ESW #297 – Tony Karam, Dan Frechtling
Full Audio
View Show IndexSegments
1. How IaC is Changing Cloud Security for the Better – Tony Karam – ESW #297
Infrastructure-as-code (IaC) allows for quick and consistent configuration and deployment of infrastructure components because it’s defined through code. It also enables repeatable deployments across environments. IaC is seeing significant attention in the cloud security space, but why now? This conversation will dig into how Infrastructure-as-code is enabling faster innovation on application development with security built in.
Segment Resources: - https://www.lacework.com/solutions/infrastructure-as-code/ - https://www.lacework.com/blog/introducing-secure-automated-iac-deployments-with-terraform/ - https://info.lacework.com/cloud-threat-report.html
Announcements
Security Weekly listeners, we need to hear your voices! Leave us your feedback on Apple podcasts & submit a screenshot to our giveaway form for a chance to win a $100 gift card from Hacker Warehouse! This giveaway will be open until the end of the year. We appreciate your honest feedback so we can continue to make great content for our audience! Visit securityweekly.com/giveaway to enter!
Guest
Tony Karam is currently a Principal Product Marketing Manager at Lacework. As a big believer that security “takes a village”, Tony brings to his role more than 25 years of B2B cybersecurity experience covering data protection, vulnerability management, identity and access management and cloud security. Prior to joining Lacework, Tony held various senior-level marketing and product management roles at start-ups and industry leaders including Concourse Labs, RSA, BeyondTrust, Positive Technologies and Wave Systems.
Hosts
2. Why Data Privacy is Being Overhauled in 2023 – Dan Frechtling – ESW #297
This segment will focus on (1) Why Did Sephora Get Fined $1.2M and Why Are They on Probation? (2) Why Data Privacy is Being Overhauled in 2023 (and How You Can Be Ready)
Segment Resources:
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guest
Dan Frechtling is CEO of Boltive, providing publishers and ad exchanges the tools they need to monitor and audit their programmatic ads, and the added benefit to identify the source & block the bad ones—setting a new standard for accountability & protection that our industry desperately needs. Frechtling has led B2B SaaS businesses since 1999. Prior to Ad Lightning, he was President of G2 Web Services, acquired by Verisk, where he expanded G2’s cyber security solutions to detect brand damaging activity and transaction laundering. He was also GM/VP at Hibu, VP at Stamps.com and Sr. Associate for McKinsey. He has an MBA with Distinction from Harvard Business School and a BS with High Honors from Northwestern University.
Hosts
3. InfoSec Layoffs, Mastodon Passwords, Templarbit, & 18 Funding Rounds – ESW #297
We catch up on 2 weeks of news, starting with 18 funding rounds and several new products! Splunk acquires Twinwave Another ASM vendor, Templarbit, gets acquired into the Cyberinsurance industry, InfoSec Layoffs continue in a big way alongside huge cuts at Facebook, Twitter, and Amazon, Microsoft sued for stealing code to train GitHub Copilot, Google sued for tracking when users asked them not to, Apple sued for violating privacy when users asked them not to, Taking away kids’ smartphones, Stealing passwords from Mastodon, Should Cryptocurrency die in a fire? All that and more, on this episode of Enterprise Security Weekly.
Announcements
Dive deeper into the world of cybersecurity with Security Weekly on Instagram! Follow us @SecWeekly to find exclusive clips, hilarious memes, behind-the-scenes sneak peeks, and more! Stay connected, stay informed, and join our growing community!
Hosts
- 1. FUNDING: Bishop Fox Extends Series B Funding to $129M Led by WestCap
- 2. FUNDING: Applications security startup Apiiro pulls in $100M Series B from A-list investors
- 3. FUNDING: TRM Labs bags $70m to help stop crypto-related fraud
Good luck to them! I'm baffled Web3 protection companies are still getting funding, but maybe some of these raises have been in the works for a while. I mean, how do you protect against the CEO and founder of an exchange - people at the core of cryptocurrencies, from being the threat and source of the fraud?
