Podcasts about iac

  • 474PODCASTS
  • 1,340EPISODES
  • 31mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jan 21, 2023LATEST

POPULARITY

20152016201720182019202020212022

Categories



Best podcasts about iac

Latest podcast episodes about iac

The Robot Report Podcast
Editors Pick: Best Robots of CES 2023; Boston Dynamics Atlas video review

The Robot Report Podcast

Play Episode Listen Later Jan 21, 2023 69:15


This week, co-hosts Steve Crowe and Mike Oitzman review the latest Boston Dynamics Atlas video and how Atlas is getting more agile through simulation. Mike Oitzman reviews his recent trip to CES 2023, and features interviews with Aeolus Robotics Head of Product, Dan Haddick. Next we talk to Robosen Chief Marketing Officer Tony Crisp about the capabilities of Optimus Prime toy robot, and what's next on their roadmap. Finally, Mike recaps the recent IAC @ CES autonomous car race and interviews IAC founder Paul Mitchell.

Space Business Podcast
Space Business Podcast #89 - Morpheus Space

Space Business Podcast

Play Episode Listen Later Jan 14, 2023 49:15


Daniel Bock and Istvan Lőrincz are the co-founders of Morpheus Space, an innovative electric propulsion company based in Germany and the U.S. I met them for the first time at IAC in 2019 when they won the pitch competition and since then they have done really well, including announcing a US$28 million Series A last September. Please enjoy listening to them talk about their technology and their entrepreneurial journey! Follow us: https://www.twitter.com/podcast_space Instagram - brand new! @raphael_space Learn more about space & the space economy: Check out the edX/EPFL Space Economy MOOC: https://www.edx.org/course/new-space-economy There is now a certificate for those wanting to enter the space sector: https://www.spacecertificate.com Do you want to specifically learn about investing in Space? Join the pre-release of Raphael's new live-taught course on Maven:  https://maven.com/space-business-institute/investing-course The Space Business Podcast is sponsored by NanoAvionics. Support us at https://www.patreon.com/spacebusinesspodcast   Timestamps 0:00 Intro 2:31 Elevator pitch 4:12 The origin of "Morpheus Space" 7:40 Perceived market gap 9:54 Is propulsion for collision avoidance all just a PR stunt? 11:36 Satellite collision data 13:25 Propulsion modeling 17:05 Business model 20:51 Talking to customers 21:48 Propulsion 28:29 Scaleability 30:36 Product constraints and challenges 33:25 Morpheus Space other line of products 36:21 How to prioritize 39:05 Partnership with Kayhan Space 41:11 Vision for the company 42:35 Other interesting things in the Space sector 45:45 Sci-Fi

Everyday Conversations on Race for Everyday People
Navigating Racism and Inclusion with Greg Jenkins, Nirupa Netram, and Elinor Stutz

Everyday Conversations on Race for Everyday People

Play Episode Listen Later Jan 13, 2023 50:40


When Greg Jenkins, Nirupa Netram, and Elinor Stutz, three colleagues and members of the Inclusion Allies Coalition, come together to discuss the importance of talking about race, they are confronted with their own diverse backgrounds, a goal to support those impacted by racism, and a central conflict between silence and open dialogue.   "It is important for us to understand that race is a very Western idea, but in the context of those parts of the world where race is an understood terminology to understand the effects of race and racism is important for us to, in the case of the IAC, help us understand people that are suffering because of the negative impacts of racism." - Greg Jenkins Greg Jenkins is an older, white, straight male of Catholic upbringing who spent 28 years in the US Army and has been a diversity, equity, and inclusion consultant for the last 17 years. Nirupa Netram is an attorney and consultant of Indian descent and Hindu faith. Elinor Stutz is a Jewish woman, a best selling author, and the founder of Smooth Sale, Greg, Nirupa, and Elinor, along with Simma, are colleagues and members of the Inclusion Allies Coalition. Each of them has a different cultural background and provides their own perspective on the importance of talking about race and the value of the Inclusion Allies Coalition. Elinor shares the story of her family's experience and her own experience in corporate. They explain why it is important to have conversations about race, speak out against racism and stand together with people who are different. The Inclusion Allies Coalition provides a safe space for entry into conversations about diversity, equity, and inclusion, and a way to connect with people from all around the world.   The Inclusion Allies Coalition brought together three colleagues and friends with a variety of cultural backgrounds. They discussed the importance of having conversations about race and the value of those conversations. In this episode, you will learn the answers to the following: How does being a member of the Inclusion Allies Coalition promote diversity, equity, and inclusion? What challenges have been experienced by those who have been negatively impacted by racism? How can people become more open to learning from those who are different?   Key Topics: [00:45] Three members of the Inclusion Allies Coalition appear on this week's podcast. Each person will give you two minutes, two sentences about themselves. They will give their name, their cultural background. [03:09] “Why do you think it's important to talk about race today?”  We can't have silence now because you're going to call on us. Why is it an important conversation? Well, these are discussions that are happening globally in response to so many issues.   [04:48] Elinor Stutz was raised not to talk about being Jewish because her family were holocaust surivors. She says antisemitism is on the rise and so is racism. It's important for groups to stand together and to really speak out together.   [09:02] The Inclusion Allies Coalition brings together people from all over the world. They are  advocates for people that may be suffering, or negatively impacted by the topics that we're referring to here. Greg finds value in networking with other colleagues that are trying to do good things in their world. [11:09] Being an IAC member allows you to gain access to global practitioners who support and take action to build inclusion. Elinor shares what it means to her to meet so many people who diverse in so many ways. [19:24] When Elinor was growing up, her grammar was half English and half Yiddish. She felt weird all the time. People always told her she was weird. [22:23] Nirupa: “I was very lucky growing up. It wasn't until I moved to the US that I began to experience the negative aspects of race and racism.” She says she would walk into stores and be ignored or looked at a certain way. Nirupa believes people are fundamentally good and capable of change. [27:07] Simma ask Nirupa, “Do you think younger generations are more accepting of Diversity, Equity and Inclusion, or it's still the same?” Nirupa “I would like to see the future in upcoming generations, that they are more inclusive. I again believe people are well intended and capable of change.” [31:13] Nirupa: “Inclusion Allies Coalition is an important place in that we can have conversations that we don't have normally. For some folks, like maybe the ones that you're referring to in Charlottesville, that frightens them. We have to create spaces to have the conversations.” [33:35] Simma: What would you like your friends to do to show support for you? Nirupa: I think just maybe us openly talking about it, and sharing ways that they can be an ally to me. I find talking through scenarios that negatively impact us really help. [36:41] Gregory: “We need to acknowledge what has happened so that it's not glossed over". Elinor: I hope that we will become more united and this crime wave based on race and antisemitism as well as toward other groups will end. [42:17] Greg: “For your listeners there's the 4D Tool. The four DS are delay, distract, delegate and direct. Research showed that oftentimes when people see something happening, they don't know what to do. We do have to stand up, which is why we have inclusion allies.” [45:39] Simma: “Share either a movie. film or TV show, or a song that reflects what's going on today around race and differences or allyship. For each of you, I want to know, do you have any?   Guests Bio   Greg Jenkins is a dedicated and passionate leader, facilitator, coach, and mentor dedicated to helping people and teams achieve higher levels of performance.  Greg completed a successful 28+ year US Army career that ranged from overseas duties in Germany, South Korea, and combat duty in Iraq to include several stateside assignments culminating in Washington D.C.  While serving at the Pentagon, Greg teamed up with the Army's Diversity Task Force, and worked directly with the Secretary of the Army and Army Chief of Staff to help establish the Army's Diversity program, policies, and marketing.    Now spanning over three decades from military service to professional corporate consulting, Greg has trained, facilitated, mentored, and coached countless military service members, corporate employees and executive leaders of various industries including the Federal Government, US military, finance, insurance, communications, logistics and retail services.  Greg is a passionate veteran volunteer who enjoys actively mentoring and coaching business professionals, US military service members, veterans.   Social Media Links LinkedIn Twitter   Nirupa Netram is an Indian female immigrant attorney and certified diversity, equity, and inclusion (DEI) in the workplace professional with more than two decades of experience in multiple sectors, including the corporate, nonprofit, government, and legal sectors, in the areas of DEI, human resources, program management, strategic planning, operations, compliance, and more. Nirupa earned her bachelor's degree in business administration from Stetson University and her juris doctorate from Stetson University College of Law. She is the founder of Lotus Solutions LLC, a Florida-certified woman and minority-owned enterprise that helps local, national, and international organizations build and sustain DEI to ensure a fair and just workplace.   Elinor Stutz, CEO of Smooth Sale, delivers inspirational keynotes at conferences and authored three books: The International Best-Selling book, “Nice Girls DO Get the Sale: Relationship Building That Gets Results”, and her second best-selling book is “HIRED!” The third book, The Wish: A 360 Business Development Process to Fuel Sales provides a comprehensive plan for building a global audience. Kred ranks Stutz as a Top 1% influencer; CEO World Magazine named Stutz as one of “The brightest sales minds to follow on Twitter” and she was featured on the cover of the March 2015 Sales and Service Excellence e-Magazine. Stutz' blog is distributed among corporations and entrepreneurs alike. Both Bizhumm and NowISeeIt named the Smooth Sale Blog as one of the “Top 100 Most Innovative Sales Bloggers.” Her sales seminar was filmed for Eduson.TV. Stutz consults and speaks worldwide.   Host Bio Simma Lieberman, The Inclusionist helps leaders create inclusive cultures. She is a consultant, speaker and facilitator and the host of the podcast, “Everyday Conversations on Race for Everyday People.” Contact Simma@SimmaLieberman.com Go to www.simmalieberman.com and www.raceconvo.com for more information Simma is a member of and inspired by the global organization IAC (Inclusion Allies Coalition)   Resources: IAC (Inclusion Allies Coalition)   Other episodes you'll enjoy: Black Fatigue with Mary Frances Winters Kamau Bell and Kate Schatz; Do the Anti-Racist Work How to End Racial Bias in Media with Karen Hunter and Daniel Stedman   Connect with SIMMA: Instagram Facebook YouTube Twitter LinkedIn Website Loved this episode? Leave us a review and rating   

