Podcasts about SOC

Share on
Share on Facebook
Share on Twitter
Share on Reddit
Share on LinkedIn
Copy link to clipboard
  • 788PODCASTS
  • 1,960EPISODES
  • 45mAVG DURATION
  • 1DAILY NEW EPISODE
  • Jul 1, 2022LATEST

POPULARITY

20122013201420152016201720182019202020212022


Best podcasts about SOC

Show all podcasts related to soc

Latest podcast episodes about SOC

#GeekTalk Daily
1217 #GeekTalk Daily Mit Nothing Phone, 1Password und Huawei

#GeekTalk Daily

Play Episode Listen Later Jul 1, 2022


Nothing phone (1): Schwarze Version aufgetaucht & SoC bestätigt ZDF Mediathek unterstützt nun Apple Share Play 1Password speichert nun auch Infos zum Single-Sign-On-Dienst 1Password: Dateien und Dokumente können geteilt werden Google Stadia: Neue Games für Pro-Abonnenten unterwegs Huawei MateBook D16 und 16s vorgestellt, das steckt drin Huawei MateView SE: Neuer 23,8-Zoll-Monitor mit Full-HD-Auflösung Huawei FreeBuds Pro 2 - Erste Eindrücke Mein Video dazu

BLUEPRINT
A Mailbag Episode With John Hubbard

BLUEPRINT

Play Episode Listen Later Jul 1, 2022 20:08


It's a special mailbag episode from John Hubbard! After three seasons, John asked the listeners what questions they had for him.  He touched on the current XDR trend, how other teams can support SOC activities, defining security mindset, and more. 

Tech&Co
Emmanuel Pugliesi, directeur exécutif de SFR Business – 27/06

Tech&Co

Play Episode Listen Later Jun 27, 2022 7:23


Emmanuel Pugliesi, directeur exécutif de SFR Business, était l'invité de François Sorel dans Tech & Co, ce lundi 27 juin. Il est revenu sur le lancement par sa société d'un service de SOC nouvelle génération pour protéger les entreprises des cybermenaces, sur BFM Business. Retrouvez l'émission du lundi au jeudi et réécoutez la en podcast.

Papo SOC
Episódio 12# De tentáculo à tentáculo: Como surgiu o SPOC?

Papo SOC

Play Episode Listen Later Jun 24, 2022 38:39


Um bate papo especial com Phil Parizi, Designer do SOC, Jullyana Castro, Coordenadora de Suporte SOC e Luiz Gimenez Consultor Comercial do SOC sobre o mascote mais amado da área de SST.

Anastasya Confidential
"Je hebt géén idee hoe Temptation echt is" - Pommeline over haters, jezelf zijn & having FUN!

Anastasya Confidential

Play Episode Listen Later Jun 24, 2022 57:40


In deze episode komt Pommeline Tillière vertellen over de kick-start van haar carrière bij Temptation Island, hoe ze omgaat met haat en kritiek, over f*cked up tattoo's, haar liefde voor muziek & meer! Zoals altijd met tal van anecdotes, dilemma's en tipsy story times met een glaasje (lees: visbokaal!) booze!

We Hack Purple Podcast
WeHackPurple Podcast Episode 55 with Guest James Tabron

We Hack Purple Podcast

Play Episode Listen Later Jun 23, 2022 35:43


In this episode of the We Hack Purple Podcast we meet James Tabron the director of Engineering at Twilio! James switched from security to engineering recently, and wanted to share how startups and large companies can both start their SOC2 compliance programs. He shed a lot of light on where to start, common challenges, how much value can be gained from SOC two, and even how to automate the process. He also confirmed our on-going assumptions that good soft skills and specifically empathy were the most important things to look for when hiring someone to run an effective compliance program. Tune in to learn more!Thank you so much to our sponsor, Bright Security! Check out their amazing #DAST! Join us in the We Hack Purple Community!A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter!Find us on Apple Podcast, Overcast + Pod #TanyaJanca #SheHacksPurple #DevOps #CyberSecurity #DAST #BrightSec #DevSecOps #AppSec

Programas FM Milenium
La Pregunta Sin Fin: Entrevista al Chino Navarro

Programas FM Milenium

Play Episode Listen Later Jun 22, 2022 27:58


Luciana Vazquez conversó con el dirigente del Movimiento Evita y Secretario de Relaciones Parlamentarias, Institucionales y con la Soc. Civil de la Jefatura de Gabinete Chino Navarro, y conversaron acerca de la política Argentina de la actualidad y dió su mirada acerca del peso de los movimientos sociales en la política social que se implementa desde el gobeirno.

SecurityMetrics Podcast
Cybersecurity Burnout - SOC Analyst Survey Findings | SecurityMetrics Podcast 53

SecurityMetrics Podcast

Play Episode Listen Later Jun 22, 2022 31:57


"I feel like many data security professionals feel like they're doing the right thing and making a difference, but there was a huge amount that said they were burning out. 65% of cybersecurity workers said they plan on leaving their jobs in the next 12 months."Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Thomas Kinsella (COO and Co-Founder - Tines) about the recent SOC analyst survey findings conducted by Tines.Listen to "The Future of Security Operations" Podcast by Thomas Kinsella[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

The Killing IT Podcast
Episode 169 - Sentient AI, Privacy Legislation, and the Digital Twins

The Killing IT Podcast

Play Episode Listen Later Jun 21, 2022 30:51


Topic 1: Sentient AI?   Is it real? Should you lose your job over it?    For starters, violating an NDA and whistleblowing are vastly different reasons to be fired.    Besides, this so-called sentient AI could easily just be a complex game of 20 questions; pattern matching at it's best. That said, this freaked-out-ness might be a good indicator that we are getting too close to comfort.   https://www.wired.com/story/lamda-sentient-ai-bias-google-blake-lemoine/        Topic 2: Will privacy legislation happen?   The internet was made for sharing data. Sooner or later, that 140 characters or less post about that weird thing your boss does with his hands would be inevitable! However, as individuals, we cherish our privacy and are entitled to at least an elective form of privacy.     I mean, sharing your boss's quirks online is far from sharing your social security number or the name of your first born...Besides, he's a cool guy once you look pass his jazz hands.    Additionally, enforcement of privacy laws are practical but sometimes that extra step is damning for commerce.    https://www.protocol.com/newsletters/policy/federal-privacy-law-introduced?rebelltitem=1#rebelltitem1       Topic 3:  Digital Twins   A pop quiz for all you die hard Killing It listeners: "What is a digital twin?"   That's right, the digital twin has grown lungs and is making its way into the collective consciousness after its ten year stint as a dinner table tall tale.    An impending existence adjacent to the metaverse, this digital representation shifts and grows with its physical world counterpart; kind of like your weird baby cousin who decides to parrot your every word and move, it is constantly growing and learning...   https://www.bbc.com/news/business-61742884           Sponsor Memo: AgileBlue    AgileBlue is a 24/7 SOC, XDR and SOAR providing managed breach protection including monitoring, detection, and automated response to cloud, networks, and endpoints.   Helping MSPs build their cyber business while increasing gross margins, ARR and stickiness.   AgileBlue's partner program engages, enables, supports, and rewards your business growth with a white-labeled security dashboard, pooled pricing, marketing collateral, and purpose-built sales content. A 24/7 extension of your team, learn more at agileblue.com      :-)  

Straight Outta Cobham - A show about Chelsea
Raheem Sterling: Why Chelsea want him & Why City may let him go

Straight Outta Cobham - A show about Chelsea

Play Episode Listen Later Jun 21, 2022 35:00


In the absence of the usual SOC gang (on holiday) why not check out Monday's Athletic Football Podcast... Host Ian Irving details Chelsea's growing interest in Raheem Sterling, in the company of our Football Correspondent David Ornstein, Manchester City writer Sam Lee & Chelsea writer Simon Johnson... We learn how Chelsea's confidence in capturing Sterling has grown, why City are open to letting Sterling leave this summer & consider whether this could see a new trend in the Premier League's top clubs selling players to domestic rivals.

APPLEニュース by PHILE WEB
クアルコムのWinノート向け最新SoC、マルチコア性能はアップルM2比で約65%とのベンチマーク結果【Gadget Gate】

APPLEニュース by PHILE WEB

Play Episode Listen Later Jun 20, 2022


「クアルコムのWinノート向け最新SoC、マルチコア性能はアップルM2比で約65%とのベンチマーク結果【Gadget Gate】」 クアルコムの最新SoCのパフォーマンスが、M2チップに大きく後れを取っていることが指摘されている。

Humor
Joel Joan a "El comunista": "Dic el que penso, cosa que no fa ning

Humor

Play Episode Listen Later Jun 18, 2022 29:07


L'actor Joel Joan ha estat el convidat del consultori de Joel D

Paul's Security Weekly TV
Azure Vulns, Vendor Layoff's, Rob Lee, & Bye Bye Internet Explorer - ESW #277

Paul's Security Weekly TV

Play Episode Listen Later Jun 17, 2022 70:59


This week, in the Enterprise News: Vanta raises a $110M Series B to automate SOC 2, ISO, PCI and other compliance efforts Immuta raises a $100M Series E for secure data access (an everything-old-is-new-again market that's exploding) Perimeter 81 raises $100M Series C and becomes a unicorn - You get a VPN! I get a VPN! Everyone gets a VPN! Over a dozen other vendors raise funding! IBM acquires EASM vendor, Randori Another Azure vulnerability allowing tenancy escapes Microsoft's Purview goes beyond DLP and gets into the pre-crime business Half a dozen cybersecurity vendor layoff announcements! We discuss the controversy around Rob Lee's involvement with developing federal standards for critical infrastructure protection and we say farewell (and good riddance) to Internet Explorer… but not really Then, after the news, we're going to air some segments recorded at the RSA conference last week.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw277

Ethically Speaking
Ep. 53: Timely advice for avoiding pitfalls of SOC 2® reporting

Ethically Speaking

Play Episode Listen Later Jun 17, 2022 16:55


Listen as Mimi-Blanco Best and Ellen Goria, CPAs and associate directors at the AICPA, discuss some potential pitfalls of SOC 2® reporting and offer advice and tools for avoiding issues and ensuring you meet your ethical responsibilites when performing these engagements. Qs & As Here are the Qs &As Mimi and Ellen discuss. You'll need to be signed into your account to access these. If you don't already have an account, you can sign up free of charge. SOC 2 guide The AICPA will be publishing a new edition of the SOC 2 guide this year and both of these purchase options give you a full year subscription to updates: Online subscription Ebook

Enterprise Security Weekly (Video)
Azure Vulns, Vendor Layoff's, Rob Lee, & Bye Bye Internet Explorer - ESW #277

Enterprise Security Weekly (Video)

Play Episode Listen Later Jun 16, 2022 70:59


This week, in the Enterprise News: Vanta raises a $110M Series B to automate SOC 2, ISO, PCI and other compliance efforts Immuta raises a $100M Series E for secure data access (an everything-old-is-new-again market that's exploding) Perimeter 81 raises $100M Series C and becomes a unicorn - You get a VPN! I get a VPN! Everyone gets a VPN! Over a dozen other vendors raise funding! IBM acquires EASM vendor, Randori Another Azure vulnerability allowing tenancy escapes Microsoft's Purview goes beyond DLP and gets into the pre-crime business Half a dozen cybersecurity vendor layoff announcements! We discuss the controversy around Rob Lee's involvement with developing federal standards for critical infrastructure protection and we say farewell (and good riddance) to Internet Explorer… but not really Then, after the news, we're going to air some segments recorded at the RSA conference last week.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw277

IO&TEch
Arriva M2 a sparigliare le carte

IO&TEch

Play Episode Listen Later Jun 15, 2022 38:11


Alla WWDC oltre al software Apple ha presentato il nuovo SoC che ha già inserito in due prodotti: il nuovo MacBook Air e l'ultimo rimasuglio di scocche di MacBook Pro che non vuole lasciare il mercato.Ma come si pone questo prodotto?Dimmi la tua su Twitter http://twitter.com/JakeReale o mandami una mail jacoporeale@yahoo.it Scopri dove ascoltare il podcast: https://www.spreaker.com/show/ioetechAscolta anche An iPad guy: https://www.spreaker.com/show/anipadguyLascia una recensione su Apple Podcast o Spotify.Sostieni i miei progetti su PayPal: http://goo.gl/sMfNLIQuesto podcast è postprodotto grazie a Podcleaner Pro: https://ulti.media/podcleaner-pro-audio-cleaning/c

Kruze Consulting's Founders and Friends Podcast for Startups
Adam Markowitz of Drata discusses how they help companies protect their data

Kruze Consulting's Founders and Friends Podcast for Startups

Play Episode Listen Later Jun 15, 2022 26:33


Adam Markowitz, CEO and Founder of Drata (https://drata.com), discusses how Drata can streamline data audits and help companies protect their data, continuously monitor their data security, and produce reports for SOC 2 and other compliance programs. Kruze Consulting is a leader in Startup Tax (https://kruzeconsulting.com/startup-taxes) Filings, Payroll Tax Savings from R&D Tax Credits, professional advice and more! Find out why hundreds of seed and venture funded startups trust Kruze Consulting's tax experts, software and process to save them time and hassle.

