ESW #294 – Gary Orenstein, Jason Oeltjen
Full Audio
View Show IndexSegments
1. When Worlds Collide: Dealing with Converged Identities and Devices – Gary Orenstein – ESW #294
For many companies, the pretenses of separation between work and home have completely disappeared. This has huge security implications for organizations, but creates some opportunities as well. How should organizations and vendors approach the new paradigm of shared devices and identities?
Announcements
Stay up-to-date with us on X (formerly known as Twitter) for the latest show clips and updates! Find us @SecWeekly and stay connected with our cybersecurity community.
Guest
Gary is the chief customer officer at Bitwarden, as well as password security expert. Along with his work at Bitwarden, Gary is author of IP Storage Networking, a book on the value of storage and backups.
Before Bitwarden, Gary served in executive marketing and product roles at enterprise infrastructure companies Yellowbrick Data and MemSQL, and flash memory pioneer, Fusion-io which went public during his tenure there. Earlier in his career, he led marketing at Compellent which after its IPO was acquired by Dell.
Gary holds a bachelor’s degree from Dartmouth College and a master’s in business administration from The Wharton School at the University of Pennsylvania.
Hosts
2. Why Migrating Identity to the Cloud Makes Even More Sense Now – Jason Oeltjen – ESW #294
Economic tides are changing, making profitability and identifying efficiencies a priority for many IT teams. Reducing IT costs by modernizing and migrating identity infrastructure to the cloud is one of those projects to be considered. No more wasted time and effort on maintenance, patching, and upgrades. Join us as VP of Product Management at Ping Identity, Jason Oeltjen, will discuss cloud migration benefits, timelines, and how you can improve TCO by migrating your identity to the cloud as leadership seeks the most critical initiatives to fund
Segment Resources: https://www.pingidentity.com/en/lp/migrate-to-pings-cloud.html This segment is sponsored by Ping. Visit https://securityweekly.com/ping to learn more about them!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guest
As VP of Product Management for Ping Identity, Jason focuses on understanding the identity challenges of our customers to ensure alignment of Ping capabilities to meet those needs. This includes leading product teams for PingOne Advanced Services, Ping Solutions, and Administration Experience. Jason has been building identity solutions for 10 years, including time at Oracle, RSA, and startups. Prior to Identity, Jason spent years leading product, engineering, and support teams at companies ranging in size from early-stage start-ups to the Fortune 500.
Hosts
3. Zombies, Gen Z VS Boomers, ICMs, & Australian Breach Fines – ESW #294
Finally, in the enterprise security news, The company behind Basecamp and the Hey.com email service pulls anchor and exits the cloud, Your self-hosted Exchange Server might be a problem…Is Confidential Computing for suckers? Gen Z and Millennials found not taking things seriously in, survey fielded by Boomers, Industrial Cybersecurity Market expected to take off, Github adds fine-grained personal access tokens, Australia not playing around anymore, jacks up breach fines more than 20x, Layoffs and exit troubles, & more!
Announcements
Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.
Hosts
- 1. FUNDING: 33N Ventures launches for investment in cybersecurity and infrastructure companies
"The firm is currently fundraising a vehicle of $145 million which is designed to invest in cybersecurity and infrastructure software companies across Europe, Israel, and the U.S. It is understood that it will target investments at Series A and B, with an average ticket size of around $9.7 million."
- 2. FUNDING: Data protection startup Anonos raises $50M for PII pseudonymization
$50M debt financing round via Ghost Tree partners and Aon. Product aims to protect PII by anonymizing it (sounds similar to tokenization?).
- 3. FUNDING: HYCU Receives Strategic Investment from Okta Ventures
The amount of this Series B extension (from Okta Ventures) wasn't shared, but will be added to the $140M raised so far. Self describes as "the world’s fastest growing multi-cloud and hybrid IT data protection as a service company."
- 4. FUNDING: Corsa Security Drives Forward with Additional $10 Million Funding
Appears to be playing in the firewall orchestration space. This is the company's second Series D extension since 2019, with all three led by Roadmap Capital.
Adrian's Take: "Corsa means 'Race' in Italian and is the most performance mode in most modern Lamborghinis. Less clear is the company's structure and history. Corsa has three co-founders, though one joined the company in 2011, one in 2019, and one in 2021?"
- 5. FUNDING: OutThink Raises $10 Million in Seed Round
$10M Seed led by AlbionVC, describes itself as a "cybersecurity human risk management platform"
- 6. FUNDING: Velotix Raises $10M in Seed Funding
$10M Seed round. Israel-based data security startup. Self describes as an "AI-driven data protection and access permissions platform."
