- Why Bright
-
Product
- Resources
- DAST
- Application Security Testing
- Penetration Testing
- Vulnerability Management
Guide to DAST (Dynamic Application Security Testing)
Your primer for application security testing.
We explain the concept of penetration testing.
Comprehensive overview of vulnerability management.
- DevSecOps
- API Security
- Unit Testing
- Fuzzing
All the necessary knowledge to get started with DevSecOps
We take a deeper look into securing & protecting your APIs!
All you need to know about keys of unit testing & best practices.
We explore fuzzing and evaluate if it's the next big thing in cybersec.
-
Company
- Partners
- Contact
12 Days of Security: Day 5
Speaker 1: Hi, everyone, and welcome to the 12 days of Security with Bright Security. My name is Amanda McCarvill and I am your host for day five. With me today I have Vitaly Unic, who is our head of Abstract Research. Hi, Vitaly.
Speaker 2: Hello there. Hi there. How are you?
Speaker 1: Good. How are you doing?
Speaker 2: And then, well, it’s evening here, so we’re not voting on a tie, but perfectly fine.
Speaker 1: You’re just finishing your day and I’m just straightening mine off. But that’s okay.
Speaker 2: That’s. That’s the way that you work in global teams. It’s always out of sync for everybody.
Speaker 1: Yeah, exactly. Well, to start us off, could you tell us just a little bit about yourself and what you do here at White?
Speaker 2: All right. So I’ve been in the security field for the past, I think 15 or 16 years now. I’m actually older than I look in most cases. I’ve been a security architect. I’ve been a CTO in several companies. I’ve been doing security both from the attackers side and the defensive side. And this is kind of a passion or that people like looking for the small things in terms of what breaks and what doesn’t break new security. So yeah, and within Bright I lead basically whatever goes into the attack patterns and the things that we issue within kind of the core functionality of the product. So. Yeah, and I have a great team. So basically my team does a lot more than I am. So they get all the credit. They deserve all the credit.
Speaker 1: Awesome. It always makes it better when you have a nice team.
Speaker 2: Yeah, it always starts with hiring people or way more skilled in your and just like just helping them to get to the point where they’re being like, Awesome.
Speaker 1: Definitely. Yeah. So what happened this year in cybersecurity that really stood out to you?
Speaker 2: I think the most the thing that stood out most was the uber hack and the fallout of the Uber hack with the. With the CEO being actually kind of forced to resign and being sued into oblivion. So I think that the fact of the matter that no matter how small or big a company you are. You’re still in being threatened by sometimes an 18 year old or ten year old, someone from, you know, from another country or even from your own country. Right. And the fact of the fallout from these attacks is massive. That and the fact that people don’t disclose things like they should. People try to hide security incidents instead of trying to approach them head-on and try to resolve issues as they come up.
Speaker 1: Definitely a lesson for all of us. I think that we all need to be safe when on the Internet and online and just in general security. We need to be careful.
Speaker 2: Right. But yeah, I think that the over-hacked this year was the thing that stood out most.
Speaker 1: Definitely.
Speaker 2: In terms of.
Speaker 1: And then on a more personal note, what challenges have you faced, and how have you overcome them?
Speaker 2: Oh, wow. There’s been a lot of challenges saying the challenges in terms of first of all, working from home. I’ve been doing it for the past two or so years now. And now it’s starting to shift when somebody starts working from home and everything. You know, people tend to go to switch to offices for a day in a week. But the fact of the matter, when you start working from home full time. It’s hard. And managing a global team from home is is a new challenge. And I think basically it all boils down to trust. So being able to kind of leverage the human contact you have with your people. And yeah.
Speaker 1: Definitely. Well, it’s nice that we have so many tools now to that. Although everyone’s working from home, we have Zoom and Google teams and all these different applications that still get that kind of team environment you wouldn’t otherwise have working by yourself at home.
Speaker 2: Right. That’s true. On the other hand, sometimes miss the human interaction is just, you know, going for a coffee with a teammate and just seeing discussing things that’s that’s sometimes missing.
Speaker 1: But I agree. Yeah.
Speaker 2: Yeah. So, you know, that’s kind of one of the things. One of the things.
Speaker 1: Definitely. Okay. And what do you predict will happen next year or in the next few years? Both the good and the bad.
Speaker 2: Wow. That’s actually a tough question. I gave it a couple of thoughts today, and I think there was an article today on TechCrunch that envisioned that the year 2023 will be the year of back to the Office. And one of the things that I envision will happen is we’ll have on one hand more insider threats. From disgruntled employees were being forced to return to the office. And that’s going to be a new challenge. And basically having companies switch the infrastructure back to working from offices. So that’s one of the challenges. The second charge, I think will be in terms of API attacks. So since everything has become more interconnected and dependent on application to application and users like we have a lot of web3 technologies and things like dynamic websites and dynamic technologies to communicate, that brings a lot of reliance on third parties. When you like, you go to your bank site, you go to your bank website, and sometimes the authentication from the bank websites go to Google. So you have the bank, depending on Google for your authentication or your Facebook account for your authentication. That’s kind of brings up more reliance on APIs and on third parties. So I think those will be a lot of challenges. Yeah.
Speaker 1: Yeah, I couldn’t agree more. Last question for you here. What security gift would you like for the holidays? So this could be either literally a gift or something you wish to have or to see, such as every developer should get secure code training.
Speaker 2: Um, I think not secure training. I think it’s not only the fact that they need to be trained. There is actually a game by Adam Shostak was developed the threat management. Models and he has a game, I think it was called What’s it called? He has a card game for threat modeling and it’s awesome. It’s basically playing a card game. Training the developers to to look for things. Not just like looking for the security bug, but rather planning ahead. And mapping the things that they need to kind of address before coding. So that’s kind of awesome. Awesome. It’s. It’s free and it’s on Adams. I’m going to plug. Adams is like, he’s an awesome dude.
Speaker 1: So awesome.
Speaker 2: Well, we’ll.
Speaker 1: Add the link to that below. That seems like a fantastic way to learn while you’re having fun, too. Yes, Fantastic.
Speaker 2: And when you’re back in the offices, you have a game to play, which is not I don’t know if it’s as fun as a game, but it’s a fun as an exercise. It’s definitely what was fun when we tried to play it with the teams. So, yeah, there’s that.
Speaker 1: Well, fantastic.
Speaker 2: Thank you.
Speaker 1: Well, thank you so much for telling me for being on the 12 days of security with us and for you and everyone watching. I want to wish you all a happy holidays. Bye, everyone.
Speaker 2: Bye.