Podcasts about materials engineering

Interdisciplinary field which deals with discovery and design of new materials, primarily of physical and chemical properties of solids

  • 110PODCASTS
  • 154EPISODES
  • 39mAVG DURATION
  • 1MONTHLY NEW EPISODE
  • May 19, 2025LATEST
materials engineering

POPULARITY

20172018201920202021202220232024


Best podcasts about materials engineering

Latest podcast episodes about materials engineering

Entrepreneurs for Impact
#227: Ahmad Ghahreman, CEO of Cyclic Material – $53M Series B for Rare Earth Metals. Top Global Hydrometallurgist PhD. 20 Patents. $3.5B Value of Company Value. 3,000 Citations. 95% Less Water.

Entrepreneurs for Impact

Play Episode Listen Later May 19, 2025 44:27


Cyclic Materials is a Canadian cleantech company, founded in 2021, specializing in the recycling of rare earth elements (REEs) from end-of-life products such as electric vehicle motors, wind turbines, and electronic waste. Their proprietary technologies, MagCycle℠ and REEPure℠, enable the efficient recovery and purification of critical materials, contributing to a circular economy and reducing reliance on traditional mining. In 2024, the company launched its first commercial demonstration facility in Kingston, Ontario, and announced plans to invest over $20 million in a U.S. facility in Mesa, Arizona.Cyclic Materials has secured significant funding, including a $53 million Series B round with investors like BMW i Ventures and Microsoft's Climate Innovation Fund, to support its global expansion and the development of sustainable supply chains for critical materials.–Ahmad Ghahreman is a serial entrepreneur with over 15 years of experience in cleantech, and one of the top hydrometallurgists in the world. He has co-invented more than 20 patents and commercialized over five technologies, focusing on transforming the rare earth elements market with sustainable, ethical solutions. In addition to his work at Cyclic, Ahmad is an early co-inventor of Jetti Resources' copper extraction technology (valued at $2.5B), and the co-designer of Li-Cycle's lithium-ion battery recycling technology (NYSE: LICY valued at over $1B). Formerly a professor at Queen's University, Ontario, Canada, he built the largest and most-funded metals extraction team in North America with over 20 graduate students. With a Ph.D. in Materials Engineering, he is a leading hydrometallurgist researcher with over 3,000 citations.--

Leadership Under Fire
Luck Equals Preparation Plus Opportunity with Lt. Colonel Mark Westphal USAF

Leadership Under Fire

Play Episode Listen Later Mar 20, 2025 63:16


Today's guest is Lt. Col. Mark Westphal, a highly accomplished leader with an extensive and diverse background. Mark grew up in Westchester County, New York before heading to Georgia Tech, where he earned both a Bachelor's and Master's degree in Mechanical and Materials Engineering.  He also earned an MBA from LaSalle University.  In his civilian career, Mark serves as the Chief Engineer for Special Operations Forces platforms and is a certified Licensed Professional Engineer (PE) with a major defense contractor.  A combat veteran, Mark recently retired from the National Guard as a Lieutenant Colonel after an extraordinary career. His service spans multiple roles, including Combat Engineer, Infantry, Special Forces Green Beret, and Air Force Special Warfare Officer.

The Next Byte
214. 3D Printing Shapeshifting Material

The Next Byte

Play Episode Listen Later Mar 11, 2025 18:18


(2:22) - Encoding many properties in one material via 3D printingThis episode was brought to you by Mouser, our favorite place to get electronics parts for any project, whether it be a hobby at home or a prototype for work. Click HERE to learn more about the history of soft robotics and its current/future applications! Become a founding reader of our newsletter: http://read.thenextbyte.com/ As always, you can find these and other interesting & impactful engineering articles on Wevolver.com.

Never Lick the Spoon
Episode 32. SERCH Part 1. Do Practical Skills Matter in the Age of AI?

Never Lick the Spoon

Play Episode Listen Later Feb 28, 2025 42:36


At the Science and Engineering Research for Cultural Heritage Conference 2025, a panel discussed "Balancing Innovation and Craft: Do Practical Skills Still Matter in the age of AI?" Panel members include; Professor Ambrose Taylor (Chair), Professor of Materials Engineering in the Department of Mechanical Engineering at Imperial College London  Professor Pier Luigi Dragotti, Professor of Signal Processing in the Department of Electrical and Electronic Engineering at Imperial College London  Lorraine Cornish, Head of Conservation at Natural History Museum  Kat Harris, Senior Teaching Technician in the Department of Chemistry at Imperial College London  Hosted by the Institute for Molecular Science and Engineering (IMSE) This is the first episode in our SERCH series, produced by Imperial Futures.

Conscious Design Podcast™
From Waste to Wearable - Recycling Plastic Into Sustainable Clothing

Conscious Design Podcast™

Play Episode Listen Later Feb 7, 2025 35:26


Would you wear clothing made from plastic party cups recycled into fabric? Lauren Choi, founder of The New Norm Fabric, joins host Ian Peterman to share how she's turning hard-to-recycle plastics into sustainable fabric. From building an extruder in her garage to partnering with manufacturers, Lauren's journey is a must-watch for innovators, entrepreneurs, and sustainability advocates. Learn about the challenges of recycling, the future of eco-friendly materials, and how she's scaling her impact without traditional venture capital. In this episode, we explore the birth of The New Norm and Lauren's journey from college to sustainable fabric, along with the challenges and innovations in plastic recycling. Lauren discusses how she scaled her operation, moving from building a machine in her garage to manufacturing at scale. She shares insights into sourcing and recycling ocean plastics into wearable fabric, the future of sustainable fabric, and how the company is pushing eco-friendly innovations. Finally, Lauren talks about navigating the startup ecosystem and how she's creating a positive environmental impact without relying on traditional venture capital.

Corrosion Chronicles
Corrosion Testing

Corrosion Chronicles

Play Episode Listen Later Dec 4, 2024 55:47


In this episode, Ben McCurry, Senior Expert of Materials Engineering and Inspection at BASF Corporation, joins co-hosts Heather Allain and Marc Cook to dive into the world of corrosion testing. They cover a wide range of topics, including the purpose of corrosion testing, lab testing versus in-situ methods, and the use of corrosion resistance tables. The discussion explores valuable insights from sister plants, decision-making criteria for conducting tests, and the design of coupons. They also tackle advanced topics like high-pressure/high-temperature data, the effects of aeration and agitation, post-exposure examination, grinding on coupons, field coupon accessibility, and how process conditions impact field testing results.   Corrosion Chronicles is produced by Association Briefings.

AI-ready Healthcare
Randy Ellis: Surgical AI in the Orthopaedics

AI-ready Healthcare

Play Episode Listen Later Dec 3, 2024 51:31


Professor Randy Ellis is a legendary figure within the computer-assisted orthopedic surgery community. His primary appointment is in the School of Computing with additional appointments at the Mechanical and Materials Engineering, Surgery, and Biomedical and Molecular Sciences at the Queen's University, Canada.  He has been a Fellow of several organizations such as IEEE, American Society for Mechanical Engineering (ASME) etc.

Sarah Westall - Business Game Changers
Regaining Lost DNA & human gene Functions, Tools from the Past w/ Dr. Richard Presser

Sarah Westall - Business Game Changers

Play Episode Listen Later Jul 30, 2024 56:55 Transcription Available


Dr. Richard Presser joins the program to share how a lost protocol to restore human dna function can help people restore health. Their research shows that Nano Soma literally helps the human body regain the ability to make its own vitamin C again and to regulate all 48/9 nuclear receptors (which it has not been doing). This remarkable change in body function will allow your body to heal from an endless array of ailments. You can learn more or buy yours at https://iwantmyhealthback.com/sarah   Links Mentioned in previous shows: Try the Amazing Nano Soma line of products and receive a 10% discount at https://iwantmyhealthback.com/sarah EMF products: Protect yourself from damaging EMFs with the sleeping pod or the other amazing mitigation devices. Buy at https://www.ftwproject.com/ref/531/ Consider subscribing: Follow on Twitter @Sarah_Westall Follow on my Substack at SarahWestall.Substack.com See Important Proven Solutions to Keep Your from getting sick even if you had the mRNA Shot - Dr. Nieusma MUSIC CREDITS: “In Epic World” by Valentina Gribanova, licensed for broad internet media use, including video and audio     See on Bastyon | Bitchute | Brighteon | CloutHub | Odysee | Rumble | Youtube | Tube.Freedom.Buzz   Dr. Richard Presser Biography: Richard was born on a farm in country Victoria, Australia. Whilst he loved the country, the connection with native and farm plants and animals this provided as well as the practical skills he learned, he never felt at home in that community. After four years at boarding school in Ballarat, Victoria, he moved to Melbourne to attend University. Apart from 18 months in Adelaide, Melbourne and its nearby surrounds has been his home ever since. After completing his PhD in Materials Engineering, Richard joined IBM in sales and spent some 7 years with the company in sales and management roles. In the mid-80's he joined a small existing consulting and products business and helped grow that business to a A$25M operation in a few short years. It was a pinnacle in his business and financial success. A year or so prior to deciding to sell the company, Richard had an epiphany of sorts, when he realised all the success he had been creating was not addressing a deep void he felt inside himself. So began a search to understand this and shortly thereafter came a crisis that led him to destroy almost everything he had created in his life. This included losing over $1M in a year and experiencing a breakdown in his marriage. In his attempts to make some sense of his life, he investigated many healing modalities and finished up becoming a member of small yoga-based group that morphed into a cult. After some years Richard realised that, although he had learned a lot about spirituality through the group, it was not where the answers lay. The only healing modality that brought any lasting benefit to him was Reiki and through this work became aware of a connection to Archangel Michael. Richard also studied Reiki to be able to heal himself. He continued to investigate other healing modalities and read a broad range of spiritual material as he looked for answers. Despair was a close companion throughout this time, though underlying this was also a sense that it would all work out and make sense. It seemed like a piece of cosmic irony. He was deeply in debt, unemployed with no seeming employment prospects, a desire to keep his children in their schools… A mix that looked like it was never going to work - and yet there was this optimism deep inside him. In investigating the connection he felt to Archangel Michael, he found a resonance with the work being done by Carolyn Evers (www.carolynevers.com). He began to participate in some conference calls with her and this work resonated deeply within him. It began a continuing unfolding that has been in part expressed in his eBook. In more recent times, Richard has been working closely with Carolyn,

Passionate Pioneers with Mike Biselli
Advancing Brain Health: AI-Powered Detection and Care with David Bates

Passionate Pioneers with Mike Biselli

Play Episode Listen Later Jun 24, 2024 32:24


This episode's Community Champion Sponsor is Ossur. To learn more about their ‘Responsible for Tomorrow' Sustainability Campaign, and how you can get involved: CLICK HERE---Episode Overview: What if we could advance brain health by making early detection of cognitive disorders accessible to everyone? Our next guest, Dr. David Bates, is on a mission to do just that as the CEO and co-founder of Linus Health. With a diverse background spanning science, engineering, and entrepreneurship, David brings a unique perspective to the challenges of brain health. Linus Health is leveraging cutting-edge neuroscience, clinical expertise, and artificial intelligence to transform how we detect and address cognitive and brain disorders. While together, David shares how Linus Health's innovative digital cognitive assessment platform is empowering healthcare providers with actionable insights and supporting individuals with personalized action plans. Join us as we explore David's vision for a future where proactive brain health is the norm, potentially changing millions of lives worldwide. Let's go!Episode Highlights:David discusses the formation of Linus Health, inspired by his fascination with the brain and a pivotal conversation with a cognitive neurologist, leading to the company's founding in June 2019.Linus Health uses AI, sensors, and advanced analytics to deliver brain health insights and action plans, enabling people to take agency over their brain health and live their best lives.The company addresses a critical gap in healthcare, with 92% of Mild Cognitive Impairment (MCI) cases currently undiagnosed and potentially long wait times for specialist care.Linus Health's platform mimics the observational skills of neurological specialists using AI, allowing for detailed analysis of cognitive function and potentially reducing diagnosis time from months to a single appointment.David envisions a future where brain health is given as much importance as heart health in standard care, with expanded capabilities to assess various neurological conditions and empower individuals to optimize their brain health from a younger age.About our Guest: David is the CEO and co-founder of Linus Health. He is a scientist, engineer, inventor, entrepreneur and investor. David was a founding partner of Tamarisc Ventures and he co-founded Bode, a tech-enabled hospitality company for group travel. He is on the board of several technology companies, as well as the philanthropic TMCity Foundation. David has previously held positions at Morningside Ventures, F-Wave, Harvard Medical School, Massachusetts General Hospital, University of Louisville, and Georgia Tech. David earned his PhD in Chemical and Materials Engineering from the University of Auckland and earned his BS and MSc in Applied Biology from the Georgia Institute of Technology. He resides in Boston with his wife and kids.Links Supporting This Episode:Linus Health Website: CLICK HEREDavid Bates LinkedIn page: CLICK HEREDavid Bates LinkedIn page: CLICK HERE Mike Biselli LinkedIn page: CLICK HEREMike Biselli Twitter page: CLICK...

The Royal Irish Academy
Burning Questions Podcast: A conversation about… EIRSAT-1, Ireland's First Satellite

The Royal Irish Academy

Play Episode Listen Later May 31, 2024 19:52


This episode features Vikram Pakrashi in conversation with Lorraine Hanlon and David McKeown from UCD, who share their experience of working on EIRSAT-1, Ireland's first satellite. Burning Questions is a conversation podcast that shines a spotlight on expertise in the fields of the engineering, mechanics and computer science across the island of Ireland. Each episode is structured around an interview with a leader/leaders in their field who will share insights into projects and research that have a tangible impact on the world around us. Lorraine Hanlon is Professor of Astronomy at UCD and Director of UCD's Centre for Space Research. She did her undergraduate (BSc) and graduate (MSc and PhD) degrees in Experimental Physics and was a research fellow and an EU Human Capital and Mobility fellow at the European Space and Technology Research Centre (ESTEC) in the Netherlands, ESA's establishment for space mission development. Lorraine is currently Chair of ESA's Astronomy Working Group and is a member of the ESA Space Science Advisory Committee. She also serves as science advisor to the Irish delegation to the ESA Science Programme Committee and is a member of the National Advisory Committee for the European Southern Observatory. She is a former trustee of the Royal Astronomical Society and Chair of the INTEGRAL Users' Group. Her main research interests are in high-energy astrophysics, gamma-ray bursts, multi-messenger astronomy, robotic telescopes, and space instrumentation. She is the Endorsing Professor for EIRSAT-1, Ireland's first satellite, a CubeSat developed by an interdisciplinary team of UCD students and staff under ESA's ‘Fly Your Satellite!' programme. David McKeown is Assistant Professor in the School of Mechanical and Materials Engineering, University College Dublin. His research focuses on the modelling and control of large flexible aerospace structures and the testing and verification of attitude determination and control systems (ADCS) for Nanosatellites. He was the Engineering Manager for the EIRSAT-1, Ireland's First Satellite which was recently launched. He is also the Principal Investigator on the European Space Agency funded DEAR project, building a robotic arm breadboard to test Lunar dust mitigation strategies. In collaboration with Lorraine, his team is building an ADCS testbed as part of the SFI funded NANO-SPACE project. He is a founding member of the UCD Centre for Space Research (C-Space) and the Lead academic for the Space Structure Dynamics and Control Theme. Vikram Pakrashi is Associate Professor in Mechanical Engineering and Director of Dynamical Systems and Risk Laboratory (DSRL) in UCD. Vikram is a Chartered Engineer and has served both industry and academia working on numerical and experimental applications of dynamics and risk/probabilistic analysis on traditional (roads, bridges) and bourgeoning (wind/wave energy devices and platforms) sectors of built infrastructure. is recent research activities involve structural health monitoring, analysis of dynamic systems, vibration control, experimental methods in dynamics, damage detection algorithms and the use of new technologies for such applications. Vikram has supervised and mentored several doctoral and postdoctoral researchers and has received multiple awards for his research and leadership activities. He currently works with a dynamic and motivated team in DSRL close to industrial needs.

