talk-data.com

Summary In this episode of the Data Engineering Podcast Matt Topper, president of UberEther, talks about the complex challenge of identity, credentials, and access control in modern data platforms. With the shift to composable ecosystems, integration burdens have exploded, fracturing governance and auditability across warehouses, lakes, files, vector stores, and streaming systems. Matt shares practical solutions, including propagating user identity via JWTs, externalizing policy with engines like OPA/Rego and Cedar, and using database proxies for native row/column security. He also explores catalog-driven governance, lineage-based label propagation, and OpenTDF for binding policies to data objects. The conversation covers machine-to-machine access, short-lived credentials, workload identity, and constraining access by interface choke points, as well as lessons from Zanzibar-style policy models and the human side of enforcement. Matt emphasizes the need for trust composition - unifying provenance, policy, and identity context - to answer questions about data access, usage, and intent across the entire data path.

Announcements Hello and welcome to the Data Engineering Podcast, the show about modern data managementData teams everywhere face the same problem: they're forcing ML models, streaming data, and real-time processing through orchestration tools built for simple ETL. The result? Inflexible infrastructure that can't adapt to different workloads. That's why Cash App and Cisco rely on Prefect. Cash App's fraud detection team got what they needed - flexible compute options, isolated environments for custom packages, and seamless data exchange between workflows. Each model runs on the right infrastructure, whether that's high-memory machines or distributed compute. Orchestration is the foundation that determines whether your data team ships or struggles. ETL, ML model training, AI Engineering, Streaming - Prefect runs it all from ingestion to activation in one platform. Whoop and 1Password also trust Prefect for their data operations. If these industry leaders use Prefect for critical workflows, see what it can do for you at dataengineeringpodcast.com/prefect.Data migrations are brutal. They drag on for months—sometimes years—burning through resources and crushing team morale. Datafold's AI-powered Migration Agent changes all that. Their unique combination of AI code translation and automated data validation has helped companies complete migrations up to 10 times faster than manual approaches. And they're so confident in their solution, they'll actually guarantee your timeline in writing. Ready to turn your year-long migration into weeks? Visit dataengineeringpodcast.com/datafold today for the details.Composable data infrastructure is great, until you spend all of your time gluing it together. Bruin is an open source framework, driven from the command line, that makes integration a breeze. Write Python and SQL to handle the business logic, and let Bruin handle the heavy lifting of data movement, lineage tracking, data quality monitoring, and governance enforcement. Bruin allows you to build end-to-end data workflows using AI, has connectors for hundreds of platforms, and helps data teams deliver faster. Teams that use Bruin need less engineering effort to process data and benefit from a fully integrated data platform. Go to dataengineeringpodcast.com/bruin today to get started. And for dbt Cloud customers, they'll give you $1,000 credit to migrate to Bruin Cloud.Your host is Tobias Macey and today I'm interviewing Matt Topper about the challenges of managing identity and access controls in the context of data systemsInterview IntroductionHow did you get involved in the area of data management?The data ecosystem is a uniquely challenging space for creating and enforcing technical controls for identity and access control. What are the key considerations for designing a strategy for addressing those challenges?For data acess the off-the-shelf options are typically on either extreme of too coarse or too granular in their capabilities. What do you see as the major factors that contribute to that situation?Data governance policies are often used as the primary means of identifying what data can be accesssed by whom, but translating that into enforceable constraints is often left as a secondary exercise. How can we as an industry make that a more manageable and sustainable practice?How can the audit trails that are generated by data systems be used to inform the technical controls for identity and access?How can the foundational technologies of our data platforms be improved to make identity and authz a more composable primitive?How does the introduction of streaming/real-time data ingest and delivery complicate the challenges of security controls?What are the most interesting, innovative, or unexpected ways that you have seen data teams address ICAM?What are the most interesting, unexpected, or challenging lessons that you have learned while working on ICAM?What are the aspects of ICAM in data systems that you are paying close attention to?What are your predictions for the industry adoption or enforcement of those controls?Contact Info LinkedInParting Question From your perspective, what is the biggest gap in the tooling or technology for data management today?Closing Announcements Thank you for listening! Don't forget to check out our other shows. Podcast.init covers the Python language, its community, and the innovative ways it is being used. The AI Engineering Podcast is your guide to the fast-moving world of building AI systems.Visit the site to subscribe to the show, sign up for the mailing list, and read the show notes.If you've learned something or tried out a project from the show then tell us about it! Email [email protected] with your story.Links UberEtherJWT == JSON Web TokenOPA == Open Policy AgentRegoPingIdentityOktaMicrosoft EntraSAML == Security Assertion Markup LanguageOAuthOIDC == OpenID ConnectIDP == Identity ProviderKubernetesIstioAmazon CEDAR policy languageAWS IAMPII == Personally Identifiable InformationCISO == Chief Information Security OfficerOpenTDFOpenFGAGoogle ZanzibarRisk Management FrameworkModel Context ProtocolGoogle Data ProjectTPM == Trusted Platform ModulePKI == Public Key InfrastructurePassskeysDuckLakePodcast EpisodeAccumuloJDBCOpenBaoHashicorp VaultLDAPThe intro and outro music is from The Hug by The Freak Fandango Orchestra / CC BY-SA

