We Hack Purple Podcast

We Hack Purple podcast Episode 32 with Guest Swathi Joshi

April 09, 2021 Tanya Janca / Swathi Joshi Season 1 Episode 32
We Hack Purple Podcast
We Hack Purple podcast Episode 32 with Guest Swathi Joshi
Show Notes Transcript

Host Tanya Janca  Learns what it's like to be an Engineering Manager, in Detection and Response! Swathi Joshi leads Netflix's Detection and Response team which focuses on managing the inevitable security incidents that arise and building detection pipelines to minimize risk to Netflix.

Prior to Netflix, she was an Engagement Manager and Escalations Manager at Mandiant/FireEye, helping companies defend against Advanced Persistent Threats (APT). Swathi was born in Mangalore, India. She received her Master's degree in Information Security and Assurance from George Mason University and sits on the board of https://sdie.org

Thank you to our sponsor Thread Fix!


Buy Tanya's new book on #ApplicationSecurity: Alice and Bob learn Application Security.

Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/

Join our Cyber Security community: https://community.wehackpurple.com/
A fun and safe place to learn and share your knowledge with other professionals in the field. 

Subscribe to our newsletter! Sponsorship info: [email protected]

#TanyaJanca #SheHacksPurple #DevSecOps #CyberTraining

Find us on Apple Podcast, Overcast + Pod 

Welcome to The we hack purple podcast, where each week we meet a different person that works within the information security industry to learn about their jobs, to learn about what it's like to have that type of career, how they got there, and more importantly, is this type of career it for you. We learn all the cool secrets about what's the most fun, what's the least fun, if it pays well or not, this week is sponsored by thread fix Howard I denim group, and are... We are extremely grateful for their constant support, we had purple is a training academy, an online community, and a podcast, and so much more, if you wanna learn about application security, we are your people, but that's not what you hear to Cam, that's not what you came here to hear... You wanted to meet swathe Josh, our guest today. And so with that further ado, let's meet her. Welcome. Sathyan. Thanks so much for having me. Thank you so much for agreeing to be on the show. Part of being a podcast host means I get to meet all sorts of awesome humans, and also I just realized... I forgot to introduce myself. I'm Tony janko host. So could you tell us what your job title is, and a little bit about your super cool job? Of course, I'm currently engineering manager and detection and response at Netflix. So that's been the overall Netflix information security team. I lead a group of extremely passionate experience security professionals, there are three sub teams and functions within the overall detection and response umbrella, that's the security incident response team, detection engineering team and the train telefunken. That's really cool. So people that have seen lots of episodes of the show... No, no, I'm really interested in instant response, but I'd really love to hear more about detection because that is not something we've covered, could you give us maybe just a little overview of each of those topics mean... For people that don't know. Yeah, great, great idea. So like you said, cardigan response is kind of awful, and you see that in the new MOS, it's the most visible portion of some of the information security programs, so the security Inc response team handles the inevitable security incidents that come up. We also build our crisis automation to Lin and workflow. We do incident preparedness before an incident happens, like How are we gonna handle this crisis communications, incident commander training. Do investable tops, all of that is under the security and response to umbrella. The detection engineering I, national engineering is focused on building a unified and scalable detection system, which can help us effectively identify and respond to attack activities as well as malicious seconds. And the other side, the intern is a totally different lens, intelligence function tries to understand the tack of motivations and who, and why would I say someone... Or a specific entity, anther, Netflix. And what can we do about that? Seriously though, why would someone wanna harm Netflix? I just wanna watch all the movies Too, it's really incredible to be associated with such a great brand, especially a platform that's focused on entertaining the world and story telling and telling stories from different walks of life and different regions of the world and things like that. And with that, obviously comes. So this responsibility on the overall Netflix information security team, where we wanna do best for our customers and subscribers, so thanks for loving us and we love you back. I was actually... So I give training as part of my job, and this morning I was actually discussing chaos engineering and telling them about Chaos Monkey and how when AWS went down that one time, how Netflix managed to fail over so quickly it stayed up. Is there a chance that you could tell that story? I really, I wouldn't be the best person to talk about that, but I think to your point, reliability and presence, obviously is a ceramic of our Product and Application, we obviously want Netflix to be available, and I think on the security side, not just availability, but we also care about confidentiality and integrity of the system, which we wanna focus as well in line with availability of the systems. Exactly. I don't want my embarrassing envision addictions to be known to just anyone is not just those dumb shows. Yes, I do. Okay, so could you tell us what a day is like in the life doing your job, because... Is it like meetings all day... It's funny you mentioned that lots of meetings that build focus time, and then me complaining about not getting enough focus time, but i think joking decide my role is a re mix of operations, engineering, cross functional collaboration and