WWDC22 was last week (check out Apple’s highlights here). Among the most exciting demonstrations: passkeys, a new approach to authentication with the potential to finally replace passwords altogether.
Multitaskers rejoice: A new iPadOS function called Stage Manager organizes apps in a tile formation that allows users to rapidly tap from workspace to workspace.
Ever since personal information started flowing into applications on the web, securing that information has become more and more important. General security and privacy frameworks like ISO-27001 and PCI provide guidance in securing systems. Now the law has gotten involved with the European Union’s GDPR and California’s CPRA. More laws are on the way, and these laws (and the frameworks) are changing as they meet legal challenges. With the legal landscape for privacy shifting so much, every engineer must ask: How do I keep my application in compliance?
On this sponsored episode of the podcast, we talk with Rob Picard and Matt Cooper of Vanta, who get that question every day. Their company makes security monitoring software that helps companies get into compliance quickly. We spoke about the shifting sands of privacy rules and regulations, tracking data flows through systems and across corporate borders, and how security automation can put up guardrails instead of gates.
Many security frameworks are undergoing modernization to reflect the way that distributed applications function today. And more countries and US states are passing their own privacy regulations. The privacy space is surprisingly dynamic, forcing companies to keep track of these frequent changes to stay current and compliant. Not everyone has in-house legal experts to follow the daily developments and communicate those to the engineering team.
For an engineering team just trying to understand the effort involved, it may be helpful to start figuring out where your data flows. Tracking it between internal services may be overkill; instead, track it across corporate boundaries, from one database, cloud provider, SaaS system, and dependency. Each of those should have their own data privacy agreement—plug into your procurement process to see what each piece of your stack promises on a privacy level.
Your DevOps and DevSecOps teams will probably want to automate much of the security engineering process as possible. Unfortunately, automating security is hard. The best path may not be to automate the defenses on your system; it might be better to instead automate the context that you provide to engineers. If someone wants to add a dependency, pop up a reminder that these dependencies can be fickle. Automate the boring stuff—context, reminders, to-dos—and let humans do the complex problem solving we’re so good at.
If you’re looking to add an in-house security expert as a service, check out Vanta.com. Their platform monitors connects to your systems and helps you prep for compliance with one or more security frameworks. If those frameworks change, you don’t need to do anything. Vanta changes for you.
Shaunak Roy spent 10 years in the tech industry before deciding to be a tech entrepreneur. In undergraduate, he studied mechanical engineering and eventually came to the states for his masters. Outside of running a company, he has 2 daughters and enjoys playing games and observing their patterns of learning, which applies to his current venture.
Throughout his life, Shaunak has always been fascinated by learning. When looking into building his own startup, he noticed that there wasn't a learning platform built around the mechanics of social media, and community.
OUTLINE:
Here’s the timestamps for the episode. On some podcast players you should be able to click the timestamp to jump to that time.
(00:00) – Introduction
(07:16) – Memories
(14:13) – Apple II
(22:51) – First business
(26:55) – iPod
(50:56) – Ideas
(55:09) – Marketing
(1:05:26) – PR and Comms
(1:15:06) – Design
(1:20:03) – Experts
(1:26:04) – Steve Jobs
(2:09:43) – Jony Ive
(2:16:55) – Nest
(2:27:13) – Advice for young people
(2:31:30) – Startup
(2:36:25) – Money
(2:41:33) – Work-Life Balance
(2:44:11) – Darkest moment
(2:49:48) – Meaning of life
Nina Achadjian is a partner at Index Ventures. She joins Big Technology Podcast to discuss how large declines in public market valuations impact startups and venture capitalists. Achadjian and I recorded with the S&P 500 down 13%. year to date. That was just last week! Now, we're in full-on bear market territory, with the S&P down more than 20%. Join us for a nuanced conversation on whether our period of oversized valuations was any good, and what to do now that it's over.
Guest: Vatasha White is a Senior Software Engineer at Courier. Previously, she built software at Lacework, LaunchDarkly and GE Digital. She is a graduate of Smith College in 2015.
Questions:
Having been a prior customer of Courier, what excited you about the solution?
What is your favorite use case for the tool?
So now that you work at Courier... what impact do they have that really motivates you?
What are you working on now, that really excites you about the product?
Catherine Luelo, Chief Information Officer for the Government of Canada joins the show to discuss how she is refreshing Canada’s digital strategy and improving government’s use of data. We also discuss her time as CIO at Air Canada when she navigated arguably the hardest period of time the global commercial aviation industry has ever faced with the pandemic, the risks and rewards of digital transformation, and the push to establish single digital identities for Canadians in support of their citizen experience priorities.
Matt Provo has been married for 16 years and has three kids. So between the Provo household and his startup, there is never a dull moment. He is originally from the West Coast, until he came to Boston for grad school. He was influenced through his love of sports, specifically playing soccer through college. Early in life, he had the opportunity to help start a non-profit organization, based around documentary films of children in Africa. In doing so, he learned a lot about, and fell in love with, building a healthy, impactful organization.
While building a platform surrounding HVAC software, Matt and his team ran into some challenges around the diversity of their implementations. When they lifted & shifted to Kubernetes, they unlocked the problem around resource scaling that their current solution targets today.
