Episode 110: Security with Dotan Nahum
Programming Throwdown26 Apr 2021

Episode 110: Security with Dotan Nahum

Programming Throwdown talks cybersecurity with Dotan Nahum, CEO and Co-founder of Spectral. Dotan provides us with a high-level overview of the role of cybersecurity, its definition, evolution, and current challenges. He also shares tips for small- and medium-sized ventures on how to develop best practices.


The episode touches on the following key topics and ideas:


00:01:12 Evolution of modern cybersecurity

00:06:06 When to integrate security in a design

00:11:54 Shadow IT

00:13:50 Hacker motives and motivations; SQL Injection explained

00:16:48 Firewalls and WAFs

00:20:29 Cybersecurity for small- and medium-sized companies

00:23:52 “The last mile of developers”

00:26:47 dotfiles

00:32:23 Simple tools and good practices

00:40:42 Attack vectors, attack factors

00:44:16 Ransomware and phishing

00:48:19 Unsafe languages

00:50:02 Fuzzing

00:54:11 Rust programming language

00:55:54 Example security scenario with IntelliJ

00:59:42 More about Spectral, Dotan’s company

01:03:40 Staying virtual using Discord


Transcript:
Episode 110 Computer Security with Dotan Nahum

Jason Gauci: Programming Throwdown Episode 110, Security with Dotan Nahum. Take away, Patrick.

[00:00:21] Patrick Wheeler: Hey everybody. We're here with a hundred and tenth episode, which is pretty exciting. And we have our guest to-- oh, yeah, go ahead. You want to...

[00:00:30] Jason Gauci: I'm just saying, yeah! (laugh)

[00:00:32] Patrick Wheeler: So we're here with our guest today, Dotan, and you are CEO of Spectral. Why don't you go ahead and introduce yourself briefly, and then we'll get started.

[00:00:42] Dotan Nahum: Yep. So hi, guys. So I am Dotan, and by the way, 110 is binary, right?

[00:00:48] Patrick Wheeler: Oh, there we go. That's right. (laugh)

[00:00:52] Dotan Nahum: So yeah, so I'm Dotan, CEO of Spectral. It's a cybersecurity company, geared towards developers. I mean, we like to say that we create tools for developers with security as a side effect. So yeah, so that's, that's, you know, that's what our focus is.

[00:01:12] Patrick Wheeler: Awesome. Well, I mean, I guess that's a lot to unpack, so I think everybody would agree, security is very important, but maybe everyone doesn't understand what security is. So we were talking about this a little when we were doing, doing warmups. So if we talk about security, does that mean that you are developing antivirus for computers, for developers, or does it mean something more?

[00:01:35] Dotan Nahum: Yeah, I mean, I mean, it's kind of all goes back to, I guess, evolution of our, I guess it is our domain, our, our world, which is kind of a high-tech or softer, softer world? Time really gets compact with all these revolutions. We have a, we have evolution revolution.

[00:01:57] So, I mean, if you go back to 2007, that was just before Facebook and just before iPhone, I guess. And if you go back to 2005, that that was before the rise of Microsoft, I guess the major rise of Microsoft as a .net shop, which really made, you know, made all the enterprise software come along and then kind of '98, 2000, the first bubble.

[00:02:27] So all these stages, they had, it's kind of a sprint to create technology. And, the focus is on creating technology that is supposed to give developers productivity, and supposed to make, you know, make companies very productive and create a very nice portfolio of products.

[00:02:48] And almost always, I mean, maybe not intentionally, but almost always the security side of things, was kind of left behind. You know, I'm sure no one intended for it to be, but, there's a lot of more velocity under creating a great product at the time. Every, each and every step of this, like in the first bubble, and then in 2005, and then into 2007 and so on, rather than, okay, so let's create the technology and the product, and let's also make it, you know, kind of, dependent on making great security, be there for us.