Business Bitcoinization
Take Your Next Rocky Mountain Trek with Bitcoiners - Ben Nearingburg

Business Bitcoinization

Play Episode Listen Later Feb 16, 2024 30:25


DOWNLOAD YOUR COPY OF THE BITCOIN-FOR-BUSINESS QUICK START GUIDE This free, 27-page resource includes:Six ways ANY business can benefit from BitcoinSome of the best Bitcoin-only businesses to partner withKey Bitcoin concepts for people getting startedBen owns and operates Starry Summit Mountain Adventures based in the quaint mountain town of Jasper, Alberta. Ben is the author of two guidebooks (one forthcoming this May) and prior to starting a business in the outdoor recreation industry completed a PhD in Materials Engineering. Ben's business, Starry Summit Mountain Adventures is currently the only guiding operation in the Canadian Rockies that accepts BTC/Lightning payments and new for Summer 2024 has started to market backcountry hiking programs specifically for bitcoiners (#StackSatsStackSteps helping bitcoiners who are new to the backcountry stay fit and expand their recreational horizons). CONNECT WITH BENBen's Facebook page @starrysummitmountainadventures on Instagram Ben's Website Check out Ben's trip one of the 11,000ers hereCONNECT WITH JOSH@joshuafriedeman on Twitter @joshuafriedeman on LinkedIn @joshuafriedeman on VIDA @joshuafriedeman on Youtube COMMUNITY Connect with Bitcoin Brunch Salem New Hampshire by reaching out to @NEEDcreations on TwitterFind a local Bitcoin Meetup near you with Oshi! SHOW PARTNERSMentioned in this episode:Velas Commerce: Biz Tech Meets BitcoinInvest in Bitcoin Companies w/Lightning VenturesFountain App | Earn bitcoin for listening to podcastsLyncster: Secure Your Future with BitcoinDOWNLOAD YOUR COPY OF THE BITCOIN-FOR-BUSINESS QUICK START GUIDE

Corrosion Chronicles
Benefits and Challenges of Fiber-Reinforced Composites

Corrosion Chronicles

Play Episode Listen Later Feb 7, 2024 48:08


In this episode, industry veteran Dale Keeler, Associate Director at MTI, sits down with co-hosts Heather Allain and Marc Cook to discuss fiber-reinforced composites (FRP). The three chat about: fabrication methods; the types of fiber, resin and additives; differences in design standards and practices around the globe; how material properties used in design are determined and validated; inspection and life assessment techniques; flange design; and thermal shock.   Show notes Public bookstore – Guide for Repair and Alteration of FRP Equipment:  https://marketplace.mimeo.com/mtiglobal/product/e3fb7e600fb4423b9532394fd8e7ec7b   Members bookstore – Guide for Repair and Alteration of FRP Equipment: https://marketplace.mimeo.com/mtiglobalMEMBERS/product/1868c1a40bd94e05be701ab394d89498   Embedded RFID Sensor Technology https://www.mti-global.org/rfid-microsite/monitor-frp-vessel-integrity-with-rfid-sensors   Risk Based Inspection for FRP Tanks https://access.mti-global.org/record/562?ln=en   Global FRP Standards Comparative Report https://access.mti-global.org/record/337?ln=en   Accelerated Testing of FRP https://access.mti-global.org/record/78?ln=en   Corrosion Chronicles is hosted by Heather Allain and Marc Cook. Heather Allain is the Executive Director of Materials Technology Institute (MTI). She has been with the organization for 16 years and previously held an Associate Director position facilitating MTI's Project work. Before MTI, she worked as a Materials Engineer at DuPont for 15 years, and has a BS in Materials Engineering from Rice University. Marc Cook has a BS in Chemical Engineering from Purdue University and an MS in Material Engineering from NC State. He has worked for Dow for 26 years and at a contracting company in Cincinnati for 3 years. His current role at Dow is leading the Technical Services Team for Ceramics and Refractory at Dow and providing materials engineering support to Dow's Freeport, Texas site. Disclaimer: Marc Cook is an employee of Dow but is speaking purely in a personal capacity and is not talking about or recommending Dow products.   Corrosion Chronicles is produced by Association Briefings.

Grad Chat - Queen's School of Graduate Studies
Graziella Bedenik (Mechanical & Materials Engineering) – the potential to monitor freshwater lakes using robot swarms

Grad Chat - Queen's School of Graduate Studies

Play Episode Listen Later Feb 6, 2024


Development and Application of Autonomous Multi-Agent Underwater Robot Swarms for Environmental Monitoring and Response in Canadian Freshwater Lakes. For upcoming interviews check out the Grad Chat webpage on Queen’s University School of Graduate Studies & Postdoctoral Affairs website.

3Degrees Discussions
3Degrees Discussions #136 - Dr. Bill Frazier - Pilgrim Consulting

3Degrees Discussions

Play Episode Listen Later Jan 31, 2024 53:00


Dr. Frazier founded Pilgrim Consulting LLC following a successful 39 year long career within the Department of the Navy. Upon retiring, he held the positions of “The Navy Senior Scientist for Materials Engineering,” and “The Chief Scientist for the Air Vehicle Department” at the Naval Air Systems Command (NAVAIR). Dr. Bill Frazier received his BS, MS, and Ph.D. degrees in Materials Engineering from Drexel University Before we get started head over to www.3degreescompany.com and subscribe to the podcast. Remember you can listen to the show anywhere you download your podcasts including Spotify, Apple, Amazon, or Stitcher. Also, if you or your company are looking for materials, qualification, and or general Additive Manufacturing support. Reach out to the team through our website or via email at info@3degreescompany.com

Ceramic Tech Chat
Focusing on the fundamentals: Rajendra Bordia

Ceramic Tech Chat

Play Episode Listen Later Jan 16, 2024 29:03


While planning for the future is important, listening to others and adapting to new opportunities can lead to the most fulfilling and fruitful careers. Rajendra Bordia, the George J. Bishop, III Chair Professor of Ceramics and Materials Engineering at Clemson University, shares his somewhat unplanned pathway from mechanical into ceramic engineering, describes his approach to mentoring students, and discusses his goals as this year's president of The American Ceramic Society.View the transcript for this episode here.About the guestRajendra Bordia is the George J. Bishop, III Chair Professor of Ceramics and Materials Engineering at Clemson University in South Carolina. His research focuses on how processing conditions affect the final microstructure and properties of ceramics, with a specific focus on thermal processing methods. He is currently serving as president of The American Ceramic Society for 2023–2024, a role in which he will lead the Society through the development of a new strategic plan.About ACerSFounded in 1898, The American Ceramic Society is the leading professional membership organization for scientists, engineers, researchers, manufacturers, plant personnel, educators, and students working with ceramics and related materials.

Screaming in the Cloud
Benchmarking Security Attack Response Times in the Age of Automation with Anna Belak

