Category Archives: Security

Why are Backups so Tricky?

Why are Backups so Tricky?

Backups are really, really tricky! We talk through a lot of different things that you have to consider in making successful backups like security, resilience, how you store the data, how you recover the data and rebuild the systems. Basically, we ran the gamut on backup challenges.

You really need to think through a lot of the considerations! Our discussion will help make you better at backups.

Transcript: otter.ai/u/icmWxa0LmLT1Um-uAVWwGFc9Wq4
Photo by Alena Darmel from Pexels [ID 9037305]Cloud2030DataBackupsReliabilitySecurityResilience

Certificate Management (Let’s Encrypt Expiry)

Understanding and Managing Certificates is a critical operational skill in which we cover the basics and then go deeper.

If you are familiar with SSL HTTPS, you are using certificates on a daily basis. And yet, actual management of trust and root CA is and distributing private and public keys or distributing public keys and managing private keys is tricky.

Even our expert panel still struggles while we understand what’s going on. One of the challenges with this is in education and having people understand what they’re actually getting from certificates and trust, and what they’re not getting.

Transcript: otter.ai/u/CpGE5ybdVqiIlfoNqMIknTsLId4
Photo by Andres Ayrton from Pexels [ID 6551298]

A Peak Of Trustability?

“The peak of trustability” came up during our discussion of Trust in general. We really unwound what trust means starting from simple concepts like credentials and certificates and other security items.

We got to a point where trust is also about software supply chain! Security includes how much you keep up with changes and what the latest things are. Then we realized that trust has an important time value: you don’t trust, initially, you build trust, and then you lose trust.

This creates a peak of trust ability concept that I hadn’t heard articulated before. I think is really important in understanding trust in a broader sense, especially when we think about Zero Trust. That;s not the end. It’s an end point and it’s also a starting point for building interconnections and relationships with people and tech.

Transcript: otter.ai/u/TNRiua5DxzsdR3Yh0eEjRJ45FB0
Photo: Photo by cottonbro from Pexels

Topics for a Security Training Course

DevOps Lunch and Learn was about security practices. Specifically, we built an outline of topics in security that we think are necessary for developers and operators to build secure applications.

We basically built a week long course curriculum!

As we go through what this course curriculum we walk through who needs to know this information and why.

If you want to see all of the detail here, please see: docs.google.com/document/d/1x5QLP…ng=h.c2phqte5q4pl

Transcript: otter.ai/u/UyMAmiHi-rRAreMa0FjxaVNomhQ
Photo by PhotoMIX Company from Pexels [ID 226746]

Guardsquare on Mobile App Development Security

Joining the podcast this week is Sander Bogaert, VP Engineering at Guardsquare.

About Sander Bogaert
Sander Bogaert leads the technical teams at Guardsquare. He ensures engineering efforts are aligned with the company’s technical vision and helps determine the next steps for existing and new products. Sander joined Guardsquare very early on and built iXGuard from scratch after some initial months working on DexGuard.

About Guardsquare
Guardsquare is the global leader in mobile application protection. Hundreds of customers worldwide across all major industries rely on Guardsquare to secure their mobile applications against reverse engineering and hacking. Built on open source ProGuard technology, Guardsquare software integrates transparently in the development process and adds multiple layers of protection to Android (DexGuard) and iOS (iXGuard) applications, hardening them against both on-device and off-device attacks. Guardsquare is based in Leuven (Belgium) with a US office in Boston, MA.

Tricia Howard on Security as a Culture not a Tool Set

Joining us this week is Tricia Howard, Client Manager, Optiv for a special RANTCAST on Security.

About Optiv

Optiv Security is a security solutions integrator that enables clients to reduce risk by taking a strategic approach to cybersecurity. Align your security program to achieve specific business outcomes with our full suite of service capabilities, from strategy to technology—and everything in between.

Highlights:

  • Security Rant
  • Data Privacy and Rights / Data Security
  • Companies and Storage/Security of Personal Data
  • Data is a Currency
  • Securing Systems and Data Leakage
  • Password Re-Use and Lack of Re-Use Impact on Vendors / SIM Hacking
  • Monopoly Power of Big Tech Companies & Gov’t Regulation
  • Dark Web – What is it?
  • Identity on Internet
  • Perimeter Security

Time Stamp

  • 0 min 32 sec: Introduction of Guest
  • 1 min 20 sec: Rant on Security
    • Lack of Security Awareness outside of IT
    • End-User Shame vs End User Enable
  • 4 min 42 sec: What should Companies do who Collect Data?
    • Users should have rights to know what they are opting in for ~ Data Mining
    • Facebook and Congress not understanding each other
  • 8 min 05 sec: Intermixing Data Privacy and Data Security?
    • Not mutually exclusive
    • Build a culture around security
  • 9 min 03 sec: Data Leaks from Companies with our Data
    • How is data being forwarded to other companies that I am unaware is happening
    • Nothing is Free ~ Data is a Currency
  • 15 min 30 sec: Securing Systems and then Spreading Data all over the Internet
    • Zero Trust
    • Bouncers and Bartenders
    • Password re-use creates issues for vendors
    • SIM Card Hacking (#130 The SnapChat Thief)
  • 19 min 22 sec: Journalist Video on Not using Large Corporations for Security Reasons
    • Duck Duck Go (still runs on AWS)
    • Gov’t Regulations?
    • Dark Web – What is it? Nefarious
  • 23 min 30 sec: Identity on the Internet
  • 26 min 43 sec: Perimeter Security
    • There is no perimeter
    • Security as Culture not a Toolset
  • 28 min 02 sec: Wrap-Up
    • Includes Westminster 2019 Discussion

Podcast Guest: Tricia Howard, Client Manager, Optiv

A Native Texan now living in the magnificent New York City, Tricia Howard is an artist gone rogue who ended up in the wonderful world of technology. With a B.A. in Theatre Arts and interests ranging from Star Wars to Opera, she brings a unique and artistic perspective to her clients and the tech world. When she’s not solving business problems, you can find her singing, painting, and doing copious amounts of jigsaw puzzles.

@TriciaKicksSaaS

Syed Zaaem Hosain on Edge, IoT, and Reality

Joining us this week is Syed Zaeem Hosain, CTO and Founder of Aeris from the KeyBanc Emerging Tech Summit.

Aeris is a technology partner with a proven history of helping companies unlock the value of IoT. For more than a decade, we’ve powered critical projects for some of the most demanding customers of IoT services. Aeris strives to fundamentally improve businesses by dramatically reducing costs, accelerating time-to-market, and enabling new revenue streams. Built from the ground up for IoT and globally tested at scale, Aeris IoT Services are based on the broadest technology stack in the industry, spanning connectivity up to vertical solutions. As veterans of the industry, we know that implementing an IoT solution can be complex, and we pride ourselves on making it simpler