuel right there.But Amazon says that security is job zero. And my cynical interpretation is that well, it wasn't, but they forgot security, decided to bolt it on to the end, like everyone else does, and they just didn't want to renumber all their slides, so instead of making it point one, they just put another slide in front of it and called the job zero. I'm sure that isn't how it worked, but for those of us who procrastinate and building slide decks for talks, it has a certain resonance to it. That was one issue. The other seemed a little bit more pernicious focusing on Glue, which is their ETL-as-a-Service… service. One of them I suppose. Tell me more about it.Yoav: So, one of the things that we found when we found the BreakingFormation when we reported the vulnerability, it led us to do a quick Google search, which led us back to the Glue service. It had references to Glue, and we started looking around it. And what we were able to do with the vulnerability is given a specific feature in Glue, which we don't disclose at the moment, we were able to effectively take control over the account which hosts the Glue service in us-east-1. And having this control allowed us to essentially be able to impersonate the Glue service. So, every role in AWS that has a trust to the Glue service, we were able to effectively assume a role into it in any account in AWS. So, this was more critical a vulnerability in its effect.Corey: I think on some level, the game of security has changed because for a lot of us who basically don't have much in the way of sensitive data living in AWS—and let's be clear, I take confidentiality extremely seriously. Our clients on the consulting side view their AWS bills themselves as extremely confidential information that Amazon stuffs into a PDF and emails every month. But still. If there's going to be a leak, we absolutely do not want it to come from us, and that is something that we take extraordinarily seriously. But compared to other jobs I've had in the past, no one will die if that information gets out.It is not the sort of thing that is going to ruin people's lives, which is very often something that can happen in some data breaches. But in my world, one of the bad cases of a breach of someone getting access to my account is they could spin up a bunch of containers on the 17 different services that AWS offers that can run containers and mine cryptocurrency with it. And the damage to me then becomes a surprise bill. Okay, great. I can live with that.Something that's a lot scarier to a lot of companies with, you know, serious problems is, yep, fine, cost us money, whatever, but our access to our data is the one thing that is going to absolutely be the thing that cannot happen. So, from that perspective alone, something like Glue being able to do that is a lot more terrifying than subverting CloudFormation and being able to spin up additional resources or potentially take resources down. Is that how you folks see it too, or is—I'm sure there's nuance I'm missing.Yoav: So yeah, the access to data is top-of-mind for everyone. It's a bit scary to think about it. I have to mention, again, the quick turnaround time for AWS, which almost immediately issued a patch. It was a very fast one and they mitigated, again, the issue completely within days. About your comment about data.Data is king these days, there is nothing like data, and it has all the properties of everything that we care about. It's expensive to store, it's expensive to move, and it's very expensive if it leaks. So, I think a lot of people were more alarmed about the Glue vulnerability than the CloudFormation vulnerability. And they're right in doing so.Corey: I do want to call out that AWS did a lot of things right in this area. Their security posture is very clearly built around defense-in-depth. The fact that they were able to disclose—after some prodding—that they checked the CloudTrail logs for the service itself, dating back to the time the service launched, and verified that there had never been an exploit of this, that is phenomenal, as opposed to the usual milquetoast statements that companies have. We have no evidence of it, which can mean that we did the same thing and we looked through all the logs in it's great, but it can also mean that, “Oh, yeah, we probably should have logs, shouldn't we? But let's take a backlog item for that.” And that's just terrifying on some level.It becomes a clear example—a shining beacon for some of us in some cases—of doing things right from that perspective. There are other sides to it, though. As a customer, it was frustrating in the extreme to—and I mean, no offense by this—to learn about this from you rather than from the provider themselves. They wound up putting up a security notification many hours after your blog post went up, which I would also just like to point out—and we spoke about it at the time and it was a pure coincidence—but there was something that was just chef's-kiss perfect about you announcing this on Andy Jassy's birthday. That was just very well done.Yoav: So, we didn't know about Andy's birthday. And it was—Corey: Well, I see only one of us has a company calendar with notable executive birthdays splattered all over it.Yoav: Yes. And it was also published around the time that AWS CISO was announced, which was also a coincidence because the date was chosen a lot of time in advance. So, we genuinely didn't know.Corey: Communicating around these things is always challenging because on the one hand, I can absolutely understand the cloud providers' position on this. We had a vulnerability disclosed to us. We did our diligence and our research because we do an awful lot of things correctly and everyone is going to have vulnerabilities, let's be serious here. I'm not sitting here shaking my fist, angry at AWS's security model. It works, and I am very much a fan of what they do.And I can definitely understand then, going through all of that there was no customer impact, they've proven it. What value is there to them telling anyone about it, I get that. Conversely, you're a security company attempting to stand out in a very crowded market, and it is very clear that announcing things like this demonstrates a familiarity with cloud that goes beyond the common. I radically changed my position on how I thought about Orca based upon these discoveries. It went from, “Orca who,” other than the fact that you folks have sponsored various publications in the past—thanks for that—but okay, a security company. Great to, “Oh, that's Orca. We should absolutely talk to them about a thing that we're seeing.” It has been transformative for what I perceive to be your public reputation in the cloud security space.So, those two things are at odds: The cloud provider doesn't want to talk about anything and the security company absolutely wants to demonstrate a conversational fluency with what is going on in the world of cloud. And that feels like it's got to be a very delicate balancing act to wind up coming up with answers that satisfy all parties.Yoav: So, I just want to underline something. We don't do what we do in order to make a marketing stand. It's a byproduct of our work, but it's not the goal. For the Orca Security Research Pod, which it's the team at Orca which does this kind of research, our mission statement is to make cloud security better for everyone. Not just Orca customers; for everyone.And you get to hear about the more shiny things like big headline vulnerabilities, but we also have very sensible blog posts explaining how to do things, how to configure things and give you more in-depth understanding into security features that the cloud providers themselves provide, which are great, and advance the state of the cloud security. I would say that having a cloud vulnerability is sort of one of those things, which makes me happy to be a cloud customer. On the one side, we had a very big vulnerability with very big impact, and the ability to access a lot of customers' data is conceptually terrifying. The flip side is that everything was mitigated by the cloud providers in warp speed compared to everything else we've seen in all other elements of security. And you get to sleep better knowing that it happened—so no platform is infallible—but still the cloud provider do work for you, and you'll get a lot of added value from that.Corey: You've made a few points when this first came out, and I want to address them. The first is, when I reached out to you with a, “Wow, great work.” You effectively instantly came back with, “Oh, it wasn't me. It was members of my team.” So, let's start there. Who was it that found these things? I'm a huge believer giving people credit for the things that they do.The joy of being in a leadership position is if the company screws up, yeah, you take responsibility for that, whether the company does something great, yeah, you want to pass praise onto the people who actually—please don't take this the wrong way—did the work. And not that leadership is not work, it absolutely is, but it's a different kind of work.Yoav: So, I am a security researcher, and I am very mindful for the effort and skill it requires to find vulnerabilities and actually do a full circle on them. And the first thing I'll mention is Tzah Pahima, which found the BreakingFormation vulnerability and the vulnerability in CloudFormation, and Yanir Tsarimi, which found the AutoWarp vulnerability, which is the Azure vulnerability that we have not mentioned, and the Glue vulnerability, dubbed SuperGlue. Both of them are phenomenal researcher, world-class, and I'm very honored to work with them every day. It's one of my joys.Corey: Couchbase Capella Database-as-a-Service is flexible, full-featured and fully managed with built in access via key-value, SQL, and full-text search. Flexible JSON documents aligned to your applications and workloads. Build faster with blazing fast in-memory performance and automated replication and scaling while reducing cost. Capella has the best price performance of any fully managed document database. Visit couchbase.com/screaminginthecloud to try Capella today for free and be up and running in three minutes with no credit card required. Couchbase Capella: make your data sing.Corey: It's very clear that you have built an extraordinary team for people who are able to focus on vulnerability research. Which, on some level, is very interesting because you are not branded as it were as a vulnerability research company. This is not something that is your core competency; it's not a thing that you wind up selling directly that I'm aware of. You are selling a security platform offering. So, on the one hand, it makes perfect sense that you would have a division internally that works on this, but it's also very noteworthy, I think, that is not the core description of what it is that you do.It is a means by which you get to the outcome you deliver for customers, not the thing that you are selling directly to them. I just find that an interesting nuance.Yoav: Yes, it is. And I would elaborate and say that research informs the product, and the product informs research. And we get to have this fun dance where we learn new things by doing research. We [unintelligible 00:18:08] the product, and we use the customers to teach us things that we didn't know. So, it's one of those happy synergies.Corey: I want to also highlight a second thing that you have mentioned and been very, I guess, on message about since news of this stuff first broke. And because it's easy to look at this and sensationalize aspects of it, where, “See? The cloud providers security model is terrible. You shouldn't use them. Back to data centers we go.” Is basically the line taken by an awful lot of folks trying to sell data center things.That is not particularly helpful for the way that the world is going. And you've said, “Yeah, you should absolutely continue to be in cloud. Do not disrupt your cloud plan as a result.” And let's be clear, none of the rest of us are going to find and mitigate these things with anything near the rigor or rapidity that the cloud providers can and do demonstrate.Yoav: I totally agree. And I would say that the AWS security folks are doing a phenomenal job. I can name a few, but they're all great. And I think that the cloud is by far a much safer alternative than on-prem. I've never seen issues in my on-prem environment which were critical and fixed in such a high velocity and such a massive scale.And you always get the incremental improvements of someone really thinking about all the ins and outs of how to do security, how to do security in the cloud, how to make it faster, more reliable, without a business interruptions. It's just phenomenal to see and phenomenal to witness how far we've come in such a relatively short time as an industry.Corey: AWS in particular, has a reputation for being very good at security. I would argue that, from my perspective, Google is almost certainly slightly better at their security approach than AWS is, but to be clear, both of them are significantly further along the path than I am going to be. So great, fantastic. You also have found something interesting over in the world of Azure, and that honestly feels like a different class of vulnerability. To my understanding, the Azure vulnerability that you recently found was you could get credential material for other customers simply by asking for it on a random high port. Which is one of those—I'm almost positive I'm misunderstanding something here. I hope. Please?Yoav: I'm not sure you're misunderstanding. So, I would just emphasize that the vulnerability again, was found by Yanir Tsarimi. And what he found was, he used a service called Azure Automation which enables you essentially to run a Python script on various events and schedules. And he opened the python script and he tried different ports. And one of the high ports he found, essentially gave him his credentials. And he said, “Oh, wait. That's a really odd port for an HTTP server. Let's try, I don't know, a few ports on either way.” And he started getting credentials from other customers. Which was very surprising to us.Corey: That is understating it by a couple orders of magnitude. Yes, like, “Huh. That seems sub-optimal,” is sort of like the corporate messaging approved thing. At the time you discover that—I'm certain it was a three-minute-long blistering string of profanity in no fewer than four languages.Yoav: I said to him that this is, like, a dishonorable bug because he worked very little to find it. So it was, from start to finish, the entire research took less than two hours, which, in my mind, is not enough for this kind of vulnerability. You have to work a lot harder to get it. So.Corey: Yeah, exactly. My perception is that when there are security issues that I have stumbled over—for example, I gave a talk at re:Invent about it in the before times, one of them was an overly broad permission in a managed IAM policy for SageMaker. Okay, great. That was something that obviously was not good, but it also was more of a privilege escalation style of approach. It wasn't, “Oh, by the way, here's the keys to everything.”That is the type of vulnerability I have come to expect, by and large, from cloud providers. We're just going to give you access credentials for other customers is one of those areas that… it bugs me on a visceral level, not because I'm necessarily exposed personally, but because it more or less shores up so many of the arguments that I have spent the last eight years having with folks are like, “Oh, you can't go to cloud. Your data should live on your own stuff. It's more secure that way.” And we were finally it feels like starting to turn a cultural corner on these things.And then something like that happens, and it—almost have those naysayers become vindicated for it. And it's… it almost feels, on some level, and I don't mean to be overly unkind on this, but it's like, you are absolutely going to be in a better security position with the cloud providers. Except to Azure. And perhaps that is unfair, but it seems like Azure's level of security rigor is nowhere near that of the other two. Is that generally how you're seeing things?Yoav: I would say that they have seen more security issues than most other cloud providers. And they also have a very strong culture of report things to us, and we're very streamlined into patching those and giving credit where credit's due. And they give out bounties, which is an incentives for more research to happen on those platforms. So, I wouldn't say this categorically, but I would say that the optics are not very good. Generally, the cloud providers are much safer than on-prem because you only hear very seldom on security issues in the cloud.You hear literally every other day on issues happening to on-prem environments all over the place. And people just say they expect it to be this way. Most of the time, it's not even a headline. Like, “Company X affected with cryptocurrency or whatever.” It happens every single day, and multiple times a day, breaches which are massively bigger. And people who don't want to be in the cloud will find every reason not to be the cloud. Let us have fun.Corey: One of the interesting parts about this is that so many breaches that are on-prem are just never discovered because no one knows what the heck's running in an environment. And the breaches that we hear about are just the ones that someone had at least enough wherewithal to find out that, “Huh. That shouldn't be the way that it is. Let's dig deeper.” And that's a bad day for everyone. I mean, no one enjoys those conversations and those moments.And let's be clear, I am surprisingly optimistic about the future of Azure Security. It's like, “All right, you have a magic wand. What would you do to fix it?” It's, “Well, I'd probably, you know, hire Charlie Bell and get out of his way,” is not a bad answer as far as how these things go. But it takes time to reform a culture, to wind up building in security as a foundational principle. It's not something you can slap on after the fact.And perhaps this is unfair. But Microsoft has 30 years of history now of getting the world accustomed to oh, yeah, just periodically, terrible vulnerabilities are going to be discovered in your desktop software. And every once a month on Tuesdays, we're going to roll out a whole bunch of patches, and here you go. Make sure you turn on security updates, yadda, yadda, yadda. That doesn't fly in the cloud. It's like, “Oh, yeah, here's this month's list of security problems on your cloud provider.” That's one of those things that, like, the record-scratch, freeze-frame moment of wait, what are we doing here, exactly?Yoav: So, I would say that they also have a very long history of making those turnarounds. Bill Gates famously did his speech where security comes first, and they have done a very, very long journey and turn around the company from doing things a lot quicker and a lot safer. It doesn't mean they're perfect; everyone will have bugs, and Azure will have more people finding bugs into it in the near future, but security is a journey, and they've not started from zero. They're doing a lot of work. I would say it's going to take time.Corey: The last topic I want to explore a little bit is—and again, please don't take this as anyway being insulting or disparaging to your company, but I am actively annoyed that you exist. By which I mean that if I go into my AWS account, and I want to configure it to be secure. Great. It's not a matter of turning on the security service, it's turning on the dozen or so security services that then round up to something like GuardDuty that then, in turn, rounds up to something like Security Hub. And you look at not only the sheer number of these services and the level of complexity inherent to them, but then the bill comes in and you do some quick math and realize that getting breached would have been less expensive than what you're spending on all of these things.And somehow—the fact that it's complex, I understand; computers are like that. The fact that there is—[audio break 00:27:03] a great messaging story that's cohesive around this, I come to accept that because it's AWS; talking is not their strong suit. Basically declining to comment is. But the thing that galls me is that they are selling these services and not inexpensively either, so it almost feels, on some level like, shouldn't this on some of the built into the offerings that you folks are giving us?And don't get me wrong, I'm glad that you exist because bringing order to a lot of that chaos is incredibly important. But I can't shake the feeling that this should be a foundational part of any cloud offering. I'm guessing you might have a slightly different opinion than mine. I don't think you show up at the office every morning, “I hate that we exist.”Yoav: No. And I'll add a bit of context and nuance. So, for every other company than cloud providers, we expect them to be very good at most things, but not exceptional at everything. I'll give the Redshift example. Redshift is a pretty good offering, but Snowflake is a much better offering for a much wider range of—Corey: And there's a reason we're about to become Snowflake customers ourselves.Yoav: So, yeah. And there are a few other examples of that. A security company, a company that is focused solely on your security will be much better suited to help you, in a lot of cases more than the platform. And we work actively with AWS, Azure, and GCP requesting new features, helping us find places where we can shed more light and be more proactive. And we help to advance the conversation and make it a lot more actionable and improve from year to year. It's one of those collaborations. I think the cloud providers can do anything, but they can't do everything. And they do a very good job at security; it doesn't mean they're perfect.Corey: As you folks are doing an excellent job of demonstrating. Again, I'm glad you folks exist; I'm very glad that you are publishing the research that you are. It's doing a lot to bring a lot I guess a lot of the undue credit that I was giving AWS for years of, “No, no, it's not that they don't have vulnerabilities like everyone else does. It just that they don't ever talk about them.” And they're operationalizing of security response is phenomenal to watch.It's one of those things where I think you've succeeded and what you said earlier that you were looking to achieve, which is elevating the state of cloud security for everyone, not just Orca customers.Yoav: Thank you.Corey: Thank you. I really appreciate your taking the time out of your day to speak with me. If people want to learn more, where's the best place they can go to do that?Yoav: So, we have our website at orca.security. And you can reach me out on Twitter. My handle is at @yoavalon, which is @-Y-O-A-V-A-L-O-N.Corey: And we will of course put links to that in the [show notes 00:29:44]. Thanks so much for your time. I appreciate it.Yoav: Thank you, Corey.Corey: Yoav Alon, Chief Technology Officer at Orca Security. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, or of course on YouTube, smash the like and subscribe buttons because that's what they do on that platform. Whereas if you've hated this podcast, please do the exact same thing, five-star review, smash the like and subscribe buttons on YouTube, but also leave an angry comment that includes a link that is both suspicious and frightening, and when we click on it, suddenly our phones will all begin mining cryptocurrency.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.
