Secrets and their role in infrastructure security - Jawahar Sivasankaran, Chas Clawson, Sergey Gorbaty, Fernando Medrano - ESW #406

Security Weekly Podcast Network (Audio)

Content provided by Security Weekly Productions. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Security Weekly Productions or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

1d ago 2:14:05

MP3•Episode home

Segment 1 - Secrets and their role in infrastructure security

From API keys and tokens to environment variables and credentials, secrets are foundational—and often overlooked—attack surfaces in cloud-native and distributed systems. We break down the risks tied to poor secret hygiene, discuss emerging patterns for secure secret management at scale, and shares insights on integrating secrets management into systems design.

This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!

Segment 2 - Weekly Enterprise News

In this week's enterprise security news, we have:

Funding, mostly focused on identity security and ‘secure-by-design’
Palo Alto acquires one of the more mature AI security startups, Protect AI
LimaCharlie is first with a cybersecurity-focused MCP offering
Meta releases a ton of open source AI security tooling, including LlamaFirewall
Exploring the state of AI in the SOC
The first research on whether AI is replacing jobs is out
Some CEOs are requiring employees to be more productive with AI
Are prompts the new IOCs?
Are puppies the new booth babes?
We get closure on two previous stories we covered:
1. one about an ex-Disney employee,
2. and one about a tiny dog

Segment 3 - Executive Interviews from RSAC

CYWARE The legacy SecOps market is getting disrupted. The traditional way of ingesting large troves of data, analysis and actioning is not efficient today. Customers and the market are moving towards a more threat centric approach to effectively solve their security operations challenges.

CERT Water Management Case Study
Cybersecurity Alert Fatigue! How Threat Intelligence Can Turn Data Overload Into Actionable Insights Blog
Frost & Sullivan's 2024 Threat Intelligence Platform Radar Report
2025 TIP Buyer’s Guide

This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to request a demo!

SUMOLOGIC Intelligent SecOps is more than a buzzword—it's a blueprint for modernizing security operations through real-time analytics, contextual threat intelligence, and AI-powered automation. In this segment, Sumo Logic’s Field CTO Chas Clawson explains how SOC teams can accelerate detection and response, cut through alert noise, and improve security outcomes by fusing AI-driven automation with human context and expertise. He also shares the latest security capabilities Sumo Logic announced at the RSA Conference to help organizations build and operate Intelligent SecOps.

Press Release: Sumo Logic Unifies Security to Deliver Intelligent Security Operations
Blog: RSAC 2025 Intelligent Security Operations
Brief: Sumo Logic Threat Intelligence
Chas Blog: Cloudy with a chance of breach: advanced threat hunting strategies for a hyperconnected and SaaSy world
LinkedIn Live: Implications of AI in a modern defense strategy

This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-406

3101 episodes

#Security #Software Development #Tech News #Hacking #News #Tech #Security Weekly Productions