POPULARITY
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Comparing Honeypot Passwords with HIBP Most passwords used against our honeypots are also found in the Have I been pwn3d list. However, the few percent that are not found tend to be variations of known passwords, extending them to find likely mutations. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Comparing%20Honeypot%20Passwords%20with%20HIBP/32310 Breaking Server SGX via DRAM Inspection By observing read and write operations to memory, it is possible to derive keys stored in SGX and break the security of systems relying on SGX. https://wiretap.fail/files/wiretap.pdf OneLogin OIDC Vulnerability A vulnerability in OneLogin can be used to read secret application keys https://www.clutch.security/blog/onelogin-many-secrets-clutch-uncovers-vulnerability-exposing-client-credentials OpenSSL Patch OpenSSL patched three vulnerabilities. One could lead to remote code execution, but the feature is used infrequently, and the exploit is difficult, according to OpenSSL
Our guest in this episode is Jon Gelsey. Jon was the first CEO of Auth0, a leading identity-as-a-service platform, which grew from 5 to 300 employees during his four years at the helm. Auth0 was acquired by Okta in February 2021 for $6.5B. After Auth0, Jon served as CEO of Xnor, a computer vision and machine learning spinoff of the Allen Institute. The company was acquired by Apple for ~$200M in January 2020. When Auth0 first started in 2013, there were already several authentication vendors in the market. Okta, ForgeRock, and OneLogin had all built considerable scale by the time Auth0 launched its product. Not only did Jon and the team build a successful company in a very crowded space, but they also did it their way. While all of Auth0's competitors were running a top-down GTM motion, Jon made a critical decision to adopt a bottom-up, product-led growth (PLG) strategy. Instead of relying on traditional marketing tactics for demand generation, Auth0 built an extensive content rollout plan to help drive inbound interest in the product. To date, Auth0 is the only PLG company in cybersecurity to achieve a multi-billion dollar exit. On Inside the Network, Jon talks about building go-to-market strategies, identifying the right buyer personas, and establishing success metrics for customer acquisition. In addition to his experience as a serial entrepreneur, Jon worked on the M&A and strategy team at Microsoft from 2007 to 2014 where he led several acquisitions for the company. Jon shares the tips and tricks founders need to know to plan, negotiate, and successfully close acquisitions with potential buyers.
Backend-related incidents have been a recurring theme in outages across 2023, caused by everything from data center issues and hardware mishaps to failures at common (shared) services. Recently, we saw two examples of these backend issues when data center power problems led to outages at both Cloudflare and Workday. Tune in to hear more about what happened at Cloudflare and Workday, as well as our analysis of disruptions at OneLogin and GitLab. For more insights, check out these links: - The Internet Report: Pulse Update Blog: https://www.thousandeyes.com/blog/internet-report-pulse-update-workday-cloudflare-outages?utm_source=soundcloud&utm_medium=referral&utm_campaign=na_fy24q2_internetreportpulse23_podcast - Interested in more outage analysis? Check out our Internet Outages Timeline, which covers several notable Internet outages and application issues from the past year, along with the lessons they leave: https://www.thousandeyes.com/resources/internet-outages-timeline?utm_source=soundcloud&utm_medium=referral&utm_campaign=na_fy24q2_internetreportpulse23_podcast *Episode first aired on November 14, 2023.
Backend-related incidents have been a recurring theme in outages across 2023, caused by everything from data center issues and hardware mishaps to failures at common (shared) services.Recently, we saw two examples of these backend issues when data center power problems led to outages at both Cloudflare and Workday.Tune in to hear more about what happened at Cloudflare and Workday, as well as our analysis of disruptions at OneLogin and GitLab.———CHAPTERS00:00 Intro01:00 OneLogin Disruption05:22 GitLab.com Availability Issues09:14 Workday and Cloudflare Outages31:16 Get in Touch———For more insights, check out these links:- The Internet Report: Pulse Update Blog: https://www.thousandeyes.com/blog/internet-report-pulse-update-workday-cloudflare-outages?utm_source=transistor&utm_medium=referral&utm_campaign=na_fy24q2_internetreportpulse23_podcast- Interested in more outage analysis? Check out our Internet Outages Timeline, which covers several notable Internet outages and application issues from the past year, along with the lessons they leave: https://www.thousandeyes.com/resources/internet-outages-timeline?utm_source=transistor&utm_medium=referral&utm_campaign=na_fy24q2_internetreportpulse23_podcast———Want to get in touch?If you have questions, feedback, or guests you would like to see featured on the show, send us a note at InternetReport@thousandeyes.com. Or follow us on X: @thousandeyes
The Twenty Minute VC: Venture Capital | Startup Funding | The Pitch
David Meyer is the SVP Products at Databricks where he drives product strategy and execution. He previously ran Engineering and Product Management at OneLogin, where he grew the company to thousands of customers and market leadership. Before OneLogin, he cofounded UniversityNow, an accredited open university system, running Product and Engineering. Prior to that, David managed a $1 billion portfolio of business intelligence products at SAP and co-led cloud strategy. His first software journey was at Plumtree which went public before being acquired by BEA in 2005. In Today's Episode with David Meyer We Discuss: Entry into Product: How did David make his way into the world of product? Why did he not want to go into it? Why does David advise everyone "do not go into product management"? What does David know now that he wishes he had known when he entered product? 2. How to be a Great Product Leader: Why does David think most leaders suck at leading? Why is the most important thing to make your team feel seen? What can leaders do to ensure this? Why does David help his team members to find other roles outside of the company? 3. Building the Best Product Team: How does David hire for product today? What questions does he ask? What signals does he look for? What are David's biggest hiring mistakes? How did they change his approach? What are the biggest mistakes founders make when hiring for product? Why should you hire people who are not in product today? 4. David Meyer: The Art or Science of Product: Is product more art or science? If David were to put a number on it, what would it be? Is simple always better when it comes to product? Will AI remove the importance and focus on UI? Why are the most impressive companies business model innovations not product innovations?
This week's guest is Thomas Pedersen Thomas founded OneLogin, which pioneered identity & access management as-a-service. His new company, Bunny, simplifies and automates how b2b SaaS companies manage their recurring revenue, including billing, payments, quoting, analytics, customer self-service and tenant provisioning --- Support this podcast: https://podcasters.spotify.com/pod/show/uncharted1/support
In this episode, Darnley explains about the most recent breach from LastPass. Are password managers reliable anymore? Should you continue to use them even with all these breaches that has happened over the few years?
This week, Matt Mosley and Kash Izadseta cover the Uber hack! A teenager gets the keys to the Uber kingdom and has breached many systems including, DUO, OneLogin, Gsuite, AWS and more! Links mentioned in this episode: https://www.theverge.com/2022/9/16/23356959/uber-hack-social-engineering-threats http://tevoratalks.com Instagram, Twitter, Facebook: @TevoraTalks
Mai Ton oversees the development and execution of Fabric's people strategy. She has over 20 years of leadership experience in tech startups and has helped various companies through IPOs and M&A transactions. She has built the entire people function at every company she has worked and has won over 14 awards for her previous companies. She formerly led the People teams at White Ops, HelloSign, Onelogin and Trulia. Instead of helping one company at a time as an internal HR leader, Mai Ton formed her own consulting business, EMP HR Consulting, where she contributes her knowledge to help many companies simultaneously. Mai's services provide companies a clear people strategy with core structures like performance management, compensation frameworks, remote strategies and benefits programs which increase employee engagement and retention. She was named to the list of the Top 50 Most Powerful Women in Technology in 2019. Mai is a Board member of LEAP.org a non-profit organization that helps Asian Americans break the bamboo ceiling. She is an advisor to some of the newest HR technology software companies and shares her knowledge with others by speaking at various HR conferences. She received a BA in Sociology from the University of Texas, Austin. She wrote a book called: Come into My Office: Stories from an HR Leader in Silicon Valley You can find her on Twitter and Instagram. The songs picked by all our guests can be found via our playlist #walktalklisten here. Please let me/us know via our email innovationhub@cwsglobal.org what you think about this series. We would love to hear from you. Please like/follow our Walk Talk Listen podcast and follow @mauricebloem on twitter and instagram. Or check us out on our website 100mile.org (and find out more about our app (android and iPhone) that enables you to walk and do good at the same time! We also encourage you to check out the special WTL series Enough for All about an organization called CWS.
Steph is excited to be headed on a retreat with her mom in the mountains, but before that, she details how she helped troubleshoot a production issue with her team and appreciated their process. She's also looking into tooling around spinning up more machines to process more RSpec tests. Chris had a developer start their new job at Sagewell and highlights how they involved the new person in rectifying potentially missing and/or confusing existing documentation. He also has a gripe, and that is accounts. Handling too many accounts. Additionally, he talks about triaging an error and how it was tough initially to understand if something was actually broken. And then it was even harder to understand what was broken. So he paired through it and used the power of putting two heads together. This episode is brought to you by ScoutAPM (https://scoutapm.com/bikeshed). Give Scout a try for free today and Scout will donate $5 to the open source project of your choice when you deploy. Become a Sponsor (https://thoughtbot.com/sponsorship) of The Bike Shed! Transcript: CHRIS: Hello and welcome to another episode of The Bike Shed, a weekly podcast from your friends at thoughtbot about developing great software. I'm Chris Toomey. STEPH: And I'm Steph Viccari. CHRIS: And together, we're here to share a bit of what we've learned along the way. So, Steph, what's new in your world? STEPH: Hey, Chris, I am going on vacation next week, and I am so excited about that. It's going to be pretty much a week long. It's like a Tuesday through Friday ordeal. And it's a trip that I'm taking with my mom. So over the past year, she's gotten super serious about her health and nutrition and done a phenomenal job of being very focused on a plant-based diet, which is basically healthy vegan food is what that comes down to. So there is a retreat that's taking place in the North Carolina Mountains that she's really excited about. I'm going to go with her. We're going to do lots of cooking, and hiking, and hanging out in the mountains, and it's going to be lovely. CHRIS: Well, that does sound lovely. STEPH: Yeah, it seems like a really perfect time to disconnect just because you're headed into the mountains. So all you should take with you are books and things that are not iPhones, and tablets, and computers, and screens. So I'm looking forward to that, just to be away from screens for the week. On some more technical news, this past week, I helped troubleshoot a production issue, which was a bit novel for me because the work that Joël and I are doing with our current project it's all in the testing realm. And so it was probably around 10:00 o'clock at night my time, and I got a ping on Slack. And it looked like I was getting called in for a production issue. And I was like, I have touched zero production code. [laughs] So I'm very intrigued how I could have broken production at this point. And so I looked into it, and it turned out that it wasn't necessarily related to a commit that I had authored, but it was for a commit that I had reviewed and then approved. And so their strategy is they create a new channel. They'd gotten a ticket that an error was occurring. And then the site reliability team created a new Slack channel, and then they pinged everybody who either authored, reviewed, and approved that change to be like, hey, we think the issue is related to this commit. Our plan is we'd like to roll it back. But before we do, we just want to check in with folks who have more knowledge to help us confirm that, yes, this error message seems related. And I really liked that approach. I really like the idea that it's not just the person who merged the commit that then gets pinged on it, but it's like everybody else who happened to look at this and review it come help us too. So we spent some time looking into it, confirmed that yes, indeed, it was related to that particular commit. And then their team did the wonderful thing of then rolling it back. So then, it was no longer an escalated issue. And so then I asked, "What else can I do to help?" And they said, "Well, from here, it's no longer a production issue. So tomorrow, just follow up with the author and let them know and issue a fix for the bug, and then merge it like normal." So we're back in that normal pull-request flow, very calm. And overall, I just appreciated their process. I like very much how they pulled more people in because I think some of the other people that were involved weren't online, which makes sense because it was really late. So that way, you just spread in case some other people really aren't available that then hopefully you'll get lucky and one of those three or four people are available to help you troubleshoot. CHRIS: That does sound like a really nice and thoughtful and intentional bug response, communication, procedure, rollback, et cetera. All of that sounds like it worked very well and is nice to have. And it's the sort of thing that a larger organization ideally gets to, having these sorts of processes. Spoiler alert, later in the episode, I will talk about the other side of it of being a very young organization and trying to be like, wait, is this a bug? Is this not a bug? Should we roll back? What do we do? That's actually my topic de jour. But what you're describing sounds like the calm even in the case that there is a fire sort of like, yep, we've got procedures. We have workflows. We have communication channels and ways that even the exceptional things can be handled in an ideally as calm as possible way. So that's awesome that that's what you got to experience there. STEPH: Yeah, getting called in at 10:00 o'clock is never fun for anybody. But when it happens, because it's going to happen, then I appreciate the thoughtfulness and