OwlTail

Cover image of Maya Kaczorowski

Maya Kaczorowski

10 Podcast Episodes

Latest 28 Jan 2023 | Updated Daily

Episode artwork

The State of Security in the Octoverse with Maya Kaczorowski

.NET Rocks!

How secure is your software? Carl and Richard talk to Maya Kaczorowski of GitHub about The State of the Octoverse Security Report - one of three annual reports coming from GitHub about how software is being built. Maya talks about how software vulnerabilities are found and fixed, including the amazing statistic that vulnerabilities on average exist in code for four years before being detected! Also, the criticality of the vulnerability doesn't seem to increase the speed to fix - what does make a difference is automation. Automated build and deployment pipelines, including security analysis early in the process - those are the things that make our software safer!Support this podcast at — https://redcircle.com/net-rocks/donations

50mins

4 Jan 2021

Episode artwork

La sécurité dans tous ses états : la chaine d'approvisionnement logicielle et l'open source avec Maya Kaczorowski

Electro Monkeys

La sécurité est un aspect fondamental et pourtant souvent négligé de nos systèmes d'information. Pourquoi ? Qui n'a pas trouvé les exploits de Mr Robot palpitants ?... Alors qu'est-ce qui cloche ?  Serait-ce parce que cette fois nous ne sommes pas du même côté de la barrière ? Probablement. Avoir une bonne hygiène de sécurité demande beaucoup d'efforts, de temps et de connaissances. Et avec tout ce qui "shift left" ces dernières années, il est difficile, mais vraiment difficile, de trouver le temps nécessaire.Cependant, nous ne pouvons pas nous permettre de passer au travers ou de simplement l'ignorer. J'ai donc décidé de faire une série sur les différents aspects de la sécurité, en commençant tout naturellement par la chaîne d'approvisionnement. Le code est la base de code sont aujourd'hui au coeur de toute entreprise technologique, et même les équipes d'infrastructure n'y échappent plus depuis l'avènement de l'infrastructure as code. Mais alors quels sont les problèmes soulevés, quelles solutions y apporter et avec quels outils ?Dans cet épisode, j'ai le plaisir de recevoir Maya Kaczorowski. Maya est Product Manager et Software Supply Chain Security pour Github, aussi elle est particulièrement bien placée pour répondre à mes nombreuses questions sur la chaîne d'approvisionnement, l'open source, et la sécurité. Car, au cas où j'aurais oublié de le mentionner, dans toute cette histoire, il est aussi largement question d'open source, que nous pouvons maintenant sans crainte considérer comme une des pierres angulaires de tout système d'information. Vous voilà prévenus, c'est parti !Support the show (https://www.patreon.com/electromonkeys)

55mins

22 Sep 2020

Similar People

Episode artwork

Episode 23 - Github's Maya Kaczorowski on Software Supply Chain Security and Puzzle's!

The POPCAST with Dan POP

Timeline / Topic00:30 - Maya's Journey03:36 - Maya explains what a Software Supply Chain is?04:52 - Breaches08:17 - How github can help you secure your Software Supply Chain. and Maya gives some security advice.  13:05 - Maya's move from Google to Github (and how she got into Security in the first place)16:48 - Moving to Puzzles... but first Maya talks Ice Cream!18:13 - Lets talk about Puzzles  23:38 - Work Maya is most proud of EPISODE LINKSExploits and Breacheshttps://www.wired.com/2007/08/ff-estonia/https://krebsonsecurity.com/2017/02/how-to-bury-a-major-breach-notification/https://eslint.org/blog/2018/07/postmortem-for-malicious-package-publisheshttps://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73907https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incidenthttps://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/Github Links https://github.com/features/securityhttps://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanninghttps://github.com/features/security/advanced-security/signuphttps://github.co/dependency-graphhttps://github.co/security-alertshttps://github.co/security-updatesGoogle Linkshttps://cloud.google.com/security/encryption-at-rest/default-encryptionIce Creamhttps://gardencreamery.com/home/Puzzleshttp://www.puzzledpint.com/ https://pandamagazine.com/ https://www.instagram.com/p/B_xTIPxA-n0/ 

