Asset inventories enable you to know what you have to secure, and to monitor it for deviations. The pace of iteration in the world of software engineering makes those platforms inevitable. In this episode we welcome Sacha Faust, director of security engineering at Grammarly, who built Cartography, one of the first open source asset inventory. Sacha describes what led them to building this (funnily: an offensive use case!), how inventories enable spreading ownership to software teams, the solution that exist off the shelf today, … Mentioned: https://twitter.com/alexchantavy (builds cartography right now) https://twitter.com/JohnLaTwC (author of the quote: attackers think in graphs, defenders think in lists) Sacha Faust (Twitter, Linkedin) is Director of Security Engineering at Grammarly. 00:00 Introduction 03:09 What is an asset inventory? 04:36 How do you best leverage an inventory from a security standpoint? 07:41 What was the trigger to build an inventory? 12:30 Did you have specific risks that you wanted to protect against? 16:32 The owner: the security team owns cartography, but the engineers use it 21:20 The green team and developers accountability 32:54 The cloud as an enabler of inventories, and the challenge of diversity of environments 38:45 Inventories performance challenge 43:25 Demo: asset inventory in Cartography 46:24 Demo: asset inventory in Datadog 53:46 Linking resources to owners

 1275      11