Welcome to the DevSecOps London Gathering – May Edition! Join us as Amanda Lee from Veracode unpacks key insights from their latest State of Software Security report, revealing how leading organisations are tackling third-party vulnerabilities, accelerating remediation, and using AI to stay ahead.

We’re also joined by Matt Salmon for a timely and eye-opening talk: Hallucinated Code, Real Threats, which explores how AI coding assistants are introducing a new class of risks through hallucinated packages and malicious recommendations. As attackers turn their attention to open-source ecosystems and prompt injection techniques, it’s not just about securing code - it’s about securing the coder.

Whether you’re focused on strategy, development, or defence, this session will offer fresh insights, practical takeaways, and a look at where our threat landscape is headed next.

🕕 6-8pm 📍Veracode, 36 Queen Street

The Talks Security Debt in the Software Supply Chain Synopsis: In an era where software development is accelerating rapidly, Veracode's latest research reveals a concerning trend: 50% of organisations are burdened by critical security debt, with 70% of these vulnerabilities originating from third-party code and the software supply chain. The average time to fix security flaws has increased to 8.5 months, marking a 47% rise over the past five years.This session will delve into the key findings of the State of Software Security report, offering a comprehensive understanding of the current landscape. Amanda will explore the five critical metrics identified by Veracode that benchmark security maturity and what defines a ‘leading’ or ‘lagging’ organisations.Attendees will gain insights into:

• The impact of third-party code on security debt and strategies to mitigate associated risks.
• The importance of remediation speed, with fast-acting teams reducing critical security debt by up to 75% .
• The role of AI in enhancing remediation efforts and addressing the backlog of security debt.
• Practical recommendations for improving security posture, including enhancing visibility across the software development lifecycle and prioritising vulnerabilities effectively.

Join to learn how to assess your organization's security maturity, benchmark against industry leaders, and implement strategies to reduce security debt and enhance resilience in the face of evolving cybersecurity challenges.

Hallucinated Code, Real Threats: Malicious Packages in the Age of AI Synopsis: As AI coding assistants rapidly gain adoption, they’re introducing a new and largely unguarded attack vector: hallucinated packages and malicious code recommendations. This talk unpacks recent research - including real-world, nation-state-attributed attacks - revealing how AI can unknowingly guide developers to introduce compromised dependencies.

With attackers now targeting developers through open-source ecosystems and prompt injection techniques, it's no longer just about securing code - it's about securing the coder.

Learn what these emerging threats look like and how to start building defences before they take root in your pipeline

RSVP to join us!