25mins

8 Jul 2020

Episode artwork

Marc French, Steve Lipner, Maya Kaczorowski, DJ Schleen, Kim Wuyts — Season Six Wrap up

The Application Security Podcast

We’ve reached the end of season six, and here are a few of our favorite clips. Season seven is around the corner.S06E01 — Marc French — The AppSec CISOWhat are some tips for someone who wants to become a CISO? Is there such a thing as a CISO school?S06E05 — Steve Lipner — The Past, Present, and Future of SDLLipner is a giant in the industry and someone that I’ve looked up to for years. After some setup, I ask him for a definition of SDL.S06E08 — Maya Kaczorowski — Container and Orchestration SecurityContainers are not a security tool. Do you agree or disagree? The philosophy of container security.S06E10 — DJ Schleen — DevOps: The Sec is SilentDevOps/DevSecOps Unicorns.S06E15 — Kim Wuyts — Privacy Threat ModelingWe walk through the LINDUN privacy threat modeling framework, step by step.Visit our website: https://www.securityjourney.com/resources/application-security-podcast FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/channel/UCfrTGqjSsFCQW4k6TueuY-A Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Application Security Podcast is brought to you by Security Journey. Security Journey delivers secure coding training to development teams and those who support them. They help enterprises reduce vulnerabilities through application security education for developers and everyone in the SDLC. TRY OUR TRAINING ➜ https://info.securityjourney.com/try-our-training

25mins

14 May 2020

Most Popular

Episode artwork

Maya Kaczorowski — Container and Orchestration Security

The Application Security Podcast

Maya is a Product Manager in Security & Privacy at Google, focused on container security. She previously worked on encryption at rest and encryption key management. Maya has a Master's in mathematics, focusing on cryptography and game theory. Maya joins us to discuss how containers improve security, a high-level threat model of containers and orchestration, and tips for enhancing security as you role out containers and Kubernetes.Visit our website: https://www.securityjourney.com/resources/application-security-podcast FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/channel/UCfrTGqjSsFCQW4k6TueuY-A Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Application Security Podcast is brought to you by Security Journey. Security Journey delivers secure coding training to development teams and those who support them. They help enterprises reduce vulnerabilities through application security education for developers and everyone in the SDLC. TRY OUR TRAINING ➜ https://info.securityjourney.com/try-our-training

33mins

16 Jan 2020

Episode artwork

Container Platform Security with Maya Kaczorowski

Security – Software Engineering Daily

A Kubernetes instance occupies a wide footprint of multiple servers, creating an appealing target to an attacker, due to its access to a large pool of compute resources. A common attack against an exposed Kubernetes cluster is to take it over for the purposes of mining cryptocurrency. Thus it is important to keep a cluster secure. The importance of security is magnified for a cloud provider. A cloud provider runs a managed Kubernetes service, which might be running thousands of Kubernetes clusters. If the cloud provider’s chosen distribution of Kubernetes contains a vulnerability, or if the Kubernetes instances are misconfigured, all of these clusters could be exposed to the same vulnerability. Maya Kaczorowski works on the security of Google’s managed Kubernetes service GKE. In today’s show we discuss the attack surface of a managed Kubernetes service. Maya was previously on the show to talk about container security. This episode is a good companion to that one, as well as a previous show with Liz Rice about container security. RECENT UPDATES: FindCollabs is a company I started recently The FindCollabs Podcast is out! FindCollabs is hiring a React developer FindCollabs Hackathon #1 has ended! Congrats to ARhythm, Kitspace, and Rivaly for winning 1st, 2nd, and 3rd place ($4,000, $1000, and a set of SE Daily hoodies, respectively). The most valuable feedback award and the most helpful community member award both go to Vynce Montgomery, who will receive both the SE Daily Towel and the SE Daily Old School Bucket Hat We are booking sponsorships for Q3, find more details at https://softwareengineeringdaily.com/sponsor/ Podsheets is our open source set of tools for managing podcasts and podcast businesses New version of Software Daily, our app and ad-free subscription service The post Container Platform Security with Maya Kaczorowski appeared first on Software Engineering Daily.

