Securing CI/CD Pipelines and Non-Human Identities: Mario Duarte’s Playbook for Executives

In this episode of CyberOxTales Podcast, host Neatsun Ziv, CEO of OX Security, welcomes Mario Duarte,  CISO at Aembit. They discuss the complexities of securing CI/CD pipelines and non-human identities, shedding light on why these areas are often overlooked and how to communicate their importance to both technical and non-technical stakeholders.

About Our Guest:

Mario Duarte is the former CISO of Snowflake, where he built the security team from scratch. With over 25 years of experience in the security industry, Mario now advises, invests, and speaks on security topics such as CI/CD and non-human identities.

Connect with Mario: LinkedIn

Key Takeaways:

• Development and QA environments are less controlled than production, making them prime targets for attackers.
• API keys and tokens often “move around” in development environments, increasing the risk of exploitation.
• Handling widespread vulnerabilities requires clear communication with management and an understanding of how vulnerabilities manifest in production.
• Mario emphasizes the importance of storytelling to explain security risks in relatable terms to both developers and executives.