Sign up to save your podcasts
Or
Share From Code to Cloud: Breaking Down Advanced Software Supply Chain Red Teaming Techniques | A Conversation with Paul McCarty | Redefining CyberSecurity with Sean Martin
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
From Code to Cloud: Breaking Down Advanced Software Supply Chain Red Teaming Techniques | A Conversation with Paul McCarty | Redefining CyberSecurity with Sean Martin
Guest: Paul McCarty, Software Supply Chain Red Team, GitLab [@gitlab]
On LinkedIn | https://www.linkedin.com/in/mccartypaul/
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
View This Show's Sponsors
___________________________
Episode Notes
In this episode of the Redefining Cybersecurity Podcast, host Sean Martin engages in a detailed discussion with Paul McCarty on the intricate web of software supply chain security. McCarty, formerly of SecureStack and now with GitLab, shares his panoramic view on the evolving complexity of application environments and the pivotal role they play in today's digital infrastructure. The conversation pivots around the increasingly multifaceted nature of the software supply chain, highlighted by McCarty's work on an open-source project aimed at mapping out these complexities visually.
Throughout the episode, Martin and McCarty explore the notion of red teaming within the context of the software supply chain. McCarty elucidates the concept of red teaming as an essential exercise in identifying and addressing security vulnerabilities, emphasizing its transition from traditional methods to a more nuanced approach tailored to the software supply chain's intricate demands.
A significant part of their discussion is dedicated to exploring the ten stages of the software supply chain, as identified by McCarty. This segment sheds light on the broad spectrum of components involved, from the developers and their tools to the deployment environments and the underpinning hardware. The dialogue also touches on critical aspects such as the role of containers across various stages and the potential security implications presented by third-party services and cloud components.
The episode wraps up with insights into the shared responsibility model in cloud services, debunking misconceptions about security in the cloud. McCarty stresses the importance of recognizing the extensive attack surface introduced by widespread reliance on public cloud services and the need for a continuous red teaming approach to address these challenges effectively.
Listeners are offered a comprehensive overview of the critical factors contributing to software supply chain security, emphasizing the need for a broader understanding and proactive measures to mitigate risks in this increasingly complex domain.
Key Questions Addressed
- What does red teaming the software supply chain mean and why is it important?
- How has the complexity of software supply chains evolved, and what are the implications for cybersecurity?
- What role do containers play across different stages of the software supply chain, and how do they impact security?
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
4 hour training at CrikeyCon March 23rd: https://crikeycon.com/workshops/
All day training at Adelaide BSides May 16th: https://bsidesadelaide.com.au/agenda-training
Presenting at BrisSEC: https://aisasecuritydays.com.au/brissec-program
Visualizing the Software Supply Chain: https://github.com/SecureStackCo/visualizing-software-supply-chain
VBP Framework: https://gitlab.com/pmccarty/vbp
CrikeyCon - Workshop: Red Teaming the Software Supply Chain: https://crikeycon.com/workshops/#redteam
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
View all episodes
By Sean Martin, ITSPmagazine
5
33 ratings
Guest: Paul McCarty, Software Supply Chain Red Team, GitLab [@gitlab]
On LinkedIn | https://www.linkedin.com/in/mccartypaul/
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
View This Show's Sponsors
___________________________
Episode Notes
In this episode of the Redefining Cybersecurity Podcast, host Sean Martin engages in a detailed discussion with Paul McCarty on the intricate web of software supply chain security. McCarty, formerly of SecureStack and now with GitLab, shares his panoramic view on the evolving complexity of application environments and the pivotal role they play in today's digital infrastructure. The conversation pivots around the increasingly multifaceted nature of the software supply chain, highlighted by McCarty's work on an open-source project aimed at mapping out these complexities visually.
Throughout the episode, Martin and McCarty explore the notion of red teaming within the context of the software supply chain. McCarty elucidates the concept of red teaming as an essential exercise in identifying and addressing security vulnerabilities, emphasizing its transition from traditional methods to a more nuanced approach tailored to the software supply chain's intricate demands.
A significant part of their discussion is dedicated to exploring the ten stages of the software supply chain, as identified by McCarty. This segment sheds light on the broad spectrum of components involved, from the developers and their tools to the deployment environments and the underpinning hardware. The dialogue also touches on critical aspects such as the role of containers across various stages and the potential security implications presented by third-party services and cloud components.
The episode wraps up with insights into the shared responsibility model in cloud services, debunking misconceptions about security in the cloud. McCarty stresses the importance of recognizing the extensive attack surface introduced by widespread reliance on public cloud services and the need for a continuous red teaming approach to address these challenges effectively.
Listeners are offered a comprehensive overview of the critical factors contributing to software supply chain security, emphasizing the need for a broader understanding and proactive measures to mitigate risks in this increasingly complex domain.
Key Questions Addressed
- What does red teaming the software supply chain mean and why is it important?
- How has the complexity of software supply chains evolved, and what are the implications for cybersecurity?
- What role do containers play across different stages of the software supply chain, and how do they impact security?
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
4 hour training at CrikeyCon March 23rd: https://crikeycon.com/workshops/
All day training at Adelaide BSides May 16th: https://bsidesadelaide.com.au/agenda-training
Presenting at BrisSEC: https://aisasecuritydays.com.au/brissec-program
Visualizing the Software Supply Chain: https://github.com/SecureStackCo/visualizing-software-supply-chain
VBP Framework: https://gitlab.com/pmccarty/vbp
CrikeyCon - Workshop: Red Teaming the Software Supply Chain: https://crikeycon.com/workshops/#redteam
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
More shows like Redefining CyberSecurity
View all
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
Risky Business
375 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
637 Listeners
Smashing Security
322 Listeners
ITSPmagazine
31 Listeners
Darknet Diaries
8,010 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
188 Listeners
Defense in Depth
73 Listeners
Cyber Security Headlines
134 Listeners
Hard Fork
5,470 Listeners
The Ezra Klein Show
16,072 Listeners
Cybersecurity Where You Are (video)
13 Listeners
Audio Signals Podcast
2 Listeners
HBR On Leadership
158 Listeners
Stories From Space
4 Listeners
Redefining Society and Technology Podcast
0 Listeners