Links: Charlie Bell in the Wall Street Journal The Register's Roundup Melijoe.com's award AWS Announcement Granted TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it's nobody in particular's job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Corey: Couchbase Capella Database-as-a-Service is flexible, full-featured, and fully managed with built-in access via key-value, SQL, and full-text search. Flexible JSON documents aligned to your applications and workloads. Build faster with blazing fast in-memory performance and automated replication and scaling while reducing cost. Capella has the best price performance of any fully managed document database. Visit couchbase.com/screaminginthecloud to try Capella today for free and be up and running in three minutes with no credit card required. Couchbase Capella: Make your data sing.Corey: We begin with a yikes because suddenly the world is aflame and of course there are cybersecurity considerations to that. I'm going to have more on that to come in future weeks because my goal with this podcast is to have considered takes, not the rapid-response, alarmist, the-world-is-ending ones. There are lots of other places to find those. So, more to come on that.In happier news, your favorite Cloud Economist was quoted in the Wall Street Journal last week, talking about how staggering Microsoft's security surface really is. And credit where due, it's hard to imagine a better person for the role than Charlie Bell. He's going to either fix a number of systemic problems at Azure or else carve his resignation letter into Satya Nadella's door with an axe. I really have a hard time envisioning a third outcome.A relatively light week aside from that. The Register has a decent roundup of how various companies are responding to Russia's invasion of a sovereign country. Honestly, the solidarity among those companies is kind of breathtaking. I didn't have that on my bingo card for the year.Corey: You know the drill: You're just barely falling asleep and you're jolted awake by an emergency page. That's right, it's your night on call, and this is the bad kind of Call of Duty. The good news is, is that you've got New Relic, so you can quickly run down the incident checklist and find the problem. You have an errors inbox that tells you that Lambdas are good, RUM is good, but something's up in APM. So, you click the error and find the deployment marker where it all began. Dig deeper, there's another set of errors. What is it? Of course, it's Kubernetes, starting after an update. You ask that team to roll back and bam, problem solved. That's the value of combining 16 different monitoring products into a single platform: You can pinpoint issues down to the line of code quickly. That's why the Dev and Ops teams at DoorDash, GitHub, Epic Games, and more than 14,000 other companies use New Relic. The next late-night call is just waiting to happen, so get New Relic before it starts. And you can get access to the whole New Relic platform at 100 gigabytes of data free, forever, with no credit card. Visit newrelic.com/morningbrief that's newrelic.com/morningbrief.Corey: If you expose 200GB of data it's bad. If that data belongs to customers, it's worse. If a lot of those customers are themselves children, it's awful. But if you ignore reports about the issue, leave the bucket open, and only secure it after your government investigates you for ignoring it under the GDPR, you are this week's S3 Bucket Negligence Awardwinner and should probably be fired immediately.AWS had a single announcement of note last week. “Fine-tune and optimize AWS WAF Bot Control mitigation capability”, and it's super important because, with WAF and Bot Control, the failure mode in one direction of a service like this is that bots overwhelm your site. The failure mode in the other direction is that you start blocking legitimate traffic. And the worst failure mode is that both of these happen at the same time.And a new tool I'm kicking the tires on, Granted. It's apparently another way of logging into a bunch of different AWS accounts, so it's time for me to kick the tires on that because I consistently have problems with that exact thing. And that's what happened last week in AWS security which, let's be clear, is not the most important area of the world to be focusing on right now. Thanks for listening; I'll talk to you next week.Corey: Thank you for listening to the AWS Morning Brief: Security Edition with the latest in AWS security that actually matters. Please follow AWS Morning Brief on Apple Podcast, Spotify, Overcast—or wherever the hell it is you find the dulcet tones of my voice—and be sure to sign up for the Last Week in AWS newsletter at lastweekinaws.com.Announcer: This has been a HumblePod production. Stay humble.
This week on the GeekWire Podcast: a new Microsoft leader finally gets to work, Amazon makes a surprising change in its remote work policy, and the promise of space for the tech industry. Our guest commentator is Charlie Kindel, who worked for many years as a Microsoft general manager in areas including its server and mobile businesses, before jumping into the world of startups and then ending up at Amazon, where he led mobile payments and built the Alexa Smart Home organization. After working as chief product and technology officer at home automation company SnapOne, previously known as Control4, he's now an independent advisor and consultant to companies including space and satellite startups. Stories covered on this week's show: ‘The most profound experience': Blue Origin sends Star Trek's William Shatner to the final frontier Microsoft and Amazon reach truce allowing former AWS executive Charlie Bell to start in new role Amazon will leave remote work decisions to individual team leaders in new policy twist With GeekWire's Todd Bishop and John Cook. Theme music by Daniel L.K. Caldwell. See geekwire.com/podcast for more episodes and links to subscribe. See omnystudio.com/listener for privacy information.
This week we discuss the real-world use of containers, recap the Google Cloud Next announcements and make some Apple predications. Plus, how often do you wash jeans…? Rundown Containers in the Real World 10 trends in real world container use (https://www.datadoghq.com/container-report/) What Workloads Do Businesses Run on Kubernetes? (https://thenewstack.io/what-workloads-do-businesses-run-on-kubernetes/) Google Cloud Next `21 What's New at Google Cloud Next ‘21 (https://cloud.google.com/blog/topics/google-cloud-next/whats-new-at-next) Introducing Google Distributed Cloud—in your data center, at the edge, and in the cloud (https://cloud.google.com/blog/topics/hybrid-cloud/announcing-google-distributed-cloud-edge-and-hosted) Introducing Anthos for VMs and tools to simplify the developer experience (https://cloud.google.com/blog/topics/hybrid-cloud/introducing-anthos-for-vms-and-other-app-modernization-tools) Build a more secure future with Google Cloud (https://cloud.google.com/blog/products/identity-security/next21-how-google-cloud-secures-the-world) Google Cloud will show users their gross carbon emissions (https://www.engadget.com/google-cloud-platform-carbon-footprint-emissions-environment-163339146.html) GKE AutoPilot not new but mentioned (https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview#security) Google Cloud launches a managed Spark service (https://techcrunch.com/2021/10/12/google-cloud-launches-a-managed-spark-service/) Weave & Chick-fil-A: Managing Fleets of Kubernetes Clusters... (https://youtu.be/ta9jJc-RVvE) Relevant to your interests Eating the Cloud from Outside In (https://www.swyx.io/cloudflare-go/) The Confidential Computing Consortium Year in Review, 2021 - Confidential Computing Consortium (https://confidentialcomputing.io/2021/10/06/the-confidential-computing-consortium-year-in-review-2021/) Experts Discuss Top Kubernetes Trends and Production Challenges (https://www.infoq.com/articles/kubernetes-trends-and-challenges/) Microsoft and Amazon reach truce allowing former AWS executive Charlie Bell to start in new role (https://www.geekwire.com/2021/microsoft-amazon-reach-truce-allowing-former-aws-executive-charlie-bell-start-new-role/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) Series A Funding Announcement | cloudtamer.io (https://www.cloudtamer.io/announcing-our-series-a/) Reddit hires former Google Cloud exec as its first chief product officer (https://techcrunch.com/2021/10/11/reddit-hires-former-google-cloud-exec-as-its-first-chief-product-officer/) The next big thing in podcasts is talking back (https://www.theverge.com/2021/10/12/22722468/spotify-amazon-facebook-audio-podcast-polls-interact) 1Password's new feature lets you safely share passwords using just a link (https://techcrunch.com/2021/10/12/1passwords-new-feature-lets-you-safely-share-passwords-using-just-a-link/) Coinbase is launching its own NFT platform to take on OpenSea – TechCrunch (https://techcrunch.com/2021/10/12/coinbase-is-launching-its-own-nft-platform-to-take-on-opensea/) The Air Force's First Software Chief Stepped Down—But He Won't Be Quiet (https://www.nextgov.com/cio-briefing/2021/10/air-forces-first-software-chief-stepped-down-he-wont-be-quiet/186047/) Nonsense Tesla is moving its headquarters to Austin, Texas (https://www.theverge.com/22715458/tesla-move-headquarters-to-austin-texas) VC firm associate has built a crypto marketplace designed for fantasy startup investing (https://twitter.com/KateClarkTweets/status/1445830869151748101The> Confidential Computing Consortium Year in Review, 2021 - Confidential Computing Consortium) Musk vs. Bezos in a Tweet (https://twitter.com/elonmusk/status/1447426189660880898?s=20) Pon agrees to buy Dorel Sports for $810 million (https://www.bicycleretailer.com/industry-news/2021/10/11/pon-agrees-buy-dorel-sports-810-million#.YWWYtC-B0dk) The first USB-C iPhone is here thanks to a mod (https://www.theverge.com/2021/10/12/22722123/first-iphone-usb-c-port-robotics-engineering-student-custom) Sponsors strongDM — Manage and audit remote access to infrastructure. Start your free 14-day trial today at strongdm.com/SDT (http://strongdm.com/SDT) CBT Nuggets — Training available for IT Pros anytime, anywhere. Start your 7-day Free Trial today at cbtnuggets.com/sdt (https://cbtnuggets.com/sdt) Conferences GitOpsDays Community Special: GitOps One-Stop Shop Event October 20 (https://www.gitopsdays.com/) TriggerMesh Open Source Software Webinar (https://www.triggermesh.com/oss-intro) - October 28, 2021 MongoDB.local London 2021 (https://events.mongodb.com/dotlocallondon) - November 9, 2021 THAT Conference comes to Texas January 17-20, 2022 (https://that.us/activities/call-for-counselors/tx/2022) Listener Feedback Ed wants you to be Product Manager at VMware based in Spain (https://vmware.wd1.myworkdayjobs.com/VMware/job/ESP-Seville-Av-de-Republica-Argentina/Product-Manager-for-RabbitMQ_R2111712) Brian wants you to be a Senior Product Manager - Pipelines in Bangalore (https://global-redhat.icims.com/jobs/89894/senior-product-manager---technical/job?mobile=false&width=1140&height=500&bga=true&needsRedirect=false&jan1offset=-300&jun1offset=-240) or Senior Product Manager - GitOps in Remote, UK (https://global-redhat.icims.com/jobs/89893/senior-product-manager---gitops/job) Brian recommends this jump box (https://www.amazon.com/gp/product/B082ZZ2W14/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1) TriggerMesh is hiring! (https://twitter.com/sebgoa/status/1437722696536797185) SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), LinkedIn (https://www.linkedin.com/company/software-defined-talk/) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=823) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté's book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: Universel Dual Monitor Arm with Pistons (https://www.bestar.com/product/dual-monitor-arm-ak-ma01d-17/) Coté: A Carnival of Snackery (https://www.audible.com/pd/A-Carnival-of-Snackery-Audiobook/1549108212), new David Sederis diaries, audio of course. Tasty Meats Paul's Whole Hair Thing (https://twitter.com/bridgetkromhout/status/1448351873614827521). Also (https://twitter.com/cote/status/1448556155266084866). Photo Credits Header Image (https://unsplash.com/photos/3oejsU5OQVk) Show Artwork (https://cdn.thenewstack.io/media/2021/09/dbdf6555-image4.png) Show Artwork (https://imgix.datadoghq.com/img/container-report/2021-container-orchestration-report-FACT-10_part-1v3.png?ch=Width,DPR,Save-Data&fit=max&fm=png&auto=format)
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: The amazing Yahoo! News story on the former CIA director's awesome brainwaves Hostage diplomacy pays off for Huawei CFO NSA releases great guidance on VPN security Microsoft has actually hired a cybersecurity executive Much, much more This week's show is brought to you by Material Security. Material's co-founder Ryan Noon will be along in this week's sponsor interview to talk about smarter ways to do email retention and destruction. They have a product that interfaces with your mail provider's API – whether you're on Google Workspace or O365 – to do things like archive and redact email, and they're finding their customers are using these features to actually implement retention email strategies. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks The Yahoo Story about All the Things CIA Wasn't Allowed to Do Against WikiLeaks - emptywheel Controversial Maricopa "Audit" Concludes that Biden Won by More Votes Than Previously Reported - by Kim Zetter - Zero Day China played dirty to get Huawei's 'princess' back — too dirty even to tell its own people - ABC News Newly-formed international alliances vow to improve cybersecurity, in moves China sees as affront EU formally blames Russia for GhostWriter influence operation - The Record by Recorded Future Suspected Chinese state-linked threat actors infiltrated major Afghan telecom provider - The Record by Recorded Future US deports highly-prized hacker back to Russia - The Record by Recorded Future He Escaped the Dark Web's Biggest Bust. Now He's Back | WIRED NSA, CISA publish guide for securing VPN servers - The Record by Recorded Future The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous Biden administration officials push Congress to shape breach reporting mandates Ransomware Isn't Back. It Never Left | WIRED CISA, FBI, NSA warn of increased attacks involving Conti ransomware Major European call center provider goes down in ransomware attack - The Record by Recorded Future Exposed ransomware negotiations shed light on cybercrime, but complicate things for victims State-sponsored hacking group targets Port of Houston using Zoho zero-day - The Record by Recorded Future Russian missile fuel maker targeted with recent Office zero-day - The Record by Recorded Future Former AWS veteran Charlie Bell to head cybersecurity ops at Microsoft | Reuters Microsoft Exchange Autodiscover bug leaks hundreds of thousands of domain credentials - The Record by Recorded Future New Azure Active Directory password brute-forcing flaw has no fix | Ars Technica Microsoft adds novel feature to Exchange servers to allow it to deploy emergency temporary fixes - The Record by Recorded Future Apple ‘Still Investigating' Unpatched and Public iPhone Vulnerabilities Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program / Habr Apple patches iOS and macOS zero-day exploited in the wild - The Record by Recorded Future New iCloud Private Relay service leaks users' true IP addresses, researcher claims | The Daily Swig Lithuanian government warns about secret censorship features in Xiaomi phones - The Record by Recorded Future VMware vCenter deployments under attack as enterprises urged to update systems | The Daily Swig Developers fix multitude of vulnerabilities in Apache HTTP Server | The Daily Swig Google finds adware strain abusing novel file signature evasion technique - The Record by Recorded Future Device ‘breakage' concerns persist days before Let's Encrypt root cert expiry | The Daily Swig Meet TruffleHog – a browser extension for finding secret keys in JavaScript code | The Daily Swig #RomHack2021 - Dirk-jan Mollema - Breaking Azure AD joined endpoints in zero-trust environments - YouTube
