Podcasts about zero trust

U.S. government agencies are warning that ransomware actors are "disproportionately targeting the education sector," especially K-12. That's because sensitive student data, overworked staff and competing priorities make investing in cybersecurity talent and tools a major challenge. On today's episode, host David Puner checks in with Matt Kenslea, CyberArk's Director of State, Local and Education (SLED), for a discussion about these targeted cyberattacks, the challenges they pose – and what schools can do.

Sinan Eren, the VP of Zero Trust at Barracuda joins us to discuss various aspects of MFA Fatigue & Authentication with the PSW crew! Segment Resources: https://assets.barracuda.com/assets/docs/dms/NetSec_Report_The_State_of_IIoT_final.pdf This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! In the Security News: Bloodhound's blind spots, Interactable Giraffe, don't use open-source, it has too many vulnerabilities, MFA fatigue, tamper protection, use-after-freedom, how not to do software updates, hacking gamers, stealing Teslas, safer Linux, trojan putty, there's money in your account, game leak makes history, GPS jammers, Uber blames LAPSUS, spying on your monitor from a zoom call, next-generation IPS with AI and ML for zero-day exploit detection, 3D printed meat, and what to do when the highway is covered with what is usually kept in the nightstand... Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw756

Sinan Eren, the VP of Zero Trust at Barracuda joins us to discuss various aspects of MFA Fatigue & Authentication with the PSW crew! Segment Resources: https://assets.barracuda.com/assets/docs/dms/NetSec_Report_The_State_of_IIoT_final.pdf This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! In the Security News: Bloodhound's blind spots, Interactable Giraffe, don't use open-source, it has too many vulnerabilities, MFA fatigue, tamper protection, use-after-freedom, how not to do software updates, hacking gamers, stealing Teslas, safer Linux, trojan putty, there's money in your account, game leak makes history, GPS jammers, Uber blames LAPSUS, spying on your monitor from a zoom call, next-generation IPS with AI and ML for zero-day exploit detection, 3D printed meat, and what to do when the highway is covered with what is usually kept in the nightstand... Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw756

Jamf buys ZecOps Porn phishing scam turns into a DDoS Cloudflare announced secure eSIM offering Thanks to today's episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.

LockBit ransomware-builder leaked, new zero trust features in Windows 11, Vertex Ventures US on the enterprise tech VC space, and more. Developer leaks LockBit 3.0 ransomware-builder code Dangerously wrong oxygen readings in dark-skinned patients spur FDA scrutiny Data scientists dial back the use of open source code due to security worries Microsoft brings zero trust to hardware in Windows 11 Vertex Ventures US Founder & General Partner Jonathan Heiliger talks SaaS and infrastructure software startups and the changes in the enterprise technology world that are driving the world marketplace Hosts: Brian Chee and Curt Franklin Guest: Jonathan Heiliger Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: IRL Podcast canary.tools/twit - use code: TWIT

LockBit ransomware-builder leaked, new zero trust features in Windows 11, Vertex Ventures US on the enterprise tech VC space, and more. Developer leaks LockBit 3.0 ransomware-builder code Dangerously wrong oxygen readings in dark-skinned patients spur FDA scrutiny Data scientists dial back the use of open source code due to security worries Microsoft brings zero trust to hardware in Windows 11 Vertex Ventures US Founder & General Partner Jonathan Heiliger talks SaaS and infrastructure software startups and the changes in the enterprise technology world that are driving the world marketplace Hosts: Brian Chee and Curt Franklin Guest: Jonathan Heiliger Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: IRL Podcast canary.tools/twit - use code: TWIT

LockBit ransomware-builder leaked, new zero trust features in Windows 11, Vertex Ventures US on the enterprise tech VC space, and more. Developer leaks LockBit 3.0 ransomware-builder code Dangerously wrong oxygen readings in dark-skinned patients spur FDA scrutiny Data scientists dial back the use of open source code due to security worries Microsoft brings zero trust to hardware in Windows 11 Vertex Ventures US Founder & General Partner Jonathan Heiliger talks SaaS and infrastructure software startups and the changes in the enterprise technology world that are driving the world marketplace Hosts: Brian Chee and Curt Franklin Guest: Jonathan Heiliger Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: IRL Podcast canary.tools/twit - use code: TWIT

LockBit ransomware-builder leaked, new zero trust features in Windows 11, Vertex Ventures US on the enterprise tech VC space, and more. Developer leaks LockBit 3.0 ransomware-builder code Dangerously wrong oxygen readings in dark-skinned patients spur FDA scrutiny Data scientists dial back the use of open source code due to security worries Microsoft brings zero trust to hardware in Windows 11 Vertex Ventures US Founder & General Partner Jonathan Heiliger talks SaaS and infrastructure software startups and the changes in the enterprise technology world that are driving the world marketplace Hosts: Brian Chee and Curt Franklin Guest: Jonathan Heiliger Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: IRL Podcast canary.tools/twit - use code: TWIT

Federal agencies are accelerating cyber programs and initiatives to stay up to speed with the quickly changing landscape. Deputy Editor Kate Macri and Staff Writer Sarah Sybert unpack top takeaways from the summer, including upcoming cybersecurity workforce strategies, DOD's new five-year zero trust strategy and new directives around supply chain security.

SDxCentral 2-Minute Weekly Wrap Podcast for Sept. 23, 2022 Plus, Nokia sees software as key to open radio access network success, and Oracle's Ellison digs at Amazon Ex-Cisco Execs Reimagine Networking With 'Out-of-Box' Zero Trust, 'New Age' NaaS Nokia Ties Software to Open RAN Maturity Oracle's Ellison Pushes Multi-Cloud Interoperability, Digs at Amazon Learn more about your ad choices. Visit megaphone.fm/adchoices

Sinan Eren, the VP of Zero Trust at Barracuda joins to discuss various aspects of MFA Fatigue & Authentication with the PSW crew! Segment Resources: https://assets.barracuda.com/assets/docs/dms/NetSec_Report_The_State_of_IIoT_final.pdf This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw756

Bloomberg Intelligence Senior Analyst Mandeep Singh is hosting Rubrik CEO, Bipul Sinha, to talk about the cybersecurity landscape and how demand for data security is likely to grow with the proliferation of data and zero-trust.

Sinan Eren, the VP of Zero Trust at Barracuda joins to discuss various aspects of MFA Fatigue & Authentication with the PSW crew! Segment Resources: https://assets.barracuda.com/assets/docs/dms/NetSec_Report_The_State_of_IIoT_final.pdf This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw756

Vertraue niemandem - darum geht es in dieser Folge hitcast. Dabei beschäftigen wir uns aber nicht mit Psychologie, sondern mit der gar nicht so einfachen Frage - wen lasse ich in mein Netzwerk? Genau damit beschäftigt sich das Zero Trust Konzept. Man geht davon aus, dass jeder Zugriff ohne Berechtigung erfolgt, bis das Gegenteil bewiesen ist. Das Konzept besteht dabei aus vielen Einzelbausteinen, die einer genauen Planung benötigen. Dabei unterstützen wir gerne. Jetzt einen kostenlosen Beratungstermin unter http://www.hagel-it.de/termin vereinbaren.

