One of the toughest targets for sophisticated cyber attackers is the security research community itself, those directly responsible for helping protect us all from hacking. And yet, just last week we got to see the methods of a successful, professional and detailed attack in progress today.

In a fascinating blog post from Adam Weidermann of Google’s Threat Analysis Group we can see the details of how a state-sponsored hacking group goes after security researchers — arguably one of the hardest demographics to compromise.

The security teams at Google have a fun tradition. Each time someone departs the team (whether to…


(Ayka Agayeva, IT lead for Google’s program to shift onboarding to a fully work-from-home world, sat down with me to talk about the crazy year this has been and some of her team’s work. She organized the significant changes to establish virtual onboarding, and worked with me to collect the lessons they learned along the way.)

Hiring new people during a global pandemic isn’t usually covered in your standard HR or IT handbooks. Our goal was to get people up and running as soon as possible, ideally productive during the first week.

We needed to get new employees up and…


(All the credit for these insights goes to Peter Grabowski, Google Austin Site Lead, Enterprise AI)

We’ve spent the past few years at Google building a horizontal AI team, focused on machine learning (ML) for enterprise applications. It wasn’t easy, but it had a huge impact. Through that process, we’ve identified multiple benefits of having a centralized ML team, including better access to talent and improved engineer retention, more reusable, organization-wide solutions and an enhanced capacity to balance bursty ML projects.

But first — what is a horizontal AI team, and how do you build one?

Why a centralized team?


How do I get my software to all the markets?

Integrating with a huge variety of cloud services, marketplaces and products quickly creates tons of extra work for your development teams, pulling them away from launching features. As businesses continue to move their operations farther into the cloud, large companies are using an average of 203 SaaS products. How do you weave all these distinct systems together?

There are too many different places to reach B2B customers.

Pandium helps SaaS companies to solve this by enabling businesses to offer native integrations at scale. It’s a platform specifically designed to remove the heavy lifting associated with building and maintaining in-app integration…


Most companies looking to secure their corporate resources adopt a perimeter security model, putting up a strong wall between the ‘inside’ and the ‘outside’ to protect their high-value data. The perimeter security model is dangerous, and should be abandoned.

(Photo by stux on Pixabay)

The IT or Security folks put all the resources inside a wall, usually a firewall with VPN access, and then grant access to those resources only to people inside that wall.

Let’s take Slager Bank & Trust, a bank that’s been around for generations and has adapted slowly to technology. As they’ve moved more of their operations, customer facing tools, and…


Your employees need to get to a wide variety of systems, running on-prem and in the cloud, each day. But oftentimes your authoritative identity provider lives on one of your servers, far away from the services people need to access. It’s time to bring identity closer to the places people need to use it.

As you tackle challenges around access control and permissions, new dilemmas come to the fore. The right groups of people need to get in, but you can’t open things up too broadly for fear of attack. As your company and teams grow, your access needs become…


You need tools to secure your applications that are aware of people and devices. You wouldn’t let a passenger on a plane without first inspecting who they are and what they’re carrying, and you should treat your applications the same way. This context-aware way of thinking drove Google’s adoption of BeyondCorp, and has been gaining traction.

Modern applications rely on a large set of systems: web servers, microservices, and scalable, serverless deployments. You want all the subcomponents accessible to each other, and your employees, but if you’re not careful you could open them up to absolutely everyone on the internet…


To make good decisions about access, you need to gather data about all the devices your employees will use.

In my last post we explored shifting from perimeter security to context-aware security, and now we’ll dig into the device aspect of that context. There are many approaches to securing devices (including completely ignoring device security… yikes), with many companies choosing some variant of bring-your-own-device (BYOD) policies.

These policies allow companies to reduce their spending on hardware for employees, and can offer flexibility for folks to use the computers or tablets that they prefer. …


Your company holds very sensitive data: about your clients, your business, your employees. Your employees need to use a variety of applications, internal or external, to access everything from contracts and purchase orders to addresses and phone numbers. It’s vital to your success, and your survival, to properly lock down the applications, the data, and the ways people get access. Yet you also need to make the applications accessible to your people, wherever they are working.

How are you going to protect the lifeblood of your company: the data?

In response, I tend to see more companies adding extra layers…

Max Saltonstall

Father, gamer, juggler, tech enthusiast. I tell stories about how to cloud, and keep it all secure. Sometimes make games. Opinions are my own. Also chocolate

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store