Screaming in the Cloud

Andrew Shieh shares the thrilling story of SmugMug’s bold leap into AWS’s cloud technology, marking it as one of the pioneering companies to harness the cloud for digital photography storage. This episode offers a unique perspective into the type of strategy and groundbreaking tech advancements that catapulted SmugMug’s success. Listen to the full episode for a masterclass in innovation and adaptation!Show highlights: (00:00) Corey introduces the show & Guest Andrew Shieh(00:54)Andrew shares the story of how SmugMug became AWS's first enterprise customer. (02:17) Discussion on the evolution of AWS's customer service(04:31) Reflections on the expansion of AWS services. (06:08) The critical role of Amazon S3 in SmugMug's operations(12:24) AWS's interest in unique customer stories and feedback (09:32) SmugMug's cloud strategy and optimization(13:50) Andrew discusses challenges and solutions in cloud adoption(17:38) Andrew shares his experiences at AWS re:Invent, offering thoughts on the conference's evolution(21:09) A look into AWS's pricing formulas and business insights (31:55) Closing thoughtsAbout AndrewAndrew "shandrew" Shieh is a multidisciplinary engineer, focused today on making the AWS cloud do what it promises to. Andrew started as an environmental engineer, focused on energy efficiency and air pollution modeling, but quickly got dragged into tech after spending most of college at the help desk of the Unix computer cluster.Andrew's current interests include sustainability, cost efficiency, and economics. Most AWS service teams are his friends and he enjoys (a bit too much) talking to his SmugMug and Flickr coworkers about AWS. He recently spoke at AWS re:Invent about how his children (9 and 11) helped to teach him the value of trivia as a means of learning backwards. He also wrote a keynote for re:Invent's pandemic year, and has rescued billions of precious photos from extinction.Links Referenced:SmugMug: https://www.smugmug.com/S3 Intelligent Tiering blog post on Duckbill Group: https://www.duckbillgroup.com/blog/s3-intelligent-tiering-what-it-takes-to-actually-break-even/Mastodon: https://hachyderm.io/@shandrewLinkedIn: https://www.linkedin.com/in/shandrew/Flickr: https://flickr.com/photos/shandrewAndrew's talk on "Learning Backwards" at re:Invent 2023: https://www.youtube.com/watch?v=od09dD7mc6k 

Cybersecurity leader Mike Isbitski explores the intricacies of cloud-native security and vulnerability management in today's technological landscape. With over 25 years of experience, he provides valuable insights into the challenges and complexities organizations face in securing ephemeral infrastructure and machine identities in the cloud. This episode also explores the cautious adoption of AI in cybersecurity, emphasizing the need for a balanced approach that maintains operational functionality while addressing evolving security concerns.Key Points with TimestampSecurity through Obscurity (00:00:00) - Mike discusses common security practices.Cloud-Native Technology Explained (00:01:30) - Unpacking the meaning of cloud-native tech.Evolving Vulnerability Management (00:03:38) - Insights on how vulnerability management has improved.AI in Cybersecurity (00:21:20) - Discussion on the slow but growing adoption of AI in cybersecurity.Challenges of Permissions and Identity (00:29:29) - The complexities of permissions in the cloud environment.Future Trends in Cybersecurity (00:34:11) - Predictions for changes and advancements in the cybersecurity landscape.About MichaelMichael Isbitski is a former Gartner analyst, cybersecurity leader, and practitioner with more than 25 years of experience, specializing in application, cloud, and container security. Michael learned many hard lessons on the front lines of IT working on application security, vulnerability management, enterprise architecture, and systems engineering. He's guided countless organizations globally in their security initiatives as they support their businesses.Links Referenced:Sysdig: https://sysdig.com/Sysdig 2024 Cloud-Native Security and Usage Report: www.sysdig.com/SITC

Technology meets economic empowerment in this episode featuring Angie Jones, Global Vice President of Developer Relations at TBD, a Block division. Angie sheds light on the role of decentralized technologies in shaping the future of digital identity and cross-border payments. Her journey from software engineering to a leadership role in tech innovation illustrates her profound impact on the industry. This episode offers valuable insights into how technological advancements are driving economic growth and changing the financial landscape. Angie's expertise and unique perspective make this a must-listen for anyone interested in the cutting-edge intersection of technology, finance, and innovation.About AngieAngie Jones is the Global Vice President of Developer Relations for TBD, Block’s new business unit focused on decentralized technologies. She is an award-winning teacher and international keynote speaker who shares her wealth of knowledge at software companies and conferences all over the world.As a Master Inventor, Angie is known for her innovative and out-of-the-box thinking style which has resulted in 27 patented inventions in the areas of metaverses, collaboration software, social networking, smarter planet, and software development processes.Show notes:(00:25) Introduction to Angie Jones and Her Role at TBD(01:25) Angie’s Recognition in a USA Today Crossword(02:50) Career Journey and Transition into Developer Relations(06:04) Block’s Mission and Services in Economic Empowerment(10:09) Convenience vs. Decentralization in Technology(16:49) Innovations in Cross-Border Payments(25:01) Decentralized Tech Stories and Reflections on Tech Innovation(30:22) Challenging Tech Industry Norms and Global PerspectivesLinks Referenced:TBD: https://www.tbd.website/Twitter: https://twitter.com/techgirl1908LinkedIn: https://www.linkedin.com/in/angiejones/