31mins

30 Apr 2019

Episode artwork

Episode 1: Container Security with Maya Kaczorowski from Google

BMC Run & Reinvent Podcast

Listen to this very insightful episode with special guest from Google, Maya Kaczorowski, as she discusses container security with BMC Solutions Architect, Ajoy Kumar.

20mins

3 Oct 2018

Episode artwork

Container Security with Maya Kaczorowski

Google Cloud Platform Podcast

Let’s talk container security! This week, Melanie and Mark learn all about the three main pillars of container security and more with our guest, Maya Kaczorowski. Maya Kaczorowski Maya is a Product Manager in Security & Privacy at Google, focused on container security. She previously worked on encryption at rest and encryption key management. Prior to Google, she was an Engagement Manager at McKinsey & Company, working in IT security for large enterprises and before that, completed her Master’s in mathematics focusing on cryptography and game theory. She is bilingual in English and French. Cool things of the week What a week! 105 announcements from Google Cloud Next ‘18 blog Keynotes, Keynote Fireside Chats, & Spotlight Sessions: Google Cloud Next ‘18 videos All Sessions: Google Cloud Next ‘18 videos Sign up for NEXT ‘19 updates site GKE On-Prem site Edge TPU site Interview Def Con site Black Hat site BSides Las Vegas site Cloud KMS site Kubernetes site GCPPodcast Episode 46: Borg and Kubernetes with John Wilkes podcast Large-scale cluster management at Google with Borg research Open-sourcing gVisor, a sandboxed container runtime blog Kata Containers site Nabla Containers site Google Container Registry site GKE security overview doc KubeCon site Container security blog series blog GKE hardening guide doc Seccompsandbox wiki Docker seccomp profile site Using RBAC in Kubernetes blog Terraform site Helm site Google Container Registry: Getting Image Vulnerabilities doc Container security overview site GCPPodcast Episode 110: CPU Vulnerability Security with Matt Linton and Paul Turner podcast Question of the week How do I setup SSL termination on Kubernetes with Let’s Encrypt? GitHub: Tutorial for installing cert-manager to get HTTPS certificates from Let’s Encrypt site Ahmet Alp Balkan, DPE on Google Cloud Where can you find us next? Mark will be at Pax Dev and Pax West starting August 28th. Melanie will be at the 2018 Nuclear Innovation Bootcamp at Berkeley on August 6th.

27mins

1 Aug 2018

Episode artwork

Container Security with Maya Kaczorowski

Cloud Engineering – Software Engineering Daily

Deploying software to a container presents a different security model than deploying an application to a VM. There is a smaller attack surface per container, but the container is colocated on a node with other containers. Containers are meant to have a shorter lifetime than VMs, so there are generally fewer consequences if a container needs to be destroyed and rebuilt due to a potential security vulnerability. Maya Kaczorowski works on container security at Google. In a recent talk at KubeCon, Maya discussed the runtime security of containers on Kubernetes. Maya joins the show to discuss container security, and what it means to software developers and operators. Maya also gives guidelines for evaluating the security of your own cluster. We talked about the security benefits of a managed Kubernetes provider and also explored how some container security vendor software works. The post Container Security with Maya Kaczorowski appeared first on Software Engineering Daily.

40mins

22 May 2018

Episode artwork

Container Security with Maya Kaczorowski

The Women in Tech Show: A Technical Podcast

Available on: iTunes | Android | RSS As public cloud adoption continues to...

8 May 2018