100% SIGNAL PODCAST

There are great stories in the security industry that aren’t being told. Fascinating people who fly below the radar and aren’t being heard. We know because we encounter them in hallways, hotel lobbies and just about everywhere imaginable across the globe. Everytime we think “I wish I had recorded that conversation so that everyone could hear it…” Our goal with Security Voices is to provide a place for clear-headed dialogue with great people that’s unencumbered by the hyperbole and shouting that’s far too common in security circles. We don’t have anything against sponsors or sales pitches, but they run counter to our goal of cutting through the noise,  so we don’t have either. We’re aiming for 100% clear signal. 

Got feedback? Drop us an email: info@securityvoices.org

120010703_620274071963940_39661626348757

33/ ZACH MUSGRAVE 

Engineering Manager, Infrastructure Security - Yelp

In our 1st episode of the cloud sec series, Teri provided an expert’s broad view of what’s happening with security in the public cloud. In this episode, Yelp’s Zach Musgrave does the opposite: we go into the trenches to understand what it takes to protect a fully cloud native business on a daily basis.

 

While Yelp was born in ‘04, 2 years before Amazon launched its first AWS service, it started its cloud native journey in 2013.  Their early transition makes the company one of the longest tenured organizations who have defended a cloud native business at scale. Zach shares the fundamentals of how they work, from security team org structure and success measurement to key relationships across the company.  We dig into the 2 different but critical aspects of security: 1) protecting the infrastructure (people & systems) and 2) policing the Yelp ecosystem itself (defending business operations).

 

Zach explains how DevSecOps at Yelp was adopted not out of buzzword compliance but plain necessity: the need to safeguard 500+ microservices in production simply breaks a traditional security model. We explore some of the misconceptions with DevSecOps and the amount of care and feeding  it takes to make it successful.  We also cover  Yelp’s tooling which centers on generous amounts of open source and their own projects including their current work on the Enhanced Berkeley Packet Filter (eBPF).

 

We wrap up with some strong feelings about multi-cloud and readiness for the zombie apocalypse (they’re related, trust us) alongside forecasting the future for security tech as the cloud native tsunami rolls on. Spoiler: there’s no reprieve for old school network security.

 

About Zach

Zach Musgrave leads the Infrastructure Security and Security Platform teams at Yelp. These teams manage risk, conduct incident response, and build systems to improve security posture. Covered mandates include data security, AWS cloud security, automated scanning, intrusion detection, and internal access control.

 

Before switching to security, Zach spent time as an engineer doing performance optimization, devops, observability, and various flavors of data engineering. Throughout it all, he has come to have a deep appreciation for the intricate interplay between business needs and risk prioritization within a rapidly evolving organization.

 

Zach received an M.S. in Computer Science and Engineering from the University of Michigan. Back in the day, he was an English major.

teri_radichel.jpeg

32/ TERI RADICHEL

Chief Executive Officer, 2nd Sight Lab

Initially led by software as a service (SaaS), the transition to the public cloud is one of the most important changes we’ve witnessed in information technology to date.  From the early days of SaaS to the current stage where adoption of infrastructure, platform and function as a service (IaaS, PaaS, FaaS) are catching on like wildfire, there’s an increasing awareness that the end state of this shift few aspects of how we do our jobs will be unchanged.  This Security Voices episode is the first of five where we dig into the details of how the public cloud is transforming cybersecurity.

 

Teri Radichel joins us to explain key concepts in public cloud technology, the differences from on-premises, migration options and more. If you’ve ever wondered what is meant by “lift and shift” or “cloud native”, this is for you.  Teri’s background as a trainer, author and researcher shines through as she describes both broad concepts in easily understood terms but she also doesn’t spare the details for those who are already cloud savvy.

 

Beyond the core concepts, Teri compares and contrasts the security models across Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP).  As she walks us through the differences between the three platforms, you get a sense of the complexity faced by those straddling an on-premise environment as well as the public cloud – not to mention several clouds at once.  From networking to identity and access management models, no cloud service provider is quite like the other.  Moreover, the fierce competition between Google, Microsoft and Amazon is driving such rapid changes in their platforms that any grip you have on exactly how things are is a slippery one at best.

