To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Tech Business Fix Security
Content provided by Fix Security. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Fix Security or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

The Security Cloud Podcast « »
Building an open-source CSPM service - Daniel Spangenberg, Staff Cloud Security Engineer at Lyft

58:31
 
Play
Playing
Share
 

MP3Episode home

Archived series ("Inactive feed" status)

When? This feed was archived on August 15, 2025 15:14 (6d ago). Last successful fetch was on October 21, 2024 13:05 (10M ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 420076779 series 3576155
Content provided by Fix Security. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Fix Security or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Daniel Spangenberg, Staff Cloud Security Engineer at Lyft, is building an internal cloud security posture management (CSPM) service.

Daniel has developed a mental model that looks at cloud security in three components:

  1. The past. Data about your current cloud inventory, e.g. your EC2 instances and S3 buckets, to idenfity and remediate misconfigurations.
  2. The present. Event logs, access logs and CloudTrail data, with real-time processing and alerting.
  3. The future. Preventative measures to guardrail your deployments, e.g. in Terraform or with policy-based controls.

Daniel explains how he uses tools like Cloudquery and AWS Trusted Advisor to gather data and identify security issues. He also discusses the importance of resource coverage and how he leverages existing tools to extract data into a centralized view.

Daniel prioritizes issues based on their severity and assigns them to the respective service teams for resolution. Daniel highlights the importance of having a comprehensive asset inventory and using tools like Lyft's Cartography for graph traversal.

Daniel shares insights on tracking success, visualizing data, and the shortcomings of existing CSPM solutions. He advises approaching cloud security thinking like a developer, and fostering collaboration between security and engineering teams.

Takeaways

  • Lyft's cloud security team focuses on securing the infrastructure by addressing the past, present, and future components of cloud security.
  • Coverage is important to ensure that all resources are accounted for, even if they are not actively used.
  • Data is extracted from existing tools and centralized into a single source of truth for better visibility and analysis.
  • Prioritization of security issues is based on severity, and tickets are assigned to the respective service teams for resolution. Having a comprehensive asset inventory is crucial for effective cloud security.
  • Custom queries and automation are essential for handling a large volume of findings and creating tickets for remediation.
  • Auto-remediation is a complex topic that requires careful consideration and can potentially cause more harm than benefit if not implemented correctly.
  • A labeling system, such as using tags, can help identify resource ownership and assign tickets to the appropriate teams.
  • Tracking success in cloud security can be done through risk assessment, ticket counts, and data normalization.
  • Building an in-house CSPM solution allows for customization and integration into existing workflows, avoiding the limitations of commercial solutions.
  • Thinking like a developer and understanding the motivations behind certain configurations can help bridge the gap between security and engineering teams.
  • Collaboration and communication between security and engineering teams are essential for successful cloud security.
  continue reading

9 episodes

#Tech #Business #Fix Security
Artwork

Building an open-source CSPM service - Daniel Spangenberg, Staff Cloud Security Engineer at Lyft

The Security Cloud Podcast

published

Play Playing
iconShare
 
MP3Episode home

Archived series ("Inactive feed" status)

When? This feed was archived on August 15, 2025 15:14 (6d ago). Last successful fetch was on October 21, 2024 13:05 (10M ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 420076779 series 3576155
Content provided by Fix Security. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Fix Security or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Daniel Spangenberg, Staff Cloud Security Engineer at Lyft, is building an internal cloud security posture management (CSPM) service.

Daniel has developed a mental model that looks at cloud security in three components:

  1. The past. Data about your current cloud inventory, e.g. your EC2 instances and S3 buckets, to idenfity and remediate misconfigurations.
  2. The present. Event logs, access logs and CloudTrail data, with real-time processing and alerting.
  3. The future. Preventative measures to guardrail your deployments, e.g. in Terraform or with policy-based controls.

Daniel explains how he uses tools like Cloudquery and AWS Trusted Advisor to gather data and identify security issues. He also discusses the importance of resource coverage and how he leverages existing tools to extract data into a centralized view.

Daniel prioritizes issues based on their severity and assigns them to the respective service teams for resolution. Daniel highlights the importance of having a comprehensive asset inventory and using tools like Lyft's Cartography for graph traversal.

Daniel shares insights on tracking success, visualizing data, and the shortcomings of existing CSPM solutions. He advises approaching cloud security thinking like a developer, and fostering collaboration between security and engineering teams.

Takeaways

  • Lyft's cloud security team focuses on securing the infrastructure by addressing the past, present, and future components of cloud security.
  • Coverage is important to ensure that all resources are accounted for, even if they are not actively used.
  • Data is extracted from existing tools and centralized into a single source of truth for better visibility and analysis.
  • Prioritization of security issues is based on severity, and tickets are assigned to the respective service teams for resolution. Having a comprehensive asset inventory is crucial for effective cloud security.
  • Custom queries and automation are essential for handling a large volume of findings and creating tickets for remediation.
  • Auto-remediation is a complex topic that requires careful consideration and can potentially cause more harm than benefit if not implemented correctly.
  • A labeling system, such as using tags, can help identify resource ownership and assign tickets to the appropriate teams.
  • Tracking success in cloud security can be done through risk assessment, ticket counts, and data normalization.
  • Building an in-house CSPM solution allows for customization and integration into existing workflows, avoiding the limitations of commercial solutions.
  • Thinking like a developer and understanding the motivations behind certain configurations can help bridge the gap between security and engineering teams.
  • Collaboration and communication between security and engineering teams are essential for successful cloud security.
  continue reading

9 episodes

#Tech #Business #Fix Security

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play