Transparency in Cloud Security with Gafnit Amiga

Today Corey talks with Gafnit Amiga, Director of Security Research at Lightspin. Gafnit begins by talking about the wave-making blogpost she released this year that exposed a vulnerability she had discovered in RDS, an Amazon database service. Corey and Gafnit discuss transparency and communication around security, and then talk about the risks of taking pre-exisiting open source solutions and offering them as managed services. The conversation concludes with a discussion of the security community.
Full Description / Show Notes
  • Gafnit explains how she found a vulnerability in RDS, an Amazon database service (1:40)
  • Gafnit and Corey discuss the concept of not being able to win in cloud security (7:20)
  • Gafnit talks about transparency around security breaches (11:02)
  • Corey and Gafnit discuss effectively communicating with customers about security (13:00)
  • Gafnit answers the question “Did you come at the RDS vulnerability exploration from a perspective of being deeper on the Postgres side or deeper on the AWS side? (18:10)
  • Corey and Gafnit talk about the risk of taking a pre-existing open source solution and offering it as a managed service (19:07)
  • Security measures in cloud-native approaches versus cloud-hosted (22:41)
  • Gafnit and Corey discuss the security community (25:04)

About Gafnit

Gafnit Amiga is the Director of Security Research at Lightspin. Gafnit has 7 years of experience in Application Security and Cloud Security Research. Gafnit leads the Security Research Group at Lightspin, focused on developing new methods to conduct research for new cloud native services and Kubernetes. Previously, Gafnit was a lead product security engineer at Salesforce focused on their core platform and a security researcher at GE Digital. Gafnit holds a Bs.c in Computer Science from IDC Herzliya and a student for Ms.c in Data Science.


Links Referenced:


Join our newsletter

checkmark Got it. You're on the list!
Want to sponsor the podcast? Send me an email.

2021 Duckbill Group, LLC