Podcasts about forgerock

Ping Identity helps some of the largest enterprises in the world secure the logins of their employees and customers, helping to keep systems secure, prevent fraud, and decrease friction as companies undergo their digital transformation. In this episode of Behind the Deal, Thoma Bravo Founder and Managing Partner, Orlando Bravo, and Partner, Chip Virnig, sit down with Ping Identity Founder & CEO, Andre Durand, to discuss the $2.8 billion take-private transaction and the strategic rationale behind combining Ping with ForgeRock to create a leading identity security platform for some of the world's largest organizations For more information on Thoma Bravo's Behind the Deal, visit https://www.thomabravo.com/behindthedeal Learn more about Thoma Bravo: https://www.thomabravo.com/ Visit Ping's website: https://www.pingidentity.com/en.html To learn more about listener data and our privacy practices visit: https://www.audacyinc.com/privacy-policy Learn more about your ad choices. Visit https://podcastchoices.com/adchoices

This is a raw and unfiltered conversation with the legendary Unicorn founder ($2.9B exit with ForgeRock) Lasse Andresen.Every founder in Scandinavia should listen to this.We talked about why Norwegian startups need to stop thinking small, lessons learned from an IPO at Nasdaq and from the painful early days without funding, what Norway's startup ecosystem needs to do to truly compete on the global stage, what Founders in Scandinavia should consider - and what the typical traps they fall into are.It's a punchy chat - A La Lasse - with tons of great stories, insights, and advice.We discussed:* Why Lasse only has a Plan A, never a Plan B* What it really takes to go from zero to unicorn* How he validated his idea before building anything* Why ForgeRock went horizontal instead of vertical niche* Hiring and Firing* How boards can slow you down if you're not careful* Why Norwegian startups need to think global from day one* What Norway's startup ecosystem need to do* Advice for Founders in Scandinavia* And more!I loved this conversation, and I'm sure you'll enjoy it too :)-----Brought to you by:Gnist - Gnist is a leading boutique consulting company in Norway that helps companies reach their full digital potential. Whether you are a developer, product lead, tech lead, or business leader - Gnist can help you with the tools and practices you may need. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit afonsofranco.substack.com

Our guest in this episode is Jon Gelsey. Jon was the first CEO of Auth0, a leading identity-as-a-service platform, which grew from 5 to 300 employees during his four years at the helm. Auth0 was acquired by Okta in February 2021 for $6.5B. After Auth0, Jon served as CEO of Xnor, a computer vision and machine learning spinoff of the Allen Institute. The company was acquired by Apple for ~$200M in January 2020. When Auth0 first started in 2013, there were already several authentication vendors in the market. Okta, ForgeRock, and OneLogin had all built considerable scale by the time Auth0 launched its product. Not only did Jon and the team build a successful company in a very crowded space, but they also did it their way. While all of Auth0's competitors were running a top-down GTM motion, Jon made a critical decision to adopt a bottom-up, product-led growth (PLG) strategy. Instead of relying on traditional marketing tactics for demand generation, Auth0 built an extensive content rollout plan to help drive inbound interest in the product. To date, Auth0 is the only PLG company in cybersecurity to achieve a multi-billion dollar exit. On Inside the Network, Jon talks about building go-to-market strategies, identifying the right buyer personas, and establishing success metrics for customer acquisition.  In addition to his experience as a serial entrepreneur, Jon worked on the M&A and strategy team at Microsoft from 2007 to 2014 where he led several acquisitions for the company. Jon shares the tips and tricks founders need to know to plan, negotiate, and successfully close acquisitions with potential buyers. 

In this episode of the Identity at the Center podcast, hosts Jeff and Jim engage in a lively discussion with Allan Foster, who shares his extensive journey in the identity and access management (IAM) space. Alan reminisces about his time starting ForgeRock in a London pub, the inception of the Digital Identity Advancement Foundation (DIAF), and his involvement in influential standards like SAML through the Liberty Alliance and Kantara. Alan also highlights the importance of privacy and decentralized identity, his legacy of encouraging inquisitive thinking, and a glimpse into his recent endeavors post-retirement. The episode wraps up with Alan's take on the IAM 'Mount Rushmore,' spotlighting influential figures in the industry. 00:00 Introduction and Casual Catch-Up 02:23 The CrowdStrike Outage Incident 03:41 Travel Woes and Airline Delays 04:47 Excitement for Today's Guest 05:35 Conference Partnerships and Discounts 07:44 Introducing Alan Foster 08:17 Alan Foster's Identity Journey 19:33 Founding of ForgeRock 22:09 The Evolution of ForgeRock 32:06 Involvement with Industry Groups 36:16 Resigning from the Presidency 37:04 The Impact of SAML on Identity 38:10 Trust Frameworks and Federations 40:28 Consumer Identity and Trust 42:41 Privacy and Decentralized Identity 46:24 Overrated Trends in Identity 48:00 IAM Mount Rushmore 53:58 Conferences and Community 58:18 Retirement and New Ventures 00:03 Legacy and Final Thoughts Connect with Allan: https://www.linkedin.com/in/allanfoster/ Digital Identity Advancement Foundation: https://diaf.link Attending Identity Week in Europe, America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Authenticate Conference - Use code IDAC15 for 15% off: https://authenticatecon.com/event/authenticate-2024-conference/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

In this episode of the Identity at the Center Podcast, hosts Jim McDonald and Jeff Steadman sit down with Patrick Harding, Chief Product Architect at Ping Identity, to discuss the fascinating intersection between AI and the IAM industry. They explore Harding's journey into the IAM industry, his view on the definition of AI, and dive into a thought-provoking conversation about the future of AI, its potential impacts on identity, and the importance of AI governance. They also touch on the Ping + ForgeRock product roadmap. Don't miss this insightful conversation! Connect with Patrick: https://www.linkedin.com/in/pharding/ Learn more about Ping Identity: https://www.pingidentity.com/ Identiverse 2024: As an IDAC listener, you can register with 25% off by using code IDV24-IDAC25 at https://events.identiverse.com/identiverse2024/register?code=IDV24-IDAC25 Attending the European Identity and Cloud Conference in Berlin? Use Discount Code: EIC24idac25 for 25% off. Register at https://www.kuppingercole.com/events/eic2024 Attending Identity Week in Europe, America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: Europe: https://www.terrapinn.com/exhibition/identity-week/ America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

In this episode of the Identity at the Center Podcast, guest Eve Maler, former CTO of ForgeRock and founder of Venn Factory join hosts Jim McDonald and Jeff Steadman. They catch up with Eve and discuss her work at Venn Factory, diving into the origins of the company's name. The episode also features listener voicemails, including one from David Strommer about the identity metasystem and another from Satish about the concept of identity fabric. As a blast from the past, the hosts revisit Eve's previous episode where she discussed the difference between digital identity and IAM. The episode wraps up with some lighthearted questions about aliens. Don't miss this insightful and engaging conversation with Eve Maler. Connect with Eve: https://www.linkedin.com/in/evemaler/ Learn more about Venn Factory: https://vennfactory.com/ Celebrate Your Technical Debit: https://www.linkedin.com/feed/update/urn:li:activity:7164050559711260673/ Identiverse 2024: As an IDAC listener, you can register with 25% off by using code IDV24-IDAC25 at https://events.identiverse.com/identiverse2024/register?code=IDV24-IDAC25 Attending Identity Week in Europe, America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: Europe: https://www.terrapinn.com/exhibition/identity-week/ America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

Isabel Botha, Head of Government and Healthcare at ForgeRock, joins Blair Crawford to discuss why passwords are so problematic, and pose such a serious security risk to organisations today. Plus the benefits and key considerations of passwordless authentication using biometrics.   Did you know Bill Gates predicted the demise of the password back in 2004?  “Bill Gates actually predicted the demise of the password back in 2004.” Why are we still using them 17 years later???  CREDITS   Host: Blair Crawford, Co-founder and Managing Director, Daltrey   Guests: Isabel Botha, Head of Government & Healthcare, ForgeRock  Producer: RadioHub Podcast Productions    WANT MORE IDENTITY NEWS?    Read our blog and subscribe to our newsletter   www.daltrey.com.au/blog/    Follow us on LinkedIn   www.linkedin.com/company/daltrey/    Follow us on Twitter   https://twitter.com/DaltreyID    LET'S CHAT    If you have press inquiries, a topic suggestion or want to be a guest on the show, email us at hello@daltrey.com     See omnystudio.com/listener for privacy information.

Rinki Sethit, CISO at BILL, discusses her journey in cybersecurity from roles at early cloud adopters like Intuit and Twitter to security vendors like Palo Alto Networks and ultimately to board roles at companies like ForgeRock.ABOUT RINKI: VP & CISO (CHIEF INFORMATION SECURITY OFFICER) Rinki is currently the Vice President and Chief Information Security Officer at BILL, where she will be leading the global information technology functions and is also responsible for leading efforts to protect BILL's information and technology assets and advice the company's continued innovations in the security space. Rinki Sethi brings decades of security and technology leadership expertise and was recently VP & CISO at Twitter and Rubrik Inc. Rinki has been at the forefront of developing cutting edge online security infrastructure at several Fortune 500 companies such as IBM, Palo Alto Networks, Intuit, eBay, Walmart.com, and PG&E. Rinki also serves on the board of ForgeRock, a public company in the identity and access management space and Vaultree, a data encryption company. Rinki holds several recognized security certifications and has a B.S. in Computer Science Engineering from UC Davis and a M.S. in Information Security from Capella University. Rinki has served on the development team for the ISACA book, “Creating a Culture of Security” by Stephen Ross and was the recipient of the “One to Watch” Award with CSO Magazine & Executive Women's Forum in 2014 and more recently the Senior Information Security Practitioner Award with ISC2 in 2018. Most recently, in 2023, she was recognized in Lacework's top 50 CISOs list. She led an initiative to develop the first set of national cybersecurity badges and curriculum for the Girl Scouts of USA. Rinki serves as a mentor for many students and professionals.SPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube

In this episode of the Identity at the Center Podcast recorded live at the Identity Week America 2023 conference, Jeff is joined by guest co-host Ian Glazer of Weave Identity and Steve Hutchison, Director of Security Architecture at the Mitsubishi Bank of Tokyo. The main topics discussed include Hutch's entry into the field of identity and his role as a director of security architecture, his involvement with IDPro along with Ian, the panels at Identity Week America, the latest happenings with Ping and ForgeRock, predictions for big acquisitions, the direction of Microsoft Entra, and the current buzz surrounding IDPro, including a discussion on the upcoming CIAM BOK article written by Ian. The episode concludes on a lighter note with Hutch educating us about Dungeons & Dragons. Connect with Hutch: https://www.linkedin.com/in/sehutchinson/ Connect with Ian: https://www.linkedin.com/in/iglazer/ Weave Identity: https://weaveidentity.com/ IDPro: https://idpro.org/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

