In this episode of the Incubator Podcast, hosts Darren Boyd and Satbir Sran delve into the transformative world of hybrid cloud with guest Steve Bisnett, Global Field CTO for PowerFlex at Dell Technologies. Steve shares insights into his extensive background in the tech industry, especially his experiences transitioning from customer-focused roles …

In this podcast episode, we delve into the neoclassical economic view of cloud computing with Sarbjeet Johal, analyst, evangelist, and founder. The discussion begins by exploring the relevance of cloud in modern digital transformation. We then explore principles rooted in neoclassical economics, focusing on concepts such as consumption economics, u…

In this podcast episode, we delve into data masking, data privacy, test data management, test environment management, the role of synthetic data, and the value of establishing a data fabric. Quite a bit of ground to cover! K2View is a leader in data fabric and Customer 360, creating a comprehensive view of the customer journey which aids businesses…

In this episode of our podcast, we sit down with Jeevan Singh, a distinguished leader in the field of Application Security (AppSec), to delve into the intricate world of securing software applications. The discussion highlights the perils and challenges faced by organizations in today’s digital landscape, emphasizing the growing sophistication of c…

Join Satbir and Darren as they interview Nemi George, a seasoned Chief Information Security Officer (CISO) of Pacific Dental Services, as they cover a complex tapestry of modern cybersecurity concerns. The discussion covers diverse topics including the evolving threat landscape, the rise of sophisticated cyber attacks, evolving insider threats, ris…

Enterprises are not confined to the boundaries of a single cloud environment. But as many adopters have discovered, navigating multi-cloud isn't without its challenges from a networking perspective. The once-promised flexibility and scalability of the multi-cloud model are often overshadowed by daunting complexities, diminished visibility, and frag…

Traditional cybersecurity approaches, often retrospective in nature, race to detect and respond to threats only after they've manifested. This reactive paradigm, although necessary, leaves a window of vulnerability—a time-lapse during which systems are exposed, data is compromised, and infrastructures are at risk. Deep Instinct represents a seismic…

Data security is heavily dependent on context, and as organizations contemplate Test Data Management (TDM) they must consider not only de-identification strategies but re-identification probabilities as well. Data privacy regulations are becoming more stringent, with some regulations having an ‘extraterritorial scoping clause’ that stipulates that …

Spyderbat continuously records ALL runtime context in an environment (from Kernel to Cloud) while providing causal linkage (recording both good & bad events alike). Alerts can then be traced along the resultant causal chain that's created. Normal behaviors can then be safely ignored, allowing practitioners to focus on more toxic combinations ONLY (…

Sounil Yu is an author, cybersecurity visionary/strategist, advisor, security scientist, and leader. In his capacity of Chief Security Scientist at BoA he was in part responsible for developing and optimizing their cybersecurity portfolio. With an ever-expanding set of entrants in cybersecurity, he recognized the need to develop a framework that wo…

Oligo Security provides OSS library-level analysis and creates a profile of behavior on runtime. By evaluating what the OSS packages need from the operating system, they can detect malicious activity for each and every component in runtime. Through continuous monitoring, they can alert on deviations from baseline behavior and even block those devia…

Primarily known as a pioneer in Confidential Computing, Fortanix has created a unified data security platform that delivers a suite of services, including multi-cloud key management, tokenization/encryption, Transparent Data Encryption (TDE), and specializes in secure enclaves. With 30+ granted and pending patents, and a host of awards such as Gart…

Apiiro has built its Code Risk Platform to address risks inherent in material changes to application logic/code ... long before those change ship to prod. Given the imbalance in the ratio of developer to security practitioner, Apiiro's solution is crucial if we are to deliver sustainable security programs that meet the demands of new product introd…

As it turns out, managing Open Source Software (OSS) dependencies is extremely difficult. Not all vulnerabilities are in runtime and/or reachable, not all exploits focus on high/critical CVSS, there is a time delay with patches when they are made available, and Semantic Versioning (SerVer) can make prioritization challenging when thinking through b…

Data platforms are evolving, allowing data clouds to connect with consumers and producers of data that may be external or internal to your organization. Sharing with upstream/downstream partners in this data economy presents significant challenges to protecting data. Join us as we discuss this economy and the security implications, with Navindra Ya…

Nobody understands observability at scale quite like Chronosphere co-founders Martin Mao (CEO) and Rob Skillington (CTO). While at Uber they created, and open-sourced, the M3 metrics engine, which was capable of handling billions of data points that describe the most complex environments. Then, in 2019, they founded Chronosphere which is now valued…

When considering an Insider Risk Management (IRM) program a confluence of events complicates effective execution, including a general increase in financial hardship due to the current economic climate, an increasingly remote corporate workforce, steady growth in the gig economy, privacy concerns regarding individual liberties, and negative percepti…

The annual Cybersecurity Workforce Study conducted by (ISC)² modeled the existing talent shortage as 3.4 million professionals in 2022, up 26% from their 2021 study. The purchasing of a multitude of security products to offset skill gaps can fall short as operators struggle to adapt processes and extract value from toolchains that may or may not be…

Disrupting traditional security testing approaches is where Synack specializes. They have long recognized that to thwart attacks in modern adversarial campaigns requires a maximal combined talent of human and AI-powered intelligence. Through the gamification and use of crowdsourced expertise across verifiable exercises, Synack leverages its Synack …

