Welcome to the first episode in a series where we reflect on the lessons given to us by our previous guests. This episode is a deep focus on security champions — developers with extra training who provide input from the security side of things. Our first perspective comes from episode 59 featuring Steve White, Field CISO of Pivotal, now a part of VMware. Steve shares his enthusiasm for security champion programs and speaks about their role in helping their teams make incremental security changes...
Aug 06, 2020•25 min•Season 5Ep. 72
On today’s episode, Guy Podjarny, President and Co-Founder of Snyk talks to Nitzan Blouin. Nitzan’s background combines engineering and product management. She built six QA test departments from scratch while bulletproofing big data with mobile products. Nowadays, she’s leading Spotify’s product security team. In this episode, Nitzan digs into changing culture, something that she has managed a couple of times before in a variety of contexts. She shares a bit about her journey from quality assura...
Jul 30, 2020•33 min•Season 5Ep. 71
Security teams often adopt an untrusting and policing approach to development, creating confrontational relationships that only increase risk. For many companies, this culture of gatekeeping prevents the adoption of DevSecOps practices. But now the data is out! Having used agile practices to integrate DevSecOps into Comcast’s development cycle, Larry Maccherone has shown that DevSpecOps significantly reduces risk. On today’s episode, our conversation with Larry focuses on his experience transfor...
Jul 23, 2020•40 min•Season 5Ep. 70
Today, we talk about business, technology, and development as it relates to cloud security with Teri Radichel, CEO of 2nd Sight Lab and author of Cybersecurity for Executives in the Age of Cloud. Teri begins by explaining how she got into the world of cloud security after experiencing a breach in her prior web application development and hosting company. From there, we explore what cloud security is all about and Teri starts by defining cloud systems in contrast to physically rented servers. She...
Jul 16, 2020•33 min•Season 5Ep. 69
Today’s episode of The Secure Developer features some fantastic content from a panel at DevSecCon London. Clint Gibler, Research Director at the NCC Group is joined by Doug DePerry, Director of Defense at Datadog, Tash Norris, Head of Product Security at Moonpig, Jesse Endahl, CSO at Fleetsmith, and Zane Lackey, CSO at Signal Sciences. The discussion begins with a dive into building a good security culture within a company and ways to get other members of an organization interested in security. ...
Jul 02, 2020•1 hr 11 min•Season 5Ep. 68
Chaos engineering is a powerful practice where experiments are run to build confidence that a system operates as expected. While the practice shapes the way that large-scale systems are built, it is underutilized in the security space. Verica, a continuous verification company that uses chaos engineering to make systems more secure, is looking to remedy this shortfall, and its co-founder and CTO, Aaron Rinehart joins us today. Aaron has been expanding the possibilities of chaos engineering in it...
Jun 19, 2020•30 min•Season 5Ep. 67
For this episode, we are joined by Yashvier Kosaraju, who manages the product security team at the ever-inspiring Twilio! Yash is here to share a whole load of insights and learnings from his career, with a specific focus on the 'Security Champions' program at his current company and what management means to him coming from a consulting background. We hear from our guest about the unusual path he chose to his career and how an interest in cryptocurrency led him into the security sphere. Yash doe...
Jun 16, 2020•25 min•Season 5Ep. 66
On today’s episode, Guy Podjarny talks to Alyssa Miller, a security advocate who is here to talk about everything DevSpecOps. Alyssa begins by detailing her extensive experience from working in FinTech to becoming a penetration tester, security evangelist, team leader, and security consultant. After talking about her experience with app security, Alyssa shares her perspective of the tech world and the incredible changes that have emerged over the past two years, including the rise of cloud techn...
Jun 09, 2020•41 min•Season 5Ep. 65
On today’s episode, Guy Podjarny talks to Ryan Ware, a Security Architect and director of the Intel Products Assurance and Security Tools team. He has been at Intel since 1999, and has focused on product security for almost his entire career. His current passion is ensuring that developers at Intel have the right security tools in their hands to be able to quickly and efficiently understand the security implications of the choices they make in their daily work. In this episode, Ryan and Guy disc...
Jun 04, 2020•34 min•Season 5Ep. 64
On today’s episode, Guy Podjarny talks to Kelly Shortridge about security, microservices, and chaos engineering. Kelly is currently VP of product strategy at Capsule8, following product roles at SecurityScorecard, BAE Systems Applied Intelligence, as well as co-founding IperLane, a security startup which was acquired. Kelly is also known for presenting at international technology conferences, on topics ranging from behavioral economics at Infosec to chaos security engineering. In this episode, K...
