It didn’t all change in March 2020. Not really. The UK high street has been in the throes of a gradual revolution for decades. From the rise of ecommerce, to the birth of mobile, social commerce, and a growing emphasis on experience, change has been underway for a while. In fact for many, the pandemic has acted as a wake-up call. Digital transformation was no longer a ‘nice to have’ but a matter of survival. Necessity sparked innovation and customers are enjoying more flexibility and conveni ...
…
continue reading
محتوای ارائه شده توسط O'Reilly Media. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط O'Reilly Media یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
مشابه O'Reilly Security Podcast - O'Reilly Media Podcast
Custom Manufacturing Industry podcast is an entrepreneurship and motivational podcast on all platforms, hosted by Aaron Clippinger. Being CEO of multiple companies including the signage industry and the software industry, Aaron has over 20 years of consulting and business management. His software has grown internationally and with over a billion dollars annually going through the software. Using his Accounting degree, Aaron will be talking about his organizational ways to get things done. Hi ...
…
continue reading
Ever wondered what makes great go-to-market leaders grow, even when the going gets tough? We have, too. And we’re on a mission to uncover the magic that makes that growth happen. This is Go-to-Market Magic, the show where we talk to go-to-market leaders and visionaries about the “aha!” moments they experience and the pivotal decisions they’ve made, all in the name of growth. And we’re not just talking about revenue growth that goes up and to the right — we’ll also discuss how they improve th ...
…
continue reading
The Partnership Economy explores the power of partnerships through candid conversations and stories with industry leaders. Our hosts, David A. Yovanno, CEO and Todd Crawford, Co-founder, of impact.com, unpack the future of partnerships as a lever for scale and an opportunity to put the consumer first.
…
continue reading
Bitcoin groundbreakers share personal stories of how Bitcoin is changing lives for the better. Host Mauricio Di Bartolomeo, co-founder and CSO of Ledn, speaks with leading Bitcoin voices, entrepreneurs, and human rights advocates to hear their unique journey and practical real-world examples of how Bitcoin has made a positive impact in their lives. Brought to you by Ledn, a leading financial services company built for Bitcoin & digital assets. Ledn offers a suite of lending, saving and tradi ...
…
continue reading
Welcome to the What’s Next! Podcast. I’ve met so many brilliant people as I traveled the globe and have had some fascinating conversations that I’ve wished had been recorded so I could share them with you - this podcast was a way for me to recreate those moments and let you in on some fantastic insights. My current conversations center around one objective: what's next for companies and individuals as they look to innovate and grow. I hope these conversations inspire you as much as they have ...
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
How do I start an online business? How do I build a brand online? How do I get traffic and attention to my online business? The biggest question is, can I start a business online and replace my current JOB? Welcome to The Rock Your Brand podcast show where we answer ALL of these questions and a ton MORE! Scott Voelker, the host will share with you everything you need to know and help you to build a Future Proof Business that will allow you the ultimate Freedom. Scott shares tips and strategi ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Wharton faculty and industry leaders discuss their latest research, books, and relevant business topics. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
Susan Sons on building security from first principles
Manage episode 191103666 series 1211161
محتوای ارائه شده توسط O'Reilly Media. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط O'Reilly Media یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
The O’Reilly Security Podcast: Recruiting and building future open source maintainers, how speed and security aren’t mutually exclusive, and identifying and defining first principles for security.
In this episode of the Security Podcast, O’Reilly’s Mac Slocum talks with Susan Sons, senior systems analyst for the Center for Applied Cybersecurity Research (CACR) at Indiana University. They discuss how she initially got involved with fixing the open source Network Time Protocol (NTP) project, recruiting and training new people to help maintain open source projects like NTP, and how security needn’t be an impediment to organizations moving quickly.
Here are some highlights:
Recruiting to save the internet
The terrifying thing about infrastructure software in particular is that paying your internet service provider (ISP) bill covers all the cabling that runs to your home or business; the people who work at the ISP; and their routing equipment, power, billing systems, and marketing—but it doesn't cover the software that makes the internet work. That is maintained almost entirely by aging volunteers, and we're not seeing a new cadre of people stepping up and taking over their projects. What we're seeing is ones and twos of volunteers who are hanging on but burning out while trying to do this in addition to a full-time job, or are doing it instead of a full-time job and should be retired, or are retired. It's just not meeting the current needs.
