From Orange Book to Identity-Native

'Access Control,' where we explore the intricate landscape of cryptography and cybersecurity with our esteemed guest, Filippo Valsorda, a distinguished cryptography engineer and an influential open source maintainer. For this 21st episode of Access Control Podcast, a podcast providing practical security advice for startups, Director of Developer Relations at Teleport Ben Arent chats with Filippo Valsorda. Filippo is a cryptography engineer and open-source maintainer. From 2018 to 2022, he worked on the Go Team at Google and was in charge of Go Security. In 2022, he became a full-time open source maintainer and still maintains the cryptography packages that ship as part of the Go Standard library along with maintaining a set of cryptographic tools, such as mkcert, and the file encryption tool, Age. This episode covers cryptography, trust, security and open source.

A live interview with Ev Kontsevoy about the history of access controls and the future of identity-native infrastructure access.

is an enlightening podcast that delves into the world of the Open Computing Facility (OCF) at UC Berkeley. In this episode, the General Manager of OCF provides a detailed overview of the organization and its various roles, including running several software mirrors in the Bay Area. The discussion touches upon the mechanism of how users are automatically opted into the nearest geographical mirror and elaborates on the myriad other services that the lab supports. A significant portion of the conversation is dedicated to the open source projects run by the OCF, with a specific focus on the core services. The General Manager discusses the key infrastructure and security concerns faced by the organization, and how they employ open-source Teleport to address these issues. The podcast delves into the ongoing migration from the legacy tech stack to Teleport, highlighting the anticipated benefits of this transition. Listeners gain insights into the process by which OCF prioritizes which technology services to offer to the UC Berkeley community. The episode also shares success stories of how these services have positively impacted the community. Looking ahead, the General Manager sheds light on the potential evolution of the OCF, exciting new initiatives, and what might be next for them post-Berkeley. The podcast concludes with practical advice for other university labs and startups to improve access control, making this episode a must-listen for those interested in open computing and technology management in an academic setting.

For this 18th episode of Access Control Podcast, a podcast providing practical security advice for startups, Developer Relations Manager at Teleport Ben Arent chats with Yash Kosaraju. Yash is Chief Security Officer at SendBird. Sendbird's mission is to build connections in a digital world, providing APIs and services for chat products with API and tools to integrate into apps. This episode dives into how teams can build multi-layered security systems to go beyond zero-trust to let teams do their work but also provide checks

This panel will discuss how teams have scaled Teleport to support thousands of users and hundreds of servers.

Today we’ll dive into how to plan, build and execute a platform team to help support a growing organization; while keeping systems as secure as possible.

Ben Arent interviews Alyssa Miller, a seasoned hacker, highly experienced security executive, and BISO at S&P Global Ratings.

Key topics on Access Control Podcast: Episode 14 - Securing CI/CD and Supply Chain - What is CI/CD? CI/CD stands for continuous integration, continuous deployment. - With regard to software supply chain problems, as with other similar problems, there's always the question of how long have we known about something versus how long has it been happening. - Continuous deployment is important for remediation because the length of time to push a deployment impacts the duration of exposure to a given security problem. - The SolarWinds incident was caused by a compromised build server and involved sophisticated loading of a backdoor into the deployed Orion system. - Prior to recent security incidents, traditional CI/CD's focussed around image and artifact scanning. Securing Tokens and Build Infrastructure have been a key part of the solution to keep CI/CD secure. - As companies string together a large number of tools, it's important for them to ask: What is the security model we have here? We'll discuss this in detail with this eposide.

Interview with Hisham Alhakim about FedRAMP, FISMA, Nist, FIPS, SBOM, Zero Trust, collaboration with engineers.

In this episode we go deep into SOC2, Cryptography and how to get started building a security practice.