Access Control

'Access Control,' where we explore the intricate landscape of cryptography and cybersecurity with our esteemed guest, Filippo Valsorda, a distinguished cryptography engineer and an influential open source maintainer. For this 21st episode of Access Control Podcast, a podcast providing practical security advice for startups, Director of Developer Relations at Teleport Ben Arent chats with Filippo Valsorda. Filippo is a cryptography engineer and open-source maintainer. From 2018 to 2022, he worked on the Go Team at Google and was in charge of Go Security. In 2022, he became a full-time open source maintainer and still maintains the cryptography packages that ship as part of the Go Standard library along with maintaining a set of cryptographic tools, such as mkcert, and the file encryption tool, Age. This episode covers cryptography, trust, security and open source.

A live interview with Ev Kontsevoy about the history of access controls and the future of identity-native infrastructure access.

is an enlightening podcast that delves into the world of the Open Computing Facility (OCF) at UC Berkeley. In this episode, the General Manager of OCF provides a detailed overview of the organization and its various roles, including running several software mirrors in the Bay Area. The discussion touches upon the mechanism of how users are automatically opted into the nearest geographical mirror and elaborates on the myriad other services that the lab supports. A significant portion of the conversation is dedicated to the open source projects run by the OCF, with a specific focus on the core services. The General Manager discusses the key infrastructure and security concerns faced by the organization, and how they employ open-source Teleport to address these issues. The podcast delves into the ongoing migration from the legacy tech stack to Teleport, highlighting the anticipated benefits of this transition. Listeners gain insights into the process by which OCF prioritizes which technology services to offer to the UC Berkeley community. The episode also shares success stories of how these services have positively impacted the community. Looking ahead, the General Manager sheds light on the potential evolution of the OCF, exciting new initiatives, and what might be next for them post-Berkeley. The podcast concludes with practical advice for other university labs and startups to improve access control, making this episode a must-listen for those interested in open computing and technology management in an academic setting.

For this 18th episode of Access Control Podcast, a podcast providing practical security advice for startups, Developer Relations Manager at Teleport Ben Arent chats with Yash Kosaraju. Yash is Chief Security Officer at SendBird. Sendbird's mission is to build connections in a digital world, providing APIs and services for chat products with API and tools to integrate into apps. This episode dives into how teams can build multi-layered security systems to go beyond zero-trust to let teams do their work but also provide checks

This panel will discuss how teams have scaled Teleport to support thousands of users and hundreds of servers.

Today we’ll dive into how to plan, build and execute a platform team to help support a growing organization; while keeping systems as secure as possible.

Ben Arent interviews Alyssa Miller, a seasoned hacker, highly experienced security executive, and BISO at S&P Global Ratings.

Key topics on Access Control Podcast: Episode 14 - Securing CI/CD and Supply Chain - What is CI/CD? CI/CD stands for continuous integration, continuous deployment. - With regard to software supply chain problems, as with other similar problems, there's always the question of how long have we known about something versus how long has it been happening. - Continuous deployment is important for remediation because the length of time to push a deployment impacts the duration of exposure to a given security problem. - The SolarWinds incident was caused by a compromised build server and involved sophisticated loading of a backdoor into the deployed Orion system. - Prior to recent security incidents, traditional CI/CD's focussed around image and artifact scanning. Securing Tokens and Build Infrastructure have been a key part of the solution to keep CI/CD secure. - As companies string together a large number of tools, it's important for them to ask: What is the security model we have here? We'll discuss this in detail with this eposide.

Interview with Hisham Alhakim about FedRAMP, FISMA, Nist, FIPS, SBOM, Zero Trust, collaboration with engineers.

In this episode we go deep into SOC2, Cryptography and how to get started building a security practice.

For this 11th episode of Access Control Podcast, a podcast providing practical security advice for startups, Developer Relations Engineer at Teleport Ben Arent chats with Elvis Chan. Elvis is Assistant Special Agent in charge assigned to the San Francisco FBI Field office. Chan manages a squad responsible for investigating national security cyber matters and has over 14 years of experience in the bureau.