that process that they put behind it. So it all went fairly smoothly. And it was also one of those fun things where I haven't met...like this is a very big organization, so I hadn't met any of those people. So when I got pinged on it, and then I hopped in, I was like, hi, I don't know anything about this process and what y'all are doing, but I am here. I'm here to help. Where can I look? What can I do? So it was also a fun endeavor in that regard to just be like, I don't know what I'm doing, but I am here to help. Please let me know how I can help. And it ended up working pretty well. So yeah, that's been a fun adventure for this week. How about you? What's new in your world? CHRIS: What is new in my world? Well, we had a developer start this week, which has been really wonderful. Unfortunately, we had scheduled their first day to be Monday, which was Presidents' Day, and that's a holiday. So we got out in front of that one and figured it out. We're like, no, no, actually, feel free to start on Tuesday. We'll not be around on Monday, so you shouldn't be around on Monday. But then, on Tuesday, they started. And we intentionally structured things such that we have a contractor that has been working with us for like seven or eight months now. So it's been a long time and been very formative as well the work with that contractor. So this is their last week, and thus, we very purposefully brought the new person on the team and that contractor together to maximize the amount of pairing and overlap that we have there just to try and as intentionally as possible grab whatever is in their head, get another point of view. Because this new individual on the team will be able to work with myself and the other full-time developer on the team a bunch moving forward, so we want to maximize their overlap with the person who is on their way out. But otherwise, it's been great. We're a young organization, so the version of onboarding it's me running around setting up a lot of accounts, forgetting to set up other ones, getting pings in Slack, and then following up and setting up another account. Eventually, I hope that there are checklists and formalizations and, ideally, one-click SSO magic that makes all of that work. But for now, I'm happy to chase it down. But really, we're just leveraging pairing as much as possible as the onboarding tool to make sure that where we don't have formalization, procedures, documentation, et cetera, as thoroughly built out as I would love to be at, we can shore that up with some time with other humans. STEPH: That's awesome. It's always fun having someone new to join to highlight all the things you need to automate or at least have a checklist for to then help them onboard. But that's really exciting that you've got a new teammate. CHRIS: Yeah, definitely very exciting. And they've been great. They've hit the ground running and a couple of pull requests already and just contributing very effectively within their first couple of days. So that's always wonderful to see. We are definitely taking this moment to document what is undocumented or update the README where it needs to be and start to make that checklist. We have another person who will be starting in about two weeks' time. And so, ideally, that will be even a little bit more fleshed out of a process. So slowly, incrementally get a little bit better with each we add that we get there. STEPH: How much do you involve the new person in creating that documentation? Is that something that you ask them to help build, or is it something you take ownership of? What's that balance? CHRIS: It's interesting. So definitely some I want to be with that person because I think it can often be the easy first PR is an update to the README for like, oh, I tried to set up the app, and it did not work. For this reason, I have now updated the README, and now there's a pull request. And we get to experience that flow via the very low-stakes change of updating the README. So that's a definite one that I like to have. The other is I'll typically ask for the individual to capture as much as possible. There's a very delicate line in my mind between empowering them and being like, yes, absolutely. We're young. We don't have everything documented. So feel free to make changes where that makes sense to you. But at the same time, I know that joining a new team can be complicated, can be intimidating in certain ways. You're not sure what's okay to change? What's not okay to change? That sort of thing. So I simultaneously don't want to put the pressure on someone to be like, "Yeah, no, change anything you want. Literally, nothing is stable here. Nothing's glued to the ground. So feel free to pick up anything and throw it out the window." That feels too far in my mind. So I don't have an actual answer like, I'm ideally calibrated at this point. But it's sort of those two tensions that I'm holding in mind as I think about that. STEPH: Well, I really like your answer. I like that balance because I think it's really nice to include the person in those changes and also just because they're going through it. So they happen to have that insight, and it's fresh. But I agree, when you're joining a job, you want some stability and confidence that the people that you are joining that team with are also working hard to make it a very positive onboarding experience. And if you just were to push all of that responsibility on to them to be like, "Yeah, we know. We don't have this organized yet. So you tell us everything that we need to do," that would feel unkind to that new person. I think as a new person that I wouldn't fully enjoy that. I don't mind some of it, but I wouldn't want all of it. I'd have nervousness around ownership, around improving processes, and who that belongs with. CHRIS: Sort of a classic case of it depends, or it's a little from Column A, a little from Column B, but definitely some, just hopefully not too much. STEPH: The Goldilocks of onboarding, some onboarding responsibilities, but not all of them, just the right amount. [laughs] CHRIS: Shifting gears slightly, though, I just want to gripe for a minute. I'm just going to gripe. This is not my normal mode, but I'm going to lean into it. STEPH: Do it. CHRIS: Accounts, just accounts. I have so many accounts now. There are so many across different systems, and I'm trying to do the good thing, which is let's stop using personal accounts for anything and only use organizational accounts for the things that are for work. And some organizations do a great job with this. GitHub, I'm looking at you; really well done, super happy with the way that you folks have implemented accounts. You get that I am one human being that contains multitudes. I am my personal self; I am my work self. I am maybe even another version of work, and you get that. And you usually let me exist as all of those versions of myself and, man, do I appreciate that. Heroku, you're okay. Like, it's all right. You treat the different facets of me as different accounts, but that's okay. You make it relatively easy to switch between. Although you do make me two-factor auth and re-login every single day, and I don't love that. So I don't know what's going on there, but fine. Trello, aka Atlassian, I guess at this point, come on, what are we doing? What's going on here? So originally, I had started, and I had the one Trello account, and I had my personal boards. And then there was the Sagewell organizational account. And within that, there were some boards, and I would just bounce back and forth. But I realized, no, I need to do the right thing. So I created a new Trello account. And now Atlassian just forces me to switch between them, and it loses the link that I'm going to often. It's a different login interstitial screen. And it constantly shows me that like, hey, you don't have access to this. Do you want to switch accounts? And I say yes. And then they take me to a screen where I can pick between two options, the one that I was that didn't have the ability to do it and another. And as a developer, I know that the thing I'm about to say is not fair. But come on, folks, you could know the answer to this question. There are two, and one is the wrong answer, so the other one is probably the right answer. You don't need to autolog me into that; I get it. Just emphasize it because they almost look identical on the list. I have now accidentally tried to request access with my secondary account to my other account, and I can't get out of that state. So now, one of the ways that I try and do this it shows me a list of them to pick. The other it says, "You have requested access. We're waiting to hear back." And I'm like, no. So anyway, that's a thing. STEPH: So I know people can't see me. [laughs] So I'll narrate that I'm dying over here because I very much appreciate that we are positive people. We are very focused on bringing positive energy, but the descent into the amount of shade that you're throwing at different applications [laughter] just really made my day, and I feel that pain. I have felt that pain with Atlassian and can relate. And we should have some gripe sessions. This feels healthy. This feels very...okay, well, I don't know for you. I'm the one that's laughing and getting joy out of this. I don't know if it's helpful for you, but it feels very cathartic to me. [laughs] CHRIS: It is definitely somewhat cathartic. I think there's utility in having these sorts of conversations. And throwing shade at Atlassian, whatever, they're doing fine, so I'm not super worried about it. But generally, we try and keep things positive because I think that's, frankly, a more effective way to communicate. But occasionally, it is useful to look at the things where I'm like; that is a pattern that I do not want to repeat. And I'm sure that there are complex organizational enterprise-y reasons that it has to be this way. But I can look at that and say never that. That experience as a user is like, wow, yeah, I just tripped over nine layers of your enterprise there just trying to do very simple day-to-day things for myself. So I want to avoid that. I've griped about that one login, not the company OneLogin. But that one login page that I've experienced where I start to interact with the form, and suddenly some JWT handshake in the background happens, and I'm now logged in. And it just rips the page out from underneath me. That is unacceptable. That is not okay. And I really do think there's something worth occasionally looking at those and being like, well, not that. But anyway, I should probably stop my gripe session now. STEPH: [laughs] Well, if I may join in, I have one that I'd like to share. Since we're on this -- CHRIS: Throw it on the pile. What else we got? [laughs] STEPH: [laughs] So there was some code. There was a piece of code that I was looking at that was very not friendly. It was difficult to understand. It took a while to parse through what are they actually doing? What records are they creating? Why did they choose this manner? Why are we iterating over these particular numbers? What's the outcome here? And I was pairing with Joël and was going back and forth having a conversation trying to be the detectives of why this code exists, and we finally got there. And we finally understood what it's doing and why. And I just lost it for a minute once we finally got there. [laughs] I just thought the way this code is written, it does not improve readability, and it doesn't improve performance. All it did was make my life harder because it was very difficult to read. So all they did was become really clever with the code that they were writing and essentially drying it up, which I have such a beef with DRY because it has caused me pain. And so they essentially were drying up their code or introducing a way to make it just take up fewer lines that took up less vertical space. But overall, I was very grumpy about it. And Joël was very kind about it and was like, "Well, this is the type of code I could see maybe why they did this." But you're right; it doesn't help with readability and performance. And he was helping balance out my grumpy goose moment. I've been having a lot this week; maybe it's just the week I'm in. I'm in more of a fiery mode this week [laughs] with some of the code that I'm seeing, and that was one of them. That was the please, please, please don't DRY up your code. If it doesn't improve readability or performance, there's just no need. There is no benefit. CHRIS: Well, I definitely know that feeling. And I think I've probably, as a developer, gone through that arc where early on I was just trying to make stuff work, and then I learned how to be clever. And suddenly, being clever became a game that I could play. And then, pretty early on, I realized I would come back to my own code from two weeks ago and be like, what the heck does this do? I have no idea. And that's when I was drawn to Ruby. That was one of the things. I'm like, oh, I can write code that looks so much like the clear words that I have in my head about the thing. I like that. And so much of my career has been spent in the let's make it obvious and revisitable. I actually remember very clearly early on in my time at thoughtbot, I was working on something and was working on it with Joe Ferris, who is the CTO of thoughtbot and a very clever individual, and I mean that in the truly positive sense of the term, one of the most capable engineers I've ever worked with. He was describing an anecdote, but it was basically he'd put up a pull request. And someone replied, "Oh, that's clever." And Joe's reaction was, "Oh, crap." Just taking that as not an insult but as someone saying, oh, that's clever in a positive way, and Joe hearing that in the negative form of I went too far here, or this is not obvious in its initial interpretation. That really stuck in my head from there, just his reaction to it immediately of that being not a good thing. And I was like, that is interesting. And all the more so over time, I've come to believe that clever is probably something to avoid in code. STEPH: Yeah, agreed. I'm at the point that if I do see someone who's done something that I do think is clever in a positive way, I will still abstain from using that word clever because I do want to make sure they don't think that I'm saying in a bad way that this is clever, that it's not readable, and it's not friendly. So I totally avoid that word when I'm complimenting someone's code just to make sure there's no confusion. CHRIS: It's one of those words that got away from us that we lost the definition of, and then we came back, yeah. Mid-roll Ad Hi, friends, and now a quick break to hear from today's sponsor, Scout APM. Scout APM is an application performance monitoring tool that's designed to help developers find and fix performance issues quickly. With an intuitive user interface, Scout will tie bottlenecks to source code, so you can quickly pinpoint and resolve performance abnormalities like N+1 queries, slow database queries, and memory bloat. Scout also recently implemented external service monitoring, adding even more granularity when it comes to HTTP requests and API calls. So give Scout a try today with a free 14-day trial and experience first-hand why developers worldwide call Scout their best friend. And as an added bonus for Bike Shed listeners, Scout will donate $5 to the open-source project of your choice when you deploy. To learn more, visit scoutapm.com/bikeshed. That's scoutapm.com/bikeshed. CHRIS: Let's see. In other news, you had mentioned this earlier, and then I had mentioned my side of it but errors in alerting and all of those sorts of things. They're an interesting question. We