S3E12: Resilient Cyber Show w/ Daniel Krivelevich

In this episode of Resilient Cyber, Chris Hughes talks with Daniel Krivelevich, CTO and co-founder of Cider Security, about securing modern CI/CD pipelines. They explore how DevOps and automation have transformed software delivery and the growing importance of viewing pipelines as a critical attack surface.

🔑 Key Highlights:

• CI/CD Security: Why pipelines are central to modern engineering environments and the growing need to secure them

• Supply Chain Attacks: How incidents like SolarWinds and Codecov raised awareness of pipeline vulnerabilities

• Top 10 CI/CD Risks: The creation of the Top 10 CI/CD Security Risks by Cider Security, modeled after the OWASP Top 10

• Software Supply Chain: The importance of managing third-party components and software dependencies with solutions like SBOMs

• Best Practices & Guidance: Insights into the NIST SSDF, CNCF's Secure Software Factory, and other standards driving security in the software supply chain

• Tools for Practitioners: Resources like the CI/CD Goat, a deliberately vulnerable environment, to help teams test and improve their pipeline security practices

Daniel also shares his thoughts on cyber resilience, emphasizing the importance of realistic threat modeling and attack simulations to build a strong cybersecurity program.