Join us for a fascinating talk with Ceora Ford, a Developer Advocate at Okta, as she explores the changing world of tech. Ceora shares her unique journey through different tech roles and talks about the importance of keeping technical skills sharp, even when focusing on advocacy. She also gives us a sneak peek into the exciting AI developments happening at Okta. Tune in to this episode to get a better understanding of the fast-paced tech industry and what's coming next.About CeoraCeora Ford is a Developer Advocate from Philadelphia, renowned for her expertise in making complex computer science concepts accessible to a broad audience. With a rich history of creating educational content, she has significantly contributed to the tech community, working with leading companies like CodeSandbox, DigitalOcean, egghead.io, and Apollo GraphQL. Ceora's career is marked by her unique ability to simplify technical topics, making them understandable for everyone, from students to professionals in tech-adjacent roles. Her non-traditional path into tech and her current role at Okta showcase her commitment to making the tech industry more inclusive and approachable for all. Links Referenced:Okta: https://www.okta.com/Twitter: https://twitter.com/ceeoreo_Instagram: https://www.instagram.com/ceeoreo/TikTok: https://www.tiktok.com/@ceeoreoThreads: https://www.threads.net/@ceeoreoLinkedIn: https://www.linkedin.com/in/ceora-ford/Personal website: https://ceora.dev

Jeremy Tanner discusses the importance of work-life balance, his passion for motorcycles, and finding fulfillment outside of tech. They explore content creation, riding motorcycles with kids, ethical work practices, and engaging with online communities for personal growth.

Chen Gour Arie, Director of Engineering at Snyk, joins Corey on Screaming in the Cloud to discuss how his company, Enso Security, got acquired by Snyk and what drew him to Snyk’s mission as a partner. Chen expands on the challenges currently facing the security space, and shares what he feels are likely outcomes for challenges like improving compliance across value-add on security tools and the increasing scope of cybersecurity at such a relatively early phase of the industry’s development. Corey and Chen also discuss what makes Snyk so appealing to developers and why that was an important part of their growth strategy, as well as Chen’s take on recent security incidents that have hit the news. About ChenChen is the Co-founder of Enso Security (part of Snyk) - the world's 1st ASPM platform. With decades of hands-on experience in cybersecurity and software development, Chen has focused his career on building effective application security tools and practices.Links Referenced:Snyk: https://snyk.ioSnyk AppRisk: https://snyk.io/product/snyk-apprisk/TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I’m Corey Quinn. This promoted guest episode is brought to us by our friends at Snyk, and as a part of that they have given me someone rather distinct as far as career paths and trajectories go. Chen Gour Arie is currently a director of engineering over at Snyk, but in a previous life—read as about six months or so ago—he was a co-founder of Enso Security, which got acquired. Chen, thank you for joining me.Chen: Thank you for having me, Corey.Corey: So, I guess an interesting place to begin is, what has the past couple of years been like? And let’s dive in with, what is or was Enso Security?Chen: Yeah. So, Enso started for me first as friendship because I joined the team that I was working with as a contractor for a while. There was such an excellent and interesting team with a very interesting environment. And then after a while, they asked me to join that team, and then I became part of the security team of a company called Wix.com.It’s quite a large company, web do-it-yourself kind of platform, that you can build your own website with a presentation style kind of interface, and our job was to secure that. And we formed a very, very nice friendship throughout it, but we also gained a lot of experience because you work with such a large company, and you experience many challenges, including real-time attempts to penetrate, and the complexity of social engineering at large scale. You go through a lot of things. So, this was the start. And after a couple of years, we decided that we have some interesting ideas that can do good to the community in the cybersecurity industry, and we embarked on a new journey together to start Enso.Corey: I can see why you aligned with Snyk. It sounds like a lot of what you were aimed at is very much in step with how they tend to approach things. I have a number of sponsors that I can say this about, but Snyk is a particularly fun one, in that, obviously, you folks pay me to run advertisements and featured guest episodes like this, which is appreciated, but we also pay you as a customer of Snyk because it does a lot of things that we find both incredibly useful and incredibly valuable. The thread that I’ve seen running through everything coming out of Snyk has been this concept of, I think, what some folks would say shifting left, but it comes down to the idea of flagging issues as early in the process as possible rather than trying to get someone to remember what they did three months ago, and oh, yeah, go back and address that. That alone has made it one of the best approaches to things that are truly important—and yes, I consider security to be one of those things—that I’ve seen in a while on the dev tool space.Chen: Yeah, and this has been the mission of Snyk for a very long time. And when we started Enso, our mission was to help in some additional elements of the same problem space in introducing additional tools to help drive this shift left, this democratization of the security effort around and in the organization, and resolving some of the friction that is created with the, kind of, confusing ownership of security and software development. So, this was kind of the mission of Enso. The category introduced by it and the ASPM category to bring the notion of postural security, postural management to applications. And it really is a huge fit with the journey of Snyk, and we were very excited to be approached by them to join their journey and help them do further shift left and extend on problem space on the complexity of this collaboration between security and developers.Corey: A question I have around this is that it seems to me that viewing security posture management from an application perspective, and then viewing other parts of it from a cloud provider perspective and other parts of it from a variety of different things—you know, go to RSA and walk up and down the endless rows of booths, and you know, look at the 12 different things that they’re all selling because it’s all the same stuff around 12 categories or so, with different companies and logos and the rest—it feels like, on some level, that can lead very quickly to a fractured security posture where, well this is the app side of the security, and then we have the infrastructure security folks, but those groups don’t really collaborate because they’re separate and distinct. How do you square that circle?Chen: Yeah, it’s not an easy problem, and I think that the North Star of many vendors exists this notion of sometimes I think we call it CNAP or something that will unify all of it. Cloud as a solution, and the offering that exists with cloud computing enables a lot of it, enables a lot of this unification, but we have to remember that the industry is young. The software security industry in general is young. If we will look at any other industry with that size, all of them have much more history and time to mature. And inside this industry, the security itself is even younger.It has become a real problem much later than then when software started. It has become a huge problem when cloud emerged and became, like, the huge deal that it is now. And when more and more businesses are based on digital services, and more people are writing software, a lot of it is young, and it needs time to mature, and it’s time to get to—to accomplish some big parts like this unification that you are pointing out missing.Corey: I have to confess my own bias here. A lot of the stuff that I build is very small-scale, leverages serverless technologies heavily, and even when I’m dealing with things like the CDK, where I start to have my application and the infrastructure that powers it coalesce into the same sort of thing, it becomes increasingly difficult, if not outright impossible for some of these config...