had a small situation over the weekend that turned out to be kind of real, kind of not real. But I happened to be away on vacation. I did have my computer with me because, at this point, we're early enough. And I'm like, I'm going to take my computer everywhere and just be ready in case it's necessary. And in this case, I did get a ping. I looked into it and what was unfortunate is it wasn't immediately obvious if something was broken or not. And to a certain degree, that's always going to be kind of true. There's so much noise, so many requests hitting a web application. And how do you tell the good ones from the bad ones? And ideally, I could threshold around certain volumes of traffic, but even that's going to have spikes, and ebbs and flows and things like that. So it was very hard initially to understand is something actually broken? And then all the more so to understand what was broken. Thankfully, it was tractable. It was solvable. And we've done, I think, some good work especially considering how early on we are and how we've instrumented things in Sentry, in particular, our usage of Sentry and also somewhat in the logs. But again, I think I've talked about this before, but I'm feeling this tension around there's data. There's data just kind of like, what happened? And right now, we've got logs. That's one of the places that goes to Sentry if it gets escalated up to that level. And we sort of have a weird Venn diagram between logs and Sentry. And then we also have analytics as another thing and then eventually data science, and what do we want to try and learn? And all of these kinds of want different facets of it's not the same data set. But I wonder, is there a superset of data that then we could filter and slice and cut up, do all those sorts of things? I think this is the dream of Honeycomb and platforms like that, but I'm not even certain if that's true. And so I'm in that awkward middle space is how I would describe it. But in that particular case, I was able to resolve it. I did take away as an action it's probably time to start thinking about PagerDuty anomaly detection, that sort of thing. When does alerting happen? When do engineers actually get calls when not just during the normal nine-to-five of the workday? So I'll be investigating that in the coming weeks and see where we get to. But it's sort of the first thing that really pushed us in that direction. The other thing I'll say is we have the idea of the point dev, which I've talked about on a couple of episodes. But the idea is for each week, one individual on the engineering team is in charge of the noise, for lack of a better term. They're looking at the error stream in Sentry. They're looking at any ad hoc requests that are coming from our admin team, et cetera, et cetera. And that's been really great. But one thing that I've noticed is that dealing with the errors is particularly tricky and what we did in this particular case was just to pair on that. As an individual, it is really hard to sometimes to reproduce, sometimes to just understand these are the things you didn't expect in your code, and therefore they are, by definition, harder to understand, harder to think about. And then sometimes you get to an understanding. You're like, ah, what do we do about that? Do we care? Do we not care? Is this just noise? Is this something we should solve? Is it something we should solve soon? Or is this something we can solve whenever we get to it in the backlog? And making that sort of determination is all the harder. And so I'm increasingly of the mind that there should be some amount of time that is pairing on that error backlog to bring two heads together. I hadn't been thinking of it this way, but I've now come around to thinking this is a really great place for pairing because it's so hard for one individual to deal with that complexity to make the hard value judgments. And to do that, if each individual does that in a vacuum, then we have n different value systems at play that are hopefully very similar. But if we start to pair up, then there's osmosis between those groupings. And ideally, we sort of coalesce towards a shared value structure around, like, what can we ignore? What should we snooze for a week? What should we put in the backlog? What should we prioritize and fix immediately? Because I think those are really hard things to otherwise...that's really hard to document, I would say. I would love to write up a page in the Wiki that says, "This is how you treat errors," except each error is a unique snowflake, and you just have to follow your values. STEPH: I have been on teams where we've written up documentation that helps you triage an error because you're right; you can't write documentation around a specific error. But that I always found really helpful where it was like, here's all the links that you can look at, here are some recommendations. When we were working on an application that was falling over more often, there were some specific outlines around if you see this problem, then this is typically how you can solve it. And then we had to fix that at a larger scale, but it was a nice band-aid to get us through at that point. I like the idea of pairing, especially as you mentioned; it's tricky. It's funny when you mentioned capturing those errors and putting them into the backlog because I like that idea that then you can prioritize and bring those into the sprint. It just made me feel a bit hesitant. If we don't work on it now, we're never going to work on it. But then that feels unfair to say because it really comes down to the team. If you have a team that's going to be able to look at those errors and say, "Yes, we're going to bring them in and prioritize them," then that feels really good to then be able to say, "This is an error. Let's capture it. Let's provide some content around it. But it doesn't need to be addressed at this moment. It's still pretty low in terms of risk for users or at least low in impact for users." So yeah, I guess it just depends as long as the team feels good about being able to prioritize errors, which I feel confident that your team would be able to do. And if you can't, then y'all could reassess that plan. CHRIS: That's why we definitely have that. We're revisiting the errors. They're part of the same backlog as everything else. So they're coming up in relative priority and getting worked on and getting resolved. But we're also shifting our thinking just a little bit to say, "We should take a little bit more time in the moment to try and resolve some of these where we can." I have the dream of there are just zero bugs ever. But that's hard, especially in different platforms. And we're seeing a lot of mobile traffic and from different older Android versions and so weird JavaScript edge cases and things like that. Like, why does your runtime not have object? That feels like a thing every JavaScript runtime should have. But that's a joke. Every JavaScript runtime, I'm pretty sure, does have object but that sort of thing. It's like, whoa, this is weird and specific to this one device. Cool, those are fun. So yeah, giving a little bit more time to do those. And again, so we definitely do have the document that describes here are the places to look and how to think about this category of error and this category of error. But at the end of the day, you get one that's just like, there's not a ton of detail in the error. It's hard to reproduce. It might be device-specific, et cetera. And so what do you do in that moment? And that's where we're trying to...I think pairing is a great way to share that thinking around the team. So overall, it's been great, though. I think everyone who has been involved has been like, "This was better than when I did it on my own," so cool. STEPH: Awesome. That sounds great. CHRIS: Yeah, I think so. This is one of those ever-evolving facets of how we work as a team and how we build the platform. So I will certainly report more in future episodes, but for now, happy with that. And yeah, what else is up in your world? STEPH: Yeah. So we've been looking specifically into tooling around how we're going to spin up more machines to process more RSpec tests. So specifically, we have around 80,000 RSpec tests that we are processing, and we have one machine that is parallelizing those and takes around just for that portion of the build because then there are other tests and things that get run that brings it up to about a total of 30 minutes. But for the RSpec portion, I think it's probably around 20-ish minutes to process those 80,000 tests. So we split that across four different containers, and then we run those tests. And so we'd really like to spin up more machines to then process because we've reached the point that we have given as much power to that one machine as possible. So now we're looking to add more machines. And one of those solutions that we're looking at is using Buildkite, which is built with the idea that you can add these build steps so then you can more easily say, "All right, once we get to this particular build step, hey Buildkite, we'd like to run n number of machines to process all these tests." And that seems really nice. And it is something that we are interested in. It is actually what Shopify uses. They use Buildkite ci-queue, which is built for mini-tests, which is what they use, and Redis to then run all of their tests. But we are using TeamCity, so we're not using Buildkite. And we would like to see if we can grow with our current CI infrastructure versus having to move to a new one. There's a lot of just risk involved in moving to a new one. And so we've been studying hard if TeamCity will let us do this. And so far, the answer has been no. But just recently, we found somewhere in the docs that it looks like there is a chance that with TeamCity, we can inform TeamCity that, hey, even though we have just this one build step, instead of only giving us one agent or one provisioned machine to then run these tests, instead that we actually want to spin up a couple of machines to then process these and then aggregate the results back to this one step. So we're looking into that. But I wanted to throw this out there in case anybody else is also using TeamCity and has already invested in this particular approach. I would love to hear about it because we are currently figuring out the capabilities and if this is something that we can stay with our current infrastructure or if we're really going to have to look for a new solution. CHRIS: Well, I'm hopeful that someone out there can give you some input. I definitely get the idea that you're stuck, and stuck is maybe too strong of a word. But if TeamCity is not ideal, the idea of moving off it does feel exceedingly heavy and the riskiness that you talked about. That's, I think, a critical word here because I think it's easy to think of CI as like it's a very important thing. But that's absolutely critical as part of your deploy pipeline, I assume. This is speaking generically about CI, and so it is, in fact, a critical piece of the infrastructure. If you've got a bug on production and suddenly CI is down, what do you do? I guess you can test locally and decide you're going to push past it, but then you have to circumvent it. And so I understand the intentional way that you're thinking about that and the risk associated. I do wonder, though, if TeamCity has felt like not the right platform for a while and if there are considerations. Is there the possibility of both trying to improve the world that you have now, so it's not the big move off of it but then also in parallel start to work on an alternative implementation? This is perhaps not entirely fair, but it feels like a Rails application is this repository of code. And typically, CI is configured via a file. And that's like, if you've got your teamcity.yaml or whatever it happens to be, could there also be a buildkite.yaml that is not on the critical path for deploying or anything like that? But it is a way to, frankly, somewhat inefficiently test on two different platforms but start to see if you can get the code moving on a different platform and be able to gradually build out and make that transition possible without it being one big swap over sort of thing, which eventually it would need to be. But just wondering, is that happening in parallel? Is that a possibility? STEPH: I think the short answer is, I'm sure there is. There's a way to look at the existing system and then find ways that we can tweak it. But I also know that the team has already invested a lot into working with the current system and making it as efficient as possible. So I don't know if there's any true big impact but intermediary steps that we can take. We are definitely in that proof of concept world. So we're not going to move anything over for the rest of the team until we can really prove that something is working for a small subset and then start to expand from there. But currently, our idea is to dig further in TeamCity, which I think also includes just a call to their team and say, "Hey, we'd love to talk to one of your engineers and see if the thing that we're trying to do if it's possible. Let us know if it's not and if we need to look elsewhere," which is intriguing to me because having a lot of tests isn't new. There are tons of companies that have lots of tests, and they want their CI test suite to be fast. So a company that then has built software that helps Team execute these steps that then the ability to say, "Hey, I want more machines to process. I want to give you more money and to give us more machines, and we can process more things." I feel like that should be a thing. And I'm getting at the edges of my knowledge. This is why we're exploring all of this. But it has been surprising to me to realize that that doesn't seem as easy of a thing as I would have expected it to be. There are also some other concerns around here where the client that we're working with if we're going to work with third-party vendors, then we have to get special approval to work with them. It's not just a hey, we can just go try it out. It's a lengthy contract process that we'd have to go through. So there are also some constraints that we have to keep in mind where we can't just work with anyone. We need to be careful to make sure that they're certified in a particular way. So yes, I like your idea. I will definitely keep it in mind. But I don't know if there are any true intermediary steps yet other than the building out a proof of concept and then finding small ways that we could move over. Then I think that would be ideal for sure. And then hopefully, if there's anybody that's listening that has experience with TeamCity or Buildkite, that's the other tool that we're looking at using, let me know. I would love to chat about it and find out your experience. On that note, shall we wrap up? CHRIS: Let's wrap up. The show notes for this episode can be found at bikeshed.fm. STEPH: This show is produced and edited by Mandy Moore. CHRIS: If you enjoyed listening, one really easy way to support the show is to leave us a quick rating or even a review on iTunes, as it really helps other folks find the show. STEPH: If you have any feedback for this or any of our other episodes, you can reach us at @_bikeshed or reach me on Twitter @SViccari. CHRIS: And I'm @christoomey. STEPH: Or you can reach us at hosts@bikeshed.fm via email. CHRIS: Thanks so much for listening to The Bike Shed, and we'll see you next week. ALL: Byeeeeeeee!!!! ANNOUNCER: This podcast was brought to you by thoughtbot. thoughtbot is your expert design and development partner. Let's make your product and team a success.