On The Cloud Pod this week, AWS releases OpenSearch and EKS Anywhere, Google Cloud is now available in the Toronto region, and Microsoft deals with two critical security issues. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located. This week's highlights
This week we recap some of the Apple News and discuss the latest productivity research from Microsoft. Plus, an update on Coté's struggle to adopt Apple Notes… Rundown Apple wins and loses in court, patches a vulnerability and release new products Apple's App Store Dealt Blow by Judge in Epic Antitrust Case (https://www.bloomberg.com/news/articles/2021-09-10/apple-s-app-store-dealt-blow-by-judge-in-epic-antitrust-case?sref=HQB7G2wY&cmpid%3D=socialflow-twitter-tech&utm_source=twitter&utm_campaign=socialflow-organic&utm_content=business&utm_medium=social&cmpid=socialflow-twitter-business) Apple must allow other forms of in-app purchases, rules judge in Epic v. Apple (https://www.theverge.com/2021/9/10/22662320/epic-apple-ruling-injunction-judge-court-app-store) Major win for Epic Games: Apple has 90 days to open up app store payments (https://arstechnica.com/gadgets/2021/09/injunction-apple-must-open-up-app-store-payments-in-90-days/) FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild (https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/) Apple Issues Emergency Security Updates to Close a Spyware Flaw (https://www.nytimes.com/2021/09/13/technology/apple-software-update-spyware-nso-group.html) The 8 biggest announcements from Apple's iPhone 13 event (https://www.theverge.com/22663657/apple-iphone-13-pro-ipad-mini-watch-event-biggest-announcements) iPadOS 15 (https://www.apple.com/ipados/ipados-15/features/). Study of Microsoft employees shows how remote work puts productivity and innovation at risk (https://www.geekwire.com/2021/study-microsoft-employees-shows-remote-work-puts-productivity-innovation-risk/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) Relevant to your interests Framework Laptop pre-orders are now open (https://frame.work/) Facebook debuts Ray-Ban Stories, smart glasses that record video (https://www.theverge.com/2021/9/9/22662809/facebook-ray-ban-stories-camera-smart-glasses-hands-on) EXCLUSIVE Wide-ranging SolarWinds probe sparks fear in Corporate America (https://www.reuters.com/technology/exclusive-wide-ranging-solarwinds-probe-sparks-fear-corporate-america-2021-09-10/) Epic is shutting down Houseparty (https://www.theverge.com/2021/9/9/22663531/epic-games-shutting-down-houseparty-october) Cross-Account Container Takeover in Azure Container Instances (https://unit42.paloaltonetworks.com/azure-container-instances/) Microsoft gives up predicting when its US offices will fully reopen (https://www.theverge.com/2021/9/9/22664284/microsoft-office-reopening-plans-us) Hackers leak passwords for 500,000 Fortinet VPN accounts (https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/) How a New User Can Run Just One Container in the AWS Cloud…Maybe (https://markn.ca/2021/how-a-new-user-can-run-just-one-container-in-the-aws-cloud-maybe/) Programming languages: Python is on the verge of another big step forward | ZDNet (https://www.zdnet.com/article/programming-languages-python-is-on-the-verge-of-another-big-step-forward/) Oracle falls short on revenue as it ramps up cloud investment (https://www.cnbc.com/2021/09/13/oracle-orcl-earnings-q1-2022.html) Investigation: How Roblox Is Exploiting Young Game Developers (https://www.youtube.com/watch?v=_gXlauRB1EQ) Open Scheduling Infrastructure (https://cal.com/,), Calendly was last valued at $3b valuation The next Big Tech battle: Amazon's bet on healthcare begins to take shape (https://www.ft.com/content/fa7ff4c3-4694-4409-9ca6-bfadf3a53a62) Thoughtworks Rises With Others in Flurry of High-Performing IPOs (https://www.bloomberg.com/news/articles/2021-09-15/thoughtworks-rises-in-trading-debut-after-ipo-exceeds-target) strongDM Raises $54M Series B (https://www.strongdm.com/press-release/strongdm-raises-54m-series-b-led-by-tiger-global-to-transform-secure-infrastructure-access-management) **** Chat App Discord Is Worth $15 Billion After New Funding (https://www.bloomberg.com/news/articles/2021-09-15/chat-app-discord-is-worth-15-billion-after-new-funding?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) Microsoft in standoff with Amazon over big hire, names Charlie Bell to lead ‘bold' new security group (https://www.geekwire.com/2021/microsoft-standoff-amazon-big-hire-names-charlie-bell-lead-bold-new-security-group/) Google Cloud CEO Thomas Kurian reorganizes engineering unit in hopes of gaining market share more quickly (https://www.cnbc.com/2021/09/15/google-cloud-ceo-thomas-kurian-reorganizes-engineering-eyal-manor-out.html) Open source backend-as-a-service startup Supabase raises $30M (https://techcrunch.com/2021/09/09/supabase-raises-30m-for-its-open-source-insta-backend/) Canva raises $200 million at a $40 billion valuation (https://techcrunch.com/2021/09/14/canva-raises-200-million-at-a-40-billion-valuation/) Intuit to buy Mailchimp for $12 billion (https://www.axios.com/intuit-buy-mailchimp-12-billion-85feba65-e142-4756-8fa6-b8af63988902.html) Nonsense They will even sing 'Happy Birthday.' Robots are picking up unwanted jobs at a Latin restaurant in Texas (https://www.cnn.com/2021/09/07/business/dallas-restaurant-employs-robots-trnd/index.html) How long are you in meetings? (https://twitter.com/ericabrescia/status/1437091131867602944) Don't Sleep On The Lawn, There's An AI-Powered, Flamethrower-Wielding Robot About (https://hackaday.com/2021/09/11/dont-sleep-on-the-lawn-theres-an-ai-powered-flamethrower-wielding-robot-about/) Unicode 14.0 adds 37 new emoji, including 'melting face' and 'beans' | Engadget (https://www.engadget.com/unicode-14-final-emoji-list-183855308.html) Sponsors strongDM — Manage and audit remote access to infrastructure. Start your free 14-day trial today at strongdm.com/SDT (http://strongdm.com/SDT) CBT Nuggets — Training available for IT Pros anytime, anywhere. Start your 7-day Free Trial today at cbtnuggets.com/sdt (https://cbtnuggets.com/sdt) Conferences DevOps World by CloudBees September 28-30 (https://www.devopsworld.com) DevOps Loop | October 4, 2021 (https://devopsloop.io/?utm_campaign=Global_P6_TS_Q322_Event_DevOpsLoop_at_VMworld&utm_source=twitter&utm_medium=social) - see Coté's promo video (https://twitter.com/cote/status/1425460843014131716). KubeCon October 11-15 Virtual and In Person (https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/) THAT Conference comes to Texas January 17-20, 2022 (https://that.us/activities/call-for-counselors/tx/2022) Listener Feedback Matt wants you to work at Github. Hiring, both senior (https://boards.greenhouse.io/github/jobs/2830098) and non-senior (https://boards.greenhouse.io/github/jobs/2797203) roles. SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), LinkedIn (https://www.linkedin.com/company/software-defined-talk/) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté's book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! TriggerMesh is hiring! (https://twitter.com/sebgoa/status/1437722696536797185) Recommendations Brandon: Reverse Sear a Steak (https://jesspryles.com/how-to-cook-a-steak-with-reverse-sear-method/) Matt: Halo Master Chief Collection (https://store.steampowered.com/app/976730/Halo_The_Master_Chief_Collection/) Coté: AirServer (https://www.airserver.com/). Photo Credit (https://unsplash.com/photos/G2lgiBBzeEM) Photo Credit (https://unsplash.com/photos/tQQ4BwN_UFs)
On The Cloud Pod this week, the results of the AWS Summit prediction draft are in. It was probably worth getting up early for — especially if you're Jonathan. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located. This week's highlights
(4:57) - The U.S. Supreme Court has blocked the Biden Administration's attempt to impose a new eviction moratorium a few weeks after the previous moratorium expired.(14:10) - Following Delta's unique punishment for unvaccinated employees, more companies are weighing different ways to impose penalties on said employees.(27:11) - Charlie Bell recently left Amazon Web Services and is now a corporate vice president at Microsoft, adding a new layer to the rivalry between the tech giants.(32:27) - Paul LaMonica of CNNBuisiness joined the show to discuss how Dick's Sporting Goods has thrived despite both the pandemic and the fact that brick and mortar sports retailers are not nearly as prevalent as they used to be.
On The Cloud Pod this week, it's been an interesting few days in the cloud, so the team members have made themselves comfortable with plenty of adult beverages to keep them going. Also, Elastic has forked everyone with its latest Elasticsearch move. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located. This week's highlights
AWS Morning Brief for the week of August 16, 2021 with Corey Quinn.
This week we discuss Elasticsearch vs. OpenSearch, Reorgs and Remote Pay. Plus, some thoughts on IKEA and QBRs. Rundown This Week in Programming: The ElasticSearch Saga Continues (https://thenewstack.io/this-week-in-programming-the-elasticsearch-saga-continues/) Elastic amends Elasticsearch Python client so it won't work with forks then blocks comments (https://www.theregister.com/2021/08/09/elasticsearch_python_client_change/) Twitter Thread on Elasticsearch (https://twitter.com/xeraa/status/1423071203753869313) Google staff could see pay cut if they opt to work from home (https://www.theguardian.com/technology/2021/aug/12/google-staff-could-see-pay-cut-if-they-opt-to-work-from-home) Steven Sinosky: Hardcore Software (https://hardcoresoftware.learningbyshipping.com/) Relevant to your interests 700,000 lines of code, 20 years, and one developer: How Dwarf Fortress is built (https://stackoverflow.blog/2021/07/28/700000-lines-of-code-20-years-and-one-developer-how-dwarf-fortress-is-built/) Amazon delays employee office return until 2022 amid COVID-19 surge (https://www.engadget.com/amazon-delays-hq-office-return-until-2022-amid-covid-19-surge-055819058.html) Red Hat tells U.S. workers they must be vaccinated to come to office (https://www.bizjournals.com/triangle/news/2021/08/06/red-hat-announces-vaccine-mandate-for-u-s-workers.html) Tesla rewrote its own software to survive the chip shortage (https://www.theverge.com/2021/7/26/22595060/tesla-chip-shortage-software-rewriting-ev-processor) All your DNS were belong to us: AWS and Google Cloud shut down spying vulnerability (https://www.theregister.com/2021/08/06/aws_google_dns/) The Register just found 300-odd Itanium CPUs on eBay (https://www.theregister.com/2021/07/30/end_of_itanium_shipments/) Hard Drive Reliability: A Look at HDD and SDD Failure Rates (https://www.backblaze.com/blog/backblaze-drive-stats-for-q2-2021/) Microsoft announces new 'Super Duper Secure Mode' for Edge (https://therecord.media/microsoft-announces-new-super-duper-secure-mode-for-edge/) Salesforce enters the streaming wars with new video service for professionals (https://www.axios.com/salesforce-streaming-service-professionals-30a58e49-77fc-469d-9ff7-99f866678a98.html) Amazon cloud executive Charlie Bell is leaving after 23 years as shakeup continues at AWS (https://www.cnbc.com/2021/08/09/amazon-cloud-exec-charlie-bell-leaving-after-23-years-amid-aws-shakeup.html) VCs are betting big on Kubernetes: Here are 5 reasons why – TechCrunch (https://techcrunch.com/2021/08/10/vcs-are-betting-big-on-kubernetes-here-are-5-reasons-why/) Accenture gets hacked (https://twitter.com/vxunderground/status/1425420813281505289?s=20) Why can we not have an explicit statement about 1Password being a subscription-only service (https://1password.community/discussion/comment/601917/#Comment_601917) The “Cloud MQ” for 2021 is Out! (https://blogs.gartner.com/bob-gill/2021/08/11/the-cloud-mq-for-2021-is-out/) Reddit Numbers (https://twitter.com/DeItaone/status/1425774330911277057) GitHub Codespaces (https://github.com/features/codespaces) HashiCorp State of Cloud Strategy Survey (https://www.hashicorp.com/state-of-the-cloud?utm_source=social) Now Microsoft is protesting after Amazon won a $10 billion NSA cloud contract (https://www.theverge.com/2021/8/10/22618764/nsa-10-billion-microsoft-aws-cloud-services-protest) a16z Infra #6: The Cost of Cloud vs. Repatriation (https://a16z-live.simplecast.com/episodes/a16z-infra-6-the-cost-of-cloud-vs-repatriation-IU1rwMMk) TriggerMesh Previews Integration Language Based on HCL (https://containerjournal.com/features/triggermesh-previews-integration-language-based-on-hcl/) Why CAPTCHA Pictures Are So Unbearably Depressing (https://clivethompson.medium.com/why-captcha-pictures-are-so-unbearably-depressing-20679b8cf84a) Announcing AI21 Studio and Jurassic-1 Language Models (https://www.ai21.com/blog/announcing-ai21-studio-and-jurassic-1) Nonsense Cabin fever in "Fortress Australia" due to slow vaccination rate (https://www.axios.com/australia-coronavirus-border-ban-lockdowns-1e58fb57-2666-47b4-bcba-1b305a5b66ab.html) AMC theaters will start accepting Bitcoin this year (https://www.engadget.com/amc-theaters-bitcoin-tickets-143803440.html) Sponsors strongDM — Manage and audit remote access to infrastructure. Start your free 14-day trial today at strongdm.com/SDT (http://strongdm.com/SDT) CBT Nuggets — Training available for IT Pros anytime, anywhere. Start your 7-day Free Trial today at cbtnuggets.com/sdt (https://cbtnuggets.com/sdt) Clubhouse.io — Project management built specifically for software teams. Sign up at www.clubhouse.io/sdt (https://clubhouse.io/sdt) Listener Feedback Jordy wants you to work at as a Senior Software Engineer at Weaveworks (https://weaveworks.breezy.hr/p/76a86071360001-senior-software-engineer) Conferences SpringOne (https://springone.io), Sep 1-2 DevOps Loop | October 4, 2021 (https://devopsloop.io/?utm_campaign=Global_P6_TS_Q322_Event_DevOpsLoop_at_VMworld&utm_source=twitter&utm_medium=social) - see Coté's promo video (https://twitter.com/cote/status/1425460843014131716). THAT Conference comes to Texas January 17-20, 2022 (https://that.us/activities/call-for-counselors/tx/2022) DevOps World by CloudBees September 28-30 (https://www.devopsworld.com) (Virtual Event) SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), LinkedIn (https://www.linkedin.com/company/software-defined-talk/) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Use the code SDT to get $20 off Coté's book, (https://leanpub.com/digitalwtf/c/sdt) Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: The Suicide Squad (https://www.rottentomatoes.com/m/the_suicide_squad) Matt: Uniqlo Fluffy Yarn Fleece Full-Zip Jacket (https://www.uniqlo.com/au/en/products/E419505-000?colorCode=COL09) Coté: PÅHL (https://www.ikea.com/us/en/p/pahl-desk-white-s49128945/) desk (https://www.ikea.com/us/en/p/pahl-desk-white-s49128945/). Photo Credit (https://unsplash.com/photos/z3Mg-MMM4mM) Photo Credit (https://unsplash.com/photos/K5DY18hy5JQ)
Freya Williams interviews some of the team behind the upcoming Trans and Gender-Diverse Project - Co-Directors Jia Ying Lim and Imogen Marchant, Assistant Producer Jamie Crosby, and actors Tommy Haemaelainen, Charlie Bell, and Magali O'Brien. They discuss the inspirations and process behind this lockdown audio play and film project, which is produced by Purple Radio X Sightline Productions X Durham LGBT+ Association. They share their opinions on trans issues, including media representation and university experience. There is a short teaser of the audio play at the end, tickets to the full show will be available on the Durham Student Theatre website end June.
