Gold Fig Labs: Cloud Infrastructure Security with Vikrum Nijjar and Greg Soltis


IT infrastructure are the components required to operate IT environments, like networks, virtual machines or containers, an operating system, hardware, data storage, etc…. As companies build out different deployment environments with infrastructure configurations, they must maintain the different environments, replicate them, and update them. The management of infrastructure, often automated to some extent, is referred to as Infrastructure as Code (IaC).  

The company Gold Fig Labs helps growing companies better understand their deployed infrastructure beyond the basic IaC principles. Gold Fig Labs developed 2 main tools to deliver the clearest view of infrastructure security and compliance. Their tool Checkup provides periodic security and best practices reports for AWS accounts. The report details specific, actionable, and relevant advice to improve security posture. Their other tool, Introspector, is a unique security and auditing tool that provides in-depth analysis of larger cloud deployments with complex regulatory requirements and custom internal policies. 

In this episode we talk with Vikrum Nijjar and Greg Soltis. Vikrum is co-founder and CEO at Gold Fig Labs. He was previously an angel investor with Angel and special advisor for Google’s onboarding acquisitions, compliance, and security.  Greg is co-founder and CTO at Gold Fig Labs. Previously he was a senior software engineer at Google and a software engineer at Firebase. We discuss the principles of IaC, how Gold Fig Labs helps customers go beyond what IaC intends, and the complexity of cloud infrastructure security and regulatory compliance.

Sponsorship inquiries: sponsor@softwareengineeringdaily.com

Transcript

Transcript provided by We Edit Podcasts. Software Engineering Daily listeners can go to weeditpodcasts.com to get 15% off the first three months of audio editing and transcription services with code: SED. Thanks to We Edit Podcasts for partnering with SE Daily. Please click here to view this show’s transcript.

Sponsors

From their recent report on serverless adoption and trends, Datadog found half of their customer base using EC2s have now adopted AWS Lambda. You can easily monitor all your serverless functions in one place and generate serverless metrics straight from Datadog. Check it out yourself by signing up for a free 14-day trial and get a free t-shirt at softwareengineeringdaily.com/datadog

With Census, just write SQL or plug in your dbt models and start syncing your cloud warehouse to SaaS applications like Salesforce, Marketo, Hubspot, and many more. You should check them out at softwareengineeringdaily.com/census. They have a free 14-day trial.

ClickUp is no-code project management software that brings all of your engineering work into one place, and they guarantee to save you one day every week by consolidating your tools. Engineers use ClickUp to collaborate on code, docs, sprints, bug tracking, roadmaps, and chat. So code smarter, not harder with ClickUp. Try ClickUp for Free today at ClickUp.com/sedaily and use code SED to get 30% off Unlimited and 15% off Business plans.

Gremlin is taking a tip from all of you resilient engineers and presenting Failover Conf 2: Fail Smarter, an evolved virtual experience on April 27 with panel discussions, fireside chats, movie rooms, and pet slideshows, aiming to look and feel different than all the conferences you’ve sat down to watch over the last year. Go to gremlin.com/sedaily.