Some industry watchers estimate that by 2025 the collective data of humanity will reach 175 Zettabytes. ISACA's Jon Brandt invites Dr. Chase Cunningham (aka Dr. Zero Trust) to discuss how to defend the ever-growing amount data, problem-solving for business units and compliance. Chase also questions the idea of “never compromise” and “perfect defense” when defending data. Tune in now! To Learn more about Dr. Zero Trust, visit: www.zerotrustedge.com/dr-zero-trust To listen to more ISACA Podcasts, visit: www.isaca.org/podcasts 

Chris: What do you think some of the fundamental changes of IAM are from on-prem to cloud?Chris: What are some of the key tradeoffs and considerations for using IDaaS offerings?Nikki: There are a lot of solutions out there that discuss zero trust as a product or a service that can be leveraged to 'bake in' zero trust into an environment. But I'm curious on your perspective - do you think we need additional tools to configure zero trust principles, or leverage the technology at hand to implement zero trust?Nikki: There's this move towards passwordless solutions - I can see that being a big boost to zero trust architectures, but I think we're still missing the need for trusted identities, whether it's passwords, pins, or tokens. How do you feel about the passwordless movement and do you think more products will move in that direction?Chris: You've been a part of the FICAM group and efforts in the CIO Council. Can you tell us a bit about that and where it is headed?Chris: It is said Identity is the new perimeter in the age of Zero Trust, why do you think this is and how can organizations address it?Nikki: There was an interesting research publication I read, titled "Beyond zero trust: Trust is a vulnerability" by M. Campbell in the IEEE Computer journal. I like the idea of considering zero trust principles, like least privilege, or limited permissions, as potential vulnerabilities instead of security controls. Do you think the language is important when discussing vulnerabilities versus security controls?Chris: What role do you think NPE's play in the modern threat landscape?Chris: If people want to learn more about the Federal FICAM/ZT Strategies, where do you recommend they begin?

Zscaler delivered an impressive earnings report to cap off their fiscal year, demonstrating their ability to capitalize on strong demand for their leading Zero Trust solution. Coming into the report, investors were concerned about decelerating billings, worsening operating leverage and the need to provide an out of cycle fiscal year guide. Additionally, competitors like Palo Alto and Cloudflare had been increasingly vocal about customer wins. None of these factors appeared to impact the Q4 report, however, with Zscaler re-accelerating billings growth and highlighting several enormous enterprise and federal customer lands. This is the audio summary. For the complete report, visit softwarestackinvesting.com

In Episode S4E14, Steve Bowcut talks about Zero Trust Network Access with two well-informed guests. On the show are two executives from the cybersecurity firm Syxsense, Mark Reed, CTO, and Dave Taylor, CMO. The term Zero Trust is sometimes misapplied or misunderstood in the security industry, so our guests thoroughly describe what the term means and how they use it in their business. Mark and Dave explain the role of a zero trust strategy in today's endpoint protection and what it takes to be successful at zero trust, then talk about some of the challenges organizations face when implementing a Zero Trust strategy. Steve gets them to elaborate on how the new module recently announced by Syxsense enables endpoint compliance with Zero Trust Network Access policies. About Our Guests Mark Reed is a highly energized Software Developer and the CTO of Syxsense. He began his career as a Technical Support Manager at Intel before moving into a role as a Deployment Engineer, traveling to companies all over the world to help with new software infrastructure and implementation. Eventually, he worked his way up to a leadership role and now manages a team of software engineers while helping to push forward new innovations and being involved in all aspects of product development - from backend database design, web services, user interfaces, and client/server/cloud communications. Mark loves to travel, extreme sports and fitness, and spending time with his wife and four sons. He lives in Salt Lake City, Utah. Dave Taylor is a successful tech entrepreneur with five exits under his belt. Having started his career as a Product Manager at Intel Corporation, Dave has now run marketing as CMO at seven successive companies. He has always focused on demand generation - working closely with sales teams to hit revenue growth targets. Dave counts the recruitment and retention of amazingly high-performing marketing teams as his top skill. Born and raised in Boston, Dave has lived in the UK, South Africa, the Middle East, and all over the US, and he now resides in Utah and Montana. Be sure to listen in to learn more about the current state of zero trust network access.

PuTTY trojanized, shipping ports cyberthreats, AR in the workforce, and more. Trojanized versions of PuTTY utility are being used to spread backdoor Hacker pwns Uber via compromised VPN account White House guidance recommends SBOMs for federal agencies Amazon buys warehouse robotics company Cloostermans Why ports are at risk of cyberattacks Upskill co-founder and CEO Brian Ballard on AR and other wearable tech in the workplace Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Brian Ballard Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: UserWay.org/twit Melissa.com/twit IRL Podcast

PuTTY trojanized, shipping ports cyberthreats, AR in the workforce, and more. Trojanized versions of PuTTY utility are being used to spread backdoor Hacker pwns Uber via compromised VPN account White House guidance recommends SBOMs for federal agencies Amazon buys warehouse robotics company Cloostermans Why ports are at risk of cyberattacks Upskill co-founder and CEO Brian Ballard on AR and other wearable tech in the workplace Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Brian Ballard Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: UserWay.org/twit Melissa.com/twit IRL Podcast

PuTTY trojanized, shipping ports cyberthreats, AR in the workforce, and more. Trojanized versions of PuTTY utility are being used to spread backdoor Hacker pwns Uber via compromised VPN account White House guidance recommends SBOMs for federal agencies Amazon buys warehouse robotics company Cloostermans Why ports are at risk of cyberattacks Upskill co-founder and CEO Brian Ballard on AR and other wearable tech in the workplace Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Brian Ballard Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: UserWay.org/twit Melissa.com/twit IRL Podcast

PuTTY trojanized, shipping ports cyberthreats, AR in the workforce, and more. Trojanized versions of PuTTY utility are being used to spread backdoor Hacker pwns Uber via compromised VPN account White House guidance recommends SBOMs for federal agencies Amazon buys warehouse robotics company Cloostermans Why ports are at risk of cyberattacks Upskill co-founder and CEO Brian Ballard on AR and other wearable tech in the workplace Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Brian Ballard Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: UserWay.org/twit Melissa.com/twit IRL Podcast

What a wake up call this week when working with SMB's on their cyber security strategy and the reality of the space. Do SMB's use outsourced security, and is that smart? Does that hurt their overall awareness? Why aren't things getting patched the way they should even when we have been notified by CISA and others of "critical vulnerabilities"? Does the upcoming legislation around semi-conductors and silicon pointed at China have any impact on our national security and cyber future? Those questions and a few more on this one.

Pam and Brad dissect their recent discussion with NIST Fellow Ron Ross (episode 34) and provide advice for applying the guidance in the special publications he helped develop. Listen to this complimentary deep dive to learn how best to apply controls, properly differentiate and value your data assets, rank and classify your apps, and manage risk by using cybersecurity standards.

For those of you paying attention - DtSR is officially 11 years old. This episode is the first episode of year (season) 12. WOW. Thank you for listening, sharing, commenting, and watching us live! Prologue We work in a weird industry where marketing has to make ever-more outrageous claims that product and service teams then have to attempt to live up to, but it's a way of life. Now, I'm not strictly speaking blaming product marketing people, but they do have some blame in this insane climate we find ourselves in. On this episode, two good friends - and professional snark'ists - join James and I to talk about where our industry has over-marketed, over-hyped, and simply failed to deliver ...and where it may actually be meeting expectations. It's a fun conversation, and I bet you won't see the ending coming. Guests Jeff Collins LinkedIn: https://www.linkedin.com/in/jmcollins/  Anton Chuvakin LinkedIn: https://www.linkedin.com/in/chuvakin/  Twitter: https://twitter.com/anton_chuvakin

Len Noe – our favorite cyborg and CyberArk resident technical evangelist and white hat hacker – is back! On today's episode, he's talking with host David Puner about risky QR codes. On first blush it may seem like a simple subject, but attackers are having a field day with them and there seems to be a general lack of awareness about it. Help stop the havoc-wreaking and find out what you can do to protect yourself.

Not everyone arrives at work in the morning to advance humans' understanding of our place in the universe. But David Liska does. As the Associate Director of Engineering & Technology at the Space Telescope Science Institute, he's been integral in launching and operating one of humanity's most ambitious astronomical projects to date: the James Webb Telescope. In this episode, learn what it takes to manage such a massively complex undertaking, Liska's lessons for working on public sector projects, and what about the universe still fills him with wonder.