Early- and mid-career programmers and sysadmins say, 'I'm going to go work on this really cool user application. It feels safer.' They don't work on the core of the internet. Ensuring the future of the internet and infrastructure software is partly a matter of funding (in my O’Reilly Security talk on saving time, I talk about a few places you can donate to help with that, including ICEI and CACR), and partly a matter of recruiting people who are already out there in the programming world to get interested in systems programming and learn to work on this. I'm willing to teach. I have an Internet Relay Chat (IRC) channel set up on freenode called #newguard. Anyone can show up and get mentorship, but we desperately need more people.
Building for both speed and security
Security only slows you down when you have an insecure product, not enough developer resources, not enough testing infrastructure, not enough infrastructure to roll out patches quickly and safely. When your programming teams have the infrastructure and scaffolding around software they need to roll out patches easily and quickly—when security has been built into your software architecture instead of plastered on afterward, and the architecture itself is compartmented and fault tolerant and has minimization taken into account—security doesn't hinder you. But before you build, you have to take a breath and say, 'How am I going to build this in?' or 'I’m going to stop doing what I’m doing, and refactor what I should have built in from the beginning.' That takes a long view rather than short-term planning.
Identifying and defining first principles for security
I worked with colleagues at the Indiana University Center for Applied Cybersecurity Research (CACR) to develop the Information Security Practice Principles (ISPP). In essence, the ISPP project identifies and defines seven rules that create a mental model for securing any technology. Seven may sound like too few, but it dates back to rules of warfare and Sun Tzu and how to protect things and how to make things resilient. I do a lot of work from first principles. Part of my role is that I’m called in when we don't know what we have yet or when something's a disaster and we need to triage. Best practice lists come from somewhere, but why do we teach people just to check off best practice lists without questioning them? If we teach more people to work from first principles, we can have more mature discussions, we can actually get our C-suite or other leadership involved because we can talk in concepts that they understand. Additionally, we can make decisions about things that don't have best practice checklists.
43 قسمت
اشتراک گذاری
Manage episode 191103666 series 1211161
محتوای ارائه شده توسط O'Reilly Media. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط O'Reilly Media یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
The O’Reilly Security Podcast: Recruiting and building future open source maintainers, how speed and security aren’t mutually exclusive, and identifying and defining first principles for security.
In this episode of the Security Podcast, O’Reilly’s Mac Slocum talks with Susan Sons, senior systems analyst for the Center for Applied Cybersecurity Research (CACR) at Indiana University. They discuss how she initially got involved with fixing the open source Network Time Protocol (NTP) project, recruiting and training new people to help maintain open source projects like NTP, and how security needn’t be an impediment to organizations moving quickly.
Here are some highlights:
Recruiting to save the internet
The terrifying thing about infrastructure software in particular is that paying your internet service provider (ISP) bill covers all the cabling that runs to your home or business; the people who work at the ISP; and their routing equipment, power, billing systems, and marketing—but it doesn't cover the software that makes the internet work. That is maintained almost entirely by aging volunteers, and we're not seeing a new cadre of people stepping up and taking over their projects. What we're seeing is ones and twos of volunteers who are hanging on but burning out while trying to do this in addition to a full-time job, or are doing it instead of a full-time job and should be retired, or are retired. It's just not meeting the current needs.
Early- and mid-career programmers and sysadmins say, 'I'm going to go work on this really cool user application. It feels safer.' They don't work on the core of the internet. Ensuring the future of the internet and infrastructure software is partly a matter of funding (in my O’Reilly Security talk on saving time, I talk about a few places you can donate to help with that, including ICEI and CACR), and partly a matter of recruiting people who are already out there in the programming world to get interested in systems programming and learn to work on this. I'm willing to teach. I have an Internet Relay Chat (IRC) channel set up on freenode called #newguard. Anyone can show up and get mentorship, but we desperately need more people.