This week, we discuss Netflix's DVD deprecation, the remote work debate, and how to fork an open-source project. Plus, thoughts on why Europe needs more ice. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=lFr-ysPYxnA) 431 (https://www.youtube.com/watch?v=lFr-ysPYxnA) Runner-up Titles Try Harder It's a necessary luxury Someone's drinking too much water here A culture of ice Where are the high performers, at home or at work Quit using your Gmail address Thou shalt export to CSV Rundown Netflix Says You Can Keep Their DVDs (and Request More, Too) (https://www.nytimes.com/2023/08/24/arts/netflix-dvds.html?smid=nytcore-ios-share&referringSource=articleShare) Zoom's CEO thinks Zoom sucks for building trust, leaked audio reveals (https://arstechnica.com/tech-policy/2023/08/leaked-audio-reveals-zoom-ceo-believes-its-hard-to-build-trust-on-zoom/) Meta is back in the office three days a week, as WFH continues to die (https://www.theverge.com/2023/9/5/23860073/meta-return-to-office-three-days-wfh-work-from-home) Can you trust 'open source' companies? (https://www.theregister.com/2023/08/18/opinion_column/) OpenTF created a fork of Terraform! (https://opentf.org/announcement) OpenTF pulls the trigger on its open-source Terraform fork (https://opensourcewatch.beehiiv.com/p/opentf-pulls-trigger-opensource-terraform-fork) Relevant to your Interests VMware's future: Navigating multicloud complexity and generative AI (https://siliconangle.com/2023/08/19/vmwares-future-navigating-multicloud-complexity-generative-ai-broadcoms-wing/) VMware Tanzu portfolio reshuffled ahead of Broadcom close | TechTarget (https://www.techtarget.com/searchitoperations/news/366549332/VMware-Tanzu-portfolio-reshuffled-ahead-of-Broadcom-close) Nvidia's blowout offers a giddy whiff of 1995 (https://www.axios.com/newsletters/axios-ai-plus-937b329c-8072-4f8a-a5d6-1039a0e794a5.html?chunk=0&utm_term=emshare#story0) Announcing AWS Dedicated Local Zones (https://aws.amazon.com/about-aws/whats-new/2023/08/aws-dedicated-local-zones/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) Top Ten social media platforms we spend the most time on (https://www.traveldailymedia.com/top-ten-social-media-platforms-we-spend-the-most-time-on/) Max will launch a 24/7 CNN stream for all subscribers next month (https://www.theverge.com/2023/8/24/23844121/cnn-max-warnerbros-discovery-news) Meta launches own AI code-writing tool: Code Llama (https://www.theverge.com/2023/8/24/23843487/meta-llama-code-generation-generative-ai-llm?stream=top) As TikTok Ban Looms, ByteDance Battles Oracle For Control Of Its Algorithm (https://www.forbes.com/sites/emilybaker-white/2023/08/24/tiktok-ban-oracle-bytedance-algorithm-fight/?sh=6cf5105e3ef0) Slack's Migration to a Cellular Architecture - Slack Engineering (https://slack.engineering/slacks-migration-to-a-cellular-architecture/) The Cloud 100 2023 (https://www.forbes.com/lists/cloud100/) Data isn't everything. Judgement counts too. (https://www.tiktok.com/t/ZT8YFUFju/) Amazon Elastic Block Store at 15 Years (https://perspectives.mvdirona.com/2023/08/amazon-elastic-block-store-at-15-years/?ck_subscriber_id=512840665) Instacart is the Best and Worst Grocery Business Imaginable (https://www.thediff.co/archive/instacart-is-the-best-and-worst-grocery-business-imaginable/) Amazon CEO Andy Jassy tells employees it's 'past' time to commit to the company's RTO mandate and their jobs are at stake (https://www.businessinsider.com/amazon-andy-jassy-rto-office-policy-employee-jobs-2023-8?op=1) Duet AI, Google's AI assistant suite, expands across Google Cloud (https://techcrunch.com/2023/08/29/duet-ai-googles-ai-assistant-suite-expands-across-google-cloud/) Halloween creeps a little closer: Seasonal supply chains accelerate (https://www.spglobal.com/marketintelligence/en/mi/research-analysis/halloween-creeps-closer-seasonal-supply-chains-accelerate.html) What's new with GKE at Google Cloud Next | Google Cloud Blog (https://cloud.google.com/blog/products/containers-kubernetes/whats-new-with-gke-at-google-cloud-next) Duet AI in Google Cloud Preview | Google Cloud Blog (https://cloud.google.com/blog/products/ai-machine-learning/duet-ai-in-google-cloud-preview) What's new in Oracle to PostgreSQL database migrations with DMS | Google Cloud Blog (https://cloud.google.com/blog/products/databases/whats-new-in-oracle-to-postgresql-database-migrations-with-dms) US AI startup Poolside raises $126m seed round and relocates to France (https://sifted.eu/articles/poolside-raises-126m-relocated-france-news) Ping, ForgeRock, Thoma Bravo, the power of open source, and the madness of IAM (https://callmeleach.substack.com/p/ping-forgerock-thoma-bravo-the-power?utm_medium=web) Thoma Bravo Completes Acquisition of ForgeRock; Combines ForgeRock into Ping Identity (https://www.prnewswire.com/news-releases/thoma-bravo-completes-acquisition-of-forgerock-combines-forgerock-into-ping-identity-301908059.html) Interoperability between Google Chat and other messaging platforms — powered by Mio (https://workspaceupdates.googleblog.com/2023/08/goolge-chat-slack-interoperability-mio.html) Broadcom boss dismisses notion China could derail VMware buy (https://www.theregister.com/2023/09/01/broadcom_vmware_nutanix_results/) Microsoft blames outage on small staff, automation failures (https://www.theregister.com/2023/09/04/microsoft_australia_outage_incident_report/) Amazon QuickSight adds scheduled and programmatic export to Excel format (https://aws.amazon.com/about-aws/whats-new/2023/08/amazon-quicksight-scheduled-programmatic-export-excel-format/?ck_subscriber_id=512840665) Google unveils AI tools for enterprise customers at $30 a month (https://www.reuters.com/technology/google-unveil-ai-tools-corporate-gmail-customers-30-month-wsj-2023-08-29/) Chip design firm Arm seeks up to $52 billion valuation in blockbuster U.S. IPO (https://www.cnbc.com/2023/09/05/chip-design-firm-arm-sets-share-price-between-47-and-51-for-blockbuster-us-ipo.html) Birmingham City Council goes under after Oracle disaster (https://www.theregister.com/2023/09/05/birmingham_city_council_oracle/?s=08) IBM Introduces 'Watsonx Your Business' (https://finance.yahoo.com/news/ibm-introduces-watsonx-business-160000392.html) Meta May Allow Instagram, Facebook Users in Europe to Pay and Avoid Ads (https://www.nytimes.com/2023/09/01/technology/meta-instagram-facebook-ads-europe.html?smid=nytcore-ios-share&referringSource=articleShare) Announcing Kubecost Cloud in General Availability: The Easiest Way to Optimize Your Kubernetes Costs (https://blog.kubecost.com/blog/kubecost-cloud-general-availability/) Platform Engineering - What You Need To Know Now (https://tanzu.vmware.com/content/ebooks/platformengineering-whatyouneedtoknownow?utm_source=cote&utm_campaign=devrel&utm_medium=newsletter&utm_content=newsletter20230830) The lifespans of technological adoptions in the US (http://www.asymco.com/2022/01/10/the-lifespans-of-technological-adoptions-in-the-us/) Introducing ONCE (https://once.com/) Nonsense The fight for the right to repair McFlurry machines (https://www.morningbrew.com/daily/stories/2023/08/31/the-fight-for-the-right-to-repair-mcflurry-machines) Delta Airlines Offers Woman $1,800 After Losing Her Dog (https://www.yahoo.com/entertainment/delta-airlines-offers-woman-1-142849291.html) Conferences Sep 18th to 19th SHIFT (https://shift.infobip.com/) in Zadar, Coté speaking. October 6, 2023, KCD Texas 2023 (https://community.cncf.io/events/details/cncf-kcd-texas-presents-kcd-texas-2023/), CFP Closes: August 30, 2023 November 6-9, 2023, KubeCon NA (https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/), SDT's a sponsor, Matt's there November 6-9, 2023 VMware Explore Barcelona (https://www.vmware.com/explore/eu.html), Coté's attending Jan 29, 2024 to Feb 1, 2024 That Conference Texas (https://that.us/events/tx/2024/schedule/) If you want your conference mentioned, let's talk media sponsorships. SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Get a SDT Sticker! Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us: Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), Mastodon (https://hachyderm.io/@softwaredefinedtalk), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk), Threads (https://www.threads.net/@softwaredefinedtalk) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Use the code SDT to get $20 off Coté's book, Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: JUST ONE MILE | Official Trailer (https://www.youtube.com/watch?v=80V5o06yEZ4) Matt: Deadloch (https://www.imdb.com/title/tt14671678/) Coté: Rick Rubin interviews Rory Sutherland (https://www.youtube.com/watch?v=VnYlChfORRw). I doubt much of the airport business book stuff in here is “true,” but that's sort of the whole point, and it's fantastic listening. His book (https://amzn.to/462Mvov) Alchemy (https://amzn.to/462Mvov) has a great one word review right there in the title. But, again: it's fun! When you've listened to too much If Books Could Kill (https://en.wikipedia.org/wiki/If_Books_Could_Kill) you can check in on Rory if you need to take the cure (https://idioms.thefreedictionary.com/take+the+cure). Photo Credits Header (https://unsplash.com/photos/PsBTqRHVilU) Artwork (https://labs.openai.com/e/bKjqW8kPJyI2wuzBA0FogiKb/UJeLhuIFmvkrNFbfcCc4jE29)

Welcome to another illuminating episode of Tech Talks Daily Podcast. I sit down with Fran Rosch, the visionary CEO of ForgeRock, a global leader in digital identity management. With a radical transformation on the horizon, Fran sheds light on the pressing challenges and monumental opportunities in enterprise identification management. Having previously been at the helm of Symantec's $2B+ Consumer Digital Safety segment, Fran brings two decades of rich industry experience to the table. In this episode, Fran takes listeners through a historical overview of how authentication has evolved over the past 20 years, punctuating the narrative with intriguing insights. Has technology really moved the needle, or are we stuck in a quagmire of incremental advancements? With solutions like self-service options and biometrics, Fran argues we're on the cusp of a passwordless future. But is the industry ready for it? Are we, as users, prepared for such a monumental shift? As we delve deeper into the realm of identity management, we discuss the far-reaching challenges and opportunities for organizations and governments in an ever-connected world. With identities numbering in the millions, perhaps billions, Fran casts a lens on the complexities of scale, specifically in the context of AI and IoT. We then explore why, despite notable technological advances, flawed passwords continue to be the Achilles heel of digital identity management. Is it inertia, or is it a complex web of technological, social, and economic factors? Fran paints a vivid picture of the challenges surrounding technology adoption and change management, especially when it comes to passwordless authentication. He emphasizes the urgency for companies to transition to new identity solutions—not just to stay competitive, but also to improve user experiences, both for consumers and within the enterprise. This episode is a must-listen for anyone intrigued by the future of digital identity, AI, and the ever-evolving technological landscape. From C-suite executives to tech enthusiasts, there are actionable insights and thought-provoking discussions that promise to keep you engaged from start to finish. Tune in and prepare to rethink what you know about passwords and digital identity.

Covid forced federal organizations to move to the cloud. Federal leaders discovered a confusing world of multi-clouds, public cloud, private cloud, and even hybrid cloud. We have even seen federal systems using cloud tools to manage premises applications and data. There is one constant variable:  an organization must be able to identify users. Years before Covid, this was a small, isolated field of knowledge. However, the complex nature of the cloud has forced system administrators to gain an understanding of the identity ecosystem.  One crucial aspect of that ecosystem is identity management. Companies have had to adapt to the demands that include scalability, user experience improvement, and rapidly changing security compliance requirements. This is an interview with Tommy Cathey from ForgeRock. He has deep knowledge of the whole identity management lifecycle and carefully explains to listeners the many aspects of identity. He gives a clear and cogent explanation of governance, access management, identity proofing, and even point access management. One way to gain a better grasp of this field is to read the recent called ForgeRock Identity Breach Report. Combine this with the detailed federal section of the ForgeRock website, you will get a handle on complex terms like decentralized identity and federated identity. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn  https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast  www.federaltechpodcast.com  

US futures are indicating a flat to slightly lower open as of 04:45 ET. Broad strength in Asia overnight with the Hang Seng outperforming as the PBoC announced an extension of lending support to the real estate sector. European equity markets are trading firmer early in their sessions. Some focus on UK labor market data. Companies Mentioned: Thoma Bravo, ForgeRock, Renault, Geely

Charles Moldow, a general partner at Foundation Capital, shares his remarkable journey from being a Wall Street analyst to becoming an entrepreneur and eventually transitioning into his current role as an investor over two decades ago. His captivating anecdotes leave you eager for more, whether he's recounting stories about his father's wisdom on the internet or recalling a memorable encounter with an exceptional entrepreneur. Charles also delves into the exciting market trends within insurtech and offers valuable insights into the areas to focus attention for fruitful opportunities.In this episode, you'll learn:[2:20] Charles Moldow's early entrepreneurial ventures during the dynamic evolution of the internet.[7:58] The role of a VC in sometimes discouraging founders to protect them from their own pitfalls.[13:01] The revealing nature of a founder's personal life story, showcasing their unique abilities.[19:54] "Don't prepare to impress me. Just share your authentic truth." - Charles Moldow[23:43] The importance for entrepreneurs to explore the vast array of promising opportunities for leveraging technology in the insurance industry.The non-profit organization that Charles is passionate about: safespaceAbout Charles MoldowCharles Moldow is a general partner at Foundation Capital. At Foundation, he identifies technology trends and new user experiences that will change the financial services landscape. His thesis investing has him focused on fintech, insurtech and proptech opportunities with a crypto overlay to everything he evaluates. Since he joined Foundation Capital in 2005, he's made seventeen successful investments, five of which have gone public and twelve have been acquired. Charles' public portfolio includes early-stage investments that have led to notable IPOs with DOMA (IPO 2021), Rover (IPO 2021), LendingClub (IPO 2014), OnDeck (IPO 2014) and Everyday Health (2014). Fun fact: Charles moonlights as AAA Little League coach and family vacation planner.Learn more about Charles here.About Foundation CapitalFoundation Capital is a Silicon Valley-based early-stage venture capital firm that's dedicated to the proposition that one entrepreneur's idea, with the right support, can become a business that changes the world. The firm is made up of former entrepreneurs who set out to create the firm they wanted as founders. Foundation Capital is currently invested in more than 60 high-growth ventures in the areas of consumer, information technology, software, digital energy, financial technology, and marketing technology. These investments include AdRoll, Beepi, Bolt Threads, DogVacay, Kik, ForgeRock, Lending Home, Localytics, and Visier. The firm's twenty-six IPOs include Lending Club, OnDeck, Chegg, Sunrun, MobileIron, Control4, TubeMogul, Envestnet, Financial Engines, Netflix, NetZero, Responsys and Silver Spring Networks.Subscribe to our podcast and stay tuned for our next episode. Follow Us:  Twitter | Linkedin | Instagram | Facebook

Going passwordless will give both organizations and consumers a better online experience. It will also help to mitigate phishing attacks, which are a growing problem, by adding an extra layer of security to user identity. We speak to David Hope, Senior Vice President - Asia-Pacific & Japan, ForgeRock more about this.See omnystudio.com/listener for privacy information.

