June 13, 2022

Podcast: Ethan Heilman on Getting Into Information Security

No items found.

A few weeks ago, our CTO, Ethan Heilman, had the pleasure of speaking with Steve Stonebraker on the Ephemeral Security Podcast. They talked about getting into information security, how BastionZero works, and BastionZero’s potential features in the future.

Getting into Information Security

Ethan has always been interested in computers — since he was a kid, he collected security knowledge. Although he initially pursued a career as a security engineer, his security interest caused him to get pulled into security-related tasks and do research in his free time. 

After the company he was working at was acquired, he decided to pursue a Ph.D. at Boston University, which was where he met Sharon Goldberg. 

“When the startup I was at got acquired, I decided to [get a Ph.D. in cybersecurity]... I spent a long time basically deep-diving on network security and cryptology.”

Eventually, they founded Commonwealth Crypto, Inc. However, the blockchain space was heavily regulated. Looking for a space where they could realize their ideas, they shifted their focus to cybersecurity and founded BastionZero.

Connect with our OpenPubkey experts!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Podcast:  Ethan Heilman on Getting Into Information Security

The Inner Workings of BastionZero

Ethan talked about how the main idea of BastionZero is that it adds an additional route of trust for authentication into the server and to the IDP while not serving as a single point of compromise. This way, both the IDP and BastionZero have to be compromised for your system to be compromised.

“If BastionZero is compromised, the attacker still cannot get access; it requires the joint compromise of both the IDP and BastionZero.”

BastionZero also has a dynamic targets system where the BastionZero acts like a Linux box. Users can plug their provisioning system into our system so that they can request to spin up a box and then gain access to it. The box lives on the user’s network, making the steps to access the box simpler and quicker.

However, Ethan noted that BastionZero isn’t a firewall. BastionZero doesn’t work to prevent users from providing additional ways of accessing servers — instead, it provides a securer way to those servers. 

BastionZero’s Future Features

The main feature that Ethan discussed is just-in-time access, which affects BastionZero’s privilege access flow. This feature will connect to a Slack channel and drop an alert whenever a user requests access to a group of servers. If a user is approved, they will have access for two hours before needing to request access again. The feature is still a work in progress and may change before deployment. 

A service offering a separate AWS account and a feature of adding another MFA verification was discussed, but no plans for development have been made yet.

Interested in hearing more about getting into information security and the technology underlying BastionZero? Listen to the full episode here:

See BastionZero in Action

BastionZero connects teams to resources and requires no additional infrastructure to deploy or manage. It is the first—and only—cloud-native solution for trustless access providing multi-root authentication while maintaining zero entitlements to your systems.

With BastionZero, you can reclaim your architecture from over-privileged third parties and ensure that the right people have access to the right resources at just the right time—every time.

Schedule a demo now to see how you can trust less and access more with BastionZero.

Sign up for the BastionZero newsletter

We talk about zero trust, remote access, threat intel, and more!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Future-proof your cloud security strategy

Try BastionZero for free today and see why fast-growing companies trust us over any other identity provider.