No one wants to fall prey to a security breach, but in the event that it does occur, it’s important to have systems in place to manage it. In episode 132 of The Secure Developer, we are joined by the CTO of CircleCI, Rob Zuber to discuss the security incident CircleCI announced on January 4th. Rob shares insight into what CircleCI does, how the incident affected customers, and how they communicated it to the public. We find out how the industry responded and adapted to the incident, as well as h...
Apr 25, 2023•47 min•Season 8Ep. 132
In episode 131 of The Secure Developer, you’ll hear from former TikTok CISO Roland Cloutier about the realities of securing user-generated content at scale and his belief that we need to take a strictly data-centric approach rather than a humanistic one to solve many of these privacy-related issues. Tuning in, you’ll gain some insight into what it takes to oversee a social media company's cybersecurity, data protection, and crisis management, and find out why Roland believes that an innate under...
Apr 05, 2023•50 min•Season 8Ep. 131
In episode 130 of The Secure Developer, we bring cast our focus on cloud security, and to help us examine this subject we welcome Rick Doten to the show! Rick shares his insight on what cloud security is, some of its history, current concerns in the field, and his hopes and ideas for its future. Our guest generously offers some of his vast experience talking about basic controls, how to organise security teams, necessary education and skills development, and the challenges of putting theoretical...
Mar 17, 2023•41 min•Season 8Ep. 130
In this episode, we conclude our miniseries dealing with software supply chain security by considering the next five years in the space, what we need, and what we can hope for. Emily Fox, Aeva Black, Brian Behlendorf, Adrian Ludwig, Lena Smart, and of course Guy Podjarny, join Simon by sharing some insights on the areas in most need of attention, and where we can realistically expect to make progress in the near future. Listeners will hear about trust and tooling, downstream complexities, and qu...
Feb 27, 2023•20 min•Season 8Ep. 129
Continuing our mini-series on supply chain security, as we deep dive into the organisational aspects of this charge and hear from a number of our experts about solutions and initiatives to better prepare for supply chain risks and visibility issues. Simon and Guy are joined by Adrian Ludwig, Aeva Black, Jim Zemlin, Emily Fox, and Eric Brewer as we start thinking about securing the supply chain as an organisation. Guypo breaking down the four fundamental steps for doing this, and how to tackle th...
Feb 20, 2023•34 min•Season 8Ep. 128
When we stop to think about the software running in our production environments, a large proportion of it is very likely open source. Are there effective mechanisms to truly understand and have visibility into all of these libraries? How do you ensure that these libraries are secure? To answer these questions, we feature input from Guy Podjarny, Lena Smart, Brian Behlendorf, Aeva Black, Emily Fox, Jim Zemlin, David Wheeler and Simon Maple as we dissect some key terms and promising projects in th...
Feb 13, 2023•41 min•Season 8Ep. 127
In this episode we are defining the key pillars of software supply chain security. This episode is part 1 of a 4 part software supply chain series where our hosts Guy Podjarny and Simon Maple combine their analysis of this space of supply chain security with a series of interviews that we’ve had a chance to do with other supply chain security experts like Eric Brewer, Google Fellow, Adrian Ludwig, Chief Trust Officer at Atlassian, Jim Zemlin, Executive Director at Linux Foundation, Nicole Perlro...
Feb 06, 2023•31 min•Season 8Ep. 126
As we look forward into a new year 2023, we wanted to recap some of the most important developments we saw, and conversations we had during 2022. This episode features a look back at the key events and moments from the past twelve months before we share some of the expectations and predictions we have for the year ahead. Simon and Guypo sit down to discuss market corrections, the war in Ukraine, and also the tumultuous time that the crypto space has endured, before getting into some thoughts on ...
Jan 24, 2023•1 hr 6 min•Season 8Ep. 125
Today our focus shifts towards products for a change, and we welcome the CEO and Co-Founder of Project Discovery, Rishiraj Sharma, to talk about their story, as well as the genesis of the Nuclei project. With some wide-ranging experience in the worlds of engineering and product management, before he entered into the security space, Rishiraj has a unique story and brings a personal perspective and philosophy to his work, and we get to unpack that a bit before discussing his approach to putting to...
Jan 11, 2023•36 min•Season 8Ep. 124
Malicious attacks are a real threat, especially with the essential role of open source in mind. Today’s guest, Liran Tal, is the director of developer advocacy at Snyk and. Github Star, and he is here to share a plethora of tips you can implement today to see a marked improvement in general posture and company safety. Tune in to hear Liran’s perspective on the state of malicious attacks today in comparison to previous years, how third-party dependencies can be problematic, and how a single attac...