- 7. FUNDING: Blockchain Security Company Hexens Raises $4․2 Million in Seed Funding Led by IOSG Ventures
$4.2M seed round led by IOSG Ventures. Services firm that focuses on blockchain-related audits and penetration tests.
- 8. ACQUISITIONS: Palo Alto in negotiations to acquire Cider Security for $200 million
If at first you don't succeed, try, try again.
- 9. EXIT TROUBLES: Palo Alto deal to acquire Apiiro falls through
Apiiro is going to raise money instead.
- 10. EXIT TROUBLES: Cybereason looking for buyer after IPO falls through
Market conditions claim another victim? The Wall Street Journal reported in June that the company laid off 140 employees.
- 11. LAYOFFS: Cyber unicorn Snyk to sack 198 employees, 14% of workforce
The first major layoff announcement since August, this is a relatively big one.
"The company said at the time that the changes were being made in order to accelerate its plans by a full year to become free cash flow positive in 2024."
- 12. VC TAKE: The 13 most promising cybersecurity startups of 2022, according to VCs
- At-Bay - Cybersecurity Insurance MGA - $292M raised
- Salt Security - API Security - $271M raised
- Noname Security - API Security - $220M raised
- Drata - Compliance Automation - $128M raised
- Veza - Data Security - $113M raised
- Securiti - AI stuff? - $81M
- Chainguard - Software Supply Chain Security - $55M
- Auditboard - Compliance software - $43M
- R2C - SAST (maker of Semgrep) - $43M
- Tines - SOAR - $42M
- Hummingbird - Anti-Fraud - $38M
- Incident.io - Automated Incident Reporting - $38M
- FireHydrant - Incident Response and Management - $32.5M
- 13. NEW COMPANY: Nudge Security emerges from stealth
Adrian's take: "An intriguing approach, Nudge Security detects SaaS apps in use by monitoring Google Workspace and Microsoft 365. As new SaaS apps show up, the company's software will 'nudge' employees to configure these SaaS apps more securely. It seems similar to CSPM, but for SaaS apps (I'm sure Gartner is working on an acronym)."
- 14. HOT TAKES: the company behind Hey.com and Basecamp vocally ditches AWS and GCP
TL;DR: DHH says, "Renting computers is (mostly) a bad deal for medium-sized companies like ours with stable growth. The savings promised in reduced complexity never materialized"
Check out the accompanying podcast to dig deeper and hear more details: https://www.rework.fm/leaving-the-cloud/
- 15. HOT TAKES: Your Microsoft Exchange Server Is a Security Liability
Is this a surprise to anyone?
- 16. HOT TAKES: Confidential Computing Is for the Tinfoil Hat Brigade
TL;DR - confidential computing solves a non-problem unless you're dropping computing hardware into hostile, untrusted territory.
- 17. ESSAY: You should have lots of AWS accounts
TL;DR - put your eggs in many baskets.
- 18. BREACHES: BlueBleed
TL;DR - Microsoft apparently left a bucket open with highly confidential customer data. It was open long enough for search engines to index the contents. Bit of a mess.
- 19. POC: Contextualize honeypot alerts automatically with GreyNoise, runZero, Thinkst Canary, and Tines
Use case that combines the capabilities of Thinkst Canary, Tines, GreyNoise, and runZero.
Adrian's Take: "An interesting look at how a group of highly functional early stage security products can be used to create compelling automations with minimal effort."
- 20. TRENDS: Gen Z and millennials less serious about cybersecurity on work-issued devices than personal, according to new EY Consulting survey
- 21. TRENDS: Industrial Cybersecurity Market Expected to Soar in Next Decade
- 22. NEW FEATURES: Introducing fine-grained personal access tokens for GitHub
No more giving access to ALL YOUR REPOS for a simple, narrowly scoped integration!
- 23. FREE TOOLS: Chainguard open sources OSQuery detection & response ruleset
"I'm proud to announce that we've open-sourced our #osquery detection & response ruleset: https://github.com/chainguard-dev/osquery-defense-kit
It contains 130+ production-ready queries we found useful for detecting malware & other anomalous behavior on our endpoints, designed with alerting in mind."
- 24. FREE TOOLS: SCuBA M365 Security Baseline Assessment Tool
- 25. FREE TOOLS: JSubFinder – Searches Webpages For Javascript And Analyzes Them For Hidden Subdomains And Secrets
- 26. REGULATIONS: Australian gov plans to increase data breach penalties 20x or more
Catalin Cimpanu reports that Australia plans to increase the breach fine from AUS$2.22M to whichever is the greater of the following three options: - $50M - 3x the value of any benefit obtained through the misuse of info - 30% of a company's adjusted turnover in the relevant period