Building for both speed and security
Security only slows you down when you have an insecure product, not enough developer resources, not enough testing infrastructure, not enough infrastructure to roll out patches quickly and safely. When your programming teams have the infrastructure and scaffolding around software they need to roll out patches easily and quickly—when security has been built into your software architecture instead of plastered on afterward, and the architecture itself is compartmented and fault tolerant and has minimization taken into account—security doesn't hinder you. But before you build, you have to take a breath and say, 'How am I going to build this in?' or 'I’m going to stop doing what I’m doing, and refactor what I should have built in from the beginning.' That takes a long view rather than short-term planning.
Identifying and defining first principles for security
I worked with colleagues at the Indiana University Center for Applied Cybersecurity Research (CACR) to develop the Information Security Practice Principles (ISPP). In essence, the ISPP project identifies and defines seven rules that create a mental model for securing any technology. Seven may sound like too few, but it dates back to rules of warfare and Sun Tzu and how to protect things and how to make things resilient. I do a lot of work from first principles. Part of my role is that I’m called in when we don't know what we have yet or when something's a disaster and we need to triage. Best practice lists come from somewhere, but why do we teach people just to check off best practice lists without questioning them? If we teach more people to work from first principles, we can have more mature discussions, we can actually get our C-suite or other leadership involved because we can talk in concepts that they understand. Additionally, we can make decisions about things that don't have best practice checklists.
43 قسمت
همه قسمت ها
×
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
مشابه O'Reilly Security Podcast - O'Reilly Media Podcast
It didn’t all change in March 2020. Not really. The UK high street has been in the throes of a gradual revolution for decades. From the rise of ecommerce, to the birth of mobile, social commerce, and a growing emphasis on experience, change has been underway for a while. In fact for many, the pandemic has acted as a wake-up call. Digital transformation was no longer a ‘nice to have’ but a matter of survival. Necessity sparked innovation and customers are enjoying more flexibility and conveni ...
…
continue reading
Custom Manufacturing Industry podcast is an entrepreneurship and motivational podcast on all platforms, hosted by Aaron Clippinger. Being CEO of multiple companies including the signage industry and the software industry, Aaron has over 20 years of consulting and business management. His software has grown internationally and with over a billion dollars annually going through the software. Using his Accounting degree, Aaron will be talking about his organizational ways to get things done. Hi ...
…
continue reading
Ever wondered what makes great go-to-market leaders grow, even when the going gets tough? We have, too. And we’re on a mission to uncover the magic that makes that growth happen. This is Go-to-Market Magic, the show where we talk to go-to-market leaders and visionaries about the “aha!” moments they experience and the pivotal decisions they’ve made, all in the name of growth. And we’re not just talking about revenue growth that goes up and to the right — we’ll also discuss how they improve th ...
…
continue reading
The Partnership Economy explores the power of partnerships through candid conversations and stories with industry leaders. Our hosts, David A. Yovanno, CEO and Todd Crawford, Co-founder, of impact.com, unpack the future of partnerships as a lever for scale and an opportunity to put the consumer first.
…
continue reading
Bitcoin groundbreakers share personal stories of how Bitcoin is changing lives for the better. Host Mauricio Di Bartolomeo, co-founder and CSO of Ledn, speaks with leading Bitcoin voices, entrepreneurs, and human rights advocates to hear their unique journey and practical real-world examples of how Bitcoin has made a positive impact in their lives. Brought to you by Ledn, a leading financial services company built for Bitcoin & digital assets. Ledn offers a suite of lending, saving and tradi ...
…
continue reading
Welcome to the What’s Next! Podcast. I’ve met so many brilliant people as I traveled the globe and have had some fascinating conversations that I’ve wished had been recorded so I could share them with you - this podcast was a way for me to recreate those moments and let you in on some fantastic insights. My current conversations center around one objective: what's next for companies and individuals as they look to innovate and grow. I hope these conversations inspire you as much as they have ...
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
How do I start an online business? How do I build a brand online? How do I get traffic and attention to my online business? The biggest question is, can I start a business online and replace my current JOB? Welcome to The Rock Your Brand podcast show where we answer ALL of these questions and a ton MORE! Scott Voelker, the host will share with you everything you need to know and help you to build a Future Proof Business that will allow you the ultimate Freedom. Scott shares tips and strategi ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Wharton faculty and industry leaders discuss their latest research, books, and relevant business topics. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