Dec 13, 2022•41 min•Season 7Ep. 123
Cloud Security is a evolving and so are the attacks in this space. The landscape is becoming increasingly complex, so the question remains how do we tackle cloud security in organisations, who owns it and how do we best prepare?. In this episode, we provide listeners with an overview of Snyk’s report on cloud security and unpack some unsettling statics. To walk us through the report, we're joined by Drew Wright, the primary author of the report, and Simon Maple, Snyk’s Field CTO. In our conversa...
Nov 28, 2022•45 min•Season 7Ep. 122
In this Ask Me Anything episode we Guypo, we put Guy Podjarny in the guest chair, and had him field a bunch of really interesting guest-submitted questions. In this Ask Me Anything session, you can expect to hear a few bits about Guypo's taste in books, how he likes to unwind, before we dive into some industry-specific content, and some rather interesting insights on the history of Snyk. We take a journey down memory lane for what started this podcast, and what has enabled it to keep growing and...
Nov 21, 2022•48 min•Season 7Ep. 121
A successful bug bounty program can play a pivotal role in the security strategy for a company but defining and running such a program requires structure and maturity within an organisation. Sean Poris, Senior Director of Cyber Resilience at Yahoo knows all about the anchor elements that you need in a bug bounty program and how to drive maturity of such a program. In this fascinating conversation, Sean goes deep into how bug bounties fit into their security philosophy, and how this program has b...
Nov 07, 2022•39 min•Season 7Ep. 120
The software supply chain is anything and everything that touches an application or plays a role in its development, from the beginning to the end of the software development life cycle (SDLC). As you might imagine, this makes software supply chain security a somewhat complicated task! Today, we are joined by returning guest, Adrian Ludwig, formerly of Nest and Android and now Chief Trust Officer at Atlassian, to discuss what ‘software supply chain security’ actually means, why it matters, and h...
Oct 24, 2022•32 min•Season 7Ep. 119
Nicole is a cyber security journalist and has covered many high-profile cases, such as the Russian hacking of nuclear power plants, North Korea’s attacks on movie studios, and Chinese government-sanctioned cyber-attacks around the globe. She is also the author of This Is How They Tell Me the World Ends, which provides readers with details about the most secretive, government-backed market in the world, cyberweapons. In this conversation, we learn why cybersecurity is such an essential topic for ...
Sep 23, 2022•56 min•Season 7Ep. 118
In this episode, we are digging into Shift Left, what it really means, and how to accomplish it successfully. Sharing her insight is Rupa Parameswaran, head of security at Amplitude, and a security and privacy expert with 20 years of knowledge behind her. She works closely with business leaders to create relevant secure by design and secure by default controls that help businesses run efficiently, but also be secure. She shared with us how she has really successfully transformed the security min...
Sep 08, 2022•34 min•Season 7Ep. 117
The Cloud Native Computing Foundation (CNCF) hosts critical components of the global technology infrastructure and has played a huge part in elevating the industry standard for security. They bring together top developers, end-users, and vendors, and also run the world’s largest open source developer conferences. Today on the show we’re thrilled to welcome Emily Fox, a Security Engineer, who also serves as the co-chair of the CNCF Technical Oversight Committee (TOC), and is involved in a variety...
Jun 07, 2022•44 min•Season 7Ep. 116
Thanks for tuning in to a brand new episode of the Secure Developer! Joining us in conversation today is Peter Oehlert, Chief Security Officer at Highspot. We hear about Peter’s journey with Facebook, Smartsheet, and Microsoft, learn the difference between establishing a new security practice when there is an existing security culture and when there isn’t, and find out why taking ownership is more important than having all the necessary information. Peter is passionate about every aspect of prod...
May 16, 2022•44 min•Season 7Ep. 115
We’re switching it up in this episode and putting Guy Podjarny in the hot seat to answer all of your most pressing security questions! Following his astute prompts, Guy comprehensively explains everything from how startups can build in security with limited resources to how security teams need to transform going forward. We discuss the balance of security and usability, the security implications of quantum computing, and the role developers are predicted to play in DevSec. We also speculate how ...
May 02, 2022•50 min•Season 7Ep. 114
Today on the Secure Developer we speak with Lena Smart, Chief Information Security Officer (CISO) at MongoDB. Lena has extensive cybersecurity experience and has worked in the security space for over 20 years. We talk with Lena about how she first got started in security, why she gets so much satisfaction from being the first CISO at a company, and what she has loved most about working at MongoDB. In our conversation, we discuss core principles around supply chain security as well as supply chai...
