Episode 64: Amazon’s Cedar Open Source Strategy
Amazon released Cedar as an open source project on May 10, 2023. Why? The open source strategy will shed light on what AWS is expecting to accomplish with Cedar. Are they expecting open source contributions? Does AWS believe open source will increase the rate of developer adoption? Why did AWS chose to open source both the policy syntax and the Engines (Rust, Java, Go). Why choose the Apache 2.0 license? What was the business case the Cedar team made to AWS management? What are some of the metrics that AWS will use to measure the success of Cedar adoption? What other open source projects does Cedar resemble at AWS? Join this episode for a deep dive into the Cedar open source strategy!
Episode 63: Beyond Whack-a-Mole: Future-Proof Against Tomorrow’s Threats
Heather Vescent takes us beyond the endless game of reactive cybersecurity—whack-a-mole style—to understand how strategic foresight can future-proof against tomorrow’s threats. Discover how to shift from a defensive stance to an anticipatory strategy that stays ahead of emerging dangers. Learn how to outsmart future threats before they hit your systems.
Episode 62: Reflecting on FIDO’s evolution to passkeys
What were passkeys before 2022? What are the passkeys today? What is missing?
Episode 59: Product Manager Strategies for Trust and Safety
When it comes to preventing bad actions on online platforms, the goals are different. Priorities are set… and then change. And measuring success is often “inverted”. What are tactics that accomodate these differences to enable trust and safety issues on a platform? How can product owners or similar leadership roles support these differences?
Episode 58: Corporate Wallets
Will your future business leverage decentralized identities to issue credentials to authorize its workforce to transact? Is federated identity enough, or is this a use case for decentralized identity? How does a business even assert a legal identity? What new tools and rules are needed to minimize the transaction costs of inter-domain trust? In this episode, we’ll discuss if a “Corporate Wallet” is a key enabler for digital transformation for both an organization’s workforce and its end-users.
Episode 57: Latest developments in DIDs
Decentralied Identifiers (DIDs) are being used in numerous digital identity projects around the world and serve as the basis for Verifiable Credentials (VC) and many other technical specifications and protocols. At W3C, a new DID Working Group has been launched to update and expand on the existing DID standard. Let’s take a look at the current state and recent developments around DIDs!
Episode 56: How modern AuthZ will change banking
Banking has many security challenges: privacy, regulatory compliance, MFA, third-party vendor threats, insider threats, api security, cloud security, incident response and breach management. What can we learn from how banks are adapting to this new security landscape by supporting central policy management? What are the concerns and unique challenges that are driving the momentum to externalize application security policies? And how has their current strategy worked out so far?
Episode 55: X.509 Certificate Rotation: Why TLS is still a pain point
Anchor is a developer-friendly platform that provides private CAs for internal TLS encryption. Anchor strives to make HTTPS certificates easy to get on your servers and offers a seamless ACME flow, which allows developers to focus on building rather than managing security. In this livestream we’ll discuss:
How Anchor is changing the game for developers with its innovative approach to internal CA provisioning.
The evolution of certificate management and why internal TLS is still a pain point.
Insights from his days at GitHub, Cloudflare, and Heroku — from certificate rotations to back-end encryption.
How to integrate strong encryption and certificate management into your development workflow.
Episode 54: Jumping the Decentralized Identity S Curve
There are a lot of promises in the market around decentralized identities with enterprises beginning to embrace digital wallets, DIDs and VCs. But the challenge still exists for users moving to new or shared devices that they have not previously registered. How do we account for those scenarios – without bootstrapping trust based on another trusted device, token or password? This is the core challenge Dr. Tina Srivastava, Cofounder of privacy tech company Badge has been working on solving with a team of MIT cryptography PhDs at a privacy company called Badge. Dr. Srivastava is a serial cybersecurity entrepreneur and the former Chief Engineer at Raytheon. Dr. Srivastava is excited to discuss the blueprint for how identity vendors and enterprises can effectively jump the identity S curve.
Episode 53: ID Transformer: Okta to Ping in 45 Days
Migrating from one enterprise IDP to another is always a big challenge. Normally, its a project that takes months of planning. So when a renown boutique identity intergrator like Hub City says they’ve gotten such a migration down to 45 days… it’s worth it to hear how they accomplish this!