It's time for another flashback! In this episode, we're talking to one of our clients about how telling their story can help their business by driving more sales. Do you want to tell your story? Connect with us: https://www.corporatefilming.com/ https://franchisefilming.com/ https://www.linkedin.com/company/corporatefilming/ https://www.instagram.com/corporatefilmingusa/ https://www.facebook.com/CorporateFilmingUSA/ https://twitter.com/corpfilmingusa
Shared security, also known as shared responsibility, is a cloud security management model that describes the distribution of enterprise data security management and accountability between a company and its cloud service provider(s). The framework essentially enables improved productivity and unparalleled agility, so why isn't every organization adopting it? In this episode, introduced by Neira Jones, Dr. Eric Cole, Founder and CEO of Secure Anchor Consulting,, explores adopting shared security as best practice. Dr. Eric speaks with Chris Martin, IAM Presales Solution Architect for EMEA at Thales. The podcast delves into the main areas of organizational risk concerning cloud migration and vendor native decisions before shedding light on the limitations of a single service provider. The guests then discuss the shared security model - its benefits and the implementation process. Final thoughts centre on what organizations need to understand about control over all users and effectively build a best practice shared security strategy You can also learn more about this topic in our new whitepaper, Owning Your Own Access Security. Dr Eric Cole Dr. Eric Cole is an industry-recognized expert with over 20 years of hands-on experience, founder and an executive leader at Secure Anchor Consulting where he provides leading-edge cybersecurity consulting services, expert witness work, and R&D initiatives to advance our field. Dr. Cole has experience in information technology with a focus on helping customers focus on the right areas of security by building out a dynamic defense. Dr. Cole has a master's degree in computer science from NYIT and a doctorate from Pace University with a concentration in information security. He served as CTO of McAfee and Chief Scientist for Lockheed Martin. Dr. Cole is the author of several books, including Advanced Persistent Threat, Hackers Beware, Hiding in Plain Sight, Network Security Bible 2nd Edition, and Insider Threat. You can connect with Dr Cole on LinkedIn. Chris Martin Chris Martin is the lead EMEA Pre-Sales Solution Architect at Thales. With over 20 years expertise in the IAM space, Chris' extensive background includes Enterprise SSO, PAM, IDaaS and Identity Governance that enables him to bring a holistic approach to enterprise IAM. Within Thales, Chris works alongside our customers to help them define, develop and execute their IAM strategies, either aligning Thales solutions to an existing IAM architecture or building from the ground up. Prior to joining Thales, Chris honed his IAM skills with Sentillion, Centrify, OneLogin, Omada and MicroFocus. You can connect with Chris on LinkedIn.
Today's guest is Niamh Vianney Muldoon. Niamh is an experienced self-starter with extensive Information Security risk management experience. She is currently the Global Data Protection Officer at OneLogin, who the leader in Unified Access Management, Enabling Organizations to Access the World. They make it simpler and safer for organizations to access the apps and data they need anytime, everywhere. In the show, Niamh will tell you about: How she got into Cybersecurity The exciting roles she has enjoyed over the years The importance of mentoring Success stories of moving into the world of IT Data Governance The exciting work at OneLogin Niamh Muldoonhttps://www.linkedin.com/in/niamh-vianney-muldoon-b2174853/ The Data Standardhttps://datastandard.io/https://www.linkedin.com/company/the-data-standard/ https://www.youtube.com/channel/UCTuolowXD05RY9DkIWqRT6Q
What happens when a crisis (let's say, a global pandemic) forces an organization to completely rethink its values and workplace ethic?Today on First Person Plural, we dive into all things Empathy with two leaders who have experienced that shift firsthand. Dan Goleman interviews Brad Brooks, CEO of OneLogin, and Courtney Harrison, OneLogin's Head of HR, on how their company supported employees through turbulent times, and why Emotional Intelligence (EI), with a particular emphasis on Empathy, became their greatest tool.Support the show (https://www.patreon.com/firstpersonplural)
Today's guest is Niamh Vianney Muldoon. Niamh is an experienced self-starter with extensive Information Security risk management experience. She is currently the Global Data Protection Officer at OneLogin, who the leader in Unified Access Management, Enabling Organizations to Access the World. They make it simpler and safer for organizations to access the apps and data they need anytime, everywhere.In the show, Niamh will tell you about:How she got into CybersecurityThe exciting roles she has enjoyed over the yearsThe importance of mentoringSuccess stories of moving into the world of ITData GovernanceThe exciting work at OneLoginNiamh Muldoonhttps://www.linkedin.com/in/niamh-vianney-muldoon-b2174853/ The Data Standardhttps://datastandard.io/https://www.linkedin.com/company/the-data-standard/
Today we're joined by Samantha Cowan. Sam is currently the Head of Compliance at HackerOne. She's the former Director of Compliance at OneLogin and former Security Engineer at CoverHound, Cyber Policy, and Zenefits. Sam initially perceived Infosec as an "unhappy job", but later found herself taking her MBA and paving her way into the security industry. Despite having her master's degree, she was not an exemption to facing rejections when applying for cybersecurity. Her episode is mind-blowing as she shares how you can break into boundaries by being confident in yourself and by not compromising to being seen as a token hire. LINKS Linkedin: https://www.linkedin.com/in/samanthacowan/Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5Security and Privacy Framework: iapp.org See omnystudio.com/listener for privacy information.
Vanessa Pegueros, Chief Trust and Security Officer at OneLogin shares: - How the privacy and security landscape has changed in the last 12 months - Why trust has become an advantage for OneLogin customers - How security teams engage in the field of privacy https://www.datagrail.io/privacy-podcast/
On this episode of Cloud Counsel, we are joined by Brad Brooks, CEO & President at OneLogin. During this discussion we'll cover three core questions that continue to come up throughout the pandemic: Will my business survive? How is the customer experience changing? And how do I engage my employees?
In this pod, we host Candace Worley. Candace is the chief global product officer at Ping Identity, a leader in Identity Security. She has over 25 years of strategy and product experience with some of the biggest names in the tech industry like AWS and McAfee.Listen to this one for insights on great PMs are built not born, shepherding your career from an Individual Contributor to leading multi-million dollar business and the importance of having #growthmindset in reinventing yourself. This is our last episode of 2020 and to a happier and healthier 2021.
------------------- *Episode Timeline:* ------------------- 1:07 What’s top of mind for Dayna today? 2:59 Has Dayna had to adapt her leadership style through this? 3:58 Significant changes that Dayna had to make 4:37 How Dayna manages Zoom fatigue right now 8:13 How Dayna’s leadership style has changed 14:33 Dayna’s favorite campaigns 18:43 Things that don’t go as Dayna envisioned but she learned something to be able to be better next time 24:18 What does Dayna do to keep her mind calm and be able to be clear and be effective 25:34 Mentors or peers who have influenced Dayna ------------------- Connect with Dayna: ------------------- LinkedIn ( https://www.linkedin.com/in/daynalrothman/ ) Twitter ( https://twitter.com/dayroth )
Dan Chan Master Magician is an internationally renowned, award-winning magician whose magic has taken him all over the world. Based in the San Francisco Bay Area, Dan is regarded as one of the nation's top corporate magicians and performs at events for thought leaders and influencers worldwide. Dan Chan Presents is the ultimate entertainment experience, featuring world-class sleight of hand, playful pick-pocketing, and thoughtful sleight of mind. Dan Chan masters more than most, promises more than expected and delivers more than hoped. Chan's been called "the perfect entertainment solution for savvy corporate audiences" and for good reason. Over the past decade, Dan Chan Presents grew into one of Bay Area's most recognizable entertainment brand, epitomizing the best in corporate entertainment. In addition to reinvented classics, Dan has new technological marvels up his sleeves. Find out why Buzzfeed named Dan Chan Master Magician Silicon Valley's Favorite Magician. He has created several new routines integrating smartphones and iPads into unique, one of a kind performances that are photo worthy moments your guest will capture and share on Facebook, Snapchat, Twitter, and Instagram. Dan's signature cultural Bian Lian performance is a legend among tech billionaires and Silicon Valley elite. Dan Chan Master Magician has been called to entertain at many of the world's most influential events because of his promise to deliver “sophisticated magic for intelligent audiences”. With 20 years of full-time performance experience under his belt, find out for yourself why 49ers, Adsemble, Airbnb, Apple, Bank of America, Baidu, BitTorrent, Buzzfeed, BMC, Breathometer, Charles Schwab, Chevron, Cloudflare, CISCO, Deloitte, DOCOMO Innovations, EA, Ebay, Exabeam, Facebook, Falconstor, Golden State Warriors, Google, HP, IBM, Intel, Kaiser Permanente, Kleiner Perkins, KRON4, KTSF, Marriott, Merrill Lynch, Novartis, OneLogin, Open AI, Oracle, Paramount Pictures, PayPal, Pfizer, Pitney Bowes, Quora, Radio Disney, Red Hat, Ritz Carlton, Roche, Sequoia Capital, SF Giants, Shutterfly, Sony Play Station, Specialized Bicycle, Thumbtack, Twitter, USCG, USMC, VISA, Viv, Wells Fargo, Wild Aid, Yahoo, Zuckerberg San Francisco General Hospital, billionaires around the world, and countless other corporations have chosen Dan for their most important events. His achievements, however, have never deterred him from the ultimate goal as an entertainer— making unforgettable moments for his guests!
Content encompasses more than just pretty videos and social posts-- it can be technical copy, sell-sheets, product manuals and more. Now more than ever, how we understand and consume content is undergoing significant changes-- it's relevant to much more than top funnel and we need to make sure there's consistency across all channels. Dayna Rothman is CMO at OneLogin, and a seasoned content marketer by trade. She knows that the role of a content marketer is not just to create content, it's to think of the impact and role of that content and how it aligns to different stages of the buyer journey. Key takeaways from this episode: Don't discount your passion and your drive. It's a key motivating factor on why people would hire you, even if you don't necessarily have the right experience.Content marketing is definitely not the most direct route to becoming a CMO but content marketing skills are so unique and valuable. Focus on understanding demand generation and how your content drives results and you can be on the C-suite path if that is your goal.We're no longer creating content that is top funnel. The desire to consume content has increased exponentially and buyers want to engage with custom content throughout the decision making process.Check out this and other episodes of The Marketer's Journey on Apple Podcasts, Spotify, Stitcher, and Google Play!
