oauth

This is our first of hopefully many videos to come, giving you a roundup of what you need to know this week in tech. This includes Microsoft's final 2023 patch, a recent Lazarus Group exploit, OAuth attacks, and flaws in both 5G modems and Bluetooth.

For full video of this episode, head over to our Youtube channel at http://youtube.com/@nyedisiam

Be sure to subscribe to the show on all podcast platforms and follow us on all social media @Nyedisiam 

This podcast is produced in conjunction with BeyondTrust.

Many of the security tools we use to protect ourselves and our organizations came into existence at a time before "the cloud" was a thing and certainly before hybrid working practices. Can we use the same tools in a different way, or do we need a new toolset? Or a whole new approach?

These questions and more are the subjects for discussion on the Tech Means Business podcast with our guest, Morey Haber, the Chief Security Officer at BeyondTrust. We talk about zero-trust, privileges and access policies, geofencing, and cloud privilege brokering.

Cloud Infrastructure Entitlement Management is a catchall term that covers policy-based access, identity management, privileged access, and much more – the full toolkit and approach that organizations migrating to the cloud need to protect themselves and their employees.

Continuous validation needn't mean re-authenticating every time we switch to a different application or service, yet it's still the way many cybersecurity teams think. Listen in to discover how new security methods protect better and empower users to work more efficiently.

The NIST Whitepaper on Zero-Trust is here: [PDF]
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf

BeyondTrust's information can be found here:
~https://www.beyondtrust.com/

Morey Haber's books are available here:
https://www.amazon.com/stores/Morey-J.-Haber/author/B078HDPHSN

Morey himself is here:
https://www.linkedin.com/in/mjhaber

Your host, Joe Green, appears courtesy of LinkedIn here:
https://www.linkedin.com/in/josephedwardgreen/

This interview was recorded for GOTO Unscripted.
gotopia.tech

Read the full transcription of this interview here

Jim Manico - Founder at Manicode Security & Co-Author of "Iron-Clad Java"
John Steven - Founding Principal at Aedify Security & CTO at Concourse Labs

DESCRIPTION
Security is a key topic in software. Lately, it has shifted from a security team responsibility to a task every single developer has to think about. Jim Manico, Founder and Secure Coding Educator at Manicode Security, and John Steven, the Founding Principal at Aedify Security, assess the evolution of the security role in order for developers to make the right decisions.

RECOMMENDED BOOKS
Jim Manico & August Detlefsen • Iron-Clad Java
Liz Rice • Container Security
Liz Rice • Kubernetes Security
Aaron Parecki • OAuth 2.0 Simplified
Aaron Parecki • OAuth 2.0 Servers
Aaron Parecki • The Little Book of OAuth 2.0 RFCs
Erdal Ozkaya • Cybersecurity: The Beginner's Guide
Richer & Sanso • OAuth 2 in Action
Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0

Twitter
LinkedIn
Facebook

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at gotopia.tech

SUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted almost daily.

Twitter
Instagram
LinkedIn
Facebook

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket: gotopia.tech

SUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted daily!

Guest Bio

Christos Matskas is a Senior Program Manager working as a Developer Advocate for the Microsoft Identity Division. His role involves helping developers write more secure and robust software, leveraging the power of Identity and Cloud.

Before joining Microsoft, he was a successful entrepreneur collaborating with companies such as MarkIT, Lockheed Martin, and Barclays. He routinely works with the Azure Active Directory, MS Graph, and Managed Identities and he’s got 15 yrs of experience writing Software on the .NET stack.

Christos contributes regularly to numerous OSS projects and works closely with the developer community to make the space bigger and better. He’s also a dad, husband, speaker, and passionate streamer.

Timestamps

• 0:45 Speakers Introduction
• 1:37 Christos typical day
• 3:12 The transformation of Cloud Advocacy
• 7:08 Which accounts to follow on TikTok/Discord
• 8:51 External and Internal communication
• 13:21 Managed Identities
• 19:47 Microsoft.Identity.Web Library
• 23:47 Securing Cloud Identity in the future
• 29:57 Managed Identity in Cosmos DB
• 32:29 Future of Tech
• 37:30 Diversity and inclusion
• 40:49 Community
• 42:05 Episode Wrap-up

Connect with Christos on:

• https://cmatskas.com
• https://twitter.com/christosmatskas
• https://www.linkedin.com/in/christosmatskas/
• https://www.instagram.com/cmatskas/?hl=en
• https://github.com/cmatskas

Connect with Cloud Gossip on:

• https://www.cloudgossip.net
• https://www.linkedin.com/company/cloud-gossip
• https://twitter.com/CloudGossipnet

Connect with Annie on:

• https://twitter.com/AnnieTalvasto
• https://www.linkedin.com/in/talvasto​/

Connect with Karl on:

• https://twitter.com/karlgots
• https://www.linkedin.com/in/karlots​/

Thanks for listening to Cloud Gossip! You can find us from our website CloudGossip.net. 

Please leave us a review and subscribe to us at iTunes, Google, or Spotify!