If Anyone Cares
91. Dave Sims

If Anyone Cares

Play Episode Listen Later Jan 12, 2023 55:21


To start 2023, we invited Dave Sims, the TV voice of the Seattle Mariners, on the show to talk about being one of the very few Black PxP commentators in the history of Major League Baseball. He shares his story as a young kid in Philly, his migration to New York, and the winding road that landed him a prominent job in the PNW. Storytelling, our love for the art of broadcasting, and the new pathway for Black sportscasters fill our 53-minute conversation. What a way to start 2023.2022 IAC x Spotify Artist of the Year: https://open.spotify.com/playlist/7L2kaMv9d4wm6a9xCQpkQV?si=4c05b8c0bb554f0bTwitters: @IfAnyoneCares_ @RileyJamesIAC@TheDaveSimsShow  Instagrams:@RileyJamesIAC@tdssIAC x Spotify: https://open.spotify.com/user/isd6udf2ge8jixu9jmdvy7g22?si=lbVsX8nGR4GDU8S76ZjAXA&nd=1 Art: Spencer Ware (@spencerwarecreative)Music: All Good Folks and IAC Productions Music from Upbeat (free for Creators!):https://uppbeat.io/t/all-good-folks/summertime-jamLicense code: I2TIWBIRPGF4Z3VY

The Cloud Pod
194: The Cloud Pods New Years Resolution: Change everything!

The Cloud Pod

Play Episode Listen Later Jan 10, 2023 80:40


For our New Years Resolution, we decided to change some of our show. First, we have cut the lightning round in favor of our new Cloud Journey series, where we will talk about core cloud concepts over several episodes. We are also covering only the larger stories from the cloud providers, we still want to provide you with all of the news, so you'll find it in the show notes; if you enjoy the aggregation, subscribe to our newsletter to get the show notes to get your mailbox weekly.  Share your feedback through our website or join our slack team.  On this episode of The Cloud Pod, the team follows up on the news from Salesforce's last episode, as workforce cuts ensue as a fallout of the noted decline in productivity, with more on 2023 predictions from Peter, including general expectations in the tech space, while also highlighting the new Graph-explorer tool by Amazon Neptune, GCP security trends for the coming year, the CES Conference and CCOE from the new Cloud Journey Series. A big thanks to this week's sponsor, Foghorn Consulting, which provides full-stack cloud solutions focused on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights

HFS PODCASTS
Unfiltered Stories | Structuring win-win automation engagements to drive real business outcomes

HFS PODCASTS

Play Episode Listen Later Jan 4, 2023 21:04


In this edition of Unfiltered Stories, Saurabh Gupta, President of Research & Advisory Services at HFS connects with Olivier Gomez, Co-Founder & CEO at IAC.ai - Intelligent Automation, and Alex Teteris, Director, Global IT & Center Technology at IWG plc. Saurabh, Olivier, and Alex cover a range of topics, including: How IWG is driving real business outcomes by leveraging automation? Why are we still pricing efforts? What is IAC.ai doing differently than the rest of the market? What are the outcomes that IWG is trying to achieve with the IAC.ai team? What are the risks and challenges foreseen in this type of pricing structure and how are you trying to mitigate or address them? What's been the success and failures in your engagement journey, so far? What will be the one piece of advice to all our audience (enterprises & service providers) who are listening in on how they reach their automation ambitions?

Application Security PodCast
Michael Bargury -- Low Code / No Code Security and an OWASP Top Ten

Application Security PodCast

Play Episode Listen Later Jan 3, 2023 47:16


Michael Bargury is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past, he headed security product efforts at Azure, focused on IoT, APIs and IaC. Michael is passionate about all things related to cloud, SaaS and low-code security and spends his time finding ways they could go wrong. He also leads the OWASP low-code security project and writes about it on DarkReading. Michael is a regular speaker at OWASP, BSides and DEFCON conferences. Michael joins us to unpack Low Code / No Code and the new OWASP Top Ten that defines specific risks against Low/No Code. We hope you enjoy this conversation with...Michael Bargury.Visit our website: https://www.securityjourney.com/resources/application-security-podcast FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/channel/UCfrTGqjSsFCQW4k6TueuY-A Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Application Security Podcast is brought to you by Security Journey. Security Journey delivers secure coding training to development teams and those who support them. They help enterprises reduce vulnerabilities through application security education for developers and everyone in the SDLC. TRY OUR TRAINING ➜ https://info.securityjourney.com/try-our-training

Universo de Misterios
511 - ¿Qué hay en los remotos confines del sistema solar? Parte 1 - Episodio exclusivo para mecenas

Universo de Misterios

Play Episode Listen Later Dec 31, 2022 65:00


Agradece a este podcast tantas horas de entretenimiento y disfruta de episodios exclusivos como éste. ¡Apóyale en iVoox! ProcLim - Con motivo de la reciente búsqueda del Planeta X por parte de astrofísicos españoles (Héctor Socas e Ignacio Trujillo, ambos del IAC), iniciamos una serie de programas para repasar qué conocen los astrofísicos de las características y objetos que habitan las regiones remotas del extrarradio de nuestro sistema solar. Escucha el episodio completo en la app de iVoox, o descubre todo el catálogo de iVoox Originals

Lab Rats to Unicorns
RobertCarnahan_e.026

Lab Rats to Unicorns

Play Episode Listen Later Dec 14, 2022 59:49


Dr. Carnahan received his BS in Biology and BS in Psychology from Indiana University, jumped into the industry, working for Eli Lilly in both the US and France, then he came back to academia as a researcher at the Institut Pasteur in Paris, France. He completed his Ph.D. in Cell Biology at Vanderbilt University and his post-doc in the laboratory of Al Reynolds, Ph.D. In 2006, he was appointed as Director of the Vanderbilt Antibody and Protein Resource (VAPR). In addition to directing the VAPR, Dr. Carnahan is an Associate Professor in the Cancer Biology, Faculty director of the Management and Entrepreneurship for Scientists program, a member of the Medical School admissions IAC committee, and is a faculty instructor for both M.D. and Ph.D. training programs. In 2010 he co-founded the Antibody-Technologies Research Group.

If Anyone Cares
90. December Show 2022

If Anyone Cares

Play Episode Listen Later Dec 12, 2022 75:34


Our last show of 2022! We chat about the year that was with IAC. Our wins, best shows, and how we accomplished what we set out to do when we made our goals on 2021's December Show.The first guest for the Bowl Game was Dr. Laura Purdy! Her knowledge about college football is almost nonexistent, but she had a fun time guessing at our list. The third segment is our goals, ambitions, and what to expect for 2023 and If Anyone Cares with new resources, a partnership, and a rejuvenated vigor for making the best possible content.The second guest for the Bowl Game was Alexis Hardwick, again, no knowledge of the sport, so let's see how this goes. Lastly, we thank you for another great year. You're the best and we always care for you. See you in ‘22. Twitters:  @IfAnyoneCares_  @RileyJamesIAC   Instagram: @RileyJamesIAC  @AmericasFavoriteDoctor@Alexis.Hardwick

Equity Mates Investing Podcast
Bryce v Ren: 2022's Stock of the Year

Equity Mates Investing Podcast

Play Episode Listen Later Dec 11, 2022 40:22


Spotify thought they were the original wrapped - but Equity Mates has been wrapping up stock of the year for a few years now, and it's time for us to look back at 2022. Bryce picked Macquarie, and Alec chose IAC… who's come out ahead? Bryce has learned that the Australian economy is actually pretty hot - he looked at these 10 graphs from the AFR.Ren is looking in the bargain bin and seeing some great stocks that have come off their highs - a great reminder that there's some real opportunities if you look beyond the obvious choices. Then we close out with a final Book Bonanza of the year. If you want to play, or get involved in the show - email sascha@equitymates.com To get involved in the Equity Mates Awards 2022 - click here*****Looking for an investing book gift for a loved one this christmas? Order ‘Get Started Investing', written by Equity Mates Alec and Bryce. Available on Booktopia and Amazon now!If you want to let Alec or Bryce know what you think of an episode, contact them here. Stay engaged with the Equity Mates community by joining our forum. Make sure you don't miss anything about Equity Mates - visit this page if you want to support our work.Have you just started investing? Listen to Get Started Investing – Equity Mates series that breaks down all the fundamentals you need to feel confident to start your journey.Want more Equity Mates? Come to our website and subscribe to Equity Mates Investing Podcast, social media channels, Thought Starters mailing list and more at or check out our Youtube channel.*****In the spirit of reconciliation, Equity Mates Media and the hosts of Equity Mates Investing Podcast acknowledge the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respects to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander people today. *****Equity Mates Investing Podcast is a product of Equity Mates Media. This podcast is intended for education and entertainment purposes. Any advice is general advice only, and has not taken into account your personal financial circumstances, needs or objectives. Before acting on general advice, you should consider if it is relevant to your needs and read the relevant Product Disclosure Statement. And if you are unsure, please speak to a financial professional. Equity Mates Media operates under Australian Financial Services Licence 540697.Equity Mates is part of the Acast Creator Network. Hosted on Acast. See acast.com/privacy for more information.