May 28, 2020•35 min•Season 5Ep. 63
Careers often take interesting, meandering journeys and coalesce in unexpected ways. With a Ph.D. in Medical Genetics, today’s guest, Dr. Wendy Ng did not envision herself working in DevSecOps. However, she has combined her academic skills with technical prowess to now hold the role of DevSecOps Security Managing Advisor at Experian. We kick the episode off by learning more about Wendy’s diverse background, from her time in the lab to her first network engineering position and what piqued her in...
May 26, 2020•24 min•Season 5Ep. 62
For this episode of The Secure Developer Podcast, we welcome Scott Helme to chat with us about front end security. Scott is the force behind Security Headers and Report URI and he is also a Pluralsight author and an award-winning entrepreneur! We get to hear about Scott's professional trajectory since leaving college, the interesting developments and changes he has made along the way, and his current work with his different projects. Scott then explains the service that Security Headers provides...
May 21, 2020•35 min•Season 5Ep. 61
Today we have a great guest who brings battle tested perspectives on security from both inside and out, Ian Amit! Ian is Chief Security Officer at Cimpress and founder of the Penetration Testing Execution Standard as well as Tel Aviv DEFCON group (DC9723). Ian has worked on everything from pen testing to red teaming, risk management, research, and national security too. We kick things off hearing about Ian’s journey in the field starting out tinkering with computers in his early teens and workin...
May 18, 2020•41 min•Season 5Ep. 60
In episode 59 of The Secure Developer, Guy Podjarny talks to Steve White, Field CISO at Pivotal. Steve spends his time helping organizations envision and implement new ways of integrating security into their software development, deployment, and operations life cycle. Most recently, his focus has been on cybersecurity, helping build a cybersecurity consulting practice for Microsoft and then leading security teams for companies such as Amazon, Sonos, and CenturyLink. On today’s show we talk with ...
May 14, 2020•39 min•Season 5Ep. 59
In episode 58 of The Secure Developer, Guy Podjarny talks to Shannon Lietz, DevSecOps Leader and Director at Intuit. Shannon is a multi-award winning leader and security innovation visionary with 20 years of experience in motivating high performance teams. Today on The Secure Developer, we interview Shannon Lietz from Intuit. She is a multi-award winning leader and security innovation visionary with 20 years of experience in motivating high-performance teams. Her accolades include winning the Sc...
May 07, 2020•42 min•Season 5Ep. 58
Many banks are still running on decades-old sets of legacy technologies, but the security and performance advantages cloud-native systems offer is changing that. Today, we’re going into the future of banking technology with Neil Drennan, CTO at 10x Future Technologies. His firm is building the first cloud-native banking platform that can be used by large-scale banks in order to solve the cost and security related problems caused by their legacy systems. Neil fills listeners in about his role in ...
May 05, 2020•26 min•Season 5Ep. 57
On today’s episode, Guy Podjarny, President and cofounder of Snyk, talks to Seth Vargo at DevSecCon Seattle. Seth previously worked at HashiCorp, Chef Software, CustomInk, and a few Pittsburgh-based startups. He is the author of Learning Chef and is passionate about reducing inequality in technology. Today, he is now a developer advocate at Google and is passionate about the human element of security. This discussion is centered around the talk Seth gave at DevSecCon Seattle titled, Secrets in S...
Apr 28, 2020•18 min•Season 5Ep. 56
Barriers to entering the DevSecOps community are becoming much weaker thanks to its provision of free resources and through the work of diversity activists too. Much praise can be given to Vandana Verma in this regard, who we were lucky to have as our guest on the show today. Vandana is an experienced application security practitioner, currently working at IBM’s India software labs as a Security Solutions Architect. She’s OWASP Bangalore’s Chapter Leader, OWASP’s Women in AppSec lead, as well as...
Apr 21, 2020•26 min•Season 5Ep. 55
For this special, DevSecCon Seattle, edition of the show, our guest is Erkang Zheng from LifeOmic. Erkang is an experienced cybersecurity specialist and recently developed JupiterOne, a security product that is changing how organizations manage their cloud-based infrastructure. We get to hear from Erkang about the unique way that security is run at LifeOmic where he is the current CISO. LifeOmic is a software company that builds cloud-based data platforms for its customers. In our conversation, ...
Apr 14, 2020•19 min•Season 5Ep. 54
Today on the show, we welcome Roland Cloutier. As the Chief Security Officer of ADP, Roland works to protect and secure one of the world’s largest providers of business outsourcing solutions. Prior to that, Roland served as the Vice President and Chief Security Officer of EMC, where he spearheaded protection of the company’s worldwide business across both the commercial and government sectors. He has held executive security management roles at consulting and management security service organizat...