handling uncertainty, and I think my schedule and my time reflects that... One of the exciting things about intern response is, each incident is a new experience, you kind of don't know what the day has for you, they're unpredictable and obviously sometimes really exhausting. So maybe I can talk a little bit about how my week looks like, and I'm kind of play along with this and still to me, in my schedule, my Tuesdays and those days are my meaning heavy days. We have most of our team focus meetings on Tuesday, so that gives me some time to focus on, Okay, what are all the things going on? What are the different things that we're working on? On those days, I have my cross functional meetings like where we had a very central team, so we meet and work with the reales, other partners, like our legal partners, our PR partners are other engineering partners or studio partners, so Thursdays in focused on that. We do alien meeting rents, which are just great, so Wednesday gives me the much needed focus time, I could do really writing some of the communication that needs to go out and look through all of the backlogs and things like that. Friday mornings are reserved for hiring and writing, obviously as the team goes, and you wanna meet more folks in the industry, so Friday mornings a resolve for that, Monday and Friday afternoons, I try to have a low key meeting schedule that we... I can focus on some of the things that come up of... Oh, that's cool. I really like this idea of no meeting Wednesday, we just kind of started that at my company, except it only applies to me, and it's deep work Thursdays, and no one is allowed to, but any meetings with me or anything, and my admins like, Well, no, no. And the only thing I do is this, and then just need work all day. It's awesome, I get so much done. And I think you... That's so great. And obviously, it starts with the leader and with you, and I think it's great to have those coordinated ways, days it that be, if somebody else is not having a no meeting Wednesday, then you need to show up to that meeting, so it's not really a no mayor you... So when teams kinda coordinate that, I think it's easier in terms of accountability, and then there's also... There's no fear of missing out, right? Everyone's kind of doing focus time. Honestly, if there was a tool that I could buy where, Oh, I'm just getting a battery warning on my laptop that's disconcerting, I'm just gonna check that out for... I'm gonna check it out after I ask you a question or OIF, there was a product where it's like Tony has four hours of meetings today, I'm just gonna block the rest of her calendar for that day. Would that be amazing? I would buy that. Or Yes, this is obviously not a personal endorsement or anything we have been using clock wise, I think that's been really cool because it can dynamically sort of shift your meetings or move stuff around depending on your schedule to your point. So I think that's been... That's great. How was your bathroom in time? Very cool, my battery is doing really port, my bad is not doing so well, but it's okay, I'm gonna figure it out because... I actually have 10 million more questions for you and what it is. So like leading a team is one thing, but you're not only leading one team, you're leading three essentially, right. And you have to know some of what you're doing and some of what each team is doing, but I also think that it sounds like there's a certain urgency in the work that you specifically do compared to Lenin, Hara manager. Could you tell me what sorts of personality traits might make someone better at what you do? Yeah. Really, really great question. I think there are a couple of things. One being integrity, and I know this is a very generic word, but I think when you're running it in respond fact based communication and having high integrity while you're running your investigation, it is really paramount, especially in a very difficult information, you have multiple people in the incident room, there's cross functional communications happening, so I think that's kind of one big quality that I see. Also, I think accountability is another big one, how do you hold your team accountable and how does the team... Or do you accountable? I think it goes obviously, both ways. I think that would be that this is different responses in any organization, I would imagine is a very active and highly visible role, which is... Which is great for growth, and it gives you a lot of challenges and later room for you to grow into, but also kind of pushes you in terms of leadership, Echo, can you really influence other teams and not really use that authority... An angle, and a lot of times, I think even with incidents, you don't want a crib type situation great, you wanna respect that liver of when it's a high severity incident, only then it's a high severity incident versus every time if our team is saying, Okay, this is high. Then that kind of engagement, margarine wouldn't be worthwhile. So I think that's something... Accountability and integrity. And I think one other big team you've probably already picked up on is being able to lead and execute under pressure, and I think this is very true for a lot of the other Executive Leadership growls as well, 'cause I would say those three things would be essentially Like important personality traits, period across the board. It's so hard to generalize, but I agree, but I think this having these three skills will definitely set you up for success as Someone that has those three personality traits is someone that's just going to kick complete, but whatever they do, eight person that can be counted on to execute and get things done like we're hiring here. That's the type of person you want. Right. Absolutely, and I think another point that you mentioned, Tania was an interesting one, Rethink, you mentioned about leading the team, and you're absolutely right. It's as much as a manager or leading the person job, as well as understanding of the domain and expertise, and I think to your point with the