Access Control, a podcast providing practical security advice for startups.... more
Share Access Control
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Access Control
By Teleport
5
33 ratings
FAQs about Access Control:
How many episodes does Access Control have?
The podcast currently has 24 episodes available.
Access Control episodes:
July 16, 2024From SIEM to Detection as Code Cloud-Native SIEM: Scaling Security for the Modern Era00:00 - Introduction to Jack Naglieri and Panther
01:23 - Discussing the possibility of keeping pace with modern threats02:08 - Common reasons organizations seek out new SIEM solutions03:29 - The concept of detection-as-code and its benefits05:50 - Challenges of monitoring diverse cloud environments and SaaS tools07:17 - The importance of identity in correlating security data08:46 - Best practices for collecting and organizing security data10:51 - The essentialist approach to security monitoring and alert management12:46 - Team structures for handling security alerts and investigations13:48 - Recommendations for fine-tuning SIEM alerts15:35 - The role of SIEMs in threat remediation and prevention17:07 - Learning from patterns in security events19:20 - Views on AI and machine learning in threat detection19:59 - Log retention strategies and considerations21:12 - Addressing unknown threats and improving visibility22:55 - Using SIEMs for retroactive incident analysis23:31 - Current challenges facing security teams24:38 - Tips for transitioning to detection-as-code25:45 - Cost considerations when adopting new SIEM solutions27:21 - Jack's key tip: Focus on intentionality in security operationsKey Takeaways:
Detection-as-code offers improved governance, collaboration, and scalability
Start with a clear understanding of critical threats to your organizationBalance comprehensive monitoring with intentional, focused alertsConsider cloud-native SIEM solutions for cost-effectiveness and scalabilityRegularly review and update security playbooks and runbooksResources Mentioned:
Panther: Cloud-native SIEM platformDetection at Scale: Jack Naglieri's podcast and blog...more June 06, 2024Certificates, Keys, and Trust: The World of PKI and mTLS. Key Discussion Points:
- Ben and Chris discuss their motivation for starting Anchor, stemming from frustrating experiences with certificate management and outages caused by expired certs throughout their careers.
- The evolution of web cryptography is covered, from the early days of SSL to the modern era ushered in by events like the Firesheep exploit, Heartbleed vulnerability, and the emergence of Let's Encrypt.
- Ben and Chris explain the benefits of using an internal PKI and private CAs rather than public CAs for back-end infrastructure. Private CAs enable shorter certificate lifetimes, protect information about internal infrastructure, and allow customized issuance flows.
- To help improve the developer experience with local TLS, Anchor launched lcl.host which provides an easy workflow for developers to use real certificates during local development.
- Security best practices are discussed, including using name constraints to limit certificate scope, employing a multi-layered security approach, practicing key rotation and disaster recovery scenarios.
- Advice is given for teams new to PKI and MTLS, emphasizing the importance of hands-on experimentation in dev environments to build understanding.
https://lcl.host/
...more May 13, 2024Security as a Service For this 22nd episode of Access Control Podcast, a podcast providing practical security advice for startups, Director of Product at Teleport Ben Arent chats with Rob Picard. Rob is the CEO of Observa, a company that can build and run your security program — helping early-stage companies improve their security, get compliant and ultimately help both secure and grow their businesses. Prior to starting Observa, Rob was a security lead at Vanta, a leading SOC2 compliance platform. Rob’s experience bridges pentesting, app security, and varied experience from working in both B2B and B2C apps....more January 12, 2024Securing the Open-source Future Cryptography, Trust, and Open-Source with Filippo ValsordaThroughout this episode, Filippo offers a comprehensive view of his professional journey in the field, from his initial intrigue with cryptographic algorithms during his high school years to his pivotal role in the Go Team at Google. Key discussion points include:
- Key milestones in web cryptography include HTTPS, WebPKI, and the impact of messaging protocols like Signal and WhatsApp on end-to-end encryption.
- Looking to the future, Filippo discusses the importance of transparency mechanisms in cryptography and highlights the need for accountability.
- Filippo advises against rolling one's own crypto but encourages collaboration and learning with experienced individuals to build a feedback loop for secure implementations.
- Filippo shares his thoughts on the current state of Certificate Authorities (CAs).
- Filippo explains the accountability established by transparency in open source and compares it to closed-source software.
- Security patching is addressed, highlighting the need for a balance between stability and urgency when applying patches.
- Filippo explains the potential threats posed by quantum computers and the ongoing efforts to implement post-quantum key exchanges in protocols like SSH and TLS.
- Cryptographic concerns in cloud computing are discussed, focusing on the importance of trust in cloud platforms while acknowledging the shared responsibility model.
- In a practical piece of advice for improving security, Filippo recommends being deliberate in trimming dependency trees to reduce vulnerabilities.
...more December 15, 2023From Orange Book to Identity-Native Access Evolution with Ev KontsevoyAccess Control Podcast: Episode 20 - From Orange Book to Identity-Native
- Access control consists of four technical components: Authentication, Connectivity, Authorization, and Audit.
- Multics, an advanced operating system, serves as inspiration for Teleport's approach to scaling access control. Multics introduced the concept of a reference monitor as a central point for policy evaluation and enforcement.
- The Trusted Computer System Evaluation Criteria (TCSEC), known as the Orange Book, set basic requirements for assessing the effectiveness of computer security controls.
