Podcast appearances and mentions of john morello

Technology has opened doors in so many industries and enabled us to do so many things we couldn't even imagine in the past. At the same time, we've made things more complicated for ourselves, creating systems that don't always talk to each other and languages we don't understand. On this edition of Out to Lunch, two lunch guests who are helping break through the clutter, with products and services that are enabling our tech systems to work for us more effectively - and helping businesses better communicate their messaging. John Morello, is Chief Technology Officer of Gutsy, a tech firm that has come up with a better way to help companies protect themselves against cyberthreat. More specifically, Gutsy uses process mining – and we'll get into that in a minute – to ensure that the various cybersecurity systems a complex organization has in place are talking to one another and doing what they're supposed to be doing. If John's name is familiar to you, it may be because he was a guest on Out to Lunch in 2019, when he was running Twistlock, a tech firm that developed cloud-based cybersecurity solutions. In the years since then, John and his partners in Twistlock have grown that company, attracted new investors, and created the spinoff, Gutsy, to address a need they identified running Twistolock. John is a 14-year veteran of Microsoft, who lives in Baton Rouge and is also a master diver and very active in coastal conservation.  Kenny Nguyencis founder and CEO of Three Sixty Eight, a Baton Rouge-based creative and strategic media agency that focuses on branding, marketing and advertising with a high tech, high energy super creative approach. The company's origins date back to 2011, when Kenny and his friend were still students at LSU and started Big Fish Presentations, which specialized in public speaking and presentation services. In 2016, it merged with another local firm to form 368. In the years since, it has grown to include clients that include CenturyLink, McGraw-Hill Education, GE and Pepsi.  Out to Lunch is recorded live over lunch at Mansurs On the Boulevard. You can find photos from this show by Brian Newton at itsbatonrouge.la.See omnystudio.com/listener for privacy information.

Episode SummaryOn this episode, Co-Founder and CTO of Gutsy, John Morello, joins Matt to talk about Process Mining in Cybersecurity. Before co-founding Gutsy, John served as the CTO of Twistlock and VP of Product for Prisma Cloud.John holds multiple cybersecurity patents and is an author of NIST SP 800-190, the Container Security Guide. Before Twistlock, he was the CISO of an S&P 500 global chemical company. Before that, he spent 14 years at Microsoft, working on security technologies in Windows and Azure and consulting on security projects across the DoD, intelligence community, and at the White House. John graduated summa cum laude from LSU and lives in Baton Rouge with his wife and two sons. A lifelong outdoorsman and NAUI Master Diver and Rescue Diver, he's the former board chair of the Coalition to Restore Coastal Louisiana and a current Coastal Conservation Association board member.Today, John talks about governance challenges in cybersecurity, the importance of security as a process, and how to apply process mining. How is process mining useful in cybersecurity? Hear about process mining human actions and unstructured sources, and how John manages to stay sharp. Timestamp Segments·       [02:20] John's cybersecurity journey.·       [07:43] Pivotal moments in John's career.·       [10:23] The most pressing governance challenges.·       [14:07] What is process mining?·       [19:03] How process mining can benefit certain functions.·       [21:09] Security as a process, not a product.·       [25:37] Why there's not more focus on process.·       [32:03] Applying process mining.·       [38:07] Filling in the gaps.·       [42:03] How John stays sharp. Notable Quotes·       “Security is a process, not a product.”·       “In security, inefficiency and inconsistency are highly correlated with risk.”·       “Almost everything in security is about process.” Relevant LinksWebsite:          gutsy.com.LinkedIn:         www.linkedin.com/in/john-morello.Secure applications from code to cloud. Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