Today's guest is Vanessa Pegueros, Chief Trust and Security Officer at OneLogin. With 18 years of experience in Cybersecurity, Vanessa is a Business leader specializing in information security, compliance, strategy development and execution. Her technical skills include wireless, mobile, security architecture and security engineering across the Telcoms, Banking, SaaS & Hospitality sectors. In the show, Vanessa will discuss: How she got into Cybersecurity, Transitioning into a Leadership role, Challenges facing the role of the CISO and Cybersecurity teams, Why a Cybersecurity function is vital to your organization, How to influence management to invest in Cybersecurity, & Hiring Cybersecurity talent in Large companies vs SMEs
Arjen, Jean-Manuel, and Guy once again take a close look at the new releases from the past month. And while they try to compare everything to EFS for Lambda, this month includes the introduction of a new award: The Nano The News Finally in Sydney Announcing the newest AWS Heroes – August 2020 | AWS News Blog Amazon EC2 M6g, C6g and R6g instances powered by AWS Graviton2 processors are now available in Asia Pacific (Mumbai, Singapore, Sydney) regions Amazon EC2 Inf1 instances based on AWS Inferentia now available in US East (Ohio), Europe (Frankfurt, Ireland) and Asia Pacific (Sydney, Tokyo) Regions Serverless Lambda AWS Lambda now provides IAM condition keys for VPC settings AWS Lambda now supports Go on Amazon Linux 2 AWS Lambda now supports Java 8 (Corretto) AWS Lambda now supports custom runtimes on Amazon Linux 2 AWS Lambda now supports Amazon Managed Streaming for Apache Kafka as an event source AWS AppSync releases Direct Lambda Resolvers for GraphQL APIs API Gateway Amazon API Gateway HTTP APIs now supports wildcard custom domain names API Gateway HTTP APIs adds integration with five AWS services Amazon API Gateway now supports enhanced observability via access logs Step Functions AWS Step Functions adds support for Amazon SageMaker Processing AWS Step Functions adds support for string manipulation, new comparison operators, and improved output processing Amplify Announcing Swift Combine support in Amplify iOS Amplify Flutter now available as Developer Preview Containers Fargate AWS Fargate for Amazon ECS now supports UDP load balancing with Network Load Balancer AWS Fargate for Amazon EKS now included in Compute Savings Plans Amazon EKS on AWS Fargate now supports Amazon EFS file systems ECS Amazon Elastic Container Service launches more network metrics for containers using the EC2 launch type AWS Copilot CLI launches v0.3 focused on operations and configuration Amazon ECS now launches the Amazon ECS Optimized Inferentia AMI EKS Amazon EKS now supports UDP load balancing with Network Load Balancer Amazon EKS managed node groups now support EC2 launch templates and custom AMIs Amazon EKS support for Arm-based instances powered by AWS Graviton is now generally available Announcing the AWS Controllers for Kubernetes Preview Amazon EKS now supports EC2 Instance Metadata Service v2 Other AWS App Mesh introduces new default mesh configuration EC2 & VPC Amazon S3 Access Points now support the COPY API Now Available, Amazon EC2 C5ad instances featuring 2nd Generation AMD EPYC Processors AWS Site-to-Site VPN Now Supports IPv6 Traffic AWS Site-to-Site VPN now supports additional encryption, integrity and key exchange algorithms AWS Site-to-Site VPN now supports Internet Key Exchange (IKE) initiation AWS Transit Gateway customers can now use their own Prefix Lists to simplify IP management Amazon EC2 Instance Metadata Service Now Supports Additional Fields for Improved Automation and Operability Dev & Ops CodeGuru Reviewer now has Full Repository Analysis Support EC2 Image Builder components can now be developed locally AWS CodeDeploy now supports deployments to VPC endpoints Now manage a popular third party agent from AWS Systems Manager Distributor AWS Systems Manager Explorer now provides a multi-account summary of AWS Support cases AWS Cloud9 releases enhanced VPC support Security New – Using Amazon GuardDuty to Protect Your S3 Buckets | AWS News Blog Manage access to AWS centrally for OneLogin users with AWS Single Sign-On AWS IoT Device Defender adds audit finding suppression capability AWS Certificate Manager Private Certificate Authority now supports Private CA sharing AWS Firewall Manager now supports security groups on Application Load Balancers and Classic Load Balancers Storage and Databases New EBS Volume Type (io2) – 100x Higher Durability and 10x More IOPS/GiB | AWS News Blog Announcing Preview for Amazon RDS M6g and R6g Instance Types, Powered by AWS Graviton2 Processors AWS Glue version 2.0 featuring 10x faster job start times and 1-minute minimum billing duration AWS Glue now provides the ability to stop and restart your Glue workflows Amazon Neptune announces graph visualization in Neptune Workbench Amazon FSx for Lustre announces high-performance HDD-based shared storage for compute workloads Amazon ElastiCache announces support for resource-level permission policies Amazon ElastiCache for Redis Now Supports Up To 500 Nodes Per Cluster AWS Database Migration Service now supports MongoDB 4.0 as a source Amazon RDS for SQL Server now Supports SQL Server Major Version 2019 AI & ML AWS DeepComposer launches new learning capsule that deep dives into training an autoregressive CNN model Amazon Forecast adds holiday calendars for 66 countries, to improve forecast accuracy Amazon Augmented AI Launches Delete Human Task UI Capability Other Cool Stuff Quantum computing is now available on AWS through Amazon Braket AWS IoT Device Management increases the limit for concurrent Active Jobs to 1,000 per AWS account per region AWS IoT Core expands Custom Authentication options Announcing the General Availability of AWS Wavelength in Boston and the San Francisco Bay Area Introducing Second Local Zone in Los Angeles, CA Amazon Connect adds support for early media on outbound phone calls Amazon Connect now returns agents to their previous status after finishing an outbound call Amazon Connect adds cut, copy, and paste to the contact flow designer AWS RoboMaker WorldForge simplifies creating simulation worlds for robotics Amazon SES now enables customers to bulk import and bulk delete email addresses from the account-level suppression list Amazon Interactive Video Service adds support for playback authorization Amazon Connect allows contact-centers to auto-resolve to the best voice Amazon SNS launches client library supporting message payloads of up to 2 GB The Nano Candidates Amazon Forecast adds holiday calendars for 66 countries, to improve forecast accuracy AWS IoT Device Defender adds audit finding suppression capability Amazon Connect adds support for early media on outbound phone calls Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions DoiT International
Today's guest is Lonnie Benavides, who is the Head of Infrastructure and Application Security at OneLogin in Phoenix, Arizona. OneLogin is the leader in Unified Access Management, Enabling Organizations to Access the World. We make it simpler and safer for organizations to access the apps and data they need anytime, everywhere. With over 20 years of experience within Cybersecurity, Lonnie is passionate about building high-performing effective security teams. He fosters operational team cultures with foundations in efficiency, openness, and accountability. He enjoys implementing smart and inexpensive security solutions that reduce the risk of a company’s most likely and impactful cyberattack costs. In the show, Lonnie will discuss: What attracted him into a Cybersecurity career Key takeaways from his fascinating experience with the National Guard Setting up the foundations for a successful career in the sector Biggest learns during his 20 years of experience in Cybersecurity Why he loves working in Cybersecurity Future goals for his career
Episode 155: Dan Chan left pre-IPO PayPal to become Silicon Valley's favorite magician who performs for tech billionaires and Silicon Valley elite. Guest Biography Dan Chan is an internationally renowned, award-winning magician who is referred to as the “Billionaire's Magician” having performed for 187 billionaires to date. Based in the San Francisco Bay Area, he is regarded as one of the nation's top corporate magicians and performs at events for thought leaders and influencers worldwide. Chan's world-class sleight of hand, playful pick-pocketing, and thoughtful sleight of mind have been called "the perfect entertainment solution for savvy corporate audiences." Buzzfeed named him Silicon Valley's Favorite Magician and his act includes routines that integrate smartphones and iPads. Dan's signature cultural Bian Lian performance is a legend among tech billionaires and Silicon Valley elite. Chan is often seen performing at the exclusive Magic Castle in Hollywood, Bay Area society, and corporate events internationally. His extensive roster of clients includes the 49ers, Adsemble, Airbnb, Apple, Bank of America, Baidu, BitTorrent, Buzzfeed, BMC, Breathometer, Charles Schwab, Chevron, Cloudflare, CISCO, Deloitte, DOCOMO Innovations, EA, Ebay, Exabeam, Facebook, Falconstor, Golden State Warriors, Google, HP, IBM, Intel, Kaiser Permanente, Kleiner Perkins, KRON4, KTSF, Marriott, Merrill Lynch, Novartis, OneLogin, Open AI, Oracle, Paramount Pictures, PayPal, Pfizer, Pitney Bowes, Quora, Radio Disney, Red Hat, Ritz Carlton, Roche, Sequoia Capital, SF Giants, Shutterfly, Sony Play Station, Specialized Bicycle, Thumbtack, Twitter, USCG, USMC, VISA, Viv, Wells Fargo, Wild Aid, Yahoo, and Zuckerberg San Francisco General Hospital. In this episode, you'll learn: Pivoting a live magic show to a virtual experience on Zoom Why walk away power is important in negotiating Dan's unique stock buying strategy. He invests in every company that hires him. Show notes: http://www.inspiredmoney.fm/155 Find more from our guest: www.danchanmagic.com Online Zoom shows on Airbnb Experiences facebook Instagram LinkedIn Twitter Mentioned in this episode: David Copperfield Chris Kenner Jim Steinmeyer Gerald Joseph Criss Angel David Blaine Cyril Takayama Warren & Annabelle's Magic Buzzfeed: Meet Silicon Valley's Favorite Magician The Hustle: Silicon Valley’s favorite magician reimagines his act in the age of Zoom Business Insider: For $500 you can book a Zoom magic show with 'Silicon Valley's favorite magician,' whose client list includes Google, Apple, and Airbnb Business Insider: A day in the life of a 'billionaire's magician,' who's hired to fly around the world and entertain the elite Runnymede Money Tip of the Week A magical money tip: earnings matter! Thanks for Listening! To share your thoughts: Leave a note in the comment section below. Share this show on Twitter or Facebook. Join us at the Inspired Money Makers groups at facebook and LinkedIn To help out the show: Leave an honest review on Apple Podcasts, Podchaser.com, or wherever you listen. Your ratings and reviews really help, and I read each one. Email me your address, and I'll mail you an autographed copy of Kimo West and Ken Emerson's CD, Slackers in Paradise. Subscribe on Apple Podcasts. Special thanks to Jim Kimo West for the music.
最新情報を "ながら" でキャッチアップ! ラジオ感覚放送 「毎日AWS!」 おはようございます、サーバーワークスの加藤です。 今日は 7/31 に出たアップデートから6件をご紹介。 感想は Twitter にて「#サバワ」をつけて投稿してください! ■ UPDATE ラインナップ AWS Single Sing-On と OneLogin を用いてAWSへのアクセスを管理可能に Amazon GuardDuty が脅威検出の対象に Amazon S3 データイベントを追加 AWS Fargate が NLB を用いた UDP ロードバランシングに対応 Amazon EC2 オンデマンドキャパシティ予約が Windows BYOL をサポート PostgreSQL 互換 Amazon Aurora が バージョン10から11へのインプレースアップグレードに対応 Amazon RDS に AWS Graviton2 プロセッサーを利用した新しいインスタンスタイプのプレビューが追加 AWS DeepComposer に新しい Learning capsule が追加 Amazon Personalize がレコメンドのフィルタリング機能を強化 ■ サーバーワークスSNS Twitter / Facebook ■ サーバーワークスブログ サーバーワークスエンジニアブログ
Today's guest is Niamh Vianney Muldoon. Niamh is an experienced self-starter with extensive Information Security risk management experience. She is currently the Senior Director of Trust & Security, EMEA at OneLogin, who the leader in Unified Access Management, Enabling Organizations to Access the World. They make it simpler and safer for organizations to access the apps and data they need anytime, everywhere. In the show, Niamh will tell you about: How she got into Cybersecurity, The exciting roles she has enjoyed over the years, The importance of mentoring, Success stories of moving into the world of IT, Access control management to Data Breaches, and The exciting work at OneLogin.
In the end, B2B marketing is all about driving leads and turning those leads into opportunities and net new revenue. To make that happen, you must work closely with sales. (You've probably figured that out by now.) But sometimes we struggle with how to work with sales. If you're looking for tactical ways to increase your alignment with sales, then you're in luck. On this episode of the #FlipMyFunnel podcast, David Tam, Director of Marketing at OneLogin, talked about living out alignment on a daily basis.
As the coronavirus spread, businesses and their workers moved to remote operations and virtual tools en mass. This has drastically changed the perimeter of organizations and created unprecedented opportunity for cyber criminals. How can organizations understand, respond to, and potentially limit the impact of cyberattacks? This episode, hosted by Deb Golden, Deloitte Cyber and Strategic Risk Leader, explores these issues and more with guest Vanessa Pegueros, chief trust and security officer at OneLogin. An esteemed lecturer, author, and board member, Vanessa shares insights on the dramatic increase in cyber threats during the ongoing pandemic and how organizations might balance security technology with process and people to prevent and contain future cyberattacks. She also explores the long-term effects these events can have on organizations and their frontline cyber professionals. And Vanessa reflects, as a cyber leader and board director, on how the cyber landscape has evolved over the course of her career and where it may be headed in the post-COVID-19 future.