Cybercrime Magazine Podcast
Let's Talk SOC. Building An Effective & Efficient SOC. Terry McGraw, Secureworks.

Cybercrime Magazine Podcast

Play Episode Listen Later Jun 15, 2022 17:48


Terry McGraw is a Senior Executive Consultant at Secureworks. In this episode, Terry joins host Shannon McKinnon to discuss building an effective and efficient SOC, including how to find, train, maintain, and retain SOC personnel, as well as some tips on knowing when to partner. Let's Talk SOC is a Cybercrime Magazine podcast series brought to you by Secureworks, a leader in cybersecurity, empowering Security and IT teams worldwide to accelerate effective security operations. To learn more about our sponsor, visit https://secureworks.com

Defense in Depth
Building a Security Awareness Training Program

Defense in Depth

Play Episode Listen Later Jun 9, 2022 28:14


All links and images for this episode can be found on CISO Series We all know and have experienced bad security awareness training. People can learn, and should learn about being cyber aware. How do you build a security awareness training program that sticks? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn with our guest Lisa Kubicki (@lmk2), trust and security, training and awareness director, DocuSign. Thanks to our podcast sponsor, Drata Save 200+ hours with Drata's automated continuous compliance solution for SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, & CCPA. Drata connects to your techstack with 75+ integrations, including AWS, GitHub, GCP, & more to automate the compliance process. Kickstart your compliance journey by requesting a demo and get 10% off In this episode: We ask, “How do you build a security awareness training program that sticks?” How do you develop a program that resonates with staff and actually improves security outcomes? We get tips from the community on how they built a security awareness training program. We examine what a successful engagement would look like.

AWS Morning Brief
RSA Prelude

AWS Morning Brief

Play Episode Listen Later Jun 2, 2022 4:26


Links: Poisoned Python and PHP packages purloin passwords for AWS access No, your cloud environment doesn't need a sandbox Spring 2022 SOC reports are now available with 150 services in scope Canary Tokens

Defense in Depth
Onboarding Cyber Professionals with No Experience

Defense in Depth

Play Episode Listen Later Jun 2, 2022 28:44


All links and images for this episode can be found on CISO Series You want to bring on entry level personal, But green employees, who are not well versed in security, IT, or your data introduce risk once they have access to it. What are ways to bring these people on while also managing risk? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Rich Lindberg, CISO, JAMS. Thanks to our podcast sponsor, SolCyber At SolCyber we're hell-bent on delivering Fortune 500 level cyber security for small and medium-sized enterprises. When you're being targeted by the same bad guys, nothing else will do. We bring to the table a curated stack of leading technologies and around-the-clock SOC support, all simply priced per user. Let us do the heavy lifting. In this episode: We ask, “What are ways to bring entry-level people onboard the company while also managing risk?” How does education stack up against on-the-job experience? Are there advantages to hiring an inexperienced greenthumb versus experienced only new hires?

The DotCom Magazine Entrepreneur Spotlight
Seemant Sehgal, Founder & CEO, BreachLock Inc, A DotCom Magazine Interview

The DotCom Magazine Entrepreneur Spotlight

Play Episode Listen Later Jun 1, 2022 26:40


About Seemant Sehgal and BreachLock Inc: S.Sehgal is Founder & CEO of BreachLock Inc. - Worlds first AI powered full stack and SaaS enabled Pen Testing as a Service. Since 2019 BreachLock has quickly emerged as a market disrupter in the traditionally human dependent Penetration Testing market. Seemant is an ardent supporter of RED Teaming philosophy. Seemant is a regular speaker at international conferences. He is also an author for the ISACA Journal since 2015. Areas of expertise include cyber resilience, payment security ( PSD2, PCI DSS), ISO 27001, Cyberdefense, and SOC. He is a proud contributor/supporter for Threat Intelligence Based Ethical Red teaming (TIBER) initiative. He has a proven track record in influencing security decisions by articulating his Information Security vision at CISO / CIO and Board Room level. In January 2015, Seemant's paper on "Effective Cyber Threat Management - Evolution And Beyond" was published in the ISACA Journal. He is also an author on ISACA security blog. In Oct 2018 ISACA Journal has released his second paper on RED Teaming for Cyber Security. Founded in 2019, BreachLock, Inc. is recognized as a global leader in the cybersecurity industry, specializing in scalable and comprehensive Penetration Testing as a Service (PTaaS). As a cloud-native innovator, BreachLock delivers market-disrupting PTaaS by leveraging the power of AI to scale the skill and creativity of human Penetration Testers, giving enterprises complete security posture visibility from an adversary perspective. BreachLock's human Penetration Testers validate vulnerabilities discovered by AI and uncover vulnerabilities that automation cannot find. BreachLock is the world's first full-stack Penetration Testing solution, covering all attack surfaces such as Web Applications, Internal & External Networks, Mobile Applications, and API Endpoints. BreachLock is on a mission to Make Cyberspace a Safe Place.

Digital Conversations
In This World, Nothing Can Be Said to Be Certain Except Death, Taxes, and a Sound Digital Healthcare Compliance Strategy

Digital Conversations

Play Episode Listen Later May 31, 2022 19:00


Billions of people are now fully dependent on various forms of technology as part of their daily lives. Healthcare is no exception. As paper forms give way to digital health records and electronic communications, the risks of losing control of private patient information has risen dramatically. Every organization that deals with healthcare data must come to grips with an increasingly challenging landscape of criminal sophistication and the constant flow of new regulations that are being put in place by international, federal, and local authorities. In this episode, Greg Kefer is joined by Justin Wiley, Director of Information Security and Compliance at Lifelink Systems, to discuss the current state of compliance in healthcare IT. For any company that is involved in buying, selling, or delivering technology in healthcare, a sound approach to security and compliance has become table stakes. The industry can't stand still. Digital innovation is more important than ever, but there are ways to ensure the technology being put in place has been vetted. Justin describes SOC 2, one of the “gold standard” audits, that dives deeply into technology organizations and how they operate, helping ensure best practices are in place and followed. 

Digital Conversations
In This World, Nothing Can Be Said to Be Certain Except Death, Taxes, and a Sound Digital Healthcare Compliance Strategy

Digital Conversations

Play Episode Listen Later May 31, 2022 19:00


Billions of people are now fully dependent on various forms of technology as part of their daily lives. Healthcare is no exception. As paper forms give way to digital health records and electronic communications, the risks of losing control of private patient information has risen dramatically. Every organization that deals with healthcare data must come to grips with an increasingly challenging landscape of criminal sophistication and the constant flow of new regulations that are being put in place by international, federal, and local authorities. In this episode, Greg Kefer is joined by Justin Wiley, Director of Information Security and Compliance at Lifelink Systems, to discuss the current state of compliance in healthcare IT. For any company that is involved in buying, selling, or delivering technology in healthcare, a sound approach to security and compliance has become table stakes. The industry can't stand still. Digital innovation is more important than ever, but there are ways to ensure the technology being put in place has been vetted. Justin describes SOC 2, one of the “gold standard” audits, that dives deeply into technology organizations and how they operate, helping ensure best practices are in place and followed. 

The Environmental Health Trust
Interview with Executive Producer Maggie Stogner on her film "Unbreathable"

The Environmental Health Trust

Play Episode Listen Later May 31, 2022 52:22


Unbreathable: The Fight for Healthy Air is directed by award-winning filmmaker and American University School of Communication (AU SOC) professor Maggie Burnette Stogner and is produced by SOC alumna Elizabeth Herzfeldt-Kamprath. It is Executive Produced by SOC's Center for Environmental Filmmaking with support from the American Lung Association, AU's Center for Environmental Policy, and the Hanley Foundation. Learn more at ehtrust.org and sign up for our newsletter: https://ehtrust.org/publications/newsletters/ Read the research on EMFs and health here: https://ehtrust.org/science/top-experimental-epidemiological-studies/ Get the facts about 5G here: https://ehtrust.org/key-issues/cell-phoneswireless/5g-internet-everything/20-quick-facts-what-you-need-to-know-about-5g-wireless-and-small-cells/

Cyber Security Inside
99. What That Means with Camille: Hack@DAC Winning Strategies!

Cyber Security Inside

Play Episode Listen Later May 30, 2022 20:33


In this episode of Cyber Security Inside What That Means, Camille chats with the three leaders of the teams that won the Hack@ event in December, Animesh Basak Chowdhury and Baleegh Ahmad from NYU, and Orlando R. Arias from University of Florida to learn more about the event and the strategy behind it. The conversation covers: -  What the Hack@DAC event is, and how people choose their teams. -  Some of the strategies used by the winning teams. -  What the event is like while it is running, and why people should try and participate. -  The realistic nature of the event and how it relates to the cybersecurity field itself. ... and more. Don't miss it!   The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation. Here are some key takeaways: -  The guests from this podcast were all leaders of the teams that won the Hack@ event, a hardware security competition. The competition is a fun, intense two day event. Some teams went in to test some of their own tools. -  Some teams used some hardware features they brought with them, and also had to write code on site on the fly. There are different beliefs on how big your team should be and how working together is very important. -  One team focused on peripherals, assigning different ones to different people. They then realized that since everything was connected, they needed to shift strategy. -  It is clear that in a team like this, it is important to identify each team member's strength. One might be better at user exploits while another is more experienced in automated exploits. Strategizing like this is important in these competitions, but also in practice. -  Often you get the chance to evaluate the SOC before the competition and make a plan. Some teams took this opportunity to identify the areas that were most vulnerable, and therefore would likely have the most bugs during the competition. -  These competitions often involve working with very little sleep and division of tasks. This requires good teamwork and planning skills. -  The realism of this competition varied between the competitors. Some acknowledged the 24/7 nature of cybersecurity and that the work is never done. You are always finding new bugs and breaches. Others talked about some of the bugs that were present never should have made it through to hardware generation. -  Organizers want to see how participants go to find the bugs and the vulnerabilities. So they try to make it realistic. However, they also introduce more bugs than might actually exist for the participants. This might change over time to increase the difficulty and because of the developing nature of the field, to continue making it useful. -  What do these coders say to look out for? Double and triple check assignments and access controls. Use formal verification tools to ensure quality of code. Use more than those tools as well, including other types of analysis.    Some interesting quotes from today's episode: “So here's the bug, here are the consequences of the bug once you run this piece of code. Meaning we will access cryptographic keys that we will otherwise have no access to. We will change security settings on the SOC that we will normally have no access to.” - Orlando Arias   “The more people you have, the better. That's for sure. Because quantity matters. It's the amount of bugs you can identify and there were plenty out there. So I think within that time frame, especially because of that time crunch, it's definitely a team sport. You have advantage in numbers.” - Baleegh Ahmad   “When we were competing, we were adopting different strategies and those strategies were orthogonal. So after the competition, we were thinking that if both teams combined together, we would have scored more points than individual teams.” - Animesh Chowdury   “From the organizer perspective, what they actually want is to evaluate how people actually approach this problem of finding vulnerabilities in the hardware. So they try to actually insert bugs in this hardware which actually resemble similar sorts of actual vulnerabilities which exist in the hardware.” - Animesh Chowdury   “In previous editions of Hack@DAC as well, participants were able to find bugs that weren't deliberately introduced… A bit gone, an incomplete assignment, a wrong password check, stuff like that. So for the purpose of competition, there are a few easy ones introduced, but they also to a certain extent do represent the kind of mistakes that can be made.” - Baleegh Ahmad   “I believe we have to go beyond just formal verification tools. Other types of analysis as well. Static checks… anything you can think of, go ahead and throw at it. Even then things will go ahead and slip by.” - Orlando Arias   “One of our objectives was to beta tools, the tools we had previously developed, to see how well they do against a scenario that we didn't concoct ourselves. So even just for that, it was just a learning experience. We got to use other tools that we hadn't used before either.” - Orlando Arias

