- Resources
- DAST
- Application Security Testing
- Penetration Testing
- Vulnerability Management
Guide to DAST (Dynamic Application Security Testing)
Your primer for application security testing.
We explain the concept of penetration testing.
Comprehensive overview of vulnerability management.
- DevSecOps
- API Security
- Unit Testing
- Fuzzing
All the necessary knowledge to get started with DevSecOps
We take a deeper look into securing & protecting your APIs!
All you need to know about keys of unit testing & best practices.
We explore fuzzing and evaluate if it's the next big thing in cybersec.
- DAST
- Partners
- Contact
12 Days of Security: Day 2
00:00:00
Speaker 1: Hi, everyone. Welcome to the 12 days of Security with Bright Security. My name is Akira Brand and I am your host for day two of the 12 days of Security. Joining me today is Maria Kolenikova. Welcome, Maria.
00:00:18
Speaker 2: Hi. Hi, Akira. Hi, everyone.
00:00:22
Speaker 1: Maria, thank you so much for being here. We are super excited to talk with you. To start things off, I would like to know a little bit about what you do at Bright.
00:00:32
Speaker 2: Yeah. Thank you. I’m happy and excited to. I work in Bright as a product manager. I’m responsible for reporting domain. What’s about me personally. I’m a huge fan of hiking. That’s why I live in Georgia and I think I love longboarding. So, extreme things is my thing.
00:01:04
Speaker 1: Awesome. Do you ever hike and longboard at the same time?
00:01:07
Speaker 2: No. No. Separately. It’s pretty dangerous. It’s too extreme. Yeah.
00:01:16
Speaker 1: Even for you. That’s a little too much.
00:01:18
Speaker 2: Yeah, it’s too much.
00:01:21
Speaker 1: Very cool. Okay, so, Maria, can you tell us what happened this year in cybersecurity that really stood out to you?
00:01:30
Speaker 2: Hmm. Let me think a bit. I think it’s a theft of 5 million, 5., 5 million of Twitters account. The most I liked about that situation that hackers said they had harvested this data using a vulnerability previously flagged to Twitter. So for me, it sounds like someone forgot to check their risks reports and fix the box on time.
00:02:13
Speaker 1: Yes, it sounds like they heard about this vulnerability and then it somehow slipped through the cracks and it was not addressed.
00:02:22
Speaker 2: True. Yeah.
00:02:23
Speaker 1: Yeah, that can happen. That’s very common, actually. So, yeah. Okay.
00:02:29
Speaker 2: Sadly.
00:02:30
Speaker 1: Yeah, sadly. And then how about on on a personal front in your work here at Bright Security, what challenges did you face and how did you overcome them?
00:02:43
Speaker 2: Mhm. I think the biggest challenge for me this year is moving abroad and changing job fields simultaneously. I could feel like juggling. Yes. And cybersecurity field is new for me. And even if it’s challenging, it’s exciting and how I overcome it. I think I started to communicate with people more and more, especially with people who are experiencing or have ever experienced the same, or because communication is the key. And you could share knowledge, tips, or thoughts. And it worked. It always works.
00:03:42
Speaker 1: Nice, it sounds like. So you transition not only where you live, you transition the industry in which you work.
00:03:48
Speaker 2: Yeah. Yeah.
00:03:50
Speaker 1: And then the way that you overcame that was you communicated a lot with your coworkers and.
00:03:55
Speaker 2: Yes, right.
00:03:56
Speaker 1: I got
00:03:56
Speaker 2: That.
00:03:57
Speaker 1: Yeah. Sometimes having that ability to identify with other people that are in the same situation is really useful.
00:04:05
Speaker 2: Yeah, it is. It is what it is. Yeah. Yeah.
00:04:10
Speaker 1: I mean, it takes time to. For sure.
00:04:13
Speaker 2: Yeah.
00:04:14
Speaker 1: So, since this is relatively new to you, I’m very interested in the answer to this next question. Because sometimes when we’re new to industries, we have different predictions than people who have been in industries for a really long time. So what do you predict will happen next year in the cybersecurity world? The good and the bad?
00:04:34
Speaker 2: Uh, I’m afraid that my first prediction is pretty common for everyone. AI expansion, not only for cybersecurity, like, for everything. And why? Because the number of attempted cyber attacks has been growing rapidly. And I reckon that it’s increasingly tricky for human being to react to them all and predict where the most dangerous attack will take place. So that is where AI comes.
00:05:22
Speaker 1: Mhm. Yeah. Like so having AI being ever expanding which we’ve seen now with the release of Dolly and ChatGPT.
00:05:31
Speaker 2: Yeah. ChatGPT, It’s blowing our minds. It’s everywhere.
00:05:38
Speaker 1: It is. I actually installed a chrome extension that when you type something into Google it’ll give you the ChatGPT response. I’m working on getting that worked out and it’s wild. So anyway, back to back to your point though, it sounds like with this new AI expansion that humans can’t really keep up now, there’s so many threats coming out, there’s so many vulnerabilities being exploited, and it kind of feels like you’re playing a game of whack a mole, right? And you’re just kind of rolling around like trying to trying to catch all of these all these issues. I agree. I think that’s that’s definitely a that’s a that’s an accurate prediction, I would say, which is a little scary. But maybe now let’s talk about the good. What do you think good things will happen this year in cybersecurity?
00:06:28
Speaker 2: Actually, I thought it was good. That’s fair. AI isn’t only threat, but it also help for us. So it’s good and bad at the same time.
00:06:45
Speaker 1: Yeah. So, like, people can exploit these AIs, but also AI can help to catch these issues so that humans are not overworked. Gotcha. Yeah, that makes, that makes good sense. We will see what kind of, what kind of innovation comes out with artificial intelligence and being able to to help us in cyber as opposed to hinder us.
00:07:05
Speaker 2: Yeah. Let’s cross fingers. Yeah, cross fingers.
00:07:10
Speaker 1: All right. So my last question for you today, Maria, is what security gift do you want for the holidays? So this could be literally a gift like a book or a course or this could be a wish. Like every developer gets secure code training or something like maybe like ethical AI comes out and solves all our security problems.
00:07:34
Speaker 2: Security, cybersecurity Jesus.
00:07:38
Speaker 1: Yeah, exactly. Save us all.
00:07:39
Speaker 2: All. Yeah. At first I was thinking about real gift for myself, but then I decided to to choose something for everyone. I would love that cybersecurity hygiene and awareness become more popular and accessible for regular people. And in my opinion it should become a school subject because I always remember how it works in my country and it would be a great gift for regular people, like for my mom, for my grandparents, for my friends who are not in IT.
00:08:32
Speaker 1: I agree. I think that if we had the ability to magically wave a magic wand and all of the, all of the population would have security awareness, I think so much grief and suffering would be alleviated, right, Because people wouldn’t be falling for phishing scams or things of this nature.
00:08:53
Speaker 2: Maybe it wouldn’t be a cure, but something that makes people’s life less painful.
00:09:08
Speaker 1: Yes, exactly. Exactly. Good. All right, Maria. Any last thoughts before we sign off on our little 12 days of security meeting together today?
00:09:22
Speaker 2: Yeah. Be careful everyone and don’t tap on suspicious links.
00:09:34
Speaker 1: Beautiful. All right. Don’t tap on suspicious links. Be careful, everybody. Everyone, We have been speaking with Maria Kolenikova today. Thank you, Maria, for your time. Thank you. Thank you to our listeners for tuning in. And we will see you all tomorrow for day three of the 12 days of security bye everyone! Bye.