Software at Scale 39 - Infrastructure Security with Guy Eisenkot
Guy Eisenkot is a Senior Director of Product Management at BridgeCrew by Prisma Cloud and was the co-founder of BridgeCrew, an infrastructure security platform.
We deep dive into infrastructure security, Checkov, and BridgeCrew in this episode. I’ve personally been writing Terraform for the last few weeks, and it often feels like I’m flying blind from a reliability/security perspective. For example, it’s all too easy to create an unencrypted S3 bucket in Terraform which you’ll only find out about when it hits production (via security tools). So I see the need for tools that lint my infrastructure as code more meaningfully, and we spend some time talking about that need.
We also investigate “how did we get here”, unravel some infrastructure as code history and the story behind Checkov’s quick popularity. We talk about how ShiftLeft is often a painfully overused term, the security process in modern companies, and the future of security, in a world with ever-more infrastructure complexity.
00:00 - Why is infrastructure security important to me as a developer?
05:00 - The story of Checkov
09:00 - What need did Checkov fulfil when it was released?
10:30 - Why don’t tools like Terraform enforce good security by default?
15:30 - Why ShiftLeft is a tired, not wired concept.
20:00 - When should I make my first security hire?
24:00 - Productizing what a security hire would do.
27:00 - Amazon CodeGuru but for security fixes - Smart Fixes.
33:00 - Is it possible to write infrastructure as code checks in frameworks like Pulumi?
37:00 - Not being an early adopter when it comes to infrastructure tools.
40:00 - The Log4J vulnerability, and the security world moving forward.