Screaming in the Cloud

Play Episode Listen Later Jan 4, 2024 31:11


Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, joins Corey on Screaming in the Cloud to discuss the newest benchmark for responding to security threats, 5/5/5. Anna describes why it was necessary to set a new benchmark for responding to security threats in a timely manner, and how the Sysdig team did research to determine the best practices for detecting, correlating, and responding to potential attacks. Corey and Anna discuss the importance of focusing on improving your own benchmarks towards a goal, as well as how prevention and threat detection are both essential parts of a solid security program. About AnnaAnna has nearly ten years of experience researching and advising organizations on cloud adoption with a focus on security best practices. As a Gartner Analyst, Anna spent six years helping more than 500 enterprises with vulnerability management, security monitoring, and DevSecOps initiatives. Anna's research and talks have been used to transform organizations' IT strategies and her research agenda helped to shape markets. Anna is the Director of Thought Leadership at Sysdig, using her deep understanding of the security industry to help IT professionals succeed in their cloud-native journey. Anna holds a PhD in Materials Engineering from the University of Michigan, where she developed computational methods to study solar cells and rechargeable batteries.Links Referenced: Sysdig: https://sysdig.com/ Sysdig 5/5/5 Benchmark: https://sysdig.com/555 TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I am joined again—for another time this year—on this promoted guest episode brought to us by our friends at Sysdig, returning is Anna Belak, who is their director of the Office of Cybersecurity Strategy at Sysdig. Anna, welcome back. It's been a hot second.Anna: Thank you, Corey. It's always fun to join you here.Corey: Last time we were here, we were talking about your report that you folks had come out with, the, “Cybersecurity Threat Landscape for 2022.” And when I saw you were doing another one of these to talk about something, I was briefly terrified. “Oh, wow, please tell me we haven't gone another year and the cybersecurity threat landscape is moving that quickly.” And it sort of is, sort of isn't. You're here today to talk about something different, but it also—to my understanding—distills down to just how quickly that landscape is moving. What have you got for us today?Anna: Exactly. For those of you who remember that episode, one of the key findings in the Threat Report for 2023 was that the average length of an attack in the cloud is ten minutes. To be clear, that is from when you are found by an adversary to when they have caused damage to your system. And that is really fast. Like, we talked about how that relates to on-prem attacks or other sort of averages from other organizations reporting how long it takes to attack people.And so, we went from weeks or days to minutes, potentially seconds. And so, what we've done is we looked at all that data, and then we went and talked to our amazing customers and our many friends at analyst firms and so on, to kind of get a sense for if this is real, like, if everyone is seeing this or if we're just seeing this. Because I'm always like, “Oh, God. Like, is this real? Is it just me?”And as it turns out, everyone's not only—I mean, not necessarily everyone's seeing it, right? Like, there's not really been proof until this year, I would say because there's a few reports that came out this year, but lots of people sort of anticipated this. And so, when we went to our customers, and we asked for their SLAs, for example, they were like, “Oh, yeah, my SLA for a [PCRE 00:02:27] cloud is like 10, 15 minutes.” And I was like, “Oh, okay.” So, what we set out to do is actually set a benchmark, essentially, to see how well are you doing. Like, are you equipped with your cloud security program to respond to the kind of attack that a cloud security attacker is going to—sorry, an anti-cloud security—I guess—attacker is going to perpetrate against you.And so, the benchmark is—drumroll—5/5/5. You have five seconds to detect a signal that is relevant to potentially some attack in the cloud—hopefully, more than one such signal—you have five minutes to correlate all such relevant signals to each other so that you have a high fidelity detection of this activity, and then you have five more minutes to initiate an incident response process to hopefully shut this down, or at least interrupt the kill chain before your environments experience any substantial damage.Corey: To be clear, that is from a T0, a starting point, the stopwatch begins, the clock starts when the event happens, not when an event shows up in your logs, not once someone declares an incident. From J. Random Hackerman, effectively, we're pressing the button and getting the response from your API.Anna: That's right because the attackers don't really care how long it takes you to ship logs to wherever you're mailing them to. And that's why it is such a short timeframe because we're talking about, they got in, you saw something hopefully—and it may take time, right? Like, some of the—which we'll describe a little later, some of the activities that they perform in the early stages of the attack are not necessarily detectable as malicious right away, which is why your correlation has to occur, kind of, in real time. Like, things happen, and you're immediately adding them, sort of like, to increase the risk of this detection, right, to say, “Hey, this is actually something,” as opposed to, you know, three weeks later, I'm parsing some logs and being like, “Oh, wow. Well, that's not good.” [laugh].Corey: The number five seemed familiar to me in this context, so I did a quick check, and sure enough, allow me to quote from chapter and verse from the CloudTrail documentation over an AWS-land. “CloudTrail typically delivers logs within an average of about five minutes of an API call. This time is not guaranteed.” So effectively, if you're waiting for anything that's CloudTrail-driven to tell you that you have a problem, it is almost certainly too late by the time that pops up, no matter what that notification vector is.Anna: That is, unfortunately or fortunately, true. I mean, it's kind of a fact of life. I guess there is a little bit of a veiled [unintelligible 00:04:43] at our cloud provider friends because, really, they have to do better ultimately. But the flip side to that argument is CloudTrail—or your cloud log source of choice—cannot be your only source of data for detecting security events, right? So, if you are operating purely on the basis of, “Hey, I have information in CloudTrail; that is my security information,” you are going to have a bad time, not just because it's not fast enough, but also because there's not enough data in there, right? Which is why part of the first, kind of, benchmark component is that you must have multiple data sources for the signals, and they—ideally—all will be delivered to you within five seconds of an event occurring or a signal being generated.Corey: And give me some more information on that because I have my own alerter, specifically, it's a ClickOps detector. Whenever someone in one of my accounts does something in the console, that has a write aspect to it rather than just a read component—which again, look at what you want in the console, that's fine—if you're changing things that is not being managed by code, I want to know that it's happening. It's not necessarily bad, but I want to at least have visibility into it. And that spits out the principal, the IP address it emits from, and the rest. I haven't had a whole lot where I need to correlate those between different areas. Talk to me more about the triage step.Anna: Yeah, so I believe that the correlation step is the hardest, actually.Corey: Correlation step. My apologies.Anna: Triage is fine. It's [crosstalk 00:06:06]—Corey: Triage, correlations, the words we use matter on these things.Anna: Dude, we argued about the words on this for so long, you could even imagine. Yeah, triage, correlation, detection, you name it, we are looking at multiple pieces of data, we're going to connect them to each other meaningfully, and that is going to provide us with some insight about the fact that a bad thing is happening, and we should respond to it. Perhaps automatically respond to it, but we'll get to that. So, a correlation, okay. The first thing is, like I said, you must have more than one data source because otherwise, I mean, you could correlate information from one data source; you actually should do that, but you are going to get richer information if you can correlate multiple data sources, and if you can access, for example, like through an API, some sort of enrichment for that information.Like, I'll give you an example. For SCARLETEEL, which is an attack we describe in the thread report, and we actually described before, this is—we're, like—on SCARLETEEL, I think, version three now because there's so much—this particular certain actor is very active [laugh].Corey: And they have a better versioning scheme than most companies I've spoken to, but that's neither here nor there.Anna: [laugh]. Right? So, one of the interesting things about SCARLETEEL is you could eventually detect that it had happened if you only had access to CloudTrail, but you wouldn't have the full picture ever. In our case, because we are a company that relies heavily on system calls and machine learning detections, we [are able to 00:07:19] connect the system call events to the CloudTrail events, and between those two data sources, we're able to figure out that there's something more profound going on than just what you see in the logs. And I'll actually tell you, which, for example, things are being detected.So, in SCARLETEEL, one thing that happens is there's a crypto miner. And a crypto miner is one of these events where you're, like, “Oh, this is obviously malicious,” because as we wrote, I think, two years ago, it costs $53 to mine $1 of Bitcoin in AWS, so it is very stupid for you to be mining Bitcoin in AWS, unless somebody else is—Corey: In your own accounts.Anna: —paying the cloud bill. Yeah, yeah [laugh] in someone else's account, absolutely. Yeah. So, if you are a sysadmin or a security engineer, and you find a crypto miner, you're like, “Obviously, just shut that down.” Great. What often happens is people see them, and they think, “Oh, this is a commodity attack,” like, people are just throwing crypto miners whatever, I shut it down, and I'm done.But in the case of this attack, it was actually a red herring. So, they deployed the miner to see if they could. They could, then they determined—presumably; this is me speculating—that, oh, these people don't have very good security because they let random idiots run crypto miners in their account in AWS, so they probed further. And when they probed further, what they did was some reconnaissance. So, they type in commands, listing, you know, like, list accounts or whatever. They try to list all the things they can list that are available in this account, and then they reach out to an EC2 metadata service to kind of like, see what they can do, right?And so, each of these events, like, each of the things that they do, like, reaching out to a EC2 metadata service, assuming a role, doing a recon, even lateral movement is, like, by itself, not necessarily a scary, big red flag malicious thing because there are lots of, sort of, legitimate reasons for someone to perform those actions, right? Like, reconnaissance, for one example, is you're, like, looking around the environment to see what's up, right? So, you're doing things, like, listing things, [unintelligible 00:09:03] things, whatever. But a lot of the graphical interfaces of security tools also perform those actions to show you what's, you know, there, so it looks like reconnaissance when your tool is just, like, listing all the stuff that's available to you to show it to you in the interface, right? So anyway, the point is, when you see them independently, these events are not scary. They're like, “Oh, this is useful information.”When you see them in rapid succession, right, or when you see them alongside a crypto miner, then your tooling and/or your process and/or your human being who's looking at this should be like, “Oh, wait a minute. Like, just the enumeration of things is not a big deal. The enumeration of things after I saw a miner, and you try and talk to the metadata service, suddenly I'm concerned.” And so, the point is, how can you connect those dots as quickly as possible and as automatically as possible, so a human being doesn't have to look at, like, every single event because there's an infinite number of them.Corey: I guess the challenge I've got is that in some cases, you're never going to be able to catch up with this. Because if it's an AWS call to one of the APIs that they manage for you, they explicitly state there's no guarantee of getting information on this until the show's all over, more or less. So, how is there… like, how is there hope?Anna: [laugh]. I mean, there's always a forensic analysis, I guess [laugh] for all the things that you've failed to respond to.Corey: Basically we're doing an after-action thing because humans aren't going to react that fast. We're just assuming it happened; we should know about it as soon as possible. On some level, just because something is too late doesn't necessarily mean there's not value added to it. But just trying to turn this into something other than a, “Yeah, they can move faster than you, and you will always lose. The end. Have a nice night.” Like, that tends not to be the best narrative vehicle for these things. You know, if you're trying to inspire people to change.Anna: Yeah, yeah, yeah, I mean, I think one clear point of hope here is that sometimes you can be fast enough, right? And a lot of this—I mean, first of all, you're probably not going to—sorry, cloud providers—you don't go into just the cloud provider defaults for that level of performance, you are going with some sort of third-party tool. On the, I guess, bright side, that tool can be open-source, like, there's a lot of open-source tooling available now that is fast and free. For example, is our favorite, of course, Falco, which is looking at system calls on endpoints, and containers, and can detect things within seconds of them occurring and let you know immediately. There is other EBPF-based instrumentation that you can use out there from various vendors and/or open-source providers, and there's of course, network telemetry.So, if you're into the world of service mesh, there is data you can get off the network, also very fast. So, the bad news or the flip side to that is you have to be able to manage all that information, right? So, that means—again, like I said, you're not expecting a SOC analyst to look at thousands of system calls and thousands of, you know, network packets or flow logs or whatever you're looking at, and just magically know that these things go together. You are expecting to build, or have built for you by a vendor or the open-source community, some sort of dissection content that is taking this into account and then is able to deliver that alert at the speed of 5/5/5.Corey: When you see the larger picture stories playing out, as far as what customers are seeing, what the actual impact is, what gave rise to the five-minute number around this? Just because that tends to feel like it's a… it is both too long and also too short on some level. I'm just wondering how you wound up at—what is this based on?Anna: Man, we went through so many numbers. So, we [laugh] started with larger numbers, and then we went to smaller numbers, then we went back to medium numbers. We align ourselves with the timeframes we're seeing for people. Like I said, a lot of folks have an SLA of responding to a P0 within 10 or 15 minutes because their point basically—and there's a little bit of bias here into our customer base because our customer base is, A, fairly advanced in terms of cloud adoption and in terms of security maturity, and also, they're heavily in let's say, financial industries and other industries that tend to be early adopters of new technology. So, if you are kind of a laggard, like, you probably aren't that close to meeting this benchmark as you are if you're saying financial, right? So, we asked them how they operate, and they basically pointed out to us that, like, knowing 15 minutes later is too late because I've already lost, like, some number of millions of dollars if my environment is compromised for 15 minutes, right? So, that's kind of where the ten minutes comes from. Like, we took our real threat research data, and then we went around and talked to folks to see kind of what they're experiencing and what their own expectations are for their incident response in SOC teams, and ten minutes is sort of where we landed.Corey: Got it. When you see this happening, I guess, in various customer environments, assuming someone has missed that five-minute window, is a game over effectively? How should people be thinking about this?Anna: No. So, I mean, it's never really game over, right? Like until your company is ransomed to bits, and you have to close your business, you still have many things that you can do, hopefully, to save yourself. And also, I want to be very clear that 5/5/5 as a benchmark is meant to be something aspirational, right? So, you should be able to meet this benchmark for, let's say, your top use cases if you are a fairly high maturity organization, in threat detection specifically, right?So, if you're just beginning your threat detection journey, like, tomorrow, you're not going to be close. Like, you're going to be not at all close. The point here, though, is that you should aspire to this level of greatness, and you're going to have to create new processes and adopt new tools to get there. Now, before you get there, I would argue that if you can do, like, 10-10-10 or, like, whatever number you start with, you're on a mission to make that number smaller, right? So, if today, you can detect a crypto miner in 30 minutes, that's not great because crypto miners are pretty detectable these days, but give yourself a goal of, like, getting that 30 minutes down to 20, or getting that 30 minutes down to 10, right?Because we are so obsessed with, like, measuring ourselves against our peers and all this other stuff that we sometimes lose track of what actually is improving our security program. So yes, compare it to yourself first. But ultimately, if you can meet the 5/5/5 benchmark, then you are doing great. Like, you are faster than the attackers in theory, so that's the dream.Corey: So, I have to ask, and I suspect I might know the answer to this, but given that it seems very hard to move this quickly, especially at scale, is there an argument to be made that effectively prevention obviates the need for any of this, where if you don't misconfigure things in ways that should be obvious, if you practice defense-in-depth to a point where you can effectively catch things that the first layer meets with successive layers, as opposed to, “Well, we have a firewall. Once we're inside of there, well [laugh], it's game over for us.” Is prevention sufficient in some ways to obviate this?Anna: I think there are a lot of people that would love to believe that that's true.Corey: Oh, I sure would. It's such a comforting story.Anna: And we've done, like, I think one of my opening sentences in the benchmark, kind of, description, actually, is that we've done a pretty good job of advertising prevention in Cloud as an important thing and getting people to actually, like, start configuring things more carefully, or like, checking how those things have been configured, and then changing that configuration should they discover that it is not compliant with some mundane standard that everyone should know, right? So, we've made great progress, I think, in cloud prevention, but as usual, like, prevention fails, right? Like I still have smoke detectors in my house, even though I have done everything possible to prevent it from catching fire and I don't plan to set it on fire, right? But like, threat detection is one of these things that you're always going to need because no matter what you do, A, you will make a mistake because you're a human being, and there are too many things, and you'll make a mistake, and B, the bad guys are literally in the business of figuring ways around your prevention and your protective systems.So, I am full on on defense-in-depth. I think it's a beautiful thing. We should only obviously do that. And I do think that prevention is your first step to a holistic security program—otherwise, what even is the point—but threat detection is always going to be necessary. And like I said, even if you can't go 5/5/5, you don't have threat detection at that speed, you need to at least be able to know what happened later so you can update your prevention system.Corey: This might be a dangerous question to get into, but why not, that's what I do here. This [could 00:17:27] potentially an argument against Cloud, by which I mean that if I compromise someone's Cloud account on any of the major cloud providers, once I have access of some level, I know where everything else in the environment is as a general rule. I know that you're using S3 or its equivalent, and what those APIs look like and the rest, whereas as an attacker, if I am breaking into someone's crappy data center-hosted environment, everything is going to be different. Maybe they don't have a SAN at all, for example. Maybe they have one that hasn't been patched in five years. Maybe they're just doing local disk for some reason.There's a lot of discovery that has to happen that is almost always removed from Cloud. I mean, take the open S3 bucket problem that we've seen as a scourge for 5, 6, 7 years now, where it's not that S3 itself is insecure, but once you make a configuration mistake, you are now in line with a whole bunch of other folks who may have much more valuable data living in that environment. Where do you land on that one?Anna: This is the ‘leave cloud to rely on security through obscurity' argument?Corey: Exactly. Which I'm not a fan of, but it's also hard to argue against from time-to-time.Anna: My other way of phrasing it is ‘the attackers are ripping up the stack' argument. Yeah, so—and there is some sort of truth in that, right? Part of the reason that attackers can move that fast—and I think we say this a lot when we talk about the threat report data, too, because we literally see them execute this behavior, right—is they know what the cloud looks like, right? They have access to all the API documentation, they kind of know what all the constructs are that you're all using, and so they literally can practice their attack and create all these scripts ahead of time to perform their reconnaissance because they know exactly what they're looking at, right? On-premise, you're right, like, they're going to get into—even to get through my firewall, whatever, they're getting into my data center, they don't do not know what disaster I have configured, what kinds of servers I have where, and, like, what the network looks like, they have no idea, right?In Cloud, this is kind of all gifted to them because it's so standard, which is a blessing and a curse. It's a blessing because—well for them, I mean, because they can just programmatically go through this stuff, right? It's a curse for them because it's a blessing for us in the same way, right? Like, the defenders… A, have a much easier time knowing what they even have available to them, right? Like, the days of there's a server in a closet I've never heard of are kind of gone, right? Like, you know what's in your Cloud account because, frankly, AWS tells you. So, I think there is a trade-off there.The other thing is—about the moving up the stack thing, right—like no matter what you do, they will come after you if you have something worth exploiting you for, right? So, by moving up the stack, I mean, listen, we have abstracted all the physical servers, all of the, like, stuff we used to have to manage the security of because the cloud just does that for us, right? Now, we can argue about whether or not they do a good job, but I'm going to be generous to them and say they do a better job than most companies [laugh] did before. So, in that regard, like, we say, thank you, and we move on to, like, fighting this battle at a higher level in the stack, which is now the workloads and the cloud control plane, and the you name it, whatever is going on after that. So, I don't actually think you can sort of trade apples for oranges here. It's just… bad in a different way.Corey: Do you think that this benchmark is going to be used by various companies who will learn about it? And if so, how do you see that playing out?Anna: I hope so. My hope when we created it was that it would sort of serve as a goalpost or a way to measure—Corey: Yeah, it would just be marketing words on a page and never mentioned anywhere, that's our dream here.Anna: Yeah, right. Yeah, I was bored. So, I wrote some—[laugh].Corey: I had a word minimum to get out the door, so there we are. It's how we work.Anna: Right. As you know, I used to be a Gartner analyst, and my desire is always to, like, create things that are useful for people to figure out how to do better in security. And my, kind of, tenure at the vendor is just a way to fund that [laugh] more effectively [unintelligible 00:21:08].Corey: Yeah, I keep forgetting you're ex-Gartner. Yeah, it's one of those fun areas of, “Oh, yeah, we just want to basically talk about all kinds of things because there's a—we have a chart to fill out here. Let's get after it.”Anna: I did not invent an acronym, at least. Yeah, so my goal was the following. People are always looking for a benchmark or a goal or standard to be like, “Hey, am I doing a good job?” Whether I'm, like a SOC analyst or director, and I'm just looking at my little SOC empire, or I'm a full on CSO, and I'm looking at my entire security program to kind of figure out risk, I need some way to know whether what is happening in my organization is, like, sufficient, or on par, or anything. Is it good or is it bad? Happy face? Sad face? Like, I need some benchmark, right?So normally, the Gartner answer to this, typically, is like, “You can only come up with benchmarks that are—” they're, like, “Only you know what is right for your company,” right? It's like, you know, the standard, ‘it depends' answer. Which is true, right, because I can't say that, like, oh, a huge multinational bank should follow the same benchmark as, like, a donut shop, right? Like, that's unreasonable. So, this is also why I say that our benchmark is probably more tailored to the more advanced organizations that are dealing with kind of high maturity phenomena and are more cloud-native, but the donut shops should kind of strive in this direction, right?So, I hope that people will think of it this way: that they will, kind of, look at their process and say, “Hey, like, what are the things that would be really bad if they happened to me, in terms of sort detection?” Like, “What are the threats I'm afraid of where if I saw this in my cloud environment, I would have a really bad day?” And, “Can I detect those threats in 5/5/5?” Because if I can, then I'm actually doing quite well. And if I can't, then I need to set, like, some sort of roadmap for myself on how I get from where I am now to 5/5/5 because that implies you would be doing a good job.So, that's sort of my hope for the benchmark is that people think of it as something to aspire to, and if they're already able to meet it, then that they'll tell us how exactly they're achieving it because I really want to be friends with them.Corey: Yeah, there's a definite lack of reasonable ways to think about these things, at least in ways that can be communicated to folks outside of the bounds of the security team. I think that's one of the big challenges currently facing the security industry is that it is easy to get so locked into the domain-specific acronyms, philosophies, approaches, and the rest, that even coming from, “Well, I'm a cloud engineer who ostensibly needs to know about these things.” Yeah, wander around the RSA floor with that as your background, and you get lost very quickly.Anna: Yeah, I think that's fair. I mean, it is a very, let's say, dynamic and rapidly evolving space. And by the way, like, it was really hard for me to pick these numbers, right, because I… very much am on that whole, ‘it depends' bandwagon of I don't know what the right answer is. Who knows what the right answer is [laugh]? So, I say 5/5/5 today. Like, tomorrow, the attack takes five minutes, and now it's two-and-a-half/two-and-a-half, right? Like it's whatever.You have to pick a number and go for it. So, I think, to some extent, we have to try to, like, make sense of the insanity and choose some best practices to anchor ourselves in or some, kind of like, sound logic to start with, and then go from there. So, that's sort of what I go for.Corey: So, as I think about the actual reaction times needed for 5/5/5 to actually be realistic, people can't reliably get a hold of me on the phone within five minutes, so it seems like this is not something you're going to have humans in the loop for. How does that interface with the idea of automating things versus giving automated systems too much power to take your site down as a potential failure mode?Anna: Yeah. I don't even answer the phone anymore, so that wouldn't work at all. That's a really, really good question, and probably the question that gives me the most… I don't know, I don't want to say lost sleep at night because it's actually, it's very interesting to think about, right? I don't think you can remove humans from the loop in the SOC. Like, certainly there will be things you can auto-respond to some extent, but there'd better be a human being in there because there are too many things at stake, right?Some of these actions could take your entire business down for far more hours or days than whatever the attacker was doing before. And that trade-off of, like, is my response to this attack actually hurting the business more than the attack itself is a question that's really hard to answer, especially for most of us technical folks who, like, don't necessarily know the business impact of any given thing. So, first of all, I think we have to embrace other response actions. Back to our favorite crypto miners, right? Like there is no reason to not automatically shut them down. There is no reason, right? Just build in a detection and an auto-response: every time you see a crypto miner, kill that process, kill that container, kill that node. I don't care. Kill it. Like, why is it running? This is crazy, right?I do think it gets nuanced very quickly, right? So again, in SCARLETEEL, there are essentially, like, five or six detections that occur, right? And each of them theoretically has a potential auto-response that you could have executed depending on your, sort of, appetite for that level of intervention, right? Like, when you see somebody assuming a role, that's perfectly normal activity most of the time. In this case, I believe they actually assumed a machine role, which is less normal. Like, that's kind of weird.And then what do you do? Well, you can just, like, remove the role. You can remove that person's ability to do anything, or remove that role's ability to do anything. But that could be very dangerous because we don't necessarily know what the full scope of that role is as this is happening, right? So, you could take, like, a more mitigated auto-response action and add a restrictive policy to that rule, for example, to just prevent activity from that IP address that you just saw, right, because we're not sure about this IP address, but we're sure about this role, right?So, you have to get into these, sort of, risk-tiered response actions where you say, “Okay, this is always okay to do automatically. And this is, like, sometimes, okay, and this is never okay.” And as you develop that muscle, it becomes much easier to do something rather than doing nothing and just, kind of like, analyzing it in forensics and being, like, “Oh, what an interesting attack story,” right? So, that's step one, is just start taking these different response actions.And then step two is more long-term, and it's that you have to embrace the cloud-native way of life, right? Like this immutable, ephemeral, distributed religion that we've been selling, it actually works really well if you, like, go all-in on the religion. I sound like a real cult leader [laugh]. Like, “If you just go all in, it's going to be great.” But it's true, right?So, if your workflows are immutable—that means they cannot change as they're running—then when you see them drifting from their original configuration, like, you know, that is bad. So, you can immediately know that it's safe to take an auto-respon—well, it's safe, relatively safe, take an auto-response action to kill that workload because you are, like, a hundred percent certain it is not doing the right things, right? And then furthermore, if all of your deployments are defined as code, which they should be, then it is approximately—[though not entirely 00:27:31]—trivial to get that workload back, right? Because you just push a button, and it just generates that same Kubernetes cluster with those same nodes doing all those same things, right? So, in the on-premise world where shooting a server was potentially the, you know, fireable offense because if that server was running something critical, and you couldn't get it back, you were done.In the cloud, this is much less dangerous because there's, like, an infinite quantity of servers that you could bring back and hopefully Infrastructure-as-Code and, kind of, Configuration-as-Code in some wonderful registry, version-controlled for you to rely on to rehydrate all that stuff, right? So again, to sort of TL;DR, get used to doing auto-response actions, but do this carefully. Like, define a scope for those actions that make sense and not just, like, “Something bad happened; burn it all down,” obviously. And then as you become more cloud-native—which sometimes requires refactoring of entire applications—by the way, this could take years—just embrace the joy of Everything-as-Code.Corey: That's a good way of thinking about it. I just, I wish there were an easier path to get there, for an awful lot of folks who otherwise don't find a clear way to unlock that.Anna: There is not, unfortunately [laugh]. I mean, again, the upside on that is, like, there are a lot of people that have done it successfully, I have to say. I couldn't have said that to you, like, six, seven years ago when we were just getting started on this journey, but especially for those of you who were just at KubeCon—however, long ago… before this airs—you see a pretty robust ecosystem around Kubernetes, around containers, around cloud in general, and so even if you feel like your organization's behind, there are a lot of folks you can reach out to to learn from, to get some help, to just sort of start joining the masses of cloud-native types. So, it's not nearly as hopeless as before. And also, one thing I like to say always is, almost every organization is going to have some technical debt and some legacy workload that they can't convert to the religion of cloud.And so, you're not going to have a 5/5/5 threat detection SLA on those workloads. Probably. I mean, maybe you can, but probably you're not, and you may not be able to take auto-response actions, and you may not have all the same benefits available to you, but like, that's okay. That's okay. Hopefully, whatever that thing is running is, you know, worth keeping alive, but set this new standard for your new workloads. So, when your team is building a new application, or if they're refactoring an application, can't afford the new world, set the standard on them and don't, kind of like, torment the legacy folks because it doesn't necessarily make sense. Like, they're going to have different SLAs for different workloads.Corey: I really want to thank you for taking the time to speak with me yet again about the stuff you folks are coming out with. If people want to learn more, where's the best place for them to go?Anna: Thanks, Corey. It's always a pleasure to be on your show. If you want to learn more about the 5/5/5 benchmark, you should go to sysdig.com/555.Corey: And we will, of course, put links to that in the show notes. Thank you so much for taking the time to speak with me today. As always, it's appreciated. Anna Belak, Director at the Office of Cybersecurity Strategy at Sysdig. I'm Cloud Economist Corey Quinn, and this has been a promoted guest episode brought to us by our friends at Sysdig. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry, insulting comment that I will read nowhere even approaching within five minutes.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business, and we get to the point. Visit duckbillgroup.com to get started.