All links and images for this episode can be found on CISO Series Uggh, just saying "zero trust" sends shivvers down security professionals' spines. The term is fraught with so many misnomers. The most important is who are you going to trust to actually help you build that darn zero trust program? Are you going to look at a vendor that's consolidated solutions and has built programs like this repeatedly or are you going to look for the best solutions yourself and try to figure out how best to piece it together to create that "zero trust" program? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is David Chow, global chief technology strategy officer, Trend Micro. Thanks to our podcast sponsor, Trend Micro Trend Micro Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity. Discover your dynamic attack surface, assess your risk, and respond with the right security at the right time. Discover more! In this episode: Why is the term “zero trust” fraught with so many misnomers? Is there such a thing as privacy anymore? Do you agree with the term “good enough”, and if so what is a "good enough" factor, what does it entail, and what should we expect from that? Where has the United States done the most to improve national cybersecurity?

See how to create confidential clouds that host sensitive data in public clouds with Intel Software Guard Extension, as part of Azure confidential computing. Protect your sensitive information in the Cloud. Mitigate privileged access attacks with hardware enforced protection of sensitive data, and protect against data exfiltration from memory. Beyond security, we'll demonstrate machine learning analytics on multi-party data. Data center security expert, Mike Ferron-Jones from Intel, gives you an exclusive look at Microsoft's work with Intel. ► QUICK LINKS: 00:00 - Introduction 02:12 - Protect against memory attacks 04:08 - Example of a cross tenant data exfiltration attack 06:09 - Protect your data in use: Confidential computing 07:01 - Mitigate privilege escalation attacks with Intel SGX 09:20 - New confidential computing scenarios 13:54 - Wrap up ► Link References: Detailed information on Azure confidential computing at https://aka.ms/AzureCC Watch our Zero Trust series at https://aka.ms/ZeroTrustMechanics Keep up to date on Intel innovations at https://www.intel.com/security More information on Intel SGX go to https://www.Intel.com/SGX ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries?sub_confirmation=1 • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/website • To get the newest tech for IT in your inbox, subscribe to our newsletter: https://www.getrevue.co/profile/msftmechanics ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/microsoftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics   

Implementing Zero Trust is a customer evolution that requires a channel that is dedicated to their customers success. With over 60 carriers accounting for over 400 million end customers consisting of consumers and small to midsized businesses, Akamai has a very healthy and dedicated channel. Pavel Gurvich Pavel Gurvich, Senior Vice President & General Manager, Enterprise Security Group speaks to Don Witt of The Channel Daily News, a TR publication about their Zero Trust technology and how they work with their channel to implement it. Starting with the Micro-segmentation of the traditional perimeter network, Akamai plus Guardicore can get you on track to provide the best Zero Trust possible. By enabling Zero Trust and SASE,  you can secure your digital business and get the most out of your security investments. Akamai plans to continue supporting their channel aggressively with their technology leading the way in securing their consumer/business base. Listen in to hear how they plan to do it. Flexibility. Competitive Edge. Support. Partners - Gain the competitive edge A portfolio of edge security, web and mobile performance, enterprise access, and video delivery solutions helps you transform your business and support customers as they secure their multi-cloud world. Partners - Design around your go-to-market plan You know your customers best — that's why their partner program gives you the freedom to design around your GTM strategy. With their new engagement options, you no longer need to fit a specific model. For more information, go to: https://www.akamai.com/

IHG hotels cyberattack, Apple Passkeys, Azure Space, and more. Cyberattack disrupts bookings for IHG hotels Attackers exploit zero-day WordPress plug-in vulnerability in BackupBuddy Pen testing evolves for the DevSecOps world  Apple to buy 3D NAND memory from Chinese YMTC Apple's killing the Password. Here's everything you need to know Microsoft's Senior Director of Azure Space Stephen Kitay talks Azure Space and the goal of commercialization of space Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Stephen Kitay Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: IRL Podcast itpro.tv/enterprise use code ENTERPRISE30 UserWay.org/twit

IHG hotels cyberattack, Apple Passkeys, Azure Space, and more. Cyberattack disrupts bookings for IHG hotels Attackers exploit zero-day WordPress plug-in vulnerability in BackupBuddy Pen testing evolves for the DevSecOps world  Apple to buy 3D NAND memory from Chinese YMTC Apple's killing the Password. Here's everything you need to know Microsoft's Senior Director of Azure Space Stephen Kitay talks Azure Space and the goal of commercialization of space Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Stephen Kitay Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: IRL Podcast itpro.tv/enterprise use code ENTERPRISE30 UserWay.org/twit

Podcast: ICS SECURITY PODCASTEpisode: EP. #37 - OT ZERO TRUSTPub date: 2022-09-10Nos siga no LinkedIn:https://bit.ly/3zXyz2h Assista ao vivo a cada 15 dias, às 19h: https://bit.ly/3oMLKg0 Visite nosso site: https://www.muniosecurity.comThe podcast and artwork embedded on this page are from Munio Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

IHG hotels cyberattack, Apple Passkeys, Azure Space, and more. Cyberattack disrupts bookings for IHG hotels Attackers exploit zero-day WordPress plug-in vulnerability in BackupBuddy Pen testing evolves for the DevSecOps world  Apple to buy 3D NAND memory from Chinese YMTC Apple's killing the Password. Here's everything you need to know Microsoft's Senior Director of Azure Space Stephen Kitay talks Azure Space and the goal of commercialization of space Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Stephen Kitay Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: IRL Podcast itpro.tv/enterprise use code ENTERPRISE30 UserWay.org/twit

IHG hotels cyberattack, Apple Passkeys, Azure Space, and more. Cyberattack disrupts bookings for IHG hotels Attackers exploit zero-day WordPress plug-in vulnerability in BackupBuddy Pen testing evolves for the DevSecOps world  Apple to buy 3D NAND memory from Chinese YMTC Apple's killing the Password. Here's everything you need to know Microsoft's Senior Director of Azure Space Stephen Kitay talks Azure Space and the goal of commercialization of space Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Stephen Kitay Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: IRL Podcast itpro.tv/enterprise use code ENTERPRISE30 UserWay.org/twit

This is a discussion that provides the listener with ideas of how agencies are adopting identification to enable to zero trust and gain some insight into the evolution of access control in the federal government. The federal government certainly is not a monolithic enterprise; it must manage mundane requests like access to National Parks as well as negotiate atomic energy agreements. NIST has reinforced the fact that identification is the first component of deploying Zero Trust. When a mandate comes from the White House to target Zero Trust, it makes sense that each agency will have a history of identification systems and have a different level of sophistication when it comes to identity management. Bryan Rosensteel from Ping gives a remarkable analysis of the evolution of Attribute Based Access Controls. His purview is immense. He begins by examining the historical application of Attribute Based Access Controls. He comments they were effective but tedious to deploy. To streamline this system, Role Based Access Controls were implemented. Unfortunately, today's technical climate allows malicious actors to steal identities and defeat the RBAC method. Bryan Rosensteel argues that today's dynamic system will have to revert to the precise controls that ABAC provides. The weakness of Multiple Factor Authentication is reviewed by David Temoshok, NIST. He suggests that when a person gets a code via SMS text message, it is transmitted via the public telephone system. He calls this weak MFA. This is another reason today's Role Based Access Control, can provide the kind of security that some agencies require. FEMA's needs for identification are broader than most. Dr. Gregory Edwards from FEMA understands the complexity of cryptographic identification models, but he also recognizes that he cannot give every flood victim a federally issued PIV card. Solutions must be provided where FEMA optimizes quick access to federal assistance while maintaining security controls so vital for federal information technology. Listening to this podcast will give the listener a terrific overview of innovations in access control and the variety of ways federal agencies are coping with identification with the new focus on Zero Trust Architecture.