Enterprises are struggling to manage and reduce their organizational attack surface, especially with a shortage of skilled staff. Find out how some security executives are tackling this challenge by automating their IT and vulnerability management. This segment is sponsored by Syxsense. Visit https://securityweekly.com/syxsensersac to learn more about them!   Cars have evolved from a physical mode of transportation to a digitized experience, bringing with it new risks and challenges in security, privacy and user experience. Putting identity at the center of the connected world solves simplicity and safety challenges, including physical safety, digital security and data privacy. Furthermore, decentralized identity plays a major role in a better, more secure seamless experience – not just for vehicles, but for society at large. This segment is sponsored by ForgeRock. Visit https://securityweekly.com/forgerockrsac to learn more about them!   There is a war on trust in the digital world, and people are caught in the crosshairs. Everywhere we look, there are identity risks with crippling repercussions for businesses, whether fake people, fake content, or insecure web links. With the rise of generative AI tools in business, threat actors are utilizing these technologies to create more sophisticated phishing emails – mimicking brands and tone or more easily translating copy into several languages making them more difficult to identify and easily connecting hackers with global audiences. Now is the time to implement solutions that empower a connected thread of trust between businesses and users – before all trust is lost. This segment is sponsored by OneSpan. Visit https://securityweekly.com/onespanrsac to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw318 

Enterprises are struggling to manage and reduce their organizational attack surface, especially with a shortage of skilled staff. Find out how some security executives are tackling this challenge by automating their IT and vulnerability management. This segment is sponsored by Syxsense. Visit https://securityweekly.com/syxsensersac to learn more about them!   Cars have evolved from a physical mode of transportation to a digitized experience, bringing with it new risks and challenges in security, privacy and user experience. Putting identity at the center of the connected world solves simplicity and safety challenges, including physical safety, digital security and data privacy. Furthermore, decentralized identity plays a major role in a better, more secure seamless experience – not just for vehicles, but for society at large. This segment is sponsored by ForgeRock. Visit https://securityweekly.com/forgerockrsac to learn more about them!   There is a war on trust in the digital world, and people are caught in the crosshairs. Everywhere we look, there are identity risks with crippling repercussions for businesses, whether fake people, fake content, or insecure web links. With the rise of generative AI tools in business, threat actors are utilizing these technologies to create more sophisticated phishing emails – mimicking brands and tone or more easily translating copy into several languages making them more difficult to identify and easily connecting hackers with global audiences. Now is the time to implement solutions that empower a connected thread of trust between businesses and users – before all trust is lost. This segment is sponsored by OneSpan. Visit https://securityweekly.com/onespanrsac to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw318 

This week, we discuss fundings, acquisitions (TWO DSPM exits!), the ongoing market downturn/weirdness, and surprise - LLM-based AIs! We spend a fair amount of time talking about the importance of breach transparency - we need to be able to learn from others' failures to improve our own defenses. We also discuss the inevitable 'One App To Rule them All' that will serve as an all-knowing personal assistant. It will integrate with all our comms, calendars, and notes, which will be scary and fraught with privacy and security issues. But Tyler and Adrian still yearn for it, as their pre-frontal cortexes become increasingly dulled by scotch and beer.   Enterprises are struggling to manage and reduce their organizational attack surface, especially with a shortage of skilled staff. Find out how some security executives are tackling this challenge by automating their IT and vulnerability management. This segment is sponsored by Syxsense. Visit https://securityweekly.com/syxsensersac to learn more about them!   Cars have evolved from a physical mode of transportation to a digitized experience, bringing with it new risks and challenges in security, privacy and user experience. Putting identity at the center of the connected world solves simplicity and safety challenges, including physical safety, digital security and data privacy. Furthermore, decentralized identity plays a major role in a better, more secure seamless experience – not just for vehicles, but for society at large. This segment is sponsored by ForgeRock. Visit https://securityweekly.com/forgerockrsac to learn more about them!   There is a war on trust in the digital world, and people are caught in the crosshairs. Everywhere we look, there are identity risks with crippling repercussions for businesses, whether fake people, fake content, or insecure web links. With the rise of generative AI tools in business, threat actors are utilizing these technologies to create more sophisticated phishing emails – mimicking brands and tone or more easily translating copy into several languages making them more difficult to identify and easily connecting hackers with global audiences. Now is the time to implement solutions that empower a connected thread of trust between businesses and users – before all trust is lost. This segment is sponsored by OneSpan. Visit https://securityweekly.com/onespanrsac to learn more about them!   Semperis CEO Mickey Bresman sits down with SC Magazine to share practical steps for improving Active Directory resilience in the face of escalating cyberattacks, using real-world examples. With cybercrime costs projected to reach $8 trillion in 2023 and AD being the top target for attackers, organizations must prepare to detect, respond, and recover from AD-based attacks. Learn how InfoSec and IAM teams can operationalize the Gartner "top trending" topic of identity threat detection and response (ITDR) to ward off attackers and take back the advantage. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them!   Today's CISOs are laser focused on three imperatives: reducing risk; reducing operational costs, and attracting or retaining top talent. All three priorities are driven by creating a better SOC analyst experience which translates to less time to detect and respond to an attack. In this discussion, we'll uncover how Extended Detection & Response (XDR) can drastically improve the SOC analyst experience and alleviate CISOs' top challenges. This segment is sponsored by VMware. Visit https://securityweekly.com/vmwarecarbonblackrsac to learn more about them!   While emerging cyber threats and vulnerabilities tend to dominate headlines, criminals often exploit known vulnerabilities to gain access to critical systems and data for nefarious purposes. And with the number of vulnerabilities rising constantly, they can pose significant risk to organizations, especially if defenders don't know which ones are critical. Learn how Expel is helping to pull back the curtain on how organizations can more effectively prioritize their most critical vulnerabilities. This segment is sponsored by Expel. Visit https://securityweekly.com/expelrsac to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw318 

This week, we discuss fundings, acquisitions (TWO DSPM exits!), the ongoing market downturn/weirdness, and surprise - LLM-based AIs! We spend a fair amount of time talking about the importance of breach transparency - we need to be able to learn from others' failures to improve our own defenses. We also discuss the inevitable 'One App To Rule them All' that will serve as an all-knowing personal assistant. It will integrate with all our comms, calendars, and notes, which will be scary and fraught with privacy and security issues. But Tyler and Adrian still yearn for it, as their pre-frontal cortexes become increasingly dulled by scotch and beer.   Enterprises are struggling to manage and reduce their organizational attack surface, especially with a shortage of skilled staff. Find out how some security executives are tackling this challenge by automating their IT and vulnerability management. This segment is sponsored by Syxsense. Visit https://securityweekly.com/syxsensersac to learn more about them!   Cars have evolved from a physical mode of transportation to a digitized experience, bringing with it new risks and challenges in security, privacy and user experience. Putting identity at the center of the connected world solves simplicity and safety challenges, including physical safety, digital security and data privacy. Furthermore, decentralized identity plays a major role in a better, more secure seamless experience – not just for vehicles, but for society at large. This segment is sponsored by ForgeRock. Visit https://securityweekly.com/forgerockrsac to learn more about them!   There is a war on trust in the digital world, and people are caught in the crosshairs. Everywhere we look, there are identity risks with crippling repercussions for businesses, whether fake people, fake content, or insecure web links. With the rise of generative AI tools in business, threat actors are utilizing these technologies to create more sophisticated phishing emails – mimicking brands and tone or more easily translating copy into several languages making them more difficult to identify and easily connecting hackers with global audiences. Now is the time to implement solutions that empower a connected thread of trust between businesses and users – before all trust is lost. This segment is sponsored by OneSpan. Visit https://securityweekly.com/onespanrsac to learn more about them!   Semperis CEO Mickey Bresman sits down with SC Magazine to share practical steps for improving Active Directory resilience in the face of escalating cyberattacks, using real-world examples. With cybercrime costs projected to reach $8 trillion in 2023 and AD being the top target for attackers, organizations must prepare to detect, respond, and recover from AD-based attacks. Learn how InfoSec and IAM teams can operationalize the Gartner "top trending" topic of identity threat detection and response (ITDR) to ward off attackers and take back the advantage. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them!   Today's CISOs are laser focused on three imperatives: reducing risk; reducing operational costs, and attracting or retaining top talent. All three priorities are driven by creating a better SOC analyst experience which translates to less time to detect and respond to an attack. In this discussion, we'll uncover how Extended Detection & Response (XDR) can drastically improve the SOC analyst experience and alleviate CISOs' top challenges. This segment is sponsored by VMware. Visit https://securityweekly.com/vmwarecarbonblackrsac to learn more about them!   While emerging cyber threats and vulnerabilities tend to dominate headlines, criminals often exploit known vulnerabilities to gain access to critical systems and data for nefarious purposes. And with the number of vulnerabilities rising constantly, they can pose significant risk to organizations, especially if defenders don't know which ones are critical. Learn how Expel is helping to pull back the curtain on how organizations can more effectively prioritize their most critical vulnerabilities. This segment is sponsored by Expel. Visit https://securityweekly.com/expelrsac to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw318 

As businesses increase their digital estate, insider theft poses an increasingly large risk. Whether it's through malicious parties gaining access to crucial systems and data or employees stealing information to which they should never have had access, firms should be considering these scenarios carefully.This has been exacerbated by the economic climate, with layoffs and a greater reliance on third-party individuals leading to a lack of oversight and cohesion when it comes to access management. Stolen credentials or over-provisioned contractors can be the first crack in the armour for any business.In this episode, Rory speaks to Fran Rosch, CEO of digital identity specialist ForgeRock, about the pressing need for better scrutiny of third parties and how companies can control systems access through identity governance.

A wormable version of the PlugX USB malware is found. Compromised webcams as a security threat. Emotet botnet out of hibernation. Proof-of-concept: AI used to generate polymorphic keylogger. Turning to alternatives as conventional tactics fail. Dave Bittner speaks with Eve Maler of ForgeRock to discuss how digital identity can help create a more secure connected car experience. Johannes Ullrich from SANS on configuring a proper time server infrastructure. And Phishing messages via legitimate Google notifications. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/46 Selected reading. A border-hopping PlugX USB worm takes its act on the road (Sophos News) BitSight identifies thousands of global organizations using insecure webcams and other IoT devices, finding many susceptible to eavesdropping (BitSight)  Emotet malware attacks return after three-month break (BleepingComputer) BlackMamba: Using AI to Generate Polymorphic Malware (HYAS)  Russian Cyberwar in Ukraine Stumbles Just Like Conventional One (Bloomberg) Australian official demands Russia bring criminal hackers ‘to heel' (The Record by Recorded Future) Russia will have to rely on nukes, cyberattacks, and China since its military is being thrashed in Ukraine, US intel director says (Business Insider)  BEC 3.0 - Legitimate Sites for Illegitimate Purposes  (Avanan)

Jim and Jeff talk with Eve Maler, Chief Technology Officer at ForgeRock, about trust within the context of identity and access management (IAM) and discuss that trust in three different areas: trust in the practice of IAM, trust and bias, and trust in IAM vendors. Connect with Eve: https://www.linkedin.com/in/evemaler Learn more about ForgeRock: https://www.forgerock.com/ ForgeRock Community - CTO Lounge: https://community.forgerock.com/c/cto-lounge/6 Explain AI: https://explainai.org/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

In this milestone episode, Raj Hegde sits with Lasse Andresen – Founder and CEO of IndyKite to explore company building, the metaverse, and identity applications beyond security. Tune in to this episode to learn about Lasse’s inspiring journey since founding ForgeRock, his playbook for building dynamic teams from scratch, and his thoughts on where the identity ecosystem is heading. All of this and much more on episode 10 of the Frontier Talk podcast!

In this month's Investing in Identity series, we discuss Thoma Bravo's incredible sequence of deals and buying their third identity company this year. The agenda includes: Thoma Bravo breaking ground and forging a new path for the private equity investing playbook as they take three identity access management companies private. In April they acquired SailPoint for $6.9B, in August they snagged PingIdentity for $2.8B, and most recently acquired ForgeRock for $2.3B.

Pushpendra Mehta meets with Craig Jeffery, Managing Partner of Strategic Treasurer, and Jack Large, Editor of CTMfile, to review the latest treasury news and developments. Topics of discussion include the following: Mastercard launches a cloud-based analytics platform JPMorgan and Visa connect their private blockchain networks for cross-border payments Citi introduces 24/7 clearing for cross-border payments all days, including holidays Thoma Bravo acquiring software firm ForgeRock in a US$2.3 billion deal BNP Paribas buying automated currency risk management firm Kantox After looting over US$3 billion, crypto hackers set for a record year Sharp jump in UK fraud cases sparks warning of ‘national security threat'

Há mais de 20 anos o assunto "migrar para a nuvem" está em pauta entre pequenas, médias e grandes empresas. Mas, com tantos ataques, com tantos riscos surgindo todos os dias, como, de fato, fazer isso de forma segura? Quais os principais desafios hoje na migração para a nuvem e quais tecnologias garantem uma transição mais bem sucedida para a cloud? Quem responde essas e muitas outras perguntas é a Country Manager da ForgeRock, Carolina Bozza que bate um super papo com o nosso especialista em cibersegurança, André Pastre no Safetalks. Confira!

