Shows
The Elephant in AppSecHyped or Helpful? The Truth About Reachability & Developer Buy-In ⎢ Nir ValtmanWelcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.Today, I’m joined by Nir Valtman, CEO & co-founder of Arnicaan ASPM platform with a pipelineless approach. Before founding Arnica, Nir led product and data security at Finastra, established security at Kabbage as CISO, and headed application security at NCR. He’s also a well-known speaker at top security conferences, including Black Hat, Defcon, RSA, BSides, and OWASP.In this episode, we unpack the reachability hype-why every vend...2025-03-0642 min
DevOps ParadoxReal-Time Application Security Using Arnica#232: More than eighteen months in, Log4J appears to still be a huge problem for many organizations. What if there was a way to make sure those types of problems could be easily bubbled out to the right people at the right time in the tools they are already using? In this episode, we talk with Nir Valtman, CEO and co-founder at Arnica, about how protecting your source code, applications and people will help you minimize your risk. Nir's contact information: Twitter: https://twitter.com/ValtmaNir LinkedIn: https://www.l...2023-10-1138 min
Software Engineering Radio - the podcast for professional software developersSE Radio 575: Nir Valtman on Pipelineless SecurityNir Valtman, co-Founder and CEO at Arnica, discusses pipelineless security with SE Radio host Priyanka Raghavan. They start by defining pipelines and then consider how to add security. Nir lays out the key challenges in getting good code coverage with the pipeline-based approach, and then describes how to implement a pipelineless approach and the advantages it offers. Priyanka quizzes him on the concept of "zero new hardcoded secrets," as well as some ways to protect GitHub repositories, and Nir shares examples of how a pipelineless approach could help in these scenarios. They then discuss false positives and handling developer...2023-08-0256 minSoftware Engineering Radio - The Podcast for Professional Software DevelopersSE Radio 575: Nir Valtman on Pipelineless SecurityNir Valtman, co-Founder and CEO at Arnica, discusses pipelineless security with SE Radio host Priyanka Raghavan. They start by defining pipelines and then consider how to add security. Nir lays out the key challenges in getting good code coverage with the pipeline-based approach, and then describes how to implement a pipelineless approach and the advantages it offers. Priyanka quizzes him on the concept of "zero new hardcoded secrets," as well as some ways to protect GitHub repositories, and Nir shares examples of how a pipelineless approach could help in these scenarios. They then discuss false positives and handling developer...2023-08-0256 min
High Tech On The LowHigh Tech on the Low ft. Nir Valtman - Secure Your Code The Right WayDeveloping a software product often requires inputs and collaboration from others on your team. As a team grows, so do the potential security risks. As developers are not necessarily cybersecurity experts, how can you manage safe inputs with security that doesn't disrupt development? Nir Valtman, Co-Founder and CEO at Arnica, experienced this challenge in his prior work experience as a CISO and wanted to create a system that will ensure products are secure from the start and help developers maintain a secure software supply chain. With a focus on community to help solve recurrent issues and guide product development...2023-05-0932 min
Cyber WorkUnderstanding developer behavior can augment DevSecOps | Guest Nir ValtmanToday on Cyber Work, Nir Valtman, CEO and co-founder of Arnica, discusses developer behavior-based security. In short, there are lots of ways that backdoors or vulnerabilities can make their way into developer code. One door we can close on these intrusions is implementing processes that detect behavior anomalies in developers. Think of your bank monitoring for unusual purchases calling you to ask whether you really just spent $300 on a bobblehead from The Last of Us that’s shipping from Brazil. If you did, not judging, full speed ahead. If not, then we’ve got a problem on our hands. Valt...2023-03-2055 min
Adventures in DevOpsCyber Security With Nir Valtman - DevOps 148Nir Valtman is the Co-Founder and CEO at Arnica. It is a behavior-based software supply chain security platform for DevOps. He joins Jonathan and Will to introduce his company. , He talks about some of the issues and challenges they encountered and how they overcame them. Moreover, they also tackle security tools in Software Development.SponsorsChuck's Resume TemplateDeveloper Book Club startingBecome a Top 1% Dev with a Top End Devs MembershipLinksArnica | Software supply chain security on autopilotNir ValtmanTwitter: @ValtmaNirLinkedIn: Nir ValtmanPicksJonathan - George Marshall: Defender of the RepublicNir - Good to GreatWill - Leadership Strategy and Tactics2023-02-0348 min
infosecliveThe CISO Experience - Nir ValtmanJoin us for another exciting episode of The CISO Experience on the infosec #youtubechannel on July 22nd at 7pm EST / Midnight BST, where I will be hosting the CEO of Arnica.io, Nir Valtman.