In this episode, I continue from last week conversation with Daniel Chan. Dan Chan Master Magician is an internationally renowned, award-winning magician whose magic has taken him all over the world. Based in the San Francisco Bay Area, Dan is regarded as one of the nation's top corporate magicians and performs at events for thought leaders and influencers worldwide. Dan Chan Presents is the ultimate entertainment experience, featuring world-class sleight of hand, playful pick-pocketing, and thoughtful sleight of mind. Dan Chan masters more than most, promises more than expected, and delivers more than hoped. Chan's been called "the perfect entertainment solution for savvy corporate audiences" and for good reason. Over the past decade, Dan Chan Presents grew into one of Bay Area's most recognizable entertainment brands, epitomizing the best in corporate entertainment. In addition to reinvented classics, Dan has new technological marvels up his sleeves. Find out why Buzzfeed named Dan Chan Master Magician Silicon Valley's Favorite Magician. He has created several new routines integrating smartphones and iPads into unique, one of a kind performances that are photo-worthy moments your guest will capture and share on Facebook, Snapchat, Twitter, and Instagram. Dan's signature cultural Bian Lian performance is a legend among tech billionaires and Silicon Valley elite. Dan Chan Master Magician has been called to entertain at many of the world's most influential events because of his promise to deliver “sophisticated magic for intelligent audiences”. With 20 years of full-time performance experience under his belt, find out for yourself why 49ers, Adsemble, Airbnb, Apple, Bank of America, Baidu, BitTorrent, Buzzfeed, BMC, Breathometer, Charles Schwab, Chevron, Cloudflare, CISCO, Deloitte, DOCOMO Innovations, EA, eBay, Exabeam, Facebook, Falconstor, Golden State Warriors, Google, HP, IBM, Intel, Kaiser Permanente, Kleiner Perkins, KRON4, KTSF, Marriott, Merrill Lynch, Novartis, OneLogin, Open AI, Oracle, Paramount Pictures, PayPal, Pfizer, Pitney Bowes, Quora, Radio Disney, Red Hat, Ritz Carlton, Roche, Sequoia Capital, SF Giants, Shutterfly, Sony Play Station, Specialized Bicycle, Thumbtack, Twitter, USCG, USMC, VISA, Viv, Wells Fargo, Wild Aid, Yahoo, Zuckerberg San Francisco General Hospital, billionaires around the world, and countless other corporations have chosen Dan for their most important events. His achievements, however, have never deterred him from the ultimate goal as an entertainer— making unforgettable moments for his guests! You can book Dan on AirBnB Experiences - AirBnB Experience
In this episode, I would like to invite you on the first part of the two-part show of a magical journey with Daniel Chan. Dan Chan Master Magician is an internationally renowned, award-winning magician whose magic has taken him all over the world. Based in the San Francisco Bay Area, Dan is regarded as one of the nation's top corporate magicians and performs at events for thought leaders and influencers worldwide. Dan Chan Presents is the ultimate entertainment experience, featuring world-class sleight of hand, playful pick-pocketing, and thoughtful sleight of mind. Dan Chan masters more than most, promises more than expected, and delivers more than hoped. Chan's been called "the perfect entertainment solution for savvy corporate audiences" and for good reason. Over the past decade, Dan Chan Presents grew into one of Bay Area's most recognizable entertainment brands, epitomizing the best in corporate entertainment. In addition to reinvented classics, Dan has new technological marvels up his sleeves. Find out why Buzzfeed named Dan Chan Master Magician Silicon Valley's Favorite Magician. He has created several new routines integrating smartphones and iPads into unique, one of a kind performances that are photo-worthy moments your guest will capture and share on Facebook, Snapchat, Twitter, and Instagram. Dan's signature cultural Bian Lian performance is a legend among tech billionaires and Silicon Valley elite. Dan Chan Master Magician has been called to entertain at many of the world's most influential events because of his promise to deliver “sophisticated magic for intelligent audiences”. With 20 years of full-time performance experience under his belt, find out for yourself why 49ers, Adsemble, Airbnb, Apple, Bank of America, Baidu, BitTorrent, Buzzfeed, BMC, Breathometer, Charles Schwab, Chevron, Cloudflare, CISCO, Deloitte, DOCOMO Innovations, EA, eBay, Exabeam, Facebook, Falconstor, Golden State Warriors, Google, HP, IBM, Intel, Kaiser Permanente, Kleiner Perkins, KRON4, KTSF, Marriott, Merrill Lynch, Novartis, OneLogin, Open AI, Oracle, Paramount Pictures, PayPal, Pfizer, Pitney Bowes, Quora, Radio Disney, Red Hat, Ritz Carlton, Roche, Sequoia Capital, SF Giants, Shutterfly, Sony Play Station, Specialized Bicycle, Thumbtack, Twitter, USCG, USMC, VISA, Viv, Wells Fargo, Wild Aid, Yahoo, Zuckerberg San Francisco General Hospital, billionaires around the world, and countless other corporations have chosen Dan for their most important events. His achievements, however, have never deterred him from the ultimate goal as an entertainer— making unforgettable moments for his guests! You can book Dan on AirBnB Experiences - AirBnB Experience
This week, we are beginning to see the potential economic impacts of the coronavirus resulting from travel restrictions, event cancellations, and the need to prioritize employees’ health while still maintaining some semblance of “business as usual”. Join Robin and Michael as we talk with Courtney Harrison, CHRO of OneLogin on how organizations can prepare, drawing partly on her experience during the 9/11 terror attacks. On the show, we will talk about: Work flexibility: What technology, process, and policies should be implemented in order to build a mass movement to work from home.Employee communications: How HR and leadership should talk to their employees about the virus without playing into fears, as well as the potential mental health impact among employees. Other steps employers can take.HOw does an employer determine when to take action. For background, Courtney was a leader at American Express during the 9/11 terror attacks in New York. The Amex headquarters was destroyed during the attack and her role including relocating an entire workforce (5,000 employees) and working with the Employee Assistance Experts to manage the trauma and emergency response
Almost two in five Irish people are leaving themselves open to a likely data breach by not updating their passwords. This week, Adrian sits down with Brad Brooks, CEO of OneLogin. The two talk about online security and why one in five Irish adults haven't updated their passwords in over two years. One factor in understanding the lack of security hygiene over passwords in Ireland may be a professed level of annoyance that Irish people say they feel at online security measures. Almost a third of us get frustrated by the familiar Captcha random image and number generator system, while nearly one in five get irked by one-time passcodes via text or email.
In the end, B2B marketing is all about driving leads and turning those leads into opportunities and net new revenue. To make that happen, you must work closely with sales. (You've probably figured that out by now.) But sometimes we struggle with how to work with sales. If you're looking for tactical ways to increase your alignment with sales, then you're in luck. On this episode of the #FlipMyFunnel podcast, David Tam, Director of Marketing at OneLogin, talked about living out alignment on a daily basis.
Francisco's Background: A seasoned entrepreneur with deep experience launching multimillion download apps for top movie franchises and e-commerce. He has worked with several venture backed startups as both advisor and lead technology developer including iHerb, Washio, Swagbucks, Dailylook, Onelogin, and Gimbal Media. His latest venture Merch Party involves connecting media creators with fan support via unique merchandise. http://merchparty.com He holds a bachelors degree from Harvard University. Linkedin: https://www.linkedin.com/in/franciscolinkedin
“You want to be a CFO.” The second the words reached his ears, Bernard Huger experienced a moment of clarity that ultimately lifted a stubborn fog from the future path of his finance career. While this was not the first occasion when such a thought had entered his head, this time the words were delivered by a professionally accomplished friend, who wielded an air of objectivity. Like many investment bankers, Huger had found the doorway to corporate development positions less illuminated than those to other corporate roles, while at the same time C-suite doors-of-entry were especially hard to find. “It wasn’t so obvious to me, but as I explained more about the types of things that I wanted to do, I realized that he was right,” says Huger, who left investment banking after 12 years to become CFO of MuleSoft, a fast-growing San Francisco software firm. “Let’s just say that I caught a tiger by the tail,” recalls Huger, who today derives from the experience a lesson for others: “It was painful, but biting off more than you can chew and pushing yourself is critical to accelerating your career.” Asked about the type of CFO role that he envisioned for himself when he joined OneLogin, Huger focuses his comments on hiring and building a team. Only by having standout talent, Huger explains, will finance be able to signal to the organization at large that it is “a creative force” and capable of creating analytical models that other parts of the organization can leverage to foresee the trajectory of the business. –Jack Sweeney
Riverbed launches Aternity to improve digital experiences, Synopsys and Ixia, a Keysight Business, Announce Collaboration to Enable Scalable Networking SoC Validation Solution, CyberArk unveils industrys most complete SaaS portfolio for privileged access security, The age of Azure is upon us: Microsoft's biggest business segment is now the one that includes its Azure cloud, OneLogin launches passwordless device authentication for Windows PCs without Active Directory, and much more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode146 Visit https://www.securityweekly.com/esw for all the latest episodes!
Riverbed launches Aternity to improve digital experiences, Synopsys and Ixia, a Keysight Business, Announce Collaboration to Enable Scalable Networking SoC Validation Solution, CyberArk unveils industrys most complete SaaS portfolio for privileged access security, The age of Azure is upon us: Microsoft's biggest business segment is now the one that includes its Azure cloud, OneLogin launches passwordless device authentication for Windows PCs without Active Directory, and much more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode146 Visit https://www.securityweekly.com/esw for all the latest episodes!
Chinese domestic and foreign intelligence services are cooperating more closely in cyberspace. Another set of speculative execution issues is found in Intel chips. This month’s Patch Tuesday was a big one. CrowdStrike files for its long-anticipated IPO. WhatsApp, spyware, and zero-days. Apple may be required to open its devices to apps from third-party stores. The Cyber Solarium is ready to get started, and Russia offers a helpful hand. Baltimore continues to suffer from ransomware. Malek Ben Salem from Accenture Labs with an overview of the Accenture Technology Vision report. Guest is Tom Pedersen from OneLogin on password use trends. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/May/CyberWire_2019_05_15.html Support our show
What is an Identity Access Management Tool? Identify & Access Management (AIM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. Another way to look at it is AIM is a tool that lets you securely log into the business applications you use for work in a portal that removes the need to memorize multiple different usernames and passwords. It simplifies the experience for your team to access the tools they need to use in order to get their work done while making it just as easy for your IT administrators to manage. In this discussion we talk about AIM along with our preferred tool, OneLogin.