This week we discuss Platform Engineering and compare the Microsoft Ignite and Google Cloud Next Keynotes. Plus, some thoughts on legs in the Metaverse. Watch the YouTube Live Recording of Episode 381. (https://www.youtube.com/watch?v=sxsNTYXt0Nw) Runner-up Titles It's on brand I wish I could see Brandon's legs Running VM's in the meta verse They were so busy seeing if they could get VR to work that they didn't ask if they should. Basically, VR is for seeing through walls, including walls of flesh. Lifehacks disrupting VC They've got legs Draw a Triangle Rundown Platform Engineering The Future of Ops Is Platform Engineering (https://www.honeycomb.io/blog/future-ops-platform-engineering) Platform Engineering, DevOps, and Cognitive Load: a Summary of Community Discussions (https://www.infoq.com/news/2022/10/platform-devops-summary/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=global) What Is Platform Engineering? (https://www.gartner.com/en/articles/what-is-platform-engineering) Coté's Slack Message (https://softwaredefinedtalk.slack.com/archives/C6CDLDCVB/p1665297229292149) Google Cloud Next Exclusive: Google touts cloud deal with Ford (https://www.axios.com/newsletters/axios-login-46ce6adb-537e-42cc-91ba-a8cfce2e6af6.html?chunk=2&utm_term=emshare#story2) What's next for digital transformation in the cloud (https://cloud.google.com/blog/topics/google-cloud-next/whats-next-for-digital-transformation-in-the-cloud?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioscodebook&stream=top) Introducing Software Delivery Shield for end-to-end software supply chain security (https://cloud.google.com/blog/products/devops-sre/introducing-software-delivery-shield-from-google-cloud) Cloud Workstations | Google Cloud (https://cloud.google.com/workstations) 9 out of 10 banks still use mainframes. Google Cloud wants to reduce that. (https://www.protocol.com/enterprise/google-cloud-dual-run-mainframe) MSFT Ignite (https://ignite.microsoft.com/en-US/home) Relevant to your Interests AMD missed Q3 revenue numbers by $1B (https://twitter.com/Carnage4Life/status/1578129189534060544) ServiceNow Acquires Era Software to Unify Observability (https://devops.com/servicenow-acquires-era-software-to-unify-observability/) Walmart blazes trails with its enterprise ‘supercloud' (https://siliconangle.com/2022/10/05/walmart-blazes-trails-enterprise-supercloud/) Is Nomad taking over Kubernetes? (https://vinothkumar-p.medium.com/is-nomad-taking-over-kubernetes-70d7418d3464) Meet Fizz, the social app downloaded by '95% of Stanford undergrads' (https://techcrunch.com/2022/10/04/fizz-app-college-stanford-social/) Register to secure your seat to join us at the exclusive premiere of Clouded - Uncovering The Culture Of Cloud. Autumn 2022 (https://clouded.consciouslyhybrid.com/#trailer) I Watched the Coinbase Documentary So You Don't Have To (https://newsletters.theatlantic.com/galaxy-brain/6344df6ab606fe0037676d4a/i-watched-the-coinbase-documentary-so-you-dont-have-to/) Confidential Containers brings TEE support to Kubernetes (https://www.theregister.com/2022/10/10/confidential_containers_encrypted_k8s/) All YouTube users will soon have an account handle — but some will get to pick theirs earlier (https://www.theverge.com/2022/10/10/23392552/youtube-unique-handle-rollout-shorts-comment-mentions-tiktok) From cloud security to code security: why we've raised $25M to take on OSS dependency sprawl (https://www.endorlabs.com/blog/story-of-endorlabs) ForgeRock, Thoma Bravo in Deal for $23.25 a Share (https://www.marketwatch.com/story/forgerock-thoma-bravo-in-deal-for-23-25-a-share-271665492762) Meta announces legs (https://techcrunch.com/2022/10/11/meta-announces-legs/) White House to unveil ambitious cybersecurity labeling effort modeled after Energy Star (https://www.cyberscoop.com/white-house-to-unveil-internet-of-things-labeling/) High-profile failures Twitter Thread (https://twitter.com/warren_craddock/status/1579532951624175616?s=20&t=rIheTRCjdnjI-15LKiPmvg) It's 2021 and USB-C is still a mess (https://www.androidauthority.com/state-of-usb-c-870996/) Intel Plans Thousands of Job Cuts in Face of PC Slowdown (https://www.bloomberg.com/news/articles/2022-10-11/intel-is-planning-thousands-of-job-cuts-in-face-of-pc-slowdown) The AI-generated podcast. (http://podcast.ai) Meta unveils high-end Quest Pro VR headset (https://www.axios.com/2022/10/11/meta-unveils-high-end-quest-pro-vr-headset?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioslogin&stream=top) New Metaverse Dreams and Old Metaverse Questions (https://sharptech.fm/member/episode/new-metaverse-dreams-and-old-metaverse-questions) Nonsense Adafruit's Cheekmate gets to the bottom (ahem) of chess cheating controversy (https://arstechnica.com/gaming/2022/10/adafruits-cheekmate-gets-to-the-bottom-ahem-of-chess-cheating-controversy/?utm_source=nextdraft&utm_medium=email) Demanding employees turn on their webcams is a human rights violation, Dutch Court rules (https://techcrunch.com/2022/10/09/ixnay-on-the-webcams/) Clam-O-Naise® by Cards Against Humanity (https://www.clams.lol/) Rollercoasters trigger iPhone 14 crash detection (https://ia.acs.org.au/content/ia/article/2022/rollercoasters-trigger-iphone-14-crash-detection.html) Listener Feedback Pat Gelsinger interivew on Decorder (https://www.theverge.com/2022/10/4/23385652/pat-gelsinger-intel-chips-act-ohio-manufacturing-chip-shortage) COIN: A Founder's Story (https://www.youtube.com/watch?v=OXK5XKSxD1E) Migrating from Heroku to Code-Engine (https://www.youtube.com/watch?v=01g1QSjYDa0) Conferences KubeCon North America (https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/), Detroit, Oct 24 – 28, 2022 SpringOne Platform (https://springone.io/?utm_source=cote&utm_medium=podcast&utm_content=sdt), SF, December 6–8, 2022 THAT Conference Texas Call For Counselors (https://that.us/call-for-counselors/tx/2023/) Jan 16-19, 2023 CloudNativeSecurityCon North America (https://events.linuxfoundation.org/cloudnativesecuritycon-north-america/), Seattle, Feb 1 – 2, 2023 Sponsors Teleport — The easiest, most secure way to access infrastructure. (https://goteleport.com/?utm_campaign=eg&utm_medium=partner&utm_source=sdt) SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Get a SDT Sticker! Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us on Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), LinkedIn (https://www.linkedin.com/company/software-defined-talk/) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Use the code SDT to get $20 off Coté's book, Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: House of Dragons (https://www.hbo.com/house-of-the-dragon). Matt: Malcolm in the Middle (https://www.imdb.com/title/tt0212671/). Coté: Draw a Triangle (https://www.youtube.com/watch?v=7975YqVDf7o). Photo Credits CoverArt (https://openai.com/dall-e-2/) Banner (https://unsplash.com/photos/hoivM01c-vg)

MSP Dispatch is your source for news, community events, and commentary in the MSP channel.  Hosted by: Tony Francisco and Ray Orsini Give us your feedback by emailing news@mspmedia.tv   Register for Huntress's hack_it 22 at https://www.huntress.com/hack-it-2022 Apply for a chance to win one of five free 0-day sessions courtesy of MMN at https://go.oit.co/hackit2022 Check out the 2022 Tech Tailgate at IT Nation Connect! https://techtailgate2022.com/ Story Links: MS to Release Intune Premium Suite 2023https://petri.com/microsoft-intune-premium-suite-2023/ Forti OS CVE Active Exploits (update from last episode)https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/Metaverse Expected to be $1Bn Industry by 2030https://www.crn.com/news/computing/the-metaverse-will-turn-into-a-nearly-1b-industry-by-2030-reporthttps://futurism.com/the-byte/metaverse-decentraland-report-active-usersFirefox Free Numberhttps://www.theverge.com/2022/10/13/23402171/firefox-relay-phone-masking-service-privacy-securityThoma Bravo to Acquire ForgeRock $2.3Bnhttps://www.darkreading.com/application-security/thoma-bravo-acquire-forgerockMusk Offers to Buy Twitter at Original Pricehttps://channeldailynews.com/news/musk-offers-to-buy-twitter-at-the-original-price-if-twitter-drops-court-actions/78732Oblivion Mod Lets Players Order Pizza in Gamehttps://gamerant.com/oblivion-mod-players-order-pizza-from-game/ Community Events: 10/17 @ 1:00 pm ET | The CyberCall Voice of the MSP (Kelvin, Ray & Kyle) - How to Communicate a Cyber Incident: https://www.crowdcast.io/e/cybercall/register?session=114 10/18 - 10/19 In Person Event | Pax8 Security Bootcamp: Denver, CO10/18 @ 10:00 am ET | MSP Dispatch Presented by The MSP Media Network10/19 - 10/20 In Person Event | SMB TechFest: Irvine, CA10/19 @ 1:00 pm ET | Partner First: RPA for MSPs: Automating Your Manual and Time-Consuming Processes with Rewst10/21 @ 10:00 am ET | MSP Dispatch Week Wrap Up Presented by The MSP Media Network Connect with our hosts:  - Tony Francisco: https://www.linkedin.com/in/tonyjfrancisco/ - Ray Orsini: https://www.linkedin.com/in/rayorsini/ Be sure to follow us on social media:  Facebook: https://www.facebook.com/mspmediatv/ Twitter: https://twitter.com/mspmediatv LinkedIn: https://www.linkedin.com/company/mspmediatv/ Instagram: https://www.instagram.com/mspmediatv   Reddit: https://www.reddit.com/r/mspmedia Discord: https://discord.gg/Hc7b55cJPF 0:00 Intro 3:32 MS to Release Intune Premium Suite 2023 9:00 Forti OS CVE Active Exploits 14:41 Metaverse Expected to be $1Bn Industry by 2030 20:33 Notable Mentions 23:59 Community Events 26:00 Sign-off 28:01 Outtakes

MSP Dispatch is your source for news, community events, and commentary in the MSP channel.  Hosted by: Tony Francisco and Ray Orsini Give us your feedback by emailing news@mspmedia.tv   Register for Huntress's hack_it 22 at https://www.huntress.com/hack-it-2022 Apply for a chance to win one of five free 0-day sessions courtesy of MMN at https://go.oit.co/hackit2022 Check out the 2022 Tech Tailgate at IT Nation Connect! https://techtailgate2022.com/ Story Links: MS to Release Intune Premium Suite 2023https://petri.com/microsoft-intune-premium-suite-2023/ Forti OS CVE Active Exploits (update from last episode)https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/Metaverse Expected to be $1Bn Industry by 2030https://www.crn.com/news/computing/the-metaverse-will-turn-into-a-nearly-1b-industry-by-2030-reporthttps://futurism.com/the-byte/metaverse-decentraland-report-active-usersFirefox Free Numberhttps://www.theverge.com/2022/10/13/23402171/firefox-relay-phone-masking-service-privacy-securityThoma Bravo to Acquire ForgeRock $2.3Bnhttps://www.darkreading.com/application-security/thoma-bravo-acquire-forgerockMusk Offers to Buy Twitter at Original Pricehttps://channeldailynews.com/news/musk-offers-to-buy-twitter-at-the-original-price-if-twitter-drops-court-actions/78732Oblivion Mod Lets Players Order Pizza in Gamehttps://gamerant.com/oblivion-mod-players-order-pizza-from-game/ Community Events: 10/17 @ 1:00 pm ET | The CyberCall Voice of the MSP (Kelvin, Ray & Kyle) - How to Communicate a Cyber Incident: https://www.crowdcast.io/e/cybercall/register?session=114 10/18 - 10/19 In Person Event | Pax8 Security Bootcamp: Denver, CO10/18 @ 10:00 am ET | MSP Dispatch Presented by The MSP Media Network10/19 - 10/20 In Person Event | SMB TechFest: Irvine, CA10/19 @ 1:00 pm ET | Partner First: RPA for MSPs: Automating Your Manual and Time-Consuming Processes with Rewst10/21 @ 10:00 am ET | MSP Dispatch Week Wrap Up Presented by The MSP Media Network Connect with our hosts:  - Tony Francisco: https://www.linkedin.com/in/tonyjfrancisco/ - Ray Orsini: https://www.linkedin.com/in/rayorsini/ Be sure to follow us on social media:  Facebook: https://www.facebook.com/mspmediatv/ Twitter: https://twitter.com/mspmediatv LinkedIn: https://www.linkedin.com/company/mspmediatv/ Instagram: https://www.instagram.com/mspmediatv   Reddit: https://www.reddit.com/r/mspmedia Discord: https://discord.gg/Hc7b55cJPF 0:00 Intro 3:32 MS to Release Intune Premium Suite 2023 9:00 Forti OS CVE Active Exploits 14:41 Metaverse Expected to be $1Bn Industry by 2030 20:33 Notable Mentions 23:59 Community Events 26:00 Sign-off 28:01 Outtakes

In this episode of CX Confessions: The Customer Experience Show, host Staci Satterwhite, COO at Khoros, and guest host Anastacia Darby, Director of Strategic Development at Khoros, sit down with Atri Chatterjee, Chief Marketing Officer at ForgeRock, a San Francisco-based access management software company that's on a mission to create simple and secure identity experiences. With more than three decades of experience in marketing at several different tech companies ranging in size from start-ups to well-established enterprises, Atri has plenty of wisdom to share on digital identity, key CX trends, and more.Join us as we discuss:Why digital identity is a key component of CX todayThe consumerization of ITHow digital transformation has brought both security and CX to the forefront The cost of poor CX to enterprisesWhy Atri and his team are aiming to create frictionless, “passwordless” environments in the futureItching for more CX goodness? You can find this interview and many more, by subscribing to CX Confessions on Apple Podcasts, on Spotify, or here.Listening on a desktop & can't see the links? Just search for CX Confessions in your favorite podcast player.This episode of CX Confessions was produced by Quill.

CISA issues a Binding Operational Directive. An LA school district says ransomware operators missed most sensitive PII. An API protection report describes malicious transactions. Analysis of cyber risk in relation to SaaS applications. Joe Carrigan describes underground groups using stolen identities and deepfakes. Our guest is Eve Maler from ForgeRock on consumer identity breaches. And someone is making a nuisance of themself in Russia. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/191 Selected reading. Binding Operational Directive 23-01 (CISA) CISA Directs Federal Agencies to Improve Cybersecurity Asset Visibility and Vulnerability Detection (Cybersecurity and Infrastructure Security Agency)  CISA aims to expand cyber defense service across fed agencies, potentially further (Federal News Network) CISA directs federal agencies to track software and vulnerabilities (The Record by Recorded Future)  Student, Teacher Data Not Affected in Los Angeles School District Hack (Wall Street Journal) ‘No evidence of widespread impact,' LAUSD says of data released by hackers (KTLA)  New API Threat Research Shows that Shadow APIs Are the Top Threat Vecto (Cequence Security) Secureworks State of the Threat Report 2022: 52% of ransomware incidents over the past year started with compromise of unpatched remote services (Secureworks) Russian Citizens Wage Cyberwar From Within (Kyiv Post) Russian Hackers Take Aim at Kremlin Targets: Report (Infosecurity Magazine) Russian retail chain 'DNS' confirms hack after data leaked online (BleepingComputer)

This episode features an interview with  Pete Angstadt, Chief Revenue Officer at ForgeRock. ForgeRock, the leader in digital identity, delivers modern and comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world. Pete is a growth and execution-oriented leader with a particular focus on new customer acquisition and customer success. Before his role at ForgeRock, he served as Group Vice President of Cloud Security and Management at Oracle where he was responsible for all cloud security & cloud management solutions for North America.On this episode, Pete discusses avoiding surprises by being data driven, maintaining client security in a growing digital industry, and why RevOps is a necessity to develop and execute a successful go-to-market strategy.  Guest Bio:Senior Executive and proven leader with the experience to build and drive high-performing teams, foster collaboration across multiple disciplines, acquire and retain top talent. Growth and execution-oriented leader with particular focus on new customer acquisition and customer success. Before his role at ForgeRock, Pete served as Group Vice President of Cloud Security and Management at Oracle where he was responsible for all cloud security & cloud management solutions for North America.—Guest Quote“It's really central to becoming a consistent predictable revenue engine that ForgeRock has to be as a public company, but it's critical that we have Rev Ops every step of the way as we do planning and make those decisions on how and why we're gonna get maximum value for those investments.” - Pete Angstadt—Time Stamps:*(03:28) - Tell us about ForgeRock*(06:20) - The importance of digital security *(07:45) - How ForgeRock does RevOps*(13:27) - Partnering with Marketing *(15:27) - RevObstacles *(25:49) - RevOops Moments*(27:36) - The ToolShed *(39:42) - Quick Hits*(45:14) Best Advice —Sponsor:Rise of RevOps is brought to you by Qualified. Qualified's Pipeline Cloud is the future of pipeline generation for revenue teams that use Salesforce. Learn more about the Pipeline Cloud on Qualified.com. —Links Connect with Pete Angstadt on LinkedInConnect with Ian Faison on LinkedinCheck out the ForgeRock Website

