“Guy was in the critical path of every new name deal for my team during my tenure at LivePerson. There was no avoiding a conversation with Guy and his team in order to satisfy the technical requirements of every new customer. Guy is a skilled and knowledgable security officer who is exceptional in dealing with customers in a selling situation, able to properly balance the concerns of our business with the risk concerns of our customers. Without exaggeration, we would not have reached our successes without Guy. What's more is that he is a "good guy" with solid character and someone I consider a personal friend even a half a world away.”
Sign in to view Guy’s full profile
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
San Francisco Bay Area
Contact Info
Sign in to view Guy’s full profile
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
7K followers
500+ connections
Sign in to view Guy’s full profile
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
View mutual connections with Guy
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
View mutual connections with Guy
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
Sign in to view Guy’s full profile
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
Recommendations received
8 people have recommended Guy
Join now to viewView Guy’s full profile
Sign in
Stay updated on your professional world
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
Other similar profiles
-
Itzik Kotler
San Francisco Bay AreaConnect -
Gal Elbaz
Connect -
Doron Sharon
IsraelConnect -
Tomer Bar
IsraelConnect -
Mor Lakritz
San Francisco Bay AreaConnect -
Raman Kumar
San Francisco Bay AreaConnect -
Keren Elazari
IsraelConnect -
Itamar Falcon
New York, NYConnect -
Fallon McNeil Martin
🤝”...of the people, by the people, for the people…”🙌
Greater Richmond RegionConnect -
Yaron Samid 🇮🇱🇺🇸🎗️
Tel Aviv District, IsraelConnect -
Andrew Joseph
Atlanta, GAConnect -
Garet Stroup
Greater St. LouisConnect -
Lior Neudorfer
IsraelConnect -
Ofer Ben-Noon
IsraelConnect -
Akash Mahajan ☁︎
Greater Bengaluru AreaConnect -
Chris Romeo
Fuquay-Varina, NCConnect -
Mike Gentile
San Clemente, CAConnect -
J.J. Guy
San Antonio, Texas Metropolitan AreaConnect -
Mariano Nunez
Boston, MAConnect -
Nicholas Stamos
Belmont, MAConnect
Explore more posts
-
Viswanath S C.
Are you coming to RSA Conference? If so, join us at SCW Coffee Shop! Bluestone Lane SOMA Coffee Shop 55 2nd St, San Francisco, CA 94103 On May 6th | 12:30PM PST. Join Secure Code Warrior CTO & Co-Founder, Dr. Matias Madou, Jeffrey Martin from Mendio, John B. Dickson from Lasithi Security, and Viswanath S C. from Thales Digital Identity and Security to learn about: Incredible techniques for winning over developers and helping them prioritize security The challenges in measuring security skill development, and how to overcome them Why a developer-centric ‘Trust Score’ could be the missing piece of the compliance puzzle for every top organization and can unlock the benchmarks needed to reach new levels of risk reduction in code. https://lnkd.in/gMzG2WuJ
12
-
Richard Bird
Last year we rocked the enterprise with the most comprehensive study on API security issues and the reasons why organizations aren’t moving faster to fix their largest unmitigated attack surface. Now we dive into banking and financial services, specifically. Hang out with me for this next webinar and discussion on how API security is transforming Layer 7. Join our webinar, "The State of API Security in Financial Services," to explore the challenges, threats, and solutions in today's evolving regulatory landscape. 🎙️ Our Chief Security Officer, Richard Bird, will discuss: 📜 The regulatory impact: understanding the implications of FFIEC, OCC, CFPB, and PCI-DSS compliance on API security. 🔍 The growing threat landscape: unauthorized access, data exfiltration, malicious bots, and the human element in API attacks. 🔧 The effectiveness of current solutions: evaluating the strengths and weaknesses of existing API security measures. 🎯 Best practices and strategies: actionable recommendations for strengthening API security, mitigating risks, and ensuring compliance. 📅 Save your spot and gain valuable insights to navigate API security and protect your organization's critical assets.