We are back with another episode and an incredible guest. John Morello, the current director of Discipline for NYS Amateur Hockey Association, East Section. John has held the position for the past 7.5 years.   In this episode John shares his incredible journey as an athlete, as a parent, as a coach.  He also provides an inside glimpse at the hearing process for disciplinary suspensions.  Take a moment and really dive into this episode to gain real perspective on parenting from different angels.  John is a recovering hockey dad, and former adult league player in Stamford CT for the Bald Rooster Hockey Club. Involved in several volunteer roles in youth hockey over the years while his son was playing, from team manager to master scheduler. For his non-volunteer work John is the Vice President of Process and Systems at the Worlds Most Famous Arena. Outside of hockey his interests include motorcycles – huge MotoGP and Valentino Rossi fan and he likes to shoot sporting clays and trap.ThePodolskiyMethod.comFacebook, Instagram, YouTube:@SharpSkateNY@IlyaPodolskiy@thepodolskiymethod

Rick explains what containers and serverless functions are, why they are related, why they are the latest development in the evolution of the client server architecture, why you need to secure them, and how. Resources: “5 ways to secure your containers,” by Steven Vaughan-Nichols, CEO, Vaughan-Nichols & Associates, 23 April 2019. “8 technologies that will disrupt business in 2020,” by Paul Heltzel, CIO, 26 August 2019. “A Brief History of Containers: From the 1970s Till Now,” by Rani Osnat, Aqua, 10 January 2020. “A brief history of SSH and remote access,” by Jeff Geerling, an excerpt from Chapter 11: Server Security and Ansible, in Ansible for DevOps, 15 April 2014. “Amazon Launches Lambda, An Event-Driven Compute Service,” by Ron Miller, TC, 13 November 2014 “Application Container Security Guide: NIST Special Publication 800-190,” by Murugiah Souppaya, John Morello, and Karen Scarfone, NIST, September 2017. “Container Explainer,” IDG.TV, 19 August 2015. “Container Network Security - Kubernetes Network Policies in Action with Cilium (Cloud Native),” by Fernando, Gitlab, 16 July 2020. “Container Security,” by Synk. “Google has quietly launched its answer to AWS Lambda,” by Jordan Novet, Venture Beat, 9 February 2016. “Historical Computers in Japan: Unix Servers,” IPSJ Computer Museum. “M.C. Escher Collection,” Maurits Cornelis (MC) Escher - 1898 - 1972. “Serverless Architectures,” by Martin Fowler, martin.Fowler.com, 22 May 2018. “Serverless vs Microservices — Which Architecture to Choose in 2020?” TechMagic, 01 JULY 2020. “The Benefits of Containers,” by Ben Corrie, VMWARE, 16 May 2017. “The essential guide to software containers for application development,” by David Linthicum, Chief Cloud Strategy Officer, Deloitte Consulting. “The Invention of the Virtual Machine,” by SEAN CONROY, IDKRTM, 25 JANUARY 2018. “What are containers and why do you need them?” By Paul Rubens, CIO, 27 JUN 2017. “What even is a container: namespaces and cgroups,” by Julia Evans, Julia Evans Blog. “What is a Container?” by Ben Corrie, VMWARE, 16 May 2017 “What is a Container?” by VMWARE.

This week, we welcome John Morello, VP of Product at Palo Alto Networks, joins us to talk about Cloud Native Security Platforms! Modern appsec demonstrates the importance of a cloud native strategy for enterprise security and how much that strategy must integrate with DevOps tools and workflows. Security solutions need to come from a cohesive platform that addresses the problems DevOps teams face in how they're building apps today.   In the AppSec News, Software safety to mitigate the impact of unauthenticated RCEs, exploding regex patterns, web and browser security in the face of Spectre side-channels, signing software artifacts, 8 roles for today's security teams. This segment is sponsored by Prisma Cloud/ Palo Alto Networks.   Show Notes: https://securityweekly.com/asw143 Visit https://securityweekly.com/prismacloud to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome John Morello, VP of Product at Palo Alto Networks, joins us to talk about Cloud Native Security Platforms! Modern appsec demonstrates the importance of a cloud native strategy for enterprise security and how much that strategy must integrate with DevOps tools and workflows. Security solutions need to come from a cohesive platform that addresses the problems DevOps teams face in how they're building apps today.   In the AppSec News, Software safety to mitigate the impact of unauthenticated RCEs, exploding regex patterns, web and browser security in the face of Spectre side-channels, signing software artifacts, 8 roles for today's security teams. This segment is sponsored by Prisma Cloud/ Palo Alto Networks.   Show Notes: https://securityweekly.com/asw143 Visit https://securityweekly.com/prismacloud to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Modern appsec demonstrates the importance of a cloud native strategy for enterprise security and how much that strategy must integrate with DevOps tools and workflows. Security solutions need to come from a cohesive platform that addresses the problems DevOps teams face in how they're building apps today.   This segment is sponsored by Prisma Cloud/ Palo Alto Networks. Visit https://securityweekly.com/prismacloud to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw143

