

Secrets and their role in infrastructure security - Jawahar Sivasankaran, Chas Clawson, Sergey Gorbaty, Fernando Medrano - ESW #406
7 snips May 12, 2025
Join Sergey Gorbaty, a Senior Principal Security Architect at Fastly, Chas Clawson, Field CTO at Sumo Logic, and Jawahar Sivasankaran, President of Cyware, as they tackle the critical role secrets play in infrastructure security. They discuss the risks of poor secret management and the importance of integrating it into system design. Chas explains how SOC teams can enhance detection and response, while Jawahar shares insights on a threat-centric approach that transforms security operations. Also, they delve into AI's impact on cybersecurity and the evolving strategies for integrating intelligence.
AI Snips
Chapters
Books
Transcript
Episode notes
Secrets Scale with Microservices
- The explosion of microservices has greatly increased the number of secrets needing management.
- Modern secret management must scale to handle vastly more tokens than traditional monoliths.
Use Least Privilege and Short Lifetimes
- Apply least privilege and short lifetimes to credentials to reduce damage exposure.
- Use workload identity tokens for visibility and improved security over static tokens.
Train and Share AI Knowledge
- Train users on AI, including prompt engineering and hallucination risks.
- Create shared channels for knowledge exchange to boost AI proficiency and security awareness.