Notícias Agrícolas - Podcasts
Citrus: Molécula até então só utilizada na medicina vira fertilizante e chega para ajudar produtor no combate ao greening

Notícias Agrícolas - Podcasts

Play Episode Listen Later Dec 9, 2022 6:35


Pesquisa realizada pelo IAC há vinte anos se une ao setor privado para buscar solução para a principal doença da citricultura

Sub Club
Why You Shouldn't Let Perfect Be the Enemy of Experimentation — Dan Pannasch, RevenueCat

Sub Club

Play Episode Listen Later Dec 7, 2022 63:27


On the podcast I talk with Dan about how to design experiments that answer the right questions, common A/B testing pitfalls to avoid, and how a simple checklist might just save your complex experiment.Top Takeaways

Office Hours with Spencer Rascoff
Tricia Han talks About the Journey from working as a Product Manager to Becoming CEO of Health and Wellness Brand MyFitnessPal

Office Hours with Spencer Rascoff

Play Episode Listen Later Dec 2, 2022 30:46


Tricia Han, the head of MyFitnesesPal speaks with Spencer about her journey from being a Product Manager to becoming a CEO in this episode of Office Hours. MyFitnessPal is a leading health and wellness tech brand, whose popular mobile app allows users to track their daily food intake. Tricia talks about the differences of working in East Coast tech vs West Coast tech, heading a start-up through a change management process, and the importance of representation in the tech space. Tricia also shares some suprising data points logged from L.A. users of the app.  Prior to MyFitnessPal, Tricia was the Chief Product Officer of Care.com, a U.S. marketplace connecting families and caregivers, CEO of Daily Burn, a fitness tech brand, and Chief Product Officer at Dotdash, all operating businesses of IAC. Her professional experience also includes leading product management teams at a variety of technology companies and start-ups including WebMD, DailyCandy, and Vindigo. Han earned her Bachelor of Arts from Cornell University.

The Skift Podcast
Expedia's CEO on the Great Opportunities in Travel

The Skift Podcast

Play Episode Listen Later Nov 29, 2022 30:12


A lot of ground was covered during Peter Kern's appearance at Skift Global Forum in New York City on September 21. The vice chairman and CEO of Expedia Group gave his take on technology, micro-services, mergers and acquisitions, and outlined why the online travel agencies still only control around 20 percent of a “multi-trillion dollar” travel market. "There's huge opportunity," Kern says. "You just have to innovate the products and innovate the business model over time." And of course he (delicately) responded to comments made earlier at the forum by Barry Diller, the chairman and senior executive of both Expedia Group and IAC, that working from home was “kind of stupid” and “a crock,”while in discussion with Skift founder and CEO Rafat Ali. Listen now for the full conversation of the “Democratizing the Travel Ecosystem” session. Read more about Expedia on Skift. Get weekly updates about online travel by subscribing to our online travel newsletter.

Data Protection Gumbo
169: Stop Attacks with Cloud-native Runtime Security - Spyderbat

Data Protection Gumbo

Play Episode Listen Later Nov 29, 2022 25:45


Seth Goldhammer, VP Marketing at Spyderbat discusses how cloud-native approaches are creating new security challenges and how developers are impacted when they write their code including being vulnerable to hacking.

The Secure Developer
Ep. 122 State of Cloud Security with Guy Podjarny, Simon Maple and Drew Wright

The Secure Developer

Play Episode Listen Later Nov 28, 2022 44:57


Cloud Security is a evolving and so are the attacks in this space. The landscape is becoming increasingly complex, so the question remains how do we tackle cloud security in organisations, who owns it and how do we best prepare?. In this episode, we provide listeners with an overview of Snyk's report on cloud security and unpack some unsettling statics. To walk us through the report, we're joined by Drew Wright, the primary author of the report, and Simon Maple, Snyk's Field CTO. In our conversation, we delve into the main findings, how data was collected, and essential lessons from the report. We discuss the differences between the IT cloud and the app cloud, adopting an infrastructure-as-code approach, what businesses are most at risk, and why cloud security is vital for all businesses. We also talk about the recent cultural shift regarding the responsibility of security and the nuanced perspectives on why cloud security is vital. Hear about a fantastic open-source resource, how to prevent security breaches, common mistakes businesses make, and more. Tune in to ensure you are up to date on the latest developments in the space as we navigate The State of Cloud Security report with experts Drew Wright and Simon Maple.

On the Schmooze Podcast: Leadership | Strategic Networking | Relationship Building

Today's guest knows that no one ever wishes they'd spent more time at the office or pines for work that didn't inspire them. Her specialty is making sales fun as she helps women heal their relationship with money. She has spoken at women's conferences all over the world and has helped hundreds of women start and grow businesses they LOVE. She spent 15 years navigating the male-dominated world of tech. Along the way, she worked at Lifetime Television's New Media department, worked hand-in-hand with Marianne Williamson on her community site and digital offering—The Miracle Matrix—and worked at IAC where she managed a P&L worth hundreds of millions of dollars. She's the voice behind the Game On Girlfriend Podcast, and she's known for her weekly "Sarah Uncut" TV show on YouTube and LIVE "Coffee With Coach" streaming video conversations on Monday mornings. Please join me in welcoming Sarah Walton. In this episode we discuss: her thoughts on leadership: “Leadership is anything that inspires action.” growing up Mormon in Utah and how that shaped her upbringing, and how she broke the mold of possibility. her being the first girl student body president in middle school. how she went from Utah to attending UCLA and living in NYC. how volunteering to build houses and tutor differently-abled children in France opened her eyes to diversity and possibility in her life. her first job in a bank and how she was offered the opportunity to build websites that later turned into a really strong technological skill on top of her English degree from college. how she was ‘coaching' people on how to have great relationships with their colleagues before she knew what coaching was. showing her boss how to fire her so that she could become an entrepreneur. starting her business while seven months pregnant and in the middle of a recession. how she predominantly works with women although she has coached a few men. how she nurtures and sustains the outer levels of her network. what she's looking forward to in the following year. Listen, subscribe and read show notes at www.OnTheSchmooze.com

The Nate Lull Podcast
The Nate Lull Podcast, Episode 198: Todd Mulvaney

The Nate Lull Podcast

Play Episode Listen Later Nov 23, 2022 58:16


Nate hits the road to IAC country to sit down with Moravia Boys Basketball Coach, Todd Mulvaney. He has built a powerhouse program that continually competes at the highest level in the Section IV and NYS playoffs. In recent history, the Blue Devils have had numerous battles with teams from the MAC and two epic showdowns at the state tournament with Cooperstown. The guys discuss the Moravia state title in 2017 and how that group came together in a difficult time when one of their teammates was in a serious car accident. Preferred Mutual Home, Auto and Business Insurance

The Engineering Leadership Podcast
Building self-sufficient teams and operating in constrained funding environments w/ Elaine Zhou #106

The Engineering Leadership Podcast

Play Episode Listen Later Nov 22, 2022 45:04


We cover how to uplevel your eng team with Elaine Zhou, CTO @ Change.org! She shares some of her favorite frameworks and strategies for creating self-sufficient teams, amplifying high-performers, performing self-assessments, and hosting prioritization conversations. Plus Elaine shares the story behind how she got involved with Change.org, navigating different operating constraints in your business model (from non-profit to VC-funded contexts), and what it's like investing in high-impact areas with no revenue expectation.ABOUT ELAINE ZHOUChange.org CTO Elaine Zhou joined the platform for change in 2020. Prior to Change.org, she was at Vidado as CTO, and has held leadership positions for over a decade at companies including HomeStore, PlanetOut, IAC and more. She's been a longtime mentor at Upwardly Global. Follow her on Twitter at @softwired."High performance need to be in that fail safe environment so they're willing to explore and to iterate. So really help them to do that, the way that I solve the problem with them is not just that, “You are good, you're good.” Just pump them up. No, it's actually, “Let's look at a problem. I actually agree with your solution and this is why I like your solution.”Help them to gain the confidence and give them that kind of hard opportunity to try that and you know they will build their confidence so much.”- Elaine Zhou   SHOW NOTES:Why Elaine got involved with Change.org (2:24)The importance of understanding the business / non-profit model for eng leaders (6:29)How business, technology, & financial constraints impact business decisions (9:44)Investing in impact with no revenue expectation (14:42)Strategies for creating self-sufficiency within teams & traps eng leaders fall into when leveling up their team (18:06)Questions to ask yourself during self-assessments to determine priorities (22:05)What you should do as an eng leader after transitioning your team to be self-sufficient (28:10)Frameworks for prioritization conversations (29:14)The technical area Elaine is most focused on growing right now (32:23)Strategies for amplifying & supporting your best performers (33:58)Rapid fire questions (38:35)LINKS AND RESOURCESThe Lean Startup: How Today's Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses - Eric Reis' book outlining his strategy for building a start-up that he developed during his time as a founder and start-up advisor.Measure What Matters - John Doerr's collection of first-person accounts that demonstrates the focus, growth, and explosive growth that OKRs have spurred in many great organizations.