Corrosion Chronicles
Benefits and Challenges of Ceramic Refractories

Corrosion Chronicles

Play Episode Listen Later Jan 3, 2024 53:01


In this episode, Jay Schickling, senior principal consultant at Chemours, sits down with co-hosts Heather Allain and Marc Cook to discuss refractory ceramics. The three chat about refractory linings details for process heaters, including: bricks, monolithic linings, ceramic fiber, thermal expansion, dryout, anchoring systems, inspection techniques, acceptance criteria for defects, and repair techniques.   Show notes For more information about MTI's Global Solutions Symposium, visit https://www.mti-global.org/mtisymposium/home   Additional MTI resources: On-demand ceramics trainings: https://www.mti-global.org/participate/education   Corrosion Chronicles is hosted by Heather Allain and Marc Cook. Heather Allain is the Executive Director of Materials Technology Institute (MTI). She has been with the organization for 16 years and previously held an Associate Director position facilitating MTI's Project work. Before MTI, she worked as a Materials Engineer at DuPont for 15 years, and has a BS in Materials Engineering from Rice University. Marc Cook has a BS in Chemical Engineering from Purdue University and an MS in Material Engineering from NC State. He has worked for Dow for 26 years and at a contracting company in Cincinnati for 3 years. His current role at Dow is leading the Technical Services Team for Ceramics and Refractory at Dow and providing materials engineering support to Dow's Freeport, Texas site. Disclaimer: Marc Cook is an employee of Dow but is speaking purely in a personal capacity and is not talking about or recommending Dow products.   Corrosion Chronicles is produced by Association Briefings.

3Degrees Discussions
3Degrees Discussions #134 - Faith Oehlerking - Beehive Industries

3Degrees Discussions

Play Episode Listen Later Dec 13, 2023 36:57


That was Faith Oehlerking. She's works in Manufacturing Programs for Beehive Industries. Her experience has been working in the aviation and additive manufacturing industry with a focus in Laser Powder Bed Fusion (L-PBF). She has a bachelor of science degree focused in Metallurgical and Materials Engineering from Colorado School of Mines. Before we get started head over to www.3degreescompany.com and subscribe to the podcast. Remember you can listen to the show anywhere you download your podcasts including Spotify, Apple, Amazon, or Stitcher. Also, if you or your company are looking for materials, qualification, and or general Additive Manufacturing support. Reach out to the team through our website or via email at info@3degreescompany.com Be sure to check out our website www.3degreescompany.com for more content.

Futureproof with Jonathan McCrea
EIRSAT-1: Ireland's first satellite set for launch

Futureproof with Jonathan McCrea

Play Episode Listen Later Nov 12, 2023 32:11


The Educational Irish Research Satellite 1 (EIRSAT-1) is set for launch in November, which will make it Ireland's first venture into space. To discuss, Jonathan is joined by Dr. David McKeown, Assistant Professor/Lecturer in the School of Mechanical and Materials Engineering at UCD, and the Engineering Manager for the EIRSAT-1 project.For this week's episode of Newsround, Jonathan is joined by Dr Oran Kennedy, Associate Professor of Anatomy and Regenerative Medicine, RCSI & Dr. Fergus McAuliffe, Communications and Public Engagement Manager at iCRAG, the Science Foundation Ireland Research Centre for Applied Geosciences.

Medsider Radio: Learn from Medical Device and Medtech Thought Leaders
A Roadmap to Serial Medtech Entrepreneurship: Interview with SinglePass CEO Bill Colone

Medsider Radio: Learn from Medical Device and Medtech Thought Leaders

Play Episode Listen Later Oct 27, 2023 52:36


In this episode of Medsider Radio, we sat down with Bill Colone, the CEO and Chairman of SinglePass, a company developing an electrocautery device for deep tissue biopsies.Bill previously headed Spinal Singularity, raising over $11 million for product and clinical development. He was VP of R&D at Direct Flow Medical and the President of Endomed, which was sold in 2005. Bill also served in multiple leadership roles at Endologix and holds 13 U.S. patents with more pending. He earned his bachelor's in Chemical Engineering from Arizona State University, where he later served as an Associate Faculty Member and sits on the advisory committee for Chemical and Materials Engineering.In this interview, Bill shares invaluable insights and actionable strategies for building and leveraging an expansive network, optimizing fundraising, and strategically planning for both acquisition and independent growth. Before we dive into the discussion, I wanted to mention a few things:First, if you're into learning from medical device and health technology founders and CEOs, and want to know when new interviews are live, head over to Medsider.com and sign up for our free newsletter.Second, if you want to peek behind the curtain of the world's most successful startups, you should consider a Medsider premium membership. You'll learn the strategies and tactics that founders and CEOs use to build and grow companies like Silk Road Medical, AliveCor, Shockwave Medical, and hundreds more!We recently introduced some fantastic additions exclusively for Medsider premium members, including playbooks, which are curated collections of our top Medsider interviews on key topics like capital fundraising and risk mitigation, and a curated investor database to help you discover your next medical device or health technology investor!In addition to the entire back catalog of Medsider interviews over the past decade, premium members also get a copy of every volume of Medsider Mentors at no additional cost, including the recently launched Medsider Mentors Volume IV. If you're interested, go to medsider.com/subscribe to learn more.Lastly, if you'd rather read than listen, here's a link to the full interview with Bill Colone.

MIB Agents OsteoBites
Addressing the Unmet Scientific Challenges in Osteosarcoma Treatment through Innovative Engineering Techniques

MIB Agents OsteoBites

Play Episode Listen Later Sep 15, 2023 58:04


Dr. Fiona Freeman is an Assistant Professor in the School of Mechanical and Materials Engineering at University College Dublin (UCD). She graduated in Biomedical Engineering in 2011 and earned her PhD from the University of Galway in 2016, focusing on developing new strategies for bone tissue regeneration. Afterward, Dr. Freeman was awarded two prestigious postdoctoral fellowships: the Government of Ireland IRC Postdoctoral Research Fellowship and the Marie Skłodowska-Curie Global Fellowship. These fellowships provided her with opportunities to work as a postdoctoral researcher in renowned labs at Massachusetts Institute of Technology (MIT), Brigham and Women's Hospital, Johns Hopkins University, and Trinity College Dublin. In September 2022, Dr. Freeman was appointed as the first Ad Astra fellow in the School of Mechanical and Materials Engineering. Her current research focuses on using innovative engineering techniques to gain a better understanding of and develop novel therapeutics for treating osteosarcoma, a paediatric bone cancer. As part of her research, Dr. Freeman identified a novel microRNA, miR-29b, as a potential therapeutic target for osteosarcoma. She formulated miR-29b nanoparticles and delivered the miRNA to the tumour site using a hyaluronic-based hydrogel delivery system. The results showed a significant decrease in tumour burden, increased survival rates, and enhanced regeneration of the damaged bone surrounding the tumour. These findings have the potential to revolutionize osteosarcoma treatment and improve patient outcomes by significantly reducing the primary tumour mass and providing crucial data that will inform the design of future therapies for young patients. Dr. Freeman conducted this work in collaboration with researchers at MIT and Brigham and Women's Hospital. In the coming years, Dr. Freeman is dedicated to building upon this research and advancing this technology toward clinical application. --- What We Do at MIB Agents: PROGRAMS: End-of-Life MISSIONS Gamer Agents Agent Writers Prayer Agents Healing Hearts - Bereaved Parent and Sibling Support Ambassador Agents - Peer Support Warrior Mail Young Adult Survivorship Support Group EDUCATION for physicians, researchers and families: OsteoBites, weekly webinar & podcast with thought leaders and innovators in Osteosarcoma MIB Book: Osteosarcoma: From our Families to Yours RESEARCH: Annual MIB FACTOR Research Conference Funding multiple $100,000 and $50,000 grants annually for OS research MIB Testing & Research Directory The Osteosarcoma Project partner with Broad Institute of MIT and Harvard ... Kids are still dying with 40+ year old treatments. Help us MakeItBetter. https://www.mibagents.org​ Help support MIB Agents, Donate here https://give-usa.keela.co/embed/YAipuSaWxHPJP7RCJ SUBSCRIBE for all the Osteosarcoma Intel

THIS IS THE FUTURE
JACQUELINE ANIM, SR. PRINCIPAL MATERIALS ENGINEER AT JOHNSON & JOHNSON

THIS IS THE FUTURE

Play Episode Listen Later Sep 5, 2023 85:51


Welcome to another episode of This is the Future. In this week's episode, we had the distinct honor of sitting down with Jacqueline Anim, a seasoned expert in the field of Materials Engineering and Senior Principal Materials Engineer at Johnson & Johnson. Jacqueline's journey into materials engineering is as remarkable as her expertise. She initially pursued her passion for chemical engineering in Kwame Nkrumah University of Science and Technology, Kumasi, Ghana, before embarking on a transformative career abroad. Her first stint in the industry was with General Motors, where she spent an impressive 14 years 9 months honing her skills and making significant contributions. She left General Motors for Johnson & Johnson! With a career spanning over 28 years, Jacqueline Anim has become a world-renowned authority in materials engineering, with extensive experience in both the automotive and medical industries. Her wealth of knowledge and contributions to the field are nothing short of exemplary. In this episode, we unravel the complexities of materials engineering, making it accessible even to those with little to no prior knowledge. Jacqueline provides invaluable insights into the key principles, challenges, and innovations in the field. Whether you're a novice eager to learn or someone looking to deepen your understanding, this podcast is the ultimate crash course in materials engineering that you won't find anywhere else on the internet. Join us in this exciting journey into the future of materials engineering on This is the Future!