About BradAuthor and Senior Executive Editor, Bloomberg TechnologyBrad Stone is the author of four books, including Amazon Unbound: Jeff Bezos and the Invention of a Global Empire,published by Simon & Schuster in May 2021. It traces the transformation of Amazon into one of the largest and most feared companies of the world and the accompanying emergence of Jeff Bezos as the richest man alive. Brad is also the author of The Everything Store: Jeff Bezos and the Age of Amazon, which chronicled the foundational early years of the company and its founder. The book, a New York Times and Wall Street Journal bestseller, was translated into more than 35 languages and won the 2013 Financial Times/Goldman Sachs Business Book of the Year Award. In 2017, he also published The Upstarts: Uber, Airbnb, and the Battle for the New Silicon Valley.Brad is Senior Executive Editor for Global Technology at Bloomberg Newswhere he oversees a team of 65 reporters and editors that covers high-tech companies, startups, cyber security and internet trends around the world. Over the last ten years, as a writer for Bloomberg Businessweek, he’s authored over two dozen cover stories on companies such as Apple, Google, Amazon, Softbank, Twitter, Facebook and the Chinese internet juggernauts Didi, Tencent and Baidu. He’s a regular contributor to Bloomberg’s technology newsletter Fully Charged, and to the daily Bloomberg TV news program, Bloomberg Technology. He was previously a San Francisco-based correspondent for The New York Times and Newsweek. A graduate of Columbia University, he is originallyfrom Cleveland, Ohio and lives in the San Francisco Bay Area with his wifeand three daughtersLinks: The Everything Store: https://www.amazon.com/Everything-Store-Jeff-Bezos-Amazon/dp/0316219282/ Amazon Unbound: https://www.amazon.com/Amazon-Unbound-Invention-Global-Empire/dp/1982132612/ Andy Jassy book review: https://www.amazon.com/gp/customer-reviews/R1Q4CQQV1ALSN0/ref=cm_cr_getr_d_rvw_ttl?ie=UTF8&ASIN=B00FJFJOLC TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It’s an awesome approach. I’ve used something similar for years. Check them out. But wait, there’s more. They also have an enterprise option that you should be very much aware of canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It’s awesome. If you don’t do something like this, you’re likely to find out that you’ve gotten breached, the hard way. Take a look at this. It’s one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That’s canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I’m a big fan of this. More from them in the coming weeks.Corey: This episode is sponsored in part by VMware. Because let’s face it, the past year hasn’t been kind to our AWS bills, or honestly any cloud bills. The pandemic had a bunch of impacts: it forced us to move workloads to the cloud sooner than we would have otherwise, we saw strange patterns such as user traffic drops off but infrastructure spend doesn’t. What do you do about it? Well, the CloudLIVE 2021 virtual conference is your chance to connect with people wrestling with the same type of thing, be they practitioners, vendors in the space, leaders of thought—ahem, ahem—and get some behind the scenes look into various ways different companies are handling this. Hosted by CloudHealth by VMware on May 20, the CloudLIVE 2021 conference will be 100% virtual and 100% free to attend, so you really have no excuses for missing out on this opportunity to deal with people who care about cloud bills. Visit cloudlive.com/coreyto learn more and save your virtual seat today. That’s cloud L-I-V-E slash Corey. C-O-R-E-Y. Drop the E, we’re all in trouble. My thanks to VMware for sponsoring this ridiculous episode.Corey: Welcome to Screaming in the Cloud. I’m Corey Quinn. Sometimes people tell me that I should write a book about Amazon. And that sounds awful. But to be sure, today, my guest is Brad Stone, someone who has written not one, but two books about Amazon, one of which coming out on May 11th, or as most of you will know while listening to this, today. Brad, thanks for joining me.Brad: Corey, thanks for having me.Corey: So, what on earth would inspire you to not just write a book about one of what is in many ways an incredibly secretive company, but then to go back and do it again?Brad: Yeah. I’m a glutton for punishment. And Corey, my hair right now is completely white way before it should be, and I think that Amazon might be responsible for some of that. So, as you contemplate your own project, consider that this company—will you already know: it can age you. They are sometimes resistant to scrutiny.So, to answer your question, I set out to write The Everything Store back in 2011, and this was a much smaller company. It was a cute little tiny internet company of about $100 billion in market value. And poor, impoverished Jeff Bezos maybe had, I’d be guessing maybe $50 billion.So anyway, it was a much different time. And that was a great experience. The company was kind of flowering as the book came out. And to my surprise, it was embraced not by Bezos or the management team, who maybe we’ll talk about didn’t love it, but by Amazon employees, and customers, and competitors, and prospective employees. And I was really proud of it that this had become a kind of definitive account of the early years of the company.And then a funny thing happened. The little cute little internet company became a juggernaut, a $1.5 trillion market cap. Bezos is the wealthiest guy in the world now with a $200 billion fortune, and Alexa, and the rise of AWS, and the Go store, and incursions into India and Mexico and other countries, I mean, so much had changed, and my definitive history felt a little out of date. And so back in 2017—also a different world, Bezos is a happily married man; he’s the CEO of Amazon, Amazon’s headquarters are in Seattle only—I set out to research and write Amazon Unbound. And as I was writing the story, yeah, just, like, the ground kept shifting under my feet.Corey: Not a lot changes in the big sphere. I mean, one of the things that Bezos said is, “Oh, what’s going to be different in 10 years? I think the better question is, ‘what’s going to not be different in 10 years?’” but watching the company shift, watching it grow, just from the outside has been a real wild ride, I’ve got to say. And I restrict myself primarily to the AWS parts because well, there’s too much to cover if you go far beyond that, and two, it’s a very different place with very different challenges around it.I viewed The Everything Store when it came out and I read that, almost like it was a biography of Jeff Bezos himself. And in some respects, Amazon Unbound feels like it hews in that direction as well, but it also goes beyond that. How do you approach separating out the story of Amazon from the story of Jeff Bezos?Brad: Yeah, you’re putting your finger on almost the core challenge, and the adjoining challenge, which is how do you create a narrative, a linear story? Often readers want a chronological story out of a miasma of overlapping events, and initiatives, and challenges. Amazon’s really decentralized; everything is happening at once. Bezos is close to some things, he was very close to Alexa. He is really distant from other things.Andy Jassy for years had a lot of independence to run AWS. So, how do you tell that story, and then keep Bezos in the center? I mean, Andy Jassy and Jeff Wilke and everyone, I mean, those are great business people. Not necessarily dynamic personalities as, Corey, you know well, but people want to read about Jeff Bezos. He is a larger-than-life figure.He’s a pioneer. He’s an innovator. He’s controversial. And so the challenge all along is to, kind of, keep him in the center. And so that’s just, like, a writing challenge. It’s a narrative challenge.And the lucky thing is that Amazon does tend to orbit around Jeff Bezos’s brain. And so in all the storytelling, even the AWS bits of the book, which we can talk about, as an author, you can always bring Bezos back just by following the facts. You’ll eventually get, in the evolution of any story, to an S Team meeting, or to an acquisition discussion where Jeff had an impact, said something insightful, walked out of a meeting, raise the bar, had impossibly high standards. So, the last thing I’ll say is, because Amazon’s so decentralized, when you write these books you have to talk to a lot of people. And then you get all the pieces of the puzzle, and you start to assemble them, and the challenge as a writer is to, kind of, keep Bezos, your main character in the lens at all times, never let him drift too far out.Corey: One of the things that I learned from it was just the way that Bezos apparently talks to his senior executives, as far as, “I will invest in this project, more than you might think I would.” I guess I’ve never really heard of a budget meeting talking about, “I”—in the first person—“Will invest.” Like, that is what happens, but for some reason the business books never put it quite that starkly or frame it quite that way. But in hindsight, it made a lot of things of my own understanding of Amazon fall into place. That makes sense.Brad: He’s got a lot of levers, ways in which he’ll back a new initiative or express his support. And one of them is simply how he spends his time. So, with Alexa in the early years, he would meet once or twice a week with that team. But another lever is just the amount of investment. And oftentimes teams will come to him—the India team is a great example—they’ll come to the S Team with a budget, and they’ll list out their priorities and their goals for the coming year, and he’ll say, “You know, you’re thinking about this all wrong. Don’t constrain yourself. Tell us what the goals are, tell us what the opportunity is, then we’ll figure out how much it costs.”And his mindset is like you can kind of break up opportunity into two categories: one are the land grabs, the big immediate opportunities where he will go all out, and India was a great example of that, I think the failed fire phone was another example, Prime Video, he doesn’t cap the investment, he wants to win. And then there are the more greenfield opportunities that he thinks he can go slower on and groceries for a long time was in that category. And there the budgets might be more constrained. The other example is the much older businesses, just like the retail business. That’s 20 years old—I have a chapter about that—and the advertising business, and he recognized that the retail business wasn’t profitable and it was depending on advertising as a crutch, and he blew it up because he thinks that those older divisions shouldn’t require investment; they should be able to stand on their own.Corey: One quote you had as well, that just really resonated with me, as far as basically my entire ethos of how I make fun of Amazon is—and I’m going to read the excerpt here. My apologies. You have to listen to your own words being read back toward you—Brad: [laugh].Corey: These were typically Amazonian names: geeky, obscure, and endlessly debated inside AWS since—according to an early AWS exec—Bezos had once mused, “You know, the name is about 3% of what matters, but sometimes 3% is the difference between winning and losing.” And I just want to call that out because I don’t think I’ve ever seen an AWS exec ever admit that names might be even 3% worth of important. Looking at how terrible some of their service names are, I would say that 3% might be an aspirational target for their worldview.Brad: [laugh]. Let me throw this back at you, Corey. Have you ever figured out why certain AWS services are Amazon and why others are AWS?Corey: I did. I got to sit down—in the before times—with then the VP of Global Marketing, Ariel Kelman—who’s now Oracle’s Chief Marketing Officer—and Jeff Barr. And the direction that they took that in was that if you could use an AWS service without getting into the AWS weeds of a bunch of other services, then it was called Amazon whatever. Amazon S3, for example, as a primitive service doesn’t need a bunch of other AWS services hooked into it, so that gets the Amazon moniker. Whereas if you’re dealing with a service that requires the integration of a whole bunch of AWS in the weeds stuff—Brad: Mmm, right.Corey: —then it’s AWS. For example, AWS Systems Manager is useless without a whole bunch of other Amazon services. And they say they don’t get it perfectly right all the time, but that is the direction that it’s gone in. And for better or worse, I still have to look a lot of them up myself because I don’t care nearly as much as their branding people do.Brad: Right. Well, I’ll tell you in the chapter about AWS, that quote comes up when the team is contemplating the names of the databases. And they do go into long debates, and I remember talking to Charlie Bell about the search for Redshift, and they go back and forth on it, and the funny thing about that one was, of course, Oracle interpreted it as a competitive slight. Its corporate color, I guess, being red, which he intended it more as a physics term. But yeah, when they were launching Aurora and Redshift, they contemplated those names quite a bit. And I don’t know if it’s 3%. I don’t know if it does matter, but certainly, those services have become really important to a lot of businesses.Corey: Oh, yeah. And once you name something, it’s really hard to rename it. And AWS does view for—better or worse—APIs as a promise, so when you build something and presented a certain way, they’re never going to turn it off. Our grandkids are going to have to deal with some of these decisions once they get into computers. That’s a problem.And I understand the ethos behind it, but again, it’s easy to make fun of names; it’s an accessible thing because let’s be very real here, a lot of what AWS does is incredibly inaccessible to people who don’t live in this space. But naming is something that everyone can get behind making fun of.Brad: Absolutely. Yep. And [laugh] it’s perhaps why they spend a lot of time on it because they know that this is going to be the shingle that they hang out to the world. I don’t know that they’re anticipating your ridicule, but it’s obviously key to the marketing process for them.Corey: Some of the more aware ones do. But that’s a different topic for a different time. One question I have for you that I wrestle with myself is I’ve been spending the last four years or so basically studying AWS all the time. And there’s a lot of things they get right; there’s a lot of things that they get wrong. But for better or worse, it’s very difficult not to come away from an in-depth study with an appreciation for an awful lot of the things that they do. At least for me.I’m not saying that I fall in love with the company and will excuse them their wrongs; I absolutely do not do that. But it is hard, bordering on impossible for me, to not come away with a deep respect for a lot of the things that they do and clearly believe. How do you feel about that? Looking at Amazon, do you come away with this with, “Ooh. Remind me to never to become a Prime member and get rid of everything with an Amazon logo in my house,” versus the you’re about to wind up wondering if they can hire you for some esoteric role? Where do you fall on that spectrum?Brad: I think I’m probably with you. I come away with an admiration. And look, I mean, let me say upfront, I am a Prime member. I have a Alexas in my home, probably more than my wife and kids are comfortable with. We watch Prime Video, we have Prime Video.We order from Amazon all the time, we ordered from Whole Foods. I’m an Amazon customer, and so part of my appreciation comes from, like all other customers, the fact that Amazon uniquely restores time to our lives rather than extracts it. I wouldn’t say that about the social networks, right? You know, those can be time-wasters. Amazon’s a great efficiency machine.But in terms of my journalism, you know, now two books and this big in-depth study in Amazon Unbound, and you have to admire what they have built. I mean, a historic American institution that has not only changed our economic reality, in ways good and bad but over the last year and a half, in the pandemic was among the few institutions that functioned properly and served as a kind of lifeline. And there is a critique in Amazon Unbound and we can talk about it, but it’s hard to come away—I think you said it well—it’s hard to come away after studying this company and studying the top executives, and how Jeff Bezos, thinks and how he has conceived products without real admiration for what they have built over the last 25 years.Corey: Well, let’s get into your critique of Amazon. What do you think is, from what you’ve seen with all of the years of research you put into this company, what’s the worst thing about them?Brad: Well, that’s a good way to put it, Corey. [laugh]. Let me—Corey: [laugh]. It’s like, talk about a target-rich opportunity. Like, “Oh, wow. It’s like my children. I can’t stand any of them. How in the world could I pick just one?” But give it a shot.Brad: Right. Well, let me start this way, which is I often will listen to their critiques from Amazon critics—and I’m sure you might feel this way as well—and just think, like, “Do they get it?” They’ll argue that Amazon exercised its size and might to buy the companies that led to Alexa. As I write in the Alexa chapter, that’s not true at all. They bought a couple of small companies, and those executives were all horrified at what Amazon was trying to do, and then they made it work.Or the critics will say, “Fifty percent or more of internet users start their product searches on Amazon. Amazon has lock-in.” That’s not true either. Lock-in on the internet is only as strong as a browser window that remains open. And you could always go find a competitor or search on a search engine.So, I find at least some of the public criticism to be a little specious. And often, these are people that complained about Walmart for ten years. And now Amazon’s the big, bad boogeyman.Corey: Oh, I still know people who refuse to do business with Walmart but buy a bunch of stuff from Amazon, and I’m looking at these things going, any complaints you have about Walmart are very difficult to avoid mapping to Amazon.Brad: Here’s maybe the distillation of the critique that’s an Amazon Unbound. We make fun of Facebook for, “Move fast and break things.” And they broke things, including, potentially, our democracy. When you look at the creation of the Amazon Marketplace, Jeff wanted a leader who can answer the question, “How would you bring a million sellers into the Amazon Marketplace?” And what that tells you is he wanted to create a system, a self-service system, where you could funnel sellers the world over into the system and sell immediately.And that happened, and a lot of those sellers, there was no friction, and many of them came from the Wild West of Chinese eCommerce. And you had—inevitably because there were no guardrails—you had fraud and counterfeit, and all sorts of lawsuits and damage. Amazon moved fast and broke things. And then subsequently tried to clean it up. And if you look at the emergence of the Amazon supply chain and the logistics division, the vans that now crawl our streets, or the semi-trailers on our highways, or the planes.Amazon moved fast there, too. And the first innings of that game were all about hiring contractors, not employees, getting them on the road with a minimum of guidance. And people died. There were accidents. You know, there weren’t just drivers flinging packages into our front yards, or going to the bathroom on somebody’s porch.That happened, but there were also accidents and costs. And so I think some of the critique is that Amazon, despite its profession that it focuses only on customers, is also very competitor-aware and competitor-driven, and they move fast, often to kind of get ahead of competitors, and they build the systems and they’re often self-service systems, and they avoid employment where it’s possible, and the result have been costs to society, the cost of moving quickly. And then on the back-end when there are lawsuits, Amazon attempts to either evade responsibility or settle cases, and then hide those from the public. And I think that is at the heart of what I show in a couple of ways in Amazon Unbound. And it’s not just Amazon; it’s very typical right now of corporate America and particularly tech companies.And part of it is the state of the laws and regulations that allow the companies to get away with it, and really restrict the rights of plaintiffs, of people who are wronged from extracting significant penalties from these companies and really changing their behavior.Corey: Which makes perfect sense. I have the luxury of not having to think about that by having a mental division and hopefully one day a real division between AWS and Amazon’s retail arm. For me at least, the thing I always had an issue with was their treatment of staff in many respects. It is well known that in the FAANG constellation of tech companies, Facebook, Amazon, Apple, Netflix, and Google, apparently, it’s an acronym and it’s cutesy. People in tech think they’re funny.But the problem is that Amazon’s compensation is significantly below that. One thing I loved in your book was that you do a breakdown of how those base salaries work, how most of it is stock-based and with a back-loaded vesting and the rest, and looking through the somewhat lengthy excerpt—but I will not read your own words to you this time—it more or less completely confirms what I said in my exposé of this, which means if we’re wrong, we’re both wrong. And we’ve—and people have been very convincing and very unified across the board. We’re clearly not wrong. It’s nice to at least get external confirmation of some of the things that I stumble over.Brad: But I think this is all part of the same thing. What I described as the move fast and break things mentality, often in a race with competition, and your issues about the quality, the tenor of work, and the compensation schemes, I think maybe and this might have been a more elegant answer to your question, we can wrap it all up under the mantle of empathy. And I think it probably starts with the founder and soon-to-be-former CEO. And look, I mean, an epic business figure, a builder, an inventor, but when you lay out the hierarchy of qualities, and attributes, and strengths, maybe empathy with the plight of others wasn’t near the top. And when it comes to the treatment of the workforce, and the white-collar employees, and the compensation schemes, and how they’re very specifically designed to make people uncomfortable, to keep them running fast, to churn them out if they don’t cut it, and the same thing in the workforce, and then the big-scale systems and marketplace and logistics—look, maybe empathy is a drag, and not having it can be a business accelerant, and I think that’s what we’re talking about, right?That some of these systems seem a little inhumane, and maybe to their credit, when Amazon recognizes that—or when Jeff has recognized it00, he’s course-corrected a little bit. But I think it’s all part of that same bundle. And maybe perversely, it’s one of the reasons why Amazon has succeeded so much.Corey: I think that it’s hard to argue against the idea of culture flowing from the top. And every