Mobile Tech Podcast with tnkgrl Myriam Joire
Exploring WiFi 7 and MediaTek's Filogic 880 / 380 chips, Xiaomi / Leica partnership, Realme GT Neo 3 Naruto Edition, and more with James Chen and Adam Doud

Mobile Tech Podcast with tnkgrl Myriam Joire

Play Episode Listen Later May 29, 2022 74:26


Tune into episode 270 of the Mobile Tech Podcast with guests James Chen (MediaTek) and Adam Doud (XDA Developers) -- brought to you by MediaTek. Today's show comes in two parts. First, we explore WiFi 7 and MediaTek's new Filogic 880 / 380 chips. Second (19:34), we discuss the Xiaomi / Leica partnership and Realme GT Neo 3 Naruto Edition, then cover Moto leaks (Frontier, Razr 3), Nothing phone (1) rumors, and Samsung Galaxy SoC speculations.Episode Links- Support the podcast on Patreon: https://www.patreon.com/tnkgrl- Donate: https://tnkgrl.com/tnkgrl/- MediaTek: http://www.poweredbymediatek.com/ (sponsor)- James Chen: https://www.linkedin.com/in/jamescchen/- Adam Doud: https://twitter.com/DeadTechnology- Xiaomi partners with Leica: https://www.gsmarena.com/xiaomi_officially_announces_partnership_with_leica_first_jointly_developed_phone_arrives_in_july-news-54388.php- OnePlus 8 Pro vs. 9 Pro vs. 10 Pro camera comparison: https://www.digitaltrends.com/mobile/oneplus-10-pro-hasselblad-vs-oneplus-9-pro-vs-oneplus-8-pro-camera-test/- Moto Frontier tease: https://www.theverge.com/2022/5/24/23139245/motorola-200-megapixel-camera-phone-razr-third-gen-foldable-china-launch-july- Moto Razr 3 leak: https://www.gsmarena.com/motorola_razr_3_leaks_in_short_handson_video_showcasing_entirely_new_design-news-54417.php- Nothing phone (1) launch date and price rumor: https://www.gsmarena.com/nothing_phone_1_launch_date_and_price_leak-news-54432.php- Realme GT Neo 3 Naruto Edition: https://www.gsmarena.com/realme_gt_neo3_naruto_edition_unveiled_-news-54437.php- Samsung working on galaxy-exclusive SoC for 2025: https://www.androidauthority.com/samsung-galaxy-s23-s24-exynos-2025-3168339/

Gettin' Salty Experience Firefighter Podcast
GETTIN SALTY EXPERIENCE PODCAST Ep. 98 | FDNY LT. HUGH LYNCH

Gettin' Salty Experience Firefighter Podcast

Play Episode Listen Later May 27, 2022 107:45


Our special guest will be 33 year FDNY veteran Lieutenant Hughie Lynch. He joined the FDNY in 1988 and was assigned to 161 Truck in Coney Island. He went to Squad 1 on a skin March 22 1996 and was assigned in December 1996. He was Promoted to Lt. Sept 2007 and assigned to 23 battalion. He was UFO in 80 Truck for about 10 months before going back to SOC in October 2008. Covered in SOC until getting assigned to Rescue 5 in March 2015. He Retired 3/22/21. Hughie is also an incredible musician and hopefully we can get him to belt out a few songs for us. You don't want to miss this one

TIRIAScast
New MediaTek 5G and Wi-Fi 7 chipsets

TIRIAScast

Play Episode Listen Later May 26, 2022 14:50


At Computex 2022, Mediatek announced a number of new mobile and wireless chipsets, including the company's first smartphone SoC with integrated mmWave and its first Wi-Fi chipset. Join TIRIAS Research Principal Analysts Jim McGregor(@tekstrategist) and executives from MediaTek as they discuss the new mobile and wireless products in this TIRIAScast

SMB Community Podcast by Karl W. Palachuk
Gil Cargill - Sales Management Process

SMB Community Podcast by Karl W. Palachuk

Play Episode Listen Later May 26, 2022 31:10


Host Karl speaks with Gil Cargill of Cargill Consulting.  Today we discuss coaching and consulting in Sales Process Managment.  "The sales function of an IT company must provide predictable NEW revenue. The owner who masters sales management is the owner that will continue to flourish." - Gil Cargill  Resources and links: www.salesmanagementmastery.com     Sponsor Memo: AgileBlue AgileBlue is a 24/7 SOC, XDR and SOAR providing managed breach protection including monitoring, detection, and automated response to cloud, networks, and endpoints.    Helping MSPs build their cyber business while increasing gross margins, ARR and stickiness. AgileBlue's partner program engages, enables, supports, and rewards your business growth with a white-labeled  security dashboard, pooled pricing, marketing collateral, and purpose-built sales content.   A 24/7 extension of your team, learn more at agileblue.com     :-)