Enterprise Security Weekly (Audio)
ESW #297 - Tony Karam, Dan Frechtling

Enterprise Security Weekly (Audio)

Play Episode Listen Later Nov 18, 2022 145:58


Infrastructure-as-code (IaC) allows for quick and consistent configuration and deployment of infrastructure components because it's defined through code. It also enables repeatable deployments across environments. IaC is seeing significant attention in the cloud security space, but why now? This conversation will dig into how Infrastructure-as-code is enabling faster innovation on application development with security built in. Segment Resources: - https://www.lacework.com/solutions/infrastructure-as-code/ - https://www.lacework.com/blog/introducing-secure-automated-iac-deployments-with-terraform/  - https://info.lacework.com/cloud-threat-report.html    We catch up on 2 weeks of news, starting with 18 funding rounds and several new products! Splunk acquires Twinwave Another ASM vendor, Templarbit, gets acquired into the Cyberinsurance industry, InfoSec Layoffs continue in a big way alongside huge cuts at Facebook, Twitter, and Amazon, Microsoft sued for stealing code to train GitHub Copilot, Google sued for tracking when users asked them not to, Apple sued for violating privacy when users asked them not to, Taking away kids' smartphones, Stealing passwords from Mastodon, Should Cryptocurrency die in a fire? All that and more, on this episode of Enterprise Security Weekly.   This segment will focus on (1) Why Did Sephora Get Fined $1.2M and Why Are They on Probation? (2) Why Data Privacy is Being Overhauled in 2023 (and How You Can Be Ready) Segment Resources: - https://www.consumerreports.org/electronics-computers/privacy/i-said-no-to-online-cookies-websites-tracked-me-anyway-a8480554809/ - https://www.geekwire.com/2022/the-bittersweet-serendipity-that-gave-these-two-startup-leaders-a-shared-mission-in-online-privacy/ - https://www.boltive.com/blog/why-having-a-consent-management-platform-is-not-enough - https://www.boltive.com/blog/bracing-for-2023-privacy-laws - https://ceoworld.biz/2022/07/03/three-ways-your-data   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw297

Paul's Security Weekly
ESW #297 - Tony Karam, Dan Frechtling

Paul's Security Weekly

Play Episode Listen Later Nov 18, 2022 145:58


Infrastructure-as-code (IaC) allows for quick and consistent configuration and deployment of infrastructure components because it's defined through code. It also enables repeatable deployments across environments. IaC is seeing significant attention in the cloud security space, but why now? This conversation will dig into how Infrastructure-as-code is enabling faster innovation on application development with security built in. Segment Resources: - https://www.lacework.com/solutions/infrastructure-as-code/ - https://www.lacework.com/blog/introducing-secure-automated-iac-deployments-with-terraform/  - https://info.lacework.com/cloud-threat-report.html    We catch up on 2 weeks of news, starting with 18 funding rounds and several new products! Splunk acquires Twinwave Another ASM vendor, Templarbit, gets acquired into the Cyberinsurance industry, InfoSec Layoffs continue in a big way alongside huge cuts at Facebook, Twitter, and Amazon, Microsoft sued for stealing code to train GitHub Copilot, Google sued for tracking when users asked them not to, Apple sued for violating privacy when users asked them not to, Taking away kids' smartphones, Stealing passwords from Mastodon, Should Cryptocurrency die in a fire? All that and more, on this episode of Enterprise Security Weekly.   This segment will focus on (1) Why Did Sephora Get Fined $1.2M and Why Are They on Probation? (2) Why Data Privacy is Being Overhauled in 2023 (and How You Can Be Ready) Segment Resources: - https://www.consumerreports.org/electronics-computers/privacy/i-said-no-to-online-cookies-websites-tracked-me-anyway-a8480554809/ - https://www.geekwire.com/2022/the-bittersweet-serendipity-that-gave-these-two-startup-leaders-a-shared-mission-in-online-privacy/ - https://www.boltive.com/blog/why-having-a-consent-management-platform-is-not-enough - https://www.boltive.com/blog/bracing-for-2023-privacy-laws - https://ceoworld.biz/2022/07/03/three-ways-your-data   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw297

Screaming in the Cloud
Snyk and the Complex World of Vulnerability Intelligence with Clinton Herget