anecdote I’ve ever heard about Jeff Bezos, never having met the man myself, is always filtered through someone else; in many cases, you. But there are a lot of anecdotes from folks inside Amazon, folks outside Amazon, et cetera, and I think that no one could make a serious argument that he is not fearsomely intelligent, penetratingly insightful, and profoundly gifted in a whole bunch of different ways. People like to say, “Well, he started Amazon with several $100,000 and loan from his parents, so he’s not really in any ways a self-made anything.” Well, no one is self-made. Let’s be very clear on that.But getting a few $100,000 to invest in a business, especially these days, is not that high of a stumbling block for an awful lot of folks similarly situated. He has had outsized success based upon where he started and where he wound up ending now. But not a single story that I’ve ever heard about him makes me think, yeah, that’s the kind of guy I want to be friends with. That’s the kind of guy I want to invite to a backyard barbecue and hang out with, and trade stories about our respective kids, and just basically have a social conversation with. Even a business conversation doesn’t feel like it would be particularly warm or compelling.It would be educational, don’t get me wrong, but he doesn’t strike me as someone who really understands empathy in any meaningful sense. I’m sure he has those aspects to him. I’m sure he has a warm, wonderful relationship with his kids, presumably because they still speak to him, but none of that ever leaks through into his public or corporate persona.Brad: Mmm, partially agree, partially disagree. I mean, certainly maybe the warmth you’re right on, but this is someone who’s incredibly charismatic, who is incredibly smart, who thinks really deeply about the future, and has intense personal opinions about current events. And getting a beer with him—which I have not done—with sound fantastic. Kicking back at the fireplace at his ranch in Texas, [laugh] to me, I’m sure it’s tremendously entertaining to talk to him. But when it comes to folks like us, Corey, I have a feeling it’s not going to happen, whether you want to or not.He’s also incredibly guarded around the jackals of the media, so perhaps it doesn’t make a difference one way or another. But, yeah, you’re right. I mean, he’s all business at work. And it is interesting that the turnover in the executive ranks, even among the veterans right now, is pretty high. And I don’t know, I mean, I think Amazon goes through people in a way, maybe a little less on the AWS side. You would know that better than me. But—Corey: Yes and no. There’s been some turnover there that you can also pretty easily write down to internal political drama—for lack of a better term—palace intrigue. For lack of a better term. When, for example, Adam Selipsky is going to be the new CEO of AWS as Andy Jesse ascends to be the CEO of all Amazon—the everything CEO as it were. And that has absolutely got to have rubbed some people in unpleasant ways.Let’s be realistic here about what this shows: he quit AWS to go be the CEO of Tableau, and now he’s coming back to run AWS. Clearly, the way to get ahead there is to quit. And that might not be the message they’re intending to send, but that’s something that people can look at and take away, that leaving a company doesn’t mean you can’t boomerang and go back there at a higher level in the future.Brad: Right.Corey: And that might be what people are waking up to because it used to be a culture of once you’re out, you’re out. Clearly not the case anymore. They were passed over for a promotion they wanted, “Well, okay, I’m going to go talk to another company. Oh, my God, they’re paying people in yachts.” And it becomes, at some level, time for something new.I don’t begrudge people who decide to stay; I don’t begrudge people who decide to leave, but one of my big thrusts for a long time has been understand the trade-offs of either one of those decisions and what the other side looks like so you go into it with your eyes open. And I feel like, on some level, a lot of folks there didn’t necessarily feel that they could have their eyes open in the way that they can now.Brad: Mm-hm. Interesting. Yeah. Selipsky coming back, I never thought about that, sends a strong message. And Amazon wants builders, and operators, and entrepreneurial thinking at the top and in the S Team. And the fact that Andy had a experienced leadership team at AWS and then went outside it for the CEO could be interpreted as pretty demotivating for that team. Now, they’ve all worked with Adam before, and I’ve met him and he seems like a great guy so maybe there are no hard feelings, but—Corey: I never have. He left a few months before I started this place. So, it—I get the sense that he knew I was coming and said, “Well, better get out of here. This isn’t going to go well at all.”Brad: [laugh]. I actually went to interview him for this book, and I sat in his office at Tableau thinking, “Okay, here’s a former AWS guy,” and I got to tell you, he was really on script and didn’t say anything bad, and I thought, “Okay, well, that wasn’t the best use of my time.” He was great to meet, and it was an interesting conversation, but the goss he did not deliver. And so when I saw that he got this job, I thought, well, he’s smart. He smartly didn’t burn any bridges, at least with me.Corey: This episode is sponsored in part by our friends at ChaosSearch., you could run Elasticsearch or Elastic Cloud—or OpenSearch as they’re calling it now—or a self-hosted ELK stack. But why? ChaosSearch gives you the same API you’ve come to know and tolerate, along with unlimited data retention and no data movement. Just throw your data into S3 and proceed from there as you would expect. This is great for IT operations folks, for app performance monitoring, cybersecurity. If you’re using Elasticsearch, consider not running Elasticsearch. They’re also available now in the AWS marketplace if you’d prefer not to go direct and have half of whatever you pay them count towards your EDB commitment. Discover what companies like HubSpot, Klarna, Equifax, Armor Security, and Blackboard already have. To learn more, visit chaossearch.io and tell them I sent you just so you can see them facepalm, yet again.Corey: No. And it’s pretty clear that you don’t get to rise to those levels without being incredibly disciplined with respect to message. I don’t pity Andy Jesse’s new job wherein a key portion of the job description is going to be testifying before Congress. Without going into details, I’ve been in situations where I’ve gotten to ask him questions before in a real-time Q&A environment, and my real question hidden behind the question was, “How long can I knock him off of his prepared talking points?” Because I—Brad: Good luck. [laugh].Corey: Yeah. I got the answer: about two and a half seconds, which honestly was a little bit longer than I thought I would get. But yeah, incredibly disciplined and incredibly insightful, penetrating answers, but they always go right back to talking points. And that’s what you have to do at that level. I’ve heard stories—it may have been from your book—that Andy and Adam were both still friendly after Adam’s departure, they would still hang out socially and clearly, relationships are still being maintained, if oh, by the way, you’re going to be my successor. It’s kind of neat. I’m curious to see how this plays out once that transition goes into effect.Brad: Yeah, it’ll be interesting. And then also, Andy’s grand homecoming to the other parts of the business. He started in the retail organization. He was Jeff’s shadow. He ran the marketing department at very early Amazon.He’s been in all those meetings over the years, but he’s also been very focused on AWS. So, I would imagine there’s a learning curve as he gets back into the details of the other 75% of Amazon.Corey: It turns out that part of the business has likely changed in the last 15 years, just a smidgen when every person you knew over there is now 10,000 people. There was an anecdote in your book that early on in those days, Andy Jesse was almost let go as part of a layoff or a restructuring, and Jeff Bezos personally saved his job. How solid is that?Brad: Oh, that is solid. An S Team member told me that, who was Andy’s boss at the time. And the story was, in the late 90s—I hope I remember this right—there was a purge of the marketing department. Jeff always thought that marketing—in the early days marketing was purely satisfying customers, so why do we need all these people? And there was a purge of the marketing department back when Amazon was trying to right-size the ship and get profitable and survive the dotcom bust.And Jeff intervened in the layoffs and said, “Not Andy. He’s one of the most—yeah, highest ceiling folks we have.” And he made him his first full-time shadow. Oh, and that comes right from an S Team member. I won’t say the name because I can’t remember if that was on or off the record.But yeah, it was super interesting. You know what? I’ve always wondered how good of a identifier of talent and character is Bezos. And he has some weaknesses there. I mean, obviously, in his personal life, he certainly didn’t identify Lauren Sánchez’s brother as the threat that he became.You know, I tell the story in the book of the horrific story of the CEO of Amazon Mexico, who Jeff interviewed, and they hired and then later ended up what appears to be hiring an assassin to kill his wife. I tell the story in the book. It’s a horrible story. So, not to lay that at the feet of Jeff Bezos, of course, but he often I think, moves quickly. And I actually have a quote from a friend of his in the book saying, “It’s better to not be kind of paranoid, and the”—sort of—I can’t remember what the quote is.It’s to trust people rather than be paranoid about everyone. And if you trust someone wrongly, then you of course-correct. With Andy, though, he somehow had an intuitive sense that this guy was very high potential, and that’s pretty impressive.Corey: You’re never going to bet a thousand. There’s always going to be people that slip through the cracks. But learning who these people are and getting different angles on them is always interesting. Every once in a while—and maybe I’m completely wrong on this, but never having spent time one on one with Andy Jassy, I have to rely on other folks and different anecdotes, most of them, I can’t disclose the source of, but every time that I wind up hearing about these stories, and maybe I’m projecting here, but there are aspects of him where it seems like there is a genuinely nice person in there who is worried, on some level, that people are going to find out that he’s a nice person.Brad: [laugh]. I think he is. He’s extraordinarily nice. He seems like a regular guy, and what’s sort of impressive is that obviously he’s extraordinarily wealthy now, and unlike, let’s say Bezos, who’s obviously much more wealthy, but who, who really has leaned into that lifestyle, my sense is Andy does not. He’s still—I don’t know if he’s on the corporate jet yet, but at least until recently he wasn’t, and he presents humbly. I don’t know if he’s still getting as close from wherever, [unintelligible 00:32:50] or Nordstroms.Corey: He might be, but it is clear that he’s having them tailored because fit is something—I spent a lot of time in better years focusing on sartorial attention, and wherever he’s sourcing them from aside, they fit well.Brad: Okay, well, they didn’t always. Right?Corey: No. He’s, he’s… there’s been a lot of changes over the past decade. He is either discovered a hidden wellspring of being one of the best naturally talented speakers on the planet, or he’s gone through some coaching to improve in those areas. Not that he was bad at the start, but now he’s compelling.Brad: Okay. Well, now we’re talking about his clothes and his speaking style. But—Corey: Let’s be very honest here. If he were a woman, we would have been talking about that as the beginning topic of this. It’s on some level—Brad: Or we wouldn’t have because we’d know it’s improper these days.Corey: We would like to hope. But I am absolutely willing to turn it back around.Brad: [laugh]. Anyway.Corey: So, I’m curious, going back a little bit to criticisms here, Amazon has been criticized roundly by regulators and Congress and the rest—folks on both sides of the aisle—for a variety of things. What do you see is being the fair criticisms versus the unfair criticisms?Brad: Well, I mean, I think we covered some of the unfair ones. But there’s one criticism that Amazon uses AWS to subsidize other parts of the business. I don’t know how you feel about that, but until recently at least, my reading of the balance sheet was that the enormous profits of AWS were primarily going to buy more AWS. They were investing in capital assets and building more data centers.Corey: Via a series of capital leases because cash flow is king in how they drive those things there. Oh, yeah.Brad: Right. Yeah. You know, and I illustrate in the book how when it did become apparent that retail was leaning on advertising, Jeff didn’t accept that. He wanted retail to stand on its own, and it led to some layoffs and fiercer negotiations with brands, higher fees for sellers. Advertising is the free cash flow that goes in Prime movies, and TV shows, and Alexa, and stuff we probably don’t know about.So, this idea that Amazon is sort of improperly funneling money between the divisions to undercut competitors on price, I think we could put that in the unfair bucket. In the fair bucket, those are the things that we can all look at and just go, “Okay, that feels a little wrong.” So, for an example, the private brand strategy. Now, of course, every supermarket and drugstore is going to line their shelves with store brands. But when you go to an Amazon search results page these days, and they are pockmarked with Amazon brands, and Whole Foods brands, and then sponsored listings, the pay-to-play highest bidder wins.And then we now know that, at least for a couple of years, Amazon managers, private label managers were kind of peeking at the third-party data to figure out what was selling and what they should introduce is a private Amazon brand. It just feels a little creepy that Amazon as the everything store is so different than your normal Costco or your drugstore. The shelves are endless; Amazon has the data, access to the data, and the way that they’re parlaying their valuable real estate and the data at their disposal to figure out what to launch, it just feels a little wrong. And it’s a small part of their business, but I think it’s one where they’re vulnerable. The other thing is, in the book, I tried to figure out how can I take the gauge of third-party sellers?There’s so many disgruntled voices, but do they really speak for everyone? And so instead of going to the enemies, I went to every third-party seller that had been mentioned in Jeff Bezos’s shareholder letters over the past decade. And these were the allies. These were the success stories that Bezos was touting in his sacrosanct investor letter, and almost to a one, they had all become disgruntled. And so the way in which the rules of the marketplace change, the way that the fees go up, and the difficulty that sellers often have in getting a person or a guiding hand at Amazon to help them with those changes, that kind of feels wrong.And I think that maybe that’s not a source of regulation, but it could be a source of disruptive competition. If somebody can figure out how to create a marketplace that caters to sellers a little better with lower fees, then they could do to Amazon with Amazon years ago did to eBay. And considering that Marketplace is now a preponderance of sales more than even retail on amazon.com, that can end up hurting the company.Corey: Yeah, at some point, you need to continue growing things, and you’ve run out of genuinely helpful ways, and in turn in start to have to modify customer behavior in order to continue doing things, or expand into brand new markets. We saw the AWS bleeding over into Alexa as an example of that. And I think there’s a lot of interesting things still to come in spaces like that. It’s interesting watching how the Alexa ecosystem has evolved. There’s still some very basic usability bugs that drive me nuts, but at the same token, it’s not something that I think we’re going to see radically changing the world the next five years. It feels like a hobby, but also a lucrative one, and keeps people continuing to feed into the Amazon ecosystem. Do you see that playing out differently?Brad: Wait, with Alexa?Brad: Absolutely.Brad: Yeah. I agree with you. I mean, it feels like there was more promise in the early years, and that maybe they’ve hit a little bit of a wall in terms of the AI and the natural language understanding. It feels like the ecosystem that they tried to build, the app store-like ecosystem of third-party skills makers, that hasn’t crystallized in the way we hoped—in the way they hoped. And then some of these new devices like the glasses or the wristband that have Alexa feel, just, strange, right?Like, I’m not putting Alexa on my face. And those haven’t done as well. And so yeah, I think they pioneered a category: Alexa plays music and answers basic queries really well, and yet it hasn’t quite been conversational in the way that I think Jeff Bezos had hoped in the early days. I don’t know if it’s a profitable business now. I mean, they make a lot of money on the hardware, but the team is huge.I think it was, like, 10,000 people the last I checked. And the R&D costs are quite large. And they’re continuing to try to improve the AI, so I think Jeff Bezos talks about the seeds, and then the main businesses, and I don’t think Alexa has graduated yet. I think there’s still a little bit of a question mark.Corey: It’s one of those things that we remain to see. One last thing that I wanted to highlight and thank you for, was that when you wrote the original book, The Everything Store, Andy Jassy wrote a one-star review. It went into some depth about all the things that, from his perspective, you got wrong, were unfair about, et cetera.And that can be played off as a lot of different things, but you can almost set that aside for a minute and look at it as the really only time in recent memory that Andy Jassy has sat down and written something, clearly himself, and then posted it publicly. He writes a lot—Amazon has a writing culture—but they don’t sign their six-pagers. It’s very difficult to figure out where one person starts and one person stops. This shows that he is a gifted writer in many respects, and I don’t think we have another writing sample from him to compare it to.Brad: So, Corey, you’re saying I should be honored by his one-star review of The Everything Store?Corey: Oh, absolutely.Brad: [laugh].Corey: He, he just ignores me. You actually got a response.Brad: I got a response. Well.Corey: And we’ll put a link to that review in the [show notes 00:40:10] because of course we will.Brad: Yes, thank you. Do you—remember, other Amazon executives also left one-star reviews. And Jeff’s wife, and now ex-wife Mackenzie left a one-star review. And it was a part of a, I think a little bit of a reflexive reaction and campaign that Jeff himself orchestrated at my—this was understanding now, in retrospect. After the book came out, he didn’t like it.He didn’t like aspects of his family life that were represented in the book, and he asked members of the S Team to leave bad reviews. And not all of them did, and Andy did. So, you wonder why he’s CEO now. No, I’m kidding about that. But you know what?It ended up, kind of perversely, even though that was uncomfortable in the moment, ended up being good for the first book. And I’ve seen Andy subsequently, and no hard feelings. I don’t quite remember what his review said. Didn’t it, strangely, like, quote a movie or something like that?Corey: I recall that it did. It went in a bunch of different directions, and at the end—it ended with, “Well, maybe someday he’ll write the actual story. And I’m not trying to bait anyone into doing it, but this book isn’t it.” Well, in the absence of factual corrections, that’s what we go with. That is also a very Amazonian thing. They don’t tell their own story, but they’re super quick to correct the record—Brad: Yeah.Corey: —after someone says a thing.Brad: But I don’t recall him making many specific claims of anything I got wrong. But why don’t we hope that there’s a sequel review for Amazon Unbound? I will look forward to that from Andy.Corey: I absolutely hope so. It’s one of those things that we just really, I guess, hope goes in a positive direction. Now, I will say I don’t try to do any reviews that are all positive. And that’s true. There’s one thing that you wrote that I vehemently disagree with.Brad: Okay, let’s hear it.Corey: Former Distinguished Engineer and VP at AWS, Tim Bray, who resigned on conscientious objector grounds, more or less, has been a guest on the show, and I have to say, you did him dirty. You described him—Brad: How did I—what did I do? Mm-hm.Corey: Oh, I quote, “Bray, a fedora-wearing software developer”—which is true, but still is evocative in an unpleasant way—“And one of the creators of the influential web programming language, XML”—which is true, but talk about bringing up someone’s demons to haunt them. Oh, my starts.Brad: [laugh]. But wait. How is the fedora-wearing pejorative?Corey: Oh, it has a whole implication series of, and entire subculture of the gamer types, people who are misogynist, et cetera. It winds up being an unfair characterization—Brad: But he does wear a fedora.Corey: He does. And he can pull it off. He has also mentioned that he is well into retirement age, and it was a different era when he wore one. But that’s not something that people often will associate with him. It’s—Brad: I’m so naive. You’re referring to things that I do not understand what the implication was that I made. But—Corey: Oh, spend more time with the children of Reddit. You’ll catch on quickly.Brad: [laugh]. I try, I try not to do that. But thank you, Corey.Corey: Of course. So, thank you so much for taking the time to go through what you’ve written. I’m looking forward to seeing the reaction once the book is published widely. Where can people buy it? There’s an easy answer, of course, of Amazon itself, but is there somewhere you would prefer them to shop?Brad: Well, everyone can make their own decisions. I flattered if anyone decides to pick up the book. But of course, there is always their independent bookstore. On sale now.Corey: Excellent. And we will, of course, throw a link to the book in the [show notes 00:43:31]. Brad, thank you so much for taking the time to speak with me. I really appreciate it.Brad: Corey, it’s been a pleasure. Thank you.Corey: Brad Stone, author of Amazon Unbound: Jeff Bezos and the Invention of a Global Empire, on sale now wherever fine books are sold—and crappy ones, too. I’m Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you’ve enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you’ve hated this podcast, please leave a five-star review on your podcast platform of choice and then a multi-paragraph, very long screed telling me exactly what I got wrong.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.