[00:03:35] So almost every time, security came after the revolution, after the evolution. So we had from, simple firewalls, to intrusion detection, which is, you know, the large kind of, systems that try, try their best to find anomalies in the, in the area of 2000, to the smarter firewalls. And even today, those like, this, mini kind of firewalls, of WAFs that you integrate as an SDK into your app. So yeah, so it's kind of come, it comes in waves, technology, and then, security comes in waves as well.

[00:04:17] And yeah. So the latest, the latest we're seeing right now in terms of the evolution of software is that yeah, we know that software eats the world, but we are kind of feeling that it already ate the world? So, you know, you can do so much today that you couldn't have done, I mean, as little as three or four years ago, actually. You know, it can take a Lambda and you can pick up a bunch of SAS services and you're done. I mean, you build a product that used to be maybe three, four, five years ago, you know, used to take much more energy to build.

[00:04:58] So in that sense, as a developer, you have so much more power and so many more paths to get to the same end goal that... I'm not sure, I mean, I feel it for myself. I'm not sure the security world can even begin to realize, because they need, I mean, if we, if we think about them as they, then they need to understand how to develop as well as developers in order to give, to create great solutions for that developer, that glue stuff together, and, you know, invent stuff from existing, existing parts.

[00:05:37] Jason Gauci: Yeah, that that makes a bunch of sense.

[00:05:39] Patrick Wheeler: I say, yeah, that covered, I mean, you, you went to the whole history of modern or last couple of decades of, computer software there, but I was going to say, so one of the interesting things I think before we get into the kind of specifics about, what needs to be secured, this, this kind of, thing you mentioned where people build a product first and then try to figure out security later.

[00:06:02] I guess that's an interesting balance where, if you're building something until it's built, maybe it doesn't really need security. Right? If this was a thought in my head, I don't need security. If people are going to start using it though, immediately, you need to start having some amounts of security. Do you have opinion on like, what is the balance there?

[00:06:19] So if you don't know yet what you're doing and what may be your risks, when is the right time to start considering security and what are some of the good, you know, first things to start considering?

[00:06:30] Dotan Nahum: Yeah, so that, that's a great, great question. I mean, I think the balance is shifting towards really taking the time, in development time, in design time, and think about security on the security model.

[00:06:46] So, you know, this was kind of theoretical, yeah, everyone should do threat modeling and everyone should do secure by design and so on. And, and frankly, you know, you'll, you'll find these people who are extremely into security that are actually doing these th...

Avsnitt(186)

185: Workflow Orchestrators

185: Workflow Orchestrators

Intro topic: Asymmetric ReturnsNews/Links:NanoChat by Andrej Karpathyhttps://github.com/karpathy/nanochatPydantic AIhttps://www.marktechpost.com/2025/03/25/pydanticai-advancing-generative-ai-agent-development-through-intelligent-framework-design/1000th Starlink this yearhttps://spaceflightnow.com/2025/05/16/live-coverage-spacex-plans-morning-launch-of-starlink-satellites-from-california/ChatGPT Apps SDKhttps://openai.com/index/introducing-apps-in-chatgpt/Book of the ShowPatrickThe Will of the Many by James Islingtonhttps://amzn.to/43IfU8QJasonInterview with DHH (Founder of Ruby on Rails)https://www.youtube.com/watch?v=vagyIcmIGOQPatreon Plug https://www.patreon.com/programmingthrowdown?ty=hTool of the ShowPatrickFactoriohttps://www.factorio.com/ Jasonnip.io Topic: Workflow OrchestratorsWhyBatch jobs (embarrassingly parallel)Long-running tasks (e.g. transcoding video)Checkpointing/resumingHowMessage QueuesContainerizationWorker Pools & AutoscalingHistory & BackfillSteps to run workflows:Containerize the workflow definition and send to the cloudContainerize all the individual tasksSubmit job(s)ExamplesAirflowLegacy but dominantDagsterGreat UX for python developersTemporal: https://temporal.io/The new hotnessRayLow-level but very powerfulKubeflowDesigned for ML workflows, integrated dashboard ★ Support this podcast on Patreon ★