Screaming in the Cloud
Exposing the Latest Cloud Threats with Anna Belak

Screaming in the Cloud

Play Episode Listen Later Aug 3, 2023 31:35


Anna Belak, Director of The Office of Cybersecurity Strategy at Sysdig, joins Corey on Screaming in the Cloud to discuss the findings in this year's newly-released Sysdig Global Cloud Threat Report. Anna explains the challenges that teams face in ensuring their cloud is truly secure, including quantity of data versus quality, automation, and more. Corey and Anna also discuss how much faster attacks are able to occur, and Anna gives practical insights into what can be done to make your cloud environment more secure. About AnnaAnna has nearly ten years of experience researching and advising organizations on cloud adoption with a focus on security best practices. As a Gartner Analyst, Anna spent six years helping more than 500 enterprises with vulnerability management, security monitoring, and DevSecOps initiatives. Anna's research and talks have been used to transform organizations' IT strategies and her research agenda helped to shape markets. Anna is the Director of The Office of Cybersecurity Strategy at Sysdig, using her deep understanding of the security industry to help IT professionals succeed in their cloud-native journey.Anna holds a PhD in Materials Engineering from the University of Michigan, where she developed computational methods to study solar cells and rechargeable batteries.Links Referenced: Sysdig: https://sysdig.com/ Sysdig Global Cloud Threat Report: https://www.sysdig.com/2023threatreport duckbillgroup.com: https://duckbillgroup.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted guest episode is brought to us by our friends over at Sysdig. And once again, I am pleased to welcome Anna Belak, whose title has changed since last we spoke to Director of the Office of Cybersecurity Strategy at Sysdig. Anna, welcome back, and congratulations on all the adjectives.Anna: [laugh]. Thank you so much. It's always a pleasure to hang out with you.Corey: So, we are here today to talk about a thing that has been written. And we're in that weird time thing where while we're discussing it at the moment, it's not yet public but will be when this releases. The Sysdig Global Cloud Threat Report, which I am a fan of. I like quite a bit the things it talks about and the ways it gets me thinking. There are things that I wind up agreeing with, there are things I wind up disagreeing with, and honestly, that makes it an awful lot of fun.But let's start with the whole, I guess, executive summary version of this. What is a Global Cloud Threat Report? Because to me, it seems like there's an argument to be made for just putting all three of the big hyperscale clouds on it and calling it a day because they're all threats to somebody.Anna: To be fair, we didn't think of the cloud providers themselves as the threats, but that's a hot take.Corey: Well, an even hotter one is what I've seen out of Azure lately with their complete lack of security issues, and the attackers somehow got a Microsoft signing key and the rest. I mean, at this point, I feel like Charlie Bell was brought in from Amazon to head cybersecurity and spent the last two years trapped in the executive washroom or something. But I can't prove it, of course. No, you target the idea of threats in a different direction, towards what people more commonly think of as threats.Anna: Yeah, the bad guys [laugh]. I mean, I would say that this is the reason you need a third-party security solution, buy my thing, blah, blah, blah, but [laugh], you know? Yeah, so we are—we have a threat research team like I think most self-respecting security vendors these days do. Ours, of course, is the best of them all, and they do all kinds of proactive and reactive research of what the bad guys are up to so that we can help our customers detect the bad guys, should they become their victims.Corey: So, there was a previous version of this report, and then you've, in long-standing tradition, decided to go ahead and update it. Unlike many of the terrible professors I've had in years past, it's not just slap a new version number, change the answers to some things, and force all the students to buy a new copy of the book every year because that's your retirement plan, you actually have updated data. What are the big changes you've seen since the previous incarnation of this?Anna: That is true. In fact, we start from scratch, more or less, every year, so all the data in this report is brand new. Obviously, it builds on our prior research. I'll say one clearly connected piece of data is, last year, we did a supply chain story that talked about the bad stuff you can find in Docker Hub. This time we upleveled that and we actually looked deeper into the nature of said bad stuff and how one might identify that an image is bad.And we found that 10% of the malware scary things inside images actually can't be detected by most of your static tools. So, if you're thinking, like, static analysis of any kind, SCA, vulnerability scanning, just, like, looking at the artifact itself before it's deployed, you actually wouldn't know it was bad. So, that's a pretty cool change, I would say [laugh].Corey: It is. And I'll also say what's going to probably sound like a throwaway joke, but I assure you it's not, where you're right, there is a lot of bad stuff on Docker Hub and part of the challenge is disambiguating malicious-bad and shitty-bad. But there are serious security concerns to code that is not intended to be awful, but it is anyway, and as a result, it leads to something that this report gets into a fair bit, which is the ideas of, effectively, lateralling from one vulnerability to another vulnerability to another vulnerability to the actual story. I mean, Capital One was a great example of this. They didn't do anything that was outright negligent like leaving an S3 bucket open; it was a determined sophisticated attacker who went from one mistake to one mistake to one mistake to, boom, keys to the kingdom. And that at least is a little bit more understandable even if it's not great when it's your bank.Anna: Yeah. I will point out that in the 10% that these things are really bad department, it was 10% of all things that were actually really bad. So, there were many things that were just shitty, but we had pared it down to the things that were definitely malicious, and then 10% of those things you could only identify if you had some sort of runtime analysis. Now, runtime analysis can be a lot of different things. It's just that if you're relying on preventive controls, you might have a bad time, like, one times out of ten, at least.But to your point about, kind of, chaining things together, I think that's actually the key, right? Like, that's the most interesting moment is, like, which things can they grab onto, and then where can they pivot? Because it's not like you barge in, open the door, like, you've won. Like, there's multiple steps to this process that are sometimes actually quite nuanced. And I'll call out that, like, one of the other findings we got this year that was pretty cool is that the time it takes to get through those steps is very short. There's a data point from Mandiant that says that the average dwell time for an attacker is 16 days. So like, two weeks, maybe. And in our data, the average dwell time for the attacks we saw was more like ten minutes.Corey: And that is going to be notable for folks. Like, there are times where I have—in years past; not recently, mind you—I have—oh, I'm trying to set something up, but I'm just going to open this port to the internet so I can access it from where I am right now and I'll go back and shut it in a couple hours. There was a time that that was generally okay. These days, everything happens so rapidly. I mean, I've sat there with a stopwatch after intentionally committing AWS credentials to Gif-ub—yes, that's how it's pronounced—and 22 seconds until the first probing attempt started hitting, which was basically impressively fast. Like, the last thing in the entire sequence was, and then I got an alert from Amazon that something might have been up, at which point it is too late. But it's a hard problem and I get it. People don't really appreciate just how quickly some of these things can evolve.Anna: Yeah. And I think the main reason, from at least what we see, is that the bad guys are into the cloud saying, right, like, we good guys love the automation, we love the programmability, we love the immutable infrastructure, like, all this stuff is awesome and it's enabling us to deliver cool products faster to our customers and make more money, but the bad guys are using all the same benefits to perpetrate their evil crimes. So, they're building automation, they're stringing cool things together. Like, they have scripts that they run that basically just scan whatever's out there to see what new things have shown up, and they also have scripts for reconnaissance that will just send a message back to them through Telegram or WhatsApp, letting them know like, “Hey, I've been running, you know, for however long and I see a cool thing you may be able to use.” Then the human being shows up and they're like, “All right. Let's see what I can do with this credential,” or with this misconfiguration or what have you. So, a lot of their initial, kind of, discovery into what they can get at is heavily automated, which is why it's so fast.Corey: I feel like, on some level, this is an unpleasant sharp shock for an awful lot of executives because, “Wait, what do you mean attackers can move that quickly? Our crap-ass engineering teams can't get anything released in less than three sprints. What gives?” And I don't think people have a real conception of just how fast bad actors are capable of moving.Anna: I think we said—actually [unintelligible 00:07:57] last year, but this is a business for them, right? They're trying to make money. And it's a little bleak to think about it, but these guys have a day job and this is it. Like, our guys have a day job, that's shipping code, and then they're supposed to also do security. The bad guys just have a day job of breaking your code and stealing your stuff.Corey: And on some level, it feels like you have a choice to make in which side you go at. And it's, like, which one of those do I spend more time in meetings with? And maybe that's not the most legitimate way to pick a job; ethics do come into play. But yeah, there's it takes a certain similar mindset, on some level, to be able to understand just how the security landscape looks from an attacker's point of view.Anna: I'll bet the bad guys have meetings too, actually.Corey: You know, you're probably right. Can you imagine the actual corporate life of a criminal syndicate? That's a sitcom in there that just needs to happen. But again, I'm sorry, I shouldn't talk about that. We're on a writer's strike this week, so there's that.One thing that came out of the report that makes perfect sense—and I've heard about it, but I haven't seen it myself and I wanted to dive into on this—specifically that automation has been weaponized in the cloud. Now, it's easy to misinterpret that the first time you read it—like I did—as, “Oh, you mean the bad guys have discovered the magic of shell scripts? No kidding.” It's more than that. You have reports of people using things like CloudFormation to stand up resources that are then used to attack the rest of the infrastructure.And it's, yeah, it makes perfect sense. Like, back in the data center days, it was a very determined attacker that went through the process of getting an evil server stuffed into a rack somewhere. But it's an API call away in cloud. I'm surprised we haven't seen this before.Anna: Yeah. We probably have; I don't know if we've documented before. And sometimes it's hard to know that that's what's happening, right? I will say that both of those things are true, right? Like the shell scripts are definitely there, and to your point about how long it takes, you know, to stopwatch, these things, on the short end of our dwell time data set, it's zero seconds. It's zero seconds from, like, A to B because it's just a script.And that's not surprising. But the comment about CloudFormation specifically, right, is we're talking about people, kind of, figuring out how to create policy in the cloud to prevent bad stuff from happening because they're reading all the best practices ebooks and whatever, watching the YouTube videos. And so, you understand that you can, say, write policy to prevent users from doing certain things, but sometimes we forget that, like, if you don't want a user to be able to attach user policy to something. If you didn't write the rule that says you also can't do that in CloudFormation, then suddenly, you can't do it in command line, but you can do it in CloudFormation. So there's, kind of, things like this, where for every kind of tool that allows this beautiful, programmable, immutable infrastructure, kind of, paradigm, you now have to make sure that you have security policies that prevent those same tools from being used against you and deploying evil things because you didn't explicitly say that you can't deploy evil things with this tool and that tool and that other tool in this other way. Because there's so many ways to do things, right?Corey: That's part of the weird thing, too, is that back when I was doing the sysadmin dance, it was a matter of taking a bunch of tools that did one thing well—or, you know, aspirationally well—and then chaining them together to achieve things. Increasingly, it feels like that's what cloud providers have become, where they have all these different services with different capabilities. One of the reasons that I now have a three-part article series, each one titled, “17 Ways to Run Containers on AWS,” adding up for a grand total of 51 different AWS services you can use to run containers with, it's not just there to make fun of the duplication of efforts because they're not all like that. But rather, each container can have bad acting behaviors inside of it. And are you monitoring what's going on across that entire threatened landscape?People were caught flat-footed to discover that, “Wait, Lambda functions can run malware? Wow.” Yes, effectively, anything that can bang two bits together and return a result is capable of running a lot of these malware packages. It's something that I'm not sure a number of, shall we say, non-forward-looking security teams have really wrapped their heads around yet.Anna: Yeah, I think that's fair. And I mean, I always want to be a little sympathetic to the folks, like, in the trenches because it's really hard to know all the 51 ways to run containers in the cloud and then to be like, oh, 51 ways to run malicious containers in the cloud. How do I prevent all of them, when you have a day job?Corey: One point that it makes in the report here is that about who the attacks seem to be targeting. And this is my own level of confusion that I imagine we can probably wind up eviscerating neatly. Back when I was running, like, random servers for me for various projects I was working on—or working at small companies—there was a school of thought in some quarters that, well, security is not that important to us. We don't have any interesting secrets. Nobody actually cares.This was untrue because a lot of these things are running on autopilot. They don't have enough insight to know that you're boring and you have to defend just like everyone else does. But then you see what can only be described as dumb attacks. Like there was the attack on Twitter a few years ago where a bunch of influential accounts tweeted about some bitcoin scam. It's like, you realize with the access you had, you had so many other opportunities to make orders of magnitude more money if you want to go down that path or to start geopolitical conflict or all kinds of other stuff. I have to wonder how much these days are attacks targeted versus well, we found an endpoint that doesn't seem to be very well secured; we're going to just exploit it.Anna: Yeah. So, that's correct intuition, I think. We see tons of opportunistic attacks, like, non-stop. But it's just, like, hitting everything, honeypots, real accounts, our accounts, your accounts, like, everything. Many of them are pretty easy to prevent, honestly, because it's like just mundane stuff, whatever, so if you have decent security hygiene, it's not a big deal.So, I wouldn't say that you're safe if you're not special because none of us are safe and none of us are that special. But what we've done here is we actually deliberately wanted to see what would be attacked as a fraction, right? So, we deployed a honey net that was indicative of what a financial org would look like or what a healthcare org would look like to see who would bite, right? And what we expected to see is that we probably—we thought the finance would be higher because obviously, that's always top tier. But for example, we thought that people would go for defense more or for health care.And we didn't see that. We only saw, like, 5% I think for health—very small numbers for healthcare and defense and very high numbers for financial services and telcos, like, around 30% apiece, right? And so, it's a little curious, right, because you—I can theorize as to why this is. Like, telcos and finance, obviously, it's where the money is, like, great [unintelligible 00:14:35] for fraud and all this other stuff, right?Defense, again, maybe people don't think defense and cloud. Healthcare arguably isn't that much in cloud, right? Like a lot of health healthcare stuff is on-premise, so if you see healthcare in cloud, maybe, you, like, think it's a honeypot or you don't [laugh] think it's worth your time? You know, whatever. Attacker logic is also weird. But yeah, we were deliberately trying to see which verticals were the most attractive for these folks. So, these attacks are infected targeted because the victim looked like the kind of thing they should be looking for if they were into that.Corey: And how does it look in that context? I mean, part of me secretly suspects that an awful lot of terrible startup names where they're so frugal they don't buy vowels, is a defense mechanism. Because you wind up with something that looks like a cat falling on a keyboard as a company name, no attacker is going to know what the hell your company does, so therefore, they're not going to target you specifically. Clearly, that's not quite how it works. But what are those signals that someone gets into an environment and says, “Ah, this is clearly healthcare,” versus telco versus something else?Anna: Right. I think you would be right. If you had, like… hhhijk as your company name, you probably wouldn't see a lot of targeted attacks. But where we're saying either the company and the name looks like a provider of that kind, and-slash-or they actually contain some sort of credential or data inside the honeypot that appears to be, like, a credential for a certain kind of thing. So, it really just creatively naming things so they look delicious.Corey: For a long time, it felt like—at least from a cloud perspective because this is how it manifested—the primary purpose of exploiting a company's cloud environment was to attempt to mine cryptocurrency within it. And I'm not sure if that was ever the actual primary approach, or rather, that was just the approach that people noticed because suddenly, their AWS bill looks a lot more like a telephone number than it did yesterday, so they can as a result, see that it's happening. Are these attacks these days, effectively, just to mine Bitcoin, if you'll pardon the oversimplification, or are they focused more on doing more damage in different ways?Anna: The analyst answer: it depends. So, again, to your point about how no one's safe, I think most attacks by volume are going to be opportunistic attacks, where people just want money. So, the easiest way right now to get money is to mine coins and then sell those coins, right? Obviously, if you have the infrastructure as a bad guy to get money in other ways, like, you could do extortion through ransomware, you might pursue that. But the overhead on ransomware is, like, really high, so most people would rather not if they can get money other ways.Now, because by volume APTs, or Advanced Persistent Threats, are much smaller than all the opportunistic guys, they may seem like they're not there or we don't see them. They're also usually better at attacking people than the opportunistic guys who will just spam everybody and see what they get, right? But even folks who are not necessarily nation states, right, like, we see a lot of attacks that probably aren't nation states, but they're quite sophisticated because we see them moving through the environment and pivoting and creating things and leveraging things that are quite interesting, right? So, one example is that they might go for a vulnerable EC2 instance—right, because maybe you have Log4J or whatever you have exposed—and then once they're there, they'll look around to see what else they can get. So, they'll pivot to the Cloud Control Plane, if it's possible, or they'll try to.And then in a real scenario we actually saw in an attack, they found a Terraform state file. So, somebody was using Terraform for provisioning whatever. And it requires an access key and this access key was just sitting in an S3 bucket somewhere. And I guess the victim didn't know or didn't think it was an issue. And so, this state file was extracted by the attacker and they found some [unintelligible 00:18:04], and they logged into whatever, and they were basically able to access a bunch of information they shouldn't have been able to see, and this turned into a data [extraction 00:18:11] scenario and some of that data was intellectual property.So, maybe that wasn't useful and maybe that wasn't their target. I don't know. Maybe they sold it. It's hard to say, but we increasingly see these patterns that are indicative of very sophisticated individuals who understand cloud deeply and who are trying to do intentionally malicious things other than just like, I popped [unintelligible 00:18:30]. I'm happy.Corey: This episode is sponsored in part by our friends at Calisti.Introducing Calisti. With Integrated Observability, Calisti provides a single pane of glass for accelerated root cause analysis and remediation. It can set, track, and ensure compliance with Service Level Objectives.Calisti provides secure application connectivity and management from datacenter to cloud, making it the perfect solution for businesses adopting cloud native microservice-based architectures. If you're running Apache Kafka, Calisti offers a turnkey solution with automated operations, seamless integrated security, high-availability, disaster recovery, and observability. So you can easily standardize and simplify microservice security, observability, and traffic management. Simplify your cloud-native operations with Calisti. Learn more about Calisti at calisti.app.Corey: I keep thinking of ransomware as being a corporate IT side of problem. It's a sort of thing you'll have on your Windows computers in your office, et cetera, et cetera, despite the fact that intellectually I know better. There were a number of vendors talking about ransomware attacks and encrypting data within S3, and initially, I thought, “Okay, this sounds like exactly a story people would talk about some that isn't really happening in order to sell their services to guard against it.” And then AWS did a blog post saying, “We have seen this, and here's what we have learned.” It's, “Oh, okay. So, it is in fact real.”But it's still taking me a bit of time to adapt to the new reality. I think part of this is also because back when I was hands-on-keyboard, I was unlucky, and as a result, I was kept from taking my aura near anything expensive or long-term like a database, and instead, it's like, get the stateless web servers. I can destroy those and we'll laugh and laugh about it. It'll be fine. But it's not going to destroy the company in the same way. But yeah, there are a lot of important assets in cloud that if you don't have those assets, you will no longer have a company.Anna: It's funny you say that because I became a theoretical physicist instead of experimental physicist because when I walked into the room, all the equipment would stop functioning.Corey: Oh, I like that quite a bit. It's one of those ideas of, yeah, your aura just winds up causing problems. Like, “You are under no circumstances to be within 200 feet of the SAN. Is that clear?” Yeah, same type of approach.One thing that I particularly like that showed up in the report that has honestly been near and dear to my heart is when you talk about mitigations around compromised credentials at one point when GitHub winds up having an AWS credential, AWS has scanners and a service that will catch that and apply a quarantine policy to those IAM credentials. The problem is, is that policy goes nowhere near far enough at all. I wound up having fun thought experiment a while back, not necessarily focusing on attacking the cloud so much as it was a denial of wallet attack. With a quarantined key, how much money can I cost? And I had to give up around the $26 billion dollar mark.And okay, that project can't ever see the light of day because it'll just cause grief for people. The problem is that the mitigations around trying to list the bad things and enumerate them mean that you're forever trying to enumerate something that is innumerable in and of itself. It feels like having a hard policy of once this is compromised, it's not good for anything would be the right answer. But people argue with me on that.Anna: I don't think I would argue with you on that. I do think there are moments here—again, I have to have sympathy for the folks who are actually trying to be administrators in the cloud, and—Corey: Oh God, it's hard.Anna: [sigh]. I mean, a lot of the things we choose to do as cloud users and cloud admins are things that are very hard to check for security goodness, if you will, right, like, the security quality of the naming convention of your user accounts or something like that, right? One of the things we actually saw in this report it—and it almost made me cry, like, how visceral my reaction was to this thing—is, there were basically admin accounts in this cloud environment, and they were named according to a specific convention, right? So, if you were, like, admincorey and adminanna, like, that, if you were an admin, you've got an adminanna account, right? And then there was a bunch of rules that were written, like, policies that would prevent you from doing things to those accounts so that they couldn't be compromised.Corey: Root is my user account. What are you talking about?Anna: Yeah, totally. Yeah [laugh]. They didn't. They did the thing. They did the good accounts. They didn't just use root everybody. So, everyone had their own account, it was very neat. And all that happened is, like, one person barely screwed up the naming of their account, right? Instead of a lowercase admin, they use an uppercase Admin, and so all of the policy written for lowercase admin didn't apply to them, and so the bad guy was able to attach all kinds of policies and basically create a key for themselves to then go have a field day with this admin account that they just found laying around.Now, they did nothing wrong. It's just, like, a very small mistake, but the attacker knew what to do, right? The attacker went and enumerated all these accounts or whatever, like, they see what's in the environment, they see the different one, and they go, “Oh, these suckers created a convention, and like, this joker didn't follow it. And I've won.” Right? So, they know to check with that stuff.But our guys have so much going on that they might forget, or they might just you know, typo, like, whatever. Who cares. Is it case-sensitive? I don't know. Is it not case-sensitive? Like, some policies are, some policies aren't. Do you remember which ones are and which ones aren't? And so, it's a little hopeless and painful as, like, a cloud defender to be faced with that, but that's sort of the reality.And right now we're in kind of like, ah, preventive security is the way to save yourself in cloud mode, and these things just, like, they don't come up on, like, the benchmarks and, like the configuration checks and all this other stuff that's just going, you know, canned, did you, you know, put MFA on your user account? Like, yeah, they did, but [laugh] like, they gave it a wrong name and now it's a bad na—so it's a little bleak.Corey: There's too much data. Filtering it becomes nightmarish. I mean, I have what I think of as the Dependabot problem, where every week, I get this giant list of Dependabot freaking out about every repository I have on Gif-ub and every dependency thereof. And some of the stuff hasn't been deployed in years and I don't care. Other stuff is, okay, I can see how that markdown parser could have malicious input passed to it, but it's for an internal project that only ever has very defined things allowed to talk to it so it doesn't actually matter to me.And then at some point, it's like, you expect to read, like, three-quarters of the way down the list of a thousand things, like, “Oh, and by the way, the basement's on fire.” And then have it keep going on where it's… filtering the signal from noise is such a problem that it feels like people only discover the warning signs after they're doing forensics when something has already happened rather than when it's early enough to be able to fix things. How do you get around that problem?Anna: It's brutal. I mean, I'm going to give you, like, my [unintelligible 00:24:28] vendor answer: “It's just easy. Just do what we said.” But I think [laugh] in all honesty, you do need to have some sort of risk prioritization. I'm not going to say I know the answer to what your algorithm has to be, but our approach of, like, oh, let's just look up the CVSS score on the vulnerabilities. Oh, look, 600,000 criticals. [laugh]. You know, you have to be able to filter past that, too. Like, is this being used by the application? Like, has this thing recently been accessed? Like, does this user have permissions? Have they used those permissions?Like, these kinds of questions that we know to ask, but you really have to kind of like force the security team, if you will, or the DevOps team or whatever team you have to actually, instead of looking at the list and crying, being like, how can we pare this list down? Like anything at all, just anything at all. And do that iteratively, right? And then on the other side, I mean, it's so… defense-in-depth, like, right? I know it's—I'm not supposed to say that because it's like, not cool anymore, but it's so true in cloud, like, you have to assume that all these controls will fail and so you have to come up with some—Corey: People will fail, processes will fail, controls will fail, and great—Anna: Yeah.Corey: How do you make sure that one of those things failing isn't winner-take-all?Anna: Yeah. And so, you need some detection mechanism to see when something's failed, and then you, like, have a resilience plan because you know, if you can detect that it's failed, but you can't do anything about it, I mean, big deal, [laugh] right? So detection—Corey: Good job. That's helpful.Anna: And response [laugh]. And response. Actually, mostly response yeah.Corey: Otherwise, it's, “Hey, guess what? You're not going to believe this, but…” it goes downhill from there rapidly.Anna: Just like, how shall we write the news headline for you?Corey: I have to ask, given that you have just completed this report and are absolutely in a place now where you have a sort of bird's eye view on the industry at just the right time, over the past year, we've seen significant macro changes affect an awful lot of different areas, the hiring markets, the VC funding markets, the stock markets. How has, I guess, the threat space evolved—if at all—during that same timeframe?Anna: I'm guessing the bad guys are paying more than the good guys.Corey: Well, there is part of that and I have to imagine also, crypto miners are less popular since sanity seems to have returned to an awful lot of people's perspective on money.Anna: I don't know if they are because, like, even fractions of cents are still cents once you add up enough of them. So, I don't think [they have stopped 00:26:49] mining.Corey: It remains perfectly economical to mine Bitcoin in the cloud, as long as you use someone else's account to do it.Anna: Exactly. Someone else's money is the best kind of money.Corey: That's the VC motto and then some.Anna: [laugh]. Right? I think it's tough, right? I don't want to be cliche and say, “Look, oh automate more stuff.” I do think that if you're in the security space on the blue team and you are, like, afraid of losing your job—you probably shouldn't be afraid if you do your job at all because there's a huge lack of talent, and that pool is not growing quick enough.Corey: You might be out of work for dozens of minutes.Anna: Yeah, maybe even an hour if you spend that hour, like, not emailing people, asking for work. So yeah, I mean, blah, blah, skill up in cloud, like, automate, et cetera. I think what I said earlier is actually the more important piece, right? We have all these really talented people sitting behind these dashboards, just trying to do the right thing, and we're not giving them good data, right? We're giving them too much data and it's not good quality data.So, whatever team you're on or whatever your business is, like, you will have to try to pare down that list of impossible tasks for all of your cloud-adjacent IT teams to a list of things that are actually going to reduce risk to your business. And I know that's really hard to do because you're asking now, folks who are very technical to communicate with folks who are very non-technical, to figure out how to, like, save the business money and keep the business running, and we've never been good at this, but there's no time like the present to actually get good at it.Corey: Let's see, what is it, the best time to plant a tree was 20 years ago. The second best time is now. Same sort of approach. I think that I'm seeing less of the obnoxious whining that I saw for years about how there's a complete shortage of security professionals out there. It's, “Okay, have you considered taking promising people and training them to do cybersecurity?” “No, that will take six months to get them productive.” Then they sit there for two years with the job rec open. It's hmm. Now, I'm not a professor here, but I also sort of feel like there might be a solution that benefits everyone. At least that rhetoric seems to have tamped down.Anna: I think you're probably right. There's a lot of awesome training out there too. So there's, like, folks giving stuff away for free that's super resources, so I think we are doing a good job of training up security folks. And everybody wants to be in security because it's so cool. But yeah, I think the data problem is this decade's struggle, more so than any other decades.Corey: I really want to thank you for taking the time to speak with me. If people want to learn more, where can they go to get their own copy of the report?Anna: It's been an absolute pleasure, Corey, and thanks, as always for having us. If you would like to check out the report—which you absolutely should—you can find it ungated at www.sysdig.com/2023threatreport.Corey: You had me at ungated. Thank you so much for taking the time today. It's appreciated. Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig. This promoted guest episode has been brought to us by our friends at Sysdig and I'm Cloud Economist Corey Quinn.If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an insulting comment that no doubt will compile into a malicious binary that I can grab off of Docker Hub.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

