Cloud Security Reinvented

Learning How Attention to Detail Helps With Cloud Security with Nick Selby


Listen Later

Episode Summary

There's no universal rule for breaking into a new industry. And the same goes for starting a career in the information security field.

But one thing's for sure — if you let your passion guide you and you're willing to work hard, there's no limit to what you can accomplish.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Nick Selby, the Director, Software Assurance Practice at Trail of Bits. They talk about what it's like working in cloud security, why attention to detail is crucial, and how cloud technology is democratizing innovation.

##

Guest-at-a-Glance

💡 Name: Nick Selby

💡 What he does: He's the Director, Software Assurance Practice at Trail of Bits.

💡 Company: Trail of Bits

💡 Noteworthy: He is the author and co-author of several books, including "Cyber Crime: A Basic Primer" and "Cyber Survival Manual: From Identity Theft to The Digital Apocalypse and Everything in Between."

💡 Where to find Nick: LinkedIn

##

Key Insights

⚡ Let your passion be the guide in your career. Nick has had quite an exciting career path, from being the NYPD Intelligence Bureau's Director of Cyber Intelligence and Investigations to the Director of Software Assurance Practice at Trail of Bits. He says the key to success is to be willing to roll up your sleeves. "If you are willing to go in and do the hard work and get things moving, then you are usually able to do it. Because, often, it's something that either people don't understand or it makes them feel icky. Or they understand, and they just don't want to do it because they know that it's going to be a lot of work. If you're willing to do that and let your passion be the guide and not worry too much about, 'Well, where's my bonus coming from this year?' — If you're willing to just forego the sort of normal things that people are unwilling to forego in a career, then you really can forge a new way forward."

âš¡ Attention to detail is critical in cloud security. Nick talks about what it's like working in cloud security and shares the most valuable lessons he learned along the way. He says that even when everything works well, you have to keep your head in the game at all times. "The biggest thing for me, I think, has been that even when you do everything right, attention to detail and questioning your assumptions at every stage become even more important. I fly airplanes. In most accidents while flying airplanes, there are a series of bad mistakes. It's never just one, but almost all of those mistakes come from people being fat, dumb, and happy, just thinking that everything is going along fine."

âš¡ Cloud technology is democratizing innovation. Nick says the number one surprise in the cloud security field is the democratizing effect of the cloud on innovation. With more companies having access to the newest technological tools, bringing innovative ideas to life makes it much easier. "But this does come with a wicked and awesome responsibility that we just have to deal with. These things aren't free, and they aren't free from decision-making and responsibility and especially strategic architecture, because when you can do it that [easily], the temptation to take my very well-functioning prototype and turn it into a production application is almost overwhelming. You have to resist that overwhelming temptation."

##

Episode Highlights

The importance of constantly questioning yourself

"If you are not constantly correcting, questioning, looking around for your escape plan, and thinking about what could go wrong, you will get behind the airplane. You will get behind the technology. And once you're behind the technology, you're no longer a leader; you're just on for the ride. And I think the biggest lesson that I've learned is that this even affects the finest companies in the world. And I'm just thrilled that I get to see them."

We should get rid of passwords and embrace automation

"It's such low-hanging fruit. I know that in the Google SRE book, Carla Geisser said, 'Something has gone terribly wrong when an engineer has to touch a process because everything should be automated,' which, by the way, speaks to what we should be doing. We should be automating absolutely everything because if you're not automating it, you don't have control over it. If you cannot understand what you are building to the point that you can push it from start to finish in five minutes and have it up and running, pull it back if you need to, but get it out there. And if you're not understanding what it is that you're doing to the point that you can automate every step of that, then you don't understand you're behind your technology."

Why you should avoid making mistakes in the cloud

"A lot of the people who are making those decisions about scaling up operations are the same people who grew up in an on-prem space where the data center was in the basement. And those people, no matter what they do, still have this bias toward the way we used to do things. And that doesn't fly in the cloud world. And I've said before that when you make mistakes in the cloud, you are being stupid at cloud speed, and stupid at cloud speed is really fast. So configuration becomes absolutely essential."

...more
View all episodesView all episodes
Download on the App Store

Cloud Security ReinventedBy Orca Security

  • 5
  • 5
  • 5
  • 5
  • 5

5

8 ratings