4 Nov 1h 32min

184: Asynchronous Programming

184: Asynchronous Programming

184: Asynchronous ProgrammingIntro topic: AI ScamsNews/Links:Coding Adventure: Ray-Tracing Glass and Caustics (Sebastian Lague)https://www.youtube.com/watch?v=wA1KVZ1eOuABoson AI announces Higgs Audio V2https://www.boson.ai/technologies/voice The Misconception that Almost Stopped AI [How Models Learn Part 1] (Welch Labs)https://www.youtube.com/watch?v=NrO20Jb-hy0A mind-bending conversation with Peter Thielhttps://www.nytimes.com/2025/07/11/podcasts/interesting-times-a-mind-bending-conversation-with-peter-thiel.htmlBook of the ShowPatrickThe Hobbit (JRR Tolkien)https://amzn.to/4mevuzEJasonNYT Word GamesPatreon Plug https://www.patreon.com/programmingthrowdown?ty=hTool of the ShowPatrickEscape Academyhttps://escapeacademygame.com/enJasonMulti-modal LLMs to make calendar meetingswww.chatgpt.comTopic: Asynchronous ComputingWhat/WhyMulti-threading in between the linesMany of the benefits of multiprocessing without the overhead/complexityHowCoroutinesThread-Local MemoryBlocking vs Non-Blocking operationsBlocking: arithmeticNon-Blocking: Reading from the network card into thread-local memoryInterpreter lockingTypescript: Single threadedPython: GILImplementationsPolling (not-Asynchronous)Callbacks (interrupts)Multithreading (with queues/message passing)Promise/FuturesAsync/Await  ★ Support this podcast on Patreon ★

23 Sep 1h 30min

183: Landing a Software Job in 2025

183: Landing a Software Job in 2025

00:00:00 Intro00:01:58 Introducing Mark Cunningham00:07:01 How Do You Find A Job?00:15:43 How to Get the Best Interview00:33:06 Tips on How To Pass An Interview00:38:38 How to Have a Good Interview00:48:12 What is the Reverse Interview?00:54:24 What Is The Hiring Manager's Role?00:57:12 Reverse Interviews: Red Flags01:14:45 How to Negotiate a Tech Offer01:23:02 When to Negotiate Your Compensation01:35:21 Interview Horror Stories01:39:29 How Do You Deal With Fake AI Applicants?01:45:32 The Bidding Network ★ Support this podcast on Patreon ★

31 Juli 1h 46min

182: AI Assisted Coding

182: AI Assisted Coding

Intro topic: Getting an entry-level jobNews/Links:Mario Kart 64 Fully Decompiledhttps://gbatemp.net/threads/mario-kart-64-decompilation-project-reaches-100-completion.671104/Q-Learning is not yet scalablehttps://seohong.me/blog/q-learning-is-not-yet-scalable/Grover’s Algorithmhttps://www.youtube.com/watch?v=RQWpF2Gb-gU&vl=enOrangePi has a RISC-V SBChttps://linuxgizmos.com/orangepi-rv2-a-cost-effective-risc-v-board-with-m-2-2280-slot-and-dual-gigabit-ethernet/Book of the ShowPatrickThe Will of the Many (James Islington)https://amzn.to/44DznszJasonThe Intelligence Traphttps://amzn.to/3TqoKCBPatreon Plug https://www.patreon.com/programmingthrowdown?ty=hTool of the ShowPatrick Pokemon Odysseyhttps://www.reddit.com/r/PokemonROMhacks/comments/1l9zdta/pok%C3%A9mon_odyssey_final_release/JasonNetflix Gameshttps://play.google.com/store/apps/dev?id=6891422865930303475&hl=en_USTopic: WhySpeed up developmentCatch errors faster than type checking/compilingWriting tedious boilerplate codeAsk questions and learn local informationLook good for hiring managersHowExtensions for VSCode & other IDEs for inline suggestionsChat with a selection/fileCommand-line Tools run at the root directoryLocal vs CloudExamplesCopilot (VSCode extension)Use the experimental modeCursor (Custom IDE)Jumps to suggest changes in other placesSimilar to copilot experimental modeRooCode (VSCode extension) ★ Support this podcast on Patreon ★