Apr 04, 2022•46 min•Season 7Ep. 113
If you are interested in improving diversity in security, this is the episode for you! Over the years we have had some very wise guests come on this show and share their views on diversity, why it matters, and how it can be improved. In this episode, we bring you a collection of insights, techniques, and approaches that may help you on this front. Tuning in, you’ll hear how Nitzan Blouin from Spotify built a team that is 75% female, information about Tad Whitaker’s Day of ‘Shecurity’ and the inn...
Feb 21, 2022•28 min•Season 7Ep. 112
Security as a field is constantly evolving. As a result, it requires a high degree of awareness, including staying up to date with the latest developments in potential new threats. It was the challenge of working in security that drew Patrick O'Doherty to the field in the first place. Today on the show, we speak with Patrick about his time as a Senior Security Engineer at Intercom, his current role at Oso as an Engineer, and what he has discovered on his security journey. Patrick shares what he ...
Feb 07, 2022•35 min•Season 7Ep. 111
Supply chain security is a multifaceted, complex, and currently unsolved problem, and today’s guest is determined to change that. Jonathan Meadows has worked for major industry players throughout his career, and is currently the Head of Cloud Cybersecurity at Citigroup. As you’ll discover in more detail today, the issues that exist within supply chain security can only be solved by a group effort on behalf of all enterprises involved at all levels of the chain. Without open source collaboration,...
Jan 31, 2022•40 min•Season 7Ep. 110
Being passionate about security at a time when industry hadn’t caught on yet, Bryan D. Payne found himself working for the National Security Agency (NSA). During his time there, and in the years that followed where he focused his efforts on research, he learned a number of valuable lessons which he was able to take with him first to a small start up and then to the giant that is Netflix. In today’s conversation, Bryan and I discuss what his role as the Engineering Director of Product and Applica...
Jan 24, 2022•42 min•Season 7Ep. 109
Today’s guest is the CISO at Carta, a software company that helps other companies manage their valuations, investments, and equity plans. Garrett Held has many years of experience in many different arenas within the security space, as well as a degree in business and economics; the combination of these passions led him to develop the program which forms the basis of today’s conversation. Frustrated with the traditional risk assessment model, Garrett came up with a new one, built around the idea ...
Jan 17, 2022•37 min•Season 7Ep. 108
Today we have a fun episode lined up for you! Over the last year of 2021, we’ve been honored to have some incredibly smart people on the show to share their views and practices in the DevSecCon space with us all. And in each episode, they were asked a slightly open-ended question: if you took out your crystal ball and you thought about someone sitting in your position or your type of role in five years’ time, what would be most different about their reality? For this special installment, we’ve p...
Jan 11, 2022•35 min•Season 7Ep. 107
As the year of 2021 draws to a close, we use this episode to look back on the last 12 months, and Guy is joined by Simon Maple to go through some reflections on the major themes, lessons, and takeaways from the show! Simon takes on the role of host, turning the microphone around and probing Guy for his highlights from the 22 episodes we aired during the year. We are so happy to have been able to have these conversations, hosting interesting chats with experts from many different backgrounds and ...
Dec 23, 2021•53 min•Season 6Ep. 106
Today on The Secure Developer, we look at how to modernize security in DevSecOps. To guide us through this, we are joined by Tim Crothers, Senior Vice President and Chief Security Officer at Mandiant. Tim is a seasoned security leader with over 20 years of experience building and running information security programs, large and complex incident response engagements, and threat and vulnerability assessments. He has a wealth of experience in cyber threat intelligence, reverse engineering, and comp...
Dec 13, 2021•47 min•Season 6Ep. 105
Welcome back to another installment of The Secure Developer, where we have another fascinating conversation lined up! Today your host Guy Podjamy sits down with Rohit Parchuri, Chief Information Security Officer at Yext, to pick his powerhouse brain about DevSecOps frameworks. Rohit is an accomplished security leader with an established record building, structuring, and institutionalizing security principles and disciplines in the cloud hosting, network hardware, cloud software, and healthcare d...
Dec 01, 2021•45 min•Season 6Ep. 104
Welcome to another episode of the Secure Developer! During today’s conversation, Guy Podjarny, founder of Snyk, speaks with Liz Rice, Chief Open-Source Officer with eBPF pioneers Isovalent, where she works on the Cilium project, which provides cloud native networking, observability and security. They touch on plenty of current and relevant topics, with a focus on eBPF and the CNCF and its role in security. You’ll hear all about her role and her journey into the world of cyber security, and what ...
Oct 19, 2021•45 min•Season 6Ep. 103
