Access Control

By Teleport

Access Control, a podcast providing practical security advice for startups.... more

5

33 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Access Control:

How many episodes does Access Control have?

The podcast currently has 25 episodes available.

Access Control episodes:

June 28, 2021Securing DevOps
Practical advice for securing the cloud
Pickup the Book: Securing DevOps
Get 35% off with when using podaccctrl21.
https://www.manning.com/books/securing-devops
http://mng.bz/y9ed
Key Topics
For startups, it's important to start with the smallest attack
surface possible for a startup, to focus on their product and leave
complex infrastructure security and cloud security problems for later
on.
The need to start segmenting permissions when there are too many people in a team is a natural, and getting into the cloud services and cloud security business knowing that rearchitecting regularly will be needed is healthy.
One of the most critical issues we observe in cloud environments today is leaking credentials that give attackers access to identities or accounts in the cloud; such access can be misused to break into services or abuse resources.
Log management is absolutely critical for security teams of course, but also for anyone else involved with building and running services in the cloud.
When trying to identify top threats, talk to organization leadership. Often the top threats are already known to the executives.
Engineers typically want to build security into their systems or their services. They often don't necessarily have the support to do so because that security requirement is not well-documented or explained.
...more
47min
May 27, 2021Offensive Security and the JavaScript Ecosystem
A discussion with Adam Baldwin
Key Topics on Access Control Podcast: Episode 4 – Offensive Security and the JavaScript Ecosystem
Auth0 is a platform that provides centralized login and identity for other companies.
The offensive security team at Auth0 is an internal team that is a trusted adversary that attempts to hack the company and then provides a report, which is something that a regular adversary on the internet won't provide.
Challenges faces as VP of Security at npm were scale and availability
— Keeping the registry online so that you could get your packages.
Malicious packages on npm were definitely a challenge. The damaging attacks were when an account was actually taken over.
The problem with 2FA is that it wasn't friendly for publishing.
One security tip for building new applications is having less attackable surface.
...more
38min
May 11, 2021State of Startup Application Security with Luca Carettoni
Luca Carettoni on the current state of startup security.
Key Topics on Access Control Podcast: Episode 3 – An Insider's View on Startup Security from Luca Carettoni
Pentesting is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.
It's important how you react to a security compromise rather than always trying to prevent a compromise.
Doyensec provides product security testing services primarily in the application security space.
A startup should address security internally if possible, and if not, outsource.
Security hires should be made depending on the company's particular security priorities.
The technologies you choose have a big impact on potential security risks.
Among the top vulnerabilities witnessed are deserialization vulnerabilities (such as Java deserialization) and Server-Side Request Forgery.
Follow Luca on Twitter https://twitter.com/lucacarettoni
...more
36min
April 30, 2021 There is no such thing as DevSecOps
A discussion with Dave Mangot
[video] There's no such thing as DevSecOps - Dave Mangot
...more
45min
April 16, 2021When should a startup hire a CSO?
A discussion with Donnie Hasseltine
Key Topics on Access Control Podcast: Episode 1 – A Security Chat with Donnie Hasseltine
Skilled cyber practitioners are in high demand, and transitioning to the cybersecurity industry is not a difficult transition for those already practicing cybersecurity in the military.
Xenon is a tech private equity team that buys and operates B2B SaaS companies, with a focus on distressed assets.
Acquired startups tend to have a general lack of knowledge of basic security hygiene and where the risks lie in the company.
There is no such thing as a normal day for a CSO.
Companies that can't yet afford a CSO should at least put one person in charge of security.
TeamPassword is a password manager, and password management is a critical tool for not just business but also for individuals.
It's important to consider what leads to hacks, such as the recent SolarWinds hack.
Addressing computer security vulnerabilities requires addressing the human aspect of security since it may be the source of vulnerabilities.
This podcast is produced and sponsored by Teleport.
...more
44min

FAQs about Access Control:

How many episodes does Access Control have?

The podcast currently has 25 episodes available.