- The CIA triad (Confidentiality, Integrity, and Availability) is presented as the foundation of trustworthiness in computing systems.
- Teleport provides identity-native infrastructure access to servers, cloud applications, and web applications. Teleport's implementation of zero trust involves technical aspects like reverse tunnels to establish connectivity behind firewalls.
- The concept of true identity should be differentiated from the common practice of associating identity with electronic records or aliases.
- The use of shared credentials or shared identities across various systems is a common anti-pattern.
- The state of authorization in current systems is broken, and it's difficult to synchronize role-based access control (RBAC) rules across different layers of technology.
- The discussion challenges the current emphasis on visibility and audit logs, suggesting that once authorization is properly solved, the importance of observability will decrease.
- A collaborative and trust-building approach between security teams and engineers is critical. Security measures should not hinder productivity but should be designed to work seamlessly with the broader computing ecosystem.
...more July 07, 2023University Access Control Open Computing Facility Accesshttps://www.ocf.berkeley.edu/
...more March 23, 2023Multi-Layered Security How Sendbird adds layers to their zero-trust security program.Key topics on Access Control Podcast: Episode 18 - Multi-Layered Trust- Sendbird provides APIs and services for chat and products to integrate into applications.
- As Sendbird is B2B, B2B2B, and B2B2C, its customers use Sendbird to build chat applications that their own customers use, resulting in a lot of data that enters Sendbird's system and that needs to be secured.
- Compliance and security go hand in hand. You determine how compliance requirements fit your business and use them as a baseline to improve your company's security posture.
- Two guidelines for access control are a multi-layered design (where more than one thing should go wrong for something bad to happen within the company) and keeping things as simple as possible.
- A sound access control philosophy ensures that people in the company have access to what they need to do their jobs.
- Security is always should be a balance between usability and providing security.
...more December 21, 2022Access at Scale How Jump Trading Group uses Teleport to access at scaleWith Joseph Conti, Systems Engineer and Linux enthusiast with 15+ years of financial industry engineering experience, and Chris Spann from Jump Trading Group.
Watch a video version of this panel on Jan 26th https://goteleport.com/teleport-connect-virtual-2022/
...more August 09, 2022Platform for HyperGrowth How to plan, build and grow a platform team for HyperGrowth companies.For this 16th episode of Access Control Podcast, a podcast providing practical security advice for startups, Developer Relations Engineer at Teleport Ben Arent chats with Lukáš Hrachovina. Lukas is an Engineering Manager for the Cloud Engineering team at Productboard. ProductBoard was founded in 2014, and is a product management system that helps organizations get the right products to market faster. Lukas has been at the company 2 years and has helped keep systems stable as ProductBoard has entered into hypergrowth. This episode dives into how to plan, build and execute a platform team to help support a growing organization while keeping systems as secure as possible.
Key topics on Access Control Podcast: Episode 16 - Platform for HyperGrowth- Productboard is a product management system that lets organizations get the right products to market faster.
- Productboard is transitioning to Backstage, a tool from Spotify, to build a developer portal, and has moved its documentation there as well.
- To securely offboard engineers, Productboard uses a variety of tools including Okta and Vault.
- Productboard chose Teleport to improve their security as the number of engineers grew and since the company works with customer data, so it's critical to protect that data and prevent any possible leaks.
...more April 29, 2022How a BISO can help accelerate Fintech innovation Overview of PodcastFor this 15th episode of Access Control Podcast, a podcast providing practical security advice for startups, Developer Relations Engineer at Teleport Ben Arent chats with Alyssa Miller. Alyssa is a seasoned hacker and highly experienced security executive. Alyssa began her career programming for a Wisconsin-based provider of financial software and services. Later moving into a leadership role within the ethical hacking team, conducting pen tests and app assessments. This was followed by working in consulting, which provided a unique perspective on the challenges of the security industry, and then working across multiple organizations and high-level executives to address security at a strategic level.
This brings us to today, where Alyssa directs security strategy for S&P Global Ratings as a Business Information Security Officer (BISO). S&P Global is a 162-year-old finance services company, with over 50k employees. Today we’ll dive into how Fintech companies can learn the best practices and navigate the regulatory landscape, and how to embed these security practices to truly shift left and empower developers.
Key topics on Access Control Podcast: Episode 15 - How a BISO Can Help Accelerate Fintech Innovation- BISO is a fairly young role within cybersecurity that gets structured
differently across organizations. A BISO's primary goal is to provide a bridgebetween the cybersecurity function of the organization and the individual business lines.- S&P Global Ratings, part of S&P Global, is focused on credit ratings for organizations and sovereign nations.
- When looking to adopt new technologies, you have to consider what this means in terms of the regulatory environment.
- If you're starting up a fintech, you're going to be working with regulatory bodies. Regulators can help you understand what the right ways are to be compliant with specific regulations.
- The best thing you can do with a regulator is give them reason to trust you, by showing them that you're thinking about the things that you should be thinking about, and by doing the right things.
- Compliance can be broader than regulation. Regulators such as SEC, FCA and ESMA vary based on the environment that they're in. The key is to work with them proactively.
- Getting software to production involves what can be described as a three-headed monster of responsibility: software has to be delivered efficiently, has to be stable and has to be secure.
...more
FAQs about Access Control:
How many episodes does Access Control have?
The podcast currently has 24 episodes available.