— Managing Multi-Factor Authentication and SIM Cards
Quick recap. The team discussed the challenges and potential solutions in managing Multi-Factor Authentication (MFA) for shared accounts, with a focus on the use of FIDO keys and the protection of SIM cards. They also explored the evolving roles in application and infrastructure security, emphasizing the importance of breaking down silos and integrating security tools into products. Lastly, they shared their experiences and insights on professional services, stressing the importance of honesty, authenticity, and understanding client needs.
Show 7 discussion topics
Managing Multi-Factor Authentication and SIM Cards
Shawn invited suggestions for future topics and speakers, while Brian shared his issues with 2-factor authentication on AWS using Firefox. The group discussed the challenges of managing Multi-Factor Authentication (MFA) for shared accounts, particularly in small to medium-sized businesses, and agreed on the need for a robust approach, with suggestions including the use of FIDO keys for each user with shared access. Lastly, the management and protection of SIM cards for telecoms were discussed, with Brian suggesting a strategy of splitting tasks into three parts for root accounts, and questions were raised about its applicability to medium to large organizations.
Docker Key Cloak Instance and Scholarships
Brandon proposed setting up a key cloak instance on Docker, while Shawn discussed the use of physical safes for key security. Neil suggested using Red Hat's examples for an easier setup. Kyle brought up the topic of a cybercorp scholarship for service, which he was considering for his future master's degree. The group discussed the potential benefits and challenges of pursuing a master's degree, with advice from Afrida to consider working on the side to cover costs. Kurt shared a solution for the root password issue for their AWS roles, which could be a potential career path for Kyle. David reported issues with Microsoft's latest updates breaking Watchcard Auth.
Evolving Roles in Application Security
The discussion focused on the evolving roles and responsibilities in application and infrastructure security. SLuengo@BankUnited.com shared their experience in transitioning from a development to a security-focused role, highlighting the increasing overlap between the two. Shawn agreed, noting the historical silos between cloud, security, and development teams have started to break down, leading to a more integrated approach. David, a devops engineer, emphasized the importance of breaking down silos in enterprise architecture and the role of a release manager in ensuring the secure and efficient release of code. The conversation also touched on the need for early governance, the integration of security and infrastructure considerations into the development process, and the goal of getting everyone to use the source control repository and terraform to prevent unauthorized access and ensure secure development.
Building Strong Relationships With Customers
Marc, Robbie, Shawn, Neil, and Kurt discussed the importance of building strong relationships with customers in an enterprise environment. They emphasized the need for active listening, understanding customer problems, and consistent communication. Neil shared his sales philosophy, stressing the importance of guiding clients to the right solutions and aligning personal values with company policies. The group also discussed the challenges of handling situations where personal and company values conflict, with Neil advising individuals to seek support from colleagues and mentors when needed.
Integrating Security Tools and Aligning Incentives
The team discussed integrating security tools into products for addressing vulnerabilities. Carley emphasized the need for clear vendor documentation. Connor stressed working with customers' existing tech stacks. They agreed on a tailored approach to product security and vendor engagement. Neil highlighted aligning sales incentives with customer needs. Frederick discussed the shift towards using code for product security detection and deployment in his company. Chris emphasized the significance of fair compensation in driving behavior.
Professional Services Discussion
Brandon initiated a discussion about professional services, with team members sharing their experiences and insights. Chris emphasized the importance of understanding client needs, communicating the value of professional services, and building trust with clients. Don highlighted the challenges of implementing new systems, setting right expectations, and avoiding being blamed for issues. Shawn and Connor stressed the importance of subject matter expertise and upskilling. Kurt, who founded and ran a pro services company, advised the team to reflect on whether their services add value to the customer before proceeding with a proposal. The team agreed that professional services, when approached with the right mindset, can be a valuable part of the business.
Emphasizing Honesty in Sales and Services
Chris and Kurt emphasized the importance of honesty and authenticity in professional services and sales, sharing their experiences of how being transparent led to successful resolutions. They also discussed the value of internal honesty and admitting when a situation isn't a good fit. Rick, who missed the previous week's meeting, was introduced to the group and shared his extensive experience in the IT world. The group welcomed Rick and appreciated his practical experience, agreeing to meet again the following week for further discussions.