Screaming in the Cloud
Let Your Backups Help you Sleep with Simon Bennett

Screaming in the Cloud

Play Episode Listen Later May 24, 2022 33:43


About SimonFounder and CEO of SnapShooter a backup company Links Referenced: SnapShooter.com: https://SnapShooter.com MrSimonBennett: https://twitter.com/MrSimonBennett TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Finding skilled DevOps engineers is a pain in the neck! And if you need to deploy a secure and compliant application to AWS, forgettaboutit! But that's where DuploCloud can help. Their comprehensive no-code/low-code software platform guarantees a secure and compliant infrastructure in as little as two weeks, while automating the full DevSecOps lifestyle. Get started with DevOps-as-a-Service from DuploCloud so that your cloud configurations are done right the first time. Tell them I sent you and your first two months are free. To learn more visit: snark.cloud/duplo. Thats's snark.cloud/D-U-P-L-O-C-L-O-U-D.Corey: What if there were a single place to get an inventory of what you're running in the cloud that wasn't "the monthly bill?" Further, what if there were a way to compare that inventory to what you were already managing via Terraform, Pulumi, or CloudFormation, but then automatically add the missing unmanaged or drifted parts to it? And what if there were a policy engine to immediately flag and remediate a wide variety of misconfigurations? Well, stop dreaming and start doing; visit snark.cloud/firefly to learn more.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. One of the things that I learned early on in my career as a grumpy Unix systems administrator is that there are two kinds of people out there: those who care about backups an awful lot, and people who haven't lost data yet. I lost a bunch of data once upon a time and then I too fell on the side of backups are super important. Here to talk with me about them a bit today is Simon Bennett, founder and CEO of SnapShooter.com. Simon, thanks for joining me.Simon: Thanks for having me. Thank you very much.Corey: It's fun to be able to talk to people who are doing business in the cloud space—in this sense too—that is not venture-backed, that is not, “Well, we have 600 people here that are building this thing out.” And similar to the way that I handle things at The Duckbill Group, you are effectively one of those legacy things known as a profitable business that self-funds. What made you decide to pursue that model as opposed to, well, whatever the polite version of bilking venture capitalists out of enormous piles of money for [unintelligible 00:01:32]?Simon: I think I always liked the idea of being self-sufficient and running a business, so I always wanted to start a physical business when I was younger, but when I got into software, I realized that that's a really easy way, no capital needed, to get started. And I tried for years and years to build products, all of which failed until finally SnapShooter actually gained a customer. [laugh].Corey: “Oh, wait, someone finally is paying money for this, I guess I'm onto something.”Simon: Yeah.Corey: And it's sort of progressed from there. How long have you been in business?Simon: We started in 2017, as… it was an internal project for a company I was working at who had problems with DigitalOcean backups, or they had problems with their servers getting compromised. So, I looked at DigitalOcean API and realized I could build something. And it took less than a week to build a product [with billing 00:02:20]. And I put that online and people started using it. So, that was how it worked.Every other product I tried before, I'd spent months and months developing it and never getting a customer. And the one time I spent less than [laugh] less than a week's worth of evenings, someone started paying. I mean, admittedly, the first person was only paying a couple of dollars a month, but it was something.Corey: There's a huge turning point where you just validate the ability and willingness for someone to transfer one dollar from their bank account to yours. It speaks to validation in a way that social media nonsense generally doesn't. It's the oh, someone is actually willing to pay because I'm adding value to what they do. That's no small thing.Simon: Yeah. There's definitely a big difference between people saying they're going to and they'd love it, and actually doing it. So.Corey: I first heard about you when Patrick McKenzie—or @patio11, as he goes by on Twitter—wound up doing a mini-thread on you about, “I've now used SnapShooter.com for real, and it was such a joy, including making a server migration easier than it would otherwise have been. Now, I have automatically monitored backups to my own S3 account for a bunch of things, which already had a fairly remote risk of failure.” And he keeps talking about the awesome aspects of it. And okay, when Patrick says, “This is neat,” that usually means it's time for me to at least click the link and see what's going on.And the thing that jumped out at me was a few things about what it is that you offer. You talk about making sure that people can sleep well at night, that it's about why backups are important, about—you obviously check the boxes and talk about how you do things and why you do them the way that you do, but it resonates around the idea of helping people sleep well at night. Because no one wants to think about backups. Because no one cares about backups; they just care an awful lot about restores, usually right after they should have cared about the backups.Simon: Yeah. This is actually a big problem with getting customers because I don't think it's on a lot of people's minds, getting backups set up until, as you said in the intro, something's gone wrong. [laugh]. And then they're happy to be a customer for life.Corey: I started clicking around and looking at your testimonials, for example, on your website. And the first one I saw was from the CEO of Transistor.fm. For those who aren't familiar with what they do, they are the company that hosts this podcast. I pay them as a vendor for all the back issues and whatnot.Whenever you download the show. It's routing through their stuff. So yeah, I kind of want them to have backups of these things because I really don't want to have all these conversations [laugh] again with everyone. That's an important thing. But Transistor's business is not making sure that the data is safe and secure; it's making podcasts available, making it easy to publish to them.And in your case, you're handling the backup portion of it so they can pay their money and they set it up effectively once—set it and forget it—and then they can go back to doing the thing that they do, and not having to fuss with it constantly. I think a lot of companies get it wrong, where they seem to think that people are going to make sustained, engaged efforts in whatever platform or tool or service they build. People have bigger fish to fry; they just want the thing to work and not take up brain sweat.Simon: Yeah. Customers hardly ever log in. I think it's probably a good sign when they don't have to log in. So, they get their report emails, and that's that. And they obviously come back when they got new stuff to set up, but from a support point of view is pretty, pretty easy, really, people don't—[laugh] constantly on there.Corey: From where I sit, the large cloud providers—and some of the small ones, too—they all have backup functionality built into the offering that they've got. And some are great, some are terrible. I assume—perhaps naively—that all of them do what it says on the tin and actually back up the data. If that were sufficient, you wouldn't have any customers. You clearly have customers. What is it that makes those things not work super well?Simon: Some of them are inflexible. So, some of the providers have built-in server backups that only happen weekly, and six days of no backups can be a big problem when you've made a mistake. So, we offer a lot of flexibility around how often you backup your data. And then another key part is that we let you store your data where you want. A lot of the providers have either vendor lock-in, or they only store it in themselves. So… we let you take your data from one side of the globe to the other if you want.Corey: As anyone who has listened to the show is aware, I'm not a huge advocate for multi-cloud for a variety of excellent reasons. And I mean that on a per-workload basis, not, “Oh, we're going to go with one company called Amazon,” and you use everything that they do, including their WorkMail product. Yeah, even Amazon doesn't use WorkMail; they use Exchange like a real company would. And great, pick the thing that works best for you, but backups have always been one of those areas.I know that AWS has great region separation—most of the time. I know that it is unheard of for there to be a catastrophic data loss story that transcends multiple regions, so the story from their side is very often, oh, just back it up to a different region. Problem solved. Ignoring the data transfer aspect of that from a pricing perspective, okay. But there's also a risk element here where everyone talks about the single point of failure with the AWS account that it's there, people don't talk about as much: it's your payment instrument; if they suspend your account, you're not getting into any region.There's also the story of if someone gets access to your account, how do you back that up? If you're going to be doing backups, from my perspective, that is the perfect use case, to put it on a different provider. Because if I'm backing up from, I don't know, Amazon to Google Cloud or vice versa, I have a hard time envisioning a scenario in which both of those companies simultaneously have lost my data and I still care about computers. It is very hard for me to imagine that kind of failure mode, it's way out of scope for any disaster recovery or business continuity plan that I'm coming up with.Simon: Yeah, that's right. Yeah, I haven't—[laugh] I don't have that in my disaster recovery plan, to be honest about going to a different cloud, as in, we'll solve that problem when it happens. But the data is, as you say, in two different places, or more. But yeah, the security one is a key one because, you know, there's quite a lot of surface area on your AWS account for compromising, but if you're using either—even a separate AWS account or a different provider purely for storage, that can be very tightly controlled.Corey: I also appreciate the idea that when you're backing stuff up between different providers, the idea of owning both sides of it—I know you offer a solution where you wind up hosting the data as well, and that has its value, don't get me wrong, but there are also times, particularly for regulated industries, where yeah, I kind of don't want my backup data just hanging out with someone else's account with whatever they choose to do with it. There's also the verification question, which again, I'm not accusing you of in any way, shape, or form of being nefarious, but it's also one of those when I have to report to a board of directors of like, “Are you sure that they're doing what they say they're doing?” It's a, “Well, he seemed trustworthy,” is not the greatest answer. And the boards ask questions like that all the time. Netflix has talked about this where they backup a rehydrate-the-business level of data to Google Cloud from AWS, not because they think Amazon is going to disappear off the face of the earth, but because it's easier to do that and explain it than having to say, “Well, it's extremely unlikely and here's why,” and not get torn to pieces by auditors, shareholders, et cetera. It's the path of least resistance, and there is some validity to it.Simon: Yeah, when you see those big companies who've been with ransomware attacks and they've had to either pay the ransom or they've literally got to build the business from scratch, like, the cost associated with that is almost business-ending. So, just one backup for their data, off-site [laugh] they could have saved themselves millions and millions of pounds. So.Corey: It's one of those things where an ounce of prevention is worth a pound of cure. And we're still seeing that stuff continue to evolve and continue to exist out in the ecosystem. There's a whole host of things that I think about like, “Ooh, if I lost, that would be annoying but not disastrous.” When I was going through some contractual stuff when we were first setting up The Duckbill Group and talking to clients about this, they would periodically ask questions about, “Well, what's your DR policy for these things?” It's, “Well, we have a number of employees; no more than two are located in the same city anywhere, and we all work from laptops because it is the 21st century, so if someone's internet goes out, they'll go to a coffee shop. If everyone's internet goes out, do you really care about the AWS bill that month?”It's a very different use case and [unintelligible 00:11:02] with these things. Now, let's be clear, we are a consultancy that fixes AWS bills; we're not a hospital. There's a big difference in the use case and what is acceptable in different ways. But what I like is that you have really build something out that lets people choose their own adventure in how managed they want it to be, what the source is, what the target should be. And it gives people enough control but without having to worry about the finicky parts of aligning a bunch of scripts that wind up firing off in cron jobs.Simon: Yeah. I'd say a fair few people run into issues running scripts or, you know, they silently fail and then you realize you haven't actually been running backups for the last six months until you're trying to pull them, even if you were trying to—Corey: Bold of you to think that I would notice it that quickly.Simon: [laugh]. Yeah, right. True. Yeah, that's presuming you have a disaster recovery plan that you actually test. Lots of small businesses have never even heard of that as a thing. So, having as us, kind of, manage backups sort of enables us to very easily tell people that backups of, like—we couldn't take the backup. Like, you need to address this.Also, to your previous point about the control, you can decide completely where data flows between. So, when people ask us about what's GDPR policies around data and stuff, we can say, “Well, we don't actually handle your data in that sense. It goes directly from your source through almost a proxy that you control to your storage.” So.Corey: The best answer: GDPR is out of scope. Please come again. And [laugh] yeah, just pass that off to someone else.Simon: In a way, you've already approved those two: you've approved the person that you're managing servers with and you've already approved the people that are doing storage with. You kind of… you do need to approve us, but we're not handling the data. So, we're handling your data, like your actual customer; we're not handling your customer's customer's data.Corey: Oh, yeah. Now, it's a valuable thing. One of my famous personal backup issues was okay, “I'm going to back this up onto the shared drive,” and I sort of might have screwed up the backup script—in the better way, given the two possible directions this can go—but it was backing up all of its data and all the existing backup data, so you know, exponential growth of your backups. Now, my storage vendor was about to buy a boat and name it after me when I caught that. “Oh, yeah, let's go ahead and fix that.”But this stuff is finicky, it's annoying, and in most cases, it fails in silent ways that only show up as a giant bill in one form or another. And not having to think about that is valuable. I'm willing to spend a few hours setting up a backup strategy and the rest; I'm not willing to tend it on an ongoing basis, just because I have other things I care about and things I need to get done.Simon: Yeah. It's such a kind of simple and trivial thing that can quickly become a nightmare [laugh] when you've made a mistake. So, not doing it yourself is a good [laugh] solution.Corey: So, it wouldn't have been a @patio11 recommendation to look at what you do without having some insight into the rest of the nuts and bolts of the business and the rest. Your plans are interesting. You have a free tier of course, which is a single daily backup job and half a gig of storage—or bring your own to that it's unlimited storage—Simon: Yep. Yeah.Corey: Unlimited: the only limits are your budget. Yeah. Zombo.com got it slightly wrong. It's not your mind, it's your budget. And then it goes from Light to Startup to Business to Agency at the high end.A question I have for you is at the high end, what I've found has been sort of the SaaS approach. The top end is always been a ‘Contact Us' form where it's the enterprise scope of folks where they tend to have procurement departments looking at this, and they're going to have a whole bunch of custom contract stuff, but they're also not used to signing checks with fewer than two commas in them. So, it's the signaling and the messaging of, “Reach out and talk to us.” Have you experimented with that at all, yet? Is it something you haven't gotten to yet or do you not have interest in serving that particular market segment?Simon: I'd say we've been gearing the business from starting off very small with one solution to, you know, last—and two years ago, we added the ability to store data from one provider to a different provider. So, we're sort of stair-stepping our way up to enterprise. For example, at the end of last year, we went and got certificates for ISO 27001 and… one other one, I can't remember the name of them, and we're probably going to get SOC 2 at some point this year. And then yes, we will be pushing more towards enterprises. We add, like, APIs as well so people can set up backups on the fly, or so they can put it as part of their provisioning.That's hopefully where I'm seeing the business go, as in we'll become under-the-hood backup provider for, like, a managed hosting solution or something where their customers won't even realize it's us, but we're taking the backups away from—responsibility away from businesses.Corey: For those listeners who are fortunate enough to not have to have spent as long as I have in the woods of corporate governance, the correct answer to, “Well, how do we know that vendor is doing what they say that they're doing,” because the, “Well, he seemed like a nice guy,” is not going to carry water, well, here are the certifications that they have attested to. Here's copies under NDA, if their audit reports that call out what controls they claim to have and it validates that they are in fact doing what they say that they're doing. That is corporate-speak that attests that you're doing the right things. Now, you're going to, in most cases, find yourself spending all your time doing work for no real money if you start making those things available to every customer spending 50 cents a year with you. So generally, the, “Oh, we're going to go through the compliance, get you the reports,” is one of the higher, more expensive tiers where you must spend at least this much for us to start engaging down this rabbit hole of various nonsense.And I don't blame you in the least for not going down that path. One of these years, I'm going to wind up going through at least one of those certification approaches myself, but historically, we don't handle anything except your billing data, and here's how we do it has so far been sufficient for our contractual needs. But the world's evolving; sophistication of enterprise buyers is at varying places and at some point, it'll just be easier to go down that path.Simon: Yeah, to be honest, we haven't had many, many of those customers. Sometimes we have people who come in well over the plan limits, and that's where we do a custom plan for them, but we've not had too many requests for certification. But obviously, we have the certification now, so if anyone ever [laugh] did want to see it under NDA, we could add some commas to any price. [laugh].Corey: This episode is sponsored in parts by our friend EnterpriseDB. EnterpriseDB has been powering enterprise applications with PostgreSQL for 15 years. And now EnterpriseDB has you covered wherever you deploy PostgreSQL on premises, private cloud, and they just announced a fully managed service on AWS and Azure called BigAnimal, all one word.Don't leave managing your database to your cloud vendor because they're too busy launching another half dozen manage databases to focus on any one of them that they didn't build themselves. Instead, work with the experts over at EnterpriseDB. They can save you time and money, they can even help you migrate legacy applications, including Oracle, to the cloud.To learn more, try BigAnimal for free. Go to biganimal.com/snark, and tell them Corey sent you.Corey: What I like as well is that you offer backups for a bunch of different things. You can do snapshots from, effectively, every provider. I'm sorry, I'm just going to call out because I love this: AWS and Amazon LightSail are called out as two distinct things. And Amazonians will say, “Oh, well, under the hood, they're really the same thing, et cetera.” Yeah, the user experience is wildly different, so yeah, calling those things out as separate things make sense.But it goes beyond that because it's not just, “Well, I took a disk image. There we go. Come again.” You also offer backup recipes for specific things where you could, for example, back things up to a local file and external storage where someone is. Great, you also backup WordPress and MongoDB and MySQL and a whole bunch of other things.A unified cloud controller, which is something I have in my house, and I keep thinking I should find a way to back that up. Yeah, this is great. It's not just about the big server thing; it's about having data living in managed services. It's about making sure that the application data is backed up in a reasonable, responsible way. I really liked that approach. Was that an evolution or is that something you wound up focusing on almost from the beginning?Simon: It was an evolution. So, we started with the snapshots, which got the business quite far to be honest and it was very simple. It was just DigitalOcean to start with, actually, for the first two years. Pretty easy to market in a way because it's just focused on one thing. Then the other solutions came in, like the other providers and, you know, once you add one, it was easy to add many.And then came database backups and file backups. And I just had those two solutions because that was what people were asking for. Like, they wanted to make sure their whole server snapshot, if you have a whole server snapshot, the point in time data for MySQL could be corrupt. Like, there could be stuff in RAM that a MySQL dump would have pulled out, for example. Like… there's a possibility that the database could be corrupt from a snapshot, so people were asking for a bit of, more, peace of mind with doing proper backups of MySQL.So, that's what we added. And it soon became apparent when more customers were asking for more solutions that we really needed to, like, step back and think about what we're actually offering. So, we rebuilt this whole, kind of like, database engine, then that allowed us to consume data from anywhere. So, we can easily add more backup types. So, the reason you can see all the ones you've listed there is because that's kind of what people have been asking for. And every time someone comes up with a new, [laugh], like, a new open-source project or database or whatever, we'll add support, even ones I've never heard of before. When people ask for some weird file—Corey: All it takes is just waiting for someone to reach out and say, hey, can you back this thing up, please?Simon: Yeah, exactly, some weird file-based database system that I've never ever heard of. Yeah, sure. Just give us [laugh] a test server to mess around with and we'll build, essentially, like, we use bash in the background for doing the backups; if you can stream the data from a command, we can then deal with the whole management process. So, that's the reason why. And then, I was seeing in, like, the Laravel space, for example, people were doing MySQL backups and they'd have a script, and then for whatever reason, someone rotated the passwords on the database and the backup script… was forgotten about.So, there it is, not working for months. So, we thought we could build a backup where you could just point it at where the Laravel project is. We can get all the config we need at the runtime because it's all there with the project anyway, and then thus, you never need to tell us the password for your database and that problem goes away. And it's the same with WordPress.Corey: I'm looking at this now just as you go through this, and I'm a big believer in disclaiming my biases, conflicts of interest, et cetera. And until this point, neither of us have traded a penny in either direction between us that I'm ever aware of—maybe you bought a t-shirt or something once upon a time—but great, I'm about to become a customer of this because I already have backup solutions for a lot of the things that you currently support, but again, when you're a grumpy admin who's lost data in the past, it's, “Huh, you know what I would really like? That's right, another backup.” And if that costs me a few hundred bucks a year for the peace of mind is money well spent because the failure mode is I get to rewrite a whole lot of blog posts and re-record all podcasts and pay for a whole bunch of custom development again. And it's just not something that I particularly want to have to deal with. There's something to be said for a holistic backup solution. I wish that more people thought about these things.Simon: Can you imagine having to pull all the blog posts off [unintelligible 00:22:19]? [laugh]—Corey: Oh, my got—Simon: —to try and rebuild it.Corey: That is called the crappiest summer internship someone has ever had.Simon: Yeah.Corey: And that is just painful. I can't quite fathom having to do that as a strategy. Every once in a while some big site will have a data loss incident or go out of business or something, and there's a frantic archiving endeavor that happens where people are trying to copy the content out of the Google Search Engine's cache before it expires at whatever timeline that is. And that looks like the worst possible situation for any sort of giant backup.Simon: At least that's one you can fix. I mean, if you were to lose all the payment information, then you've got to restitch all that together, or anything else. Like, that's a fixable solution, but a lot of these other ones, if you lose the data, yeah, there's no two ways around it, you're screwed. So.Corey: Yeah, it's a challenging thing. And it's also—the question also becomes one of, “Well, hang on. I know about backups on this because I have this data, but it's used to working in an AWS environment. What possible good would it do me sitting somewhere else?” It's, yeah, the point is, it's sitting somewhere else, at least in my experience. You can copy it back to that sort of environment.I'm not suggesting this is a way that you can run your AWS serverless environment on DigitalOcean, but it's a matter of if everything turns against you, you can rebuild from those backups. That's the approach that I've usually taken. Do you find that your customers understand that going in or is there an education process?Simon: I'd say people come for all sorts of reasons for why they want backup. So, having your data in two places for that is one of the reasons but, you know, I think there's a lot of reasons why people want peace of mind: for either developer mistakes or migration mistakes or hacking, all these things. So, I guess the big one we come up with a lot is people talking about databases and they don't need backups because they've got replication. And trying to explain that replication between two databases isn't the same as a backup. Like, you make a mistake you drop—[laugh] you run your delete query wrong on the first database, it's gone, replicated or not.Corey: Right, the odds of me fat-fingering an S3 bucket command are incredibly likelier than the odds of AWS losing an entire region's S3 data irretrievably. I make mistakes a lot more than they tend to architecturally, but let's also be clear, they're one of the best. My impression has always been the big three mostly do a decent job of this. The jury's still out, in my opinion, on other third-party clouds that are not, I guess, tier one. What's your take?Simon: I have to be careful. I've got quite good relationships with some of these. [laugh].Corey: Oh, of course. Of course. Of course.Simon: But yes, I would say most customers do end up using S3 as their storage option, and I think that is because it is, I think, the best. Like, is in terms of reliability and performance, some storage can be a little slow at times for pulling data in, which could or could not be a problem depending on what your use case is. But there are some trade-offs. Obviously, S3, if you're trying to get your data back out, is expensive. If you were to look at Backblaze, for example, as well, that's considerably cheaper than S3, especially, like, when you're talking in the petabyte-scale, there can be huge savings there. So… they all sort of bring their own thing to the table. Personally, I store the backups in S3 and in Backblaze, and in one other provider. [laugh].Corey: Oh, yeah. Like—Simon: I like to have them spread.Corey: Like, every once in a while in the industry, there's something that happens that's sort of a watershed moment where it reminds everyone, “Oh, right. That's why we do backups.” I think the most recent one—and again, love to them; this stuff is never fun—was when that OVH data center burned down. And OVH is a somewhat more traditional hosting provider, in some respects. Like, their pricing is great, but they wind up giving you what amounts to here as a server in a rack. You get to build all this stuff yourself.And that backup story is one of those. Oh, okay. Well, I just got two of them and I'll copy backups to each other. Yeah, but they're in the same building and that building just burned down. Now, what? And a lot of people learned a very painful lesson. And oh, right, that's why we have to do that.Simon: Yeah. The other big lesson from that was that even if the people with data in a different region—like, they'd had cross-regional backups—because of the demand at the time for accessing backups, if you wanted to get your data quickly, you're in a queue because so many other people were in the same boat as you're trying to restore stored backups. So, being off-site with a different provider would have made that a little easier. [laugh].Corey: It's a herd of elephants problem. You test your DR strategy on a scheduled basis; great, you're the only person doing it—give or take—at that time, as opposed to a large provider has lost a region and everyone is hitting their backup service simultaneously. It generally isn't built for that type of scale and provisioning. One other question I have for you is when I make mistakes, for better or worse, they're usually relatively small-scale. I want to restore a certain file or I will want to, “Ooh, that one item I just dropped out of that database really should not have been dropped.” Do you currently offer things that go beyond the entire restore everything or nothing? Or right now are you still approaching this from the perspective of this is for the catastrophic case where you're in some pain already?Simon: Mostly the catastrophic stage. So, we have MySQL [bin logs 00:27:57] as an option. So, if you wanted to do, like, a point-in-time of store, which… may be more applicable to what you're saying, but generally, its whole, whole website recovery. For example, like, we have a WordPress backup that'll go through all the WordPress websites on the server and we'll back them up individually so you can restore just one. There are ways that we have helped customers in the past just pull one table, for example, from a backup.But yeah, we geared towards, kind of, the set and the forget. And people don't often restore backups, to be honest. They don't. But when they do, it's obviously [laugh] very crucial that they work, so I prefer to back up the whole thing and then help people, like, if you need to extract ten megabytes out of an entire gig backup, that's a bit wasteful, but at least, you know, you've got the data there. So.Corey: Yeah. I'm a big believer in having backups in a variety of different levels. Because I don't really want to do a whole server restore when I remove a file. And let's be clear, I still have that grumpy old Unix admin of before I start making changes to a file, yeah, my editor can undo things and remembers that persistently and all. But I have a disturbing number of files and directories whose names end in ‘.bac' with then, like, a date or something on it, just because it's—you know, like, “Oh, I have to fix something in Git. How do I do this?”Step one, I'm going to copy the entire directory so when I make a pig's breakfast out of this and I lose things that I care about, rather than having to play Git surgeon for two more days, I can just copy it back over and try again. Disk space is cheap for those things. But that's also not a holistic backup strategy because I have to remember to do it every time and the whole point of what you're building and the value you're adding, from my perspective, is people don't have to think about it.Simon: Yes. Yeah yeah yeah. Once it's there, it's there. It's running. It's as you say, it's not the most efficient thing if you wanted to restore one file—not to say you couldn't—but at least you didn't have to think about doing the backup first.Corey: I really want to thank you for taking the time out of your day to talk to me about all this. If people want to learn more for themselves, where can they find you?Simon: So, SnapShooter.com is a great place, or on Twitter, if you want to follow me. I am @MrSimonBennett.Corey: And we will, of course, put links to that in the [show notes 00:30:11]. Thank you once again. I really appreciate it.Simon: Thank you. Thank you very much for having me.Corey: Simon Bennett, founder and CEO of SnapShooter.com. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this episode, please leave a five-star review on your podcast platform of choice, whereas if you've hated this episode, please leave a five-star review on your podcast platform of choice, along with an angry insulting comment that, just like your backup strategy, you haven't put enough thought into.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Brilliance Security Magazine Podcast
SOC 2 Compliance for VaaS Providers