Screaming in the Cloud

Play Episode Listen Later Nov 17, 2022 38:39


About ClintonClinton Herget is Field CTO at Snyk, the leader is Developer Security. He focuses on helping Snyk's strategic customers on their journey to DevSecOps maturity. A seasoned technnologist, Cliton spent his 20-year career prior to Snyk as a web software developer, DevOps consultant, cloud solutions architect, and engineering director. Cluinton is passionate about empowering software engineering to do their best work in the chaotic cloud-native world, and is a frequent conference speaker, developer advocate, and technical thought leader.Links Referenced: Snyk: https://snyk.io/ duckbillgroup.com: https://duckbillgroup.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is brought to us in part by our friends at Pinecone. They believe that all anyone really wants is to be understood, and that includes your users. AI models combined with the Pinecone vector database let your applications understand and act on what your users want… without making them spell it out.Make your search application find results by meaning instead of just keywords, your personalization system make picks based on relevance instead of just tags, and your security applications match threats by resemblance instead of just regular expressions. Pinecone provides the cloud infrastructure that makes this easy, fast, and scalable. Thanks to my friends at Pinecone for sponsoring this episode. Visit Pinecone.io to understand more.Corey: This episode is bought to you in part by our friends at Veeam. Do you care about backups? Of course you don't. Nobody cares about backups. Stop lying to yourselves! You care about restores, usually right after you didn't care enough about backups.  If you're tired of the vulnerabilities, costs and slow recoveries when using snapshots to restore your data, assuming you even have them at all living in AWS-land, there is an alternative for you. Check out Veeam, thats V-E-E-A-M for secure, zero-fuss AWS backup that won't leave you high and dry when it's time to restore. Stop taking chances with your data. Talk to Veeam. My thanks to them for sponsoring this ridiculous podcast.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. One of the fun things about establishing traditions is that the first time you do it, you don't really know that that's what's happening. Almost exactly a year ago, I sat down for a previous promoted guest episode much like this one, With Clinton Herget at Snyk—or Synic; however you want to pronounce that. He is apparently a scarecrow of some sorts because when last we spoke, he was a principal solutions engineer, but like any good scarecrow, he was outstanding in his field, and now, as a result, is a Field CTO. Clinton, Thanks for coming back, and let me start by congratulating you on the promotion. Or consoling you depending upon how good or bad it is.Clinton: You know, Corey, a little bit of column A, a little bit of column B. But very glad to be here again, and frankly, I think it's because you insist on mispronouncing Snyk as Synic, and so you get me again.Corey: Yeah, you could add a couple of new letters to it and just call the company [Synack 00:01:27]. Now, it's a hard pivot to a networking company. So, there's always options.Clinton: I acknowledge what you did there, Corey.Corey: I like that quite a bit. I wasn't sure you'd get it.Clinton: I'm a nerd going way, way back, so we'll have to go pretty deep in the stack for you to stump me on some of this stuff.Corey: As we did with the, “I wasn't sure you'd get it.” See that one sailed right past you. And I win. Chalk another one up for me and the networking pun wars. Great, we'll loop back for that later.Clinton: I don't even know where I am right now.Corey: [laugh]. So, let's go back to a question that one would think that I'd already established a year ago, but I have the attention span of basically a goldfish, let's not kid ourselves. So, as I'm visiting the Snyk website, I find that it says different words than it did a year ago, which is generally a sign that is positive; when nothing's been updated including the copyright date, things are going really well or really badly. One wonders. But no, now you're talking about Snyk Cloud, you're talking about several other offerings as well, and my understanding of what it is you folks do no longer appears to be completely accurate. So, let me be direct. What the hell do you folks do over there?Clinton: It's a really great question. Glad you asked me on a year later to answer it. I would say at a very high level, what we do hasn't changed. However, I think the industry has certainly come a long way in the past couple years and our job is to adapt to that Snyk—again, pronounced like a pair of sneakers are sneaking around—it's a developer security platform. So, we focus on enabling the people who build applications—which as of today, means modern applications built in the cloud—to have better visibility, and ultimately a better chance of mitigating the risk that goes into those applications when it matters most, which is actually in their workflow.Now, you're exactly right. Things have certainly expanded in that remit because the job of a software engineer is very different, I think this year than it even was last year, and that's continually evolving over time. As a developer now, I'm doing a lot more than I was doing a few years ago. And one of the things I'm doing is building infrastructure in the cloud, I'm writing YAML files, I'm writing CloudFormation templates to deploy things out to AWS. And what happens in the cloud has a lot to do with the risk to my organization associated with those applications that I'm building.So, I'd love to talk a little bit more about why we decided to make that move, but I don't think that represents a watering down of what we're trying to do at Snyk. I think it recognizes that developer security vision fundamentally can't exist without some understanding of what's happening in the cloud.Corey: One of the things that always scares me is—and sets the spidey sense tingling—is when I see a company who has a product, and I'm familiar—ish—with what they do. And then they take their product name and slap the word cloud at the end, which is almost always codes to, “Okay, so we took the thing that we sold in boxes in data centers, and now we're making a shitty hosted version available because it turns out you rubes will absolutely pay a subscription for it.” Yeah, I don't get the sense that at all is what you're doing. In fact, I don't believe that you're offering a hosted managed service at the moment, are you?Clinton: No, the cloud part, that fundamentally refers to a new product, an offering that looks at the security or potentially the risks being introduced into cloud infrastructure, by now the engineers who were doing it who are writing infrastructure as code. We previously had an infrastructure-as-code security product, and that served alongside our static analysis tool which is Snyk Code, our open-source tool, our container scanner, recognizing that the kinds of vulnerabilities you can potentially introduce in writing cloud infrastructure are not only bad to the organization on their own—I mean, nobody wants to create an S3 bucket that's wide open to the world—but also, those misconfigurations can increase the blast radius of other kinds of vulnerabilities in the stack. So, I think what it does is it recognizes that, as you and I think your listeners well know, Corey, there's no such thing as the cloud, right? The cloud is just a bunch of fancy software designed to abstract away from the fact that you're running stuff on somebody else's computer, right?Corey: Unfortunately, in this case, the fact that you're calling it Snyk Cloud does not mean that you're doing what so many other companies in that same space do it would have led to a really short interview because I have no faith that it's the right path forward, especially for you folks, where it's, “Oh, you want to be secure? You've got to host your stuff on our stuff instead. That's why we called it cloud.” That's the direction that I've seen a lot of folks try and pivot in, and I always find it disastrous. It's, “Yeah, well, at Snyk if we run your code or your shitty applications here in our environment, it's going to be safer than if you run it yourself on something untested like AWS.” And yeah, those stories hold absolutely no water. And may I just say, I'm gratified that's not what you're doing?Clinton: Absolutely not. No, I would say we have no interest in running anyone's applications. We do want to scan them though, right? We do want to give the developers insight into the potential misconfigurations, the risks, the vulnerabilities that you're introducing. What sets Snyk apart, I think, from others in that application security testing space is we focus on the experience of the developer, rather than just being another tool that runs and generates a bunch of PDFs and then throws them back to say, “Here's everything you did wrong.”We want to say to developers, “Here's what you could do better. Here's how that default in a CloudFormation template that leads to your bucket being, you know, wide open on the internet could be changed. Here's the remediation that you could introduce.” And if we do that at the right moment, which is inside that developer workflow, inside the IDE, on their local machine, before that gets deployed, there's a much greater chance that remediation is going to be implemented and it's going to happen much more cheaply, right? Because you no longer have to do the round trip all the way out to the cloud and back.So, the cloud part of it fundamentally means completing that story, recognizing that once things do get deployed, there's a lot of valuable context that's happening out there that a developer can really take advantage of. They can say, “Wait a minute. Not only do I have a Log4Shell vulnerability, right, in one of my open-source dependencies, but that artifact, that application is actually getting deployed to a VPC that has ingress from the internet,” right? So, not only do I have remote code execution in my application, but it's being put in an enclave that actually allows it to be exploited. You can only know that if you're actually looking at what's really happening in the cloud, right?So, not only does Snyk cloud allows us to provide an additional layer of security by looking at what's misconfigured in that cloud environment and help your developers make remediations by saying, “Here's the actual IAC file that caused that infrastructure to come into existence,” but we can also say, here's how that affects the risk of other kinds of vulnerabilities at different layers in the stack, right? Because it's all software; it's all connected. Very rarely does a vulnerability translate one-to-one into risk, right? They're compound because modern software is compound. And I think what developers lack is the tooling that fits into their workflow that understands what it means to be a software engineer and actually helps them make better choices rather than punishing them after the fact for guessing and making bad ones.Corey: That sounds awesome at a very high level. It is very aligned with how executives and decision-makers think about a lot of these things. Let's get down to brass tacks for a second. Assume that I am the type of developer that I am in real life, by which I mean shitty. What am I going to wind up attempting to do that Snyk will flag and, in other words, protect me from myself and warn me that I'm about to commit a dumb?Clinton: First of all, I would say, look, there's no such thing as a non-shitty developer, right? And I built software for 20 years and I decided that's really hard. What's a lot easier is talking about building software for a living. So, that's what I do now. But fundamentally, the reason I'm at Snyk, is I want to help people who are in the kinds of jobs that I had for a very long time, which is to say, you have a tremendous amount of anxiety because you recognize that the success of the organization rests on your shoulders, and you're making hundreds, if not thousands of decisions every day without the right context to understand fully how the results of that decision is going to affect the organization that you work for.So, I think every developer in the world has to deal with this constant cognitive dissonance of saying, “I don't know that this is right, but I have to do it anyway because I need to clear that ticket because that release needs to get into production.” And it becomes really easy to short-sightedly do things like pull an open-source dependency without checking whether it has any CVEs associated with it because that's the version that's easiest to implement with your code that already exists. So, that's one piece. Snyk Open Source, designed to traverse that entire tree of dependencies in open-source all the way down, all the hundreds and thousands of packages that you're pulling in to say, not only, here's a vulnerability that you should really know is going to end up in your application when it's built, but also here's what you can do about it, right? Here's the upgrade you can make, here's the minimum viable change that actually gets you out of this problem, and to do so when it's in the right context, which is in you know, as you're making that decision for the first time, right, inside your developer environment.That also applies to things like container vulnerabilities, right? I have even less visibility into what's happening inside a container than I do inside my application. Because I know, say, I'm using an Ubuntu or a Red Hat base image. I have no idea, what are all the Linux packages that are on it, let alone what are the vulnerabilities associated with them, right? So, being able to detect, I've got a version of OpenSSL 3.0 that has a potentially serious vulnerability associated with it before I've actually deployed that container out into the cloud very much helps me as a developer.Because I'm limiting the rework or the refactoring I would have to do by otherwise assuming I'm making a safe choice or guessing at it, and then only finding out after I've written a bunch more code that relies on that decision, that I have to go back and change it, and then rewrite all of the things that I wrote on top of it, right? So, it's the identifying the layer in the stack where that risk could be introduced, and then also seeing how it's affected by all of those other layers because modern software is inherently complex. And that complexity is what drives both the risk associated with it, and also things like efficiency, which I know your audience is, for good reason, very concerned about.Corey: I'm going to challenge you on aspect of this because on the tin, the way you describe it, it sounds like, “Oh, I already have something that does that. It's the GitHub Dependabot story where it winds up sending me a litany of complaints every week.” And we are talking, if I did nothing other than read this email in that day, that would be a tremendously efficient processing of that entire thing because so much of it is stuff that is ancient and archived, and specific aspects of the vulnerabilities are just not relevant. And you talk about the OpenSSL 3.0 issues that just recently came out.I have no doubt that somewhere in the most recent email I've gotten from that thing, it's buried two-thirds of the way down, like all the complaints like the dishwasher isn't loaded, you forgot to take the trash out, that baby needs a change, the kitchen is on fire, and the vacuuming, and the r—wait, wait. What was that thing about the kitchen? Seems like one of those things is not like the others. And it just gets lost in the noise. Now, I will admit to putting my thumb a little bit on the scale here because I've used Snyk before myself and I know that you don't do that. How do you avoid that trap?Clinton: Great question. And I think really, the key to the story here is, developers need to be able to prioritize, and in order to prioritize effectively, you need to understand the context of what happens to that application after it gets deployed. And so, this is a key part of why getting the data out of the cloud and bringing it back into the code is so important. So, for example, take an OpenSSL vulnerability. Do you have it on a container image you're using, right? So, that's question number one.Question two is, is there actually a way that code can be accessed from the outside? Is it included or is it called? Is the method activated by some other package that you have running on that container? Is that container image actually used in a production deployment? Or does it just go sit in a registry and no one ever touches it?What are the conditions required to make that vulnerability exploitable? You look at something like Spring Shell, for example, yes, you need a certain version of spring-beans in a JAR file somewhere, but you also need to be running a certain version of Tomcat, and you need to be packaging those JARs inside a WAR in a certain way.Corey: Exactly. I have a whole bunch of Lambda functions that provide the pipeline system that I use to build my newsletter every week, and I get screaming concerns about issues in, for example, a version of the markdown parser that I've subverted. Yeah, sure. I get that, on some level, if I were just giving it random untrusted input from the internet and random ad hoc users, but I'm not. It's just me when I write things for that particular Lambda function.And I'm not going to be actively attempting to subvert the thing that I built myself and no one else should have access to. And looking through the details of some of these things, it doesn't even apply to the way that I'm calling the libraries, so it's just noise, for lack of a better term. It is not something that basically ever needs to be adjusted or fixed.Clinton: Exactly. And I think cutting through that noise is so key to creating developer trust in any kind of tool that scanning an asset and providing you what, in theory, are a list of actionable steps, right? I need to be able to understand what is the thing, first of all. There's a lot of tools that do that, right, and we tend to mock them by saying things like, “Oh, it's just another PDF generator. It's just another thousand pages that you're never going to read.”So, getting the information in the right place is a big part of it, but filtering out all of the noise by saying, we looked at not just one layer of the stack, but multiple layers, right? We know that you're using this open-source dependency and we also know that the method that contains the vulnerability is actively called by your application in your first-party code because we ran our static analysis tool against that. Furthermore, we know because we looked at your cloud context, we connected to your AWS API—we're big partners with AWS and very proud of that relationship—but we can tell that there's inbound internet access available to that service, right? So, you start to build a compound case that maybe this is something that should be prioritized, right? Because there's a way into the asset from the outside world, there's a way into the vulnerable functions through the labyrinthine, you know, spaghetti of my code to get there, and the conditions required to exploit it actually exist in the wild.But you can't just run a single tool; you can't just run Dependabot to get that prioritization. You actually have to look at the entire holistic application context, which includes not just your dependencies, but what's happening in the container, what's happening in your first-party, your proprietary code, what's happening in your IAC, and I think most importantly for modern applications, what's actually happening in the cloud once it gets deployed, right? And that's sort of the holy grail of completing that loop to bring the right context back from the cloud into code to understand what change needs to be made, and where, and most importantly why. Because it's a priority that actually translates into organizational risk to get a developer to pay attention, right? I mean, that is the key to I think any security concern is how do you get engineering mindshare and trust that this is actually what you should be paying attention to and not a bunch of rework that doesn't actually make your software more secure?Corey: One of the challenges that I see across the board is that—well, let's