Join the community: Can't make it to the event? Keep up to date with our activities on LinkedIn & Twitter

Get ready for a re-release! Shane and Alcine dream with colleagues Matt Alexander and Jessica Huang, surfacing shared learning from a combined 80 plus years in education. Matt and Shane reminisce about the early years of teaching in San Francisco pre-No Child Left Behind and how they aspired toward a pedagogy of student voice. Jessica shares her experience working in international education in Asia where the West is “exporting stereotypes into neocolonial schools” and ways she is disrupting the Model Minority myth. These four leaders explore how the American Dream is a facade, lessons in democracy from the world of community organizing, and why leaders need a power analysis of their school communities. Finally, they consider what authentic accountability looks like and what it means to walk toward becoming elders in the movement for educational justice, and preview a project they are working on to “radically dream” together with educators across US + Canada.

For Further Learning:

Dive deeper into the 6 Key Aspects of Social Justice Pedagogy developed by June Jordan School for Social Justice educators. Learn more about Faith in Action Bay Area and the work that they do to uphold the dignity of all people. Read up on AB 540 which expanded in-state tuition eligibility in california and check out whether you may qualify.

------ Welcome\, London R Users! ------

Welcome back!

As before, the event will be brought to you by Datacove. We are a Data and Analytics Consultancy Team based in Brighton, with experience in founding many well-attended R & Python events. Plus, home of the EARL Conference! We work across multiple streams - from marketing and customer analytics, to bespoke dashboards, process automation, and training! :)

We will be supported by the generous team, organised by Valerio Ficcadenti, at London Southbank University, in Elephant and Castle, London. Hosted by Abbie Brookes and Jeremy Horne from Datacove.

------ Talk One ------

For our first talk, we are thrilled to be hosting Matthew Thomas, Director of Insight and Improvement at British Red Cross. Matt began his career working as a Senior Application Analyst at Alzheimer's Society, before venturing into a Lead Researcher at British Red Cross and excelling into Acting Director of Insight.

Matthew will be sharing his talk with us, 'Where data meets disaster: A journey through the British Red Cross’ Humaniverse'. Matthew goes on to explain: "The ‘Humaniverse’ is a suite of R packages produced by the British Red Cross’s data scientists for sharing humanitarian data and tools. Open data and analyses are vital for 21st Century humanitarianism and these packages have transformed the speed and scale at which we can provide answers about emerging and ongoing humanitarian crises in the UK."

------ Talk Two ------

Secondly, we have the pleasure of being joined by Guy Hancox, Head of Data and Analytics at People's Partnership. Guy began his career working as a Pricing Manager at Mercury Communications Limited, later working for companies such as BT, O2, Regus, Waitrose, Knight Frank and The Kite Factory - with experience as a Head of Department or Manager for over 10 years, Guy has had vast experience in Data and Analytics.

Guy's talk will be covering, 'Data Strategy - 10 Things I Have Learnt Not to Do.' Expanding, the talk will discuss 10 (or thereabout) key lessons Guy has learnt over the years while watching things go horribly wrong. Not one to be missed!

------ Timing Information ------

6pm: Arrival and greetings from our team. 6:15pm: Food and drinks are served while networking. 6:40pm: Introduction to the event commences. 6:45pm: Talks commence. 8:00pm: Talks conclude. 8:10pm: Networking continues. 8:30pm: Event moves to the local pub.

------ Catering Information ------

Our event relies heavily on sponsorship from companies that attend. In July, we are grateful to Fathom Data to sponsoring the food below. Please contact the organisers or [email protected] to get involved.

What to expect: light buffet & finger style nibbles with vegan, vegetarian and meat options. Tap water also provided.

Please feel comfortable to bring your own snacks and drinks in.

------ Arrival Instructions ------

Please read the instructions carefully below due to there being multiple LSBU buildings.

Arrive at the London Southbank University Business Building on Borough Road. The room code is Floor One, Learning Lounge. Our staff will be inside the entrance to greet you.

What3Words: punk.single.enter

Please feel free to register guests and spread the word. We look forward to seeing you all again!