Kevin Miller is currently the global General Manager for Amazon Simple Storage Service (S3), an object storage service that offers industry-leading scalability, data availability, security, and performance. Prior to this role, Kevin has had multiple leadership roles within AWS, including as the General Manager for Amazon S3 Glacier, Director of Engineering for AWS Virtual Private Cloud, and engineering leader for AWS Virtual Private Network and AWS Direct Connect. Kevin was also Technical Advisor to Charlie Bell, Senior Vice President for AWS Utility Computing. Kevin is a graduate of Carnegie Mellon University with a Bachelor of Science in Computer Science.
EP256 - Colin Bryar former Amazon Chief of Staff and author of Working Backwards Happy episode 256, our penultimate 8-bit episode! (we’re going to have to migrate to 16-bit for next week). Colin Bryar is author of “Working Backwards: Insights, Stories, and Secrets from Inside Amazon” (affiliate link). This is the definitive book about the unique processes, programs, and culture implemented at Amazon which have enabled its remarkable track record of speed and innovation. Colin had a 12 year career at Amazon and served as Jeff Bezos technical advisor (chief of staff) shadowing Jeff in all meetings for a year. His co-author, Bill Carr ran Amazon Prime Video and sat on Amazon’s S-Team. These two had a front row seat to many of the most seminal moments in Amazon’s history. If you work with Amazon, need to compete against them, or just want to duplicate their success in another field, you owe it to yourself to listen to the episode and then read Colins book. Episode 256 of the Jason & Scot show was recorded live on Wednesday February 24, 2021. http://jasonandscot.com Join your hosts Jason "Retailgeek" Goldberg, Chief Commerce Strategy Officer at Publicis, and Scot Wingo, CEO of GetSpiffy and Co-Founder of ChannelAdvisor as they discuss the latest news and trends in the world of e-commerce and digital shopper marketing. Transcript Jason: [0:24] Welcome to the Jason and Scott show this is episode 256 being recorded on Wednesday February 24th 2021. I’m your host Jason retailgeek Goldberg and as usual I’m here with your co-host Scott Wingo. Scot: [0:41] Hey Jason and welcome back Jason and Scot show listeners Jason as you know one of our favorite topics here on the Jason Scott show is Amazon their culture and different business strategies tonight on the show we are really thrilled and excited to welcome Colin Breyer he’s an ex Amazonian and co-author of the brand spanking new book working backwards welcome to the show call. Colin: [1:03] Thanks for having me on the show happy to be here. Jason: [1:07] We’re excited to have you Scott in particular as a huge Amazon Fanboy so this is a he’s trying to be cool but this is a thrill for him. Um And so Colin Scot introduced you as an ex Amazonian but maybe you could tell us a little bit about your background and how you came to Amazon and what you did there and then you know what you’re doing now. Colin: [1:29] Sure I moved out to Seattle and 1990 and worked at Oracle for about five years I was so consultant red wire and after 5 years I realized I didn’t even know what Seattle look like so I left Seattle and started a company with. With two other folks Charlie Bell and Kevin Millar and what we were doing at the time so this is in 95 were helping companies take all of their internal data and help them expose it on what was then the nascent world wide web and most companies you know we’re struggling to do that and we worked with a bunch of larger companies out here in Seattle Microsoft Boeing and then some companies are like tear W outside of Seattle. And one of the small companies we work with was called amazon.com and we realized that there was a really special place so from the moment we stepped in through the door and so we decided to join Amazon and that was so I joined Amazon in March of 1998 and Amazon was only a Bookseller just based in the US and there were probably about a hundred people in the corporate department and 500 people and total and customer service in the Fulfillment centers so it was a. [2:51] You know very special place in you could tell that something something was going on and it wasn’t sure if it was going to work yet but things are moving fast and customers were validating what we were doing and the press and pundits sometimes agreed and a lot of times they didn’t but it was fun to see Emma’s on transform from they did. 147 million dollars in Revenue when I started to and now this last quarter was a hundred and twenty five billion dollars in Revenue so it’s been fun to be part of that transformation. Jason: [3:21] Yeah they’ve had to stretch the the cells on the Excel spreadsheet a little bit since you started and a hundred employees so I’m trying to think would you have gotten a desk that was made out of a door or or did you have actual furniture by then. Colin: [3:35] No I had a door desk and you know he’s still get to our desks and I was lucky enough to my the email address was just Callin to so it was a pretty small place then. Jason: [3:46] That’s that’s very cool and then. You did a couple different roles in Amazon but one of them in particular is a pretty cool role and you might have if I am going to pretend like I didn’t read your book but I did you were the second person in the in that role right. Colin: [4:03] Yes so I started out in the software group and worked there for about five years and then I was Jeff Bezos is the internally the roll is called the Shadow or technical assistant and externally it’s more akin to a chief of staff and so I got to spit was very very fortunate to spend. 10 hours a day with with Jeff participating in the meetings and you know seeing how. He thought in and was planning on on building a very large organization to be what he termed Earth’s most customer Centric company. And it wasn’t just technical issues I got to experience everything from the Fulfillment centers legal PR the commercial group the retail groups and also she has some pretty deep dive technical issues too. So I was very fortunate to have done that and then I spent after that I went to IMDb The Internet Movie Database is their CEO which is a wholly owned subsidiary of Amazon. Jason: [5:02] Yeah and as I understand it the the the technical adviser primarily entails training up Jeff in tennis to get him ready for celebrity tennis tournaments is that. Colin: [5:13] No that was a very small part of my job was less than a day yeah. So yeah that that was an interesting Adventure but really that what the job entailed was two things you know when Jeff he asked if I wanted to be this next technical advisor and you know I did rather than jump at the opportunity I said can I take the weekend to think about it but first can you please tell me what um success looks like in this role because it’s too important of a role and I’m to take if I don’t think I can be successful in this role and he said well the first thing is you know just to help. Jeff Lewis helped him be a better CEO and you’re making sure that the right issues and teams get in front of Jeff and. And I could go places in the company that he couldn’t but then the second part is the way he put it is a we want to be able to model how each of us think. So after this role ends when you go somewhere else in the company that’s going to have a pretty good idea of his vision and your core tenants and Leadership principles and be able to move into the company so it is a rotating role and I was in that role for about two years. Jason: [6:27] That that’s amazing and the present your predecessor in that role was Andy Jesse wasn’t it. Colin: [6:32] Yes Andy was the first technical advisor and you know relied on his advice and counsel do you do too tell me what I was getting into and you can see the phenomenal job and he’s done since then you know there aren’t too many people who get a chance to to do this role so I realized I am very lucky to have been one of those people and you know one of the reasons bill and I decided to write this book was to talk about some of the principles and processes that really are you know that secret sauce of what makes Amazon work. Scot: [7:10] Cool let’s let’s dig into the book The the book is split into kind of two parts you have the first section which is being Amazonian and then the second one which is kind of case studies of applying that called invention machine at work in the Bing Amazonian section you guys go into a lot of my favorite topics and sadly we only have you for an hour I feel like I could essentially just talk about this forever but you talked about the Amazon leadership principles the six-page note that is the kind of the Keystone of every meeting the bar raiser program left I thought it would be appropriate maybe just started the title concept which is working backwards give an overview of what that means and you know maybe an example don’t use AWS causal ask about that later but as an example maybe a of how that gets used inside of Amazon. Colin: [8:07] Sure so working backwards it’s a very specific process used at Amazon to look at ideas to vet them and decide whether to bring them to Market be it a feature of opening up a new business and if you have to remember one thing about the working backwards process it’s this it’s that you start with the desired customer experience and then you work backwards from that. It sounds simple it’s actually pretty hard to do and it’s different from how a lot of organizations make decisions a lot of organizations use What’s called the skills forward approach they look at things and ask questions such as what are our core competencies we know what are we good at what are our competitors doing. And how can we nudge into this adjacent Market if we get 10 percent market share what’s that going to look like and you know a SWOT analysis the strengths weaknesses opportunities and threats is a typical analysis that. [9:01] Companies use to decide what to do next but often a word that doesn’t get mentioned in that analysis at least up front is the word customer. So Amazon decided to invert that and and say we want to make sure that the customer is front-and-center from the very germ of an idea. And so Amazon developed this working backwards process. And the primary tool that Amazon uses for the working backwards process is the pressure release and frequently asked questions document so it’s a type of narrative called the pr FAQ document. [9:37] So that if anyone has an idea and again this works for something as small as a new feature on the IOS app or if Amazon is deciding to get into a whole new line of business or move into a brand-new geography the first thing that a the person who has the idea or the team that has the idea does is they write a one-page press release so it has to be one page or less. If which forces you to really crisply Define the idea and the press release has a couple different components one is a clearly defined what is the customer problem you are trying to solve. And you know and that also it can take a couple of iterations that in the next part is you have to explain to the customer. Why they might be interested in using the feature or buying the the product. And then you go on in that press release you typically you can use a quote from a customer or if it’s a something for a partner the partner talks about why how this actually solve their problem. And if you and so this is an iterative process once you write your press release. You read the press release and if you don’t want to go out and buy that product or use that feature the service you stop and you rewrite the press release until you get it right. [10:52] And then the the next step in the process is the FAQ process and you can break that up into two primary components and external FAQ and an internal FAQ. And that external FAQ are think questions that you ask an answer that would typically go to customers or if the Press. How much is this product going to cost. Why should I use this product versus what’s out there on the market why should I change my behavior and what’s in it for me if I’m going to go through some extra steps to go use this product or service. [11:25] The internal FAQ is a series of questions and answers about. What are the tough problems that the company is going to have to solve in and how are they going to organize. [11:36] To actually get together and solve these problems to bring this idea to Market so if some examples there could be. Kim can’t how and can we build this product with the bill of materials that’s less than 200 dollars to get out to the market at the desired price. Taking me technical issues what are some unknown technical problems that we need to solve. And how are we going to organize and approach and solve these problems Legal Financial issues or privacy issues or if it’s a sales B2B this requires your Salesforce do we use a direct sales force or we’re going to partner with someone. And there is this is all an iterative process and a lot of ideas don’t actually make it through the end of the working backwards process. [12:21] And the ones that do have gone through many many iterations of meetings where people weigh in you’re missing a key. Fack you know so let’s go ask an answer that and come back next time. And if this is by Design By the way because it’s meant to one ensure that the customer is not forgotten but do it saves time because it saves you from moving in the wrong direction you know people talk about speed a lot is important but velocity I think is is important in velocity is the vector a and the vector of speed and direction so this helps you make sure that you’re moving in the right direction at the beginning and conserving what’s typically companies bottleneck resources which are Technical Resources. Scot: [13:09] The so it seems so then you’ve got this idea Factory right and everyone’s creating these things. And I imagine they’re all pretty good then at some point someone’s gonna have to decide like there seems like there’s always going to be an abundance of them even the ones that you know even given that some don’t make it through. So then does does Bezos just essentially say all right here’s the top 100 we’re going to draw here like who’s sorts these things in part eyes as I’m how does that work. Colin: [13:37] Looked it’s typically it goes to who’s ever controlling the the set of resources that need. You know that are needed in order to get this done and for a very large. Initiative or what Amazon calls a one-way door once you do it you know it’s very expensive and difficult to roll back that will float up much higher in the organization but it could be you know as simple as we want three people to go work on this new feature on the website so whoever controls those whatever the appropriate management level is that controls those resources that’s where it gets done and you’re right in that very most people have good ideas it’s just is this idea we’re doing is it big enough and is it in is it worth doing now those are the the types of questions that you have to ask given the resources and constraints that the company has so for low very large projects that goes up to the. Esteem The Witches Jeff’s you know. Direct reports the management team but most of them are smaller than that because Amazon usually works Inseparable teams and so who’s ever controlling those single-threaded separate both teams typically makes that decision. Scot: [14:53] Yeah let’s so Let’s do an example a simple one in this is Jason’s favorite let’s say house plants he always used to use this one to something that Amazon I guess wouldn’t do and now they do so so I have the idea to do houseplants I write a press release Amazon now ships houseplants and I talked about how we have. They arrive at your door fresh and you know a selection of thousands and you know but then do I have to tell you like how do you sighs that opportunity versus I don’t know. You know B2B cogs are widgets and cogs. Colin: [15:33] Yeah so that you first of all have to one of the questions is in the fact you have to address what’s the town that the total addressable market so how big is this idea you know some typical questions would be. We don’t have life things in our fulfillment center right now how do we handle you know how do we handle that and you know what how long can they stay in the Fulfillment center before they need attention you know Electronics depreciate you know some of them appreciate 10% a month plants die if you don’t water them I would so you know you’d have to address issues like that how are we going to keep our inventory alive before we get it out to customers and then but in terms of it’s a great question about how do you balance that with a B to be completely unrelated project and. [16:24] That that prioritization is really tricky and It’s Tricky for a couple of reasons because. [16:30] Even out the the pr FAQ stage you don’t know really how big of an idea this is because you don’t know customer adoption that’s very tricky to predict even if you have a great idea and you don’t know how long it’s going to take to build and deploy the the technology or that you know the heavy lifting infrastructure to handle plants in this example and so Amazon a lot of times what they do instead of made it making that prioritization decision they take a step back and make a resource allocation decision for given areas and for this one that would probably have been done in a yearly planning cycle to say we are going to devote for our B2B efforts we’re going to devote this many people are you know these many organizations or groups are going to very large now but are going to focus on B2B issues and here’s the you know new category expansion for the the retail business and if you do that up front and then you have your the teams are at that point separated then you don’t have to it’s hard to prioritize between apples and oranges and so Amazon doesn’t want didn’t want to make that prioritization decision because you often get that wrong and so just taking a step back and use a different decision making tool which is resource allocation and you do that you don’t have to do that every project you can do that once a year or once a quarter and then balance resources as more data comes in. Scot: [17:59] Yeah and then and then what’s the so alright I’m in the B2B group and I’ve got my you know is it, what’s the unit of allocation for resources at people hours is it dollars is it gummy bears you have seen people do all these really weird things where they’re kind of like you know you get this mini you know seats on a train if it’s engineering how does is there such a thing at Amazon like that. Colin: [18:23] Well there are you know there are some constraints and you know setting hard constraints at the beginning of a planning process actually it typically saves iteration you know if you say hey send me all the any ideas you want your ask is going to be much bigger than you could ever do and so setting some constraints about here’s the free cash flow that we anticipate we’re going to have to invest back in the business some of it are just you may want to do something but you may not be able to hire a hundred software engineers in the in the time you need to hire those people so you could say here’s our staffing and here’s our hiring rate for the year so. We have what we have at this point in terms of Technical Resources but it’s a combination of what it’s resource constraints and in some cases it could be dollars and some cases it could be bottleneck resources like software Engineers or data scientists or it could be you know fulfillment center capacity so you have to know what your bottleneck constraints are and now that would be how you make those types of decisions. Scot: [19:28] So in my plan example I’m going to say I need you know I need the retail team to kick in and create a category for me and I’m going to need three developers to add all the attributes for houseplants and I’m going to need a photographer to take pictures of them and I’m going to need a greenhouse outside every fulfillment center and I’m going to need a I don’t know what is a. Plant person to you know an expert is it kind of like that like some of them I’m drawing resources from other teams and others I’m hiring or how does that get expressed in those that process you’re talking about. Colin: [20:03] So for for some of them will touch other other teens and Phantom Zone we talked about Loosely coupled teams not completely separate and independent so there are some shared resources and you know especially for smaller organizations you’re not going to have. Illegal rep you know that for each of the small groups you’ll kind of share those those resources across there but you would need to identify here are all the things that we need to get done and you know in terms of Transportation Logistics design and and for this those shared the pools of resources that you are going to have to get some of those allocated for that period of time but that having been said if the issue if the the idea is big enough um you know you you can justify getting those resources on your own and one of the things that when a great frequently Asked question is that’s been asked several times at Amazon is what things are outside of your control. Do you wish that you had under your control and how are you going to organize and how would you organize to to bring those things under your control and that’s a continuous process you know if it’s your always short design resources for instance and you work too. [21:24] Get design resources on your own team somehow if that’s the right answer or if that Central group you needs to grow