OwlTail

Cover image of Zane Lackey

Zane Lackey

15 Podcast Episodes

Latest 28 Aug 2021 | Updated Daily

Weekly hand curated podcast episodes for learning

Episode artwork

CISO Challenges in 2021 - Zane Lackey Signal Sciences, Fastly

Cloud Security Podcast

In this episode of the Virtual Coffee with Ashish edition, we spoke with Zane Lackey, CISO & Co-Founder Signal Sciences, which is now owned by Fastly. Host: Ashish Rajan - Twitter @hashishrajan Guest: Zane Lackey - Linkedin In this episode, Zane & Ashish spoke about What was your path to your current CyberSecurity Role? DevOps movement between East Coast and West Coast in 2010  - Etsy (Biggie) & Netflix (2Pac) Was the change to 30 production deployments a day, good thing for security? What was action plan as a CISO to tackle 30 deployments a day? Has the viewpoint on Security and thing that kept CISO awake at night changed due to Pandemic? Post Pandemic CISOs have 100s of single pane of glass Scale is the problem that is facing every security team. And much more… ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

51mins

10 Feb 2021

Episode artwork

DevOpSec Conversation with Zane Lackey, CSO Signal Sciences

Security Voices

DevOpSec Conversation with Zane Lackey, CSO Signal Sciences

50mins

21 Feb 2019

Similar People

Episode artwork

Zane Lackey, Signal Sciences - Business Security Weekly #114

Business Security Weekly (Video)

Zane Lackey is the Chief Security Officer at Signal Sciences. Zane comes on the show to talk about advising! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode114

28mins

22 Jan 2019

Episode artwork

Cybersecurity Trends in AI with Zane Lackey

AI Australia

Joining us today is Zane Lackey, Co-Founder and Chief Security Officer at Signal Sciences based in New York. Zane serves on multiple public and private advisory boards and is an investor in emerging cybersecurity companies. He is incredibly well versed in the various trends and advancements in cybersecurity and defending against attacks. He is the author of Building a Modern Security Program, a how-to in building and scaling effective security teams. Prior to co-founding Signal Sciences, Zane led a security team at the forefront of the DevOps/Cloud shift as Chief Security Officer of Etsy. We also have a guest co-host today is Craig Templeton. Craig is the Chief of Information Security Officer REA group and has spent 20 years working in cybersecurity. Safe to say, this episode is stacked with insight into the state of the security industry and what it means for both citizens and businesses. Here’s what’s discussed in today’s episode: Why it’s been a rough year in the tech industry How the concept of defence and depth has been turned into expense and depth. Why security teams are drowning in too much data and need to focus on what is important.   The threat to cybersecurity as a result of automation Privacy risks - how do we eliminate or reduce personal information data? The implications of data corruption Why people may lose trust in machines and avoid using them When the most simple methods in designing defence systems can often be overlooked Should citizens be able to opt out of automated decisions and would they even know? Why legislation needs to catch up with technology How can we better adopt and embrace technology such as DevOps, Cloud, AI, and machine learning?

55mins

17 Dec 2018

Most Popular

Episode artwork

Zane Lackey, Signal Sciences - Application Security Weekly #31

Application Security Weekly (Video)

Zane Lackey is the Founder/Chief Security Officer at Signal Sciences. Zane Lackey explains how we the security industry needs to shift left when it comes to applications and patching. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly

43mins

12 Sep 2018

Episode artwork

Zane Lackey - Risk, Transformation & his parents

Zero Hour Podcast

Zane Lackey is the co-founder and Chief Security Officer at Signal Sciences and serves on the advisory boards of the Internet Bug Bounty Program and the US State Department backed Open Technology Fund. Prior to Signal Sciences, Zane was the Director of Security Engineering at Etsy and a Senior Security Consultant at ISec Partners. He has been featured by BBC, Forbes and Wired. As well as a frequent speaker at BlackHat, RSA and Microsoft BlueHat. Three takeways:- Cyber Security is a business risk- Security isn't the winner, the business is- Implement security at the heart of every transformationFollow Zane on Twitter: @zanelackeyRead Zane's thoughts: https://medium.com/@zanelackeyFollow us:Twitter: @zerohourInstagram: @zerohourexperienceWebsite: www.karlsharman.comThis podcast is sponsored by:BeecherMadden - www.beechermadden.comCyber Security Professionals - www.cybersecurity-professionals.com

