In early 2021, Codecov experienced a serious security breach, and today on the show we are joined by their CEO and CTO to get an insider's perspective on the events! We have an enlightening conversation with Jerrod Engelberg and Eli Hooten about what exactly happened, how they reacted, and the important foundations that were already in place that allowed them to handle it in the way that they did. This extra special episode is jam-packed with useful reflections and lessons for listeners from all...
Oct 11, 2021•51 min•Season 6Ep. 102
Today we have a great conversation with DJ Schleen, who is the Vice President of Infrastructure and Developer Operations at VillageMD! DJ is an experienced DevOps practitioner, currently working as a security advocate, in his role at VillageMD in the healthcare industry. We get to have a very interesting conversation about the broad state of security and hear about his route into the professional world. DJ transitioned from the early days of hacking into web design, and then brought these skills...
Oct 04, 2021•33 min•Season 6Ep. 101
When we started this show, we set out to create a stage for security leaders and practitioners to share their learnings and perspectives. It was our hope that we could all learn from one another and have open conversations that are not commonly had in the security community. So, to celebrate our 100th episode, we have compiled some incredible pearls of wisdom from previous guests. At the end of each show, Guy always asks guests to share one piece of advice for those looking to level up their sec...
Aug 02, 2021•31 min•Season 6Ep. 100
An initial passion for networking and telecommunications led today’s guest on a journey into the world of security. After gaining experience building security from the ground up in a few companies, he is now working as the chief information security officer (CISO) at LinkedIn. Geoff Belknap, in his second appearance on The Secure Developer, dives into the elements which he believes are key to a successful security organization, and a successful company as a whole (hint: flexibility and adaptabil...
Jul 19, 2021•43 min•Season 6Ep. 99
The security of your software all starts with the code. If you’re wondering how we better educate developers on security and teach them to develop more secure code, well, this is the episode for you! Guy Podjarney sits down with Jet Anderson from Nike to discuss education, specifically security education, why it matters, and how to get it right. Jet is a secure software architect, writer, speaker, and evangelist of DevSecOps. A former software engineer on a mission to teach today’s developers to...
Jun 21, 2021•40 min•Season 6Ep. 98
In episode 97 of The Secure Developer, Guy Podjarny speaks to Joshua Gamradt, director of rugged DevOps at UnitedHealth Group, to discuss how Joshua’s work aligns with his desire to foster greater collaboration across departments, using gamification and empathy. We dive into Joshua’s approach to customer-centric security solutions and how their company is using empathy and gamification to pursue that. One fundamental element of his approach is investing in individuals across departments to creat...
Jun 03, 2021•50 min•Season 6Ep. 97
In today’s episode, Guy Podjarny speaks with Johnathan Keith, the Director of Information Security/CISO for ViacomCBS Digital. With over 20 years of experience in information security, cybersecurity, cloud security, and cloud architecture, Johnathan has worked as a subject matter expert across several industries, including banking and finance, government agencies, and media and entertainment. His areas of expertise are in container security, infrastructure as code, application security, and netw...
May 25, 2021•35 min•Season 6Ep. 96
How do you protect sensitive healthcare information for millions of people while at the same time keeping up with fast-paced development demands? On today’s episode of The Secure Developer, we speak with Robert Wood who has been grappling with this question over the past year. Robert has an established career in the private cybersecurity sector having worked for a range of startups of varying sizes, from teams as small as six to numbering well over a hundred people. He has since been driven to p...
May 17, 2021•39 min•Season 6Ep. 95
Having worked at large and small companies, Rinki Sethi has a range of product security perspectives. She was the VP and CISO at Rubrik, has been at the forefront of developing cutting-edge online security infrastructure at companies like IBM, Palo Alto Networks, Intuit, and eBay, and she is currently the Vice President and Chief Information Security Officer at Twitter. In today’s episode, Rinki shares her journey into cybersecurity and what piqued her interest at a young age. We then gain insig...
May 10, 2021•36 min•Season 6Ep. 94
Cloud native technology is agile, flexible, distributed, and like anything new, it can be scary. But nothing worth doing is ever too easy, right? Today’s guest, Simon Maple, Field CTO at Snyk, has recently co-authored a report called The State of Cloud Native Application Security, and he joins us on the show to share some of the main findings that came out of the survey which formed the basis of the report. Almost 600 people took part in the survey, with a good mix of roles amongst the responden...
