<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

Data Engineering Podcast | Justin McCarthy

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

Listen to this episode here!

About This Episode

Controlling access to a database is a solved problem… right? It can be straightforward for small teams and a small number of storage engines, but once either or both of those start to scale then things quickly become complex and difficult to manage. After years of running across the same issues in numerous companies and even more projects Justin McCarthy built StrongDM to solve database access management for everyone. In this episode he explains how the StrongDM proxy works to grant and audit access to storage systems and the benefits that it provides to engineers and team leads.

About Justin McCarthy

Justin McCarthy is the co-founder and CTO of StrongDM, the database authentication platform. He has spent his entire career building highly scalable software. As CTO of Rafter, he processed transactions worth over $1B collectively. He also led the engineering teams at Preact, the predictive churn analytics platform, and Cafe Press.

Introduction

  • Hello and welcome to the Data Engineering Podcast, the show about modern data management
  • Go to dataengineeringpodcast.com to subscribe to the show, sign up for the mailing list, read the show notes, and get in touch.
  • To help other people find the show please leave a review on iTunes, or Google Play Music, tell your friends and co-workers, and share it on social media.
  • Your host is Tobias Macey and today I’m interviewing Justin McCarthy about StrongDM, a hosted service that simplifies access controls for your data

Interview

  • Introduction
  • How did you get involved in the area of data management?
  • Can you start by explaining the problem that StrongDM is solving and how the company got started?
  • What are some of the most common challenges around managing access and authentication for data storage systems?
  • What are some of the most interesting workarounds that you have seen?
  • Which areas of authentication, authorization, and auditing are most commonly overlooked or misunderstood?
  • Can you describe the architecture of your system?
  • What strategies have you used to enable interfacing with such a wide variety of storage systems?
  • What additional capabilities do you provide beyond what is natively available in the underlying systems?
  • What are some of the most difficult aspects of managing varying levels of permission for different roles across the diversity of platforms that you support, given that they each have different capabilities natively?
  • For a customer who is onboarding, what is involved in setting up your platform to integrate with their systems?
  • What are some of the assumptions that you made about your problem domain and market when you first started which have been disproven?
  • How do organizations in different industries react to your product and how do their policies around granting access to data differ?
  • What are some of the most interesting/unexpected/challenging lessons that you have learned in the process of building and growing StrongDM?


About the Author

, Co-founder / CCO, began working with startups as one of the first employees at Cross Commerce Media. Since then, he has worked at the venture capital firms DFJ Gotham and High Peaks Venture Partners. He is also the host of Founders@Fail and author of Inc.com's "Failing Forward" column, where he interviews veteran entrepreneurs about the bumps, bruises, and reality of life in the startup trenches. His leadership philosophy: be humble enough to realize you don’t know everything and curious enough to want to learn more. He holds a B.A. and M.B.A. from Columbia University. To contact Schuyler, visit him on LinkedIn.

logo
💙 this post?
Then get all that strongDM goodness, right in your inbox.

You May Also Like

Day Two Cloud 134: Simplifying Infrastructure Access With StrongDM
Day Two Cloud 134: Simplifying Infrastructure Access With StrongDM
StrongDM takes a proxy approach to the challenge of access and authentication. It uses a local client that can run on a Mac, Windows, or Linux device; a gateway to mediate access; and an administration layer for setting policies and permissions and auditing access.
Senior Engineering Dir at Zymergen on Code Reviews
Token Security Podcast | Senior Engineering Director at Zymergen on Code Reviews
At Token Security our goal is to teach the core curriculum for modern DevSecOps. Each week we will deep dive with an expert so you walk away with practical advice to apply to your team today. No fluff, no buzzwords. This week Jeff Burkhart, Senior Engineering Director at Zymergen talks code reviews, code review fatigue, and what to do when agile becomes tedious.
Daniel Leslie at Namely on the Human Side of Security
Daniel Leslie Director of Security Intelligence & IT Operations at Namely on the Human Side of Security
This week we are joined by Daniel Leslie at Namely who shares his take on the human side of security, and what security at scale looks like for his team. Max, Justin, and Daniel discuss the 3 core things to good company-wide security: psychological safety, vulnerability, and purpose. You have to address these things in a comprehensive manner.
Alan Daines CISO at FactSet on Phishing
Token Security Podcast | Alan Daines Chief Information Security Officer at FactSet on Phishing
In this episode Max Saltonstall and Justin McCarthy are joined by Alan Daines, Chief Information Security Officer at FactSet to talk about phishing, educating on it, and defending against it.
InVision Talks Secure Code
Token Security Podcast | Johnathan Hunt, VP of Information Security at InVision Talks Secure Code
In this episode Max Saltonstall and Justin McCarthy are joined by Johnathan Hunt, VP of Information Security at InVision to talk about pen testing, bug bounty programs, and secure code.