17
1 Comment -
Galina Antova
As we get back from the craziness of RSAC, I'm getting ready for the next big event on the horizon. The CISO Village Summit by Team8 is back with 100 CISOs and security leaders joining me this June in California! The magic of the Summit is more than that of a regular conference; our 300-strong community is a place of genuine curiosity, innovation, and collaboration, offering a forum for professional and personal growth alongside the industry's best. Throughout this exclusive five-day event, don't miss the chance to engage in meaningful discussions with industry leaders on: * The changing threat landscape * AI’s impact on cybersecurity’s challenges and solutions * Socio-economics and geopolitical tensions filtering into cybersecurity policy * The complex CISO-CEO relationship * And more. Spots are limited and closing fast— so apply now to not miss out! https://lnkd.in/gKj-jvS5 Team8 #Team8CISOVillage #Cybersecurity
171
9 Comments -
Mark Fullbrook
You know what happens when you can connect your users to their systems securely, friction free and without using jump hosts? You can start doing cool things like adding secondary MFA prompts to your sessions based upon resources, commands or even the content of the resource being accessed.
3
-
Tom Tovar
If you’re a #ciso or #cybersecurity, #antifraud or #networksecurity professional and want to see if the consumer is on your side - check out our 4th Annual global consumer survey co-sponsored by OWASP® Foundation! Spoiler alert: consumers are on the side of cyber more than ever! Woohoo! Use this to show the business that what cyber professionals do matters to the end customer (oh and maybe get budget for projects). :) #gocyber #redteam #blueteam #purpleteam #devsecops #secops #appsec #owasp - thank you to the Appdome team for making this seminal report possible!
25
1 Comment -
Owen E.
🔥❗ PAN-OS RCE UPDATE: tl;dr: somehow it's getting worse For those of us just waking up and getting going in the UK, if you're tracking the RCE in PAN-OS (CVE-2024-3400), please be advised: Telemetry is no longer a pre-requisite for exploiting this vuln for RCE. This is being exploited in the wild by motivated threat actors right now. It has been for ages. Stop messing about and get patched.
11
-
Sivan Dror
A vulnerability has been identified, CVE-2024-27322, in the R programming language that permits arbitrary code execution by deserializing untrusted data. CERT Coordination Center (CERT/CC) has issued an advisory for CVE-2024-27322, cautioning against arbitrary code execution via malicious RDS or RDX files. What should you do? ⬆️ Update R to version 4.4.0 or later promptly. ⛔Until then, avoid interaction with untrusted RDS files or packages to mitigate risks. There is currently no public proof-of-concept or exploitation evidence available. https://bit.ly/44t7vFt
10
-
Pruthvi Uduchanada
Simply patching isn't enough. Thorough remediation provides total control and elevates your security to a higher level. Register for the joint webinar by SecPod and Sonata Software, ''Remediation 2.0-Going beyond the temporary "Patch" band-aids,'' on July 10th at 3 PM IST. Gain insights into why advanced patch management is crucial for Enterprise IT teams to protect themselves from cyberattacks! Register here and secure your spot - https://lnkd.in/gzZzkayV Jagsir Singh Praveen Richard Sarala K Sharath Gowda Bise Gowda V #patchmanagement #secpod #sonatasoftware #itadmin
12
-
Timothy Ruff
A shrewd move by Trinsic, and just in time. I predict huge success, kudos all around. IMO it takes them officially out of the SSI game, at least as a direct creator or driver of it. Riley Hughes has been clear, they’ve given every chance they could before needing to pivot to greener pastures, and this appears to be an excellent pivot. My POV: SSI will still happen, but indirectly as a result of other things gaining traction beforehand, such as organizational identity, GLEIF’s vLEI, EU ID, etc. As a platform of platforms, Trinsic will still be positioned well to provide verification services for those services as they come along, enabling Trinsic to still help facilitate true SSI when the world is finally ready for it, and thrive in the meantime. Shrewd indeed. Bravo, Riley, Michael, and the rest of the Trinsic team!
32
4 Comments -
Halil ÖZTÜRKCİ
Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13 that may then unsafely run with the same permissions as the running application. For example, an attacker could use this feature to trojanize a popular model, save it, and redistribute it, tainting the supply chain of dependent AI/ML applications. VU#253266 - Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models https://lnkd.in/dut4JJRg
4
-
Cole Grolmus
CyberArk-Venafi is the largest strategic acquisition we've seen in identity since Okta bought Auth0 three years ago. Billion-dollar acquisitions happen in this space, but not very often! Any time we see one, it's significant for our industry. There have only been seven total strategic acquisitions over $1 billion in the identity security market (intentionally excluding private equity deals). CyberArk-Venafi is the sixth largest by a strategic. This deal is just behind Dell's (now divested) acquisition of RSA Security in 2006, and just ahead of Centrify's PE-backed acquisition of Thycotic (to form Delinea). CyberArk is actually one of the smallest companies to do a deal of this size — which could signal a (small, but more than what we've historically seen) run of larger scale acquisitions from other strategic buyers in the industry.