May 04, 2021•46 min•Season 6Ep. 93
In today’s episode of the Secure Developer, Guy Podjarny is joined by Ashish Rajan, who is currently the Global Head of Security for a forward-thinking product company called PageUp in Melbourne, Australia. Ashish has been described as something of a cybersecurity influencer, due in large part to his very successful Cloud Security Podcast, which is on the cusp of hitting the 40,000-download mark. He also has a passion for building communities by speaking and organizing meetups and conferences in...
Apr 26, 2021•36 min•Season 6Ep. 92
In today’s episode of The Secure Developer, Guy Podjarny is joined by Dr. David A. Wheeler, an expert in both open source and developing secure software. David is the Director of Open Source Supply Chain Security at the Linux Foundation and teaches a graduate course in developing secure software at George Mason University. He has a PhD in information technology, a masters in computer science, and a certificate in informations security, all from GMU, and he is also a Certified Information Systems...
Apr 19, 2021•47 min•Season 6Ep. 91
With experience in many different facets of the tech world, Daniel Bryant makes for a very interesting guest. Daniel started out as an academic, with the hopes of becoming a lecturer, but it didn’t take long for him to realize that he preferred being involved in the practical side of things. He is currently working for Ambassador Labs, and in this episode, we pick his brain regarding all things development! Daniel shares his opinion on ethics in the field and no code/low code platforms. We discu...
Mar 29, 2021•38 min•Season 6Ep. 90
Today's guest, Justin Cormack, comes from the DevOps side of things. Justin is the CTO at Docker and is passionate about security, software development, and the open source community. He also sits on the CNCF Technical Oversight Committee, where he helps projects and communities grow. In this conversation, we hear more about what Justin's position as CTO involves and how Docker is getting back to its roots as a developer-focused company that concentrates on developers' needs. We also discuss wha...
Mar 22, 2021•43 min•Season 6Ep. 89
Today’s guest is someone we have wanted to have on the show for a long time, and we are so happy to finally welcome him. Dev Akhawe is the Head of Security at Figma, the first state-of-the-art interface design tool that runs entirely in your browser. Before that, Dev worked at Dropbox, as Director of Security Engineering, leading application security, infrastructure security, and abuse prevention for the Dropbox products. He also holds a Ph.D. in Computer Science from UC Berkeley, where his thes...
Mar 15, 2021•44 min•Season 6Ep. 88
Without connecting people, what are you building? How are you managing the things in your companies versus leading your people? Welcome back to The Secure Developer. Today’s guest is Amanda Honea-Frias, who has a great personal story about how she got into security. Starting off a unique career with roles ranging from construction, DevOps, network engineering, technical support, and pen testing, all the way to building and evolving application security businesses, she has been on the team at sev...
Mar 08, 2021•43 min•Season 6Ep. 87
Welcome back to The Secure Developer. On today’s episode, Guy Podjarny is joined by Nicolas Chaillan. Nicolas is the United States Air Force's first Chief Software Officer, responsible for enabling Air Force programs in the transition from Agile to DevSecOps to establish Force-wide DevSecOps capabilities and best practices, including continuous authority to operate processes and streamline technology adoption. In addition to his public service, Nicolas is a technology entrepreneur, software deve...
Mar 01, 2021•43 min•Season 6Ep. 86
Welcome back to The Secure Developer. On today's episode, Guy Podjarny, President and Founder of Snyk, is joined by James Turnbull. James is an engineering leader, author of 11 books, and open source developer, and is currently the VP of Engineering at Timber, working on the open source observability platform, Vector. He was formerly the CTO-in-resident at Microsoft, CTO and Founder of Empatico, and CTO at Kickstarter. He has held leadership roles at Docker, Venmo, and Puppet and was the chair o...
Feb 02, 2021•38 min•Season 6Ep. 85
A secure organization requires a large amount of buy-in from beyond those immediately concerned with security. This can prove a challenge at certain companies and facilitating a shared vision of priorities is something that security leads should know the importance of. Joining us on the show to talk about his role and team at Pearson, is DevSecOps Lead, Nick Vinson. Currently heading up the team of engineers focussing on security, Nick has been a driving force in getting the company up to speed ...
Jan 14, 2021•28 min•Season 6Ep. 84
On today’s episode, Guy Podjarny, President and Co-founder of Snyk, is joined by VP of Developer Relations, Simon Maple. Simon takes the role of hosting this episode and chats to Guy about the key 2020 podcast themes. They discuss the importance of security champions and celebrating success, as well as what we can look forward to in 2021. Measuring security programs will be a hot topic, as well as to adapt cloud security practices to help developers secure their infrastructure as code. Listen in...