different teams, I was re fortunate enough that I joined the team and then moved into the manager role, and I was very familiar with the type of work we're doing because previously I was doing the same, so that transition was much easier for me, but I wouldn't say it's that hard if you're doing other disciplines of security, move into incident response. Wouldn't be that hard. That's Excited. I have some more questions, but I want to... So there's a question in the chat. I wanna welcome everyone that's watching, 'cause we have a bunch of people watching Henson one's asking... I'm just putting it on the screen. So in the last six months, which ran somewhere or types of ransomware have you worked on, and out of them, which one was the most difficult to tackle when it comes to incident response or containment and vacation. Now, if you're not allowed to answer is Because of your NDA, you can just say, I'm sorry, I can't answer, and that's allowed just you know... Yeah, I think the first one that... The first portion of the question is very targeted as I'm not gonna answer specifically around that, but in general, I think with the garment incident that happened, I've been watching that really closely, so Ransomware has been in existence, and in general, we've seen a rise of that in the industry, I think on the cloud side, it's still evolving, I would say, but in the more traditional environments, it continues to be a big one, I wouldn't wanna comment on, which is a hard versus the other... I think it really depends on the type of environment that you're in, the type of technologies that you use. That is cool. I also figured out how to lower my battery usage to my computer, doesn't turn off, and that's excellent. I have a whole bunch of different laptops, and so I guess I thought I would be super smart to plug my plug into a different one and then let this one language all day. Yes. Anyway, I seram smart. So someone in the chat is saying a difficult question for the venue because yeah, we're all under non disclosure agreements, and if she tells you which ran some where she's been looking at recently, we're just gonna sue Maida with her company. And it kind of sucks sometimes working in instant response where you're like this giant thing happened and I can't tell you... Yeah. That's an interesting perspective. I do think more stories and sharing... That definitely has its place, and I think we can definitely answer that without being... Without giving out specifics, and I think you bring up a really great point of how do we weave the narrative rebel rely, most of the first few hours or even minutes of an incident are so crucial because they're mostly a scoping exercise during... Initially, you don't know what's the scope of things and what type of data is involved, and we see that many, many times through the incident, and I think that's why some of the big news that you would see through every week, some new information comes out and that's the nature of digging, that's the major of investigation, and that's the nature of being that story. So I do think as a community, there is a log for Odin terms of sharing techniques and sharing information, anything, Turpin, there's always a fine line of how much you sort of openly say That's not beneficial, mutually beneficial. It's hard, right? When I worked for the Canadian government, sometimes they would share information between departments and sometimes they wouldn't, and I would always find it super confusing because I was a dev for a long time, and I would just send my code to another to have in the government or I would call my old department and say, Hey, you know how I wrote that for you in my new department out of it, they'd send it over five minutes later, but then security, I'm like, Hey, remember that policy I wrote? They'd be like, We have to do some sort of weird panel and a big discussion and someone has to prove him like it's just a policy guys, like We just don't have one for that and we should... You can make me rewrite that crap, and I was just like... Security was like, No. And as a dad, I found it, I would just call up on the tape and say like, Hey, I'm looking at your website and you're doing... This is super cool. How do you do that? And they'd be like, Man, let me send you my code and yeah, I think... I hope that the culture of like, Hey, securities come in to us with the hammer, I think it's shifting definitely where I think security wants to partner with engineering and great. We are in this fight together, and how can we build that sustainable long term... Like partnership water. I think that's where the industry is headed, which precede, excited to see and an excited that ethic security along with a bunch of other security teams as well... Are moving in that direction, yes. Have you ever, as a security person, go one to go see your team and they're like, Oh no, she is here, what have we done because I never had that section where you're like, No, no, no, come in piece. It's interesting in that... Because I think sometimes when I go talk to other people and then the first reaction is, Hey, is this incent related? Right, because every time the me and I've gotten into the habit of in Slack or in any kind of content use, I'd say, hey, this is non urgent, or This is urgent, so I'll try to be a lot more explicit about my ask, or I'll start with, Hey, this is not incident related or... I have a quick question, so I have kind of done all of that muscle so far, but I would like to think that most of... When my team or I show up, mostly everyone alive that, okay, Hey, they're here, they're gonna handle it. Yes. Have you ever... Sorry, I was reading on Twitter, this woman was saying, she's like, Yeah, so I was saying goodbye to my client and out of habit, I said, I love you, honey, see you tomorrow, and angas like... Do you ever find that you talk to your significant other or your friends or something like, Hey, hi, this is an urgent Wallingford, you know the son... This is a Latin, I think... Yeah, and especially in the last