back up a bit here. I have in previous episodes talked in some depth about my position that when it comes to the security of various cloud providers, Google is number one, and AWS is number two. Azure is a distant third because it figures out what Crayons tastes the best; I don't know. But the reason is not because of any inherent attribute of their security models, but rather that Google massively simplifies an awful lot of what happens. It automatically assumes that resources in the same project should be able to talk to one another, so I don't have to painstakingly configure that.In AWS-land, all of this must be done explicitly; no one has time for that, so we over-scope permissions massively and never go back and rein them in. It's a configuration vulnerability more than an underlying inherent weakness of the platform. Because complexity is the enemy of security in many respects. If you can't fit it all in your head to reason about it, how can you understand the security ramifications of it? AWS offers a tremendous number of security services. Many of them, when taken in some totality of their pricing, cost more than any breach, they could be expected to prevent. Adding more stuff that adds more complexity in the form of Snyk sounds like it's the exact opposite of what I would want to do. Change my mind.Clinton: I would love to. I would say, fundamentally, I think you and I—and by ‘I,' I mean Snyk and you know, Corey Quinn Enterprises Limited—I think we fundamentally have the same enemy here, right, which is the cyclomatic complexity of software, right, which is how many different pathways do the bits have to travel down to reach the same endpoint, right, the same goal. The more pathways there are, the more risk is introduced into your software, and the more inefficiency is introduced, right? And then I know you'd love to talk about how many different ways is there to run a container on AWS, right? It's either 30 or 400 or eleventy-million.I think you're exactly right that that complexity, it is great for, first of all, selling cloud resources, but also, I think, for innovating, right, for building new kinds of technology on top of that platform. The cost that comes along with that is a lack of visibility. And I think we are just now, as we approach the end of 2022 here, coming to recognize that fundamentally, the complexity of modern software is beyond the ability of a single engineer to understand. And that is really important from a security perspective, from a cost control perspective, especially because software now creates its own infrastructure, right? You can't just now secure the artifact and secure the perimeter that it gets deployed into and say, “I've done my job. Nobody can breach the perimeter and there's no vulnerabilities in the thing because we scanned it and that thing is immutable forever because it's pets, not cattle.”Where I think the complexity story comes in is to recognize like, “Hey, I'm deploying this based on a quickstart or CloudFormation template that is making certain assumptions that make my job easier,” right, in a very similar way that choosing an open-source dependency makes my job easier as a developer because I don't have to write all of that code myself. But what it does mean is I lack the visibility into, well hold on. How many different pathways are there for getting things done inside this dependency? How many other dependencies are brought on board? In the same way that when I create an EKS cluster, for example, from a CloudFormation template, what is it creating in the background? How many VPCs are involved? What are the subnets, right? How are they connected to each other? Where are the potential ingress points?So, I think fundamentally, getting visibility into that complexity is step number one, but understanding those pathways and how they could potentially translate into risk is critically important. But that prioritization has to involve looking at the software holistically and not just individual layers, right? I think we lose when we say, “We ran a static analysis tool and an open-source dependency scanner and a container scanner and a cloud config checker, and they all came up green, therefore the software doesn't have any risks,” right? That ignores the fundamental complexity in that all of these layers are connected together. And from an adversaries perspective, if my job is to go in and exploit software that's hosted in the cloud, I absolutely do not see the application model that way.I see it as it is inherently complex and that's a good thing for me because it means I can rely on the fact that those engineers had tremendous anxiety, we're making a lot of guesses, and crossing their fingers and hoping something would work and not be exploitable by me, right? So, the only way I think we get around that is to recognize that our engineers are critical stakeholders in that security process and you fundamentally lack that visibility if you don't do your scanning until after the fact. If you take that traditional audit-based approach that assumes a very waterfall, legacy approach to building software, and recognize that, hey, we're all on this infinite loop race track now. We're deploying every three-and-a-half seconds, everything's automated, it's all built at scale, but the ability to do that inherently implies all of this additional complexity that ultimately will, you know, end up haunting me, right? If I don't do anything about it, to make my engineer stakeholders in, you know, what actually gets deployed and what risks it brings on board.Corey: This episode is sponsored in part by our friends at Uptycs. Attackers don't think in silos, so why would you have siloed solutions protecting cloud, containers, and laptops distinctly? Meet Uptycs - the first unified solution that prioritizes risk across your modern attack surface—all from a single platform, UI, and data model. Stop by booth 3352 at AWS re:Invent in Las Vegas to see for yourself and visit uptycs.com. That's U-P-T-Y-C-S.com. My thanks to them for sponsoring my ridiculous nonsense.Corey: When I wind up hearing you talk about this—I'm going to divert us a little bit because you're dancing around something that it took me a long time to learn. When I first started fixing AWS bills for a living, I thought that it would be mostly math, by which I mean arithmetic. That's the great secret of cloud economics. It's addition, subtraction, and occasionally multiplication and division. No, turns out it's much more psychology than it is math. You're talking in many aspects about, I guess, what I'd call the psychology of a modern cloud engineer and how they think about these things. It's not a technology problem. It's a people problem, isn't it?Clinton: Oh, absolutely. I think it's the people that create the technology. And I think the longer you persist in what we would call the legacy viewpoint, right, not recognizing what the cloud is—which is fundamentally just software all the way down, right? It is abstraction layers that allow you to ignore the fact that you're running stuff on somebody else's computer—once you recognize that, you realize, oh, if it's all software, then the problems that it introduces are software problems that need software solutions, which means that it must involve activity by the people who write software, right? So, now that you're in that developer world, it unlocks, I think, a lot of potential to say, well, why don't developers tend to trust the security tools they've been provided with, right?I think a lot of it comes down to the question you asked earlier in terms of the noise, the lack of understanding of how those pieces are connected together, or the lack of context, or not even frankly, caring about looking beyond the single-point solution of the problem that solution was designed to solve. But more importantly than that, not recognizing what it's like to build modern software, right, all of the decisions that have to be made on a daily basis with very limited information, right? I might not even understand where that container image I'm building is going in the universe, let alone what's being built on top of it and how much critical customer data is being touched by the database, that that container now has the credentials to access, right? So, I think in order to change anything, we have to back way up and say, problems in the cloud or software problems and we have to treat them that way.Because if we don't if we continue to represent the cloud as some evolution of the old environment where you just have this perimeter that's pre-existing infrastructure that you're deploying things onto, and there's a guy with a neckbeard in the basement who is unplugging cables from a switch and plugging them back in and that's how networking problems are solved, I think you missed the idea that all of these abstraction layers introduced the very complexity that needs to be solved back in the build space. But that requires visibility into what actually happens when it gets deployed. The way I tend to think of it is, there's this firewall in place. Everybody wants to say, you know, we're doing DevOps or we're doing DevSecOps, right? And that's a lie a hundred percent of the time, right? No one is actually, I think, adhering completely to those principles.Corey: That's why one of the core tenets of ClickOps is lying about doing anything in the console.Clinton: Absolutely, right? And that's why shadow IT becomes more and more prevalent the deeper you get into modern development, not less and less prevalent because it's fundamentally hard to recognize the entirety of the potential implications, right, of a decision that you're making. So, it's a lot easier to just go in the console and say, “Okay, I'm going to deploy one EC2 to do this. I'm going to get it right at some point.” And that's why every application that's ever been produced by human hands has a comment in it that says something like, “I don't know why this works but it does. Please don't change it.”And then three years later because that developer has moved on to another job, someone else comes along and looks at that comment and says, “That should really work. I'm going to change it.” And they do and everything fails, and they have to go back and fix it the original way and then add another comment saying, “Hey, this person above me, they were right. Please don't change this line.” I think every engineer listening right now knows exactly where that weak spot is in the applications that they've written and they're terrified of that.And I think any tool that's designed to help developers fundamentally has to get into the mindset, get into the psychology of what that is, like, of not fundamentally being able to understand what those applications are doing all of the time, but having to write code against them anyway, right? And that's what leads to, I think, the fear that you're going to get woken up because your pager is going to go off at 3 a.m. because the building is literally on fire and it's because of code that you wrote. We have to solve that problem and it has to be those people who's psychology we get into to understand, how are you working and how can we make your life better, right? And I really do think it comes with that the noise reduction, the understanding of complexity, and really just being humble and saying, like, “We get that this job is really hard and that the only way it gets better is to begin admitting that to each other.”Corey: I really wish that there were a better way to articulate a lot of these things. This the reason that I started doing a security newsletter; it's because cost and security are deeply aligned in a few ways. One of them is that you care about them a lot right after you failed to care about them sufficiently, but the other is that you've got to build guardrails in such a way that doing the right thing is easier than doing it the wrong way, or you're never going to gain any traction.Clinton: I think that's absolutely right. And you use the key term there, which is guardrails. And I think that's where in their heart of hearts, that's where every security professional wants to be, right? They want to be defining policy, they want to be understanding the risk posture of the organization and nudging it in a better direction, right? They want to be talking up to the board, to the executive team, and creating confidence in that risk posture, rather than talking down or off to the side—depending on how that org chart looks—to the engineers and saying, “Fix this, fix that, and then fix this other thing.” A, B, and C, right?I think the problem is that everyone in a security role or an organization of any size at this point, is doing 90% of the latter and only about 10% of the former, right? They're acting as gatekeepers, not as guardrails. They're not defining policy, they're spending all of their time creating Jira tickets and all of their time tracking down who owns the piece of code that got deployed to this pod on EKS that's throwing all these errors on my console, and how can I get the person to make a decision to actually take an action that stops these notifications from happening, right? So, all they're doing is throwing footballs down the field without knowing if there's a receiver there, right, and I think that takes away from the job that our security analysts really shouldn't be doing, which is creating those guardrails, which is having confidence that the policy they set is readily understood by the developers making decisions, and that's happening in an automated way without them having to create friction by bothering people all the time. I don't think security people want to be [laugh] hated by the development teams that they work with, but they are. And the reason they are is I think, fundamentally, we lack the tooling, we lack—Corey: They are the barrier method.Clinton: Exactly. And we lacked the processes to get the right intelligence in a way that's consumable by the engineers when they're doing their job, and not after the fact, which is typically when the security people have done their jobs.Corey: It's sad but true. I wish that there were a better way to address these things, and yet here we are.Clinton: If only there were better way to address these things.Corey: [laugh].Clinton: Look, I wouldn't be here at Snyk if I didn't think there were a better way, and I wouldn't be coming on shows like yours to talk to the engineering communities, right, people who have walked the walk, right, who have built those Terraform files that contain these misconfigurations, not because they're bad people or because they're lazy, or because they don't do their jobs well, but because they lacked the visibility, they didn't have the understanding that that default is actually insecure. Because how would I know that otherwise, right? I'm building software; I don't see myself as an expert on infrastructure, right, or on Linux packages or on cyclomatic complexity or on any of these other things. I'm just trying to stay in my lane and do my job. It's not my fault that the software has become too complex for me to understand, right?But my management doesn't understand that and so I constantly have white knuckles worrying that, you know, the next breach is going to be my fault. So, I think the way forward really has to be, how do we make our developers stakeholders in the risk being introduced by the software they write to the organization? And that means everything we've been talking about: it means prioritization; it means understanding how the different layers of the stack affect each other, especially the cloud pieces; it means an extensible platform that lets me write code against it to inject my own reasoning, right? The piece that we haven't talked about here is that risk calculation doesn't just involve technical aspects, there's also business intelligence that's involved, right? What are my critical applications, right, what actually causes me to lose significant amounts of money if those services go offline?We at Snyk can't tell that. We can't run a scanner to say these are your crown jewel services that can't ever go down, but you can know that as an organization. So, where we're going with the platform is opening up the extensible process, creating APIs for you to be able to affect that risk triage, right, so that as the creators have guardrails as the security team, you are saying, “Here's how we want our developers to prioritize. Here are all of the factors that go into that decision-making.” And then you can be confident that in their environment, back over in developer-land, when I'm looking at IntelliJ, or, you know, or on my local command line, I am seeing the guardrails that my security team has set for me and I am confident that I'm fixing the right thing, and frankly, I'm grateful because I'm fixing it at the right time and I'm doing it in such a way and with a toolset that actually is helping me fix it rather than just telling me I've done something wrong, right, because everything we do at Snyk focuses on identifying the solution, not necessarily identifying the problem.It's great to know that I've got an unencrypted S3 bucket, but it's a whole lot better if you give me the line of code and tell me exactly where I have to copy and paste it so I can go on to the next thing, rather than spending an hour trying to figure out, you know, where I put that line and what I actually have to change it to, right? I often say that the most valuable currency for a developer, for a software engineer, it's not money, it's not time, it's not compute power or anything like that, it's the right context, right? I actually have to understand what are the implications of the decision that I'm making, and I need that to be in my own environment, not after the fact because that's what creates friction within an organization is when I could have known earlier and I could have known better, but instead, I had to guess I had to write a bunch of code that relies on the thing that was wrong, and now I have to redo it all for no good reason other than the tooling just hadn't adapted to the way modern software is built.Corey: So, one last question before we wind up calling it a day here. We are now heavily into what I will term pre:Invent where we're starting to see a whole bunch of announcements come out of the AWS universe in preparation for what I'm calling Crappy Cloud Hanukkah this year because I'm spending eight nights in Las Vegas. What are you doing these days with AWS specifically? I know I keep seeing your name in conjunction with their announcements, so there's something going on over there.Clinton: Absolutely. No, we're extremely excited about the partnership between Snyk and AWS. Our vulnerability intelligence is utilized as one of the data sources for AWS Inspector, particularly around open-source packages. We're doing a lot of work around things like the code suite, building Snyk into code pipeline, for example, to give developers using that code suite earlier visibility into those vulnerabilities. And really, I think the story kind of expands from there, right?So, we're moving forward with Amazon, recognizing that it is, you know, sort of the de facto. When we say cloud, very often we mean AWS. So, we're going to have a tremendous presence at re:Invent this year, I'm going to be there as well. I think we're actually going to have a bunch of handouts with your face on them is my understanding. So, please stop by the booth; would love to talk to folks, especially because we've now released the Snyk Cloud product and really completed that story. So, anything we can do to talk about how that additional context of the cloud helps engineers because it's all software all the way down, those are absolutely conversations we want to be having.Corey: Excellent. And we will, of course, put links to all of these things in the [show notes 00:35:00] so people can simply click, and there they are. Thank you so much for taking all this time to speak with me. I appreciate it.Clinton: All right. Thank you so much, Corey. Hope to do it again next year.Corey: Clinton Herget, Field CTO at Snyk. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment telling me that I'm being completely unfair to Azure, along with your favorite tasting color of Crayon.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Enterprise Security Weekly (Video)
How IaC is Changing Cloud Security for the Better - Tony Karam - ESW #297

