- Why Bright
-
Product
- Resources
- DAST
- Application Security Testing
- Penetration Testing
- Vulnerability Management
Guide to DAST (Dynamic Application Security Testing)
Your primer for application security testing.
We explain the concept of penetration testing.
Comprehensive overview of vulnerability management.
- DevSecOps
- API Security
- Unit Testing
- Fuzzing
All the necessary knowledge to get started with DevSecOps
We take a deeper look into securing & protecting your APIs!
All you need to know about keys of unit testing & best practices.
We explore fuzzing and evaluate if it's the next big thing in cybersec.
-
Company
- Partners
- Contact
12 days of security: Day 8
00:00:00
Speaker 1: Hi, everyone, and welcome to the 12 days of Security with Bright security. My name is Amanda and I am your host for day eight. And with me today I have Nedim, who is one of our web developers. Hi, Nedim.
00:00:15
Speaker 2: Hi, Amanda. It’s a pleasure to be here.
00:00:18
Speaker 1: Awesome. Thanks for joining us. So to start off, can you tell us just a little bit about yourself and what you do here at Bright?
00:00:26
Speaker 2: Yeah. So I joined the company almost two and a half years ago, and I’m a web developer at Bright. I’ve done a lot of things during my stint here, so I became like integral part of the company, so you could say.
00:00:44
Speaker 1: Fantastic. Yeah, you’re definitely a critical member here. So what happened this year in cybersecurity that really stood out to you?
00:00:56
Speaker 2: Good question. So maybe the biggest thing that stood out to me is the whole war situation in Ukraine. So it was really interesting to see how cybersecurity plays a huge role in like modern warfare. And it’s used in both armies from both sides. Because we never had the opportunity to see cybersecurity in action on a large scale war like this one is, we only seen it in peace times. Although cybersecurity is constant warfare, as they say. But I find it really amazing at how it really makes the difference in gathering information. In stealing information. Yeah. So that’s the big one for me.
00:01:47
Speaker 1: Definitely. Yeah, I couldn’t agree more with that one. So on a more personal note, what challenges have you faced and how did you overcome them?
00:01:58
Speaker 2: Yeah. So it was a year actually of challenges for me personally, mostly because as a company we had to meet certain standards. So we have SOC1, SOC2 compliance, which means that each one of the employees has to raise their cybersecurity awareness. So it was like one big lesson In learning how to protect myself on the Internet in order to be able to protect my company as well.
00:02:34
Speaker 1: Definitely. I feel like this year was a good year of learning for everyone in the company. I feel like I know myself personally as well learnt a lot from getting those certifications and how to properly protect ourselves.
00:02:50
Speaker 2: Yeah. Yeah. Especially because there’s so many little things that you never notice. That could be a big vulnerability. And it really makes a difference.
00:03:01
Speaker 1: Definitely, yeah. So what do you predict will happen next year? Both the good and the bad?
00:03:09
Speaker 2: So in 2023, I think it’s going to be a really tricky year for cybersecurity because COVID is finally over. So that means more people going back to office, which automatically means some more liability on a human level, because they usually say that the human is the biggest weak point in every system. So that definitely goes for this. And I think that’s a big threat to all companies, all tech companies at least. And as far as good things go, I think that the increased awareness could play a big role in 2023 because as the time goes on, we’re all required to take our cybersecurity awareness to the next level. And I think this could be the year when a general population gets a hold of it. And educates more and more as we gain informatic literacy and all that.
00:04:18
Speaker 1: Absolutely. Yeah. I feel like people are definitely starting to realize how important it is to be safe when on the Internet and all of that and just protecting yourself and your company. It’s definitely more apparent nowadays.
00:04:36
Speaker 2: Yeah. Yeah. It’s not even about just the companies anymore. It’s the individuals because everyone is in threat nowadays. Like there’s nobody with a phone who is safe online. Everyone has to take precautionary measures. So it’s a big learning experience for the humanity as a whole.
00:04:55
Speaker 1: Absolutely. So my last question for you, What security gift do you want for the holidays? So this could be literally a gift or a wish you have, such as every developer get secure code training.
00:05:12
Speaker 2: That’s a really tough question. So my cybersecurity wish would be that maybe someone hacks the speed cameras. So I stopped getting fines. But on a more realistic note, I would personally like it if developers had an opportunity to learn about safe coding practices more. So tutorials focused on that would be a huge difference maker in the long run. Because it’s so often happens that there’s a disconnect between developers and security people. And then developers have to comply with securities requests, etc., and creates this whole mess. But it would be remediated if developers were able to learn safe coding practices early on. In order to avoid those issues.
00:06:12
Speaker 1: Absolutely. Yeah. I couldn’t agree more with that one. Well, thank you so much, Nedim, for being on the 12 days of security and for you and everyone watching I want to wish you a happy holidays. Bye everyone.
00:06:27
Speaker 2: It’s been a pleasure, bye