Behind the Blue
August 3, 2023 - 'Research Made Possible' Guest Podcast

Behind the Blue

Play Episode Listen Later Aug 3, 2023 46:34


LEXINGTON, Ky. (August 3, 2023) – This week's episode of “Behind the Blue” features a guest episode of the “Research Made Possible” podcast. To subscribe to the Research Made Possible podcast on SoundCloud or Apple Podcasts, search “University of Kentucky Research Media.”  This podcast features the University of Kentucky's recently announced eighth Research Priority Area (or RPA) in Materials Science. This RPA was chosen for its close alignment with the largest ever investment in research and development to strengthen American manufacturing, supply chains and national security—the Chips and Science Act of 2022. From medicine and manufacturing to automotive and aerospace applications, materials are vital to the future of Kentucky's economy. UK is working with industrial partners across our region to solve today's problems and train the workforce of the future. Alicia Gregory, director of Research Communications, sat down with four UK leaders to learn more: Eric King, Assistant Vice President for Research for Federal Relations and Institutional Research Priorities Lisa Cassis, Vice President for Research Ian McClure, Associate Vice President for Research, Innovation and Economic Impact John Balk, Professor of Materials Engineering, Stanley and Karen Pigman College of Engineering  "Behind the Blue" is available on iTunes, Google Play, Stitcher and Spotify. Become a subscriber to receive new episodes of “Behind the Blue” each week. UK's latest medical breakthroughs, research, artists and writers will be featured, along with the most important news impacting the university.  For questions or comments about this or any other episode of "Behind the Blue," email BehindTheBlue@uky.edu or tweet your question with #BehindTheBlue. Transcripts for this or other episodes of Behind the Blue can be downloaded from the show's blog page.  To discover what's wildly possible at the University of Kentucky, click here.

Corrosion Chronicles
Benefits and Challenges of Graphite Heat Exchangers

Corrosion Chronicles

Play Episode Listen Later Aug 2, 2023 53:54


In this episode, co-hosts Heather Allain and Marc Cook sit down with Chris Cary, a 33-year industry veteran with 25 years of experience at Dow Chemical, to discuss the pros and cons of graphite. The three chat about how graphite components get connected together to make a heat exchanger, what kind of chemical services graphite is suitable for, what applications can be made out of graphite, how to inspect for degradation in graphite, and any special considerations when selecting and installing his graphite equipment.   Show notes Corrosion Chronicles is hosted by Heather Allain and Marc Cook. Heather Allain is the Executive Director of Materials Technology Institute (MTI). She has been with the organization for 16 years and previously held an Associate Director position facilitating MTI's Project work. Before MTI, she worked as a Materials Engineer at DuPont for 15 years, and has a BS in Materials Engineering from Rice University. Marc Cook has a BS in Chemical Engineering from Purdue University and an MS in Material Engineering from NC State. He has worked for Dow for 26 years and at a contracting company in Cincinnati for 3 years. His current role at Dow is leading the Technical Services Team for Ceramics and Refractory at Dow and providing materials engineering support to Dow's Freeport, Texas site. Disclaimer: Marc Cook is an employee of Dow but is speaking purely in a personal capacity and is not talking about or recommending Dow products.   Today's episode on graphite includes a reference to a spiral graphite heat exchanger, which can be seen here:  Annular groove graphite heat exchangers - GAB Neumann (gab-neumann.com) Other manufacturers and different designs can be seen here: Equipment for Corrosive Applications | SGL Carbon Graphite & SIC Heat Exchangers | Fluoropolymers | CG Thermal MERSEN | Anticorrosion Equipment | Industrial Process Systems None of these manufacturers are endorsed or recommended by MTI, but are shown for informational purposes only.    This episode is produced by Association Briefings.