one year, I think because of the pandemic, there is so much an emerging happening. Great, that is your at home, but you're not available to your spouse or kids or your elderly people, you're taking care of whoever that is. Right, so I think there is a lot of a mix in mix in happening, especially because of the the physical separation aspect has been taken out, I think only on in my career journey, my leadership style was a strategic choice. I remember sometimes getting very unhelpful feedback like, Oh, you smile too much, or your two serious like Which one is it? What kind of a person do you want rate... I think much later on in my career now, I really... I try to, I bring my authentic self. And he clearly figure out hip, this is how I am as a leader. So I think to your point is definitely, I'm working towards like, How can I just bring the real swap to my leadership shifty as well? I really like that. I like that a lot. Sitefinity is definitely, definitely a work in progress. Yeah, it takes time to just develop our leadership role and be confident in the way we wanna lead, 'cause people will always offer you friendly advice, you're doing it not the way I would do it. And therefore, it's wrong. Yes, I wanna invite everyone that is watching To Ask Swathi question and also click the thumbs up button and also... We have a question in the chat. So it's a good one. So what are the key questions which should be part of scoping for their ransomware incident internal, so like a kick off call, what would be some of the things, I guess, that you would start with... From the beginning. Yeah, I'm gonna wear my third party consultant hat on as well, I think... First question is obviously infrastructure risk, what kind of infrastructure that is... I think that's pretty crucial for a scoping call to do what kind of networks, data services and point is this Windows environment? Is this cloudin, what kind of infrastructure you have? Would be the first. Was one... The next one, it is definitely based on a partner and supply chain... A lot has been said about supply changes Management Program. So I think that's something to consider. If you suspect that the initial vector is maybe through a third party, if it's supply chain risk, that needs to be under consideration, obviously the next one being Identity and Access Management at like what are some of the failures that have happened for this to come through? So maybe focus in on that, that would be... That would be the one. Then obviously, there is this a piece of response readiness era, if you're in the middle of that, right now, it's like the last radio, so I think the scoping on... You can ask the first initial three question, then you immediately move to how do we contain this, how do we reduce the impact of kinda... And then move on for... Awesome, that's a great answer. We have more questions, but first, I want to thank our sponsor, make a small announcement and then make your small announcement. So first of all, thank you to threat fix or sponsor who make the most stupendous vulnerability management system, this side of the galaxy. I tell them I want it to be something fun to say, and so that's what I get to say, and actually their product's awesome. On top of that, I am going to be key noting the Vancouver International Privacy and Security Summit from May 5 to May 7, I'm not gonna be key noting it that whole three days, just one day, and I wanna do all to not... So that's part of the reboot communications company. So if you look at Vancouver International Privacy and Security Summit, so it's kind of moves back and forth between my beautiful island of Vancouver Island, Victoria to the mainland and back and forth. In any way, I'm super excited as the hometown lady getting to Keno, our own conference. Okay, but now I wanna talk about swathes announcement about perhaps her team is Hiring... Thank you, night night, blamed. Yes, we are hiring, if you're looking for an engineering manager to lead the security instant response team, that's one of the teens under detection customs. This was one of the founding teams of detection response ethnic for short, has been a long enough... And even on the journey of maturity, we open source dispatch, that's our crisis automation tooling, and we've gotten so much love from the use of community there. So we wanna push on that. There is also the Employee investigation and inside tax program that there's also a studio intern responds that we're focusing on and enrich problem set and be looking for looking rater trying to push that forward. Do they have to move to California? Yeah, good question. This is, this is a California based role that has Always been my main problem because California is not actually in Canada, that's my main problem with living in Calabria, if you guys can fix that, I would be really open to feedback. Taken. So we have two really awesome questions in the chat, and I'm torn, but I think I'm gonna go with Professor Black Ops first. So this is actually a question that I would love to know the answer to. So how do you handle multiple different compliance things that you have to be compliant with, So GDPR, PCI, you live in America, so there's a bunch of different states that have different rules, but Netflix is all over the world, so how do you hand all of that that sounds hard. Yeah, so a really good question, and we obviously have... Like amazing partners that we work with, Chelsea, who leads a governance risk and compliance program under enterprise security. We also have an internal audit team that we work with specifically around PCI, if the foundation of an Incident Response Program is present like a solid response guide in certain run books that are for your team to function and that are probably on one scale, archives, likely scenario is that your team wants to think through... I think these foundations are present, I do think that providing proof for PCI shouldn't be as hard, but there's obviously other challenges that comment, like a lot of times receiving companies where it