Tim Burks
Links Posts Comments Projects Talks Play Music App Rankings Say Hi!
Imported from pinboard.in/u:timburks

Links tagged 'security'

(639) IAM Confused: Decoding 8 Real World Cloud Identity Breaches - Maya Levine, Sysdig - YouTube 🚀
https://www.youtube.com/watch?v=BAswt5He4Sk&t=832s

There's a little bit of repetition in these eight stories, but each one adds nuance and emphasizes the importance of proactive security.

It introduced a new term to me: CIEM - Cloud Infrastructure Entitlement and Management

https://events.linuxfoundation.org/cloudnativesecuritycon-north-america/program/schedule/

Aug 5, 2024 (17:02 UTC) mayalevine sysdig security breaches cloudnativesecuritycon

A CISO's Guide to Avoiding Jail After a Breach 🚀
https://www.darkreading.com/cybersecurity-operations/a-cisos-guide-to-avoiding-jail-after-a-breach

Why stop at the CISO? If anyone at a company should be held criminally responsible for its actions, it should start with the CEO.

Jul 7, 2024 (16:09 UTC) law security

Sequoia-backed security startup Vanta will see its valuation soar past $2 billion in new funding round, sources say 🚀
https://www.businessinsider.com/vanta-valuation-2-billion-in-new-funding-round-2024-6

Wow, what exactly do they do?

Vanta, a startup that helps companies comply with security standards, is set to be valued at more than $2 billion in a new insider funding round, multiple sources told Business Insider.

Vanta was last valued at $1.6 billion in a 2022 funding round led by Craft Ventures on October 12, 2022, according to Forbes.

CrowdStrike Holdings, Atlassian Ventures, HubSpot Ventures, Workday Ventures, Acrew Capital, Pioneer Fund, ASDF Ventures, Zag Capital, Sequoia Capital, Frontline Ventures, Y Combinator and LAUNCH Fund also participated in the last round.

Christina Cacioppo founded Vanta in 2018 in the wake of several high-profile data breaches. She previously worked in product management at Dropbox and was an analyst at Union Square Ventures.

Jun 21, 2024 (00:47 UTC) vanta startups security

Developer Ecosystems for Software Safety – Communications of the ACM 🚀
https://cacm.acm.org/practice/developer-ecosystems-for-software-safety/

Describes practices used at Google to improve software quality and security.

Safe deployment practices:

  • Cloud platforms provide higher-level abstractions and consistency.

  • Config-as-code replaces GUI- and CLI-driven configuration with a process that is more trackable and accountable.

  • Zero Touch Prod and safe proxies protect systems from human error.

At Google, we sometimes say, "Software engineering is programming integrated over time."

...Google addresses this challenge by designing a developer ecosystem to ensure that all services developed and deployed in this environment have the desired properties. We achieve high levels of assurance by applying the principle of “Design for Understandability” — Key developer ecosystem components are designed to ensure the property for any arbitrary application, assuming only that application code is well-typed, passes conformance checks, and satisfies basic assumptions.

Jun 20, 2024 (16:27 UTC) google quality security cacm christophkern

Hacking Millions of Modems (and Investigating Who Hacked My Modem) 🚀
https://samcurry.net/hacking-millions-of-modems

A very detailed security analysis story.

Jun 16, 2024 (13:43 UTC) hacking security

The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever | WIRED 🚀
https://www.wired.com/story/snowflake-breach-advanced-auto-parts-lendingtree/

Single-factor auth is dead.

Jun 6, 2024 (20:37 UTC) snowflake breaches security

recentadvice aftershokz agents agi ai alienhominid alltheplaces android apimanagement apis apisyouwonthate appengine apple art auden automation avro badshah beastieboys benfolds bios blogging boba bobdylan books breaches breakfast brevity brunopedro bsky buf bullshit cacm cameronblevins capitalism changesets chatgpt cherylwaters christophkern cli cloud cloudrun cncf coffee commenting community companies concerts conferences connect cplusplus css dart dartmouth dashboards data databases datalakes datapoisoning debugging defunkt design devex devsite diet dirtywave documentation easteregg eda editions editors edm eks empire endpoints engineering envoy events faith family finch flaxseed frost fruit ftc gallbladder games gateway gateways gcp geekbench geo girard github gloo go google googlemaps gorilla gregorymone grpc grpcweb hacking health healthchecks heartworms help heresy hichord history homelab http hype hypebusting iceberg ideas imgoing india innerengineering inonshkedy integrations interviews iusethis jamesmurphy java jennifergovola jokes json juliaangwin k8s kafka kagi kaitenzushi keithharing kelseyhightower kentstate kexp kiosks kubernetes law lcdsoundsystem licenses linkblogs llms localfirst locations lucagalente lyrics m8 malloryhaigh martinkleppman matduggan materialdesign mccarthy meetups meridethwhittaker meta microsoft middleware minipcs minneapolis minsky museum music nat networking nginx npr nutrition nyt openapi opensource openstreetmap operators oreilly otobokebeaver overture pancakes performances pescatarian peterdenning pharisees pinboard pinkpantheress platformcon platformengineering platforms podcasts poetry portland portugaltheman postgis postideas privacy production productreviews programming prost protobuf protocolbuffers protos pubsub python quality ransomware raphaelpinson recipes repos rss rtree rubrik rust saas sabotage sadhguru santaclarauniversity score scrapers scu sdks seahorse search security sfmoma signal snl snowflake software songs soup spotify spotifyengineering sqlite startups steelydan storage strawberries styleguides sudorandom super73 sushi synthesizer synthhistory teams teensy tiles timbowmanjr timburks tinydesk toddlyons tonic trackers travel turing unkey usps vanta vegan via:license victortangermann videos vulnerability walking web webarchive webinars weezer wikimedia williamdalrymple wix workflows workouts yoga youtube zed zombiezen