Nir is an experienced information security leader, executive, expert, and a frequent public speaker at leading conferences globally, including Black Hat, Defcon, BSides, and RSA.
During his career path he worked on multiple IT/product security projects for global enterprises, both from the consultancy and software vendor sides of the business.
While Nir's day-to-day job is focused on management, he...2022-11-111h 01
CHAOSScastEpisode 65: How Projects Secure Their Code with Chris and NirHello and welcome to CHAOSScast Community podcast, where we share use cases and experiences with measuring open source community health. Elevating conversations about metrics, analytics, and software from the Community Health Analytics Open Source Software, or short CHAOSS Project, to wherever you like to listen. Today, Georg has two experts in analyzing open source community repositories joining him from Arnica, which is focused on software security supply chain security. Our two guests today are Chris Abraham, Head of Data Science, and Nir Valtman, Co-Founder and CEO, and they’re here to tell us about an analysis they conducted called, “How...2022-09-1641 min
SilverLining ILEpisode 10: Securing The New Fintech EconomyAttendees
Guest: Nir Valtman
Guest title: Product security lead
Company: Finastra
Abstract
Fintech companies drive cloud security forward by setting the highest bar of requirements on cloud providers. In this episode we talk with Nir Valtman, Product security leader at Finastra about the challenges of Fintech companies and dive into API Authentication and Authorization best practices and building eco-system that can support trust between banks and young fintech companies.
Timing
0:00
Intro and introducing our guest
2:40
Introducing Finastra and the ch...2019-11-2430 min![DEF CON 23 [Audio] Speeches from the Hacker Convention](http://www.defcon.org/images/defcon-23/dc-23-itunes-logo-video.jpg){kind=logo}
DEF CON 23 [Audio] Speeches from the Hacker ConventionNir Valtman & Moshe Ferber - From 0 To Secure In 1 Minute — Securing IAASMaterials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Nir-Valtman-Moshe-Ferber-From-zero-to-secure-in-1-minute-UPDATED.pdf
From 0 To Secure In 1 Minute — Securing IAAS
Nir Valtman CISO – Retail, NCR
Moshe Ferber Co-chairman of the board, Cloud Security Alliance Israel
Recent hacks to IaaS platforms reveled that we need to master the attack vectors used: Automation and API attack vector, insecure instances and management dashboard with wide capabilities. Those attack vectors are not unique to Cloud Computing but there are magnified due to the cloud characteristics. The fact is that IaaS instance lifecycle is accelerating, nowa...2015-10-2200 min![DEF CON 22 [Materials] Speeches from the Hacker Convention.](https://www.defcon.org/images/defcon-22/dc-22-itunes-logo-materials.jpg){kind=logo}
DEF CON 22 [Materials] Speeches from the Hacker Convention.Nir Valtman - Bug Bounty Programs EvolutionSlides Here; https://www.defcon.org/images/defcon-22/dc-22-presentations/Valtman/DEFCON-22-Nir-Valtman-Bug-Bounty-Programs-Evolution.pdf
Extra Materials are available here: https://www.defcon.org/images/defcon-22/dc-22-presentations/Valtman/DEFCON-22-Nir-Valtman-Extras-Bug-Bounty-Programs-Evolution.zip
Bug Bounty Programs Evolution
Nir Valtman ENTERPRISE SECURITY ARCHITECT
Bug bounty programs have been hyped in the past 3 years, but this concept was actually widely implemented in the past. Nowadays, we can see big companies spending a lot of money on these programs, while understanding that this is the right way to secure software. However, there are lots of black spots in...2014-12-1436 minDEF CON 22 [Materials] Speeches from the Hacker Convention.Nir Valtman - A Journey to Protect Points-of-saleSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Valtman/DEFCON-22-Nir-Valtman-A-Journey-To-Protect-POS-UPDATED.pdf
A Journey to Protect Points-of-sale
Nir Valtman ENTERPRISE SECURITY ARCHITECT, NCR RETAIL
Many point-of-sale breaches occurred in the past year and many organizations are still vulnerable against the simplest exploits. In this presentation, I explain about how points-of-sale get compromised from both retailer’s and software-vendor’s perspective. One of the most common threats is memory scraping, which is a difficult issue to solve. Hence, I would like to share with you a demonstration of how it works and what can be done...2014-12-1436 min