Brilliance Security Magazine Podcast

Play Episode Listen Later May 23, 2022 18:31


In Episode S4E9, our guest is Ben Rowe, Cloud & Security Architect for Arcules. We discuss System and Organization Controls (SOC) level 2 type 2 certification in video-as-a-service (VaaS) and other cloud-based security systems providers. Ben gives us a high-level overview of what the SOC audit covers, and we dive into why physical security SaaS providers need to pursue SOC 2 attestation. He explains the process for achieving SOC 2 Type 2. About our Guest Ben Rowe serves as the Cloud & Security Architect for Arcules, where he is instrumental in guiding the design and security of the Arcules suite of services. He has a vast amount of experience with a wide range of systems within entertainment, industrial automation, and IT. This is an important topic, so don't miss this discussion about System and Organization Controls for cloud-based security platforms.

TubbTalk - The Podcast for IT Consultants
[112] Microsoft Stack & Why MSPs May Consider an Alt Service Desk

TubbTalk - The Podcast for IT Consultants

Play Episode Listen Later May 22, 2022 87:29


In this interview, Richard speaks to Scott Riley, the founder of Cloud Nexus, a UK-based MSP specialising in the Microsoft Stack. Scott explains that he decided to niche the business to give a better service, outsourcing other tasks to select partners. Richard and Scott discussed the pros and cons of working with the Microsoft Stack, and how niching into using it led Scott to set up the Microsoft 365 Masterclass. Scott shared which tools he uses in Cloud Nexus and why MSPs should outsource their helpdesk. He also shares honestly about the limitations of outsourcing and when it's not the best option. Richard also asks Scott about the SOC and helpdesk support he gets from Uptime Solutions, the relationship they have with Cloud Nexus, and why Uptime's company culture makes them a great fit for the business. Plus, Scott shares the best and worst things about running an MSP. Mentioned in This Episode https://www.microsoft.com/en-us/microsoft-365 (Microsoft 365) https://azure.microsoft.com/en-gb/ (Azure) Michael Gerber – https://www.amazon.co.uk/Myth-Revisited-Small-Businesses-About/dp/0887307280/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1652268842&sr=1-1 (The EMyth Revisited) https://www.tubblog.co.uk/uptime-solutions/ (Uptime Solutions) https://www.linux.org/ (Linux ) Collaboration software: SharePoint M365 Masterclass https://www.tubblog.co.uk/techtribe/ (The Tech Tribe) https://halopsa.com/ (Halo PSA) https://www.datto.com/ (Datto) Accounting software: https://www.xero.com/uk/ (Xero) Heimdall via https://www.brigantia.com/ (Brigantia) https://www.tubblog.co.uk/pax8/ (Pax8) Documentation tool: https://itglue.com/ (IT Glue) Password sync: https://www.keepersecurity.com/en_GB/ (Keeper) Cybersecurity Awareness training: https://www.knowbe4.com/ (KnowBe4) https://www.usecure.io/en/ (usecure) https://cofense.com/ (Cofense) (formerly PhishMe) Third party web content filter: https://anydns-client.soft112.com/ (AnyDNS) Bit Defender https://www.sophos.com/en-us (Sophos) https://www.sophos.com/en-us/products/endpoint-antivirus (Intercept X) https://www.connectwise.com/ (ConnectWise) (formerly Continuum) Service desk: https://www.inbay.co.uk/ (InBay) MSP Coach: https://www.petematheson.com/ (Pete Matheson) https://www.microsoft.com/en-ww/microsoft-365/windows/windows-autopilot (Microsoft Autopilot) Cybersecurity: https://www.huntress.com/ (Huntress)