30 Juni 1h 37min

181: Memory Management

181: Memory Management

Intro topic: Video Game PricesNews/Links:Step one: Jump in the Lava - Abyssofthttps://youtu.be/WdadpHLAfdA?si=oXYnhB0EdkR_RaPEScalable world models for continuous controlhttps://www.tdmpc2.com/Clever code is probably the worst code you could write - Engineer’s Codexhttps://read.engineerscodex.com/p/clever-code-is-probably-the-worstA new, open source text-to-speech model called Dia has arrived to challenge ElevenLabs, OpenAI and morehttps://venturebeat.com/ai/a-new-open-source-text-to-speech-model-called-dia-has-arrived-to-challenge-elevenlabs-openai-and-more/Book of the ShowPatrickThe Muscle Ladder - Jeff Nippardhttps://amzn.to/44DznszJasonMetaphysics of Warhttps://amzn.to/4jMjvZ5Patreon Plug https://www.patreon.com/programmingthrowdown?ty=hTool of the ShowPatrickPokemon Trading Card Game PocketJasonPhi-4https://huggingface.co/spaces/microsoft/phi-4-multimodalTopic: Memory ManagementMotivationAvoid thrashing / crashesAllocate resources efficientlyKeep high uptimeWhereOS LevelHeap managementVirtual MemoryLanguage/Compiler LevelCppGarbage collectionOwnershipToolsInstrumentationExport to Datadog / GrafanaPython: psutil & tracemallocValgrindWhat to do when your program uses too much memory?Reduce data sizesCompressionReferencesLazy initializerGenerators & Back PressureRing buffersArena allocatorsDisk based caching ★ Support this podcast on Patreon ★

12 Maj 1h 46min

180: Reinforcement Learning

180: Reinforcement Learning

Intro topic: GrillsNews/Links:You can’t call yourself a senior until you’ve worked on a legacy projecthttps://www.infobip.com/developers/blog/seniors-working-on-a-legacy-projectRecraft might be the most powerful AI image platform I’ve ever used — here’s whyhttps://www.tomsguide.com/ai/ai-image-video/recraft-might-be-the-most-powerful-ai-image-platform-ive-ever-used-heres-whyNASA has a list of 10 rules for software developmenthttps://www.cs.otago.ac.nz/cosc345/resources/nasa-10-rules.htmAMD Radeon RX 9070 XT performance estimates leaked: 42% to 66% faster than Radeon RX 7900 GREhttps://www.tomshardware.com/tech-industry/amd-estimates-of-radeon-rx-9070-xt-performance-leaked-42-percent-66-percent-faster-than-radeon-rx-7900-gre Book of the ShowPatrick: The Player of Games (Ian M Banks)https://a.co/d/1ZpUhGl (non-affiliate)Jason: Basic Roleplaying Universal Game Enginehttps://amzn.to/3ES4p5iPatreon Plug https://www.patreon.com/programmingthrowdown?ty=hTool of the ShowPatrick: Pokemon Sword and ShieldJason: Features and Labels ( https://fal.ai )Topic: Reinforcement LearningThree types of AISupervised LearningUnsupervised LearningReinforcement LearningOnline vs Offline RLOptimization algorithmsValue optimizationSARSAQ-LearningPolicy optimizationPolicy GradientsActor-CriticProximal Policy OptimizationValue vs Policy OptimizationValue optimization is more intuitive (Value loss)Policy optimization is less intuitive at first (policy gradients)Converting values to policies in deep learning is difficultImitation LearningSupervised policy learningOften used to bootstrap reinforcement learningPolicy EvaluationPropensity scoring versus model-basedChallenges to training RL modelTwo optimization loopsCollecting feedback vs updating the modelDifficult optimization targetPolicy evaluationRLHF &  GRPO ★ Support this podcast on Patreon ★