Enterprise Security Weekly (Video)

Play Episode Listen Later Nov 17, 2022 37:18


Infrastructure-as-code (IaC) allows for quick and consistent configuration and deployment of infrastructure components because it's defined through code. It also enables repeatable deployments across environments. IaC is seeing significant attention in the cloud security space, but why now? This conversation will dig into how Infrastructure-as-code is enabling faster innovation on application development with security built in. Segment Resources: - https://www.lacework.com/solutions/infrastructure-as-code/ - https://www.lacework.com/blog/introducing-secure-automated-iac-deployments-with-terraform/ - https://info.lacework.com/cloud-threat-report.html   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw297

Paul's Security Weekly TV
How IaC is Changing Cloud Security for the Better - Tony Karam - ESW #297

Paul's Security Weekly TV

Play Episode Listen Later Nov 17, 2022 37:18


Infrastructure-as-code (IaC) allows for quick and consistent configuration and deployment of infrastructure components because it's defined through code. It also enables repeatable deployments across environments. IaC is seeing significant attention in the cloud security space, but why now? This conversation will dig into how Infrastructure-as-code is enabling faster innovation on application development with security built in. Segment Resources: - https://www.lacework.com/solutions/infrastructure-as-code/ - https://www.lacework.com/blog/introducing-secure-automated-iac-deployments-with-terraform/ - https://info.lacework.com/cloud-threat-report.html   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw297

Data Protection Gumbo
166: Why Are We Numb to Data Breaches - Morpheus Data

Data Protection Gumbo

Play Episode Listen Later Nov 8, 2022 23:55


Martez Reed, Director Of Technical Marketing at Morpheus Data discusses the rise of data breaches, his views on the longterm storage of personal data, and the role zero trust plays in the future of securing data.

Squawk Pod
Media Mogul Barry Diller: Netflix Victory & TikTok Speed Bumps 11/07/22

Squawk Pod

Play Episode Listen Later Nov 7, 2022 38:43 Very Popular


Layoffs are sweeping Silicon Valley. In a wide-ranging interview, Chairman of IAC and of Expedia Barry Diller comments on Meta's layoffs and Mark Zuckerberg's $30B bet on the metaverse, the midterm elections, TikTok's stateside future (or lack thereof), and Netflix's dominance in the streaming wars. The media mogul considers Elon Musk's next move, and inflation's squeeze on corporate bottom lines. Plus, Diller goes on the record about the Microsoft-Activision Blizzard acquisition that landed him in a federal investigation.  In this episode:Joe Kernen, @JoeSquawkAndrew Ross Sorkin, @andrewrsorkinBecky Quick @BeckyQuickKatie Kramer, @Kramer_Katie

Chit Chat Money
Is IAC Undervalued? With Ramneek Kundra (Ticker: IAC)

Chit Chat Money

Play Episode Listen Later Nov 3, 2022 55:46


InterActiveCorp (IAC) operates as a media and internet company. The company operates various companies across many different industries. IAC was founded in 1995 and is headquartered in New York City. Listen as Brett and Ryan ask Ramneek questions about the company, its business model, and valuation. Enjoy the show! ***************************** Interested in becoming a member of 7investing? Subscribe with code “MONEY” and get $100 off your annual subscription for life: https://7investing.com/checkout/ ***************************** Want updates on future shows and projects? Follow us on Twitter: https://twitter.com/chitchatmoney Subscribe to our Substack to receive free show notes and charts that go along with every episode: https://chitchatmoney.substack.com/ Interested to see more of Ramnkeek's work? Follow him on Twitter here: https://twitter.com/iramneek?s=20&t=rJHq2SKTDBGZG4JmNaMzmA Contact us: chitchatmoneypodcast@gmail.com Timestamps IAC | (5:55) Various Companies | (17:20) MGM | (33:42) Disclosure: Chit Chat Money hosts and guests are not financial advisors, and nothing they say on this show is formal advice or a recommendation. Brett Schafer and Ryan Henderson are general partners and portfolio managers at Arch Capital. Arch Capital and its partners may hold securities discussed on this show.