is just done by other folks and other teams like, which is hard because that's another job that you do, why you're doing for time job so that we completely hard... We obviously have an amazing legal and privacy team that we worked with specifically around GDPR, we also hold annual tops and trying to work to improve our own books better for love one as well. I feel like as well as the instant responder, you're responding to security incidents as opposed to necessarily compliance requests. Right, and so although the company as a whole to be PCI compliant and be doing these things, of course, it's just like if there's a problem with credit cards, you have to respond to the incident, but I don't know. So I actually read the PCI compliance stuff recently, 'cause I'm making a training program for debaters, not really that much that is... It's more like having things ready before the incident happened, right there, you have to have antivirus or whatever, or you have to do this, you have to do that, you have to have an app tech program, basically like a Senussi development life cycle. You have to have a certain amount of testing and this and that, but it doesn't really, really focus on the instant response team so much, it's more like if you have all of that stuff going on already, it might even make their less security incidents for you to deal with if everyone else is doing their job really well... Yeah, and I think to a point, I think preparedness is a big piece rate, so it's that if you have the foundational aspects of that, hopefully, and I do think there are some reporting requirements around if the incident specifically was around certain data fields or things like that, I think that kind of feeds into GDPR and PCI as well, for sure, as the detection response team, you definitely have to consider that as part of your incident handling life cycle. Smart, I like it. Okay, so we have a bunch of questions, and then I also have a... Of my questions. So first of all, let's do the cheese question, Ben, because... Okay, so winsome time, you say something in one episode off the cuff, and then you have to do it fasting episodes at... The cheese question is about if your job pays well, so it's not, I make this much per year. Do you go to the grocery store, can you buy any cheesy wants... That's tough. I had such a... My parents are two teachers who then became a professor, so I come from marimba beginnings in India, and then I moved to the United States. I don't think I'll ever be... Give me the most expensive cheese on the ISE, but if I'm celebrating something, yes, my job pays really well, and I would say, I mean me that cheese to be like, Oh my God, that's a good of money. For a block of cheese. Yeah, I went to Costco the other day and they had peer and I just let that so much Penner and I was like, You can't eat that much on a Toyota that much, you're not... Costco, love opener, calm down. And so I didn't buy it despite the fact that I was so good. But I think, yeah, I've been fortunate and privileged to work at a place that values the skill set that you have, and also presents you with cloud opportunities, and I think... I was really lucky to also move through different technical domains or Lion in my career, that kinda landed me here here ethics, actually. There's three questions in the chat now, but I'm in my question... Because guess what, I'm the host and I get to do that. So we're for... We went live. We talked a little bit about your career leading up to this. And so one of the questions I always like to ask is, what types of experience should someone try to get that could lead up to your job and what types of experience do you have and how to help you get to where you are? And you can answer that however you desire. Yeah. So really great questions. I think there is a conventional traditional path that you could take as an entry into the career, I think a Scully operation center, if there is a multi tier sack, I think that would be a great entry point to come in, so doing log analysis, and I slowly move through that, I also, I didn't take that route. I also wanna chat a little bit about there are other ways to kinda get into the fold as well. Now, honestly, when I decided to get into security, I can really know that there was upset that I was a detection and response as a platform security that is identities management from the outside looking in. Okay, cyber secure information tours. I started with, I got an internship. So I went to grad school after my bachelor's, I worked as a Javier, and then I immigrated to the United States to do my master's in information security. And I thought, Hey, this is gonna be expensive, so I better pick an area where even if the is it the session and things like that, I might be able to find something so I can pay off my lot. So I was in the east coast, in the Washington DC Metro, and I started as an intern for a company called associates, and then they hired me full time as a security analyst, so that was my first job where I was a Risk Management Analyst. I also would look through small logs, I would deploy cars, I got to do a little bit of everything, it was re bootstrapping the security program. So from that, I moved to a security engineer role where I did application security application testing, alteration testing, things like that, and then they're protective board and Now Gartner, I then moved into a Senior Security Engineer role that I could do antivirus and I could do two factor authentication set up and things like that. And then I moved into my first management position there, so at the end of my career, Gartner, I was an Associate Director of Security, managing application security, Indian access management, and then client security engagement. So that early part of my career, I got a lot experience trying to build a proactive security program on the proactive... Out of those, I was weak. It was on the defense side of things. Like, how do you run defense operations? And I was kind of thinking through what I wanted to do next, and