17 Mars 1h 52min

179: Project Planning

179: Project Planning

Intro topic: Lego event space & retail store: https://www.instagram.com/bambeecave News/Links:StackOverflow Question Count Going Down https://gist.github.com/hopeseekr/f522e380e35745bd5bdc3269a9f0b132DeepSeek claims its ‘reasoning’ model beats OpenAI’s o1 on certain benchmarkshttps://techcrunch.com/2025/01/20/deepseek-claims-its-reasoning-model-beats-openais-o1-on-certain-benchmarks/ Computer Science Papers Every Developer Should Readhttps://newsletter.techworld-with-milan.com/p/computer-science-papers-every-developerNvidia Cosmos - an AI platform to change the future of robots and cars - wins Best of CES 2025https://www.zdnet.com/article/nvidia-signs-largest-car-maker-toyota-to-use-its-self-driving-tech/ Book of the ShowPatrick: Alice’s Adventures in a differentiable wonderlandhttps://www.sscardapane.it/alice-book/Jason: A Beautiful Day in the Neighborhood (Hulu/Netflix/etc)Patreon Plug https://www.patreon.com/programmingthrowdown?ty=hTool of the ShowPatrick: Digseumhttps://store.steampowered.com/app/3361470/Digseum/Jason: Sqlitedict - Python dictionaries saved to diskTopic: Project Planning and ManagementWhy?Gathering feedbackIdentifying risksDeciding future headcountDocumenting / discovering dependenciesCritical pathScheduleReduce the bullwhip effectHow it worksSMART goalsspecific, measurable, achievable, relevant, and time-boundMT is most importantGantt ChartsScrumAgileKanbanToolsWhiteboard (the generic IRL one)Post it notesJIRAAsanaOpenProjectDealing with uncertaintyBufferingIssues with recursive paddingProject planning Post-Mortems ★ Support this podcast on Patreon ★

3 Feb 1h 43min

178: Working from Home

178: Working from Home

Intro topic: Smart homesNews/Links:SpaceX Starship Flight Test Five / Sixhttps://www.youtube.com/watch?v=pIKI7y3DTXkShareDBhttps://github.com/share/sharedbOrion AR Glasseshttps://about.fb.com/news/2024/09/introducing-orion-our-first-true-augmented-reality-glasses/Blade and Sorcery 1.0 is outhttps://www.meta.com/experiences/blade-sorcery-nomad/2031826350263349/Book of the ShowPatrick: The Book that Wouldn’t Burn by Mark Lawrencehttps://amzn.to/4fry2XWJason: Masters of Doomhttps://amzn.to/3YxuD3cPatreon Plug https://www.patreon.com/programmingthrowdown?ty=hTool of the ShowPatrick: Balatrohttps://www.playbalatro.com/Jason: Cursor IDEhttps://www.cursor.com/Topic: Working from HomeIntroBackground & WFH experiencesIs it Panacea?Realizing it works better for some than othersInternally MotivatedSchedulingCommunicationsHome SetupDedicated spaceHandling Non-work DistractionsKeyboards, Monitors, Music, … Desk related thingsThe specter of RTO ★ Support this podcast on Patreon ★

3 Dec 20241h 45min

Populärt inom Politik & nyheter

motiv
aftonbladet-krim
fordomspodden
blenda-2
p3-krim
rss-krimstad
rss-viva-fotboll
flashback-forever
aftonbladet-daily
rss-sanning-konsekvens
svenska-fall
rss-vad-fan-hande
rss-expressen-dok
olyckan-inifran
dagens-eko
rss-krimreportrarna
rss-frandfors-horna
krimmagasinet
rss-klubbland-en-podd-mest-om-frolunda
spotlight