#SecurityConfidential #DarkRhinoSecurity Rafael is a Mentor, Motivational Speaker, Veteran, and an accomplished information and cybersecurity executive. He has many skills such as Risk Mitigation, Encryption, Vendor Collaboration, and PCI/DSS. Rafael has worked as an IT security manager and Principal Information Security Analyst for Lowes, vCiso of Fortalice Solutions, and Senior Security Architect for Sirius Computer Solutions. He is the Founder of RAYA Cyber Solutions LLC and Co-Founder of Carolinas CISO RoundTable. 00:00 Introduction 01:30 Rafaels Background 05:40 How Rafael remained positive 08:00 Motivation for everyone 09:40 Imposter Syndrome 12:20 Firing up that ego 14:00 How to motivate yourself 16:08 “It takes an entire village to keep your data safe” 21:44 Keeping Employees/Humans aware 29:41 Vulnerabilities 32:35 Friction Security 36:00 Target breach 39:29 Third Party Risk 43:30 Zero Trust and SASE 45:50 Corporate Failure 51:08 Personal Failure 53:03 Connecting with Rafael To learn more about Rafael visit https://www.linkedin.com/in/rafael-nunez-jr-167347148/ To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: https://www.instagram.com/securityconfidential/ Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ Twitter: https://twitter.com/darkrhinosec LinkedIn: https://www.linkedin.com/company/dark-rhino-security Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

The National Security Agency, the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence have a new best-practices playbook for software developers. Hillary Benson, director of product management at GitLab and former Navy information warfare officer, discusses her takeaways from the new guidance. Chezian Sivagnanam, chief enterprise architect at the National Science Foundation, explains the two-pronged approach NSF is taking to implementing zero trust. This interview is part of the “Federal Zero Trust: Moving from Aspiration to Transformation” video campaign, underwritten by Forcepoint. The Daily Scoop Podcast is available every weekday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts, Spotify and Stitcher. And if you like what you hear, please let us know in the comments.

 Zero Trust MisconceptionsIn this episode of Agent of Influence, Rob LaMagna-Reiter, CISO at Hudl, joins Nabil for a deep dive into zero trust. Rob also shares insights for building a cybersecurity program and how to align cybersecurity data to business growth.

Everyone's talking about Identity Threat Detection and Response (ITDR) … but what does that mean for people in the IT trenches? In this session, Sean talks with Brian Desmond, Principal at Ravenswood Technology Group, about the various ITDR issues that companies are dealing with today and where the greatest challenges lie for identity pros and organizations alike.

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: China's super spies figure out Rob Joyce ran TAO ops FBI, French authorities fly to Montenegro to investigate ransomware attack NEWSFLASH: Cloudflare are still a bunch of Nazi cuddlers SIM swap drama spills into real world shootings, firebombings Yandex Taxi hack clogs Moscow streets The TikTok breach that wasn't Project Raven veterans get wings clipped Why recent BGP hijacks are getting a bit concerning Much, much more This week's show is brought to you by Corelight, the company that maintains Zeek. Corleight's Federal CTO Jean Schaffer joins us in this week's sponsor interview to talk about whether or not the White House's executive order on Zero Trust is actually changing anything. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Exclusive: Evidence shows US' NSA behind attack on email system of leading Chinese aviation university - Global Times Lukasz Olejnik on Twitter: "Chinese accusation of US/NSA cyberattacks on China's aviation university. Unusually, a strong protest issued by China's Foreign Ministry. Chinese media write about NSA extensively, and doxx/point at Rob Joyce, specifically. Highly amusing! https://t.co/PG1XzZoIcW https://t.co/wRMEAokhVj" / Twitter Patrick Gray on Twitter: "Great thread" / Twitter FBI and French officials arrive in Montenegro to investigate ransomware attack - The Record by Recorded Future Chile says gov't agency struggling with ransomware attack - The Record by Recorded Future Italy warns of cyberattacks on energy industry after Eni, GSE incidents - The Record by Recorded Future Ransomware Gang Accessed Water Supplier's Control System Experts warn of more Ragnar Locker attacks, days after group targets airline - The Record by Recorded Future Kevin Beaumont on Twitter: "IHG Hotel Group incident is ransomware" / Twitter Criminal hackers targeting K-12 schools, U.S. government warns QNAP warns of zero-day vulnerability in latest DeadBolt ransomware campaign - The Record by Recorded Future Cloudflare Suggests It Won't Cut Off Anti-Trans Stalking Forum Cloudflare reverses decision and drops trans trolling website Kiwi Farms | Internet | The Guardian Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire – Krebs on Security State Department debars ex-NSA cyber mercenaries who aided vast UAE surveillance operation Hackers Create Traffic Jam in Moscow by Ordering Dozens of Taxis at Once Through App Light Flashing, Siren Wailing: A Rich Muscovite in a Rush - The New York Times TikTok denies security breach after hackers leak user data, source code Samsung denies Social Security numbers involved in latest breach - The Record by Recorded Future Truth Behind the Celer Network cBridge cross-chain bridge incident: BGP hijacking | by SlowMist | Coinmonks | Aug, 2022 | Medium nanog: Yet another BGP hijacking towards AS16509 A Windows 11 Automation Tool Can Easily Be Hijacked | WIRED Actors behind PyPI supply chain attack have been active since late 2021 | Ars Technica Cybercriminal Service 'EvilProxy' Seeks to Hijack Accounts Careless Errors in Hundreds of Apps Could Expose Troves of Data | WIRED WatchGuard firewall exploit threatens appliance takeover | The Daily Swig Patched TikTok security flaw allowed one-click account takeovers - The Record by Recorded Future Chrome extensions with 1.4M installs covertly track visits and inject code | Ars Technica Peter Eckersley, co-creator of Let's Encrypt, dies at just 43 – Naked Security DownUnderCTF

Is the news media collaborating to manipulate our collective consciousness? How would that happen? Is local news "more true" than national news? What about OPSEC for the war in Ukraine? Could an organization cause a kinetic attack based on pictures that came from soldiers sharing via social media? How does politics play into the space around cyber and disinformation? Some hard hitting questions in this one to ponder.

A new advance notice of proposed rulemaking from the General Services Administration seeks to reduce single-use plastics in packaging. Larry Allen, president of Allen Federal Business Partners, discusses the impact that may have on federal contractors, plus some do's and don'ts as the end of the fiscal year nears. Agency leaders say it could take up to three years to get all the tools they need to execute the Biden Administration's vision for zero trust, according to the results from a recent FedScoop survey. Department of Education Chief Information Security Officer Steven Hernandez tells Scoop News Group's Wyatt Kash the impact zero trust will have on all leaders across government. The Daily Scoop Podcast is available every weekday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts, Spotify and Stitcher. And if you like what you hear, please let us know in the comments.

What will happen to my Ethereum after Ethereum's Merge? Blockchain Solutions and use cases - Zero Trust Solutions - PTG-Podcast-September-7-2022Visit https://ComplianceArmor.com for the latest in Cybersecurity and Training.NO INVESTMENT ADVICEThe Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG or any third party service provider to buy or sell any securities or other financial instruments in this or in in any other jurisdiction in which such solicitation or offer would be unlawful under the securities laws of such jurisdiction.Please like, subscribe and visit all of our properties at:YouTube: https://www.youtube.com/channel/UC8Hgyv0SzIqLfKqQ03ch0BgYouTube: https://www.youtube.com/channel/UCa9l3tgOOHMJ6dClNn8BiqQ Podcasts: https://petronellatech.com/podcasts/ Website: https://compliancearmor.comWebsite: https://blockchainsecurity.comLinkedIn: https://www.linkedin.com/in/cybersecurity-compliance/ Visit https://ComplianceArmor.com for the latest in Cybersecurity and Training.NO INVESTMENT ADVICE - The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG.Please be sure to Call 877-468-2721 or visit https://petronellatech.com