the mania opportunity came up, so I got the opportunity to be a third party managed defense consultant with Mangan. And then I moved from being a manager or to an individual contributor and being a consultant, and that was... I think my father described that as the worst and the best job of my life, best job, because it was just, you are in the Franklins, you are helping clients, you really know what's going on, you're a strategist to your clients, you understand how security works, not in one company, but a 2022, different environments and companies that you support, so yeah, so I have kinda deep proactive security and then kind of move to the defense out of the house, you can completely start on the defense out of the house and move into the career into this position as well. You Are ridiculously qualified. What does everyone get out of an hothouse... That's awesome. My gosh, you have an amazing care path. Wow. Okay, so we have more questions in the chat and I share that... I let them ask questions. Yes. Okay, so there's really good ones, so is there any way or like a simulation of instant response that we could practice or try out to see if our interest truly lie, an instant response, is there a way to safely practice, but learn about it and try it... A really great question. I do think I'm sure I'm very ordered. Currently, one of our company, whatever role you're working at, someone some Metis doing incident response, even if it's not called being from response team or there might be a team that does it... One of the best things to do is inside responders always love help, we almost always... Are we reading... If someone says, Hey, can I help you? Reality, please, please. So I think one easy way to say is, Hey, can I scribe for you so not taking is... I can't tell you how much cognitive load it refuses on the incident responder at the same time, a person who's taking Reno really understand what's going on. Is that text is gonna be helpful while writing executive comms, while maintaining this detailed investigation timeline, so I think... Just raise your hand and say, Hey, can I scribe for you? Can I take on that role? Even if you wanna shadow someone, I think that's another great opportunity, it's tough because I think for a few weeks you might have to do that job plus your job, but I do think that I help get your feet and figure out if that's the right fee for you... That's What I'm losing, what I did. Yeah, great, I think one... Sorry, one quick side note on that, general exhaustion and the burn and turn is real, but if you also have a very healthy on call Alan and cycle, it can be a very rewarding fee to be an Awesome... I have another suggestion, so there is this called back doors and breaches, and it's by Black Hill security, and you can buy it on Amazon for 12 bucks. And then I live in Canada, so the shipping was eight bucks, but it's totally worth 20 bucks, and it's an instant response table top game, and so you can... I realized right now, meeting with other humans in person is not cool, that said, Oh, and we just put it into the chat, how you can get that. So I'm just gonna add that to the screen. Oops, there we go. It's fun to try out instant response, and if there's a local security meet up, I know meeting in person is not cool right now, but you could probably do it over zoom or something like that, and then you could all talk about it and do the security exercise or a tabletop exercise or simulation, everyone kinda calls it different stuff, but it's super fun because you might not work in a place where you can volunteer to work with the team, but like swathe said... Literally, I just asked, could I just come and see? And then there was code, and I'm a nerd, so I could read the code. And it was office cited, but I'm so nerdy, I could still read it. I'm like, Oh, that has killed injection, and they're like, they'll look at me. Excuse me. The lady at the back. What are you talking about? I'm like, I don't do it. And they're like, You're on the team now, I'm... It was very exciting, I have to tell you. Oh, and apparently they have an online version of the game as well, so if you don't work at a place... This is an option for you. Okay, so we have more questions and they're really good. Fashion your team over the years, which candidates were successful and what were their attributes that made them awesome, and what types of candidates were unsuccessful and what attributes might have led to that? Wow, such a great question. I think we talk about being calm under pressure, it's really hard, and it's definitely a muscle that you exercise, so I think if you generally have that ability... That's great exercise that muscle. Often you get great at that, and if you think, Oh no, I get really nervous, I get stressful as... That's still okay though, because a lot of times it could be different, different levels based on her that this is a job, this is something that I do, and I do do that kind of long enough it works or generally, I think what kind of attributes don't work well, is is in an incident setting, if you can partner and work with other teams, Raglan, cross functional collaboration piece, I would say is very key, one other attribute that works really great in and in response is like if you have previously infrastructure background, if you come from like, Hey, you've managed infrastructure before, or you've done DevOps before, you really understand how systems interconnect and how they work, that's quite beneficial, and I've seen that work only within the team. And I think one other point I wanted to make was, in detection responds, this fee is wide and rich with some core tactical skills, relict software engineering, the incident handling forensics, doing investigations, intelligence analysis, log analysis, infrastructure automation, any and all of these technical skills will... Can slate into a roll and detection response, a combination of few of these skills will definitely put you at the top... Oh, I love it. That's at your God to answer. And it also just