Modern appsec demonstrates the importance of a cloud native strategy for enterprise security and how much that strategy must integrate with DevOps tools and workflows. Security solutions need to come from a cohesive platform that addresses the problems DevOps teams face in how they're building apps today.   This segment is sponsored by Prisma Cloud/ Palo Alto Networks. Visit https://securityweekly.com/prismacloud to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw143

Prisma Cloud by Palo Alto Networks sponsored this podcast. Palo Alto Networks John Morello, vice president of product, has for a long time talked about the basics that come with cloud native security. In this edition of The New Stack Makers, hosted by Alex Williams, founder and publisher of The New Stack, Morello discusses how APIs are less the weakest link and are more so better known due to the widespread use of APIs, especially in the past five years. There are more people developing APIs, there are more people consuming APIS and there are more attackers who are exploiting APIs — and that makes the basics more important than ever both now and as more applications go online.

Ransomware hits a major data center provider, but appears to have left service unaffected. There’s a thriving criminal market for website defacement tools: vandals can be consumers, too. CDRThief does what its name implies. ByteDance tried negotiating TikTok’s American future. Ireland’s Data Protection Commission starts enforcing Schrems II against Facebook. Awais Rashid outlines software development security pitfalls. Our guest is John Morello from Palo Alto with insights from their new State of Cloud Native Security report. And China’s ambassador to the UK has his Twitter account hacked. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/176

Prisma Cloud from Palo Alto Networks sponsored this podcast. Palo Alto Networks, Amazon Web Services, and Accenture, in March 2020, began to survey over 3,000 cloud architecture, InfoSec and DevOps professionals, on a quest to uncover the practices, tools and technologies companies are using to meet and deal with challenges of securing cloud native architectures and methodologies — and to gain the benefits of moving to the cloud. This edition of The New Stack Makers features the keynote panel discussion with thought leaders from Palo Alto Networks, Amazon Web Services (AWS) and Accenture who shared their own experiences and anecdotes within their organizations as they related to the findings. Moderated by Alex Williams, founder and publisher of The New Stack, the panel discussion was recorded for the The State of Cloud Native Security virtual summit held on June 24. The panelists guests were: John Morello, vice president of product, Prisma Cloud. Mark Rauchwarter, multicloud security lead, Accenture. Daniel Swart partner solutions architect Amazon Web Services (AWS)

Thanks to the COVID-19 global pandemic, many IT systems are facing unprecedented workloads, reaching levels of usage on a daily basis that usually only happen on the busiest days of the year. The good news is that the cloud native approach has been rapidly gaining popularity with businesses large and small to help meet these sudden demands. And proper security precautions must be built into these emerging cloud native systems. Applying principles of cloud native security to the enterprise was the chief topic of discussion for our panel of experts in this virtual panel. Panelists were: Cheryl Hung, Director of Ecosystem, Cloud Native Computing Foundation. Carla Arend, Senior Program Director, Infrastructure Software, IDC. John Morello, Palo Alto Networks Vice President of Product, Prisma Cloud. Alex Williams, founder and publisher of The New Stack hosted the discussion. Certainly, operations have changed for most of us due to the outbreak of the COVID-19 global pandemic. But this can be a good opportunity for an organization to rethink how they approach business continuing and resiliency, Arend noted. Those who were on the digital journey are getting much better through this crisis than those just starting. Now is a great time to focus on digital innovation. Indeed, if anything, innovation is just accelerating in this time, Morello agreed. Without having the ability to interact in person, the tools that enable digital transformation — Kubernetes, containers — helps people operate more efficiently.