While the impact of successful mentorship has been proven in a multitude of ways, there is still the fear that participants could be mismatched or that a mentor's time might be wasted. Concerns that the relationship will be short-lived or even fail can also get in the way of tremendous results. Today's guest asks us to consider using intention and purpose to guide these relationships. Please join us in welcoming Tschudy Smith, Chief People Officer at ForgeRock, to share her perspective on purpose-driven mentorship. Tuning in, you'll learn some of the characteristics of great leaders, why Tschudy believes we have to be more intentional than ever about who we bring into our network, and how to set outcomes and objectives before entering into a mentorship relationship. We also touch on the importance of empathy, the fundamental differences between a sponsor and a mentor, and the role that places and culture play for CPOs in a post-pandemic world, plus so much more.   Key Points From This Episode:   Insight into Tschudy's background and how she ended up in her current role at ForgeRock. How she came to understand the role that empathy plays in a leadership role. The value of mentorship and why Tschudy believes we have to be more intentional than ever about who we have in our network. A purposeful, outcomes-driven approach to inviting a mentor or a sponsor to work with you. Measuring the success of a mentor/mentee relationship against those initial objectives. An understanding of the differences between a mentor and a sponsor. Characteristics of a great leader, from transparent dialogue to advocating on behalf of others. Why the role of a sponsor is such a complicated one in today's highly matrixed organizations. How Tschudy conceived of the role of Chief People Officer (CPO) and her approach to it. Why today's leadership is about more than to-do lists and agendas; it's about people. The role that places and culture play for CPOs in a post-pandemic world. Tschudy elaborates on some of the ‘non-negotiables' for CPOs today. How Tschudy decided that CPO was the right role for her and how it aligned with her goals.   Tweetables:   “Some of those formal or informal engagements we might have expected to have are fewer and [farther] between, [so] we have to be even more intentional about who we have in our network that is there to support us, to guide us, and to give us some coaching and insight.” — Tschudy Smith [0:06:22]   “I feel like it's important to pay it forward and, I'll tell you, when you can play the role of mentor, you also learn.” — Tschudy Smith [0:07:32]   “The idea of a sponsor is to have somebody who advocates on your behalf, who is in those rooms, who is in those conversations, and who actually [thinks] about you when you're not there.” — Tschudy Smith [0:15:07]   “This is 22nd-century leadership. It isn't just about managing a to-do list. It isn't just about showing up to run an agenda for a team meeting. It's getting proximate, caring for your people, seeing them at their best, and figuring out how you can help them do more of that.” — Tschudy Smith [0:22:22]   Links Mentioned in Today's Episode:   Tschudy Smith on LinkedIn ForgeRock Talk Talent to Me Hired

As cybersecurity threats continue to rise in Singapore, companies need to continue focusing on detecting anomalous behaviour and provide easy authentication with the help of AI. Setting the right zero-trust frameworks helps businesses ensure their customers are continuously authenticated and authorised.  Ajay Biyani, Regional Vice President ASEAN, ForgeRock tells us how this can be done. See omnystudio.com/listener for privacy information.

Join this episode of In the Nic of Time with Special Guest Eve Maler, CTO, ForgeRock as they disucss identity management, how to secure it, how to adopt to zero trust principle with non person entity and person entity, security vs privacy and more.

Mary Writz, Vice President of Product Strategy at ForgeRock, shares how each career path she has taken has led her to where she is now. Mary describes how she has been a woman working in a male dominated field for most of her career and how she had to take charge, and she had to get the men to take charge with her. She says "I was often leading people, mostly men older than me, potentially smarter than me, more well paid than me. So I had to learn how to think about galvanizing this group to charge forward with me, even though I was a bit of a minority in that way." She also states that she tells herself to always make a positive out of a negative by showing people how you can respond to what's happening with a lot of energy, focus, and care and that's what got her to where she is today.

Mary Writz, Vice President of Product Strategy at ForgeRock, shares how each career path she has taken has led her to where she is now. Mary describes how she has been a woman working in a male dominated field for most of her career and how she had to take charge, and she had to get the men to take charge with her. She says "I was often leading people, mostly men older than me, potentially smarter than me, more well paid than me. So I had to learn how to think about galvanizing this group to charge forward with me, even though I was a bit of a minority in that way." She also states that she tells herself to always make a positive out of a negative by showing people how you can respond to what's happening with a lot of energy, focus, and care and that's what got her to where she is today.

Samantha Washington sits in for Ian King in today's episode – but Ian makes an appearance to discuss the government's digital strategy with minister Chris Philp.After chancellor Rishi Sunak launched a review of the UK's advanced computing, IBM UK and Ireland CEO Sreeram Visvanathan speaks to Samantha.She also catches up with Andrew Williams from Halma, a “group of life-saving technology companies”.Consumer campaigner Justin Gutmann comes on the show to talk about suing Apple for £768m over a software update which effectively slowed down older iPhones.Following a warning that food prices could rise 15-percent this summer, James Walton, Chief Economist at the Institute of Grocery Distribution, joins Samantha – who also discusses digital security with Fran Rosch from ForgeRock.

Hello and welcome to CHAOSScast Community podcast, where we share use cases and experiences with measuring open source community health. Elevating conversations about metrics, analytics, and software from the Community Health Analytics Open Source Software, or short CHAOSS Project, to wherever you like to listen. Venia is super excited about this episode because you may know our guests from around the community. Today, we have Brian Oblinger, Senior Vice President of New Products at Commsor, and Lori Goldman, Community Manager at ForgeRock. Our conversations touch on how Brian and Lori found themselves in community and their experiences with measuring community health over the years. We also learn about some start-ups in the community, what CMX has done in the community, where the community is going in a post 2022 world, and some projects Lori and Brian are working on. Download this episode now to find out much more, and don't forget to subscribe for free to this podcast on your favorite podcast app and share this podcast with your friends and colleagues! [00:01:11] Brian and Lori share their stories on how they found themselves in community and measuring community health. [00:04:58] We hear about some start-ups such as Commsor, Orbit, and Common Room. [00:06:24] Lori and Brian talk about their experiences with measuring community health over the years. [00:10:26] Venia wonders how we're supposed to bring businesses back into the discussion about measurement marketing, and Brian explains it's about understanding who you're talking to and understanding their language and Lori mentions monetizing it. [00:13:05] Lori speaks about the conversation about metrics and the wrapping in of community and CMX. [00:18:08] Venia explains her take on managing metrics, and Lori and Brian share some thoughts. [00:20:06] We find out how this community measurement is going to look like in a post-2022, post pandemic, and the problems that need to be solved. [00:24:23] Lori brings up the interconnection between community and developer relations and how do we work best with that function since it's so important, and Brian and Venia share their thoughts. [00:27:56] Find out what Lori and Brian are doing as far as projects in the next six months to a year with community metrics. Value Adds (Picks) of the week: [00:31:12] Brian's picks are a meeting series built by Tiffany Oda and Cassie Mayes called Community OPServations and subscribing to MasterClass. [00:32:29] Lori's picks are Duolingo to learn Spanish and to start a personal podcast. [00:34:08] Venia's pick is an information diet campaign she put together. Panelist: Venia Logan Guests: Brian Oblinger Lori Goldman Sponsor: SustainOSS (https://sustainoss.org/) Links: CHAOSS (https://chaoss.community/) CHAOSS Project Twitter (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) podcast@chaoss.community (mailto:podcast@chaoss.community) Ford Foundation (https://www.fordfoundation.org/) Venia Logan Twitter (https://twitter.com/SamanthaVenia?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Brian Oblinger Website (https://brianoblinger.com/) Brian Oblinger Twitter (https://twitter.com/brianoblinger) Brian Oblinger LinkedIn (https://www.linkedin.com/in/brianoblinger) Lori Goldman LinkedIn (https://www.linkedin.com/in/lori-goldman-054b323) ForgeRock (https://www.forgerock.com/) Commsor (https://www.commsor.com/) Orbit (https://orbit.love/) Common Room (https://www.commonroom.io/) CMX Summit 2022 (https://cmxhub.com/) Community OPServations (https://lu.ma/opservations) MasterClass (https://www.masterclass.com/) Duolingo (https://www.duolingo.com/) [The Information Diet: A Case for Conscious Consumption by Clay A. Johnson](https://www.amazon.com/Information-Diet-Case-Conscious-Consumption-dp-1449304680/dp/1449304680/ref=mtother?encoding=UTF8&me=&qid=1654033854) How to go on an information diet by Anne-Laure Le Cunff (Ness Labs) (https://nesslabs.com/information-diet) Special Guests: Brian Oblinger and Lori Goldman.

Ukraine holds its first war crimes trial. Are there war crimes in cyberspace? Iranian cyberespionage (and a possible APT side-hustle). Roblox seems to have been used to introduce a backdoor. CISA issues ICS advisories. Darkweb C2C trader sentenced. The last conspirator in the strange case of the eBay newsletter takes a guilty plea. Carole Theriault looks at Google's new approach to cookies in Europe. Our guest is Mary Writz of ForgeRock on the growing importance of mobile device authentication security. And CIA gets a CISO. For links to all of today's stories check out our CyberWire daily news briefing: httpshttps://thecyberwire.com/newsletters/daily-briefing/11/93 Selected reading. Ukraine to put first Russian soldier on trial for war crimes | DW | 12.05.2022 (Deutsche Welle) Russian soldier on trial in first Ukraine war-crimes case (AP NEWS) First Russian soldier goes on trial in Ukraine for war crimes (the Guardian)  The Case for War Crimes Charges Against Russia's Sandworm Hackers (Wired) Iranian hackers exposed in a highly targeted espionage campaign (BleepingComputer)  Iranian APT Cobalt Mirage launching ransomware attacks (SearchSecurity) Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks (The Hacker News)  Iranian Cyberspy Group Launching Ransomware Attacks Against US (SecurityWeek)  Please Confirm You Received Our APT | FortiGuard Labs  (Fortinet Blog)  Roblox Exploited with Trojans from Scripting Engine (Avanan) Ukrainian cybercriminal sentenced to 4 years in U.S. prison for credential theft scheme (CyberScoop) Ukrainian sentenced to 4 years for selling hacked passwords (The Record by Recorded Future)  Ex-eBay exec charged with harassing newsletter publishers pleads guilty (Reuters) CIA selects new CISO with deep private sector experience (The Record by Recorded Future)

In dieser Folge des Digital Insurance Podcast spreche ich mit Steffo Weber, Director Customer Engineering, und Adrian Humbel, Director Switzerland, Austria bei ForgeRock. ForgeRock ist ein international agierendes Softwareunternehmen im Bereich Identitätsmanagement mit Hauptsitz in San Francisco. Ziel ist es, den Kunden die simpel handzuhabende, sichere Verwaltung von Identitäten zu gewährleisten. Der erste Eindruck ist alles entscheidend. So startet unser Gespräch. Adrian Humbel überträgt diese simple Erkenntnis aus der Psychologie auf den öffentlichen Unternehmensauftritt. Viele Anfragen, die noch vor kurzem per Telefon o. Ä. vorgenommen wurden, möchten Kunden heute im Web erledigen. Hier kommt das Thema Identity-Management unweigerlich ins Spiel, erklärt Adrian. Schließlich befinde sich Identity in jedem Produkt eines Versicherers. Womöglich muss man sich für jeden weiteren Versicherer an ein neues Passwort erinnern? Hier kommt ForgeRock ins Spiel und hilft Unternehmen bei der Verwaltung von Identitäten. Ziel ist es, mit einer simplen Identifikation einen Zugang über alle Kanäle hinweg zu erreichen - bei gleichzeitiger Einhaltung aller nötigen Sicherheitsstandards. Ein Login für alle Frontends und die dahinter liegenden Prozesse. Gerade Versicherer haben hier Nachholbedarf. Am 01. Juni 2022 von 10.30 - 11.30 Uhr wird es zum Thema: Identitätsmanagement für Versicherungen als Brückenbauer zwischen Datensilos und Benutzererfahrung einen digitalen Roundtable geben. Hier bekommt ihr die Chance, das Thema mit den Sprechern zu diskutieren, Fragen zu stellen und Feedback zu geben. --> Melde dich direkt hier an! Links in dieser Ausgabe Zur Homepage von Jonas Piela Zum LinkedIn-Profil von Jonas Piela Zum LinkedIn-Profil von Steffo Weber Zum LinkedIn-Profil von Adrian Humbel Über diesen Podcast Folgt uns auf LinkedIn für mehr Podcast-Updates Zur Podcast-Website Wir suchen immer nach neuen und spannenden Gesprächspartnern. Meldet euch bei Susan.

Can a common language centered on revenue solve for the marketing credibility gap? View the full video interview here. Daniel Raskin, Co-founder, CMO and CPO of Mperativ, has more than 15 years of experience building brands and driving product leadership. Prior to Mperativ, Daniel served as CMO of Kinetica, held executive product strategy and marketing roles at ForgeRock, and served as Chief Identity Strategist at Sun Microsystems.

Isabelle is currently the Hiring Lead at ForgeRock, having founded multiple companies and previously worked with Sage and ACP. Isabelle has an extensive background within the cloud and growth stage to public technology companies across executive hiring and talent acquisition strategies. She is part of the UK Resourcing Leaders Top 100 and has been nominated three times by Recruiter.co.uk as one of the 11 most influential in-house talent acquisition experts. Isabelle has successfully implemented innovative talent acquisition solutions and has 360-degree experience in all recruitment and branding disciplines. In this episode, we discuss all things in-house executive search, storytelling when talking to talent, how best to communicate with stakeholders and more. Listen to this episode for an insightful conversation.