Are we still on that open source licensing thing? Yes. “The most boring topic of all time.” Also, Slack's logo and long term support software monetization models: how do they work? Summary: “Diapers.com buster (AKA Amazon)” “What is someone really selling with LTS?” “Artful genitals.” “It’s not butt ducks” “I’ve had three dogs since then…” Microsoft laughed. This week’s cover art from TheNextWeb (https://thenextweb.com/apps/2019/01/16/slack-has-a-new-logo-and-umm-you-be-the-judge/). MONGO, MONGO, MONGO! MongoDB Issues New Server Side Public License for MongoDB Community Server (https://www.mongodb.com/press/mongodb-issues-new-server-side-public-license-for-mongodb-community-server) MongoDB not in RHEL 8.0 (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8-beta/html/8.0_beta_release_notes/new-features#web_servers_databases_dynamic_languages_2) MongoDB "open-source" Server Side Public License rejected (https://www.zdnet.com/article/mongodb-open-source-server-side-public-license-rejected/) AWS vs. open source: DocumentDB is the latest battlefront (https://www.infoworld.com/article/3331903/database/aws-vs-open-source-documentdb-is-the-latest-battlefront.html) AWS gives open source the middle finger (https://techcrunch.com/2019/01/09/aws-gives-open-source-the-middle-finger/) AWS, MongoDB, and the Economic Realities of Open Source (https://stratechery.com/2019/aws-mongodb-and-the-economic-realities-of-open-source/) (Ben Thompson) Fine, fine…but music companies didn’t “sell” CDs, they sold music. Authors don’t “sell” printed books, they sell stories. They sell IP. The medium isn’t the product. “This trade-off is inescapable, and it is fair to wonder if the golden age of VC-funded open source companies will start to fade (although not open source generally). The monetization model depends on the friction of on-premise software; once cloud computing is dominant, the economic model is much more challenging.” There’s some ponderous gyrating between public cloud being good at managed hosting/services (they run the stuff well) vs. software (their features are unique/good). Ben’s follow-up (https://stratechery.com/2019/mongodb-follow-up-aws-incentives-batteries-the-iphones-missing-miss/#memberful_done) (subscription required): “ Atlas was only 8% of total revenue last year, which grew 57% year-over-year; that means that Atlas itself grew 330% year-over-year, from $3.3 million to $14.3 million. Of course cost of revenue grew 68% as well, thanks to a $4.1 million increase in hosting costs (AWS wins either way), but particularly given the addition of a free Atlas offering, those costs aren’t out of line.” So, with this “SSPL” thing, AWS would have to open source all of itself, or just the DocumentDB part? Here (https://www.zdnet.com/article/mongodb-open-source-server-side-public-license-rejected/): “The specific objection is that SSPL requires, if you offer services licensed under it, that you must open-source all programs that you use to make the software available as a service. From Mongo’s press release on SSPL, Oct. 2018 (https://www.mongodb.com/press/mongodb-issues-new-server-side-public-license-for-mongodb-community-server): “The only substantive change is an explicit condition that any organization attempting to exploit MongoDB as a service must open source the software that it uses to offer such service.” What would happen if AWS was all open source? Given that few companies could use OpenStack or make their own clouds (even with cloud.com and such), just having the code matters little to a successful cloud business, right? Or, maybe it doesn’t mean all of AWS, just the DocumentDB part. Which is, really, the in the spirit of the GPL. The competitive tactic of forcing competitors to open source their stuff is weird. Relevant to your interests Amazon reportedly acquired Israeli disaster recovery service CloudEndure for around $200M (https://techcrunch.com/2019/01/08/amazon-reportedly-acquired-israeli-disaster-recovery-service-cloudendure-for-around-200m/) AWS makes another acquisition grabbing TSO Logic (https://techcrunch.com/2019/01/15/aws-makes-another-acquisition-grabbing-tso-logic/) IBM Just Unveiled The First Commercial Quantum Computer (https://www.sciencealert.com/ibm-unveils-a-quantum-computer-that-will-be-available-to-businesses) “Watson! Whatever happened to ‘unikernal’?” Is that one in the bag and this is the new thing? Announcing TriggerMesh Knative Lambda Runtime (KLR) | Multicloud Serverless Management Platform (https://triggermesh.com/2019/01/09/announcing-triggermesh-knative-lambda-runtime-klr/) Serverless computing: one step forward, two steps back (https://blog.acolyer.org/2019/01/14/serverless-computing-one-step-forward-two-steps-back/) Day Two Kubernetes: Tools for Operability (https://www.infoq.com/presentations/kubernetes-tools) Taking the smarts out of smart TVs would make them more expensive (https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019) OneLogin snares $100M investment to expand identity solution into new markets (https://techcrunch.com/2019/01/10/onelogin-snares-100m-investment-to-expand-identity-solution-into-new-markets/) Want to get rich from bug bounties? You're better off exterminating roaches for a living (http://go.theregister.com/feed/www.theregister.co.uk/2019/01/15/bugs_bounty_salary/) Direct Listings Are a Thing Now (https://www.bloomberg.com/opinion/articles/2019-01-11/direct-listings-are-a-thing-now) Software Maker PagerDuty Files Confidentially for IPO (http://www.bloomberg.com/news/articles/2019-01-15/software-maker-pagerduty-is-said-to-file-confidentially-for-ipo) Slack’s Financials Ahead of Listing Plans (https://www.theinformation.com/articles/slacks-financials-ahead-of-listing-plans) - “As of October 2018, the firm had roughly $900 million in cash on its balance sheet.” Fiserve buying FirstData for $22bn (https://techcrunch.com/2019/01/16/fiserv-is-buying-first-data-in-a-22b-fintech-megadeal/?guccounter=1) - FundsXpress (https://www.crunchbase.com/organization/fundsxpress)! The 773 Million Record "Collection #1" Data Breach (https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/) AWS launches Backup, a fully-managed backup service for AWS (https://techcrunch.com/2019/01/16/aws-launches-backup-to-let-you-back-up-your-on-premises-and-aws-data-to-aws/) ## Non Sense The WELL: State of the World 2019 (https://people.well.com/conf/inkwell.vue/topics/506/State-of-the-World-2019-page01.html) Apple reportedly replaced about 10 times more iPhone batteries than it expected to (https://www.cnbc.com/2019/01/15/apple-upgraded-10-to-11-million-batteries-according-to-report.html) Say hello, new logo (https://slackhq.com/say-hello-new-logo) Sponsors Plastic SCM Visit https://plasticscm.com/SDT (https://www.plasticscm.com/sdt?utm_source=Podcast&utm_medium=jingle&utm_campaign=SDT&utm_term=DevOps&utm_content=mergebots) to find out more and get some sassy t-shirts!! Arrested DevOps Subscribe to the Arrested DevOps podcast by visiting https://www.arresteddevops.com/ Conferences, et. al. 2019, a city near you: The 2019 SpringTours are posted (http://springonetour.io/). Coté will be speaking at many of these, hopefully all the ones in EMEA. They’re free and all about programming and DevOps things. Free lunch and stickers! Jan 28th to 29th, 2019 - SpringOne Tour Charlotte (https://springonetour.io/2019/charlotte), $50 off with the code S1Tour2019_100. Feb 12th to 13th, 2019 - SpringOne Tour St. Louis (https://springonetour.io/2019/st-louis). $50 off the code S1Tour2019_100. Mar 7th to 8th, 2019 - Incontro DevOps in Bologna (https://2019.incontrodevops.it/), Coté speaking. Mar 18th to 19th, 2019 - SpringOne Tour London (https://springonetour.io/2019/london). Get £50 off ticket price of £150 with the code S1Tour2019_100. Mar 21st to 2nd, 2019 (https://springonetour.io/2019/amsterdam) - SpringOne Tour Amsterdam. Get €50 off ticket price of €150 with the code S1Tour2019_100. Get a Free SDT T-Shirt Write an iTunes review of SDT and get a free SDT T-Shirt. Write an iTunes Review on the SDT iTunes Page. (https://itunes.apple.com/us/podcast/software-defined-talk/id893738521?mt=2) Send an email to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and include the following: T-Shirt Size (Only Large or X-Large remain), Preferred Color (Gray, Black) and Postal address. First come, first serve. while supplies last! Can only ship T-Shirts within the United State SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Follow us on Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/) or LinkedIn (https://www.linkedin.com/company/software-defined-talk/) Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you a sticker. Listen to the Software Defined Interviews Podcast (https://www.softwaredefinedinterviews.com/). Check out the back catalog (http://cote.coffee/howtotech/). Brandon built the Quick Concall iPhone App (https://itunes.apple.com/us/app/quick-concall/id1399948033?mt=8) and he wants you to buy it for $0.99. Recommendations Matt: Neil Gaiman’s Norse Mythology (https://www.amazon.com/dp/B01HQA6EOC/ref=dp-kindle-redirect?_encoding=UTF8&btkr=1). Brandon: DIRECTV Alexa skill (https://www.amazon.com/DIRECTV-LLC/dp/B07FDNYMB6). Coté: Peak (https://www.goodreads.com/book/show/29369213-peak), but read in, like 4x mode. Summary: (1.) Model the thing learned, (2.) focused exercises, (3.) coaching, (3.) using feedback loops to improve, (4.) stretching yourself. Derry Girls (https://en.wikipedia.org/wiki/Derry_Girls).
En este episodio hablamos de N26, OneLogin, Plaid, Bird Sigue a: thejcad
On this episode of startup news: N26 raises OneLogin raises Plaid acquires Quovo Bird possibly raising again Follow: @thejcad This episode is also available in spanish.
Proofpoint automates email security with CLEAR, Demisto releases state of SOAR 2018 report, OneLogin and Netskope partner to expand cloud security for enterprises, RedSeal launches remote administrator managed service, Corelight expands network security platform with virtual edition, and more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode106 Visit http://securityweekly.com/esw for all the latest episodes!
Proofpoint automates email security with CLEAR, Demisto releases state of SOAR 2018 report, OneLogin and Netskope partner to expand cloud security for enterprises, RedSeal launches remote administrator managed service, Corelight expands network security platform with virtual edition, and more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode106 Visit http://securityweekly.com/esw for all the latest episodes!
This week, Paul and Matt Alderman interview Dave Maestas, Co-Founder and Chief Technology Officer at Bandura! In the Enterprise News, Proofpoint automates email security With CLEAR, OneLogin and Netskope partner to expand Cloud Security, Corelight expands network security platform with Virtual Edition, Demisto releases State of SOAR 2018 Report, OneLogin and Netskope partner to expand cloud security, and more on this episode of Enterprise Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ES_Episode106 Visit https://www.securityweekly.com/esw for all the latest episodes! Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
This week, Paul and Matt Alderman interview Dave Maestas, Co-Founder and Chief Technology Officer at Bandura! In the Enterprise News, Proofpoint automates email security With CLEAR, OneLogin and Netskope partner to expand Cloud Security, Corelight expands network security platform with Virtual Edition, Demisto releases State of SOAR 2018 Report, OneLogin and Netskope partner to expand cloud security, and more on this episode of Enterprise Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ES_Episode106 Visit https://www.securityweekly.com/esw for all the latest episodes! Visit https://www.activecountermeasures/esw to sign up for a demo or buy our AI Hunter! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly
This week we’ll tell you about a company that can get it for you wholesale — and organic; a delivery service that’s turning Japanese; and a password vault that secured more cash. Theme music is "Bot Fest" by Alex Vaan. Learn more about your ad choices. Visit megaphone.fm/adchoices
In Tracking Security Innovation, Fortinet acquires Bradford Networks, Qualys acquires Second Front Systems, CounterTack acquires GoSecure, Panorays raised $5 million in an unattributed round, OneLogin raised $22.5 million Series C, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode88 Visit http://securityweekly.com/category/sswfor all the latest episodes!
In Tracking Security Innovation, Fortinet acquires Bradford Networks, Qualys acquires Second Front Systems, CounterTack acquires GoSecure, Panorays raised $5 million in an unattributed round, OneLogin raised $22.5 million Series C, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode88 Visit http://securityweekly.com/category/sswfor all the latest episodes!
What's on Your Onelogin and why should you care? Find out about the Lakota ed chat on twitter, and learn about pinning tabs.
Today, I discuss the stress of being a Chief, security, consulting and moving to San Francisco with OneLogin Chief Information Security Officer, Alvaro Hoyos.