or double in size you know there’s not there’s often not one. Universally right answer for every company but knowing what things that you’re it’s. Amazon wants people to be control in control of Their Own Destiny and so asking what things are outside of your control that and because it’s hard to ask people to be accountable when you don’t give them resources to get things done so Amazon tries to make sure that that happens. Jason: [22:01] Awesome and calling you’re being like really polite by humoring Scott but the reality is his one-pager would never get off the ground because if the if the one pager was Amazon now ships plants that’s not very exciting the one-pager should be Amazon just shipped its billionth plan. Colin: [22:17] Yes yeah you have to attack it does have to be a big idea to work you know. Jason: [22:23] Ink I think that’s increasingly true right as Amazon becomes a bigger Enterprise those those new Ventures have to have to be bigger to be relevant. Colin: [22:35] They do have to be bigger to be relevant one thing Amazon is is unique is their patient you can plant seeds so some of these things take years to grow into something big and you have to. Yeah Jeff put this in one of his shareholders that you have to have the institutional memory to know what it’s like to go from you know a 1 million Dollar business to 10 million dollars to fifty million over relatively short period of time that’s not going to move the needle in a hundred and twenty five billion dollar quarterly business but. Given enough time and if the total addressable Market is big enough. Then it is worth doing and you do need to be excited about those types of things and pay attention and to them and you know cult I guess the seed analogy is apparently a proposed since we’re talking about house plants but Amazon is patient and if it’s big enough they’ll wait and work to get it done. Jason: [23:39] The so I want to Pivot a little bit the if we didn’t spell it out up front the the book is really a tool to give some insight. Into how Amazon organizes. [23:56] It steams and runs its business and and the structures and Frameworks that Amazon has in place to be shockingly Innovative in spite of their. Now tremendous size and success and you present it in a way to try to help others. Decide if and how they would Implement some are all of these things in their own organization so it’s sort of a business manual if you will. And you you kind of go through a bunch of stuff though wieder ship principles which I think there’s 14 leadership principles now the bar razor program Which Scott and I have had several of our razors on the show is guess. Um which is Amazon’s hiring process but one of the things that comes up a lot in the book and that you’ve referenced a couple of times already tonight is this concept of single-threaded separable teams and sometimes referred to as though I to Pizza teams for example. I’m wondering if you could talk a little bit because I think you were there while that sort of before that that philosophy was fully embraced and as it was implemented can you talk a little bit about. Um how that came to be and how that has served as a Advantage for Amazon. Colin: [25:12] Yeah sure sure I can do that and you know the the areas that you mentioned that one of the reasons we wrote the book was because a lot of this work is you know it’s under the tip of the iceberg it’s things that people don’t see but in people ask always ask how many Echo devices are sold this quarter or how many Prime members are there going to be and. Well that may be interesting it’s not that helpful to most organizations and we felt that Amazon had made some significant advances in the field of management science. [25:44] And that’s why we tried to put all of these Concepts together to say here’s how you can take a small organization and use some of these principles some of them were inspired and you know stood on the shoulders of other companies before us but so we tried to organize them in a way that’s useful and helpful for the reader and in terms of separable single-threaded leadership that one was a journey you know for instance writing narratives you can just say we’re going to switch from slides to narratives and make that change which is what Amazon did you may stumble a little bit and it takes a while to write great narratives but that’s an easy change figuring out how to get to this single separable single-threaded leaders was a multi-year journey and you know when I started at Amazon you know I’ve started in the software group and and Amazon was growing so fast but it was already so large that there weren’t any there were very few commercial software applications that you could buy to help solve the problems that we are trying to solve we are already well beyond the tolerances of most commercial software so we had to build and build fast just in order to keep the lights on and this is in addition to opening up a new geographies or internationalizing the code base and. [27:09] Moving into these different categories which you know they have different attributes so you got it you have to change how its search looks like with the order pipeline looks like if you want to do a Peril you need to have size variations like size and color you know books don’t have variation so it was very easy but we realized that we’re adding a whole bunch of people and we weren’t moving all that much faster and even worse we are spending more time coordinating than actually doing and you know so that ratio is was getting out of sync and one of the things that Jeff is appraisals is particularly good about is you can take a look at a trend in then project it out when what is this going to look like five years from now is he 7 years from now and the prognosis was not good we had a tangled. Code base and you know it was all one executable even at one point for the website was called overdose. But and so that meant you had a you know. [28:09] Couple hundred software Engineers working and stepping on each other’s toes someone would change something that you didn’t even know and it would break your stuff for or vice versa and then if you wanted to get something done you often would have to control another group to say hey can you work on this you on this library and so how can you change some of these things and we realized that what so we had a huge technical problem we also had an organizational problem you know those same the same dependencies existed on the organizational side you’d have to go ask for resources from the design team or from the Fulfillment center team and to figure out how to to get things done and a lot of companies what they would do is they would build. [28:53] Better processes and we build solutions for collaborating and communicating and Jeff did said just the opposite he said I would like to have an environment at Amazon where we don’t have to collaborate and communicate. And we have small separable teams and we started off with the idea of a two Pizza team and and the reason it was called to Pizza teams as because two pizzas should be to be able to feed the entire team so you couldn’t really have a team more. Jason: [29:24] Scot and I would have to be individual teams that. Colin: [29:26] Yes. Yeah that was that exercise those left to the team owner but how much PC would allocate but Engineers don’t like to go on hungry stomachs so and so we tried separating these teams and. But in order to do that you’ve got to change your technical architecture and you also have to teach people how to be autonomous because in this prior environment you know. You couldn’t do anything really on your own you had to go ask so many people that it was more top-down here’s the next thing we’re doing and you know so next quarter you’re going to be working on an initiative that you didn’t even know about the quarter before it was kind of disheartening. And so we had to untangle and the code base build What’s called the services based architecture a lot of people do that now and you know it sounds easy didn’t really exist at the time so we’re it also inventing a lot on our own on how to build this type of architecture and then we had to separate the decision-making process for the or two. [30:28] So some roles in organizations like a chief product officer kind of go away because you want those product decisions to push them down to these small separable teams you don’t want to have one person or group make all of the product decisions and you know same thing with that engineering decision so we had to decouple and distribute that and you know white where said it was a journey that stuff was hard to do we also had these things called Fitness functions which were basically a composite metrics that would a single metric. [31:01] Which is a composite of individual ones that would measure the progress of a team and we realized we were spending whole bunch time arguing over you know should it be twenty percent speed of the service and 60 percent revenue and you know and you know 20% something else and it just was a waste of time and we so we we stopped doing that in the fitness functions and it turned out what was the. [31:24] I would say the high order bit that made them work as their separable teams but a single-threaded leader and the best example I can give the this at Amazon is there was a project called self-service order fulfillment and we don’t have exciting names for some of these internal projects but what that meant is we we knew that we wanted to expose some of our functionality in the warehouse the logistics centers to third parties and so we wanted to make it self serve where people could fulfill orders and it was it good idea but it never got done and when I was working with Jeff as as technical advisor we would do we would go in for an update on it and it would be yeah we have to talk these eight other teams and we’re making some progress the next update six weeks later there’d be a different person giving the update and your different leader and it was kind of this rotating thing and so finally Jeff said Bezos said to Jeff Wilke who was running the opposite group at the time said you need to assign a senior leader can’t you do to make this happen and I want that person to work on self service order fulfillment and nothing else but self-service order fulfillment and so Jeff Wilkie chose Tom Taylor who is a VP in the group Tom had a big job at that time and you know Jeff Wilke went in and said your big job is no longer you’re worried you’re going to work on a project that is risky it doesn’t generate any revenue and it’s and you’ve got to go figure out how to do this but. [32:53] I’m woke up every day figuring out how to organize and get this thing done and not you know is it year year-and-a-half later it launched into what was now called fulfillment by Amazon so very big business and I’m not sure if that would have gotten done it certainly would have gotten done at the time you know. The time it took to build something that big without Tom and a single-threaded leader so Amazon took that and use that as a model to for how to get other things done. And Dave Lim who is the senior vice president of devices now at Amazon has a great quote and he says that the best way to fail at inventing something is by making it someone’s part time job. So that that is an example of where your Amazon just took a slightly different approach on how to organize around. Really working on the things that matter and that will drive the needle. Jason: [33:43] That I love that and it one of the things that’s fascinating to me about it is it seems like it’s worked bofur. Technical as a technical solve like it like you guys organized software that way and apis and and the sort of space architecture and all that and you’re organizing. The human resources that way as well and it seems to apply equally to both I do have one question though. From what I hear the one thing that doesn’t seem like a jives perfectly with that is it seems like you hear a lot of people talk about the s team and and you know the biggest decisions in the company getting elevated to the s team in a way that s team sounds like kind of the antithesis of. Single-threaded readers if there’s you know like at the s team it sounds like the finance guy can critique the software approach or vice versa or those thing am I misunderstanding. How the s team works. Colin: [34:35] The way that that the the operating Cadence at Amazon is there’s a yearly planning cycle where you have some tent poles. [34:44] About just what are the constraints that the organization has to face. And you know each team then or group comes in with their it’s called the operating plan one their op1 plan. About what can they do and they come in with the resource ask and at some point you do have to rationalize. If the ask is bigger than the individual resources you do have to figure out how you’re going to take a fixed pool. Of capital so I think you know a comment we get a lot is well Amazon has unlimited capital and unlimited software Engineers that can just appear magically whenever you need them at the door whenever you need them that’s not the case there and it was actually it was very difficult to get resources allocated to a project that you are working on so there was some friction there but it was by Design. But what did not happen is there wasn’t a lot of thrash after that after you make that allocation so here’s our yearly plan and rather than say what the team needs to do and how they’re going to go do that the team would commit given this set of resources that I now have for the upcoming year. Here’s what I’m here’s what I’m going to commit to and here are the set of initiatives that I think are going to get me to you know to achieve these goals so you do what what I’ve seen. Some people go overboard with these separable teams at and just make them totally autonomous and and I think that you need to come back. [36:14] You know once a year sometimes even once a quarter just to check to make sure you’re moving in the right direction the right direction and staying true to what you you know sanity check on are we making progress on the goals the company goals that we want. So there is a true true up. But it’s on a yearly basis for the most part in the operating Cadence of Amazon. Scot: [36:37] Well that’s interesting you run on these annual Cycles but let’s say. I don’t know some earth-shattering new thing happens in the middle of that cycle what’s the process for kind of is there a like in scrum or agile software there’s a way of kind of just saying. Scrap everything we’re going to reorient it is is that a thing at Amazon or know you stick to these annual cycles and don’t deviate. Colin: [37:00] You need to take a look at the data that comes comes in and adjust and in so I. Don’t know if I’ve ever seen a yearly plan executed a hundred percent exactly if you were good to go back year that everything happened the way that we thought it would you have to move fast you have to move with less information than you would like you know about 70 80 percent of the information you have to end to make the decision so you also need to pay attention to what’s going on and to be able to adapt quickly you know there are some times where. You’re like Amazon Prime for instance is a good example where. There are exceptions to the rule hey we’re going to go launch Amazon Prime Jeff said this and it would there’s an October and we’re going to launch it by the end of the year it was a you’re not the biggest project Amazon did that year but it was it was a substantial one and it was a fairly short period of time so there are exceptions to that rule and you do need to you know to be agile the group do that has committed to achieving certain goals that STM doesn’t really tell them how they’re going to go with cheve those gold so if something changes the group you know the group. [38:16] And question adapts and they can say hey I’m no longer going to work on Project a because Project B or does new project that I didn’t even think of you know back in op1 comes in the fall is now worth doing so I’m going to set these other things aside and you make that exception the planning tools to help you make the right decisions but if more information comes in over the year to tell you that hey if you stick with this thing you’re going to make the wrong decision you know you change the plan. Scot: [38:47] Got it and then says that’s been super helpful to walk us through those different principles and then second half of the book you kind of think of them as case studies and that’s the invention machine at work. I was going to ask you about AWS but then it occurred to me I’ll make it your choice so anything you want to talk about what would be a good example for listeners of you know in your in your memory of how Amazon applied some of these things and any fun stories in there always always welcome. Colin: [39:18] Yeah we’re going I’m going to talk about AWS and and so you know Kudos huge kudos to Andy jasion and his team for inventing cloud computing but a couple things that are I think know too little about the evolution of AWS so Andy you know there were signs before well before S3 and ec2 and the queuing service were the first three AWS services that came out well before that there were signs that either something going on here with web services it’s just a better way to build software and our internal software and you know Engineers were using it we were using it with third-party Sellers and with affiliate program and Andy had put this plan together. It’s been said you know there may be something that here and we should adopt this you know model and go try it. And any could have had any job that he wanted. At the company at this point he had just spent I think it was a year and a half working as Jeff’s technical advisor and he chose to go to a non-existent business that had a. High level of risk we also didn’t know where other companies were on the path of inventing cloud computing we were looking at the same data that people. Microsoft Oracle IBM Google we’re looking at boot go to some developer conferences and see the same Usual Suspects there. [40:47] So we had no idea what they were doing so what I think one notable thing is that it’s okay at Amazon to go take a risk it’s not a career. Breaker to go from a big business to a small business or from you know. Job where you have a lot of head count to go start to build the new idea and invent something and that’s one thing and then two is that. [41:10] We talked about the working backwards process especially for something caught the term cloud computing didn’t even exist then and the initial ideas that we had about web services is what we call them in the beginning we didn’t know what the fundamental units were and you know so ec2 is the elastic compute cloud and that’s your computer you buy compute units of compute power in the beginning we thought that was really going to be provisioning which was a problem that we had internally a teams would write their software and then they wait six weeks for the hardware to arrive and for people to provision the hardware and then push it out there it was also hard to also get the right software on each of the computers that you needed and then if the I didn’t. [41:57] If the idea didn’t take off reclaiming that Hardware so you could send it to someone else was another big heavy lifting project but so we thought it was going to be provisioning but there is a journey that we went through and for AWS we basically wrote documents for about a year and a half and reviewed them it was you know Andy and whoever the if it was the compute team or the the storage team and Jeff and I would be in a room and we’ll be reviewing documents sometimes we wouldn’t get past the first page because we realize hey there’s an issue here that we don’t really understand or we haven’t gotten to the you know really to the core of the issue or defined what it is for the customer and you know they’re in some metaphors just popped up during this time where one very powerful one is that we want to provide the same world-class Computing infrastructure to a college student in a dorm room then someone who works at a company like Amazon and and that really clarified things and you know the other thing with S3 is, you how does three fail you know you can either have it fail for an hour a year which is bad if you have. Hundreds of thousands of businesses relying on it or if it does have to fail you can have it fail gracefully. [43:14] But just and you know one transaction every you know couple million transactions a oh go try it again that’s it those are two different failure modes and you have to build something very different. And we also knew that outgoing once this thing got out the door it was going to be hard it had to get better as it got bigger so you couldn’t throw this thing over the fence and then decide what to fix because so many people would be relying on it’s a much different relationship that you’d have. So just the I think in the notable thing about AWS is it was an experiment. And we felt weird in a land rush we wanted to get out there first it would by no means ensure success but it sure would help. [43:57] But we stuck true to what we don’t haven’t really defined you know you were using this working backwards process we haven’t really defined what, what we’re trying to solve and and really identified that the core technical issues and then you know there was also some astounding engineering work and it advances that the web services team did that went along in the background because we knew sometimes what we wanted to do but we hadn’t figured out how to do it. [44:23] So just