ForgeRock (FORG) is a digital identity management company. Fran Rosch, CEO of ForgeRock, joins Nicole Petallides to discuss FORG's earnings highlights. He talks about how FORG's 4Q revenue came in at $47.90M versus an estimated $47.10M. He then goes over the outlook for FORG and the future of identity management. Tune in to find out more.

Identity management issues are difficult for enterprise companies and for consumers. According to Javelin's 2021 Identity Fraud Study, there was 43 billion dollars worth of identity fraud scams in 2020. Small business owners to c-suite execs are all looking for the answer to security and simplicity, especially in the face of the enemies — bad actors and security systems that are too complicated to use. Everyone wants an answer, but perhaps the first step to a solution is for an identity management company to engage in an ongoing process of active listening.On this episode of Business X factors, Fran Rosch, the CEO of ForgeRock, shares how ForgeRock, under his leadership, has developed a perpetual process to innovate toward solutions where customers do not have to compromise user experience or security. He reveals how this process includes listening, making decisions and then acting accordingly. Fran also chats about how ForgeRock does more than loftily talk about creativity; instead, it invests in the creative process, including ensuring its people are truly able to be creative. Main Takeaways: A Perpetual Refining Process: When Rosch joined ForgeRock, he initiated “Project Rocket,” which was a process to activate change in the company. The process involved listening, making determinations, and then acting on them. The lesson here is not that a new CEO had an initial strategy in order to provide a jolt to a company. Instead, it is that “Project Rocket” has morphed into an ongoing process for ForgeRock's self-reflection and improvement.  Think About Creative Investment: Many companies talk a good game about establishing a creative environment, but some don't back up these words with actions. Rosch contends that creativity must be something that is actually invested in. Additionally, according to Rosch, supporting creativity is about setting up a culture where people are being listened to and helpful questions are also being asked.Diversity Is Key: Diversifying a workforce is imperative for a healthy culture and company, and there are many ways to consider diversity. Rosch speaks about fostering a “diversity of ideas,” and this includes gathering a team from many different backgrounds and experiences. He mentions that this sort of diversity is about getting ”creative ideas on the table.” Diversity and creativity are interconnected and they must both be considered in that manner.---Business X factors is produced by Mission.org and brought to you by Hyland. For over a decade, Hyland has been named a Leader in the Gartner Magic Quadrant for Content Services Platforms, leading the way to help people get the information they need when and where they need it. More than half of 2019 Fortune 100 companies rely on Hyland to help them create more meaningful connections with the people they serve. When your focus is on the people you serve, Hyland stands behind you. Hyland is your X factor for better performance. Go to Hyland.com/insights to learn more

ForgeRock (FORG), an identity management software company, debuted on the NYSE today via IPO and opened at $35 per share. What is next for the company and how will the stock continue to perform? President and CEO, Fran Rosch, provides his take and weighs in on modernization opportunities ahead.

Big Picture - Market and Trends [1:11] - What is Consumer Identity and Access Management (CIAM) and how does that differ from traditional identity and access management (IAM)? [4:21] - How did you go from the traditional open-source code of Sun's IAM to this new consumer identity and access management.  Can you give a quick history of ForgeRock. [6:40] - Can the ForgeRock solution help consumers have more control and visibilities over their identities? [12:00] - What are the top trends you and ForgeRock are seeing in the identity space and how will it impact consumers and businesses? [18:23] - What does the provider landscape of CIAM look like? Building the company [23:26] - what was your main channel for customer acquisition and growth? In the beginning stages. And then as you grew, has that changed? [26:48] - How has the pandemic impacted your strategy and future plans? [28:55] - Forgerock believes in building a strong internal culture.  How have you done that? [34:20] - Why are you considering going IPO? Why not a strategic exit?  What factors did you consider? [36:42] - What market should you IPO in? [39:10] - Which stage of growth was the hardest - 1=10M, 10-50M, 50-100M? [40:44] - What are your future plans? What will you do with the funds raised from an IPO? Book recommendationThe Long Earth Series by Terry Pratchett

