Scale to Zero - No Security Questions Left Unanswered

Understanding and managing emotions effectively shape a harmonious workplace where collaboration thrives and trust grows bringing the right security awareness. 🌱⁣ In this episode of ScaletoZero, Shivani shares how EI is just as essential as IQ in creating an empowering company culture. Let's delve into this topic together and discover how emotional intelligence can transform your organization! 00:00 Teaser 01:08 Welcome to ScaletoZero and Guest Introduction 09:05 Introducing Emotional Intelligence 13:40 Why emotional intelligence is important for security leaders 16:22 Creating psychological safety within Team Members 22:22 How security leaders can develop a security-centric culture in their teams 28:10 Third-party risk management and focus areas 29:06 Right time to invest in a third-party risk management program 31:00 Are security certifications and SDLC processes not enough for onboarding third-party vendors 37:40 Vendor checklist to safeguard your own business-critical applications 40:40 Summary 41:20 Rating security practices

Brace yourself for a mind-blowing session with Chad Lorenc, a true guru in the field. Join us as we embark on an incredible journey to discover the secrets behind effective IAM strategies. Chad will be sharing his invaluable insights, unraveling the complexities, and shedding light on best practices. 00:00 Teaser 00:53 Introduction 04:50 Why IAM needs attention 12:00 Recent evolution of IAM 14:10 Communicating security goals with stakeholders 19:25 ROI after buying a security tool 21:10 Access to production cloud accounts 28:30 IAM Checklist for growing fintech industries 31:40 Ensuring decent cloud security hygiene 37:35 Recommended resources to manage cloud security complexity 39:10 Next complex areas of cloud security that need attention 41:40 Summary 42:30 Rating security practices section

We can't wait to uncover groundbreaking strategies that will revolutionize how we approach security in a cloud-native environment and DevSecOps. Let's empower our teams to build safer, faster, and more resilient applications together! 00:00 Trailer 01:05 Introduction to guest 05:00 Transition from DevOps to DevSecOps 07:40 Challenges of DevSecOps 10:40 Finding the right balance between shift left and SDLC 14:55 Keeping the right culture for an organization 17:40 Frictionless collaboration between security teams and DevOps teams 21:10 Security for organizations that are just starting on the cloud 23:40 Role of automation in the security of a cloud-native environment 27:20 Is using open source a good practice? 31:50 Evolution of DevOps and DevSecOps 35:00 Emerging trends in Cloud-native environment 36:00 Summary 37:47 Rating Security practices

Ready to level up your knowledge on #DevOps and #DevSecOps? 🚀🎥 We've got an exclusive recording with the brilliant Matt Tesauro, where he takes us on an epic journey through the essential processes that will revolutionize your approach to software development and security. Featuring valuable insights, practical tips, and real-world examples, this recording is a must-watch for all tech enthusiasts looking to stay ahead in today's fast-paced digital world. Don't miss out! Get ready to embrace the power of #DevOps and #DevSecOps like never before! 📺📚 Watch, learn, and conquer! 💪✨ #knowledgeispower

In this Scale to Zero podcast episode, we had the very cool Francois Proulx! With his expertise in Software Supply Chain Security and Application Security, he shared some really deep and helpful thoughts in this field. He has also shared some resources for folks who are getting started. 01:10 Start and Introduction 06:00 Application Security is not a developer-first problem 10:20 Automating systems for small teams and large teams 16:00 Security areas to focus on for startups 19:40 Security risks around the supply chain 25:00 Assisting the security of the supply chain from a threat modeling perspective 28:30 Involving business management teams in security procurement 33:10 Resources to keep you up-to-date 35:10 Developer security checklist for using open-source libraries 39:00 Summary 40:00 Rating Security Practices

In episode 15 of Scaletozero season 2, We have Yotam Perkal with his vast knowledge of Vulnerability Management, Supply Chain Security, and SBOMs. Stay tuned to the episode and watch him share some really good thoughts from his experiences. Here are the references shared by our guest: Hidden Container Vulnerabilities = https://www.youtube.com/live/Eh6b1H_-U20?si=uByRfK2G_h-yYOyn&t=33132 OSV malicious packages advisories = https://osv.dev/list?ecosystem=&q=MAL OpenSSF LLM Open-Source Ecosystem research = https://www.rezilion.com/blog/report-the-risk-of-generative-ai-and-large-language-models/ Secure Supply Chain Consumption Framework = https://github.com/ossf/s2c2f SSVC framework = https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc

In this episode of Scale to Zero show, Kalyani shares some very insightful views on understanding and navigating the challenges involved in threat modeling and vulnerability management. She uses some really mind-boggling analogies to help us understand the very detailed concepts most easily. Stay tuned. 00:00 Start 01:15 Guest introduction 05:30 Introducing threat modeling in SDLC 09:29 Using the threat modeling process efficiently 14:50 Security Champions program short overview 16:00 Selecting the right threat model 19:55 Preparing the right threat modeling mindset 24:00 Cheat code for dealing with vulnerability management 28:30 Educating teams for continuous security monitoring 31:45 How security processes work with cloud 36:00 Right time for startups to think about security 39:15 Summary 40:14 Rating security practices

Dive deeper into practical strategies for defending a Kubernetes cluster so that we get an idea of how to defend a cluster and also some of the best practices to follow while defending clusters from attackers.

In episode 13 of Scale to Zero show, Kesten will help us to understand the role of asset management in the cloud and its importance, and how Kubernetes play a vital role in securing the cloud infrastructure. He also shares his views on how important it is to have a good asset inventory story. Stay tuned and gain valuable insights!

Join us as we dive deep into this transformative approach of the Restorative Justice Framework and learn how it can help create more harmonious work for cloud security leaders. Don't miss out on this enlightening conversation! Tune in now and be part of the change we all need. #restorativejustice #ConflictResolution #Changemakers #googlecloud #cloudsecurity #cybersecurity #devsecops #kubernetes #securitybreach #podcast #cloudsecurity