S4E16: Resilient Cyber w/ Alfredo Hickman

In this episode, Chris Hughes and Dr. Nikki Robinson are joined by Alfredo Hickman, who leads Information Security, GRC, and IT at Obsidian Security. They discuss the complexities of SaaS security, third-party risk management, and the unique challenges SaaS presents compared to traditional cloud security. Alfredo also shares insights on the evolving landscape of SaaS security, identity management, and governance.

Key Highlights:

• SaaS Security Challenges: The shift in security models from traditional cloud security (IaaS) to SaaS, where control over the infrastructure is limited.

• Third-Party Integrations: The risks of third-party and fourth-party integrations in SaaS applications, creating a web of permissions and data flows that often goes unmanaged.

• Identity and Access Management (IAM): The importance of strong governance over who has access to applications and the risks of decentralized management by non-IT personnel.

• Shifting Left in SaaS: The need to embed security practices earlier in the lifecycle of SaaS consumption, including procurement and governance.

• Zero Trust in SaaS: Applying zero trust principles to SaaS environments, where there is inherent trust in external applications.

• The Dynamic Nature of SaaS: How SaaS applications continuously evolve, introducing new integrations and risks, and why ongoing observability is critical.

• Fitness and Mental Health: Alfredo emphasizes the importance of physical and mental health to avoid burnout and maintain performance in a high-stress field like cybersecurity.