- 4. FUNDING: Akeyless $65M Round B: Reimagining Secrets Management
- 5. FUNDING: Island extends Series B with another $60 million for its enterprise browser at $1.3 billion valuation
- 6. FUNDING: Laika Raises $50M Series C to Extend Market Leadership in End-to-End Continuous Compliance and Audit Management
- 7. FUNDING: Endor Labs Launches with $25M Seed Financing to Tackle Massive Sprawl of Open Source Software (OSS)
- 8. FUNDING: Security Posture Management Firm Veriti Emerges From Stealth With $18.5M in Funding
- 9. FUNDING: Cybersecurity startup Veriti emerges from stealth, announces over $18M in funding
- 10. FUNDING: Elevate Security Announces Strategic Investment from Cisco Investments
- 11. FUNDING: Wib Raises $16 Million Investment to Accelerate Growth and Tackle Rising API Security Problem
- 12. FUNDING: BoostSecurity Exits Stealth with $12M in Seed Funding to Build Trust into the Software Supply Chain
- 13. FUNDING: A startup building software to encrypt messaging tools such as Slack just raised $11 million from Molten Ventures. Check out the 17-slide pitch deck Worldr used to secure the round.
I predict this will be an ugly hack of a tool and 100% of the demand is going to come from highly regulated industries like healthcare. IIRC, Slack already has encryption-at-rest features, and they're also ugly. If the first party feature is ugly, what's the 3rd party option going to be like?
- 14. FUNDING: Apheris raises €8.7m to power development of smarter AI
- 15. FUNDING: Worldr Raises Additional $8M in Seed Funding
- 16. FUNDING: SAIL Announces $4.7 Million Seed Fundraising Round to Help Advance Life-Saving Clinical Research
- 17. FUNDING: Bfore.AI picks up €4 million
- 18. FUNDING: Belfast’s Angoka raises £2.4m to grow IoT cybersecurity business
- 19. ACQUISITIONS: Splunk Acquires Automated Threat Analysis Startup TwinWave Security and Names New Security Leader
- 20. ACQUISITIONS: BOXX Insurance snaps up California-based Templarbit
- 21. REBRANDING: Norton LifeLock now Gen Digital after Avast merger
- 22. NEW PRODUCTS: New SURF Zero-Trust Enterprise Browser
Looks like Island and Talon have some competition, might be time to take some briefings and look a bit closer at some of these products.
- 23. NEW PRODUCTS: Harmonic is a new Crunchbase, Pitchbook, CBInsights competitor
For folks like us that do a lot of startup research.
- 24. LAYOFFS: Cybersecurity Layoff roundup on LinkedIn by Richard Stiennon
- 25. LAYOFFS: Meta Lays Off More Than 11,000 Employees
- 26. LAYOFFS: Minneapolis tech firm Code42 lays off 15% of workforce
- 27. LAYOFFS: Gen Digital to lay off about a quarter of its staff in Czechia
- 28. LAWSUITS: Microsoft sued for open-source piracy through GitHub Copilot
AI/ML is only as good as its design and the data fed to it. The question is - if it's consuming your artwork, your code, your personal work, is it violating copyright, terms of service, and crossing ethical boundaries?
- 29. LAWSUITS: Apple faces new lawsuit over its data collection practices in first-party apps, like the App Store
Turns out Apple still violated your privacy, even after telling it not to. Also see Google.
- 30. LAWSUITS: Google to pay $391.5 million in location tracking settlement with 40 states
Turns out Google continued tracking you, even after you asked them not to. Also see Apple.
- 31. TRENDS: This School Took Away Smartphones. The Kids Don’t Mind.
- 32. TRENDS: Flashpoint Releases First-of-its-kind Ransomware Prediction Model for Vulnerabilities
- 33. TRENDS: Twitter’s CISO Takes Off, Leaving Security an Open Question
The gaining power of the CISO has never been more visible. This is largely due to how visible Twitter is in this moment, but it's noteworthy that a CISO quitting is being treated as a risk signal to regulators and the general public.
- 34. TRENDS: Stealing passwords from infosec Mastodon – without bypassing CSP
With the mass exodus from Twitter to Mastodon comes the inevitable poking at Mastodon by security researchers. No big surprise here, there was some low hanging fruit.
- 35. TRENDS: FTX Hack or Inside Job? Blockchain Experts Examine Clues and a ‘Stupid Mistake’
Is "getting hacked" becoming a strategy for insider manipulation, to hide or embezzle funds? Or is this the kind of thing we'll probably only see in the Crypto World of Madness?
- 36. REPORTS: Thinkst Applied Research
The Q3 Thinkscapes report is out! Thinkscapes summarize dozens of events and research you don't have time to attend or read, saving you time. And it's free, as in beer - no regwall, nothing!
- 37. SQUIRREL: Why This Computer Scientist Says All Cryptocurrency Should “Die in a Fire” ❧ Current Affairs
- 38. SQUIRREL: LMNTRIX on LinkedIn: #lmntrix #xdr #mdr