How Figma protects internal tools using off the shelf AWS services with Max Burkhardt, a security engineer at Figma

In this ninth episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Mario Loria. Mario is a Senior SRE at Carta who has been leading their move to Kubernetes and other cloud native technologies. Carta helps companies and investors manage their cap tables, valuations, investments, and equity plans. As users of Carta, we hope their security is top notch. Today we’ll be chatting about orchestrating Kubernetes, training teams on cloud native, and optimizing for the developer experience!

In this eighth episode of Access Control, a podcast providing practical security advice for startups, Developer Relations Engineer at Teleport Ben Arent chats with Andrew Martin, CEO of Control Plane. Control Plane is a London-based Kubernetes consultancy. Helping architect, install, audit, and secure Kubernetes clusters using Cloud Native technologies. Andrew was previously a DevOps Lead at the UK Home office and has helped lead teams implementing high-volume critical national infrastructure projects for the UK government. We’ll deep-dive into securing Kubernetes and strategies for partnering with the public sector. Andrew is co-author of O'Reilly’s Hacking Kubernetes, a great book in progress (and due November 21) to better understand the Kubernetes defaults, Kubernetes threat models and how you can protect against those attacks.

In this seventh episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Ben Sadeghipour ( AKA (https://twitter.com/NahamSec ), Head of Hacker Education at https://www.hackerone.com/ and Hacker by night. This episode is a deep dive into how startups can leverage the power of crowd sourced hackers to find bugs and security issues in your apps. Ben Sadeghipour has over 685 vulnerabilities found in major sites such as Snapchat, AirBnB and even the U.S. Department of Defense, Hacker One helps companies by providing tools to help with response assessments and running their bug bounty programs.

Key Topics on Access Control Podcast: Episode 6 – HIPAA Compliance for Startups - VerticalChange was founded to create impact for the social sector and help its agencies digitize manual processes. - VerticalChange provides a solution that combines CRM, analytics, and dynamic form-building. - Regulations like HIPAA, HITRUST, and FERPA are very strict, and agencies have to put in place many controls in order to comply. - Startups in the healthcare space need to have someone who understands HIPAA and is willing to put the time in to write all the policies and procedures that need to be in place to meet security and privacy rules. - Using a combination of CloudTrail, Auth0 logs, and Teleport logs, VerticalChange is able to create a log flow and see what people are doing within the application.

This episode is a deep dive with Julien Vehent about his book Securing DevOps: Security in the Cloud. We touch on security topics at Mozilla and Google GCP and provide updated advice on securing the cloud since its publication. In this fifth episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Julien Vehent, Author of Securing DevOps and a security engineer at Google Cloud. Julien was previously on the Firefox Operations Security team, where he built and grew a remote DevSecOps team from the ground up. I picked up Julien's book a year ago, and it's loaded with practical tips for bringing security to DevOps, making Julien an ideal guest for today's episode. This episode isn’t sponsored by Julien or Manning Press, but I would highly recommend picking up a copy. We’ll have a link to the book in the show notes.

In this fourth episode of Access Control, a podcast providing practical security advice for startups, Developer Relations Engineer at Teleport Ben Arent chats with [Adam Baldwin](https://www.linkedin.com/in/evilpacket/), aka [evilpacket](https://twitter.com/adam_baldwin), Offensive Security at Auth0. Adam was previously the VP of security at npm and founder of ^Lift Security, an application and penetration testing company focused on the JavaScript Ecosystem. Adam is a two-time DEFCON Black Badge holder.

In this third episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Luca Carettoni, co-founder of Doyensec. Doyensec is an independent security research and development company focused on vulnerability discovery and remediation. The Teleport team has been working with Doyensec for the last two years and have worked together on security assessment for Teleport. In this episode, we’ll get a pentester's view on the current state of startup security.

In this second episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Dave Mangot, Principal at Mangoteque, a consultancy focused on helping companies become better at delivering software. Dave is prolific in the DevOps space and has helped improve the lives of thousands of IT Professionals through his best-selling video course, Mastering DevOps. - Not just developers and operations, but the entire business, needs to deliver value to customers. - DevOps is a movement — a way of looking at delivering software or delivering anything else. - Security is a huge, important part of delivering software — not building it in, early on, risks losing customers later when issues arise. - Efficiently increasing feedback loops and continual experimentation, to ensure testing prior to deployment, is a win for business goals.