Thanks to the COVID-19 global pandemic, many IT systems are facing unprecedented workloads, reaching levels of usage on a daily basis that usually only happen on the busiest days of the year. The good news is that the cloud native approach has been rapidly gaining popularity with businesses large and small to help meet these sudden demands. And proper security precautions must be built into these emerging cloud native systems. Applying principles of cloud native security to the enterprise was the chief topic of discussion for our panel of experts in this virtual panel. Panelists were: Cheryl Hung, Director of Ecosystem, Cloud Native Computing Foundation. Carla Arend, Senior Program Director, Infrastructure Software, IDC. John Morello, Palo Alto Networks Vice President of Product, Prisma Cloud. Alex Williams, founder and publisher of The New Stack hosted the discussion. Certainly, operations have changed for most of us due to the outbreak of the COVID-19 global pandemic. But this can be a good opportunity for an organization to rethink how they approach business continuing and resiliency, Arend noted. Those who were on the digital journey are getting much better through this crisis than those just starting. Now is a great time to focus on digital innovation. Indeed, if anything, innovation is just accelerating in this time, Morello agreed. Without having the ability to interact in person, the tools that enable digital transformation — Kubernetes, containers — helps people operate more efficiently.

In this episode, John Morello explains what we know about the DockerHub compromise, what potential impacts exist for DockerHub users, and what you can do to minimize impact to you and your apps. Twistlock customers are NOT affected.

Padma Vatsavai is founder and CEO of Vinformatix. Vinformatix is a software development company that specializes in designing and maintaining web-based applications, websites, and portals for public and private sector clients. Vinformatix designed the web-based system that 90,000 victims of Hurricane Harvey in Texas used in 2017 to apply for disaster aid. The firm also designed two web-based portals for Louisiana Economic Development, including Louisiana Job Connection, which helps businesses find potential employees. John Morello is a 14-year veteran of Microsoft who is now Chief Technology Officer of Twistlock, a Portland, Oregon-based firm that is changing the face of cybersecurity. Twistlock opened a Baton Rouge location in the psring of 2018 at LSU's Innovation Park and is continuing to grow with clients nationwide that include GridSpace, Aetna and Workiva. What makes Twistlock unique in its approach to developing cybersecurity solutions is it's cloud-native approach that is much faster and more effective than what most of the competition is doing. Photos over lunch at Mansurs on the Boulevard by karry Hosford. See omnystudio.com/listener for privacy information.

On this episode join Reid Bowyer, Carolinas FCA Ministry Advancement Coordinator, and John Morello, Coastal Carolina Campus Director, as they interview special guest Donnie Keifer, Head Football Coach at Green Sea Floyd's High School. 

In a joint show between The Cloudcast and PodCTL, Brian and Tyler Britten talk with John Morello (@morellonet, CTO at @TwistlockTeam) about how Service Mesh technologies, such as Istio, can be used for more advanced security of containerized applications and Kubernetes environments. Show Links: Twistlock Website Securing Istio and Kubernetes Making Istio Security Layer Easier to Monitor Service Mesh Tutorials [PODCAST] @PodCTL - Containers | Kubernetes | OpenShift - RSS Feed, iTunes, Google Play, Stitcher, TuneIn and all your favorite podcast players [A CLOUD GURU] Get The Cloudcast Alexa Skill [A CLOUD GURU] A Cloud Guru Membership - Start your free trial. Unlimited access to the best cloud training and new series to keep you up-to-date on all things AWS. [A CLOUD GURU] FREE access to AWS Certification Exam Prep Guide - At A Cloud Guru, the #1 question received from students is "I want to pass the AWS cert exam, so where do I start?" This course is your answer. Show Notes Topic 1 - Welcome to the show. Tell us about your background, and introduce us to Twistlock for anyone that isn’t familiar with the company. Topic 2 - One of the most popular concepts in the world of containers and Kubernetes is “Service Mesh” (projects like Istio). Let’s talk about the basics of what a service mesh does. Topic 3 - Service mesh provides routing capabilities, so let’s talk about where security comes into the picture. Topic 4 - Service mesh introduces a concept in Kubernetes where you deploy multiple containers in a pod, one the application and one the service-mesh proxy. Does security introduce yet another container/agent into a pod? Topic 5 - What sort of tools are available today for security professionals are service meshes are introduced into a container environment? Feedback? Email: show at thecloudcast dot net Twitter: @thecloudcastnet and @ServerlessCast

