
CyberOXtales
Join Neatsun Ziv, CEO of OX Security, in this bi-weekly, 20-minute video podcast designed for senior-level security professionals. Each episode features one guest and includes 3-5 questions, delving into key areas such as cybersecurity leadership and strategy. Gain insights into the strategic aspects of being a CISO, developing effective cybersecurity policies, building a security-minded culture, and aligning security strategies with business objectives. Stay updated on emerging threats and trends, focusing on the latest cybersecurity threats, trends, and techniques affecting application security. Additionally, explore compliance and regulatory updates, with discussions on the evolving landscape of compliance and regulations impacting application security, including CISA Directives, GDPR, CCPA, and HIPAA. Learn how CISOs can navigate these requirements effectively. Featuring conversations with CISOs, security experts, and thought leaders, this podcast is your go-to source for high-level and strategic communication of risk.
CyberOXtales
Securing CI/CD Pipelines and Non-Human Identities: Mario Duarte’s Playbook for Executives
In this episode of CyberOxTales Podcast, host Neatsun Ziv, CEO of OX Security, welcomes Mario Duarte, former CISO at Snowflake. They discuss the complexities of securing CI/CD pipelines and non-human identities, shedding light on why these areas are often overlooked and how to communicate their importance to both technical and non-technical stakeholders.
About Our Guest:
Mario Duarte is the former CISO of Snowflake, where he built the security team from scratch. With over 25 years of experience in the security industry, Mario now advises, invests, and speaks on security topics such as CI/CD and non-human identities.
Connect with Mario: LinkedIn
Key Takeaways:
- Development and QA environments are less controlled than production, making them prime targets for attackers.
- API keys and tokens often "move around" in development environments, increasing the risk of exploitation.
- Handling widespread vulnerabilities requires clear communication with management and an understanding of how vulnerabilities manifest in production.
- Mario emphasizes the importance of storytelling to explain security risks in relatable terms to both developers and executives.