In episode 59 of The Secure Developer, Guy Podjarny talks to Steve White, Field CISO at Pivotal. Steve spends his time helping organizations envision and implement new ways of integrating security into their software development, deployment, and operations life cycle. Most recently, his focus has been on cybersecurity, helping build a cybersecurity consulting practice for Microsoft and then leading security teams for companies such as Amazon, Sonos, and CenturyLink.On today's show we talk with Steve White, Field CISO for Pivotal, where he gets to regularly exercise his passion for working at the intersection of application security, development, infrastructure, and operations. Steve spends his time helping organizations envision and implement new ways of integrating security into their software development, deployment, and operations life cycle. Most recently, his focus has been on cybersecurity, helping build a cybersecurity consulting practice for Microsoft and then leading security teams for companies such as Amazon, Sonos, and CenturyLink. Prior to joining Pivotal, Steve was the Chief Security Officer at ForgeRock. In this episode we are going to get a broader perspective from Steve on digital transformation within organizations. We also hear from Steve why he recommends making small incremental changes, we discuss the idea of a security champion, as well as the best practices for helping developers understand the importance of cybersecurity work. Finally, Steve shares more about how to recognize when organizations are having challenges with digital transformation, and why it is key to focus only on the actual threats and not the imaginary ones. So don't miss out on today's enlightening conversation with Steve White of Pivotal.Transcript[00:01:32] Guy Podjarny: Hello, everyone. Welcome back to The Secure Developer. Today, we're going to get a bit of a broader market perspective here from someone who works with a lot of security and development through the years across the enterprise, and that is Steve White who is a Field CISO at VMware.Steve, welcome to the show. Thanks for coming on.[00:01:49] Steve White: Thanks, Guy. Thanks for having me.[00:01:50] Guy Podjarny: Steve, we're going to go broad in a sec. But before we do that, tell us a little bit about yourself and your path to where you are today.[00:01:58] Steve White: Absolutely. Well, the first thing I'll say about my path was, like many, it was accidental in a lot of cases. I started my career really honestly back before security was even a profession, the early security practitioners. We were sys admins and network admins and the people running the systems. We didn't have things like firewalls and we didn't have things like anti-malware software. We kind of invented this space, trying to protect our systems. The first firewall I ever used was a bit of software running on a Sun server.Fast-forward a career from there, I learned to really appreciate all facets of security during those early years. I moved into some application development roles. Ultimately, senior tech leader role and then moved into security full-time, trying to help build up a security consulting practice for Microsoft. Then from there, I've held a number of internal security roles at places like Amazon, CenturyLink Cloud, and Sonos. Then I was the Chief Security Officer at ForgeRock. Now, I'm a Field CISO at Pivotal VMware and spend my time really focusing on how can I best help organizations think through and strategize around this transformation into cloud native. How do we take what had become traditional enterprise security mechanisms and methods, and how do these change based on sort of this move to interesting things like containers and microservices and agile development? That's why I spend my time thinking about and looking at today.[00:03:35] Guy Podjarny: Who do you typically work with? Who's the peer in the companies you work with or maybe the profile of the companies?[00:03:42] Steve White: It has to be the larger global enterprises, so those companies who are primarily going through digital transformations. Companies who are writing a lot of their own custom code that they derive significant business value from, and they're working to transform how they write that code from sort of the traditional monolithic waterfall method into now the microservice-oriented cloud native 12- factor apps, right? As those companies who are making that transformation because it brings business value to them.I'm working primarily with their security leadership and security engineering and architecture organizations.[00:04:29] Guy Podjarny: Within those organizations, within the enterprises that you work with, who is the sort of typical profile or role of a person who works with you on sort of understanding the security concerns? Is it more the CTO? There's more security mind role. [00:04:44] Steve White: It's definitely the security organizations. I have a number of peers that I work with who spend more time on the application development organization side of things. I focus almost exclusively on the security organization, so I spend my time talking primarily with CISOs, with director of information security, or sort of the leadership in engineering security architecture kinds of spaces. I spend much of my time there.Lately, I have been doing some more detailed hands-on security workshops with I would say representatives sort of from every security discipline in the company, so security operations, incident response, architecture and engineering. We'll bring them all together in a room for a day and work through some of the implications of what cloud native security really means in each of those parts of the security team.[00:05:36] Guy Podjarny: Thanks for that. It's sort of the context.[00:05:37] Steve White: Yup.[00:05:37] Guy Podjarny: Just to dive right into it, like you're helping these organizations kind of keep security or level up even security as they do this sort of digital transformation and embrace all of these exciting new technologies. What do you see as kind of the pillars or the core tenets of change that they need to do?[00:05:55] Steve White: Well, it starts with – The first tenet of change in this space is that it's not just a technology change, although there is some technology shift that needs to happen. It's a culture and a perspective change that ultimately is the larger piece of what's to happen in information security, like it has happened in the rest of the business, right? We liken it to this change from security historically perhaps was perceived as providing perhaps gates, and you had to pass through the security gate to get to production or something like that.The phrase I like to use is we're moving from gates to guardrails, right? So security's function in the enterprise moving forward should be to provide these – They're like the safety net, right? There's a top and bottom guard rail that would protect you from sort of exceeding really bad parameters but within those guardrails. Development teams, operations teams have the flexibility to move around, to fluctuate, to flex, and to experiment frankly with what they need to do. That's one big topic. It's just that it's that cultural shift, that mindset.When you start to peel that back, how do you think about these culture changes, it really honestly comes down to – From my experience, it's the idea of pairing, right? The key differentiator I believe these days in helping security transform into this kind of cloud native organization is pairing them with developers from application development teams and vice versa, right?Let's expand our knowledge, let's expand our relationships, and let's expand our understanding of how this work impacts the business. I think that's like one of the really key factors.There's a whole lot of technology that comes with that culture change too. "But without the culture and perspective change, all the technology in the world isn't going to make a difference."[00:07:55] Guy Podjarny: I've got like a whole like a series of questions now to just ask based on that aspect. I'll start with that pairing comment. Pairing is a bit of a loaded term in the world of development you talked about sort of in those three program in pairing. When you talk about pairing developers and security people, are you literally talking about like two people watching the same screen and work together or pairing them to like a team?[00:08:15] Steve White: In an ideal world. Yeah, both in an ideal world. So I am ingrained in the Pivotal culture. I know you're familiar with Pivotal and what we created, right? Pivotal is very big on extreme programming and pair programming and test-driven development and all of the things that go with that. I'm here because I believe pretty strongly in the value of those things, but not every enterprise is there, right? Not every application development organization, for example, sees pair programming the same way.When I speak of pairing, I would love to see it be in the true sense of paired programming where two heads sitting in front of one screen, working on solving one problem together. If one of those folks is a security engineer and one of them is a feature developer, they're both learning a lot and adding a good chunk to the conversation. That doesn't necessarily work for every organization. If you're not an organization where pairing is a particular practice that you use, then you go along the line of things like rotations, right? Take a security engineer out of security. Put them into a feature development team for 90 days or let them be a part of that team and participate at whatever level they can and write code at whatever level they can and vice versa, right? Take a feature developer. Embed them in the security organization for 90 days or 180 days, whatever you can do.Pairing can look like a lot of different things depending on the what's appropriate to that enterprise. But it's pairing these folks who would not necessarily have been working together side-by-side. Give them common shared goals and outcomes for a period of time and let them learn from each other, right? That connectedness in that relationship I think is a really important part of that.[00:10:03] Guy Podjarny: I love the analogy to sort of extreme programming pairings. I think organizational pairing, that makes a lot of sense to me as well. That visual of sort of working together is beautiful one for the cases where that works.[00:10:14] Steve White: It is.[00:10:16] Guy Podjarny: Unpacking another piece that you said over there was this notion of guardrails. I'm a firm believer, right? Guardrails, you basically want to say, basically paint out the extremes about general paths kind of between past those elements. How do you help developers go make the right decisions in-between the guardrails? There's still a range of security and decisions that you make.[00:10:36] Steve White: That's right, yes. This is another key thing I think that's enabled by this idea of cross team sharing that I described, and that's in the modern sort of cloud native security organization. I say a good chunk of time used to be spent writing tools, writing code that the rest of the organization can adopt. Whether those tools be things like – Whether those are code blocks that enforce identity, authentication, and authorization in a particular way for the languages used by your company, right? That's one idea. There's a lot of other ways that security teams can write code, and that's typically in the realm of either reusable objects that developers can embed in their project and use or it's in the realm of tools that help them integrate their methods and their procedures better with the tools that exist in the rest of the organization, where having security focused on writing code in those spaces I think pays big dividends in that question. How do you help developers navigate the guardrails ? You give them tools to do that. The security organization should spend a good chunk of its time creating tools and listening to the developers and making them better, so those tools better fit how the developers do their work.[00:11:57] Guy Podjarny: Yeah, for sure. I guess when you work, like you work with secure organizations that might not have had that approach before they started. I imagine like many times they're not necessarily like the skills in the team without necessarily letting themselves doing such so coding activities. How do you see or maybe how do you guide organizations to sort of navigate that expansion or transition of skills? Actually, if you have any opinions on which skills can they actually invest less in as we move to this world?[00:12:29] Steve White: Yeah. I'll maybe start with the first part of that question. I absolutely have thoughts on that. Everything goes back to agile. It's about incremental change. The first thing I would speak to organizations making that transition is don't try to do the whole thing at once, right? Pick a particular area where you can make an impact, and you don't want it to be a low, quiet, non-visible area. Some people try to do incremental change. They'll pick this little quiet part of the business that doesn't have a lot of visibility and impact. That's actually not the right way.The right way is to pick a small piece of what you do that has lots of visibility, lots of impact and make a change there, right? Pick a marquee application that's being developed and have one of your security engineers working with that team or vice versa. Pick a particular problem area. So if you do a survey across your development organizations, if there's a particular problem let's say with how SQL authentication has happened with backend databases, that's visible and it often will cause security vulnerability alarms. So pick that one problem, and now go and write some code to solve for that problem.If you don't have any folks in the security organization who are developers, borrow some. This is back to that pairing idea. Bring a couple in from the application development organization and have them help you write tools that they and their peers would want to use, right? But do it in a paired programming model. So even if you're not big on paired programming, in this scenario bring one of your security engineers who's eager to learn new things. Pair them with that developer in whatever way works in your organization. Let them learn from that effort. That's like how an organization can get started like right away.The other thing I would be doing for any enterprise organization doing security today is I'd be hiring for these skill sets. As you're hiring new people into the organization, this is a place you can hire junior people into security. Maybe they don't know a lot about security but they're pretty good. They've got some good development skills behind them. You can hire them into the organization, as most enterprise size security organizations regularly have openings that they're trying to fill. Rethink about some of those open positions. Repurpose one or two of them. Bring in a developer heavy or even a developer with little security experience and then train them over time.The last piece of that that I would say is training, right? Find individuals inside your security organization who raise their hands and say, “Hey, I want to learn this new thing. I want to be part of this change,” and give them some training, right? You can invest in your people and sending a security engineer to training to learn some development skills that creates loyalty. It creates energy. It creates enthusiasm. It creates a whole lot of positive side effects that they can then bring to the organization. Those are like three straightforward things you can do. There's a variety of others.[00:15:37] Guy Podjarny: Yeah, I know. But those are great advice, both on kind of where you focus, which is pick one that matters and not the kind of hidden that you care about. It's sort of the transitional sort of change and the pairing once again. I think that's definitely kind of a strong theme and a powerful one in kind of the human aspect of sort of [inaudible 00:15:54]. All sound like really good suggestions. It's going to be like a transition. We're going to make a bit of a transition towards the world of dev, right? This is security, and they're building and they're building those kind of skills and tools with different approaches. How do you then advise that they engage with dev? I mean, how do you see the collaboration happening in terms of process and steps?[00:16:19] Steve White: There's a lot of different ways you get after that. I'm a big fan. I've seen a lot of success in what I have historically called the security champions program, right? Security champions tend to be – It's like a way you help the development teams get invested and take ownership of security for their code, the stuff that they're creating. It's difficult to try to train everyone all the time and get them really enthusiastic about security things, right? I think that's not effective for most organizations. It's to try to get an entire development team jazzed about security.It's like pick same ideas. I have one on the security side and on the developer side. Pick a person, one person that's part of the team who has some enthusiasm for security, who has some understanding or some background in why it's important, and invest in them, right? Give them some additional training. Delegate to them some responsibility that perhaps the security team might've held within their arms previously. Find a security champion. Say, “Hey, we're going to invest in some training and we're going to invest in some responsibility, right? That now because you're on the team, we're going to take off the reins somewhat. We're going to take off some controls, loosen the guardrails, and give them more flexibility within this operating framework, because you now have a security voice embedded within the team.”That person, because they are a day-to-day functioning member of the team, can find incremental ways to help the team make small changes or do small things a little better. I'm a big fan of that natural growth of security awareness inside of a team.The second part of that is frankly is to move security tooling and security validation earlier in their process, right? Well, I like to talk about this shift left thing with security. Although if you ever look at the DevOps lifecycle, it's a continuous loop, so how you shift left in the loop is beyond me. But nonetheless, we still use that terminology. For me, it's simply where do I provide security feedback to developers in a more timely fashion and in a way that's consistent with the way they work. That's always been one of the challenges is in security we'll like run our SaaS and our desk tools somewhere down in the pipeline, and all we do is send them a report of a thousand probabilities in their code, and we're done.That's just not how you build those bridges, right? It's not how you build awareness, and so finding ways to give those developers actionable real-time feedback as close to the time they write the code as possible and then making sure that when you're providing security-related findings or feedback or what have you, that it really actually truly is actionable. It's not fanciful. We have this tendency in security to sort of take the high ground, right? It's like all the vulnerabilities have to be gone. There can't be a single line of misplaced code. That's not really where we need to be, right?One of the advice I've heard from others who I respected in this space is pick a particular security problem you're going to focus on, say, for a month and have all the development teams focus on that one class of vulnerability like SQL injection. We like to pick on that, because that's a pretty bad one. It's like all the teams focused on – We're going to focus on SQL injection this month, and so we're going to turn the knob up. We're going to turn the noise level up on SQL injection this month, and we're going to do everything we can. Then next month, we'll look at something else. But engage the teams in that conversation about what it should be, how they should receive the feedback, what's best for them. If you actually engage the developers in that conversation, I think you will ultimately get better results. Those are some of the keys, yeah.[00:20:20] Guy Podjarny: All great advice and I very much resonate with some of the whole shift left on it to say it's not shift left. It's top to bottom, it's to go from central governance to central controls and sort of bottom up and power teams.The question about the practicality of the security champions program, I mean, lots of good things to say about it. One of the pushbacks is that organizations don't always acknowledge this developer, the person in the development team who's now been sort of added in some form of authority, might have a different job. I mean, how do you recommend or sort of how do you see work best for organizations that do that security champion in terms of the role description for the security champion? Is it a percentage, less work that they do on the product side? I mean, how does that relate to their day job?[00:21:08] Steve White: Well, that's a really interesting question, and I think is also in some ways a cultural question, right? If you are trying to measure output of individual developers down to the level where they if they've spent two hours on security champion work, it would show up in some developer productivity metric. I think you need to question the cultural approach to that, because frankly, "output of development organizations should be focused minimally on the team output, right? There is very little external measure I would argue that is effective in measuring explicit individual developer productivity and especially in organizations where you're pairing, because now it's like, “Well, am I measuring the pair?”"Frankly, I would first say if you're trying to measure individual developer productivity at that level, I think you'd need to ask some tough questions about is that really effective and is that really the culture you want drive. If you take that up a level and you're measuring productivity and impact, it's really more about impact and feature flow and team metrics, right? Are they getting impactful things to the customers? Do the customers love what they deliver? Do they deliver frequently? Those kinds of metrics are what's important. I would argue that you're not going to see a big change in that by having one person spend some time on security champion types of duties.The other thing is that once trained – So there is a training period. Then during that training period, there may be some reduction in flow, but the responsibilities of the security champion are really just to speak up during planning or speak up during design sessions to ask the questions of the team. Did you think about this or did we include this or is this something that really should go through a deeper security review? It doesn't take a lot of work, right? It's not a big investment of time. It's like a focus versus amount of effort kind of thing, so it shouldn't take a lot of time.[00:23:14] Guy Podjarny: That's some great aspect. It kind of leads me to sort of another question I wanted to ask, which is like this measure. That team is also supposed to produce secure software and presumably whatever low [inaudible 00:23:26] provided by this sort of individual that might be helping also take some off or like helping others do their work more effectively. We're going to kind of take that last step into the world of dev and ask some questions there. How do you see, again, kind of best practices around helping the dev side of the fence appreciate security work, sort of time times spent, effort made in security, in terms of like measurements, mandates? I mean, like these are enterprises [inaudible 00:23:57] small organization sometimes or small [inaudible 00:24:00] in values in change suffice. It tends to be that in the enterprise it needs something a little bit more structured. What works best?[00:24:09] Steve White: First off, I don't think that I've seen a one-size-fits-all for every enterprise, because honestly it is a very cultural perspective. Even within enterprises, there's a big variety in culture. But I will say that I think the most effective thing I have seen in terms of helping the developers understand the impacts and the importance of security is frankly the value of something like a pen test, but a pen test specific to the code they're writing, because really a penetration test or a testing like that comes from the attacker mindset. What we're really trying to do in this scenario is to help the developers really adopt an attacker mindset. It's like if I was attacking this code, number one, why would I? Give them some really good illustration like if I break ‘this', then I got to ‘this'. Now, all of a sudden, I copied a thousand credit card numbers or healthcare or health record pieces of information.Nothing I think reinforces that message better than that kind of effort, and that's true from the executive tier and down, right? Like a good penetration test that demonstrates a chain of vulnerabilities carries powerful illustration.[00:25:26] Guy Podjarny: A sobering moment too. [00:25:27] Steve White: It does. Those things don't have to be external, so the other really interesting thing here is if you're building this kind of culture, is you can actually build a pen testing or a vulnerability assessing kind of mindset even within the application development organization, right? There's nothing that says that you might not take a Sprint and attack your own code or attack your neighbor's code and have them attack yours. Actually, you spend some time having folks go out actually purposefully attempt to exploit their own code or the other team's code. It really reinforces these things of, A, thinking like an attacker, understanding how these things can chain together and more importantly leading back to what's really important to the business.Every developer I've ever worked with, they care about the business. They care about what's important to the business. They care about their code doing good things for the business. If you can always tie these back to what data is being protected, how their code fits into that story, and if you can make this connection very visceral through pen testing and those kinds of things, I find that carries a lot of emotional value for the organizations.[00:26:42] Guy Podjarny: I love that as well. I mean, it's like security to an extent is sobering, as well as fun. So security and risk is – This other one's boring but sort of –[00:26:51] Steve White: I will tell people like the most fun I ever had in security is red teaming, right? That was my most fun assignment ever in security was being a red teamer or a black hat hacker.[00:27:02] Guy Podjarny: One more question on the dev side. We're going to level up a little bit. What you suggested right now is good for like getting them engaged, kind of getting them alive. How do you measure if they're doing a good job? I guess that's just not the developer's job but security as a whole. But how do you know that it's working?[00:27:21] Steve White: There are I think various ways to answer that question. But ultimately, it comes down to me. Number one, are the risk metrics that you use as an enterprise, are they improving? Every enterprise has a set of risk metrics that they're tracking as it relates to all parts of the organization, and so the way to look at this from the app developer side is a set of those metrics that apply to the custom developed applications and the platforms on which they're running. One way of looking at this is simply talking about are those risk metrics going down or up. Whichever way they're going, having a pretty open honest conversation about what it is that's driving those metrics down or up. So that's one way.Another way to look at that would be in the – I'm thinking of the relational metrics of it, right? I'm big on actually having people who are working together, basically kind of rating that experience or rating their collective collaboration. I'm looking for a word here, but it's like how do I rate the effectiveness of my collaboration. That's ultimately what I'm after. I think –[00:28:34] Guy Podjarny: Almost like a sentiment element – [00:28:36] Steve White: Yes. It's almost like an NPS. It's like a net promoter score but it's internal, and so I would say you're seeing success in this scenario if you ask the app development organization, “Hey, how good of a partner is security? How easy is it to follow the guardrails? What roadblocks are you seeing in the security processes,” and vice versa. You marry that up with similar questions from the security organization. Hey, how receptive do you find the app development teams? How collaborative is your relationship with them? How is the quality of the security in the custom-built applications going? Ask these questions on both sides of that equation and focus on sort of the collaborative aspects of it more than the “are the desk tools results going up or down in terms of vulnerability”. That's sort of an irrelevant metric to me, frankly.The number of vulnerabilities found in the source code, well, that can change just as I release a new tool into the environment, and it skyrockets, right? So I think more about metrics that are more about collaboration, effectiveness, and then ultimately like what really is getting through like flow. How easy is the flow of applications through my security pipeline? If it's easy to flow things through that are secure, great. If it's not so easy to flow things through, even if they're secure, that's a red flag, and you can put metrics around that. You can measure it.[00:30:07] Guy Podjarny: That's awesome. I definitely agree with kind of the sentiment of like it's people first, and you do those sorts of just the metrics. But there's a lot. I haven't heard this sort of the survey idea or this notion of ask people thing if they are collaborating well or not.Before I kind of ask you for your bit of advice, just one overlaying question. You've been in security for a while and you've kind of seen it transition. You're also advising organizations specifically on that transition from pre-imposed cloud native. It must have sort of developed more of a sort of – beyond the frameworks and all that, some crunch, some sort of sniff test about you're coming in, some properties that you're sort of seeing indicate, hey this company is probably not or is very effective in security. What would you say are like the key highlights that really kind of triggered that alert and how has that changed between kind pre-cloud native I guess, which arbitrarily affects the worlds into pre-cloud, post-cloud? [00:31:06] Steve White: There's a lot of things I would say around that one. The first and most important I would go back to - is there an ongoing collaborative relationship between security and the application development teams? Is that relationship through service desk tickets or is there an actual conversation happening on a regular basis? That, to me, is the key indicator of a problem. If there is not an active ongoing like daily or weekly conversation happening with active participation from security and app dev, then I think you need to dig deeper because I think that's indicative of a challenge. If all communication is through service desk tickets and those service desk tickets take three weeks to solve, I mean that's an indication of an organization that may have some challenges in these kinds of digital transformations. That's the point of it, right. These kinds of digital transformations are all about speed and agility, so you only get speed and agility if you're having active conversation versus trying to communicate sort of asynchronously. That's number one to me.Number two comes down to that conversation about gates versus guardrails. If I look at an organization, I can pretty quickly determine “do the application development teams have some guardrails to function within or do they have a bunch of gates they have to get through that I have to toss things over a silo wall to get security approvals.” That's really another really big indicator, right? Those are two key ones, and then there's a whole ton other ones like how you're giving feedback on your security testing, how effective is your security testing and how well tuned is it, are you providing developer feedback to keyboard entry layer, etc. etc. All of those are indicators, but the first two always come back to that. How do they communicate? How do they collaborate?[00:32:56] Guy Podjarny: They're both great. Would you say like are they just as important in the sort of the pre-cloud era as they are post? Is it – How they're useful here like when you actually not even recommend them if you're sort of developing some [inaudible 00:33:12] applications.[00:33:14] Steve White: Yeah, but I'll be careful. It's not so much about the word ‘cloud', because the word ‘cloud' can imply a move to the public cloud. It can imply a lot of things. I use the term cloud native, which is I like to define four key things. Cloud native architecture and organizations are defined by microservices. They're writing all their apps as microservices. They're defined by automated CICD pipelines. They're doing SRE/DevOps kinds of things and they're doing containers.Those four things really make up a cloud native organization. I would say that traditional enterprises who are not defined by those four things, if they're not doing containers, if they're not doing micro services, they're not doing automated CICD, and they're not doing agile DevOps, the existing security mechanisms may work fine for what they're trying to achieve, because the existing security mechanisms kind of grew up and were developed in that world, and they work fine if you weren't trying to make those kinds of transformations.But those are the exact things that put the existing security measures in a lot of pressure on them, right? When you're doing automated microservice agile code development, trying to release features to production, say, daily, the traditional code review, code testing feedback cycle just doesn't work. The short answer is it can work for traditional enterprise to continue to do security the way they have done it. Most enterprises that are writing custom code, they don't have the luxury to stay there. They have to move into this cloud native world in order to compete. They'll become irrelevant if they don't.[00:35:00] Guy Podjarny: Yeah. No, absolutely. Fully aligned, and you're right about this. I am sometimes kind of lazy and say cloud where they really mean cloud native in their approach but just the challenge of it. In that one, it's like – For most enterprises, the switch to cloud native is hardly a one-time thing, they will have a for a long period of time a portion of their assets or kind of their technology stacks be cloud native and a portion remain in that traditional surrounding. Would you advocate using kind of those, if you will, cloud native approaches to security across the board or would you actually kind of bifurcate the organization to say it's actually better for the sort of the traditional enterprises sort of stay where it was?[00:35:44] Steve White: Well, I would definitely suggest that it's best long-term to get the entire approach to security aligned with what I've described for cloud native. But if you have a bifurcated – Most enterprises are as you said. We've got a lot of existing things that we have to keep up and running and maintain in those kinds of pieces. For most organizations, this is not an overnight transition on the security side either, right? So I would suggest that it's best for those organizations to start the transition now. Get moving on transforming security just like you've got moving, transforming application development and have a plan and a strategy to make that transformation universal across all of security. But you don't have to do it overnight, just like you don't have to transform all of the application development overnight, right? Make it sensible for your organization. Make the right pace of change, something that the larger organization can consume, and do it in a planful way.Ultimate answer is you – I mean, this kind of transformation is great for all of security, but you don't have to artificially rush it to get there immediately for the whole organization. Do it incrementally, just like everything else.[00:37:04] Guy Podjarny: A nice kind of full circle as well is one of your first bits of advice. It's kind of pick the area you're going to start first. It's very clear. This has been some jam-packed with great advice I think for the whole journey. But I'll ask you for one more. As you know, I like to ask every guest that sort of come to the show if you have kind of one bit of advice or even like a pet peeve or something that kind of annoys you when people start doing if you'd like to give sort of a team that is looking to kind of level up their security too, what would that be?[00:37:33] Steve White: That would be focus on the actual threats to your organization, not the science lab projects that your neighbor has dreamed up. Keep your organization focused on combating those threats. That, to me, is like "my number one advised any security team. Focus on the real threats, not necessarily all of the imaginary ones."[00:38:02] Guy Podjarny: Excellent spoken like a person who's had many conversation with enterprise security teams with advanced [inaudible 00:38:09] threat and nightmares –[00:38:10] Steve White: I've had lots of conversations with lots of really brilliant people. To be clear, there are organizations under some very, very sophisticated threats. I have a pretty long military career in cyber, and there are lots of really interesting threats out there. But a lot of enterprises out there today aren't going to see those threats.[00:38:29] Guy Podjarny: That's great advice. Steve, this has been a pleasure. Thanks a lot for coming on the show.[00:38:33] Steve White: Absolutely. Thanks for having me.[00:38:33] Guy Podjarny: Thanks, everybody, for tuning in. I hope you join us for the next one.[END OF INTERVIEW]