On today’s episode, we’re joined by Matt Verlaque, Chief Operating Officer at SaaS Academy, the complete business growth system for SaaS founders. We talk about:  How SaaS companies are 10% art, 90% scienceMaking deposits into your customer goodwill account to avert disasterImportant founder attributes for successThe most innovative marketing strategies Matt has seen

As one of the world's largest fast-food chains, McDonald's manages massive amounts of data for customers, sales, inventory, marketing, and more. And at that scale, ensuring the accuracy, reliability, and quality of all that data comes with a new set of complex challenges. Developing manual data quality checks with legacy tools was too time consuming and resource-intensive, requiring developer support and data domain expertise. Ultimately, they struggled to scale their checks across their enterprise data pipelines.

Join our featured customer session, where you’ll hear from Matt Sandler, Senior Director of Data and Analytics at McDonald’s, about how they use the Lightup Deep Data Quality platform to deploy pushdown data quality checks in minutes, not months — without developer support. From reactive to proactive, the McDonald’s data team leverages Lightup to scale their data quality checks across petabytes of data, ensuring high-quality data and reliable analytics for their products and services. During the session, you’ll learn:

• The key challenges of scaling Data Quality checks with legacy tools
• Why fixing data quality (fast) was critical to launching their new loyalty program and personalized marketing initiatives
• How quickly McDonald’s ramped up with Lightup, transforming their data quality struggles into success

After the session, you’ll understand:

• Why McDonald’s phased out their legacy Data Quality tools
• The benefits of using pushdown data quality checks, AI-powered anomaly detection, and incident alerts
• Best practices for scaling data quality checks in your own organization

Talk by: Matt Sandler and Manu Bansal

Here’s more to explore: Data, Analytics, and AI Governance: https://dbricks.co/44gu3YU

Connect with us: Website: https://databricks.com Twitter: https://twitter.com/databricks LinkedIn: https://www.linkedin.com/company/databricks Instagram: https://www.instagram.com/databricksinc Facebook: https://www.facebook.com/databricksinc

In Episode 12, Shane and Alcine dream with colleagues Matt Alexander and Jessica Huang, surfacing shared learning from a combined 80 plus years in education. Matt and Shane reminisce about the early years of teaching in San Francisco pre-No Child Left Behind and how they aspired toward a pedagogy of student voice. Jessica shares her experience working in international education in Asia where the West is “exporting stereotypes into neocolonial schools” and ways she is disrupting the Model Minority myth. These four leaders explore how the American Dream is a facade, lessons in democracy from the world of community organizing, and why leaders need a power analysis of their school communities. Finally, they consider what authentic accountability looks like and what it means to walk toward becoming elders in the movement for educational justice, and preview a project they are working on to “radically dream” together with educators across US + Canada.

For Further Learning:

Dive deeper into the 6 Key Aspects of Social Justice Pedagogy developed by June Jordan School for Social Justice educators. Learn more about Faith in Action Bay Area and the work that they do to uphold the dignity of all people. Read up on AB 540 which expanded in-state tuition eligibility in california and check out whether you may qualify.

We talked about:

Danny’s background What an MLOps Architect does The popularity of MLOps Architect as a role Convincing an employer that you can wear many different hats Interviewing for the role of an MLOps Architect How Danny prioritizes work with data scientists Coming to WhyLabs when you’ve already got something in production vs nothing in production Market awareness regarding the importance of model monitoring How Danny (WhyLabs) chooses tools ONNX Common trends in tooling setups The most rewarding thing for Danny in ML and data science Danny’s secret for staying sane while wearing so many different hats T-shaped specialist, E-shaped specialist, and the horizontal line The importance of background for the role of an MLOps Architect Key differences for WhyLogs free vs paid Conclusion and where to find Danny online

Links:

Matt Turck: https://mattturck.com/data2021/ AI Observability Platform: https://whylabs.ai/observability Danny's LinkedIn: https://www.linkedin.com/in/dleybz/ Whylabs' website: https://whylabs.ai/ AI Infrastructure Alliance: https://ai-infrastructure.org/

ML Zoomcamp: https://github.com/alexeygrigorev/mlbookcamp-code/tree/master/course-zoomcamp

Join DataTalks.Club: https://datatalks.club/slack.html

Our events: https://datatalks.club/events.html