Zero Trust, as a required technology for enterprise, has been accelerating for the last several years based on the restructuring of corporate workplace to include remote working policies which highlighted the vulnerabilities in company networks. Pavel Gurvich, Senior Vice President & General Manager, Enterprise Security Group with Akamai speaks with Don Witt of the Channel Daily News, a TR publication, about the Akamai Zero Trust architecture. Zero Trust is first conceptualized and then Pavel reviews the implementation strategy of Akamai. Pavel Gurvich It is an evolving process which includes Zero Trust Network Access, Micro-segmentation, Application Access restrictions and MFA. With all of this implemented, it is vital to provide the monitoring of all aspects of the network to ensure that no breach has been made, all devices are working properly and at the latest revision levels are deployed. Listen in to a very good description of Zero Trust and their implementation. Over 20 years ago, they set out to solve the toughest challenge of the early internet: the “World-Wide Wait.” And they've been solving the internet's toughest challenges ever since, working toward their vision of a safer and more connected world. With the world's most distributed compute platform — from cloud to edge — they make it easy for businesses to develop and run applications, while they keep experiences closer to users and threats farther away. That's why innovative companies worldwide choose Akamai to build, deliver, and secure their digital experiences. Their suite of leading security, compute, and delivery solutions are helping global companies make life better for billions of people, billions of times a day. For more information, go to: https://www.akamai.com/

In this episode of Phoenix Cast, hosts John and Kyle are joined by special guest Col Brian Russell and we discuss whether BYOD is the right thing for the Marine Corps.  Share your thoughts with us on Twitter: @USMC_TFPhoenix (Now verified!) Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts. Links: Fedscoop article on BYOD:  https://www.fedscoop.com/army-to-kick-off-bring-your-own-device-byod-pilot-in-coming-weeks/ Brian's article for the MCA: https://mca-marines.org/blog/2022/07/12/before-firing-a-shot-operations-in-the-information-environment-in-the-marine-corps/ NIST 800-207: https://csrc.nist.gov/publications/detail/sp/800-207/final CrowdStrike's Zero Trust overview: https://www.crowdstrike.com/cybersecurity-101/zero-trust-security/ Google BeyondCorp: https://cloud.google.com/beyondcorp Okta's BeyondCorp Website: https://beyondcorp.com

What is Operational Technology? OT are the systems that keep hospitals running. Like Medical devices, these critical infrastructure items have unique characteristics that make securing them difficult. So, what are the common OT devices found in a hospital and what should we do about them? What is OT Security? Practices and technologies used to (a) protect people, assets, and information, (b) monitor and/or control physical devices, processes and events, and (c) initiate state changes to enterprise OT systems. Talk to Medigate about their OT security solutions to help keep you operating https://www.medigate.io/demo (https://www.medigate.io/demo) This is episode 5 of 5 in our series “Challenges and Solutions to Unmanaged Devices in Healthcare”. Other topics we cover include Visibility for Zero Trust, Mergers and Acquisitions, Holistic Assessments, and Improved Device Effectiveness. Thanks for listening!  Sign up for our webinar: https://thisweekhealth.com/briefing_campaigns/challenges-and-solutions-to-unmanaged-devices-in-healthcare/ (Challenges and Solutions to Unmanaged Devices in Healthcare) - Thursday September 8, 2022: 1pm ET / 10am PT

Every hospital has thousands of devices that cost thousands of dollars each, yet most of them are idle around 52% of the time. On top of all that, the nursing units are always asking for more! Having an up-to-date inventory, tracking utilization, and monitoring physical location can significantly improve effectiveness and will return millions of dollars back to the operational budget. To learn more about Clinical Device Efficiency, visithttps://www.medigate.io/ ( https://www.medigate.io/)http://medigate.io/cde (cde) This is episode 4 of 5 on our series “Challenges and Solutions to Unmanaged Devices in Healthcare”. Other topics we cover include Visibility for Zero Trust, Mergers and Acquisitions, Holistic Assessments, and Securing OT Assets. Stay tuned for more.  Sign up for our webinar: https://thisweekhealth.com/briefing_campaigns/challenges-and-solutions-to-unmanaged-devices-in-healthcare/ (Challenges and Solutions to Unmanaged Devices in Healthcare) - Thursday September 8, 2022: 1pm ET / 10am PT

Does academia take the right approach to producing tomorrow's cybersecurity leaders? What role should private sector leaders play? JP Saini, Chief Digital & Technology Officer at Sunbelt Rentals joins host Sean Cordero to discuss how mentorship directly contributes to better business outcomes, the importance of soft skills, and the fundamentals necessary to find success in a cybersecurity career.

