MAS 096: Kevin A. McGrail
Aaron Frost talks to Kevin A. McGrail, Director of Business Growth at InfraShield on this week's My Angular Story. Kevin specializes in cyber security and e-mail security. At InfraShield they specialize in cyber physical security in critical infrastructures.
Kevin explains what cyber physical security entails and how it is different than IT security. It includes both information security and operational security including a wide spectrum from computer access to building access.
Bridging both physical and cyber space security requires Kevin to use a lot of Angular but Angular is only one of the 40 languages Kevin uses in his job. Kevin gives examples of cyber security breaches he runs into and the number one failure he sees all the time is that there is a lack of process that goes from development to QA and then to production. He often asks his clients " if there is a security issue in your code and i give you a one line code of patch for it, how long will it take you to deploy that to production"? and the shorter the answer to that the better the client is in their cyber security implementation.
One of the other issue Kevin runs into often is when clients fork their Angular and then they are hesitant to update their Angular version because of all the security patches they have in place. So that becomes a catch 22 example so Kevin warns against forking Angular because it becomes a big security risk. Kevin goes on to share some of the other common mistakes that companies make that puts at them risk for security.
Host: Aaron Frost
Joined By Special Guest: Kevin A. McGrail
My Angular Story is produced by DevChat.TV in partnership with Hero Devs
- Sentry– use the code “devchat” for two months free on Sentry’s small plan
- Adventures in DevOps
Kevin A. McGrail:
- Learn about regular expressions - Global regular expression (GREP)
What is cyber physical security ?
Cyber physical security is the combination of both information security and operational security.
What is the number one mistake that most companies do that compromises their cyber security?
Most companies do not have a process in place that takes code from development to production. If there is a security issue with the code, most companies take too long to deploy the patch in place.
What is the second biggest mistake most companies make that puts the at risk for cyber security?
Most companies fork Angular which then becomes a block for them to update Angular as often as they should because they don't want to lose their security patches they have in place.