Show: 49Show Overview: In a joint show between The Cloudcast and PodCTL, Brian and Tyler talk with John Morello (@morellonet, CTO at @TwistlockTeam) about how Service Mesh technologies, such as Istio, can be used for more advanced security of containerized applications and Kubernetes environments. Show Notes:Twistlock WebsiteSecuring Istio and KubernetesMaking Istio Security Layer Easier to MonitorService Mesh TutorialsTopic 1 - Welcome to the show. Tell us about your background, and introduce us to Twistlock for anyone that isn’t familiar with the company. Topic 2 - One of the most popular concepts in the world of containers and Kubernetes is “Service Mesh” (projects like Istio). Let’s talk about the basics of what a service mesh does. Topic 3 - Service mesh provides routing capabilities, so let’s talk about where security comes into the picture. Topic 4 - Service mesh introduces a concept in Kubernetes where you deploy multiple containers in a pod, one the application and one the service-mesh proxy. Does security introduce yet another container/agent into a pod? Topic 5 - What sort of tools are available today for security professionals are service meshes are introduced into a container environment? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTLWeb: http://podctl.com

Containers like Docker offer new automation awesomeness, portability and predictability. But traditional security tools and ops are only the start of reducing your risks. John Morello from Twistlock, Alfredo Hickman from Rackspace and Kellman Meghu from Sycomp pull the container stack apart to reveal security gaps.Please read NIST Application Container Security Guide co-authored by John Morellohttps://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-190.pdfAnd read Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux by Alfredo Hickmanhttps://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245

In today's podcast, we hear that German police raid a Panama Papers connected slush fund. North Korea spearphishes in the North American power grid. Security tools can be dual-use, too. Notes on CyberMaryland, where we heard about business climates, the Baltimore-to-Birmingham cyber connection, the Red Queen's race, and the curmudgeonly demeanor too many security types cop. Rick Howard from Palo Alto Networks with an update on the Cyber Canon suggested reading list and a call to vote for the nominated books. Guest is John Morello from Twistlock on securing container environments.  And Google Home's Mini speakers were apparently listening and tattling as well as speaking.  Thanks for listening to the CyberWire. One of the ways you can support what we do is by visiting our sponsors. If you’d like to learn more about how small nuances in how artificial intelligence and machine learning are used can make a big difference, check out E8’s white paper. Cylance uses cutting edge artificial intelligence to help protect your systems. If you are a woman in cyber security and want make connections with others in the field, check out our own Women in Cyber Security event.

In this discussion with John Morello of Twistlock, we talk about how containers can actually be a better medium for automating and securing applications. Containers being immutable and lightweight makes it easier to follow images from early in the development life cycle all the way to the registry and compute environments. Twistlock collects data from this life cycle and creates a predictive model for a container's behavior. This model looks for inconsistent behaviors, and depending on what you want, it can set off an alert or even block the activity entirely. Later in the discussion, we talk about Twistlock's focus on four distinct use cases, recent changes to its core features, the value of partner integration and more. Learn more at: https://thenewstack.io/creating-automated-model-container-security/ Watch on YouTube: https://youtu.be/9xcCjcEi-FY