In this Replay of Screaming in the Cloud, we revisit our inspiring conversation with Jackie Singh. At the time, she had recently served as a senior cybersecurity staffer at the Biden campaign. But her venerated career is considerably more than that alone. Jackie’s time spent in the Army, at the DoD, and eventually at work in the commercial world allows her to bring an adroit sensibility to her work and to this episode. Jackie goes into detail on her time spent at the Biden campaign and the intricacies of working in such highly politicized, and short term, environment. The cyber security threats she faced there were paramount, to downplay it, and have given Jackie a rich and constantly developing perspective on security. That in combination with her career has helped her develop a perspective that she has kindly discussed in detail during this episode! Tune in for the whole story.

Show Highlights

(0:00) Intro

(1:16) Backblaze sponsor read

(1:42) Working for the 2020 Biden Campaign

(4:45) The high-stakes world of political information security

(10:08) Breaking down Jackie’s impressive resume

(12:38) Being the target of a far-right tabloid hit piece

(16:24) Contemporary politics, bad faith discourse, and its role in tech

(23:34) Common Fate sponsor read

(24:03) The ethics of reporting InfoSec vulnerabilities

(31:13) Explaining “threat modeling”

(36:49) Where you can find more from Jackie

About Jackie Singh

Jackie Singh is an Information Security professional with more than 20 years of hacking experience, beginning in her preteen. She began her career in the US Army, and deployed to Iraq in 2003. Jackie subsequently spent several years in Iraq in cleared roles for the Department of Defense.

She is now an independent consultant. Her passion extends to evangelizing best practices, writing and research for her blog, tweeting informative content, speaking at conferences, contributing to podcasts, and collaborating with fellow journalists and security professionals.

Links:

• Disclose.io: https://disclose.io
• Twitter: https://twitter.com/hackingbutlegal

Original Episode:
https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/security-challenges-and-working-for-president-biden-with-jackie-singh/

Sponsors

Backblaze: https://www.backblaze.com/

Common Fate: http://commonfate.io/

Xe Iaso returns to Screaming in the Cloud, and it’s been quite an interesting few months for them. They’re now the CEO of Techaro and are back for a discussion that spans career trials, the peculiarities of AI, and the intricacies of video production. Xe shares candid insights about being laid off multiple times and how it paradoxically led to career growth (and the tricks to resume-building). Xe also highlights the nuanced world of video editing and they’re learning tools like DaVinci Resolve.

Show Highlights:

(00:00) Intro

(00:50) Backblaze sponsor read

(0:52) Xe’s transparency with their layoffs over the past couple of years

(04:39) What Xe has been up to with their coding lately

(05:05) Xe’s method of addressing AI models’ Strawberry Problem

(10:44) Xe’s use of prompt injection attacks in their resume

(13:23) Why Xe has been embracing independent contracting

(15:20) How Xe has been working with video

(18:10) Common Fate sponsor read

(19:56) The shifting nature of content creation and the need for practice

(24:23) The importance of having audio backups for presentations

(26:17) What Xe is building toward as a contractor

(28:50) Where you can find more from Xe

About Xe Iaso

Xe Iaso is a top voice on cloud computing, developer marketing, and shitposting. They focus on making computers easier to understand and entertaining people in the process. They also use satire as a way to cope with the surreal madness that is the technology industry these days.

Links

• Xe’s blog: https://xeiaso.net/
• Friend pendant ad: https://www.youtube.com/watch?v=O_Q1hoEhfk4

Sponsors

Backblaze: https://www.backblaze.com/

Common Fate: https://www.commonfate.io/

Do we have your permission to share this episode of Screaming in the Cloud with you? Sonrai CTO and Co-Founder Sandy Bird is back on the show to help Corey break down the woes that come with granting permissions in the world of cloud security. As they catch up, the pair touch base on how automation can create major headaches, what goes into navigating the minefield of granting permissions, and if the future of adoption patterns is as grim as Corey predicts. Sandy also answers one of Corey’s long-time questions: how do you pronounce “Sonrai?” Who knows? Maybe Corey will finally learn how to say it properly...

Show Highlights:

(0:00) Intro

(0:30) Breaking down Sonrai’s name
(1:45) Sonrai sponsor read

(2:25) Getting alerts vs. fixing the root of the problem

(4:50) The problems with granting permissions

(7:34) The dangers of automating permissions

(10:10) "Where do I make this change, and how do I enforce it?"

(13:46) The security concerns that come with tagging automation
(16:12) Sonrai sponsor read

(16:53) Properly deploying permissions access

(21:16) Woes of running reporting in the middle of the night

(23:21) Are adoption patterns getting worse?

(29:01) Where you can find more from Sonrai Security

About Sandy Bird
Sandy Bird is the co-founder and CTO of Sonrai Security, helping enterprises protect their data by securing cloud identities and access. Sandy was the co-founder and CTO of Q1 Labs, which was acquired by IBM in 2011. At IBM, Sandy became the CTO for the global security business and worked closely with research, development, marketing and sales to develop new and innovative solutions to help the IBM Security business grow to ~$2B in annual revenue. He is a trusted and experienced cloud security expert., Sandy Bird is the co-founder and CTO of Sonrai Security, helping enterprises protect their data by securing cloud identities and access. Sandy was the co-founder and CTO of Q1 Labs, which was acquired by IBM in 2011. At IBM, Sandy became the CTO for the global security business and worked closely with research, development, marketing and sales to develop new and innovative solutions to help the IBM Security business grow to ~$2B in annual revenue. He is a trusted and experienced cloud security expert.

Links

• Sonrai Security: https://sonraisecurity.com/
• Sonrai Security free trial: https://sonraisecurity.com/trial/
• Sonrai Security demos: https://sonraisecurity.com/demo/
• Sonrai Security learning resources: https://sonraisecurity.com/resource-library/
• Sonrai Security blog: https://sonraisecurity.com/blog/
• Sonrai Security ACCESS Virtual Summit: sonrai.co/access-on-demand

Sponsor

Sonrai Security: https://sonraisecurity.com/