In the latest episode of The Secure Developer, Guy is joined by Molly Crowther from Pivotal. Molly discusses her role in managing security at Cloud Foundry, an open source cloud platform on which developers can build, deploy and run applications. She explains their security triage and CVE process and reveals some of the challenges of working within the large ecosystem of diverse companies that make up the Cloud Foundry Foundation. Molly also talks about how she fulfills her role of wearing many ...
Sep 19, 2017•32 min•Season 2Ep. 12
In the latest episode of The Secure Developer, Guy is joined by Arup Chakrabarti, Kevin Babcock and Rich Adams from PagerDuty. They discuss how they put into practice their security vision of “making it easy to do the right thing”. This involves picking the right tooling and designing a security experience that doesn’t force people to do things, but rather provides insight into how vulnerabilities can be exposed. Giving people the opportunity to break things also creates a strong desire to want ...
Jun 14, 2017•41 min•Season 2Ep. 11
In the latest episode of The Secure Developer, Guy is joined by Aren Sandersen. They examine the current state of access control systems and discuss the need for better education and tooling to support time-bound dynamic access control. Aren also explains why most startups consider security too late and reveals the minimum mindset that all early stage startups need to adopt to manage their attack surface. The post Ep. #10, Dynamic Authorization: The Evolution of Access Controls appeared first on...
Apr 28, 2017•27 min•Season 2Ep. 10
In the latest episode of The Secure Developer, Francois Raynaud joins Guy to discuss the current state of IT security. Francois explains why a cultural shift is needed to make security more inclusive, with security professionals taking on a greater mentoring and guiding role. Francois discusses why he created DevSecCon, a Development Security Conference aimed at fostering inclusion. He also shares approaches for DevOps and Security teams to better understand what other teams are trying to achiev...
Mar 20, 2017•30 min•Season 2Ep. 9
In this episode of The Secure Developer, Geva Solomonovich, COO at Snyk and founder of Snowy Peak Security joins Guy to discuss security policies, and why you shouldn’t wait to implement your own. Geva shares the 3 categories of security policies he developed with his clients and emphasizes that it’s not enough to create a set of documents or processes. You need to establish a security mindset and integrate it into everything you do. Don’t miss this episode for practical tips on reducing your co...
Feb 16, 2017•32 min•Season 2Ep. 8
In this episode of The Secure Developer, Ben Bernstein from Twistlock joins Guy to discuss container security. Are you currently using containers, or thinking about moving to containers in your stack? You won’t want to miss this episode. With containers, developers control the entire stack. While empowering to developers, this can also open up new security vulnerabilities. Ben and Guy discuss the tools and processes you’ll need to put in place to ensure your containers are compliant and secure. ...
Jan 30, 2017•29 min•Season 2Ep. 7
In episode #6 of The Secure Developer, Guy is joined by his Snyk.io co-founder Danny Grander for an in depth discussion on CTF (Capture The Flag) competitions in the security world. Learn about the differences between jeopardy style and attack-defense CTFs, the future of AI powered hacking (and defense!), and where you should start if you’re interested in playing. The post Ep. #6, Developer War Games: Capture The Flag! appeared first on Heavybit . Follow Us Our Website Our LinkedIn...
Jan 10, 2017•23 min•Season 2Ep. 6
In the fifth installment of The Secure Developer, Guy talks with Chef CTO Adam Jacob about the role security can play in DevOps and continuous integration/deployment. They cover the differences between baked-in and bolted on security and how automation with Habitat can change the way developers approach secure coding. The post Ep. #5, Continuous Security at Chef appeared first on Heavybit . Follow Us Our Website Our LinkedIn...
Nov 15, 2016•43 min•Season 1Ep. 5
In episode #4 of The Secure Developer, Guy is joined by Eric Lawrence of the Google Chrome security team. Eric and Guy begin with a discussion on what it takes to be a great security engineer – namely curiosity and a willingness to learn. Later they discuss the growing importance of the modern web browser, and how security previously only found in operating systems is now moving into browsers themselves. Finally they discuss the current state of HTTPS, including the carrots and the sticks that b...
Nov 05, 2016•48 min•Season 1Ep. 4
In episode 3 of The Secure Developer, Guy is joined by Sabin Thomas , VP of Engineering at Codiscope , where he creates tools that help developers build and deploy secure code faster. The two discuss the difficulties presented by the accelerating release of new tools and frameworks, the problem of too many sticks and not enough carrots, and the benefits of designing with security in mind from the start. The post Ep. #3, Security From The Start appeared first on Heavybit . Follow Us Our Website O...
Oct 26, 2016•35 min•Season 1Ep. 3
Episode Summary In this episode of The Secure Developer, Guy hosts RisingStack Founder and CEO Gergely Nemeth . The pair discuss the difficulties of selling security as a requirement, some of the most common attack vectors used on today’s web, and finally, the work Gergely is doing on Trace , a Node.js-focused tool that makes debugging code simple. Show Notes Links Snyk (Open-source security platform) Follow Us Our Website Our LinkedIn...
Oct 10, 2016•28 min•Season 1Ep. 2
Episode Summary In our first episode, Guy is joined by Kyle Randolph , Principal Security Engineer at Optimizely . Kyle and Guy discuss the sometimes challenging but always important task of prioritizing security in your engineering organization. Kyle shares stories from his time at Optimizely, Adobe, and Twitter. Show Notes In this insightful episode, we welcome Kyle Randolph, an experienced security professional from Optimizely, to share his wealth of knowledge on establishing an effective app...
Sep 22, 2016•29 min•Season 1Ep. 1