About AlexAlex is the Chief Product Officer of Twingate, which he cofounded in 2019. Alex has held a range of product leadership roles in the enterprise software market over the last 16 years, including at Dropbox, where he was the first enterprise hire in the company's transformation from consumer to enterprise business. A focus of his product career has been using the power of design thinking to make technically complex products intuitive and easy to use. Alex graduated from Stanford University with a degree in Electrical Engineering.Links Referenced:twingate.com: https://twingate.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at Sysdig. Sysdig secures your cloud from source to run. They believe, as do I, that DevOps and security are inextricably linked. If you wanna learn more about how they view this, check out their blog, it's definitely worth the read. To learn more about how they are absolutely getting it right from where I sit, visit Sysdig.com and tell them that I sent you. That's S Y S D I G.com. And my thanks to them for their continued support of this ridiculous nonsense.Corey: This episode is sponsored in part by Honeycomb. When production is running slow, it's hard to know where problems originate. Is it your application code, users, or the underlying systems? I've got five bucks on DNS, personally. Why scroll through endless dashboards while dealing with alert floods, going from tool to tool to tool that you employ, guessing at which puzzle pieces matter? Context switching and tool sprawl are slowly killing both your team and your business. You should care more about one of those than the other; which one is up to you. Drop the separate pillars and enter a world of getting one unified understanding of the one thing driving your business: production. With Honeycomb, you guess less and know more. Try it for free at honeycomb.io/screaminginthecloud. Observability: it's more than just hipster monitoring.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted episode is brought to us by our friends at Twingate, and in addition to bringing you this episode, they also brought me a guest. Alex Marshall is the Chief Product Officer at Twingate. Alex, thank you for joining me, and what is a Twingate?Alex: Yeah, well, thanks. Well, it's great to be here. What is Twingate? Well, the way to think about Twingate is we're really a network overlay layer. And so, the experience you have when you're running Twingate as a user is that network resources or network destinations that wouldn't otherwise be accessible to you or magically accessible to you and you're properly authenticated and authorized to access them.Corey: When you say it's a network overlay, what I tend to hear and the context I usually see that in, in the real world is, “Well, we're running some things in AWS and some things in Google Cloud, and I don't know because of a sudden sharp blow to the head, maybe Azure as well, and how do you get all of the various security network models of security groups on one side to talk to their equivalent on the other side?” And the correct answer is generally that you don't and you use something else that more or less makes the rest of that irrelevant. Is that the direction you're coming at this from, or do you view it differently?Alex: Yeah, so I think the way that we view this in terms of, like, why we decide to build a product in the first place is that if you look at, sort of like, the internet in 2022, like, there's one thing that's missing from the network routing table, which is authentication and authorization on each row [laugh]. And so, the way that we designed the product is we said, “Okay, we're not going to worry about everything, basically, above the network layer and we're going to focus on making sure that what we're controlling with the client is looking at outbound network connections and making sure that when someone accesses something and only when they access it, that we check to make sure that they're allowed access.” We're basically holding those network connections until someone's proven that they're allowed to access to, then we let it go. And so, from the standpoint of, like, figuring out, like, security groups and all that kind of stuff, we're basically saying, like, “Yeah, if you're allowed to access the database in AWS, or your home assistant on your home network, fine, we'll let you do that, but we'll only let you go there once you've proven you're allowed to. And then once you're there, then you know, we'll let you figure out how you want to authenticate into the destination system.” So, our view is, like, let's start at the network layer, and then that solves a lot of problems.Corey: When I call this a VPN, I know a couple of things are going to be true. One, you're almost certainly going to correct me on that because this is all about Zero Trust. This is the Year of our Lord 2022, after all. But also what I round to what basically becomes a VPN to my mind, there are usually two implementations or implementation patterns that I think about. One of them is the idea of client access, where I have a laptop; I'm in a Starbucks; I want to connect to a thing. And the other has historically been considered, site to site, or I have a data center that I want to have constantly connected to my cloud environment. Which side of that mental model do you tend to fall in? Or is that the wrong way to frame it?Alex: Mm-hm. The way we look at it and sort of the vision that we have for what the product should be, the problem that we should be solving for customers is what we want to solve for customers is that Twingate is a product that lets you be certain that your employees can work securely from anywhere. And so, you need a little bit of a different model to do that. And the two examples you gave are actually both entirely valid, especially given the fact that people just work from everywhere now. Like, resources everywhere, they use a lot of different devices, people work from lots of different networks, and so it's a really hard problem to solve.And so, the way that we look at it is that you really want to be running something or have a system in place that's always taking into account the context that user is in. So, in your example of someone's at a Starbucks, you know, in the public WiFi, last time I checked, Starbucks WiFi was unencrypted, so it's pretty bad for security. So, what we should do is you should take that context into account and then make sure that all that traffic is encrypted. But at the same time, like, you might be in the corporate office, network is perfectly safe, but you still want to make sure that you're authorizing people at the point in time they try to access something to make sure that they actually are entitled to access that database in the AWS network. And so, we're trying to get people away from thinking about this, like, point-to-point connection with a VPN, where you know, the usual experience we've all had as employees is, “Great. Now, I need to fire up the VPN. My internet traffic is going to be horrible. My battery's probably going to die. My—”Corey: Pull out the manual token that rotates with an RSA—Alex: Exactly.Corey: —token that spits out a different digital code every 30 seconds if the battery hasn't died or they haven't gotten their seeds leaked again, and then log in and the rest; in some horrible implementations type that code after your password for some Godforsaken reason. Yeah, we've all been down that path and it's like, “Yeah, just sign into the corporate VPN.” It's like, “Did you just tell me to go screw myself because that's what I heard.”Alex: [laugh]. Exactly. And that is exactly the situation that we're in. And the fact is, like, VPNs were invented a long time ago and they were designed to connect to networks, right? They were designed to connect a branch office to a corporate office, and they're just to join all the devices on the network.So, we're really, like—everybody has had this experience of VPN is suffering from the fact that it's the wrong tool for the job. Going back to, sort of like, this idea of, like, us being the network overlay, we don't want to touch any traffic that isn't intended to go to something that the company or the organization or the team wants to protect. And so, we're only going to gate traffic that goes to those network destinations that you actually want to protect. And we're going to make sure that when that happens, it's painless. So, for example, like, you know, I don't know, again, like, use your example again; you've been at Starbucks, you've been working your email, you don't really need to access anything that's private, and all of a sudden, like, you need to as part of your work that you're doing on the Starbucks WiFi is access something that's in AWS.Well, then the moment you do that, then maybe you're actually fine to access it because you've been authenticated, you know, and you're within the window, it's just going to work, right, so you don't have to go through this painful process of firing up the VPN like you're just talking about.Corey: There are a number of companies out there that, first, self-described as being, “Oh, we do Zero Trust.” And when I hear that, what I immediately hear in my own mind is, “I have something to sell you,” which, fair enough, we live in an industry. We're trying to have a society here. I get it. The next part that I wind up getting confused by then is, it seems like one of those deeply overloaded terms that exists to, more or less—in some cases to be very direct—well, we've been selling this thing for 15 years and that's the buzzword, so now we're going to describe it as the thing we do with a fresh coat of paint on it.Other times it seems to be something radically different. And, on some level, I feel like I could wind up building an entire security suite out of nothing other than things self-billing themselves as Zero Trust. What is it that makes Twingate different compared to a wide variety of other offerings, ranging from Seam to whatever the hell an XDR might be to, apparently according to RSA, a breakfast cereal?Alex: So, you're right. Like, Zero Trust is completely, like, overused word. And so, what's different about Twingate is that really, I think goes back to, like, why we started the company in the first place, which is that we started looking at the remote workspace. And this is, of course, before the pandemic, before everybody was actually working remotely and it became a really urgent problem.Corey: During the pandemic, of course, a lot of the traditional VPN companies are, “Huh. Why is the VPN concentrator glowing white in the rack and melting? And it sounds like screaming. What's going on?” Yeah, it turns out capacity provisioning and bottlenecking of an entire company tends to be a thing at scale.Alex: And so, you're right, like, that is exactly the conversation. We've had a bunch of customers over the last couple years, it's like their VPN gateway is, like, blowing up because it used to be that 10% of the workforce used it on average, and all of a sudden everybody had to use it. What's different about our approach in terms of what we observed when we started the company, is that what we noticed is that this term Zero Trust is kind of floating out there, but the only company that actually implemented Zero Trust was Google. So, if you think about the situations that you look at, Zero Trust is like, obvious. It's like, it's what you would want to do if you redesigned the internet, which is you'd want to say every network connection has to be authorized every single time it's made.But the internet isn't actually designed that way. It's designed default open instead of default closed. And so, we looked at the industry are, like, “Great. Like, Google's done it. Google has, like, tons and tons of resources. Why hasn't anyone else done it?”And the example that I like to talk about when we talk about inception of the business is we went to some products that are out there that were implementing the right technological approach, and one of these products is still in use today, believe it or not, but I went to the documentation page, and I hit print, and it was almost 50 pages of documentation to implement it. And so, when you look at that, you're, like, okay, like, maybe there's a usability problem here [laugh]. And so, what we really, really focus on is, how do we make this product