 

In spite of the challenges, Teri explains her belief that one can achieve better security in the cloud than on-premises. Doing so requires thinking differently, however, such as Teri’s advice to handle data as we would handle money. We hope this episode lays the groundwork for you for understanding the current state of public cloud security as in the next show we dive into the trenches with a cloud security practitioner at Yelp.

About Teri

Teri Radichel has helped 1000's of companies with cloud security through consulting, writing, research, and training. Teri is the founding organizer of the Seattle AWS Architects and Engineers Meetup which has nearly 3000 members. She helped Capital One move production workloads to AWS. At another company, Teri led a team of 30 people in two counties and architected a SAAS IOT solution for firewalls connecting to the cloud. Her team implemented a secure CI/CD pipeline based on her whitepaper on event-driven security. She then moved into security research, writing articles for publications such as Light Reading and Infosecurity Magazine, and reverse engineering malware.

Teri is the CEO of 2nd Sight Lab and has helped companies from startups to Fortune 100 with cloud security assessments, pentests, audits, and training. Teri presents on cloud security at conferences such as RSA, AWS re:Invent, AWS re:Inforce, IANS Security Forums, Countermeasure, SANS Networking, SANS Cloud Summit, and BSides. She received the SANS Difference Makers Award for cloud security innovation. She writes a blog called Cloud Security and has written a book, Cybersecurity for Executives. You can follow her on Twitter @teriradichel.

Cleared%20Jobs-Kathleen%20Smith-0807%20(

31/ KATHLEEN SMITH

Chief Marketing Officer, ClearedJobs

If you’ve been laid off, furloughed or are just plain tired of everything, this episode is for you. Kathleen Smith, the longstanding cyber career expert at B-Sides (and beyond) joins us for a dialogue on what’s happening in the security job landscape. 

 

Lost your job? Kathleen explains a tried and true process for recovery, reflection and finding your next gig. Not to mention a few surprising options for those who aren’t afraid of a little adventure, such as the military reserves or a job in one of the often overlooked national laboratories.

 

In a rare moment of good news this year, Kathleen explains how COVID-19 has driven an increase in cyber security jobs both in the government and commercial sectors in response to a recent increase in threat activity.  If you’re willing to put in the extra effort (and put down your cannabis), she also describes what it takes to score a government clearance and gain access to an entirely new pool of opportunities.

 

Once a coveted perk, remote work has blown the job market wide open for all. Roles once restricted to those within a certain location are now broadly accessible. However, working far away from your colleagues in your house has serious implications for your social relationships, energy and health  that many are only beginning to understand. Kathleen breaks down how to recreate boundaries between one’s personal and professional life, a skill she learned the hard way during her time in non-profits such as the American Red Cross and World Wildlife Fund.

 

Before wrapping up, Kathleen talks directly to leaders and how she has adapted her style in 2020 to meet the extraordinary challenge while avoiding burnout. We hope our hour plus conversation with Kathleen is a welcome break from whatever you’re facing right now, providing you with help in your current job or a fresh perspective on what to do next.

About Kathleen

As Chief Marketing Officer for clearedjobs.net/ cybersecjobs.com, both veteran owned companies, Kathleen Smith spearheads the community-building, and communications outreach initiatives catering to cybersecurity communities. Kathleen provides a leadership role for many community organizations and conferences to include BSides Las Vegas’ two day career track; Women in Cybersecurity, National Conference, DEFCON’s Career Village and Women in Cybersecurity Celebration to name a few.

At RSA 2020, Kathleen was awarded the Recruiter Ally of the Year award for her work in supporting women in the cybersecurity professions. Kathleen is well respected within the recruiting community and is the co-founder and past President of recruitDC, the largest community of recruiters in the Washington DC area.

  • Facebook
  • Twitter

© 2019 Security Voices.org