Security Stories
49: Moving toward security resilience, with Liz Waddell, Accidental CISO, and Christos Syngelakis

Security Stories

Play Episode Listen Later May 20, 2022 60:03


Today's episode features a chat between Hazel and three security leaders - Accidental CISO (yes, the anonymity intrigues us too!), Liz Waddell, Incident Response Practice Lead for Cisco Talos, and Christos Syngelakis, CISO and Data Privacy Officer at Motor Oil Group. They talk about their experiences of building security resilience – so we got into the key elements of an Incident Response plan, how to achieve company wide buy in, the best ways to go about training your people and trying to avoid burnout, how to use threat intelligence and all the things that go into running a SOC, what to do in the case of a Zero Day attack, how to build a security design program...and so much more.For more stories on how to build security resilience, check out our new ebook here.This episode was originally recorded as a live Cisco Chat event. You can watch the original video here

Capture the CISO
Season 1: Conveyor, Pentera, and Votiro

Capture the CISO

Play Episode Listen Later May 18, 2022 38:46


Welcome to episode one of Capture the CISO, hosted by Johna Till Johnson, CEO, Nemertes. Please go to the blog post for this episode to check out the demo videos of all the contestants. Our judges are Shawn Bowen, CISO, World Fuel Services and Mike Johnson, co-host, CISO Series Podcast and CISO for Fastly. Our contestants: Christopher Gomes, head of product, Conveyor Jake Flynn, sales engineer, Pentera Aviv Grafi, founder and CTO, Votiro Huge thanks to all our contestants who are also sponsors of Capture the CISO Conveyor Conveyor makes security reviews fast, easy, and accurate for both vendors and their customers. How? By making it easy for 3rd party risk teams to get basic info on vendors, request access to their security docs (like SOC 2s and PenTests), and get their security questions answered without actually issuing a questionnaire. Check out our video to see how Conveyor can save you 71% of your time on your vendor security reviews.   Pentera Pentera's Automated Security Validation Platform is designed to help teams increase their security posture against modern day threats across the entire attack surface. Evaluate your security readiness with continuous and consistent autonomous testing with granular visibility into every execution along the way. Validate your tools are working effectively by safely emulating attacks & prioritize your remediation efforts with true contextual driven results. With Mitre ATT&CK framework mapping, stay on top and test your environment against adversary techniques to create an optimized process from testing to in-production. Don't just operate, validate! Votiro Can you trust the files and content entering your organization? Votiro Cloud's Zero Trust open API proactively disarms files of known, unknown, & zero-day malware threats at scale without adding friction, interrupting user or application workflows, or impacting file fidelity. Votiro reduces work, alerts, & risk for IT and security teams while enabling the seamless flow of safe files. Votiro is tool-agnostic, and provides virtually limitless auto-scale capabilities to handle any file throughput and the greatest span of file formats, preventing malicious files uploaded to web apps, portals, data management platforms, and cloud services.

Security Unfiltered
Episode 50 - Thomas Kinsella - Life Of A SOC Analyst

Security Unfiltered

Play Episode Listen Later May 16, 2022 63:19


In this episode I talk with Thomas Kinsella about the life of a SOC Analyst and the struggles that come with it. We also touch on what someone can do to avoid those struggles and how companies should adjust to minimize the struggles. As always, if you enjoy this podcast please leave a review on Apple Podcasts. Below is all the links!Follow the Podcast on Social Media! Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastThomas' Social Media:Linkedin: https://www.linkedin.com/in/thomas-kinsella/Company Site: https://www.tines.com/Support the show

Acquired
Arena Show Part II: Brooks Running (with CEO Jim Weber)

Acquired

Play Episode Listen Later May 16, 2022 70:46


For the final act of the Arena Show, we're joined by Brooks CEO Jim Weber to tell the amazing story of how he transformed the company from a 3rd tier, deeply cashflow negative “also-ran” into one of the world's premiere fitness brands and a crown jewel of the Berkshire Hathaway empire — with compounding revenue and cashflow growth that rivals even the legendary Mrs. See's Candies! If you want more Acquired, you can follow our newly public LP Show feed here in the podcast player of your choice (including Spotify!). Sponsors: Thank you to our presenting sponsor for all of Season 10, Vanta! Vanta is the leader in automated security compliance – making SOC 2, HIPAA, GDPR, and more a breeze for startups and organizations of all sizes. You might say they're like the “AWS of security and compliance”. Everyone in the Acquired community can get 10% off using this link. Thank you as well to Vouch and to SoftBank Latin America! ‍Note: Acquired hosts and guests may hold assets discussed in this episode. This podcast is not investment advice, and is intended for informational and entertainment purposes only. You should do your own research and make your own independent decisions when considering any financial transactions.

Mobile Tech Podcast with tnkgrl Myriam Joire
Exploring AIoT and MediaTek's Genio 1200 SoC, Google I/O recap, Pixel 7, Sony Xperia 1 IV, and Sharp Aquos R7 with Richard Lu and Hadlee Simons

Mobile Tech Podcast with tnkgrl Myriam Joire

Play Episode Listen Later May 15, 2022 71:10


Welcome to episode 268 of the Mobile Tech Podcast with guests Richard Lu (MediaTek) and Hadlee Simons (Android Authority) -- brought to you by MediaTek. Today's show comes in two parts. First, we explore what AIoT and MediaTek's Genio 1200 SoC bring to the table. Second (19:00), we recap Google I/O and dive into the Pixel 7 / 7 Pro, Pixel 6a, Pixel Watch, and Pixel Tablet, Pixel Buds Pro, and Pixel Tablet... We then discuss the Sony Xperia 1 IV and Sharp Aquos R7, plus cover leaks and news from Samsung and Apple -- phew!Episode Links- Support the podcast on Patreon: https://www.patreon.com/tnkgrl- Donate: https://tnkgrl.com/tnkgrl/- MediaTek: http://www.poweredbymediatek.com/ (sponsor)- Richard Lu: https://www.linkedin.com/in/richard-lu-6ba21a3/- Hadlee Simons: https://twitter.com/hadleesimons- Google I/O recap: https://www.xda-developers.com/google-io-2022-recap-major-announcements/- Google Pixel 6a, 7, and 7 Pro: https://www.theverge.com/23067931/google-pixel-7-6-a-pro-design-camera-bar-brand- Sony Xperia 1 IV: https://www.engadget.com/sonys-xperia-1-iv-smartphone-has-the-worlds-first-true-optical-zoom-lens-071003899.html- Latest Samsung Galaxy Z Fold 4 leak: https://www.theverge.com/2022/5/11/23066664/samsung-galaxy-z-fold-4-leaks-design-camera-bump-specs-features-2022- Sharp Aquos R7: https://www.xda-developers.com/sharp-aquos-r7-massive-1-inch-sensor/- The Apple iPod is dead: https://techcrunch.com/2022/05/11/rip-ipod-you-walked-so-smartphones-could-run/

Acquired
Arena Show Part I: Idea Dinner + YC Continuity

Acquired

Play Episode Listen Later May 12, 2022 93:25


We did an Arena Show!! This evening was so big and so special, we had to split it into two episodes for the podcast feed. First up is the Idea Dinner with our best internet buddies, Packy McCormick and Mario Gabriele (and special guest judge Shu Nyatta), followed by the story of YC Continuity with managing partner Anu Hariharan. Huge, huge thank you to PitchBook for making this night possible. Stay tuned for Part II! If you want more Acquired, you can follow our newly public LP Show feed here in the podcast player of your choice (including Spotify!). Sponsors: Thank you to our presenting sponsor for all of Season 10, Vanta! Vanta is the leader in automated security compliance – making SOC 2, HIPAA, GDPR, and more a breeze for startups and organizations of all sizes. You might say they're like the “AWS of security and compliance”. Everyone in the Acquired community can get 10% off using this link. Thank you as well to Vouch and to SoftBank Latin America! ‍Note: Acquired hosts and guests may hold assets discussed in this episode. This podcast is not investment advice, and is intended for informational and entertainment purposes only. You should do your own research and make your own independent decisions when considering any financial transactions.

Cloud Security Podcast by Google
EP64 Security Operations Center: The People Side and How to Do it Right

Cloud Security Podcast by Google

Play Episode Listen Later May 9, 2022 29:25


Guest: Dave Herrald @ Principal Security Strategist, Google Cloud Topics: What are some tenets of good SOC training? How does this depend on the SOC model (traditional L1/L2/L3, virtual, etc)? How do you make SOC training realistic? Should training be about the toolset or should it be about the analyst's skills? Should you primarily train for engineering skills or analysis skills? Do you need to code to succeed in a modern SOC? Are competitive events like CTFs effective for SOC training? What role does SOC training play in bringing new, perhaps under-represented people into security operations and promoting inclusivity? Resources: Chris Sanders SOC classes SANS Holiday Hack Challenges SEC450: Blue Team Fundamentals: Security Operations and Analysis SANS NetWars “Autonomic Security Operations: 10X Transformation of the Security Operations Center” paper Boss of the SOC (BOTS) Dataset 

Paul's Security Weekly TV
Getting Value From SOAR Beyond Phishing Workflows - Ryan Fried - ESW #272

Paul's Security Weekly TV

Play Episode Listen Later May 7, 2022 34:15


This topic will go over getting value from SOAR beyond just an initial phishing workflow. It will focus on orchestration and response, give ideas for other types of workflows and change the conversation from using SOAR to replace analysts to increasing SOC retention!    Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw272

The Tech Blog Writer Podcast
1968: The Tech Helping SaaS Brands Become SOC-2 Compliant

The Tech Blog Writer Podcast

Play Episode Listen Later May 7, 2022 16:48


Girish Redekar is a CEO & Co-Founder of Sprinto.com. A company helping SaaS brands become SOC-2 compliant, close enterprise deals faster, and pass vendor security assessments easily. Previously, he ​​built and bootstrapped RecruiterBox to 2500+ customers and 50+ employees in the US and India. The company was acquired by San Francisco based private equity firm Turn/River Capital in an undisclosed all cash deal (no stock or earn-outs). Girish is a passionate programmer and entrepreneur, keen on helping other SaaS businesses demonstrate security chops and close enterprise deals faster. So I invited him on Tech Talks Daily to share the startup story of how he took his first company from SMB to Enterprise, gaining over 2500 customers and exiting in an all-cash deal.

Radio Sweden
Macchiarini takes the stand, Ukraine donor conference, Soc Dem's NATO decision, more fatal shootings, Roxette musical

Radio Sweden

Play Episode Listen Later May 5, 2022 2:23


A round-up of the main headlines in Sweden on May 5th, 2022. You can hear more reports on our homepage www.radiosweden.se, or in our app Sveriges Radio Play. Presenter: Ulla Engberg Producer: Frank Radosevich

Build a Business Success Secrets
SaaS Companies Need This Must Have Service with Girish Redekar CEO of Sprinto | Ep. 301

Build a Business Success Secrets

Play Episode Listen Later May 2, 2022 65:33


Girish Redekar is the Co-Founder and CEO of Sprinto, a platform that helps SaaS companies obtain security & privacy compliances 10x faster. Sprinto customers need this to close enterprise customers with high-ticket deals and pass vendor security assessments easily. Sprinto is the second SaaS company he's founded. Before this, he bootstrapped and successfully exited a 2,500 customer SaaS company called Recruiterbox that was sold to a private equity firm. Recruiterbox was bootstrapped, and was there Girish learned all aspects of running a SaaS company: from writing code, running engineering, product management, sales, marketing. Girish talks about why a SOC 2 audit is essential for modern SaaS companies and how he bootstrapped and sold his first SaaS company. This is a must listen episode for all SaaS founders and senior management.  Sign up here for the EDGE's Weekly Newsletter and get BONUS content. It's FREE! EPISODE LINKS: Sprinto PODCAST INFO: Apple Podcasts: EDGE on Apple Podcasts  Spotify: EDGE on Spotify  RSS Feed: EDGE's RSS Feed SUPPORT & CONNECT Sign up here for the EDGE's Weekly Newsletter and get BONUS content. It's FREE! Twitter: Follow Brandon on Twitter Instagram: Follow Brandon on Instagram Please Support this Podcast by checking out our Sponsors: Mad River Botanicals 100% certified organic CBD products. The product is controlled from seed to end product by it's owners. Use code: EDGE22 to get 10% off all your orders. Shop here>>> LinkedIn: Follow Brandon on LinkedIn *We respect your privacy and hate spam. We will not sell your information to others.