Максим Сальников, fullstack developer в компании ForgeRock, в гостях у Андрея Смирнова из Frontend Weekend. Хочешь поддержать Frontend Weekend, переходи на http://frontendweekend.ml ;) - Как попал в разработку и сумел переехать из Самары напрямую в Осло? 00:54 - С помощью чего вырвался из “программистского пузыря”? 03:48 - Как удаётся совмещать работу и такой активный график выступлений/конференций? 07:19 - Почему заинтересовал Angular и как и зачем становиться Google Developer Expert'ом? 10:45 - Зачем подмял под себя митапы и конференции в Скандинавии (Mobile Era, ngVikings)? 16:20 - Почему стоит переехать в Осло и как общаются друг с другом скандинавы? 25:10 - Кем бы хотел стать, если бы не стал разработчиком? 29:37 - React, Angular, Vue или Ember? 33:53 - Какая справедливая зарплата для frontend-разработчика в Осло? 37:04 - Готовим вместе с frontend-разработчиком 39:59 - Присмотритесь к PWA, а также подавайтесь на выступления во время отпусков! 41:19 Ссылки по теме: 1) Статьи Максима – https://medium.com/@webmaxru 2) То самое выступление на норвежской Минуте Славы – https://www.tv2.no/v/947151/ 3) Frontend Weekend Patreon – https://patreon.com/frontendweekend

The costs of open sourcing a project are explored, we discover why PS4 downloads are so slow, delve into the history of UNIX man pages, and more. This episode was brought to you by Headlines The Cost Of Open Sourcing Your Project (https://meshedinsights.com/2016/09/20/open-source-unlikely-to-be-abandonware/) Accusing a company of “dumping” their project as open source is probably misplaced – it's an expensive business no-one would do frivolously. If you see an active move to change software licensing or governance, it's likely someone is paying for it and thus could justify the expense to an executive. A Little History Some case study cameos may help. From 2004 onwards, Sun Microsystems had a policy of all its software moving to open source. The company migrated almost all products to open source licenses, and had varying degrees of success engaging communities around the various projects, largely related to the outlooks of the product management and Sun developers for the project. Sun occasionally received requests to make older, retired products open source. For example, Sun acquired a company called Lighthouse Design which created a respected suite of office productivity software for Steve Jobs' NeXT platform. Strategy changes meant that software headed for the vault (while Jonathan Schwartz, a founder of Lighthouse, headed for the executive suite). Members of the public asked if Sun would open source some of this software, but these requests were declined because there was no business unit willing to fund the move. When Sun was later bought by Oracle, a number of those projects that had been made open source were abandoned. “Abandoning” software doesn't mean leaving it for others; it means simply walking away from wherever you left it. In the case of Sun's popular identity middleware products, that meant Oracle let the staff go and tried to migrate customers to other products, while remaining silent in public on the future of the project. But the code was already open source, so the user community was able to pick up the pieces and carry on, with help from Forgerock. It costs a lot of money to open source a mature piece of commercial software, even if all you are doing is “throwing a tarball over the wall”. That's why companies abandoning software they no longer care about so rarely make it open source, and those abandoning open source projects rarely move them to new homes that benefit others. If all you have thought about is the eventual outcome, you may be surprised how expensive it is to get there. Costs include: For throwing a tarball over the wall: Legal clearance. Having the right to use the software is not the same as giving everyone in the world an unrestricted right to use it and create derivatives. Checking every line of code to make sure you have the rights necessary to release under an OSI-approved license is a big task requiring high-value employees on the “liberation team”. That includes both developers and lawyers; neither come cheap. Repackaging. To pass it to others, a self-contained package containing all necessary source code, build scripts and non-public source and tool dependencies has to be created since it is quite unlikely to exist internally. Again, the liberation team will need your best developers. Preserving provenance. Just because you have confidence that you have the rights to the code, that doesn't mean anyone else will. The version control system probably contains much of the information that gives confidence about who wrote which code, so the repackaging needs to also include a way to migrate the commit information. Code cleaning. The file headers will hopefully include origin information but the liberation team had better check. They also need to check the comments for libel and profanities, not to mention trade secrets (especially those from third parties) and other IP issues. For a sustainable project, all the above plus: Compliance with host governance. It is a fantastic idea to move your project to a host like Apache, Conservancy, Public Software and so on. But doing so requires preparatory work. As a minimum you will need to negotiate with the new host organisation, and they may well need you to satisfy their process requirements. Paperwork obviously, but also the code may need conforming copyright statements and more. That's more work for your liberation team. Migration of rights. Your code has an existing community who will need to migrate to your new host. That includes your staff – they are community too! They will need commit rights, governance rights, social media rights and more. Your liberation team will need your community manager, obviously, but may also need HR input. Endowment. Keeping your project alive will take money. It's all been coming from you up to this point, but if you simply walk away before the financial burden has been accepted by the new community and hosts there may be a problem. You should consider making an endowment to your new host to pay for their migration costs plus the cost of hosting the community for at least a year. Marketing. Explaining the move you are making, the reasons why you are making it and the benefits for you and the community is important. If you don't do it, there are plenty of trolls around who will do it for you. Creating a news blog post and an FAQ — the minimum effort necessary — really does take someone experienced and you'll want to add such a person to your liberation team. Motivations There has to be some commercial reason that makes the time, effort and thus expense worth incurring. Some examples of motivations include: Market Strategy. An increasing number of companies are choosing to create substantial, openly-governed open source communities around software that contributes to their business. An open multi-stakeholder co-developer community is an excellent vehicle for innovation at the lowest cost to all involved. As long as your market strategy doesn't require creating artificial scarcity. Contract with a third party. While the owner of the code may no longer be interested, there may be one or more parties to which they owe a contractual responsibility. Rather than breaching that contract, or buying it out, a move to open source may be better. Some sources suggest a contractual obligation to IBM was the reason Oracle abandoned OpenOffice.org by moving it over to the Apache Software Foundation for example. Larger dependent ecosystem. You may have no further use for the code itself, but you may well have other parts of your business which depend on it. If they are willing to collectively fund development you might consider an “inner source” strategy which will save you many of the costs above. But the best way to proceed may well be to open the code so your teams and those in other companies can fund the code. Internal politics. From the outside, corporations look monolithic, but from the inside it becomes clear they are a microcosm of the market in which they exist. As a result, they have political machinations that may be addressed by open source. One of Oracle's motivations for moving NetBeans to Apache seems to have been political. Despite multiple internal groups needing it to exist, the code was not generating enough direct revenue to satisfy successive executive owners, who allegedly tried to abandon it on more than one occasion. Donating it to Apache meant that couldn't happen again. None of this is to say a move to open source guarantees the success of a project. A “Field of Dreams” strategy only works in the movies, after all. But while it may be tempting to look at a failed corporate liberation and describe it as “abandonware”, chances are it was intended as nothing of the kind. Why PS4 downloads are so slow (https://www.snellman.net/blog/archive/2017-08-19-slow-ps4-downloads/) From the blog that brought us “The origins of XXX as FIXME (https://www.snellman.net/blog/archive/2017-04-17-xxx-fixme/)” and “The mystery of the hanging S3 downloads (https://www.snellman.net/blog/archive/2017-07-20-s3-mystery/)”, this week it is: “Why are PS4 downloads so slow?” Game downloads on PS4 have a reputation of being very slow, with many people reporting downloads being an order of magnitude faster on Steam or Xbox. This had long been on my list of things to look into, but at a pretty low priority. After all, the PS4 operating system is based on a reasonably modern FreeBSD (9.0), so there should not be any crippling issues in the TCP stack. The implication is that the problem is something boring, like an inadequately dimensioned CDN. But then I heard that people were successfully using local HTTP proxies as a workaround. It should be pretty rare for that to actually help with download speeds, which made this sound like a much more interesting problem. Before running any experiments, it's good to have a mental model of how the thing we're testing works, and where the problems might be. If nothing else, it will guide the initial experiment design. The speed of a steady-state TCP connection is basically defined by three numbers. The amount of data the client is will to receive on a single round-trip (TCP receive window), the amount of data the server is willing to send on a single round-trip (TCP congestion window), and the round trip latency between the client and the server (RTT). To a first approximation, the connection speed will be: speed = min(rwin, cwin) / RTT With this model, how could a proxy speed up the connection? The speed through the proxy should be the minimum of the speed between the client and proxy, and the proxy and server. It should only possibly be slower With a local proxy the client-proxy RTT will be very low; that connection is almost guaranteed to be the faster one. The improvement will have to be from the server-proxy connection being somehow better than the direct client-server one. The RTT will not change, so there are just two options: either the client has a much smaller receive window than the proxy, or the client is somehow causing the server's congestion window to decrease. (E.g. the client is randomly dropping received packets, while the proxy isn't). After setting up a test rig, where the PS4's connection was bridged through a linux box so packets could be captured, and artificial latency could be added, some interested results came up: The differences in receive windows at different times are striking. And more important, the changes in the receive windows correspond very well to specific things I did on the PS4 When the download was started, the game Styx: Shards of Darkness was running in the background (just idling in the title screen). The download was limited by a receive window of under 7kB. This is an incredibly low value; it's basically going to cause the downloads to take 100 times longer than they should. And this was not a coincidence, whenever that game was running, the receive window would be that low. Having an app running (e.g. Netflix, Spotify) limited the receive window to 128kB, for about a 5x reduction in potential download speed. Moving apps, games, or the download window to the foreground or background didn't have any effect on the receive window. Playing an online match in a networked game (Dreadnought) caused the receive window to be artificially limited to 7kB. I ran a speedtest at a time when downloads were limited to 7kB receive window. It got a decent receive window of over 400kB; the conclusion is that the artificial receive window limit appears to only apply to PSN downloads. When a game was started (causing the previously running game to be stopped automatically), the receive window could increase to 650kB for a very brief period of time. Basically it appears that the receive window gets unclamped when the old game stops, and then clamped again a few seconds later when the new game actually starts up. I did a few more test runs, and all of them seemed to support the above findings. The only additional information from that testing is that the rest mode behavior was dependent on the PS4 settings. Originally I had it set up to suspend apps when in rest mode. If that setting was disabled, the apps would be closed when entering in rest mode, and the downloads would proceed at full speed. The PS4 doesn't make it very obvious exactly what programs are running. For games, the interaction model is that opening a new game closes the previously running one. This is not how other apps work; they remain in the background indefinitely until you explicitly close them. So, FreeBSD and its network stack are not to blame Sony used a poor method to try to keep downloads from interfering with your gameplay The impact of changing the receive window is highly dependant upon RTT, so it doesn't work as evenly as actual traffic shaping or queueing would. An interesting deep dive, it is well worth reading the full article and checking out the graphs *** OpenSSH 7.6 Released (http://www.openssh.com/releasenotes.html#7.6) From the release notes: This release includes a number of changes that may affect existing configurations: ssh(1): delete SSH protocol version 1 support, associated configuration options and documentation. ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC. ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST Refuse RSA keys