Apr 07, 2020•47 min•Season 5Ep. 53
Today on The Secure Developer, we interview the Director of Product Security at Datadog, Douglas DePerry. Doug has experience in the offense side of the industry, working as a security researcher and consultant at LeafSR and iSEC partners, and in the realm of defense, having been involved with various defense contractors and the US army. In this episode, Doug talks about wearing many hats at Datadog, first starting in infrastructure security and then moving along to product security amid the com...
Mar 31, 2020•19 min•Season 5Ep. 52
Security is a vital feature of a platform’s architecture on both the service provider as well as the consumer, and it helps to have a leader who can see the big picture. Our guest for today is Adrian Ludwig, Chief Information Security Officer at Atlassian. Adrian has a marketing and tech background, we speak to him about his transition between the two seemingly unrelated fields through his work at NSA, Adobe, Nest, and Android, and how both sides inform his approach to security at Atlassian.We t...
Mar 24, 2020•37 min•Season 5Ep. 51
Joining us on today’s episode of The Secure Developer is Mandi Walls, technical community manager at Chef Software. Her role involves helping technology organizations increase their effectiveness by using configuration management and other modern IT practices. Along with this, she is also a frequent speaker at tech conferences and is the author of the whitepaper, Building a DevOps Culture, published by O’Reilly. In this show, which is another DevSecCon special, Mandi shares more on the topic of ...
Mar 17, 2020•18 min•Season 5Ep. 50
Unsurprisingly, many high performing organizations in the DevOps space are simultaneously the best in security and in operations too. In this episode, we sit down to talk with Gene Kim about his work on the saves that get made by organizations who have great operations, and how this fits into their security. Gene Kim is the founder of Tripwire, author of The Unicorn Project and The Phoenix Project and has also co-authored The DevOps Handbook and the State of DevOps Report amongst other texts. He...
Mar 10, 2020•36 min•Season 5Ep. 49
Our guest today on the show is Clint Gibler, a research director at NCC Group, where he helps provide organizations with security consulting services. Clint speaks to Guy Podjarny at DevSecCon Seattle about the current landscape of application security, how his company fits into that as a global information assurance specialist and the job of helping companies scale their security efforts through cutting edge tools and processes. His vast experience in the field of security, with a wide range of...
Mar 03, 2020•22 min•Season 5Ep. 48
In the age of startups, diverse employee backgrounds are increasingly important for companies to be resilient and deeply innovative. People's prior experience helps their work in security both in expected and unexpected ways. Our guest today, Tad Whitaker, has one of the most interesting backgrounds we’ve yet to encounter. From working as a gold miner to a newspaper reporter to a private investigator, Tad’s journey to landing his role as a Engineering Manager at CircleCI has been very colorful. ...
Feb 25, 2020•39 min•Season 5Ep. 47
In our conversation, we chat to Julien about his current professional role, his talk at DevSecCon and the inspiration behind it before diving into his ideas on security's present and possible futures. Julien makes an argument for setting up 'paved roads' for security in order to save time and resources but rather than these being restrictive, he emphasizes the freedom that should remain built into these systems. For a fascinating chat with Julien and some insight into what is going at Mozilla cu...
Feb 18, 2020•14 min•Season 5Ep. 46
What Mike and the various other cloud businesses within the broader Cisco network have managed to do is create an environment where they share knowledge and learn from one another to the ultimate benefit of their customers. He talks about their system according to which his team engages with and gives feedback to engineers and the model they have implemented to constantly evaluate their efficiency. We switch to talking about Duo's acquisition by Cisco and how it has boosted the organization, and...
Feb 11, 2020•38 min•Season 5Ep. 45
In episode 44 of The Secure Developer, Guy Podjarny sits down with guest host Simon Maple of Snyk to reflect back on the numerous guests he’s had on the show throughout 2019, and the many security lessons and insights shared along the way. The post Ep. #44, Year in Review with Guy Podjarny appeared first on Heavybit . Follow Us Our Website Our LinkedIn...
Dec 26, 2019•49 min•Season 4Ep. 44
In episode 43 of The Secure Developer, Guy joins Stu Hirst, Principal Cloud Security Engineer at Just Eat. They discuss Stu’s journey into cloud security, avoiding burnout, cultivating better hiring practices, and the importance of failing fast. The post Ep. #43, Combatting Security Burnout with Stu Hirst of Just Eat appeared first on Heavybit . Follow Us Our Website Our LinkedIn...
Dec 12, 2019•37 min•Season 4Ep. 43