Life After Business
#298: Bootstrapping RecruiterBox to Successful All Cash Exit with Girish Redekar

Life After Business

Play Episode Listen Later Apr 27, 2022 69:13


WATCH THE INTERVIEW ON YOUTUBE: Intentional Growth™ Podcast Girish Redekar is the founder of RecruiterBox, an IT pro and SaaS business expert. In this entrepreneur story, Girish talks about how he started his SaaS company and stood out among the thick competition to then sell internationally for an all-cash offer. In this episode, Girish discusses how he bootstrapped RecruiterBox and prioritized customer feedback for product development. He then talks about how he never made more features at one time than the company could afford, because many SaaS businesses go bankrupt when they invest too much into making new features without first acquiring new customers. From there, Girish talks about how he created an automated sales system with a very small sales team. This allowed him to scale RecruiterBox to 2,500 customers internationally, which he then sold to an American private equity firm for an all-cash offer. If you want to discover secrets to scaling a company using repeatable systems, this episode is for you! What You Will Learn What kept Girish on the entrepreneurial path after going two years without anything to show for it. How Girish realized that he was undervaluing what he was building (RecruiterBox). How Girish approached building a new software and why it needed to be better and easier than a simple spreadsheet. How Girish came up with his main KPIs while growing RecruiterBox. How Girish prioritized product development and feature requests based on mass customer feedback. Why Girish never spent more than the company made on marketing, product development, etc. How Girish sold RecruiterBox with automated systems and very few salespeople. How Girish and his leadership team confronted their out-of-the-blue offer with RecruiterBox. How Girish sold RecruiterBox internationally without an investment banker. How Girish was able to walk away with an all-cash deal. // USE YOUR FINANCIALS TO CLARIFY A PATH TOWARDS A MORE VALUABLE BUSINESS: Intentional Growth Financial Assessment Bio: Girish Redekar is CEO and co-founder of Sprinto.com., a company that helps SaaS brands become SOC-2 compliant, close enterprise deals faster, and pass vendor security assessments easily. Previously, he built and bootstrapped RecruiterBox to over 2,500 customers and over 50 employees in the U.S. and India. The company was acquired by San Francisco-based private equity firm Turn/River Capital in an undisclosed all-cash deal (no stock or earn-outs). RecruiterBox was profitable throughout its journey. Girish is a passionate programmer and entrepreneur, keen on helping other SaaS businesses demonstrate security chops and close enterprise deals faster. Interview Quotes: 08:58 - “Because we were broke, it meant that we had to teach ourselves programming. In hindsight, I think the most useful thing that happened was that we taught ourselves programming and how to build these things ourselves and we got pretty good at that.” - Girish Redekar 11:23 - “[In India, being an entrepreneur] is relatively harder, given which pocket of India you are from… It is changing today, especially from fourteen years ago when I started.” - Girish Redekar 17:00 - “I think I undermined the value of the thing we were building. That was one of the lessons from the journey, for me.” - Girish Redekar 20:22 - “We never lost sight

Invest Like the Best
Dmitry Balyasny - Building a Better Model - [Invest Like the Best, EP. 274]

Invest Like the Best

Play Episode Listen Later Apr 26, 2022 72:33


My guest today is Dmitry Balyasny. Dmitry is the Managing Partner and CIO of Balyasny Asset Management, otherwise known as BAM. BAM runs a multi-strategy, multi-PM model that aims to produce consistent absolute returns. Since its founding in 2001, it has produced only one negative year and become one of the largest firms of its kind. Please enjoy my conversation with Dmitry Balyasny.    For the full show notes, transcript, and links to mentioned content, check out the episode page here.   -----   This episode is brought to you by Canalyst. Canalyst is the leading destination for public company data and analysis. If you're a professional equity investor and haven't talked to Canalyst recently, you should give them a shout. Learn more and try Canalyst for yourself at canalyst.com/Patrick.    -----   This episode is brought to you by Vanta. Vanta has built software that makes it easier to get and maintain your SOC 2, HIPAA or ISO 27001 reports at a fraction of the typical cost. Listeners can redeem a $1k off coupon at vanta.com/patrick.    -----   Invest Like the Best is a property of Colossus, LLC. For more episodes of Invest Like the Best, visit joincolossus.com/episodes.    Past guests include Tobi Lutke, Kevin Systrom, Mike Krieger, John Collison, Kat Cole, Marc Andreessen, Matthew Ball, Bill Gurley, Anu Hariharan, Ben Thompson, and many more.   Stay up to date on all our podcasts by signing up to Colossus Weekly, our quick dive every Sunday highlighting the top business and investing concepts from our podcasts and the best of what we read that week. Sign up here.   Follow us on Twitter: @patrick_oshag | @JoinColossus   Show Notes [00:02:53] - [First question] - The origin story of his firm and the key stages of evolution [00:06:43] - Describing the difference between good and great in platform hedge funds  [00:10:25] - How a multi-strategy, multi-investor group works and managing capital allocation [00:13:58] - What he's trying to solve at the end of the day as their CIO [00:16:21] - How close they are to their idealized end-state  [00:18:26] - Typical amounts of leverage associated with these types of models [00:20:22] - Lessons learned about incentivizing talented investors [00:22:39] - Ways he tends to attract risk takers and their levels of variance [00:28:15] - Other characteristics that are common amongst great PMs [00:30:42] - The nature and source of edge and how it's changed most over time [00:33:19] - Some of the hardest portfolio and business decisions he's had to make  [00:37:59] - One of his most important business decisions on the firm side [00:40:09] - How they've thought about shorting as a firm in general and more recently [00:43:52] - How interest rates affect this style of investing [00:45:29] - His view on the opportunity set in private markets and what does and doesn't excite him about it [00:49:42] - How reading Ayn Rand most shaped his thinking [00:50:36] - Things Ayn most got right and most got wrong in his mind [00:51:24] - What the war in Ukraine has felt like for him as a Ukrainian-American [00:52:08] - Ways the future still has him excited as he continues to build his firm [00:53:53] - Where his trading instincts draw him today and areas of interest [00:55:11] - His most memorable trade of all time [00:56:37] - In which order the major asset classes will be affected by digital innovation [00:58:13] - The kindest thing anyone has ever done for him

EV News Daily - Electric Car Podcast
1446: 25 Apr 2022 | Hyundai Updates IONIQ5 For 2023

EV News Daily - Electric Car Podcast

Play Episode Listen Later Apr 25, 2022 17:59


Show #1446 Good morning, good afternoon and good evening wherever you are in the world, welcome to EV News Daily, you trusted source of EV information. It's Monday 25th April, it's Martyn Lee here and I go through every EV story so you don't have to. VOLKSWAGEN MAKES CHARGING EASIER AND MORE CONVENIENT - The volume brands Volkswagen, Cupra/Seat and ŠKODA are now offering simple tariffs for public charging, allowing customers to charge at fixed kilowatt-hour prices throughout the entire charging network. With this step, the company creates optimal cost transparency. - In the future, customers will have the choice between three basic tariffs, each with fixed prices per kilowatt hour charged. The new tariffs apply to customers of We Charge (Volkswagen), Powerpass (ŠKODA), Easy Charging (SEAT/CUPRA) and Elli and offer top conditions for Ionity fast chargers, among other benefits. - Depending on the country, prices can be different, but always follow the same logic.02 Elli, our in-house brand, which is responsible for all activities in the Group around the topic of charging & energy is the backbone of the offer. - charging stations will be highlighted in the e-cars navigation system and drivers will be offered the option of choosing to drive there. The quality criteria will include reliability, weather protection and if there is a catering option. This means that customers will be able to target charging stations with a canopy and coffee offering. The program is scheduled to start later this year. - Another component of the quality offensive is the market launch of Plug&Charge. The function will be activated from the middle of the year via a software update in all e-cars of the volume brands based on the MEB architecture. The vehicle identifies itself at the corresponding charging stations using the ISO 15118 standard and automatically starts the charging process. Plug&Charge is supported by IONITY, Aral/bp, E.ON and Iberdrola Original Source : https://www.volkswagen-newsroom.com/en/press-releases/quality-offensive-volkswagen-makes-charging-easier-and-more-convenient-7902 RIVIAN R1T CAN NOW CHARGE AT UP TO 500 AMPS WITH NEW SOFTWARE UPDATE - the latest 2022.11.02 software update for the Rivian R1T all-electric pickup, released this month and examined by Out of Spec Reviews. - Kyle Conner, among various changes, Rivian has increased the maximum DC fast charging current from 450 A to 500 A, which is expected to slightly increase the rate of range replenishing. - Now, we saw that it can take 498 A right away at a low state-of-charge, which combined with around 400 V is over 200 kW - 204 kW at 14% SOC to be specific. The peak (according to the charger's display) was about 217 kW, above 40% SOC. That's actually very close to the 210 kW peak value declared in technical papers. Original Source : https://insideevs.com/news/581819/rivian-r1t-500a-charging-software-update/ HEAT PUMPS INCLUDED IN GM EVS COULD GIVE THEM A REAL-WORLD RANGE ADVANTAGE - GM confirmed Monday that it plans to include heat-pump technology in all of its current and upcoming Ultium-platform electric vehicles. - That includes the Hummer EV now being delivered and the soon-arriving Cadillac Lyriq, plus many more to arrive in the next several years. In them, the tech will help recover low-level waste heat in ways that can add up in meaningful ways—bringing them quicker acceleration, faster charging, and a longer range - the one in GM EVs employs a compressor-and-evaporator component system and a specially chosen refrigerant that undergoes a phase change. A physical reaction pays off in the release of energy as it goes from gas to liquid—to in effect amplify whatever energy it can scavenge along the way. - That extra can go toward cabin heating, low-level electrical functions, or even preconditioning of the battery—potentially extending range by as much as 10%. Original Source : https://www.greencarreports.com/news/1135681_heat-pumps-included-in-gm-evs-could-give-them-a-real-world-range-advantage GM INTRODUCES NEW ENERGY-SAVING FEATURE FOR EVS  - “Having a ground-up EV architecture gives us the freedom to build in standard features like Ultium's energy recovery capabilities,” said Doug Parks, GM executive vice president, global product development, purchasing and supply chain. “This helps us squeeze more efficiency, performance and overall customer benefit out of our EVs.” - Ultium's energy recovery even enables GMC Hummer EV's Watts to Freedom feature. Energy recovery pre-cools the propulsion system to help the all-electric supertruck accelerate from 0-60 mph in approximately 3 seconds. Original Source : https://businessjournaldaily.com/gm-introduces-new-energy-saving-feature-for-evs/ GM's EV Tech Captures Body Heat and Uses It to Warm the Cabin - Covered by 11 patents and four publications, the development of Ultium energy recovery traces its inception back to GM's first EV, the EV1, in the late 1990s, when GM engineers first developed an EV heat pump. Ultium energy recovery is available on all current Ultium vehicles and planned for future Ultium vehicles. Original Source : https://www.designdevelopmenttoday.com/industries/automotive/news/22197256/gms-ev-tech-captures-body-heat-and-uses-it-to-warm-the-cabin GM SAYS IT WILL PRODUCE ELECTRIC CHEVROLET CORVETTES - General Motors will produce an electrified Chevrolet Corvette next year, followed by an all-electric version of the iconic sports car, GM President Mark Reuss said Monday. - Reuss said the automaker will continue to manufacture traditional models with internal combustion engines alongside the electrified models. He declined to disclose when the all-electric Corvette would be released or whether the “electrified” model would be a traditional hybrid or plug-in hybrid electric vehicle. - GM's confirmation of the electrified Corvettes comes amid increased pressure from Wall Street for legacy automakers to better compete against EV industry leader Tesla. It also comes a day before GM's crosstown rival, Ford Motor, is scheduled to host an event for its electric F-150 Lightning pickup, which has received significant attention from investors and media. Original Source : https://www.cnbc.com/2022/04/25/gm-says-it-will-produce-electric-chevrolet-corvettes.html HYUNDAI IONIQ 5 TO RECEIVE PRODUCT ENHANCEMENTS FOR 2023 MODEL YEAR Original Source : https://electriccarsreport.com/2022/04/hyundai-ioniq-5-to-receive-product-enhancements-for-2023-model-year/ Make New York EV Ready" Bill Promoting the Development of New Electric Vehicle Charging Infrastructure Original Source : https://www.nysenate.gov/newsroom/press-releases/anna-m-kaplan/make-new-york-ev-ready-bill-promoting-development-new-electric NIO RESPONDS TO WHY IT WILL ALLOW USERS TO OPT OUT OF BAAS PLAN Original Source : https://cnevpost.com/2022/04/26/nio-responds-to-why-it-will-allow-users-to-opt-out-of-baas-plan/ FRANCE TO OFFER €30,000 LOANS TO HELP BUY HYBRID OR ELECTRIC VEHICLES Original Source : https://www.connexionfrance.com/article/French-news/France-to-offer-30-000-loans-to-help-buy-hybrid-or-electric-vehicles QUESTION OF THE WEEK WITH EMOBILITYNORWAY.COM What cables should or shouldn't  come with a new or used EV? Email me any feedback to: hello@evnewsdaily.com It would mean a lot if you could take 2mins to leave a quick review on whichever platform you download the podcast. And  if you have an Amazon Echo, download our Alexa Skill, search for EV News Daily and add it as a flash briefing. Come and say hi on Facebook, LinkedIn or Twitter just search EV News Daily, have a wonderful day, I'll catch you tomorrow and remember…there's no such thing as a self-charging hybrid. PREMIUM PARTNERS PHIL ROBERTS / ELECTRIC FUTURE BRAD CROSBY PORSCHE OF THE VILLAGE CINCINNATI AUDI CINCINNATI EAST VOLVO CARS CINCINNATI EAST NATIONAL CAR CHARGING ON THE US MAINLAND AND ALOHA CHARGE IN HAWAII DEREK REILLY FROM THE EV REVIEW IRELAND YOUTUBE CHANNEL RICHARD AT RSEV.CO.UK – FOR BUYING AND SELLING EVS IN THE UK EMOBILITYNORWAY.COM/ OCTOPUS ELECTRIC JUICE - MAKING PUBLIC CHARGING SIMPLE WITH ONE CARD, ONE MAP AND ONE APP