Dec 16, 2020•52 min•Season 5Ep. 83
Today’s guest, Mike Shema, is no stranger to podcasts. As the host of the Application Security Weekly show, he has firsthand insights into the trends and movements in the industry. When he is not on air, Mike works with developers at Square to protect applications, their data, and their users. With a broad range of AppSec experience, from manual security testing to building a commercial web scanner and helping teams build secure products, he has seen it all. In this episode, we hear about Mike’s...
Nov 26, 2020•38 min•Season 5Ep. 82
Many developers and publishers serve as unwitting vehicles for malware. Today we speak with Snyk co-founder and Chief Security Officer Danny Grander about SourMint — a malicious SDK that has been integrated into popular apps, seeing a total of 1.2 billion downloads per month. That was before it was exposed by the Snyk research team. We open our conversation by summarizing the scandal and unpacking what SourMint is, with details on how it tracks Android and iOS user behavior while allowing for re...
Nov 20, 2020•32 min•Season 5Ep. 81
In episode 80 of The Secure Developer, Guy Podjarny is joined by Kyle Randolph, VP of Security, Privacy, Compliance, and Assurance at Episerver (who recently acquired Optimizely, where he was CISO). Kyle was our first ever guest on the show back in episode 1, four years ago, so we thought it a good idea to invite him back on to see how things have changed over these past four years. In this conversation, we reflect on some of the insights Kyle shared on the debut show and how these perspectives ...
Nov 13, 2020•34 min•Season 5Ep. 80
In today’s episode, Guy Podjarny talks to Brendan Dibbell, the application security engineer team lead at Toast, a restaurant technology company based in Boston, Massachusetts. Before moving into security, he spent years as a software developer, building mission-critical systems such as identity management, payment processing, and healthcare platforms, but has always been a vocal advocate for security. Brendan shares how they manage cloud security at Toast and what the interaction between the Ap...
Oct 15, 2020•37 min•Season 5Ep. 79
Today, we’re going to explore approaches to security at companies of different scales with Sacha Faust, Head of Security Intelligence at Amazon Payments. Sacha has held numerous roles in security and development across the industry spectrum, and we kick things off hearing about his journey in the space. The first part of the episode is about the difference between security engineering at startups versus established companies and Sacha weighs in on his experiences at Lyft versus Azure and Amazon....
Oct 08, 2020•31 min•Season 5Ep. 78
Today’s guest is Andy Steingruebl, Chief Security Officer at Pinterest, here to talk about DevSecOps, collaboration, and measuring security performance at his place of work! We open with a few details from Andy’s background and how he got into security by working on UNIX systems. After talking about how he splits up his teams, Andy touches on the fact that many issues spill over from one area to another, meaning the lines that divide them are not set in stone and issues get tackled on a case-by-...
Sep 24, 2020•30 min•Season 5Ep. 77
Today’s guest is Lucas Moody, Head of Security Innovation and Operations at Rubrik, here to talk about what being forward-thinking about security in 2020 looks like. We open with Lucas sketching out his impressive career in Silicon Valley and how his role as the first CISO at Palo Alto Networks is informing his current work at Rubrik. Here we explore what it means to work on security as far as operations and product innovation too, and Lucas compares his experience doing this at Palo Alto, a sec...
Sep 17, 2020•34 min•Season 5Ep. 76
On The Secure Developer, we often hear a lot of opinions and experiences from people who are working in development, so today we’re turning to the data, to figure out what works and what doesn’t in the world of DevOps and SecDevOps. Joining us for a panel discussion on the topic is Alanna Brown, Senior Marketing Director at Puppet and mastermind behind the State of DevOps Report, Gareth Rushgrove, Product Director at Snyk and curator of Devops Weekly, and Alyssa Miller, Application Security Advo...
Sep 04, 2020•45 min•Season 5Ep. 75
Bringing large organizations in line with modern security practices can be a tricky task, especially when they don’t understand how valuable security is to the business and your customers. Today we speak with Geoff Kershner, Chief Security Officer at Medallia, who brings 25 years of experience to bear on leveling up the security of big organizations. After sharing highlights from his career, Geoff talks about the shift from consulting to running Medallia’s security team. We then dive into what t...
Aug 28, 2020•30 min•Season 5Ep. 74
It’s been well accepted by now that we’re all humans and if you want to incentivize developers to do well in terms of security then you should recognize them! So, today on The Secure Developer, we will be having another one of our mix episodes, where we compile a sequence of snippets from conversations out of different episodes of the show and our theme for this episode is celebrating success! We feature segments from our interviews with Kyle Randolph, Zach Powers, Siren Hofvander, Mike Hanley, ...
Aug 13, 2020•18 min•Season 5Ep. 73