49mins

29 May 2018

Episode artwork

Zane Lackey, Chief Security Officer, Signal Sciences

Security Conversations

Co-founder and Chief Security Officer at Signal Sciences Zane Lackey riffs on DevOps, the almost impossible task of defending organizations from intruders, bug bounties versus penetration testing, and the pros and cons of launching a company with venture capital investment.Links:Zane Lackey on LinkedInSignal Sciences -The Next-Gen Web Protection Platform

41mins

16 Apr 2018

Episode artwork

Zane Lackey, Signal Sciences Paul's Security Weekly #547

Paul's Security Weekly TV

Zane Lackey is the Founder/Chief Security Officer at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund. He joins Paul and team this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode547 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

45mins

11 Feb 2018

Episode artwork

Zane Lackey, Signal Sciences Paul's Security Weekly #547

Paul's Security Weekly (Video-Only)

Zane Lackey is the Founder/Chief Security Officer at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund. He joins Paul and team this week for an interview! Full Show Notes: https://wiki.securityweekly.com/Episode547 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

45mins

10 Feb 2018

Episode artwork

2017-033- Zane Lackey, Inserting security into your DevOps environment

Brakeing Down Security Podcast

Zane Lackey (@zanelackey on Twitter) loves discussing how to make the DevOps, and the DevSecOps (or is it 'SecDevOps'... 'DevOpsSec'?) So we talk to him about the best places to get the most bang for your buck getting security into your new DevOps environment. What is the best way to do that? Have a listen... Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-033-Zane_Lackey_inserting_security_into_your_DevOps.mp3 RSS: http://www.brakeingsecurity.com/rss Youtube Channel:  https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw #iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast Join our #Slack Channel! Sign up at https://brakesec.signup.team #iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/ #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ --SHOW NOTES-- Security shifts from being a gatekeeper to enabling teams to be secure by default Require a culture shift Should that be implemented before the shift to CI/CD, or are we talking ‘indiana jones and the rock in the temple’? How? Secure coding? Hardening boxes/Systems? If it’s just dev -> prod, where does security have the chance to find issues (i.e. test and QA belong there)? We used to have the ability for a lot of security injection points, but no longer Lowers the number of people we have to harangue to be secure…? Security success = baked in to DevOps Shift from a ‘top down’ to ‘bottom up’ Eliminate FPs, and forward on real issues to devs Concentrate on one or two types of vulnerabilities Triage vulns from most important to least important Go for ‘quick wins’, or things that don’t take a lot of time for devs to fix. Grepping for ‘system(), or execve()’ Primitives (hashing, encryption, file system operations) How do you stop a build going to production if it’s going out like that? Do we allow insecurity to go to Production? Or would it be too late to ‘stop the presses’? “We’ll fix it in post…” Instead of the ‘guardrail not speedbump’ you are the driving instructor... But where does security get in to be able to talk to devs about data flow, documentation of processes? 5 Y’s - Why are you doing that? Setup things like alerting on git repos, especially for sensitive code Changing a sensitive bit of code or file may notify people Will make people think before making changes Put controls in terms of how they enable velocity You like you some bug bounties, why? Continuous feedback Learn to find/detect attackers as early in the attack chain Refine your vuln triage/response Use bug reports as IR/DFIR... https://www.youtube.com/watch?v=ORtYTDSmi4U https://www.slideshare.net/zanelackey/how-to-adapt-the-sdlc-to-the-era-of-devsecops http://www.slideshare.net/zanelackey/building-a-modern-security-engineering-organization In SAST, a modern way to decide what to test is start with a small critical vuln, like OS command injection.  Find those and get people to fix it.  BUT don’t developers or project teams get unhappy [sic] if you keep "moving the goal post" as you add in the next SAST test and the next SAST test.  How do you do that and not piss people off? [15:16] How do you make development teams self sufficient when it comes to writing a secure application?  Security is a road block during a 3 month release schedule….getting "security approval" in a 3 day release cycle is impossible. [15:17] But then…what is the job for the security team?  If DevOps with security is done right, do you still need a security team, if so what do they do????  Do they write more code??? I don't think your Dev'ops'ing security out of a job...but where does security see itself in 5 years? Last one if there is time and interest.  If Zane Lackey was a _maintainer_ of an open source project, what dev ops sec lessons would he apply to that dev model…to the OpenSource model? (We've got internal projects managed with the open source model...so im interested in this one) Even with out any of those questions the topics he covered in his black hat talk are FULL of content to talk about.  Heck, even bug bounties are a topic of conversation. The idea of a feedback loop to dev...where an application under attack in a pen test can do fixes live....how that is possible is loads of content.

1hr

17 Sep 2017

Loading