The Codependummy Podcast
Turn and Face The Change: Making Ch-Ch-Changes

The Codependummy Podcast

Play Episode Listen Later Apr 25, 2022 69:12


Why is it so hard to make sustaining change, especially in relationships? What are the Stages of Change? How can you provide yourself with tenderness if and when you find yourself struggling to change, ya dummy? Welcome to episode 72! In this episode, we will be answering: what is it going to take for you to make a change in your life? I will walk you through the 5 (ahem, 6) Stages of Change to help you understand why it is so hard to make changes, especially in your relationships. If you struggle to set boundaries, assert your needs, or make necessary changes to your relationships–this episode is a must-listen for you! After walking you through the Stages of Change, I then apply them to a past dating relationship to build your understanding. It was a painful relationship. It was painful to revisit. I hope that by seeing the Stages of Change in action, you will provide yourself with better compassion as you make changes in your life.  Helpful links: www.codependummy.com/toolsforhealing - check out The Confiding Codependummy for just $1 a day for the next month (it's $30 total).  www.codependummy.com - check out the Self-Validation Challenge for free! https://www.paypal.com/donate/?hosted_button_id=RJ3PSNZ4AF7QC - help support the show via a one-time donation via secure Paypal link!  More deets on this week's episode: We start off with a serenade and check-in.  Next, I share some background on The Stages of Change: the Transtheoretical Model of Change which is the basis for developing effective interventions to promote health behavior change first published by Prochaska & DiClemente in 1983. It has 5 stages but we will include 6: precontemplation, contemplation, preparation, action, maintenance, and the sixth is relapse. Relapse is not necessary but it often happens which is why it is included as the 6th stage.  Short breakdown: Precontemplation - it's in the word itself. Pre, as in before, contemplation. Nothing much is happening at this stage, however, data/observations/experiences are being collected. Contemplation - the action of looking thoughtfully at something FOR A LONG TIME, deep reflective thought. You've gone from 0 to awareness that a change is needed.  Preparation - in this stage, you are prepping yourself to take action sooner than later. You've recognized a need for change and now you are prepping internally and externally. Action! - in this stage, actions are taken to make change. It's observable, explicit, external behavior. Maintenance - you work to maintain whatever changes/actions you have made. This is all to prevent regression and/or relapse. Re lapse - or regression. In this stage, you revert to an earlier stage of change - contemplation, preparation, etc.  I then apply 6 stages to my past relationship with a homeless man.  Questions for you:  If you have a current struggle, toxic relationship, addiction, challenge in your life–where do you sense you are in the SOC? What experience can you look back on in your life to see your own process in going through the SOC? How can you practice tenderness towards yourself given where you currently are in the SOC in relation to your current struggle? What, if any, step can you take to move forward into the next stage? One step–one action–one call.  How can you practice compassion for others given where they are in their SOC journey? Is this a helpful lens to apply to your life? If so, do, if not, don't! The end! Thank you. Love you. RRSSS.  Rate, review, subscribe, share, and support. Support the show via a one-time secure donation: https://www.paypal.com/donate/?hosted_button_id=RJ3PSNZ4AF7QC  If you're needing more, get your copy of The Confiding Codependummy: 30 Days of Journaling Prompts for a less-codependent and more-conscious you! www.codependummy.com/toolsforhealing  Self-Validation Challenge - FREE 30-day guide to providing yourself with all the validation you seek: www.codependummy.com  Also, if you are wanting to dive into your codependency deeper one-on-one, please email marissa@codependumy.com

Invest Like the Best
Henry Ward - Transforming Private Markets - [Invest Like the Best, EP. 273]

Invest Like the Best

Play Episode Listen Later Apr 21, 2022 81:43


My guest today is Henry Ward, co-founder and CEO of Carta. Started in 2012, Carta helps companies and investors manage their cap tables, equity plans, and ownership. Last year, they launched CartaX, a platform for private companies and their employees to access secondary market liquidity. Our discussion is a detailed exploration of private market infrastructure and Henry's views on building an enduring business. Please enjoy my conversation with Henry Ward.   For the full show notes, transcript, and links to mentioned content, check out the episode page here.   -----   This episode is brought to you by Canalyst. Canalyst is the leading destination for public company data and analysis. If you're a professional equity investor and haven't talked to Canalyst recently, you should give them a shout. Learn more and try Canalyst for yourself at canalyst.com/Patrick.    -----   This episode is brought to you by Vanta. Vanta has built software that makes it easier to get and maintain your SOC 2, HIPAA or ISO 27001 reports at a fraction of the typical cost. Listeners can redeem a $1k off coupon at vanta.com/patrick.    -----   Invest Like the Best is a property of Colossus, LLC. For more episodes of Invest Like the Best, visit joincolossus.com/episodes.    Past guests include Tobi Lutke, Kevin Systrom, Mike Krieger, John Collison, Kat Cole, Marc Andreessen, Matthew Ball, Bill Gurley, Anu Hariharan, Ben Thompson, and many more.   Stay up to date on all our podcasts by signing up to Colossus Weekly, our quick dive every Sunday highlighting the top business and investing concepts from our podcasts and the best of what we read that week. Sign up here.   Follow us on Twitter: @patrick_oshag | @JoinColossus   Show Notes [00:02:57] - [First question] - The first key mental moment of how Carta came to him [00:05:30] - Initial thoughts on how to position Carta as a business model [00:06:47] - Historical divergence between private and public market infrastructure [00:08:33] - What a price discovery process for primary shares could look like in the future [00:11:09] - The end state Carta is trying to effect in their perfect state [00:13:29] - Why it's so hard for private company staff to manage their illiquid wealth [00:15:45] - Lessons and challenges in the new market creation business [00:17:57] - The nature and dynamics of supply and demand in this space [00:20:16] - Restrictions that prevent retail investors from participating in private markets and why there's more alpha in private markets [00:22:45] - How Carta is mapped onto the success of its customers [00:25:27] - Deciding on what is a good idea and what isn't when it comes to focus [00:28:07] - Describing the One of N versus N of One market frameworks and principles of this philosophy that manifests in how he runs Carta [00:32:11] - How working at Carta would differ from a payroll-type company [00:35:37] - Characterizing his leadership and management styles [00:37:57] - The types of circumstances that bring out his tough side [00:39:33] - Making hard decisions in a bottom up management model  [00:44:05] - How he spends his time while building Carta [00:45:02] - What a great product looks like to him [00:47:10] - The Systems Bible; Defining what a great team looks like [00:49:13] - What he's learned about being great at Go-To-Market [00:51:26] - Effective ways to beat competitors and build relationship pipelines [00:53:49] - Things he likes the least about leading a company of this size  [00:55:13] - What he fears most as he thinks about the future of Carta [00:55:45] - Advice for entrepreneurs when thinking about data in modern businesses [00:58:26] - The biggest missing pieces in capital market structure writ large [01:00:17] - What's next for CartaX and what he'll be pushing to make it work  [01:02:10] - Lessons learned from serving venture investors  [01:04:25] - Whether or not investment banks are their competitors [01:05:18] - Public market dislocation and how long it will last [01:06:58] - The kindest thing anyone has ever done for him

Acquired
Nvidia: The Machine Learning Company (2006-2022)

Acquired

Play Episode Listen Later Apr 20, 2022 135:02


By 2012, NVIDIA was on a decade-long road to nowhere. Or so most rational observers of the company thought. CEO Jensen Huang was plowing all the cash from the company's gaming business into building a highly speculative platform with few clear use cases and no obviously large market opportunity. And then... a miracle happened. A miracle that led not only to Nvidia becoming the 8th largest market cap company in the world, but also nearly every internet and technology innovation that's happened in the decade since. Machines learned how to learn. And they learned it... on Nvidia. PSA: We're doing an ARENA SHOW!! May 4th, 2022 in Seattle (Star Wars day). All proceeds go to charity. We'd love to see you there! If you want more Acquired, you can follow our newly public LP Show feed here in the podcast player of your choice (including Spotify!). Sponsors: Thank you to our presenting sponsor for all of Season 10, Vanta! Vanta is the leader in automated security compliance – making SOC 2, HIPAA, GDPR, and more a breeze for startups and organizations of all sizes. You might say they're like the “AWS of security and compliance”. Everyone in the Acquired community can get 10% off using this link. Thank you as well to Vouch and to SoftBank Latin America! Links: Ben Thompson's great Stratechery interview with Jensen Linus Tech Tips tests an Nvidia A100 Episode sources Carve Outs: The Expanse short story collection, Memory's Legion Sony RX100 point-and-shoot camera ‍Note: Acquired hosts and guests may hold assets discussed in this episode. This podcast is not investment advice, and is intended for informational and entertainment purposes only. You should do your own research and make your own independent decisions when considering any financial transactions.