Asw115

From Security Weekly Wiki
Jump to navigationJump to search

Application Security Weekly Episode #115 - July 20, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Cloud Security Posture Management & Governance - 12:30 PM-01:00 PM


Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!

  • Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit https://securityweekly.com/summercamp2020 and click the register button. Discount code: “20SecWeekbh” Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 – August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!

Description

Digital transformation is taking the IT industry by storm. As the pace of adoption of public cloud increases, security posture management and governance is usually not top of the mind of cloud engineering teams. Cost of leaving the misconfiguration undetected and not rectified sure adds up and what to say about compromise to reputation. Biarca Patrol grew organically in close collaboration with our customers to address this gap. Biarca Patrol is now being offered widely.


https://biarca.io/biarca-patrol/


Guest(s)

Bhasker Nallapothula

Bhasker is the Director of Engineering at Biarca and oversees the design and development of cutting-edge cloud solutions, with an emphasis on best practices and reliability engineering. Bhasker started his career in Silicon Valley where he was able to obtain engineering experience with several companies including Hewlett Packard, Broadcom, TiVo and security starting AOPTIX. Starting as a developer and soon moving into managing engineering teams, Bhasker brought together global teams for the deployment of server-side system software and tools, with an emphasis on embedded systems. Prior to working with the above firms, Bhasker held engineering and managerial positions at TATA and as an R&D scientist at the Defense Research and Development Organization. Bhasker has a Master’s Degree in Computer Science from Andhra University.

Kris Rajana

Kris brings 25+ years of storage/cloud experience and a big proponent of open source philosophy. His customer centric focus and approach to solving complex technical problems and execution has enabled Biarca to be a trusted advisor to many of our customers. Kris is responsible for engineering and management of distributed teams and execution to ensure “on time / on spec / on quality” delivery to Biarca’s global client base. His expertise in security posture management and compliance is key for our cloud security practice. Kris has led the efforts of customizing Biarca services/solutions across several industries such as health care, manufacturing, education, technology, media and entertainment. Kris holds a Ph.D from Penn State University and has continued his learning with many executive management courses at Stanford.


Hosts

2. SIGRed RCE, Google Cloud 'Confidential VMs', & Twitter Hack Crypto Scam - 01:00 PM-01:30 PM


Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Visit https://securityweekly.com/webcasts to see what we have coming up! Learn about Rapid7’s Findings from the National Internet Cloud Exposure Report on August 13th and How to Create and Run a Conference, from the geniuses behind Layer8 Conference and Wild West Hackin Fest on August 19th! Our next technical training on August 27th will teach you about BootHole, SIGRed and SMBleed…Best Practices To Prioritize And Remediate Now! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

This week, SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers, Introducing Google Cloud Confidential Computing with Confidential VMs, Internet of Things devices: Stick to these security rules or you could face a ban, Google Cloud Unveils 'Confidential VMs' to Protect Data in Use, and more!


Hosts

John Kinsella's Content:

Articles

Matt Alderman's Content:

Articles

Mike Shema's Content:

Articles