Today on Episode 3 of 2 Dropped Tables we discuss the latest wikileaks Vault7 release 'Pandemic' and how this recently leaked CIA tool spreads infected files across an organization's network. Cloud based single sign on service OneLogin suffered a breach where user passwords and decryption keys were stolen. We discuss how businesses can improve the vetting of their cloud partners and weather it is a good idea to put all of your eggs in a cloud authentication basket. Lastly each of our hosts provide their top 3 things that home computer users can do to better secure their environment and their private information. Show Notes: https://www.2droppedtables.ca/episode-003/
Hector Monsegur (@hxmonsegur on Twitter) is a good friend of the show, and we invited him to come on and discuss some of the #OSINT research he's doing to identify servers without using noisy techniques like DNS brute forcing. We also discuss EclinicalWorks and their massive fine for falsifying testing of their EHR system, and implications for that. What happens to customers confidence in the product, and what happens if you're already a customer and realize you were duped by them? We also discuss Hector's involvement with the TV show "Outlaw Tech". Who approached him, why he did it, why it's not CSI:Cyber or "Scorpion" and how it discusses the techniques used by bad guys. Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-020-Hector_monsegur_DNS_research_OSINT.mp3 #RSS: www.brakeingsecurity.com/rss Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw iTunes Store Link: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast Join our #Slack Channel! Sign up at https://brakesec.signup.team #iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/ #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ ---------- Show notes: going beyond DNS bruteforcing and passively discovering assets from public datasets??? Very interested in hearing about this Straight OSINT, or what? Hxm: Over at RSL (Rhino Sec Labs), one of the research projects I’m working on is discovery of assets (subdomains) while minimizing footprint (dns bruteforcing). Datasets include things like: Data from the certificate transparency project (https://www.certificate-transparency.org/) rDNS and forward dns dataset from https://scans.io/ Sonar Scans - Rapid7 Sublist3r: https://github.com/aboul3la/Sublist3r And other datasets that are out there Crime Flare https://krebsonsecurity.com/tag/crimeflare-com/ -> crimeflare.com Discuss why brute forcing DNS leaves such a heavy footprint for blue team forensics How cloud providers like CloudFlare, and others, do not take advantage of DNS bruteforcing error messages Special shout out to Ryan Sears @ CaliDog Security for his research into this field https://en.wikipedia.org/wiki/Markov_chain Smart DNS Bruteforcing - https://github.com/jfrancois/SDBF Training gained from internal phishing campaigns Does it breed internal mis-trust? Recent campaign findings Why do it if we know one account is all it takes? Because we know it’s a ‘win’ for security? Outlaw Tech on Science Channel What’s it about? (let’s talk about the show) The show itself is on the Science channel (Discovery) The aim of the program is to discuss the technology behind many of the biggest crimes (heists, el chapo’s communication network, etc) And how I play a part in it https://www.spoofcard.com/ https://www.sciencechannel.com/tv-shows/outlaw-tech/ Rhinosecuritylabs.com http://www.dw.com/en/estonia-buoys-cyber-security-with-worlds-first-data-embassy/a-39168011 - ”Estonia buoys cyber security with world's first data embassy” - interesting https://www.digitalcommerce360.com/2017/05/31/eclinicalworks-will-pay-feds-155-million-settle-false-claims-charges/ -- holy shit -- Reminds me of the whole emissions scandal from a couple of years back. http://www.roadandtrack.com/new-cars/car-technology/a29293/vehicle-emissions-testing-scandal-cheating/ http://securewv.com/cfp.html OneLogin/Docusign breaches OneLogin: https://arstechnica.com/security/2017/06/onelogin-data-breach-compromised-decrypted/ Docusign: https://www.inc.com/sonya-mann/docusign-hacked-emails.html http://www.spamfighter.com/News-20916-DocuSign-Data-Hack-Resulted-in-Malware-Ridden-Spam.htm Crowdfunding to buy shadowbroker exploits ended: https://threatpost.com/crowdfunding-effort-to-buy-shadowbrokers-exploits-shuts-down/126010/ China's Cybersecurity Law: https://lawfareblog.com/chinas-cybersecurity-law-takes-effect-what-expect Facial recognition for plane boarding: http://money.cnn.com/2017/05/31/technology/jetblue-facial-recognition/index.html Keybase.io’s Chrome plugin -- Game changer? https://chrome.google.com/webstore/detail/easy-keybaseio-encryption/bhoocemedffiopognacolpjbnpncdegk/related?hl=en
Episode 5! In this one we talk a little bit about what got us into podcasting, and have some friendly banter about Apple's WWDC. Thanks for listening! Intro About ourselves: What we do (not necessarily career, but hobbies, major, etc) Why we wanted to podcast How we contribute to the show Why we like tech Shameless self plug Location, location, location Why we love Slavin OS preference, smart phone preference, 57:50 - Break OneLogin data breach. Discuss trusting password managers with all this data https://arstechnica.com/security/2017/06/onelogin-data-breach-compromised-decrypted/ AppleFS doesn't work with non english languages https://eclecticlight.co/2017/04/06/apfs-is-currently-unusable-with-most-non-english-languages/ Beats by Jeff Budzinski - https://soundcloud.com/freh Be sure to also check out Kyle's wrestling podcast, On Air With Keenan & Kyle! http://onairwithkeenan.podomatic.com/
For the first time in too long, a week went by without any major international security incidents (unless you count the US withdraw from the Paris Climate Agreement, which you probably should). Perhaps unsurprisingly, that meant there was also time to look at defensive measures for a change. For instance! The US successfully tested its very expensive, not entirely reliable missile defense system, but that doesn't mean we'd be safe from a real-world attack.
Do you have a “smart” TV? Or an Internet-connected baby monitor? Then you are a part of the Internet of Things (IoT)! Welcome to the world of everyday devices being connected to the network, allowing you to change the temperature of your home while traveling, check up on your dogs from work, and have a Bluetooth speaker that can also fetch tomorrow’s weather forecast. While there are lots of great uses for these devices, their security (or lack thereof) is making many of us vulnerable to attack. Today I speak at length with John Graham-Cumming, CTO of Cloudflare, about the Internet of Things and how it’s already wreaking havoc on our world. We’ll tell you how to be smart about your smart devices! We’ll also talk about the massive OneLogin password system breach and how hackers are increasingly turning to social media to target people for phishing attacks. John Graham-Cumming is a computer programmer and author. He studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer he has worked in Silicon Valley and New York, the UK, Germany and France and currently works at CloudFlare. His open source POPFile program won a Jolt Productivity Award in 2004. He is the author of a travel book for scientists published in 2009 called The Geek Atlas and has written articles for The Times, The Guardian, The Sunday Times, The San Francisco Chronicle, New Scientist and other publications. In 2009 he successfully petitioned the British Government to apologize for the mistreatment of British mathematician Alan Turing. He is a licensed radio amateur. For Further Insight: Website: http://jgc.org Follow on Twitter: https://twitter.com/jgrahamc Additional Resources: Save 40% off next year’s domain registration (and get FREE privacy) https://hover.com/transfermydomain Social media increasingly used by hackers: https://www.nytimes.com/2017/05/28/technology/hackers-hide-cyberattacks-in-social-media-posts.html The Geek Atlas: https://www.amazon.com/Geek-Atlas-Places-Science-Technology/dp/0596523203 EFF’s page to help send comments to FCC on Net Neutrality: https://dearfcc.org/
In this week's Chet Chat, Sophos researchers Chester Wisniewski and John Shier share their opinions on the leaked NSA election hacking docs, Judy Android ad fraud, the OneLogin breach, Crisis authors throwing in the towel and Google's latest privacy SNAFU in Chrome.
Chipotle and OneLogin suffer breaches, Windows XP Too Unstable To Spread WannaCry, Patches Available for Linux Sudo Vulnerability, Cisco, Netgear Readying Patches For Samba Vulnerability, oAuth nightmares, Attack and Defense, Jay Beale style, Decoding DECT with an RTL-SDR, and who are the Shadow Brokers? Full Show Notes: https://wiki.securityweekly.com/Episode516 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
Our weekly news round-up: Deep Learning used to analyse medical imagery and determine life expectancy; SpaceX re-uses its Dragon capsule, as well as the Falcon 9 first stage; WhatsApp users targeted in phishing scam; 'Judy' malware found in 41 apps on Google Play; Apple improves Swift Playgrounds' coding for kids; OneLogin hit by sophisticated data breach; High altitude balloons used to expand remote area internet coverage.
This week includes: Hooligans stealing cars, OneLogin breached, classified data on AWS, Kmart gets breached again, Microsoft pays you to use Bing, Laundroid, the clothes folding robot and much more… Listen on: iTunes, Google Play, Tunein, Stitcher and RSS Short on time? Subscribe to the IoT This Week Newsletter for weekly email updates on interesting stories from […]
Chipotle and OneLogin suffer breaches, Windows XP Too Unstable To Spread WannaCry, Patches Available for Linux Sudo Vulnerability, Cisco, Netgear Readying Patches For Samba Vulnerability, oAuth nightmares, Attack and Defense, Jay Beale style, Decoding DECT with an RTL-SDR, and who are the Shadow Brokers? Full Show Notes: https://wiki.securityweekly.com/Episode516 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
OneLogin, Extortion, Coinbase, Pandemic, Booz, Mobile Apps, Electricity, AI voices, Sheets, Walmart, Karoshi, APIs, discovery, aphorisms, and more… Support the show: https://danielmiessler.com/support/ See omnystudio.com/listener for privacy information.
Hackean onelogin, netflix es una mierda, Ethiopia apaga internet, microsoft paga por usar bing, walmart capacita empleados con VR y Reddit "mejora". Síguenos en Medium por http://neox.fm Síguenos en twitter por http://twitter.com/neoxfm Síguenos en facebook por http://facebook.com/neoxfm Música original de Colaars - https://www.jamendo.com/track/1443264/to-the-roofs
Dennis Fisher talks with Mike Mimoso of Threatpost about the Shadowbrokers’ subscription service, who might actually pay for it, what the reaction in Washington is, and what else might be lurking in the group’s cache of stolen tools. Then they discuss the OneLogin breach and its potential fallout as well as the active-defense bill that’s…
The Twenty Minute VC: Venture Capital | Startup Funding | The Pitch
Rory O’Driscoll is a founding member and Partner at Scale Venture Partners. An active investor for the past 20 years, Rory is focused on early-in-revenue software companies benefiting from the move to Software as a Service and the wider transition of enterprise computing to the cloud. Rory currently sits on the boards of Axcient, Bill.com, Box, Chef Software, DataSift, DocuSign, DroneDeploy, Forter, Katch, OneLogin, Pantheon, WalkMe and Wrike. Prior investments include ExactTarget (ET; Acq: SFDC), Omniture (OMTR; Acq: ADBE), ScanSafe (Acq: Cisco), Frontbridge (Acq: MSFT), Placeware (Acq: MSFT) among others. Rory has been recognized by the Forbes Midas List and AlwaysOn Power Players in Venture Capital for his investments. In Today’s Episode You Will Learn: 1.) How Rory made his way into the world of venture and came to be a Partner @ Scale. 2.) How does Rory address market size? Does he utilise the bottom up or top dpwn approach? What is his strategy? 3.) Why are markets more important to Rory than management? What do each element have a different role in achieving? 4.) How does Rory look to navigate board conflict? When conflict does arise, how does Rory look to resolve a CEO who does not listen? 5.) What are the 4 fundamental roles of a board member? Why is competence underrated? What should founders and CEOs look for in prospective board members? Items Mentioned In Today’s Show: Rory's Fave Blog: Term Sheet Rory's Fave Book: SuperForecasting: The Art & Science of Prediction Rory's Most Recent Investment: DroneDeploy As always you can follow Harry, The Twenty Minute VC and Rory on Twitter here! Likewise, you can follow Harry on Snapchat here for mojito madness and all things 20VC. So many problems start with your head: stress, depression, anxiety, fear of the future. What if there was some kind of exercise you could do, that would help you get your head in shape. That’s where the Headspace app comes in. Headspace is meditation made simple. The Headspace app provides guided meditations you can use whenever you want, wherever you want, on your phone, computer or tablet. They have sessions focused on everything from dealing with stress and depression, to helping you eat more mindfully. So download the Headspace app and start your journey towards a happier, healthier life. Learn more at headspace.com/20vc. That’s headspace.com/20vc. Xero is beautiful, easy-to- use online accounting software for small businesses. With Xero, you can easily manage your accounting anytime, anywhere from your computer or mobile device.When you add Xero to your small business you are able to: Send online invoices and get paid faster. Get an instant view of your cash flow. Track your payroll and keep tabs on your inventory. Partner with your accountant and bookkeeper in real time whenever you like. You can also customize your Xero experience with over five hundred business apps, including advanced solutions for point-of- sale, time tracking, ecommerce and more. Sign up for a free thirty-day trial at xero.com/20vc
Our topic is incident response in the enterprise. We also discuss OneLogin acquiring Sphere Secure Workspace, Synopsys acquiring Cigital, Codiscope bolstering its security portfolio, Gartner's latest report on the CASB market, and much more here on Enterprise Security Weekly!
OneLogin acquires Sphere Secure Workspace, Synopsys Acquires Cigital, Codiscope to Bolster Security Portfolio, Gartners Latest Report on the CASB Market, and much more here on Enterprise Security Weekly! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode22 Take the Security Weekly Survey: www.securityweekly.com/survey Visit http://securityweekly.com/esw for all the latest episodes!
OneLogin acquires Sphere Secure Workspace, Synopsys Acquires Cigital, Codiscope to Bolster Security Portfolio, Gartners Latest Report on the CASB Market, and much more here on Enterprise Security Weekly! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode22 Take the Security Weekly Survey: www.securityweekly.com/survey Visit http://securityweekly.com/esw for all the latest episodes!
Our topic is incident response in the enterprise. We also discuss OneLogin acquiring Sphere Secure Workspace, Synopsys acquiring Cigital, Codiscope bolstering its security portfolio, Gartner's latest report on the CASB market, and much more here on Enterprise Security Weekly!