Corrosion Chronicles
Benefits and Challenges of Carbon Steel

Corrosion Chronicles

Play Episode Listen Later Jul 5, 2023 42:54


In this episode, co-hosts Heather Allain and Marc Cook sit down with Kevin Ganschow, associate director at the Materials Technology Institute, to discuss carbon steel. The three have an engaging conversation wrapped around the difference between carbon steel and iron, the complexities of the material, applications where carbon steel is preferable, common failure modes for carbon steel, why the Charpy Impact Test is significant, and repair considerations.    Show notes Corrosion Chronicles is hosted by Heather Allain and Marc Cook. Heather Allain is the Executive Director of Materials Technology Institute (MTI). She has been with the organization for 16 years and previously held an Associate Director position facilitating MTI's Project work. Before MTI, she worked as a Materials Engineer at DuPont for 15 years, and has a BS in Materials Engineering from Rice University. Marc Cook has a BS in Chemical Engineering from Purdue University and an MS in Material Engineering from NC State. He has worked for Dow for 26 years and at a contracting company in Cincinnati for 3 years. His current role at Dow is leading the Technical Services Team for Ceramics and Refractory at Dow and providing materials engineering support to Dow's Freeport, Texas site. Disclaimer: Marc Cook is an employee of Dow but is speaking purely in a personal capacity and is not talking about or recommending Dow products. Infographic reference in this episode: All the Metals We Mined in One Visualization (visualcapitalist.com)   This episode is produced by Association Briefings.

Get IT Started. Get IT Done.
Episode 23 - Anna Belak formerly of Gartner and currently with Sysdig

Get IT Started. Get IT Done.

Play Episode Listen Later Jul 5, 2023 35:04


Hello and welcome to Get It Started Get It Done, the Banyan Security podcast covering the security industry and beyond. In this episode, our host and Banyan's Chief Security Officer Den Jones speaks with Anna Belak, a former Gartner analyst and cloud, container, and Kubernetes buff. We hope you enjoy Den's discussion with Anna Belak. About Anna Belak, Director, Office of Cybersecurity StrategyAnna has nearly ten years of experience researching and advising organizations on cloud adoption with a focus on security best practices. As a Gartner Analyst, Anna spent six years helping more than 500 enterprises with vulnerability management, security monitoring, and DevSecOps initiatives. Anna's research and talks have been used to transform organizations' IT strategies and her research agenda helped to shape markets. Anna is the Director of Thought Leadership at Sysdig, using her deep understanding of the security industry to help IT professionals succeed in their cloud-native journey.Anna holds a PhD in Materials Engineering from the University of Michigan, where she developed computational methods to study solar cells and rechargeable batteries.

Corrosion Chronicles
Benefits and Challenges of Glass-Lined Equipment

Corrosion Chronicles

Play Episode Listen Later Jun 1, 2023 37:22


In our inaugural episode, co-hosts Heather Allain and Marc Cook sit down with Lisa Desai, director of technology sales at Pfaudler, to discuss glass-lined equipment. The three have an engaging conversation wrapped around the firing process, the art of spraying glass, benefits and value of using glass as a construction material, and discussions about gaskets, flanges and clamps. Show notes Corrosion Chronicles is hosted by Heather Allain and Marc Cook. Heather Allain is the Executive Director of Materials Technology Institute (MTI). She has been with the organization for 16 years and previously held an Associate Director position facilitating MTI's Project work. Before MTI, she worked as a Materials Engineer at DuPont for 15 years, and has a BS in Materials Engineering from Rice University. Marc Cook has a BS in Chemical Engineering from Purdue University and an MS in Material Engineering from NC State. He has worked for Dow for 26 years and at a contracting company in Cincinnati for 3 years. His current role at Dow is leading the Technical Services Team for Ceramics and Refractory at Dow and providing materials engineering support to Dow's Freeport, Texas site. Disclaimer: Marc Cook is an employee of Dow but is speaking purely in a personal capacity and is not talking about or recommending Dow products. Note:  The glass lining thickness measurement is indicated as "mils" in the podcast.  A mil is equivalent to a thousandth of an inch, not a mm.  For example glass thickness range of 40-90 mils is ~1-2.3 mm. Related videos: Cryo-Lock® impeller installation: https://www.youtube.com/watch?v=r3F0gFzbqiQ Glass-lined process: https://www.youtube.com/watch?v=wpyPsUxLgqI (To see the glowing red reactor mentioned within the episode, check out the 8:14 mark.) Additional resources: For an in-depth look at the repair and damage assessment for glass-lined equipment, order MTI's comprehensive manual, "Operation, Maintenance and Repair of Glass-Lined Equipment:" https://marketplace.mimeo.com/mtiglobal/product/4f25e24a630a4ef79ec63d4088272516#name=17   This episode is produced by Association Briefings.

Metal Conversations
13 Product Reliability and Materials Degradation

Metal Conversations

Play Episode Listen Later May 31, 2023 8:06


In this episode I discuss product reliability. Reliability refers to the ability of a product to perform as needed for a period of time. This episode is a complement to an article (Designing for Reliability) and short video presentation (Product Reliability and Materials Engineering) available on the Industrial Metallurgists website at https://www.imetllc.com/designing-for-reliability/ --------------------------- Michael Pfeifer, Ph.D., PE is a metallurgist and metals engineer. He works with design and manufacturing clients to help with Component materials selection Manufacturing process development Supplier evaluation Failure analysis and root cause analysis He received a B.S. and M.S. in Metallurgical Engineering from University of Illinois and a Ph.D. in Materials Science and Engineering  from  Northwestern University. He is a Professional Engineer, licensed in Illinois. He's wrote a book - Materials Enabled  Designs. It teaches how to select materials that optimize product  performance, reliability, and  cost. For more information about Michael go to https://www.imetllc.com/about/ Industrial Metallurgists offer metallurgy and metals engineering consulting and training. The training is geared to design, manufacturing, and quality engineers. More information about Industrial Metallurgists' services and training is at https://www.imetllc.com/

Metal Conversations
12 Six-sigma and materials engineering

Metal Conversations

Play Episode Listen Later May 17, 2023 10:41


In this episode I discuss 6-sigma, statistical process control, and the role of materials engineering in developing capable manufacturing processes. Materials are used to fabricate components and join components together. And, we want manufacturing processes capable of producing components and assemblies without defects or problems, and whose materials have the desired properties. So, developing and maintaining a six-sigma manufacturing process depends heavily on materials engineering. To learn more about this subject check out https://www.imetllc.com/6-sigma-and-materials-engineering/ --------------------------- Michael Pfeifer, Ph.D., PE is a metallurgist and metals engineer. He works with design and manufacturing clients to help with Component materials selection Manufacturing process development Supplier evaluation Failure analysis and root cause analysis He received a B.S. and M.S. in Metallurgical Engineering from University of Illinois and a Ph.D. in Materials Science and Engineering  from  Northwestern University. He is a Professional Engineer, licensed in Illinois. He's wrote a book - Materials Enabled  Designs. It teaches how to select materials that optimize product  performance, reliability, and  cost. For more information about Michael go to https://www.imetllc.com/about/ Industrial Metallurgists offer metallurgy and metals engineering consulting and training. The training is geared to design, manufacturing, and quality engineers. More information about Industrial Metallurgists' services and training is at https://www.imetllc.com/

Critical Mass Radio Show
Critical Mass Business Talk Show: Ric Franzi Interviews Bill Colone, Chairman & CEO of Single Pass (Episode 1427)

Critical Mass Radio Show

Play Episode Listen Later May 5, 2023 23:11


Bill Colone is the CEO and Chairman of Single Pass, a new Orange County-based start-up company developing a unique electrocautery device for use during deep tissue biopsy procedures. Bill formerly served as the CEO at Spinal Singularity, a seed-stage medical device development company in San Clemente, CA. Under Mr. Colone, the company raised over $6.6 million in dilutive funding and over $5.1 million in non-dilutive funding for product development, clinical studies, and regulatory approvals. Prior to Spinal Singularity, he served as the VP of R&D for Direct Flow Medical until its sudden closure in November of 2017. He has over three decades of medical device development experience, including ten years as President of Endomed, until its sale in February 2005. Mr. Colone has vast knowledge of ePTFE and endovascular prostheses and is recognized for his contributions to endoluminal technology and vascular surgery. Prior to Direct Flow Medical, he served as Director of Research and Development, and later Director of Aortic Procedure Development, for Endologix. Mr.Colone directed the development of the Nellix Endovascular Aneurysm Sealing System through design completion, CE trial completion, CE Mark approval, and OUS commercial launch. He also contributed to the procedure development and training for the US IDE investigation centers leading to the fastest enrolled IDE trial for an EVAR device. Mr. Colone holds 13 US patents for medical devices with others pending. He also served as Director of Operations for IMPRA, Inc. (now Bard Peripheral Vascular) prior to founding Endomed. Mr. Colone holds a bachelor's degree in Chemical Engineering from Arizona State University where he is a member of the ASU Advisory Committee for Chemical and Materials Engineering. Mr. Colone also served as an Associate Faculty Member at ASU from 2004 through 2007 and was a Founding Member and Board Member of the Arizona Technology Investor Forum. -- Critical Mass Business Talk Show is Orange County, CA's longest-running business talk show, focused on offering value and insight to middle-market business leaders in the OC and beyond. Hosted by Ric Franzi, business partner at Renaissance Executive Forums Orange County. Learn more about Ric at www.ricfranzi.com. Catch up on past Critical Mass Business Talk Show interviews... YouTube: https://lnkd.in/gHKT2gmF LinkedIn: https://lnkd.in/g2PzRhjQ Podbean: https://lnkd.in/eWpNVRi Apple Podcasts: https://lnkd.in/gRd_863w Spotify: https://lnkd.in/gruexU6m #orangecountyca #mastermind #ceopeergroups #peergroups #peerlearning

This Week in Tech with Jeanne Destro
This Week in Tech with Jeanne Destro-2-3-23: Buildings, Bridges, and Bees (Oh My!)

This Week in Tech with Jeanne Destro

Play Episode Listen Later Feb 3, 2023


This week, how high tech concepts like 4-D imaging, are combining with ancient engineering technology from bees, and leading the way toward better, stronger, and safer structures from buildings to bridges. To find out how, listen to our conversation with Purdue University Professor of Materials Engineering, Dr. Nikhilesh Chawla, who is also the acting head of their Engineering Department.

This Week in Tech with Jeanne Destro
This Week in Tech with Jeanne Destro-2-3-23: Buildings, Bridges, and Bees (Oh My!)

This Week in Tech with Jeanne Destro

Play Episode Listen Later Feb 3, 2023


This week, how high tech concepts like 4-D imaging, are combining with ancient engineering technology from bees, and leading the way toward better, stronger, and safer structures from buildings to bridges. To find out how, listen to our conversation with Purdue University Professor of Materials Engineering, Dr. Nikhilesh Chawla, who is also the acting head of their Engineering Department.

MOPs & MOEs
Tech Talk with Josh Hagen: Everything You Need to Know About Wearables

MOPs & MOEs

Play Episode Listen Later Jan 8, 2023 82:44


When leaders across the Department of Defense have questions about biosensing, wearable devices, or human performance data, Josh Hagen is frequently at the top of the list of experts they reach out to. He has his Bachelors in Chemical Engineering, Masters in Materials Engineering, and PhD in Materials Engineering all from the University of Cincinnati. Josh executed his graduate research in bioelectronics at the Materials and Manufacturing Directorate at Air Force Research Labs, and shortly after joined the 711th Human Performance Wing where he began his current research thrust in Human Performance Monitoring and Augmentation. His work there focused on measuring physiology utilizing wearable sensors and blood biomarkers, developing novel analytics for correlating and modeling data, and beginning to understand how to take that data to optimize performance in elite military and athletics populations. In 2018, Josh became the Director of the Human Performance Innovation Center at the Rockefeller Neuroscience Institute at West Virginia University, as well as Assistant Professor in the Department of Neuroscience. His latest role is Director of the Human Performance Collaborative where he leads a multi disciplinary team focused on human performance optimization.

Titans Of Nuclear | Interviewing World Experts on Nuclear Energy
Ep 375: Heather Hoff - Co-Founder, Mothers for Nuclear

Titans Of Nuclear | Interviewing World Experts on Nuclear Energy

Play Episode Listen Later Jan 2, 2023 67:26


1) Heather's background in Materials Engineering and her path to nuclear 2) A deep dive into misconceptions about nuclear power plants and how Heather overcame her initial skepticism 3) Heather's advocacy and the story of Mothers for Nuclear 4) The saving of Diablo Canyon and predictions for what the future could hold

Global Greek Influence
Bonus: The first 2023 episode- Το πρώτο επεισόδιο για το 2023

Global Greek Influence

Play Episode Listen Later Jan 1, 2023 39:46


This is our first new year's episode and the first one in Greek! We keep our usual technology and around-technology format. My first guest is Dr Dimitris Kontziampasis, whom you first met in January 2020 at the episode “A Greek, young academic living and working abroad”. Our episodes in English will resume next Sunday, but more episodes in Greek will be introduced. We now meet Dimitris, three years later, going through two academic positions, now in his third one as an Assistant Professor in Materials Engineering at the University of Dundee (Scotland, U.K.), which collaborates with the Central South University (Changsha, Hunan, China) where Dimitris was at the time of our conversation. We discussed some key aspects of his research in the science and technology for the development of artificial organs, transitioning from a PhD holder to an academic, also the current structures in and status of higher education internationally (in the U.K, Greece and China) and research, as well as the Great and Silent resignations. Finally, some personal questions at the end of our discussion. Happy listenings, and remember to subscribe, like, and comment on Spotify, Apple podcasts, Anchor FM and wherever you listen to the Global Greek Influence podcast. Happy New Year and happy new beginnings! Αυτό είναι το πρώτο μας πρωτοχρονιάτικο επεισόδιο και το πρώτο στα ελληνικά! Διατηρούμε τη συνηθισμένη δομή μας εστιασμένη στη τεχνολογία και γύρω από την τεχνολογία. Ο πρώτος μου καλεσμένος είναι ο Δρ Δημήτρης Κοντζιάμπασης, τον οποίο γνωρίσατε για πρώτη φορά τον Ιανουάριο του 2020 στο επεισόδιο “A Greek, young academic living and working abroad”. Τα επεισόδια μας, στα αγγλικά, θα ξαναρχίσουν την επόμενη Κυριακή, αλλά θα παρουσιαστούν και άλλα επεισόδια στα ελληνικά. Συναντούμε τώρα τον Δημήτρη, τρία χρόνια αργότερα, έχοντας περάσει από δύο ακαδημαϊκές θέσεις, τώρα στην τρίτη του ως Επίκουρος Καθηγητής Μηχανικής Υλικών στο Πανεπιστήμιο του Dundee (Σκωτία, Ηνωμένο Βασίλειο), το οποίο συνεργάζεται με το Central South University (Changsha, Hunan, Κίνα) όπου βρισκόταν ο Δημήτρης κατα τη συνομιλίας μας. Συζητήσαμε μερικές βασικές πτυχές της έρευνάς του στην επιστήμη και στην τεχνολογία για την ανάπτυξη τεχνητών οργάνων, τις ακαδημαϊκές του μεταβάσεις, επίσης, συγκρίσεις στις τρέχουσες δομές, το καθεστώς της τριτοβάθμιας εκπαίδευσης διεθνώς (στο Ηνωμένο Βασίλειο, στην Ελλάδα και στην Κίνα) και της έρευνας, όπως για τα Great και Silent resignations. Και μερικές προσωπικές ερωτήσεις στο τέλος της συζήτησής μας. Καλές ακροάσεις και μην ξεχάσετε να εγγραφείτε, να κάνετε like και να σχολιάσετε στα Spotify, Apple podcasts, Anchor FM και από οπουδήποτε ακούτε το podcast, Global Greek Influence. Καλή χρονιά και καλά νέα ξεκινήματα! Music: "Fortitude" by Humans Win Source: Storyblocks --- Send in a voice message: https://anchor.fm/panagiota-pimenidou/message

Grad Chat - Queen's School of Graduate Studies
Ali Sheikh (Mechanical & Materials Engineering) -Acoustics and the Aviation Industry

Grad Chat - Queen's School of Graduate Studies

Play Episode Listen Later Dec 23, 2022 36:09


Ali Sheikh (Mechanical & Materials Engineering) -Acoustics and the Aviation Industry. Synopsis of Research: A novel acoustic panel that allows for sub-wavelength attenuation of specific, tunable frequencies at ultra-thin depths. 