Kim Harrison, a freelance content marketing strategist and author, joins Corey on Screaming in the Cloud to talk about asking the right questions to find your target demographic, why she has such a deep love for story telling, and how marketing extends after the product has been sold. Kim shares her unique experiences with solving urgently painful problems that customers are experiencing and subsequently building a relationship with those customers that allows her to solve more pain points down the line. About KimKim is a professional storyteller focused on strategic communications. She translates complex ideas into compelling narratives, helping teams share their perspectives. She enjoys building impactful stories, and using a range of mediums and channels to reach specific audiences.For 10+ years Kim has worked closely with teams focused on big data and developer tooling. They have brought new methodologies forward, impacted the language used to describe technologies, and even established new industry categories.Links Referenced:Personal/Company website: https://www.kimber.kim/LinkedIn: https://www.linkedin.com/in/kimberh/Twitter: https://twitter.com/kittyriot

Jason Lengstorf, a developer media producer and host of the show Learn with Jason, joins Corey on this week’s episode of Screaming in the Cloud to layout his ideas for creative developer content. Jason explains how devTV can have way more reach than webinars, the lack of inspiration he experiences at conferences these days, and why companies should be focused on hiring specialists before putting DevRels on the payroll. Plus, Corey and Jason discuss walking the line between claiming you’re good at everything and not painting yourself into a corner as a DevRel and marketer.About JasonJason Lengstorf helps tech companies connect with developer communities through better media. He advocates for continued learning through collaboration and play and regularly live streams coding with experts on his show, Learn With Jason. He lives in Portland, Oregon.Links Referenced:Learn with Jason: https://www.learnwithjason.dev/Personal Website Links: https://jason.energy/links

Matthew Bonig, Chief Cloud Architect at Defiance Digital and AWS DevTools Hero, dives into the transformative power of the Cloud Development Kit (CDK). He shares insights on the challenges developers face with tools like TypeScript and DynamoDB, stressing the importance of careful planning. Matthew also discusses the limitations of relying on AI coding assistants, especially in complex environments like AWS, and critiques AWS's innovation pace, urging it to focus on true innovation rather than merely catering to existing customers.

Evelyn Osman, Platform Engineering Manager at AutoScout24, discusses the need for standardized tools in scaling projects. They explore the disconnect between industry needs and cloud computing products. Evelyn shares insights on viewing platforms as products to produce better outcomes.