feels like gives me lots of hope, asks many people, not just me, I have a job, but sometimes when I talk to people and your job. So cool. Do I need to keep... No, no, no, I have a job. Yeah, yeah, yeah. Okay, so we have two questions in the chat where I'm concerned that they are things that you aren't allowed to answer. Okay, so I'm gonna ask them, and if you're not allowed to answer, you just say I'm not allowed to answer that, that sounds good because I know... Obviously, I do wanna know all the secret security things on Netflix, but obviously Shala telling us... Okay, so one is, how do you defend against the distributed nature of Netflix, so you have as NS IPS and cash is distributed throughout the world, direct connections to the internet with a drop shipped box and a thumb drive boot, so I don't know what the drop shipped box and thumb drive got is about, but what types of things, I guess, do you do because it's distributed in nature, if you're allowed to share any of that... Yeah, I think I'll give you a very high level answer, which you've probably heard me say this before, so this is definitely a team effort, a product and application security team works really closely with our rest of engineering team, reentered security teams, works really closely with our studio partners and with our employees that we have a user focus security program that's focused on, Hey, how can we bring security relevant information to our employees in a very non annoying with... And we also have a huge open connect team, El, who is responsible for our content delivery, and they have a big insecurity there as well, and we have our device and content security teams and also do this work. So answer to this question is, there is a big team that's focus focused on this, but I think one thing that I'm gonna point out is like at scale, you see probably even other Netflix leaders talk about X scale quite a bit because we are... We focused on building services at skill. That is a thing that they drilled into me at Microsoft quite a lot, and then when I said I was leaving to start my own company because then I could scale better there, that's not what we've been... They're very supportive, but I totally get it. To be able to serve a reliable service that secure and safety used to everyone all over the planet... Oh yeah, that is... As a big job. Yes. Okay, so I'm gonna do one more question where I think you might not be able to answer it, but we'll see, and then I only have... I have questions, I have so many questions, but apparently, eventually the shows post and I'm just not a thing, I'm like, I have so many, I have to pick my favorite ones. Okay, how does... So again, if you can't answer this. Just say no. How is the coordination between the AWS security team? And then also the Netflix instant response team because... And what are the pros and cons? So I used to work at Azure and I definitely couldn't talk about those things, but... But there must be some sort of coordination, so you don't step on each other's toes or where you alert each other to potential issues... No. I think this as a partnership, it... And I think we should talk about internal security teams and vendor partnerships, I think with me previously being a maniac the other side of the house and now being in an internal security team, I've definitely seen the struggle, so obviously it less... It's public knowledge that it's a big partner of Netflix it, same thing. We also work with the few other vendors specifically in my Things areas well, I think really, how can we build a relationship based on transparency, and at same time, we wanna pull someone into an incident, we have to give them the right context of, Okay, what are we trying to solve for... And how are we gonna get that? So I think it's no different with any other folks that are involved in to be the incident grade, how can we all kinda move towards the reservation that we wanna get to... Yeah, 'cause you don't wanna do anything that's gonna harm AWS, like you want to do good by them just as they wanna do well by you... I don't know if the word is well or good, but it Definitely... It's definitely a great partnership and the mutual... By direction of partnership. That's cool. Okay, so there's a bunch of thank you in the chat about how you see it, so excellent. And how really by sharing information, we love security forward, and also Jason mentioned that Netflix has always been his favorite learning opportunity, so the Netflix security team has their own YouTube channel now, a... A, tell us a little bit about that. 'cause it's awesome. Yes. Please, no. Yeah, obviously, I really... We really try to upload sorties talks and in content on their... So please check out at YouTube channel. I think recently we did a really interesting panel with a few other cows around challenges, the communication challenges in security, so you should find that one there as well. Yeah, and a few other... So yeah, please check it out. Oh Yeah, the app SEC team has so many cool to... Yes, they have so many cool talks, I love it when Asta gives a talk, she's about as this amazing and hotta team is incredible to a point, apses done some really, really awesome work, so... Yeah, please check out of this talk is... Well, yeah, there're so many cool. I actually often use Netflix as an example when I talk to different groups to explain like, So here's a company that is sharing lessons learned, sharing information, creating actual tools, and then open sourcing them and making them free for our industry, that they are pushing our industry forward in such a positive way, your other companies doing this, because there are companies where they'll make a security tool internal and then they won't share it, and I'm like, Really, why not? 'cause you could... 