How I Built This with Guy Raz
Tripadvisor: Steve Kaufer

How I Built This with Guy Raz

Play Episode Listen Later Oct 31, 2022 78:39 Very Popular


Steve Kaufer got the idea for Tripadvisor in 1998 after spending way too many hours online, trying to figure out if a resort in Mexico was really as good as its brochure. When he launched a travel guidance site a few years later, his business plan failed spectacularly because he was trying to partner with other websites, rather than engaging directly with travelers. But Steve eventually arrived at a winning formula: make Tripadvisor available to everyone, aggregate tons of information about hotels and attractions, encourage travelers to add their reviews, and earn a fee from travel companies whenever users clicked to their sites. As the company grew, Steve remained at the helm, leading it through a $210 million sale to IAC, followed by a multi-billion dollar IPO in 2011. Today, Tripadvisor gets over 400 million visitors a month; and Steve—who just stepped down after 22 years—is already thinking about his next business. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The Robot Report Podcast
Argo AI shuts down; Covariant CEO discusses new RaaS performance

The Robot Report Podcast

Play Episode Listen Later Oct 28, 2022 74:13


In this episode, we discuss the news of the shutdown of Argo AI and the state of autonomous driving, including the upcoming IAC race event. Mike interviews Covariant.AI CEO, Peter Chen, and they discuss the new CovariantOne RaaS solution, that's based on performance SLAs for the Covariant warehouse solution.

CES Tech Talk
Indy Autonomous Challenge: Return of the World's Fastest Robo Cars

CES Tech Talk

Play Episode Listen Later Oct 28, 2022 27:37


Beyond autonomous racecars hitting speeds north of 180 mph as they burn up the Las Vegas Motor Speedway, the Indy Autonomous Challenge (IAC) will display fresh marvels of technological excellence. In this CES Tech Talk episode, IAC President Paul Mitchell discusses the competition with host James Kotecki, sharing that the January 7 event will showcase a highly complex blend of technologies ranging from AR and VR to automation and high-speed communication. Find out what's planned for the Innovation Paddock in West Hall. Spoiler: Think mammoth garages packed with the newest gear and more from the geniuses of robot car tech. Paul also teases some of what to expect, tech-wise, when the IAC returns to Las Vegas.  

The Power of Investing in People with Sha Sparks
What You Give is What You Get with Neil Mody

The Power of Investing in People with Sha Sparks

Play Episode Listen Later Oct 28, 2022 38:25


Neil Mody loves helping people find amazing content online. His previous company, nRelate, was one of the biggest content recommendation companies on the Internet (acquired by IAC in 2012). His current company, Headliner, is the leading solution for audio producers to market their content on social media, YouTube, and now media sites. Headliner has been used by over a million podcasters and large media companies like SiriusXM, CNN, and Viacom.  We invite you to find out more at his website at https://www.headliner.app/ **  You are invited to connect with Shā about coaching, heart and mind fitness, brainstorming for your business, podcasting and/or Veteran resources. Connect with Shā, today:  https://calendly.com/heysha/connectioncall ** What if you could use the money inside your retirement account penalty and tax free and use that money to start your own dream business? Our friend, Daniel Blue from Season 5 Episode 5 over at Quest Education is so kind to give you, our listeners, their “How to Grow Your Money Tax Free” online course completely complementary just for listening to today's show.  https://quest-education.mykajabi.com/offers/cgV9tjzT?coupon_code=SHASPARKS ** Love this episode and want to support Shā? Buy her a cup of coffee   www.buymeacoffee.com/shasparks Learn more about your ad choices. Visit megaphone.fm/adchoices

Hablando con Científicos - Cienciaes.com
DART, un dardo para salvar la Tierra. Hablamos con Julia de León.

Hablando con Científicos - Cienciaes.com

Play Episode Listen Later Oct 21, 2022


Didymos es el nombre con el que se bautizó a un asteroide de 780 metros de diámetro que emplea dos años en dar una vuelta completa alrededor del Sol. En sus idas y venidas se acerca a una decena de millones de kilómetros de la Tierra, suficientemente lejos como para no suponer una amenaza. Didymos tiene una pequeña luna, Dimorphos, que se ha convertido en protagonista de una de las historias más impactantes de la actualidad. El pasado 26 de septiembre, la nave DART (Double Asteroid Redirection Test) chocó violentamente contra Dimorphos, un choque planificado por NASA para probar la capacidad de la tecnología actual para provocar un cambio en la trayectoria de un cuerpo, algo que un día, tal vez, pueda salvarnos de una catástrofe como la que, a finales del Cretácico, acabó con la mayor parte de las criaturas vivas del a Tierra, entre ellas, los dinosaurios. La investigadoras del IAC, Julia de León, explica lo sucedido y las consecuencias de la misión.

Cienciaes.com
DART, un dardo para salvar la Tierra. Hablamos con Julia de León. - Hablando con Científicos

Cienciaes.com

Play Episode Listen Later Oct 21, 2022


Didymos es el nombre con el que se bautizó a un asteroide de 780 metros de diámetro que emplea dos años en dar una vuelta completa alrededor del Sol. En sus idas y venidas se acerca a una decena de millones de kilómetros de la Tierra, suficientemente lejos como para no suponer una amenaza. Didymos tiene una pequeña luna, Dimorphos, que se ha convertido en protagonista de una de las historias más impactantes de la actualidad. El pasado 26 de septiembre, la nave DART (Double Asteroid Redirection Test) chocó violentamente contra Dimorphos, un choque planificado por NASA para probar la capacidad de la tecnología actual para provocar un cambio en la trayectoria de un cuerpo, algo que un día, tal vez, pueda salvarnos de una catástrofe como la que, a finales del Cretácico, acabó con la mayor parte de las criaturas vivas del a Tierra, entre ellas, los dinosaurios. La investigadoras del IAC, Julia de León, explica lo sucedido y las consecuencias de la misión.

The Twenty Minute VC: Venture Capital | Startup Funding | The Pitch
20VC: Altimeter's Brad Gerstner on Why Supercycles and the Powerlaw is the Most Important Thing In Investing, Why Portfolio Diversification is the Opposite of Risk Mitigation and The #1 Question Brad Asks All New Recruits

The Twenty Minute VC: Venture Capital | Startup Funding | The Pitch

Play Episode Listen Later Oct 10, 2022 68:46 Very Popular


Brad Gerstner is the Founder and CEO of Altimeter, a life-cycle technology investment firm that manages public and private portfolios. Brad has personally participated in more than 100 IPOs as a sponsor, anchor, and investor. Brad's notable deals include Snowflake, Mongo, Bytedance, Gusto, Unity, Okta, dbt, Modern Treasury, EPIC Games, Hotel Tonight, and Zillow. Prior to founding Altimeter, Brad was a 3-time co-founder where he sold all three businesses (to IAC, Google, and Marchex), a founding principal at General Catalyst; a securities lawyer, a former Deputy Secretary of State of Indiana, and a pilot. In Today's Episode with Brad Gerstner We Discuss: 1.) From Humble Beginnings in Indiana to 100 IPOs: When did Brad realize his original love of finance and entrepreneurship? What one single question does Brad ask all potential new recruits to determine if they have hustle? What does Brad know now that he wishes he had known at the beginning of his career? 2.) The Power Law and Supercycles: What is a power law? Why is it the single most important thing in investing? How do the best investors in the world build a framework around supercycles? How does Brad approach market sizing? How does Brad think about market creation when aligning that to his thesis of investing in power laws? How does Brad determine if a large opportunity is a "super-cyle" or a short, time-stamped fad that is unsustainable? How does Brad assess the importance of market timing? 3.) Building Anti-Fragile Portfolios: Portfolio Construction: Why does Brad disagree that the answer to risk mitigation is portfolio diversification? How many companies is enough companies for a diverse portfolio? Price Sensitivity: How does Brad reflect on his own relationship to price? How does this process and mindset change on re-investments? What is needed for Brad to re-invest? Time to Exit: How does Brad analyze when is the right time to exit a position? What are the single biggest mistakes people make when it comes to timing their exit? 4.) The Venture Landscape: Today, What is Happening? Why does Brad believe what has happened over the last 24 months is a great disservice to founders? What are the biggest examples of a complete lack of investor discipline? Why does Brad believe that for all positions valued over $500M, we should apply a 20% discount? Is today's pricing actually just the new normal? How has the public market pricing impacted the deployment of growth stage checks? How will this play out in the next 12 months? Why does Brad believe there is "not blood on the streets yet"? How does the speed of interest rate change impact our ecosystem so dramatically? Items Mentioned in Today's Episode: Brad's Favourite Book: The Snowball: Warren Buffet and the Business of Life

Café Brasil Podcast
LíderCast 244 - Jose Otavio Menten

Café Brasil Podcast

Play Episode Listen Later Sep 29, 2022 81:19


No programa de hoje trazemos José Otávio Machado Menten, professor Associado da USP / ESALQ, Engenheiro Agrônomo, Mestre em Fitopatologia, Doutor em Agronomia, Pós-Doutorado em Resistência e Epidemiologia (Wageningen / Holanda), Patologia de Sementes (Copenhagen / Dinamarca) e Biotecnologia (Cambridge / Inglaterra). Foi Diretor Executivo da ANDEF (Associação Nacional Defesa Vegetal), Pesquisador do IAC, EMBRAPA, USP/CENA e CNPq, Professor da UNIMAR e UNIPINHAL. Ou seja, Menten é uma referência no agronegócio, especialmente na questão dos agrotóxicos. E a conversa vai nessa direção. Uma verdadeira aula.