Metal Conversations
02 How materials engineering fits in

Metal Conversations

Play Episode Listen Later Jul 7, 2022 8:44


I discuss my education, my experience working in a semiconductor factory and as part of a product design group, and the many different product design and manufacturing activities I was involved in as a metals engineer. Michael Pfeifer is a metallurgist and metals engineer. He works with design and manufacturing clients to help with Component materials selection Manufacturing process development Supplier evaluation Failure analysis and root cause analysis He received a B.S. and M.S. in Metallurgical Engineering from University of Illinois and a Ph.D. in Materials Science and Engineering from Northwestern University. He is a Professional Engineer, licensed in Illinois. He's wrote a book - Materials Enabled Designs. It teaches how to select materials that optimize product performance, reliability, and cost. For more information about Michael go to https://www.imetllc.com/about/ Industrial Metallurgists offer metallurgy and metals engineering consulting and training. The training is geared to design, manufacturing, and quality engineers. More information about Industrial Metallurgists' services and training is at https://www.imetllc.com/

Rossin Connection
The “Magic” of Materials Engineering

Rossin Connection

Play Episode Listen Later Jul 5, 2022 12:42


Chances are, you've never given much (if any!) thought to the films that coat things like your phone charger. But without them–and without their exact dimensions of thickness and hardness–the technology we rely on every day would be useless. In this episode, associate professor Nick Strandwitz explains what he calls the “magic” of atomic layer deposition, a thin film growth technique that, among many other things, helps our computers and smartphones do what they do–and do it fast. He also talks about what makes the discipline of materials science particularly satisfying.

It's a Material World | Materials Science Podcast
61: From Volcanic Ash to Lunar Dust: Materials Engineering at NASA (ft. Dr. Valerie Wiesner)

It's a Material World | Materials Science Podcast

Play Episode Listen Later May 30, 2022 53:46 Very Popular


Composite materials are comprised of at least two parts: the reinforcement, which provides special mechanical properties such as stiffness or strength, and the matrix material, which holds everything together. Ceramic matrix composites (CMCs) are a special type of composite material in which both the reinforcement (refractory fibers) and matrix material are ceramics. In some cases, the same kind of ceramic is used for both parts of the structure, and additional secondary fibers may also be included.   Check out our MSE Company Database and free professional development guide for materials scientists and engineers!   In today's episode, Dr. Valerie Wiesner, a Research Materials Engineer at NASA, shares her research about high temperature ceramics with the goal of making space travel more routine, as well as her experiences working in both aeronautics and space research within NASA.   In this conversation, we discuss:  

Tech Refactored
S2E40 - Roadside Barriers, Test Crashes, and Enhancing Safety with Cody Stolle

Tech Refactored

Play Episode Listen Later May 12, 2022 34:43


How do cities and states decide what roads have rails or barriers? Who designs those? What roadside factors lead to crashes? The researchers who are asking these questions are technologists, engineers, and quite literally life savers. Cody Stolle is a research professor in the Department of Mechanical & Materials Engineering at the University of Nebraska. He is also a researcher with the Midwest Roadside Safety Facility, part of the Mid-America Transportation Center. He studies, among other things, vehicle impacts, crashworthiness, and occupant safety.Learn more about the grant the Nebraska Governance and Technology Center gave to Cody's team to support a project on automated vehicles.

Smart Energy Voices
Mohawk's Decarbonization Journey, with Scott Bargerstock Ep #63

Smart Energy Voices

Play Episode Listen Later Apr 22, 2022 22:55


In this episode of Smart Energy Voices, host John Failla introduces Scott Bargerstock of Mohawk Industries, the opening keynote speaker from Smart Energy Decisions' recent Innovation Summit. As Director of Manufacturing, Productivity, and Global Energy, Scott shares his insights on how he is building the green bridge with Mohawk Industries' efforts to decarbonize and save money without a formal net-zero goal. You will want to hear this episode if you are interested in... Building the green bridge [01:55] Scott's work at Mohawk [03:35] Managing ESG expectations [05:03] Making the best of high natural gas prices [08:16] Surprising benefits of infrared [10:26] Innovation is what moved the industry [18:08] Mohawk's energy challenges  Mohawk Industries is a large manufacturer, and therefore a large consumer of energy. The challenge the company has is that thermal dominates over electric. Mohawk is the world's largest ceramic tile manufacturer, and making tile without natural gas is nearly impossible. The company is looking into alternative options, with the thermal side being the greater challenge. Since Scott has been with Mohawk, the company has put five megawatts of combined heat and power at a plant in Tennessee, and one of its Italian plants is putting in a 10 megawatt third-party supply system. In Italy, the company has created about 10 million square feet of industrial LED retrofits. Additionally, the company's carpet side uses a large amount of steam in its boiler controls and is figuring out how to do that more efficiently. Finding support for improvements Fortunately, the power and natural gas events that have occurred since July of last year have helped Mohawk become a more mature company relative to energy consumption. While there's no way to get away from ESG expectations,many of Mohawk's products don't have customers who expect sustainable solutions. The company has to start by figuring out how to make and manage sustainability commitments for a modest number of products and expand that across the whole company portfolio. The increase in the cost of gas has caused many consumers and companies to become hyper-focused on finding ways to reduce costs. Mohawk is trying to take this opportunity to support the available efficiency options. A lot of the challenge is at the plant level and trying to make more product with less energy. Mohawk uses a metric showing how much energy is used to make a unit of measure of a product to see trends in production. The amount of energy used has reduced for the first time below where it was in 2019. Innovation is about the little changes Innovation is what the energy industry does every day to become a little better, faster, and a bit more profitable. Leaders need to keep their eyes open for ideas that can be adapted to different situations. Being an innovator takes a lot of courage. Sometimes it means taking a different approach than the rest of the team, and sometimes that's the right path. There's no reason to wait to be great. All that's left is to evolve the plan, maintain the course, and reevaluate the plan from time to time. Involving the whole team is strongly encouraged. Getting everyone on board ahead of time diminishes internal resistance, helps with additional ideas, and provides additional backup and impetus when making a tough decision. Involving and motivating each other is something that can inspire anyone to innovate. Focusing on a series of minor changes will result in success. Resources & People Mentioned Environmental, Social & Governance | Mohawk Industries, Inc. Connect with Scott Bargerstock On LinkedIn With a widely diverse industrial manufacturing background as a senior engineer or manager, followed by almost 20 years in facility/maintenance management roles with several firms, Scott has served as managing lead engineer for new technology and capital projects in addition to successfully implementing his certified lean practitioner training at multiple firms. Industries include naval shipyard work, heavy fabrication, machining, heat treating, foundry, melting, printing, and publishing also spent several years at a nuclear power plant site followed by the direction of a profit center for two companies supplying nationwide technical services serving the nuclear power industry. This experience preceded almost twenty years of maintenance and facility management experience. Scott earned his BS in Materials Engineering from Rensselaer Polytechnic Institute, holding a PE for Metallurgical Engineering within the state of Tennessee. Connect With Smart Energy Decisions https://smartenergydecisions.com Follow them on Facebook Follow them on Twitter Follow them on LinkedIn Subscribe to Smart Energy Voices If you're interested in participating in the next Smart Energy Decision Event, visit smartenergydecisions.com or email our Event Operations Director, Lisa Carroll at lisa@smartenergydecisions.com Audio Production and Show notes by PODCAST FAST TRACK https://www.podcastfasttrack.com

Composites Weekly
Discussing FEA of Composite Parts with Materials Engineering Expert Pierre-Yves Lavertu

Composites Weekly

Play Episode Listen Later Mar 24, 2022


This week, I welcome Pierre-Yves Lavertu of Hexagon's Manufacturing Intelligence Division on the podcast to discuss how engineers can investigate and predict the behavior of a large mix of composite materials, and how to minimize weight, cost, and time-to-market for composite industrial parts. We’ll also be discussing how to improve the prediction of structural FEA... The post Discussing FEA of Composite Parts with Materials Engineering Expert Pierre-Yves Lavertu appeared first on Composites Weekly.

Ordinarily Extraordinary - Conversations with women in STEM
Dr. Mary Kinsella - Women Engineering Career Strategist, PhD Industrial & Systems Engineering

Ordinarily Extraordinary - Conversations with women in STEM

Play Episode Listen Later Mar 10, 2022 49:24


Dr. Mary Kinsella, founder and CEO of Her Engineering Career, is a career strategist who works with women engineers to help them navigate their careers to confidently command greater influence and impact. Prior to founding Her Engineering Career, Mary spent 31 years at the Air Force Research Laboratory in engineering and scientific research roles. She has a PhD in Industrial and Systems Engineering and a Master's Degree in Materials Engineering.Episode NotesMary is passionate about helping women strategically navigate their engineering careers. She does this through developing technical competence, credibility and expertise; Finding and maintaining a career trajectory; Expanding leadership skills; Targeting promotion; Increasing confidence and risk tolerance; Mastering self-promotion and networking; and developing a big picture mindset.She also hosts the podcast "Her Engineering Career" which provides insights and skillset tips for women engineers. She wants to help women stay in and be successful their engineering careers.Music used in the podcast: Higher Up, Silverman Sound StudioAcronyms, Definitions, and Fact CheckMary's website: www.herengineeringcareer.com"Her Engineering Career Podcast": https://podcasts.apple.com/us/podcast/her-engineering-career-podcast/id1573628370"The Confidence Code";, by Katty Kay and Claire Shipman.Additive Manufacturing also known as additive layer manufacturing is the industrial production name for 3D printing, a computer controlled process that creates three dimensional objects by depositing materials, usually in layers. (wikipedia)In May 2016 a new 'office building' was opened in Dubai. The 250-square-metre space (2,700 square foot) is what Dubai's Museum of the Future project is calling the world's first 3D-printed office building. In 2017 an ambitious project to build a 3D printed skyscraper in the United Arab Emirates was announced. (wikipedia)In 2018, biomedical engineers from the University of Utah developed a method for 3D printing ligaments and tendons. The method involves first taking stem cells from the patient and printing them on a layer of hydrogel to form a tendon or ligament. This is allowed to grow in vitro in a culture before being implanted. (https://interestingengineering.com/doctors-can-finally-3d-print-human-tissue-ligaments-and-tendons)

Radio Cade
Cleaning Water with the Help of Cacti

Radio Cade

Play Episode Listen Later Mar 9, 2022


Dr. Norma A. Alcantar discusses the mechanisms in cacti ecosystems and the personal inspiration behind her research: “There were many other things that I learned from my mother and my grandmother, very valuable. And so, I think transferring knowledge from one generation, of our parents and our grandparents to our children…I think that’s very valuable. We should not lose that ever.” Dr. Norma A. Alcantar is a Professor of Chemical, Biomedical & Materials Engineering at the University of South Florida. She is internationally known for her breakthroughs using plant-based technology to decontaminate water. Her research and applications are crucial to future global sustainability and advances in biomedical applications for Alzheimer’s and cancer. In this episode, Alcantar reflects on her recent induction into the Florida Inventors Hall of Fame and shares her research on biomaterial from cactus plants with host Richard Miles.

Radio Cade
Cleaning Water with the Help of Cacti

Radio Cade

Play Episode Listen Later Mar 9, 2022 24:55


Dr. Norma A. Alcantar discusses the mechanisms in cacti ecosystems and the personal inspiration behind her research: "There were many other things that I learned from my mother and my grandmother, very valuable. And so, I think transferring knowledge from one generation, of our parents and our grandparents to our children...I think that's very valuable. We should not lose that ever." Dr. Norma A. Alcantar is a Professor of Chemical, Biomedical & Materials Engineering at the University of South Florida. She is internationally known for her breakthroughs using plant-based technology to decontaminate water. Her research and applications are crucial to future global sustainability and advances in biomedical applications for Alzheimer’s and cancer. In this episode, Alcantar reflects on her recent induction into the Florida Inventors Hall of Fame and shares her research on biomaterial from cactus plants with host Richard Miles.

Reformation Fellowship
Servant Leadership with Joel Morris

Reformation Fellowship

Play Episode Listen Later Dec 23, 2021 32:14


In this episode of the Reformation Fellowship Podcast, Justin Schell concludes his time with Dr. Joel Morris. This time they chat about leadership, and how one can lead in such a way that they and those around them can spiritually flourish. Joel is Union's Executive Director, overseeing the strategic and operational direction of the organisation. He is a leader and trustee of Grace Community Church, Porthcawl. He has been a missionary working in 28 countries with Operation Mobilisation before a doctorate and career in Materials Engineering which took him from Aerospace to the Nuclear sector. Joel is married to Hye Lim and they have three childrenIf you would like to connect with us and learn more about the Reformation Fellowship, please visit our website at reffellowship.orgMusic Copyright 2021 K. Jason French All Rights Reserved www.crossworksmusic.comMusic Copyright New Beginnings by Scott Holmes Music

Reformation Fellowship
Generosity with Joel Morris

Reformation Fellowship

Play Episode Listen Later Dec 16, 2021 35:42


On this episode of the Reformation Fellowship Podcast, Justin Schell talks with Dr. Joel Morris about the generosity of God and how that influences our pursuit of generosity in the Christian life. Joel is Union's Executive Director, overseeing the strategic and operational direction of the organisation. He is a leader and trustee of Grace Community Church, Porthcawl. He has been a missionary working in 28 countries with Operation Mobilisation before a doctorate and career in Materials Engineering which took him from Aerospace to the Nuclear sector. Joel is married to Hye Lim and they have three childrenIf you would like to connect with us and learn more about the Reformation Fellowship, please visit our website at reffellowship.orgMusic Copyright 2021 K. Jason French All Rights Reserved www.crossworksmusic.comMusic Copyright New Beginnings by Scott Holmes Music