70
8 Comments -
Michael Jones
Proposed Implementer's Draft of OpenID Federation The OpenID Connect working group has started working group last call (WGLC) for a proposed Implementer’s Draft of the OpenID Federation specification. As described in the WGLC message: "OpenID Federation -35 has been published at https://lnkd.in/g-N77DdF and https://lnkd.in/gdv-JTa2. This draft is being proposed as the fourth (and hopefully final) Implementer’s Draft of the specification." An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. The two-week working group last call ends on Friday, May 31, 2024. Unless reasons are identified during the last call to substantially revise the specification, the 45-day OpenID Foundation-wide review of the specification for approval as an OpenID Implementer’s Draft will shortly follow. Special thanks to all the implementers and deployers who provided feedback to get us to this point! See the post at https://lnkd.in/gmEhYueB. OpenID Foundation Roland Hedberg Giuseppe De Marco Vladimir Dzhuvinov John Bradley Andreas Åkre Solberg #OpenID #Federation
68
5 Comments -
Prabhu S.
# Polyfill.io is a security process vulnerability You might have read about the polyfil.io CDN service that got taken over to serve malicious code snippets. (https://lnkd.in/eZiu_CHU) People called this a supply chain attack. To me, this is a process issue, a case where most teams in the world simply didn't follow the correct AppSec and InfoSec processes. My questions are as follows: 1. Why are your developers writing code that knowingly loads JavaScript code from a third-party domain without following any infosec or risk auditing process? 2. Polyfill.io was originally owned by FT. Why would any website allow a newspaper to track all their users? 3. This style of attack is not even new. BA (jQuery), video.js attack, and several 100s more happened in the last decade. Are your frontend developers and CMS people even aware of such attacks? The next time you see a developer who wants to use a package or add a code snippet to a public website, ask them these two questions - “Have you done a risk audit for this package or the domain, even a basic one with some open-source tools?” "Have you added this domain to the allow-list in the CMDB?". This “secure by design” and full-stack inventory mindset is what we need. An action item for my team is to enhance #cdxgen this year to collect more endpoints and services from file types such as HTML etc. Who knows, may be our work might inspire more application security companies to take "inventory management" as seriously as "vulnerability management".
13
1 Comment -
Jason R... Weiss
For those waiting for the FAR update regarding #ssdf attestations... The latest Open FAR Cases report shows on May 30th Case Number 2023-002, Supply Chain Software Security, that OMB identified draft proposed FAR rule issues. OFPP, FAR and DAR staff are now working to resolve those issues. It is my understanding that this work remains opaque, and that there was no public disclosure of precisely what issues OMB identified with the proposed FAR rules relating to supply chain software security. Regardless of the status of Case 2023-002, the GSA is now requiring #ssdf attestations for anything it buys that contains software as of this past Monday morning when the government opened for business. GSA quietly updated GSA Form 7700 last month to take advantage of the CISA standard form's disclosure that "Agency-specific instructions may be provided to the software producer outside of this common form." GSA Form 7700 form has two checkboxes on page 3: Option 1: Submit the attestation online at the Cybersecurity and Infrastructure Security Agency Repository for Software Attestations and Artifacts (RSAA) portal. Option 2: Only use GSA Form 7700 submit it to a GSA specific email account. What this means to me is that if Option 1 is checked then Form 7700 is effectively a trigger mechanism for GSA to go lookup an existing attestation in RSAA. However, if Option 2 is checked, it would be interesting to know if GSA is taking that PDF and entering it into RSAA on behalf of the vendor. Option 2 also implies that a vendor may not have to attest multiple times for the same software product/version, but seemingly will have to submit multiple disparate forms to each part of the government. As we continue to see discussion about harmonizing #cybersecurity regulations, this is a great example where the government could have simply mandated using CISA RSAA. Instead, vendors will find themselves having to report using GSA Form 7700 for something through a GSA contract vehicle, and speculatively, a different form through NASA SEWP, and a different form for Dept of State, and different form for.... https://lnkd.in/eEDA-S8F If you haven't started to get serious about #software provenance ahead of the all-of-government mandate coming in September, now is a great time to start evaluating your #devsecops policies and procedures!
31
1 Comment
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More