as easy as possible to deploy? And that gets into, like, this area of change management. And so, if you're in IT or DevOps or engineering or security and you're listening to this, I'm sure you've been through this process where it's taken months to deploy something because it was just really technically difficult and because you had to change user behavior. So, the thing that we focus on is making sure that you didn't have to change user behavior.Corey: Every time you expect people to start doing things completely differently, congratulations, you've already lost before you've started.Alex: Yes, exactly. And so, the difference with our product is that you can switch off the VPN one day, have people install a Twingate client, and then tomorrow, they still access things with exactly the same addresses they used before. And this seems like such a minor point, but the fact that I don't have to rewrite scripts, I don't have to change my SSH proxy configuration, I don't have to do anything, all of those private DNS addresses or those private IP address, they'll still work because of the way that our client works on the device.Corey: So, what you're saying is fundamental; you could even do a slow rollout. It doesn't need to be a knife-switch cutover at two in the morning where you're scrambling around and, “Oh, my God, we forgot the entire accounting department.”Alex: Yep, that's exactly right. And that is, like, an attraction of deploying this is that you can actually deploy it department by department and not have to change all your infrastructure at the same time. So again, it's like pretty fundamental point here. It's like, if you're going to get adoption technology, it's not just about how cool the technology is under the hood and how advanced it is; it's actually thinking about from a customer and a business standpoint, like, how much is actually going to cost time-wise and effort-wise to move over to the new solution. So, we've really, really focused on that.Corey: Yeah. That is generally one of those things, that seems to be the hardest approach. I mean, let's back up a little bit here because I will challenge—likely—something that you said a few minutes ago, which is Google was the first and only company for a little while doing Zero Trust. Back in 2012, it turned out that we weren't calling it that then, but that is fundamentally what I built out of the ten-person startup that I was at, where I was the first ops hire, which generally comes in right around Series B when developers realize, okay, we can no longer lie to ourselves that we know what we're doing on an ops side. Everything's on fire and no one can sleep through the night. Help, help, help. Which is fine.I've never had tolerance or patience for ops people who insult people in those situations. It's, “Well, they got far enough along to hire you, didn't they? So, maybe show some respect.” But one of the things that I did was, being on the corporate network got you access to the printer in the corner and that was it. There was no special treatment of that network.And I didn't think much of it at the time, but I got some very strange looks and had some—uh, will call it interesting a decade later; most of the pain has faded—discussions with our auditor when we were going through some PCI work, and they showed up and said, “Great. Okay, where are the credentials for your directory?” And my response was, “Our what now?” And that's when I realized there's a certain point of scale. Back when I started as an independent consultant, everything I did for single-sign-on, for example, was my 1Password vault. Easy enough.Now, that we've scaled up beyond that, I'm starting to see the value of things like single-sign-on in a way that I never did before, and in hindsight, I'd like to go back and do things very differently as a result. Scale matters. What is the point of scale that you find is your sweet spot? Is it one person trying to connect to a whole bunch of nonsense? Is it small to midsize companies—and we should probably bound that because to me, a big company is still one that has 200 people there?Alex: To your original interesting point, which is that yeah, kudos to you for, like, implementing that, like, back then because we've had probably—Corey: I was just being lazy and it was what was there. It's like, “Why do I want to maintain a server in the closet? Honestly, I'm not sure that the office is that secure. And all it's going to do—what I'm I going to put on that? A SharePoint server? Please. We're using Macs.”Alex: Yeah, exactly. Yeah. So it's, we've had, like, I don't know at this point, thousands of customer conversations. The number of people have actually gone down that route implementing things themselves as a very small number. And I think that just shows how hard it is. So again, like, kudos.And I think the scale point is, I think, really critical. So, I think it's changed over time, but actually, the point at which a customer gets to a scale where I think a solution has, like, leveraged high value is when you get to maybe only 50, 75 people, which is a pretty small business. And the reason is that that's the point at which a bunch of tools start getting implemented a company, right? When you're five people, you're not going to install, like, an MDM or something on people's devices, right? When you get to 50, 75, 100, you start hiring your first IT team members. That's the point where them being able to, like, centralize management of things at the company becomes really critical.And so, one of the other aspects that makes this a little bit different terms of approach is that what we see is that there's a huge number of tools that have to be managed, and they have different configuration settings. You can't even get consistency on MDM is across different platforms, necessarily, right? Like, Linux, Windows, and Mac are all going to have slight differences, and so what we've been working with the platform towards is actually being the centralization point where we integrate with these different systems and then pull together, like, a consistent way to create those authentication authorization policies I was talking about before. And the last thing on SSO, just to sort of reiterate that, I think that you're talking about you're seeing the value of that, the other thing that we've, like, made a deliberate decision on is that we're not going to try to, like, re-solve, like, a bunch of these problems. Like, some of the things that we do on the user authentication point is that we rely on there being an SSO, like, user directory, that handles authentication, that handles, like, creating user groups. And we want to reuse that when people are using Twingate to control access to network destinations.So, for us, like, it's actually, you know, that point of scale comes fairly early. It only gets harder from there, and it's especially when that IT team is, like, a relatively small number of people compared to number of employees where it becomes really critical to be able to leverage all the technology they have to deploy.Corey: I guess this might be one of those areas where I'm not deep enough in your space to really see it the same way that you do, which is the whole reason I have people like you on the show: so I can ask these questions directly. What is the painful position that I find myself in that I should say, “Ah, I should bring Twingate in to solve this obnoxious, painful problem so I never have to think about it again.” What is it that you solve?Alex: Yeah, I mean, I think for what our customers tell us, it's providing a, like, consistent way to get access into, like, a wide variety of internal resources, and generally in multi-cloud environments. That's where it gets, like, really tricky. And the consistency is, like, really important because you're trying to provide access to your team—often like it's DevOps teams, but all kinds of people can access these things—trying to write access is a multiple different environments, again, there's a consistency problem where there are multiple different ways to provide that, and there isn't a single place to manage all that. And so, it gets really challenging to understand who has access to what, makes sure that credentials expire when they're supposed to expire, make sure that all the routing inside those remote destinations is set up correctly. And it just becomes, like, a real hassle to manage those things.So, that's the big one. And usually where people are coming from is that they've been using VPN to do that because they didn't know anything better exists, or they haven't found anything that's easy enough to deploy, right? So, that's really the problem that they're running into.Corey: There's also a lot of tribal knowledge that gets passed down. The oral tradition of, “I have this problem. What should I do? I know, I will consult the wise old sage.” “Well, where can you find the wise old sage?” “Under the rack of servers, swearing at them.” “Great, cool. Well, use a VPN. That's what we've used since time immemorial.” And then the sins are visited onto yet another generation.There's a sense that I have that companies that are started now are going to have a radically different security posture and a different way of thinking about these things than the quote-unquote, “Legacy companies.”—legacy, of course, being that condescending engineering term for ‘it makes money—who are migrating their way into a brave new world because they had the temerity to found themselves as companies before 2012.Alex: Absolutely. When we're working with customers, there is a sort of a sweet spot, both in terms of, like, the size and role that we were talking about before, but also just in terms of, like, where they are, in, sort of like, the sort of lifecycle of their company. And I think one of the most exciting things for us is that we get to work with companies that are kind of figuring this stuff out for the first time and they're taking a fresh look at, like, what the capabilities are out there in the landscape. And that's, I think, what makes this whole space, like, super, super interesting.There's some really, really fantastic things you can do. Just give you an example, again, that I think might resonate with your audience quite a bit is this whole topic of automation, right? Your time at the tribal knowledge of, like, “Oh, of course. You know, we set up a VPN and so on.” One of the things that I don't think is necessarily obvious in this space is that for the teams that—at companies that are deploying, configuring, managing internal network infrastructure, is that in the past, you've had to make compromises on infrastructure in order to accommodate access, right?Because it's kind of a pain to deploy a bunch of, like, VPN gateways, mostly for the end-user because they got to, like, choose which one they're connecting to. You potentially had to open up traffic routes to accommodate a VPN gateway that you wouldn't otherwise want to open up. And so, one of the things that's, like, really sort of fascinating about, like, a new way of looking at things is that what we allow with Twingate—and part of this is because we've really made sure that the product is, like, API-first in the very beginning, which allows us to very easily integrate in with things, like, Terraform and Pulumi for deployment automation, is that now you have a new way of looking at things, which is that you can build a network infrastructure that you want with the data flow rules that you want, and very easily provide access into, like, points of that infrastructure, whether that's an entire subnet or just a single host somewhere. I think these are the ways, like, the capabilities have been realized are possible until they, sort of like, understand some of these new technologies.Corey: This episode is sponsored in part by our friend EnterpriseDB. EnterpriseDB has been powering enterprise applications with PostgreSQL for 15 years. And now EnterpriseDB has you covered wherever you deploy PostgreSQL on-premises, private cloud, and they just announced a fully-managed service on AWS and Azure called BigAnimal, all one word. Don't leave managing your database to your cloud vendor because they're too busy launching another half-dozen managed databases to focus on any one of them that they didn't build themselves. Instead, work with the experts over at EnterpriseDB. They can save you time