'cause what you built is amazing, and I love that Netflix is doing that, I'm such a huge fan of the sharing of information, like the super high quality content that I've seen coming out of there. So it's cool to be able to say it to a Netflix person. Okay, thank you so much, we appreciate all the kind words and especially everyone who's listening things for the concerts in the chat as well. Okay, so I have the most difficult but also Bateson ever, because it is a two parter, what is your favorite thing about doing your type of work, and then what is your least favorite, like the worst part of doing your type of form, and it's okay if they're the same thing. Yeah, totally. Honestly, the best part about my work right now is really... Like my team, I'm really pad of the team that we have. Well, it's a really cognitive diversity is the console of our team, so you know, Ashley is on the team who comes from the crosland is on the team who's bad scaled systems before at Facebook and Palantir and Mark is on the team. And Jason forest comes from academia, Kevin came from financial institution, Shannon comes from working at an insurance company before, and how do we apply risk to hear it? It's a group of really diverse folks coming together, half software engineers have security engineers, and then we have a technical program manager, it's a really a mix of different skills, so I think I'm really part of the team that we've built here at Netflix, the worst part, the least thing that I love about my job, I think This is not specifically about my current job, it was... I think in my previous role as a consultant, I was definitely exhausting, and my daughter at the time was very young, so I definitely fell like an absent team, sometimes it would be maybe a couple of days of travel, may be two trips a month, but over two years, that really added up. Multiple dinner. My husband has been inside the restaurant, along himself eating, and I'm outside on a call... I think one of the big things why I moved from that role to the next one was a tank, if you would have asked me, Okay, what did you build in those two years, I would be able to show you anything... I helped a bunch of clients, I help... Hopefully, they'll have great things to say and we help them through a very difficult situation, but I think coming to Netflix, I have the opportunity to build the detection and response team and mature that program, so I have something to show for. So that challenge was excepted... That's Awesome. And yes, I remember I did instant response on my doctor saying, I need you to stop doing that, I need you to find a new doctor. I would just get so stressed, but so excited because I find it fascinating and interesting and exciting to be in the middle, but some people are good at calming down and I'm not one of them, and So you really... That's a trend to product, to be able to recognize that and say, Hey, how do I wanna move? And to be able to do that, I think is in critical... Oh yeah, I think you made excellent choices, and I think Netflix is really lucky to have you. Likewise, so there are more thank yous in the chat, I wanna thank you. But first, before we say goodbye, how can people learn more about you or follow you? You have to at a Twitter handle. Yes, so that's at Swathi Joshi. I'm not as active on Twitter, but... Yes. You definitely find me on LinkedIn. Please reach out if we can connect one on one... That would be great. So LinkedIn and Twitter. Do you have a website? I don't have a website. I think some of the talks and some that it in content should be all linked from my Linder profile. Okay, perfect, 'cause I wanna go watch them... Yes, but a website. That's a good idea. Thank you. Thank you so much for being on the show. This has been so fascinating. Clearly like the audience. So many questions, I didn't even get up to all of them... Sorry to everyone who I didn't get to your questions because I was selfish and I wanted to ask my own questions. Thank you so much. This has been such a pleasure, I really appreciate you being on the show. Thanks for having me, Tanya, and everyone's watching things for... Things were spending, and I were with me, I appreciate it. Awesome. So I thank you for being on the... We had purple podcast, this week we had swathe Joshi of Netflix who the detection and response team at Netflix. And from what it sounds like, so much more, thank you to our sponsor, thread fix, powered by denim group, we really appreciate your sponsorship of our podcast up. Next week we have Annie hedge patch, I'm totally saying that wrong, and I'm sorry, hedge. She's a senior Cloud automation engineer, and I'm really excited to ask her all sorts of clay questions, the week after that, we have testing Bennett and we're gonna learn about just basically being a senior consultant, but specifically Cloud security engineer, which is slightly different than what an AS but also they'll have different view points on it, and I'm really excited about that. April 29th, we have Zenobia, go talk, and she is a CEO of said Communications, and she's gonna tell us what it's like to found a group, a huge company. They do digital marketing PR and incident response, and it's pretty exciting. And then the following week, we have Abby or are... We were supposed to have him on a few months ago, but then ulcerative stuff happened, specifically, there was a tornado and he was for neither was the California wildfires, and he was evacuated hours before the podcast, so we finally getting him back on and he's the CPO of cloud defense, and also my friend. So that's pretty exciting. I wanna thank everyone who has been watching and listening to the... We had purple podcast, I really appreciate it. I wanna thank everyone who came to the previous Alice and Bob learn application security live stream, we have another one in just over a week, you can sign up to be invited to it at Alice and Bob Learn dot com, and you can come join me and a whole bunch of friends, including Nancy Garcia of the OS dev slab project, which is really exciting, and a whole bunch of my other friends and we're gonna just nerd I about security requirements. Thank you so much. We had... People really appreciates you. And I look forward to seeing you next week. Until then, have fun. Securing all the things I E