the Journey of getting a brand new idea and you know for a company to be able to say this is not our Core Business. But it is something that we have we think we can do as good as anyone else on the planet and it’s worth worth trying there are some Skeptics inside Amazon and even at the board level about you know why why are you doing this when you’re still trying to get your retail business working and improving on the retail business you know prime it just lunged at that time so be willing to be misunderstood. For a long period of time if you go back and look at some of the quarterly announcements Jeff would say well we’re working on it was web services and digital and and. Said that for many many quarters and those turned out to be two very large pillars of the company but they were started out from you know. Risky ideas most companies had made the transition from physical delivery of goods to be a pure digital player in terms of movies Books and Music also so that was just another transformation that happened. [45:32] Happy to go into more detail on it on any of that but I think the notable things are what Andy did and then also just sticking to the working backwards process because ultimately you want to solve customer problems and if you’re in and if you solve customer problems it will work out in the long run so Jeff firmly believes in he you know told us all that in in the in the long term the interest of customers are perfectly aligned with the interests of shareholders and so if you do what’s right for your customer it will work out in the long term and you’ll build a company that he can be proud to tell your grandkids about. Scot: [46:07] Got it when did maybe you you left before then or got moved to something else but like when did when did you know or Amazon know that the cloud thing was going to be pretty big. Colin: [46:23] We had you know we had a suspicion that it was going to be big and and. [46:31] I think that it wouldn’t it wasn’t really proven until you when S3 first launched it was. It wasn’t an overnight success. But once another service ec2 came with it where you know you weren’t you didn’t use a storage service and then have to move over to your own data centers to handle something once ec2 and S3 started working in conjunction it was a lot easier to build some pretty cool applications and you know that was another tenant that we developed during this working backwards process. Present a single service in itself is it going to be all that useful you need to have you know a critical mass of services that work together in the cloud in order to really make larger organizations you know to jump on the bandwagon and start using it. So I would say you know after ec2 and launched and then you’ve got to see what people did with the ec2 and S3. We knew that that rocket ship was going to take off. Scot: [47:34] Yeah this is where the Tam things tricky right because I’m sure the original paper the tan was pretty small and you know now it’s probably like thousands of times bigger than that original tan anticipated. Colin: [47:47] You know for success is this large you know you can think big but that’s total addressable Market we did know that there’s going to be a new paradigm on how to build and deploy software. And if we could do it it’s basically the business-to-business software Market you know that that’s huge. And answer so we knew that it was a large number you know virtually. Unconstrained if you want to think of it that way in terms of if you can get it right there’s a lot of work and you know even right now you take a look at the total compute. Our you know that that’s going on are the software development it’s still there still a lot of Runway ahead of AWS. Scot: [48:31] Yeah and another thing I don’t know where this lands in the principles but then there’s this very unique to Amazon think other people are copying it now but this whole idea of you know Walmart would have taken that. That infrastructure and they would have viewed it as this super proprietary kind of a thing that they would use internally right where does that culture of opening it up. To external users where does that come from. Colin: [48:58] I would say the root of it comes from customer Obsession and I’ll give you an early example of something like this which is where Amazon wasn’t you know owned all of its inventory. And and so when you went to a detail page a product page on Amazon there was only one seller it was Amazon there’s only one seller on the platform. And it was a controversial issue to say should we open it up to on the on that product page to third-party sellers we had tried in auctions. [49:27] Product on a separate tab at the time and if you remember those then there was something called Z shops and turns. Known went over to that neighborhood because all the cool kids were over on the product page of detail pages of Amazon and in you know the for instance you. The head of the retail group or the head of the electronics category would say are you kidding me I’ve done all this work to get my scarce allocation from these vendors you know try to get sharp prices on them and try to keep them in stock and now you’re and and I’ve created this great detail page for this electronica item and now you’re going to let any third party cell right inside my store now you know how is this does this make my job easier and and how is this good for Amazon and once you know and it was Jeff who said looked at it and said well where how big amazon gets it’s still going to be a small part you know percentage of overall retail and and ultimately we’re in the business of allowing customers to make purchase decisions so if we don’t have the product in stock. [50:38] We want to eat we want that we still want the customer to be able to buy that Earth we don’t have the lowest price we still want them to be able to come to that detail page and conduct a transaction to find out more about this product. And buy it and if you want to make that product page to be the best place on the web for that particular item you have to have multiple sellers you have to have the best item Authority information about that and yeah by the way you now is the general manager of the electronics group your job is a little harder but you know it’s it. Making these things making your job easy isn’t what Amazon is all about you know we’re trying to solve customer problems and this is the best way to solve the customer problem so that you know I think if you look at it from that point of view then you say oh yeah we have to open up our product pages and create this Marketplace initiative which is now you know now outsells the owned inventory business on Amazon is as you guys will know. Jason: [51:37] Yeah yeah it’s crazy it’s annoying how many stories like that Amazon has of these. Things that in hindsight are enormous successes like the marketplace but at the time like had to be hugely controversial difficult decisions. One you know as I was reading the book one of the things that kind of recurring theme was a lot of these business structures and processes. I feel like they were really invented to help Amazon scale Beyond Jeff right like. You know to maintain Jeff high standards once he couldn’t meet every employee personally we need a bar razor program for hiring and we need the business principles to sort of indoctrinate everyone in the company. The big news this quarter is all the Jeff’s are leaving Amazon and so I’m sort of curious like. Do you believe that all of all of this infrastructure and culture that that you guys all put in place. Are going to enable Amazon to sort of keep clicking at the same level you know when when Jeff was like a little more involved. As he sort of disengages and spends more time on Rockets or something or or do you think that’s gonna be an inflection point for Amazon it’s hard to in my mind it’s hard to still be. Day one company when your your founder retires after 27 years. Colin: [53:00] So you know Jeff has he had spent since the time I was working on he devoted a whole lot of time. [53:08] To try to instrument the company and encode some of the knowledge has and principles that he you know where he wanted to take Amazon in and make them repeatable processes you’ll it for there’s no one at Amazon who could say let’s turn around and be competitor Focus rather than customer-focused it’s just it’s in Amazon’s DNA so first of all I think Andy he’s young he’s the right guy for the job if I had to write the Amazon CEO job description it would be someone who is steeped in Amazon’s culture able to build you know large multi-billion dollar businesses and work with small teams you know and jump in between the two and bonus points if you built. Business from zero to ten billion dollars faster than Amazon did and he did all of those you AWS got four to ten billion dollars faster than you know Amazon the company and so I you know I think it’s the Amazon is in good hands with with Andy but I think if you look at the legacy of. I’ve what Amazon is in Jeff is going to leave you’re at the end of the day these hockey pucks and cylinders we have in our kitchen or the two-day and delivery is going to seem laughably primitive sometime in one day delivery will seem laughing laughs Ali primitive sometime in the near future but what is a lasting thing is really this in the ninja machine and it’s Jeff’s term. [54:31] That he created at Amazon and he was always very upfront about it and he would talk about some of these things about long-term thinking about you know you read the shareholder letters about separable teams and you know he’s been up front about the working backwards process so I think that it’s these are processes where you don’t. Have to use the stick to get people to use them it is more carrot approach because once you start using them you realize this is just a better way of building a bit and operating a business, you know you don’t have to Once people start writing narratives if you were to tell them to stop that go dumb it down and use slides to you know convey a complex idea you they look at you like a deer in headlights no matter who that person was so I think that there’s still a lot of innovation to come from Amazon and you know whatever company or initiative Jeff Bezos is working on it will be very fortunate to have them but you know there’s there’s. There’s a lot of people at Amazon who will continue to operate and tweak and improve this invention machine. Jason: [55:35] Yeah one of my favorite lines from your book Colin was. You talk about how many people say oh sure Amazon is successful but you have unlimited resources and Jeff Bezos and and you and Bill pointed out like. Hey for most of the time we are there we are heavily resource-constrained that’s not not true at all and you know all of these processes can absolutely work without Jeff. Although if Jeff’s available the work on your project we would both highly recommend him. Colin: [56:02] Yeah and that still holds true. Scot: [56:07] When the one thing that’s been interesting Colin and you’ve been writing a book so maybe haven’t seen this but Shopify is really kind of ascending and getting a lot of play as kind of a you know an alternative to Amazon and they talked about arming the rebels and this kind of thing and then there’s also a wedge in there in that Brands don’t love Amazon because Amazon. They love they want the brands there but they want to control the price and there’s kind of I’ve had brand say to me it’s a love hate hate hate relationship kind of thing so it’s going to be this really interesting battle we talked about this on our show a lot and then recently it was in the press that Bezos was getting more involved in the business to kind of formulate a Shopify strategy that was right before he kicked himself upstairs what you know. But in listening to you think about the customer it almost seems backwards for someone at Amazon to have an initiative that’s kind of like you know what are we gonna do about this competitor Shopify how would you kind of project what do you think they would do and with. What’s going on there. Colin: [57:08] Well I don’t have any first-hand data or information. Give you here just to be very clear and if it does get back to really. [57:20] If something’s worth doing you first of all have to identify the customer problem that you are solving and the customer problem isn’t to go take over Shopify and you know so it’s it’s how can we serve our customers better be they third-party sellers be they bite you no buyers on the site you know and and and what could how can we organize to solve those problems and so you know that that’s just the way. Ideas are developed you know I will say Amazon does occupy a different place in society than it did you know five ten years ago and you know some of these things are going to be worth putting in the public dialogue and you know that that’s part of being a company that’s you know at a half a trillion dollars in yearly Revenue but you know I can’t predict what’s going to go on there but but Amazon whenever there’s tough decisions what people at Amazon do is they fall back onto these 14 principal leadership principles because that’s what they’re there for its they’re there to make the tough calls. [58:32] And and so while I don’t know what that what Amazon will do I know that after they do it if you read these leadership principles and then you listen you know listen to yourself to say in the back of your mind that the long-term interests of. Customers and shareholders are completely aligned it probably will make sense. Jason: [58:55] You know we are running up on time but I do have sort of one last last thread for you I know that the book is obviously intended to help help folks adopt some of these best practices from the Amazon and if I have a right I think you and Bill. Also consult with some companies and and sort of help them adopt some of these processes. I’m curious how successful or difficult outside entities fine some of these things I got I’ll give you a personal antidote. I’ve hired a lot of X amazonians in my life. And I’m always super excited that I’m going to get these people that you know come in and write these like you know super detailed six-page narratives and stuff and and what ends up happening is no they all do I really crappy PowerPoint because they’re all. Like tired of reading the neck so I like part of me wonders like is there some Secret Sauce in Amazon like you know obviously we all believe some of these things can be useful in many other companies but. Is there an endemic in managing Amazon and. Cohesively doing all of these things together that make them work better than than individual bits and bytes do outside of the Amazon that’s fear. Colin: [1:00:13] Well I would say that the first two that you’d have to do if you don’t have them and you know some smaller organizations don’t is defining who you are and the leadership principles you know so the idea is not to copy Amazons and. You need to come up with your own about who you are and then the second part is that bar razor process the hiring process is how do you vet new people coming into your organization because you want to use the new people you want coming in you want them to reinforce your culture and if you’re not deliberate about what your culture is and how you decide is this person going to reinforce my culture or change it if your culture will change because you’re going to get a culture as your company grows it just is your choice if it’s whether the one you want it to be or whether it will become bait you know whatever will become based on the new people who are coming in if you go from 5 to 20 people and you don’t have a deliberate hiring process with the leadership principles that’s how you get people who say it’s just not like it used to be last year so those two things I would say you have to do when you’re and. [1:01:17] You know in order to stay true to your roots the other ones you can you I would not recommend doing them all at once I think some of them are easy but sometimes our Journeys so no you don’t have to do them all at once but where we’ve seen it work in organizations and what I guess will receive a not work as if. That the head of the organization you know the CEO or if it’s a large company if it’s a you know Division if they’re not on board it’s probably not going to work you know if someone says hey I’m going to write narratives for the group and then the the. [1:01:52] PPR the CEO says yeah that’s great but just give me a PowerPoint when when you’re done with your narratives did then we’ll make the decision you know that’s it’s probably not going to work so I think you have to buy into some of these and principles and processes and they give them a chance to work at the right level. Jason: [1:02:11] That makes total sense Colin and that’s going to be a great place to leave it because it’s happened again we’ve used up all our allotted time. As always if folks have comments or questions they are welcome to follow up with us on our Facebook page or on Twitter. And as always if you enjoyed this episode we sure would appreciate it if you jump on the iTunes and give us that five star review. Scot: [1:02:34] Can we really appreciate you taking time out of your busy schedule to walk us through the book we strongly encourage readers to go not only by the book but read it like Jason I have we both thoroughly enjoyed it you got four thumbs up from us. Obviously you know Amazon carries the book so that’s the logical place to look and then if folks want to find you online do you pontificate about things or are you big on Twitter or SnapChat or inserting. Colin: [1:03:02] We have website working backwards.com so I’ll one word and you know that’s a good place to go to print out from there. Scot: [1:03:10] Awesome we really appreciate having having you on the show. Colin: [1:03:14] Thanks again for having me. Jason: [1:03:16] We really enjoyed it and until next time happy commercing.
It's our ONE HUNDREDTH EPISODE EXTRAVAGANZAAAAAAA!!! To celebrate, we brought in new and returning friends of the pod, Charlie Bell, Courtney Parker, Molly Seremet, Patrick Harris, and Sawyer Kemp to read Thomas Middleton's Yorkshire Tragedy in its entirety, purely for your listening pleasure. This week, you get your Summary, Taste of Text, and Tips and Tidbits all rolled into one ridiculous bout of reader's theatre, with a healthy dose of murder on top. We wouldn't want to celebrate the Big 100 any other way.
There wasn’t a lot that Charlie Bell couldn’t do on the basketball court. He could score, rebound, and defend. But above all, Charlie was a winner. To this day, he’s the winningest player in Michigan State history. In this episode, Charlie shares the lessons he learned from all of the great teams he was on.Charlie didn’t just understand the game – he understood what role he had to play. He’ll explain why that is a key element for any successful team.After nearly 2 decades as a player and a coach, Charlie decided to leave basketball behind for the business world. He explains why he made the move and how he’s using his skillset to help his new team win.
Ha estado volando por debajo del radar desde hace una década, pero Moncho López sigue siendo un gran entrenador y lo está demostrando en el FC Porto, donde lleva 11 temporadas. Allí ha sido capaz de llevar a su equipo desde tercera división portuguesa a ser campeón de liga, entre otros logros. Antiguo seleccionador nacional español y angoleño - no muchos entrenadores pueden presumir de ganar platas en EuroBasket y AfroBasket -, Moncho trajo a la Liga Endesa a jugadores como Charlie Bell y Pete Mickeal: ambos debutaron con él en el Breogán de Lugo. Hablamos del confinamiento, de su carrera como entrenador, contamos anécdotas y al final respondimos preguntas de la mano de GIGANTES del Basket. ¡Un episodio muy interesante para escuchar con calma en estos días difíciles y olvidarse un poco del confinamiento! #QuédateEnCasa
Charlie joins Jack to share memories of the 2000 NCAA championship run by Michigan State.
A conversation between Stuart Johnson, Director of the Careers Service, and Charlie Ball, Head of Higher Education Intelligence at Prospect discussing myths around the UK graduate jobs market, areas where more graduates are needed and the potential reasons behind this. This podcast was hosted by Stuart Johnson, Director of Careers at the University of Bristol and Charlie Bell of Prospects UK.
Write Club The Podcast | For Aspiring Writers, Published Authors & Readers Everywhere
We catch up with Mary Magdalene and interview Charlie Bell, co-creator of Eddy Nugent, author of "Picking Up The Brass", a hilarious look at what real life was really like in the British Army in the Eighties, focusing on the training experiences of young Eddy Nugent, and then briefly following him into the first years of his military service. Write Club The Podcast is a weekly show for aspiring writers, published authors and readers everywhere. Join Stephanie Rouse, Theresa Stoker, Heather Worsley , Linda Jackim Werlein, Pat Woolfe & Nicola Cairncross each week where they'll share celebrity guest author readings and interviews, along with what they're reading, what they're writing and what it's really like to be a writer. You can join in the weekly "Name the Novel" quiz and find out "What's On The Bedside Table?".
NBA is back/Super Teams/Tom Izzo HOF/KG Retires/Patriots Gets It Done Again/OBJ vs Josh Norman
OnMilwaukee.com Milwaukee Entertainment, Music, Sports and More podcast
OnMilwaukee.com Milwaukee Entertainment, Music, Sports and More podcast
OnMilwaukee.com Milwaukee Entertainment, Music, Sports and More podcast
© 2020-2025 Ivy Podcast Discovery LLC