and money, they can even help you migrate legacy applications—including Oracle—to the cloud. To learn more, try BigAnimal for free. Go to biganimal.com/snark, and tell them Corey sent you.Corey: This feels like one of those technologies where the place that a customer starts from and where they wind up going are very far apart. Because I can see the metaphorical camel's nose under the tent flap being, “Ah, this is a VPN except it doesn't suck. Great.” But once you wind up with effectively an overlay network connecting all the things that you care about within an organization, it feels like that unlocks a whole universe of possibility.Alex: Mm-hm. Yeah, definitely. I mean, I think you hit the nail on the head there. Like, a lot of people approach us because they're having a lot of pain with VPN and all the operational difficulties they were talking about earlier, but I think what sort of starts to open up is there's some, sort of like, not obvious things that happen. And one of them is that all of a sudden, when you can limit access at a network connection level, you start to think about, like, credentials and access management a little differently, right?So, one of the problems that well-known is people set a bastion host. And they set bastion host so that there's, like, a limited way into the network and all the, you know, keys are stored in that bastion host and so on. So, you basically have a system where fine, we had bastion host set up because, A, we want limited ingress, and B, we want to make sure that we know exactly who has access to our internal resources. You could do away with that and with a simple, like, configuration change, you can basically say, “Even if this employee for whatever reason, we've forgotten to remove—revoke their SSH keys, even if they still have those keys, they can't access the destination because we're blocking network access at their actual device,” then you have a very different way to restrict access. So, it's still important to manage credentials, but you now have a way to actually block things out at a network level. And I think it's like when people start to realize that these capabilities are possible that they definitely start thinking about things a little bit differently. VPNs just don't allow this, like, level of granularity.Corey: I am a firm believer in the idea that any product with any kind of longevity gets an awful lot of its use case and product-market fit not from the people building it, but from the things that those folks learn from their customers. What did you learn from customers rolling out Twingate that reshaped how you thought about the space, or surprised you as far as use cases go?Alex: Yeah, so I think it's a really interesting question because one of the benefits of having a small business and being early on is that you have very close relationships with all your customers and they're really passionate about your product. And what that leads to is just a lot of, sort of like, knowledge sharing around, like, how they're using your product, which then helps inform the types of things that we build. So, one of the things that we've done internally to help us learn, but then also help us respond more quickly to customers, is we have this group called Twingate Labs. And it's really just a group of folks that are outside the engineering org that are just allowed to build whatever they want to try to prove out, like, interesting concepts. And a lot of those—I say a lot; honestly, probably all of those concepts have come from our customers, and so we've been able to, like, push the boundaries on that.And so, it just gave you an example, I mean, AWS can be sometimes a challenging product to manage and interact with, and so that team has, for example, built capabilities, again, using that just the regular Twingate API to show that it's possible to automatically configure resources in AWS based on tags. Now, that's not something that's in our product, but it's us showing our customers that, you know, we can respond quickly to them and then they actually, like, try to accommodate some, like, these special use cases they have. And if that works out, then great, we'll pull it into the product, right? So, I think that's, like, the nice thing about serving a smaller businesses is that you get a lot of that back and forth to your customers and they help us generate ideas, too.Corey: One thing that stands out to me from the testimonials from customers you have on your website has been a recurring theme that crops up that speaks to I guess, once I spend more than ten seconds thinking about it, one of the most obvious reasons that I would say, “Oh, Twingate? That sounds great for somebody else. We're never rolling it out here.” And that is the ease of adoption into environments that are not greenfield because I don't believe that something like this product will ever get deployed to something greenfield because this is exactly the kind of problem that you don't realize exists and don't have to solve for until it's too late because you already have that painful problem. It's an early optimization until suddenly, it's something you should have done six months ago. What is the rolling it out process for a company that presumably already is built out, has hired a bunch of people, and they already have something that, quote-unquote, “Works,” for granting access to things?Alex: Mm-hm. Yeah, so the beauty is that you can really deploy this side-by-side with an existing solution, so—whatever it happens to be; I mean, whether it's a VPN or something else—is you can put the side-by-side and the deployment process, just to talk a little bit about the architecture; we've talked a lot about this client that runs on the user's device, but on the remote network side, just to be really clear on this, there's a component called a connector that gets deployed inside the remote network, and it does not have to be installed on every single destination host. You're sort of thinking about it, sort of like this routing point inside that network, and that connector controls what traffic is allowed to go to internal locations based on the rules. So, from a deployment standpoint, it's really just put a connector in place and put it in place in whatever subnet you want to provide access to.And so you're—unlikely, but if your entire company has one subnet, great. You're done with one connector. But it does mean you can sort of gradually roll it out as it goes. And the connector can be deployed in a bunch of different environments, so we're just talking with AWS. Maybe it's inside a VPC, but we have a lot of people that actually just want to control access to specific services inside a Kubernetes cluster, and so you can deploy it as a container, right inside Kubernetes. And so, you can be, like, really specific about how you do that and then gradually roll it out to teams as they need it and without having to necessarily on that day actually shut off the old solution.So, just to your comment, by the way, on the greenfield versus, sort of like, brownfield, I think the greenfield story, I think, is changing a little bit, I think, especially to your comment earlier around younger companies. I think younger companies are realizing that this type of capability is an option and that they want to get in earlier. But the reality is that, you know, 98% of people are really in the established network situation, and so that's where that rollout process is really important.Corey: As you take a look throughout what you're seeing customers doing, what you see the industry doing as a result of that—because customers are, in fact, the industry, let's be clear here—what do you think is, I guess, the next wave of security offerings? I guess what I'm trying to do here is read the tea leaves and predict what the buzzwords will be all over the place that next RSA. But on a slightly more serious note, what do you see this is building towards? What are the trends that you're identifying in the space?Alex: There's a couple of things that we see. So one, sort of, way to look at this is that we're sort of in this, like, Third Wave. And I think these things change more slowly than—with all due respect to marketers—than marketers would [laugh] have you believe. And so, thinking about where we are, there's, like, Wave One is, like, good old happy days, we're all in the office, like, your computer can't move, like, all the data is in the office, like, everything is in one place, right?Corey: What if someone steals your desktop? Well, they're probably going to give themselves a hernia because that thing's heavy. Yeah.Alex: Exactly. And is it really worth stealing, right? But the Wave One was really, like, network security was actually just physical security, to that point; that's all it was, just, like, physically secure the premises.Wave Two—and arguably you could say we're kind of still in this—is actually the transition to cloud. So, let's convert all CapEx to OpEx, but that also introduces a different problem, which is that everything is off-network. So, you have to, like, figure out, you know, what you do about that.But Wave Three is really I think—and again, just to be clear, I think Wave Two, there are, like, multi-decade things that happen—and I'd say we're in the middle of, like, Wave Three. And I think that everyone is still, like, gradually adapting to this, which is what we describe it as sort of people everywhere, applications are everywhere, people are using a whole bunch of different devices, right? There is no such thing as BYOD in the early-2000s, late-90s, and people are accessing things from all kinds of different networks. And this presents a really, really challenging problem. So, I would argue, to your question, I think we're still in the middle of that Wave Three and it's going to take a long time to see that play through the industry. Just, things change slowly. That tribal knowledge takes time to change.The other thing that I think we very strongly believe in is that—and again, this is, sort of like, coming from our customers, too—is that people basically with security industry have had a tough time trying things out and adopting them because a lot of vendors have put a lot of blockers in place of doing that. There's no public documentation; you can't just go use the product. You got to talk to a salesperson who then filters you through—Corey: We have our fifth call with the sales team. We're hoping this is the one where they'll tell us how much it costs.Alex: Exactly. Or like, you know, now you get to the sales engineer, so you gradually adopt this knowledge. But ultimately, people just want to try the darn thing [laugh], right? So, I think we're big believers that I think hopefully, what we'll see in the security industry is that—we're trying to set an example here—is really that there's an old way of doing things, but a new way of doing things is make the product available for people to use, document the heck out of it, explain all the different use cases that exist for how to be successful your product, and then have these users actually then reach out to you when they want to have more in-depth conversation about things. So, those are the two big things, I'd say. I don't know if those are translated buzzwords at RSA, but those are two big trends we see.Corey: I look forward to having you back in a year or two and seeing how close we get to the reality. “Well, I guess we didn't see that acronym coming, but don't worry. They've been doing it for the last 15 years under different names, so it works out.” I really want to thank you for being as generous with your time as you have been. If people want to learn more, where should they go?Alex: Well, as we're just talking about, you try the product at twingate.com. So, that should be your first stop.Corey: And we will of course put links to that in the show notes. Thank you so much for being as forthcoming as you have been about all this stuff. I really appreciate your time.Alex: Yeah, thank you, Corey. I really appreciate it. Thanks.Corey: Alex Marshall, Chief Product Officer at Twingate. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with a long angry ranty comment about what you hated about the episode, which will inevitably get lost when it fails to submit because your crappy VPN concentrator just dropped it on the floor.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.