Zero trust security has become a buzzword of sorts. Nonetheless, its principles are powerful and necessary in a digital world where the “Trust but verify” model is no longer enough. The threat landscape has significantly increased in the complex world of cloud computing, cloud-native applications, Kubernetes, microservices..etc. Designing and building your architecture with the “Never trust, always verify” mindset or rather the zero-trust principles can enable companies to build secure infrastructure and reap the promised benefits of all that is in the cloud. According to the 2020 Security Pri ..read more

In this episode, Mo has a candid conversation with Kevin Eberman about security in the cloud-based infrastructure and applications, its challenges, and how to build a security-first culture in the workplace.  With a wealth of experience in the technology industry, Kevin has a lot of experience and stories to share revolving around: The transition from DevOps to Security: the good, the bad, and the ugly Cultural and on-the-ground challenges in adopting an information security leadership role How to kickoff a security program in a FinTech company How security, teams, ops, and developers sh ..read more

In recent years, the risk landscape has changed drastically. Cyberattacks are rising in frequency, complexity, and impact as attackers take advantage of security risks to infiltrate enterprise infrastructure. As such, more organizations are amending their business priorities to include cybersecurity strategies. That pushed companies to think differently about the role of security and their engagement with the rest of the organization. Some have specialized ops and security teams. Others have roles combined in the same team. The number one challenge is helping teams working together from differ ..read more

Most of the major cloud providers offer dozens of services and products. AWS alone has more than 200 products and services at the time of this episode. As a matter of fact, a company uses on average 20 to 30 cloud services and products. With all the possible ways things can go wrong with these services, the operational and security complexity is exponentially increasing.  We are discussing in this episode how codified policies can help these three functions work harmoniously. Some of the discussed points: What does policy as code mean in simple terms? Is there a correlation between the i ..read more

In this episode of the SaC podcast, I held a casual conversation with Ahmed Badran, CTO, and co-founder of Magalix, about Security-as-Code and why it matters to build the right DevSecOps culture in your team We will get Badran's take on DevSecOps, Security-as-Code, and how companies can leverage the power and convenience of the cloud, both sustainably and securely.  In other words, how to balance security with operational agility. Modern Security Practices - 7000 years old! While we might think of the reduced attack surface security practice as a modern invention or technique, the ancient ..read more

Zero trust security has become a buzzword of sorts. Nonetheless, its principles are powerful and necessary in a digital world where the “Trust but verify” model is no longer enough. The threat landscape has significantly increased in the complex world of cloud computing, cloud-native applications, Kubernetes, microservices..etc. Designing and building your architecture with the “Never trust, always verify” mindset or rather the zero-trust principles can enable companies to build secure infrastructure and reap the promised benefits of all that is in the cloud. According to the 2020 Security Pri ..read more

In this episode, Mo has a candid conversation with Kevin Eberman about security in the cloud-based infrastructure and applications, its challenges, and how to build a security-first culture in the workplace.  With a wealth of experience in the technology industry, Kevin has a lot of experience and stories to share revolving around: The transition from DevOps to Security: the good, the bad, and the ugly Cultural and on-the-ground challenges in adopting an information security leadership role How to kickoff a security program in a FinTech company How security, teams, ops, and developers sh ..read more

In recent years, the risk landscape has changed drastically. Cyberattacks are rising in frequency, complexity, and impact as attackers take advantage of security risks to infiltrate enterprise infrastructure. As such, more organizations are amending their business priorities to include cybersecurity strategies. That pushed companies to think differently about the role of security and their engagement with the rest of the organization. Some have specialized ops and security teams. Others have roles combined in the same team. The number one challenge is helping teams working together from differ ..read more

Most of the major cloud providers offer dozens of services and products. AWS alone has more than 200 products and services at the time of this episode. As a matter of fact, a company uses on average 20 to 30 cloud services and products. With all the possible ways things can go wrong with these services, the operational and security complexity is exponentially increasing.  We are discussing in this episode how codified policies can help these three functions work harmoniously. Some of the discussed points: What does policy as code mean in simple terms? Is there a correlation between the i ..read more

In this episode of the SaC podcast, I held a casual conversation with Ahmed Badran, CTO, and co-founder of Magalix, about Security-as-Code and why it matters to build the right DevSecOps culture in your team We will get Badran's take on DevSecOps, Security-as-Code, and how companies can leverage the power and convenience of the cloud, both sustainably and securely.  In other words, how to balance security with operational agility. Modern Security Practices - 7000 years old! While we might think of the reduced attack surface security practice as a modern invention or technique, the ancient ..read more