At its core, BlueVoyant offers MDR and managed SIEM services for Splunk and Microsoft Sentinel, though they also provide EDR services, 24/7 security monitoring, alert investigations & incident response, forensics & litigation support, attacker simulation & penetration testing, supply chain defense, dark web investigations, compliance services, vuln…

Cribl provides a real-time data stream management platform for MELT data that enables organizations to gain insights and take action on data in place (right at the source), data at rest (already stored in a data lake), and eventually data in motion (transitioning an observability pipeline). Back in May 2022 Clint and the C021 team signaled that the…

We at Ink8r have long been advocates for calibrating protection against threat modeling exercises to properly align protection for assets. When it comes to securing production resources in the cloud this often means extending beyond Cloud Security Posture Management (CSPM) and including Data Security Posture Management (DSPM), among other capabilit…

By ink8r

How many pipelines does my organization need? What pipeline construction patterns are most acceptable to my developers? What intelligence should I inject into the pipeline? Nick Durkin, Field CTO & VP of Field Engineering from Harness answers these and more. Join us in this episode as we unpack some philosophical areas of SSDLC architecture, while …

Enterprises rely on dozens to hundreds of Software-as-a-Service (SaaS) applications, both sanctioned and unsanctioned, for their workloads, data, and processes. This attack surface requires SaaS Security Posture Management (SSPM) to protect the enterprise, but how do enterprises truly discover all of the SaaS apps in use (particularly those unsanct…

Application delivery velocity is driving a need to bolster an organization's existing software security posture. One fundamental aspect in fortifying an AppSec strategy is to leverage the API’s of existing application portfolio management solutions, code repositories, open source code scanning, static code scanning, credential scanning, image scann…

We heard a great quote at RESOLVE'22 this year which said, "customers pay for up time and companies pay for downtime". A rather adroit quote, and one that truly captures the Sisyphean challenge of ensuring applications are performant in the way we expect. When it comes to the Herculean task (wow - two mythological references in one opener!) of maki…

Many, if not most, organizations operate as polyglots - polyglot environments, polyglot programming languages, polyglot persistence, and so on. Infrastructure-as-Code (IaC) automation is no exception to this complexity with organizations often supporting polyglot IaC CICD tooling. Teams introduce this variability to achieve specific ends as some fr…

There is always tremendous value in decreasing latency in any decision-making process, particularly when we are dealing with stream processing in support of system and application observability. By running Metrics, Events, Logs, and Trace (MELT) data through an analytics algorithm at time of creation, on the very devices emitting the signals, organ…

Satbir and Darren were interviewed in a breakout session at Resolve '22, a BigPanda-organized community event. It was a wonderful opportunity for the Ink8r team to share thoughts on the domain of Observability, as directed by Aaron Johnson (BigPanda SE). Join us in this episode as we cover topics such as the consequences of not starting a journey, …

Social engineering attacks such as Business Email Compromise (BEC), supply chain fraud, executive impersonation, and ransomware, are complex vectors that readily evade solutions that rely on conventional threat intelligence and known bad indicators. Modern attacks frequently bypass secure email gateways as they may come from trusted sources and do …

Lacework has a patented platform, Polygraph Data Platform, which ingests data, analyzes behavior, and detects anomalies across an organization’s multi-cloud environment. Lacework continuously monitors user, app, process, and network behavior, as well as continuously evaluating vulnerabilities and cloud configurations. They use an agent and agentles…

In the modern enterprise data spans multiple cloud providers, regions, databases, object stores, and data lakes. Users, developers, supply-chain vendors, and contractors all access data via multiple roles and applications. In a truly dynamic environment where developers instantiate instances, organizations need to be able to visualize how data flow…

Synopsys is a leader in Gartner’s Magic Quadrant for Application Security Testing (AST) for the 6th straight year. Their portfolio is among the most comprehensive in the market, supplementing the foundational aspects of AST with an acquired portfolio of award-winning products including SAST, DAST, IAST, and SCA - with advanced capabilities such as …

Cequence Security understands API attack surfaces, protecting upwards of 6 billion API transactions on any given day. In this podcast episode, we speak with Vince Bryant, Senior Director of Business Development of Cequence Security. In an age characterized by velocity in execution, Cequence will be the first to state that, "digital transformation f…

As we begin emitting more signals from more endpoints in servitude of more complex transactions, it becomes clear that being observable isn't enough. Join us as we talk with Aaron Johnson (AJ), BigPanda as we explore the nature of correlation as a key component to ensuring services perform as intended. AJ has deep practitioner/leadership experience…

It’s in their DNA - sysdig (lower case ’s’) started as an open source troubleshooting tool, and the company has maintained that commitment to community. They donated Falco to CNCF as an incubating project with contributors that include AWS, Google, Microsoft, Cisco, and VMware, they leverage projects such as CloudCustodian in their cloud posture ca…

APIs have become the largest abuse vector with even the most sophisticated development organizations falling prey to exposure. This episode of the podcast discusses the landscape and where organizations can begin securing their interfaces with Matt Tesauro, Distinguished Engineer at Noname Security providing pragmatic advice.…

In this episode, we speak with Marc Weisman, VP of Product Management, Platform at Datadog. Marc has spent the last 6+ years with Datadog, defining and expanding their platform at a pace of almost one feature per day. Marc provides a perspective on observability, how it fits in the enterprise, and some practical implementation guidance.…

A brief introduction to the Ink8r Podcast intention and scopeBy Darren