All episodes

Key topics on Access Control Podcast: Episode 14 - Securing CI/CD and Supply Chain

- What is CI/CD? CI/CD stands for continuous integration, continuous deployment.
- With regard to software supply chain problems, as with other similar problems, there's always the question of how long have we known about something versus how long has it been happening.
- Continuous deployment is important for remediation because the length of time to push a deployment impacts the duration of exposure to a given security problem.
- The SolarWinds incident was caused by a compromised build server and involved sophisticated loading of a...

Interview with Hisham Alhakim about FedRAMP, FISMA, Nist, FIPS, SBOM, Zero Trust, collaboration with engineers.

In this episode we go deep into SOC2, Cryptography and how to get started building a security practice.

For this 11th episode of Access Control Podcast, a podcast providing practical security advice for startups, Developer Relations Engineer at Teleport Ben Arent chats with Elvis Chan. Elvis is Assistant Special Agent in charge assigned to the San Francisco FBI Field office. Chan manages a squad responsible for investigating national security cyber matters and has over 14 years of experience in the bureau.

How Figma protects internal tools using off the shelf AWS services with Max Burkhardt, a security engineer at Figma

In this ninth episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Mario Loria. Mario is a Senior SRE at Carta who has been leading their move to Kubernetes and other cloud native technologies. Carta helps companies and investors manage their cap tables, valuations, investments, and equity plans. As users of Carta, we hope their security is top notch. Today we’ll be chatting about orchestrating Kubernetes, training teams on cloud native, and optimizing for the developer experience!

In this eighth episode of Access Control, a podcast providing practical security advice for startups, Developer Relations Engineer at Teleport Ben Arent chats with Andrew Martin, CEO of Control Plane. Control Plane is a London-based Kubernetes consultancy. Helping architect, install, audit, and secure Kubernetes clusters using Cloud Native technologies. Andrew was previously a DevOps Lead at the UK Home office and has helped lead teams implementing high-volume critical national infrastructure projects for the UK government. We’ll deep-dive into securing Kubernetes and strategies for partnering with the public sector.

Andrew is co-author of O'Reilly’s Hacking Kubernetes, a great book in progress...

In this seventh episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Ben Sadeghipour ( AKA (https://twitter.com/NahamSec ), Head of Hacker Education at https://www.hackerone.com/ and Hacker by night. This episode is a deep dive into how startups can leverage the power of crowd sourced hackers to find bugs and security issues in your apps. Ben Sadeghipour has over 685 vulnerabilities found in major sites such as Snapchat, AirBnB and even the U.S. Department of Defense, Hacker One helps companies by providing tools to help with response assessments and running their bug bounty programs.

Key Topics on Access Control Podcast: Episode 6 – HIPAA Compliance for Startups

- VerticalChange was founded to create impact for the social sector and
help its agencies digitize manual processes.
- VerticalChange provides a solution that combines CRM, analytics, and
dynamic form-building.
- Regulations like HIPAA, HITRUST, and FERPA are very strict, and agencies have to put in place many controls in order to comply.
- Startups in the healthcare space need to have someone who understands HIPAA and is willing to put the time in to write all the policies and procedures that need to be in place...

This episode is a deep dive with Julien Vehent about his book Securing DevOps: Security in the Cloud. We touch on security topics at Mozilla and Google GCP and provide updated advice on securing the cloud since its publication.

In this fifth episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Julien Vehent, Author of Securing DevOps and a security engineer at Google Cloud. Julien was previously on the Firefox Operations Security team, where he built and grew a remote DevSecOps team from the ground up. I picked up Julien's book a year...